| blob | 16bdc23a4f7bec6125affcdc05ca50e12eb1a997 |
1 /*
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
23 /* Contains functions that are supposed to pack and unpack session data,
24 * before and after they are sent to the database backend.
25 */
27 #include <gnutls_int.h>
28 #ifdef ENABLE_SRP
29 #include <auth/srp.h>
30 #endif
31 #ifdef ENABLE_PSK
32 #include <auth/psk.h>
33 #endif
34 #include <auth/anon.h>
35 #include <auth/cert.h>
36 #include <gnutls_errors.h>
37 #include <gnutls_auth.h>
38 #include <gnutls_session_pack.h>
39 #include <gnutls_datum.h>
40 #include <gnutls_num.h>
41 #include <gnutls_extensions.h>
42 #include <gnutls_constate.h>
43 #include <algorithms.h>
71 /* Since auth_info structures contain malloced data, this function
72 * is required in order to pack these structures in a vector in
73 * order to store them to the DB.
74 *
75 * packed_session will contain the session data.
76 *
77 * The data will be in a platform independent format.
78 */
79 int
82 {
84 gnutls_buffer_st sb;
88 {
91 }
99 {
100 #ifdef ENABLE_SRP
104 {
107 }
109 #endif
110 #ifdef ENABLE_PSK
114 {
117 }
119 #endif
120 #ifdef ENABLE_ANON
124 {
127 }
129 #endif
133 {
136 }
141 }
143 /* Auth_info structures copied. Now copy security_parameters_st.
144 * packed_session must have allocated space for the security parameters.
145 */
148 {
151 }
155 {
158 }
162 fail:
165 }
168 /* Load session data from a buffer.
169 */
170 int
173 {
175 gnutls_buffer_st sb;
181 {
184 }
186 ret =
190 {
193 }
196 {
198 }
203 {
204 #ifdef ENABLE_SRP
208 {
211 }
213 #endif
214 #ifdef ENABLE_PSK
218 {
221 }
223 #endif
224 #ifdef ENABLE_ANON
228 {
231 }
233 #endif
237 {
240 }
247 }
249 /* Auth_info structures copied. Now copy security_parameters_st.
250 * packed_session must have allocated space for the security parameters.
251 */
254 {
257 }
261 {
264 }
268 error:
272 }
276 /* Format:
277 * 1 byte the credentials type
278 * 4 bytes the size of the whole structure
279 * DH stuff
280 * 2 bytes the size of secret key in bits
281 * 4 bytes the size of the prime
282 * x bytes the prime
283 * 4 bytes the size of the generator
284 * x bytes the generator
285 * 4 bytes the size of the public key
286 * x bytes the public key
287 * RSA stuff
288 * 4 bytes the size of the modulus
289 * x bytes the modulus
290 * 4 bytes the size of the exponent
291 * x bytes the exponent
292 * CERTIFICATES
293 * 4 bytes the length of the certificate list
294 * 4 bytes the size of first certificate
295 * x bytes the certificate
296 * and so on...
297 */
298 static int
300 {
311 {
329 }
331 /* write the real size */
335 }
338 /* Upack certificate info.
339 */
340 static int
342 {
353 /* client and server have the same auth_info here
354 */
355 ret =
359 {
362 }
379 {
383 {
387 }
388 }
391 {
393 }
397 error:
399 {
411 }
415 }
417 #ifdef ENABLE_SRP
418 /* Packs the SRP session authentication data.
419 */
421 /* Format:
422 * 1 byte the credentials type
423 * 4 bytes the size of the SRP username (x)
424 * x bytes the SRP username
425 */
426 static int
428 {
436 {
439 }
440 else
449 /* write the real size */
453 }
456 static int
458 {
461 srp_server_auth_info_t info;
465 {
468 }
470 ret =
474 {
477 }
489 error:
491 }
492 #endif
495 #ifdef ENABLE_ANON
496 /* Packs the ANON session authentication data.
497 */
499 /* Format:
500 * 1 byte the credentials type
501 * 4 bytes the size of the whole structure
502 * 2 bytes the size of secret key in bits
503 * 4 bytes the size of the prime
504 * x bytes the prime
505 * 4 bytes the size of the generator
506 * x bytes the generator
507 * 4 bytes the size of the public key
508 * x bytes the public key
509 */
510 static int
512 {
522 {
529 }
531 /* write the real size */
535 }
538 static int
540 {
550 /* client and server have the same auth_info here
551 */
552 ret =
556 {
559 }
573 error:
575 {
579 }
582 }
585 #ifdef ENABLE_PSK
586 /* Packs the PSK session authentication data.
587 */
589 /* Format:
590 * 1 byte the credentials type
591 * 4 bytes the size of the whole structure
592 *
593 * 4 bytes the size of the PSK username (x)
594 * x bytes the PSK username
595 * 2 bytes the size of secret key in bits
596 * 4 bytes the size of the prime
597 * x bytes the prime
598 * 4 bytes the size of the generator
599 * x bytes the generator
600 * 4 bytes the size of the public key
601 * x bytes the public key
602 */
603 static int
605 {
606 psk_auth_info_t info;
618 else
623 else
638 /* write the real size */
642 }
644 static int
646 {
649 psk_auth_info_t info;
651 ret =
655 {
658 }
666 {
669 }
675 {
678 }
689 error:
695 }
696 #endif
699 /* Packs the security parameters.
700 */
702 /* Format:
703 * 4 bytes the total security data size
704 * 1 byte the entity type (client/server)
705 * 1 byte the key exchange algorithm used
706 * 1 byte the read cipher algorithm
707 * 1 byte the read mac algorithm
708 * 1 byte the read compression algorithm
709 *
710 * 1 byte the write cipher algorithm
711 * 1 byte the write mac algorithm
712 * 1 byte the write compression algorithm
713 *
714 * 1 byte the certificate type
715 * 1 byte the protocol version
716 *
717 * 2 bytes the cipher suite
718 *
719 * 48 bytes the master secret
720 *
721 * 32 bytes the client random
722 * 32 bytes the server random
723 *
724 * 1 byte the session ID size
725 * x bytes the session ID (32 bytes max)
726 *
727 * 4 bytes a timestamp
728 * 4 bytes the ECC curve
729 * -------------------
730 * MAX: 169 bytes
731 *
732 */
733 static int
735 {
744 {
747 }
751 {
754 }
756 /* move after the auth info stuff.
757 */
772 GNUTLS_MASTER_SIZE);
774 GNUTLS_RANDOM_SIZE);
776 GNUTLS_RANDOM_SIZE);
790 }
792 static int
794 {
819 GNUTLS_MASTER_SIZE);
823 GNUTLS_RANDOM_SIZE);
826 GNUTLS_RANDOM_SIZE);
849 {
852 }
856 error:
858 }
860 /**
861 * gnutls_session_set_premaster:
862 * @session: is a #gnutls_session_t structure.
863 * @entity: GNUTLS_SERVER or GNUTLS_CLIENT
864 * @version: the TLS protocol version
865 * @kx: the key exchange method
866 * @cipher: the cipher
867 * @mac: the MAC algorithm
868 * @comp: the compression method
869 * @master: the master key to use
870 * @session_id: the session identifier
871 *
872 * This function sets the premaster secret in a session. This is
873 * a function intended for exceptional uses. Do not use this
874 * function unless you are implementing a legacy protocol.
875 * Use gnutls_session_set_data() instead.
876 *
877 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
878 * an error code is returned.
879 **/
880 int
882 gnutls_protocol_t version,
883 gnutls_kx_algorithm_t kx,
884 gnutls_cipher_algorithm_t cipher,
885 gnutls_mac_algorithm_t mac,
886 gnutls_compression_method_t comp,
889 {
898 ret = _gnutls_cipher_suite_get_id(kx, cipher, mac, session->internals.resumed_security_parameters.cipher_suite);
909 memcpy(session->internals.resumed_security_parameters.master_secret, master->data, master->size);
915 memcpy(session->internals.resumed_security_parameters.session_id, session_id->data, session_id->size);
927 }