lib/auth_dhe_psk.c

   1 /*
   2  * Copyright (C) 2005, 2007, 2009, 2010 Free Software Foundation, Inc.
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GnuTLS.
   7  *
   8  * The GnuTLS is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 /* This file contains the PSK Diffie-Hellman key exchange part of the
  26  * PSK authentication.  The functions here are used in the handshake.
  27  */
  28
  29 #include <gnutls_int.h>
  30
  31 #ifdef ENABLE_PSK
  32
  33 #include "gnutls_auth.h"
  34 #include "gnutls_errors.h"
  35 #include "gnutls_dh.h"
  36 #include "auth_psk.h"
  37 #include "gnutls_num.h"
  38 #include "gnutls_mpi.h"
  39 #include <gnutls_state.h>
  40 #include <auth_dh_common.h>
  41 #include <gnutls_datum.h>
  42
  43 static int gen_psk_server_kx (gnutls_session_t, opaque **);
  44 static int gen_psk_client_kx (gnutls_session_t, opaque **);
  45 static int proc_psk_client_kx (gnutls_session_t, opaque *, size_t);
  46 static int proc_psk_server_kx (gnutls_session_t, opaque *, size_t);
  47
  48 const mod_auth_st dhe_psk_auth_struct = {
  49   "DHE PSK",
  50   NULL,
  51   NULL,
  52   gen_psk_server_kx,
  53   gen_psk_client_kx,
  54   NULL,
  55   NULL,
  56
  57   NULL,
  58   NULL,                         /* certificate */
  59   proc_psk_server_kx,
  60   proc_psk_client_kx,
  61   NULL,
  62   NULL
  63 };
  64
  65 static int
  66 gen_psk_client_kx (gnutls_session_t session, opaque ** data)
  67 {
  68   int ret, free;
  69   opaque *tmp_data = NULL;
  70   int data_size, tmp_data_size;
  71   gnutls_psk_client_credentials_t cred;
  72   gnutls_datum_t username, key;
  73
  74   cred = (gnutls_psk_client_credentials_t)
  75     _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
  76
  77   if (cred == NULL)
  78     return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
  79
  80
  81   ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
  82   if (ret < 0)
  83     return gnutls_assert_val(ret);
  84
  85   /* The PSK key is set in there */
  86   ret = _gnutls_gen_dh_common_client_kx_int (session, &tmp_data, &key);
  87   if (ret < 0)
  88     {
  89       gnutls_assert ();
  90       goto cleanup;
  91     }
  92
  93   tmp_data_size = ret;
  94   data_size = tmp_data_size + username.size + 2;
  95
  96   (*data) = gnutls_malloc (data_size);
  97   if ((*data) == NULL)
  98     {
  99       gnutls_assert ();
 100       ret = GNUTLS_E_MEMORY_ERROR;
 101       goto cleanup;
 102     }
 103
 104   _gnutls_write_datum16 (*data, username);
 105   memcpy (&(*data)[username.size + 2], tmp_data, tmp_data_size);
 106
 107   ret = data_size;
 108
 109 cleanup:
 110   gnutls_free (tmp_data);
 111   if (free)
 112     {
 113       _gnutls_free_datum(&username);
 114       _gnutls_free_datum(&key);
 115     }
 116
 117   return ret;
 118
 119 }
 120
 121 static int
 122 gen_psk_server_kx (gnutls_session_t session, opaque ** data)
 123 {
 124   bigint_t g, p;
 125   const bigint_t *mpis;
 126   int ret;
 127   gnutls_dh_params_t dh_params;
 128   gnutls_psk_server_credentials_t cred;
 129
 130   cred = (gnutls_psk_server_credentials_t)
 131     _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
 132   if (cred == NULL)
 133     {
 134       gnutls_assert ();
 135       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 136     }
 137
 138   dh_params =
 139     _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
 140   mpis = _gnutls_dh_params_to_mpi (dh_params);
 141   if (mpis == NULL)
 142     {
 143       gnutls_assert ();
 144       return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
 145     }
 146
 147   p = mpis[0];
 148   g = mpis[1];
 149
 150   if ((ret =
 151        _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
 152                               sizeof (psk_auth_info_st), 1)) < 0)
 153     {
 154       gnutls_assert ();
 155       return ret;
 156     }
 157
 158   _gnutls_dh_set_group (session, g, p);
 159
 160   ret = _gnutls_dh_common_print_server_kx (session, g, p, data, 1);
 161   if (ret < 0)
 162     {
 163       gnutls_assert ();
 164     }
 165
 166   return ret;
 167 }
 168
 169
 170 static int
 171 proc_psk_client_kx (gnutls_session_t session, opaque * data,
 172                     size_t _data_size)
 173 {
 174   int ret;
 175   bigint_t p, g;
 176   gnutls_dh_params_t dh_params;
 177   const bigint_t *mpis;
 178   gnutls_psk_server_credentials_t cred;
 179   psk_auth_info_t info;
 180   gnutls_datum_t username;
 181   ssize_t data_size = _data_size;
 182
 183   cred = (gnutls_psk_server_credentials_t)
 184     _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
 185
 186   if (cred == NULL)
 187     {
 188       gnutls_assert ();
 189       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 190     }
 191
 192   if ((ret =
 193        _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
 194                               sizeof (psk_auth_info_st), 1)) < 0)
 195     {
 196       gnutls_assert ();
 197       return ret;
 198     }
 199
 200   dh_params =
 201     _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
 202   mpis = _gnutls_dh_params_to_mpi (dh_params);
 203   if (mpis == NULL)
 204     {
 205       gnutls_assert ();
 206       return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
 207     }
 208
 209   p = mpis[0];
 210   g = mpis[1];
 211
 212   DECR_LEN (data_size, 2);
 213   username.size = _gnutls_read_uint16 (&data[0]);
 214
 215   DECR_LEN (data_size, username.size);
 216
 217   username.data = &data[2];
 218
 219   /* copy the username to the auth info structures
 220    */
 221   info = _gnutls_get_auth_info (session);
 222
 223   if (username.size > MAX_USERNAME_SIZE)
 224     {
 225       gnutls_assert ();
 226       return GNUTLS_E_ILLEGAL_SRP_USERNAME;
 227     }
 228
 229   memcpy (info->username, username.data, username.size);
 230   info->username[username.size] = 0;
 231
 232   /* Adjust the data */
 233   data += username.size + 2;
 234
 235   ret = _gnutls_proc_dh_common_client_kx (session, data, data_size, g, p);
 236
 237   return ret;
 238
 239 }
 240
 241 int
 242 proc_psk_server_kx (gnutls_session_t session, opaque * data,
 243                     size_t _data_size)
 244 {
 245
 246   int ret;
 247
 248   /* set auth_info */
 249   if ((ret =
 250        _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
 251                               sizeof (psk_auth_info_st), 1)) < 0)
 252     {
 253       gnutls_assert ();
 254       return ret;
 255     }
 256
 257   ret = _gnutls_proc_dh_common_server_kx (session, data, _data_size, 1);
 258   if (ret < 0)
 259     {
 260       gnutls_assert ();
 261       return ret;
 262     }
 263
 264   return 0;
 265 }
 266
 267 #endif /* ENABLE_PSK */