doc update
[gnutls:gnutls.git] / lib / gnutls_state.c
1 /*
2  * Copyright (C) 2002-2015 Free Software Foundation, Inc.
3  * Copyright (C) 2014-2015 Nikos Mavrogiannopoulos
4  *
5  * Author: Nikos Mavrogiannopoulos
6  *
7  * This file is part of GnuTLS.
8  *
9  * The GnuTLS is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU Lesser General Public License
11  * as published by the Free Software Foundation; either version 2.1 of
12  * the License, or (at your option) any later version.
13  *
14  * This library is distributed in the hope that it will be useful, but
15  * WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  * Lesser General Public License for more details.
18  *
19  * You should have received a copy of the GNU Lesser General Public License
20  * along with this program.  If not, see <http://www.gnu.org/licenses/>
21  *
22  */
23
24 /* Functions to manipulate the session (gnutls_int.h), and some other stuff
25  * are included here. The file's name is traditionally gnutls_state even if the
26  * state has been renamed to session.
27  */
28
29 #include <gnutls_int.h>
30 #include <gnutls_errors.h>
31 #include <gnutls_auth.h>
32 #include <gnutls_num.h>
33 #include <gnutls_datum.h>
34 #include <gnutls_db.h>
35 #include <gnutls_record.h>
36 #include <gnutls_handshake.h>
37 #include <gnutls_dh.h>
38 #include <gnutls_buffers.h>
39 #include <gnutls_mbuffers.h>
40 #include <gnutls_state.h>
41 #include <gnutls_constate.h>
42 #include <auth/cert.h>
43 #include <auth/anon.h>
44 #include <auth/psk.h>
45 #include <algorithms.h>
46 #include <gnutls_extensions.h>
47 #include <system.h>
48 #include <random.h>
49 #include <fips.h>
50 #include <gnutls/dtls.h>
51
52 /* These should really be static, but src/tests.c calls them.  Make
53    them public functions?  */
54 void
55 _gnutls_rsa_pms_set_version(gnutls_session_t session,
56                             unsigned char major, unsigned char minor);
57
58 void
59 _gnutls_session_cert_type_set(gnutls_session_t session,
60                               gnutls_certificate_type_t ct)
61 {
62         _gnutls_handshake_log
63             ("HSK[%p]: Selected certificate type %s (%d)\n", session,
64              gnutls_certificate_type_get_name(ct), ct);
65         session->security_parameters.cert_type = ct;
66 }
67
68 void
69 _gnutls_session_ecc_curve_set(gnutls_session_t session,
70                               gnutls_ecc_curve_t c)
71 {
72         _gnutls_handshake_log("HSK[%p]: Selected ECC curve %s (%d)\n",
73                               session, gnutls_ecc_curve_get_name(c), c);
74         session->security_parameters.ecc_curve = c;
75 }
76
77 /**
78  * gnutls_cipher_get:
79  * @session: is a #gnutls_session_t structure.
80  *
81  * Get currently used cipher.
82  *
83  * Returns: the currently used cipher, a #gnutls_cipher_algorithm_t
84  *   type.
85  **/
86 gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session)
87 {
88         record_parameters_st *record_params;
89         int ret;
90
91         ret =
92             _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
93         if (ret < 0)
94                 return gnutls_assert_val(GNUTLS_CIPHER_NULL);
95
96         return record_params->cipher->id;
97 }
98
99 /**
100  * gnutls_certificate_type_get:
101  * @session: is a #gnutls_session_t structure.
102  *
103  * The certificate type is by default X.509, unless it is negotiated
104  * as a TLS extension.
105  *
106  * Returns: the currently used #gnutls_certificate_type_t certificate
107  *   type.
108  **/
109 gnutls_certificate_type_t
110 gnutls_certificate_type_get(gnutls_session_t session)
111 {
112         return session->security_parameters.cert_type;
113 }
114
115 /**
116  * gnutls_kx_get:
117  * @session: is a #gnutls_session_t structure.
118  *
119  * Get currently used key exchange algorithm.
120  *
121  * Returns: the key exchange algorithm used in the last handshake, a
122  *   #gnutls_kx_algorithm_t value.
123  **/
124 gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session)
125 {
126         return session->security_parameters.kx_algorithm;
127 }
128
129 /**
130  * gnutls_mac_get:
131  * @session: is a #gnutls_session_t structure.
132  *
133  * Get currently used MAC algorithm.
134  *
135  * Returns: the currently used mac algorithm, a
136  *   #gnutls_mac_algorithm_t value.
137  **/
138 gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session)
139 {
140         record_parameters_st *record_params;
141         int ret;
142
143         ret =
144             _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
145         if (ret < 0)
146                 return gnutls_assert_val(GNUTLS_MAC_NULL);
147
148         return record_params->mac->id;
149 }
150
151 /**
152  * gnutls_compression_get:
153  * @session: is a #gnutls_session_t structure.
154  *
155  * Get currently used compression algorithm.
156  *
157  * Returns: the currently used compression method, a
158  *   #gnutls_compression_method_t value.
159  **/
160 gnutls_compression_method_t
161 gnutls_compression_get(gnutls_session_t session)
162 {
163         record_parameters_st *record_params;
164         int ret;
165
166         ret =
167             _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
168         if (ret < 0)
169                 return gnutls_assert_val(GNUTLS_COMP_NULL);
170
171         return record_params->compression_algorithm;
172 }
173
174 /* Check if the given certificate type is supported.
175  * This means that it is enabled by the priority functions,
176  * and a matching certificate exists.
177  */
178 int
179 _gnutls_session_cert_type_supported(gnutls_session_t session,
180                                     gnutls_certificate_type_t cert_type)
181 {
182         unsigned i;
183         unsigned cert_found = 0;
184         gnutls_certificate_credentials_t cred;
185
186         if (session->security_parameters.entity == GNUTLS_SERVER) {
187                 cred = (gnutls_certificate_credentials_t)
188                     _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
189
190                 if (cred == NULL)
191                         return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
192
193                 if (cred->get_cert_callback == NULL && cred->get_cert_callback2 == NULL) {
194                         for (i = 0; i < cred->ncerts; i++) {
195                                 if (cred->certs[i].cert_list[0].type ==
196                                     cert_type) {
197                                         cert_found = 1;
198                                         break;
199                                 }
200                         }
201
202                         if (cert_found == 0)
203                                 /* no certificate is of that type.
204                                  */
205                                 return
206                                     GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
207                 }
208         }
209
210         if (session->internals.priorities.cert_type.algorithms == 0
211             && cert_type == DEFAULT_CERT_TYPE)
212                 return 0;
213
214         for (i = 0; i < session->internals.priorities.cert_type.algorithms;
215              i++) {
216                 if (session->internals.priorities.cert_type.priority[i] ==
217                     cert_type) {
218                         return 0;       /* ok */
219                 }
220         }
221
222         return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
223 }
224
225
226 /* this function deinitializes all the internal parameters stored
227  * in a session struct.
228  */
229 inline static void deinit_internal_params(gnutls_session_t session)
230 {
231 #if defined(ENABLE_DHE) || defined(ENABLE_ANON)
232         if (session->internals.params.free_dh_params)
233                 gnutls_dh_params_deinit(session->internals.params.
234                                         dh_params);
235 #endif
236
237         _gnutls_handshake_hash_buffers_clear(session);
238
239         memset(&session->internals.params, 0,
240                sizeof(session->internals.params));
241 }
242
243 /* This function will clear all the variables in internals
244  * structure within the session, which depend on the current handshake.
245  * This is used to allow further handshakes.
246  */
247 static void _gnutls_handshake_internal_state_init(gnutls_session_t session)
248 {
249         session->internals.extensions_sent_size = 0;
250
251         /* by default no selected certificate */
252         session->internals.adv_version_major = 0;
253         session->internals.adv_version_minor = 0;
254         session->internals.direction = 0;
255
256         /* use out of band data for the last
257          * handshake messages received.
258          */
259         session->internals.last_handshake_in = -1;
260         session->internals.last_handshake_out = -1;
261
262         session->internals.resumable = RESUME_TRUE;
263
264         session->internals.handshake_large_loops = 0;
265         session->internals.dtls.hsk_read_seq = 0;
266         session->internals.dtls.hsk_write_seq = 0;
267 }
268
269 void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
270 {
271         _gnutls_handshake_internal_state_init(session);
272
273         deinit_internal_params(session);
274
275         _gnutls_epoch_gc(session);
276
277         session->internals.handshake_endtime = 0;
278         session->internals.handshake_in_progress = 0;
279 }
280
281 /**
282  * gnutls_init:
283  * @session: is a pointer to a #gnutls_session_t structure.
284  * @flags: indicate if this session is to be used for server or client.
285  *
286  * This function initializes the current session to null. Every
287  * session must be initialized before use, so internal structures can
288  * be allocated.  This function allocates structures which can only
289  * be free'd by calling gnutls_deinit().  Returns %GNUTLS_E_SUCCESS (0) on success.
290  *
291  * @flags can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER. For a DTLS
292  * entity, the flags %GNUTLS_DATAGRAM and  %GNUTLS_NONBLOCK are
293  * also available. The latter flag will enable a non-blocking
294  * operation of the DTLS timers. 
295  *
296  * The flag %GNUTLS_NO_REPLAY_PROTECTION will disable any 
297  * replay protection in DTLS mode. That must only used when 
298  * replay protection is achieved using other means.
299  *
300  * Note that since version 3.1.2 this function enables some common
301  * TLS extensions such as session tickets and OCSP certificate status
302  * request in client side by default. To prevent that use the %GNUTLS_NO_EXTENSIONS
303  * flag.
304  *
305  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
306  **/
307 int gnutls_init(gnutls_session_t * session, unsigned int flags)
308 {
309         int ret;
310         record_parameters_st *epoch;
311         
312         FAIL_IF_LIB_ERROR;
313
314         *session = gnutls_calloc(1, sizeof(struct gnutls_session_int));
315         if (*session == NULL)
316                 return GNUTLS_E_MEMORY_ERROR;
317
318         ret = _gnutls_epoch_alloc(*session, 0, &epoch);
319         if (ret < 0) {
320                 gnutls_assert();
321                 return GNUTLS_E_MEMORY_ERROR;
322         }
323
324         /* Set all NULL algos on epoch 0 */
325         _gnutls_epoch_set_null_algos(*session, epoch);
326
327         (*session)->security_parameters.epoch_next = 1;
328
329         (*session)->security_parameters.entity =
330             (flags & GNUTLS_SERVER ? GNUTLS_SERVER : GNUTLS_CLIENT);
331
332         /* the default certificate type for TLS */
333         (*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE;
334
335         /* Initialize buffers */
336         _gnutls_buffer_init(&(*session)->internals.handshake_hash_buffer);
337         _gnutls_buffer_init(&(*session)->internals.hb_remote_data);
338         _gnutls_buffer_init(&(*session)->internals.hb_local_data);
339         _gnutls_buffer_init(&(*session)->internals.record_presend_buffer);
340
341         _mbuffer_head_init(&(*session)->internals.record_buffer);
342         _mbuffer_head_init(&(*session)->internals.record_send_buffer);
343         _mbuffer_head_init(&(*session)->internals.record_recv_buffer);
344
345         _mbuffer_head_init(&(*session)->internals.handshake_send_buffer);
346         _gnutls_handshake_recv_buffer_init(*session);
347
348         (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME;        /* one hour default */
349
350         gnutls_handshake_set_max_packet_length((*session),
351                                                MAX_HANDSHAKE_PACKET_SIZE);
352
353         /* set the socket pointers to -1;
354          */
355         (*session)->internals.transport_recv_ptr =
356             (gnutls_transport_ptr_t) - 1;
357         (*session)->internals.transport_send_ptr =
358             (gnutls_transport_ptr_t) - 1;
359
360         /* set the default maximum record size for TLS
361          */
362         (*session)->security_parameters.max_record_recv_size =
363             DEFAULT_MAX_RECORD_SIZE;
364         (*session)->security_parameters.max_record_send_size =
365             DEFAULT_MAX_RECORD_SIZE;
366
367         /* everything else not initialized here is initialized
368          * as NULL or 0. This is why calloc is used.
369          */
370
371         _gnutls_handshake_internal_state_init(*session);
372
373         /* emulate old gnutls behavior for old applications that do not use the priority_*
374          * functions.
375          */
376         (*session)->internals.priorities.sr = SR_PARTIAL;
377
378 #ifdef HAVE_WRITEV
379         gnutls_transport_set_vec_push_function(*session, system_writev);
380 #else
381         gnutls_transport_set_push_function(*session, system_write);
382 #endif
383         (*session)->internals.pull_timeout_func = gnutls_system_recv_timeout;
384         (*session)->internals.pull_func = system_read;
385         (*session)->internals.errno_func = system_errno;
386
387         (*session)->internals.hb_retrans_timeout_ms = 1000;
388         (*session)->internals.hb_total_timeout_ms = 60000;
389
390         if (flags & GNUTLS_DATAGRAM) {
391                 (*session)->internals.dtls.mtu = DTLS_DEFAULT_MTU;
392                 (*session)->internals.transport = GNUTLS_DGRAM;
393
394                 (*session)->internals.dtls.retrans_timeout_ms = 1000;
395                 (*session)->internals.dtls.total_timeout_ms = 60000;
396         } else {
397                 (*session)->internals.handshake_timeout_ms = DEFAULT_HANDSHAKE_TIMEOUT_MS;
398                 (*session)->internals.transport = GNUTLS_STREAM;
399         }
400
401         if (flags & GNUTLS_NONBLOCK)
402                 (*session)->internals.dtls.blocking = 0;
403         else
404                 (*session)->internals.dtls.blocking = 1;
405
406         /* Enable useful extensions */
407         if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) {
408 #ifdef ENABLE_SESSION_TICKETS
409                 gnutls_session_ticket_enable_client(*session);
410 #endif
411 #ifdef ENABLE_OCSP
412                 gnutls_ocsp_status_request_enable_client(*session, NULL, 0,
413                                                          NULL);
414 #endif
415         }
416
417         if (!(flags & GNUTLS_NO_EXTENSIONS))
418                 (*session)->internals.try_ext_master_secret = 1;
419
420         if (flags & GNUTLS_NO_REPLAY_PROTECTION)
421                 (*session)->internals.no_replay_protection = 1;
422
423         return 0;
424 }
425
426 /* returns RESUME_FALSE or RESUME_TRUE.
427  */
428 int _gnutls_session_is_resumable(gnutls_session_t session)
429 {
430         return session->internals.resumable;
431 }
432
433
434 /**
435  * gnutls_deinit:
436  * @session: is a #gnutls_session_t structure.
437  *
438  * This function clears all buffers associated with the @session.
439  * This function will also remove session data from the session
440  * database if the session was terminated abnormally.
441  **/
442 void gnutls_deinit(gnutls_session_t session)
443 {
444         unsigned int i;
445
446         if (session == NULL)
447                 return;
448
449         /* remove auth info firstly */
450         _gnutls_free_auth_info(session);
451
452         _gnutls_handshake_internal_state_clear(session);
453         _gnutls_handshake_io_buffer_clear(session);
454         _gnutls_ext_free_session_data(session);
455
456         for (i = 0; i < MAX_EPOCH_INDEX; i++)
457                 if (session->record_parameters[i] != NULL) {
458                         _gnutls_epoch_free(session,
459                                            session->record_parameters[i]);
460                         session->record_parameters[i] = NULL;
461                 }
462
463         _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
464         _gnutls_buffer_clear(&session->internals.hb_remote_data);
465         _gnutls_buffer_clear(&session->internals.hb_local_data);
466         _gnutls_buffer_clear(&session->internals.record_presend_buffer);
467
468         _mbuffer_head_clear(&session->internals.record_buffer);
469         _mbuffer_head_clear(&session->internals.record_recv_buffer);
470         _mbuffer_head_clear(&session->internals.record_send_buffer);
471
472         gnutls_credentials_clear(session);
473         _gnutls_selected_certs_deinit(session);
474
475         gnutls_pk_params_release(&session->key.ecdh_params);
476         gnutls_pk_params_release(&session->key.dh_params);
477         zrelease_temp_mpi_key(&session->key.ecdh_x);
478         zrelease_temp_mpi_key(&session->key.ecdh_y);
479
480         zrelease_temp_mpi_key(&session->key.client_Y);
481
482         zrelease_temp_mpi_key(&session->key.srp_p);
483         zrelease_temp_mpi_key(&session->key.srp_g);
484         zrelease_temp_mpi_key(&session->key.srp_key);
485
486         zrelease_temp_mpi_key(&session->key.u);
487         zrelease_temp_mpi_key(&session->key.a);
488         zrelease_temp_mpi_key(&session->key.x);
489         zrelease_temp_mpi_key(&session->key.A);
490         zrelease_temp_mpi_key(&session->key.B);
491         zrelease_temp_mpi_key(&session->key.b);
492
493         /* RSA */
494         zrelease_temp_mpi_key(&session->key.rsa[0]);
495         zrelease_temp_mpi_key(&session->key.rsa[1]);
496
497         _gnutls_free_temp_key_datum(&session->key.key);
498
499         gnutls_free(session);
500 }
501
502 /* Returns the minimum prime bits that are acceptable.
503  */
504 int _gnutls_dh_set_peer_public(gnutls_session_t session, bigint_t public)
505 {
506         dh_info_st *dh;
507         int ret;
508
509         switch (gnutls_auth_get_type(session)) {
510         case GNUTLS_CRD_ANON:
511                 {
512                         anon_auth_info_t info;
513                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
514                         if (info == NULL)
515                                 return GNUTLS_E_INTERNAL_ERROR;
516
517                         dh = &info->dh;
518                         break;
519                 }
520         case GNUTLS_CRD_PSK:
521                 {
522                         psk_auth_info_t info;
523                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
524                         if (info == NULL)
525                                 return GNUTLS_E_INTERNAL_ERROR;
526
527                         dh = &info->dh;
528                         break;
529                 }
530         case GNUTLS_CRD_CERTIFICATE:
531                 {
532                         cert_auth_info_t info;
533
534                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
535                         if (info == NULL)
536                                 return GNUTLS_E_INTERNAL_ERROR;
537
538                         dh = &info->dh;
539                         break;
540                 }
541         default:
542                 gnutls_assert();
543                 return GNUTLS_E_INTERNAL_ERROR;
544         }
545
546         if (dh->public_key.data)
547                 _gnutls_free_datum(&dh->public_key);
548
549         ret = _gnutls_mpi_dprint_lz(public, &dh->public_key);
550         if (ret < 0) {
551                 gnutls_assert();
552                 return ret;
553         }
554
555         return 0;
556 }
557
558 int _gnutls_dh_set_secret_bits(gnutls_session_t session, unsigned bits)
559 {
560         switch (gnutls_auth_get_type(session)) {
561         case GNUTLS_CRD_ANON:
562                 {
563                         anon_auth_info_t info;
564                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
565                         if (info == NULL)
566                                 return GNUTLS_E_INTERNAL_ERROR;
567                         info->dh.secret_bits = bits;
568                         break;
569                 }
570         case GNUTLS_CRD_PSK:
571                 {
572                         psk_auth_info_t info;
573                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
574                         if (info == NULL)
575                                 return GNUTLS_E_INTERNAL_ERROR;
576                         info->dh.secret_bits = bits;
577                         break;
578                 }
579         case GNUTLS_CRD_CERTIFICATE:
580                 {
581                         cert_auth_info_t info;
582
583                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
584                         if (info == NULL)
585                                 return GNUTLS_E_INTERNAL_ERROR;
586
587                         info->dh.secret_bits = bits;
588                         break;
589         default:
590                         gnutls_assert();
591                         return GNUTLS_E_INTERNAL_ERROR;
592                 }
593         }
594
595         return 0;
596 }
597
598 /* Sets the prime and the generator in the auth info structure.
599  */
600 int
601 _gnutls_dh_set_group(gnutls_session_t session, bigint_t gen,
602                      bigint_t prime)
603 {
604         dh_info_st *dh;
605         int ret;
606
607         switch (gnutls_auth_get_type(session)) {
608         case GNUTLS_CRD_ANON:
609                 {
610                         anon_auth_info_t info;
611                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
612                         if (info == NULL)
613                                 return GNUTLS_E_INTERNAL_ERROR;
614
615                         dh = &info->dh;
616                         break;
617                 }
618         case GNUTLS_CRD_PSK:
619                 {
620                         psk_auth_info_t info;
621                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
622                         if (info == NULL)
623                                 return GNUTLS_E_INTERNAL_ERROR;
624
625                         dh = &info->dh;
626                         break;
627                 }
628         case GNUTLS_CRD_CERTIFICATE:
629                 {
630                         cert_auth_info_t info;
631
632                         info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
633                         if (info == NULL)
634                                 return GNUTLS_E_INTERNAL_ERROR;
635
636                         dh = &info->dh;
637                         break;
638                 }
639         default:
640                 gnutls_assert();
641                 return GNUTLS_E_INTERNAL_ERROR;
642         }
643
644         if (dh->prime.data)
645                 _gnutls_free_datum(&dh->prime);
646
647         if (dh->generator.data)
648                 _gnutls_free_datum(&dh->generator);
649
650         /* prime
651          */
652         ret = _gnutls_mpi_dprint_lz(prime, &dh->prime);
653         if (ret < 0) {
654                 gnutls_assert();
655                 return ret;
656         }
657
658         /* generator
659          */
660         ret = _gnutls_mpi_dprint_lz(gen, &dh->generator);
661         if (ret < 0) {
662                 gnutls_assert();
663                 _gnutls_free_datum(&dh->prime);
664                 return ret;
665         }
666
667         return 0;
668 }
669
670 #ifdef ENABLE_OPENPGP
671 /**
672  * gnutls_openpgp_send_cert:
673  * @session: is a pointer to a #gnutls_session_t structure.
674  * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT
675  *
676  * This function will order gnutls to send the key fingerprint
677  * instead of the key in the initial handshake procedure. This should
678  * be used with care and only when there is indication or knowledge
679  * that the server can obtain the client's key.
680  **/
681 void
682 gnutls_openpgp_send_cert(gnutls_session_t session,
683                          gnutls_openpgp_crt_status_t status)
684 {
685         session->internals.pgp_fingerprint = status;
686 }
687 #endif
688
689 /**
690  * gnutls_certificate_send_x509_rdn_sequence:
691  * @session: is a pointer to a #gnutls_session_t structure.
692  * @status: is 0 or 1
693  *
694  * If status is non zero, this function will order gnutls not to send
695  * the rdnSequence in the certificate request message. That is the
696  * server will not advertise its trusted CAs to the peer. If status
697  * is zero then the default behaviour will take effect, which is to
698  * advertise the server's trusted CAs.
699  *
700  * This function has no effect in clients, and in authentication
701  * methods other than certificate with X.509 certificates.
702  **/
703 void
704 gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session,
705                                           int status)
706 {
707         session->internals.ignore_rdn_sequence = status;
708 }
709
710 #ifdef ENABLE_OPENPGP
711 int _gnutls_openpgp_send_fingerprint(gnutls_session_t session)
712 {
713         return session->internals.pgp_fingerprint;
714 }
715 #endif
716
717 /*-
718  * _gnutls_record_set_default_version - Used to set the default version for the first record packet
719  * @session: is a #gnutls_session_t structure.
720  * @major: is a tls major version
721  * @minor: is a tls minor version
722  *
723  * This function sets the default version that we will use in the first
724  * record packet (client hello). This function is only useful to people
725  * that know TLS internals and want to debug other implementations.
726  -*/
727 void
728 _gnutls_record_set_default_version(gnutls_session_t session,
729                                    unsigned char major,
730                                    unsigned char minor)
731 {
732         session->internals.default_record_version[0] = major;
733         session->internals.default_record_version[1] = minor;
734 }
735
736 /*-
737  * _gnutls_hello_set_default_version - Used to set the default version for the first record packet
738  * @session: is a #gnutls_session_t structure.
739  * @major: is a tls major version
740  * @minor: is a tls minor version
741  *
742  * This function sets the default version that we will use in the first
743  * record packet (client hello). This function is only useful to people
744  * that know TLS internals and want to debug other implementations.
745  -*/
746 void
747 _gnutls_hello_set_default_version(gnutls_session_t session,
748                                    unsigned char major,
749                                    unsigned char minor)
750 {
751         session->internals.default_hello_version[0] = major;
752         session->internals.default_hello_version[1] = minor;
753 }
754
755 /**
756  * gnutls_handshake_set_private_extensions:
757  * @session: is a #gnutls_session_t structure.
758  * @allow: is an integer (0 or 1)
759  *
760  * This function will enable or disable the use of private cipher
761  * suites (the ones that start with 0xFF).  By default or if @allow
762  * is 0 then these cipher suites will not be advertised nor used.
763  *
764  * Currently GnuTLS does not include such cipher-suites or
765  * compression algorithms.
766  *
767  * Enabling the private ciphersuites when talking to other than
768  * gnutls servers and clients may cause interoperability problems.
769  **/
770 void
771 gnutls_handshake_set_private_extensions(gnutls_session_t session,
772                                         int allow)
773 {
774         session->internals.enable_private = allow;
775 }
776
777 inline static int
778 _gnutls_cal_PRF_A(const mac_entry_st * me,
779                   const void *secret, int secret_size,
780                   const void *seed, int seed_size, void *result)
781 {
782         int ret;
783
784         ret =
785             _gnutls_mac_fast(me->id, secret, secret_size, seed, seed_size,
786                              result);
787         if (ret < 0)
788                 return gnutls_assert_val(ret);
789
790         return 0;
791 }
792
793 #define MAX_SEED_SIZE 200
794
795 /* Produces "total_bytes" bytes using the hash algorithm specified.
796  * (used in the PRF function)
797  */
798 static int
799 P_hash(gnutls_mac_algorithm_t algorithm,
800        const uint8_t * secret, int secret_size,
801        const uint8_t * seed, int seed_size, int total_bytes, uint8_t * ret)
802 {
803
804         mac_hd_st td2;
805         int i, times, how, blocksize, A_size;
806         uint8_t final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
807         int output_bytes, result;
808         const mac_entry_st *me = mac_to_entry(algorithm);
809
810         blocksize = _gnutls_mac_get_algo_len(me);
811
812         if (seed_size > MAX_SEED_SIZE || total_bytes <= 0 || blocksize == 0) {
813                 gnutls_assert();
814                 return GNUTLS_E_INTERNAL_ERROR;
815         }
816
817         output_bytes = 0;
818         do {
819                 output_bytes += blocksize;
820         }
821         while (output_bytes < total_bytes);
822
823         /* calculate A(0) */
824
825         memcpy(Atmp, seed, seed_size);
826         A_size = seed_size;
827
828         times = output_bytes / blocksize;
829
830         for (i = 0; i < times; i++) {
831                 result = _gnutls_mac_init(&td2, me, secret, secret_size);
832                 if (result < 0) {
833                         gnutls_assert();
834                         return result;
835                 }
836
837                 /* here we calculate A(i+1) */
838                 if ((result =
839                      _gnutls_cal_PRF_A(me, secret, secret_size, Atmp,
840                                        A_size, Atmp)) < 0) {
841                         gnutls_assert();
842                         _gnutls_mac_deinit(&td2, final);
843                         return result;
844                 }
845
846                 A_size = blocksize;
847
848                 _gnutls_mac(&td2, Atmp, A_size);
849                 _gnutls_mac(&td2, seed, seed_size);
850                 _gnutls_mac_deinit(&td2, final);
851
852                 if ((1 + i) * blocksize < total_bytes) {
853                         how = blocksize;
854                 } else {
855                         how = total_bytes - (i) * blocksize;
856                 }
857
858                 if (how > 0) {
859                         memcpy(&ret[i * blocksize], final, how);
860                 }
861         }
862
863         return 0;
864 }
865
866 #define MAX_PRF_BYTES 200
867
868 /* This function operates as _gnutls_PRF(), but does not require
869  * a pointer to the current session. It takes the @mac algorithm
870  * explicitly. For legacy TLS/SSL sessions before TLS 1.2 the MAC
871  * must be set to %GNUTLS_MAC_UNKNOWN.
872  */
873 static int
874 _gnutls_PRF_raw(gnutls_mac_algorithm_t mac,
875                 const uint8_t * secret, unsigned int secret_size,
876                 const char *label, int label_size, const uint8_t * seed,
877                 int seed_size, int total_bytes, void *ret)
878 {
879         int l_s, s_seed_size;
880         const uint8_t *s1, *s2;
881         uint8_t s_seed[MAX_SEED_SIZE];
882         uint8_t o1[MAX_PRF_BYTES], o2[MAX_PRF_BYTES];
883         int result;
884
885         if (total_bytes > MAX_PRF_BYTES) {
886                 gnutls_assert();
887                 return GNUTLS_E_INTERNAL_ERROR;
888         }
889         /* label+seed = s_seed */
890         s_seed_size = seed_size + label_size;
891
892         if (s_seed_size > MAX_SEED_SIZE) {
893                 gnutls_assert();
894                 return GNUTLS_E_INTERNAL_ERROR;
895         }
896
897         memcpy(s_seed, label, label_size);
898         memcpy(&s_seed[label_size], seed, seed_size);
899
900         if (mac != GNUTLS_MAC_UNKNOWN) {
901                 result =
902                     P_hash(mac, secret, secret_size,
903                            s_seed, s_seed_size,
904                            total_bytes, ret);
905                 if (result < 0) {
906                         gnutls_assert();
907                         return result;
908                 }
909         } else {
910                 l_s = secret_size / 2;
911
912                 s1 = &secret[0];
913                 s2 = &secret[l_s];
914
915                 if (secret_size % 2 != 0) {
916                         l_s++;
917                 }
918
919                 result =
920                     P_hash(GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size,
921                            total_bytes, o1);
922                 if (result < 0) {
923                         gnutls_assert();
924                         return result;
925                 }
926
927                 result =
928                     P_hash(GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size,
929                            total_bytes, o2);
930                 if (result < 0) {
931                         gnutls_assert();
932                         return result;
933                 }
934
935                 memxor(o1, o2, total_bytes);
936
937                 memcpy(ret, o1, total_bytes);
938         }
939
940         return 0;               /* ok */
941 }
942
943 /* The PRF function expands a given secret 
944  * needed by the TLS specification. ret must have a least total_bytes
945  * available.
946  */
947 int
948 _gnutls_PRF(gnutls_session_t session,
949             const uint8_t * secret, unsigned int secret_size,
950             const char *label, int label_size, const uint8_t * seed,
951             int seed_size, int total_bytes, void *ret)
952 {
953         const version_entry_st *ver = get_version(session);
954
955         if (_gnutls_version_has_selectable_prf(ver)) {
956                 return _gnutls_PRF_raw(
957                         _gnutls_cipher_suite_get_prf(session->security_parameters.cipher_suite),
958                         secret, secret_size,
959                         label, label_size,
960                         seed, seed_size,
961                         total_bytes,
962                         ret);
963         } else {
964                 return _gnutls_PRF_raw(
965                         GNUTLS_MAC_UNKNOWN,
966                         secret, secret_size,
967                         label, label_size,
968                         seed, seed_size,
969                         total_bytes,
970                         ret);
971         }
972 }
973
974 #ifdef ENABLE_FIPS140
975 int
976 _gnutls_prf_raw(gnutls_mac_algorithm_t mac,
977                 size_t master_size, const void *master,
978                 size_t label_size, const char *label,
979                 size_t seed_size, const char *seed, size_t outsize,
980                 char *out);
981
982 /*-
983  * _gnutls_prf_raw:
984  * @mac: the MAC algorithm to use, set to %GNUTLS_MAC_UNKNOWN for the TLS1.0 mac
985  * @master_size: length of the @master variable.
986  * @master: the master secret used in PRF computation
987  * @label_size: length of the @label variable.
988  * @label: label used in PRF computation, typically a short string.
989  * @seed_size: length of the @seed variable.
990  * @seed: optional extra data to seed the PRF with.
991  * @outsize: size of pre-allocated output buffer to hold the output.
992  * @out: pre-allocated buffer to hold the generated data.
993  *
994  * Apply the TLS Pseudo-Random-Function (PRF) on the master secret
995  * and the provided data.
996  *
997  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
998  -*/
999 int
1000 _gnutls_prf_raw(gnutls_mac_algorithm_t mac,
1001                 size_t master_size, const void *master,
1002                 size_t label_size, const char *label,
1003                 size_t seed_size, const char *seed, size_t outsize,
1004                 char *out)
1005 {
1006         return _gnutls_PRF_raw(mac,
1007                           master, master_size,
1008                           label, label_size,
1009                           (uint8_t *) seed, seed_size,
1010                           outsize, out);
1011
1012 }
1013 #endif
1014
1015 /**
1016  * gnutls_prf_raw:
1017  * @session: is a #gnutls_session_t structure.
1018  * @label_size: length of the @label variable.
1019  * @label: label used in PRF computation, typically a short string.
1020  * @seed_size: length of the @seed variable.
1021  * @seed: optional extra data to seed the PRF with.
1022  * @outsize: size of pre-allocated output buffer to hold the output.
1023  * @out: pre-allocated buffer to hold the generated data.
1024  *
1025  * Apply the TLS Pseudo-Random-Function (PRF) on the master secret
1026  * and the provided data.
1027  *
1028  * The @label variable usually contains a string denoting the purpose
1029  * for the generated data.  The @seed usually contains data such as the
1030  * client and server random, perhaps together with some additional
1031  * data that is added to guarantee uniqueness of the output for a
1032  * particular purpose.
1033  *
1034  * Because the output is not guaranteed to be unique for a particular
1035  * session unless @seed includes the client random and server random
1036  * fields (the PRF would output the same data on another connection
1037  * resumed from the first one), it is not recommended to use this
1038  * function directly.  The gnutls_prf() function seeds the PRF with the
1039  * client and server random fields directly, and is recommended if you
1040  * want to generate pseudo random data unique for each session.
1041  *
1042  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1043  **/
1044 int
1045 gnutls_prf_raw(gnutls_session_t session,
1046                size_t label_size,
1047                const char *label,
1048                size_t seed_size, const char *seed, size_t outsize,
1049                char *out)
1050 {
1051         int ret;
1052
1053         ret = _gnutls_PRF(session,
1054                           session->security_parameters.master_secret,
1055                           GNUTLS_MASTER_SIZE,
1056                           label,
1057                           label_size, (uint8_t *) seed, seed_size, outsize,
1058                           out);
1059
1060         return ret;
1061 }
1062
1063 /**
1064  * gnutls_prf:
1065  * @session: is a #gnutls_session_t structure.
1066  * @label_size: length of the @label variable.
1067  * @label: label used in PRF computation, typically a short string.
1068  * @server_random_first: non-zero if server random field should be first in seed
1069  * @extra_size: length of the @extra variable.
1070  * @extra: optional extra data to seed the PRF with.
1071  * @outsize: size of pre-allocated output buffer to hold the output.
1072  * @out: pre-allocated buffer to hold the generated data.
1073  *
1074  * Applies the TLS Pseudo-Random-Function (PRF) on the master secret
1075  * and the provided data, seeded with the client and server random fields,
1076  * as specified in RFC5705.
1077  *
1078  * The @label variable usually contains a string denoting the purpose
1079  * for the generated data.  The @server_random_first indicates whether
1080  * the client random field or the server random field should be first
1081  * in the seed.  Non-zero indicates that the server random field is first,
1082  * 0 that the client random field is first.
1083  *
1084  * The @extra variable can be used to add more data to the seed, after
1085  * the random variables.  It can be used to make sure the
1086  * generated output is strongly connected to some additional data
1087  * (e.g., a string used in user authentication).
1088  *
1089  * The output is placed in @out, which must be pre-allocated.
1090  *
1091  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1092  **/
1093 int
1094 gnutls_prf(gnutls_session_t session,
1095            size_t label_size,
1096            const char *label,
1097            int server_random_first,
1098            size_t extra_size, const char *extra, size_t outsize, char *out)
1099 {
1100         int ret;
1101         uint8_t *seed;
1102         size_t seedsize = 2 * GNUTLS_RANDOM_SIZE + extra_size;
1103
1104         seed = gnutls_malloc(seedsize);
1105         if (!seed) {
1106                 gnutls_assert();
1107                 return GNUTLS_E_MEMORY_ERROR;
1108         }
1109
1110         memcpy(seed, server_random_first ?
1111                session->security_parameters.server_random :
1112                session->security_parameters.client_random,
1113                GNUTLS_RANDOM_SIZE);
1114         memcpy(seed + GNUTLS_RANDOM_SIZE,
1115                server_random_first ? session->security_parameters.
1116                client_random : session->security_parameters.server_random,
1117                GNUTLS_RANDOM_SIZE);
1118
1119         memcpy(seed + 2 * GNUTLS_RANDOM_SIZE, extra, extra_size);
1120
1121         ret =
1122             _gnutls_PRF(session,
1123                         session->security_parameters.master_secret,
1124                         GNUTLS_MASTER_SIZE, label, label_size, seed,
1125                         seedsize, outsize, out);
1126
1127         gnutls_free(seed);
1128
1129         return ret;
1130 }
1131
1132 /**
1133  * gnutls_session_is_resumed:
1134  * @session: is a #gnutls_session_t structure.
1135  *
1136  * Check whether session is resumed or not.
1137  *
1138  * Returns: non zero if this session is resumed, or a zero if this is
1139  *   a new session.
1140  **/
1141 int gnutls_session_is_resumed(gnutls_session_t session)
1142 {
1143         if (session->security_parameters.entity == GNUTLS_CLIENT) {
1144                 if (session->security_parameters.session_id_size > 0 &&
1145                     session->security_parameters.session_id_size ==
1146                     session->internals.resumed_security_parameters.
1147                     session_id_size
1148                     && memcmp(session->security_parameters.session_id,
1149                               session->
1150                               internals.resumed_security_parameters.
1151                               session_id,
1152                               session->security_parameters.
1153                               session_id_size) == 0)
1154                         return 1;
1155         } else {
1156                 if (session->internals.resumed != RESUME_FALSE)
1157                         return 1;
1158         }
1159
1160         return 0;
1161 }
1162
1163 /**
1164  * gnutls_session_resumption_requested:
1165  * @session: is a #gnutls_session_t structure.
1166  *
1167  * Check whether the client has asked for session resumption.
1168  * This function is valid only on server side.
1169  *
1170  * Returns: non zero if session resumption was asked, or a zero if not.
1171  **/
1172 int gnutls_session_resumption_requested(gnutls_session_t session)
1173 {
1174         if (session->security_parameters.entity == GNUTLS_CLIENT) {
1175                 return 0;
1176         } else {
1177                 return session->internals.resumption_requested;
1178         }
1179 }
1180
1181 /*-
1182  * _gnutls_session_is_psk - Used to check whether this session uses PSK kx
1183  * @session: is a #gnutls_session_t structure.
1184  *
1185  * This function will return non zero if this session uses a PSK key
1186  * exchange algorithm.
1187  -*/
1188 int _gnutls_session_is_psk(gnutls_session_t session)
1189 {
1190         gnutls_kx_algorithm_t kx;
1191
1192         kx = _gnutls_cipher_suite_get_kx_algo(session->security_parameters.
1193                                               cipher_suite);
1194         if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK
1195             || kx == GNUTLS_KX_RSA_PSK)
1196                 return 1;
1197
1198         return 0;
1199 }
1200
1201 /*-
1202  * _gnutls_session_is_ecc - Used to check whether this session uses ECC kx
1203  * @session: is a #gnutls_session_t structure.
1204  *
1205  * This function will return non zero if this session uses an elliptic
1206  * curves key exchange exchange algorithm.
1207  -*/
1208 int _gnutls_session_is_ecc(gnutls_session_t session)
1209 {
1210         gnutls_kx_algorithm_t kx;
1211
1212         /* We get the key exchange algorithm through the ciphersuite because
1213          * the negotiated key exchange might not have been set yet.
1214          */
1215         kx = _gnutls_cipher_suite_get_kx_algo(session->security_parameters.
1216                                               cipher_suite);
1217
1218         return _gnutls_kx_is_ecc(kx);
1219 }
1220
1221 /**
1222  * gnutls_session_get_ptr:
1223  * @session: is a #gnutls_session_t structure.
1224  *
1225  * Get user pointer for session.  Useful in callbacks.  This is the
1226  *   pointer set with gnutls_session_set_ptr().
1227  *
1228  * Returns: the user given pointer from the session structure, or
1229  *   %NULL if it was never set.
1230  **/
1231 void *gnutls_session_get_ptr(gnutls_session_t session)
1232 {
1233         return session->internals.user_ptr;
1234 }
1235
1236 /**
1237  * gnutls_session_set_ptr:
1238  * @session: is a #gnutls_session_t structure.
1239  * @ptr: is the user pointer
1240  *
1241  * This function will set (associate) the user given pointer @ptr to
1242  * the session structure.  This pointer can be accessed with
1243  * gnutls_session_get_ptr().
1244  **/
1245 void gnutls_session_set_ptr(gnutls_session_t session, void *ptr)
1246 {
1247         session->internals.user_ptr = ptr;
1248 }
1249
1250
1251 /**
1252  * gnutls_record_get_direction:
1253  * @session: is a #gnutls_session_t structure.
1254  *
1255  * This function provides information about the internals of the
1256  * record protocol and is only useful if a prior gnutls function call
1257  * (e.g.  gnutls_handshake()) was interrupted for some reason, that
1258  * is, if a function returned %GNUTLS_E_INTERRUPTED or
1259  * %GNUTLS_E_AGAIN.  In such a case, you might want to call select()
1260  * or poll() before calling the interrupted gnutls function again.  To
1261  * tell you whether a file descriptor should be selected for either
1262  * reading or writing, gnutls_record_get_direction() returns 0 if the
1263  * interrupted function was trying to read data, and 1 if it was
1264  * trying to write data.
1265  *
1266  * This function's output is unreliable if you are using the
1267  * @session in different threads, for sending and receiving.
1268  *
1269  * Returns: 0 if trying to read data, 1 if trying to write data.
1270  **/
1271 int gnutls_record_get_direction(gnutls_session_t session)
1272 {
1273         return session->internals.direction;
1274 }
1275
1276 /*-
1277  * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
1278  * @session: is a #gnutls_session_t structure.
1279  * @major: is the major version to use
1280  * @minor: is the minor version to use
1281  *
1282  * This function will set the given version number to be used at the
1283  * RSA PMS secret. This is only useful to clients, which want to
1284  * test server's capabilities.
1285  -*/
1286 void
1287 _gnutls_rsa_pms_set_version(gnutls_session_t session,
1288                             unsigned char major, unsigned char minor)
1289 {
1290         session->internals.rsa_pms_version[0] = major;
1291         session->internals.rsa_pms_version[1] = minor;
1292 }
1293
1294 /**
1295  * gnutls_handshake_set_post_client_hello_function:
1296  * @session: is a #gnutls_session_t structure.
1297  * @func: is the function to be called
1298  *
1299  * This function will set a callback to be called after the client
1300  * hello has been received (callback valid in server side only). This
1301  * allows the server to adjust settings based on received extensions.
1302  *
1303  * Those settings could be ciphersuites, requesting certificate, or
1304  * anything else except for version negotiation (this is done before
1305  * the hello message is parsed).
1306  *
1307  * This callback must return 0 on success or a gnutls error code to
1308  * terminate the handshake.
1309  *
1310  * Since GnuTLS 3.3.5 the callback is
1311  * allowed to return %GNUTLS_E_AGAIN or %GNUTLS_E_INTERRUPTED to
1312  * put the handshake on hold. In that case gnutls_handshake()
1313  * will return %GNUTLS_E_INTERRUPTED and can be resumed when needed.
1314  *
1315  * Warning: You should not use this function to terminate the
1316  * handshake based on client input unless you know what you are
1317  * doing. Before the handshake is finished there is no way to know if
1318  * there is a man-in-the-middle attack being performed.
1319  **/
1320 void
1321 gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,
1322                                                 gnutls_handshake_post_client_hello_func
1323                                                 func)
1324 {
1325         session->internals.user_hello_func = func;
1326 }
1327
1328
1329 /**
1330  * gnutls_session_enable_compatibility_mode:
1331  * @session: is a #gnutls_session_t structure.
1332  *
1333  * This function can be used to disable certain (security) features in
1334  * TLS in order to maintain maximum compatibility with buggy
1335  * clients. Because several trade-offs with security are enabled,
1336  * if required they will be reported through the audit subsystem.
1337  *
1338  * Normally only servers that require maximum compatibility with
1339  * everything out there, need to call this function.
1340  *
1341  * Note that this function must be called after any call to gnutls_priority
1342  * functions.
1343  **/
1344 void gnutls_session_enable_compatibility_mode(gnutls_session_t session)
1345 {
1346         ENABLE_COMPAT(&session->internals.priorities);
1347 }
1348
1349 /**
1350  * gnutls_session_channel_binding:
1351  * @session: is a #gnutls_session_t structure.
1352  * @cbtype: an #gnutls_channel_binding_t enumeration type
1353  * @cb: output buffer array with data
1354  *
1355  * Extract given channel binding data of the @cbtype (e.g.,
1356  * %GNUTLS_CB_TLS_UNIQUE) type.
1357  *
1358  * Returns: %GNUTLS_E_SUCCESS on success,
1359  * %GNUTLS_E_UNIMPLEMENTED_FEATURE if the @cbtype is unsupported,
1360  * %GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE if the data is not
1361  * currently available, or an error code.
1362  *
1363  * Since: 2.12.0
1364  **/
1365 int
1366 gnutls_session_channel_binding(gnutls_session_t session,
1367                                gnutls_channel_binding_t cbtype,
1368                                gnutls_datum_t * cb)
1369 {
1370         if (cbtype != GNUTLS_CB_TLS_UNIQUE)
1371                 return GNUTLS_E_UNIMPLEMENTED_FEATURE;
1372
1373         if (!session->internals.initial_negotiation_completed)
1374                 return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
1375
1376         cb->size = session->internals.cb_tls_unique_len;
1377         cb->data = gnutls_malloc(cb->size);
1378         if (cb->data == NULL)
1379                 return GNUTLS_E_MEMORY_ERROR;
1380
1381         memcpy(cb->data, session->internals.cb_tls_unique, cb->size);
1382
1383         return 0;
1384 }
1385
1386 /**
1387  * gnutls_ecc_curve_get:
1388  * @session: is a #gnutls_session_t structure.
1389  *
1390  * Returns the currently used elliptic curve. Only valid
1391  * when using an elliptic curve ciphersuite.
1392  *
1393  * Returns: the currently used curve, a #gnutls_ecc_curve_t
1394  *   type.
1395  *
1396  * Since: 3.0
1397  **/
1398 gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session)
1399 {
1400         return _gnutls_session_ecc_curve_get(session);
1401 }
1402
1403 /**
1404  * gnutls_protocol_get_version:
1405  * @session: is a #gnutls_session_t structure.
1406  *
1407  * Get TLS version, a #gnutls_protocol_t value.
1408  *
1409  * Returns: The version of the currently used protocol.
1410  **/
1411 gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session)
1412 {
1413         return get_num_version(session);
1414 }
1415
1416 /**
1417  * gnutls_session_get_random:
1418  * @session: is a #gnutls_session_t structure.
1419  * @client: the client part of the random
1420  * @server: the server part of the random
1421  *
1422  * This function returns pointers to the client and server
1423  * random fields used in the TLS handshake. The pointers are
1424  * not to be modified or deallocated.
1425  *
1426  * If a client random value has not yet been established, the output
1427  * will be garbage.
1428  *
1429  * Since: 3.0
1430  **/
1431 void
1432 gnutls_session_get_random(gnutls_session_t session,
1433                           gnutls_datum_t * client, gnutls_datum_t * server)
1434 {
1435         if (client) {
1436                 client->data = session->security_parameters.client_random;
1437                 client->size =
1438                     sizeof(session->security_parameters.client_random);
1439         }
1440
1441         if (server) {
1442                 server->data = session->security_parameters.server_random;
1443                 server->size =
1444                     sizeof(session->security_parameters.server_random);
1445         }
1446 }
1447
1448 unsigned int timespec_sub_ms(struct timespec *a, struct timespec *b)
1449 {
1450         return (a->tv_sec * 1000 + a->tv_nsec / (1000 * 1000) -
1451                 (b->tv_sec * 1000 + b->tv_nsec / (1000 * 1000)));
1452 }
1453
1454 /**
1455  * gnutls_handshake_set_random:
1456  * @session: is a #gnutls_session_t structure.
1457  * @random: a random value of 32-bytes
1458  *
1459  * This function will explicitly set the server or client hello 
1460  * random value in the subsequent TLS handshake. The random value 
1461  * should be a 32-byte value.
1462  *
1463  * Note that this function should not normally be used as gnutls
1464  * will select automatically a random value for the handshake.
1465  *
1466  * This function should not be used when resuming a session.
1467  *
1468  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1469  *
1470  * Since 3.1.9
1471  **/
1472 int
1473 gnutls_handshake_set_random(gnutls_session_t session,
1474                             const gnutls_datum_t * random)
1475 {
1476         if (random->size != GNUTLS_RANDOM_SIZE)
1477                 return GNUTLS_E_INVALID_REQUEST;
1478
1479         session->internals.sc_random_set = 1;
1480         if (session->security_parameters.entity == GNUTLS_CLIENT)
1481                 memcpy(session->internals.resumed_security_parameters.
1482                        client_random, random->data, random->size);
1483         else
1484                 memcpy(session->internals.resumed_security_parameters.
1485                        server_random, random->data, random->size);
1486
1487         return 0;
1488 }
1489
1490 /**
1491  * gnutls_handshake_set_hook_function:
1492  * @session: is a #gnutls_session_t structure
1493  * @htype: the %gnutls_handshake_description_t of the message to hook at
1494  * @post: %GNUTLS_HOOK_* depending on when the hook function should be called
1495  * @func: is the function to be called
1496  *
1497  * This function will set a callback to be called after or before the specified
1498  * handshake message has been received or generated. This is a
1499  * generalization of gnutls_handshake_set_post_client_hello_function().
1500  *
1501  * To call the hook function prior to the message being sent/generated use
1502  * %GNUTLS_HOOK_PRE as @post parameter, %GNUTLS_HOOK_POST to call
1503  * after, and %GNUTLS_HOOK_BOTH for both cases.
1504  *
1505  * This callback must return 0 on success or a gnutls error code to
1506  * terminate the handshake.
1507  *
1508  * Note to hook at all handshake messages use an @htype of %GNUTLS_HANDSHAKE_ANY.
1509  *
1510  * Warning: You should not use this function to terminate the
1511  * handshake based on client input unless you know what you are
1512  * doing. Before the handshake is finished there is no way to know if
1513  * there is a man-in-the-middle attack being performed.
1514  **/
1515 void
1516 gnutls_handshake_set_hook_function(gnutls_session_t session,
1517                                    unsigned int htype,
1518                                    int post,
1519                                    gnutls_handshake_hook_func func)
1520 {
1521         session->internals.h_hook = func;
1522         session->internals.h_type = htype;
1523         session->internals.h_post = post;
1524 }