summaryrefslogtreecommitdiff
path: root/lib/auth
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2015-07-10 21:17:48 +0200
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2015-07-10 21:17:48 +0200
commit87cdd20cd7bf388835bd3e93ebc7d7e1ea9293a7 (patch)
tree06cc4f608274dc7180e8388b78ba8cb6363f9958 /lib/auth
parentb345c1fc821f4a15a302fbdff1f8aa2b0636bf59 (diff)
downloadgnutls-87cdd20cd7bf388835bd3e93ebc7d7e1ea9293a7.tar.gz
PSK: set the hint in DHE-PSK and ECDHE-PSK ciphersuites
Diffstat (limited to 'lib/auth')
-rw-r--r--lib/auth/dhe_psk.c84
1 files changed, 74 insertions, 10 deletions
diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c
index 3755a99559..d517b35be0 100644
--- a/lib/auth/dhe_psk.c
+++ b/lib/auth/dhe_psk.c
@@ -189,6 +189,7 @@ gen_dhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
int ret;
gnutls_dh_params_t dh_params;
gnutls_psk_server_credentials_t cred;
+ gnutls_datum_t hint = {NULL, 0};
cred = (gnutls_psk_server_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_PSK);
@@ -218,7 +219,12 @@ gen_dhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
_gnutls_dh_set_group(session, g, p);
- ret = _gnutls_buffer_append_prefix(data, 16, 0);
+ if (cred->hint) {
+ hint.data = (uint8_t *) cred->hint;
+ hint.size = strlen(cred->hint);
+ }
+
+ ret = _gnutls_buffer_append_data_prefix(data, 16, hint.data, hint.size);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -238,6 +244,8 @@ static int
gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
int ret;
+ gnutls_psk_server_credentials_t cred;
+ gnutls_datum_t hint = {NULL, 0};
if ((ret =
_gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
@@ -246,7 +254,20 @@ gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
return ret;
}
- ret = _gnutls_buffer_append_prefix(data, 16, 0);
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred(session, GNUTLS_CRD_PSK);
+
+ if (cred == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (cred->hint) {
+ hint.data = (uint8_t *) cred->hint;
+ hint.size = strlen(cred->hint);
+ }
+
+ ret = _gnutls_buffer_append_data_prefix(data, 16, hint.data, hint.size);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -410,13 +431,37 @@ proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
return ret;
}
+static int copy_hint(gnutls_session_t session, gnutls_datum_t *hint)
+{
+ psk_auth_info_t info;
+
+ /* copy the hint to the auth info structures
+ */
+ info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
+ if (info == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (hint->size > MAX_USERNAME_SIZE) {
+ gnutls_assert();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ memcpy(info->hint, hint->data, hint->size);
+ info->hint[hint->size] = 0;
+
+ return 0;
+}
+
static int
proc_dhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
size_t _data_size)
{
- int ret, psk_size;
+ int ret;
ssize_t data_size = _data_size;
+ gnutls_datum_t hint;
/* set auth_info */
if ((ret =
@@ -427,9 +472,12 @@ proc_dhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
}
DECR_LEN(data_size, 2);
- psk_size = _gnutls_read_uint16(data);
- DECR_LEN(data_size, psk_size);
- data += 2 + psk_size;
+
+ hint.size = _gnutls_read_uint16(&data[0]);
+ hint.data = &data[2];
+
+ DECR_LEN(data_size, hint.size);
+ data += 2 + hint.size;
ret = _gnutls_proc_dh_common_server_kx(session, data, data_size);
if (ret < 0) {
@@ -437,6 +485,12 @@ proc_dhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
return ret;
}
+ ret = copy_hint(session, &hint);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
return 0;
}
@@ -445,8 +499,9 @@ proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
size_t _data_size)
{
- int ret, psk_size;
+ int ret;
ssize_t data_size = _data_size;
+ gnutls_datum_t hint;
/* set auth_info */
if ((ret =
@@ -457,9 +512,12 @@ proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
}
DECR_LEN(data_size, 2);
- psk_size = _gnutls_read_uint16(data);
- DECR_LEN(data_size, psk_size);
- data += 2 + psk_size;
+
+ hint.size = _gnutls_read_uint16(&data[0]);
+ hint.data = &data[2];
+
+ DECR_LEN(data_size, hint.size);
+ data += 2 + hint.size;
ret = _gnutls_proc_ecdh_common_server_kx(session, data, data_size);
if (ret < 0) {
@@ -467,6 +525,12 @@ proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
return ret;
}
+ ret = copy_hint(session, &hint);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
return 0;
}