search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add.
[gnutls.git] / lib / gnutls_psk.c
blob9fa091cae3e3ff4ccb15b0444eb62c5d6c75d44a
1 /*
2 * Copyright (C) 2005, 2007 Free Software Foundation
3 *
4 * Author: Nikos Mavroyanopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25 /* Functions for manipulating the PSK credentials. */
26
27 #include <gnutls_int.h>
28 #include <gnutls_errors.h>
29 #include <auth_psk.h>
30 #include <gnutls_state.h>
31
32 #ifdef ENABLE_PSK
33
34 #include <auth_psk_passwd.h>
35 #include <gnutls_num.h>
36 #include <gnutls_helper.h>
37 #include <gnutls_datum.h>
38 #include "debug.h"
39
40 /**
41 * gnutls_psk_free_client_credentials - Used to free an allocated gnutls_psk_client_credentials_t structure
42 * @sc: is an #gnutls_psk_client_credentials_t structure.
43 *
44 * This structure is complex enough to manipulate directly thus
45 * this helper function is provided in order to free (deallocate) it.
46 *
47 **/
48 void
49 gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc)
50 {
51 _gnutls_free_datum (&sc->username);
52 _gnutls_free_datum (&sc->key);
53 gnutls_free (sc);
54 }
55
56 /**
57 * gnutls_psk_allocate_client_credentials - Used to allocate an gnutls_psk_server_credentials_t structure
58 * @sc: is a pointer to an #gnutls_psk_server_credentials_t structure.
59 *
60 * This structure is complex enough to manipulate directly thus
61 * this helper function is provided in order to allocate it.
62 *
63 * Returns 0 on success.
64 **/
65 int
66 gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc)
67 {
68 *sc = gnutls_calloc (1, sizeof (psk_client_credentials_st));
69
70 if (*sc == NULL)
71 return GNUTLS_E_MEMORY_ERROR;
72
73 return 0;
74 }
75
76 /**
77 * gnutls_psk_set_client_credentials - Used to set the username/password, in a gnutls_psk_client_credentials_t structure
78 * @res: is an #gnutls_psk_client_credentials_t structure.
79 * @username: is the user's zero-terminated userid
80 * @key: is the user's key
81 * @format: indicate the format of the key, either
82 * %GNUTLS_PSK_KEY_RAW or %GNUTLS_PSK_KEY_HEX.
83 *
84 * This function sets the username and password, in a
85 * gnutls_psk_client_credentials_t structure. Those will be used in
86 * PSK authentication. @username should be an ASCII
87 * string or UTF-8 strings prepared using the "SASLprep" profile of
88 * "stringprep". The key can be either in raw byte format or in Hex
89 * (not with the '0x' prefix).
90 *
91 * Returns 0 on success.
92 **/
93 int
94 gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
95 const char *username,
96 const gnutls_datum * key,
97 gnutls_psk_key_flags flags)
98 {
99 int ret;
100
101 if (username == NULL || key == NULL || key->data == NULL)
102 {
103 gnutls_assert ();
104 return GNUTLS_E_INVALID_REQUEST;
105 }
106
107 ret = _gnutls_set_datum (&res->username, username, strlen (username));
108 if (ret < 0)
109 return ret;
110
111 if (flags == GNUTLS_PSK_KEY_RAW)
112 {
113 if (_gnutls_set_datum (&res->key, key->data, key->size) < 0)
114 {
115 gnutls_assert ();
116 ret = GNUTLS_E_MEMORY_ERROR;
117 goto error;
118 }
119 }
120 else
121 { /* HEX key */
122 res->key.size = key->size / 2;
123 res->key.data = gnutls_malloc (res->key.size);
124 if (res->key.data == NULL)
125 {
126 gnutls_assert ();
127 ret = GNUTLS_E_MEMORY_ERROR;
128 goto error;
129 }
130
131 ret = gnutls_hex_decode (key, (char *) res->key.data, &res->key.size);
132 if (ret < 0)
133 {
134 gnutls_assert ();
135 goto error;
136 }
137
138 }
139
140 return 0;
141
142 error:
143 _gnutls_free_datum (&res->username);
144
145 return ret;
146 }
147
148 /**
149 * gnutls_psk_free_server_credentials - Used to free an allocated gnutls_psk_server_credentials_t structure
150 * @sc: is an #gnutls_psk_server_credentials_t structure.
151 *
152 * This structure is complex enough to manipulate directly thus
153 * this helper function is provided in order to free (deallocate) it.
154 *
155 **/
156 void
157 gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc)
158 {
159 gnutls_free (sc->password_file);
160 gnutls_free (sc);
161 }
162
163 /**
164 * gnutls_psk_allocate_server_credentials - Used to allocate an gnutls_psk_server_credentials_t structure
165 * @sc: is a pointer to an #gnutls_psk_server_credentials_t structure.
166 *
167 * This structure is complex enough to manipulate directly thus
168 * this helper function is provided in order to allocate it.
169 *
170 * Returns 0 on success.
171 **/
172 int
173 gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t * sc)
174 {
175 *sc = gnutls_calloc (1, sizeof (psk_server_cred_st));
176
177 if (*sc == NULL)
178 return GNUTLS_E_MEMORY_ERROR;
179
180 return 0;
181 }
182
183
184 /**
185 * gnutls_psk_set_server_credentials_file - Used to set the password files, in a gnutls_psk_server_credentials_t structure
186 * @res: is an #gnutls_psk_server_credentials_t structure.
187 * @password_file: is the PSK password file (passwd.psk)
188 *
189 * This function sets the password file, in a gnutls_psk_server_credentials_t structure.
190 * This password file holds usernames and keys and will be used for PSK authentication.
191 *
192 * Returns 0 on success.
193 *
194 **/
195 int
196 gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
197 res, const char *password_file)
198 {
199
200 if (password_file == NULL)
201 {
202 gnutls_assert ();
203 return GNUTLS_E_INVALID_REQUEST;
204 }
205
206 /* Check if the files can be opened */
207 if (_gnutls_file_exists (password_file) != 0)
208 {
209 gnutls_assert ();
210 return GNUTLS_E_FILE_ERROR;
211 }
212
213 res->password_file = gnutls_strdup (password_file);
214 if (res->password_file == NULL)
215 {
216 gnutls_assert ();
217 return GNUTLS_E_MEMORY_ERROR;
218 }
219
220 return 0;
221 }
222
223
224 /**
225 * gnutls_psk_set_server_credentials_function - Used to set a callback to retrieve the user's PSK credentials
226 * @cred: is a #gnutls_psk_server_credentials_t structure.
227 * @func: is the callback function
228 *
229 * This function can be used to set a callback to retrieve the user's PSK credentials.
230 * The callback's function form is:
231 * int (*callback)(gnutls_session_t, const char* username,
232 * gnutls_datum_t* key);
233 *
234 * @username contains the actual username.
235 * The @key must be filled in using the gnutls_malloc().
236 *
237 * In case the callback returned a negative number then gnutls will
238 * assume that the username does not exist.
239 *
240 * The callback function will only be called once per handshake.
241 * The callback function should return 0 on success, while
242 * -1 indicates an error.
243 *
244 **/
245 void
246 gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t
247 cred,
248 gnutls_psk_server_credentials_function
249 * func)
250 {
251 cred->pwd_callback = func;
252 }
253
254 /**
255 * gnutls_psk_set_client_credentials_function - Used to set a callback to retrieve the username and key
256 * @cred: is a #gnutls_psk_server_credentials_t structure.
257 * @func: is the callback function
258 *
259 * This function can be used to set a callback to retrieve the username and
260 * password for client PSK authentication.
261 * The callback's function form is:
262 * int (*callback)(gnutls_session_t, char** username,
263 * gnutls_datum* key);
264 *
265 * The @username and @key must be allocated using gnutls_malloc().
266 * @username should be ASCII strings or UTF-8 strings
267 * prepared using the "SASLprep" profile of "stringprep".
268 *
269 * The callback function will be called once per handshake.
270 *
271 * The callback function should return 0 on success.
272 * -1 indicates an error.
273 *
274 **/
275 void
276 gnutls_psk_set_client_credentials_function (gnutls_psk_client_credentials_t
277 cred,
278 gnutls_psk_client_credentials_function
279 * func)
280 {
281 cred->get_function = func;
282 }
283
284
285 /**
286 * gnutls_psk_server_get_username - This function returns the username of the peer
287 * @session: is a gnutls session
288 *
289 * This function will return the username of the peer. This should only be
290 * called in case of PSK authentication and in case of a server.
291 * Returns NULL in case of an error.
292 *
293 **/
294 const char *
295 gnutls_psk_server_get_username (gnutls_session_t session)
296 {
297 psk_auth_info_t info;
298
299 CHECK_AUTH (GNUTLS_CRD_PSK, NULL);
300
301 info = _gnutls_get_auth_info (session);
302 if (info == NULL)
303 return NULL;
304
305 if (info->username[0] != 0)
306 return info->username;
307
308 return NULL;
309 }
310
311 /**
312 * gnutls_hex_decode - This function will decode hex encoded data
313 * @hex_data: contain the encoded data
314 * @result: the place where decoded data will be copied
315 * @result_size: holds the size of the result
316 *
317 * This function will decode the given encoded data, using the hex encoding
318 * used by PSK password files.
319 *
320 * Note that hex_data should be null terminated.
321 *
322 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not long enough,
323 * or 0 on success.
324 **/
325 int
326 gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result,
327 size_t * result_size)
328 {
329 int ret;
330
331 ret =
332 _gnutls_hex2bin (hex_data->data, hex_data->size, (opaque *) result,
333 result_size);
334 if (ret < 0)
335 return ret;
336
337 return 0;
338 }
339
340 /**
341 * gnutls_hex_encode - This function will convert raw data to hex encoded
342 * @data: contain the raw data
343 * @result: the place where hex data will be copied
344 * @result_size: holds the size of the result
345 *
346 * This function will convert the given data to printable data, using the hex
347 * encoding, as used in the PSK password files.
348 *
349 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not long enough,
350 * or 0 on success.
351 **/
352 int
353 gnutls_hex_encode (const gnutls_datum_t * data, char *result,
354 size_t * result_size)
355 {
356 if (*result_size < data->size + data->size + 1)
357 {
358 gnutls_assert ();
359 return GNUTLS_E_SHORT_MEMORY_BUFFER;
360 }
361
362 _gnutls_bin2hex (data->data, data->size, result, *result_size);
363
364 return 0;
365 }
366
367 /**
368 * gnutls_psk_set_server_dh_params - This function will set the DH parameters for a server to use
369 * @res: is a gnutls_psk_server_credentials_t structure
370 * @dh_params: is a structure that holds diffie hellman parameters.
371 *
372 * This function will set the diffie hellman parameters for an anonymous
373 * server to use. These parameters will be used in Diffie Hellman with PSK
374 * cipher suites.
375 *
376 **/
377 void
378 gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
379 gnutls_dh_params_t dh_params)
380 {
381 res->dh_params = dh_params;
382 }
383
384 /**
385 * gnutls_psk_set_server_params_function - This function will set the DH parameters callback
386 * @res: is a gnutls_certificate_credentials_t structure
387 * @func: is the function to be called
388 *
389 * This function will set a callback in order for the server to get the
390 * diffie hellman parameters for PSK authentication. The callback should
391 * return zero on success.
392 *
393 **/
394 void
395 gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t res,
396 gnutls_params_function * func)
397 {
398 res->params_func = func;
399 }
400
401 #endif /* ENABLE_PSK */
Implementation of the SSL/TLS protocol