2 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GNUTLS.
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
25 #include <gnutls_int.h>
29 #include "gnutls_errors.h"
30 #include "auth_srp_passwd.h"
31 #include "gnutls_auth.h"
32 #include "gnutls_auth.h"
33 #include "gnutls_srp.h"
35 #include "gnutls_num.h"
37 #include <gnutls_str.h>
38 #include <auth_cert.h>
39 #include <gnutls_datum.h>
40 #include <gnutls_sig.h>
42 #include <gnutls_x509.h>
44 static int gen_srp_cert_server_kx (gnutls_session_t
, opaque
**);
45 static int proc_srp_cert_server_kx (gnutls_session_t
, opaque
*, size_t);
47 const mod_auth_st srp_rsa_auth_struct
= {
49 _gnutls_gen_cert_server_certificate
,
51 gen_srp_cert_server_kx
,
52 _gnutls_gen_srp_client_kx
,
56 _gnutls_proc_cert_server_certificate
,
57 NULL
, /* certificate */
58 proc_srp_cert_server_kx
,
59 _gnutls_proc_srp_client_kx
,
64 const mod_auth_st srp_dss_auth_struct
= {
66 _gnutls_gen_cert_server_certificate
,
68 gen_srp_cert_server_kx
,
69 _gnutls_gen_srp_client_kx
,
73 _gnutls_proc_cert_server_certificate
,
74 NULL
, /* certificate */
75 proc_srp_cert_server_kx
,
76 _gnutls_proc_srp_client_kx
,
82 gen_srp_cert_server_kx (gnutls_session_t session
, opaque
** data
)
84 ssize_t ret
, data_size
;
85 gnutls_datum_t signature
, ddata
;
86 gnutls_certificate_credentials_t cred
;
87 gnutls_cert
*apr_cert_list
;
88 gnutls_privkey
*apr_pkey
;
89 int apr_cert_list_length
;
90 gnutls_sign_algorithm_t sign_algo
;
92 ret
= _gnutls_gen_srp_server_kx (session
, data
);
99 ddata
.size
= data_size
;
101 cred
= (gnutls_certificate_credentials_t
)
102 _gnutls_get_cred (session
->key
, GNUTLS_CRD_CERTIFICATE
, NULL
);
106 return GNUTLS_E_INSUFFICIENT_CREDENTIALS
;
109 /* find the appropriate certificate */
111 _gnutls_get_selected_cert (session
, &apr_cert_list
,
112 &apr_cert_list_length
, &apr_pkey
)) < 0)
119 _gnutls_handshake_sign_data (session
, &apr_cert_list
[0],
120 apr_pkey
, &ddata
, &signature
,
128 *data
= gnutls_realloc_fast (*data
, data_size
+ signature
.size
+ 2);
131 _gnutls_free_datum (&signature
);
133 return GNUTLS_E_MEMORY_ERROR
;
136 _gnutls_write_datum16 (&(*data
)[data_size
], signature
);
137 data_size
+= signature
.size
+ 2;
139 _gnutls_free_datum (&signature
);
146 proc_srp_cert_server_kx (gnutls_session_t session
, opaque
* data
,
151 gnutls_datum_t vparams
, signature
;
153 cert_auth_info_t info
;
154 gnutls_cert peer_cert
;
157 ret
= _gnutls_proc_srp_server_kx (session
, data
, _data_size
);
161 data_size
= _data_size
- ret
;
163 info
= _gnutls_get_auth_info (session
);
164 if (info
== NULL
|| info
->ncerts
== 0)
167 /* we need this in order to get peer's certificate */
168 return GNUTLS_E_INTERNAL_ERROR
;
171 /* VERIFY SIGNATURE */
173 vparams
.size
= ret
; /* all the data minus the signature */
176 p
= &data
[vparams
.size
];
178 DECR_LEN (data_size
, 2);
179 sigsize
= _gnutls_read_uint16 (p
);
181 DECR_LEN (data_size
, sigsize
);
182 signature
.data
= &p
[2];
183 signature
.size
= sigsize
;
186 _gnutls_get_auth_info_gcert (&peer_cert
,
187 session
->security_parameters
.cert_type
,
196 ret
= _gnutls_handshake_verify_data (session
, &peer_cert
, &vparams
, &signature
,
197 GNUTLS_SIGN_UNKNOWN
);
199 _gnutls_gcert_deinit (&peer_cert
);
210 #endif /* ENABLE_SRP */