2 * Copyright (C) 2005, 2007, 2009 Free Software Foundation
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GNUTLS.
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
25 /* This file contains the PSK Diffie-Hellman key exchange part of the
26 * PSK authentication. The functions here are used in the handshake.
29 #include <gnutls_int.h>
33 #include "gnutls_auth.h"
34 #include "gnutls_errors.h"
35 #include "gnutls_dh.h"
37 #include "gnutls_num.h"
38 #include "gnutls_mpi.h"
39 #include <gnutls_state.h>
40 #include <auth_dh_common.h>
41 #include <gnutls_datum.h>
43 static int gen_psk_server_kx (gnutls_session_t
, opaque
**);
44 static int gen_psk_client_kx (gnutls_session_t
, opaque
**);
45 static int proc_psk_client_kx (gnutls_session_t
, opaque
*, size_t);
46 static int proc_psk_server_kx (gnutls_session_t
, opaque
*, size_t);
48 const mod_auth_st dhe_psk_auth_struct
= {
58 NULL
, /* certificate */
66 gen_psk_client_kx (gnutls_session_t session
, opaque
** data
)
69 opaque
*tmp_data
= NULL
;
70 int data_size
, tmp_data_size
;
71 gnutls_psk_client_credentials_t cred
;
73 cred
= (gnutls_psk_client_credentials_t
)
74 _gnutls_get_cred (session
->key
, GNUTLS_CRD_PSK
, NULL
);
79 return GNUTLS_E_INSUFFICIENT_CREDENTIALS
;
82 if (cred
->username
.data
== NULL
|| cred
->key
.data
== NULL
)
85 return GNUTLS_E_INSUFFICIENT_CREDENTIALS
;
88 /* The PSK key is set in there */
89 ret
= _gnutls_gen_dh_common_client_kx (session
, &tmp_data
);
97 data_size
= tmp_data_size
+ cred
->username
.size
+ 2;
99 (*data
) = gnutls_malloc (data_size
);
103 ret
= GNUTLS_E_MEMORY_ERROR
;
107 _gnutls_write_datum16 (*data
, cred
->username
);
108 memcpy (&(*data
)[cred
->username
.size
+ 2], tmp_data
, tmp_data_size
);
113 gnutls_free (tmp_data
);
119 gen_psk_server_kx (gnutls_session_t session
, opaque
** data
)
122 const bigint_t
*mpis
;
124 gnutls_dh_params_t dh_params
;
125 gnutls_psk_server_credentials_t cred
;
127 cred
= (gnutls_psk_server_credentials_t
)
128 _gnutls_get_cred (session
->key
, GNUTLS_CRD_PSK
, NULL
);
132 return GNUTLS_E_INSUFFICIENT_CREDENTIALS
;
136 _gnutls_get_dh_params (cred
->dh_params
, cred
->params_func
, session
);
137 mpis
= _gnutls_dh_params_to_mpi (dh_params
);
141 return GNUTLS_E_NO_TEMPORARY_DH_PARAMS
;
148 _gnutls_auth_info_set (session
, GNUTLS_CRD_PSK
,
149 sizeof (psk_auth_info_st
), 1)) < 0)
155 _gnutls_dh_set_group (session
, g
, p
);
157 ret
= _gnutls_dh_common_print_server_kx (session
, g
, p
, data
, 1);
168 proc_psk_client_kx (gnutls_session_t session
, opaque
* data
,
173 gnutls_dh_params_t dh_params
;
174 const bigint_t
*mpis
;
175 gnutls_psk_server_credentials_t cred
;
176 psk_auth_info_t info
;
177 gnutls_datum_t username
;
178 ssize_t data_size
= _data_size
;
180 cred
= (gnutls_psk_server_credentials_t
)
181 _gnutls_get_cred (session
->key
, GNUTLS_CRD_PSK
, NULL
);
186 return GNUTLS_E_INSUFFICIENT_CREDENTIALS
;
190 _gnutls_auth_info_set (session
, GNUTLS_CRD_PSK
,
191 sizeof (psk_auth_info_st
), 1)) < 0)
198 _gnutls_get_dh_params (cred
->dh_params
, cred
->params_func
, session
);
199 mpis
= _gnutls_dh_params_to_mpi (dh_params
);
203 return GNUTLS_E_NO_TEMPORARY_DH_PARAMS
;
209 DECR_LEN (data_size
, 2);
210 username
.size
= _gnutls_read_uint16 (&data
[0]);
212 DECR_LEN (data_size
, username
.size
);
214 username
.data
= &data
[2];
216 /* copy the username to the auth info structures
218 info
= _gnutls_get_auth_info (session
);
220 if (username
.size
> MAX_SRP_USERNAME
)
223 return GNUTLS_E_ILLEGAL_SRP_USERNAME
;
226 memcpy (info
->username
, username
.data
, username
.size
);
227 info
->username
[username
.size
] = 0;
229 /* Adjust the data */
230 data
+= username
.size
+ 2;
232 ret
= _gnutls_proc_dh_common_client_kx (session
, data
, data_size
, g
, p
);
239 proc_psk_server_kx (gnutls_session_t session
, opaque
* data
,
247 _gnutls_auth_info_set (session
, GNUTLS_CRD_PSK
,
248 sizeof (psk_auth_info_st
), 1)) < 0)
254 ret
= _gnutls_proc_dh_common_server_kx (session
, data
, _data_size
, 1);
264 #endif /* ENABLE_PSK */