search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*** empty log message ***
[gnutls.git] / lib / ext_cert_type.c
blobd32b0109a63ef2f24971c0251949f782f541c30b
1 /*
2 * Copyright (C) 2002 Nikos Mavroyanopoulos
3 *
4 * This file is part of GNUTLS.
5 *
6 * The GNUTLS library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include "gnutls_int.h"
23 #include "gnutls_errors.h"
24 #include "gnutls_num.h"
25 #include "ext_cert_type.h"
26 #include <gnutls_state.h>
27
28 /*
29 * In case of a server: if a CERT_TYPE extension type is received then it stores
30 * into the state security parameters the new value. The server may use gnutls_state_cert_type_get(),
31 * to access it.
32 *
33 * In case of a client: If a cert_types have been specified then we send the extension.
34 *
35 */
36
37 int _gnutls_cert_type_recv_params( GNUTLS_STATE state, const opaque* data, int data_size) {
38 int new_type = -1, ret, i;
39
40 if (state->security_parameters.entity == GNUTLS_CLIENT) {
41 if (data_size > 0) {
42 if ( data_size != 1) {
43 gnutls_assert();
44 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
45 }
46
47 new_type = _gnutls_num2cert_type(data[0]);
48
49 if (new_type < 0) {
50 gnutls_assert();
51 return new_type;
52 }
53
54 /* Check if we support this cert_type */
55 if ( (ret=_gnutls_state_cert_type_supported( state, new_type)) < 0) {
56 gnutls_assert();
57 return ret;
58 }
59
60 _gnutls_state_cert_type_set( state, new_type);
61 }
62 } else { /* SERVER SIDE - we must check if the sent cert type is the right one
63 */
64 if (data_size > 0) {
65
66 if ( data_size <= 0) {
67 gnutls_assert();
68 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
69 }
70
71 for (i=0;i<data_size;i++) {
72 new_type = _gnutls_num2cert_type(data[i]);
73
74 if (new_type < 0) continue;
75
76 /* Check if we support this cert_type */
77 if ( (ret=_gnutls_state_cert_type_supported( state, new_type)) < 0) {
78 gnutls_assert();
79 continue;
80 } else break;
81 /* new_type is ok */
82 }
83
84 if (new_type < 0) {
85 gnutls_assert();
86 return GNUTLS_E_ILLEGAL_PARAMETER;
87 }
88
89 if ( (ret=_gnutls_state_cert_type_supported( state, new_type)) < 0) {
90 gnutls_assert();
91 return ret;
92 }
93
94 _gnutls_state_cert_type_set( state, new_type);
95 }
96
97
98 }
99
100 return 0;
101 }
102
103 /* returns data_size or a negative number on failure
104 * data is allocated localy
105 */
106 int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque* data, int data_size) {
107 uint16 len, i;
108
109 /* this function sends the client extension data (dnsname) */
110 if (state->security_parameters.entity == GNUTLS_CLIENT) {
111
112 if (state->gnutls_internals.cert_type_priority.algorithms > 0) {
113
114 len = state->gnutls_internals.cert_type_priority.algorithms;
115
116 if (len==1 &&
117 state->gnutls_internals.cert_type_priority.algorithm_priority[0]==GNUTLS_CRT_X509)
118 {
119 /* We don't use this extension if X.509 certificates
120 * are used.
121 */
122 return 0;
123 }
124
125 if (data_size < len) {
126 gnutls_assert();
127 return GNUTLS_E_INVALID_REQUEST;
128 }
129
130 for (i=0;i<len;i++) {
131 data[i] = _gnutls_cert_type2num( state->gnutls_internals.
132 cert_type_priority.algorithm_priority[i]);
133 }
134 return len;
135 }
136
137 } else { /* server side */
138
139 if ( state->security_parameters.cert_type != DEFAULT_CERT_TYPE) {
140 len = 1;
141 if (data_size < len) {
142 gnutls_assert();
143 return GNUTLS_E_INVALID_REQUEST;
144 }
145
146 data[0] = _gnutls_cert_type2num( state->security_parameters.cert_type);
147 return len;
148 }
149
150
151 }
152
153 return 0;
154 }
155
156 /* Maps numbers to record sizes according to the
157 * extensions draft.
158 */
159 int _gnutls_num2cert_type( int num) {
160 switch( num) {
161 case 0:
162 return GNUTLS_CRT_X509;
163 case 1:
164 return GNUTLS_CRT_OPENPGP;
165 default:
166 return GNUTLS_E_ILLEGAL_PARAMETER;
167 }
168 }
169
170 /* Maps record size to numbers according to the
171 * extensions draft.
172 */
173 int _gnutls_cert_type2num( int cert_type) {
174 switch(cert_type) {
175 case GNUTLS_CRT_X509:
176 return 0;
177 case GNUTLS_CRT_OPENPGP:
178 return 1;
179 default:
180 return GNUTLS_E_ILLEGAL_PARAMETER;
181 }
182
183 }
Implementation of the SSL/TLS protocol