gnutls.h

   1 /*
   2  * OpenConnect (SSL + DTLS) VPN client
   3  *
   4  * Copyright © 2008-2012 Intel Corporation.
   5  *
   6  * Author: David Woodhouse <dwmw2@infradead.org>
   7  *
   8  * This program is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * version 2.1, as published by the Free Software Foundation.
  11  *
  12  * This program is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15  * Lesser General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Lesser General Public
  18  * License along with this library; if not, write to:
  19  *
  20  *   Free Software Foundation, Inc.
  21  *   51 Franklin Street, Fifth Floor,
  22  *   Boston, MA 02110-1301 USA
  23  */
  24
  25 #ifndef __OPENCONNECT_GNUTLS_H__
  26 #define __OPENCONNECT_GNUTLS_H__
  27
  28 #include <gnutls/gnutls.h>
  29 #include <gnutls/pkcs12.h>
  30 #include <gnutls/abstract.h>
  31
  32 #include "openconnect-internal.h"
  33
  34 #ifndef HAVE_GNUTLS_PKCS12_SIMPLE_PARSE
  35 /* If we're using a version of GnuTLS from before this was
  36    exported, pull in our local copy. */
  37 int gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12, const char *password,
  38                                 gnutls_x509_privkey_t * key,
  39                                 gnutls_x509_crt_t ** chain,
  40                                 unsigned int * chain_len,
  41                                 gnutls_x509_crt_t ** extra_certs,
  42                                 unsigned int * extra_certs_len,
  43                                 gnutls_x509_crl_t * crl,
  44                                 unsigned int flags);
  45
  46 #endif /* !HAVE_GNUTLS_PKCS12_SIMPLE_PARSE */
  47
  48
  49 #ifndef HAVE_GNUTLS_CERTIFICATE_SET_KEY
  50 int gtls2_tpm_sign_cb(gnutls_session_t sess, void *_vpninfo,
  51                       gnutls_certificate_type_t cert_type,
  52                       const gnutls_datum_t *cert, const gnutls_datum_t *data,
  53                       gnutls_datum_t *sig);
  54 int gtls2_tpm_sign_dummy_data(struct openconnect_info *vpninfo,
  55                               const gnutls_datum_t *data,
  56                               gnutls_datum_t *sig);
  57 #endif /* !HAVE_GNUTLS_CERTIFICATE_SET_KEY */
  58
  59 /* In GnuTLS 2.12 this can't be a real private key; we have to use the sign_callback
  60    instead. But we want to set the 'pkey' variable to *something* non-NULL in order
  61    to indicate that we aren't just using an x509 key. */
  62 #define OPENCONNECT_TPM_PKEY ((void *)1UL)
  63
  64 static inline int sign_dummy_data(struct openconnect_info *vpninfo,
  65                                   gnutls_privkey_t pkey,
  66                                   const gnutls_datum_t *data,
  67                                   gnutls_datum_t *sig)
  68 {
  69 #if defined (HAVE_TROUSERS) && !defined(HAVE_GNUTLS_CERTIFICATE_SET_KEY)
  70         if (pkey == OPENCONNECT_TPM_PKEY)
  71                 return gtls2_tpm_sign_dummy_data(vpninfo, data, sig);
  72 #endif
  73         return gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA1, 0, data, sig);
  74 }
  75
  76 int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
  77                  gnutls_privkey_t *pkey, gnutls_datum_t *pkey_sig);
  78
  79 #endif /* __OPENCONNECT_GNUTLS_H__ */