Next: TLS Hello Extension Handling, Previous: TLS Handshake Protocol, Up: Internal architecture of GnuTLS [Contents][Index]
In GnuTLS authentication methods can be implemented quite easily. Since the required changes to add a new authentication method affect only the handshake protocol, a simple interface is used. An authentication method needs to implement the functions shown below.
typedef struct
{
const char *name;
int (*gnutls_generate_server_certificate) (gnutls_session_t, gnutls_buffer_st*);
int (*gnutls_generate_client_certificate) (gnutls_session_t, gnutls_buffer_st*);
int (*gnutls_generate_server_kx) (gnutls_session_t, gnutls_buffer_st*);
int (*gnutls_generate_client_kx) (gnutls_session_t, gnutls_buffer_st*);
int (*gnutls_generate_client_cert_vrfy) (gnutls_session_t, gnutls_buffer_st *);
int (*gnutls_generate_server_certificate_request) (gnutls_session_t,
gnutls_buffer_st *);
int (*gnutls_process_server_certificate) (gnutls_session_t, opaque *,
size_t);
int (*gnutls_process_client_certificate) (gnutls_session_t, opaque *,
size_t);
int (*gnutls_process_server_kx) (gnutls_session_t, opaque *, size_t);
int (*gnutls_process_client_kx) (gnutls_session_t, opaque *, size_t);
int (*gnutls_process_client_cert_vrfy) (gnutls_session_t, opaque *, size_t);
int (*gnutls_process_server_certificate_request) (gnutls_session_t,
opaque *, size_t);
} mod_auth_st;
Those functions are responsible for the
interpretation of the handshake protocol messages. It is common for such
functions to read data from one or more credentials_t
structures23 and write data,
such as certificates, usernames etc. to auth_info_t structures.
Simple examples of existing authentication methods can be seen in
auth/psk.c for PSK ciphersuites and auth/srp.c for SRP
ciphersuites. After implementing these functions the structure holding
its pointers has to be registered in gnutls_algorithms.c in the
_gnutls_kx_algorithms structure.