search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add.
[gnutls.git] / lib / ext_cert_type.c
blobb131fe3473e9aacf67f6bbd40b829e1d83587609
1 /*
2 * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation
3 *
4 * Author: Nikos Mavroyanopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25 /* This file contains the code the Certificate Type TLS extension.
26 * This extension is currently gnutls specific.
27 */
28
29 #include "gnutls_int.h"
30 #include "gnutls_errors.h"
31 #include "gnutls_num.h"
32 #include "ext_cert_type.h"
33 #include <gnutls_state.h>
34 #include <gnutls_num.h>
35
36 inline static int _gnutls_num2cert_type (int num);
37 inline static int _gnutls_cert_type2num (int record_size);
38
39 /*
40 * In case of a server: if a CERT_TYPE extension type is received then it stores
41 * into the session security parameters the new value. The server may use gnutls_session_certificate_type_get(),
42 * to access it.
43 *
44 * In case of a client: If a cert_types have been specified then we send the extension.
45 *
46 */
47
48 int
49 _gnutls_cert_type_recv_params (gnutls_session_t session,
50 const opaque * data, size_t _data_size)
51 {
52 int new_type = -1, ret, i;
53 ssize_t data_size = _data_size;
54
55 if (session->security_parameters.entity == GNUTLS_CLIENT)
56 {
57 if (data_size > 0)
58 {
59 if (data_size != 1)
60 {
61 gnutls_assert ();
62 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
63 }
64
65 new_type = _gnutls_num2cert_type (data[0]);
66
67 if (new_type < 0)
68 {
69 gnutls_assert ();
70 return new_type;
71 }
72
73 /* Check if we support this cert_type */
74 if ((ret =
75 _gnutls_session_cert_type_supported (session, new_type)) < 0)
76 {
77 gnutls_assert ();
78 return ret;
79 }
80
81 _gnutls_session_cert_type_set (session, new_type);
82 }
83 }
84 else
85 { /* SERVER SIDE - we must check if the sent cert type is the right one
86 */
87 if (data_size > 1)
88 {
89 uint8_t len;
90
91 len = data[0];
92 DECR_LEN (data_size, len);
93
94 for (i = 0; i < len; i++)
95 {
96 new_type = _gnutls_num2cert_type (data[i + 1]);
97
98 if (new_type < 0)
99 continue;
100
101 /* Check if we support this cert_type */
102 if ((ret =
103 _gnutls_session_cert_type_supported (session,
104 new_type)) < 0)
105 {
106 gnutls_assert ();
107 continue;
108 }
109 else
110 break;
111 /* new_type is ok */
112 }
113
114 if (new_type < 0)
115 {
116 gnutls_assert ();
117 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
118 }
119
120 if ((ret =
121 _gnutls_session_cert_type_supported (session, new_type)) < 0)
122 {
123 gnutls_assert ();
124 /* The peer has requested unsupported certificate
125 * types. Instead of failing, procceed normally.
126 * (the ciphersuite selection would fail, or a
127 * non certificate ciphersuite will be selected).
128 */
129 return 0;
130 }
131
132 _gnutls_session_cert_type_set (session, new_type);
133 }
134
135
136 }
137
138 return 0;
139 }
140
141 /* returns data_size or a negative number on failure
142 */
143 int
144 _gnutls_cert_type_send_params (gnutls_session_t session, opaque * data,
145 size_t data_size)
146 {
147 unsigned len, i;
148
149 /* this function sends the client extension data (dnsname) */
150 if (session->security_parameters.entity == GNUTLS_CLIENT)
151 {
152
153 if (session->internals.cert_type_priority.algorithms > 0)
154 {
155
156 len = session->internals.cert_type_priority.algorithms;
157
158 if (len == 1 &&
159 session->internals.cert_type_priority.priority[0] ==
160 GNUTLS_CRT_X509)
161 {
162 /* We don't use this extension if X.509 certificates
163 * are used.
164 */
165 return 0;
166 }
167
168 if (data_size < len + 1)
169 {
170 gnutls_assert ();
171 return GNUTLS_E_SHORT_MEMORY_BUFFER;
172 }
173
174 /* this is a vector!
175 */
176 data[0] = (uint8_t) len;
177
178 for (i = 0; i < len; i++)
179 {
180 data[i + 1] = _gnutls_cert_type2num (session->internals.
181 cert_type_priority.
182 priority[i]);
183 }
184 return len + 1;
185 }
186
187 }
188 else
189 { /* server side */
190 if (session->security_parameters.cert_type != DEFAULT_CERT_TYPE)
191 {
192 len = 1;
193 if (data_size < len)
194 {
195 gnutls_assert ();
196 return GNUTLS_E_SHORT_MEMORY_BUFFER;
197 }
198
199 data[0] =
200 _gnutls_cert_type2num (session->security_parameters.cert_type);
201 return len;
202 }
203
204
205 }
206
207 return 0;
208 }
209
210 /* Maps numbers to record sizes according to the
211 * extensions draft.
212 */
213 inline static int
214 _gnutls_num2cert_type (int num)
215 {
216 switch (num)
217 {
218 case 0:
219 return GNUTLS_CRT_X509;
220 case 1:
221 return GNUTLS_CRT_OPENPGP;
222 default:
223 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
224 }
225 }
226
227 /* Maps record size to numbers according to the
228 * extensions draft.
229 */
230 inline static int
231 _gnutls_cert_type2num (int cert_type)
232 {
233 switch (cert_type)
234 {
235 case GNUTLS_CRT_X509:
236 return 0;
237 case GNUTLS_CRT_OPENPGP:
238 return 1;
239 default:
240 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
241 }
242
243 }
Implementation of the SSL/TLS protocol