search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*** empty log message ***
[gnutls.git] / lib / gnutls_ui.c
bloba6894d1579ba7c337f5a351b57aa15c1bc6887b0
1 /*
2 * Copyright (C) 2001 Nikos Mavroyanopoulos
3 *
4 * This file is part of GNUTLS.
5 *
6 * The GNUTLS library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include <gnutls_int.h>
23 #include <auth_srp.h>
24 #include <auth_anon.h>
25 #include <auth_cert.h>
26 #include <gnutls_errors.h>
27 #include <gnutls_auth_int.h>
28 #include <gnutls_state.h>
29
30 /* ANON & DHE */
31
32 /**
33 * gnutls_dh_set_prime_bits - Used to set the bits for a DH ciphersuite
34 * @state: is a &GNUTLS_STATE structure.
35 * @bits: is the number of bits
36 *
37 * This function sets the number of bits, for use in an
38 * Diffie Hellman key exchange. This is used both in DH ephemeral and
39 * DH anonymous cipher suites. This will set the
40 * minimum size of the prime that will be used for the handshake.
41 *
42 **/
43 void gnutls_dh_set_prime_bits(GNUTLS_STATE state, int bits)
44 {
45 state->gnutls_internals.dh_prime_bits = bits;
46 }
47
48 /**
49 * gnutls_dh_get_prime_bits - This function returns the bits used in DH authentication
50 * @state: is a gnutls state
51 *
52 * This function will return the bits used in the last Diffie Hellman authentication
53 * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
54 * Returns a negative value in case of an error.
55 *
56 **/
57 int gnutls_dh_get_prime_bits(GNUTLS_STATE state)
58 {
59 switch( gnutls_auth_get_type( state)) {
60 case GNUTLS_CRD_ANON: {
61 ANON_SERVER_AUTH_INFO info;
62
63 info = _gnutls_get_auth_info(state);
64 if (info == NULL)
65 return GNUTLS_E_UNKNOWN_ERROR;
66 return info->dh_prime_bits;
67 }
68 case GNUTLS_CRD_CERTIFICATE: {
69 CERTIFICATE_AUTH_INFO info;
70
71 info = _gnutls_get_auth_info(state);
72 if (info == NULL)
73 return GNUTLS_E_UNKNOWN_ERROR;
74
75 return info->dh_prime_bits;
76 }
77 default:
78 gnutls_assert();
79 return GNUTLS_E_INVALID_REQUEST;
80 }
81 }
82
83 /**
84 * gnutls_dh_get_secret_bits - This function returns the bits used in DH authentication
85 * @state: is a gnutls state
86 *
87 * This function will return the bits used in the last Diffie Hellman authentication
88 * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
89 * Returns a negative value in case of an error.
90 *
91 **/
92 int gnutls_dh_get_secret_bits(GNUTLS_STATE state)
93 {
94 switch( gnutls_auth_get_type( state)) {
95 case GNUTLS_CRD_ANON: {
96 ANON_SERVER_AUTH_INFO info;
97
98 info = _gnutls_get_auth_info(state);
99 if (info == NULL)
100 return GNUTLS_E_UNKNOWN_ERROR;
101 return info->dh_secret_bits;
102 }
103 case GNUTLS_CRD_CERTIFICATE: {
104 CERTIFICATE_AUTH_INFO info;
105
106 info = _gnutls_get_auth_info(state);
107 if (info == NULL)
108 return GNUTLS_E_UNKNOWN_ERROR;
109
110 return info->dh_secret_bits;
111 }
112 default:
113 gnutls_assert();
114 return GNUTLS_E_INVALID_REQUEST;
115 }
116 }
117
118 /**
119 * gnutls_dh_get_peers_public_bits - This function returns the bits used in DH authentication
120 * @state: is a gnutls state
121 *
122 * This function will return the bits used in the last Diffie Hellman authentication
123 * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
124 * Returns a negative value in case of an error.
125 *
126 **/
127 int gnutls_dh_get_peers_public_bits(GNUTLS_STATE state)
128 {
129 switch( gnutls_auth_get_type( state)) {
130 case GNUTLS_CRD_ANON: {
131 ANON_SERVER_AUTH_INFO info;
132
133 info = _gnutls_get_auth_info(state);
134 if (info == NULL)
135 return GNUTLS_E_UNKNOWN_ERROR;
136 return info->dh_peer_public_bits;
137 }
138 case GNUTLS_CRD_CERTIFICATE: {
139 CERTIFICATE_AUTH_INFO info;
140
141 info = _gnutls_get_auth_info(state);
142 if (info == NULL)
143 return GNUTLS_E_UNKNOWN_ERROR;
144
145 return info->dh_peer_public_bits;
146 }
147 default:
148 gnutls_assert();
149 return GNUTLS_E_INVALID_REQUEST;
150 }
151 }
152
153 /* CERTIFICATE STUFF */
154
155 /**
156 * gnutls_certificate_get_ours - This function returns the raw certificate sent in the last handshake
157 * @state: is a gnutls state
158 *
159 * This function will return the raw certificate list as sent to the peer,
160 * in the last handshake. These certificates are in raw format.
161 * In X.509 this is a certificate list. In OpenPGP this is a single
162 * certificate.
163 * Returns NULL in case of an error, or if no certificate was used.
164 *
165 **/
166 const gnutls_datum *gnutls_certificate_get_ours(GNUTLS_STATE state)
167 {
168 const GNUTLS_CERTIFICATE_CREDENTIALS cred;
169 int index;
170
171 CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL);
172
173 cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL);
174 if (cred == NULL) {
175 gnutls_assert();
176 return NULL;
177 }
178
179 index = state->gnutls_internals.selected_cert_index;
180 if (index < 0) return NULL; /* no certificate */
181
182 return &cred->cert_list[index]->raw;
183 }
184
185 /**
186 * gnutls_certificate_get_peers - This function returns the peer's raw certificate
187 * @state: is a gnutls state
188 * @list_size: is the length of the certificate list
189 *
190 * This function will return the peer's raw certificate (list) as sent by the peer.
191 * These certificates are in raw format (DER encoded for X509).
192 * In case of a X509 then a certificate list may be present.
193 * The first certificate in the list is the peer's certificate,
194 * following the issuer's certificate, then the issuer's issuer etc.
195 * Returns NULL in case of an error, or if no certificate was sent.
196 *
197 **/
198 const gnutls_datum *gnutls_certificate_get_peers(GNUTLS_STATE state, int *list_size)
199 {
200 CERTIFICATE_AUTH_INFO info;
201
202 CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL);
203
204 info = _gnutls_get_auth_info(state);
205 if (info == NULL)
206 return NULL;
207
208 *list_size = info->ncerts;
209 return info->raw_certificate_list;
210 }
211
212
213 /**
214 * gnutls_certificate_client_get_request_status - This function returns the certificate request status
215 * @state: is a gnutls state
216 *
217 * This function will return 0 if the peer (server) did not request client
218 * authentication or 1 otherwise.
219 * Returns a negative value in case of an error.
220 *
221 **/
222 int gnutls_certificate_client_get_request_status(GNUTLS_STATE state)
223 {
224 CERTIFICATE_AUTH_INFO info;
225
226 CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, 0);
227
228 info = _gnutls_get_auth_info(state);
229 if (info == NULL)
230 return GNUTLS_E_UNKNOWN_ERROR;
231 return info->certificate_requested;
232 }
233
234
235 typedef MACAlgorithm GNUTLS_DigestAlgorithm;
236 /**
237 * gnutls_x509_fingerprint - This function calculates the fingerprint of the given data
238 * @algo: is a digest algorithm
239 * @data: is the data
240 * @result: is the place where the result will be copied.
241 * @result_size: should hold the size of the result. The actual size
242 * of the returned result will also be copied there.
243 *
244 * This function will calculate a fingerprint (actually a hash), of the
245 * given data. The result is not printable data. You should convert it
246 * to hex, or to something else printable.
247 * Returns a negative value in case of an error.
248 *
249 **/
250 int gnutls_x509_fingerprint(GNUTLS_DigestAlgorithm algo, const gnutls_datum* data, char* result, size_t* result_size)
251 {
252 GNUTLS_HASH_HANDLE td;
253 int hash_len = _gnutls_hash_get_algo_len(algo);
254
255 if (hash_len > *result_size || hash_len < 0) {
256 *result_size = hash_len;
257 return GNUTLS_E_INVALID_REQUEST;
258 }
259 *result_size = hash_len;
260
261 td = _gnutls_hash_init( algo);
262 if (td==NULL) return GNUTLS_E_HASH_FAILED;
263
264 _gnutls_hash( td, data->data, data->size);
265
266 _gnutls_hash_deinit( td, result);
267
268 return 0;
269 }
270
271 /**
272 * gnutls_anon_set_server_dh_params - This function will set the DH parameters for a server to use
273 * @res: is a GNUTLS_ANON_SERVER_CREDENTIALS structure
274 * @dh_params: is a structure that holds diffie hellman parameters.
275 *
276 * This function will set the diffie hellman parameters for an anonymous
277 * server to use. These parameters will be used in Anonymous Diffie Hellman
278 * cipher suites.
279 *
280 **/
281 void gnutls_anon_set_server_dh_params( GNUTLS_ANON_SERVER_CREDENTIALS res, GNUTLS_DH_PARAMS dh_params) {
282 res->dh_params = dh_params;
283 }
284
285 /**
286 * gnutls_certificate_set_server_dh_params - This function will set the DH parameters for a server to use
287 * @res: is a GNUTLS_CERTIFICATE_CREDENTIALS structure
288 * @dh_params: is a structure that holds diffie hellman parameters.
289 *
290 * This function will set the diffie hellman parameters for a certificate
291 * server to use. These parameters will be used in Ephemeral Diffie Hellman
292 * cipher suites.
293 *
294 **/
295 int gnutls_certificate_set_dh_params(GNUTLS_CERTIFICATE_CREDENTIALS res, GNUTLS_DH_PARAMS dh_params) {
296 res->dh_params = dh_params;
297 return 0;
298 }
Implementation of the SSL/TLS protocol