diff options
-rw-r--r-- | doc/API | 8 | ||||
-rw-r--r-- | lib/Makefile.am | 5 | ||||
-rw-r--r-- | lib/gnutls.c | 5 | ||||
-rw-r--r-- | lib/gnutls.h | 7 | ||||
-rw-r--r-- | lib/gnutls_auth.c | 107 | ||||
-rw-r--r-- | lib/gnutls_auth.h | 7 | ||||
-rw-r--r-- | lib/gnutls_auth_int.h | 4 | ||||
-rw-r--r-- | lib/gnutls_int.h | 1 |
8 files changed, 140 insertions, 4 deletions
@@ -93,6 +93,14 @@ void gnutls_set_cipher_priority( GNUTLS_STATE state, int num, ...); not use that except for disabling algorithms that were not specified. +int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred); + Sets the needed credentials for the specified (in kx) authentication + algorithm. Eg username, password - or public and private keys etc. + The (void* cred) parameter is a structure that depends on the + specified kx algorithm and on the current state (client or server). + + In GNUTLS_KX_ANON cred should be NULL. + void gnutls_set_kx_priority( GNUTLS_STATE state, int num, ...); like gnutls_set_cipher_priority, but for key exchange methods. diff --git a/lib/Makefile.am b/lib/Makefile.am index 8cd48903eb..f808633f39 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -4,12 +4,13 @@ EXTRA_DIST = debug.h gnutls_compress.h defines.h gnutls_plaintext.h \ gnutls_handshake.h gnutls_num.h gnutls_algorithms.h gnutls_dh.h \ gnutls_kx.h gnutls_hash_int.h gnutls_cipher_int.h gnutls_db.h \ gnutls_compress_int.h gnutls_session.h gnutls_priority.h gnutls_auth.h \ - auth_anon.h auth_dhe_dss.h gnutls_extensions.h ext_srp.h + auth_anon.h auth_dhe_dss.h gnutls_extensions.h ext_srp.h \ + gnutls_auth_int.h lib_LTLIBRARIES = libgnutls.la libgnutls_la_SOURCES = gnutls.c gnutls_compress.c debug.c gnutls_plaintext.c \ gnutls_cipher.c gnutls_buffers.c gnutls_handshake.c gnutls_num.c \ gnutls_errors.c gnutls_algorithms.c gnutls_dh.c gnutls_kx.c \ gnutls_priority.c gnutls_hash_int.c gnutls_cipher_int.c \ gnutls_compress_int.c gnutls_session.c gnutls_db.c cert_b64.c \ - auth_anon.c auth_dhe_dss.c gnutls_extensions.c ext_srp.c + auth_anon.c auth_dhe_dss.c gnutls_extensions.c ext_srp.c gnutls_auth.c libgnutls_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) diff --git a/lib/gnutls.c b/lib/gnutls.c index 5b4b2c6cdd..6f251482f8 100644 --- a/lib/gnutls.c +++ b/lib/gnutls.c @@ -32,6 +32,7 @@ #include "gnutls_priority.h" #include "gnutls_algorithms.h" #include "gnutls_db.h" +#include "gnutls_auth_int.h" #ifdef HAVE_ERRNO_H #include <errno.h> #endif @@ -98,6 +99,8 @@ int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end) (*state)->gnutls_internals.buffer_handshake = NULL; (*state)->gnutls_internals.resumable = RESUME_TRUE; + (*state)->gnutls_internals.cred = NULL; /* no credentials by default */ + gnutls_set_current_version ( (*state), GNUTLS_TLS1); /* default */ (*state)->gnutls_key = gnutls_malloc(sizeof(GNUTLS_KEY_A)); @@ -160,6 +163,8 @@ int gnutls_deinit(GNUTLS_STATE * state) gnutls_free((*state)->gnutls_internals.buffer); gnutls_free((*state)->gnutls_internals.buffer_handshake); + gnutls_clear_creds( *state); + if ((*state)->connection_state.read_cipher_state != NULL) gnutls_cipher_deinit((*state)->connection_state.read_cipher_state); if ((*state)->connection_state.write_cipher_state != NULL) diff --git a/lib/gnutls.h b/lib/gnutls.h index 85d47ebd43..e86d5ccab8 100644 --- a/lib/gnutls.h +++ b/lib/gnutls.h @@ -74,11 +74,14 @@ char* gnutls_strerror(int error); /* functions to set priority of cipher suites */ void gnutls_set_cipher_priority( GNUTLS_STATE state, int num, ...); -void gnutls_set_kx_priority( GNUTLS_STATE state, int num, ...); void gnutls_set_mac_priority( GNUTLS_STATE state, int num, ...); void gnutls_set_compression_priority( GNUTLS_STATE state, int num, ...); +void gnutls_set_kx_priority( GNUTLS_STATE state, int num, ...); + +/* cred is a structure defined by the kx algorithm */ +int gnutls_set_kx_cred( GNUTLS_STATE, int kx, void* cred); -/* set our version - local is 0x00 for TLS 1.0 and SSL3 */ +/* set our version - 0 for TLS 1.0 and 1 for SSL3 */ void gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version); /* get/set session */ diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c new file mode 100644 index 0000000000..9d99b88fa6 --- /dev/null +++ b/lib/gnutls_auth.c @@ -0,0 +1,107 @@ +/* + * Copyright (C) 2001 Nikos Mavroyanopoulos + * + * This file is part of GNUTLS. + * + * GNUTLS is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUTLS is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <defines.h> +#include "gnutls_int.h" +#include "gnutls_errors.h" +#include "gnutls_auth.h" + +/* The functions here are used in order for authentication algorithms + * to be able to retrieve the needed credentials eg public and private + * key etc. + */ + +/* This clears the whole linked list */ +int gnutls_clear_creds( GNUTLS_STATE state) { + AUTH_CRED * ccred, *ncred; + + if (state->gnutls_internals.cred!=NULL) { /* begining of the list */ + ccred = state->gnutls_internals.cred; + while(ccred!=NULL) { + ncred = ccred->next; + if (ccred!=NULL) gnutls_free(ccred); + ccred = ncred; + } + state->gnutls_internals.cred = NULL; + } + + return 0; +} + +/* + * This creates a linked list of the form: + * { algorithm, credentials, pointer to next } + */ +int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred) { + AUTH_CRED * ccred, *pcred; + int exists=0; + + if (state->gnutls_internals.cred==NULL) { /* begining of the list */ + + state->gnutls_internals.cred = gnutls_malloc(sizeof(AUTH_CRED)); + if (state->gnutls_internals.cred == NULL) return GNUTLS_E_MEMORY_ERROR; + + state->gnutls_internals.cred->credentials = cred; + state->gnutls_internals.cred->next = NULL; + state->gnutls_internals.cred->algorithm = kx; + } else { + ccred = state->gnutls_internals.cred; + while(ccred!=NULL) { + if (ccred->algorithm==kx) { + exists=1; + break; + } + pcred = ccred; + ccred = ccred->next; + } + + if (exists==0) { /* new entry */ + pcred->next = gnutls_malloc(sizeof(AUTH_CRED)); + if (pcred->next == NULL) return GNUTLS_E_MEMORY_ERROR; + + ccred = pcred->next; + ccred->credentials = cred; + ccred->next = NULL; + ccred->algorithm = kx; + } else { /* modify existing entry */ + ccred->credentials = cred; + } + } + + return 0; +} + +/* + * This returns an item from the linked list + */ +AUTH_CRED *gnutls_get_kx_cred( GNUTLS_STATE state, int kx) { + AUTH_CRED * ccred; + + ccred = state->gnutls_internals.cred; + while(ccred!=NULL) { + if (ccred->algorithm==kx) { + break; + } + ccred = ccred->next; + } + if (ccred==NULL) return NULL; + + return ccred->credentials; +} diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h index daab0a5e42..cb8d00a90c 100644 --- a/lib/gnutls_auth.h +++ b/lib/gnutls_auth.h @@ -16,4 +16,11 @@ typedef struct { int (*gnutls_process_client_cert_vrfy) ( GNUTLS_KEY, opaque*, int); int (*gnutls_process_server_cert_vrfy) ( GNUTLS_KEY, opaque*, int); } MOD_AUTH_STRUCT; + +typedef struct { + KXAlgorithm algorithm; + void* credentials; + void* next; +} AUTH_CRED; + #endif diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h new file mode 100644 index 0000000000..db30f60caa --- /dev/null +++ b/lib/gnutls_auth_int.h @@ -0,0 +1,4 @@ +int gnutls_clear_creds( GNUTLS_STATE state); +int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, AUTH_CRED* cred); +AUTH_CRED *gnutls_get_kx_cred( GNUTLS_STATE state, int kx); + diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 84b5e1ad2b..a95e837bcc 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -240,6 +240,7 @@ typedef struct { char* db_name; int expire_time; MOD_AUTH_STRUCT* auth_struct; /* used in handshake packets and KX algorithms */ + AUTH_CRED* cred; } GNUTLS_INTERNALS; typedef struct { |