gloox
1.0
|
00001 /* 00002 Copyright (c) 2005-2009 by Jakob Schroeter <js@camaya.net> 00003 This file is part of the gloox library. http://camaya.net/gloox 00004 00005 This software is distributed under a license. The full license 00006 agreement can be found in the file LICENSE in this distribution. 00007 This software may not be copied, modified, sold or distributed 00008 other than expressed in the named license agreement. 00009 00010 This software is distributed without any warranty. 00011 */ 00012 00013 00014 00015 #include "tlsgnutlsserveranon.h" 00016 00017 #ifdef HAVE_GNUTLS 00018 00019 #include <errno.h> 00020 00021 namespace gloox 00022 { 00023 00024 GnuTLSServerAnon::GnuTLSServerAnon( TLSHandler* th ) 00025 : GnuTLSBase( th ), m_dhBits( 1024 ) 00026 { 00027 } 00028 00029 GnuTLSServerAnon::~GnuTLSServerAnon() 00030 { 00031 gnutls_anon_free_server_credentials( m_anoncred ); 00032 gnutls_dh_params_deinit( m_dhParams ); 00033 } 00034 00035 void GnuTLSServerAnon::cleanup() 00036 { 00037 GnuTLSBase::cleanup(); 00038 init(); 00039 } 00040 00041 bool GnuTLSServerAnon::init( const std::string&, 00042 const std::string&, 00043 const StringList& ) 00044 { 00045 const int protocolPriority[] = { GNUTLS_TLS1, 0 }; 00046 const int kxPriority[] = { GNUTLS_KX_ANON_DH, 0 }; 00047 const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, 00048 GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 }; 00049 const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; 00050 const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; 00051 00052 if( m_initLib && gnutls_global_init() != 0 ) 00053 return false; 00054 00055 if( gnutls_anon_allocate_server_credentials( &m_anoncred ) < 0 ) 00056 return false; 00057 00058 generateDH(); 00059 gnutls_anon_set_server_dh_params( m_anoncred, m_dhParams ); 00060 00061 if( gnutls_init( m_session, GNUTLS_SERVER ) != 0 ) 00062 return false; 00063 00064 gnutls_protocol_set_priority( *m_session, protocolPriority ); 00065 gnutls_cipher_set_priority( *m_session, cipherPriority ); 00066 gnutls_compression_set_priority( *m_session, compPriority ); 00067 gnutls_kx_set_priority( *m_session, kxPriority ); 00068 gnutls_mac_set_priority( *m_session, macPriority ); 00069 gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred ); 00070 00071 gnutls_dh_set_prime_bits( *m_session, m_dhBits ); 00072 00073 gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)this ); 00074 gnutls_transport_set_push_function( *m_session, pushFunc ); 00075 gnutls_transport_set_pull_function( *m_session, pullFunc ); 00076 00077 m_valid = true; 00078 return true; 00079 } 00080 00081 void GnuTLSServerAnon::generateDH() 00082 { 00083 gnutls_dh_params_init( &m_dhParams ); 00084 gnutls_dh_params_generate2( m_dhParams, m_dhBits ); 00085 } 00086 00087 void GnuTLSServerAnon::getCertInfo() 00088 { 00089 m_certInfo.status = CertOk; 00090 00091 const char* info; 00092 info = gnutls_compression_get_name( gnutls_compression_get( *m_session ) ); 00093 if( info ) 00094 m_certInfo.compression = info; 00095 00096 info = gnutls_mac_get_name( gnutls_mac_get( *m_session ) ); 00097 if( info ) 00098 m_certInfo.mac = info; 00099 00100 info = gnutls_cipher_get_name( gnutls_cipher_get( *m_session ) ); 00101 if( info ) 00102 m_certInfo.cipher = info; 00103 00104 info = gnutls_protocol_get_name( gnutls_protocol_get_version( *m_session ) ); 00105 if( info ) 00106 m_certInfo.protocol = info; 00107 00108 m_valid = true; 00109 } 00110 00111 } 00112 00113 #endif // HAVE_GNUTLS