2 * Copyright (C) 2002 Nikos Mavroyanopoulos
4 * This file is part of GNUTLS.
6 * The GNUTLS library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include "gnutls_int.h"
23 #include "gnutls_errors.h"
24 #include "gnutls_num.h"
25 #include "ext_cert_type.h"
26 #include <gnutls_state.h>
29 * In case of a server: if a CERT_TYPE extension type is received then it stores
30 * into the state security parameters the new value. The server may use gnutls_state_cert_type_get(),
33 * In case of a client: If a cert_types have been specified then we send the extension.
37 int _gnutls_cert_type_recv_params( GNUTLS_STATE state
, const opaque
* data
, int data_size
) {
38 int new_type
= -1, ret
, i
;
40 if (state
->security_parameters
.entity
== GNUTLS_CLIENT
) {
42 if ( data_size
!= 1) {
44 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH
;
47 new_type
= _gnutls_num2cert_type(data
[0]);
54 /* Check if we support this cert_type */
55 if ( (ret
=_gnutls_state_cert_type_supported( state
, new_type
)) < 0) {
60 _gnutls_state_cert_type_set( state
, new_type
);
62 } else { /* SERVER SIDE - we must check if the sent cert type is the right one
66 if ( data_size
<= 0) {
68 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH
;
71 for (i
=0;i
<data_size
;i
++) {
72 new_type
= _gnutls_num2cert_type(data
[i
]);
74 if (new_type
< 0) continue;
76 /* Check if we support this cert_type */
77 if ( (ret
=_gnutls_state_cert_type_supported( state
, new_type
)) < 0) {
86 return GNUTLS_E_ILLEGAL_PARAMETER
;
89 if ( (ret
=_gnutls_state_cert_type_supported( state
, new_type
)) < 0) {
94 _gnutls_state_cert_type_set( state
, new_type
);
103 /* returns data_size or a negative number on failure
104 * data is allocated localy
106 int _gnutls_cert_type_send_params( GNUTLS_STATE state
, opaque
* data
, int data_size
) {
109 /* this function sends the client extension data (dnsname) */
110 if (state
->security_parameters
.entity
== GNUTLS_CLIENT
) {
112 if (state
->gnutls_internals
.cert_type_priority
.algorithms
> 0) {
114 len
= state
->gnutls_internals
.cert_type_priority
.algorithms
;
117 state
->gnutls_internals
.cert_type_priority
.algorithm_priority
[0]==GNUTLS_CRT_X509
)
119 /* We don't use this extension if X.509 certificates
125 if (data_size
< len
) {
127 return GNUTLS_E_INVALID_REQUEST
;
130 for (i
=0;i
<len
;i
++) {
131 data
[i
] = _gnutls_cert_type2num( state
->gnutls_internals
.
132 cert_type_priority
.algorithm_priority
[i
]);
137 } else { /* server side */
139 if ( state
->security_parameters
.cert_type
!= DEFAULT_CERT_TYPE
) {
141 if (data_size
< len
) {
143 return GNUTLS_E_INVALID_REQUEST
;
146 data
[0] = _gnutls_cert_type2num( state
->security_parameters
.cert_type
);
156 /* Maps numbers to record sizes according to the
159 int _gnutls_num2cert_type( int num
) {
162 return GNUTLS_CRT_X509
;
164 return GNUTLS_CRT_OPENPGP
;
166 return GNUTLS_E_ILLEGAL_PARAMETER
;
170 /* Maps record size to numbers according to the
173 int _gnutls_cert_type2num( int cert_type
) {
175 case GNUTLS_CRT_X509
:
177 case GNUTLS_CRT_OPENPGP
:
180 return GNUTLS_E_ILLEGAL_PARAMETER
;