2 * Copyright (C) 2005, 2007 Free Software Foundation
4 * Author: Nikos Mavroyanopoulos
6 * This file is part of GNUTLS.
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
25 /* Functions for manipulating the PSK credentials. */
27 #include <gnutls_int.h>
28 #include <gnutls_errors.h>
30 #include <gnutls_state.h>
34 #include <auth_psk_passwd.h>
35 #include <gnutls_num.h>
36 #include <gnutls_helper.h>
37 #include <gnutls_datum.h>
41 * gnutls_psk_free_client_credentials - Used to free an allocated gnutls_psk_client_credentials_t structure
42 * @sc: is an #gnutls_psk_client_credentials_t structure.
44 * This structure is complex enough to manipulate directly thus
45 * this helper function is provided in order to free (deallocate) it.
49 gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc
)
51 _gnutls_free_datum (&sc
->username
);
52 _gnutls_free_datum (&sc
->key
);
57 * gnutls_psk_allocate_client_credentials - Used to allocate an gnutls_psk_server_credentials_t structure
58 * @sc: is a pointer to an #gnutls_psk_server_credentials_t structure.
60 * This structure is complex enough to manipulate directly thus
61 * this helper function is provided in order to allocate it.
63 * Returns 0 on success.
66 gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t
* sc
)
68 *sc
= gnutls_calloc (1, sizeof (psk_client_credentials_st
));
71 return GNUTLS_E_MEMORY_ERROR
;
77 * gnutls_psk_set_client_credentials - Used to set the username/password, in a gnutls_psk_client_credentials_t structure
78 * @res: is an #gnutls_psk_client_credentials_t structure.
79 * @username: is the user's zero-terminated userid
80 * @key: is the user's key
81 * @format: indicate the format of the key, either
82 * %GNUTLS_PSK_KEY_RAW or %GNUTLS_PSK_KEY_HEX.
84 * This function sets the username and password, in a
85 * gnutls_psk_client_credentials_t structure. Those will be used in
86 * PSK authentication. @username should be an ASCII
87 * string or UTF-8 strings prepared using the "SASLprep" profile of
88 * "stringprep". The key can be either in raw byte format or in Hex
89 * (not with the '0x' prefix).
91 * Returns 0 on success.
94 gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res
,
96 const gnutls_datum
* key
,
97 gnutls_psk_key_flags flags
)
101 if (username
== NULL
|| key
== NULL
|| key
->data
== NULL
)
104 return GNUTLS_E_INVALID_REQUEST
;
107 ret
= _gnutls_set_datum (&res
->username
, username
, strlen (username
));
111 if (flags
== GNUTLS_PSK_KEY_RAW
)
113 if (_gnutls_set_datum (&res
->key
, key
->data
, key
->size
) < 0)
116 ret
= GNUTLS_E_MEMORY_ERROR
;
122 res
->key
.size
= key
->size
/ 2;
123 res
->key
.data
= gnutls_malloc (res
->key
.size
);
124 if (res
->key
.data
== NULL
)
127 ret
= GNUTLS_E_MEMORY_ERROR
;
131 ret
= gnutls_hex_decode (key
, (char *) res
->key
.data
, &res
->key
.size
);
143 _gnutls_free_datum (&res
->username
);
149 * gnutls_psk_free_server_credentials - Used to free an allocated gnutls_psk_server_credentials_t structure
150 * @sc: is an #gnutls_psk_server_credentials_t structure.
152 * This structure is complex enough to manipulate directly thus
153 * this helper function is provided in order to free (deallocate) it.
157 gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc
)
159 gnutls_free (sc
->password_file
);
164 * gnutls_psk_allocate_server_credentials - Used to allocate an gnutls_psk_server_credentials_t structure
165 * @sc: is a pointer to an #gnutls_psk_server_credentials_t structure.
167 * This structure is complex enough to manipulate directly thus
168 * this helper function is provided in order to allocate it.
170 * Returns 0 on success.
173 gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t
* sc
)
175 *sc
= gnutls_calloc (1, sizeof (psk_server_cred_st
));
178 return GNUTLS_E_MEMORY_ERROR
;
185 * gnutls_psk_set_server_credentials_file - Used to set the password files, in a gnutls_psk_server_credentials_t structure
186 * @res: is an #gnutls_psk_server_credentials_t structure.
187 * @password_file: is the PSK password file (passwd.psk)
189 * This function sets the password file, in a gnutls_psk_server_credentials_t structure.
190 * This password file holds usernames and keys and will be used for PSK authentication.
192 * Returns 0 on success.
196 gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
197 res
, const char *password_file
)
200 if (password_file
== NULL
)
203 return GNUTLS_E_INVALID_REQUEST
;
206 /* Check if the files can be opened */
207 if (_gnutls_file_exists (password_file
) != 0)
210 return GNUTLS_E_FILE_ERROR
;
213 res
->password_file
= gnutls_strdup (password_file
);
214 if (res
->password_file
== NULL
)
217 return GNUTLS_E_MEMORY_ERROR
;
225 * gnutls_psk_set_server_credentials_function - Used to set a callback to retrieve the user's PSK credentials
226 * @cred: is a #gnutls_psk_server_credentials_t structure.
227 * @func: is the callback function
229 * This function can be used to set a callback to retrieve the user's PSK credentials.
230 * The callback's function form is:
231 * int (*callback)(gnutls_session_t, const char* username,
232 * gnutls_datum_t* key);
234 * @username contains the actual username.
235 * The @key must be filled in using the gnutls_malloc().
237 * In case the callback returned a negative number then gnutls will
238 * assume that the username does not exist.
240 * The callback function will only be called once per handshake.
241 * The callback function should return 0 on success, while
242 * -1 indicates an error.
246 gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t
248 gnutls_psk_server_credentials_function
251 cred
->pwd_callback
= func
;
255 * gnutls_psk_set_client_credentials_function - Used to set a callback to retrieve the username and key
256 * @cred: is a #gnutls_psk_server_credentials_t structure.
257 * @func: is the callback function
259 * This function can be used to set a callback to retrieve the username and
260 * password for client PSK authentication.
261 * The callback's function form is:
262 * int (*callback)(gnutls_session_t, char** username,
263 * gnutls_datum* key);
265 * The @username and @key must be allocated using gnutls_malloc().
266 * @username should be ASCII strings or UTF-8 strings
267 * prepared using the "SASLprep" profile of "stringprep".
269 * The callback function will be called once per handshake.
271 * The callback function should return 0 on success.
272 * -1 indicates an error.
276 gnutls_psk_set_client_credentials_function (gnutls_psk_client_credentials_t
278 gnutls_psk_client_credentials_function
281 cred
->get_function
= func
;
286 * gnutls_psk_server_get_username - This function returns the username of the peer
287 * @session: is a gnutls session
289 * This function will return the username of the peer. This should only be
290 * called in case of PSK authentication and in case of a server.
291 * Returns NULL in case of an error.
295 gnutls_psk_server_get_username (gnutls_session_t session
)
297 psk_auth_info_t info
;
299 CHECK_AUTH (GNUTLS_CRD_PSK
, NULL
);
301 info
= _gnutls_get_auth_info (session
);
305 if (info
->username
[0] != 0)
306 return info
->username
;
312 * gnutls_hex_decode - This function will decode hex encoded data
313 * @hex_data: contain the encoded data
314 * @result: the place where decoded data will be copied
315 * @result_size: holds the size of the result
317 * This function will decode the given encoded data, using the hex encoding
318 * used by PSK password files.
320 * Note that hex_data should be null terminated.
322 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not long enough,
326 gnutls_hex_decode (const gnutls_datum_t
* hex_data
, char *result
,
327 size_t * result_size
)
332 _gnutls_hex2bin (hex_data
->data
, hex_data
->size
, (opaque
*) result
,
341 * gnutls_hex_encode - This function will convert raw data to hex encoded
342 * @data: contain the raw data
343 * @result: the place where hex data will be copied
344 * @result_size: holds the size of the result
346 * This function will convert the given data to printable data, using the hex
347 * encoding, as used in the PSK password files.
349 * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not long enough,
353 gnutls_hex_encode (const gnutls_datum_t
* data
, char *result
,
354 size_t * result_size
)
356 if (*result_size
< data
->size
+ data
->size
+ 1)
359 return GNUTLS_E_SHORT_MEMORY_BUFFER
;
362 _gnutls_bin2hex (data
->data
, data
->size
, result
, *result_size
);
368 * gnutls_psk_set_server_dh_params - This function will set the DH parameters for a server to use
369 * @res: is a gnutls_psk_server_credentials_t structure
370 * @dh_params: is a structure that holds diffie hellman parameters.
372 * This function will set the diffie hellman parameters for an anonymous
373 * server to use. These parameters will be used in Diffie Hellman with PSK
378 gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res
,
379 gnutls_dh_params_t dh_params
)
381 res
->dh_params
= dh_params
;
385 * gnutls_psk_set_server_params_function - This function will set the DH parameters callback
386 * @res: is a gnutls_certificate_credentials_t structure
387 * @func: is the function to be called
389 * This function will set a callback in order for the server to get the
390 * diffie hellman parameters for PSK authentication. The callback should
391 * return zero on success.
395 gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t res
,
396 gnutls_params_function
* func
)
398 res
->params_func
= func
;
401 #endif /* ENABLE_PSK */