Skip to content

Latest commit

 

History

History
95 lines (84 loc) · 3.25 KB

gnutls.h

File metadata and controls

95 lines (84 loc) · 3.25 KB
 
Jun 14, 2012
Jun 14, 2012
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
/*
* OpenConnect (SSL + DTLS) VPN client
*
* Copyright © 2008-2012 Intel Corporation.
*
* Author: David Woodhouse <dwmw2@infradead.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* version 2.1, as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to:
*
* Free Software Foundation, Inc.
* 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA
*/
#ifndef __OPENCONNECT_GNUTLS_H__
#define __OPENCONNECT_GNUTLS_H__
#include <gnutls/gnutls.h>
#include <gnutls/pkcs12.h>
Jun 14, 2012
Jun 14, 2012
30
31
32
#include <gnutls/abstract.h>
#include "openconnect-internal.h"
Jun 14, 2012
Jun 14, 2012
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#ifndef HAVE_GNUTLS_PKCS12_SIMPLE_PARSE
/* If we're using a version of GnuTLS from before this was
exported, pull in our local copy. */
int gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12, const char *password,
gnutls_x509_privkey_t * key,
gnutls_x509_crt_t ** chain,
unsigned int * chain_len,
gnutls_x509_crt_t ** extra_certs,
unsigned int * extra_certs_len,
gnutls_x509_crl_t * crl,
unsigned int flags);
#endif /* !HAVE_GNUTLS_PKCS12_SIMPLE_PARSE */
Feb 12, 2013
Feb 12, 2013
48
49
50
51
52
53
54
55
56
57
#ifndef HAVE_GNUTLS_PUBKEY_VERIFY_DATA2
static inline int gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey,
gnutls_sign_algorithm_t algo,
unsigned int flags,
const gnutls_datum_t *data,
const gnutls_datum_t *sig)
{
return gnutls_pubkey_verify_data(pubkey, flags, data, sig);
}
#endif /* !HAVE_GNUTLS_PUBKEY_VERIFY_DATA2 */
Jun 14, 2012
Jun 14, 2012
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#ifndef HAVE_GNUTLS_CERTIFICATE_SET_KEY
int gtls2_tpm_sign_cb(gnutls_session_t sess, void *_vpninfo,
gnutls_certificate_type_t cert_type,
const gnutls_datum_t *cert, const gnutls_datum_t *data,
gnutls_datum_t *sig);
int gtls2_tpm_sign_dummy_data(struct openconnect_info *vpninfo,
const gnutls_datum_t *data,
gnutls_datum_t *sig);
#endif /* !HAVE_GNUTLS_CERTIFICATE_SET_KEY */
/* In GnuTLS 2.12 this can't be a real private key; we have to use the sign_callback
instead. But we want to set the 'pkey' variable to *something* non-NULL in order
to indicate that we aren't just using an x509 key. */
#define OPENCONNECT_TPM_PKEY ((void *)1UL)
static inline int sign_dummy_data(struct openconnect_info *vpninfo,
gnutls_privkey_t pkey,
const gnutls_datum_t *data,
Feb 12, 2013
Feb 12, 2013
77
78
gnutls_datum_t *sig,
gnutls_sign_algorithm_t *algo)
Jun 14, 2012
Jun 14, 2012
79
80
{
#if defined (HAVE_TROUSERS) && !defined(HAVE_GNUTLS_CERTIFICATE_SET_KEY)
Feb 12, 2013
Feb 12, 2013
81
82
83
if (pkey == OPENCONNECT_TPM_PKEY) {
if (algo)
*algo = GNUTLS_SIGN_RSA_SHA1;
Jun 14, 2012
Jun 14, 2012
84
return gtls2_tpm_sign_dummy_data(vpninfo, data, sig);
Feb 12, 2013
Feb 12, 2013
85
}
Jun 14, 2012
Jun 14, 2012
86
#endif
Feb 12, 2013
Feb 12, 2013
87
88
if (algo)
*algo = gnutls_pk_to_sign(gnutls_privkey_get_pk_algorithm(pkey, NULL), GNUTLS_DIG_SHA1);
Jun 14, 2012
Jun 14, 2012
89
90
91
92
93
94
return gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA1, 0, data, sig);
}
int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
gnutls_privkey_t *pkey, gnutls_datum_t *pkey_sig);
Jun 14, 2012
Jun 14, 2012
95
#endif /* __OPENCONNECT_GNUTLS_H__ */