diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-06-14 18:00:12 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-06-14 18:00:12 +0000 |
commit | a6faedd8a31bf97ef3c64286ef4230e2ed0ebaac (patch) | |
tree | 2707d156b396f20f7520fdf9cb4c85a0690170b9 | |
parent | e0ae420bf74ef6afc08735c0a5538f0a376b7bf3 (diff) | |
download | gnutls-a6faedd8a31bf97ef3c64286ef4230e2ed0ebaac.tar.gz |
better handling of set/get credentials.
-rw-r--r-- | lib/.cvsignore | 1 | ||||
-rw-r--r-- | lib/auth_anon.c | 24 | ||||
-rw-r--r-- | lib/auth_anon.h | 8 | ||||
-rw-r--r-- | lib/auth_srp.c | 8 | ||||
-rw-r--r-- | lib/auth_srp_passwd.c | 6 | ||||
-rw-r--r-- | lib/ext_srp.c | 2 | ||||
-rw-r--r-- | lib/gnutls.h.in | 13 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 42 | ||||
-rw-r--r-- | lib/gnutls_algorithms.h | 4 | ||||
-rw-r--r-- | lib/gnutls_auth.c | 33 | ||||
-rw-r--r-- | lib/gnutls_auth_int.h | 6 | ||||
-rw-r--r-- | lib/gnutls_int.h | 1 |
12 files changed, 102 insertions, 46 deletions
diff --git a/lib/.cvsignore b/lib/.cvsignore index 3bdc11d17e..b370f32c5c 100644 --- a/lib/.cvsignore +++ b/lib/.cvsignore @@ -12,3 +12,4 @@ Makefile *.bbg libgnutls-config gnutls.h +cert_ASN.c diff --git a/lib/auth_anon.c b/lib/auth_anon.c index 2af8ca6e29..315fc9980b 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -56,21 +56,21 @@ int gen_anon_server_kx( GNUTLS_KEY key, opaque** data) { uint8 *data_p; uint8 *data_g; uint8 *data_X; - DH_ANON_SERVER_CREDENTIALS * cred; + const ANON_SERVER_CREDENTIALS * cred; - cred = _gnutls_get_kx_cred( key, GNUTLS_KX_DH_ANON, NULL); + cred = _gnutls_get_cred( key, GNUTLS_ANON, NULL); if (cred==NULL) { bits = DEFAULT_BITS; /* default */ } else { - bits = cred->bits; + bits = cred->dh_bits; } g = gnutls_get_dh_params(&p, bits); - key->auth_info = gnutls_malloc(sizeof(DH_ANON_AUTH_INFO)); + key->auth_info = gnutls_malloc(sizeof(ANON_AUTH_INFO)); if (key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR; - ((DH_ANON_AUTH_INFO*)key->auth_info)->bits = gcry_mpi_get_nbits(p); - key->auth_info_size = sizeof(DH_ANON_AUTH_INFO); + ((ANON_AUTH_INFO*)key->auth_info)->dh_bits = gcry_mpi_get_nbits(p); + key->auth_info_size = sizeof(ANON_AUTH_INFO); X = gnutls_calc_dh_secret(&x, g, p); key->dh_secret = x; @@ -190,10 +190,10 @@ int proc_anon_server_kx( GNUTLS_KEY key, opaque* data, int data_size) { } /* set auth_info */ - key->auth_info = gnutls_malloc(sizeof(DH_ANON_AUTH_INFO)); + key->auth_info = gnutls_malloc(sizeof(ANON_AUTH_INFO)); if (key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR; - ((DH_ANON_AUTH_INFO*)key->auth_info)->bits = gcry_mpi_get_nbits(key->client_p); - key->auth_info_size = sizeof(DH_ANON_AUTH_INFO); + ((ANON_AUTH_INFO*)key->auth_info)->dh_bits = gcry_mpi_get_nbits(key->client_p); + key->auth_info_size = sizeof(ANON_AUTH_INFO); /* We should check signature in non-anonymous KX * this is anonymous however @@ -207,13 +207,13 @@ int proc_anon_client_kx( GNUTLS_KEY key, opaque* data, int data_size) { size_t _n_Y; MPI g, p; int bits; - DH_ANON_SERVER_CREDENTIALS * cred; + const ANON_SERVER_CREDENTIALS * cred; - cred = _gnutls_get_kx_cred( key, GNUTLS_KX_DH_ANON, NULL); + cred = _gnutls_get_cred( key, GNUTLS_ANON, NULL); if (cred==NULL) { bits = DEFAULT_BITS; /* default */ } else { - bits = cred->bits; + bits = cred->dh_bits; } #if 0 /* removed. I do not know why - maybe I didn't get the protocol, diff --git a/lib/auth_anon.h b/lib/auth_anon.h index 11c96913ef..c3b253d7e1 100644 --- a/lib/auth_anon.h +++ b/lib/auth_anon.h @@ -2,9 +2,9 @@ extern MOD_AUTH_STRUCT anon_auth_struct; typedef struct { - int bits; -} DH_ANON_SERVER_CREDENTIALS; + int dh_bits; +} ANON_SERVER_CREDENTIALS; typedef struct { - int bits; -} DH_ANON_AUTH_INFO; + int dh_bits; +} ANON_AUTH_INFO; diff --git a/lib/auth_srp.c b/lib/auth_srp.c index ba513f5e49..fe3e03fe16 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -189,8 +189,8 @@ int gen_srp_client_kx0(GNUTLS_KEY key, opaque ** data) uint8 *data_a; char *username; char *password; - SRP_CLIENT_CREDENTIALS *cred = - _gnutls_get_kx_cred(key, GNUTLS_KX_SRP, NULL); + const SRP_CLIENT_CREDENTIALS *cred = + _gnutls_get_cred(key, GNUTLS_SRP, NULL); if (cred == NULL) return GNUTLS_E_INSUFICIENT_CRED; @@ -231,8 +231,8 @@ int proc_srp_server_kx(GNUTLS_KEY key, opaque * data, int data_size) opaque *hd; char *username; char *password; - SRP_CLIENT_CREDENTIALS *cred = - _gnutls_get_kx_cred(key, GNUTLS_KX_SRP, NULL); + const SRP_CLIENT_CREDENTIALS *cred = + _gnutls_get_cred(key, GNUTLS_SRP, NULL); if (cred == NULL) return GNUTLS_E_INSUFICIENT_CRED; diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c index e7bf585cb0..78483043ff 100644 --- a/lib/auth_srp_passwd.c +++ b/lib/auth_srp_passwd.c @@ -194,7 +194,7 @@ int tmp_size; /* this function opens the tpasswd.conf file */ -static int pwd_read_conf( SRP_SERVER_CREDENTIALS* cred, GNUTLS_SRP_PWD_ENTRY* entry, int index) { +static int pwd_read_conf( const SRP_SERVER_CREDENTIALS* cred, GNUTLS_SRP_PWD_ENTRY* entry, int index) { FILE * fd; char line[5*1024]; int i; @@ -229,7 +229,7 @@ static int pwd_read_conf( SRP_SERVER_CREDENTIALS* cred, GNUTLS_SRP_PWD_ENTRY* en GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( GNUTLS_KEY key, char* username, int *err) { - SRP_SERVER_CREDENTIALS* cred; + const SRP_SERVER_CREDENTIALS* cred; FILE * fd; char line[5*1024]; int i, len; @@ -238,7 +238,7 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( GNUTLS_KEY key, char* username *err = 0; /* normal exit */ - cred = _gnutls_get_kx_cred( key, GNUTLS_KX_SRP, NULL); + cred = _gnutls_get_cred( key, GNUTLS_SRP, NULL); if (cred==NULL) { *err = 1; gnutls_assert(); diff --git a/lib/ext_srp.c b/lib/ext_srp.c index 8d57ca8571..065cbf1a85 100644 --- a/lib/ext_srp.c +++ b/lib/ext_srp.c @@ -59,7 +59,7 @@ int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) { uint8 len; /* this function sends the client extension data (username) */ if (state->security_parameters.entity == GNUTLS_CLIENT) { - SRP_CLIENT_CREDENTIALS* cred = _gnutls_get_kx_cred( state->gnutls_key, GNUTLS_KX_SRP, NULL); + const SRP_CLIENT_CREDENTIALS* cred = _gnutls_get_cred( state->gnutls_key, GNUTLS_SRP, NULL); (*data) = NULL; diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in index 739eb78b4b..e3d1a4759c 100644 --- a/lib/gnutls.h.in +++ b/lib/gnutls.h.in @@ -24,6 +24,7 @@ typedef enum BulkCipherAlgorithm { GNUTLS_NULL_CIPHER=1, GNUTLS_ARCFOUR, GNUTLS_3DES, GNUTLS_RIJNDAEL, GNUTLS_TWOFISH, GNUTLS_RIJNDAEL256 } BulkCipherAlgorithm; typedef enum KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DH_DSS, GNUTLS_KX_DH_RSA, GNUTLS_KX_DH_ANON, GNUTLS_KX_SRP } KXAlgorithm; +typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType; typedef enum MACAlgorithm { GNUTLS_NULL_MAC=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm; typedef enum CompressionMethod { GNUTLS_NULL_COMPRESSION=1, GNUTLS_ZLIB } CompressionMethod; typedef enum ConnectionEnd { GNUTLS_SERVER, GNUTLS_CLIENT } ConnectionEnd; @@ -107,7 +108,7 @@ const char* gnutls_check_version(); /* Functions for setting/clearing credentials */ int gnutls_clear_creds( GNUTLS_STATE state); /* cred is a structure defined by the kx algorithm */ -int gnutls_set_kx_cred( GNUTLS_STATE, KXAlgorithm kx, void* cred); +int gnutls_set_cred( GNUTLS_STATE, CredType type, void* cred); const void* gnutls_get_auth_info( GNUTLS_STATE); /* Credential structures for SRP - used in gnutls_set_cred(); */ @@ -125,15 +126,15 @@ typedef struct { char username[256]; } SRP_AUTH_INFO; -/* Credential structures for DH_ANON */ +/* Credential structures for ANON */ typedef struct { - int bits; -} DH_ANON_SERVER_CREDENTIALS; + int dh_bits; +} ANON_SERVER_CREDENTIALS; typedef struct { - int bits; -} DH_ANON_AUTH_INFO; + int dh_bits; +} ANON_AUTH_INFO; /* error codes appended here */ diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 78ac1be9a7..e7c60fcf57 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -34,6 +34,31 @@ #define MAX_CIPHERSUITE 256 #define MAX_COMPRESSION 256 + +/* Cred type mappings to KX algorithms */ +typedef struct { + KXAlgorithm algorithm; + CredType type; +} gnutls_cred_map; + +static const gnutls_cred_map cred_mappings[] = { + { GNUTLS_KX_DH_ANON, GNUTLS_ANON }, + { GNUTLS_KX_RSA, GNUTLS_X509PKI }, + { GNUTLS_KX_DHE_DSS, GNUTLS_X509PKI }, + { GNUTLS_KX_DHE_RSA, GNUTLS_X509PKI }, + { GNUTLS_KX_DH_DSS, GNUTLS_X509PKI }, + { GNUTLS_KX_DH_RSA, GNUTLS_X509PKI }, + { GNUTLS_KX_SRP, GNUTLS_SRP }, + { 0 } +}; + +#define GNUTLS_KX_MAP_LOOP(b) \ + const gnutls_cred_map *p; \ + for(p = cred_mappings; p->type != 0; p++) { b ; } + +#define GNUTLS_KX_MAP_ALG_LOOP(a) \ + GNUTLS_KX_MAP_LOOP( if(p->type == type) { a; break; }) + /* TLS Versions */ typedef struct { @@ -906,6 +931,23 @@ _gnutls_version_is_supported(GNUTLS_STATE state, return ret; } +/* Type to KX mappings */ +KXAlgorithm _gnutls_map_kx_get_kx(CredType type) +{ + KXAlgorithm ret = -1; + + GNUTLS_KX_MAP_ALG_LOOP(ret = p->algorithm); + return ret; +} + +CredType _gnutls_map_kx_get_cred(KXAlgorithm algorithm) +{ + CredType ret = -1; + GNUTLS_KX_MAP_LOOP(if (p->algorithm==algorithm) ret = p->type); + + return ret; +} + /* Cipher Suite's functions */ BulkCipherAlgorithm diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h index 7844776ee6..e2e0f36473 100644 --- a/lib/gnutls_algorithms.h +++ b/lib/gnutls_algorithms.h @@ -86,3 +86,7 @@ int _gnutls_compression_count(); int _gnutls_compression_get_num(CompressionMethod algorithm); CompressionMethod _gnutls_compression_get_id(int num); char *_gnutls_compression_get_name(CompressionMethod algorithm); + +/* Type to KX mappings */ +KXAlgorithm _gnutls_map_kx_get_kx(CredType type); +CredType _gnutls_map_kx_get_cred(KXAlgorithm algorithm); diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index 69c31b932b..a9768c3870 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -22,6 +22,8 @@ #include "gnutls_int.h" #include "gnutls_errors.h" #include "gnutls_auth.h" +#include "gnutls_auth_int.h" +#include "gnutls_algorithms.h" #include "auth_anon.h" /* The functions here are used in order for authentication algorithms @@ -51,28 +53,28 @@ int gnutls_clear_creds( GNUTLS_STATE state) { * { algorithm, credentials, pointer to next } */ /** - * gnutls_set_kx_cred - Sets the needed credentials for the specified (in kx) authentication algorithm. + * gnutls_set_cred - Sets the needed credentials for the specified authentication algorithm. * @state: is a &GNUTLS_STATE structure. - * @kx: is a key exchange algorithm + * @type: is the type of the credentials * @cred: is a pointer to a structure. * - * Sets the needed credentials for the specified (in kx) authentication - * algorithm. Eg username, password - or public and private keys etc. + * Sets the needed credentials for the specified type. + * Eg username, password - or public and private keys etc. * The (void* cred) parameter is a structure that depends on the - * specified kx algorithm and on the current state (client or server). + * specified type and on the current state (client or server). * [ In order to minimize memory usage, and share credentials between * several threads gnutls keeps a pointer to cred, and not the whole cred * structure. Thus you will have to keep the structure allocated until * you call gnutls_deinit(). ] * - * For %GNUTLS_KX_DH_ANON cred should be NULL in case of a client. - * In case of a server it should be &DH_ANON_SERVER_CREDENTIALS. + * For %GNUTLS_ANON cred should be NULL in case of a client. + * In case of a server it should be &ANON_SERVER_CREDENTIALS. * - * For %GNUTLS_KX_SRP cred should be &SRP_CLIENT_CREDENTIALS + * For %GNUTLS_SRP cred should be &SRP_CLIENT_CREDENTIALS * in case of a client, and &SRP_SERVER_CREDENTIALS, in case * of a server. **/ -int gnutls_set_kx_cred( GNUTLS_STATE state, KXAlgorithm kx, void* cred) { +int gnutls_set_cred( GNUTLS_STATE state, CredType type, void* cred) { AUTH_CRED * ccred, *pcred; int exists=0; @@ -85,11 +87,11 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, KXAlgorithm kx, void* cred) { state->gnutls_key->cred->credentials = cred; state->gnutls_key->cred->next = NULL; - state->gnutls_key->cred->algorithm = kx; + state->gnutls_key->cred->algorithm = type; } else { ccred = state->gnutls_key->cred; while(ccred!=NULL) { - if (ccred->algorithm==kx) { + if (ccred->algorithm==type) { exists=1; break; } @@ -107,7 +109,7 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, KXAlgorithm kx, void* cred) { ccred->credentials = cred; ccred->next = NULL; - ccred->algorithm = kx; + ccred->algorithm = type; } else { /* modify existing entry */ gnutls_free(ccred->credentials); ccred->credentials = cred; @@ -121,12 +123,15 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, KXAlgorithm kx, void* cred) { * This returns an pointer to the linked list. Don't * free that!!! */ -void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx, int *err) { +const void *_gnutls_get_kx_cred( GNUTLS_KEY key, KXAlgorithm algo, int *err) { + return _gnutls_get_cred( key, _gnutls_map_kx_get_cred(algo), err); +} +const void *_gnutls_get_cred( GNUTLS_KEY key, CredType type, int *err) { AUTH_CRED * ccred; ccred = key->cred; while(ccred!=NULL) { - if (ccred->algorithm==kx) { + if (ccred->algorithm==type) { break; } ccred = ccred->next; diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h index 46d0c1ab2a..2b34b6160c 100644 --- a/lib/gnutls_auth_int.h +++ b/lib/gnutls_auth_int.h @@ -1,3 +1,5 @@ int gnutls_clear_creds( GNUTLS_STATE state); -int gnutls_set_kx_cred( GNUTLS_STATE state, KXAlgorithm kx, void* cred); -const void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx, int* err); +int gnutls_set_cred( GNUTLS_STATE state, CredType type, void* cred); +const void *_gnutls_get_cred( GNUTLS_KEY key, CredType kx, int* err); +const void *_gnutls_get_kx_cred( GNUTLS_KEY key, KXAlgorithm algo, int *err); + diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index d79cb60910..84cef16a69 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -108,6 +108,7 @@ typedef enum ConnectionEnd { GNUTLS_SERVER, GNUTLS_CLIENT } ConnectionEnd; typedef enum BulkCipherAlgorithm { GNUTLS_NULL_CIPHER=1, GNUTLS_ARCFOUR, GNUTLS_3DES, GNUTLS_RIJNDAEL, GNUTLS_TWOFISH, GNUTLS_RIJNDAEL256 } BulkCipherAlgorithm; typedef enum Extensions { GNUTLS_EXTENSION_SRP=7 } Extensions; typedef enum KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DH_DSS, GNUTLS_KX_DH_RSA, GNUTLS_KX_DH_ANON, GNUTLS_KX_SRP } KXAlgorithm; +typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType; typedef enum CipherType { CIPHER_STREAM, CIPHER_BLOCK } CipherType; typedef enum MACAlgorithm { GNUTLS_NULL_MAC=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm; typedef enum CompressionMethod { GNUTLS_NULL_COMPRESSION=1, GNUTLS_ZLIB } CompressionMethod; |