search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
check for either iconv or libiconv.
[gnutls.git] / lib / auth / dh_common.c
blobbb1e217c35bf6ddeb62b048063cb6833abae90cf
1 /*
2 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 /* This file contains common stuff in Ephemeral Diffie-Hellman (DHE)
24 * and Anonymous DH key exchange(DHA). These are used in the handshake
25 * procedure of the certificate and anonymous authentication.
26 */
27
28 #include "gnutls_int.h"
29 #include "gnutls_auth.h"
30 #include "gnutls_errors.h"
31 #include "gnutls_dh.h"
32 #include "gnutls_num.h"
33 #include "gnutls_sig.h"
34 #include <gnutls_datum.h>
35 #include <gnutls_x509.h>
36 #include <gnutls_state.h>
37 #include <auth/dh_common.h>
38 #include <algorithms.h>
39 #include <auth/psk.h>
40
41 /* Frees the dh_info_st structure.
42 */
43 void
44 _gnutls_free_dh_info (dh_info_st * dh)
45 {
46 dh->secret_bits = 0;
47 _gnutls_free_datum (&dh->prime);
48 _gnutls_free_datum (&dh->generator);
49 _gnutls_free_datum (&dh->public_key);
50 }
51
52 int
53 _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
54 uint8_t * data, size_t _data_size,
55 bigint_t g, bigint_t p,
56 gnutls_datum_t* psk_key)
57 {
58 uint16_t n_Y;
59 size_t _n_Y;
60 int ret;
61 ssize_t data_size = _data_size;
62
63
64 DECR_LEN (data_size, 2);
65 n_Y = _gnutls_read_uint16 (&data[0]);
66 _n_Y = n_Y;
67
68 DECR_LEN (data_size, n_Y);
69 if (_gnutls_mpi_scan_nz (&session->key.client_Y, &data[2], _n_Y))
70 {
71 gnutls_assert ();
72 return GNUTLS_E_MPI_SCAN_FAILED;
73 }
74
75 _gnutls_dh_set_peer_public (session, session->key.client_Y);
76
77 ret =
78 gnutls_calc_dh_key (&session->key.KEY, session->key.client_Y, session->key.dh_secret, p);
79 if (ret < 0)
80 return gnutls_assert_val(ret);
81
82 _gnutls_mpi_release (&session->key.client_Y);
83 _gnutls_mpi_release (&session->key.dh_secret);
84
85
86 if (psk_key == NULL)
87 {
88 ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
89 }
90 else /* In DHE_PSK the key is set differently */
91 {
92 gnutls_datum_t tmp_dh_key;
93 ret = _gnutls_mpi_dprint (session->key.KEY, &tmp_dh_key);
94 if (ret < 0)
95 {
96 gnutls_assert ();
97 return ret;
98 }
99
100 ret = _gnutls_set_psk_session_key (session, psk_key, &tmp_dh_key);
101 _gnutls_free_datum (&tmp_dh_key);
102
103 }
104
105 _gnutls_mpi_release (&session->key.KEY);
106
107 if (ret < 0)
108 {
109 return ret;
110 }
111
112 return 0;
113 }
114
115 int _gnutls_gen_dh_common_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
116 {
117 return _gnutls_gen_dh_common_client_kx_int(session, data, NULL);
118 }
119
120 int
121 _gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, gnutls_buffer_st* data, gnutls_datum_t* pskkey)
122 {
123 bigint_t x = NULL, X = NULL;
124 int ret;
125
126 ret = gnutls_calc_dh_secret (&X, &x, session->key.client_g,
127 session->key.client_p, 0);
128 if (ret < 0)
129 {
130 gnutls_assert ();
131 goto error;
132 }
133
134 _gnutls_dh_set_secret_bits (session, _gnutls_mpi_get_nbits (x));
135
136 ret = _gnutls_buffer_append_mpi( data, 16, X, 0);
137 if (ret < 0)
138 {
139 gnutls_assert();
140 goto error;
141 }
142
143 /* calculate the key after calculating the message */
144 ret =
145 gnutls_calc_dh_key (&session->key.KEY, session->key.client_Y, x, session->key.client_p);
146 if (ret < 0)
147 {
148 gnutls_assert();
149 goto error;
150 }
151
152 /* THESE SHOULD BE DISCARDED */
153 _gnutls_mpi_release (&session->key.client_Y);
154 _gnutls_mpi_release (&session->key.client_p);
155 _gnutls_mpi_release (&session->key.client_g);
156
157 if (_gnutls_cipher_suite_get_kx_algo
158 (session->security_parameters.cipher_suite)
159 != GNUTLS_KX_DHE_PSK)
160 {
161 ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
162 }
163 else /* In DHE_PSK the key is set differently */
164 {
165 gnutls_datum_t tmp_dh_key;
166
167 ret = _gnutls_mpi_dprint (session->key.KEY, &tmp_dh_key);
168 if (ret < 0)
169 {
170 gnutls_assert ();
171 goto error;
172 }
173
174 ret = _gnutls_set_psk_session_key (session, pskkey, &tmp_dh_key);
175 _gnutls_free_datum (&tmp_dh_key);
176 }
177
178 _gnutls_mpi_release (&session->key.KEY);
179
180 if (ret < 0)
181 {
182 gnutls_assert ();
183 goto error;
184 }
185
186 ret = data->length;
187
188 error:
189 _gnutls_mpi_release (&x);
190 _gnutls_mpi_release (&X);
191 return ret;
192 }
193
194 /* Returns the bytes parsed */
195 int
196 _gnutls_proc_dh_common_server_kx (gnutls_session_t session,
197 uint8_t * data, size_t _data_size)
198 {
199 uint16_t n_Y, n_g, n_p;
200 size_t _n_Y, _n_g, _n_p;
201 uint8_t *data_p;
202 uint8_t *data_g;
203 uint8_t *data_Y;
204 int i, bits, ret;
205 ssize_t data_size = _data_size;
206
207 i = 0;
208
209 DECR_LEN (data_size, 2);
210 n_p = _gnutls_read_uint16 (&data[i]);
211 i += 2;
212
213 DECR_LEN (data_size, n_p);
214 data_p = &data[i];
215 i += n_p;
216
217 DECR_LEN (data_size, 2);
218 n_g = _gnutls_read_uint16 (&data[i]);
219 i += 2;
220
221 DECR_LEN (data_size, n_g);
222 data_g = &data[i];
223 i += n_g;
224
225 DECR_LEN (data_size, 2);
226 n_Y = _gnutls_read_uint16 (&data[i]);
227 i += 2;
228
229 DECR_LEN (data_size, n_Y);
230 data_Y = &data[i];
231
232 _n_Y = n_Y;
233 _n_g = n_g;
234 _n_p = n_p;
235
236 if (_gnutls_mpi_scan_nz (&session->key.client_Y, data_Y, _n_Y) != 0)
237 {
238 gnutls_assert ();
239 return GNUTLS_E_MPI_SCAN_FAILED;
240 }
241
242 if (_gnutls_mpi_scan_nz (&session->key.client_g, data_g, _n_g) != 0)
243 {
244 gnutls_assert ();
245 return GNUTLS_E_MPI_SCAN_FAILED;
246 }
247 if (_gnutls_mpi_scan_nz (&session->key.client_p, data_p, _n_p) != 0)
248 {
249 gnutls_assert ();
250 return GNUTLS_E_MPI_SCAN_FAILED;
251 }
252
253 bits = _gnutls_dh_get_allowed_prime_bits (session);
254 if (bits < 0)
255 {
256 gnutls_assert ();
257 return bits;
258 }
259
260 if (_gnutls_mpi_get_nbits (session->key.client_p) < (size_t) bits)
261 {
262 /* the prime used by the peer is not acceptable
263 */
264 gnutls_assert ();
265 return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
266 }
267
268 _gnutls_dh_set_group (session, session->key.client_g,
269 session->key.client_p);
270 _gnutls_dh_set_peer_public (session, session->key.client_Y);
271
272 ret = n_Y + n_p + n_g + 6;
273
274 return ret;
275 }
276
277 int
278 _gnutls_dh_common_print_server_kx (gnutls_session_t session,
279 bigint_t g, bigint_t p, unsigned int q_bits,
280 gnutls_buffer_st* data)
281 {
282 bigint_t x, Y;
283 int ret;
284
285 /* Y=g^x mod p */
286 ret = gnutls_calc_dh_secret (&Y, &x, g, p, q_bits);
287 if (ret < 0)
288 {
289 gnutls_assert ();
290 return ret;
291 }
292
293 session->key.dh_secret = x;
294 _gnutls_dh_set_secret_bits (session, _gnutls_mpi_get_nbits (x));
295
296 ret = _gnutls_buffer_append_mpi(data, 16, p, 0);
297 if (ret < 0)
298 {
299 gnutls_assert();
300 goto cleanup;
301 }
302
303 ret = _gnutls_buffer_append_mpi(data, 16, g, 0);
304 if (ret < 0)
305 {
306 gnutls_assert();
307 goto cleanup;
308 }
309
310 ret = _gnutls_buffer_append_mpi(data, 16, Y, 0);
311 if (ret < 0)
312 {
313 gnutls_assert();
314 goto cleanup;
315 }
316
317 ret = data->length;
318 cleanup:
319 _gnutls_mpi_release (&Y);
320
321 return ret;
322 }
Implementation of the SSL/TLS protocol