diff options
author | Simon Josefsson <simon@josefsson.org> | 2008-04-08 17:14:41 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2008-04-08 17:14:41 +0200 |
commit | 5d0fcb10f8c30fd474c4201583fe200705e4d8df (patch) | |
tree | 6e641c268d8fa563381cb19c85ee08f4dca1a3ae /lib | |
parent | 593325695a39acc9f0cf91fbe2f533a4b4de9e89 (diff) | |
download | gnutls-5d0fcb10f8c30fd474c4201583fe200705e4d8df.tar.gz |
Starting pointer for NETCONF-PSK support.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Makefile.am | 3 | ||||
-rw-r--r-- | lib/gnutls_psk_netconf.c | 131 |
2 files changed, 133 insertions, 1 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index 96691bdbfb..c775d5a035 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -66,7 +66,8 @@ lib_LTLIBRARIES = libgnutls.la SRP_COBJECTS = ext_srp.c gnutls_srp.c auth_srp.c auth_srp_passwd.c \ auth_srp_sb64.c auth_srp_rsa.c -PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c auth_dhe_psk.c +PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \ + auth_dhe_psk.c gnutls_psk_netconf.c OPRFI_COBJECTS = ext_oprfi.c diff --git a/lib/gnutls_psk_netconf.c b/lib/gnutls_psk_netconf.c new file mode 100644 index 0000000000..853b8a8d35 --- /dev/null +++ b/lib/gnutls_psk_netconf.c @@ -0,0 +1,131 @@ +/* + * Copyright (C) 2008 Free Software Foundation + * + * Author: Simon Josefsson + * + * This file is part of GNUTLS. + * + * The GNUTLS library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA + * + */ + +/* Functions to support draft-ietf-netconf-tls-01.txt. */ + +#include <gnutls_int.h> + +#ifdef ENABLE_PSK + + +/** + * gnutls_psk_netconf_derive_key - derive PSK Netconf key from password + * @password: zero terminated string containing password. + * @psk_identity: zero terminated string with PSK identity. + * @psk_identity_hint: zero terminated string with PSK identity hint. + * @output_key: output variable, contains newly allocated *data pointer. + * + * This function will derive a PSK key from a password, for use with + * the Netconf protocol. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ +int +gnutls_psk_netconf_derive_key (const char *password, + const char *psk_identity, + const char *psk_identity_hint, + gnutls_datum *output_key) +{ + const char netconf_key_pad[] = "Key Pad for Netconf"; + size_t sha1len = _gnutls_hash_get_algo_len (GNUTLS_DIG_SHA1); + size_t hintlen = strlen (psk_identity_hint); + digest_hd_st dig; + char *inner; + size_t innerlen; + int rc; + + /* + * PSK = SHA-1(SHA-1(password + psk_identity + "Key Pad for Netconf") + + * psk_identity_hint) + * + */ + + innerlen = sha1len + hintlen; + inner = gnutls_malloc (len); + if (!inner) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1); + if (!rc) + { + gnutls_assert (); + return rc; + } + + rc = _gnutls_hash (&dig, password, strlen (password)); + if (!rc) + { + gnutls_assert (); + return rc; + } + + rc = _gnutls_hash (&dig, psk_identity, strlen (psk_identity)); + if (!rc) + { + gnutls_assert (); + return rc; + } + + rc = _gnutls_hash (&dig, netconf_key_pad, strlen (netconf_key_pad)); + if (!rc) + { + gnutls_assert (); + return rc; + } + + _gnutls_hash_deinit (&dig, inner); + + memcpy (inner + sha1len, psk_identity_hint, hintlen); + + rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1); + if (!rc) + { + gnutls_assert (); + return rc; + } + + rc = _gnutls_hash (&dig, inner, innerlen); + if (!rc) + { + gnutls_assert (); + return rc; + } + + output_key->data = gnutls_malloc (sha1len); + if (!output_key->data) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + output_key->size = sha1len; + + _gnutls_hash_deinit (&dig, output_key->data); + + return 0 +} + +#endif /* ENABLE_PSK */ |