| blob | dc201495665272b1eb91c8cda628d4028a5307ee |
1 /*
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
31 #include <gnutls_datum.h>
34 /* The functions here are used in order for authentication algorithms
35 * to be able to retrieve the needed credentials eg public and private
36 * key etc.
37 */
39 /**
40 * gnutls_credentials_clear - Clears all the credentials previously set
41 * @session: is a #gnutls_session_t structure.
42 *
43 * Clears all the credentials previously set in this session.
44 *
45 **/
46 void
48 {
54 {
58 }
60 }
61 }
63 /*
64 * This creates a linked list of the form:
65 * { algorithm, credentials, pointer to next }
66 */
67 /**
68 * gnutls_credentials_set - Sets the needed credentials for the specified authentication algorithm.
69 * @session: is a #gnutls_session_t structure.
70 * @type: is the type of the credentials
71 * @cred: is a pointer to a structure.
72 *
73 * Sets the needed credentials for the specified type.
74 * Eg username, password - or public and private keys etc.
75 * The (void* cred) parameter is a structure that depends on the
76 * specified type and on the current session (client or server).
77 * [ In order to minimize memory usage, and share credentials between
78 * several threads gnutls keeps a pointer to cred, and not the whole cred
79 * structure. Thus you will have to keep the structure allocated until
80 * you call gnutls_deinit(). ]
81 *
82 * For GNUTLS_CRD_ANON cred should be gnutls_anon_client_credentials_t in case of a client.
83 * In case of a server it should be gnutls_anon_server_credentials_t.
84 *
85 * For GNUTLS_CRD_SRP cred should be gnutls_srp_client_credentials_t
86 * in case of a client, and gnutls_srp_server_credentials_t, in case
87 * of a server.
88 *
89 * For GNUTLS_CRD_CERTIFICATE cred should be gnutls_certificate_credentials_t.
90 *
91 **/
92 int
95 {
106 /* copy credentials locally */
111 }
112 else
113 {
116 {
118 {
121 }
124 }
125 /* After this, pcred is not null.
126 */
136 /* copy credentials locally */
141 }
142 else
146 }
147 }
150 }
152 /**
153 * gnutls_auth_get_type - Returns the type of credentials for the current authentication schema.
154 * @session: is a #gnutls_session_t structure.
155 *
156 * Returns type of credentials for the current authentication schema.
157 * The returned information is to be used to distinguish the function used
158 * to access authentication data.
159 *
160 * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA,
161 * KX_DHE_RSA), the same function are to be used to access the
162 * authentication data.
163 *
164 * Returns: The type of credentials for the current authentication
165 * schema, an #gnutls_credentials_type_t type.
166 **/
167 gnutls_credentials_type_t
169 {
170 /* This is not the credentials we must set, but the authentication data
171 * we get by the peer, so it should be reversed.
172 */
175 return
179 }
181 /**
182 * gnutls_auth_server_get_type - Returns the type of credentials for the server authentication schema.
183 * @session: is a #gnutls_session_t structure.
184 *
185 * Returns the type of credentials that were used for server authentication.
186 * The returned information is to be used to distinguish the function used
187 * to access authentication data.
188 *
189 * Returns: The type of credentials for the server authentication
190 * schema, an #gnutls_credentials_type_t type.
191 **/
192 gnutls_credentials_type_t
194 {
195 return
199 }
201 /**
202 * gnutls_auth_client_get_type - Returns the type of credentials for the client authentication schema.
203 * @session: is a #gnutls_session_t structure.
204 *
205 * Returns the type of credentials that were used for client authentication.
206 * The returned information is to be used to distinguish the function used
207 * to access authentication data.
208 *
209 * Returns: The type of credentials for the client authentication
210 * schema, an #gnutls_credentials_type_t type.
211 **/
212 gnutls_credentials_type_t
214 {
215 return
219 }
222 /*
223 * This returns a pointer to the linked list. Don't
224 * free that!!!
225 */
229 {
234 }
238 {
248 {
250 {
252 }
254 }
261 out:
265 }
267 /*-
268 * _gnutls_get_auth_info - Returns a pointer to authentication information.
269 * @session: is a #gnutls_session_t structure.
270 *
271 * This function must be called after a succesful gnutls_handshake().
272 * Returns a pointer to authentication information. That information
273 * is data obtained by the handshake protocol, the key exchange algorithm,
274 * and the TLS extensions messages.
275 *
276 * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t;
277 * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t;
278 * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t;
279 -*/
282 {
284 }
286 /*-
287 * _gnutls_free_auth_info - Frees the auth info structure
288 * @session: is a #gnutls_session_t structure.
289 *
290 * This function frees the auth info structure and sets it to
291 * null. It must be called since some structures contain malloced
292 * elements.
293 -*/
294 void
296 {
301 {
304 }
307 {
311 {
319 }
322 {
332 {
334 }
342 }
349 }
356 }
358 /* This function will set the auth info structure in the key
359 * structure.
360 * If allow change is !=0 then this will allow changing the auth
361 * info structure to a different type.
362 */
363 int
367 {
369 {
372 {
375 }
378 }
379 else
380 {
382 {
383 /* If the credentials for the current authentication scheme,
384 * are not the one we want to set, then it's an error.
385 * This may happen if a rehandshake is performed an the
386 * ciphersuite which is negotiated has different authentication
387 * schema.
388 */
390 {
393 }
394 }
395 else
396 {
397 /* The new behaviour: Here we reallocate the auth info structure
398 * in order to be able to negotiate different authentication
399 * types. Ie. perform an auth_anon and then authenticate again using a
400 * certificate (in order to prevent revealing the certificate's contents,
401 * to passive eavesdropers.
402 */
404 {
411 {
414 }
418 }
419 }
420 }
422 }