| blob | 3ecca89b5d1859642714e66b46f488a1939b544f |
1 /*
2 * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
25 /* Functions to manipulate the session (gnutls_int.h), and some other stuff
26 * are included here. The file's name is traditionally gnutls_state even if the
27 * state has been renamed to session.
28 */
30 #include <gnutls_int.h>
31 #include <gnutls_errors.h>
32 #include <gnutls_auth.h>
33 #include <gnutls_num.h>
34 #include <gnutls_datum.h>
35 #include <gnutls_db.h>
36 #include <gnutls_record.h>
37 #include <gnutls_handshake.h>
38 #include <gnutls_dh.h>
39 #include <gnutls_buffers.h>
40 #include <gnutls_state.h>
41 #include <auth_cert.h>
42 #include <auth_anon.h>
43 #include <auth_psk.h>
44 #include <gnutls_algorithms.h>
45 #include <gnutls_rsa_export.h>
47 /* These should really be static, but src/tests.c calls them. Make
48 them public functions? */
49 void
52 void
56 void
58 gnutls_certificate_type_t ct)
59 {
61 }
63 /**
64 * gnutls_cipher_get - Returns the currently used cipher.
65 * @session: is a #gnutls_session_t structure.
66 *
67 * Get currently used cipher.
68 *
69 * Returns: the currently used cipher, a #gnutls_cipher_algorithm_t
70 * type.
71 **/
72 gnutls_cipher_algorithm_t
74 {
76 }
78 /**
79 * gnutls_certificate_type_get - Returns the currently used certificate type.
80 * @session: is a #gnutls_session_t structure.
81 *
82 * The certificate type is by default X.509, unless it is negotiated
83 * as a TLS extension.
84 *
85 * Returns: the currently used #gnutls_certificate_type_t certificate
86 * type.
87 **/
88 gnutls_certificate_type_t
90 {
92 }
94 /**
95 * gnutls_kx_get - Returns the key exchange algorithm.
96 * @session: is a #gnutls_session_t structure.
97 *
98 * Get currently used key exchange algorithm.
99 *
100 * Returns: the key exchange algorithm used in the last handshake, a
101 * #gnutls_kx_algorithm_t value.
102 **/
103 gnutls_kx_algorithm_t
105 {
107 }
109 /**
110 * gnutls_mac_get - Returns the currently used mac algorithm.
111 * @session: is a #gnutls_session_t structure.
112 *
113 * Get currently used MAC algorithm.
114 *
115 * Returns: the currently used mac algorithm, a
116 * #gnutls_mac_algorithm_t value.
117 **/
118 gnutls_mac_algorithm_t
120 {
122 }
124 /**
125 * gnutls_compression_get - Returns the currently used compression algorithm.
126 * @session: is a #gnutls_session_t structure.
127 *
128 * Get currently used compression algorithm.
129 *
130 * Returns: the currently used compression method, a
131 * #gnutls_compression_method_t value.
132 **/
133 gnutls_compression_method_t
135 {
137 }
139 /* Check if the given certificate type is supported.
140 * This means that it is enabled by the priority functions,
141 * and a matching certificate exists.
142 */
143 int
145 gnutls_certificate_type_t cert_type)
146 {
149 gnutls_certificate_credentials_t cred;
152 {
160 {
162 {
164 {
167 }
168 }
171 /* no certificate is of that type.
172 */
174 }
175 }
182 {
184 {
186 }
187 }
190 }
193 /* this function deinitializes all the internal parameters stored
194 * in a session struct.
195 */
198 {
208 }
210 /* This function will clear all the variables in internals
211 * structure within the session, which depend on the current handshake.
212 * This is used to allow further handshakes.
213 */
214 static void
216 {
219 /* by default no selected certificate */
230 /* use out of band data for the last
231 * handshake messages received.
232 */
237 }
239 void
241 {
248 }
250 #define MIN_DH_BITS 727
251 /**
252 * gnutls_init - initialize the session to null (null encryption etc...).
253 * @con_end: indicate if this session is to be used for server or client.
254 * @session: is a pointer to a #gnutls_session_t structure.
255 *
256 * This function initializes the current session to null. Every
257 * session must be initialized before use, so internal structures can
258 * be allocated. This function allocates structures which can only
259 * be free'd by calling gnutls_deinit(). Returns zero on success.
260 *
261 * @con_end can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER.
262 *
263 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
264 **/
265 int
267 {
274 /* the default certificate type for TLS */
277 /* Set the defaults for initial handshake */
280 GNUTLS_CIPHER_NULL;
286 GNUTLS_COMP_NULL;
288 GNUTLS_COMP_NULL;
292 /* Initialize buffers */
306 {
307 cleanup_session:
311 }
320 MAX_HANDSHAKE_PACKET_SIZE);
322 /* Allocate a minimum size for recv_data
323 * This is allocated in order to avoid small messages, making
324 * the receive procedure slow.
325 */
327 INITIAL_RECV_BUFFER_SIZE))
328 {
331 }
333 /* set the socket pointers to -1;
334 */
338 /* set the default maximum record size for TLS
339 */
341 DEFAULT_MAX_RECORD_SIZE;
343 DEFAULT_MAX_RECORD_SIZE;
345 /* everything else not initialized here is initialized
346 * as NULL or 0. This is why calloc is used.
347 */
352 }
354 /* returns RESUME_FALSE or RESUME_TRUE.
355 */
356 int
358 {
360 }
363 /**
364 * gnutls_deinit - clear all buffers associated with a session
365 * @session: is a #gnutls_session_t structure.
366 *
367 * This function clears all buffers associated with the @session.
368 * This function will also remove session data from the session
369 * database if the session was terminated abnormally.
370 **/
371 void
373 {
378 /* remove auth info firstly */
414 {
427 /* RSA */
435 }
440 {
444 }
448 session_ticket);
452 }
454 /* Returns the minimum prime bits that are acceptable.
455 */
456 int
458 {
460 }
462 int
464 {
469 {
471 {
472 anon_auth_info_t info;
479 }
481 {
482 psk_auth_info_t info;
489 }
491 {
492 cert_auth_info_t info;
500 }
504 }
511 {
514 }
517 }
519 int
521 {
523 {
525 {
526 anon_auth_info_t info;
532 }
534 {
535 psk_auth_info_t info;
541 }
543 {
544 cert_auth_info_t info;
555 }
556 }
559 }
561 /* This function will set in the auth info structure the
562 * RSA exponent and the modulus.
563 */
564 int
567 {
568 cert_auth_info_t info;
583 {
586 }
590 {
594 }
597 }
600 /* Sets the prime and the generator in the auth info structure.
601 */
602 int
604 {
609 {
611 {
612 anon_auth_info_t info;
619 }
621 {
622 psk_auth_info_t info;
629 }
631 {
632 cert_auth_info_t info;
640 }
644 }
652 /* prime
653 */
656 {
659 }
661 /* generator
662 */
665 {
669 }
672 }
674 #ifdef ENABLE_OPENPGP
675 /**
676 * gnutls_openpgp_send_cert - order gnutls to send the openpgp fingerprint instead of the key
677 * @session: is a pointer to a #gnutls_session_t structure.
678 * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT
679 *
680 * This function will order gnutls to send the key fingerprint
681 * instead of the key in the initial handshake procedure. This should
682 * be used with care and only when there is indication or knowledge
683 * that the server can obtain the client's key.
684 **/
685 void
687 gnutls_openpgp_crt_status_t status)
688 {
690 }
691 #endif
693 /**
694 * gnutls_certificate_send_x509_rdn_sequence - order gnutls to send or not the x.509 rdn sequence
695 * @session: is a pointer to a #gnutls_session_t structure.
696 * @status: is 0 or 1
697 *
698 * If status is non zero, this function will order gnutls not to send
699 * the rdnSequence in the certificate request message. That is the
700 * server will not advertize it's trusted CAs to the peer. If status
701 * is zero then the default behaviour will take effect, which is to
702 * advertize the server's trusted CAs.
703 *
704 * This function has no effect in clients, and in authentication
705 * methods other than certificate with X.509 certificates.
706 **/
707 void
710 {
712 }
714 #ifdef ENABLE_OPENPGP
715 int
717 {
719 }
720 #endif
722 /*-
723 * _gnutls_record_set_default_version - Used to set the default version for the first record packet
724 * @session: is a #gnutls_session_t structure.
725 * @major: is a tls major version
726 * @minor: is a tls minor version
727 *
728 * This function sets the default version that we will use in the first
729 * record packet (client hello). This function is only useful to people
730 * that know TLS internals and want to debug other implementations.
731 *
732 -*/
733 void
736 {
739 }
741 /**
742 * gnutls_handshake_set_private_extensions - Used to enable the private cipher suites
743 * @session: is a #gnutls_session_t structure.
744 * @allow: is an integer (0 or 1)
745 *
746 * This function will enable or disable the use of private cipher
747 * suites (the ones that start with 0xFF). By default or if @allow
748 * is 0 then these cipher suites will not be advertized nor used.
749 *
750 * Unless this function is called with the option to allow (1), then
751 * no compression algorithms, like LZO. That is because these
752 * algorithms are not yet defined in any RFC or even internet draft.
753 *
754 * Enabling the private ciphersuites when talking to other than
755 * gnutls servers and clients may cause interoperability problems.
756 **/
757 void
759 {
761 }
767 {
768 digest_hd_st td1;
773 {
776 }
782 }
784 #define MAX_SEED_SIZE 200
786 /* Produces "total_bytes" bytes using the hash algorithm specified.
787 * (used in the PRF function)
788 */
789 static int
794 {
796 digest_hd_st td2;
802 {
805 }
810 do
811 {
813 }
816 /* calculate A(0) */
824 {
827 {
830 }
832 /* here we calculate A(i+1) */
836 {
840 }
849 {
851 }
852 else
853 {
855 }
858 {
860 }
861 }
864 }
866 /* Xor's two buffers and puts the output in the first one.
867 */
870 {
873 {
875 }
876 }
880 #define MAX_PRF_BYTES 200
882 /* The PRF function expands a given secret
883 * needed by the TLS specification. ret must have a least total_bytes
884 * available.
885 */
886 int
891 {
900 {
903 }
904 /* label+seed = s_seed */
908 {
911 }
917 {
918 result =
922 {
925 }
926 }
927 else
928 {
935 {
936 l_s++;
937 }
939 result =
943 {
946 }
948 result =
952 {
955 }
960 }
964 }
966 /**
967 * gnutls_prf_raw - access the TLS PRF directly
968 * @session: is a #gnutls_session_t structure.
969 * @label_size: length of the @label variable.
970 * @label: label used in PRF computation, typically a short string.
971 * @seed_size: length of the @seed variable.
972 * @seed: optional extra data to seed the PRF with.
973 * @outsize: size of pre-allocated output buffer to hold the output.
974 * @out: pre-allocate buffer to hold the generated data.
975 *
976 * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
977 * on some data.
978 *
979 * The @label variable usually contain a string denoting the purpose
980 * for the generated data. The @seed usually contain data such as the
981 * client and server random, perhaps together with some additional
982 * data that is added to guarantee uniqueness of the output for a
983 * particular purpose.
984 *
985 * Because the output is not guaranteed to be unique for a particular
986 * session unless @seed include the client random and server random
987 * fields (the PRF would output the same data on another connection
988 * resumed from the first one), it is not recommended to use this
989 * function directly. The gnutls_prf() function seed the PRF with the
990 * client and server random fields directly, and is recommended if you
991 * want to generate pseudo random data unique for each session.
992 *
993 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
994 **/
995 int
1000 {
1005 GNUTLS_MASTER_SIZE,
1006 label,
1010 }
1012 /**
1013 * gnutls_prf - derive pseudo-random data using the TLS PRF
1014 * @session: is a #gnutls_session_t structure.
1015 * @label_size: length of the @label variable.
1016 * @label: label used in PRF computation, typically a short string.
1017 * @server_random_first: non-0 if server random field should be first in seed
1018 * @extra_size: length of the @extra variable.
1019 * @extra: optional extra data to seed the PRF with.
1020 * @outsize: size of pre-allocated output buffer to hold the output.
1021 * @out: pre-allocate buffer to hold the generated data.
1022 *
1023 * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
1024 * on some data, seeded with the client and server random fields.
1025 *
1026 * The @label variable usually contain a string denoting the purpose
1027 * for the generated data. The @server_random_first indicate whether
1028 * the client random field or the server random field should be first
1029 * in the seed. Non-0 indicate that the server random field is first,
1030 * 0 that the client random field is first.
1031 *
1032 * The @extra variable can be used to add more data to the seed, after
1033 * the random variables. It can be used to tie make sure the
1034 * generated output is strongly connected to some additional data
1035 * (e.g., a string used in user authentication).
1036 *
1037 * The output is placed in *@OUT, which must be pre-allocated.
1038 *
1039 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1040 **/
1041 int
1047 {
1054 {
1057 }
1069 GNUTLS_MASTER_SIZE,
1075 }
1077 /**
1078 * gnutls_session_get_client_random - get the session's client random value
1079 * @session: is a #gnutls_session_t structure.
1080 *
1081 * Return a pointer to the 32-byte client random field used in the
1082 * session. The pointer must not be modified or deallocated.
1083 *
1084 * If a client random value has not yet been established, the output
1085 * will be garbage; in particular, a %NULL return value should not be
1086 * expected.
1087 *
1088 * Returns: pointer to client random data.
1089 **/
1092 {
1094 }
1096 /**
1097 * gnutls_session_get_server_random - get the session's server random value
1098 * @session: is a #gnutls_session_t structure.
1099 *
1100 * Return a pointer to the 32-byte server random field used in the
1101 * session. The pointer must not be modified or deallocated.
1102 *
1103 * If a server random value has not yet been established, the output
1104 * will be garbage; in particular, a %NULL return value should not be
1105 * expected.
1106 *
1107 * Returns: pointer to server random data.
1108 **/
1111 {
1113 }
1115 /**
1116 * gnutls_session_get_master_secret - get the session's master secret value
1117 * @session: is a #gnutls_session_t structure.
1118 *
1119 * Return a pointer to the 48-byte master secret in the session. The
1120 * pointer must not be modified or deallocated.
1121 *
1122 * If a master secret value has not yet been established, the output
1123 * will be garbage; in particular, a %NULL return value should not be
1124 * expected.
1125 *
1126 * Consider using gnutls_prf() rather than extracting the master
1127 * secret and use it to derive further data.
1128 *
1129 * Returns: pointer to master secret data.
1130 **/
1133 {
1135 }
1137 /**
1138 * gnutls_session_set_finished_function:
1139 * @session: is a #gnutls_session_t structure.
1140 * @func: a #gnutls_finished_callback_func callback.
1141 *
1142 * Register a callback function for the session that will be called
1143 * when a TLS Finished message has been generated. The function is
1144 * typically used to copy away the TLS finished message for later use
1145 * as a channel binding or similar purpose.
1146 *
1147 * The callback should follow this prototype:
1148 *
1149 * void callback (gnutls_session_t @session, const void *@finished, size_t @len);
1150 *
1151 * The @finished parameter will contain the binary TLS finished
1152 * message, and @len will contains its length. For SSLv3 connections,
1153 * the @len parameter will be 36 and for TLS connections it will be
1154 * 12.
1155 *
1156 * It is recommended that the function returns quickly in order to not
1157 * delay the handshake. Use the function to store a copy of the TLS
1158 * finished message for later use.
1159 *
1160 * Since: 2.6.0
1161 **/
1162 void
1164 gnutls_finished_callback_func func)
1165 {
1167 }
1169 /**
1170 * gnutls_session_is_resumed - check whether this session is a resumed one
1171 * @session: is a #gnutls_session_t structure.
1172 *
1173 * Check whether session is resumed or not.
1174 *
1175 * Returns: non zero if this session is resumed, or a zero if this is
1176 * a new session.
1177 **/
1178 int
1180 {
1182 {
1188 session_id,
1191 }
1192 else
1193 {
1196 }
1199 }
1201 /*-
1202 * _gnutls_session_is_export - Used to check whether this session is of export grade
1203 * @session: is a #gnutls_session_t structure.
1204 *
1205 * This function will return non zero if this session is of export grade.
1206 *
1207 -*/
1208 int
1210 {
1211 gnutls_cipher_algorithm_t cipher;
1213 cipher =
1215 current_cipher_suite);
1221 }
1223 /*-
1224 * _gnutls_session_is_psk - Used to check whether this session uses PSK kx
1225 * @session: is a #gnutls_session_t structure.
1226 *
1227 * This function will return non zero if this session uses a PSK key
1228 * exchange algorithm.
1229 *
1230 -*/
1231 int
1233 {
1234 gnutls_kx_algorithm_t kx;
1236 kx =
1238 current_cipher_suite);
1243 }
1245 /**
1246 * gnutls_session_get_ptr - Get the user pointer from the session structure
1247 * @session: is a #gnutls_session_t structure.
1248 *
1249 * Get user pointer for session. Useful in callbacks. This is the
1250 * pointer set with gnutls_session_set_ptr().
1251 *
1252 * Returns: the user given pointer from the session structure, or
1253 * %NULL if it was never set.
1254 **/
1257 {
1259 }
1261 /**
1262 * gnutls_session_set_ptr - Used to set the user pointer to the session structure
1263 * @session: is a #gnutls_session_t structure.
1264 * @ptr: is the user pointer
1265 *
1266 * This function will set (associate) the user given pointer @ptr to
1267 * the session structure. This is pointer can be accessed with
1268 * gnutls_session_get_ptr().
1269 **/
1270 void
1272 {
1274 }
1277 /**
1278 * gnutls_record_get_direction - return the direction of the last interrupted function call
1279 * @session: is a #gnutls_session_t structure.
1280 *
1281 * This function provides information about the internals of the
1282 * record protocol and is only useful if a prior gnutls function call
1283 * (e.g. gnutls_handshake()) was interrupted for some reason, that
1284 * is, if a function returned %GNUTLS_E_INTERRUPTED or
1285 * %GNUTLS_E_AGAIN. In such a case, you might want to call select()
1286 * or poll() before calling the interrupted gnutls function again. To
1287 * tell you whether a file descriptor should be selected for either
1288 * reading or writing, gnutls_record_get_direction() returns 0 if the
1289 * interrupted function was trying to read data, and 1 if it was
1290 * trying to write data.
1291 *
1292 * Returns: 0 if trying to read data, 1 if trying to write data.
1293 **/
1294 int
1296 {
1298 }
1300 /*-
1301 * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
1302 * @session: is a #gnutls_session_t structure.
1303 * @major: is the major version to use
1304 * @minor: is the minor version to use
1305 *
1306 * This function will set the given version number to be used at the
1307 * RSA PMS secret. This is only useful to clients, which want to
1308 * test server's capabilities.
1309 *
1310 -*/
1311 void
1314 {
1317 }
1319 /**
1320 * gnutls_handshake_set_post_client_hello_function - set callback to be called after the client hello is received
1321 * @session: is a #gnutls_session_t structure.
1322 * @func: is the function to be called
1323 *
1324 * This function will set a callback to be called after the client
1325 * hello has been received (callback valid in server side only). This
1326 * allows the server to adjust settings based on received extensions.
1327 *
1328 * Those settings could be ciphersuites, requesting certificate, or
1329 * anything else except for version negotiation (this is done before
1330 * the hello message is parsed).
1331 *
1332 * This callback must return 0 on success or a gnutls error code to
1333 * terminate the handshake.
1334 *
1335 * Warning: You should not use this function to terminate the
1336 * handshake based on client input unless you know what you are
1337 * doing. Before the handshake is finished there is no way to know if
1338 * there is a man-in-the-middle attack being performed.
1339 **/
1340 void
1342 gnutls_handshake_post_client_hello_func func)
1343 {
1345 }
1347 /**
1348 * gnutls_session_enable_compatibility_mode - disable certain features in TLS in order to honour compatibility
1349 * @session: is a #gnutls_session_t structure.
1350 *
1351 * This function can be used to disable certain (security) features in
1352 * TLS in order to maintain maximum compatibility with buggy
1353 * clients. It is equivalent to calling:
1354 * gnutls_record_disable_padding()
1355 *
1356 * Normally only servers that require maximum compatibility with
1357 * everything out there, need to call this function.
1358 **/
1359 void
1361 {
1363 }