lib/auth_dhe_psk.c

   1 /*
   2  * Copyright (C) 2005 Free Software Foundation
   3  *
   4  * Author: Nikos Mavroyanopoulos
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * The GNUTLS library is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 /* This file contains the PSK Diffie Hellman key exchange part of
  26  * the PSK authentication. The functions here are used in the
  27  * handshake.
  28  */
  29
  30 #include <gnutls_int.h>
  31
  32 #ifdef ENABLE_PSK
  33
  34 #include "gnutls_auth_int.h"
  35 #include "gnutls_errors.h"
  36 #include "gnutls_dh.h"
  37 #include "auth_psk.h"
  38 #include "gnutls_num.h"
  39 #include "gnutls_mpi.h"
  40 #include <gnutls_state.h>
  41 #include <auth_dh_common.h>
  42 #include <gnutls_datum.h>
  43
  44 static int gen_psk_server_kx (gnutls_session_t, opaque **);
  45 static int gen_psk_client_kx (gnutls_session_t, opaque **);
  46 static int proc_psk_client_kx (gnutls_session_t, opaque *, size_t);
  47 static int proc_psk_server_kx (gnutls_session_t, opaque *, size_t);
  48
  49 const mod_auth_st dhe_psk_auth_struct = {
  50   "DHE PSK",
  51   NULL,
  52   NULL,
  53   gen_psk_server_kx,
  54   gen_psk_client_kx,
  55   NULL,
  56   NULL,
  57
  58   NULL,
  59   NULL,                         /* certificate */
  60   proc_psk_server_kx,
  61   proc_psk_client_kx,
  62   NULL,
  63   NULL
  64 };
  65
  66 static int
  67 gen_psk_client_kx (gnutls_session_t session, opaque ** data)
  68 {
  69   int ret;
  70   opaque *tmp_data = NULL;
  71   int data_size, tmp_data_size;
  72   gnutls_psk_client_credentials_t cred;
  73
  74   cred = (gnutls_psk_client_credentials_t)
  75     _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
  76
  77   if (cred == NULL)
  78     {
  79       gnutls_assert ();
  80       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
  81     }
  82
  83   if (cred->username.data == NULL || cred->key.data == NULL)
  84     {
  85       gnutls_assert ();
  86       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
  87     }
  88
  89   /* The PSK key is set in there */
  90   ret = _gnutls_gen_dh_common_client_kx (session, &tmp_data);
  91   if (ret < 0)
  92     {
  93       gnutls_assert ();
  94       return ret;
  95     }
  96
  97   tmp_data_size = ret;
  98   data_size = tmp_data_size + cred->username.size + 2;
  99
 100   (*data) = gnutls_malloc (data_size);
 101   if ((*data) == NULL)
 102     {
 103       gnutls_assert ();
 104       ret = GNUTLS_E_MEMORY_ERROR;
 105       goto error;
 106     }
 107
 108   _gnutls_write_datum16 (*data, cred->username);
 109   memcpy (&(*data)[cred->username.size + 2], tmp_data, tmp_data_size);
 110
 111   ret = data_size;
 112
 113 error:
 114   gnutls_free (tmp_data);
 115   return ret;
 116
 117 }
 118
 119 static int
 120 gen_psk_server_kx (gnutls_session_t session, opaque ** data)
 121 {
 122   mpi_t g, p;
 123   const mpi_t *mpis;
 124   int ret;
 125   gnutls_dh_params_t dh_params;
 126   gnutls_psk_server_credentials_t cred;
 127
 128   cred = (gnutls_psk_server_credentials_t)
 129     _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
 130   if (cred == NULL)
 131     {
 132       gnutls_assert ();
 133       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 134     }
 135
 136   dh_params =
 137     _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
 138   mpis = _gnutls_dh_params_to_mpi (dh_params);
 139   if (mpis == NULL)
 140     {
 141       gnutls_assert ();
 142       return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
 143     }
 144
 145   p = mpis[0];
 146   g = mpis[1];
 147
 148   if ((ret =
 149        _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
 150                               sizeof (psk_auth_info_st), 1)) < 0)
 151     {
 152       gnutls_assert ();
 153       return ret;
 154     }
 155
 156   _gnutls_dh_set_group (session, g, p);
 157
 158   ret = _gnutls_dh_common_print_server_kx (session, g, p, data, 1);
 159   if (ret < 0)
 160     {
 161       gnutls_assert ();
 162     }
 163
 164   return ret;
 165 }
 166
 167
 168 static int
 169 proc_psk_client_kx (gnutls_session_t session, opaque * data,
 170                     size_t _data_size)
 171 {
 172   int bits;
 173   int ret;
 174   mpi_t p, g;
 175   gnutls_dh_params_t dh_params;
 176   const mpi_t *mpis;
 177   gnutls_psk_server_credentials_t cred;
 178   psk_auth_info_t info;
 179   gnutls_datum username;
 180   ssize_t data_size = _data_size;
 181
 182   cred = (gnutls_psk_server_credentials_t)
 183     _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
 184
 185   if (cred == NULL)
 186     {
 187       gnutls_assert ();
 188       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 189     }
 190
 191   bits = _gnutls_dh_get_allowed_prime_bits (session);
 192
 193   if ((ret =
 194        _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
 195                               sizeof (psk_auth_info_st), 1)) < 0)
 196     {
 197       gnutls_assert ();
 198       return ret;
 199     }
 200
 201   dh_params =
 202     _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
 203   mpis = _gnutls_dh_params_to_mpi (dh_params);
 204   if (mpis == NULL)
 205     {
 206       gnutls_assert ();
 207       return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
 208     }
 209
 210   p = mpis[0];
 211   g = mpis[1];
 212
 213   DECR_LEN (data_size, 2);
 214   username.size = _gnutls_read_uint16 (&data[0]);
 215
 216   DECR_LEN (data_size, username.size);
 217
 218   username.data = &data[2];
 219
 220   /* copy the username to the auth info structures
 221    */
 222   info = _gnutls_get_auth_info (session);
 223
 224   if (username.size > MAX_SRP_USERNAME)
 225     {
 226       gnutls_assert ();
 227       return GNUTLS_E_ILLEGAL_SRP_USERNAME;
 228     }
 229
 230   memcpy (info->username, username.data, username.size);
 231   info->username[username.size] = 0;
 232
 233   /* Adjust the data */
 234   data += username.size + 2;
 235
 236   ret = _gnutls_proc_dh_common_client_kx (session, data, data_size, g, p);
 237
 238   return ret;
 239
 240 }
 241
 242 int
 243 proc_psk_server_kx (gnutls_session_t session, opaque * data,
 244                     size_t _data_size)
 245 {
 246
 247   int ret;
 248
 249   /* set auth_info */
 250   if ((ret =
 251        _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
 252                               sizeof (psk_auth_info_st), 1)) < 0)
 253     {
 254       gnutls_assert ();
 255       return ret;
 256     }
 257
 258   ret = _gnutls_proc_dh_common_server_kx (session, data, _data_size, 1);
 259   if (ret < 0)
 260     {
 261       gnutls_assert ();
 262       return ret;
 263     }
 264
 265   return 0;
 266 }
 267
 268 #endif /* ENABLE_PSK */