diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2000-12-07 13:07:07 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2000-12-07 13:07:07 +0000 |
commit | bd0558dd84dceac4d2b6c821b4f8ed412a5d8a24 (patch) | |
tree | 558974c511c881ad8b543805c6355a36153384fe | |
parent | f926187b03b89113734cf7cac57e62b7ed8755a5 (diff) | |
download | gnutls-bd0558dd84dceac4d2b6c821b4f8ed412a5d8a24.tar.gz |
Added compression support (ZLIB)
-rw-r--r-- | .cvsignore | 2 | ||||
-rw-r--r-- | configure.in | 4 | ||||
-rw-r--r-- | lib/Makefile.am | 5 | ||||
-rw-r--r-- | lib/gnutls.c | 7 | ||||
-rw-r--r-- | lib/gnutls.h | 3 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 156 | ||||
-rw-r--r-- | lib/gnutls_algorithms.h | 7 | ||||
-rw-r--r-- | lib/gnutls_cipher.c | 25 | ||||
-rw-r--r-- | lib/gnutls_compress.c | 51 | ||||
-rw-r--r-- | lib/gnutls_errors.c | 7 | ||||
-rw-r--r-- | lib/gnutls_errors.h | 1 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 22 | ||||
-rw-r--r-- | lib/gnutls_int.h | 14 | ||||
-rw-r--r-- | lib/gnutls_priority.c | 21 | ||||
-rw-r--r-- | src/cli.c | 2 | ||||
-rw-r--r-- | src/port.h | 2 | ||||
-rw-r--r-- | src/serv.c | 1 |
17 files changed, 233 insertions, 97 deletions
diff --git a/.cvsignore b/.cvsignore index 9ff1aadbc4..baf65d7691 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,7 +1,7 @@ Makefile aclocal.m4 config.status -gnutls-0.0.1.tar.gz +gnutls*.tar.gz ltmain.sh configure libtool diff --git a/configure.in b/configure.in index 95d3154c68..aceeb29d22 100644 --- a/configure.in +++ b/configure.in @@ -98,11 +98,13 @@ fi AC_HEADER_STDC AC_CHECK_HEADERS(unistd.h pwd.h locale.h strings.h stdarg.h) AC_CHECK_HEADERS(sys/stat.h sys/types.h fcntl.h sys/wait.h) -AC_CHECK_HEADERS(utime.h signal.h) +AC_CHECK_HEADERS(utime.h signal.h zlib.h) AC_CHECK_HEADERS(termios.h termio.h sgtty.h) AC_CHECK_FUNCS(bzero signal sigaction memset fcntl fsync siglongjmp,,) AC_CHECK_FUNCS(lstat stat umask utime memmove bcopy getpwuid waitpid,,) +AC_CHECK_LIB(z, compress) + dnl Checks for libraries. AC_C_BIGENDIAN AC_TYPE_SIGNAL diff --git a/lib/Makefile.am b/lib/Makefile.am index 7b13218908..315fd57d16 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -3,10 +3,11 @@ EXTRA_DIST = debug.h gnutls_compress.h defines.h gnutls_plaintext.h \ gnutls_cipher.h gnutls_buffers.h gnutls_errors.h gnutls_int.h \ gnutls_handshake.h gnutls_num.h gnutls_algorithms.h gnutls_dh.h \ gnutls_kx.h gnutls_hash_int.h gnutls_cipher_int.h gnutls_der.h \ - gnutls_cert.lex + gnutls_cert.lex gnutls_compress_int.h lib_LTLIBRARIES = libgnutls.la libgnutls_la_SOURCES = gnutls.c gnutls_compress.c debug.c gnutls_plaintext.c \ gnutls_cipher.c gnutls_buffers.c gnutls_handshake.c gnutls_num.c \ gnutls_errors.c gnutls_algorithms.c gnutls_dh.c gnutls_kx.c \ - gnutls_priority.c gnutls_hash_int.c gnutls_cipher_int.c gnutls_der.c + gnutls_priority.c gnutls_hash_int.c gnutls_cipher_int.c gnutls_der.c \ + gnutls_compress_int.c libgnutls_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) diff --git a/lib/gnutls.c b/lib/gnutls.c index ee4f5e82f6..e4e6e804f5 100644 --- a/lib/gnutls.c +++ b/lib/gnutls.c @@ -61,7 +61,7 @@ int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end) /* Set the defaults (only to remind me that they should be allocated ) */ (*state)->security_parameters.bulk_cipher_algorithm = GNUTLS_NULL; (*state)->security_parameters.mac_algorithm = GNUTLS_MAC_NULL; - (*state)->security_parameters.compression_algorithm = COMPRESSION_NULL; + (*state)->security_parameters.compression_algorithm = GNUTLS_COMPRESSION_NULL; (*state)->connection_state.read_compression_state = NULL; (*state)->connection_state.read_mac_secret = NULL; @@ -101,7 +101,10 @@ int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end) (*state)->gnutls_internals.BulkCipherAlgorithmPriority.algorithm_priority=NULL; (*state)->gnutls_internals.BulkCipherAlgorithmPriority.algorithms=0; - + + (*state)->gnutls_internals.CompressionMethodPriority.algorithm_priority=NULL; + (*state)->gnutls_internals.CompressionMethodPriority.algorithms=0; + return 0; } diff --git a/lib/gnutls.h b/lib/gnutls.h index 92233502aa..2144437b9c 100644 --- a/lib/gnutls.h +++ b/lib/gnutls.h @@ -26,7 +26,7 @@ enum KXAlgorithm { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_K typedef enum KXAlgorithm KXAlgorithm; enum MACAlgorithm { GNUTLS_MAC_NULL, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA }; typedef enum MACAlgorithm MACAlgorithm; -enum CompressionMethod { COMPRESSION_NULL }; +enum CompressionMethod { GNUTLS_COMPRESSION_NULL, GNUTLS_ZLIB=224 }; typedef enum CompressionMethod CompressionMethod; enum ConnectionEnd { GNUTLS_SERVER, GNUTLS_CLIENT }; typedef enum ConnectionEnd ConnectionEnd; @@ -60,6 +60,7 @@ void gnutls_perror( int error); void gnutls_set_cipher_priority( GNUTLS_STATE state, int num, ...); void gnutls_set_kx_priority( GNUTLS_STATE state, int num, ...); void gnutls_set_mac_priority( GNUTLS_STATE state, int num, ...); +void gnutls_set_compression_priority( GNUTLS_STATE state, int num, ...); /* set our version - local is 0x00 for TLS 1.0 and SSL3 */ void gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version); diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index a7945be77f..e99f1ae7a3 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -105,8 +105,32 @@ static gnutls_hash_entry hash_algorithms[] = { GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } ) +/* Compression Section */ +#define GNUTLS_COMPRESSION_ENTRY(name) \ + { #name, name } +struct gnutls_compression_entry { + char *name; + CompressionMethod id; +}; + +typedef struct gnutls_compression_entry gnutls_compression_entry; +static gnutls_compression_entry compression_algorithms[] = { + GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMPRESSION_NULL), +//#ifdef HAVE_LIBZ + GNUTLS_COMPRESSION_ENTRY(GNUTLS_ZLIB), +//#endif + {0} +}; +#define GNUTLS_COMPRESSION_LOOP(b) \ + gnutls_compression_entry *p; \ + for(p = compression_algorithms; p->name != NULL; p++) { b ; } +#define GNUTLS_COMPRESSION_ALG_LOOP(a) \ + GNUTLS_COMPRESSION_LOOP( if(p->id == algorithm) { a; break; } ) + + +/* Key Exchange Section */ #define GNUTLS_KX_ALGO_ENTRY(name, server_cert, server_kx, client_cert, RSA_premaster, DH_public_value) \ { #name, name, server_cert, server_kx, client_cert, RSA_premaster, DH_public_value } @@ -141,8 +165,8 @@ static gnutls_kx_algo_entry kx_algorithms[] = { /* Cipher SUITES */ -#define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm) \ - { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm } +#define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, compression_algorithm) \ + { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, compression_algorithm } typedef struct { char *name; @@ -150,6 +174,7 @@ typedef struct { BulkCipherAlgorithm block_algorithm; KXAlgorithm kx_algorithm; MACAlgorithm mac_algorithm; + CompressionMethod compression_algorithm; } gnutls_cipher_suite_entry; #define GNUTLS_DH_anon_WITH_3DES_EDE_CBC_SHA { 0x00, 0x1B } @@ -177,21 +202,21 @@ typedef struct { static gnutls_cipher_suite_entry cs_algorithms[] = { - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_anon_WITH_ARCFOUR_MD5, GNUTLS_ARCFOUR, GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_anon_WITH_3DES_EDE_CBC_SHA, GNUTLS_3DES, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA), - GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, GNUTLS_3DES, GNUTLS_KX_DH_DSS, GNUTLS_MAC_SHA), - GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, GNUTLS_3DES, GNUTLS_KX_DH_RSA, GNUTLS_MAC_SHA), - GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,GNUTLS_3DES, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA), - GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,GNUTLS_3DES, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA), - GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_RSA_WITH_ARCFOUR_SHA, GNUTLS_ARCFOUR, GNUTLS_KX_RSA, GNUTLS_MAC_SHA), - GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_RSA_WITH_ARCFOUR_MD5, GNUTLS_ARCFOUR, GNUTLS_KX_RSA, GNUTLS_MAC_MD5), - GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_RSA_WITH_3DES_EDE_CBC_SHA, GNUTLS_3DES, GNUTLS_KX_RSA, GNUTLS_MAC_SHA), - GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_RSA_WITH_RIJNDAEL_128_CBC_SHA, GNUTLS_RIJNDAEL, GNUTLS_KX_RSA, GNUTLS_MAC_SHA), - GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DH_DSS_WITH_RIJNDAEL_128_CBC_SHA, GNUTLS_RIJNDAEL, GNUTLS_KX_DH_DSS, GNUTLS_MAC_SHA), - GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DH_RSA_WITH_RIJNDAEL_128_CBC_SHA, GNUTLS_RIJNDAEL, GNUTLS_KX_DH_RSA, GNUTLS_MAC_SHA), - GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DHE_DSS_WITH_RIJNDAEL_128_CBC_SHA, GNUTLS_RIJNDAEL, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA), - GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DHE_RSA_WITH_RIJNDAEL_128_CBC_SHA, GNUTLS_RIJNDAEL, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_anon_WITH_RIJNDAEL_SHA, GNUTLS_RIJNDAEL, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_anon_WITH_ARCFOUR_MD5, GNUTLS_ARCFOUR, GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_anon_WITH_3DES_EDE_CBC_SHA, GNUTLS_3DES, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, GNUTLS_3DES, GNUTLS_KX_DH_DSS, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, GNUTLS_3DES, GNUTLS_KX_DH_RSA, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,GNUTLS_3DES, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,GNUTLS_3DES, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_RSA_WITH_ARCFOUR_SHA, GNUTLS_ARCFOUR, GNUTLS_KX_RSA, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_RSA_WITH_ARCFOUR_MD5, GNUTLS_ARCFOUR, GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_RSA_WITH_3DES_EDE_CBC_SHA, GNUTLS_3DES, GNUTLS_KX_RSA, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_RSA_WITH_RIJNDAEL_128_CBC_SHA, GNUTLS_RIJNDAEL, GNUTLS_KX_RSA, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DH_DSS_WITH_RIJNDAEL_128_CBC_SHA, GNUTLS_RIJNDAEL, GNUTLS_KX_DH_DSS, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DH_RSA_WITH_RIJNDAEL_128_CBC_SHA, GNUTLS_RIJNDAEL, GNUTLS_KX_DH_RSA, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DHE_DSS_WITH_RIJNDAEL_128_CBC_SHA, GNUTLS_RIJNDAEL, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY( GNUTLS_DHE_RSA_WITH_RIJNDAEL_128_CBC_SHA, GNUTLS_RIJNDAEL, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DH_anon_WITH_RIJNDAEL_SHA, GNUTLS_RIJNDAEL, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA, GNUTLS_COMPRESSION_NULL), {0} }; @@ -207,7 +232,7 @@ static gnutls_cipher_suite_entry cs_algorithms[] = { /* Generic Functions */ /* this function makes the whole string lowercase */ -void tolow(char *str, int size) +void _gnutls_tolow(char *str, int size) { int i; @@ -234,7 +259,6 @@ int _gnutls_mac_priority(GNUTLS_STATE state, MACAlgorithm algorithm) /* actually return -1; } - char *_gnutls_mac_get_name(MACAlgorithm algorithm) { char *ret = NULL; @@ -246,7 +270,7 @@ char *_gnutls_mac_get_name(MACAlgorithm algorithm) if (ret != NULL) { - tolow(ret, strlen(ret)); + _gnutls_tolow(ret, strlen(ret)); pointerTo_ = strchr(ret, '_'); while (pointerTo_ != NULL) { @@ -286,6 +310,67 @@ int _gnutls_mac_is_ok(MACAlgorithm algorithm) } +/* Compression Functions */ +int _gnutls_compression_priority(GNUTLS_STATE state, CompressionMethod algorithm) /* actually returns the priority */ +{ + int i, num = state->gnutls_internals.CompressionMethodPriority.algorithms; + for (i=0;i<num;i++) { + if (state->gnutls_internals.CompressionMethodPriority.algorithm_priority[i]==algorithm) return i; + } + return -1; +} + +char *_gnutls_compression_get_name(CompressionMethod algorithm) +{ + char *ret = NULL; + char *pointerTo_; + + /* avoid prefix */ + GNUTLS_COMPRESSION_ALG_LOOP(ret = + strdup(p->name + sizeof("GNUTLS_") - 1)); + + + if (ret != NULL) { + _gnutls_tolow(ret, strlen(ret)); + pointerTo_ = strchr(ret, '_'); + + while (pointerTo_ != NULL) { + *pointerTo_ = '-'; + pointerTo_ = strchr(ret, '_'); + } + } + return ret; +} + +int _gnutls_compression_count() +{ + uint8 i, counter = 0; + char *y; + + for (i = 0; i < 255; i++) { + y = _gnutls_compression_get_name(i); + + if (y != NULL) { + free(y); + counter++; + } + } + return counter; +} + +int _gnutls_compression_is_ok(CompressionMethod algorithm) +{ + char *y = _gnutls_compression_get_name(algorithm); + + if (y != NULL) { + free(y); + return 0; + } else { + return 1; + } + +} + /* CIPHER functions */ @@ -343,7 +428,7 @@ char *_gnutls_cipher_get_name(BulkCipherAlgorithm algorithm) if (ret != NULL) { - tolow(ret, strlen(ret)); + _gnutls_tolow(ret, strlen(ret)); pointerTo_ = strchr(ret, '_'); while (pointerTo_ != NULL) { @@ -446,7 +531,7 @@ char *_gnutls_kx_get_name(KXAlgorithm algorithm) if (ret != NULL) { - tolow(ret, strlen(ret)); + _gnutls_tolow(ret, strlen(ret)); pointerTo_ = strchr(ret, '_'); while (pointerTo_ != NULL) { @@ -530,6 +615,14 @@ MACAlgorithm _gnutls_cipher_suite_get_mac_algo(const GNUTLS_CipherSuite suite) } +CompressionMethod _gnutls_cipher_suite_get_compression_algo(const GNUTLS_CipherSuite suite) +{ + size_t ret = 0; + GNUTLS_CIPHER_SUITE_ALG_LOOP(ret = p->compression_algorithm); + return ret; + +} + char *_gnutls_cipher_suite_get_name(GNUTLS_CipherSuite suite) { char *ret = NULL; @@ -542,7 +635,7 @@ char *_gnutls_cipher_suite_get_name(GNUTLS_CipherSuite suite) if (ret != NULL) { - tolow(ret, strlen(ret)); + _gnutls_tolow(ret, strlen(ret)); pointerTo_ = strchr(ret, '_'); while (pointerTo_ != NULL) { @@ -698,7 +791,7 @@ int _gnutls_supported_ciphersuites(GNUTLS_STATE state, GNUTLS_CipherSuite ** cip /* then sort using block algorithm's priorities */ bsort(state, tmp_ciphers, count, sizeof(GNUTLS_CipherSuite), _gnutls_compare_cipher_algo); -/* Last try KX algorithms priority */ +/* Last try KX algorithms priority (highest) */ bsort(state, tmp_ciphers, count, sizeof(GNUTLS_CipherSuite), _gnutls_compare_kx_algo); for (i = 0; i < count; i++) { @@ -709,7 +802,6 @@ int _gnutls_supported_ciphersuites(GNUTLS_STATE state, GNUTLS_CipherSuite ** cip (*ciphers)[j].CipherSuite[0] = tmp_ciphers[i].CipherSuite[0]; (*ciphers)[j].CipherSuite[1] = tmp_ciphers[i].CipherSuite[1]; -/* fprintf(stderr, "%d: %s\n", j, _gnutls_cipher_suite_get_name((*ciphers)[j])); */ j++; } ret_count=j; @@ -728,17 +820,17 @@ int _gnutls_supported_ciphersuites(GNUTLS_STATE state, GNUTLS_CipherSuite ** cip return ret_count; } -/* For compression - FIXME!!! */ -#define SUPPORTED_COMPRESSION_METHODS 1 +/* For compression */ +#define SUPPORTED_COMPRESSION_METHODS state->gnutls_internals.CompressionMethodPriority.algorithms int _gnutls_supported_compression_methods(GNUTLS_STATE state, CompressionMethod ** comp) { - +int i; *comp = - gnutls_malloc(SUPPORTED_COMPRESSION_METHODS * - sizeof(CompressionMethod)); + gnutls_malloc(SUPPORTED_COMPRESSION_METHODS * 1); -/* NULL Compression */ - (*comp)[0] = COMPRESSION_NULL; + for (i=0;i<SUPPORTED_COMPRESSION_METHODS;i++) { + (*comp)[i] = state->gnutls_internals.CompressionMethodPriority.algorithm_priority[i]; + } return SUPPORTED_COMPRESSION_METHODS; } diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h index 376d0eb648..ef92030557 100644 --- a/lib/gnutls_algorithms.h +++ b/lib/gnutls_algorithms.h @@ -18,6 +18,7 @@ char* _gnutls_cipher_suite_get_name(GNUTLS_CipherSuite algorithm); BulkCipherAlgorithm _gnutls_cipher_suite_get_cipher_algo(const GNUTLS_CipherSuite algorithm); KXAlgorithm _gnutls_cipher_suite_get_kx_algo(const GNUTLS_CipherSuite algorithm); MACAlgorithm _gnutls_cipher_suite_get_mac_algo(const GNUTLS_CipherSuite algorithm); +CompressionMethod _gnutls_cipher_suite_get_compression_algo(const GNUTLS_CipherSuite suite); GNUTLS_CipherSuite _gnutls_cipher_suite_get_suite_name(GNUTLS_CipherSuite algorithm); /* functions for ciphers */ @@ -40,3 +41,9 @@ int _gnutls_kx_DH_public_value(KXAlgorithm algorithm); char *_gnutls_kx_get_name(KXAlgorithm algorithm); int _gnutls_kx_is_ok(KXAlgorithm algorithm); int _gnutls_kx_count(); + +/* functions for compression */ +int _gnutls_compression_priority(GNUTLS_STATE state, CompressionMethod algorithm); +int _gnutls_compression_is_ok(CompressionMethod algorithm); +int _gnutls_compression_count(); +char *_gnutls_compression_get_name(CompressionMethod algorithm); diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 7f856c77da..97c4872b06 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -159,11 +159,9 @@ int _gnutls_set_cipher(GNUTLS_STATE state, BulkCipherAlgorithm algo) int _gnutls_set_compression(GNUTLS_STATE state, CompressionMethod algo) { - switch (algo) { - case COMPRESSION_NULL: - break; - - default: + if (_gnutls_compression_is_ok(algo)==0) { + state->security_parameters.compression_algorithm = algo; + } else { gnutls_assert(); return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } @@ -221,14 +219,17 @@ int _gnutls_connection_state_init(GNUTLS_STATE state) if (rc < 0) return rc; + rc = + _gnutls_set_compression(state, + state->gnutls_internals.compression_method); + if (rc < 0) + return rc; + /* Setup the keys since we have the master secret */ _gnutls_set_keys(state); -/* FIXME: Compression is not implemented (no compression algorithms used) - */ - #ifdef DEBUG fprintf(stderr, "Cipher Suite: %s\n", _gnutls_cipher_suite_get_name(state-> @@ -239,7 +240,7 @@ int _gnutls_connection_state_init(GNUTLS_STATE state) fprintf(stderr, "MAC: %s\n", _gnutls_mac_get_name(state->security_parameters. mac_algorithm)); - fprintf(stderr, "Compression: %s\n", "null"); + fprintf(stderr, "Compression: %s\n", _gnutls_compression_get_name(state->security_parameters.compression_algorithm)); #endif gnutls_free(state->connection_state.write_mac_secret); @@ -256,12 +257,10 @@ int _gnutls_connection_state_init(GNUTLS_STATE state) gnutls_free(state->connection_state.read_compression_state); gnutls_free(state->connection_state.write_compression_state); - switch (state->security_parameters.compression_algorithm) { - case COMPRESSION_NULL: + if (_gnutls_compression_is_ok(state->security_parameters.compression_algorithm) == 0) { state->connection_state.read_compression_state = NULL; state->connection_state.write_compression_state = NULL; - break; - default: + } else { gnutls_assert(); return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c index 971dcfc329..806f3ff3ea 100644 --- a/lib/gnutls_compress.c +++ b/lib/gnutls_compress.c @@ -22,6 +22,7 @@ #include "gnutls_int.h" #include "gnutls_compress.h" #include "gnutls_errors.h" +#include "gnutls_compress_int.h" int _gnutls_TLSPlaintext2TLSCompressed(GNUTLS_STATE state, GNUTLSCompressed ** @@ -29,27 +30,26 @@ int _gnutls_TLSPlaintext2TLSCompressed(GNUTLS_STATE state, GNUTLSPlaintext * plaintext) { + int size; GNUTLSCompressed *compressed; - + char *data; + *compress = gnutls_malloc(sizeof(GNUTLSCompressed)); compressed = *compress; - switch (state->security_parameters.compression_algorithm) { - case COMPRESSION_NULL: - - compressed->fragment = gnutls_malloc(plaintext->length); - - memmove(compressed->fragment, plaintext->fragment, - plaintext->length); - compressed->length = plaintext->length; - compressed->type = plaintext->type; - compressed->version.major = plaintext->version.major; - compressed->version.minor = plaintext->version.minor; - break; - default: + data=NULL; + + size = gnutls_compress( state->security_parameters.compression_algorithm, plaintext->fragment, plaintext->length, &data); + if (size < 0) { + if (data!=NULL) gnutls_free(data); gnutls_free(*compress); return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } + compressed->fragment = data; + compressed->length = size; + compressed->type = plaintext->type; + compressed->version.major = plaintext->version.major; + compressed->version.minor = plaintext->version.minor; return 0; } @@ -61,24 +61,25 @@ int _gnutls_TLSCompressed2TLSPlaintext(GNUTLS_STATE state, compressed) { GNUTLSPlaintext *plaintext; + int size; + char* data; *plain = gnutls_malloc(sizeof(GNUTLSPlaintext)); plaintext = *plain; + + data=NULL; - switch (state->security_parameters.compression_algorithm) { - case COMPRESSION_NULL: - plaintext->fragment = gnutls_malloc(compressed->length); - memmove(plaintext->fragment, compressed->fragment, - compressed->length); - plaintext->length = compressed->length; - plaintext->type = compressed->type; - plaintext->version.major = compressed->version.major; - plaintext->version.minor = compressed->version.minor; - break; - default: + size = gnutls_decompress( state->security_parameters.compression_algorithm, compressed->fragment, compressed->length, &data); + if (size < 0) { + if (data!=NULL) gnutls_free(data); gnutls_free(*plain); return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } + plaintext->fragment = data; + plaintext->length = size; + plaintext->type = compressed->type; + plaintext->version.major = compressed->version.major; + plaintext->version.minor = compressed->version.minor; return 0; } diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index c7299aedcc..bf5ff3c656 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -21,7 +21,7 @@ #include "defines.h" #include "gnutls_errors.h" -void tolow(char *str, int size); +void _gnutls_tolow(char *str, int size); #define GNUTLS_ERROR_ENTRY(name, fatal) \ { #name, name, fatal } @@ -59,6 +59,7 @@ static gnutls_error_entry error_algorithms[] = { GNUTLS_ERROR_ENTRY( GNUTLS_E_MPI_SCAN_FAILED, 1), GNUTLS_ERROR_ENTRY( GNUTLS_E_DECRYPTION_FAILED, 1), GNUTLS_ERROR_ENTRY( GNUTLS_E_DECOMPRESSION_FAILED, 1), + GNUTLS_ERROR_ENTRY( GNUTLS_E_COMPRESSION_FAILED, 1), GNUTLS_ERROR_ENTRY( GNUTLS_E_MEMORY_ERROR, 1), GNUTLS_ERROR_ENTRY( GNUTLS_E_UNIMPLEMENTED_FEATURE, 1), {0} @@ -91,7 +92,7 @@ void gnutls_perror(int error) if (ret != NULL) { - tolow(ret, strlen(ret)); + _gnutls_tolow(ret, strlen(ret)); pointerTo_ = strchr(ret, '_'); while (pointerTo_ != NULL) { @@ -115,7 +116,7 @@ char* gnutls_strerror(int error) if (ret != NULL) { - tolow(ret, strlen(ret)); + _gnutls_tolow(ret, strlen(ret)); pointerTo_ = strchr(ret, '_'); while (pointerTo_ != NULL) { diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h index c3909ca1be..a010cacb4e 100644 --- a/lib/gnutls_errors.h +++ b/lib/gnutls_errors.h @@ -26,6 +26,7 @@ #define GNUTLS_E_DECRYPTION_FAILED -24 #define GNUTLS_E_MEMORY_ERROR -25 #define GNUTLS_E_DECOMPRESSION_FAILED -26 +#define GNUTLS_E_COMPRESSION_FAILED -27 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -50 diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 329b4e47f1..0e263910dc 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -147,8 +147,6 @@ int _gnutls_send_finished(int cd, GNUTLS_STATE state) data_size=12; } -fprintf(stderr, "Finished: %s\n", _gnutls_bin2hex(data, data_size)); - ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_FINISHED); gnutls_free(data); @@ -243,27 +241,29 @@ static int SelectSuite(GNUTLS_STATE state, opaque ret[2], char *data, int datale } /* This selects the best supported compression method from the ones provided */ -static int SelectCompMethod(GNUTLS_STATE state, CompressionMethod * ret, char *data, int datalen) +static int SelectCompMethod(GNUTLS_STATE state, CompressionMethod * ret, opaque *data, int datalen) { int x, i, j; CompressionMethod *ciphers; x = _gnutls_supported_compression_methods(state, &ciphers); memset(ret, '\0', sizeof(CompressionMethod)); -fprintf(stderr, "datalen: %d\n",datalen); +fprintf(stderr, "datalen: %d\n", datalen); for (j = 0; j < datalen; j++) { for (i = 0; i < x; i++) { - fprintf(stderr, "cipher[%d] = %u\n", i, ciphers[i]); - fprintf(stderr, "data[%d] = %u\n", j, data[j]); - if (memcmp(&ciphers[i], &data[j], 1) == 0) { - memmove(ret, &ciphers[i], 1); + fprintf(stderr, "cipher[%d] = %d\n", i, (int)ciphers[i]); + fprintf(stderr, "data[%d] = %d\n", j, (int)data[j]); + if ( ciphers[i] == data[j]) { + *ret = ciphers[i]; gnutls_free(ciphers); return 0; } } } - + /* we were not able to find a compatible compression + * algorithm + */ gnutls_free(ciphers); gnutls_assert(); return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; @@ -763,7 +763,9 @@ int _gnutls_recv_hello(int cd, GNUTLS_STATE state, char *data, int datalen, &data[pos], z); pos+=z; - if (ret<0) return ret; + if (ret < 0) { + return ret; + } } return ret; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 34313726b9..ca7623c765 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -2,7 +2,7 @@ #define GNUTLS_INT_H -#define HANDSHAKE_DEBUG +//#define HANDSHAKE_DEBUG //#define HARD_DEBUG //#define READ_DEBUG //#define WRITE_DEBUG @@ -19,14 +19,14 @@ #define gnutls_mpi_release mpi_release #define svoid void /* for functions that allocate using secure_free */ -#define secure_free(x) if (x!=NULL) free(x) +#define secure_free free #define secure_malloc malloc #define secure_realloc realloc #define secure_calloc calloc #define gnutls_malloc malloc #define gnutls_realloc realloc #define gnutls_calloc calloc -#define gnutls_free(x) if (x!=NULL) free(x) +#define gnutls_free free typedef struct { uint8 pint[3]; @@ -89,7 +89,7 @@ enum KeyExchangeAlgorithm { GNUTLS_RSA, GNUTLS_DIFFIE_HELLMAN }; enum CipherType { CIPHER_STREAM, CIPHER_BLOCK }; enum IsExportable { EXPORTABLE_TRUE, EXPORTABLE_FALSE }; enum MACAlgorithm { GNUTLS_MAC_NULL, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA }; -enum CompressionMethod { COMPRESSION_NULL }; +enum CompressionMethod { GNUTLS_COMPRESSION_NULL, GNUTLS_ZLIB=224 }; enum ValidSession { VALID_TRUE, VALID_FALSE }; enum ResumableSession { RESUME_TRUE, RESUME_FALSE }; @@ -176,6 +176,11 @@ typedef struct { } KXAlgorithm_Priority; typedef struct { + int* algorithm_priority; + int algorithms; +} CompressionMethod_Priority; + +typedef struct { char* buffer; uint32 bufferSize; char* hash_buffer; /* used in SSL3 */ @@ -198,6 +203,7 @@ typedef struct { BulkCipherAlgorithm_Priority BulkCipherAlgorithmPriority; MACAlgorithm_Priority MACAlgorithmPriority; KXAlgorithm_Priority KXAlgorithmPriority; + CompressionMethod_Priority CompressionMethodPriority; } GNUTLS_INTERNALS; typedef struct { diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 357a76a77e..07168591e6 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -81,4 +81,23 @@ void gnutls_set_mac_priority( GNUTLS_STATE state, int num, ...) { state->gnutls_internals.MACAlgorithmPriority.algorithm_priority[i] = _ap[i]; } va_end(ap); -}
\ No newline at end of file +} + +void gnutls_set_compression_priority( GNUTLS_STATE state, int num, ...) { + + va_list ap; + int i; + CompressionMethod *_ap; + + va_start( ap, num); + _ap = ap; + + if (state->gnutls_internals.CompressionMethodPriority.algorithm_priority!=NULL) + gnutls_free(state->gnutls_internals.CompressionMethodPriority.algorithm_priority); + state->gnutls_internals.CompressionMethodPriority.algorithm_priority = gnutls_malloc(sizeof(int*)*num); + state->gnutls_internals.CompressionMethodPriority.algorithms = num; + for (i=0;i<num;i++) { + state->gnutls_internals.CompressionMethodPriority.algorithm_priority[i] = _ap[i]; + } + va_end(ap); +} @@ -59,7 +59,7 @@ int main() gnutls_set_current_version( state, GNUTLS_TLS1); gnutls_set_cipher_priority( state, 2, GNUTLS_ARCFOUR, GNUTLS_3DES); -// gnutls_set_kx_priority( state, 1, GNUTLS_KX_ANON_DH); + gnutls_set_compression_priority( state, 2, GNUTLS_ZLIB, GNUTLS_COMPRESSION_NULL); gnutls_set_kx_priority( state, 3, GNUTLS_KX_ANON_DH, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA); gnutls_set_mac_priority( state, 2, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5); ret = gnutls_handshake(sd, state); diff --git a/src/port.h b/src/port.h index 003fa6f42e..5339ecc2d3 100644 --- a/src/port.h +++ b/src/port.h @@ -1,2 +1,2 @@ -#define PORT 5555 +#define PORT 5554 #define SERVER "127.0.0.1" diff --git a/src/serv.c b/src/serv.c index f8c75af954..64ba9bf171 100644 --- a/src/serv.c +++ b/src/serv.c @@ -64,6 +64,7 @@ int main() for (;;) { gnutls_init(&state, GNUTLS_SERVER); gnutls_set_cipher_priority( state, 1, GNUTLS_3DES); + gnutls_set_compression_priority( state, 2, GNUTLS_COMPRESSION_NULL, GNUTLS_ZLIB); gnutls_set_kx_priority( state, 1, GNUTLS_KX_ANON_DH); gnutls_set_mac_priority( state, 2, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5); sd = accept(listen_sd, (SA *) & sa_cli, &client_len); |