| blob | 7e07e6773db49260d6430f5989c7b0eafc8629b9 |
1 /*
2 * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
3 *
4 * Author: Nikos Mavroyanopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
25 /* Functions to manipulate the session (gnutls_int.h), and some other stuff
26 * are included here. The file's name is traditionally gnutls_state even if the
27 * state has been renamed to session.
28 */
30 #include <gnutls_int.h>
31 #include <gnutls_errors.h>
32 #include <gnutls_auth_int.h>
33 #include <gnutls_num.h>
34 #include <gnutls_datum.h>
35 #include <gnutls_db.h>
36 #include <gnutls_record.h>
37 #include <gnutls_handshake.h>
38 #include <gnutls_dh.h>
39 #include <gnutls_buffers.h>
40 #include <gnutls_state.h>
41 #include <auth_cert.h>
42 #include <auth_anon.h>
43 #include <auth_psk.h>
44 #include <gnutls_algorithms.h>
45 #include <gnutls_rsa_export.h>
47 #define CHECK_AUTH(auth, ret) if (gnutls_auth_get_type(session) != auth) { \
48 gnutls_assert(); \
49 return ret; \
50 }
52 void
54 gnutls_certificate_type_t ct)
55 {
57 }
59 /**
60 * gnutls_cipher_get - Returns the currently used cipher.
61 * @session: is a #gnutls_session_t structure.
62 *
63 * Returns the currently used cipher.
64 **/
65 gnutls_cipher_algorithm_t
67 {
69 }
71 /**
72 * gnutls_certificate_type_get - Returns the currently used certificate type.
73 * @session: is a #gnutls_session_t structure.
74 *
75 * Returns the currently used certificate type. The certificate type
76 * is by default X.509, unless it is negotiated as a TLS extension.
77 *
78 **/
79 gnutls_certificate_type_t
81 {
83 }
85 /**
86 * gnutls_kx_get - Returns the key exchange algorithm.
87 * @session: is a #gnutls_session_t structure.
88 *
89 * Returns the key exchange algorithm used in the last handshake.
90 **/
91 gnutls_kx_algorithm_t
93 {
95 }
97 /**
98 * gnutls_mac_get - Returns the currently used mac algorithm.
99 * @session: is a #gnutls_session_t structure.
100 *
101 * Returns the currently used mac algorithm.
102 **/
103 gnutls_mac_algorithm_t
105 {
107 }
109 /**
110 * gnutls_compression_get - Returns the currently used compression algorithm.
111 * @session: is a #gnutls_session_t structure.
112 *
113 * Returns the currently used compression method.
114 **/
115 gnutls_compression_method_t
117 {
119 }
121 /* Check if the given certificate type is supported.
122 * This means that it is enabled by the priority functions,
123 * and a matching certificate exists.
124 */
125 int
127 gnutls_certificate_type_t cert_type)
128 {
131 gnutls_certificate_credentials_t cred;
134 {
142 {
144 {
147 }
148 }
150 /* no certificate is of that type.
151 */
153 }
161 {
163 {
165 }
166 }
169 }
171 /* this function deinitializes all the internal parameters stored
172 * in a session struct.
173 */
176 {
184 }
186 /* This function will clear all the variables in internals
187 * structure within the session, which depend on the current handshake.
188 * This is used to allow further handshakes.
189 */
190 void
192 {
195 /* by default no selected certificate */
206 /* use out of band data for the last
207 * handshake messages received.
208 */
219 }
221 #define MIN_DH_BITS 727
222 /**
223 * gnutls_init - This function initializes the session to null (null encryption etc...).
224 * @con_end: is used to indicate if this session is to be used for server or
225 * client. Can be one of GNUTLS_CLIENT and GNUTLS_SERVER.
226 * @session: is a pointer to a #gnutls_session_t structure.
227 *
228 * This function initializes the current session to null. Every session
229 * must be initialized before use, so internal structures can be allocated.
230 * This function allocates structures which can only be free'd
231 * by calling gnutls_deinit(). Returns zero on success.
232 **/
233 int
235 {
242 /* the default certificate type for TLS */
245 /* Set the defaults for initial handshake */
248 GNUTLS_CIPHER_NULL;
254 GNUTLS_COMP_NULL;
256 GNUTLS_COMP_NULL;
260 /* Initialize buffers */
274 {
275 cleanup_session:
279 }
288 MAX_HANDSHAKE_PACKET_SIZE);
290 /* Allocate a minimum size for recv_data
291 * This is allocated in order to avoid small messages, making
292 * the receive procedure slow.
293 */
297 {
300 }
302 /* set the socket pointers to -1;
303 */
307 /* set the default maximum record size for TLS
308 */
310 DEFAULT_MAX_RECORD_SIZE;
312 DEFAULT_MAX_RECORD_SIZE;
314 /* everything else not initialized here is initialized
315 * as NULL or 0. This is why calloc is used.
316 */
321 }
323 /* returns RESUME_FALSE or RESUME_TRUE.
324 */
325 int
327 {
329 }
332 /**
333 * gnutls_deinit - This function clears all buffers associated with a session
334 * @session: is a #gnutls_session_t structure.
335 *
336 * This function clears all buffers associated with the @session.
337 * This function will also remove session data from the session database
338 * if the session was terminated abnormally.
339 *
340 **/
341 void
343 {
348 /* remove auth info firstly */
386 {
399 /* RSA */
407 }
412 {
416 }
420 }
422 /* Returns the minimum prime bits that are acceptable.
423 */
424 int
426 {
428 }
430 int
432 {
437 {
439 {
440 anon_auth_info_t info;
447 }
449 {
450 psk_auth_info_t info;
457 }
459 {
460 cert_auth_info_t info;
468 }
472 }
476 {
479 }
482 }
484 int
486 {
488 {
490 {
491 anon_auth_info_t info;
497 }
499 {
500 psk_auth_info_t info;
506 }
508 {
509 cert_auth_info_t info;
520 }
521 }
524 }
526 /* This function will set in the auth info structure the
527 * RSA exponent and the modulus.
528 */
529 int
532 {
533 cert_auth_info_t info;
542 {
545 }
549 {
553 }
556 }
559 /* Sets the prime and the generator in the auth info structure.
560 */
561 int
563 {
568 {
570 {
571 anon_auth_info_t info;
578 }
580 {
581 psk_auth_info_t info;
588 }
590 {
591 cert_auth_info_t info;
599 }
603 }
605 /* prime
606 */
609 {
612 }
614 /* generator
615 */
618 {
622 }
625 }
627 /**
628 * gnutls_openpgp_send_key - This function will order gnutls to send the openpgp fingerprint instead of the key
629 * @session: is a pointer to a #gnutls_session_t structure.
630 * @status: is one of OPENPGP_KEY, or OPENPGP_KEY_FINGERPRINT
631 *
632 * This function will order gnutls to send the key fingerprint instead
633 * of the key in the initial handshake procedure. This should be used
634 * with care and only when there is indication or knowledge that the
635 * server can obtain the client's key.
636 *
637 **/
638 void
640 gnutls_openpgp_key_status_t status)
641 {
643 }
645 /**
646 * gnutls_certificate_send_x509_rdn_sequence - This function will order gnutls to send or not the x.509 rdn sequence
647 * @session: is a pointer to a #gnutls_session_t structure.
648 * @status: is 0 or 1
649 *
650 * If status is non zero, this function will order gnutls not to send the rdnSequence
651 * in the certificate request message. That is the server will not advertize
652 * it's trusted CAs to the peer. If status is zero then the default behaviour will
653 * take effect, which is to advertize the server's trusted CAs.
654 *
655 * This function has no effect in clients, and in authentication methods other than
656 * certificate with X.509 certificates.
657 *
658 **/
659 void
662 {
664 }
666 int
668 {
670 }
672 /*-
673 * _gnutls_record_set_default_version - Used to set the default version for the first record packet
674 * @session: is a #gnutls_session_t structure.
675 * @major: is a tls major version
676 * @minor: is a tls minor version
677 *
678 * This function sets the default version that we will use in the first
679 * record packet (client hello). This function is only useful to people
680 * that know TLS internals and want to debug other implementations.
681 *
682 -*/
683 void
686 {
689 }
691 /**
692 * gnutls_handshake_set_private_extensions - Used to enable the private cipher suites
693 * @session: is a #gnutls_session_t structure.
694 * @allow: is an integer (0 or 1)
695 *
696 * This function will enable or disable the use of private
697 * cipher suites (the ones that start with 0xFF). By default
698 * or if @allow is 0 then these cipher suites will not be
699 * advertized nor used.
700 *
701 * Unless this function is called with the option to allow (1), then
702 * no compression algorithms, like LZO. That is because these algorithms
703 * are not yet defined in any RFC or even internet draft.
704 *
705 * Enabling the private ciphersuites when talking to other than gnutls
706 * servers and clients may cause interoperability problems.
707 *
708 **/
709 void
711 {
713 }
719 {
720 mac_hd_t td1;
724 {
727 }
733 }
735 #define MAX_SEED_SIZE 200
737 /* Produces "total_bytes" bytes using the hash algorithm specified.
738 * (used in the PRF function)
739 */
740 static int
745 {
747 mac_hd_t td2;
753 {
756 }
761 do
762 {
764 }
767 /* calculate A(0) */
775 {
778 {
781 }
783 /* here we calculate A(i+1) */
787 {
791 }
800 {
802 }
803 else
804 {
806 }
809 {
811 }
812 }
815 }
817 /* Xor's two buffers and puts the output in the first one.
818 */
821 {
824 {
826 }
827 }
831 #define MAX_PRF_BYTES 200
833 /* The PRF function expands a given secret
834 * needed by the TLS specification. ret must have a least total_bytes
835 * available.
836 */
837 int
842 {
851 {
854 }
855 /* label+seed = s_seed */
859 {
862 }
868 {
869 result =
874 {
877 }
878 }
879 else
880 {
887 {
888 l_s++;
889 }
891 result =
895 {
898 }
900 result =
904 {
907 }
912 }
916 }
918 /**
919 * gnutls_prf_raw - access the TLS PRF directly
920 * @session: is a #gnutls_session_t structure.
921 * @label_size: length of the @label variable.
922 * @label: label used in PRF computation, typically a short string.
923 * @seed_size: length of the @seed variable.
924 * @seed: optional extra data to seed the PRF with.
925 * @outsize: size of pre-allocated output buffer to hold the output.
926 * @out: pre-allocate buffer to hold the generated data.
927 *
928 * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
929 * on some data.
930 *
931 * The @label variable usually contain a string denoting the purpose
932 * for the generated data. The @seed usually contain data such as the
933 * client and server random, perhaps together with some additional
934 * data that is added to guarantee uniqueness of the output for a
935 * particular purpose.
936 *
937 * Because the output is not guaranteed to be unique for a particular
938 * session unless @seed include the client random and server random
939 * fields (the PRF would output the same data on another connection
940 * resumed from the first one), it is not recommended to use this
941 * function directly. The gnutls_prf() function seed the PRF with the
942 * client and server random fields directly, and is recommended if you
943 * want to generate pseudo random data unique for each session.
944 *
945 * Return value: Return 0 on success, or an error code.
946 **/
947 int
952 {
957 TLS_MASTER_SIZE,
958 label,
962 }
964 /**
965 * gnutls_prf - derive pseudo-random data using the TLS PRF
966 * @session: is a #gnutls_session_t structure.
967 * @label_size: length of the @label variable.
968 * @label: label used in PRF computation, typically a short string.
969 * @server_random_first: non-0 if server random field should be first in seed
970 * @extra_size: length of the @extra variable.
971 * @extra: optional extra data to seed the PRF with.
972 * @outsize: size of pre-allocated output buffer to hold the output.
973 * @out: pre-allocate buffer to hold the generated data.
974 *
975 * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
976 * on some data, seeded with the client and server random fields.
977 *
978 * The @label variable usually contain a string denoting the purpose
979 * for the generated data. The @server_random_first indicate whether
980 * the client random field or the server random field should be first
981 * in the seed. Non-0 indicate that the server random field is first,
982 * 0 that the client random field is first.
983 *
984 * The @extra variable can be used to add more data to the seed, after
985 * the random variables. It can be used to tie make sure the
986 * generated output is strongly connected to some additional data
987 * (e.g., a string used in user authentication).
988 *
989 * The output is placed in *@OUT, which must be pre-allocated.
990 *
991 * Return value: Return 0 on success, or an error code.
992 **/
993 int
999 {
1006 {
1009 }
1021 TLS_MASTER_SIZE,
1027 }
1029 /**
1030 * gnutls_session_get_client_random - get the session's client random value
1031 * @session: is a #gnutls_session_t structure.
1032 *
1033 * Return a pointer to the 32-byte client random field used in the
1034 * session. The pointer must not be modified or deallocated.
1035 *
1036 * If a client random value has not yet been established, the output
1037 * will be garbage; in particular, a %NULL return value should not be
1038 * expected.
1039 *
1040 * Return value: pointer to client random.
1041 **/
1044 {
1046 }
1048 /**
1049 * gnutls_session_get_server_random - get the session's server random value
1050 * @session: is a #gnutls_session_t structure.
1051 *
1052 * Return a pointer to the 32-byte server random field used in the
1053 * session. The pointer must not be modified or deallocated.
1054 *
1055 * If a server random value has not yet been established, the output
1056 * will be garbage; in particular, a %NULL return value should not be
1057 * expected.
1058 *
1059 * Return value: pointer to server random.
1060 **/
1063 {
1065 }
1067 /**
1068 * gnutls_session_get_master_secret - get the session's master secret value
1069 * @session: is a #gnutls_session_t structure.
1070 *
1071 * Return a pointer to the 48-byte master secret in the session. The
1072 * pointer must not be modified or deallocated.
1073 *
1074 * If a master secret value has not yet been established, the output
1075 * will be garbage; in particular, a %NULL return value should not be
1076 * expected.
1077 *
1078 * Consider using gnutls_prf() rather than extracting the master
1079 * secret and use it to derive further data.
1080 *
1081 * Return value: pointer to master secret.
1082 **/
1085 {
1087 }
1089 /**
1090 * gnutls_session_is_resumed - Used to check whether this session is a resumed one
1091 * @session: is a #gnutls_session_t structure.
1092 *
1093 * This function will return non zero if this session is a resumed one,
1094 * or a zero if this is a new session.
1095 *
1096 **/
1097 int
1099 {
1101 {
1107 session_id,
1110 }
1111 else
1112 {
1115 }
1118 }
1120 /*-
1121 * _gnutls_session_is_export - Used to check whether this session is of export grade
1122 * @session: is a #gnutls_session_t structure.
1123 *
1124 * This function will return non zero if this session is of export grade.
1125 *
1126 -*/
1127 int
1129 {
1130 gnutls_cipher_algorithm_t cipher;
1132 cipher =
1134 current_cipher_suite);
1140 }
1142 /**
1143 * gnutls_session_get_ptr - Used to get the user pointer from the session structure
1144 * @session: is a #gnutls_session_t structure.
1145 *
1146 * This function will return the user given pointer from the session structure.
1147 * This is the pointer set with gnutls_session_set_ptr().
1148 *
1149 **/
1152 {
1154 }
1156 /**
1157 * gnutls_session_set_ptr - Used to set the user pointer to the session structure
1158 * @session: is a #gnutls_session_t structure.
1159 * @ptr: is the user pointer
1160 *
1161 * This function will set (associate) the user given pointer to the
1162 * session structure. This is pointer can be accessed with
1163 * gnutls_session_get_ptr().
1164 *
1165 **/
1166 void
1168 {
1170 }
1173 /**
1174 * gnutls_record_get_direction - This function will return the direction of the last interrupted function call
1175 * @session: is a #gnutls_session_t structure.
1176 *
1177 * This function provides information about the internals of the record
1178 * protocol and is only useful if a prior gnutls function call (e.g.
1179 * gnutls_handshake()) was interrupted for some reason, that is, if a function
1180 * returned GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN. In such a case, you might
1181 * want to call select() or poll() before calling the interrupted gnutls
1182 * function again. To tell you whether a file descriptor should be selected
1183 * for either reading or writing, gnutls_record_get_direction() returns 0 if
1184 * the interrupted function was trying to read data, and 1 if it was trying to
1185 * write data.
1186 *
1187 **/
1188 int
1190 {
1192 }
1194 /*-
1195 * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
1196 * @session: is a #gnutls_session_t structure.
1197 * @major: is the major version to use
1198 * @minor: is the minor version to use
1199 *
1200 * This function will set the given version number to be used at the
1201 * RSA PMS secret. This is only useful to clients, which want to
1202 * test server's capabilities.
1203 *
1204 -*/
1205 void
1208 {
1211 }