libextra/ext_inner_application.c

   1 /*
   2  * Copyright (C) 2005, 2006, 2008, 2010 Free Software Foundation, Inc.
   3  *
   4  * Author: Simon Josefsson
   5  *
   6  * This file is part of GNUTLS-EXTRA.
   7  *
   8  * GNUTLS-EXTRA is free software: you can redistribute it and/or
   9  * modify it under the terms of the GNU General Public License as
  10  * published by the Free Software Foundation, either version 3 of the
  11  * License, or (at your option) any later version.
  12  *
  13  * GNUTLS-EXTRA is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program.  If not, see
  20  * <http://www.gnu.org/licenses/>.
  21  *
  22  */
  23
  24 #include "gnutls_int.h"
  25 #include "gnutls_auth.h"
  26 #include "gnutls_errors.h"
  27 #include "gnutls_num.h"
  28 #include "ext_inner_application.h"
  29 #include <gnutls/extra.h>
  30
  31 #define NO 0
  32 #define YES 1
  33
  34 int
  35 _gnutls_inner_application_recv_params (gnutls_session_t session,
  36                                        const opaque * data, size_t data_size)
  37 {
  38   tls_ext_st *ext = &session->security_parameters.extensions;
  39
  40   if (data_size != 1)
  41     {
  42       gnutls_assert ();
  43       return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
  44     }
  45
  46   ext->gnutls_ia_peer_enable = 1;
  47   ext->gnutls_ia_peer_allowskip = 0;
  48
  49   switch ((unsigned char) *data)
  50     {
  51     case NO:                    /* Peer's ia_on_resume == no */
  52       ext->gnutls_ia_peer_allowskip = 1;
  53       break;
  54
  55     case YES:
  56       break;
  57
  58     default:
  59       gnutls_assert ();
  60     }
  61
  62   return 0;
  63 }
  64
  65
  66 /* returns data_size or a negative number on failure
  67  */
  68 int
  69 _gnutls_inner_application_send_params (gnutls_session_t session,
  70                                        opaque * data, size_t data_size)
  71 {
  72   tls_ext_st *ext = &session->security_parameters.extensions;
  73
  74   /* Set ext->gnutls_ia_enable depending on whether we have a TLS/IA
  75      credential in the session. */
  76
  77   if (session->security_parameters.entity == GNUTLS_CLIENT)
  78     {
  79       gnutls_ia_client_credentials_t cred = (gnutls_ia_client_credentials_t)
  80         _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL);
  81
  82       if (cred)
  83         ext->gnutls_ia_enable = 1;
  84     }
  85   else
  86     {
  87       gnutls_ia_server_credentials_t cred = (gnutls_ia_server_credentials_t)
  88         _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL);
  89
  90       if (cred)
  91         ext->gnutls_ia_enable = 1;
  92     }
  93
  94   /* If we don't want gnutls_ia locally, or we are a server and the
  95    * client doesn't want it, don't advertise TLS/IA support at all, as
  96    * required. */
  97
  98   if (!ext->gnutls_ia_enable)
  99     return 0;
 100
 101   if (session->security_parameters.entity == GNUTLS_SERVER &&
 102       !ext->gnutls_ia_peer_enable)
 103     return 0;
 104
 105   /* We'll advertise. Check if there's room in the hello buffer. */
 106
 107   if (data_size < 1)
 108     {
 109       gnutls_assert ();
 110       return GNUTLS_E_SHORT_MEMORY_BUFFER;
 111     }
 112
 113   /* default: require new application phase */
 114
 115   *data = YES;
 116
 117   if (session->security_parameters.entity == GNUTLS_CLIENT)
 118     {
 119
 120       /* Client: value follows local setting */
 121
 122       if (ext->gnutls_ia_allowskip)
 123         *data = NO;
 124     }
 125   else
 126     {
 127
 128       /* Server: value follows local setting and client's setting, but only
 129        * if we are resuming.
 130        *
 131        * XXX Can server test for resumption at this stage?
 132        *
 133        * Ai! It seems that read_client_hello only calls parse_extensions if
 134        * we're NOT resuming! That would make us automatically violate the IA
 135        * draft; if we're resuming, we must first learn what the client wants
 136        * -- IA or no IA -- and then prepare our response. Right now we'll
 137        * always skip IA on resumption, because recv_ext isn't even called
 138        * to record the peer's support for IA at all. Simon? */
 139
 140       if (ext->gnutls_ia_allowskip &&
 141           ext->gnutls_ia_peer_allowskip &&
 142           session->internals.resumed == RESUME_TRUE)
 143         *data = NO;
 144     }
 145
 146   return 1;
 147 }