2 * Copyright (C) 2001 Nikos Mavroyanopoulos
4 * This file is part of GNUTLS.
6 * The GNUTLS library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <gnutls_int.h>
24 #include <auth_anon.h>
25 #include <auth_cert.h>
26 #include <gnutls_errors.h>
27 #include <gnutls_auth_int.h>
28 #include <gnutls_state.h>
33 * gnutls_dh_set_prime_bits - Used to set the bits for a DH ciphersuite
34 * @state: is a &GNUTLS_STATE structure.
35 * @bits: is the number of bits
37 * This function sets the number of bits, for use in an
38 * Diffie Hellman key exchange. This is used both in DH ephemeral and
39 * DH anonymous cipher suites. This will set the
40 * minimum size of the prime that will be used for the handshake.
43 void gnutls_dh_set_prime_bits(GNUTLS_STATE state
, int bits
)
45 state
->gnutls_internals
.dh_prime_bits
= bits
;
49 * gnutls_dh_get_prime_bits - This function returns the bits used in DH authentication
50 * @state: is a gnutls state
52 * This function will return the bits used in the last Diffie Hellman authentication
53 * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
54 * Returns a negative value in case of an error.
57 int gnutls_dh_get_prime_bits(GNUTLS_STATE state
)
59 switch( gnutls_auth_get_type( state
)) {
60 case GNUTLS_CRD_ANON
: {
61 ANON_SERVER_AUTH_INFO info
;
63 info
= _gnutls_get_auth_info(state
);
65 return GNUTLS_E_UNKNOWN_ERROR
;
66 return info
->dh_prime_bits
;
68 case GNUTLS_CRD_CERTIFICATE
: {
69 CERTIFICATE_AUTH_INFO info
;
71 info
= _gnutls_get_auth_info(state
);
73 return GNUTLS_E_UNKNOWN_ERROR
;
75 return info
->dh_prime_bits
;
79 return GNUTLS_E_INVALID_REQUEST
;
84 * gnutls_dh_get_secret_bits - This function returns the bits used in DH authentication
85 * @state: is a gnutls state
87 * This function will return the bits used in the last Diffie Hellman authentication
88 * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
89 * Returns a negative value in case of an error.
92 int gnutls_dh_get_secret_bits(GNUTLS_STATE state
)
94 switch( gnutls_auth_get_type( state
)) {
95 case GNUTLS_CRD_ANON
: {
96 ANON_SERVER_AUTH_INFO info
;
98 info
= _gnutls_get_auth_info(state
);
100 return GNUTLS_E_UNKNOWN_ERROR
;
101 return info
->dh_secret_bits
;
103 case GNUTLS_CRD_CERTIFICATE
: {
104 CERTIFICATE_AUTH_INFO info
;
106 info
= _gnutls_get_auth_info(state
);
108 return GNUTLS_E_UNKNOWN_ERROR
;
110 return info
->dh_secret_bits
;
114 return GNUTLS_E_INVALID_REQUEST
;
119 * gnutls_dh_get_peers_public_bits - This function returns the bits used in DH authentication
120 * @state: is a gnutls state
122 * This function will return the bits used in the last Diffie Hellman authentication
123 * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
124 * Returns a negative value in case of an error.
127 int gnutls_dh_get_peers_public_bits(GNUTLS_STATE state
)
129 switch( gnutls_auth_get_type( state
)) {
130 case GNUTLS_CRD_ANON
: {
131 ANON_SERVER_AUTH_INFO info
;
133 info
= _gnutls_get_auth_info(state
);
135 return GNUTLS_E_UNKNOWN_ERROR
;
136 return info
->dh_peer_public_bits
;
138 case GNUTLS_CRD_CERTIFICATE
: {
139 CERTIFICATE_AUTH_INFO info
;
141 info
= _gnutls_get_auth_info(state
);
143 return GNUTLS_E_UNKNOWN_ERROR
;
145 return info
->dh_peer_public_bits
;
149 return GNUTLS_E_INVALID_REQUEST
;
153 /* CERTIFICATE STUFF */
156 * gnutls_certificate_get_ours - This function returns the raw certificate sent in the last handshake
157 * @state: is a gnutls state
159 * This function will return the raw certificate list as sent to the peer,
160 * in the last handshake. These certificates are in raw format.
161 * In X.509 this is a certificate list. In OpenPGP this is a single
163 * Returns NULL in case of an error, or if no certificate was used.
166 const gnutls_datum
*gnutls_certificate_get_ours(GNUTLS_STATE state
)
168 const GNUTLS_CERTIFICATE_CREDENTIALS cred
;
171 CHECK_AUTH(GNUTLS_CRD_CERTIFICATE
, NULL
);
173 cred
= _gnutls_get_cred(state
->gnutls_key
, GNUTLS_CRD_CERTIFICATE
, NULL
);
179 index
= state
->gnutls_internals
.selected_cert_index
;
180 if (index
< 0) return NULL
; /* no certificate */
182 return &cred
->cert_list
[index
]->raw
;
186 * gnutls_certificate_get_peers - This function returns the peer's raw certificate
187 * @state: is a gnutls state
188 * @list_size: is the length of the certificate list
190 * This function will return the peer's raw certificate (list) as sent by the peer.
191 * These certificates are in raw format (DER encoded for X509).
192 * In case of a X509 then a certificate list may be present.
193 * The first certificate in the list is the peer's certificate,
194 * following the issuer's certificate, then the issuer's issuer etc.
195 * Returns NULL in case of an error, or if no certificate was sent.
198 const gnutls_datum
*gnutls_certificate_get_peers(GNUTLS_STATE state
, int *list_size
)
200 CERTIFICATE_AUTH_INFO info
;
202 CHECK_AUTH(GNUTLS_CRD_CERTIFICATE
, NULL
);
204 info
= _gnutls_get_auth_info(state
);
208 *list_size
= info
->ncerts
;
209 return info
->raw_certificate_list
;
214 * gnutls_certificate_client_get_request_status - This function returns the certificate request status
215 * @state: is a gnutls state
217 * This function will return 0 if the peer (server) did not request client
218 * authentication or 1 otherwise.
219 * Returns a negative value in case of an error.
222 int gnutls_certificate_client_get_request_status(GNUTLS_STATE state
)
224 CERTIFICATE_AUTH_INFO info
;
226 CHECK_AUTH(GNUTLS_CRD_CERTIFICATE
, 0);
228 info
= _gnutls_get_auth_info(state
);
230 return GNUTLS_E_UNKNOWN_ERROR
;
231 return info
->certificate_requested
;
235 typedef MACAlgorithm GNUTLS_DigestAlgorithm
;
237 * gnutls_x509_fingerprint - This function calculates the fingerprint of the given data
238 * @algo: is a digest algorithm
240 * @result: is the place where the result will be copied.
241 * @result_size: should hold the size of the result. The actual size
242 * of the returned result will also be copied there.
244 * This function will calculate a fingerprint (actually a hash), of the
245 * given data. The result is not printable data. You should convert it
246 * to hex, or to something else printable.
247 * Returns a negative value in case of an error.
250 int gnutls_x509_fingerprint(GNUTLS_DigestAlgorithm algo
, const gnutls_datum
* data
, char* result
, size_t* result_size
)
252 GNUTLS_HASH_HANDLE td
;
253 int hash_len
= _gnutls_hash_get_algo_len(algo
);
255 if (hash_len
> *result_size
|| hash_len
< 0) {
256 *result_size
= hash_len
;
257 return GNUTLS_E_INVALID_REQUEST
;
259 *result_size
= hash_len
;
261 td
= _gnutls_hash_init( algo
);
262 if (td
==NULL
) return GNUTLS_E_HASH_FAILED
;
264 _gnutls_hash( td
, data
->data
, data
->size
);
266 _gnutls_hash_deinit( td
, result
);
272 * gnutls_anon_set_server_dh_params - This function will set the DH parameters for a server to use
273 * @res: is a GNUTLS_ANON_SERVER_CREDENTIALS structure
274 * @dh_params: is a structure that holds diffie hellman parameters.
276 * This function will set the diffie hellman parameters for an anonymous
277 * server to use. These parameters will be used in Anonymous Diffie Hellman
281 void gnutls_anon_set_server_dh_params( GNUTLS_ANON_SERVER_CREDENTIALS res
, GNUTLS_DH_PARAMS dh_params
) {
282 res
->dh_params
= dh_params
;
286 * gnutls_certificate_set_server_dh_params - This function will set the DH parameters for a server to use
287 * @res: is a GNUTLS_CERTIFICATE_CREDENTIALS structure
288 * @dh_params: is a structure that holds diffie hellman parameters.
290 * This function will set the diffie hellman parameters for a certificate
291 * server to use. These parameters will be used in Ephemeral Diffie Hellman
295 int gnutls_certificate_set_dh_params(GNUTLS_CERTIFICATE_CREDENTIALS res
, GNUTLS_DH_PARAMS dh_params
) {
296 res
->dh_params
= dh_params
;