| blob | 672634d7f095994d9c7235d94ce0441bccc65bcf |
1 /*
2 * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
3 * Free Software Foundation, Inc.
4 *
5 * Author: Nikos Mavrogiannopoulos
6 *
7 * This file is part of GNUTLS.
8 *
9 * The GNUTLS library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
22 * USA
23 *
24 */
26 /* Functions to manipulate the session (gnutls_int.h), and some other stuff
27 * are included here. The file's name is traditionally gnutls_state even if the
28 * state has been renamed to session.
29 */
31 #include <gnutls_int.h>
32 #include <gnutls_errors.h>
33 #include <gnutls_auth.h>
34 #include <gnutls_num.h>
35 #include <gnutls_datum.h>
36 #include <gnutls_db.h>
37 #include <gnutls_record.h>
38 #include <gnutls_handshake.h>
39 #include <gnutls_dh.h>
40 #include <gnutls_buffers.h>
41 #include <gnutls_state.h>
42 #include <auth_cert.h>
43 #include <auth_anon.h>
44 #include <auth_psk.h>
45 #include <gnutls_algorithms.h>
46 #include <gnutls_rsa_export.h>
48 /* These should really be static, but src/tests.c calls them. Make
49 them public functions? */
50 void
53 void
57 void
59 gnutls_certificate_type_t ct)
60 {
62 }
64 /**
65 * gnutls_cipher_get - Returns the currently used cipher.
66 * @session: is a #gnutls_session_t structure.
67 *
68 * Get currently used cipher.
69 *
70 * Returns: the currently used cipher, a #gnutls_cipher_algorithm_t
71 * type.
72 **/
73 gnutls_cipher_algorithm_t
75 {
77 }
79 /**
80 * gnutls_certificate_type_get - Returns the currently used certificate type.
81 * @session: is a #gnutls_session_t structure.
82 *
83 * The certificate type is by default X.509, unless it is negotiated
84 * as a TLS extension.
85 *
86 * Returns: the currently used #gnutls_certificate_type_t certificate
87 * type.
88 **/
89 gnutls_certificate_type_t
91 {
93 }
95 /**
96 * gnutls_kx_get - Returns the key exchange algorithm.
97 * @session: is a #gnutls_session_t structure.
98 *
99 * Get currently used key exchange algorithm.
100 *
101 * Returns: the key exchange algorithm used in the last handshake, a
102 * #gnutls_kx_algorithm_t value.
103 **/
104 gnutls_kx_algorithm_t
106 {
108 }
110 /**
111 * gnutls_mac_get - Returns the currently used mac algorithm.
112 * @session: is a #gnutls_session_t structure.
113 *
114 * Get currently used MAC algorithm.
115 *
116 * Returns: the currently used mac algorithm, a
117 * #gnutls_mac_algorithm_t value.
118 **/
119 gnutls_mac_algorithm_t
121 {
123 }
125 /**
126 * gnutls_compression_get - Returns the currently used compression algorithm.
127 * @session: is a #gnutls_session_t structure.
128 *
129 * Get currently used compression algorithm.
130 *
131 * Returns: the currently used compression method, a
132 * #gnutls_compression_method_t value.
133 **/
134 gnutls_compression_method_t
136 {
138 }
140 /* Check if the given certificate type is supported.
141 * This means that it is enabled by the priority functions,
142 * and a matching certificate exists.
143 */
144 int
146 gnutls_certificate_type_t cert_type)
147 {
150 gnutls_certificate_credentials_t cred;
153 {
161 {
163 {
165 {
168 }
169 }
172 /* no certificate is of that type.
173 */
175 }
176 }
183 {
185 {
187 }
188 }
191 }
194 /* this function deinitializes all the internal parameters stored
195 * in a session struct.
196 */
199 {
209 }
211 /* This function will clear all the variables in internals
212 * structure within the session, which depend on the current handshake.
213 * This is used to allow further handshakes.
214 */
215 static void
217 {
220 /* by default no selected certificate */
232 /* use out of band data for the last
233 * handshake messages received.
234 */
239 }
241 void
243 {
250 }
252 #define MIN_DH_BITS 727
253 /**
254 * gnutls_init - initialize the session to null (null encryption etc...).
255 * @con_end: indicate if this session is to be used for server or client.
256 * @session: is a pointer to a #gnutls_session_t structure.
257 *
258 * This function initializes the current session to null. Every
259 * session must be initialized before use, so internal structures can
260 * be allocated. This function allocates structures which can only
261 * be free'd by calling gnutls_deinit(). Returns zero on success.
262 *
263 * @con_end can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER.
264 *
265 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
266 **/
267 int
269 {
276 /* the default certificate type for TLS */
279 /* Set the defaults for initial handshake */
282 GNUTLS_CIPHER_NULL;
288 GNUTLS_COMP_NULL;
290 GNUTLS_COMP_NULL;
294 /* Initialize buffers */
308 {
309 cleanup_session:
313 }
322 MAX_HANDSHAKE_PACKET_SIZE);
324 /* Allocate a minimum size for recv_data
325 * This is allocated in order to avoid small messages, making
326 * the receive procedure slow.
327 */
329 INITIAL_RECV_BUFFER_SIZE))
330 {
333 }
335 /* set the socket pointers to -1;
336 */
340 /* set the default maximum record size for TLS
341 */
343 DEFAULT_MAX_RECORD_SIZE;
345 DEFAULT_MAX_RECORD_SIZE;
347 /* everything else not initialized here is initialized
348 * as NULL or 0. This is why calloc is used.
349 */
354 }
356 /* returns RESUME_FALSE or RESUME_TRUE.
357 */
358 int
360 {
362 }
365 /**
366 * gnutls_deinit - clear all buffers associated with a session
367 * @session: is a #gnutls_session_t structure.
368 *
369 * This function clears all buffers associated with the @session.
370 * This function will also remove session data from the session
371 * database if the session was terminated abnormally.
372 **/
373 void
375 {
380 /* remove auth info firstly */
416 {
429 /* RSA */
437 }
442 {
446 }
450 session_ticket);
454 }
456 /* Returns the minimum prime bits that are acceptable.
457 */
458 int
460 {
462 }
464 int
466 {
471 {
473 {
474 anon_auth_info_t info;
481 }
483 {
484 psk_auth_info_t info;
491 }
493 {
494 cert_auth_info_t info;
502 }
506 }
513 {
516 }
519 }
521 int
523 {
525 {
527 {
528 anon_auth_info_t info;
534 }
536 {
537 psk_auth_info_t info;
543 }
545 {
546 cert_auth_info_t info;
557 }
558 }
561 }
563 /* This function will set in the auth info structure the
564 * RSA exponent and the modulus.
565 */
566 int
569 {
570 cert_auth_info_t info;
585 {
588 }
592 {
596 }
599 }
602 /* Sets the prime and the generator in the auth info structure.
603 */
604 int
606 {
611 {
613 {
614 anon_auth_info_t info;
621 }
623 {
624 psk_auth_info_t info;
631 }
633 {
634 cert_auth_info_t info;
642 }
646 }
654 /* prime
655 */
658 {
661 }
663 /* generator
664 */
667 {
671 }
674 }
676 #ifdef ENABLE_OPENPGP
677 /**
678 * gnutls_openpgp_send_cert - order gnutls to send the openpgp fingerprint instead of the key
679 * @session: is a pointer to a #gnutls_session_t structure.
680 * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT
681 *
682 * This function will order gnutls to send the key fingerprint
683 * instead of the key in the initial handshake procedure. This should
684 * be used with care and only when there is indication or knowledge
685 * that the server can obtain the client's key.
686 **/
687 void
689 gnutls_openpgp_crt_status_t status)
690 {
692 }
693 #endif
695 /**
696 * gnutls_certificate_send_x509_rdn_sequence - order gnutls to send or not the x.509 rdn sequence
697 * @session: is a pointer to a #gnutls_session_t structure.
698 * @status: is 0 or 1
699 *
700 * If status is non zero, this function will order gnutls not to send
701 * the rdnSequence in the certificate request message. That is the
702 * server will not advertize it's trusted CAs to the peer. If status
703 * is zero then the default behaviour will take effect, which is to
704 * advertize the server's trusted CAs.
705 *
706 * This function has no effect in clients, and in authentication
707 * methods other than certificate with X.509 certificates.
708 **/
709 void
712 {
714 }
716 #ifdef ENABLE_OPENPGP
717 int
719 {
721 }
722 #endif
724 /*-
725 * _gnutls_record_set_default_version - Used to set the default version for the first record packet
726 * @session: is a #gnutls_session_t structure.
727 * @major: is a tls major version
728 * @minor: is a tls minor version
729 *
730 * This function sets the default version that we will use in the first
731 * record packet (client hello). This function is only useful to people
732 * that know TLS internals and want to debug other implementations.
733 *
734 -*/
735 void
738 {
741 }
743 /**
744 * gnutls_handshake_set_private_extensions - Used to enable the private cipher suites
745 * @session: is a #gnutls_session_t structure.
746 * @allow: is an integer (0 or 1)
747 *
748 * This function will enable or disable the use of private cipher
749 * suites (the ones that start with 0xFF). By default or if @allow
750 * is 0 then these cipher suites will not be advertized nor used.
751 *
752 * Unless this function is called with the option to allow (1), then
753 * no compression algorithms, like LZO. That is because these
754 * algorithms are not yet defined in any RFC or even internet draft.
755 *
756 * Enabling the private ciphersuites when talking to other than
757 * gnutls servers and clients may cause interoperability problems.
758 **/
759 void
761 {
763 }
769 {
770 digest_hd_st td1;
775 {
778 }
784 }
786 #define MAX_SEED_SIZE 200
788 /* Produces "total_bytes" bytes using the hash algorithm specified.
789 * (used in the PRF function)
790 */
791 static int
796 {
798 digest_hd_st td2;
804 {
807 }
812 do
813 {
815 }
818 /* calculate A(0) */
826 {
829 {
832 }
834 /* here we calculate A(i+1) */
838 {
842 }
851 {
853 }
854 else
855 {
857 }
860 {
862 }
863 }
866 }
868 /* Xor's two buffers and puts the output in the first one.
869 */
872 {
875 {
877 }
878 }
882 #define MAX_PRF_BYTES 200
884 /* The PRF function expands a given secret
885 * needed by the TLS specification. ret must have a least total_bytes
886 * available.
887 */
888 int
893 {
902 {
905 }
906 /* label+seed = s_seed */
910 {
913 }
919 {
920 result =
924 {
927 }
928 }
929 else
930 {
937 {
938 l_s++;
939 }
941 result =
945 {
948 }
950 result =
954 {
957 }
962 }
966 }
968 /**
969 * gnutls_prf_raw - access the TLS PRF directly
970 * @session: is a #gnutls_session_t structure.
971 * @label_size: length of the @label variable.
972 * @label: label used in PRF computation, typically a short string.
973 * @seed_size: length of the @seed variable.
974 * @seed: optional extra data to seed the PRF with.
975 * @outsize: size of pre-allocated output buffer to hold the output.
976 * @out: pre-allocate buffer to hold the generated data.
977 *
978 * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
979 * on some data.
980 *
981 * The @label variable usually contain a string denoting the purpose
982 * for the generated data. The @seed usually contain data such as the
983 * client and server random, perhaps together with some additional
984 * data that is added to guarantee uniqueness of the output for a
985 * particular purpose.
986 *
987 * Because the output is not guaranteed to be unique for a particular
988 * session unless @seed include the client random and server random
989 * fields (the PRF would output the same data on another connection
990 * resumed from the first one), it is not recommended to use this
991 * function directly. The gnutls_prf() function seed the PRF with the
992 * client and server random fields directly, and is recommended if you
993 * want to generate pseudo random data unique for each session.
994 *
995 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
996 **/
997 int
1002 {
1007 GNUTLS_MASTER_SIZE,
1008 label,
1012 }
1014 /**
1015 * gnutls_prf - derive pseudo-random data using the TLS PRF
1016 * @session: is a #gnutls_session_t structure.
1017 * @label_size: length of the @label variable.
1018 * @label: label used in PRF computation, typically a short string.
1019 * @server_random_first: non-0 if server random field should be first in seed
1020 * @extra_size: length of the @extra variable.
1021 * @extra: optional extra data to seed the PRF with.
1022 * @outsize: size of pre-allocated output buffer to hold the output.
1023 * @out: pre-allocate buffer to hold the generated data.
1024 *
1025 * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
1026 * on some data, seeded with the client and server random fields.
1027 *
1028 * The @label variable usually contain a string denoting the purpose
1029 * for the generated data. The @server_random_first indicate whether
1030 * the client random field or the server random field should be first
1031 * in the seed. Non-0 indicate that the server random field is first,
1032 * 0 that the client random field is first.
1033 *
1034 * The @extra variable can be used to add more data to the seed, after
1035 * the random variables. It can be used to tie make sure the
1036 * generated output is strongly connected to some additional data
1037 * (e.g., a string used in user authentication).
1038 *
1039 * The output is placed in *@OUT, which must be pre-allocated.
1040 *
1041 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1042 **/
1043 int
1049 {
1056 {
1059 }
1071 GNUTLS_MASTER_SIZE,
1077 }
1079 /**
1080 * gnutls_session_get_client_random - get the session's client random value
1081 * @session: is a #gnutls_session_t structure.
1082 *
1083 * Return a pointer to the 32-byte client random field used in the
1084 * session. The pointer must not be modified or deallocated.
1085 *
1086 * If a client random value has not yet been established, the output
1087 * will be garbage; in particular, a %NULL return value should not be
1088 * expected.
1089 *
1090 * Returns: pointer to client random data.
1091 **/
1094 {
1096 }
1098 /**
1099 * gnutls_session_get_server_random - get the session's server random value
1100 * @session: is a #gnutls_session_t structure.
1101 *
1102 * Return a pointer to the 32-byte server random field used in the
1103 * session. The pointer must not be modified or deallocated.
1104 *
1105 * If a server random value has not yet been established, the output
1106 * will be garbage; in particular, a %NULL return value should not be
1107 * expected.
1108 *
1109 * Returns: pointer to server random data.
1110 **/
1113 {
1115 }
1117 /**
1118 * gnutls_session_get_master_secret - get the session's master secret value
1119 * @session: is a #gnutls_session_t structure.
1120 *
1121 * Return a pointer to the 48-byte master secret in the session. The
1122 * pointer must not be modified or deallocated.
1123 *
1124 * If a master secret value has not yet been established, the output
1125 * will be garbage; in particular, a %NULL return value should not be
1126 * expected.
1127 *
1128 * Consider using gnutls_prf() rather than extracting the master
1129 * secret and use it to derive further data.
1130 *
1131 * Returns: pointer to master secret data.
1132 **/
1135 {
1137 }
1139 /**
1140 * gnutls_session_set_finished_function:
1141 * @session: is a #gnutls_session_t structure.
1142 * @func: a #gnutls_finished_callback_func callback.
1143 *
1144 * Register a callback function for the session that will be called
1145 * when a TLS Finished message has been generated. The function is
1146 * typically used to copy away the TLS finished message for later use
1147 * as a channel binding or similar purpose.
1148 *
1149 * The callback should follow this prototype:
1150 *
1151 * void callback (gnutls_session_t @session, const void *@finished, size_t @len);
1152 *
1153 * The @finished parameter will contain the binary TLS finished
1154 * message, and @len will contains its length. For SSLv3 connections,
1155 * the @len parameter will be 36 and for TLS connections it will be
1156 * 12.
1157 *
1158 * It is recommended that the function returns quickly in order to not
1159 * delay the handshake. Use the function to store a copy of the TLS
1160 * finished message for later use.
1161 *
1162 * Since: 2.6.0
1163 **/
1164 void
1166 gnutls_finished_callback_func func)
1167 {
1169 }
1171 /**
1172 * gnutls_session_is_resumed - check whether this session is a resumed one
1173 * @session: is a #gnutls_session_t structure.
1174 *
1175 * Check whether session is resumed or not.
1176 *
1177 * Returns: non zero if this session is resumed, or a zero if this is
1178 * a new session.
1179 **/
1180 int
1182 {
1184 {
1190 session_id,
1193 }
1194 else
1195 {
1198 }
1201 }
1203 /*-
1204 * _gnutls_session_is_export - Used to check whether this session is of export grade
1205 * @session: is a #gnutls_session_t structure.
1206 *
1207 * This function will return non zero if this session is of export grade.
1208 *
1209 -*/
1210 int
1212 {
1213 gnutls_cipher_algorithm_t cipher;
1215 cipher =
1217 current_cipher_suite);
1223 }
1225 /*-
1226 * _gnutls_session_is_psk - Used to check whether this session uses PSK kx
1227 * @session: is a #gnutls_session_t structure.
1228 *
1229 * This function will return non zero if this session uses a PSK key
1230 * exchange algorithm.
1231 *
1232 -*/
1233 int
1235 {
1236 gnutls_kx_algorithm_t kx;
1238 kx =
1240 current_cipher_suite);
1245 }
1247 /**
1248 * gnutls_session_get_ptr - Get the user pointer from the session structure
1249 * @session: is a #gnutls_session_t structure.
1250 *
1251 * Get user pointer for session. Useful in callbacks. This is the
1252 * pointer set with gnutls_session_set_ptr().
1253 *
1254 * Returns: the user given pointer from the session structure, or
1255 * %NULL if it was never set.
1256 **/
1259 {
1261 }
1263 /**
1264 * gnutls_session_set_ptr - Used to set the user pointer to the session structure
1265 * @session: is a #gnutls_session_t structure.
1266 * @ptr: is the user pointer
1267 *
1268 * This function will set (associate) the user given pointer @ptr to
1269 * the session structure. This is pointer can be accessed with
1270 * gnutls_session_get_ptr().
1271 **/
1272 void
1274 {
1276 }
1279 /**
1280 * gnutls_record_get_direction - return the direction of the last interrupted function call
1281 * @session: is a #gnutls_session_t structure.
1282 *
1283 * This function provides information about the internals of the
1284 * record protocol and is only useful if a prior gnutls function call
1285 * (e.g. gnutls_handshake()) was interrupted for some reason, that
1286 * is, if a function returned %GNUTLS_E_INTERRUPTED or
1287 * %GNUTLS_E_AGAIN. In such a case, you might want to call select()
1288 * or poll() before calling the interrupted gnutls function again. To
1289 * tell you whether a file descriptor should be selected for either
1290 * reading or writing, gnutls_record_get_direction() returns 0 if the
1291 * interrupted function was trying to read data, and 1 if it was
1292 * trying to write data.
1293 *
1294 * Returns: 0 if trying to read data, 1 if trying to write data.
1295 **/
1296 int
1298 {
1300 }
1302 /*-
1303 * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
1304 * @session: is a #gnutls_session_t structure.
1305 * @major: is the major version to use
1306 * @minor: is the minor version to use
1307 *
1308 * This function will set the given version number to be used at the
1309 * RSA PMS secret. This is only useful to clients, which want to
1310 * test server's capabilities.
1311 *
1312 -*/
1313 void
1316 {
1319 }
1321 /**
1322 * gnutls_handshake_set_post_client_hello_function - set callback to be called after the client hello is received
1323 * @session: is a #gnutls_session_t structure.
1324 * @func: is the function to be called
1325 *
1326 * This function will set a callback to be called after the client
1327 * hello has been received (callback valid in server side only). This
1328 * allows the server to adjust settings based on received extensions.
1329 *
1330 * Those settings could be ciphersuites, requesting certificate, or
1331 * anything else except for version negotiation (this is done before
1332 * the hello message is parsed).
1333 *
1334 * This callback must return 0 on success or a gnutls error code to
1335 * terminate the handshake.
1336 *
1337 * Warning: You should not use this function to terminate the
1338 * handshake based on client input unless you know what you are
1339 * doing. Before the handshake is finished there is no way to know if
1340 * there is a man-in-the-middle attack being performed.
1341 **/
1342 void
1344 gnutls_handshake_post_client_hello_func
1345 func)
1346 {
1348 }
1350 /**
1351 * gnutls_session_enable_compatibility_mode - disable certain features in TLS in order to honour compatibility
1352 * @session: is a #gnutls_session_t structure.
1353 *
1354 * This function can be used to disable certain (security) features in
1355 * TLS in order to maintain maximum compatibility with buggy
1356 * clients. It is equivalent to calling:
1357 * gnutls_record_disable_padding()
1358 *
1359 * Normally only servers that require maximum compatibility with
1360 * everything out there, need to call this function.
1361 **/
1362 void
1364 {
1366 }