gloox 1.0.24
tlsgnutlsserveranon.cpp
1/*
2 Copyright (c) 2005-2019 by Jakob Schröter <js@camaya.net>
3 This file is part of the gloox library. http://camaya.net/gloox
4
5 This software is distributed under a license. The full license
6 agreement can be found in the file LICENSE in this distribution.
7 This software may not be copied, modified, sold or distributed
8 other than expressed in the named license agreement.
9
10 This software is distributed without any warranty.
11*/
12
13
14
15#include "tlsgnutlsserveranon.h"
16
17#ifdef HAVE_GNUTLS
18
19#include <errno.h>
20
21namespace gloox
22{
23
25 : GnuTLSBase( th ), m_dhBits( 1024 )
26 {
27 }
28
30 {
31 gnutls_anon_free_server_credentials( m_anoncred );
32 gnutls_dh_params_deinit( m_dhParams );
33 }
34
36 {
38 init();
39 }
40
41 bool GnuTLSServerAnon::init( const std::string&,
42 const std::string&,
43 const StringList& )
44 {
45 if( m_initLib && gnutls_global_init() != 0 )
46 return false;
47
48 if( gnutls_anon_allocate_server_credentials( &m_anoncred ) < 0 )
49 return false;
50
51 generateDH();
52 gnutls_anon_set_server_dh_params( m_anoncred, m_dhParams );
53
54 if( gnutls_init( m_session, GNUTLS_SERVER ) != 0 )
55 return false;
56
57#if GNUTLS_VERSION_NUMBER >= 0x020600
58 int ret = gnutls_priority_set_direct( *m_session, "SECURE128:+PFS:+COMP-ALL:+VERS-TLS-ALL:-VERS-SSL3.0:+SIGN-ALL:+CURVE-ALL:+ANON-ECDH:+ANON-DH", 0 );
59 if( ret != GNUTLS_E_SUCCESS )
60 return false;
61#else
62 const int protocolPriority[] = {
63#ifdef GNUTLS_TLS1_2
64 GNUTLS_TLS1_2,
65#endif
66 GNUTLS_TLS1_1, GNUTLS_TLS1, 0 };
67 const int kxPriority[] = { GNUTLS_KX_ANON_DH, 0 };
68 const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
69 GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
70 const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
71 const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
72 gnutls_protocol_set_priority( *m_session, protocolPriority );
73 gnutls_cipher_set_priority( *m_session, cipherPriority );
74 gnutls_compression_set_priority( *m_session, compPriority );
75 gnutls_kx_set_priority( *m_session, kxPriority );
76 gnutls_mac_set_priority( *m_session, macPriority );
77#endif
78
79 gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred );
80
81 gnutls_dh_set_prime_bits( *m_session, m_dhBits );
82
83 gnutls_transport_set_ptr( *m_session, static_cast<gnutls_transport_ptr_t>( this ) );
84 gnutls_transport_set_push_function( *m_session, pushFunc );
85 gnutls_transport_set_pull_function( *m_session, pullFunc );
86
87 m_valid = true;
88 return true;
89 }
90
91 void GnuTLSServerAnon::generateDH()
92 {
93 gnutls_dh_params_init( &m_dhParams );
94 gnutls_dh_params_generate2( m_dhParams, m_dhBits );
95 }
96
97 void GnuTLSServerAnon::getCertInfo()
98 {
99 m_certInfo.status = CertOk;
100
101 const char* info;
102 info = gnutls_compression_get_name( gnutls_compression_get( *m_session ) );
103 if( info )
104 m_certInfo.compression = info;
105
106 info = gnutls_mac_get_name( gnutls_mac_get( *m_session ) );
107 if( info )
108 m_certInfo.mac = info;
109
110 info = gnutls_cipher_get_name( gnutls_cipher_get( *m_session ) );
111 if( info )
112 m_certInfo.cipher = info;
113
114 info = gnutls_protocol_get_name( gnutls_protocol_get_version( *m_session ) );
115 if( info )
116 m_certInfo.protocol = info;
117
118 m_valid = true;
119 }
120
121}
122
123#endif // HAVE_GNUTLS
This is the common base class for (stream) encryption using GnuTLS.
Definition: tlsgnutlsbase.h:39
virtual void cleanup()
virtual bool init(const std::string &clientKey=EmptyString, const std::string &clientCerts=EmptyString, const StringList &cacerts=StringList())
An interface that allows for interacting with TLS implementations derived from TLSBase.
Definition: tlshandler.h:35
The namespace for the gloox library.
Definition: adhoc.cpp:28
std::list< std::string > StringList
Definition: gloox.h:1251
@ CertOk
Definition: gloox.h:975
std::string cipher
Definition: gloox.h:1002
std::string mac
Definition: gloox.h:1003
std::string protocol
Definition: gloox.h:1001
std::string compression
Definition: gloox.h:1004