| blob | 28dcadea8866e6cbe2430fb4201fcf0d78295545 |
1 /*
2 * Copyright (C) 2001-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
23 /* This file contains certificate authentication functions to be exported in the
24 * API which did not fit elsewhere.
25 */
27 #include <gnutls_int.h>
28 #include <auth/srp.h>
29 #include <auth/anon.h>
30 #include <auth/cert.h>
31 #include <auth/psk.h>
32 #include <gnutls_errors.h>
33 #include <gnutls_auth.h>
34 #include <gnutls_state.h>
35 #include <gnutls_datum.h>
36 #include <extras/randomart.h>
38 /**
39 * gnutls_random_art:
40 * @type: The type of the random art
41 * @key_type: The type of the key (RSA, DSA etc.)
42 * @key_size: The size of the key in bits
43 * @fpr: The fingerprint of the key
44 * @fpr_size: The size of the fingerprint
45 * @art: The returned random art
46 *
47 * This function will convert a given fingerprint to an "artistic"
48 * image. The returned image is allocated using gnutls_malloc()
49 *
50 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
51 * an error code is returned.
52 *
53 **/
58 {
69 }
71 /* ANON & DHE */
73 /**
74 * gnutls_dh_set_prime_bits:
75 * @session: is a #gnutls_session_t structure.
76 * @bits: is the number of bits
77 *
78 * This function sets the number of bits, for use in a Diffie-Hellman
79 * key exchange. This is used both in DH ephemeral and DH anonymous
80 * cipher suites. This will set the minimum size of the prime that
81 * will be used for the handshake.
82 *
83 * In the client side it sets the minimum accepted number of bits. If
84 * a server sends a prime with less bits than that
85 * %GNUTLS_E_DH_PRIME_UNACCEPTABLE will be returned by the handshake.
86 *
87 * This function has no effect in server side.
88 *
89 **/
90 void
92 {
94 }
97 /**
98 * gnutls_dh_get_group:
99 * @session: is a gnutls session
100 * @raw_gen: will hold the generator.
101 * @raw_prime: will hold the prime.
102 *
103 * This function will return the group parameters used in the last
104 * Diffie-Hellman key exchange with the peer. These are the prime and
105 * the generator used. This function should be used for both
106 * anonymous and ephemeral Diffie-Hellman. The output parameters must
107 * be freed with gnutls_free().
108 *
109 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
110 * an error code is returned.
111 **/
112 int
115 {
118 anon_auth_info_t anon_info;
119 cert_auth_info_t cert_info;
120 psk_auth_info_t psk_info;
123 {
145 }
149 {
152 }
156 {
160 }
163 }
165 /**
166 * gnutls_dh_get_pubkey:
167 * @session: is a gnutls session
168 * @raw_key: will hold the public key.
169 *
170 * This function will return the peer's public key used in the last
171 * Diffie-Hellman key exchange. This function should be used for both
172 * anonymous and ephemeral Diffie-Hellman. The output parameters must
173 * be freed with gnutls_free().
174 *
175 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
176 * an error code is returned.
177 **/
178 int
180 {
182 anon_auth_info_t anon_info;
183 cert_auth_info_t cert_info;
184 cert_auth_info_t psk_info;
187 {
189 {
195 }
197 {
203 }
205 {
212 }
216 }
220 }
222 /**
223 * gnutls_rsa_export_get_pubkey:
224 * @session: is a gnutls session
225 * @exponent: will hold the exponent.
226 * @modulus: will hold the modulus.
227 *
228 * This function will return the peer's public key exponent and
229 * modulus used in the last RSA-EXPORT authentication. The output
230 * parameters must be freed with gnutls_free().
231 *
232 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
233 * an error code is returned.
234 **/
235 int
239 {
240 cert_auth_info_t info;
244 {
252 {
255 }
260 {
264 }
267 }
270 }
273 /**
274 * gnutls_dh_get_secret_bits:
275 * @session: is a gnutls session
276 *
277 * This function will return the bits used in the last Diffie-Hellman
278 * key exchange with the peer. Should be used for both anonymous and
279 * ephemeral Diffie-Hellman.
280 *
281 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
282 * an error code is returned.
283 **/
284 int
286 {
288 {
290 {
291 anon_auth_info_t info;
297 }
299 {
300 psk_auth_info_t info;
306 }
308 {
309 cert_auth_info_t info;
316 }
320 }
321 }
323 static int
325 {
326 bigint_t mpi;
331 {
334 }
340 }
342 /**
343 * gnutls_dh_get_prime_bits:
344 * @session: is a gnutls session
345 *
346 * This function will return the bits of the prime used in the last
347 * Diffie-Hellman key exchange with the peer. Should be used for both
348 * anonymous and ephemeral Diffie-Hellman. Note that some ciphers,
349 * like RSA and DSA without DHE, do not use a Diffie-Hellman key
350 * exchange, and then this function will return 0.
351 *
352 * Returns: The Diffie-Hellman bit strength is returned, or 0 if no
353 * Diffie-Hellman key exchange was done, or a negative error code on
354 * failure.
355 **/
356 int
358 {
362 {
364 {
365 anon_auth_info_t info;
372 }
374 {
375 psk_auth_info_t info;
382 }
384 {
385 cert_auth_info_t info;
393 }
397 }
400 }
402 /**
403 * gnutls_rsa_export_get_modulus_bits:
404 * @session: is a gnutls session
405 *
406 * Get the export RSA parameter's modulus size.
407 *
408 * Returns: The bits used in the last RSA-EXPORT key exchange with the
409 * peer, or a negative error code in case of error.
410 **/
411 int
413 {
414 cert_auth_info_t info;
421 }
423 /**
424 * gnutls_dh_get_peers_public_bits:
425 * @session: is a gnutls session
426 *
427 * Get the Diffie-Hellman public key bit size. Can be used for both
428 * anonymous and ephemeral Diffie-Hellman.
429 *
430 * Returns: The public key bit size used in the last Diffie-Hellman
431 * key exchange with the peer, or a negative error code in case of error.
432 **/
433 int
435 {
439 {
441 {
442 anon_auth_info_t info;
450 }
452 {
453 psk_auth_info_t info;
461 }
463 {
464 cert_auth_info_t info;
472 }
476 }
479 }
481 /* CERTIFICATE STUFF */
483 /**
484 * gnutls_certificate_get_ours:
485 * @session: is a gnutls session
486 *
487 * Gets the certificate as sent to the peer in the last handshake.
488 * The certificate is in raw (DER) format. No certificate
489 * list is being returned. Only the first certificate.
490 *
491 * Returns: a pointer to a #gnutls_datum_t containing our
492 * certificates, or %NULL in case of an error or if no certificate
493 * was used.
494 **/
497 {
498 gnutls_certificate_credentials_t cred;
505 {
508 }
514 }
516 /**
517 * gnutls_certificate_get_peers:
518 * @session: is a gnutls session
519 * @list_size: is the length of the certificate list
520 *
521 * Get the peer's raw certificate (chain) as sent by the peer. These
522 * certificates are in raw format (DER encoded for X.509). In case of
523 * a X.509 then a certificate list may be present. The first
524 * certificate in the list is the peer's certificate, following the
525 * issuer's certificate, then the issuer's issuer etc.
526 *
527 * In case of OpenPGP keys a single key will be returned in raw
528 * format.
529 *
530 * Returns: a pointer to a #gnutls_datum_t containing our
531 * certificates, or %NULL in case of an error or if no certificate
532 * was used.
533 **/
537 {
538 cert_auth_info_t info;
548 }
551 /**
552 * gnutls_certificate_client_get_request_status:
553 * @session: is a gnutls session
554 *
555 * Get whether client certificate is requested or not.
556 *
557 * Returns: 0 if the peer (server) did not request client
558 * authentication or 1 otherwise, or a negative error code in case of
559 * error.
560 **/
561 int
563 {
565 }
567 /**
568 * gnutls_fingerprint:
569 * @algo: is a digest algorithm
570 * @data: is the data
571 * @result: is the place where the result will be copied (may be null).
572 * @result_size: should hold the size of the result. The actual size
573 * of the returned result will also be copied there.
574 *
575 * This function will calculate a fingerprint (actually a hash), of
576 * the given data. The result is not printable data. You should
577 * convert it to hex, or to something else printable.
578 *
579 * This is the usual way to calculate a fingerprint of an X.509 DER
580 * encoded certificate. Note however that the fingerprint of an
581 * OpenPGP is not just a hash and cannot be calculated with this
582 * function.
583 *
584 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
585 * an error code is returned.
586 **/
587 int
591 {
596 {
599 }
603 {
607 }
610 }
613 /**
614 * gnutls_certificate_set_dh_params:
615 * @res: is a gnutls_certificate_credentials_t structure
616 * @dh_params: is a structure that holds Diffie-Hellman parameters.
617 *
618 * This function will set the Diffie-Hellman parameters for a
619 * certificate server to use. These parameters will be used in
620 * Ephemeral Diffie-Hellman cipher suites. Note that only a pointer
621 * to the parameters are stored in the certificate handle, so if you
622 * deallocate the parameters before the certificate is deallocated,
623 * you must change the parameters stored in the certificate first.
624 *
625 **/
626 void
628 gnutls_dh_params_t dh_params)
629 {
631 }
633 /**
634 * gnutls_certificate_set_params_function:
635 * @res: is a gnutls_certificate_credentials_t structure
636 * @func: is the function to be called
637 *
638 * This function will set a callback in order for the server to get
639 * the Diffie-Hellman or RSA parameters for certificate
640 * authentication. The callback should return %GNUTLS_E_SUCCESS (0) on success.
641 **/
642 void
645 {
647 }
650 /**
651 * gnutls_certificate_set_verify_flags:
652 * @res: is a gnutls_certificate_credentials_t structure
653 * @flags: are the flags
654 *
655 * This function will set the flags to be used at verification of the
656 * certificates. Flags must be OR of the
657 * #gnutls_certificate_verify_flags enumerations.
658 *
659 **/
660 void
663 {
665 }
667 /**
668 * gnutls_certificate_set_verify_limits:
669 * @res: is a gnutls_certificate_credentials structure
670 * @max_bits: is the number of bits of an acceptable certificate (default 8200)
671 * @max_depth: is maximum depth of the verification of a certificate chain (default 5)
672 *
673 * This function will set some upper limits for the default
674 * verification function, gnutls_certificate_verify_peers2(), to avoid
675 * denial of service attacks. You can set them to zero to disable
676 * limits.
677 **/
678 void
682 {
685 }
687 /**
688 * gnutls_certificate_set_rsa_export_params:
689 * @res: is a gnutls_certificate_credentials_t structure
690 * @rsa_params: is a structure that holds temporary RSA parameters.
691 *
692 * This function will set the temporary RSA parameters for a
693 * certificate server to use. These parameters will be used in
694 * RSA-EXPORT cipher suites.
695 **/
696 void
699 {
701 }
703 /**
704 * gnutls_psk_set_params_function:
705 * @res: is a gnutls_psk_server_credentials_t structure
706 * @func: is the function to be called
707 *
708 * This function will set a callback in order for the server to get
709 * the Diffie-Hellman or RSA parameters for PSK authentication. The
710 * callback should return %GNUTLS_E_SUCCESS (0) on success.
711 **/
712 void
715 {
717 }
719 /**
720 * gnutls_anon_set_params_function:
721 * @res: is a gnutls_anon_server_credentials_t structure
722 * @func: is the function to be called
723 *
724 * This function will set a callback in order for the server to get
725 * the Diffie-Hellman or RSA parameters for anonymous authentication.
726 * The callback should return %GNUTLS_E_SUCCESS (0) on success.
727 **/
728 void
731 {
733 }