| blob | 25a08cdcc58fe006ba4d135f5d0de99e0e4cc1eb |
1 /*
2 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
23 /* Functions to manipulate the session (gnutls_int.h), and some other stuff
24 * are included here. The file's name is traditionally gnutls_state even if the
25 * state has been renamed to session.
26 */
28 #include <gnutls_int.h>
29 #include <gnutls_errors.h>
30 #include <gnutls_auth.h>
31 #include <gnutls_num.h>
32 #include <gnutls_datum.h>
33 #include <gnutls_db.h>
34 #include <gnutls_record.h>
35 #include <gnutls_handshake.h>
36 #include <gnutls_dh.h>
37 #include <gnutls_buffers.h>
38 #include <gnutls_mbuffers.h>
39 #include <gnutls_state.h>
40 #include <gnutls_constate.h>
41 #include <auth/cert.h>
42 #include <auth/anon.h>
43 #include <auth/psk.h>
44 #include <algorithms.h>
45 #include <gnutls_rsa_export.h>
46 #include <gnutls_extensions.h>
47 #include <system.h>
48 #include <gnutls/dtls.h>
49 #include <timespec.h>
51 /* These should really be static, but src/tests.c calls them. Make
52 them public functions? */
53 void
57 void
59 gnutls_certificate_type_t ct)
60 {
64 }
66 void
68 gnutls_ecc_curve_t c)
69 {
70 _gnutls_handshake_log("HSK[%p]: Selected ECC curve %s (%d)\n", session, gnutls_ecc_curve_get_name(c), c);
72 }
74 /**
75 * gnutls_cipher_get:
76 * @session: is a #gnutls_session_t structure.
77 *
78 * Get currently used cipher.
79 *
80 * Returns: the currently used cipher, a #gnutls_cipher_algorithm_t
81 * type.
82 **/
83 gnutls_cipher_algorithm_t
85 {
94 }
96 /**
97 * gnutls_certificate_type_get:
98 * @session: is a #gnutls_session_t structure.
99 *
100 * The certificate type is by default X.509, unless it is negotiated
101 * as a TLS extension.
102 *
103 * Returns: the currently used #gnutls_certificate_type_t certificate
104 * type.
105 **/
106 gnutls_certificate_type_t
108 {
110 }
112 /**
113 * gnutls_kx_get:
114 * @session: is a #gnutls_session_t structure.
115 *
116 * Get currently used key exchange algorithm.
117 *
118 * Returns: the key exchange algorithm used in the last handshake, a
119 * #gnutls_kx_algorithm_t value.
120 **/
121 gnutls_kx_algorithm_t
123 {
125 }
127 /**
128 * gnutls_mac_get:
129 * @session: is a #gnutls_session_t structure.
130 *
131 * Get currently used MAC algorithm.
132 *
133 * Returns: the currently used mac algorithm, a
134 * #gnutls_mac_algorithm_t value.
135 **/
136 gnutls_mac_algorithm_t
138 {
147 }
149 /**
150 * gnutls_compression_get:
151 * @session: is a #gnutls_session_t structure.
152 *
153 * Get currently used compression algorithm.
154 *
155 * Returns: the currently used compression method, a
156 * #gnutls_compression_method_t value.
157 **/
158 gnutls_compression_method_t
160 {
169 }
171 /* Check if the given certificate type is supported.
172 * This means that it is enabled by the priority functions,
173 * and a matching certificate exists.
174 */
175 int
177 gnutls_certificate_type_t cert_type)
178 {
181 gnutls_certificate_credentials_t cred;
184 {
193 {
195 {
197 {
200 }
201 }
204 /* no certificate is of that type.
205 */
207 }
208 }
215 {
217 {
219 }
220 }
223 }
226 /* this function deinitializes all the internal parameters stored
227 * in a session struct.
228 */
231 {
241 }
243 /* This function will clear all the variables in internals
244 * structure within the session, which depend on the current handshake.
245 * This is used to allow further handshakes.
246 */
247 static void
249 {
252 /* by default no selected certificate */
257 /* use out of band data for the last
258 * handshake messages received.
259 */
268 }
270 void
272 {
280 }
282 #define MIN_DH_BITS 727
283 /**
284 * gnutls_init:
285 * @session: is a pointer to a #gnutls_session_t structure.
286 * @flags: indicate if this session is to be used for server or client.
287 *
288 * This function initializes the current session to null. Every
289 * session must be initialized before use, so internal structures can
290 * be allocated. This function allocates structures which can only
291 * be free'd by calling gnutls_deinit(). Returns %GNUTLS_E_SUCCESS (0) on success.
292 *
293 * @flags can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER. For a DTLS
294 * entity, the flags %GNUTLS_DATAGRAM and %GNUTLS_NONBLOCK are
295 * also available. The latter flag will enable a non-blocking
296 * operation of the DTLS timers.
297 *
298 * Note that since version 3.1.2 this function enables some common
299 * TLS extensions such as session tickets and OCSP certificate status
300 * request in client side by default. To prevent that use the %GNUTLS_NO_EXTENSIONS
301 * flag.
302 *
303 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
304 **/
305 int
307 {
317 {
320 }
322 /* Set all NULL algos on epoch 0 */
329 /* the default certificate type for TLS */
332 /* Initialize buffers */
349 MAX_HANDSHAKE_PACKET_SIZE);
351 /* set the socket pointers to -1;
352 */
356 /* set the default maximum record size for TLS
357 */
359 DEFAULT_MAX_RECORD_SIZE;
361 DEFAULT_MAX_RECORD_SIZE;
363 /* everything else not initialized here is initialized
364 * as NULL or 0. This is why calloc is used.
365 */
369 /* emulate old gnutls behavior for old applications that do not use the priority_*
370 * functions.
371 */
374 #ifdef HAVE_WRITEV
376 #else
378 #endif
387 {
393 }
394 else
399 else
402 /* Enable useful extensions */
404 {
407 }
410 }
412 /* returns RESUME_FALSE or RESUME_TRUE.
413 */
414 int
416 {
418 }
421 /**
422 * gnutls_deinit:
423 * @session: is a #gnutls_session_t structure.
424 *
425 * This function clears all buffers associated with the @session.
426 * This function will also remove session data from the session
427 * database if the session was terminated abnormally.
428 **/
429 void
431 {
437 /* remove auth info firstly */
446 {
449 }
478 /* RSA */
486 }
488 /* Returns the minimum prime bits that are acceptable.
489 */
490 int
492 {
497 {
499 {
500 anon_auth_info_t info;
507 }
509 {
510 psk_auth_info_t info;
517 }
519 {
520 cert_auth_info_t info;
528 }
532 }
539 {
542 }
545 }
547 int
549 {
551 {
553 {
554 anon_auth_info_t info;
560 }
562 {
563 psk_auth_info_t info;
569 }
571 {
572 cert_auth_info_t info;
583 }
584 }
587 }
589 /* This function will set in the auth info structure the
590 * RSA exponent and the modulus.
591 */
592 int
595 {
596 cert_auth_info_t info;
611 {
614 }
618 {
622 }
625 }
628 /* Sets the prime and the generator in the auth info structure.
629 */
630 int
632 {
637 {
639 {
640 anon_auth_info_t info;
647 }
649 {
650 psk_auth_info_t info;
657 }
659 {
660 cert_auth_info_t info;
668 }
672 }
680 /* prime
681 */
684 {
687 }
689 /* generator
690 */
693 {
697 }
700 }
702 #ifdef ENABLE_OPENPGP
703 /**
704 * gnutls_openpgp_send_cert:
705 * @session: is a pointer to a #gnutls_session_t structure.
706 * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT
707 *
708 * This function will order gnutls to send the key fingerprint
709 * instead of the key in the initial handshake procedure. This should
710 * be used with care and only when there is indication or knowledge
711 * that the server can obtain the client's key.
712 **/
713 void
715 gnutls_openpgp_crt_status_t status)
716 {
718 }
719 #endif
721 /**
722 * gnutls_certificate_send_x509_rdn_sequence:
723 * @session: is a pointer to a #gnutls_session_t structure.
724 * @status: is 0 or 1
725 *
726 * If status is non zero, this function will order gnutls not to send
727 * the rdnSequence in the certificate request message. That is the
728 * server will not advertise its trusted CAs to the peer. If status
729 * is zero then the default behaviour will take effect, which is to
730 * advertise the server's trusted CAs.
731 *
732 * This function has no effect in clients, and in authentication
733 * methods other than certificate with X.509 certificates.
734 **/
735 void
738 {
740 }
742 #ifdef ENABLE_OPENPGP
743 int
745 {
747 }
748 #endif
750 /*-
751 * _gnutls_record_set_default_version - Used to set the default version for the first record packet
752 * @session: is a #gnutls_session_t structure.
753 * @major: is a tls major version
754 * @minor: is a tls minor version
755 *
756 * This function sets the default version that we will use in the first
757 * record packet (client hello). This function is only useful to people
758 * that know TLS internals and want to debug other implementations.
759 -*/
760 void
763 {
766 }
768 /**
769 * gnutls_handshake_set_private_extensions:
770 * @session: is a #gnutls_session_t structure.
771 * @allow: is an integer (0 or 1)
772 *
773 * This function will enable or disable the use of private cipher
774 * suites (the ones that start with 0xFF). By default or if @allow
775 * is 0 then these cipher suites will not be advertized nor used.
776 *
777 * Currently GnuTLS does not include such cipher-suites or
778 * compression algorithms.
779 *
780 * Enabling the private ciphersuites when talking to other than
781 * gnutls servers and clients may cause interoperability problems.
782 **/
783 void
785 {
787 }
793 {
801 }
803 #define MAX_SEED_SIZE 200
805 /* Produces "total_bytes" bytes using the hash algorithm specified.
806 * (used in the PRF function)
807 */
808 static int
813 {
815 digest_hd_st td2;
821 {
824 }
829 do
830 {
832 }
835 /* calculate A(0) */
843 {
846 {
849 }
851 /* here we calculate A(i+1) */
855 {
859 }
868 {
870 }
871 else
872 {
874 }
877 {
879 }
880 }
883 }
885 #define MAX_PRF_BYTES 200
887 /* The PRF function expands a given secret
888 * needed by the TLS specification. ret must have a least total_bytes
889 * available.
890 */
891 int
896 {
905 {
908 }
909 /* label+seed = s_seed */
913 {
916 }
922 {
923 result =
928 {
931 }
932 }
933 else
934 {
941 {
942 l_s++;
943 }
945 result =
949 {
952 }
954 result =
958 {
961 }
966 }
970 }
972 /**
973 * gnutls_prf_raw:
974 * @session: is a #gnutls_session_t structure.
975 * @label_size: length of the @label variable.
976 * @label: label used in PRF computation, typically a short string.
977 * @seed_size: length of the @seed variable.
978 * @seed: optional extra data to seed the PRF with.
979 * @outsize: size of pre-allocated output buffer to hold the output.
980 * @out: pre-allocated buffer to hold the generated data.
981 *
982 * Apply the TLS Pseudo-Random-Function (PRF) on the master secret
983 * and the provided data.
984 *
985 * The @label variable usually contains a string denoting the purpose
986 * for the generated data. The @seed usually contains data such as the
987 * client and server random, perhaps together with some additional
988 * data that is added to guarantee uniqueness of the output for a
989 * particular purpose.
990 *
991 * Because the output is not guaranteed to be unique for a particular
992 * session unless @seed includes the client random and server random
993 * fields (the PRF would output the same data on another connection
994 * resumed from the first one), it is not recommended to use this
995 * function directly. The gnutls_prf() function seeds the PRF with the
996 * client and server random fields directly, and is recommended if you
997 * want to generate pseudo random data unique for each session.
998 *
999 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1000 **/
1001 int
1006 {
1011 GNUTLS_MASTER_SIZE,
1012 label,
1016 }
1018 /**
1019 * gnutls_prf:
1020 * @session: is a #gnutls_session_t structure.
1021 * @label_size: length of the @label variable.
1022 * @label: label used in PRF computation, typically a short string.
1023 * @server_random_first: non-0 if server random field should be first in seed
1024 * @extra_size: length of the @extra variable.
1025 * @extra: optional extra data to seed the PRF with.
1026 * @outsize: size of pre-allocated output buffer to hold the output.
1027 * @out: pre-allocated buffer to hold the generated data.
1028 *
1029 * Apply the TLS Pseudo-Random-Function (PRF) on the master secret
1030 * and the provided data, seeded with the client and server random fields.
1031 *
1032 * The @label variable usually contains a string denoting the purpose
1033 * for the generated data. The @server_random_first indicates whether
1034 * the client random field or the server random field should be first
1035 * in the seed. Non-0 indicates that the server random field is first,
1036 * 0 that the client random field is first.
1037 *
1038 * The @extra variable can be used to add more data to the seed, after
1039 * the random variables. It can be used to make sure the
1040 * generated output is strongly connected to some additional data
1041 * (e.g., a string used in user authentication).
1042 *
1043 * The output is placed in @out, which must be pre-allocated.
1044 *
1045 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1046 **/
1047 int
1053 {
1060 {
1063 }
1075 GNUTLS_MASTER_SIZE,
1081 }
1083 /**
1084 * gnutls_session_is_resumed:
1085 * @session: is a #gnutls_session_t structure.
1086 *
1087 * Check whether session is resumed or not.
1088 *
1089 * Returns: non zero if this session is resumed, or a zero if this is
1090 * a new session.
1091 **/
1092 int
1094 {
1096 {
1105 }
1106 else
1107 {
1110 }
1113 }
1115 /**
1116 * gnutls_session_resumption_requested:
1117 * @session: is a #gnutls_session_t structure.
1118 *
1119 * Check whether the client has asked for session resumption.
1120 * This function is valid only on server side.
1121 *
1122 * Returns: non zero if session resumption was asked, or a zero if not.
1123 **/
1124 int
1126 {
1128 {
1130 }
1131 else
1132 {
1134 }
1135 }
1137 /*-
1138 * _gnutls_session_is_export - Used to check whether this session is of export grade
1139 * @session: is a #gnutls_session_t structure.
1140 *
1141 * This function will return non zero if this session is of export grade.
1142 -*/
1143 int
1145 {
1146 gnutls_cipher_algorithm_t cipher;
1148 cipher =
1156 }
1158 /*-
1159 * _gnutls_session_is_psk - Used to check whether this session uses PSK kx
1160 * @session: is a #gnutls_session_t structure.
1161 *
1162 * This function will return non zero if this session uses a PSK key
1163 * exchange algorithm.
1164 -*/
1165 int
1167 {
1168 gnutls_kx_algorithm_t kx;
1170 kx =
1177 }
1179 /*-
1180 * _gnutls_session_is_ecc - Used to check whether this session uses ECC kx
1181 * @session: is a #gnutls_session_t structure.
1182 *
1183 * This function will return non zero if this session uses an elliptic
1184 * curves key exchange exchange algorithm.
1185 -*/
1186 int
1188 {
1189 gnutls_kx_algorithm_t kx;
1191 /* We get the key exchange algorithm through the ciphersuite because
1192 * the negotiated key exchange might not have been set yet.
1193 */
1194 kx =
1199 }
1201 /**
1202 * gnutls_session_get_ptr:
1203 * @session: is a #gnutls_session_t structure.
1204 *
1205 * Get user pointer for session. Useful in callbacks. This is the
1206 * pointer set with gnutls_session_set_ptr().
1207 *
1208 * Returns: the user given pointer from the session structure, or
1209 * %NULL if it was never set.
1210 **/
1213 {
1215 }
1217 /**
1218 * gnutls_session_set_ptr:
1219 * @session: is a #gnutls_session_t structure.
1220 * @ptr: is the user pointer
1221 *
1222 * This function will set (associate) the user given pointer @ptr to
1223 * the session structure. This pointer can be accessed with
1224 * gnutls_session_get_ptr().
1225 **/
1226 void
1228 {
1230 }
1233 /**
1234 * gnutls_record_get_direction:
1235 * @session: is a #gnutls_session_t structure.
1236 *
1237 * This function provides information about the internals of the
1238 * record protocol and is only useful if a prior gnutls function call
1239 * (e.g. gnutls_handshake()) was interrupted for some reason, that
1240 * is, if a function returned %GNUTLS_E_INTERRUPTED or
1241 * %GNUTLS_E_AGAIN. In such a case, you might want to call select()
1242 * or poll() before calling the interrupted gnutls function again. To
1243 * tell you whether a file descriptor should be selected for either
1244 * reading or writing, gnutls_record_get_direction() returns 0 if the
1245 * interrupted function was trying to read data, and 1 if it was
1246 * trying to write data.
1247 *
1248 * Returns: 0 if trying to read data, 1 if trying to write data.
1249 **/
1250 int
1252 {
1254 }
1256 /*-
1257 * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
1258 * @session: is a #gnutls_session_t structure.
1259 * @major: is the major version to use
1260 * @minor: is the minor version to use
1261 *
1262 * This function will set the given version number to be used at the
1263 * RSA PMS secret. This is only useful to clients, which want to
1264 * test server's capabilities.
1265 -*/
1266 void
1269 {
1272 }
1274 /**
1275 * gnutls_handshake_set_post_client_hello_function:
1276 * @session: is a #gnutls_session_t structure.
1277 * @func: is the function to be called
1278 *
1279 * This function will set a callback to be called after the client
1280 * hello has been received (callback valid in server side only). This
1281 * allows the server to adjust settings based on received extensions.
1282 *
1283 * Those settings could be ciphersuites, requesting certificate, or
1284 * anything else except for version negotiation (this is done before
1285 * the hello message is parsed).
1286 *
1287 * This callback must return 0 on success or a gnutls error code to
1288 * terminate the handshake.
1289 *
1290 * Warning: You should not use this function to terminate the
1291 * handshake based on client input unless you know what you are
1292 * doing. Before the handshake is finished there is no way to know if
1293 * there is a man-in-the-middle attack being performed.
1294 **/
1295 void
1297 gnutls_handshake_post_client_hello_func
1298 func)
1299 {
1301 }
1303 /**
1304 * gnutls_session_enable_compatibility_mode:
1305 * @session: is a #gnutls_session_t structure.
1306 *
1307 * This function can be used to disable certain (security) features in
1308 * TLS in order to maintain maximum compatibility with buggy
1309 * clients. Because several trade-offs with security are enabled,
1310 * if required they will be reported through the audit subsystem.
1311 *
1312 * Normally only servers that require maximum compatibility with
1313 * everything out there, need to call this function.
1314 **/
1315 void
1317 {
1319 }
1321 /**
1322 * gnutls_session_channel_binding:
1323 * @session: is a #gnutls_session_t structure.
1324 * @cbtype: an #gnutls_channel_binding_t enumeration type
1325 * @cb: output buffer array with data
1326 *
1327 * Extract given channel binding data of the @cbtype (e.g.,
1328 * %GNUTLS_CB_TLS_UNIQUE) type.
1329 *
1330 * Returns: %GNUTLS_E_SUCCESS on success,
1331 * %GNUTLS_E_UNIMPLEMENTED_FEATURE if the @cbtype is unsupported,
1332 * %GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE if the data is not
1333 * currently available, or an error code.
1334 *
1335 * Since: 2.12.0
1336 **/
1337 int
1339 gnutls_channel_binding_t cbtype,
1341 {
1356 }
1358 /**
1359 * gnutls_ecc_curve_get:
1360 * @session: is a #gnutls_session_t structure.
1361 *
1362 * Returns the currently used elliptic curve. Only valid
1363 * when using an elliptic curve ciphersuite.
1364 *
1365 * Returns: the currently used curve, a #gnutls_ecc_curve_t
1366 * type.
1367 *
1368 * Since: 3.0
1369 **/
1371 {
1373 }
1375 #undef gnutls_protocol_get_version
1376 /**
1377 * gnutls_protocol_get_version:
1378 * @session: is a #gnutls_session_t structure.
1379 *
1380 * Get TLS version, a #gnutls_protocol_t value.
1381 *
1382 * Returns: The version of the currently used protocol.
1383 **/
1384 gnutls_protocol_t
1386 {
1388 }
1390 /**
1391 * gnutls_session_get_random:
1392 * @session: is a #gnutls_session_t structure.
1393 * @client: the client part of the random
1394 * @server: the server part of the random
1395 *
1396 * This function returns pointers to the client and server
1397 * random fields used in the TLS handshake. The pointers are
1398 * not to be modified or deallocated.
1399 *
1400 * If a client random value has not yet been established, the output
1401 * will be garbage.
1402 *
1403 * Since: 3.0
1404 **/
1405 void
1406 gnutls_session_get_random (gnutls_session_t session, gnutls_datum_t* client, gnutls_datum_t* server)
1407 {
1409 {
1412 }
1415 {
1418 }
1419 }