diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-02-03 11:36:00 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-02-03 11:36:00 +0000 |
commit | 4f7f83c7aca84cb1fcc28350a5b75611ecf9543d (patch) | |
tree | 4d4b619788443e1c3a4c5d6978586746a647c22c /lib/ext_cert_type.c | |
parent | bb4c15ef30e38c19fba41ba77263bf71a24c764b (diff) | |
download | gnutls-4f7f83c7aca84cb1fcc28350a5b75611ecf9543d.tar.gz |
Added stuff for parsing the CertType extension type.
Diffstat (limited to 'lib/ext_cert_type.c')
-rw-r--r-- | lib/ext_cert_type.c | 169 |
1 files changed, 169 insertions, 0 deletions
diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c new file mode 100644 index 0000000000..f24e3dc5a2 --- /dev/null +++ b/lib/ext_cert_type.c @@ -0,0 +1,169 @@ +/* + * Copyright (C) 2002 Nikos Mavroyanopoulos + * + * This file is part of GNUTLS. + * + * GNUTLS is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUTLS is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include "gnutls_int.h" +#include "gnutls_errors.h" +#include "gnutls_num.h" +#include "ext_cert_type.h" +#include <gnutls_state.h> + +/* + * In case of a server: if a CERT_TYPE extension type is received then it stores + * into the state security parameters the new value. The server may use gnutls_state_cert_type_get(), + * to access it. + * + * In case of a client: If a cert_types have been specified then we send the extension. + * + */ + +int _gnutls_cert_type_recv_params( GNUTLS_STATE state, const opaque* data, int data_size) { + int new_type = -1, ret, i; + + if (state->security_parameters.entity == GNUTLS_CLIENT) { + if (data_size > 0) { + if ( data_size != 1) { + gnutls_assert(); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } + + new_type = _gnutls_num2cert_type(data[0]); + + if (new_type < 0) { + gnutls_assert(); + return new_type; + } + + /* Check if we support this cert_type */ + if ( (ret=_gnutls_state_cert_type_supported( state, new_type)) < 0) { + gnutls_assert(); + return ret; + } + + _gnutls_state_cert_type_set( state, new_type); + } + } else { /* SERVER SIDE - we must check if the sent cert type is the right one + */ + if (data_size > 0) { + + if ( data_size <= 0) { + gnutls_assert(); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } + + for (i=0;i<data_size;i++) { + new_type = _gnutls_num2cert_type(data[i]); + + if (new_type < 0) continue; + + /* Check if we support this cert_type */ + if ( (ret=_gnutls_state_cert_type_supported( state, new_type)) < 0) { + gnutls_assert(); + continue; + } else break; + /* new_type is ok */ + } + + if (new_type < 0) { + gnutls_assert(); + return GNUTLS_E_ILLEGAL_PARAMETER; + } + + if ( (ret=_gnutls_state_cert_type_supported( state, new_type)) < 0) { + gnutls_assert(); + return ret; + } + + _gnutls_state_cert_type_set( state, new_type); + } + + + } + + return 0; +} + +/* returns data_size or a negative number on failure + * data is allocated localy + */ +int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque** data) { + uint16 len, i; + + /* this function sends the client extension data (dnsname) */ + if (state->security_parameters.entity == GNUTLS_CLIENT) { + + if (state->gnutls_internals.cert_type_priority.algorithms > 0) { + + len = state->gnutls_internals.cert_type_priority.algorithms; + (*data) = gnutls_malloc(len); + if (*data==NULL) return GNUTLS_E_MEMORY_ERROR; + + for (i=0;i<len;i++) { + (*data)[i] = _gnutls_cert_type2num( state->gnutls_internals. + cert_type_priority.algorithm_priority[i]); + } + return len; + } + + } else { /* server side */ + + if ( state->security_parameters.cert_type != DEFAULT_CERT_TYPE) { + len = 1; + (*data) = gnutls_malloc(len); + if (*data==NULL) return GNUTLS_E_MEMORY_ERROR; + + (*data)[0] = _gnutls_cert_type2num( state->security_parameters.cert_type); + return len; + } + + + } + + *data = NULL; + return 0; +} + +/* Maps numbers to record sizes according to the + * extensions draft. + */ +int _gnutls_num2cert_type( int num) { + switch( num) { + case 0: + return GNUTLS_CRT_X509; + case 1: + return GNUTLS_CRT_OPENPGP; + default: + return GNUTLS_E_ILLEGAL_PARAMETER; + } +} + +/* Maps record size to numbers according to the + * extensions draft. + */ +int _gnutls_cert_type2num( int cert_type) { + switch(cert_type) { + case GNUTLS_CRT_X509: + return 0; + case GNUTLS_CRT_OPENPGP: + return 1; + default: + return GNUTLS_E_ILLEGAL_PARAMETER; + } + +} |