lib/auth/anon.c

   1 /*
   2  * Copyright (C) 2000-2012 Free Software Foundation, Inc.
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GnuTLS.
   7  *
   8  * The GnuTLS is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 3 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public License
  19  * along with this program.  If not, see <http://www.gnu.org/licenses/>
  20  *
  21  */
  22
  23 /* This file contains the Anonymous Diffie-Hellman key exchange part of
  24  * the anonymous authentication. The functions here are used in the
  25  * handshake.
  26  */
  27
  28 #include <gnutls_int.h>
  29
  30 #ifdef ENABLE_ANON
  31
  32 #include "gnutls_auth.h"
  33 #include "gnutls_errors.h"
  34 #include "gnutls_dh.h"
  35 #include "auth/anon.h"
  36 #include "gnutls_num.h"
  37 #include "gnutls_mpi.h"
  38 #include <gnutls_state.h>
  39 #include <auth/dh_common.h>
  40
  41 static int gen_anon_server_kx (gnutls_session_t, gnutls_buffer_st*);
  42 static int proc_anon_client_kx (gnutls_session_t, opaque *, size_t);
  43 static int proc_anon_server_kx (gnutls_session_t, opaque *, size_t);
  44
  45 const mod_auth_st anon_auth_struct = {
  46   "ANON",
  47   NULL,
  48   NULL,
  49   gen_anon_server_kx,
  50   _gnutls_gen_dh_common_client_kx,      /* this can be shared */
  51   NULL,
  52   NULL,
  53
  54   NULL,
  55   NULL,                         /* certificate */
  56   proc_anon_server_kx,
  57   proc_anon_client_kx,
  58   NULL,
  59   NULL
  60 };
  61
  62 static int
  63 gen_anon_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
  64 {
  65   bigint_t g, p;
  66   const bigint_t *mpis;
  67   int ret;
  68   gnutls_dh_params_t dh_params;
  69   gnutls_anon_server_credentials_t cred;
  70
  71   cred = (gnutls_anon_server_credentials_t)
  72     _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL);
  73   if (cred == NULL)
  74     {
  75       gnutls_assert ();
  76       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
  77     }
  78
  79   dh_params =
  80     _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
  81   mpis = _gnutls_dh_params_to_mpi (dh_params);
  82   if (mpis == NULL)
  83     {
  84       gnutls_assert ();
  85       return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
  86     }
  87
  88   p = mpis[0];
  89   g = mpis[1];
  90
  91   if ((ret =
  92        _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
  93                               sizeof (anon_auth_info_st), 1)) < 0)
  94     {
  95       gnutls_assert ();
  96       return ret;
  97     }
  98
  99   _gnutls_dh_set_group (session, g, p);
 100
 101   ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits, data);
 102   if (ret < 0)
 103     {
 104       gnutls_assert ();
 105     }
 106
 107   return ret;
 108 }
 109
 110
 111 static int
 112 proc_anon_client_kx (gnutls_session_t session, opaque * data,
 113                      size_t _data_size)
 114 {
 115   gnutls_anon_server_credentials_t cred;
 116   int ret;
 117   bigint_t p, g;
 118   gnutls_dh_params_t dh_params;
 119   const bigint_t *mpis;
 120
 121   cred = (gnutls_anon_server_credentials_t)
 122     _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL);
 123   if (cred == NULL)
 124     {
 125       gnutls_assert ();
 126       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 127     }
 128
 129   dh_params =
 130     _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
 131   mpis = _gnutls_dh_params_to_mpi (dh_params);
 132   if (mpis == NULL)
 133     {
 134       gnutls_assert ();
 135       return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
 136     }
 137
 138   p = mpis[0];
 139   g = mpis[1];
 140
 141   ret = _gnutls_proc_dh_common_client_kx (session, data, _data_size, g, p, NULL);
 142
 143   return ret;
 144
 145 }
 146
 147 int
 148 proc_anon_server_kx (gnutls_session_t session, opaque * data,
 149                      size_t _data_size)
 150 {
 151
 152   int ret;
 153
 154   /* set auth_info */
 155   if ((ret =
 156        _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
 157                               sizeof (anon_auth_info_st), 1)) < 0)
 158     {
 159       gnutls_assert ();
 160       return ret;
 161     }
 162
 163   ret = _gnutls_proc_dh_common_server_kx (session, data, _data_size);
 164   if (ret < 0)
 165     {
 166       gnutls_assert ();
 167       return ret;
 168     }
 169
 170   return 0;
 171 }
 172
 173 #endif /* ENABLE_ANON */