search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update gnulib files.
[gnutls.git] / lib / auth_srp_rsa.c
blob6f15b809755fa4c2214e0c7ba29681febd6c7590
1 /*
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2010 Free Software
3 * Foundation, Inc.
4 *
5 * Author: Nikos Mavrogiannopoulos
6 *
7 * This file is part of GNUTLS.
8 *
9 * The GNUTLS library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
22 * USA
23 *
24 */
25
26 #include <gnutls_int.h>
27
28 #ifdef ENABLE_SRP
29
30 #include "gnutls_errors.h"
31 #include "auth_srp_passwd.h"
32 #include "gnutls_auth.h"
33 #include "gnutls_auth.h"
34 #include "gnutls_srp.h"
35 #include "debug.h"
36 #include "gnutls_num.h"
37 #include "auth_srp.h"
38 #include <gnutls_str.h>
39 #include <auth_cert.h>
40 #include <gnutls_datum.h>
41 #include <gnutls_sig.h>
42 #include <auth_srp.h>
43 #include <gnutls_x509.h>
44
45 static int gen_srp_cert_server_kx (gnutls_session_t, opaque **);
46 static int proc_srp_cert_server_kx (gnutls_session_t, opaque *, size_t);
47
48 const mod_auth_st srp_rsa_auth_struct = {
49 "SRP",
50 _gnutls_gen_cert_server_certificate,
51 NULL,
52 gen_srp_cert_server_kx,
53 _gnutls_gen_srp_client_kx,
54 NULL,
55 NULL,
56
57 _gnutls_proc_cert_server_certificate,
58 NULL, /* certificate */
59 proc_srp_cert_server_kx,
60 _gnutls_proc_srp_client_kx,
61 NULL,
62 NULL
63 };
64
65 const mod_auth_st srp_dss_auth_struct = {
66 "SRP",
67 _gnutls_gen_cert_server_certificate,
68 NULL,
69 gen_srp_cert_server_kx,
70 _gnutls_gen_srp_client_kx,
71 NULL,
72 NULL,
73
74 _gnutls_proc_cert_server_certificate,
75 NULL, /* certificate */
76 proc_srp_cert_server_kx,
77 _gnutls_proc_srp_client_kx,
78 NULL,
79 NULL
80 };
81
82 static int
83 gen_srp_cert_server_kx (gnutls_session_t session, opaque ** data)
84 {
85 ssize_t ret, data_size;
86 gnutls_datum_t signature, ddata;
87 gnutls_certificate_credentials_t cred;
88 gnutls_cert *apr_cert_list;
89 gnutls_privkey *apr_pkey;
90 int apr_cert_list_length;
91 gnutls_sign_algorithm_t sign_algo;
92
93 ret = _gnutls_gen_srp_server_kx (session, data);
94
95 if (ret < 0)
96 return ret;
97
98 data_size = ret;
99 ddata.data = *data;
100 ddata.size = data_size;
101
102 cred = (gnutls_certificate_credentials_t)
103 _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
104 if (cred == NULL)
105 {
106 gnutls_assert ();
107 return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
108 }
109
110 /* find the appropriate certificate */
111 if ((ret =
112 _gnutls_get_selected_cert (session, &apr_cert_list,
113 &apr_cert_list_length, &apr_pkey)) < 0)
114 {
115 gnutls_assert ();
116 return ret;
117 }
118
119 if ((ret =
120 _gnutls_handshake_sign_data (session, &apr_cert_list[0],
121 apr_pkey, &ddata, &signature,
122 &sign_algo)) < 0)
123 {
124 gnutls_assert ();
125 gnutls_free (*data);
126 return ret;
127 }
128
129 *data = gnutls_realloc_fast (*data, data_size + signature.size + 2);
130 if (*data == NULL)
131 {
132 _gnutls_free_datum (&signature);
133 gnutls_assert ();
134 return GNUTLS_E_MEMORY_ERROR;
135 }
136
137 _gnutls_write_datum16 (&(*data)[data_size], signature);
138 data_size += signature.size + 2;
139
140 _gnutls_free_datum (&signature);
141
142 return data_size;
143
144 }
145
146 static int
147 proc_srp_cert_server_kx (gnutls_session_t session, opaque * data,
148 size_t _data_size)
149 {
150 ssize_t ret;
151 int sigsize;
152 gnutls_datum_t vparams, signature;
153 ssize_t data_size;
154 cert_auth_info_t info;
155 gnutls_cert peer_cert;
156 opaque *p;
157
158 ret = _gnutls_proc_srp_server_kx (session, data, _data_size);
159 if (ret < 0)
160 return ret;
161
162 data_size = _data_size - ret;
163
164 info = _gnutls_get_auth_info (session);
165 if (info == NULL || info->ncerts == 0)
166 {
167 gnutls_assert ();
168 /* we need this in order to get peer's certificate */
169 return GNUTLS_E_INTERNAL_ERROR;
170 }
171
172 /* VERIFY SIGNATURE */
173
174 vparams.size = ret; /* all the data minus the signature */
175 vparams.data = data;
176
177 p = &data[vparams.size];
178
179 DECR_LEN (data_size, 2);
180 sigsize = _gnutls_read_uint16 (p);
181
182 DECR_LEN (data_size, sigsize);
183 signature.data = &p[2];
184 signature.size = sigsize;
185
186 ret =
187 _gnutls_get_auth_info_gcert (&peer_cert,
188 session->security_parameters.cert_type,
189 info, CERT_NO_COPY);
190
191 if (ret < 0)
192 {
193 gnutls_assert ();
194 return ret;
195 }
196
197 ret =
198 _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature,
199 GNUTLS_SIGN_UNKNOWN);
200
201 _gnutls_gcert_deinit (&peer_cert);
202 if (ret < 0)
203 {
204 gnutls_assert ();
205 return ret;
206 }
207
208 return 0;
209 }
210
211
212 #endif /* ENABLE_SRP */
Implementation of the SSL/TLS protocol