Add TLS/IA support.

2 files changed, 102 insertions, 3 deletions

diff --git a/includes/gnutls/extra.h b/includes/gnutls/extra.h
index 7769878713..a3f166f72f 100644
--- a/includes/gnutls/extra.h
+++ b/includes/gnutls/extra.h
@@ -79,6 +79,87 @@ int gnutls_certificate_set_openpgp_keyring_mem(
 int gnutls_certificate_set_openpgp_keyring_file( gnutls_certificate_credentials_t c,
     const char *file);
 
+  /* TLS/IA stuff
+   */
+
+  typedef enum {
+    GNUTLS_IA_APPLICATION_PAYLOAD = 0,
+    GNUTLS_IA_INTERMEDIATE_PHASE_FINISHED = 1,
+    GNUTLS_IA_FINAL_PHASE_FINISHED = 2
+  } gnutls_ia_apptype_t;
+
+  /* TLS/IA credential
+   */
+
+  typedef int (*gnutls_ia_avp_func) (gnutls_session_t session, void *ptr,
+				     const char *last, size_t lastlen,
+				     char **new, size_t *newlen);
+
+  typedef struct gnutls_ia_server_credentials_st* gnutls_ia_server_credentials_t;
+  typedef struct gnutls_ia_client_credentials_st* gnutls_ia_client_credentials_t;
+
+  /* Allocate and free TLS/IA credentials. */
+  extern void
+  gnutls_ia_free_client_credentials(gnutls_ia_client_credentials_t sc);
+  extern int
+  gnutls_ia_allocate_client_credentials(gnutls_ia_client_credentials_t * sc);
+
+  extern void
+  gnutls_ia_free_server_credentials(gnutls_ia_server_credentials_t sc);
+  extern int
+  gnutls_ia_allocate_server_credentials(gnutls_ia_server_credentials_t * sc);
+
+  /* Client TLS/IA credential functions. */
+  extern void
+  gnutls_ia_set_client_avp_function(gnutls_ia_client_credentials_t cred,
+				    gnutls_ia_avp_func avp_func);
+  extern void
+  gnutls_ia_set_client_avp_ptr (gnutls_ia_client_credentials_t cred,
+				void *ptr);
+  extern void *
+  gnutls_ia_get_client_avp_ptr (gnutls_ia_client_credentials_t cred);
+
+  /* Server TLS/IA credential functions. */
+  extern void
+  gnutls_ia_set_server_avp_function(gnutls_ia_server_credentials_t cred,
+				    gnutls_ia_avp_func avp_func);
+  extern void
+  gnutls_ia_set_server_avp_ptr (gnutls_ia_server_credentials_t cred,
+				void *ptr);
+  extern void *
+  gnutls_ia_get_server_avp_ptr (gnutls_ia_server_credentials_t cred);
+
+  /* TLS/IA handshake. */
+  extern int gnutls_ia_handshake_p (gnutls_session_t session);
+
+  extern int gnutls_ia_handshake (gnutls_session_t session);
+
+  /* TLS/IA low level interface. */
+  extern int
+  gnutls_ia_permute_inner_secret (gnutls_session_t session,
+				  size_t session_keys_size,
+				  const char *session_keys);
+  extern int
+  gnutls_ia_endphase_send(gnutls_session_t session, int final_p);
+
+  extern ssize_t
+  gnutls_ia_send(gnutls_session_t session, char *data, size_t datal);
+  extern ssize_t
+  gnutls_ia_recv(gnutls_session_t session, char *data, size_t datal);
+
+  /* Utility stuff. */
+  extern int
+  gnutls_ia_generate_challenge (gnutls_session_t session,
+				size_t buffer_size,
+				char *buffer);
+  extern void
+  gnutls_ia_extract_inner_secret (gnutls_session_t session,
+				  char *buffer);
+
+  /* Toggle whether inner phases are required. */
+  extern void
+  gnutls_ia_require_inner_phase (gnutls_session_t session, int require);
+
 int gnutls_global_init_extra(void);
 
 /* returns libgnutls-extra version (call it with a NULL argument) 
diff --git a/includes/gnutls/gnutls.h.in b/includes/gnutls/gnutls.h.in
index e1d33b9fdd..714d13c50b 100644
--- a/includes/gnutls/gnutls.h.in
+++ b/includes/gnutls/gnutls.h.in
@@ -86,8 +86,13 @@ typedef enum { GNUTLS_PARAMS_RSA_EXPORT=1,
     GNUTLS_PARAMS_DH 
 } gnutls_params_type_t;
 
-typedef enum { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP,
-    GNUTLS_CRD_PSK } gnutls_credentials_type_t;
+typedef enum {
+  GNUTLS_CRD_CERTIFICATE=1,
+  GNUTLS_CRD_ANON,
+  GNUTLS_CRD_SRP,
+  GNUTLS_CRD_PSK,
+  GNUTLS_CRD_IA
+} gnutls_credentials_type_t;
 
 #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
 #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
@@ -137,7 +142,9 @@ typedef enum { GNUTLS_A_CLOSE_NOTIFY,
     GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90,
     GNUTLS_A_NO_RENEGOTIATION=100, GNUTLS_A_UNSUPPORTED_EXTENSION=110,
     GNUTLS_A_CERTIFICATE_UNOBTAINABLE=111, GNUTLS_A_UNRECOGNIZED_NAME=112,
-    GNUTLS_A_UNKNOWN_SRP_USERNAME=120, GNUTLS_A_MISSING_SRP_USERNAME=121
+    GNUTLS_A_UNKNOWN_SRP_USERNAME=120, GNUTLS_A_MISSING_SRP_USERNAME=121,
+    GNUTLS_A_INNER_APPLICATION_FAILURE=208,
+    GNUTLS_A_INNER_APPLICATION_VERIFICATION=209
 } gnutls_alert_description_t;
 
 typedef enum { GNUTLS_HANDSHAKE_HELLO_REQUEST, 
@@ -297,6 +304,12 @@ int gnutls_server_name_get(gnutls_session_t session,
     void *data, size_t *data_length,
     unsigned int * type, unsigned int indx);
 
+typedef enum {
+  GNUTLS_IA_DISABLED = 0,
+  GNUTLS_IA_APP_PHASE_ON_RESUMPTION_NO = 1,
+  GNUTLS_IA_APP_PHASE_ON_RESUMPTION_YES = 2
+} gnutls_ia_mode_t;
+
 /* functions to set priority of cipher suites 
  */
 int gnutls_cipher_set_priority( gnutls_session_t session, const int *list);
@@ -919,6 +932,11 @@ void gnutls_psk_set_params_function(gnutls_psk_server_credentials_t res,
 #define GNUTLS_E_MAC_VERIFY_FAILED -100	/* for PKCS #12 MAC */
 #define GNUTLS_E_CONSTRAINT_ERROR -101
 
+#define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
+#define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
+
+#define GNUTLS_E_IA_VERIFY_FAILED -104
+
 #define GNUTLS_E_BASE64_ENCODING_ERROR -201
 #define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202	/* obsolete */
 #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202