| blob | 26d0ed9cd0a5f7c97fba3f3daaf4d021aa8e5dd9 |
1 /*
2 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
23 /* Functions to manipulate the session (gnutls_int.h), and some other stuff
24 * are included here. The file's name is traditionally gnutls_state even if the
25 * state has been renamed to session.
26 */
28 #include <gnutls_int.h>
29 #include <gnutls_errors.h>
30 #include <gnutls_auth.h>
31 #include <gnutls_num.h>
32 #include <gnutls_datum.h>
33 #include <gnutls_db.h>
34 #include <gnutls_record.h>
35 #include <gnutls_handshake.h>
36 #include <gnutls_dh.h>
37 #include <gnutls_buffers.h>
38 #include <gnutls_mbuffers.h>
39 #include <gnutls_state.h>
40 #include <gnutls_constate.h>
41 #include <auth/cert.h>
42 #include <auth/anon.h>
43 #include <auth/psk.h>
44 #include <algorithms.h>
45 #include <gnutls_rsa_export.h>
46 #include <gnutls_extensions.h>
47 #include <system.h>
48 #include <gnutls/dtls.h>
49 #include <timespec.h>
51 /* These should really be static, but src/tests.c calls them. Make
52 them public functions? */
53 void
57 void
59 gnutls_certificate_type_t ct)
60 {
64 }
66 void
68 gnutls_ecc_curve_t c)
69 {
70 _gnutls_handshake_log("HSK[%p]: Selected ECC curve %s (%d)\n", session, gnutls_ecc_curve_get_name(c), c);
72 }
74 /**
75 * gnutls_cipher_get:
76 * @session: is a #gnutls_session_t structure.
77 *
78 * Get currently used cipher.
79 *
80 * Returns: the currently used cipher, a #gnutls_cipher_algorithm_t
81 * type.
82 **/
83 gnutls_cipher_algorithm_t
85 {
94 }
96 /**
97 * gnutls_certificate_type_get:
98 * @session: is a #gnutls_session_t structure.
99 *
100 * The certificate type is by default X.509, unless it is negotiated
101 * as a TLS extension.
102 *
103 * Returns: the currently used #gnutls_certificate_type_t certificate
104 * type.
105 **/
106 gnutls_certificate_type_t
108 {
110 }
112 /**
113 * gnutls_kx_get:
114 * @session: is a #gnutls_session_t structure.
115 *
116 * Get currently used key exchange algorithm.
117 *
118 * Returns: the key exchange algorithm used in the last handshake, a
119 * #gnutls_kx_algorithm_t value.
120 **/
121 gnutls_kx_algorithm_t
123 {
125 }
127 /**
128 * gnutls_mac_get:
129 * @session: is a #gnutls_session_t structure.
130 *
131 * Get currently used MAC algorithm.
132 *
133 * Returns: the currently used mac algorithm, a
134 * #gnutls_mac_algorithm_t value.
135 **/
136 gnutls_mac_algorithm_t
138 {
147 }
149 /**
150 * gnutls_compression_get:
151 * @session: is a #gnutls_session_t structure.
152 *
153 * Get currently used compression algorithm.
154 *
155 * Returns: the currently used compression method, a
156 * #gnutls_compression_method_t value.
157 **/
158 gnutls_compression_method_t
160 {
169 }
171 /* Check if the given certificate type is supported.
172 * This means that it is enabled by the priority functions,
173 * and a matching certificate exists.
174 */
175 int
177 gnutls_certificate_type_t cert_type)
178 {
181 gnutls_certificate_credentials_t cred;
184 {
193 {
195 {
197 {
200 }
201 }
204 /* no certificate is of that type.
205 */
207 }
208 }
215 {
217 {
219 }
220 }
223 }
226 /* this function deinitializes all the internal parameters stored
227 * in a session struct.
228 */
231 {
241 }
243 /* This function will clear all the variables in internals
244 * structure within the session, which depend on the current handshake.
245 * This is used to allow further handshakes.
246 */
247 static void
249 {
252 /* by default no selected certificate */
257 /* use out of band data for the last
258 * handshake messages received.
259 */
268 }
270 void
272 {
280 }
282 #define MIN_DH_BITS 727
283 /**
284 * gnutls_init:
285 * @session: is a pointer to a #gnutls_session_t structure.
286 * @flags: indicate if this session is to be used for server or client.
287 *
288 * This function initializes the current session to null. Every
289 * session must be initialized before use, so internal structures can
290 * be allocated. This function allocates structures which can only
291 * be free'd by calling gnutls_deinit(). Returns %GNUTLS_E_SUCCESS (0) on success.
292 *
293 * @flags can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER. For a DTLS
294 * entity, the flags %GNUTLS_DATAGRAM and %GNUTLS_NONBLOCK are
295 * also available. The latter flag will enable a non-blocking
296 * operation of the DTLS timers. The flag %GNUTLS_STATELESS_COMPRESSION
297 * would disable keeping state across records when compressing.
298 *
299 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
300 **/
301 int
303 {
313 {
316 }
318 /* Set all NULL algos on epoch 0 */
325 /* the default certificate type for TLS */
328 /* Initialize buffers */
341 {
345 }
352 MAX_HANDSHAKE_PACKET_SIZE);
354 /* set the socket pointers to -1;
355 */
359 /* set the default maximum record size for TLS
360 */
362 DEFAULT_MAX_RECORD_SIZE;
364 DEFAULT_MAX_RECORD_SIZE;
366 /* everything else not initialized here is initialized
367 * as NULL or 0. This is why calloc is used.
368 */
372 /* emulate old gnutls behavior for old applications that do not use the priority_*
373 * functions.
374 */
377 #ifdef HAVE_WRITEV
379 #else
381 #endif
387 {
393 }
394 else
402 else
406 }
408 /* returns RESUME_FALSE or RESUME_TRUE.
409 */
410 int
412 {
414 }
417 /**
418 * gnutls_deinit:
419 * @session: is a #gnutls_session_t structure.
420 *
421 * This function clears all buffers associated with the @session.
422 * This function will also remove session data from the session
423 * database if the session was terminated abnormally.
424 **/
425 void
427 {
433 /* remove auth info firstly */
442 {
445 }
458 {
475 /* RSA */
483 }
487 }
489 /* Returns the minimum prime bits that are acceptable.
490 */
491 int
493 {
495 }
497 int
499 {
504 {
506 {
507 anon_auth_info_t info;
514 }
516 {
517 psk_auth_info_t info;
524 }
526 {
527 cert_auth_info_t info;
535 }
539 }
546 {
549 }
552 }
554 int
556 {
558 {
560 {
561 anon_auth_info_t info;
567 }
569 {
570 psk_auth_info_t info;
576 }
578 {
579 cert_auth_info_t info;
590 }
591 }
594 }
596 /* This function will set in the auth info structure the
597 * RSA exponent and the modulus.
598 */
599 int
602 {
603 cert_auth_info_t info;
618 {
621 }
625 {
629 }
632 }
635 /* Sets the prime and the generator in the auth info structure.
636 */
637 int
639 {
644 {
646 {
647 anon_auth_info_t info;
654 }
656 {
657 psk_auth_info_t info;
664 }
666 {
667 cert_auth_info_t info;
675 }
679 }
687 /* prime
688 */
691 {
694 }
696 /* generator
697 */
700 {
704 }
707 }
709 #ifdef ENABLE_OPENPGP
710 /**
711 * gnutls_openpgp_send_cert:
712 * @session: is a pointer to a #gnutls_session_t structure.
713 * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT
714 *
715 * This function will order gnutls to send the key fingerprint
716 * instead of the key in the initial handshake procedure. This should
717 * be used with care and only when there is indication or knowledge
718 * that the server can obtain the client's key.
719 **/
720 void
722 gnutls_openpgp_crt_status_t status)
723 {
725 }
726 #endif
728 /**
729 * gnutls_certificate_send_x509_rdn_sequence:
730 * @session: is a pointer to a #gnutls_session_t structure.
731 * @status: is 0 or 1
732 *
733 * If status is non zero, this function will order gnutls not to send
734 * the rdnSequence in the certificate request message. That is the
735 * server will not advertise its trusted CAs to the peer. If status
736 * is zero then the default behaviour will take effect, which is to
737 * advertise the server's trusted CAs.
738 *
739 * This function has no effect in clients, and in authentication
740 * methods other than certificate with X.509 certificates.
741 **/
742 void
745 {
747 }
749 #ifdef ENABLE_OPENPGP
750 int
752 {
754 }
755 #endif
757 /*-
758 * _gnutls_record_set_default_version - Used to set the default version for the first record packet
759 * @session: is a #gnutls_session_t structure.
760 * @major: is a tls major version
761 * @minor: is a tls minor version
762 *
763 * This function sets the default version that we will use in the first
764 * record packet (client hello). This function is only useful to people
765 * that know TLS internals and want to debug other implementations.
766 -*/
767 void
770 {
773 }
775 /**
776 * gnutls_handshake_set_private_extensions:
777 * @session: is a #gnutls_session_t structure.
778 * @allow: is an integer (0 or 1)
779 *
780 * This function will enable or disable the use of private cipher
781 * suites (the ones that start with 0xFF). By default or if @allow
782 * is 0 then these cipher suites will not be advertized nor used.
783 *
784 * Currently GnuTLS does not include such cipher-suites or
785 * compression algorithms.
786 *
787 * Enabling the private ciphersuites when talking to other than
788 * gnutls servers and clients may cause interoperability problems.
789 **/
790 void
792 {
794 }
800 {
808 }
810 #define MAX_SEED_SIZE 200
812 /* Produces "total_bytes" bytes using the hash algorithm specified.
813 * (used in the PRF function)
814 */
815 static int
820 {
822 digest_hd_st td2;
828 {
831 }
836 do
837 {
839 }
842 /* calculate A(0) */
850 {
853 {
856 }
858 /* here we calculate A(i+1) */
862 {
866 }
875 {
877 }
878 else
879 {
881 }
884 {
886 }
887 }
890 }
892 #define MAX_PRF_BYTES 200
894 /* The PRF function expands a given secret
895 * needed by the TLS specification. ret must have a least total_bytes
896 * available.
897 */
898 int
903 {
912 {
915 }
916 /* label+seed = s_seed */
920 {
923 }
929 {
930 result =
935 {
938 }
939 }
940 else
941 {
948 {
949 l_s++;
950 }
952 result =
956 {
959 }
961 result =
965 {
968 }
973 }
977 }
979 /**
980 * gnutls_prf_raw:
981 * @session: is a #gnutls_session_t structure.
982 * @label_size: length of the @label variable.
983 * @label: label used in PRF computation, typically a short string.
984 * @seed_size: length of the @seed variable.
985 * @seed: optional extra data to seed the PRF with.
986 * @outsize: size of pre-allocated output buffer to hold the output.
987 * @out: pre-allocate buffer to hold the generated data.
988 *
989 * Apply the TLS Pseudo-Random-Function (PRF) on the master secret
990 * and the provided data.
991 *
992 * The @label variable usually contains a string denoting the purpose
993 * for the generated data. The @seed usually contains data such as the
994 * client and server random, perhaps together with some additional
995 * data that is added to guarantee uniqueness of the output for a
996 * particular purpose.
997 *
998 * Because the output is not guaranteed to be unique for a particular
999 * session unless @seed includes the client random and server random
1000 * fields (the PRF would output the same data on another connection
1001 * resumed from the first one), it is not recommended to use this
1002 * function directly. The gnutls_prf() function seeds the PRF with the
1003 * client and server random fields directly, and is recommended if you
1004 * want to generate pseudo random data unique for each session.
1005 *
1006 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1007 **/
1008 int
1013 {
1018 GNUTLS_MASTER_SIZE,
1019 label,
1023 }
1025 /**
1026 * gnutls_prf:
1027 * @session: is a #gnutls_session_t structure.
1028 * @label_size: length of the @label variable.
1029 * @label: label used in PRF computation, typically a short string.
1030 * @server_random_first: non-0 if server random field should be first in seed
1031 * @extra_size: length of the @extra variable.
1032 * @extra: optional extra data to seed the PRF with.
1033 * @outsize: size of pre-allocated output buffer to hold the output.
1034 * @out: pre-allocate buffer to hold the generated data.
1035 *
1036 * Apply the TLS Pseudo-Random-Function (PRF) on the master secret
1037 * and the provided data, seeded with the client and server random fields.
1038 *
1039 * The @label variable usually contains a string denoting the purpose
1040 * for the generated data. The @server_random_first indicates whether
1041 * the client random field or the server random field should be first
1042 * in the seed. Non-0 indicates that the server random field is first,
1043 * 0 that the client random field is first.
1044 *
1045 * The @extra variable can be used to add more data to the seed, after
1046 * the random variables. It can be used to make sure the
1047 * generated output is strongly connected to some additional data
1048 * (e.g., a string used in user authentication).
1049 *
1050 * The output is placed in @out, which must be pre-allocated.
1051 *
1052 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1053 **/
1054 int
1060 {
1067 {
1070 }
1082 GNUTLS_MASTER_SIZE,
1088 }
1090 /**
1091 * gnutls_session_is_resumed:
1092 * @session: is a #gnutls_session_t structure.
1093 *
1094 * Check whether session is resumed or not.
1095 *
1096 * Returns: non zero if this session is resumed, or a zero if this is
1097 * a new session.
1098 **/
1099 int
1101 {
1103 {
1112 }
1113 else
1114 {
1117 }
1120 }
1122 /**
1123 * gnutls_session_resumption_requested:
1124 * @session: is a #gnutls_session_t structure.
1125 *
1126 * Check whether the client has asked for session resumption.
1127 * This function is valid only on server side.
1128 *
1129 * Returns: non zero if session resumption was asked, or a zero if not.
1130 **/
1131 int
1133 {
1135 {
1137 }
1138 else
1139 {
1141 }
1142 }
1144 /*-
1145 * _gnutls_session_is_export - Used to check whether this session is of export grade
1146 * @session: is a #gnutls_session_t structure.
1147 *
1148 * This function will return non zero if this session is of export grade.
1149 -*/
1150 int
1152 {
1153 gnutls_cipher_algorithm_t cipher;
1155 cipher =
1163 }
1165 /*-
1166 * _gnutls_session_is_psk - Used to check whether this session uses PSK kx
1167 * @session: is a #gnutls_session_t structure.
1168 *
1169 * This function will return non zero if this session uses a PSK key
1170 * exchange algorithm.
1171 -*/
1172 int
1174 {
1175 gnutls_kx_algorithm_t kx;
1177 kx =
1184 }
1186 /*-
1187 * _gnutls_session_is_ecc - Used to check whether this session uses ECC kx
1188 * @session: is a #gnutls_session_t structure.
1189 *
1190 * This function will return non zero if this session uses an elliptic
1191 * curves key exchange exchange algorithm.
1192 -*/
1193 int
1195 {
1196 gnutls_kx_algorithm_t kx;
1198 /* We get the key exchange algorithm through the ciphersuite because
1199 * the negotiated key exchange might not have been set yet.
1200 */
1201 kx =
1206 }
1208 /**
1209 * gnutls_session_get_ptr:
1210 * @session: is a #gnutls_session_t structure.
1211 *
1212 * Get user pointer for session. Useful in callbacks. This is the
1213 * pointer set with gnutls_session_set_ptr().
1214 *
1215 * Returns: the user given pointer from the session structure, or
1216 * %NULL if it was never set.
1217 **/
1220 {
1222 }
1224 /**
1225 * gnutls_session_set_ptr:
1226 * @session: is a #gnutls_session_t structure.
1227 * @ptr: is the user pointer
1228 *
1229 * This function will set (associate) the user given pointer @ptr to
1230 * the session structure. This pointer can be accessed with
1231 * gnutls_session_get_ptr().
1232 **/
1233 void
1235 {
1237 }
1240 /**
1241 * gnutls_record_get_direction:
1242 * @session: is a #gnutls_session_t structure.
1243 *
1244 * This function provides information about the internals of the
1245 * record protocol and is only useful if a prior gnutls function call
1246 * (e.g. gnutls_handshake()) was interrupted for some reason, that
1247 * is, if a function returned %GNUTLS_E_INTERRUPTED or
1248 * %GNUTLS_E_AGAIN. In such a case, you might want to call select()
1249 * or poll() before calling the interrupted gnutls function again. To
1250 * tell you whether a file descriptor should be selected for either
1251 * reading or writing, gnutls_record_get_direction() returns 0 if the
1252 * interrupted function was trying to read data, and 1 if it was
1253 * trying to write data.
1254 *
1255 * Returns: 0 if trying to read data, 1 if trying to write data.
1256 **/
1257 int
1259 {
1261 }
1263 /*-
1264 * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
1265 * @session: is a #gnutls_session_t structure.
1266 * @major: is the major version to use
1267 * @minor: is the minor version to use
1268 *
1269 * This function will set the given version number to be used at the
1270 * RSA PMS secret. This is only useful to clients, which want to
1271 * test server's capabilities.
1272 -*/
1273 void
1276 {
1279 }
1281 /**
1282 * gnutls_handshake_set_post_client_hello_function:
1283 * @session: is a #gnutls_session_t structure.
1284 * @func: is the function to be called
1285 *
1286 * This function will set a callback to be called after the client
1287 * hello has been received (callback valid in server side only). This
1288 * allows the server to adjust settings based on received extensions.
1289 *
1290 * Those settings could be ciphersuites, requesting certificate, or
1291 * anything else except for version negotiation (this is done before
1292 * the hello message is parsed).
1293 *
1294 * This callback must return 0 on success or a gnutls error code to
1295 * terminate the handshake.
1296 *
1297 * Warning: You should not use this function to terminate the
1298 * handshake based on client input unless you know what you are
1299 * doing. Before the handshake is finished there is no way to know if
1300 * there is a man-in-the-middle attack being performed.
1301 **/
1302 void
1304 gnutls_handshake_post_client_hello_func
1305 func)
1306 {
1308 }
1310 /**
1311 * gnutls_session_enable_compatibility_mode:
1312 * @session: is a #gnutls_session_t structure.
1313 *
1314 * This function can be used to disable certain (security) features in
1315 * TLS in order to maintain maximum compatibility with buggy
1316 * clients. It is equivalent to calling:
1317 * gnutls_record_disable_padding()
1318 *
1319 * Normally only servers that require maximum compatibility with
1320 * everything out there, need to call this function.
1321 **/
1322 void
1324 {
1326 }
1328 /**
1329 * gnutls_session_channel_binding:
1330 * @session: is a #gnutls_session_t structure.
1331 * @cbtype: an #gnutls_channel_binding_t enumeration type
1332 * @cb: output buffer array with data
1333 *
1334 * Extract given channel binding data of the @cbtype (e.g.,
1335 * %GNUTLS_CB_TLS_UNIQUE) type.
1336 *
1337 * Returns: %GNUTLS_E_SUCCESS on success,
1338 * %GNUTLS_E_UNIMPLEMENTED_FEATURE if the @cbtype is unsupported,
1339 * %GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE if the data is not
1340 * currently available, or an error code.
1341 *
1342 * Since: 2.12.0
1343 **/
1344 int
1346 gnutls_channel_binding_t cbtype,
1348 {
1363 }
1365 /**
1366 * gnutls_ecc_curve_get:
1367 * @session: is a #gnutls_session_t structure.
1368 *
1369 * Returns the currently used elliptic curve. Only valid
1370 * when using an elliptic curve ciphersuite.
1371 *
1372 * Returns: the currently used curve, a #gnutls_ecc_curve_t
1373 * type.
1374 *
1375 * Since: 3.0
1376 **/
1378 {
1380 }
1382 #undef gnutls_protocol_get_version
1383 /**
1384 * gnutls_protocol_get_version:
1385 * @session: is a #gnutls_session_t structure.
1386 *
1387 * Get TLS version, a #gnutls_protocol_t value.
1388 *
1389 * Returns: The version of the currently used protocol.
1390 **/
1391 gnutls_protocol_t
1393 {
1395 }
1397 /**
1398 * gnutls_session_get_random:
1399 * @session: is a #gnutls_session_t structure.
1400 * @client: the client part of the random
1401 * @server: the server part of the random
1402 *
1403 * This function returns pointers to the client and server
1404 * random fields used in the TLS handshake. The pointers are
1405 * not to be modified or deallocated.
1406 *
1407 * If a client random value has not yet been established, the output
1408 * will be garbage.
1409 *
1410 * Since: 3.0
1411 **/
1412 void
1413 gnutls_session_get_random (gnutls_session_t session, gnutls_datum_t* client, gnutls_datum_t* server)
1414 {
1416 {
1419 }
1422 {
1425 }
1426 }