2 * Copyright (C) 2005 Free Software Foundation
4 * Author: Nikos Mavroyanopoulos
6 * This file is part of GNUTLS.
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
25 /* This file contains the PSK Diffie Hellman key exchange part of
26 * the PSK authentication. The functions here are used in the
30 #include <gnutls_int.h>
34 #include "gnutls_auth_int.h"
35 #include "gnutls_errors.h"
36 #include "gnutls_dh.h"
38 #include "gnutls_num.h"
39 #include "gnutls_mpi.h"
40 #include <gnutls_state.h>
41 #include <auth_dh_common.h>
42 #include <gnutls_datum.h>
44 static int gen_psk_server_kx (gnutls_session_t
, opaque
**);
45 static int gen_psk_client_kx (gnutls_session_t
, opaque
**);
46 static int proc_psk_client_kx (gnutls_session_t
, opaque
*, size_t);
47 static int proc_psk_server_kx (gnutls_session_t
, opaque
*, size_t);
49 const mod_auth_st dhe_psk_auth_struct
= {
59 NULL
, /* certificate */
67 gen_psk_client_kx (gnutls_session_t session
, opaque
** data
)
70 opaque
*tmp_data
= NULL
;
71 int data_size
, tmp_data_size
;
72 gnutls_psk_client_credentials_t cred
;
74 cred
= (gnutls_psk_client_credentials_t
)
75 _gnutls_get_cred (session
->key
, GNUTLS_CRD_PSK
, NULL
);
80 return GNUTLS_E_INSUFFICIENT_CREDENTIALS
;
83 if (cred
->username
.data
== NULL
|| cred
->key
.data
== NULL
)
86 return GNUTLS_E_INSUFFICIENT_CREDENTIALS
;
89 /* The PSK key is set in there */
90 ret
= _gnutls_gen_dh_common_client_kx (session
, &tmp_data
);
98 data_size
= tmp_data_size
+ cred
->username
.size
+ 2;
100 (*data
) = gnutls_malloc (data_size
);
104 ret
= GNUTLS_E_MEMORY_ERROR
;
108 _gnutls_write_datum16 (*data
, cred
->username
);
109 memcpy (&(*data
)[cred
->username
.size
+ 2], tmp_data
, tmp_data_size
);
114 gnutls_free (tmp_data
);
120 gen_psk_server_kx (gnutls_session_t session
, opaque
** data
)
125 gnutls_dh_params_t dh_params
;
126 gnutls_psk_server_credentials_t cred
;
128 cred
= (gnutls_psk_server_credentials_t
)
129 _gnutls_get_cred (session
->key
, GNUTLS_CRD_PSK
, NULL
);
133 return GNUTLS_E_INSUFFICIENT_CREDENTIALS
;
137 _gnutls_get_dh_params (cred
->dh_params
, cred
->params_func
, session
);
138 mpis
= _gnutls_dh_params_to_mpi (dh_params
);
142 return GNUTLS_E_NO_TEMPORARY_DH_PARAMS
;
149 _gnutls_auth_info_set (session
, GNUTLS_CRD_PSK
,
150 sizeof (psk_auth_info_st
), 1)) < 0)
156 _gnutls_dh_set_group (session
, g
, p
);
158 ret
= _gnutls_dh_common_print_server_kx (session
, g
, p
, data
, 1);
169 proc_psk_client_kx (gnutls_session_t session
, opaque
* data
,
175 gnutls_dh_params_t dh_params
;
177 gnutls_psk_server_credentials_t cred
;
178 psk_auth_info_t info
;
179 gnutls_datum username
;
180 ssize_t data_size
= _data_size
;
182 cred
= (gnutls_psk_server_credentials_t
)
183 _gnutls_get_cred (session
->key
, GNUTLS_CRD_PSK
, NULL
);
188 return GNUTLS_E_INSUFFICIENT_CREDENTIALS
;
191 bits
= _gnutls_dh_get_allowed_prime_bits (session
);
194 _gnutls_auth_info_set (session
, GNUTLS_CRD_PSK
,
195 sizeof (psk_auth_info_st
), 1)) < 0)
202 _gnutls_get_dh_params (cred
->dh_params
, cred
->params_func
, session
);
203 mpis
= _gnutls_dh_params_to_mpi (dh_params
);
207 return GNUTLS_E_NO_TEMPORARY_DH_PARAMS
;
213 DECR_LEN (data_size
, 2);
214 username
.size
= _gnutls_read_uint16 (&data
[0]);
216 DECR_LEN (data_size
, username
.size
);
218 username
.data
= &data
[2];
220 /* copy the username to the auth info structures
222 info
= _gnutls_get_auth_info (session
);
224 if (username
.size
> MAX_SRP_USERNAME
)
227 return GNUTLS_E_ILLEGAL_SRP_USERNAME
;
230 memcpy (info
->username
, username
.data
, username
.size
);
231 info
->username
[username
.size
] = 0;
233 /* Adjust the data */
234 data
+= username
.size
+ 2;
236 ret
= _gnutls_proc_dh_common_client_kx (session
, data
, data_size
, g
, p
);
243 proc_psk_server_kx (gnutls_session_t session
, opaque
* data
,
251 _gnutls_auth_info_set (session
, GNUTLS_CRD_PSK
,
252 sizeof (psk_auth_info_st
), 1)) < 0)
258 ret
= _gnutls_proc_dh_common_server_kx (session
, data
, _data_size
, 1);
268 #endif /* ENABLE_PSK */