lib/ext_srp.c

   1 /*
   2  * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2010 Free Software
   3  * Foundation, Inc.
   4  *
   5  * Author: Nikos Mavrogiannopoulos
   6  *
   7  * This file is part of GnuTLS.
   8  *
   9  * The GnuTLS is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * as published by the Free Software Foundation; either version 2.1 of
  12  * the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful, but
  15  * WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  22  * USA
  23  *
  24  */
  25
  26 #include <gnutls_int.h>
  27 #include <ext_srp.h>
  28
  29 #ifdef ENABLE_SRP
  30
  31 #include "gnutls_auth.h"
  32 #include "auth_srp.h"
  33 #include "gnutls_errors.h"
  34 #include "gnutls_algorithms.h"
  35 #include <gnutls_num.h>
  36 #include <gnutls_extensions.h>
  37
  38 static int _gnutls_srp_unpack (gnutls_buffer_st * ps,
  39                                extension_priv_data_t * _priv);
  40 static int _gnutls_srp_pack (extension_priv_data_t epriv,
  41                              gnutls_buffer_st * ps);
  42 static void _gnutls_srp_deinit_data (extension_priv_data_t epriv);
  43 static int _gnutls_srp_recv_params (gnutls_session_t state,
  44                                     const opaque * data, size_t data_size);
  45 static int _gnutls_srp_send_params (gnutls_session_t state, opaque * data,
  46                                     size_t);
  47
  48 extension_entry_st ext_mod_srp = {
  49   .name = "SRP",
  50   .type = GNUTLS_EXTENSION_SRP,
  51   .parse_type = GNUTLS_EXT_TLS,
  52
  53   .recv_func = _gnutls_srp_recv_params,
  54   .send_func = _gnutls_srp_send_params,
  55   .pack_func = _gnutls_srp_pack,
  56   .unpack_func = _gnutls_srp_unpack,
  57   .deinit_func = _gnutls_srp_deinit_data
  58 };
  59
  60
  61 static int
  62 _gnutls_srp_recv_params (gnutls_session_t session, const opaque * data,
  63                          size_t _data_size)
  64 {
  65   uint8_t len;
  66   ssize_t data_size = _data_size;
  67   extension_priv_data_t epriv;
  68   srp_ext_st *priv;
  69
  70   if (session->security_parameters.entity == GNUTLS_SERVER)
  71     {
  72       if (data_size > 0)
  73         {
  74           len = data[0];
  75           DECR_LEN (data_size, len);
  76
  77           if (MAX_USERNAME_SIZE < len)
  78             {
  79               gnutls_assert ();
  80               return GNUTLS_E_ILLEGAL_SRP_USERNAME;
  81             }
  82
  83           priv = gnutls_calloc (1, sizeof (*priv));
  84           if (priv == NULL)
  85             {
  86               gnutls_assert ();
  87               return GNUTLS_E_MEMORY_ERROR;
  88             }
  89
  90           priv->username = gnutls_malloc (len + 1);
  91           if (priv->username)
  92             {
  93               memcpy (priv->username, &data[1], len);
  94               /* null terminated */
  95               priv->username[len] = 0;
  96             }
  97
  98           epriv.ptr = priv;
  99           _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
 100         }
 101     }
 102   return 0;
 103 }
 104
 105 /* returns data_size or a negative number on failure
 106  * data is allocated locally
 107  */
 108 static int
 109 _gnutls_srp_send_params (gnutls_session_t session, opaque * data,
 110                          size_t data_size)
 111 {
 112   unsigned len;
 113   extension_priv_data_t epriv;
 114   srp_ext_st *priv;
 115
 116   if (_gnutls_kx_priority (session, GNUTLS_KX_SRP) < 0 &&
 117       _gnutls_kx_priority (session, GNUTLS_KX_SRP_DSS) < 0 &&
 118       _gnutls_kx_priority (session, GNUTLS_KX_SRP_RSA) < 0)
 119     {
 120       /* algorithm was not allowed in this session
 121        */
 122       return 0;
 123     }
 124
 125   /* this function sends the client extension data (username) */
 126   if (session->security_parameters.entity == GNUTLS_CLIENT)
 127     {
 128       gnutls_srp_client_credentials_t cred = (gnutls_srp_client_credentials_t)
 129         _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
 130
 131       if (cred == NULL)
 132         return 0;
 133
 134       if (cred->username != NULL)
 135         {                       /* send username */
 136           len = MIN (strlen (cred->username), 255);
 137
 138           if (data_size < len + 1)
 139             {
 140               gnutls_assert ();
 141               return GNUTLS_E_SHORT_MEMORY_BUFFER;
 142             }
 143
 144           data[0] = (uint8_t) len;
 145           memcpy (&data[1], cred->username, len);
 146           return len + 1;
 147         }
 148       else if (cred->get_function != NULL)
 149         {
 150           /* Try the callback
 151            */
 152           char *username = NULL, *password = NULL;
 153
 154           if (cred->get_function (session, &username, &password) < 0
 155               || username == NULL || password == NULL)
 156             {
 157               gnutls_assert ();
 158               return GNUTLS_E_ILLEGAL_SRP_USERNAME;
 159             }
 160
 161           len = MIN (strlen (username), 255);
 162
 163           if (data_size < len + 1)
 164             {
 165               gnutls_free (username);
 166               gnutls_free (password);
 167               gnutls_assert ();
 168               return GNUTLS_E_SHORT_MEMORY_BUFFER;
 169             }
 170
 171           priv = gnutls_malloc (sizeof (*priv));
 172           if (priv == NULL)
 173             {
 174               gnutls_assert ();
 175               return GNUTLS_E_MEMORY_ERROR;
 176             }
 177
 178           priv->username = username;
 179           priv->password = password;
 180
 181           epriv.ptr = priv;
 182           _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
 183
 184           data[0] = (uint8_t) len;
 185           memcpy (&data[1], username, len);
 186           return len + 1;
 187         }
 188     }
 189   return 0;
 190 }
 191
 192 static void
 193 _gnutls_srp_deinit_data (extension_priv_data_t epriv)
 194 {
 195   srp_ext_st *priv = epriv.ptr;
 196
 197   gnutls_free (priv->username);
 198   gnutls_free (priv->password);
 199   gnutls_free (priv);
 200 }
 201
 202 static int
 203 _gnutls_srp_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
 204 {
 205   srp_ext_st *priv = epriv.ptr;
 206   int ret;
 207   int password_len = 0, username_len = 0;
 208
 209   if (priv->username)
 210     username_len = strlen (priv->username);
 211
 212   if (priv->password)
 213     password_len = strlen (priv->password);
 214
 215   BUFFER_APPEND_PFX (ps, priv->username, username_len);
 216   BUFFER_APPEND_PFX (ps, priv->password, password_len);
 217
 218   return 0;
 219 }
 220
 221 static int
 222 _gnutls_srp_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv)
 223 {
 224   srp_ext_st *priv;
 225   int ret;
 226   extension_priv_data_t epriv;
 227   gnutls_datum username = { NULL, 0 }, password =
 228   {
 229   NULL, 0};
 230
 231   priv = gnutls_calloc (1, sizeof (*priv));
 232   if (priv == NULL)
 233     {
 234       gnutls_assert ();
 235       return GNUTLS_E_MEMORY_ERROR;
 236     }
 237
 238   BUFFER_POP_DATUM (ps, &username);
 239   BUFFER_POP_DATUM (ps, &password);
 240
 241   priv->username = username.data;
 242   priv->password = password.data;
 243
 244   epriv.ptr = priv;
 245   *_priv = epriv;
 246
 247   return 0;
 248
 249 error:
 250   _gnutls_free_datum (&username);
 251   _gnutls_free_datum (&password);
 252   return ret;
 253 }
 254
 255
 256 #endif /* ENABLE_SRP */