gloox: tlsgnutlsserveranon.cpp Source File

00001 /*
00002   Copyright (c) 2005-2008 by Jakob Schroeter <js@camaya.net>
00003   This file is part of the gloox library. http://camaya.net/gloox
00004 
00005   This software is distributed under a license. The full license
00006   agreement can be found in the file LICENSE in this distribution.
00007   This software may not be copied, modified, sold or distributed
00008   other than expressed in the named license agreement.
00009 
00010   This software is distributed without any warranty.
00011 */
00012 
00013 
00014 
00015 #include "tlsgnutlsserveranon.h"
00016 
00017 #ifdef HAVE_GNUTLS
00018 
00019 #include <errno.h>
00020 
00021 namespace gloox
00022 {
00023 
00024   GnuTLSServerAnon::GnuTLSServerAnon( TLSHandler* th )
00025     : GnuTLSBase( th ), m_dhBits( 1024 )
00026   {
00027   }
00028 
00029   GnuTLSServerAnon::~GnuTLSServerAnon()
00030   {
00031     gnutls_anon_free_server_credentials( m_anoncred );
00032     gnutls_dh_params_deinit( m_dhParams );
00033   }
00034 
00035   void GnuTLSServerAnon::cleanup()
00036   {
00037     GnuTLSBase::cleanup();
00038     init();
00039   }
00040 
00041   bool GnuTLSServerAnon::init()
00042   {
00043     const int protocolPriority[] = { GNUTLS_TLS1, 0 };
00044     const int kxPriority[]       = { GNUTLS_KX_ANON_DH, 0 };
00045     const int cipherPriority[]   = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
00046                                      GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
00047     const int compPriority[]     = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
00048     const int macPriority[]      = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
00049 
00050     if( m_initLib && gnutls_global_init() != 0 )
00051       return false;
00052 
00053     if( gnutls_anon_allocate_server_credentials( &m_anoncred ) < 0 )
00054       return false;
00055 
00056     generateDH();
00057     gnutls_anon_set_server_dh_params( m_anoncred, m_dhParams );
00058 
00059     if( gnutls_init( m_session, GNUTLS_SERVER ) != 0 )
00060       return false;
00061 
00062     gnutls_protocol_set_priority( *m_session, protocolPriority );
00063     gnutls_cipher_set_priority( *m_session, cipherPriority );
00064     gnutls_compression_set_priority( *m_session, compPriority );
00065     gnutls_kx_set_priority( *m_session, kxPriority );
00066     gnutls_mac_set_priority( *m_session, macPriority );
00067     gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred );
00068 
00069     gnutls_dh_set_prime_bits( *m_session, m_dhBits );
00070 
00071     gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)this );
00072     gnutls_transport_set_push_function( *m_session, pushFunc );
00073     gnutls_transport_set_pull_function( *m_session, pullFunc );
00074 
00075     m_valid = true;
00076     return true;
00077   }
00078 
00079   void GnuTLSServerAnon::generateDH()
00080   {
00081     gnutls_dh_params_init( &m_dhParams );
00082     gnutls_dh_params_generate2( m_dhParams, m_dhBits );
00083   }
00084 
00085   void GnuTLSServerAnon::getCertInfo()
00086   {
00087     m_certInfo.status = CertOk;
00088 
00089     const char* info;
00090     info = gnutls_compression_get_name( gnutls_compression_get( *m_session ) );
00091     if( info )
00092       m_certInfo.compression = info;
00093 
00094     info = gnutls_mac_get_name( gnutls_mac_get( *m_session ) );
00095     if( info )
00096       m_certInfo.mac = info;
00097 
00098     info = gnutls_cipher_get_name( gnutls_cipher_get( *m_session ) );
00099     if( info )
00100       m_certInfo.cipher = info;
00101 
00102     info = gnutls_protocol_get_name( gnutls_protocol_get_version( *m_session ) );
00103     if( info )
00104       m_certInfo.protocol = info;
00105 
00106     m_valid = true;
00107   }
00108 
00109 }
00110 
00111 #endif // HAVE_GNUTLS