return ret;
}
- ret = _gnutls_set_psk_session_key (session, &tmp_dh_key);
+ ret = _gnutls_set_psk_session_key (session, NULL, &tmp_dh_key);
_gnutls_free_datum (&tmp_dh_key);
}
return 0;
}
+int _gnutls_gen_dh_common_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+{
+ return _gnutls_gen_dh_common_client_kx_int(session, data, NULL);
+}
+
int
-_gnutls_gen_dh_common_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
+_gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, gnutls_buffer_st* data, gnutls_datum_t* pskkey)
{
bigint_t x = NULL, X = NULL;
int ret;
else /* In DHE_PSK the key is set differently */
{
gnutls_datum_t tmp_dh_key;
+
ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key);
if (ret < 0)
{
goto error;
}
- ret = _gnutls_set_psk_session_key (session, &tmp_dh_key);
+ ret = _gnutls_set_psk_session_key (session, pskkey, &tmp_dh_key);
_gnutls_free_datum (&tmp_dh_key);
-
}
_gnutls_mpi_release (&session->key->KEY);
static int
gen_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
{
- int ret;
+ int ret, free;
gnutls_psk_client_credentials_t cred;
+ gnutls_datum_t username, key;
cred = (gnutls_psk_client_credentials_t)
_gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
+ return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
- if (cred->username.data == NULL || cred->key.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- ret = _gnutls_buffer_append_data_prefix(data, 16, cred->username.data, cred->username.size);
+ ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
if (ret < 0)
return gnutls_assert_val(ret);
+ ret = _gnutls_buffer_append_data_prefix(data, 16, username.data, username.size);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
/* The PSK key is set in there */
- ret = _gnutls_gen_dh_common_client_kx (session, data);
+ ret = _gnutls_gen_dh_common_client_kx_int (session, data, &key);
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ goto cleanup;
}
- return data->length;
+ ret = data->length;
+
+cleanup:
+ if (free)
+ _gnutls_free_datum(&username);
+ _gnutls_free_datum(&key);
+
+ return ret;
}
*/
int
_gnutls_set_psk_session_key (gnutls_session_t session,
- gnutls_datum_t * dh_secret)
+ gnutls_datum_t * ppsk /* key */,
+ gnutls_datum_t * dh_secret)
{
gnutls_datum_t pwd_psk = { NULL, 0 };
- gnutls_datum_t *ppsk;
size_t dh_secret_size;
int ret;
- if (session->security_parameters.entity == GNUTLS_CLIENT)
- {
- gnutls_psk_client_credentials_t cred;
-
- cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
-
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- ppsk = &cred->key;
-
- }
- else
+ if (session->security_parameters.entity == GNUTLS_SERVER)
{ /* SERVER side */
psk_auth_info_t info;
return ret;
}
+/* returns the username and they key for the PSK session.
+ * Free is non zero if they have to be freed.
+ */
+int _gnutls_find_psk_key( gnutls_session_t session, gnutls_psk_client_credentials_t cred,
+ gnutls_datum_t * username, gnutls_datum* key, int* free)
+{
+char* user_p;
+int ret;
+
+ *free = 0;
+
+ if (cred->username.data != NULL && cred->key.data != NULL)
+ {
+ username->data = cred->username.data;
+ username->size = cred->username.size;
+ key->data = cred->key.data;
+ key->size = cred->key.size;
+ }
+ else if (cred->get_function != NULL)
+ {
+ ret = cred->get_function (session, &user_p, key);
+ if (ret)
+ return gnutls_assert_val(ret);
+
+ username->data = user_p;
+ username->size = strlen(user_p);
+
+ *free = 1;
+ }
+ else
+ return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ return 0;
+}
+
/* Generates the PSK client key exchange
*
int
_gnutls_gen_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
{
- int ret;
+ int ret, free;
+ gnutls_datum_t username;
+ gnutls_datum_t key;
gnutls_psk_client_credentials_t cred;
cred = (gnutls_psk_client_credentials_t)
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
- if (cred->username.data == NULL && cred->key.data == NULL &&
- cred->get_function != NULL)
- {
- char *username;
- gnutls_datum_t key;
-
- ret = cred->get_function (session, &username, &key);
- if (ret)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_set_datum (&cred->username, username, strlen (username));
- gnutls_free (username);
- if (ret < 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&key);
- return ret;
- }
+ ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- ret = _gnutls_set_datum (&cred->key, key.data, key.size);
- _gnutls_free_datum (&key);
- if (ret < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
- else if (cred->username.data == NULL || cred->key.data == NULL)
+ ret = _gnutls_set_psk_session_key (session, &key, NULL);
+ if (ret < 0)
{
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ gnutls_assert();
+ goto cleanup;
}
-
- ret = _gnutls_set_psk_session_key (session, NULL);
+
+ ret = _gnutls_buffer_append_data_prefix(data, 16, username.data, username.size);
if (ret < 0)
{
- gnutls_assert ();
- return ret;
+ gnutls_assert();
}
- return _gnutls_buffer_append_data_prefix(data, 16, cred->username.data, cred->username.size);
+cleanup:
+ if (free)
+ {
+ gnutls_free(username.data);
+ gnutls_free(key.data);
+ }
+
+ return ret;
}
memcpy (info->username, username.data, username.size);
info->username[username.size] = 0;
- ret = _gnutls_set_psk_session_key (session, NULL);
+ ret = _gnutls_set_psk_session_key (session, NULL, NULL);
if (ret < 0)
{
gnutls_assert ();
ssize_t data_size = _data_size;
int ret;
gnutls_datum_t hint;
- gnutls_psk_server_credentials_t cred;
+ gnutls_psk_client_credentials_t cred;
psk_auth_info_t info;
- cred = (gnutls_psk_server_credentials_t)
+ cred = (gnutls_psk_client_credentials_t)
_gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
memcpy (info->hint, hint.data, hint.size);
info->hint[hint.size] = 0;
- ret = _gnutls_set_psk_session_key (session, NULL);
+ ret = _gnutls_set_psk_session_key (session, &cred->key, NULL);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
-#endif /* ENABLE_SRP */
+#endif /* ENABLE_PSK */