2 * Copyright (C) 2008 Free Software Foundation
4 * Author: Simon Josefsson
6 * This file is part of GNUTLS.
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
25 /* Functions to support draft-ietf-netconf-tls-01.txt. */
27 #include <gnutls_int.h>
28 #include <gnutls_hash_int.h>
29 #include <gnutls_errors.h>
35 * gnutls_psk_netconf_derive_key - derive PSK Netconf key from password
36 * @password: zero terminated string containing password.
37 * @psk_identity: zero terminated string with PSK identity.
38 * @psk_identity_hint: zero terminated string with PSK identity hint.
39 * @output_key: output variable, contains newly allocated *data pointer.
41 * This function will derive a PSK key from a password, for use with
42 * the Netconf protocol.
44 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
49 gnutls_psk_netconf_derive_key (const char *password
,
50 const char *psk_identity
,
51 const char *psk_identity_hint
,
52 gnutls_datum_t
*output_key
)
54 const char netconf_key_pad
[] = "Key Pad for Netconf";
55 size_t sha1len
= _gnutls_hash_get_algo_len (GNUTLS_DIG_SHA1
);
56 size_t hintlen
= strlen (psk_identity_hint
);
63 * PSK = SHA-1(SHA-1(psk_identity + "Key Pad for Netconf" + password) +
68 rc
= _gnutls_hash_init (&dig
, GNUTLS_DIG_SHA1
);
75 rc
= _gnutls_hash (&dig
, psk_identity
, strlen (psk_identity
));
79 _gnutls_hash_deinit (&dig
, NULL
);
83 rc
= _gnutls_hash (&dig
, netconf_key_pad
, strlen (netconf_key_pad
));
87 _gnutls_hash_deinit (&dig
, NULL
);
91 rc
= _gnutls_hash (&dig
, password
, strlen (password
));
95 _gnutls_hash_deinit (&dig
, NULL
);
99 innerlen
= sha1len
+ hintlen
;
100 inner
= gnutls_malloc (innerlen
);
101 _gnutls_hash_deinit (&dig
, inner
);
105 return GNUTLS_E_MEMORY_ERROR
;
108 memcpy (inner
+ sha1len
, psk_identity_hint
, hintlen
);
110 rc
= _gnutls_hash_init (&dig
, GNUTLS_DIG_SHA1
);
118 rc
= _gnutls_hash (&dig
, inner
, innerlen
);
123 _gnutls_hash_deinit (&dig
, NULL
);
127 output_key
->data
= gnutls_malloc (sha1len
);
128 _gnutls_hash_deinit (&dig
, output_key
->data
);
129 if (output_key
->data
== NULL
)
132 return GNUTLS_E_MEMORY_ERROR
;
134 output_key
->size
= sha1len
;
139 #endif /* ENABLE_PSK */