gloox  1.0
tlsgnutlsserveranon.cpp
1 /*
2  Copyright (c) 2005-2009 by Jakob Schroeter <js@camaya.net>
3  This file is part of the gloox library. http://camaya.net/gloox
4 
5  This software is distributed under a license. The full license
6  agreement can be found in the file LICENSE in this distribution.
7  This software may not be copied, modified, sold or distributed
8  other than expressed in the named license agreement.
9 
10  This software is distributed without any warranty.
11 */
12 
13 
14 
15 #include "tlsgnutlsserveranon.h"
16 
17 #ifdef HAVE_GNUTLS
18 
19 #include <errno.h>
20 
21 namespace gloox
22 {
23 
25  : GnuTLSBase( th ), m_dhBits( 1024 )
26  {
27  }
28 
30  {
31  gnutls_anon_free_server_credentials( m_anoncred );
32  gnutls_dh_params_deinit( m_dhParams );
33  }
34 
36  {
38  init();
39  }
40 
41  bool GnuTLSServerAnon::init( const std::string&,
42  const std::string&,
43  const StringList& )
44  {
45  const int protocolPriority[] = { GNUTLS_TLS1, 0 };
46  const int kxPriority[] = { GNUTLS_KX_ANON_DH, 0 };
47  const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
48  GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
49  const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
50  const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
51 
52  if( m_initLib && gnutls_global_init() != 0 )
53  return false;
54 
55  if( gnutls_anon_allocate_server_credentials( &m_anoncred ) < 0 )
56  return false;
57 
58  generateDH();
59  gnutls_anon_set_server_dh_params( m_anoncred, m_dhParams );
60 
61  if( gnutls_init( m_session, GNUTLS_SERVER ) != 0 )
62  return false;
63 
64  gnutls_protocol_set_priority( *m_session, protocolPriority );
65  gnutls_cipher_set_priority( *m_session, cipherPriority );
66  gnutls_compression_set_priority( *m_session, compPriority );
67  gnutls_kx_set_priority( *m_session, kxPriority );
68  gnutls_mac_set_priority( *m_session, macPriority );
69  gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred );
70 
71  gnutls_dh_set_prime_bits( *m_session, m_dhBits );
72 
73  gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)this );
74  gnutls_transport_set_push_function( *m_session, pushFunc );
75  gnutls_transport_set_pull_function( *m_session, pullFunc );
76 
77  m_valid = true;
78  return true;
79  }
80 
81  void GnuTLSServerAnon::generateDH()
82  {
83  gnutls_dh_params_init( &m_dhParams );
84  gnutls_dh_params_generate2( m_dhParams, m_dhBits );
85  }
86 
87  void GnuTLSServerAnon::getCertInfo()
88  {
89  m_certInfo.status = CertOk;
90 
91  const char* info;
92  info = gnutls_compression_get_name( gnutls_compression_get( *m_session ) );
93  if( info )
94  m_certInfo.compression = info;
95 
96  info = gnutls_mac_get_name( gnutls_mac_get( *m_session ) );
97  if( info )
98  m_certInfo.mac = info;
99 
100  info = gnutls_cipher_get_name( gnutls_cipher_get( *m_session ) );
101  if( info )
102  m_certInfo.cipher = info;
103 
104  info = gnutls_protocol_get_name( gnutls_protocol_get_version( *m_session ) );
105  if( info )
106  m_certInfo.protocol = info;
107 
108  m_valid = true;
109  }
110 
111 }
112 
113 #endif // HAVE_GNUTLS