From 4fe788cc172e6c06f40a42ba516a60f21369018c Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Tue, 2 May 2023 08:41:08 +0900 Subject: psk: Add basic support for RFC 9258 external PSK importer interface This adds a minimal, callback-based API to import external PSK, following RFC 9258. The client and the server importing external PSK are supposed to set a callback to retrieve PSK, which returns flags that may indicate the PSK is imported, along with the key: typedef int gnutls_psk_client_credentials_function3( gnutls_session_t session, gnutls_datum_t *username, gnutls_datum_t *key, gnutls_psk_key_flags *flags); typedef int gnutls_psk_server_credentials_function3( gnutls_session_t session, const gnutls_datum_t *username, gnutls_datum_t *key, gnutls_psk_key_flags *flags); Those callbacks are responsible to call gnutls_psk_format_imported_identity() for external PSKs to build a serialized PSK identity, and set GNUTLS_PSK_KEY_EXT in flags if the identity is an imported one. Signed-off-by: Daiki Ueno --- lib/auth/rsa_psk.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/auth/rsa_psk.c') diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c index e9e99761cf..6e3fbbda82 100644 --- a/lib/auth/rsa_psk.c +++ b/lib/auth/rsa_psk.c @@ -193,7 +193,7 @@ static int _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - ret = _gnutls_find_psk_key(session, cred, &username, &key, &free); + ret = _gnutls_find_psk_key(session, cred, &username, &key, NULL, &free); if (ret < 0) return gnutls_assert_val(ret); @@ -382,7 +382,8 @@ static int _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, /* find the key of this username */ ret = _gnutls_psk_pwd_find_entry(session, info->username, - strlen(info->username), &pwd_psk); + strlen(info->username), &pwd_psk, + NULL); if (ret < 0) { gnutls_assert(); goto cleanup; -- cgit v1.2.1