| blob | 277dfe441c068edc8613a85cc18ed67ffdc02dc7 |
1 /*
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
25 /* This file contains certificate authentication functions to be exported in the
26 * API and did not fit elsewhere.
27 */
29 #include <gnutls_int.h>
30 #include <auth_srp.h>
31 #include <auth_anon.h>
32 #include <auth_cert.h>
33 #include <auth_psk.h>
34 #include <gnutls_errors.h>
35 #include <gnutls_auth_int.h>
36 #include <gnutls_state.h>
37 #include <gnutls_datum.h>
39 /* ANON & DHE */
41 /**
42 * gnutls_dh_set_prime_bits - Used to set the bits for a DH ciphersuite
43 * @session: is a #gnutls_session_t structure.
44 * @bits: is the number of bits
45 *
46 * This function sets the number of bits, for use in an Diffie Hellman
47 * key exchange. This is used both in DH ephemeral and DH anonymous
48 * cipher suites. This will set the minimum size of the prime that
49 * will be used for the handshake.
50 *
51 * In the client side it sets the minimum accepted number of bits. If
52 * a server sends a prime with less bits than that
53 * %GNUTLS_E_DH_PRIME_UNACCEPTABLE will be returned by the handshake.
54 **/
55 void
57 {
59 }
62 /**
63 * gnutls_dh_get_group - return the group of the DH authentication
64 * @session: is a gnutls session
65 * @raw_gen: will hold the generator.
66 * @raw_prime: will hold the prime.
67 *
68 * This function will return the group parameters used in the last
69 * Diffie Hellman authentication with the peer. These are the prime
70 * and the generator used. This function should be used for both
71 * anonymous and ephemeral diffie Hellman. The output parameters must
72 * be freed with gnutls_free().
73 *
74 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
75 * an error code is returned.
76 **/
77 int
80 {
83 anon_auth_info_t anon_info;
84 cert_auth_info_t cert_info;
85 psk_auth_info_t psk_info;
88 {
110 }
114 {
117 }
121 {
125 }
128 }
130 /**
131 * gnutls_dh_get_pubkey - return the peer's public key used in DH authentication
132 * @session: is a gnutls session
133 * @raw_key: will hold the public key.
134 *
135 * This function will return the peer's public key used in the last
136 * Diffie Hellman authentication. This function should be used for
137 * both anonymous and ephemeral diffie Hellman. The output
138 * parameters must be freed with gnutls_free().
139 *
140 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
141 * an error code is returned.
142 **/
143 int
145 {
147 anon_auth_info_t anon_info;
148 cert_auth_info_t cert_info;
149 cert_auth_info_t psk_info;
152 {
154 {
160 }
162 {
168 }
170 {
177 }
181 }
185 }
187 /**
188 * gnutls_rsa_export_get_pubkey - return the peer's public key used in RSA-EXPORT authentication
189 * @session: is a gnutls session
190 * @exponent: will hold the exponent.
191 * @modulus: will hold the modulus.
192 *
193 * This function will return the peer's public key exponent and
194 * modulus used in the last RSA-EXPORT authentication. The output
195 * parameters must be freed with gnutls_free().
196 *
197 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
198 * an error code is returned.
199 **/
200 int
204 {
205 cert_auth_info_t info;
209 {
217 {
220 }
225 {
229 }
232 }
235 }
238 /**
239 * gnutls_dh_get_secret_bits - return the bits used in DH authentication
240 * @session: is a gnutls session
241 *
242 * This function will return the bits used in the last Diffie Hellman
243 * authentication with the peer. Should be used for both anonymous
244 * and ephemeral diffie Hellman.
245 *
246 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
247 * an error code is returned.
248 **/
249 int
251 {
253 {
255 {
256 anon_auth_info_t info;
262 }
264 {
265 psk_auth_info_t info;
271 }
273 {
274 cert_auth_info_t info;
281 }
285 }
286 }
289 /**
290 * gnutls_dh_get_prime_bits - return the bits used in DH authentication
291 * @session: is a gnutls session
292 *
293 * This function will return the bits of the prime used in the last
294 * Diffie Hellman authentication with the peer. Should be used for
295 * both anonymous and ephemeral diffie Hellman.
296 *
297 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
298 * an error code is returned.
299 **/
300 int
302 {
306 {
308 {
309 anon_auth_info_t info;
316 }
318 {
319 psk_auth_info_t info;
326 }
328 {
329 cert_auth_info_t info;
337 }
341 }
345 }
347 /**
348 * gnutls_rsa_export_get_modulus_bits - return the bits used in RSA-export key exchange
349 * @session: is a gnutls session
350 *
351 * Get the export RSA parameter's modulus size.
352 *
353 * Returns: the bits used in the last RSA-EXPORT key exchange with the
354 * peer, or a negative value in case of error.
355 **/
356 int
358 {
359 cert_auth_info_t info;
366 }
368 /**
369 * gnutls_dh_get_peers_public_bits - return the bits used in DH authentication
370 * @session: is a gnutls session
371 *
372 * Get the Diffie-Hellman public key bit size. Can be used for both
373 * anonymous and ephemeral diffie Hellman.
374 *
375 * Returns: the public key bit size used in the last Diffie Hellman
376 * authentication with the peer, or a negative value in case of
377 * error.
378 **/
379 int
381 {
385 {
387 {
388 anon_auth_info_t info;
396 }
398 {
399 psk_auth_info_t info;
407 }
409 {
410 cert_auth_info_t info;
418 }
422 }
426 }
428 /* CERTIFICATE STUFF */
430 /**
431 * gnutls_certificate_get_ours - return the raw certificate sent in the last handshake
432 * @session: is a gnutls session
433 *
434 * Get the certificate as sent to the peer, in the last handshake.
435 * These certificates are in raw format. In X.509 this is a
436 * certificate list. In OpenPGP this is a single certificate.
437 *
438 * Returns: return a pointer to a #gnutls_datum_t containing our
439 * certificates, or %NULL in case of an error or if no certificate
440 * was used.
441 **/
444 {
445 gnutls_certificate_credentials_t cred;
452 {
455 }
461 }
463 /**
464 * gnutls_certificate_get_peers - return the peer's raw certificate
465 * @session: is a gnutls session
466 * @list_size: is the length of the certificate list
467 *
468 * Get the peer's raw certificate (chain) as sent by the peer. These
469 * certificates are in raw format (DER encoded for X.509). In case of
470 * a X.509 then a certificate list may be present. The first
471 * certificate in the list is the peer's certificate, following the
472 * issuer's certificate, then the issuer's issuer etc.
473 *
474 * In case of OpenPGP keys a single key will be returned in raw
475 * format.
476 *
477 * Returns: return a pointer to a #gnutls_datum_t containing our
478 * certificates, or %NULL in case of an error or if no certificate
479 * was used.
480 **/
484 {
485 cert_auth_info_t info;
495 }
498 /**
499 * gnutls_certificate_client_get_request_status - return the certificate request status
500 * @session: is a gnutls session
501 *
502 * Get whether client certificate is requested or not.
503 *
504 * Returns: 0 if the peer (server) did not request client
505 * authentication or 1 otherwise, or a negative value in case of
506 * error.
507 **/
508 int
510 {
511 cert_auth_info_t info;
519 }
521 /**
522 * gnutls_fingerprint - calculate the fingerprint of the given data
523 * @algo: is a digest algorithm
524 * @data: is the data
525 * @result: is the place where the result will be copied (may be null).
526 * @result_size: should hold the size of the result. The actual size
527 * of the returned result will also be copied there.
528 *
529 * This function will calculate a fingerprint (actually a hash), of
530 * the given data. The result is not printable data. You should
531 * convert it to hex, or to something else printable.
532 *
533 * This is the usual way to calculate a fingerprint of an X.509 DER
534 * encoded certificate. Note however that the fingerprint of an
535 * OpenPGP is not just a hash and cannot be calculated with this
536 * function.
537 *
538 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
539 * an error code is returned.
540 **/
541 int
545 {
546 digest_hd_st td;
550 {
553 }
557 {
562 }
567 }
570 }
573 /**
574 * gnutls_certificate_set_dh_params - set the DH parameters for a server to use
575 * @res: is a gnutls_certificate_credentials_t structure
576 * @dh_params: is a structure that holds diffie hellman parameters.
577 *
578 * This function will set the diffie hellman parameters for a
579 * certificate server to use. These parameters will be used in
580 * Ephemeral Diffie Hellman cipher suites. Note that only a pointer
581 * to the parameters are stored in the certificate handle, so if you
582 * deallocate the parameters before the certificate is deallocated,
583 * you must change the parameters stored in the certificate first.
584 *
585 **/
586 void
588 gnutls_dh_params_t dh_params)
589 {
591 }
593 /**
594 * gnutls_certificate_set_params_function - set the DH or RSA parameters callback
595 * @res: is a gnutls_certificate_credentials_t structure
596 * @func: is the function to be called
597 *
598 * This function will set a callback in order for the server to get
599 * the diffie hellman or RSA parameters for certificate
600 * authentication. The callback should return zero on success.
601 *
602 **/
603 void
606 {
608 }
611 /**
612 * gnutls_certificate_set_verify_flags - set the flags to be used at certificate verification
613 * @res: is a gnutls_certificate_credentials_t structure
614 * @flags: are the flags
615 *
616 * This function will set the flags to be used at verification of the
617 * certificates. Flags must be OR of the
618 * #gnutls_certificate_verify_flags enumerations.
619 *
620 **/
621 void
624 {
626 }
628 /**
629 * gnutls_certificate_set_verify_limits - set the upper limits to be used at certificate verification
630 * @res: is a gnutls_certificate_credentials structure
631 * @max_bits: is the number of bits of an acceptable certificate (default 8200)
632 * @max_depth: is maximum depth of the verification of a certificate chain (default 5)
633 *
634 * This function will set some upper limits for the default
635 * verification function, gnutls_certificate_verify_peers2(), to avoid
636 * denial of service attacks. You can set them to zero to disable
637 * limits.
638 **/
639 void
643 {
646 }
648 /**
649 * gnutls_certificate_set_rsa_export_params - set the RSA parameters for a server to use
650 * @res: is a gnutls_certificate_credentials_t structure
651 * @rsa_params: is a structure that holds temporary RSA parameters.
652 *
653 * This function will set the temporary RSA parameters for a
654 * certificate server to use. These parameters will be used in
655 * RSA-EXPORT cipher suites.
656 **/
657 void
660 {
662 }
664 /**
665 * gnutls_psk_set_params_function - set the DH or RSA parameters callback
666 * @res: is a gnutls_psk_server_credentials_t structure
667 * @func: is the function to be called
668 *
669 * This function will set a callback in order for the server to get
670 * the diffie hellman or RSA parameters for psk authentication. The
671 * callback should return zero on success.
672 **/
673 void
676 {
678 }
680 /**
681 * gnutls_anon_set_params_function - set the DH or RSA parameters callback
682 * @res: is a gnutls_anon_server_credentials_t structure
683 * @func: is the function to be called
684 *
685 * This function will set a callback in order for the server to get
686 * the diffie hellman or RSA parameters for anonymous authentication.
687 * The callback should return zero on success.
688 **/
689 void
692 {
694 }