diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-01-28 12:43:16 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-01-28 12:43:16 +0000 |
commit | 9c73603e69fe3b9e4d1b3718b0925204088dde7b (patch) | |
tree | d455bcec6e61e4da0519bb0fe4a612a79827e0e2 /lib | |
parent | 5c5c5e7c03d14e3843fbb94f9227f39bf652385e (diff) | |
download | gnutls-9c73603e69fe3b9e4d1b3718b0925204088dde7b.tar.gz |
GNUTLS_X509PKI -> GNUTLS_CRD_X509PKI
GNUTLS_SRP -> GNUTLS_CRD_SRP
GNUTLS_ANON -> GNUTLS_CRD_ANON
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Makefile.am | 4 | ||||
-rw-r--r-- | lib/auth_anon.c | 4 | ||||
-rw-r--r-- | lib/auth_cert.c (renamed from lib/auth_x509.c) | 54 | ||||
-rw-r--r-- | lib/auth_cert.h (renamed from lib/auth_x509.h) | 18 | ||||
-rw-r--r-- | lib/auth_dhe.c | 8 | ||||
-rw-r--r-- | lib/auth_rsa.c | 4 | ||||
-rw-r--r-- | lib/auth_srp.c | 6 | ||||
-rw-r--r-- | lib/auth_srp_passwd.c | 2 | ||||
-rw-r--r-- | lib/debug.c | 2 | ||||
-rw-r--r-- | lib/ext_srp.c | 2 | ||||
-rw-r--r-- | lib/gnutls.h.in.in | 32 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 20 | ||||
-rw-r--r-- | lib/gnutls_auth.c | 26 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 59 | ||||
-rw-r--r-- | lib/gnutls_cert.h | 2 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 14 | ||||
-rw-r--r-- | lib/gnutls_int.h | 4 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 8 | ||||
-rw-r--r-- | lib/gnutls_privkey.c | 2 | ||||
-rw-r--r-- | lib/gnutls_session_pack.c | 58 | ||||
-rw-r--r-- | lib/gnutls_sig.c | 2 | ||||
-rw-r--r-- | lib/gnutls_sig.h | 2 | ||||
-rw-r--r-- | lib/gnutls_ui.c | 77 | ||||
-rw-r--r-- | lib/gnutls_ui.h | 4 | ||||
-rw-r--r-- | lib/x509_sig_check.c | 2 |
25 files changed, 234 insertions, 182 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index 297d613638..9c04309a5f 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -13,7 +13,7 @@ EXTRA_DIST = debug.h gnutls_compress.h defines.h gnutls.asn pkix.asn \ gnutls_auth_int.h crypt_bcrypt.h gnutls_random.h crypt_srpsha1.h \ x509_b64.h gnutls_srp.h auth_srp.h auth_srp_passwd.h gnutls_v2_compat.h \ crypt.h libgnutls-config.in libgnutls.m4 gnutls.h.in.in gnutls_errors_int.h \ - x509_asn1.h x509_der.h gnutls_datum.h auth_x509.h gnutls_gcry.h \ + x509_asn1.h x509_der.h gnutls_datum.h auth_cert.h gnutls_gcry.h \ gnutls_pk.h gnutls_record.h gnutls_cert.h \ gnutls_privkey.h gnutls_constate.h gnutls_global.h x509_verify.h \ gnutls_sig.h gnutls_mem.h x509_extensions.h gnutls_ui.h \ @@ -35,7 +35,7 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c \ gnutls_gcry.c gnutls_pk.c gnutls_cert.c x509_verify.c\ gnutls_global.c gnutls_privkey.c gnutls_constate.c gnutls_anon_cred.c \ x509_sig_check.c pkix_asn1_tab.c gnutls_asn1_tab.c gnutls_mem.c \ - x509_extensions.c auth_x509.c gnutls_ui.c gnutls_sig.c auth_dhe.c \ + x509_extensions.c auth_cert.c gnutls_ui.c gnutls_sig.c auth_dhe.c \ gnutls_dh_primes.c ext_max_record.c gnutls_alert.c gnutls_int_compat.c \ gnutls_str.c diff --git a/lib/auth_anon.c b/lib/auth_anon.c index 072802ca41..755959f459 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -82,7 +82,7 @@ int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) { return GNUTLS_E_MEMORY_ERROR; } - if ( (ret=_gnutls_auth_info_set( state, GNUTLS_ANON, sizeof( ANON_SERVER_AUTH_INFO_INT))) < 0) { + if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_ANON, sizeof( ANON_SERVER_AUTH_INFO_INT))) < 0) { gnutls_assert(); return ret; } @@ -230,7 +230,7 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) { } /* set auth_info */ - if ( (ret=_gnutls_auth_info_set( state, GNUTLS_ANON, sizeof( ANON_CLIENT_AUTH_INFO_INT))) < 0) { + if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_ANON, sizeof( ANON_CLIENT_AUTH_INFO_INT))) < 0) { gnutls_assert(); return ret; } diff --git a/lib/auth_x509.c b/lib/auth_cert.c index 35a2dfc1ea..52856be44e 100644 --- a/lib/auth_x509.c +++ b/lib/auth_cert.c @@ -22,7 +22,7 @@ #include "gnutls_auth_int.h" #include "gnutls_errors.h" #include <gnutls_cert.h> -#include <auth_x509.h> +#include <auth_cert.h> #include "gnutls_dh.h" #include "gnutls_num.h" #include "x509_asn1.h" @@ -39,9 +39,9 @@ #include <gnutls_pk.h> /* Copies data from a internal certificate struct (gnutls_cert) to - * exported certificate struct (X509PKI_AUTH_INFO) + * exported certificate struct (CERTIFICATE_AUTH_INFO) */ -int _gnutls_copy_x509_auth_info(X509PKI_AUTH_INFO info, gnutls_cert * cert, +int _gnutls_copy_x509_auth_info(CERTIFICATE_AUTH_INFO info, gnutls_cert * cert, int ncerts) { /* Copy peer's information to AUTH_INFO @@ -228,9 +228,9 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state, gnutls_datum odn; opaque *data = _data; int data_size = _data_size; - const GNUTLS_X509PKI_CREDENTIALS cred; + const GNUTLS_CERTIFICATE_CREDENTIALS cred; - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); + cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; @@ -495,22 +495,22 @@ int _gnutls_proc_x509_server_certificate(GNUTLS_STATE state, opaque * data, { int size, len, ret; opaque *p = data; - X509PKI_AUTH_INFO info; - const GNUTLS_X509PKI_CREDENTIALS cred; + CERTIFICATE_AUTH_INFO info; + const GNUTLS_CERTIFICATE_CREDENTIALS cred; int dsize = data_size; int i, j, x; gnutls_cert *peer_certificate_list; int peer_certificate_list_size = 0; gnutls_datum tmp; - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); + cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } - if ( (ret=_gnutls_auth_info_set( state, GNUTLS_X509PKI, sizeof( X509PKI_AUTH_INFO_INT))) < 0) { + if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_CERTIFICATE, sizeof( CERTIFICATE_AUTH_INFO_INT))) < 0) { gnutls_assert(); return ret; } @@ -658,21 +658,21 @@ int _gnutls_proc_x509_cert_req(GNUTLS_STATE state, opaque * data, { int size, ret; opaque *p = data; - const GNUTLS_X509PKI_CREDENTIALS cred; - X509PKI_AUTH_INFO info; + const GNUTLS_CERTIFICATE_CREDENTIALS cred; + CERTIFICATE_AUTH_INFO info; int dsize = data_size; int i, j, ind; PKAlgorithm pk_algos[MAX_SIGN_ALGOS]; int pk_algos_length; - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); + cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } state->gnutls_key->certificate_requested = 1; - if ( (ret=_gnutls_auth_info_set( state, GNUTLS_X509PKI, sizeof( X509PKI_AUTH_INFO_INT))) < 0) { + if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_CERTIFICATE, sizeof( CERTIFICATE_AUTH_INFO_INT))) < 0) { gnutls_assert(); return ret; } @@ -782,7 +782,7 @@ int _gnutls_proc_x509_client_cert_vrfy(GNUTLS_STATE state, opaque * data, int dsize = data_size; opaque *pdata = data; gnutls_datum sig; - X509PKI_AUTH_INFO info = _gnutls_get_auth_info( state); + CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( state); gnutls_cert peer_cert; if (info == NULL || info->ncerts == 0) { @@ -823,16 +823,16 @@ int _gnutls_proc_x509_client_cert_vrfy(GNUTLS_STATE state, opaque * data, #define CERTTYPE_SIZE 3 int _gnutls_gen_x509_server_cert_req(GNUTLS_STATE state, opaque ** data) { - const GNUTLS_X509PKI_CREDENTIALS cred; + const GNUTLS_CERTIFICATE_CREDENTIALS cred; int size; opaque *pdata; /* Now we need to generate the RDN sequence. This is - * already in the X509PKI_CRED structure, to improve + * already in the CERTIFICATE_CRED structure, to improve * performance. */ - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); + cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; @@ -871,11 +871,11 @@ int _gnutls_find_apr_cert(GNUTLS_STATE state, gnutls_cert ** apr_cert_list, int *apr_cert_list_length, gnutls_private_key ** apr_pkey) { - const GNUTLS_X509PKI_CREDENTIALS cred; + const GNUTLS_CERTIFICATE_CREDENTIALS cred; int ind; cred = - _gnutls_get_kx_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); + _gnutls_get_kx_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); @@ -1235,19 +1235,19 @@ int gnutls_x509pki_extract_certificate_version(const gnutls_datum * cert) **/ int gnutls_x509pki_get_peer_certificate_status(GNUTLS_STATE state) { - X509PKI_AUTH_INFO info; - const GNUTLS_X509PKI_CREDENTIALS cred; + CERTIFICATE_AUTH_INFO info; + const GNUTLS_CERTIFICATE_CREDENTIALS cred; CertificateStatus verify; gnutls_cert *peer_certificate_list; int peer_certificate_list_size, i, x, ret; - CHECK_AUTH(GNUTLS_X509PKI, GNUTLS_E_INVALID_REQUEST); + CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); info = _gnutls_get_auth_info(state); if (info == NULL) return GNUTLS_E_INVALID_REQUEST; - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); + cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; @@ -1407,10 +1407,10 @@ int gnutls_x509pki_verify_certificate( const gnutls_datum* cert_list, int cert_l const gnutls_cert *_gnutls_server_find_x509_cert(GNUTLS_STATE state, PKAlgorithm requested_algo) { int i; - const GNUTLS_X509PKI_CREDENTIALS x509_cred; + const GNUTLS_CERTIFICATE_CREDENTIALS x509_cred; x509_cred = - _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); + _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (x509_cred==NULL) return NULL; @@ -1436,10 +1436,10 @@ int _gnutls_server_find_x509_cert_list_index(GNUTLS_STATE state, PKAlgorithm requested_algo) { int i, index = -1, j; - const GNUTLS_X509PKI_CREDENTIALS cred; + const GNUTLS_CERTIFICATE_CREDENTIALS cred; int my_certs_length; - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); + cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; diff --git a/lib/auth_x509.h b/lib/auth_cert.h index 68967a075c..0ade498ece 100644 --- a/lib/auth_x509.h +++ b/lib/auth_cert.h @@ -7,6 +7,9 @@ * support a server that has multiple certificates */ typedef struct { + + /* X509 stuff */ + gnutls_cert ** cert_list; /* contains a list of a list of certificates. * eg: [0] certificate1, certificate11, certificate111 @@ -23,6 +26,7 @@ typedef struct { * keys. pkey[i] corresponds to certificate in * cert_list[i][0]. */ + gnutls_cert * ca_list; int ncas; /* number of CAs in the ca_list */ @@ -33,12 +37,12 @@ typedef struct { * generating it every time. */ gnutls_datum rdn_sequence; -} X509PKI_CREDENTIALS_INT; +} CERTIFICATE_CREDENTIALS_INT; -/* typedef X509PKI_CREDENTIALS_INT * X509PKI_CREDENTIALS; */ -#define GNUTLS_X509PKI_CREDENTIALS X509PKI_CREDENTIALS_INT* +/* typedef CERTIFICATE_CREDENTIALS_INT * CERTIFICATE_CREDENTIALS; */ +#define GNUTLS_CERTIFICATE_CREDENTIALS CERTIFICATE_CREDENTIALS_INT* -typedef struct X509PKI_AUTH_INFO_INT { +typedef struct CERTIFICATE_AUTH_INFO_INT { int certificate_requested; /* if the peer requested certificate * this is non zero; */ @@ -47,11 +51,11 @@ typedef struct X509PKI_AUTH_INFO_INT { * peer. */ int ncerts; /* holds the size of the list above */ -} *X509PKI_AUTH_INFO; +} *CERTIFICATE_AUTH_INFO; -typedef struct X509PKI_AUTH_INFO_INT X509PKI_AUTH_INFO_INT; +typedef struct CERTIFICATE_AUTH_INFO_INT CERTIFICATE_AUTH_INFO_INT; -int _gnutls_copy_x509_client_auth_info( X509PKI_AUTH_INFO info, gnutls_cert* cert, CertificateStatus verify); +int _gnutls_copy_x509_client_auth_info( CERTIFICATE_AUTH_INFO info, gnutls_cert* cert, CertificateStatus verify); /* AUTH X509 functions */ int _gnutls_gen_x509_server_certificate(GNUTLS_STATE, opaque **); diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index 92191914a0..ac75b6f94f 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -26,7 +26,7 @@ #include "gnutls_num.h" #include "gnutls_sig.h" #include <gnutls_datum.h> -#include <auth_x509.h> +#include <auth_cert.h> static int gen_dhe_server_kx(GNUTLS_STATE, opaque **); static int gen_dhe_client_kx(GNUTLS_STATE, opaque **); @@ -88,7 +88,7 @@ static int gen_dhe_server_kx(GNUTLS_STATE state, opaque ** data) gnutls_private_key *apr_pkey; int apr_cert_list_length; gnutls_datum signature, ddata; - X509PKI_AUTH_INFO info; + CERTIFICATE_AUTH_INFO info; bits = _gnutls_dh_get_bits( state); @@ -107,7 +107,7 @@ static int gen_dhe_server_kx(GNUTLS_STATE state, opaque ** data) return GNUTLS_E_MEMORY_ERROR; } - if ( (ret=_gnutls_auth_info_set( state, GNUTLS_X509PKI, sizeof( X509PKI_AUTH_INFO_INT))) < 0) { + if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_CERTIFICATE, sizeof( CERTIFICATE_AUTH_INFO_INT))) < 0) { gnutls_assert(); return ret; } @@ -255,7 +255,7 @@ static int proc_dhe_server_kx(GNUTLS_STATE state, opaque * data, int i, sigsize; gnutls_datum vparams, signature; int ret; - X509PKI_AUTH_INFO info = _gnutls_get_auth_info( state); + CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( state); gnutls_cert peer_cert; if (info == NULL || info->ncerts==0) { diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 188fb5d347..c1e6955710 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -26,7 +26,7 @@ #include "x509_asn1.h" #include "x509_der.h" #include "gnutls_datum.h" -#include "auth_x509.h" +#include "auth_cert.h" #include <gnutls_random.h> #include <gnutls_pk.h> #include <gnutls_algorithms.h> @@ -146,7 +146,7 @@ int proc_rsa_client_kx(GNUTLS_STATE state, opaque * data, int data_size) */ int gen_rsa_client_kx(GNUTLS_STATE state, opaque ** data) { - X509PKI_AUTH_INFO auth = state->gnutls_key->auth_info; + CERTIFICATE_AUTH_INFO auth = state->gnutls_key->auth_info; gnutls_datum sdata; /* data to send */ MPI params[RSA_PARAMS]; int ret; diff --git a/lib/auth_srp.c b/lib/auth_srp.c index 47e5d1e70b..cf015dbc18 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -78,7 +78,7 @@ int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data) int err; SRP_SERVER_AUTH_INFO info; - if ( (ret=_gnutls_auth_info_set( state, GNUTLS_SRP, sizeof( SRP_SERVER_AUTH_INFO_INT))) < 0) { + if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_SRP, sizeof( SRP_SERVER_AUTH_INFO_INT))) < 0) { gnutls_assert(); return ret; } @@ -241,7 +241,7 @@ int gen_srp_client_kx0(GNUTLS_STATE state, opaque ** data) char *username; char *password; const GNUTLS_SRP_CLIENT_CREDENTIALS cred = - _gnutls_get_cred(state->gnutls_key, GNUTLS_SRP, NULL); + _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_SRP, NULL); if (cred == NULL) { gnutls_assert(); @@ -301,7 +301,7 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size char *username; char *password; const GNUTLS_SRP_CLIENT_CREDENTIALS cred = - _gnutls_get_cred(state->gnutls_key, GNUTLS_SRP, NULL); + _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_SRP, NULL); if (cred == NULL) { gnutls_assert(); diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c index e71701998c..88e157b262 100644 --- a/lib/auth_srp_passwd.c +++ b/lib/auth_srp_passwd.c @@ -245,7 +245,7 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( GNUTLS_KEY key, char* username *err = 0; /* normal exit */ - cred = _gnutls_get_cred( key, GNUTLS_SRP, NULL); + cred = _gnutls_get_cred( key, GNUTLS_CRD_SRP, NULL); if (cred==NULL) { *err = 1; gnutls_assert(); diff --git a/lib/debug.c b/lib/debug.c index b937d4f1b7..d3b996c574 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -190,7 +190,7 @@ static char str[512]; case GNUTLS_SERVER_HELLO: strcpy(str, "SERVER HELLO"); break; - case GNUTLS_CERTIFICATE: + case GNUTLS_CERTIFICATE_PKT: strcpy(str, "CERTIFICATE"); break; case GNUTLS_SERVER_KEY_EXCHANGE: diff --git a/lib/ext_srp.c b/lib/ext_srp.c index 7653a3a832..936f89cf6a 100644 --- a/lib/ext_srp.c +++ b/lib/ext_srp.c @@ -65,7 +65,7 @@ int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) { uint8 len; /* this function sends the client extension data (username) */ if (state->security_parameters.entity == GNUTLS_CLIENT) { - const GNUTLS_SRP_CLIENT_CREDENTIALS cred = _gnutls_get_cred( state->gnutls_key, GNUTLS_SRP, NULL); + const GNUTLS_SRP_CLIENT_CREDENTIALS cred = _gnutls_get_cred( state->gnutls_key, GNUTLS_CRD_SRP, NULL); (*data) = NULL; diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 84a4bc9067..d8a07e8138 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -38,7 +38,7 @@ typedef enum GNUTLS_BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_AR typedef enum GNUTLS_KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP } GNUTLS_KXAlgorithm; -typedef enum GNUTLS_CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } GNUTLS_CredType; +typedef enum GNUTLS_CredType { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } GNUTLS_CredType; typedef enum GNUTLS_MACAlgorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } GNUTLS_MACAlgorithm; typedef enum GNUTLS_DigestAlgorithm { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5, GNUTLS_DIG_SHA } GNUTLS_DigestAlgorithm; @@ -159,30 +159,18 @@ int gnutls_clear_creds( GNUTLS_STATE state); /* cred is a structure defined by the kx algorithm */ int gnutls_cred_set( GNUTLS_STATE, GNUTLS_CredType type, void* cred); -/* This will set the Common Name field in case of X509PKI - * authentication. This will be used while verifying the - * certificate - */ - /* Credential structures for SRP - used in gnutls_set_cred(); */ struct DSTRUCT; -typedef struct DSTRUCT* GNUTLS_X509PKI_CREDENTIALS; -typedef GNUTLS_X509PKI_CREDENTIALS GNUTLS_X509PKI_CLIENT_CREDENTIALS; -typedef GNUTLS_X509PKI_CREDENTIALS GNUTLS_X509PKI_SERVER_CREDENTIALS; -#define X509PKI_CLIENT_CREDENTIALS GNUTLS_X509PKI_CLIENT_CREDENTIALS -#define X509PKI_SERVER_CREDENTIALS GNUTLS_X509PKI_SERVER_CREDENTIALS +typedef struct DSTRUCT* GNUTLS_CERTIFICATE_CREDENTIALS; +typedef GNUTLS_CERTIFICATE_CREDENTIALS GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS; +typedef GNUTLS_CERTIFICATE_CREDENTIALS GNUTLS_CERTIFICATE_SERVER_CREDENTIALS; typedef struct DSTRUCT* GNUTLS_SRP_SERVER_CREDENTIALS; typedef struct DSTRUCT* GNUTLS_SRP_CLIENT_CREDENTIALS; -#define SRP_SERVER_CREDENTIALS GNUTLS_SRP_SERVER_CREDENTIALS -#define SRP_CLIENT_CREDENTIALS GNUTLS_GNUTLS_SRP_CLIENT_CREDENTIALS typedef struct DSTRUCT* GNUTLS_ANON_SERVER_CREDENTIALS; typedef struct DSTRUCT* GNUTLS_ANON_CLIENT_CREDENTIALS; -#define ANON_SERVER_CREDENTIALS GNUTLS_ANON_SERVER_CREDENTIALS -#define ANON_CLIENT_CREDENTIALS GNUTLS_ANON_CLIENT_CREDENTIALS - void gnutls_srp_free_client_sc( GNUTLS_SRP_CLIENT_CREDENTIALS sc); int gnutls_srp_allocate_client_sc( GNUTLS_SRP_CLIENT_CREDENTIALS *sc); @@ -204,14 +192,14 @@ int gnutls_anon_set_client_cred( GNUTLS_ANON_SERVER_CREDENTIALS res, int dh_bits /* CERTFILE is an x509 certificate in PEM form. * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys). */ -void gnutls_x509pki_free_sc( GNUTLS_X509PKI_CREDENTIALS sc); -int gnutls_x509pki_allocate_sc( GNUTLS_X509PKI_CREDENTIALS *sc, int ncerts); +void gnutls_x509pki_free_sc( GNUTLS_CERTIFICATE_CREDENTIALS sc); +int gnutls_x509pki_allocate_sc( GNUTLS_CERTIFICATE_CREDENTIALS *sc, int ncerts); -int gnutls_x509pki_set_trust_file( GNUTLS_X509PKI_CREDENTIALS res, char* CAFILE, char* CRLFILE); -int gnutls_x509pki_set_trust_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_datum *CA, const gnutls_datum *CRL); +int gnutls_x509pki_set_trust_file( GNUTLS_CERTIFICATE_CREDENTIALS res, char* CAFILE, char* CRLFILE); +int gnutls_x509pki_set_trust_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const gnutls_datum *CA, const gnutls_datum *CRL); -int gnutls_x509pki_set_key_file( GNUTLS_X509PKI_CREDENTIALS res, char *CERTFILE, char* KEYFILE); -int gnutls_x509pki_set_key_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_datum* CERT, const gnutls_datum* KEY); +int gnutls_x509pki_set_key_file( GNUTLS_CERTIFICATE_CREDENTIALS res, char *CERTFILE, char* KEYFILE); +int gnutls_x509pki_set_key_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const gnutls_datum* CERT, const gnutls_datum* KEY); #define gnutls_x509pki_free_server_sc gnutls_x509pki_free_sc #define gnutls_x509pki_allocate_server_sc gnutls_x509pki_allocate_sc diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 376048cc13..d4f225f6ed 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -31,11 +31,11 @@ typedef struct { } gnutls_cred_map; static const gnutls_cred_map cred_mappings[] = { - { GNUTLS_KX_ANON_DH, GNUTLS_ANON }, - { GNUTLS_KX_RSA, GNUTLS_X509PKI }, - { GNUTLS_KX_DHE_DSS, GNUTLS_X509PKI }, - { GNUTLS_KX_DHE_RSA, GNUTLS_X509PKI }, - { GNUTLS_KX_SRP, GNUTLS_SRP }, + { GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON }, + { GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE }, + { GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE }, + { GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE }, + { GNUTLS_KX_SRP, GNUTLS_CRD_SRP }, { 0 } }; @@ -233,13 +233,13 @@ typedef struct { #define GNUTLS_RSA_RIJNDAEL_256_CBC_SHA { 0x00, 0x35 } #define GNUTLS_RSA_TWOFISH_128_CBC_SHA { 0xF6, 0x51 } -/* X509PKI_DHE_DSS */ +/* DHE_DSS */ #define GNUTLS_DHE_DSS_TWOFISH_128_CBC_SHA { 0xF6, 0x54 } #define GNUTLS_DHE_DSS_RIJNDAEL_256_CBC_SHA { 0x00, 0x38 } #define GNUTLS_DHE_DSS_RIJNDAEL_128_CBC_SHA { 0x00, 0x32 } #define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA { 0x00, 0x13 } -/* X509PKI_DHE_RSA */ +/* DHE_RSA */ #define GNUTLS_DHE_RSA_TWOFISH_128_CBC_SHA { 0xF6, 0x55 } #define GNUTLS_DHE_RSA_RIJNDAEL_128_CBC_SHA { 0x00, 0x33 } #define GNUTLS_DHE_RSA_RIJNDAEL_256_CBC_SHA { 0x00, 0x39 } @@ -283,7 +283,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA), - /* X509PKI_DHE_DSS */ + /* DHE_DSS */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_TWOFISH_128_CBC_SHA, GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA), @@ -297,7 +297,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA), - /* X509PKI_DHE_RSA */ + /* DHE_RSA */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_TWOFISH_128_CBC_SHA, GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA), @@ -311,7 +311,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA), - /* X509PKI_RSA */ + /* RSA */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_NULL_MD5, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA, GNUTLS_MAC_MD5), diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index 1b11d8be0b..1bc1eb26c6 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -23,7 +23,7 @@ #include "gnutls_auth.h" #include "gnutls_auth_int.h" #include "gnutls_algorithms.h" -#include "auth_x509.h" +#include "auth_cert.h" #include <gnutls_datum.h> #include "auth_anon.h" @@ -68,15 +68,15 @@ int gnutls_clear_creds( GNUTLS_STATE state) { * structure. Thus you will have to keep the structure allocated until * you call gnutls_deinit(). ] * - * For GNUTLS_ANON cred should be ANON_CLIENT_CREDENTIALS in case of a client. + * For GNUTLS_CRD_ANON cred should be ANON_CLIENT_CREDENTIALS in case of a client. * In case of a server it should be ANON_SERVER_CREDENTIALS. * - * For GNUTLS_SRP cred should be SRP_CLIENT_CREDENTIALS + * For GNUTLS_CRD_SRP cred should be SRP_CLIENT_CREDENTIALS * in case of a client, and SRP_SERVER_CREDENTIALS, in case * of a server. * - * For GNUTLS_X509PKI cred should be X509PKI_CLIENT_CREDENTIALS - * in case of a client, and X509PKI_SERVER_CREDENTIALS, in case + * For GNUTLS_CRD_CERTIFICATE cred should be CERTIFICATE_CLIENT_CREDENTIALS + * in case of a client, and CERTIFICATE_SERVER_CREDENTIALS, in case * of a server. **/ int gnutls_cred_set( GNUTLS_STATE state, GNUTLS_CredType type, void* cred) { @@ -132,7 +132,7 @@ int gnutls_cred_set( GNUTLS_STATE state, GNUTLS_CredType type, void* cred) { * The returned information is to be used to distinguish the function used * to access authentication data. * - * Eg. for X509PKI ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA), + * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA), * the same function are to be used to access the authentication data. **/ GNUTLS_CredType gnutls_auth_get_type( GNUTLS_STATE state) { @@ -177,9 +177,9 @@ const void *_gnutls_get_cred( GNUTLS_KEY key, CredType type, int *err) { * is data obtained by the handshake protocol, the key exchange algorithm, * and the TLS extensions messages. * - * In case of GNUTLS_ANON returns a pointer to &ANON_(SERVER/CLIENT)_AUTH_INFO; - * In case of GNUTLS_X509PKI returns a pointer to structure &X509PKI_(SERVER/CLIENT)_AUTH_INFO; - * In case of GNUTLS_SRP returns a pointer to structure &SRP_(SERVER/CLIENT)_AUTH_INFO; + * In case of GNUTLS_CRD_ANON returns a pointer to &ANON_(SERVER/CLIENT)_AUTH_INFO; + * In case of GNUTLS_CRD_CERTIFICATE returns a pointer to structure &CERTIFICATE_(SERVER/CLIENT)_AUTH_INFO; + * In case of GNUTLS_CRD_SRP returns a pointer to structure &SRP_(SERVER/CLIENT)_AUTH_INFO; -*/ void* _gnutls_get_auth_info( GNUTLS_STATE state) { return state->gnutls_key->auth_info; @@ -200,13 +200,13 @@ void _gnutls_free_auth_info( GNUTLS_STATE state) { } switch ( state->gnutls_key->auth_info_type) { - case GNUTLS_SRP: - case GNUTLS_ANON: + case GNUTLS_CRD_SRP: + case GNUTLS_CRD_ANON: break; - case GNUTLS_X509PKI: { + case GNUTLS_CRD_CERTIFICATE: { int i; - X509PKI_AUTH_INFO info = + CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info(state); if (info==NULL) break; diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 02319be6f8..1082da61cc 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -21,7 +21,7 @@ #include <gnutls_int.h> #include <gnutls_errors.h> #include <x509_b64.h> -#include <auth_x509.h> +#include <auth_cert.h> #include <gnutls_cert.h> #include <x509_asn1.h> #include <x509_der.h> @@ -95,13 +95,13 @@ void gnutls_free_cert(gnutls_cert cert) /** * gnutls_x509pki_free_sc - Used to free an allocated x509 SERVER CREDENTIALS structure - * @sc: is an &GNUTLS_X509PKI_CREDENTIALS structure. + * @sc: is an &GNUTLS_CERTIFICATE_CREDENTIALS structure. * * This structure is complex enough to manipulate directly thus * this helper function is provided in order to free (deallocate) * the structure. **/ -void gnutls_x509pki_free_sc(GNUTLS_X509PKI_CREDENTIALS sc) +void gnutls_x509pki_free_sc(GNUTLS_CERTIFICATE_CREDENTIALS sc) { int i, j; @@ -136,7 +136,7 @@ void gnutls_x509pki_free_sc(GNUTLS_X509PKI_CREDENTIALS sc) /* Reads a base64 encoded certificate from memory */ -static int read_cert_mem(GNUTLS_X509PKI_CREDENTIALS res, const char *cert, int cert_size) +static int read_cert_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *cert, int cert_size) { int siz, i, siz2; opaque *b64; @@ -213,7 +213,7 @@ static int read_cert_mem(GNUTLS_X509PKI_CREDENTIALS res, const char *cert, int c /* Reads a base64 encoded CA list from memory * This is to be called once. */ -static int read_ca_mem(GNUTLS_X509PKI_CREDENTIALS res, const char *ca, int ca_size) +static int read_ca_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *ca, int ca_size) { int siz, siz2, i; opaque *b64; @@ -280,7 +280,7 @@ static int read_ca_mem(GNUTLS_X509PKI_CREDENTIALS res, const char *ca, int ca_si /* Reads a PEM encoded PKCS-1 RSA private key from memory * 2002-01-26: Added ability to read DSA keys. */ -static int read_key_mem(GNUTLS_X509PKI_CREDENTIALS res, const char *key, int key_size) +static int read_key_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *key, int key_size) { int siz, ret; opaque *b64; @@ -337,7 +337,7 @@ static int read_key_mem(GNUTLS_X509PKI_CREDENTIALS res, const char *key, int key /* Reads a base64 encoded certificate file */ -static int read_cert_file(GNUTLS_X509PKI_CREDENTIALS res, char *certfile) +static int read_cert_file(GNUTLS_CERTIFICATE_CREDENTIALS res, char *certfile) { int siz; char x[MAX_FILE_SIZE]; @@ -359,7 +359,7 @@ static int read_cert_file(GNUTLS_X509PKI_CREDENTIALS res, char *certfile) /* Reads a base64 encoded CA file (file contains multiple certificate * authorities). This is to be called once. */ -static int read_ca_file(GNUTLS_X509PKI_CREDENTIALS res, char *cafile) +static int read_ca_file(GNUTLS_CERTIFICATE_CREDENTIALS res, char *cafile) { int siz; char x[MAX_FILE_SIZE]; @@ -382,7 +382,7 @@ static int read_ca_file(GNUTLS_X509PKI_CREDENTIALS res, char *cafile) /* Reads a PEM encoded PKCS-1 RSA private key file */ -static int read_key_file(GNUTLS_X509PKI_CREDENTIALS res, char *keyfile) +static int read_key_file(GNUTLS_CERTIFICATE_CREDENTIALS res, char *keyfile) { int siz; char x[MAX_FILE_SIZE]; @@ -402,7 +402,7 @@ static int read_key_file(GNUTLS_X509PKI_CREDENTIALS res, char *keyfile) /** * gnutls_x509pki_allocate_sc - Used to allocate an x509 SERVER CREDENTIALS structure - * @res: is a pointer to an &GNUTLS_X509PKI_CREDENTIALS structure. + * @res: is a pointer to an &GNUTLS_CERTIFICATE_CREDENTIALS structure. * @ncerts: this is the number of certificate/private key pair you're going to use. * This should be 1 in common sites. * @@ -410,9 +410,9 @@ static int read_key_file(GNUTLS_X509PKI_CREDENTIALS res, char *keyfile) * this helper function is provided in order to allocate * the structure. **/ -int gnutls_x509pki_allocate_sc(GNUTLS_X509PKI_CREDENTIALS * res, int ncerts) +int gnutls_x509pki_allocate_sc(GNUTLS_CERTIFICATE_CREDENTIALS * res, int ncerts) { - *res = gnutls_calloc(1, sizeof(X509PKI_CREDENTIALS_INT)); + *res = gnutls_calloc(1, sizeof(CERTIFICATE_CREDENTIALS_INT)); if (*res == NULL) return GNUTLS_E_MEMORY_ERROR; @@ -448,13 +448,14 @@ int gnutls_x509pki_allocate_sc(GNUTLS_X509PKI_CREDENTIALS * res, int ncerts) } } + return 0; } /* returns error if the certificate has different algorithm than * the given key parameters. */ -static int _gnutls_check_key_cert_match( GNUTLS_X509PKI_CREDENTIALS res) { +static int _gnutls_check_key_cert_match( GNUTLS_CERTIFICATE_CREDENTIALS res) { if (res->pkey->pk_algorithm != res->cert_list[0]->subject_pk_algorithm) { gnutls_assert(); return GNUTLS_E_CERTIFICATE_KEY_MISMATCH; @@ -464,14 +465,14 @@ static int _gnutls_check_key_cert_match( GNUTLS_X509PKI_CREDENTIALS res) { /** - * gnutls_x509pki_set_key_file - Used to set keys in a GNUTLS_X509PKI_CREDENTIALS structure - * @res: is an &GNUTLS_X509PKI_CREDENTIALS structure. + * gnutls_x509pki_set_key_file - Used to set keys in a GNUTLS_CERTIFICATE_CREDENTIALS structure + * @res: is an &GNUTLS_CERTIFICATE_CREDENTIALS structure. * @CERTFILE: is a PEM encoded file containing the certificate list (path) for * the specified private key * @KEYFILE: is a PEM encoded file containing a private key * * This function sets a certificate/private key pair in the - * GNUTLS_X509PKI_CREDENTIALS structure. This function may be called + * GNUTLS_CERTIFICATE_CREDENTIALS structure. This function may be called * more than once (in case multiple keys/certificates exist for the * server). * @@ -479,7 +480,7 @@ static int _gnutls_check_key_cert_match( GNUTLS_X509PKI_CREDENTIALS res) { * this function. * **/ -int gnutls_x509pki_set_key_file(GNUTLS_X509PKI_CREDENTIALS res, char *CERTFILE, +int gnutls_x509pki_set_key_file(GNUTLS_CERTIFICATE_CREDENTIALS res, char *CERTFILE, char *KEYFILE) { int ret; @@ -500,7 +501,7 @@ int gnutls_x509pki_set_key_file(GNUTLS_X509PKI_CREDENTIALS res, char *CERTFILE, return 0; } -static int generate_rdn_seq( GNUTLS_X509PKI_CREDENTIALS res) { +static int generate_rdn_seq( GNUTLS_CERTIFICATE_CREDENTIALS res) { gnutls_datum tmp; int ret, size, i; opaque *pdata; @@ -553,8 +554,8 @@ opaque *pdata; } /** - * gnutls_x509pki_set_trust_mem - Used to add trusted CAs in a GNUTLS_X509PKI_CREDENTIALS structure - * @res: is an &GNUTLS_X509PKI_CREDENTIALS structure. + * gnutls_x509pki_set_trust_mem - Used to add trusted CAs in a GNUTLS_CERTIFICATE_CREDENTIALS structure + * @res: is an &GNUTLS_CERTIFICATE_CREDENTIALS structure. * @CA: is a PEM encoded list of trusted CAs * @CRL: is a PEM encoded list of CRLs (ignored for now) * @@ -562,7 +563,7 @@ opaque *pdata; * certificates. This function may be called multiple times. * **/ -int gnutls_x509pki_set_trust_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_datum *CA, +int gnutls_x509pki_set_trust_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const gnutls_datum *CA, const gnutls_datum *CRL) { int ret; @@ -577,8 +578,8 @@ int gnutls_x509pki_set_trust_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_da } /** - * gnutls_x509pki_set_trust_file - Used to add trusted CAs in a GNUTLS_X509PKI_CREDENTIALS structure - * @res: is an &GNUTLS_X509PKI_CREDENTIALS structure. + * gnutls_x509pki_set_trust_file - Used to add trusted CAs in a GNUTLS_CERTIFICATE_CREDENTIALS structure + * @res: is an &GNUTLS_CERTIFICATE_CREDENTIALS structure. * @CAFILE: is a PEM encoded file containing trusted CAs * @CRLFILE: is a PEM encoded file containing CRLs (ignored for now) * @@ -586,7 +587,7 @@ int gnutls_x509pki_set_trust_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_da * certificates. This function may be called multiple times. * **/ -int gnutls_x509pki_set_trust_file(GNUTLS_X509PKI_CREDENTIALS res, char *CAFILE, +int gnutls_x509pki_set_trust_file(GNUTLS_CERTIFICATE_CREDENTIALS res, char *CAFILE, char *CRLFILE) { int ret; @@ -602,14 +603,14 @@ int gnutls_x509pki_set_trust_file(GNUTLS_X509PKI_CREDENTIALS res, char *CAFILE, /** - * gnutls_x509pki_set_key_mem - Used to set keys in a GNUTLS_X509PKI_CREDENTIALS structure - * @res: is an &GNUTLS_X509PKI_CREDENTIALS structure. + * gnutls_x509pki_set_key_mem - Used to set keys in a GNUTLS_CERTIFICATE_CREDENTIALS structure + * @res: is an &GNUTLS_CERTIFICATE_CREDENTIALS structure. * @CERT: contains a PEM encoded certificate list (path) for * the specified private key * @KEY: is a PEM encoded private key * * This function sets a certificate/private key pair in the - * GNUTLS_X509PKI_CREDENTIALS structure. This function may be called + * GNUTLS_CERTIFICATE_CREDENTIALS structure. This function may be called * more than once (in case multiple keys/certificates exist for the * server). * @@ -617,7 +618,7 @@ int gnutls_x509pki_set_trust_file(GNUTLS_X509PKI_CREDENTIALS res, char *CAFILE, * this function. * **/ -int gnutls_x509pki_set_key_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_datum* CERT, +int gnutls_x509pki_set_key_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const gnutls_datum* CERT, const gnutls_datum* KEY) { int ret; @@ -1265,7 +1266,7 @@ int _gnutls_x509_cert2gnutls_cert(gnutls_cert * gCert, gnutls_datum derCert) int _gnutls_check_x509pki_key_usage(const gnutls_cert * cert, KXAlgorithm alg) { - if (_gnutls_map_kx_get_cred(alg) == GNUTLS_X509PKI) { + if (_gnutls_map_kx_get_cred(alg) == GNUTLS_CRD_CERTIFICATE) { switch (alg) { case GNUTLS_KX_RSA: if (cert->keyUsage != 0) { diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h index 31dedf1565..d9558f446c 100644 --- a/lib/gnutls_cert.h +++ b/lib/gnutls_cert.h @@ -81,7 +81,7 @@ struct GNUTLS_STATE_INT; /* because GNUTLS_STATE is not defined when this file i int _gnutls_cert_supported_kx( const gnutls_cert* cert, KXAlgorithm **alg, int *alg_size); PKAlgorithm _gnutls_map_pk_get_pk(KXAlgorithm kx_algorithm); -int _gnutls_cert2gnutlsCert(gnutls_cert * gCert, gnutls_datum derCert); +int _gnutls_x509_cert2gnutls_cert(gnutls_cert * gCert, gnutls_datum derCert); #define MAX_INT_DIGITS 4 void _gnutls_int2str(int k, char* data); diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 04d914d1d0..2e28016b8e 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -35,7 +35,7 @@ #include "gnutls_random.h" #include "gnutls_auth_int.h" #include "gnutls_v2_compat.h" -#include "auth_x509.h" +#include "auth_cert.h" #include "gnutls_cert.h" #include "gnutls_constate.h" #include <gnutls_record.h> @@ -498,7 +498,7 @@ KXAlgorithm kx; for (j = 0; j < datalen; j += 2) { kx = _gnutls_cipher_suite_get_kx_algo(*((GNUTLS_CipherSuite *) & data[j])); - if ( _gnutls_map_kx_get_cred( kx) == GNUTLS_X509PKI) { + if ( _gnutls_map_kx_get_cred( kx) == GNUTLS_CRD_CERTIFICATE) { algo = _gnutls_map_pk_get_pk( kx); if (algo!=prev_algo && prev_algo!=0) return -1; @@ -1011,7 +1011,7 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, * need it */ gnutls_free(dataptr); break; - case GNUTLS_CERTIFICATE: + case GNUTLS_CERTIFICATE_PKT: ret = length32; break; case GNUTLS_SERVER_HELLO_DONE: @@ -2278,7 +2278,7 @@ int _gnutls_remove_unwanted_ciphersuites(GNUTLS_STATE state, int ret = 0; GNUTLS_CipherSuite *newSuite; int newSuiteSize = 0, i, j, keep; - const GNUTLS_X509PKI_CREDENTIALS x509_cred; + const GNUTLS_CERTIFICATE_CREDENTIALS x509_cred; const gnutls_cert *cert = NULL; KXAlgorithm *alg; int alg_size; @@ -2288,11 +2288,11 @@ int _gnutls_remove_unwanted_ciphersuites(GNUTLS_STATE state, /* if we should use a specific certificate, * we should remove all algorithms that are not supported * by that certificate and are on the same authentication - * method (X509PKI). + * method (CERTIFICATE). */ x509_cred = - _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); + _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); /* if x509_cred==NULL we should remove all X509 ciphersuites */ @@ -2340,7 +2340,7 @@ int _gnutls_remove_unwanted_ciphersuites(GNUTLS_STATE state, /* If there was no credentials to use with the specified * key exchange method, then just remove it. */ - if (_gnutls_map_kx_get_cred(kx) == GNUTLS_X509PKI) { + if (_gnutls_map_kx_get_cred(kx) == GNUTLS_CRD_CERTIFICATE) { keep = 1; /* do not keep */ if (x509_cred != NULL) { if (state->security_parameters.entity == diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index f8e70268ba..81c1738614 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -139,7 +139,7 @@ typedef enum HandshakeState { STATE0=0, STATE1, STATE2, STATE3, STATE4, STATE5, STATE30=30, STATE31, STATE50=50, STATE60=60, STATE61 } HandshakeState; typedef enum HandshakeType { GNUTLS_HELLO_REQUEST, GNUTLS_CLIENT_HELLO, GNUTLS_SERVER_HELLO, - GNUTLS_CERTIFICATE=11, GNUTLS_SERVER_KEY_EXCHANGE, + GNUTLS_CERTIFICATE_PKT=11, GNUTLS_SERVER_KEY_EXCHANGE, GNUTLS_CERTIFICATE_REQUEST, GNUTLS_SERVER_HELLO_DONE, GNUTLS_CERTIFICATE_VERIFY, GNUTLS_CLIENT_KEY_EXCHANGE, GNUTLS_FINISHED=20 } HandshakeType; @@ -183,7 +183,7 @@ typedef enum CertType { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP } CertType; #define GNUTLS_CertType CertType -typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP +typedef enum CredType { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } CredType; #define GNUTLS_CredType CredType diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index fbe87eba67..9bfc98eba4 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -450,7 +450,7 @@ int _gnutls_send_client_certificate( GNUTLS_STATE state, int again) return data_size; } } - ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CERTIFICATE); + ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CERTIFICATE_PKT); gnutls_free(data); if (ret<0) { @@ -485,7 +485,7 @@ int _gnutls_send_server_certificate( GNUTLS_STATE state, int again) return data_size; } } - ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CERTIFICATE); + ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CERTIFICATE_PKT); gnutls_free(data); if (ret < 0) { @@ -520,7 +520,7 @@ int _gnutls_recv_client_certificate( GNUTLS_STATE state) ret = _gnutls_recv_handshake( state, &data, &datasize, - GNUTLS_CERTIFICATE, optional); + GNUTLS_CERTIFICATE_PKT, optional); if (ret < 0) { if (optional == OPTIONAL_PACKET && ret==GNUTLS_E_WARNING_ALERT_RECEIVED && @@ -579,7 +579,7 @@ int _gnutls_recv_server_certificate( GNUTLS_STATE state) ret = _gnutls_recv_handshake( state, &data, &datasize, - GNUTLS_CERTIFICATE, MANDATORY_PACKET); + GNUTLS_CERTIFICATE_PKT, MANDATORY_PACKET); if (ret < 0) { gnutls_assert(); return ret; diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index 360f4236ab..b29e882279 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -22,7 +22,7 @@ #include <gnutls_int.h> #include <gnutls_errors.h> #include <x509_b64.h> -#include <auth_x509.h> +#include <auth_cert.h> #include <gnutls_cert.h> #include <x509_asn1.h> #include <x509_der.h> diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index c7f0b25589..6c723f4688 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -20,7 +20,7 @@ #include <gnutls_int.h> #include <auth_srp.h> #include <auth_anon.h> -#include <auth_x509.h> +#include <auth_cert.h> #include <gnutls_errors.h> #include <gnutls_auth_int.h> #include <gnutls_session_pack.h> @@ -28,11 +28,11 @@ #include <gnutls_num.h> #define PACK_HEADER_SIZE 1 -int _gnutls_pack_x509pki_auth_info( X509PKI_AUTH_INFO info, +int _gnutls_pack_x509pki_auth_info( CERTIFICATE_AUTH_INFO info, gnutls_datum * packed_session); -int _gnutls_unpack_x509pki_auth_info(X509PKI_AUTH_INFO info, +int _gnutls_unpack_x509pki_auth_info(CERTIFICATE_AUTH_INFO info, const gnutls_datum * packed_session); -static int _gnutls_pack_x509pki_auth_info_size( X509PKI_AUTH_INFO info); +static int _gnutls_pack_x509pki_auth_info_size( CERTIFICATE_AUTH_INFO info); /* Since auth_info structures contain malloced data, this function @@ -51,7 +51,7 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) switch (gnutls_auth_get_type(state)) { - case GNUTLS_SRP:{ + case GNUTLS_CRD_SRP:{ SRP_SERVER_AUTH_INFO info = _gnutls_get_auth_info(state); @@ -65,7 +65,7 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof(uint32); - packed_session->data[0] = GNUTLS_SRP; + packed_session->data[0] = GNUTLS_CRD_SRP; WRITEuint32(pack_size, &packed_session-> data[PACK_HEADER_SIZE]); @@ -78,7 +78,7 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) } break; - case GNUTLS_ANON:{ + case GNUTLS_CRD_ANON:{ ANON_CLIENT_AUTH_INFO info = _gnutls_get_auth_info(state); if (info == NULL && state->gnutls_key->auth_info_size!=0) @@ -87,7 +87,7 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) packed_session->size = PACK_HEADER_SIZE + state->gnutls_key->auth_info_size + sizeof(uint32); - packed_session->data[0] = GNUTLS_ANON; + packed_session->data[0] = GNUTLS_CRD_ANON; WRITEuint32(state->gnutls_key->auth_info_size, &packed_session-> data[PACK_HEADER_SIZE]); @@ -99,8 +99,8 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) } break; - case GNUTLS_X509PKI:{ - X509PKI_AUTH_INFO info = + case GNUTLS_CRD_CERTIFICATE:{ + CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info(state); if (info == NULL) return GNUTLS_E_INVALID_PARAMETERS; @@ -141,12 +141,12 @@ int _gnutls_session_size( GNUTLS_STATE state) pack_size = PACK_HEADER_SIZE + sizeof(uint32); switch ( gnutls_auth_get_type(state)) { - case GNUTLS_SRP: - case GNUTLS_ANON: + case GNUTLS_CRD_SRP: + case GNUTLS_CRD_ANON: pack_size += state->gnutls_key->auth_info_size; break; - case GNUTLS_X509PKI: { - X509PKI_AUTH_INFO info = + case GNUTLS_CRD_CERTIFICATE: { + CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info(state); if (info == NULL) @@ -182,7 +182,7 @@ int _gnutls_session_unpack(GNUTLS_STATE state, } switch ( packed_session->data[0]) { - case GNUTLS_SRP:{ + case GNUTLS_CRD_SRP:{ pack_size = READuint32(&packed_session-> @@ -211,7 +211,7 @@ int _gnutls_session_unpack(GNUTLS_STATE state, pack_size); } break; - case GNUTLS_ANON:{ + case GNUTLS_CRD_ANON:{ pack_size = READuint32(&packed_session-> data[PACK_HEADER_SIZE]); @@ -237,27 +237,27 @@ int _gnutls_session_unpack(GNUTLS_STATE state, pack_size); } break; - case GNUTLS_X509PKI:{ + case GNUTLS_CRD_CERTIFICATE:{ pack_size = READuint32(&packed_session-> data[PACK_HEADER_SIZE]); if (pack_size == 0) break; - if (pack_size < sizeof(X509PKI_AUTH_INFO_INT)) { + if (pack_size < sizeof(CERTIFICATE_AUTH_INFO_INT)) { gnutls_assert(); return GNUTLS_E_DB_ERROR; } state->gnutls_key->auth_info = - gnutls_malloc( sizeof(X509PKI_AUTH_INFO_INT)); + gnutls_malloc( sizeof(CERTIFICATE_AUTH_INFO_INT)); if (state->gnutls_key->auth_info == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } state->gnutls_key->auth_info_size = - sizeof(X509PKI_AUTH_INFO_INT); + sizeof(CERTIFICATE_AUTH_INFO_INT); ret = _gnutls_unpack_x509pki_auth_info(state-> @@ -308,20 +308,20 @@ int _gnutls_session_unpack(GNUTLS_STATE state, return 0; } -int _gnutls_pack_x509pki_auth_info( X509PKI_AUTH_INFO info, +int _gnutls_pack_x509pki_auth_info( CERTIFICATE_AUTH_INFO info, gnutls_datum * packed_session) { uint32 pos, i; packed_session->size = _gnutls_pack_x509pki_auth_info_size( info); - packed_session->data[0] = GNUTLS_X509PKI; + packed_session->data[0] = GNUTLS_CRD_CERTIFICATE; WRITEuint32( packed_session->size-PACK_HEADER_SIZE-sizeof(uint32), &packed_session->data[PACK_HEADER_SIZE]); memcpy(&packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)], - info, sizeof(X509PKI_AUTH_INFO_INT)); + info, sizeof(CERTIFICATE_AUTH_INFO_INT)); - pos = PACK_HEADER_SIZE + sizeof(uint32) + sizeof(X509PKI_AUTH_INFO_INT); + pos = PACK_HEADER_SIZE + sizeof(uint32) + sizeof(CERTIFICATE_AUTH_INFO_INT); for (i=0;i<info->ncerts;i++) { WRITEuint32( info->raw_certificate_list[i].size, &packed_session->data[pos]); @@ -335,9 +335,9 @@ int _gnutls_pack_x509pki_auth_info( X509PKI_AUTH_INFO info, return 0; } -static int _gnutls_pack_x509pki_auth_info_size( X509PKI_AUTH_INFO info) +static int _gnutls_pack_x509pki_auth_info_size( CERTIFICATE_AUTH_INFO info) { - uint32 pack_size = sizeof(X509PKI_AUTH_INFO_INT); + uint32 pack_size = sizeof(CERTIFICATE_AUTH_INFO_INT); int i; if (info == NULL) @@ -351,7 +351,7 @@ static int _gnutls_pack_x509pki_auth_info_size( X509PKI_AUTH_INFO info) } -int _gnutls_unpack_x509pki_auth_info(X509PKI_AUTH_INFO info, +int _gnutls_unpack_x509pki_auth_info(CERTIFICATE_AUTH_INFO info, const gnutls_datum * packed_session) { int ret, i, pos, j; @@ -359,9 +359,9 @@ uint32 size; memcpy(info, &packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)], - sizeof(X509PKI_AUTH_INFO_INT)); + sizeof(CERTIFICATE_AUTH_INFO_INT)); - pos = PACK_HEADER_SIZE + sizeof(uint32) + sizeof(X509PKI_AUTH_INFO_INT); + pos = PACK_HEADER_SIZE + sizeof(uint32) + sizeof(CERTIFICATE_AUTH_INFO_INT); if (info->ncerts > 0) { info->raw_certificate_list = gnutls_calloc( 1, info->ncerts * sizeof( gnutls_datum)); if (info->raw_certificate_list == NULL) { diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 23ea2806ac..b853eefe73 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -21,7 +21,7 @@ #include <gnutls_int.h> #include <gnutls_errors.h> #include <x509_b64.h> -#include <auth_x509.h> +#include <auth_cert.h> #include <gnutls_cert.h> #include <x509_asn1.h> #include <x509_der.h> diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h index 7140a7dbae..b9b5559b35 100644 --- a/lib/gnutls_sig.h +++ b/lib/gnutls_sig.h @@ -1,6 +1,6 @@ #ifndef GNUTLS_SIG_H # define GNUTLS_SIG_H -# include <auth_x509.h> +# include <auth_cert.h> CertificateStatus gnutls_x509_verify_signature(gnutls_cert* cert, gnutls_cert* issuer); int _gnutls_pkcs1_rsa_generate_sig( gnutls_cert* cert, gnutls_private_key *pkey, const gnutls_datum* hash_concat, gnutls_datum *signature); diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index 94a68678b1..81ade241e8 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -21,7 +21,7 @@ #include <gnutls_int.h> #include <auth_srp.h> #include <auth_anon.h> -#include <auth_x509.h> +#include <auth_cert.h> #include <gnutls_errors.h> #include <gnutls_auth_int.h> @@ -44,7 +44,7 @@ const char *gnutls_srp_server_get_username(GNUTLS_STATE state) { SRP_SERVER_AUTH_INFO info; - CHECK_AUTH(GNUTLS_SRP, NULL); + CHECK_AUTH(GNUTLS_CRD_SRP, NULL); info = _gnutls_get_auth_info(state); if (info == NULL) @@ -80,7 +80,7 @@ void gnutls_dh_set_bits(GNUTLS_STATE state, int bits) int gnutls_dh_get_bits(GNUTLS_STATE state) { switch( gnutls_auth_get_type( state)) { - case GNUTLS_ANON: { + case GNUTLS_CRD_ANON: { ANON_SERVER_AUTH_INFO info; info = _gnutls_get_auth_info(state); @@ -88,8 +88,8 @@ int gnutls_dh_get_bits(GNUTLS_STATE state) return GNUTLS_E_UNKNOWN_ERROR; return info->dh_bits; } - case GNUTLS_X509PKI: { - X509PKI_AUTH_INFO info; + case GNUTLS_CRD_CERTIFICATE: { + CERTIFICATE_AUTH_INFO info; info = _gnutls_get_auth_info(state); if (info == NULL) @@ -106,6 +106,65 @@ int gnutls_dh_get_bits(GNUTLS_STATE state) /* X509PKI */ /** + * gnutls_x509pki_get_our_certificate - This function returns the raw (DER encoded) certificate sent in the last handshake + * @state: is a gnutls state + * + * This function will return the raw certificate list as sent to the peer, + * in the last handshake. These certificates are DER encoded. + * The first certificate in the list is the peer's certificate, + * following the issuer's certificate, then the issuer's issuer etc. + * Returns NULL in case of an error, or if no certificate was sent. + * + **/ +const gnutls_datum *gnutls_x509pki_get_our_certificate(GNUTLS_STATE state) +{ + const GNUTLS_CERTIFICATE_CREDENTIALS cred; + int index; + + CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL); + + cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); + if (cred == NULL) { + gnutls_assert(); + return NULL; + } + + index = state->gnutls_internals.selected_cert_index; + if (index < 0) return NULL; /* no certificate */ + + return &cred->cert_list[index]->raw; +} + +/** + * gnutls_x509pki_get_our_certificate_index - This function returns the index of the certificate sent in the last handshake + * @state: is a gnutls state + * + * This function will return the index of the certificate list sent to + * the peer, in the last handshake. The index depends on the sequence + * that the certificates were added, and the first certificate is assigned 0. + * Returns a negative value in case of an error, or if no certificate was sent. + * + **/ +int gnutls_x509pki_get_our_certificate_index(GNUTLS_STATE state) +{ + const GNUTLS_CERTIFICATE_CREDENTIALS cred; + int index; + + CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); + + cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); + if (cred == NULL) { + gnutls_assert(); + return GNUTLS_E_INSUFICIENT_CRED; + } + + index = state->gnutls_internals.selected_cert_index; + if (index < 0) return GNUTLS_E_NO_CERTIFICATE_FOUND; /* no certificate */ + + return index; +} + +/** * gnutls_x509pki_get_peer_certificate_list - This function returns the peer's raw (DER encoded) certificate * @state: is a gnutls state * @list_size: is the length of the certificate list @@ -118,9 +177,9 @@ int gnutls_dh_get_bits(GNUTLS_STATE state) **/ const gnutls_datum *gnutls_x509pki_get_peer_certificate_list(GNUTLS_STATE state, int *list_size) { - X509PKI_AUTH_INFO info; + CERTIFICATE_AUTH_INFO info; - CHECK_AUTH(GNUTLS_X509PKI, NULL); + CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL); info = _gnutls_get_auth_info(state); if (info == NULL) @@ -142,9 +201,9 @@ const gnutls_datum *gnutls_x509pki_get_peer_certificate_list(GNUTLS_STATE state, **/ int gnutls_x509pki_get_certificate_request_status(GNUTLS_STATE state) { - X509PKI_AUTH_INFO info; + CERTIFICATE_AUTH_INFO info; - CHECK_AUTH(GNUTLS_X509PKI, 0); + CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, 0); info = _gnutls_get_auth_info(state); if (info == NULL) diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index 660c894121..6d26ff1a68 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -60,9 +60,9 @@ int gnutls_dh_get_bits( GNUTLS_STATE); /* X509PKI */ -void gnutls_x509pki_set_client_cert_callback( GNUTLS_X509PKI_CREDENTIALS, gnutls_x509pki_client_cert_callback_func *); +void gnutls_x509pki_set_client_cert_callback( GNUTLS_CERTIFICATE_CREDENTIALS, gnutls_x509pki_client_cert_callback_func *); -void gnutls_x509pki_set_server_cert_callback( GNUTLS_X509PKI_CREDENTIALS, gnutls_x509pki_server_cert_callback_func *); +void gnutls_x509pki_set_server_cert_callback( GNUTLS_CERTIFICATE_CREDENTIALS, gnutls_x509pki_server_cert_callback_func *); void gnutls_x509pki_server_set_cert_request( GNUTLS_STATE, GNUTLS_CertificateRequest); /* X.509 certificate handling functions */ diff --git a/lib/x509_sig_check.c b/lib/x509_sig_check.c index 326d8194a5..28b2b7f0e7 100644 --- a/lib/x509_sig_check.c +++ b/lib/x509_sig_check.c @@ -21,7 +21,7 @@ #include <gnutls_int.h> #include <gnutls_errors.h> #include <x509_b64.h> -#include <auth_x509.h> +#include <auth_cert.h> #include <gnutls_cert.h> #include <x509_asn1.h> #include <x509_der.h> |