|
Packit |
aea12f |
/*
|
|
Packit |
aea12f |
* Copyright (C) 2002-2012 Free Software Foundation, Inc.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Author: Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This file is part of GnuTLS.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit |
aea12f |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit |
aea12f |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit |
aea12f |
* the License, or (at your option) any later version.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This library is distributed in the hope that it will be useful, but
|
|
Packit |
aea12f |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
aea12f |
* Lesser General Public License for more details.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
aea12f |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* This file contains common stuff in Ephemeral Diffie-Hellman (DHE)
|
|
Packit |
aea12f |
* and Anonymous DH key exchange(DHA). These are used in the handshake
|
|
Packit |
aea12f |
* procedure of the certificate and anonymous authentication.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include "gnutls_int.h"
|
|
Packit |
aea12f |
#include "auth.h"
|
|
Packit |
aea12f |
#include "errors.h"
|
|
Packit |
aea12f |
#include "dh.h"
|
|
Packit |
aea12f |
#include "num.h"
|
|
Packit |
aea12f |
#include "tls-sig.h"
|
|
Packit |
aea12f |
#include <datum.h>
|
|
Packit |
aea12f |
#include <x509.h>
|
|
Packit |
aea12f |
#include <state.h>
|
|
Packit |
aea12f |
#include <pk.h>
|
|
Packit |
aea12f |
#include <auth/dh_common.h>
|
|
Packit |
aea12f |
#include <algorithms.h>
|
|
Packit |
aea12f |
#include <auth/psk.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#if defined(ENABLE_DHE) || defined(ENABLE_ANON)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Frees the dh_info_st structure.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
void _gnutls_free_dh_info(dh_info_st * dh)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
dh->secret_bits = 0;
|
|
Packit |
aea12f |
_gnutls_free_datum(&dh->prime);
|
|
Packit |
aea12f |
_gnutls_free_datum(&dh->generator);
|
|
Packit |
aea12f |
_gnutls_free_datum(&dh->public_key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_proc_dh_common_client_kx(gnutls_session_t session,
|
|
Packit |
aea12f |
uint8_t * data, size_t _data_size,
|
|
Packit |
aea12f |
gnutls_datum_t * psk_key)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
uint16_t n_Y;
|
|
Packit |
aea12f |
size_t _n_Y;
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
ssize_t data_size = _data_size;
|
|
Packit |
aea12f |
gnutls_datum_t tmp_dh_key = {NULL, 0};
|
|
Packit |
aea12f |
gnutls_pk_params_st peer_pub;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pk_params_init(&peer_pub);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DECR_LEN(data_size, 2);
|
|
Packit |
aea12f |
n_Y = _gnutls_read_uint16(&data[0]);
|
|
Packit |
aea12f |
_n_Y = n_Y;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DECR_LEN(data_size, n_Y);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (data_size != 0)
|
|
Packit |
aea12f |
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.client_Y, &data[2], _n_Y)) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; /* most likely zero or illegal size */
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
_gnutls_dh_set_peer_public(session, session->key.proto.tls12.dh.client_Y);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
peer_pub.params[DH_Y] = session->key.proto.tls12.dh.client_Y;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* calculate the key after calculating the message */
|
|
Packit |
aea12f |
ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, &session->key.proto.tls12.dh.params, &peer_pub);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
goto error;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (psk_key == NULL) {
|
|
Packit |
aea12f |
session->key.key.data = tmp_dh_key.data;
|
|
Packit |
aea12f |
session->key.key.size = tmp_dh_key.size;
|
|
Packit |
aea12f |
} else { /* In DHE_PSK the key is set differently */
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
_gnutls_set_psk_session_key(session, psk_key,
|
|
Packit |
aea12f |
&tmp_dh_key);
|
|
Packit |
aea12f |
_gnutls_free_temp_key_datum(&tmp_dh_key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
goto error;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = 0;
|
|
Packit |
aea12f |
error:
|
|
Packit |
aea12f |
_gnutls_mpi_release(&session->key.proto.tls12.dh.client_Y);
|
|
Packit |
aea12f |
gnutls_pk_params_clear(&session->key.proto.tls12.dh.params);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_gen_dh_common_client_kx(gnutls_session_t session,
|
|
Packit |
aea12f |
gnutls_buffer_st * data)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
return _gnutls_gen_dh_common_client_kx_int(session, data, NULL);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
|
|
Packit |
aea12f |
gnutls_buffer_st * data,
|
|
Packit |
aea12f |
gnutls_datum_t * pskkey)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
gnutls_pk_params_st peer_pub;
|
|
Packit |
aea12f |
gnutls_datum_t tmp_dh_key = {NULL, 0};
|
|
Packit |
aea12f |
unsigned init_pos = data->length;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pk_params_init(&peer_pub);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
_gnutls_pk_generate_keys(GNUTLS_PK_DH, 0,
|
|
Packit |
aea12f |
&session->key.proto.tls12.dh.params, 1);
|
|
Packit |
aea12f |
if (ret < 0)
|
|
Packit |
aea12f |
return gnutls_assert_val(ret);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
_gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(session->key.proto.tls12.dh.params.params[DH_X]));
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = _gnutls_buffer_append_mpi(data, 16, session->key.proto.tls12.dh.params.params[DH_Y], 0);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
goto error;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
peer_pub.params[DH_Y] = session->key.proto.tls12.dh.client_Y;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* calculate the key after calculating the message */
|
|
Packit |
aea12f |
ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, &session->key.proto.tls12.dh.params, &peer_pub);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
goto error;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (session->security_parameters.cs->kx_algorithm != GNUTLS_KX_DHE_PSK) {
|
|
Packit |
aea12f |
session->key.key.data = tmp_dh_key.data;
|
|
Packit |
aea12f |
session->key.key.size = tmp_dh_key.size;
|
|
Packit |
aea12f |
} else { /* In DHE_PSK the key is set differently */
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
_gnutls_set_psk_session_key(session, pskkey,
|
|
Packit |
aea12f |
&tmp_dh_key);
|
|
Packit |
aea12f |
_gnutls_free_temp_key_datum(&tmp_dh_key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
goto error;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = data->length - init_pos;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
error:
|
|
Packit |
aea12f |
gnutls_pk_params_clear(&session->key.proto.tls12.dh.params);
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Returns the bytes parsed */
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_proc_dh_common_server_kx(gnutls_session_t session,
|
|
Packit |
aea12f |
uint8_t * data, size_t _data_size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
uint16_t n_Y, n_g, n_p;
|
|
Packit |
aea12f |
size_t _n_Y, _n_g, _n_p, _n_q;
|
|
Packit |
aea12f |
uint8_t *data_p;
|
|
Packit |
aea12f |
uint8_t *data_g;
|
|
Packit |
aea12f |
uint8_t *data_Y;
|
|
Packit |
aea12f |
uint8_t *data_q = NULL;
|
|
Packit |
aea12f |
int i, bits, ret, p_bits;
|
|
Packit |
aea12f |
unsigned j;
|
|
Packit |
aea12f |
ssize_t data_size = _data_size;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* just in case we are resuming a session */
|
|
Packit |
aea12f |
gnutls_pk_params_release(&session->key.proto.tls12.dh.params);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pk_params_init(&session->key.proto.tls12.dh.params);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
i = 0;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DECR_LEN(data_size, 2);
|
|
Packit |
aea12f |
n_p = _gnutls_read_uint16(&data[i]);
|
|
Packit |
aea12f |
i += 2;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DECR_LEN(data_size, n_p);
|
|
Packit |
aea12f |
data_p = &data[i];
|
|
Packit |
aea12f |
i += n_p;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DECR_LEN(data_size, 2);
|
|
Packit |
aea12f |
n_g = _gnutls_read_uint16(&data[i]);
|
|
Packit |
aea12f |
i += 2;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DECR_LEN(data_size, n_g);
|
|
Packit |
aea12f |
data_g = &data[i];
|
|
Packit |
aea12f |
i += n_g;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DECR_LEN(data_size, 2);
|
|
Packit |
aea12f |
n_Y = _gnutls_read_uint16(&data[i]);
|
|
Packit |
aea12f |
i += 2;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DECR_LEN(data_size, n_Y);
|
|
Packit |
aea12f |
data_Y = &data[i];
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
_n_Y = n_Y;
|
|
Packit |
aea12f |
_n_g = n_g;
|
|
Packit |
aea12f |
_n_p = n_p;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.client_Y, data_Y, _n_Y) != 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* if we are doing RFC7919 */
|
|
Packit |
aea12f |
if (session->internals.priorities->groups.have_ffdhe != 0) {
|
|
Packit |
aea12f |
/* verify whether the received parameters match the advertised, otherwise
|
|
Packit |
aea12f |
* log that. */
|
|
Packit |
aea12f |
for (j=0;j<session->internals.priorities->groups.size;j++) {
|
|
Packit |
aea12f |
if (session->internals.priorities->groups.entry[j]->generator &&
|
|
Packit |
aea12f |
session->internals.priorities->groups.entry[j]->generator->size == n_g &&
|
|
Packit |
aea12f |
session->internals.priorities->groups.entry[j]->prime->size == n_p &&
|
|
Packit |
aea12f |
memcmp(session->internals.priorities->groups.entry[j]->generator->data,
|
|
Packit |
aea12f |
data_g, n_g) == 0 &&
|
|
Packit |
aea12f |
memcmp(session->internals.priorities->groups.entry[j]->prime->data,
|
|
Packit |
aea12f |
data_p, n_p) == 0) {
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
session->internals.hsk_flags |= HSK_USED_FFDHE;
|
|
Packit |
aea12f |
_gnutls_session_group_set(session, session->internals.priorities->groups.entry[j]);
|
|
Packit |
aea12f |
session->key.proto.tls12.dh.params.qbits = *session->internals.priorities->groups.entry[j]->q_bits;
|
|
Packit |
aea12f |
data_q = session->internals.priorities->groups.entry[j]->q->data;
|
|
Packit |
aea12f |
_n_q = session->internals.priorities->groups.entry[j]->q->size;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (!(session->internals.hsk_flags & HSK_USED_FFDHE)) {
|
|
Packit |
aea12f |
_gnutls_audit_log(session, "FFDHE groups advertised, but server didn't support it; falling back to server's choice\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit Service |
12f666 |
#ifdef ENABLE_FIPS140
|
|
Packit Service |
12f666 |
if (gnutls_fips140_mode_enabled() &&
|
|
Packit Service |
846314 |
!_gnutls_dh_prime_match_fips_approved(data_p, n_p, data_g, n_g, NULL, NULL)) {
|
|
Packit Service |
12f666 |
gnutls_assert();
|
|
Packit Service |
12f666 |
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
|
Packit Service |
12f666 |
}
|
|
Packit Service |
12f666 |
#endif
|
|
Packit Service |
12f666 |
|
|
Packit |
aea12f |
if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.params.params[DH_G], data_g, _n_g) != 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.params.params[DH_P], data_p, _n_p) != 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
/* we release now because session->key.proto.tls12.dh.params.params_nr is not yet set */
|
|
Packit |
aea12f |
_gnutls_mpi_release(&session->key.proto.tls12.dh.params.params[DH_G]);
|
|
Packit |
aea12f |
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
if (data_q && _gnutls_mpi_init_scan_nz(
|
|
Packit |
aea12f |
&session->key.proto.tls12.dh.params.params[DH_Q],
|
|
Packit |
aea12f |
data_q, _n_q) != 0) {
|
|
Packit |
aea12f |
/* we release now because params_nr is not yet set */
|
|
Packit |
aea12f |
_gnutls_mpi_release(
|
|
Packit |
aea12f |
&session->key.proto.tls12.dh.params.params[DH_P]);
|
|
Packit |
aea12f |
_gnutls_mpi_release(
|
|
Packit |
aea12f |
&session->key.proto.tls12.dh.params.params[DH_G]);
|
|
Packit |
aea12f |
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* include, possibly empty, q */
|
|
Packit |
aea12f |
session->key.proto.tls12.dh.params.params_nr = 3;
|
|
Packit |
aea12f |
session->key.proto.tls12.dh.params.algo = GNUTLS_PK_DH;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (!(session->internals.hsk_flags & HSK_USED_FFDHE)) {
|
|
Packit |
aea12f |
bits = _gnutls_dh_get_min_prime_bits(session);
|
|
Packit |
aea12f |
if (bits < 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
return bits;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
p_bits = _gnutls_mpi_get_nbits(session->key.proto.tls12.dh.params.params[DH_P]);
|
|
Packit |
aea12f |
if (p_bits < bits) {
|
|
Packit |
aea12f |
/* the prime used by the peer is not acceptable
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
_gnutls_debug_log
|
|
Packit |
aea12f |
("Received a prime of %u bits, limit is %u\n",
|
|
Packit |
aea12f |
(unsigned) _gnutls_mpi_get_nbits(session->key.proto.tls12.dh.params.params[DH_P]),
|
|
Packit |
aea12f |
(unsigned) bits);
|
|
Packit |
aea12f |
return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (p_bits >= DEFAULT_MAX_VERIFY_BITS) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
_gnutls_debug_log
|
|
Packit |
aea12f |
("Received a prime of %u bits, limit is %u\n",
|
|
Packit |
aea12f |
(unsigned) p_bits,
|
|
Packit |
aea12f |
(unsigned) DEFAULT_MAX_VERIFY_BITS);
|
|
Packit |
aea12f |
return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
_gnutls_dh_save_group(session, session->key.proto.tls12.dh.params.params[DH_G],
|
|
Packit |
aea12f |
session->key.proto.tls12.dh.params.params[DH_P]);
|
|
Packit |
aea12f |
_gnutls_dh_set_peer_public(session, session->key.proto.tls12.dh.client_Y);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = n_Y + n_p + n_g + 6;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_dh_common_print_server_kx(gnutls_session_t session,
|
|
Packit |
aea12f |
gnutls_buffer_st * data)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
unsigned q_bits = session->key.proto.tls12.dh.params.qbits;
|
|
Packit |
aea12f |
unsigned init_pos = data->length;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (q_bits < 192 && q_bits != 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
_gnutls_debug_log("too small q_bits value for DH: %u\n", q_bits);
|
|
Packit |
aea12f |
q_bits = 0; /* auto-detect */
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Y=g^x mod p */
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
_gnutls_pk_generate_keys(GNUTLS_PK_DH, q_bits,
|
|
Packit |
aea12f |
&session->key.proto.tls12.dh.params, 1);
|
|
Packit |
aea12f |
if (ret < 0)
|
|
Packit |
aea12f |
return gnutls_assert_val(ret);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
_gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(session->key.proto.tls12.dh.params.params[DH_X]));
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = _gnutls_buffer_append_mpi(data, 16, session->key.proto.tls12.dh.params.params[DH_P], 0);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
goto cleanup;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = _gnutls_buffer_append_mpi(data, 16, session->key.proto.tls12.dh.params.params[DH_G], 0);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
goto cleanup;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = _gnutls_buffer_append_mpi(data, 16, session->key.proto.tls12.dh.params.params[DH_Y], 0);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
goto cleanup;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = data->length - init_pos;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
cleanup:
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#endif
|