diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-12-01 21:47:03 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-12-01 21:47:03 +0000 |
commit | 85088089b0982015ee1feccecb5fafdf8f717ebc (patch) | |
tree | 69de94d4d8e55f2eab89527aca047c0fe17da74c | |
parent | 648adb7f12bea73c169088d00b1f3261e1ebff80 (diff) | |
download | gnutls-85088089b0982015ee1feccecb5fafdf8f717ebc.tar.gz |
Added the function gnutls_srp_server_set_credentials_function()
to allow retrieving SRP parameters from an external backend - other
than password files.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | doc/tex/ex-pgp-keyserver.tex | 6 | ||||
-rw-r--r-- | includes/gnutls/extra.h | 10 | ||||
-rw-r--r-- | lib/gnutls_dh.h | 2 | ||||
-rw-r--r-- | lib/gnutls_dh_primes.c | 32 | ||||
-rw-r--r-- | libextra/auth_srp.c | 71 | ||||
-rw-r--r-- | libextra/auth_srp.h | 36 | ||||
-rw-r--r-- | libextra/auth_srp_passwd.c | 169 | ||||
-rw-r--r-- | libextra/auth_srp_passwd.h | 18 | ||||
-rw-r--r-- | libextra/gnutls_openpgp.c | 12 | ||||
-rw-r--r-- | libextra/gnutls_srp.c | 38 | ||||
-rw-r--r-- | libextra/gnutls_srp.h | 3 | ||||
-rw-r--r-- | src/common.c | 5 |
13 files changed, 206 insertions, 199 deletions
@@ -9,6 +9,9 @@ Version 0.5.12 gnutls_srp_verifier() gnutls_srp_base64_encode() gnutls_srp_base64_decode() +- Added the function gnutls_srp_server_set_credentials_function() + to allow retrieving SRP parameters from an external backend - other + than password files. - Added the function gnutls_openpgp_set_recv_key_function() which can be used to set a callback, to get OpenPGP keys. diff --git a/doc/tex/ex-pgp-keyserver.tex b/doc/tex/ex-pgp-keyserver.tex index 4d55e36699..b94dc7e557 100644 --- a/doc/tex/ex-pgp-keyserver.tex +++ b/doc/tex/ex-pgp-keyserver.tex @@ -46,7 +46,11 @@ recv_openpgp_key(const unsigned char *keyfpr, unsigned int unsigned char *buf = cdk_calloc( 1, 20001 ); size_t len = 20000; cdk_kbnode_write_to_mem( knode, buf, &len); - datum_append( key, buf, len ); + + key->data = malloc( len); + if (key->data==NULL) return -1; + memcpy( key->data, buf, len); + cdk_free( buf ); } cdk_kbnode_release( knode ); diff --git a/includes/gnutls/extra.h b/includes/gnutls/extra.h index 4499199588..10dc614558 100644 --- a/includes/gnutls/extra.h +++ b/includes/gnutls/extra.h @@ -50,6 +50,16 @@ int gnutls_srp_verifier( char* username, char* password, const gnutls_datum *sal const gnutls_datum* g, const gnutls_datum* n, gnutls_datum * res); +typedef int gnutls_srp_server_credentials_function( + gnutls_session, + char* username, gnutls_datum* salt, + gnutls_datum* verifier, gnutls_datum* generator, + gnutls_datum* prime +); + +void gnutls_srp_server_set_credentials_function( + gnutls_srp_server_credentials, + gnutls_srp_server_credentials_function *); /* Openpgp certificate stuff */ int gnutls_openpgp_fingerprint( const gnutls_datum* data, char* result, size_t* result_size); diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h index aff0144ace..5a455df188 100644 --- a/lib/gnutls_dh.h +++ b/lib/gnutls_dh.h @@ -24,6 +24,6 @@ MPI gnutls_calc_dh_key( MPI f, MPI x, MPI prime ); int _gnutls_dh_generate_prime(MPI *ret_g, MPI* ret_n, int bits); void _gnutls_dh_clear_mpis(void); int _gnutls_dh_calc_mpis(void); -MPI _gnutls_get_rnd_srp_params( MPI * ret_p, int bits); +int _gnutls_get_rnd_srp_params(gnutls_datum *g, gnutls_datum* p, int bits); extern _gnutls_dh_params _gnutls_dh_default_params; diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index e89a224998..9eda417692 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -420,42 +420,42 @@ GNUTLS_MPI gnutls_get_dh_params(gnutls_dh_params dh_primes, /* returns g and p, depends on the requested bits. * We only support limited key sizes. */ -GNUTLS_MPI _gnutls_get_rnd_srp_params(GNUTLS_MPI * ret_p, int bits) +int _gnutls_get_rnd_srp_params(gnutls_datum *g, gnutls_datum* p, int bits) { - GNUTLS_MPI g = NULL, prime = NULL; int i; if (_gnutls_dh_default_params == NULL) { gnutls_assert(); - return NULL; + return GNUTLS_E_INTERNAL_ERROR; } + g->data = p->data = NULL; + g->size = p->size = 0; + bits = normalize_bits(bits); i = 0; do { if (_gnutls_dh_default_params[i].bits == bits) { - prime = - _gnutls_mpi_copy(_gnutls_dh_default_params[i]. - _prime); - g = _gnutls_mpi_copy(_gnutls_dh_default_params[i]. - _generator); + gnutls_set_datum( p, _gnutls_dh_default_params[i].prime.data, + _gnutls_dh_default_params[i].prime.size); + + gnutls_set_datum( g, _gnutls_dh_default_params[i].generator.data, + _gnutls_dh_default_params[i].generator.size); + break; } i++; } while (_gnutls_dh_default_params[i].bits != 0); - if (prime == NULL || g == NULL) { /* if not prime was found */ + if (g->data == NULL || p->data == NULL) { gnutls_assert(); - _gnutls_mpi_release(&g); - _gnutls_mpi_release(&prime); - *ret_p = NULL; - return NULL; + gnutls_free_datum(&g); + gnutls_free_datum(&p); + return GNUTLS_E_INTERNAL_ERROR; } - if (ret_p) - *ret_p = prime; - return g; + return 0; } /* These should be added in gcrypt.h */ diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c index 7d01073222..0de75db090 100644 --- a/libextra/auth_srp.c +++ b/libextra/auth_srp.c @@ -31,6 +31,7 @@ #include "gnutls_num.h" #include "auth_srp.h" #include <gnutls_str.h> +#include <gnutls_datum.h> int _gnutls_gen_srp_server_kx2(gnutls_session, opaque **); int _gnutls_gen_srp_client_kx0(gnutls_session, opaque **); @@ -74,11 +75,10 @@ const MOD_AUTH_STRUCT srp_auth_struct = { */ int _gnutls_gen_srp_server_hello(gnutls_session state, opaque * data, size_t _data_size) { - size_t n_g, n_n, n_s; int ret; uint8 *data_n, *data_s; uint8 *data_g, *username; - GNUTLS_SRP_PWD_ENTRY *pwd_entry; + SRP_PWD_ENTRY *pwd_entry; int err; SRP_SERVER_AUTH_INFO info; ssize_t data_size = _data_size; @@ -96,39 +96,35 @@ int _gnutls_gen_srp_server_hello(gnutls_session state, opaque * data, size_t _da pwd_entry = _gnutls_srp_pwd_read_entry( state, username, &err); if (pwd_entry == NULL) { - if (err==0) + if (err==0) { + gnutls_assert(); /* in order to avoid informing the peer that * username does not exist. */ pwd_entry = _gnutls_randomize_pwd_entry(); - else + } else { return GNUTLS_E_PWD_ERROR; + } } - if (_gnutls_mpi_print( NULL, &n_g, pwd_entry->g)!=0) { + /* copy from pwd_entry to local variables (actually in state) */ + if (_gnutls_mpi_scan( &G, pwd_entry->g.data, &pwd_entry->g.size) < 0) { gnutls_assert(); - return GNUTLS_E_MPI_PRINT_FAILED; + return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_print( NULL, &n_n, pwd_entry->n)!=0) { + + if (_gnutls_mpi_scan( &N, pwd_entry->n.data, &pwd_entry->n.size) < 0) { gnutls_assert(); - return GNUTLS_E_MPI_PRINT_FAILED; + return GNUTLS_E_MPI_SCAN_FAILED; } - - /* copy from pwd_entry to local variables (actually in state) */ - G = _gnutls_mpi_alloc_like(pwd_entry->g); - N = _gnutls_mpi_alloc_like(pwd_entry->n); - V = _gnutls_mpi_alloc_like(pwd_entry->v); - if (G==NULL || N == NULL || V == NULL) { + if (_gnutls_mpi_scan( &V, pwd_entry->v.data, &pwd_entry->v.size) < 0) { gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MPI_SCAN_FAILED; } - _gnutls_mpi_set(G, pwd_entry->g); - _gnutls_mpi_set(N, pwd_entry->n); - _gnutls_mpi_set(V, pwd_entry->v); - - if ((size_t)data_size < n_n + n_g + pwd_entry->salt_size + 5) { + if ((size_t)data_size < pwd_entry->n.size + + pwd_entry->g.size + pwd_entry->salt.size + 5) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } @@ -137,33 +133,20 @@ int _gnutls_gen_srp_server_hello(gnutls_session state, opaque * data, size_t _da */ data_s = data; - n_s = pwd_entry->salt_size; - memcpy(&data_s[1], pwd_entry->salt, n_s); - - data_s[0] = (uint8) n_s; + _gnutls_write_datum8( data_s, pwd_entry->salt); /* copy N (mod n) */ - data_n = &data_s[1 + n_s]; - - if (_gnutls_mpi_print( &data_n[2], &n_n, N)!=0) { - gnutls_assert(); - return GNUTLS_E_MPI_PRINT_FAILED; - } - - _gnutls_write_uint16( n_n, data_n); + data_n = &data_s[1 + pwd_entry->salt.size]; + _gnutls_write_datum16( data_n, pwd_entry->n); - data_g = &data_n[2 + n_n]; + data_g = &data_n[2 + pwd_entry->n.size]; /* copy G (generator) to data */ + _gnutls_write_datum16( data_g, pwd_entry->g); - if(_gnutls_mpi_print( &data_g[2], &n_g, G)!=0) { - gnutls_assert(); - return GNUTLS_E_MPI_PRINT_FAILED; - } - - _gnutls_write_uint16( n_g, data_g); - ret = n_g + n_n + pwd_entry->salt_size + 5; + ret = pwd_entry->g.size + pwd_entry->n.size + + pwd_entry->salt.size + 5; _gnutls_srp_clear_pwd_entry( pwd_entry); return ret; @@ -183,8 +166,10 @@ int _gnutls_gen_srp_server_kx2(gnutls_session state, opaque ** data) return GNUTLS_E_MEMORY_ERROR; } - if (_gnutls_mpi_print( NULL, &n_b, B)!=0) + if (_gnutls_mpi_print( NULL, &n_b, B)!=0) { + gnutls_assert(); return GNUTLS_E_MPI_PRINT_FAILED; + } (*data) = gnutls_malloc(n_b + 2); if ( (*data) == NULL) { @@ -224,8 +209,10 @@ int _gnutls_gen_srp_server_kx2(gnutls_session state, opaque ** data) ret = _gnutls_generate_key( state->key); _gnutls_mpi_release( &S); - if (ret < 0) + if (ret < 0) { + gnutls_assert(); return ret; + } return n_b + 2; } diff --git a/libextra/auth_srp.h b/libextra/auth_srp.h index 463ce94340..9d642ff61c 100644 --- a/libextra/auth_srp.h +++ b/libextra/auth_srp.h @@ -3,30 +3,46 @@ #include <gnutls_auth.h> + +typedef int gnutls_srp_server_credentials_function(gnutls_session, + char *username, + gnutls_datum * salt, + gnutls_datum * verifier, + gnutls_datum * + generator, + gnutls_datum * prime); + + typedef struct { - char* username; - char* password; + char *username; + char *password; } SRP_CLIENT_CREDENTIALS_INT; #define gnutls_srp_client_credentials SRP_CLIENT_CREDENTIALS_INT* typedef struct { - char** password_file; - char** password_conf_file; - int password_files; + char **password_file; + char **password_conf_file; + int password_files; + /* callback function, instead of reading the + * password files. + */ + gnutls_srp_server_credentials_function *pwd_callback; } SRP_SERVER_CREDENTIALS_INT; #define gnutls_srp_server_credentials SRP_SERVER_CREDENTIALS_INT* /* these structures should not use allocated data */ typedef struct SRP_SERVER_AUTH_INFO_INT { - char username[MAX_SRP_USERNAME]; + char username[MAX_SRP_USERNAME]; } *SRP_SERVER_AUTH_INFO; #ifdef ENABLE_SRP -int _gnutls_proc_srp_server_hello(gnutls_session state, const opaque * data, size_t data_size); -int _gnutls_gen_srp_server_hello(gnutls_session state, opaque * data, size_t data_size); +int _gnutls_proc_srp_server_hello(gnutls_session state, + const opaque * data, size_t data_size); +int _gnutls_gen_srp_server_hello(gnutls_session state, opaque * data, + size_t data_size); int _gnutls_gen_srp_server_kx2(gnutls_session, opaque **); int _gnutls_gen_srp_client_kx0(gnutls_session, opaque **); @@ -34,8 +50,8 @@ int _gnutls_gen_srp_client_kx0(gnutls_session, opaque **); int _gnutls_proc_srp_server_kx2(gnutls_session, opaque *, size_t); int _gnutls_proc_srp_client_kx0(gnutls_session, opaque *, size_t); -typedef struct SRP_SERVER_AUTH_INFO_INT SRP_SERVER_AUTH_INFO_INT; +typedef struct SRP_SERVER_AUTH_INFO_INT SRP_SERVER_AUTH_INFO_INT; -#endif /* ENABLE_SRP */ +#endif /* ENABLE_SRP */ #endif diff --git a/libextra/auth_srp_passwd.c b/libextra/auth_srp_passwd.c index 4d10000c76..99ca2dfcef 100644 --- a/libextra/auth_srp_passwd.c +++ b/libextra/auth_srp_passwd.c @@ -34,11 +34,12 @@ #include "gnutls_dh.h" #include "debug.h" #include <gnutls_str.h> +#include <gnutls_datum.h> /* this function parses tpasswd.conf file. Format is: * string(username):base64(v):base64(salt):int(index) */ -static int pwd_put_values( GNUTLS_SRP_PWD_ENTRY *entry, char *str) { +static int pwd_put_values( SRP_PWD_ENTRY *entry, char *str) { char * p; int len, ret; opaque *verifier; @@ -72,10 +73,10 @@ int indx; p++; len = strlen(p); - - entry->salt_size = _gnutls_sbase64_decode( p, len, &entry->salt); - if (entry->salt_size <= 0) { + entry->salt.size = _gnutls_sbase64_decode( p, len, &entry->salt.data); + + if (entry->salt.size <= 0) { gnutls_assert(); return GNUTLS_E_PARSING_ERROR; } @@ -83,7 +84,7 @@ int indx; /* now go for verifier */ p = rindex( str, ':'); /* we have verifier */ if (p==NULL) { - gnutls_free(entry->salt); + gnutls_free_datum(&entry->salt); return GNUTLS_E_PARSING_ERROR; } @@ -94,25 +95,20 @@ int indx; ret = _gnutls_sbase64_decode( p, len, &verifier); if (ret <= 0) { gnutls_assert(); - gnutls_free(entry->salt); + gnutls_free_datum(&entry->salt); return GNUTLS_E_PARSING_ERROR; } verifier_size = ret; - if (_gnutls_mpi_scan(&entry->v, verifier, &verifier_size)) { - gnutls_assert(); - gnutls_free( entry->salt); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - gnutls_free( verifier); + entry->v.data = verifier; + entry->v.size = verifier_size; /* now go for username */ *p='\0'; entry->username = gnutls_strdup(str); if (entry->username==NULL) { - gnutls_free( entry->salt); + gnutls_free_datum( &entry->salt); gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } @@ -124,13 +120,12 @@ int indx; /* this function parses tpasswd.conf file. Format is: * int(index):base64(n):int(g) */ -static int pwd_put_values2( GNUTLS_SRP_PWD_ENTRY *entry, char *str) +static int pwd_put_values2( SRP_PWD_ENTRY *entry, char *str) { char * p; int len; opaque * tmp; int ret; -size_t tmp_size; p = rindex( str, ':'); /* we have g */ if (p==NULL) { @@ -151,20 +146,13 @@ size_t tmp_size; return GNUTLS_E_PARSING_ERROR; } - tmp_size = ret; - if (_gnutls_mpi_scan(&entry->g, tmp, &tmp_size)) { - gnutls_assert(); - gnutls_free(tmp); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - gnutls_free(tmp); - + entry->g.data = tmp; + entry->g.size = ret; /* now go for n - modulo */ p = rindex( str, ':'); /* we have n */ if (p==NULL) { - _gnutls_mpi_release(&entry->g); + gnutls_free_datum( &entry->g); gnutls_assert(); return GNUTLS_E_PARSING_ERROR; } @@ -177,18 +165,12 @@ size_t tmp_size; if (ret < 0) { gnutls_assert(); - _gnutls_mpi_release(&entry->g); + gnutls_free_datum( &entry->g); return GNUTLS_E_PARSING_ERROR; } - tmp_size = ret; - if (_gnutls_mpi_scan(&entry->n, tmp, &tmp_size)) { - gnutls_assert(); - gnutls_free(tmp); - _gnutls_mpi_release(&entry->g); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - gnutls_free(tmp); + + entry->n.data = tmp; + entry->n.size = ret; return 0; } @@ -196,7 +178,7 @@ size_t tmp_size; /* this function opens the tpasswd.conf file */ -static int pwd_read_conf( const char* pconf_file, GNUTLS_SRP_PWD_ENTRY* entry, int index) { +static int pwd_read_conf( const char* pconf_file, SRP_PWD_ENTRY* entry, int index) { FILE * fd; char line[2*1024]; uint i; @@ -229,15 +211,15 @@ static int pwd_read_conf( const char* pconf_file, GNUTLS_SRP_PWD_ENTRY* entry, i } -GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* username, int *err) { +SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* username, int *err) { const gnutls_srp_server_credentials cred; FILE * fd; char line[2*1024]; uint i, len; - GNUTLS_SRP_PWD_ENTRY * entry = gnutls_malloc(sizeof(GNUTLS_SRP_PWD_ENTRY)); - int index; - int pwd_index = 0; - + SRP_PWD_ENTRY * entry; + int index, pwd_index = 0, ret; + + entry = gnutls_calloc(1, sizeof(SRP_PWD_ENTRY)); if (entry==NULL) { gnutls_assert(); *err = 1; @@ -254,6 +236,22 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* us return NULL; } + /* if the callback which sends the parameters is + * set. + */ + if (cred->pwd_callback != NULL) { + ret = cred->pwd_callback( state, username, &entry->salt, + &entry->v, &entry->g, &entry->n); + + if (ret < 0) { + gnutls_assert(); + gnutls_free(entry); + return NULL; + } + + return entry; + } + if (cred->password_files<=0) { gnutls_assert(); return NULL; @@ -305,16 +303,17 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* us } #define RNDUSER "rnd" #define RND_SALT_SIZE 17 -GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() { - GNUTLS_SRP_PWD_ENTRY * pwd_entry = gnutls_calloc(1, sizeof(GNUTLS_SRP_PWD_ENTRY)); +SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() { + int ret; + SRP_PWD_ENTRY * pwd_entry = gnutls_calloc(1, sizeof(SRP_PWD_ENTRY)); if (pwd_entry == NULL) { gnutls_assert(); return NULL; } - pwd_entry->g = _gnutls_get_rnd_srp_params( &pwd_entry->n, 1024); - if (pwd_entry->g==NULL || pwd_entry->n==NULL) { + ret = _gnutls_get_rnd_srp_params( &pwd_entry->g, &pwd_entry->n, 1024); + if (ret < 0) { gnutls_assert(); _gnutls_srp_clear_pwd_entry( pwd_entry); return NULL; @@ -328,25 +327,26 @@ GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() { } _gnutls_str_cpy( pwd_entry->username, MAX_SRP_USERNAME, RNDUSER); /* Flawfinder: ignore */ - pwd_entry->v = _gnutls_mpi_new(160); - if (pwd_entry->v==NULL) { + pwd_entry->v.data = gnutls_malloc(20); + pwd_entry->v.size = 20; + if (pwd_entry->v.data==NULL) { gnutls_assert(); _gnutls_srp_clear_pwd_entry( pwd_entry); return NULL; } - _gnutls_mpi_randomize( pwd_entry->v, 160, GCRY_WEAK_RANDOM); + _gnutls_get_random( pwd_entry->v.data, 20, GNUTLS_WEAK_RANDOM); - pwd_entry->salt_size = RND_SALT_SIZE; + pwd_entry->salt.size = RND_SALT_SIZE; - pwd_entry->salt = gnutls_malloc(RND_SALT_SIZE); - if (pwd_entry->salt==NULL) { + pwd_entry->salt.data = gnutls_malloc(RND_SALT_SIZE); + if (pwd_entry->salt.data==NULL) { gnutls_assert(); _gnutls_srp_clear_pwd_entry( pwd_entry); return NULL; } - if (_gnutls_get_random(pwd_entry->salt, RND_SALT_SIZE, GNUTLS_WEAK_RANDOM) < 0) { + if (_gnutls_get_random(pwd_entry->salt.data, RND_SALT_SIZE, GNUTLS_WEAK_RANDOM) < 0) { gnutls_assert(); _gnutls_srp_clear_pwd_entry( pwd_entry); return NULL; @@ -356,68 +356,17 @@ GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() { } -void _gnutls_srp_clear_pwd_entry( GNUTLS_SRP_PWD_ENTRY * entry) { - _gnutls_mpi_release(&entry->v); - _gnutls_mpi_release(&entry->g); - _gnutls_mpi_release(&entry->n); - - gnutls_free(entry->salt); +void _gnutls_srp_clear_pwd_entry( SRP_PWD_ENTRY * entry) { + gnutls_free_datum(&entry->v); + gnutls_free_datum(&entry->g); + gnutls_free_datum(&entry->n); + gnutls_free_datum(&entry->salt); + gnutls_free(entry->username); - gnutls_free(entry); return; } -/* Generates a prime and a generator, and returns the srpbase64 encoded value. - */ -int _gnutls_srp_generate_prime(opaque ** ret_g, opaque ** ret_n, int bits) -{ - - GNUTLS_MPI prime, g; - size_t siz; - char *tmp; - - if ( _gnutls_dh_generate_prime(&g, &prime, bits) < 0) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - siz = 0; - _gnutls_mpi_print( NULL, &siz, g); - if (ret_g != NULL) { - tmp = gnutls_malloc(siz); - if (tmp==NULL) return GNUTLS_E_MEMORY_ERROR; - - _gnutls_mpi_print( tmp, &siz, g); - - if (_gnutls_sbase64_encode(tmp, siz, ret_g) < 0) { - gnutls_free(tmp); - return GNUTLS_E_INTERNAL_ERROR; - } - gnutls_free(tmp); - } - - siz = 0; - _gnutls_mpi_print( NULL, &siz, prime); - if (ret_n != NULL) { - tmp = gnutls_malloc(siz); - if (tmp==NULL) return GNUTLS_E_MEMORY_ERROR; - - _gnutls_mpi_print( tmp, &siz, prime); - if (_gnutls_sbase64_encode(tmp, siz, ret_n) < 0) { - gnutls_free(tmp); - return GNUTLS_E_INTERNAL_ERROR; - } - - gnutls_free(tmp); - } - - _gnutls_mpi_release(&g); - _gnutls_mpi_release(&prime); - - return 0; - -} #endif /* ENABLE SRP */ diff --git a/libextra/auth_srp_passwd.h b/libextra/auth_srp_passwd.h index cb9ef01b28..992ddea420 100644 --- a/libextra/auth_srp_passwd.h +++ b/libextra/auth_srp_passwd.h @@ -3,18 +3,16 @@ typedef struct { char* username; - opaque *salt; - int salt_size; - - MPI v; - MPI g; - MPI n; -} GNUTLS_SRP_PWD_ENTRY; + gnutls_datum salt; + gnutls_datum v; + gnutls_datum g; + gnutls_datum n; +} SRP_PWD_ENTRY; /* this is localy alocated. It should be freed using the provided function */ -GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* username, int* err); -void _gnutls_srp_clear_pwd_entry( GNUTLS_SRP_PWD_ENTRY * entry); -GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry(void); +SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* username, int* err); +void _gnutls_srp_clear_pwd_entry( SRP_PWD_ENTRY * entry); +SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry(void); int _gnutls_sbase64_encode(uint8 * data, size_t data_size, uint8 ** result); int _gnutls_sbase64_decode(uint8 * data, size_t data_size, uint8 ** result); diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c index 91e2015237..4b167662b8 100644 --- a/libextra/gnutls_openpgp.c +++ b/libextra/gnutls_openpgp.c @@ -1419,6 +1419,18 @@ _gnutls_openpgp_request_key( gnutls_session session, gnutls_datum* ret, gnutls_assert(); return GNUTLS_E_OPENPGP_GETKEY_FAILED; } + + if (gnutls_malloc != malloc) { + char* tmpdata = gnutls_malloc( ret->size); + if (tmpdata == NULL) { + free( ret->data); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + memcpy(tmpdata, ret->data, ret->size); + free( ret->data); + + ret->data = tmpdata; + } } return rc; diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c index 72cdbf0d1f..22b365efa1 100644 --- a/libextra/gnutls_srp.c +++ b/libextra/gnutls_srp.c @@ -488,12 +488,11 @@ int i; * first password file * * In case the callback returned a negative number then gnutls will - * not attempt to choose the appropriate certificate and the caller function - * will fail. + * terminate this handshake. * * The callback function will only be called once per handshake. - * The callback function should return the index of the certificate - * choosen by the server. -1 indicates an error. + * The callback function should return the index of the password file + * that will be used by the server. -1 indicates an error. * **/ void gnutls_srp_server_set_select_function(gnutls_session session, @@ -504,6 +503,37 @@ void gnutls_srp_server_set_select_function(gnutls_session session, } /** + * gnutls_srp_server_set_credentials_function - Used to set a callback to retrieve the user's SRP credentials + * @cred: is a &gnutls_srp_server_credentials structure. + * @func: is the callback function + * + * The callback's function form is: + * int (*callback)(gnutls_session, const char* username, + * gnutls_datum* salt, gnutls_datum *verifier, gnutls_datum* g, + * gnutls_datum* n); + * + * 'username' contains the actual username. + * + * The 'salt', 'verifier', 'generator' and 'prime' must be filled + * in. + * + * In case the callback returned a negative number then gnutls will + * assume that the username does not exist. + * + * The callback function will only be called once per handshake. + * The callback function should return 0 on success. + * -1 indicates an error. + * + **/ +void gnutls_srp_server_set_credentials_function( + gnutls_srp_server_credentials cred, + gnutls_srp_server_credentials_function * func) +{ + cred->pwd_callback = func; +} + + +/** * gnutls_srp_server_get_username - This function returns the username of the peer * @session: is a gnutls session * diff --git a/libextra/gnutls_srp.h b/libextra/gnutls_srp.h index 4137636ee1..717daed8bb 100644 --- a/libextra/gnutls_srp.h +++ b/libextra/gnutls_srp.h @@ -9,9 +9,6 @@ MPI _gnutls_calc_srp_S2(MPI B, MPI g, MPI x, MPI a, MPI u, MPI n); int _gnutls_calc_srp_x( char* username, char* password, opaque* salt, size_t salt_size, size_t* size, void* digest); int _gnutls_srp_gn( opaque** ret_g, opaque** ret_n, int bits); -/* our prime */ -extern const uint8 diffie_hellman_group1_prime[130]; - /* g is defined to be 2 */ #define SRP_MAX_HASH_SIZE 24 diff --git a/src/common.c b/src/common.c index 184dc21ac5..2467768b0d 100644 --- a/src/common.c +++ b/src/common.c @@ -1,5 +1,6 @@ #include <stdio.h> #include <stdlib.h> +#include <string.h> #include <gnutls/gnutls.h> #include <gnutls/extra.h> #include <time.h> @@ -58,7 +59,7 @@ void print_x509_info(gnutls_session session) gnutls_datum res; gnutls_x509_certificate_to_xml(&cert_list[0], &res, 0); - printf(res.data); + puts(res.data); free(res.data); @@ -166,7 +167,7 @@ void print_openpgp_info(gnutls_session session) gnutls_datum res; gnutls_openpgp_key_to_xml(&cert_list[0], &res, 0); - printf(res.data); + puts(res.data); free(res.data); |