| blob | 258887345311d3deb45d51558dfc5a0b332918c1 |
1 /*
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
23 /* Contains functions that are supposed to pack and unpack session data,
24 * before and after they are sent to the database backend.
25 */
27 #include <gnutls_int.h>
28 #ifdef ENABLE_SRP
29 #include <auth/srp.h>
30 #endif
31 #ifdef ENABLE_PSK
32 #include <auth/psk.h>
33 #endif
34 #include <auth/anon.h>
35 #include <auth/cert.h>
36 #include <gnutls_errors.h>
37 #include <gnutls_auth.h>
38 #include <gnutls_session_pack.h>
39 #include <gnutls_datum.h>
40 #include <gnutls_num.h>
41 #include <gnutls_extensions.h>
42 #include <gnutls_constate.h>
43 #include <algorithms.h>
71 /* Since auth_info structures contain malloced data, this function
72 * is required in order to pack these structures in a vector in
73 * order to store them to the DB.
74 *
75 * packed_session will contain the session data.
76 *
77 * The data will be in a platform independent format.
78 */
79 int
82 {
84 gnutls_buffer_st sb;
88 {
91 }
99 {
100 #ifdef ENABLE_SRP
104 {
107 }
109 #endif
110 #ifdef ENABLE_PSK
114 {
117 }
119 #endif
120 #ifdef ENABLE_ANON
124 {
127 }
129 #endif
133 {
136 }
141 }
143 /* Auth_info structures copied. Now copy security_parameters_st.
144 * packed_session must have allocated space for the security parameters.
145 */
148 {
152 }
156 {
160 }
165 }
168 /* Load session data from a buffer.
169 */
170 int
173 {
175 gnutls_buffer_st sb;
181 {
184 }
186 ret =
190 {
193 }
196 {
198 }
203 {
204 #ifdef ENABLE_SRP
208 {
211 }
213 #endif
214 #ifdef ENABLE_PSK
218 {
221 }
223 #endif
224 #ifdef ENABLE_ANON
228 {
231 }
233 #endif
237 {
240 }
247 }
249 /* Auth_info structures copied. Now copy security_parameters_st.
250 * packed_session must have allocated space for the security parameters.
251 */
254 {
257 }
261 {
264 }
268 error:
272 }
276 /* Format:
277 * 1 byte the credentials type
278 * 4 bytes the size of the whole structure
279 * DH stuff
280 * 2 bytes the size of secret key in bits
281 * 4 bytes the size of the prime
282 * x bytes the prime
283 * 4 bytes the size of the generator
284 * x bytes the generator
285 * 4 bytes the size of the public key
286 * x bytes the public key
287 * RSA stuff
288 * 4 bytes the size of the modulus
289 * x bytes the modulus
290 * 4 bytes the size of the exponent
291 * x bytes the exponent
292 * CERTIFICATES
293 * 4 bytes the length of the certificate list
294 * 4 bytes the size of first certificate
295 * x bytes the certificate
296 * and so on...
297 */
298 static int
300 {
311 {
329 }
331 /* write the real size */
335 }
338 /* Upack certificate info.
339 */
340 static int
342 {
353 /* client and server have the same auth_info here
354 */
355 ret =
359 {
362 }
366 {
369 }
382 {
386 {
390 }
391 }
394 {
396 }
400 error:
402 {
414 }
418 }
420 #ifdef ENABLE_SRP
421 /* Packs the SRP session authentication data.
422 */
424 /* Format:
425 * 1 byte the credentials type
426 * 4 bytes the size of the SRP username (x)
427 * x bytes the SRP username
428 */
429 static int
431 {
439 else
448 /* write the real size */
452 }
455 static int
457 {
460 srp_server_auth_info_t info;
464 {
467 }
470 ret =
474 {
477 }
481 {
484 }
490 error:
492 }
493 #endif
496 #ifdef ENABLE_ANON
497 /* Packs the ANON session authentication data.
498 */
500 /* Format:
501 * 1 byte the credentials type
502 * 4 bytes the size of the whole structure
503 * 2 bytes the size of secret key in bits
504 * 4 bytes the size of the prime
505 * x bytes the prime
506 * 4 bytes the size of the generator
507 * x bytes the generator
508 * 4 bytes the size of the public key
509 * x bytes the public key
510 */
511 static int
513 {
523 {
530 }
532 /* write the real size */
536 }
539 static int
541 {
551 /* client and server have the same auth_info here
552 */
553 ret =
557 {
560 }
564 {
567 }
577 error:
579 {
583 }
586 }
589 #ifdef ENABLE_PSK
590 /* Packs the PSK session authentication data.
591 */
593 /* Format:
594 * 1 byte the credentials type
595 * 4 bytes the size of the whole structure
596 *
597 * 4 bytes the size of the PSK username (x)
598 * x bytes the PSK username
599 * 2 bytes the size of secret key in bits
600 * 4 bytes the size of the prime
601 * x bytes the prime
602 * 4 bytes the size of the generator
603 * x bytes the generator
604 * 4 bytes the size of the public key
605 * x bytes the public key
606 */
607 static int
609 {
610 psk_auth_info_t info;
620 else
625 else
640 /* write the real size */
644 }
646 static int
648 {
651 psk_auth_info_t info;
653 ret =
657 {
660 }
664 {
667 }
671 {
674 }
680 {
683 }
694 error:
700 }
701 #endif
704 /* Packs the security parameters.
705 */
707 /* Format:
708 * 4 bytes the total security data size
709 * 1 byte the entity type (client/server)
710 * 1 byte the key exchange algorithm used
711 * 1 byte the read cipher algorithm
712 * 1 byte the read mac algorithm
713 * 1 byte the read compression algorithm
714 *
715 * 1 byte the write cipher algorithm
716 * 1 byte the write mac algorithm
717 * 1 byte the write compression algorithm
718 *
719 * 1 byte the certificate type
720 * 1 byte the protocol version
721 *
722 * 2 bytes the cipher suite
723 *
724 * 48 bytes the master secret
725 *
726 * 32 bytes the client random
727 * 32 bytes the server random
728 *
729 * 1 byte the session ID size
730 * x bytes the session ID (32 bytes max)
731 *
732 * 4 bytes a timestamp
733 * 4 bytes the ECC curve
734 * -------------------
735 * MAX: 169 bytes
736 *
737 */
738 static int
740 {
749 {
752 }
756 {
759 }
761 /* move after the auth info stuff.
762 */
777 GNUTLS_MASTER_SIZE);
779 GNUTLS_RANDOM_SIZE);
781 GNUTLS_RANDOM_SIZE);
795 }
797 static int
799 {
824 GNUTLS_MASTER_SIZE);
828 GNUTLS_RANDOM_SIZE);
831 GNUTLS_RANDOM_SIZE);
854 {
857 }
861 error:
863 }
865 /**
866 * gnutls_session_set_premaster:
867 * @session: is a #gnutls_session_t structure.
868 * @entity: GNUTLS_SERVER or GNUTLS_CLIENT
869 * @version: the TLS protocol version
870 * @kx: the key exchange method
871 * @cipher: the cipher
872 * @mac: the MAC algorithm
873 * @comp: the compression method
874 * @master: the master key to use
875 * @session_id: the session identifier
876 *
877 * This function sets the premaster secret in a session. This is
878 * a function intended for exceptional uses. Do not use this
879 * function unless you are implementing a legacy protocol.
880 * Use gnutls_session_set_data() instead.
881 *
882 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
883 * an error code is returned.
884 **/
885 int
887 gnutls_protocol_t version,
888 gnutls_kx_algorithm_t kx,
889 gnutls_cipher_algorithm_t cipher,
890 gnutls_mac_algorithm_t mac,
891 gnutls_compression_method_t comp,
894 {
903 ret = _gnutls_cipher_suite_get_id(kx, cipher, mac, session->internals.resumed_security_parameters.cipher_suite);
914 memcpy(session->internals.resumed_security_parameters.master_secret, master->data, master->size);
920 memcpy(session->internals.resumed_security_parameters.session_id, session_id->data, session_id->size);
932 }