1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
|
/*
* Copyright (C) 2001 Nikos Mavroyanopoulos
*
* This file is part of GNUTLS.
*
* GNUTLS is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUTLS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <gnutls_int.h>
#include <auth_srp.h>
#include <auth_anon.h>
#include <auth_x509.h>
#include <gnutls_errors.h>
#include <gnutls_auth_int.h>
/* SRP */
#define CHECK_AUTH(auth, ret) if (gnutls_get_auth_type(state) != auth) { \
gnutls_assert(); \
return ret; \
}
/**
* gnutls_srp_server_get_username - This function returns the username of the peer
* @state: is a gnutls state
*
* This function will return the username of the peer. This should only be
* called in case of SRP authentication and in case of a server.
* Returns NULL in case of an error.
*
**/
const char *gnutls_srp_server_get_username(GNUTLS_STATE state)
{
SRP_SERVER_AUTH_INFO info;
CHECK_AUTH(GNUTLS_SRP, NULL);
info = _gnutls_get_auth_info(state);
if (info == NULL)
return NULL;
return info->username;
}
/* ANON */
/**
* gnutls_anon_server_get_dh_bits - This function returns the bits used in DH authentication
* @state: is a gnutls state
*
* This function will return the bits used in the Diffie Hellman authentication
* with the peer. This should only be called in case of a server.
* Returns a negative value in case of an error.
*
**/
int gnutls_anon_server_get_dh_bits(GNUTLS_STATE state)
{
ANON_SERVER_AUTH_INFO info;
CHECK_AUTH(GNUTLS_ANON, GNUTLS_E_INVALID_REQUEST);
info = _gnutls_get_auth_info(state);
if (info == NULL)
return GNUTLS_E_UNKNOWN_ERROR;
return info->dh_bits;
}
/**
* gnutls_anon_client_get_dh_bits - This function returns the bits used in DH authentication
* @state: is a gnutls state
*
* This function will return the bits used in the Diffie Hellman authentication
* with the peer. This should only be called in case of a client.
* Returns a negative value in case of an error.
*
**/
int gnutls_anon_client_get_dh_bits(GNUTLS_STATE state)
{
ANON_CLIENT_AUTH_INFO info;
CHECK_AUTH(GNUTLS_ANON, GNUTLS_E_INVALID_REQUEST);
info = _gnutls_get_auth_info(state);
if (info == NULL)
return GNUTLS_E_UNKNOWN_ERROR;
return info->dh_bits;
}
/* X509PKI */
/**
* gnutls_x509pki_get_peer_certificate_status - This function returns the peer's certificate status
* @state: is a gnutls state
*
* This function will return the peer's certificate status (TRUSTED, EXPIRED etc.). This is the output
* of the certificate verification function. However you must also check the peer's name in order
* to check if the verified certificate belongs to the actual peer.
* Returns GNUTLS_CERT_NONE in case of an error, or if no certificate was sent.
*
**/
CertificateStatus gnutls_x509pki_get_peer_certificate_status(GNUTLS_STATE
state)
{
X509PKI_AUTH_INFO info;
CHECK_AUTH(GNUTLS_X509PKI, GNUTLS_CERT_NONE);
info = _gnutls_get_auth_info(state);
if (info == NULL)
return GNUTLS_CERT_NONE;
return info->peer_certificate_status;
}
/**
* gnutls_x509pki_get_peer_certificate - This function returns the peer's raw (DER encoded) certificate
* @state: is a gnutls state
*
* This function will return the peer's raw certificate as sent by the peer.
* This certificate is DER encoded.
* Returns NULL in case of an error, or if no certificate was sent.
*
**/
const gnutls_datum *gnutls_x509pki_get_peer_certificate(GNUTLS_STATE state)
{
X509PKI_AUTH_INFO info;
CHECK_AUTH(GNUTLS_X509PKI, NULL);
info = _gnutls_get_auth_info(state);
if (info == NULL)
return NULL;
return &info->raw_certificate;
}
/**
* gnutls_x509pki_get_peer_certificate_version - This function returns the peer's certificate version
* @state: is a gnutls state
*
* This function will return the peer's certificate version (1, 2, 3). This is obtained by the X509 Certificate
* Version field. If the certificate is invalid then version will be zero.
* Returns a negative value in case of an error.
*
**/
int gnutls_x509pki_get_peer_certificate_version(GNUTLS_STATE state)
{
X509PKI_AUTH_INFO info;
CHECK_AUTH(GNUTLS_X509PKI, GNUTLS_E_INVALID_REQUEST);
info = _gnutls_get_auth_info(state);
if (info == NULL)
return GNUTLS_E_UNKNOWN_ERROR;
return info->peer_certificate_version;
}
/**
* gnutls_x509pki_get_dh_bits - This function returns the number of bits used in a DHE handshake
* @state: is a gnutls state
*
* This function will return the number of bits used in a Diffie Hellman Handshake. This will only
* occur in case of DHE_* ciphersuites. The return value may be zero if no applicable ciphersuite was
* used.
* Returns a negative value in case of an error.
*
**/
int gnutls_x509pki_get_dh_bits(GNUTLS_STATE state)
{
X509PKI_AUTH_INFO info;
CHECK_AUTH(GNUTLS_X509PKI, GNUTLS_E_INVALID_REQUEST);
info = _gnutls_get_auth_info(state);
if (info == NULL)
return GNUTLS_E_UNKNOWN_ERROR;
return info->dh_bits;
}
/**
* gnutls_x509pki_get_peer_certificate_activation_time - This function returns the peer's certificate activation time
* @state: is a gnutls state
*
* This function will return the peer's certificate activation time in UNIX time
* (ie seconds since 00:00:00 UTC January 1, 1970).
* Returns a (time_t) -1 in case of an error.
*
**/
time_t gnutls_x509pki_get_peer_certificate_activation_time(GNUTLS_STATE
state)
{
X509PKI_AUTH_INFO info;
CHECK_AUTH(GNUTLS_X509PKI, -1);
info = _gnutls_get_auth_info(state);
if (info == NULL)
return -1;
return info->peer_certificate_activation_time;
}
/**
* gnutls_x509pki_get_peer_certificate_expiration_time - This function returns the peer's certificate expiration time
* @state: is a gnutls state
*
* This function will return the peer's certificate expiration time in UNIX time
* (ie seconds since 00:00:00 UTC January 1, 1970).
* Returns a (time_t) -1 in case of an error.
*
**/
time_t gnutls_x509pki_get_peer_certificate_expiration_time(GNUTLS_STATE
state)
{
X509PKI_AUTH_INFO info;
CHECK_AUTH(GNUTLS_X509PKI, -1);
info = _gnutls_get_auth_info(state);
if (info == NULL)
return -1;
return info->peer_certificate_expiration_time;
}
/**
* gnutls_x509pki_get_key_usage - This function returns the peer's certificate key usage
* @state: is a gnutls state
*
* This function will return the peer's certificate key usage. This is specified in X509v3 Certificate
* Extensions and is an 8bit string.
* Returns zero in case of an error.
*
**/
unsigned char gnutls_x509pki_get_key_usage(GNUTLS_STATE state)
{
X509PKI_AUTH_INFO info;
CHECK_AUTH(GNUTLS_X509PKI, 0);
info = _gnutls_get_auth_info(state);
if (info == NULL)
return 0;
return info->keyUsage;
}
/**
* gnutls_x509pki_get_certificate_request_status - This function returns the certificate request status
* @state: is a gnutls state
*
* This function will return 0 if the peer (server) did not request client
* authentication or 1 otherwise.
* Returns a negative value in case of an error.
*
**/
int gnutls_x509pki_get_certificate_request_status(GNUTLS_STATE state)
{
X509PKI_AUTH_INFO info;
CHECK_AUTH(GNUTLS_X509PKI, 0);
info = _gnutls_get_auth_info(state);
if (info == NULL)
return GNUTLS_E_UNKNOWN_ERROR;
return info->certificate_requested;
}
/**
* gnutls_x509pki_get_subject_dns_name - This function returns the peer's dns name, if any
* @state: is a gnutls state
*
* This function will return the peer's alternative name (the dns part of it).
* This is specified in X509v3 Certificate Extensions.
* GNUTLS will only return the dnsName of the Alternative name, or a null
* string.
* Returns NULL in case of an error.
*
**/
const char *gnutls_x509pki_get_subject_dns_name(GNUTLS_STATE state)
{
X509PKI_AUTH_INFO info;
CHECK_AUTH(GNUTLS_X509PKI, NULL);
info = _gnutls_get_auth_info(state);
if (info == NULL)
return NULL;
return info->subjectAltDNSName;
}
|
