lib/auth_dhe_psk.c

   1 /*
   2  * Copyright (C) 2005, 2007, 2009 Free Software Foundation
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * The GNUTLS library is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 /* This file contains the PSK Diffie-Hellman key exchange part of the
  26  * PSK authentication.  The functions here are used in the handshake.
  27  */
  28
  29 #include <gnutls_int.h>
  30
  31 #ifdef ENABLE_PSK
  32
  33 #include "gnutls_auth.h"
  34 #include "gnutls_errors.h"
  35 #include "gnutls_dh.h"
  36 #include "auth_psk.h"
  37 #include "gnutls_num.h"
  38 #include "gnutls_mpi.h"
  39 #include <gnutls_state.h>
  40 #include <auth_dh_common.h>
  41 #include <gnutls_datum.h>
  42
  43 static int gen_psk_server_kx (gnutls_session_t, opaque **);
  44 static int gen_psk_client_kx (gnutls_session_t, opaque **);
  45 static int proc_psk_client_kx (gnutls_session_t, opaque *, size_t);
  46 static int proc_psk_server_kx (gnutls_session_t, opaque *, size_t);
  47
  48 const mod_auth_st dhe_psk_auth_struct = {
  49   "DHE PSK",
  50   NULL,
  51   NULL,
  52   gen_psk_server_kx,
  53   gen_psk_client_kx,
  54   NULL,
  55   NULL,
  56
  57   NULL,
  58   NULL,                         /* certificate */
  59   proc_psk_server_kx,
  60   proc_psk_client_kx,
  61   NULL,
  62   NULL
  63 };
  64
  65 static int
  66 gen_psk_client_kx (gnutls_session_t session, opaque ** data)
  67 {
  68   int ret;
  69   opaque *tmp_data = NULL;
  70   int data_size, tmp_data_size;
  71   gnutls_psk_client_credentials_t cred;
  72
  73   cred = (gnutls_psk_client_credentials_t)
  74     _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
  75
  76   if (cred == NULL)
  77     {
  78       gnutls_assert ();
  79       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
  80     }
  81
  82   if (cred->username.data == NULL || cred->key.data == NULL)
  83     {
  84       gnutls_assert ();
  85       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
  86     }
  87
  88   /* The PSK key is set in there */
  89   ret = _gnutls_gen_dh_common_client_kx (session, &tmp_data);
  90   if (ret < 0)
  91     {
  92       gnutls_assert ();
  93       return ret;
  94     }
  95
  96   tmp_data_size = ret;
  97   data_size = tmp_data_size + cred->username.size + 2;
  98
  99   (*data) = gnutls_malloc (data_size);
 100   if ((*data) == NULL)
 101     {
 102       gnutls_assert ();
 103       ret = GNUTLS_E_MEMORY_ERROR;
 104       goto error;
 105     }
 106
 107   _gnutls_write_datum16 (*data, cred->username);
 108   memcpy (&(*data)[cred->username.size + 2], tmp_data, tmp_data_size);
 109
 110   ret = data_size;
 111
 112 error:
 113   gnutls_free (tmp_data);
 114   return ret;
 115
 116 }
 117
 118 static int
 119 gen_psk_server_kx (gnutls_session_t session, opaque ** data)
 120 {
 121   bigint_t g, p;
 122   const bigint_t *mpis;
 123   int ret;
 124   gnutls_dh_params_t dh_params;
 125   gnutls_psk_server_credentials_t cred;
 126
 127   cred = (gnutls_psk_server_credentials_t)
 128     _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
 129   if (cred == NULL)
 130     {
 131       gnutls_assert ();
 132       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 133     }
 134
 135   dh_params =
 136     _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
 137   mpis = _gnutls_dh_params_to_mpi (dh_params);
 138   if (mpis == NULL)
 139     {
 140       gnutls_assert ();
 141       return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
 142     }
 143
 144   p = mpis[0];
 145   g = mpis[1];
 146
 147   if ((ret =
 148        _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
 149                               sizeof (psk_auth_info_st), 1)) < 0)
 150     {
 151       gnutls_assert ();
 152       return ret;
 153     }
 154
 155   _gnutls_dh_set_group (session, g, p);
 156
 157   ret = _gnutls_dh_common_print_server_kx (session, g, p, data, 1);
 158   if (ret < 0)
 159     {
 160       gnutls_assert ();
 161     }
 162
 163   return ret;
 164 }
 165
 166
 167 static int
 168 proc_psk_client_kx (gnutls_session_t session, opaque * data,
 169                     size_t _data_size)
 170 {
 171   int ret;
 172   bigint_t p, g;
 173   gnutls_dh_params_t dh_params;
 174   const bigint_t *mpis;
 175   gnutls_psk_server_credentials_t cred;
 176   psk_auth_info_t info;
 177   gnutls_datum_t username;
 178   ssize_t data_size = _data_size;
 179
 180   cred = (gnutls_psk_server_credentials_t)
 181     _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
 182
 183   if (cred == NULL)
 184     {
 185       gnutls_assert ();
 186       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 187     }
 188
 189   if ((ret =
 190        _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
 191                               sizeof (psk_auth_info_st), 1)) < 0)
 192     {
 193       gnutls_assert ();
 194       return ret;
 195     }
 196
 197   dh_params =
 198     _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
 199   mpis = _gnutls_dh_params_to_mpi (dh_params);
 200   if (mpis == NULL)
 201     {
 202       gnutls_assert ();
 203       return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
 204     }
 205
 206   p = mpis[0];
 207   g = mpis[1];
 208
 209   DECR_LEN (data_size, 2);
 210   username.size = _gnutls_read_uint16 (&data[0]);
 211
 212   DECR_LEN (data_size, username.size);
 213
 214   username.data = &data[2];
 215
 216   /* copy the username to the auth info structures
 217    */
 218   info = _gnutls_get_auth_info (session);
 219
 220   if (username.size > MAX_SRP_USERNAME)
 221     {
 222       gnutls_assert ();
 223       return GNUTLS_E_ILLEGAL_SRP_USERNAME;
 224     }
 225
 226   memcpy (info->username, username.data, username.size);
 227   info->username[username.size] = 0;
 228
 229   /* Adjust the data */
 230   data += username.size + 2;
 231
 232   ret = _gnutls_proc_dh_common_client_kx (session, data, data_size, g, p);
 233
 234   return ret;
 235
 236 }
 237
 238 int
 239 proc_psk_server_kx (gnutls_session_t session, opaque * data,
 240                     size_t _data_size)
 241 {
 242
 243   int ret;
 244
 245   /* set auth_info */
 246   if ((ret =
 247        _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
 248                               sizeof (psk_auth_info_st), 1)) < 0)
 249     {
 250       gnutls_assert ();
 251       return ret;
 252     }
 253
 254   ret = _gnutls_proc_dh_common_server_kx (session, data, _data_size, 1);
 255   if (ret < 0)
 256     {
 257       gnutls_assert ();
 258       return ret;
 259     }
 260
 261   return 0;
 262 }
 263
 264 #endif /* ENABLE_PSK */