diff options
| author | Daiki Ueno <ueno@gnu.org> | 2023-05-02 08:41:08 +0900 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2023-05-04 18:47:56 +0900 |
| commit | 4fe788cc172e6c06f40a42ba516a60f21369018c (patch) | |
| tree | 1e84b4e61a611894f264ceb5e9e2ef9a51dacfd0 /lib/auth/psk_passwd.c | |
| parent | 643342325a15e652fedac27b7bcb4614a242ab0d (diff) | |
| download | gnutls-4fe788cc172e6c06f40a42ba516a60f21369018c.tar.gz | |
psk: Add basic support for RFC 9258 external PSK importer interface
This adds a minimal, callback-based API to import external PSK,
following RFC 9258. The client and the server importing external PSK
are supposed to set a callback to retrieve PSK, which returns flags
that may indicate the PSK is imported, along with the key:
typedef int gnutls_psk_client_credentials_function3(
gnutls_session_t session,
gnutls_datum_t *username, gnutls_datum_t *key,
gnutls_psk_key_flags *flags);
typedef int gnutls_psk_server_credentials_function3(
gnutls_session_t session,
const gnutls_datum_t *username, gnutls_datum_t *key,
gnutls_psk_key_flags *flags);
Those callbacks are responsible to call
gnutls_psk_format_imported_identity() for external PSKs to build a
serialized PSK identity, and set GNUTLS_PSK_KEY_EXT in flags if the
identity is an imported one.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'lib/auth/psk_passwd.c')
| -rw-r--r-- | lib/auth/psk_passwd.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index 70f59c7738..eff339dd17 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -149,7 +149,8 @@ static int _randomize_psk(gnutls_datum_t *psk) * If the user doesn't exist a random password is returned instead. */ int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username, - uint16_t username_len, gnutls_datum_t *psk) + uint16_t username_len, gnutls_datum_t *psk, + gnutls_psk_key_flags *flags) { gnutls_psk_server_credentials_t cred; FILE *fp; @@ -170,8 +171,7 @@ int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username, * set, use it. */ if (cred->pwd_callback != NULL) { - ret = cred->pwd_callback(session, &username_datum, psk); - + ret = cred->pwd_callback(session, &username_datum, psk, flags); if (ret == 1) { /* the user does not exist */ ret = _randomize_psk(psk); if (ret < 0) { @@ -212,6 +212,9 @@ int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username, ret = GNUTLS_E_SRP_PWD_ERROR; goto cleanup; } + if (flags) { + *flags = 0; + } ret = 0; goto cleanup; } @@ -224,6 +227,9 @@ int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username, goto cleanup; } + if (flags) { + *flags = 0; + } ret = 0; cleanup: if (fp != NULL) @@ -241,7 +247,7 @@ cleanup: int _gnutls_find_psk_key(gnutls_session_t session, gnutls_psk_client_credentials_t cred, gnutls_datum_t *username, gnutls_datum_t *key, - int *free) + gnutls_psk_key_flags *flags, int *free) { int ret; @@ -252,11 +258,14 @@ int _gnutls_find_psk_key(gnutls_session_t session, username->size = cred->username.size; key->data = cred->key.data; key->size = cred->key.size; + if (flags) { + *flags = 0; + } } else if (cred->get_function != NULL) { - ret = cred->get_function(session, username, key); - - if (ret) + ret = cred->get_function(session, username, key, flags); + if (ret) { return gnutls_assert_val(ret); + } *free = 1; } else |