| blob | c2d5b8850bc05edcebee635c9e3f8db494b26715 |
1 /*
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2009, 2010 Free
3 * Software Foundation, Inc.
4 *
5 * Author: Nikos Mavrogiannopoulos
6 *
7 * This file is part of GnuTLS.
8 *
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
22 * USA
23 *
24 */
26 /* This file contains certificate authentication functions to be exported in the
27 * API and did not fit elsewhere.
28 */
30 #include <gnutls_int.h>
31 #include <auth_srp.h>
32 #include <auth_anon.h>
33 #include <auth_cert.h>
34 #include <auth_psk.h>
35 #include <gnutls_errors.h>
36 #include <gnutls_auth.h>
37 #include <gnutls_state.h>
38 #include <gnutls_datum.h>
40 /* ANON & DHE */
42 /**
43 * gnutls_dh_set_prime_bits:
44 * @session: is a #gnutls_session_t structure.
45 * @bits: is the number of bits
46 *
47 * This function sets the number of bits, for use in an Diffie-Hellman
48 * key exchange. This is used both in DH ephemeral and DH anonymous
49 * cipher suites. This will set the minimum size of the prime that
50 * will be used for the handshake.
51 *
52 * In the client side it sets the minimum accepted number of bits. If
53 * a server sends a prime with less bits than that
54 * %GNUTLS_E_DH_PRIME_UNACCEPTABLE will be returned by the handshake.
55 *
56 * This function has no effect in server side.
57 *
58 **/
59 void
61 {
63 }
66 /**
67 * gnutls_dh_get_group:
68 * @session: is a gnutls session
69 * @raw_gen: will hold the generator.
70 * @raw_prime: will hold the prime.
71 *
72 * This function will return the group parameters used in the last
73 * Diffie-Hellman key exchange with the peer. These are the prime and
74 * the generator used. This function should be used for both
75 * anonymous and ephemeral Diffie-Hellman. The output parameters must
76 * be freed with gnutls_free().
77 *
78 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
79 * an error code is returned.
80 **/
81 int
84 {
87 anon_auth_info_t anon_info;
88 cert_auth_info_t cert_info;
89 psk_auth_info_t psk_info;
92 {
114 }
118 {
121 }
125 {
129 }
132 }
134 /**
135 * gnutls_dh_get_pubkey:
136 * @session: is a gnutls session
137 * @raw_key: will hold the public key.
138 *
139 * This function will return the peer's public key used in the last
140 * Diffie-Hellman key exchange. This function should be used for both
141 * anonymous and ephemeral Diffie-Hellman. The output parameters must
142 * be freed with gnutls_free().
143 *
144 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
145 * an error code is returned.
146 **/
147 int
149 {
151 anon_auth_info_t anon_info;
152 cert_auth_info_t cert_info;
153 cert_auth_info_t psk_info;
156 {
158 {
164 }
166 {
172 }
174 {
181 }
185 }
189 }
191 /**
192 * gnutls_rsa_export_get_pubkey:
193 * @session: is a gnutls session
194 * @exponent: will hold the exponent.
195 * @modulus: will hold the modulus.
196 *
197 * This function will return the peer's public key exponent and
198 * modulus used in the last RSA-EXPORT authentication. The output
199 * parameters must be freed with gnutls_free().
200 *
201 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
202 * an error code is returned.
203 **/
204 int
208 {
209 cert_auth_info_t info;
213 {
221 {
224 }
229 {
233 }
236 }
239 }
242 /**
243 * gnutls_dh_get_secret_bits:
244 * @session: is a gnutls session
245 *
246 * This function will return the bits used in the last Diffie-Hellman
247 * key exchange with the peer. Should be used for both anonymous and
248 * ephemeral Diffie-Hellman.
249 *
250 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
251 * an error code is returned.
252 **/
253 int
255 {
257 {
259 {
260 anon_auth_info_t info;
266 }
268 {
269 psk_auth_info_t info;
275 }
277 {
278 cert_auth_info_t info;
285 }
289 }
290 }
292 static int
294 {
295 bigint_t mpi;
300 {
303 }
309 }
311 /**
312 * gnutls_dh_get_prime_bits:
313 * @session: is a gnutls session
314 *
315 * This function will return the bits of the prime used in the last
316 * Diffie-Hellman key exchange with the peer. Should be used for both
317 * anonymous and ephemeral Diffie-Hellman. Note that some ciphers,
318 * like RSA and DSA without DHE, does not use a Diffie-Hellman key
319 * exchange, and then this function will return 0.
320 *
321 * Returns: The Diffie-Hellman bit strength is returned, or 0 if no
322 * Diffie-Hellman key exchange was done, or a negative error code on
323 * failure.
324 **/
325 int
327 {
331 {
333 {
334 anon_auth_info_t info;
341 }
343 {
344 psk_auth_info_t info;
351 }
353 {
354 cert_auth_info_t info;
362 }
366 }
369 }
371 /**
372 * gnutls_rsa_export_get_modulus_bits:
373 * @session: is a gnutls session
374 *
375 * Get the export RSA parameter's modulus size.
376 *
377 * Returns: the bits used in the last RSA-EXPORT key exchange with the
378 * peer, or a negative value in case of error.
379 **/
380 int
382 {
383 cert_auth_info_t info;
390 }
392 /**
393 * gnutls_dh_get_peers_public_bits:
394 * @session: is a gnutls session
395 *
396 * Get the Diffie-Hellman public key bit size. Can be used for both
397 * anonymous and ephemeral Diffie-Hellman.
398 *
399 * Returns: the public key bit size used in the last Diffie-Hellman
400 * key exchange with the peer, or a negative value in case of error.
401 **/
402 int
404 {
408 {
410 {
411 anon_auth_info_t info;
419 }
421 {
422 psk_auth_info_t info;
430 }
432 {
433 cert_auth_info_t info;
441 }
445 }
448 }
450 /* CERTIFICATE STUFF */
452 /**
453 * gnutls_certificate_get_ours:
454 * @session: is a gnutls session
455 *
456 * Get the certificate as sent to the peer, in the last handshake.
457 * These certificates are in raw format. In X.509 this is a
458 * certificate list. In OpenPGP this is a single certificate.
459 *
460 * Returns: return a pointer to a #gnutls_datum_t containing our
461 * certificates, or %NULL in case of an error or if no certificate
462 * was used.
463 **/
466 {
467 gnutls_certificate_credentials_t cred;
474 {
477 }
483 }
485 /**
486 * gnutls_certificate_get_peers:
487 * @session: is a gnutls session
488 * @list_size: is the length of the certificate list
489 *
490 * Get the peer's raw certificate (chain) as sent by the peer. These
491 * certificates are in raw format (DER encoded for X.509). In case of
492 * a X.509 then a certificate list may be present. The first
493 * certificate in the list is the peer's certificate, following the
494 * issuer's certificate, then the issuer's issuer etc.
495 *
496 * In case of OpenPGP keys a single key will be returned in raw
497 * format.
498 *
499 * Returns: return a pointer to a #gnutls_datum_t containing our
500 * certificates, or %NULL in case of an error or if no certificate
501 * was used.
502 **/
506 {
507 cert_auth_info_t info;
517 }
520 /**
521 * gnutls_certificate_client_get_request_status:
522 * @session: is a gnutls session
523 *
524 * Get whether client certificate is requested or not.
525 *
526 * Returns: 0 if the peer (server) did not request client
527 * authentication or 1 otherwise, or a negative value in case of
528 * error.
529 **/
530 int
532 {
534 }
536 /**
537 * gnutls_fingerprint:
538 * @algo: is a digest algorithm
539 * @data: is the data
540 * @result: is the place where the result will be copied (may be null).
541 * @result_size: should hold the size of the result. The actual size
542 * of the returned result will also be copied there.
543 *
544 * This function will calculate a fingerprint (actually a hash), of
545 * the given data. The result is not printable data. You should
546 * convert it to hex, or to something else printable.
547 *
548 * This is the usual way to calculate a fingerprint of an X.509 DER
549 * encoded certificate. Note however that the fingerprint of an
550 * OpenPGP is not just a hash and cannot be calculated with this
551 * function.
552 *
553 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
554 * an error code is returned.
555 **/
556 int
560 {
561 digest_hd_st td;
565 {
568 }
572 {
575 {
578 }
583 }
586 }
589 /**
590 * gnutls_certificate_set_dh_params:
591 * @res: is a gnutls_certificate_credentials_t structure
592 * @dh_params: is a structure that holds Diffie-Hellman parameters.
593 *
594 * This function will set the Diffie-Hellman parameters for a
595 * certificate server to use. These parameters will be used in
596 * Ephemeral Diffie-Hellman cipher suites. Note that only a pointer
597 * to the parameters are stored in the certificate handle, so if you
598 * deallocate the parameters before the certificate is deallocated,
599 * you must change the parameters stored in the certificate first.
600 *
601 **/
602 void
604 gnutls_dh_params_t dh_params)
605 {
607 }
609 /**
610 * gnutls_certificate_set_params_function:
611 * @res: is a gnutls_certificate_credentials_t structure
612 * @func: is the function to be called
613 *
614 * This function will set a callback in order for the server to get
615 * the Diffie-Hellman or RSA parameters for certificate
616 * authentication. The callback should return zero on success.
617 **/
618 void
621 {
623 }
626 /**
627 * gnutls_certificate_set_verify_flags:
628 * @res: is a gnutls_certificate_credentials_t structure
629 * @flags: are the flags
630 *
631 * This function will set the flags to be used at verification of the
632 * certificates. Flags must be OR of the
633 * #gnutls_certificate_verify_flags enumerations.
634 *
635 **/
636 void
639 {
641 }
643 /**
644 * gnutls_certificate_set_verify_limits:
645 * @res: is a gnutls_certificate_credentials structure
646 * @max_bits: is the number of bits of an acceptable certificate (default 8200)
647 * @max_depth: is maximum depth of the verification of a certificate chain (default 5)
648 *
649 * This function will set some upper limits for the default
650 * verification function, gnutls_certificate_verify_peers2(), to avoid
651 * denial of service attacks. You can set them to zero to disable
652 * limits.
653 **/
654 void
658 {
661 }
663 /**
664 * gnutls_certificate_set_rsa_export_params:
665 * @res: is a gnutls_certificate_credentials_t structure
666 * @rsa_params: is a structure that holds temporary RSA parameters.
667 *
668 * This function will set the temporary RSA parameters for a
669 * certificate server to use. These parameters will be used in
670 * RSA-EXPORT cipher suites.
671 **/
672 void
675 {
677 }
679 /**
680 * gnutls_psk_set_params_function:
681 * @res: is a gnutls_psk_server_credentials_t structure
682 * @func: is the function to be called
683 *
684 * This function will set a callback in order for the server to get
685 * the Diffie-Hellman or RSA parameters for PSK authentication. The
686 * callback should return zero on success.
687 **/
688 void
691 {
693 }
695 /**
696 * gnutls_anon_set_params_function:
697 * @res: is a gnutls_anon_server_credentials_t structure
698 * @func: is the function to be called
699 *
700 * This function will set a callback in order for the server to get
701 * the Diffie-Hellman or RSA parameters for anonymous authentication.
702 * The callback should return zero on success.
703 **/
704 void
707 {
709 }