search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync with TP.
[gnutls.git] / lib / ext_cert_type.c
blob60fd2a05bb280bd412e61d1b6a3165f9555c99d8
1 /*
2 * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25 /* This file contains the code the Certificate Type TLS extension.
26 * This extension is currently gnutls specific.
27 */
28
29 #include "gnutls_int.h"
30 #include "gnutls_errors.h"
31 #include "gnutls_num.h"
32 #include "ext_cert_type.h"
33 #include <gnutls_state.h>
34 #include <gnutls_num.h>
35
36 inline static int _gnutls_num2cert_type (int num);
37 inline static int _gnutls_cert_type2num (int record_size);
38
39 /*
40 * In case of a server: if a CERT_TYPE extension type is received then it stores
41 * into the session security parameters the new value. The server may use gnutls_session_certificate_type_get(),
42 * to access it.
43 *
44 * In case of a client: If a cert_types have been specified then we send the extension.
45 *
46 */
47
48 int
49 _gnutls_cert_type_recv_params (gnutls_session_t session,
50 const opaque * data, size_t _data_size)
51 {
52 int new_type = -1, ret, i;
53 ssize_t data_size = _data_size;
54
55 if (session->security_parameters.entity == GNUTLS_CLIENT)
56 {
57 if (data_size > 0)
58 {
59 if (data_size != 1)
60 {
61 gnutls_assert ();
62 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
63 }
64
65 new_type = _gnutls_num2cert_type (data[0]);
66
67 if (new_type < 0)
68 {
69 gnutls_assert ();
70 return new_type;
71 }
72
73 /* Check if we support this cert_type */
74 if ((ret =
75 _gnutls_session_cert_type_supported (session, new_type)) < 0)
76 {
77 gnutls_assert ();
78 return ret;
79 }
80
81 _gnutls_session_cert_type_set (session, new_type);
82 }
83 }
84 else
85 { /* SERVER SIDE - we must check if the sent cert type is the right one
86 */
87 if (data_size > 1)
88 {
89 uint8_t len;
90
91 DECR_LEN (data_size, 1);
92 len = data[0];
93 DECR_LEN (data_size, len);
94
95 for (i = 0; i < len; i++)
96 {
97 new_type = _gnutls_num2cert_type (data[i + 1]);
98
99 if (new_type < 0)
100 continue;
101
102 /* Check if we support this cert_type */
103 if ((ret =
104 _gnutls_session_cert_type_supported (session,
105 new_type)) < 0)
106 {
107 gnutls_assert ();
108 continue;
109 }
110 else
111 break;
112 /* new_type is ok */
113 }
114
115 if (new_type < 0)
116 {
117 gnutls_assert ();
118 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
119 }
120
121 if ((ret =
122 _gnutls_session_cert_type_supported (session, new_type)) < 0)
123 {
124 gnutls_assert ();
125 /* The peer has requested unsupported certificate
126 * types. Instead of failing, procceed normally.
127 * (the ciphersuite selection would fail, or a
128 * non certificate ciphersuite will be selected).
129 */
130 return 0;
131 }
132
133 _gnutls_session_cert_type_set (session, new_type);
134 }
135
136
137 }
138
139 return 0;
140 }
141
142 /* returns data_size or a negative number on failure
143 */
144 int
145 _gnutls_cert_type_send_params (gnutls_session_t session, opaque * data,
146 size_t data_size)
147 {
148 unsigned len, i;
149
150 /* this function sends the client extension data (dnsname) */
151 if (session->security_parameters.entity == GNUTLS_CLIENT)
152 {
153
154 if (session->internals.priorities.cert_type.algorithms > 0)
155 {
156
157 len = session->internals.priorities.cert_type.algorithms;
158
159 if (len == 1 &&
160 session->internals.priorities.cert_type.priority[0] ==
161 GNUTLS_CRT_X509)
162 {
163 /* We don't use this extension if X.509 certificates
164 * are used.
165 */
166 return 0;
167 }
168
169 if (data_size < len + 1)
170 {
171 gnutls_assert ();
172 return GNUTLS_E_SHORT_MEMORY_BUFFER;
173 }
174
175 /* this is a vector!
176 */
177 data[0] = (uint8_t) len;
178
179 for (i = 0; i < len; i++)
180 {
181 data[i + 1] =
182 _gnutls_cert_type2num (session->internals.
183 priorities.cert_type.priority[i]);
184 }
185 return len + 1;
186 }
187
188 }
189 else
190 { /* server side */
191 if (session->security_parameters.cert_type != DEFAULT_CERT_TYPE)
192 {
193 len = 1;
194 if (data_size < len)
195 {
196 gnutls_assert ();
197 return GNUTLS_E_SHORT_MEMORY_BUFFER;
198 }
199
200 data[0] =
201 _gnutls_cert_type2num (session->security_parameters.cert_type);
202 return len;
203 }
204
205
206 }
207
208 return 0;
209 }
210
211 /* Maps numbers to record sizes according to the
212 * extensions draft.
213 */
214 inline static int
215 _gnutls_num2cert_type (int num)
216 {
217 switch (num)
218 {
219 case 0:
220 return GNUTLS_CRT_X509;
221 case 1:
222 return GNUTLS_CRT_OPENPGP;
223 default:
224 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
225 }
226 }
227
228 /* Maps record size to numbers according to the
229 * extensions draft.
230 */
231 inline static int
232 _gnutls_cert_type2num (int cert_type)
233 {
234 switch (cert_type)
235 {
236 case GNUTLS_CRT_X509:
237 return 0;
238 case GNUTLS_CRT_OPENPGP:
239 return 1;
240 default:
241 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
242 }
243
244 }
245
Implementation of the SSL/TLS protocol