| blob | 169a7664f3998ec497bbcdf9f7375dd7ebd6c1cf |
1 /*
2 * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
3 * Free Software Foundation, Inc.
4 *
5 * Author: Nikos Mavrogiannopoulos
6 *
7 * This file is part of GnuTLS.
8 *
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
22 * USA
23 *
24 */
26 /* Functions to manipulate the session (gnutls_int.h), and some other stuff
27 * are included here. The file's name is traditionally gnutls_state even if the
28 * state has been renamed to session.
29 */
31 #include <gnutls_int.h>
32 #include <gnutls_errors.h>
33 #include <gnutls_auth.h>
34 #include <gnutls_num.h>
35 #include <gnutls_datum.h>
36 #include <gnutls_db.h>
37 #include <gnutls_record.h>
38 #include <gnutls_handshake.h>
39 #include <gnutls_dh.h>
40 #include <gnutls_buffers.h>
41 #include <gnutls_mbuffers.h>
42 #include <gnutls_state.h>
43 #include <gnutls_constate.h>
44 #include <auth_cert.h>
45 #include <auth_anon.h>
46 #include <auth_psk.h>
47 #include <gnutls_algorithms.h>
48 #include <gnutls_rsa_export.h>
49 #include <gnutls_extensions.h>
50 #include <system.h>
52 /* These should really be static, but src/tests.c calls them. Make
53 them public functions? */
54 void
58 void
60 gnutls_certificate_type_t ct)
61 {
63 }
65 /**
66 * gnutls_cipher_get:
67 * @session: is a #gnutls_session_t structure.
68 *
69 * Get currently used cipher.
70 *
71 * Returns: the currently used cipher, a #gnutls_cipher_algorithm_t
72 * type.
73 **/
74 gnutls_cipher_algorithm_t
76 {
81 }
83 /**
84 * gnutls_certificate_type_get:
85 * @session: is a #gnutls_session_t structure.
86 *
87 * The certificate type is by default X.509, unless it is negotiated
88 * as a TLS extension.
89 *
90 * Returns: the currently used #gnutls_certificate_type_t certificate
91 * type.
92 **/
93 gnutls_certificate_type_t
95 {
97 }
99 /**
100 * gnutls_kx_get:
101 * @session: is a #gnutls_session_t structure.
102 *
103 * Get currently used key exchange algorithm.
104 *
105 * Returns: the key exchange algorithm used in the last handshake, a
106 * #gnutls_kx_algorithm_t value.
107 **/
108 gnutls_kx_algorithm_t
110 {
112 }
114 /**
115 * gnutls_mac_get:
116 * @session: is a #gnutls_session_t structure.
117 *
118 * Get currently used MAC algorithm.
119 *
120 * Returns: the currently used mac algorithm, a
121 * #gnutls_mac_algorithm_t value.
122 **/
123 gnutls_mac_algorithm_t
125 {
130 }
132 /**
133 * gnutls_compression_get:
134 * @session: is a #gnutls_session_t structure.
135 *
136 * Get currently used compression algorithm.
137 *
138 * Returns: the currently used compression method, a
139 * #gnutls_compression_method_t value.
140 **/
141 gnutls_compression_method_t
143 {
148 }
150 /* Check if the given certificate type is supported.
151 * This means that it is enabled by the priority functions,
152 * and a matching certificate exists.
153 */
154 int
156 gnutls_certificate_type_t cert_type)
157 {
160 gnutls_certificate_credentials_t cred;
163 {
172 {
174 {
176 {
179 }
180 }
183 /* no certificate is of that type.
184 */
186 }
187 }
194 {
196 {
198 }
199 }
202 }
205 /* this function deinitializes all the internal parameters stored
206 * in a session struct.
207 */
210 {
220 }
222 /* This function will clear all the variables in internals
223 * structure within the session, which depend on the current handshake.
224 * This is used to allow further handshakes.
225 */
226 static void
228 {
231 /* by default no selected certificate */
239 /* use out of band data for the last
240 * handshake messages received.
241 */
246 }
248 void
250 {
257 }
259 #define MIN_DH_BITS 727
260 /**
261 * gnutls_init:
262 * @con_end: indicate if this session is to be used for server or client.
263 * @session: is a pointer to a #gnutls_session_t structure.
264 *
265 * This function initializes the current session to null. Every
266 * session must be initialized before use, so internal structures can
267 * be allocated. This function allocates structures which can only
268 * be free'd by calling gnutls_deinit(). Returns zero on success.
269 *
270 * @con_end can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER.
271 *
272 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
273 **/
274 int
276 {
286 {
289 }
291 /* Set all NULL algos on epoch 0 */
298 /* the default certificate type for TLS */
301 /* Initialize buffers */
315 {
319 }
328 MAX_HANDSHAKE_PACKET_SIZE);
330 /* set the socket pointers to -1;
331 */
335 /* set the default maximum record size for TLS
336 */
338 DEFAULT_MAX_RECORD_SIZE;
340 DEFAULT_MAX_RECORD_SIZE;
342 /* everything else not initialized here is initialized
343 * as NULL or 0. This is why calloc is used.
344 */
348 /* emulate old gnutls behavior for old applications that do not use the priority_*
349 * functions.
350 */
353 #ifdef HAVE_WRITEV
355 #else
357 #endif
362 }
364 /* returns RESUME_FALSE or RESUME_TRUE.
365 */
366 int
368 {
370 }
373 /**
374 * gnutls_deinit:
375 * @session: is a #gnutls_session_t structure.
376 *
377 * This function clears all buffers associated with the @session.
378 * This function will also remove session data from the session
379 * database if the session was terminated abnormally.
380 **/
381 void
383 {
389 /* remove auth info firstly */
398 {
401 }
414 {
427 /* RSA */
435 }
439 }
441 /* Returns the minimum prime bits that are acceptable.
442 */
443 int
445 {
447 }
449 int
451 {
456 {
458 {
459 anon_auth_info_t info;
466 }
468 {
469 psk_auth_info_t info;
476 }
478 {
479 cert_auth_info_t info;
487 }
491 }
498 {
501 }
504 }
506 int
508 {
510 {
512 {
513 anon_auth_info_t info;
519 }
521 {
522 psk_auth_info_t info;
528 }
530 {
531 cert_auth_info_t info;
542 }
543 }
546 }
548 /* This function will set in the auth info structure the
549 * RSA exponent and the modulus.
550 */
551 int
554 {
555 cert_auth_info_t info;
570 {
573 }
577 {
581 }
584 }
587 /* Sets the prime and the generator in the auth info structure.
588 */
589 int
591 {
596 {
598 {
599 anon_auth_info_t info;
606 }
608 {
609 psk_auth_info_t info;
616 }
618 {
619 cert_auth_info_t info;
627 }
631 }
639 /* prime
640 */
643 {
646 }
648 /* generator
649 */
652 {
656 }
659 }
661 #ifdef ENABLE_OPENPGP
662 /**
663 * gnutls_openpgp_send_cert:
664 * @session: is a pointer to a #gnutls_session_t structure.
665 * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT
666 *
667 * This function will order gnutls to send the key fingerprint
668 * instead of the key in the initial handshake procedure. This should
669 * be used with care and only when there is indication or knowledge
670 * that the server can obtain the client's key.
671 **/
672 void
674 gnutls_openpgp_crt_status_t status)
675 {
677 }
678 #endif
680 /**
681 * gnutls_certificate_send_x509_rdn_sequence:
682 * @session: is a pointer to a #gnutls_session_t structure.
683 * @status: is 0 or 1
684 *
685 * If status is non zero, this function will order gnutls not to send
686 * the rdnSequence in the certificate request message. That is the
687 * server will not advertize it's trusted CAs to the peer. If status
688 * is zero then the default behaviour will take effect, which is to
689 * advertize the server's trusted CAs.
690 *
691 * This function has no effect in clients, and in authentication
692 * methods other than certificate with X.509 certificates.
693 **/
694 void
697 {
699 }
701 #ifdef ENABLE_OPENPGP
702 int
704 {
706 }
707 #endif
709 /*-
710 * _gnutls_record_set_default_version - Used to set the default version for the first record packet
711 * @session: is a #gnutls_session_t structure.
712 * @major: is a tls major version
713 * @minor: is a tls minor version
714 *
715 * This function sets the default version that we will use in the first
716 * record packet (client hello). This function is only useful to people
717 * that know TLS internals and want to debug other implementations.
718 -*/
719 void
722 {
725 }
727 /**
728 * gnutls_handshake_set_private_extensions:
729 * @session: is a #gnutls_session_t structure.
730 * @allow: is an integer (0 or 1)
731 *
732 * This function will enable or disable the use of private cipher
733 * suites (the ones that start with 0xFF). By default or if @allow
734 * is 0 then these cipher suites will not be advertized nor used.
735 *
736 * Unless this function is called with the option to allow (1), then
737 * no compression algorithms, like LZO. That is because these
738 * algorithms are not yet defined in any RFC or even internet draft.
739 *
740 * Enabling the private ciphersuites when talking to other than
741 * gnutls servers and clients may cause interoperability problems.
742 **/
743 void
745 {
747 }
753 {
754 digest_hd_st td1;
759 {
762 }
768 }
770 #define MAX_SEED_SIZE 200
772 /* Produces "total_bytes" bytes using the hash algorithm specified.
773 * (used in the PRF function)
774 */
775 static int
780 {
782 digest_hd_st td2;
788 {
791 }
796 do
797 {
799 }
802 /* calculate A(0) */
810 {
813 {
816 }
818 /* here we calculate A(i+1) */
822 {
826 }
835 {
837 }
838 else
839 {
841 }
844 {
846 }
847 }
850 }
852 /* Xor's two buffers and puts the output in the first one.
853 */
856 {
859 {
861 }
862 }
866 #define MAX_PRF_BYTES 200
868 /* The PRF function expands a given secret
869 * needed by the TLS specification. ret must have a least total_bytes
870 * available.
871 */
872 int
877 {
886 {
889 }
890 /* label+seed = s_seed */
894 {
897 }
903 {
904 result =
908 {
911 }
912 }
913 else
914 {
921 {
922 l_s++;
923 }
925 result =
929 {
932 }
934 result =
938 {
941 }
946 }
950 }
952 /**
953 * gnutls_prf_raw:
954 * @session: is a #gnutls_session_t structure.
955 * @label_size: length of the @label variable.
956 * @label: label used in PRF computation, typically a short string.
957 * @seed_size: length of the @seed variable.
958 * @seed: optional extra data to seed the PRF with.
959 * @outsize: size of pre-allocated output buffer to hold the output.
960 * @out: pre-allocate buffer to hold the generated data.
961 *
962 * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
963 * on some data.
964 *
965 * The @label variable usually contain a string denoting the purpose
966 * for the generated data. The @seed usually contain data such as the
967 * client and server random, perhaps together with some additional
968 * data that is added to guarantee uniqueness of the output for a
969 * particular purpose.
970 *
971 * Because the output is not guaranteed to be unique for a particular
972 * session unless @seed include the client random and server random
973 * fields (the PRF would output the same data on another connection
974 * resumed from the first one), it is not recommended to use this
975 * function directly. The gnutls_prf() function seed the PRF with the
976 * client and server random fields directly, and is recommended if you
977 * want to generate pseudo random data unique for each session.
978 *
979 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
980 **/
981 int
986 {
991 GNUTLS_MASTER_SIZE,
992 label,
996 }
998 /**
999 * gnutls_prf:
1000 * @session: is a #gnutls_session_t structure.
1001 * @label_size: length of the @label variable.
1002 * @label: label used in PRF computation, typically a short string.
1003 * @server_random_first: non-0 if server random field should be first in seed
1004 * @extra_size: length of the @extra variable.
1005 * @extra: optional extra data to seed the PRF with.
1006 * @outsize: size of pre-allocated output buffer to hold the output.
1007 * @out: pre-allocate buffer to hold the generated data.
1008 *
1009 * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
1010 * on some data, seeded with the client and server random fields.
1011 *
1012 * The @label variable usually contain a string denoting the purpose
1013 * for the generated data. The @server_random_first indicate whether
1014 * the client random field or the server random field should be first
1015 * in the seed. Non-0 indicate that the server random field is first,
1016 * 0 that the client random field is first.
1017 *
1018 * The @extra variable can be used to add more data to the seed, after
1019 * the random variables. It can be used to tie make sure the
1020 * generated output is strongly connected to some additional data
1021 * (e.g., a string used in user authentication).
1022 *
1023 * The output is placed in *@OUT, which must be pre-allocated.
1024 *
1025 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1026 **/
1027 int
1033 {
1040 {
1043 }
1055 GNUTLS_MASTER_SIZE,
1061 }
1063 /*-
1064 * gnutls_session_get_client_random:
1065 * @session: is a #gnutls_session_t structure.
1066 *
1067 * Return a pointer to the 32-byte client random field used in the
1068 * session. The pointer must not be modified or deallocated.
1069 *
1070 * If a client random value has not yet been established, the output
1071 * will be garbage; in particular, a %NULL return value should not be
1072 * expected.
1073 *
1074 * Returns: pointer to client random data.
1075 *
1076 * Deprecated in: 2.11.0
1077 -*/
1080 {
1082 }
1084 /*-
1085 * gnutls_session_get_server_random:
1086 * @session: is a #gnutls_session_t structure.
1087 *
1088 * Return a pointer to the 32-byte server random field used in the
1089 * session. The pointer must not be modified or deallocated.
1090 *
1091 * If a server random value has not yet been established, the output
1092 * will be garbage; in particular, a %NULL return value should not be
1093 * expected.
1094 *
1095 * Returns: pointer to server random data.
1096 *
1097 * Deprecated in: 2.11.0
1098 -*/
1101 {
1103 }
1105 /*-
1106 * gnutls_session_get_master_secret:
1107 * @session: is a #gnutls_session_t structure.
1108 *
1109 * Return a pointer to the 48-byte master secret in the session. The
1110 * pointer must not be modified or deallocated.
1111 *
1112 * If a master secret value has not yet been established, the output
1113 * will be garbage; in particular, a %NULL return value should not be
1114 * expected.
1115 *
1116 * Consider using gnutls_prf() rather than extracting the master
1117 * secret and use it to derive further data.
1118 *
1119 * Returns: pointer to master secret data.
1120 *
1121 * Deprecated in: 2.11.0
1122 -*/
1125 {
1127 }
1129 /*-
1130 * gnutls_session_set_finished_function:
1131 * @session: is a #gnutls_session_t structure.
1132 * @func: a #gnutls_finished_callback_func callback.
1133 *
1134 * Register a callback function for the session that will be called
1135 * when a TLS Finished message has been generated. The function is
1136 * typically used to copy away the TLS finished message for later use
1137 * as a channel binding or similar purpose.
1138 *
1139 * The callback should follow this prototype:
1140 *
1141 * void callback (gnutls_session_t @session, const void *@finished, size_t @len);
1142 *
1143 * The @finished parameter will contain the binary TLS finished
1144 * message, and @len will contains its length. For SSLv3 connections,
1145 * the @len parameter will be 36 and for TLS connections it will be
1146 * 12.
1147 *
1148 * It is recommended that the function returns quickly in order to not
1149 * delay the handshake. Use the function to store a copy of the TLS
1150 * finished message for later use.
1151 *
1152 * Since: 2.6.0
1153 * Deprecated in: 2.11.0
1154 -*/
1155 void
1157 gnutls_finished_callback_func func)
1158 {
1160 }
1162 /**
1163 * gnutls_session_is_resumed:
1164 * @session: is a #gnutls_session_t structure.
1165 *
1166 * Check whether session is resumed or not.
1167 *
1168 * Returns: non zero if this session is resumed, or a zero if this is
1169 * a new session.
1170 **/
1171 int
1173 {
1175 {
1184 }
1185 else
1186 {
1189 }
1192 }
1194 /*-
1195 * _gnutls_session_is_export - Used to check whether this session is of export grade
1196 * @session: is a #gnutls_session_t structure.
1197 *
1198 * This function will return non zero if this session is of export grade.
1199 -*/
1200 int
1202 {
1203 gnutls_cipher_algorithm_t cipher;
1205 cipher =
1213 }
1215 /*-
1216 * _gnutls_session_is_psk - Used to check whether this session uses PSK kx
1217 * @session: is a #gnutls_session_t structure.
1218 *
1219 * This function will return non zero if this session uses a PSK key
1220 * exchange algorithm.
1221 -*/
1222 int
1224 {
1225 gnutls_kx_algorithm_t kx;
1227 kx =
1234 }
1236 /**
1237 * gnutls_session_get_ptr:
1238 * @session: is a #gnutls_session_t structure.
1239 *
1240 * Get user pointer for session. Useful in callbacks. This is the
1241 * pointer set with gnutls_session_set_ptr().
1242 *
1243 * Returns: the user given pointer from the session structure, or
1244 * %NULL if it was never set.
1245 **/
1248 {
1250 }
1252 /**
1253 * gnutls_session_set_ptr:
1254 * @session: is a #gnutls_session_t structure.
1255 * @ptr: is the user pointer
1256 *
1257 * This function will set (associate) the user given pointer @ptr to
1258 * the session structure. This is pointer can be accessed with
1259 * gnutls_session_get_ptr().
1260 **/
1261 void
1263 {
1265 }
1268 /**
1269 * gnutls_record_get_direction:
1270 * @session: is a #gnutls_session_t structure.
1271 *
1272 * This function provides information about the internals of the
1273 * record protocol and is only useful if a prior gnutls function call
1274 * (e.g. gnutls_handshake()) was interrupted for some reason, that
1275 * is, if a function returned %GNUTLS_E_INTERRUPTED or
1276 * %GNUTLS_E_AGAIN. In such a case, you might want to call select()
1277 * or poll() before calling the interrupted gnutls function again. To
1278 * tell you whether a file descriptor should be selected for either
1279 * reading or writing, gnutls_record_get_direction() returns 0 if the
1280 * interrupted function was trying to read data, and 1 if it was
1281 * trying to write data.
1282 *
1283 * Returns: 0 if trying to read data, 1 if trying to write data.
1284 **/
1285 int
1287 {
1289 }
1291 /*-
1292 * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
1293 * @session: is a #gnutls_session_t structure.
1294 * @major: is the major version to use
1295 * @minor: is the minor version to use
1296 *
1297 * This function will set the given version number to be used at the
1298 * RSA PMS secret. This is only useful to clients, which want to
1299 * test server's capabilities.
1300 -*/
1301 void
1304 {
1307 }
1309 /**
1310 * gnutls_handshake_set_post_client_hello_function:
1311 * @session: is a #gnutls_session_t structure.
1312 * @func: is the function to be called
1313 *
1314 * This function will set a callback to be called after the client
1315 * hello has been received (callback valid in server side only). This
1316 * allows the server to adjust settings based on received extensions.
1317 *
1318 * Those settings could be ciphersuites, requesting certificate, or
1319 * anything else except for version negotiation (this is done before
1320 * the hello message is parsed).
1321 *
1322 * This callback must return 0 on success or a gnutls error code to
1323 * terminate the handshake.
1324 *
1325 * Warning: You should not use this function to terminate the
1326 * handshake based on client input unless you know what you are
1327 * doing. Before the handshake is finished there is no way to know if
1328 * there is a man-in-the-middle attack being performed.
1329 **/
1330 void
1332 gnutls_handshake_post_client_hello_func
1333 func)
1334 {
1336 }
1338 /**
1339 * gnutls_session_enable_compatibility_mode:
1340 * @session: is a #gnutls_session_t structure.
1341 *
1342 * This function can be used to disable certain (security) features in
1343 * TLS in order to maintain maximum compatibility with buggy
1344 * clients. It is equivalent to calling:
1345 * gnutls_record_disable_padding()
1346 *
1347 * Normally only servers that require maximum compatibility with
1348 * everything out there, need to call this function.
1349 **/
1350 void
1352 {
1354 }
1356 /**
1357 * gnutls_session_channel_binding:
1358 * @session: is a #gnutls_session_t structure.
1359 * @cbtype: an #gnutls_channel_binding_t enumeration type
1360 * @cb: output buffer array with data
1361 *
1362 * Extract given channel binding data of the @cbtype (e.g.,
1363 * %GNUTLS_CB_TLS_UNIQUE) type.
1364 *
1365 * Returns: %GNUTLS_E_SUCCESS on success,
1366 * %GNUTLS_E_UNIMPLEMENTED_FEATURE if the @cbtype is unsupported,
1367 * %GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE if the data is not
1368 * currently available, or an error code.
1369 *
1370 * Since: 2.12.0
1371 **/
1372 int
1374 gnutls_channel_binding_t cbtype,
1376 {
1391 }