lib/gnutls_psk.c

   1 /*
   2  * Copyright (C) 2005, 2007 Free Software Foundation
   3  *
   4  * Author: Nikos Mavroyanopoulos
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * The GNUTLS library is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 /* Functions for manipulating the PSK credentials. */
  26
  27 #include <gnutls_int.h>
  28 #include <gnutls_errors.h>
  29 #include <auth_psk.h>
  30 #include <gnutls_state.h>
  31
  32 #ifdef ENABLE_PSK
  33
  34 #include <auth_psk_passwd.h>
  35 #include <gnutls_num.h>
  36 #include <gnutls_helper.h>
  37 #include <gnutls_datum.h>
  38 #include "debug.h"
  39
  40 /**
  41   * gnutls_psk_free_client_credentials - Used to free an allocated gnutls_psk_client_credentials_t structure
  42   * @sc: is an #gnutls_psk_client_credentials_t structure.
  43   *
  44   * This structure is complex enough to manipulate directly thus
  45   * this helper function is provided in order to free (deallocate) it.
  46   *
  47   **/
  48 void
  49 gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc)
  50 {
  51   _gnutls_free_datum (&sc->username);
  52   _gnutls_free_datum (&sc->key);
  53   gnutls_free (sc);
  54 }
  55
  56 /**
  57   * gnutls_psk_allocate_client_credentials - Used to allocate an gnutls_psk_server_credentials_t structure
  58   * @sc: is a pointer to an #gnutls_psk_server_credentials_t structure.
  59   *
  60   * This structure is complex enough to manipulate directly thus
  61   * this helper function is provided in order to allocate it.
  62   *
  63   * Returns 0 on success.
  64   **/
  65 int
  66 gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc)
  67 {
  68   *sc = gnutls_calloc (1, sizeof (psk_client_credentials_st));
  69
  70   if (*sc == NULL)
  71     return GNUTLS_E_MEMORY_ERROR;
  72
  73   return 0;
  74 }
  75
  76 /**
  77   * gnutls_psk_set_client_credentials - Used to set the username/password, in a gnutls_psk_client_credentials_t structure
  78   * @res: is an #gnutls_psk_client_credentials_t structure.
  79   * @username: is the user's zero-terminated userid
  80   * @key: is the user's key
  81   * @format: indicate the format of the key, either
  82   * %GNUTLS_PSK_KEY_RAW or %GNUTLS_PSK_KEY_HEX.
  83   *
  84   * This function sets the username and password, in a
  85   * gnutls_psk_client_credentials_t structure.  Those will be used in
  86   * PSK authentication. @username should be an ASCII
  87   * string or UTF-8 strings prepared using the "SASLprep" profile of
  88   * "stringprep". The key can be either in raw byte format or in Hex
  89   * (not with the '0x' prefix).
  90   *
  91   * Returns 0 on success.
  92   **/
  93 int
  94 gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
  95                                    const char *username,
  96                                    const gnutls_datum_t * key,
  97                                    gnutls_psk_key_flags flags)
  98 {
  99   int ret;
 100
 101   if (username == NULL || key == NULL || key->data == NULL)
 102     {
 103       gnutls_assert ();
 104       return GNUTLS_E_INVALID_REQUEST;
 105     }
 106
 107   ret = _gnutls_set_datum (&res->username, username, strlen (username));
 108   if (ret < 0)
 109     return ret;
 110
 111   if (flags == GNUTLS_PSK_KEY_RAW)
 112     {
 113       if (_gnutls_set_datum (&res->key, key->data, key->size) < 0)
 114         {
 115           gnutls_assert ();
 116           ret = GNUTLS_E_MEMORY_ERROR;
 117           goto error;
 118         }
 119     }
 120   else
 121     {                           /* HEX key */
 122       size_t size;
 123       size = res->key.size = key->size / 2;
 124       res->key.data = gnutls_malloc (size);
 125       if (res->key.data == NULL)
 126         {
 127           gnutls_assert ();
 128           ret = GNUTLS_E_MEMORY_ERROR;
 129           goto error;
 130         }
 131
 132       ret = gnutls_hex_decode (key, (char *) res->key.data, &size);
 133       res->key.size = (unsigned int)size;
 134       if (ret < 0)
 135         {
 136           gnutls_assert ();
 137           goto error;
 138         }
 139
 140     }
 141
 142   return 0;
 143
 144 error:
 145   _gnutls_free_datum (&res->username);
 146
 147   return ret;
 148 }
 149
 150 /**
 151   * gnutls_psk_free_server_credentials - Used to free an allocated gnutls_psk_server_credentials_t structure
 152   * @sc: is an #gnutls_psk_server_credentials_t structure.
 153   *
 154   * This structure is complex enough to manipulate directly thus
 155   * this helper function is provided in order to free (deallocate) it.
 156   *
 157   **/
 158 void
 159 gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc)
 160 {
 161   gnutls_free (sc->password_file);
 162   gnutls_free (sc);
 163 }
 164
 165 /**
 166   * gnutls_psk_allocate_server_credentials - Used to allocate an gnutls_psk_server_credentials_t structure
 167   * @sc: is a pointer to an #gnutls_psk_server_credentials_t structure.
 168   *
 169   * This structure is complex enough to manipulate directly thus
 170   * this helper function is provided in order to allocate it.
 171   *
 172   * Returns 0 on success.
 173   **/
 174 int
 175 gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t * sc)
 176 {
 177   *sc = gnutls_calloc (1, sizeof (psk_server_cred_st));
 178
 179   if (*sc == NULL)
 180     return GNUTLS_E_MEMORY_ERROR;
 181
 182   return 0;
 183 }
 184
 185
 186 /**
 187   * gnutls_psk_set_server_credentials_file - Used to set the password files, in a gnutls_psk_server_credentials_t structure
 188   * @res: is an #gnutls_psk_server_credentials_t structure.
 189   * @password_file: is the PSK password file (passwd.psk)
 190   *
 191   * This function sets the password file, in a gnutls_psk_server_credentials_t structure.
 192   * This password file holds usernames and keys and will be used for PSK authentication.
 193   *
 194   * Returns 0 on success.
 195   *
 196   **/
 197 int
 198 gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
 199                                         res, const char *password_file)
 200 {
 201
 202   if (password_file == NULL)
 203     {
 204       gnutls_assert ();
 205       return GNUTLS_E_INVALID_REQUEST;
 206     }
 207
 208   /* Check if the files can be opened */
 209   if (_gnutls_file_exists (password_file) != 0)
 210     {
 211       gnutls_assert ();
 212       return GNUTLS_E_FILE_ERROR;
 213     }
 214
 215   res->password_file = gnutls_strdup (password_file);
 216   if (res->password_file == NULL)
 217     {
 218       gnutls_assert ();
 219       return GNUTLS_E_MEMORY_ERROR;
 220     }
 221
 222   return 0;
 223 }
 224
 225
 226 /**
 227   * gnutls_psk_set_server_credentials_function - Used to set a callback to retrieve the user's PSK credentials
 228   * @cred: is a #gnutls_psk_server_credentials_t structure.
 229   * @func: is the callback function
 230   *
 231   * This function can be used to set a callback to retrieve the user's PSK credentials.
 232   * The callback's function form is:
 233   * int (*callback)(gnutls_session_t, const char* username,
 234   *  gnutls_datum_t* key);
 235   *
 236   * @username contains the actual username.
 237   * The @key must be filled in using the gnutls_malloc().
 238   *
 239   * In case the callback returned a negative number then gnutls will
 240   * assume that the username does not exist.
 241   *
 242   * The callback function will only be called once per handshake.
 243   * The callback function should return 0 on success, while
 244   * -1 indicates an error.
 245   *
 246   **/
 247 void
 248 gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t
 249                                             cred,
 250                                             gnutls_psk_server_credentials_function
 251                                             * func)
 252 {
 253   cred->pwd_callback = func;
 254 }
 255
 256 /**
 257   * gnutls_psk_set_client_credentials_function - Used to set a callback to retrieve the username and key
 258   * @cred: is a #gnutls_psk_server_credentials_t structure.
 259   * @func: is the callback function
 260   *
 261   * This function can be used to set a callback to retrieve the username and
 262   * password for client PSK authentication.
 263   * The callback's function form is:
 264   * int (*callback)(gnutls_session_t, char** username,
 265   *  gnutls_datum_t* key);
 266   *
 267   * The @username and @key must be allocated using gnutls_malloc().
 268   * @username should be ASCII strings or UTF-8 strings
 269   * prepared using the "SASLprep" profile of "stringprep".
 270   *
 271   * The callback function will be called once per handshake.
 272   *
 273   * The callback function should return 0 on success.
 274   * -1 indicates an error.
 275   *
 276   **/
 277 void
 278 gnutls_psk_set_client_credentials_function (gnutls_psk_client_credentials_t
 279                                             cred,
 280                                             gnutls_psk_client_credentials_function
 281                                             * func)
 282 {
 283   cred->get_function = func;
 284 }
 285
 286
 287 /**
 288   * gnutls_psk_server_get_username - This function returns the username of the peer
 289   * @session: is a gnutls session
 290   *
 291   * This function will return the username of the peer. This should only be
 292   * called in case of PSK authentication and in case of a server.
 293   * Returns NULL in case of an error.
 294   *
 295   **/
 296 const char *
 297 gnutls_psk_server_get_username (gnutls_session_t session)
 298 {
 299   psk_auth_info_t info;
 300
 301   CHECK_AUTH (GNUTLS_CRD_PSK, NULL);
 302
 303   info = _gnutls_get_auth_info (session);
 304   if (info == NULL)
 305     return NULL;
 306
 307   if (info->username[0] != 0)
 308     return info->username;
 309
 310   return NULL;
 311 }
 312
 313 /**
 314   * gnutls_hex_decode - This function will decode hex encoded data
 315   * @hex_data: contain the encoded data
 316   * @result: the place where decoded data will be copied
 317   * @result_size: holds the size of the result
 318   *
 319   * This function will decode the given encoded data, using the hex encoding
 320   * used by PSK password files.
 321   *
 322   * Note that hex_data should be null terminated.
 323   *
 324   * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not long enough,
 325   * or 0 on success.
 326   **/
 327 int
 328 gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result,
 329                    size_t * result_size)
 330 {
 331   int ret;
 332
 333   ret =
 334     _gnutls_hex2bin (hex_data->data, hex_data->size, (opaque *) result,
 335                      result_size);
 336   if (ret < 0)
 337     return ret;
 338
 339   return 0;
 340 }
 341
 342 /**
 343   * gnutls_hex_encode - This function will convert raw data to hex encoded
 344   * @data: contain the raw data
 345   * @result: the place where hex data will be copied
 346   * @result_size: holds the size of the result
 347   *
 348   * This function will convert the given data to printable data, using the hex
 349   * encoding, as used in the PSK password files.
 350   *
 351   * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not long enough,
 352   * or 0 on success.
 353   **/
 354 int
 355 gnutls_hex_encode (const gnutls_datum_t * data, char *result,
 356                    size_t * result_size)
 357 {
 358   if (*result_size < data->size + data->size + 1)
 359     {
 360       gnutls_assert ();
 361       return GNUTLS_E_SHORT_MEMORY_BUFFER;
 362     }
 363
 364   _gnutls_bin2hex (data->data, data->size, result, *result_size);
 365
 366   return 0;
 367 }
 368
 369 /**
 370   * gnutls_psk_set_server_dh_params - This function will set the DH parameters for a server to use
 371   * @res: is a gnutls_psk_server_credentials_t structure
 372   * @dh_params: is a structure that holds diffie hellman parameters.
 373   *
 374   * This function will set the diffie hellman parameters for an anonymous
 375   * server to use. These parameters will be used in Diffie Hellman with PSK
 376   * cipher suites.
 377   *
 378   **/
 379 void
 380 gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
 381                                  gnutls_dh_params_t dh_params)
 382 {
 383   res->dh_params = dh_params;
 384 }
 385
 386 /**
 387   * gnutls_psk_set_server_params_function - This function will set the DH parameters callback
 388   * @res: is a gnutls_certificate_credentials_t structure
 389   * @func: is the function to be called
 390   *
 391   * This function will set a callback in order for the server to get the
 392   * diffie hellman parameters for PSK authentication. The callback should
 393   * return zero on success.
 394   *
 395   **/
 396 void
 397 gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t res,
 398                                        gnutls_params_function * func)
 399 {
 400   res->params_func = func;
 401 }
 402
 403 #endif /* ENABLE_PSK */