1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
/*
Copyright (c) 2005-2016 by Jakob Schröter <js@camaya.net>
This file is part of the gloox library. http://camaya.net/gloox
This software is distributed under a license. The full license
agreement can be found in the file LICENSE in this distribution.
This software may not be copied, modified, sold or distributed
other than expressed in the named license agreement.
This software is distributed without any warranty.
*/
#include "tlsgnutlsserveranon.h"
#ifdef HAVE_GNUTLS
#include <errno.h>
namespace gloox
{
GnuTLSServerAnon::GnuTLSServerAnon( TLSHandler* th )
: GnuTLSBase( th ), m_dhBits( 1024 )
{
}
GnuTLSServerAnon::~GnuTLSServerAnon()
{
gnutls_anon_free_server_credentials( m_anoncred );
gnutls_dh_params_deinit( m_dhParams );
}
void GnuTLSServerAnon::cleanup()
{
GnuTLSBase::cleanup();
init();
}
bool GnuTLSServerAnon::init( const std::string&,
const std::string&,
const StringList& )
{
if( m_initLib && gnutls_global_init() != 0 )
return false;
if( gnutls_anon_allocate_server_credentials( &m_anoncred ) < 0 )
return false;
generateDH();
gnutls_anon_set_server_dh_params( m_anoncred, m_dhParams );
if( gnutls_init( m_session, GNUTLS_SERVER ) != 0 )
return false;
#if GNUTLS_VERSION_NUMBER >= 0x020600
int ret = gnutls_priority_set_direct( *m_session, "SECURE128:+PFS:+COMP-ALL:+VERS-TLS-ALL:-VERS-SSL3.0:+SIGN-ALL:+CURVE-ALL", 0 );
if( ret != GNUTLS_E_SUCCESS )
return false;
#else
const int protocolPriority[] = {
#ifdef GNUTLS_TLS1_2
GNUTLS_TLS1_2,
#endif
GNUTLS_TLS1_1, GNUTLS_TLS1, 0 };
const int kxPriority[] = { GNUTLS_KX_ANON_DH, 0 };
const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
gnutls_protocol_set_priority( *m_session, protocolPriority );
gnutls_cipher_set_priority( *m_session, cipherPriority );
gnutls_compression_set_priority( *m_session, compPriority );
gnutls_kx_set_priority( *m_session, kxPriority );
gnutls_mac_set_priority( *m_session, macPriority );
#endif
gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred );
gnutls_dh_set_prime_bits( *m_session, m_dhBits );
gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)this );
gnutls_transport_set_push_function( *m_session, pushFunc );
gnutls_transport_set_pull_function( *m_session, pullFunc );
m_valid = true;
return true;
}
void GnuTLSServerAnon::generateDH()
{
gnutls_dh_params_init( &m_dhParams );
gnutls_dh_params_generate2( m_dhParams, m_dhBits );
}
void GnuTLSServerAnon::getCertInfo()
{
m_certInfo.status = CertOk;
const char* info;
info = gnutls_compression_get_name( gnutls_compression_get( *m_session ) );
if( info )
m_certInfo.compression = info;
info = gnutls_mac_get_name( gnutls_mac_get( *m_session ) );
if( info )
m_certInfo.mac = info;
info = gnutls_cipher_get_name( gnutls_cipher_get( *m_session ) );
if( info )
m_certInfo.cipher = info;
info = gnutls_protocol_get_name( gnutls_protocol_get_version( *m_session ) );
if( info )
m_certInfo.protocol = info;
m_valid = true;
}
}
#endif // HAVE_GNUTLS
|
