lib/auth_srp_rsa.c

   1 /*
   2  * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * The GNUTLS library is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 #include <gnutls_int.h>
  26
  27 #ifdef ENABLE_SRP
  28
  29 #include "gnutls_errors.h"
  30 #include "auth_srp_passwd.h"
  31 #include "gnutls_auth.h"
  32 #include "gnutls_auth_int.h"
  33 #include "gnutls_srp.h"
  34 #include "debug.h"
  35 #include "gnutls_num.h"
  36 #include "auth_srp.h"
  37 #include <gnutls_str.h>
  38 #include <auth_cert.h>
  39 #include <gnutls_datum.h>
  40 #include <gnutls_sig.h>
  41 #include <auth_srp.h>
  42 #include <gnutls_x509.h>
  43
  44 static int gen_srp_cert_server_kx (gnutls_session_t, opaque **);
  45 static int proc_srp_cert_server_kx (gnutls_session_t, opaque *, size_t);
  46
  47 const mod_auth_st srp_rsa_auth_struct = {
  48   "SRP",
  49   _gnutls_gen_cert_server_certificate,
  50   NULL,
  51   gen_srp_cert_server_kx,
  52   _gnutls_gen_srp_client_kx,
  53   NULL,
  54   NULL,
  55
  56   _gnutls_proc_cert_server_certificate,
  57   NULL,                         /* certificate */
  58   proc_srp_cert_server_kx,
  59   _gnutls_proc_srp_client_kx,
  60   NULL,
  61   NULL
  62 };
  63
  64 const mod_auth_st srp_dss_auth_struct = {
  65   "SRP",
  66   _gnutls_gen_cert_server_certificate,
  67   NULL,
  68   gen_srp_cert_server_kx,
  69   _gnutls_gen_srp_client_kx,
  70   NULL,
  71   NULL,
  72
  73   _gnutls_proc_cert_server_certificate,
  74   NULL,                         /* certificate */
  75   proc_srp_cert_server_kx,
  76   _gnutls_proc_srp_client_kx,
  77   NULL,
  78   NULL
  79 };
  80
  81 static int
  82 gen_srp_cert_server_kx (gnutls_session_t session, opaque ** data)
  83 {
  84   ssize_t ret, data_size;
  85   gnutls_datum_t signature, ddata;
  86   gnutls_certificate_credentials_t cred;
  87   gnutls_cert *apr_cert_list;
  88   gnutls_privkey *apr_pkey;
  89   int apr_cert_list_length;
  90
  91   ret = _gnutls_gen_srp_server_kx (session, data);
  92
  93   if (ret < 0)
  94     return ret;
  95
  96   data_size = ret;
  97   ddata.data = *data;
  98   ddata.size = data_size;
  99
 100   cred = (gnutls_certificate_credentials_t)
 101     _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
 102   if (cred == NULL)
 103     {
 104       gnutls_assert ();
 105       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 106     }
 107
 108   /* find the appropriate certificate */
 109   if ((ret =
 110        _gnutls_get_selected_cert (session, &apr_cert_list,
 111                                   &apr_cert_list_length, &apr_pkey)) < 0)
 112     {
 113       gnutls_assert ();
 114       return ret;
 115     }
 116
 117   if ((ret =
 118        _gnutls_tls_sign_params (session, &apr_cert_list[0],
 119                                 apr_pkey, &ddata, &signature)) < 0)
 120     {
 121       gnutls_assert ();
 122       gnutls_free (*data);
 123       return ret;
 124     }
 125
 126   *data = gnutls_realloc_fast (*data, data_size + signature.size + 2);
 127   if (*data == NULL)
 128     {
 129       _gnutls_free_datum (&signature);
 130       gnutls_assert ();
 131       return GNUTLS_E_MEMORY_ERROR;
 132     }
 133
 134   _gnutls_write_datum16 (&(*data)[data_size], signature);
 135   data_size += signature.size + 2;
 136
 137   _gnutls_free_datum (&signature);
 138
 139   return data_size;
 140
 141 }
 142
 143 static int
 144 proc_srp_cert_server_kx (gnutls_session_t session, opaque * data,
 145                          size_t _data_size)
 146 {
 147   ssize_t ret;
 148   int sigsize;
 149   gnutls_datum_t vparams, signature;
 150   ssize_t data_size;
 151   cert_auth_info_t info;
 152   gnutls_cert peer_cert;
 153   opaque *p;
 154
 155   ret = _gnutls_proc_srp_server_kx (session, data, _data_size);
 156   if (ret < 0)
 157     return ret;
 158
 159   data_size = _data_size - ret;
 160
 161   info = _gnutls_get_auth_info (session);
 162   if (info == NULL || info->ncerts == 0)
 163     {
 164       gnutls_assert ();
 165       /* we need this in order to get peer's certificate */
 166       return GNUTLS_E_INTERNAL_ERROR;
 167     }
 168
 169   /* VERIFY SIGNATURE */
 170
 171   vparams.size = ret;           /* all the data minus the signature */
 172   vparams.data = data;
 173
 174   p = &data[vparams.size];
 175
 176   DECR_LEN (data_size, 2);
 177   sigsize = _gnutls_read_uint16 (p);
 178
 179   DECR_LEN (data_size, sigsize);
 180   signature.data = &p[2];
 181   signature.size = sigsize;
 182
 183   ret =
 184     _gnutls_get_auth_info_gcert (&peer_cert,
 185                                session->security_parameters.cert_type,
 186                                info, CERT_NO_COPY);
 187
 188   if (ret < 0)
 189     {
 190       gnutls_assert ();
 191       return ret;
 192     }
 193
 194   ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature);
 195
 196   _gnutls_gcert_deinit (&peer_cert);
 197   if (ret < 0)
 198     {
 199       gnutls_assert ();
 200       return ret;
 201     }
 202
 203   return 0;
 204 }
 205
 206
 207 #endif /* ENABLE_SRP */