search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Export new ABIs. Doc fixes for new APIs.
[gnutls.git] / lib / gnutls_psk_netconf.c
blob99bbd03410b8de30a4e46cd396c4a31a0f9a0b25
1 /*
2 * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
3 *
4 * Author: Simon Josefsson
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25 /* Functions to support draft-ietf-netconf-tls-01.txt. */
26
27 #include <gnutls_int.h>
28 #include <gnutls_hash_int.h>
29 #include <gnutls_errors.h>
30
31 #ifdef ENABLE_PSK
32
33
34 /**
35 * gnutls_psk_netconf_derive_key:
36 * @password: zero terminated string containing password.
37 * @psk_identity: zero terminated string with PSK identity.
38 * @psk_identity_hint: zero terminated string with PSK identity hint.
39 * @output_key: output variable, contains newly allocated *data pointer.
40 *
41 * This function will derive a PSK key from a password, for use with
42 * the Netconf protocol.
43 *
44 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
45 *
46 * Since: 2.4.0
47 **/
48 int
49 gnutls_psk_netconf_derive_key (const char *password,
50 const char *psk_identity,
51 const char *psk_identity_hint,
52 gnutls_datum_t * output_key)
53 {
54 const char netconf_key_pad[] = "Key Pad for Netconf";
55 size_t sha1len = _gnutls_hash_get_algo_len (GNUTLS_DIG_SHA1);
56 size_t hintlen = strlen (psk_identity_hint);
57 digest_hd_st dig;
58 char *inner;
59 size_t innerlen;
60 int rc;
61
62 /*
63 * PSK = SHA-1(SHA-1(psk_identity + "Key Pad for Netconf" + password) +
64 * psk_identity_hint)
65 *
66 */
67
68 rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1);
69 if (rc < 0)
70 {
71 gnutls_assert ();
72 return rc;
73 }
74
75 rc = _gnutls_hash (&dig, psk_identity, strlen (psk_identity));
76 if (rc < 0)
77 {
78 gnutls_assert ();
79 _gnutls_hash_deinit (&dig, NULL);
80 return rc;
81 }
82
83 rc = _gnutls_hash (&dig, netconf_key_pad, strlen (netconf_key_pad));
84 if (rc < 0)
85 {
86 gnutls_assert ();
87 _gnutls_hash_deinit (&dig, NULL);
88 return rc;
89 }
90
91 rc = _gnutls_hash (&dig, password, strlen (password));
92 if (rc < 0)
93 {
94 gnutls_assert ();
95 _gnutls_hash_deinit (&dig, NULL);
96 return rc;
97 }
98
99 innerlen = sha1len + hintlen;
100 inner = gnutls_malloc (innerlen);
101 _gnutls_hash_deinit (&dig, inner);
102 if (inner == NULL)
103 {
104 gnutls_assert ();
105 return GNUTLS_E_MEMORY_ERROR;
106 }
107
108 memcpy (inner + sha1len, psk_identity_hint, hintlen);
109
110 rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1);
111 if (rc < 0)
112 {
113 gnutls_assert ();
114 gnutls_free (inner);
115 return rc;
116 }
117
118 rc = _gnutls_hash (&dig, inner, innerlen);
119 gnutls_free (inner);
120 if (rc < 0)
121 {
122 gnutls_assert ();
123 _gnutls_hash_deinit (&dig, NULL);
124 return rc;
125 }
126
127 output_key->data = gnutls_malloc (sha1len);
128 _gnutls_hash_deinit (&dig, output_key->data);
129 if (output_key->data == NULL)
130 {
131 gnutls_assert ();
132 return GNUTLS_E_MEMORY_ERROR;
133 }
134 output_key->size = sha1len;
135
136 return 0;
137 }
138
139 #endif /* ENABLE_PSK */
Implementation of the SSL/TLS protocol