source-git / gnutls

Clone
Source Code
GIT

Blame lib/auth/dhe_psk.c

c8 c8s master
  1.   4684c19e6b623dac0517d3f3ac8f576d6fbfd0bb
  2.   lib
  3.   auth
  4.   dhe_psk.c
Blob History Raw
Packit Service 4684c1 
/*
Packit Service 4684c1 
 * Copyright (C) 2005-2012 Free Software Foundation, Inc.
Packit Service 4684c1 
 * Copyright (C) 2017 Red Hat, Inc.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Author: Nikos Mavrogiannopoulos
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This file is part of GnuTLS.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * The GnuTLS is free software; you can redistribute it and/or
Packit Service 4684c1 
 * modify it under the terms of the GNU Lesser General Public License
Packit Service 4684c1 
 * as published by the Free Software Foundation; either version 2.1 of
Packit Service 4684c1 
 * the License, or (at your option) any later version.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This library is distributed in the hope that it will be useful, but
Packit Service 4684c1 
 * WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 4684c1 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit Service 4684c1 
 * Lesser General Public License for more details.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * You should have received a copy of the GNU Lesser General Public License
Packit Service 4684c1 
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
Packit Service 4684c1 
 *
Packit Service 4684c1 
 */
Packit Service 4684c1
Packit Service 4684c1 
/* This file contains the PSK Diffie-Hellman key exchange part of the
Packit Service 4684c1 
 * PSK authentication.  The functions here are used in the handshake.
Packit Service 4684c1 
 */
Packit Service 4684c1
Packit Service 4684c1 
#include "gnutls_int.h"
Packit Service 4684c1
Packit Service 4684c1 
#ifdef ENABLE_PSK
Packit Service 4684c1
Packit Service 4684c1 
/* Contains PSK code for DHE and ECDHE
Packit Service 4684c1 
 */
Packit Service 4684c1
Packit Service 4684c1 
#include "auth.h"
Packit Service 4684c1 
#include "errors.h"
Packit Service 4684c1 
#include "dh.h"
Packit Service 4684c1 
#include <auth/psk.h>
Packit Service 4684c1 
#include "num.h"
Packit Service 4684c1 
#include "mpi.h"
Packit Service 4684c1 
#include <state.h>
Packit Service 4684c1 
#include <auth/dh_common.h>
Packit Service 4684c1 
#include <auth/ecdhe.h>
Packit Service 4684c1 
#include <datum.h>
Packit Service 4684c1 
#include <auth/psk_passwd.h>
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
Packit Service 4684c1 
			 size_t _data_size);
Packit Service 4684c1 
static int gen_dhe_psk_server_kx(gnutls_session_t, gnutls_buffer_st *);
Packit Service 4684c1 
static int gen_dhe_psk_client_kx(gnutls_session_t, gnutls_buffer_st *);
Packit Service 4684c1 
static int gen_ecdhe_psk_client_kx(gnutls_session_t, gnutls_buffer_st *);
Packit Service 4684c1 
static int proc_ecdhe_psk_client_kx(gnutls_session_t, uint8_t *, size_t);
Packit Service 4684c1 
static int proc_dhe_psk_server_kx(gnutls_session_t, uint8_t *, size_t);
Packit Service 4684c1 
static int gen_ecdhe_psk_server_kx(gnutls_session_t session,
Packit Service 4684c1 
				   gnutls_buffer_st * data);
Packit Service 4684c1 
static int proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
Packit Service 4684c1 
				  size_t _data_size);
Packit Service 4684c1 
#ifdef ENABLE_DHE
Packit Service 4684c1 
const mod_auth_st dhe_psk_auth_struct = {
Packit Service 4684c1 
	"DHE PSK",
Packit Service 4684c1 
	NULL,
Packit Service 4684c1 
	NULL,
Packit Service 4684c1 
	gen_dhe_psk_server_kx,
Packit Service 4684c1 
	gen_dhe_psk_client_kx,
Packit Service 4684c1 
	NULL,
Packit Service 4684c1 
	NULL,
Packit Service 4684c1
Packit Service 4684c1 
	NULL,
Packit Service 4684c1 
	NULL,			/* certificate */
Packit Service 4684c1 
	proc_dhe_psk_server_kx,
Packit Service 4684c1 
	proc_dhe_psk_client_kx,
Packit Service 4684c1 
	NULL,
Packit Service 4684c1 
	NULL
Packit Service 4684c1 
};
Packit Service 4684c1 
#endif
Packit Service 4684c1
Packit Service 4684c1 
#ifdef ENABLE_ECDHE
Packit Service 4684c1 
const mod_auth_st ecdhe_psk_auth_struct = {
Packit Service 4684c1 
	"ECDHE PSK",
Packit Service 4684c1 
	NULL,
Packit Service 4684c1 
	NULL,
Packit Service 4684c1 
	gen_ecdhe_psk_server_kx,
Packit Service 4684c1 
	gen_ecdhe_psk_client_kx,
Packit Service 4684c1 
	NULL,
Packit Service 4684c1 
	NULL,
Packit Service 4684c1
Packit Service 4684c1 
	NULL,
Packit Service 4684c1 
	NULL,			/* certificate */
Packit Service 4684c1 
	proc_ecdhe_psk_server_kx,
Packit Service 4684c1 
	proc_ecdhe_psk_client_kx,
Packit Service 4684c1 
	NULL,
Packit Service 4684c1 
	NULL
Packit Service 4684c1 
};
Packit Service 4684c1 
#endif
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret, free;
Packit Service 4684c1 
	gnutls_psk_client_credentials_t cred;
Packit Service 4684c1 
	gnutls_datum_t username, key;
Packit Service 4684c1 
	unsigned init_pos = data->length;
Packit Service 4684c1
Packit Service 4684c1 
	cred = (gnutls_psk_client_credentials_t)
Packit Service 4684c1 
	    _gnutls_get_cred(session, GNUTLS_CRD_PSK);
Packit Service 4684c1
Packit Service 4684c1 
	if (cred == NULL)
Packit Service 4684c1 
		return
Packit Service 4684c1 
		    gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
Packit Service 4684c1
Packit Service 4684c1 
	ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
Packit Service 4684c1 
	if (ret < 0)
Packit Service 4684c1 
		return gnutls_assert_val(ret);
Packit Service 4684c1
Packit Service 4684c1 
	ret =
Packit Service 4684c1 
	    _gnutls_buffer_append_data_prefix(data, 16, username.data,
Packit Service 4684c1 
					      username.size);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		goto cleanup;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	/* The PSK key is set in there */
Packit Service 4684c1 
	ret = _gnutls_gen_ecdh_common_client_kx_int(session, data, &key);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		goto cleanup;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = data->length - init_pos;
Packit Service 4684c1
Packit Service 4684c1 
      cleanup:
Packit Service 4684c1 
	if (free) {
Packit Service 4684c1 
		_gnutls_free_datum(&username);
Packit Service 4684c1 
		_gnutls_free_temp_key_datum(&key);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	return ret;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret, free;
Packit Service 4684c1 
	gnutls_psk_client_credentials_t cred;
Packit Service 4684c1 
	gnutls_datum_t username, key;
Packit Service 4684c1 
	unsigned init_pos = data->length;
Packit Service 4684c1
Packit Service 4684c1 
	cred = (gnutls_psk_client_credentials_t)
Packit Service 4684c1 
	    _gnutls_get_cred(session, GNUTLS_CRD_PSK);
Packit Service 4684c1
Packit Service 4684c1 
	if (cred == NULL)
Packit Service 4684c1 
		return
Packit Service 4684c1 
		    gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
Packit Service 4684c1
Packit Service 4684c1 
	ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
Packit Service 4684c1 
	if (ret < 0)
Packit Service 4684c1 
		return gnutls_assert_val(ret);
Packit Service 4684c1
Packit Service 4684c1 
	ret =
Packit Service 4684c1 
	    _gnutls_buffer_append_data_prefix(data, 16, username.data,
Packit Service 4684c1 
					      username.size);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		goto cleanup;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	/* The PSK key is set in there */
Packit Service 4684c1 
	ret = _gnutls_gen_dh_common_client_kx_int(session, data, &key);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		goto cleanup;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = data->length - init_pos;
Packit Service 4684c1
Packit Service 4684c1 
      cleanup:
Packit Service 4684c1 
	if (free) {
Packit Service 4684c1 
		_gnutls_free_datum(&username);
Packit Service 4684c1 
		_gnutls_free_temp_key_datum(&key);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	return ret;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
gen_dhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret;
Packit Service 4684c1 
	gnutls_psk_server_credentials_t cred;
Packit Service 4684c1 
	gnutls_datum_t hint = {NULL, 0};
Packit Service 4684c1
Packit Service 4684c1 
	cred = (gnutls_psk_server_credentials_t)
Packit Service 4684c1 
	    _gnutls_get_cred(session, GNUTLS_CRD_PSK);
Packit Service 4684c1 
	if (cred == NULL) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	if ((ret =
Packit Service 4684c1 
	     _gnutls_auth_info_init(session, GNUTLS_CRD_PSK,
Packit Service 4684c1 
				   sizeof(psk_auth_info_st), 1)) < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return ret;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret =
Packit Service 4684c1 
	    _gnutls_figure_dh_params(session, cred->dh_params, cred->params_func, cred->dh_sec_param);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return ret;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	if (cred->hint) {
Packit Service 4684c1 
		hint.data = (uint8_t *) cred->hint;
Packit Service 4684c1 
		hint.size = strlen(cred->hint);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = _gnutls_buffer_append_data_prefix(data, 16, hint.data, hint.size);
Packit Service 4684c1 
	if (ret < 0)
Packit Service 4684c1 
		return gnutls_assert_val(ret);
Packit Service 4684c1
Packit Service 4684c1 
	ret =
Packit Service 4684c1 
	    _gnutls_dh_common_print_server_kx(session, data);
Packit Service 4684c1 
	if (ret < 0)
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1
Packit Service 4684c1 
	return ret;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret;
Packit Service 4684c1 
	gnutls_psk_server_credentials_t cred;
Packit Service 4684c1 
	gnutls_datum_t hint = {NULL, 0};
Packit Service 4684c1
Packit Service 4684c1 
	if ((ret =
Packit Service 4684c1 
	     _gnutls_auth_info_init(session, GNUTLS_CRD_PSK,
Packit Service 4684c1 
				   sizeof(psk_auth_info_st), 1)) < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return ret;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	cred = (gnutls_psk_server_credentials_t)
Packit Service 4684c1 
	    _gnutls_get_cred(session, GNUTLS_CRD_PSK);
Packit Service 4684c1
Packit Service 4684c1 
	if (cred == NULL) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	if (cred->hint) {
Packit Service 4684c1 
		hint.data = (uint8_t *) cred->hint;
Packit Service 4684c1 
		hint.size = strlen(cred->hint);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = _gnutls_buffer_append_data_prefix(data, 16, hint.data, hint.size);
Packit Service 4684c1 
	if (ret < 0)
Packit Service 4684c1 
		return gnutls_assert_val(ret);
Packit Service 4684c1
Packit Service 4684c1 
	ret = _gnutls_ecdh_common_print_server_kx(session, data,
Packit Service 4684c1 
						  get_group
Packit Service 4684c1 
						  (session));
Packit Service 4684c1 
	if (ret < 0)
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1
Packit Service 4684c1 
	return ret;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
Packit Service 4684c1 
		       size_t _data_size)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret;
Packit Service 4684c1 
	gnutls_datum_t psk_key;
Packit Service 4684c1 
	gnutls_psk_server_credentials_t cred;
Packit Service 4684c1 
	psk_auth_info_t info;
Packit Service 4684c1 
	gnutls_datum_t username;
Packit Service 4684c1 
	ssize_t data_size = _data_size;
Packit Service 4684c1
Packit Service 4684c1 
	cred = (gnutls_psk_server_credentials_t)
Packit Service 4684c1 
	    _gnutls_get_cred(session, GNUTLS_CRD_PSK);
Packit Service 4684c1
Packit Service 4684c1 
	if (cred == NULL) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	if ((ret =
Packit Service 4684c1 
	     _gnutls_auth_info_init(session, GNUTLS_CRD_PSK,
Packit Service 4684c1 
				   sizeof(psk_auth_info_st), 1)) < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return ret;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	DECR_LEN(data_size, 2);
Packit Service 4684c1 
	username.size = _gnutls_read_uint16(&data[0]);
Packit Service 4684c1
Packit Service 4684c1 
	DECR_LEN(data_size, username.size);
Packit Service 4684c1
Packit Service 4684c1 
	username.data = &data[2];
Packit Service 4684c1
Packit Service 4684c1 
	/* copy the username to the auth info structures
Packit Service 4684c1 
	 */
Packit Service 4684c1 
	info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
Packit Service 4684c1 
	if (info == NULL) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return GNUTLS_E_INTERNAL_ERROR;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	if (username.size > MAX_USERNAME_SIZE) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return GNUTLS_E_ILLEGAL_SRP_USERNAME;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	_gnutls_copy_psk_username(info, &username);
Packit Service 4684c1
Packit Service 4684c1 
	/* Adjust the data */
Packit Service 4684c1 
	data += username.size + 2;
Packit Service 4684c1
Packit Service 4684c1 
	ret =
Packit Service 4684c1 
	    _gnutls_psk_pwd_find_entry(session, info->username, info->username_len, &psk_key);
Packit Service 4684c1 
	if (ret < 0)
Packit Service 4684c1 
		return gnutls_assert_val(ret);
Packit Service 4684c1
Packit Service 4684c1 
	ret = _gnutls_proc_dh_common_client_kx(session, data, data_size,
Packit Service 4684c1 
					       &psk_key);
Packit Service 4684c1
Packit Service 4684c1 
	_gnutls_free_key_datum(&psk_key);
Packit Service 4684c1
Packit Service 4684c1 
	return ret;
Packit Service 4684c1
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
Packit Service 4684c1 
			 size_t _data_size)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret;
Packit Service 4684c1 
	gnutls_psk_server_credentials_t cred;
Packit Service 4684c1 
	gnutls_datum_t psk_key;
Packit Service 4684c1 
	psk_auth_info_t info;
Packit Service 4684c1 
	gnutls_datum_t username;
Packit Service 4684c1 
	ssize_t data_size = _data_size;
Packit Service 4684c1
Packit Service 4684c1 
	cred = (gnutls_psk_server_credentials_t)
Packit Service 4684c1 
	    _gnutls_get_cred(session, GNUTLS_CRD_PSK);
Packit Service 4684c1
Packit Service 4684c1 
	if (cred == NULL) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	if ((ret =
Packit Service 4684c1 
	     _gnutls_auth_info_init(session, GNUTLS_CRD_PSK,
Packit Service 4684c1 
				   sizeof(psk_auth_info_st), 1)) < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return ret;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	DECR_LEN(data_size, 2);
Packit Service 4684c1 
	username.size = _gnutls_read_uint16(&data[0]);
Packit Service 4684c1
Packit Service 4684c1 
	DECR_LEN(data_size, username.size);
Packit Service 4684c1
Packit Service 4684c1 
	username.data = &data[2];
Packit Service 4684c1
Packit Service 4684c1 
	/* copy the username to the auth info structures
Packit Service 4684c1 
	 */
Packit Service 4684c1 
	info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
Packit Service 4684c1 
	if (info == NULL) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return GNUTLS_E_INTERNAL_ERROR;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1
Packit Service 4684c1 
	if (username.size > MAX_USERNAME_SIZE) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return GNUTLS_E_ILLEGAL_SRP_USERNAME;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	_gnutls_copy_psk_username(info, &username);
Packit Service 4684c1
Packit Service 4684c1 
	/* Adjust the data */
Packit Service 4684c1 
	data += username.size + 2;
Packit Service 4684c1
Packit Service 4684c1 
	/* should never fail. It will always return a key even if it is
Packit Service 4684c1 
	 * a random one */
Packit Service 4684c1 
	ret =
Packit Service 4684c1 
	    _gnutls_psk_pwd_find_entry(session, info->username, info->username_len, &psk_key);
Packit Service 4684c1 
	if (ret < 0)
Packit Service 4684c1 
		return gnutls_assert_val(ret);
Packit Service 4684c1
Packit Service 4684c1 
	ret = _gnutls_proc_ecdh_common_client_kx(session, data, data_size,
Packit Service 4684c1 
						 get_group
Packit Service 4684c1 
						 (session), &psk_key);
Packit Service 4684c1
Packit Service 4684c1 
	_gnutls_free_key_datum(&psk_key);
Packit Service 4684c1
Packit Service 4684c1 
	return ret;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int copy_hint(gnutls_session_t session, gnutls_datum_t *hint)
Packit Service 4684c1 
{
Packit Service 4684c1 
	psk_auth_info_t info;
Packit Service 4684c1
Packit Service 4684c1 
	/* copy the hint to the auth info structures
Packit Service 4684c1 
	 */
Packit Service 4684c1 
	info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
Packit Service 4684c1 
	if (info == NULL) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return GNUTLS_E_INTERNAL_ERROR;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	if (hint->size > MAX_USERNAME_SIZE) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return GNUTLS_E_ILLEGAL_SRP_USERNAME;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	memcpy(info->hint, hint->data, hint->size);
Packit Service 4684c1 
	info->hint[hint->size] = 0;
Packit Service 4684c1
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
proc_dhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
Packit Service 4684c1 
		       size_t _data_size)
Packit Service 4684c1 
{
Packit Service 4684c1
Packit Service 4684c1 
	int ret;
Packit Service 4684c1 
	ssize_t data_size = _data_size;
Packit Service 4684c1 
	gnutls_datum_t hint;
Packit Service 4684c1
Packit Service 4684c1 
	/* set auth_info */
Packit Service 4684c1 
	if ((ret =
Packit Service 4684c1 
	     _gnutls_auth_info_init(session, GNUTLS_CRD_PSK,
Packit Service 4684c1 
				   sizeof(psk_auth_info_st), 1)) < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return ret;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	DECR_LEN(data_size, 2);
Packit Service 4684c1
Packit Service 4684c1 
	hint.size = _gnutls_read_uint16(&data[0]);
Packit Service 4684c1 
	hint.data = &data[2];
Packit Service 4684c1
Packit Service 4684c1 
	DECR_LEN(data_size, hint.size);
Packit Service 4684c1 
	data += 2 + hint.size;
Packit Service 4684c1
Packit Service 4684c1 
	ret = _gnutls_proc_dh_common_server_kx(session, data, data_size);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return ret;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = copy_hint(session, &hint);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return ret;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
Packit Service 4684c1 
			 size_t _data_size)
Packit Service 4684c1 
{
Packit Service 4684c1
Packit Service 4684c1 
	int ret;
Packit Service 4684c1 
	ssize_t data_size = _data_size;
Packit Service 4684c1 
	gnutls_datum_t hint;
Packit Service 4684c1
Packit Service 4684c1 
	/* set auth_info */
Packit Service 4684c1 
	if ((ret =
Packit Service 4684c1 
	     _gnutls_auth_info_init(session, GNUTLS_CRD_PSK,
Packit Service 4684c1 
				   sizeof(psk_auth_info_st), 1)) < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return ret;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	DECR_LEN(data_size, 2);
Packit Service 4684c1
Packit Service 4684c1 
	hint.size = _gnutls_read_uint16(&data[0]);
Packit Service 4684c1 
	hint.data = &data[2];
Packit Service 4684c1
Packit Service 4684c1 
	DECR_LEN(data_size, hint.size);
Packit Service 4684c1 
	data += 2 + hint.size;
Packit Service 4684c1
Packit Service 4684c1 
	ret = _gnutls_proc_ecdh_common_server_kx(session, data, data_size);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return ret;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = copy_hint(session, &hint);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		gnutls_assert();
Packit Service 4684c1 
		return ret;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
#endif				/* ENABLE_PSK */

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation