added support for setting authentication algorithms' credentials

8 files changed, 140 insertions, 4 deletions

diff --git a/doc/API b/doc/API
index aefd0298ab..3b7c1a0ad9 100644
--- a/doc/API
+++ b/doc/API
@@ -93,6 +93,14 @@ void gnutls_set_cipher_priority( GNUTLS_STATE state, int num, ...);
 	not use that except for disabling algorithms that were not
 	specified.
 
+int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred);
+	Sets the needed credentials for the specified (in kx) authentication
+	algorithm. Eg username, password - or public and private keys etc.
+	The (void* cred) parameter is a structure that depends on the
+	specified kx algorithm and on the current state (client or server).
+
+	In GNUTLS_KX_ANON cred should be NULL.
+
 void gnutls_set_kx_priority( GNUTLS_STATE state, int num, ...);
 	like gnutls_set_cipher_priority, but for key exchange methods.
 
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 8cd48903eb..f808633f39 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -4,12 +4,13 @@ EXTRA_DIST = debug.h gnutls_compress.h defines.h gnutls_plaintext.h \
 	gnutls_handshake.h gnutls_num.h gnutls_algorithms.h gnutls_dh.h \
 	gnutls_kx.h gnutls_hash_int.h gnutls_cipher_int.h gnutls_db.h \
 	gnutls_compress_int.h gnutls_session.h gnutls_priority.h gnutls_auth.h \
-	auth_anon.h auth_dhe_dss.h gnutls_extensions.h ext_srp.h
+	auth_anon.h auth_dhe_dss.h gnutls_extensions.h ext_srp.h \
+	gnutls_auth_int.h
 lib_LTLIBRARIES = libgnutls.la
 libgnutls_la_SOURCES = gnutls.c gnutls_compress.c debug.c gnutls_plaintext.c \
 	gnutls_cipher.c gnutls_buffers.c gnutls_handshake.c gnutls_num.c \
 	gnutls_errors.c gnutls_algorithms.c gnutls_dh.c gnutls_kx.c \
 	gnutls_priority.c gnutls_hash_int.c gnutls_cipher_int.c \
 	gnutls_compress_int.c gnutls_session.c gnutls_db.c cert_b64.c \
-	auth_anon.c auth_dhe_dss.c gnutls_extensions.c ext_srp.c
+	auth_anon.c auth_dhe_dss.c gnutls_extensions.c ext_srp.c gnutls_auth.c 
 libgnutls_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
diff --git a/lib/gnutls.c b/lib/gnutls.c
index 5b4b2c6cdd..6f251482f8 100644
--- a/lib/gnutls.c
+++ b/lib/gnutls.c
@@ -32,6 +32,7 @@
 #include "gnutls_priority.h"
 #include "gnutls_algorithms.h"
 #include "gnutls_db.h"
+#include "gnutls_auth_int.h"
 #ifdef HAVE_ERRNO_H
 #include <errno.h>
 #endif
@@ -98,6 +99,8 @@ int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end)
 	(*state)->gnutls_internals.buffer_handshake = NULL;
 	(*state)->gnutls_internals.resumable = RESUME_TRUE;
 
+	(*state)->gnutls_internals.cred = NULL; /* no credentials by default */
+
 	gnutls_set_current_version ( (*state), GNUTLS_TLS1); /* default */
 
 	(*state)->gnutls_key = gnutls_malloc(sizeof(GNUTLS_KEY_A));
@@ -160,6 +163,8 @@ int gnutls_deinit(GNUTLS_STATE * state)
 	gnutls_free((*state)->gnutls_internals.buffer);
 	gnutls_free((*state)->gnutls_internals.buffer_handshake);
 
+	gnutls_clear_creds( *state);
+
 	if ((*state)->connection_state.read_cipher_state != NULL)
 		gnutls_cipher_deinit((*state)->connection_state.read_cipher_state);
 	if ((*state)->connection_state.write_cipher_state != NULL)
diff --git a/lib/gnutls.h b/lib/gnutls.h
index 85d47ebd43..e86d5ccab8 100644
--- a/lib/gnutls.h
+++ b/lib/gnutls.h
@@ -74,11 +74,14 @@ char* gnutls_strerror(int error);
 
 /* functions to set priority of cipher suites */
 void gnutls_set_cipher_priority( GNUTLS_STATE state, int num, ...);
-void gnutls_set_kx_priority( GNUTLS_STATE state, int num, ...);
 void gnutls_set_mac_priority( GNUTLS_STATE state, int num, ...);
 void gnutls_set_compression_priority( GNUTLS_STATE state, int num, ...);
+void gnutls_set_kx_priority( GNUTLS_STATE state, int num, ...);
+
+/* cred is a structure defined by the kx algorithm */
+int gnutls_set_kx_cred( GNUTLS_STATE, int kx, void* cred);
 
-/* set our version - local is 0x00 for TLS 1.0 and SSL3 */
+/* set our version - 0 for TLS 1.0 and 1 for SSL3 */
 void gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version); 
 
 /* get/set session */
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
new file mode 100644
index 0000000000..9d99b88fa6
--- /dev/null
+++ b/lib/gnutls_auth.c
@@ -0,0 +1,107 @@
+/*
+ *      Copyright (C) 2001 Nikos Mavroyanopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <defines.h>
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include "gnutls_auth.h"
+
+/* The functions here are used in order for authentication algorithms
+ * to be able to retrieve the needed credentials eg public and private
+ * key etc.
+ */
+
+/* This clears the whole linked list */
+int gnutls_clear_creds( GNUTLS_STATE state) {
+	AUTH_CRED * ccred, *ncred;
+	
+	if (state->gnutls_internals.cred!=NULL) { /* begining of the list */
+		ccred = state->gnutls_internals.cred;
+		while(ccred!=NULL) {
+			ncred = ccred->next;
+			if (ccred!=NULL) gnutls_free(ccred);
+			ccred = ncred;
+		}
+		state->gnutls_internals.cred = NULL;
+	}
+
+	return 0;
+}
+
+/* 
+ * This creates a linked list of the form:
+ * { algorithm, credentials, pointer to next }
+ */
+int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred) {
+	AUTH_CRED * ccred, *pcred;
+	int exists=0;	
+	
+	if (state->gnutls_internals.cred==NULL) { /* begining of the list */
+		
+		state->gnutls_internals.cred = gnutls_malloc(sizeof(AUTH_CRED));
+		if (state->gnutls_internals.cred == NULL) return GNUTLS_E_MEMORY_ERROR;
+		
+		state->gnutls_internals.cred->credentials = cred;
+		state->gnutls_internals.cred->next = NULL;
+		state->gnutls_internals.cred->algorithm = kx;
+	} else {
+		ccred = state->gnutls_internals.cred;
+		while(ccred!=NULL) {
+			if (ccred->algorithm==kx) {
+				exists=1;
+				break;
+			}
+			pcred = ccred;
+			ccred = ccred->next;
+		}
+		
+		if (exists==0) { /* new entry */
+			pcred->next = gnutls_malloc(sizeof(AUTH_CRED));
+			if (pcred->next == NULL) return GNUTLS_E_MEMORY_ERROR;
+		
+			ccred = pcred->next;
+			ccred->credentials = cred;
+			ccred->next = NULL;
+			ccred->algorithm = kx;
+		} else { /* modify existing entry */
+			ccred->credentials = cred;
+		}
+	}
+
+	return 0;
+}
+
+/* 
+ * This returns an item from the linked list
+ */
+AUTH_CRED *gnutls_get_kx_cred( GNUTLS_STATE state, int kx) {
+	AUTH_CRED * ccred;
+	
+	ccred = state->gnutls_internals.cred;
+	while(ccred!=NULL) {
+		if (ccred->algorithm==kx) {
+			break;
+		}
+		ccred = ccred->next;
+	}
+	if (ccred==NULL) return NULL;
+			
+	return ccred->credentials;
+}
diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h
index daab0a5e42..cb8d00a90c 100644
--- a/lib/gnutls_auth.h
+++ b/lib/gnutls_auth.h
@@ -16,4 +16,11 @@ typedef struct {
 	int (*gnutls_process_client_cert_vrfy) ( GNUTLS_KEY, opaque*, int);
 	int (*gnutls_process_server_cert_vrfy) ( GNUTLS_KEY, opaque*, int);
 } MOD_AUTH_STRUCT;
+
+typedef struct {
+	KXAlgorithm algorithm;
+	void* credentials;
+	void* next;
+} AUTH_CRED;
+
 #endif
diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h
new file mode 100644
index 0000000000..db30f60caa
--- /dev/null
+++ b/lib/gnutls_auth_int.h
@@ -0,0 +1,4 @@
+int gnutls_clear_creds( GNUTLS_STATE state);
+int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, AUTH_CRED* cred);
+AUTH_CRED *gnutls_get_kx_cred( GNUTLS_STATE state, int kx);
+
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 84b5e1ad2b..a95e837bcc 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -240,6 +240,7 @@ typedef struct {
 	char*				db_name;
 	int				expire_time;
 	MOD_AUTH_STRUCT*		auth_struct; /* used in handshake packets and KX algorithms */
+	AUTH_CRED*			cred;
 } GNUTLS_INTERNALS;
 
 typedef struct {