*.bbg
libgnutls-config
gnutls.h
+cert_ASN.c
uint8 *data_p;
uint8 *data_g;
uint8 *data_X;
- DH_ANON_SERVER_CREDENTIALS * cred;
+ const ANON_SERVER_CREDENTIALS * cred;
- cred = _gnutls_get_kx_cred( key, GNUTLS_KX_DH_ANON, NULL);
+ cred = _gnutls_get_cred( key, GNUTLS_ANON, NULL);
if (cred==NULL) {
bits = DEFAULT_BITS; /* default */
} else {
- bits = cred->bits;
+ bits = cred->dh_bits;
}
g = gnutls_get_dh_params(&p, bits);
- key->auth_info = gnutls_malloc(sizeof(DH_ANON_AUTH_INFO));
+ key->auth_info = gnutls_malloc(sizeof(ANON_AUTH_INFO));
if (key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR;
- ((DH_ANON_AUTH_INFO*)key->auth_info)->bits = gcry_mpi_get_nbits(p);
- key->auth_info_size = sizeof(DH_ANON_AUTH_INFO);
+ ((ANON_AUTH_INFO*)key->auth_info)->dh_bits = gcry_mpi_get_nbits(p);
+ key->auth_info_size = sizeof(ANON_AUTH_INFO);
X = gnutls_calc_dh_secret(&x, g, p);
key->dh_secret = x;
}
/* set auth_info */
- key->auth_info = gnutls_malloc(sizeof(DH_ANON_AUTH_INFO));
+ key->auth_info = gnutls_malloc(sizeof(ANON_AUTH_INFO));
if (key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR;
- ((DH_ANON_AUTH_INFO*)key->auth_info)->bits = gcry_mpi_get_nbits(key->client_p);
- key->auth_info_size = sizeof(DH_ANON_AUTH_INFO);
+ ((ANON_AUTH_INFO*)key->auth_info)->dh_bits = gcry_mpi_get_nbits(key->client_p);
+ key->auth_info_size = sizeof(ANON_AUTH_INFO);
/* We should check signature in non-anonymous KX
* this is anonymous however
size_t _n_Y;
MPI g, p;
int bits;
- DH_ANON_SERVER_CREDENTIALS * cred;
+ const ANON_SERVER_CREDENTIALS * cred;
- cred = _gnutls_get_kx_cred( key, GNUTLS_KX_DH_ANON, NULL);
+ cred = _gnutls_get_cred( key, GNUTLS_ANON, NULL);
if (cred==NULL) {
bits = DEFAULT_BITS; /* default */
} else {
- bits = cred->bits;
+ bits = cred->dh_bits;
}
#if 0 /* removed. I do not know why - maybe I didn't get the protocol,
extern MOD_AUTH_STRUCT anon_auth_struct;
typedef struct {
- int bits;
-} DH_ANON_SERVER_CREDENTIALS;
+ int dh_bits;
+} ANON_SERVER_CREDENTIALS;
typedef struct {
- int bits;
-} DH_ANON_AUTH_INFO;
+ int dh_bits;
+} ANON_AUTH_INFO;
uint8 *data_a;
char *username;
char *password;
- SRP_CLIENT_CREDENTIALS *cred =
- _gnutls_get_kx_cred(key, GNUTLS_KX_SRP, NULL);
+ const SRP_CLIENT_CREDENTIALS *cred =
+ _gnutls_get_cred(key, GNUTLS_SRP, NULL);
if (cred == NULL)
return GNUTLS_E_INSUFICIENT_CRED;
opaque *hd;
char *username;
char *password;
- SRP_CLIENT_CREDENTIALS *cred =
- _gnutls_get_kx_cred(key, GNUTLS_KX_SRP, NULL);
+ const SRP_CLIENT_CREDENTIALS *cred =
+ _gnutls_get_cred(key, GNUTLS_SRP, NULL);
if (cred == NULL)
return GNUTLS_E_INSUFICIENT_CRED;
/* this function opens the tpasswd.conf file
*/
-static int pwd_read_conf( SRP_SERVER_CREDENTIALS* cred, GNUTLS_SRP_PWD_ENTRY* entry, int index) {
+static int pwd_read_conf( const SRP_SERVER_CREDENTIALS* cred, GNUTLS_SRP_PWD_ENTRY* entry, int index) {
FILE * fd;
char line[5*1024];
int i;
GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( GNUTLS_KEY key, char* username, int *err) {
- SRP_SERVER_CREDENTIALS* cred;
+ const SRP_SERVER_CREDENTIALS* cred;
FILE * fd;
char line[5*1024];
int i, len;
*err = 0; /* normal exit */
- cred = _gnutls_get_kx_cred( key, GNUTLS_KX_SRP, NULL);
+ cred = _gnutls_get_cred( key, GNUTLS_SRP, NULL);
if (cred==NULL) {
*err = 1;
gnutls_assert();
uint8 len;
/* this function sends the client extension data (username) */
if (state->security_parameters.entity == GNUTLS_CLIENT) {
- SRP_CLIENT_CREDENTIALS* cred = _gnutls_get_kx_cred( state->gnutls_key, GNUTLS_KX_SRP, NULL);
+ const SRP_CLIENT_CREDENTIALS* cred = _gnutls_get_cred( state->gnutls_key, GNUTLS_SRP, NULL);
(*data) = NULL;
typedef enum BulkCipherAlgorithm { GNUTLS_NULL_CIPHER=1, GNUTLS_ARCFOUR, GNUTLS_3DES, GNUTLS_RIJNDAEL, GNUTLS_TWOFISH, GNUTLS_RIJNDAEL256 } BulkCipherAlgorithm;
typedef enum KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DH_DSS, GNUTLS_KX_DH_RSA, GNUTLS_KX_DH_ANON, GNUTLS_KX_SRP } KXAlgorithm;
+typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType;
typedef enum MACAlgorithm { GNUTLS_NULL_MAC=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm;
typedef enum CompressionMethod { GNUTLS_NULL_COMPRESSION=1, GNUTLS_ZLIB } CompressionMethod;
typedef enum ConnectionEnd { GNUTLS_SERVER, GNUTLS_CLIENT } ConnectionEnd;
/* Functions for setting/clearing credentials */
int gnutls_clear_creds( GNUTLS_STATE state);
/* cred is a structure defined by the kx algorithm */
-int gnutls_set_kx_cred( GNUTLS_STATE, KXAlgorithm kx, void* cred);
+int gnutls_set_cred( GNUTLS_STATE, CredType type, void* cred);
const void* gnutls_get_auth_info( GNUTLS_STATE);
/* Credential structures for SRP - used in gnutls_set_cred(); */
char username[256];
} SRP_AUTH_INFO;
-/* Credential structures for DH_ANON */
+/* Credential structures for ANON */
typedef struct {
- int bits;
-} DH_ANON_SERVER_CREDENTIALS;
+ int dh_bits;
+} ANON_SERVER_CREDENTIALS;
typedef struct {
- int bits;
-} DH_ANON_AUTH_INFO;
+ int dh_bits;
+} ANON_AUTH_INFO;
/* error codes appended here */
#define MAX_CIPHERSUITE 256
#define MAX_COMPRESSION 256
+
+/* Cred type mappings to KX algorithms */
+typedef struct {
+ KXAlgorithm algorithm;
+ CredType type;
+} gnutls_cred_map;
+
+static const gnutls_cred_map cred_mappings[] = {
+ { GNUTLS_KX_DH_ANON, GNUTLS_ANON },
+ { GNUTLS_KX_RSA, GNUTLS_X509PKI },
+ { GNUTLS_KX_DHE_DSS, GNUTLS_X509PKI },
+ { GNUTLS_KX_DHE_RSA, GNUTLS_X509PKI },
+ { GNUTLS_KX_DH_DSS, GNUTLS_X509PKI },
+ { GNUTLS_KX_DH_RSA, GNUTLS_X509PKI },
+ { GNUTLS_KX_SRP, GNUTLS_SRP },
+ { 0 }
+};
+
+#define GNUTLS_KX_MAP_LOOP(b) \
+ const gnutls_cred_map *p; \
+ for(p = cred_mappings; p->type != 0; p++) { b ; }
+
+#define GNUTLS_KX_MAP_ALG_LOOP(a) \
+ GNUTLS_KX_MAP_LOOP( if(p->type == type) { a; break; })
+
/* TLS Versions */
typedef struct {
return ret;
}
+/* Type to KX mappings */
+KXAlgorithm _gnutls_map_kx_get_kx(CredType type)
+{
+ KXAlgorithm ret = -1;
+
+ GNUTLS_KX_MAP_ALG_LOOP(ret = p->algorithm);
+ return ret;
+}
+
+CredType _gnutls_map_kx_get_cred(KXAlgorithm algorithm)
+{
+ CredType ret = -1;
+ GNUTLS_KX_MAP_LOOP(if (p->algorithm==algorithm) ret = p->type);
+
+ return ret;
+}
+
/* Cipher Suite's functions */
BulkCipherAlgorithm
int _gnutls_compression_get_num(CompressionMethod algorithm);
CompressionMethod _gnutls_compression_get_id(int num);
char *_gnutls_compression_get_name(CompressionMethod algorithm);
+
+/* Type to KX mappings */
+KXAlgorithm _gnutls_map_kx_get_kx(CredType type);
+CredType _gnutls_map_kx_get_cred(KXAlgorithm algorithm);
#include "gnutls_int.h"
#include "gnutls_errors.h"
#include "gnutls_auth.h"
+#include "gnutls_auth_int.h"
+#include "gnutls_algorithms.h"
#include "auth_anon.h"
/* The functions here are used in order for authentication algorithms
* { algorithm, credentials, pointer to next }
*/
/**
- * gnutls_set_kx_cred - Sets the needed credentials for the specified (in kx) authentication algorithm.
+ * gnutls_set_cred - Sets the needed credentials for the specified authentication algorithm.
* @state: is a &GNUTLS_STATE structure.
- * @kx: is a key exchange algorithm
+ * @type: is the type of the credentials
* @cred: is a pointer to a structure.
*
- * Sets the needed credentials for the specified (in kx) authentication
- * algorithm. Eg username, password - or public and private keys etc.
+ * Sets the needed credentials for the specified type.
+ * Eg username, password - or public and private keys etc.
* The (void* cred) parameter is a structure that depends on the
- * specified kx algorithm and on the current state (client or server).
+ * specified type and on the current state (client or server).
* [ In order to minimize memory usage, and share credentials between
* several threads gnutls keeps a pointer to cred, and not the whole cred
* structure. Thus you will have to keep the structure allocated until
* you call gnutls_deinit(). ]
*
- * For %GNUTLS_KX_DH_ANON cred should be NULL in case of a client.
- * In case of a server it should be &DH_ANON_SERVER_CREDENTIALS.
+ * For %GNUTLS_ANON cred should be NULL in case of a client.
+ * In case of a server it should be &ANON_SERVER_CREDENTIALS.
*
- * For %GNUTLS_KX_SRP cred should be &SRP_CLIENT_CREDENTIALS
+ * For %GNUTLS_SRP cred should be &SRP_CLIENT_CREDENTIALS
* in case of a client, and &SRP_SERVER_CREDENTIALS, in case
* of a server.
**/
-int gnutls_set_kx_cred( GNUTLS_STATE state, KXAlgorithm kx, void* cred) {
+int gnutls_set_cred( GNUTLS_STATE state, CredType type, void* cred) {
AUTH_CRED * ccred, *pcred;
int exists=0;
state->gnutls_key->cred->credentials = cred;
state->gnutls_key->cred->next = NULL;
- state->gnutls_key->cred->algorithm = kx;
+ state->gnutls_key->cred->algorithm = type;
} else {
ccred = state->gnutls_key->cred;
while(ccred!=NULL) {
- if (ccred->algorithm==kx) {
+ if (ccred->algorithm==type) {
exists=1;
break;
}
ccred->credentials = cred;
ccred->next = NULL;
- ccred->algorithm = kx;
+ ccred->algorithm = type;
} else { /* modify existing entry */
gnutls_free(ccred->credentials);
ccred->credentials = cred;
* This returns an pointer to the linked list. Don't
* free that!!!
*/
-void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx, int *err) {
+const void *_gnutls_get_kx_cred( GNUTLS_KEY key, KXAlgorithm algo, int *err) {
+ return _gnutls_get_cred( key, _gnutls_map_kx_get_cred(algo), err);
+}
+const void *_gnutls_get_cred( GNUTLS_KEY key, CredType type, int *err) {
AUTH_CRED * ccred;
ccred = key->cred;
while(ccred!=NULL) {
- if (ccred->algorithm==kx) {
+ if (ccred->algorithm==type) {
break;
}
ccred = ccred->next;
int gnutls_clear_creds( GNUTLS_STATE state);
-int gnutls_set_kx_cred( GNUTLS_STATE state, KXAlgorithm kx, void* cred);
-const void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx, int* err);
+int gnutls_set_cred( GNUTLS_STATE state, CredType type, void* cred);
+const void *_gnutls_get_cred( GNUTLS_KEY key, CredType kx, int* err);
+const void *_gnutls_get_kx_cred( GNUTLS_KEY key, KXAlgorithm algo, int *err);
+
typedef enum BulkCipherAlgorithm { GNUTLS_NULL_CIPHER=1, GNUTLS_ARCFOUR, GNUTLS_3DES, GNUTLS_RIJNDAEL, GNUTLS_TWOFISH, GNUTLS_RIJNDAEL256 } BulkCipherAlgorithm;
typedef enum Extensions { GNUTLS_EXTENSION_SRP=7 } Extensions;
typedef enum KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DH_DSS, GNUTLS_KX_DH_RSA, GNUTLS_KX_DH_ANON, GNUTLS_KX_SRP } KXAlgorithm;
+typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType;
typedef enum CipherType { CIPHER_STREAM, CIPHER_BLOCK } CipherType;
typedef enum MACAlgorithm { GNUTLS_NULL_MAC=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm;
typedef enum CompressionMethod { GNUTLS_NULL_COMPRESSION=1, GNUTLS_ZLIB } CompressionMethod;
projects / thirdparty / gnutls.git / commitdiff
