lib/ext_srp.c

   1 /*
   2  * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation
   3  *
   4  * Author: Nikos Mavroyanopoulos
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * The GNUTLS library is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 #include <gnutls_int.h>
  26 #include <ext_srp.h>
  27
  28 #ifdef ENABLE_SRP
  29
  30 #include "gnutls_auth_int.h"
  31 #include "auth_srp.h"
  32 #include "gnutls_errors.h"
  33 #include "gnutls_algorithms.h"
  34 #include <gnutls_num.h>
  35
  36 int
  37 _gnutls_srp_recv_params (gnutls_session_t session, const opaque * data,
  38                          size_t _data_size)
  39 {
  40   uint8_t len;
  41   ssize_t data_size = _data_size;
  42
  43   if (_gnutls_kx_priority (session, GNUTLS_KX_SRP) < 0 &&
  44       _gnutls_kx_priority (session, GNUTLS_KX_SRP_DSS) < 0 &&
  45       _gnutls_kx_priority (session, GNUTLS_KX_SRP_RSA) < 0)
  46     {
  47       /* algorithm was not allowed in this session
  48        */
  49       return 0;
  50     }
  51
  52   if (session->security_parameters.entity == GNUTLS_SERVER)
  53     {
  54       if (data_size > 0)
  55         {
  56           len = data[0];
  57           DECR_LEN (data_size, len);
  58
  59           if (MAX_SRP_USERNAME < len)
  60             {
  61               gnutls_assert ();
  62               return GNUTLS_E_ILLEGAL_SRP_USERNAME;
  63             }
  64           memcpy (session->security_parameters.extensions.srp_username,
  65                   &data[1], len);
  66           /* null terminated */
  67           session->security_parameters.extensions.srp_username[len] = 0;
  68         }
  69     }
  70   return 0;
  71 }
  72
  73 /* returns data_size or a negative number on failure
  74  * data is allocated locally
  75  */
  76 int
  77 _gnutls_srp_send_params (gnutls_session_t session, opaque * data,
  78                          size_t data_size)
  79 {
  80   unsigned len;
  81
  82   if (_gnutls_kx_priority (session, GNUTLS_KX_SRP) < 0 &&
  83       _gnutls_kx_priority (session, GNUTLS_KX_SRP_DSS) < 0 &&
  84       _gnutls_kx_priority (session, GNUTLS_KX_SRP_RSA) < 0)
  85     {
  86       /* algorithm was not allowed in this session
  87        */
  88       return 0;
  89     }
  90
  91   /* this function sends the client extension data (username) */
  92   if (session->security_parameters.entity == GNUTLS_CLIENT)
  93     {
  94       gnutls_srp_client_credentials_t cred = (gnutls_srp_client_credentials_t)
  95         _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
  96
  97       if (cred == NULL)
  98         return 0;
  99
 100       if (cred->username != NULL)
 101         {                       /* send username */
 102           len = MIN (strlen (cred->username), 255);
 103
 104           if (data_size < len + 1)
 105             {
 106               gnutls_assert ();
 107               return GNUTLS_E_SHORT_MEMORY_BUFFER;
 108             }
 109
 110           data[0] = (uint8_t) len;
 111           memcpy (&data[1], cred->username, len);
 112           return len + 1;
 113         }
 114       else if (cred->get_function != NULL)
 115         {
 116           /* Try the callback
 117            */
 118           char *username = NULL, *password = NULL;
 119
 120           if (cred->get_function (session,
 121                                   session->internals.handshake_restarted,
 122                                   &username, &password) < 0
 123               || username == NULL || password == NULL)
 124             {
 125
 126               if (session->internals.handshake_restarted)
 127                 {
 128                   gnutls_assert ();
 129                   return GNUTLS_E_ILLEGAL_SRP_USERNAME;
 130                 }
 131
 132               return 0;
 133             }
 134
 135           len = MIN (strlen (username), 255);
 136
 137           if (data_size < len + 1)
 138             {
 139               gnutls_free (username);
 140               gnutls_free (password);
 141               gnutls_assert ();
 142               return GNUTLS_E_SHORT_MEMORY_BUFFER;
 143             }
 144
 145           session->internals.srp_username = username;
 146           session->internals.srp_password = password;
 147
 148           data[0] = (uint8_t) len;
 149           memcpy (&data[1], username, len);
 150           return len + 1;
 151         }
 152     }
 153   return 0;
 154 }
 155
 156 #endif /* ENABLE_SRP */