2 * Copyright (C) 2005, 2007 Free Software Foundation
4 * Author: Nikos Mavroyanopoulos
6 * This file is part of GNUTLS.
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
25 /* Functions for manipulating the PSK credentials. */
27 #include <gnutls_int.h>
28 #include <gnutls_errors.h>
30 #include <gnutls_state.h>
34 #include <auth_psk_passwd.h>
35 #include <gnutls_num.h>
36 #include <gnutls_helper.h>
37 #include <gnutls_datum.h>
41 * gnutls_psk_free_client_credentials - Used to free an allocated gnutls_psk_client_credentials_t structure
42 * @sc: is an #gnutls_psk_client_credentials_t structure.
44 * This structure is complex enough to manipulate directly thus
45 * this helper function is provided in order to free (deallocate) it.
49 gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc
)
51 _gnutls_free_datum (&sc
->username
);
52 _gnutls_free_datum (&sc
->key
);
57 * gnutls_psk_allocate_client_credentials - Used to allocate an gnutls_psk_server_credentials_t structure
58 * @sc: is a pointer to an #gnutls_psk_server_credentials_t structure.
60 * This structure is complex enough to manipulate directly thus
61 * this helper function is provided in order to allocate it.
63 * Returns 0 on success.
66 gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t
* sc
)
68 *sc
= gnutls_calloc (1, sizeof (psk_client_credentials_st
));
71 return GNUTLS_E_MEMORY_ERROR
;
77 * gnutls_psk_set_client_credentials - Used to set the username/password, in a gnutls_psk_client_credentials_t structure
78 * @res: is an #gnutls_psk_client_credentials_t structure.
79 * @username: is the user's zero-terminated userid
80 * @key: is the user's key
81 * @format: indicate the format of the key, either
82 * %GNUTLS_PSK_KEY_RAW or %GNUTLS_PSK_KEY_HEX.
84 * This function sets the username and password, in a
85 * gnutls_psk_client_credentials_t structure. Those will be used in
86 * PSK authentication. @username should be an ASCII
87 * string or UTF-8 strings prepared using the "SASLprep" profile of
88 * "stringprep". The key can be either in raw byte format or in Hex
89 * (not with the '0x' prefix).
91 * Returns 0 on success.
94 gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res
,
96 const gnutls_datum_t
* key
,
97 gnutls_psk_key_flags flags
)
101 if (username
== NULL
|| key
== NULL
|| key
->data
== NULL
)
104 return GNUTLS_E_INVALID_REQUEST
;
107 ret
= _gnutls_set_datum (&res
->username
, username
, strlen (username
));
111 if (flags
== GNUTLS_PSK_KEY_RAW
)
113 if (_gnutls_set_datum (&res
->key
, key
->data
, key
->size
) < 0)
116 ret
= GNUTLS_E_MEMORY_ERROR
;
123 size
= res
->key
.size
= key
->size
/ 2;
124 res
->key
.data
= gnutls_malloc (size
);
125 if (res
->key
.data
== NULL
)
128 ret
= GNUTLS_E_MEMORY_ERROR
;
132 ret
= gnutls_hex_decode (key
, (char *) res
->key
.data
, &size
);
133 res
->key
.size
= (unsigned int)size
;
145 _gnutls_free_datum (&res
->username
);
151 * gnutls_psk_free_server_credentials - Used to free an allocated gnutls_psk_server_credentials_t structure
152 * @sc: is an #gnutls_psk_server_credentials_t structure.
154 * This structure is complex enough to manipulate directly thus
155 * this helper function is provided in order to free (deallocate) it.
159 gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc
)
161 gnutls_free (sc
->password_file
);
166 * gnutls_psk_allocate_server_credentials - Used to allocate an gnutls_psk_server_credentials_t structure
167 * @sc: is a pointer to an #gnutls_psk_server_credentials_t structure.
169 * This structure is complex enough to manipulate directly thus
170 * this helper function is provided in order to allocate it.
172 * Returns 0 on success.
175 gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t
* sc
)
177 *sc
= gnutls_calloc (1, sizeof (psk_server_cred_st
));
180 return GNUTLS_E_MEMORY_ERROR
;
187 * gnutls_psk_set_server_credentials_file - Used to set the password files, in a gnutls_psk_server_credentials_t structure
188 * @res: is an #gnutls_psk_server_credentials_t structure.
189 * @password_file: is the PSK password file (passwd.psk)
191 * This function sets the password file, in a gnutls_psk_server_credentials_t structure.
192 * This password file holds usernames and keys and will be used for PSK authentication.
194 * Returns 0 on success.
198 gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
199 res
, const char *password_file
)
202 if (password_file
== NULL
)
205 return GNUTLS_E_INVALID_REQUEST
;
208 /* Check if the files can be opened */
209 if (_gnutls_file_exists (password_file
) != 0)
212 return GNUTLS_E_FILE_ERROR
;
215 res
->password_file
= gnutls_strdup (password_file
);
216 if (res
->password_file
== NULL
)
219 return GNUTLS_E_MEMORY_ERROR
;
227 * gnutls_psk_set_server_credentials_function - Used to set a callback to retrieve the user's PSK credentials
228 * @cred: is a #gnutls_psk_server_credentials_t structure.
229 * @func: is the callback function
231 * This function can be used to set a callback to retrieve the user's PSK credentials.
232 * The callback's function form is:
233 * int (*callback)(gnutls_session_t, const char* username,
234 * gnutls_datum_t* key);
236 * @username contains the actual username.
237 * The @key must be filled in using the gnutls_malloc().
239 * In case the callback returned a negative number then gnutls will
240 * assume that the username does not exist.
242 * The callback function will only be called once per handshake.
243 * The callback function should return 0 on success, while
244 * -1 indicates an error.
248 gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t
250 gnutls_psk_server_credentials_function
253 cred
->pwd_callback
= func
;
257 * gnutls_psk_set_client_credentials_function - Used to set a callback to retrieve the username and key
258 * @cred: is a #gnutls_psk_server_credentials_t structure.
259 * @func: is the callback function
261 * This function can be used to set a callback to retrieve the username and
262 * password for client PSK authentication.
263 * The callback's function form is:
264 * int (*callback)(gnutls_session_t, char** username,
265 * gnutls_datum_t* key);
267 * The @username and @key must be allocated using gnutls_malloc().
268 * @username should be ASCII strings or UTF-8 strings
269 * prepared using the "SASLprep" profile of "stringprep".
271 * The callback function will be called once per handshake.
273 * The callback function should return 0 on success.
274 * -1 indicates an error.
278 gnutls_psk_set_client_credentials_function (gnutls_psk_client_credentials_t
280 gnutls_psk_client_credentials_function
283 cred
->get_function
= func
;
288 * gnutls_psk_server_get_username - This function returns the username of the peer
289 * @session: is a gnutls session
291 * This function will return the username of the peer. This should only be
292 * called in case of PSK authentication and in case of a server.
293 * Returns NULL in case of an error.
297 gnutls_psk_server_get_username (gnutls_session_t session
)
299 psk_auth_info_t info
;
301 CHECK_AUTH (GNUTLS_CRD_PSK
, NULL
);
303 info
= _gnutls_get_auth_info (session
);
307 if (info
->username
[0] != 0)
308 return info
->username
;
314 * gnutls_hex_decode - This function will decode hex encoded data
315 * @hex_data: contain the encoded data
316 * @result: the place where decoded data will be copied
317 * @result_size: holds the size of the result
319 * This function will decode the given encoded data, using the hex encoding
320 * used by PSK password files.
322 * Note that hex_data should be null terminated.
324 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not long enough,
328 gnutls_hex_decode (const gnutls_datum_t
* hex_data
, char *result
,
329 size_t * result_size
)
334 _gnutls_hex2bin (hex_data
->data
, hex_data
->size
, (opaque
*) result
,
343 * gnutls_hex_encode - This function will convert raw data to hex encoded
344 * @data: contain the raw data
345 * @result: the place where hex data will be copied
346 * @result_size: holds the size of the result
348 * This function will convert the given data to printable data, using the hex
349 * encoding, as used in the PSK password files.
351 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not long enough,
355 gnutls_hex_encode (const gnutls_datum_t
* data
, char *result
,
356 size_t * result_size
)
358 if (*result_size
< data
->size
+ data
->size
+ 1)
361 return GNUTLS_E_SHORT_MEMORY_BUFFER
;
364 _gnutls_bin2hex (data
->data
, data
->size
, result
, *result_size
);
370 * gnutls_psk_set_server_dh_params - This function will set the DH parameters for a server to use
371 * @res: is a gnutls_psk_server_credentials_t structure
372 * @dh_params: is a structure that holds diffie hellman parameters.
374 * This function will set the diffie hellman parameters for an anonymous
375 * server to use. These parameters will be used in Diffie Hellman with PSK
380 gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res
,
381 gnutls_dh_params_t dh_params
)
383 res
->dh_params
= dh_params
;
387 * gnutls_psk_set_server_params_function - This function will set the DH parameters callback
388 * @res: is a gnutls_certificate_credentials_t structure
389 * @func: is the function to be called
391 * This function will set a callback in order for the server to get the
392 * diffie hellman parameters for PSK authentication. The callback should
393 * return zero on success.
397 gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t res
,
398 gnutls_params_function
* func
)
400 res
->params_func
= func
;
403 #endif /* ENABLE_PSK */