From 4fe788cc172e6c06f40a42ba516a60f21369018c Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Tue, 2 May 2023 08:41:08 +0900 Subject: psk: Add basic support for RFC 9258 external PSK importer interface This adds a minimal, callback-based API to import external PSK, following RFC 9258. The client and the server importing external PSK are supposed to set a callback to retrieve PSK, which returns flags that may indicate the PSK is imported, along with the key: typedef int gnutls_psk_client_credentials_function3( gnutls_session_t session, gnutls_datum_t *username, gnutls_datum_t *key, gnutls_psk_key_flags *flags); typedef int gnutls_psk_server_credentials_function3( gnutls_session_t session, const gnutls_datum_t *username, gnutls_datum_t *key, gnutls_psk_key_flags *flags); Those callbacks are responsible to call gnutls_psk_format_imported_identity() for external PSKs to build a serialized PSK identity, and set GNUTLS_PSK_KEY_EXT in flags if the identity is an imported one. Signed-off-by: Daiki Ueno --- lib/auth/psk.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'lib/auth/psk.h') diff --git a/lib/auth/psk.h b/lib/auth/psk.h index 06d7913c85..9e1f94b1fe 100644 --- a/lib/auth/psk.h +++ b/lib/auth/psk.h @@ -36,19 +36,20 @@ typedef struct gnutls_psk_client_credentials_st { gnutls_datum_t username; gnutls_datum_t key; - gnutls_psk_client_credentials_function2 *get_function; - gnutls_psk_client_credentials_function *get_function_legacy; + gnutls_psk_client_credentials_function3 *get_function; + gnutls_psk_client_credentials_function2 *get_function2; + gnutls_psk_client_credentials_function *get_function1; /* TLS 1.3 - The HMAC algorithm to use to compute the binder values */ const mac_entry_st *binder_algo; } psk_client_credentials_st; typedef struct gnutls_psk_server_credentials_st { char *password_file; - /* callback function, instead of reading the - * password files. + /* callback functions, instead of reading the password files. */ - gnutls_psk_server_credentials_function2 *pwd_callback; - gnutls_psk_server_credentials_function *pwd_callback_legacy; + gnutls_psk_server_credentials_function3 *pwd_callback; + gnutls_psk_server_credentials_function2 *pwd_callback2; + gnutls_psk_server_credentials_function *pwd_callback1; /* For DHE_PSK */ gnutls_dh_params_t dh_params; -- cgit v1.2.1