/* * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation * * Author: Nikos Mavroyanopoulos * * This file is part of GNUTLS. * * The GNUTLS library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License * as published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA * */ /* This file contains the Anonymous Diffie Hellman key exchange part of * the anonymous authentication. The functions here are used in the * handshake. */ #include #ifdef ENABLE_ANON #include "gnutls_auth_int.h" #include "gnutls_errors.h" #include "gnutls_dh.h" #include "auth_anon.h" #include "gnutls_num.h" #include "gnutls_mpi.h" #include #include static int gen_anon_server_kx(gnutls_session_t, opaque **); static int proc_anon_client_kx(gnutls_session_t, opaque *, size_t); static int proc_anon_server_kx(gnutls_session_t, opaque *, size_t); const mod_auth_st anon_auth_struct = { "ANON", NULL, NULL, gen_anon_server_kx, _gnutls_gen_dh_common_client_kx, /* this can be shared */ NULL, NULL, NULL, NULL, /* certificate */ proc_anon_server_kx, proc_anon_client_kx, NULL, NULL }; static int gen_anon_server_kx(gnutls_session_t session, opaque ** data) { mpi_t g, p; const mpi_t *mpis; int ret; gnutls_dh_params_t dh_params; const gnutls_anon_server_credentials_t cred; cred = _gnutls_get_cred(session->key, GNUTLS_CRD_ANON, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } dh_params = _gnutls_anon_get_dh_params(cred, session); mpis = _gnutls_get_dh_params(dh_params); if (mpis == NULL) { gnutls_assert(); return GNUTLS_E_NO_TEMPORARY_DH_PARAMS; } p = mpis[0]; g = mpis[1]; if ((ret = _gnutls_auth_info_set(session, GNUTLS_CRD_ANON, sizeof(anon_server_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } _gnutls_dh_set_group(session, g, p); ret = _gnutls_dh_common_print_server_kx(session, g, p, data); if (ret < 0) { gnutls_assert(); } return ret; } static int proc_anon_client_kx(gnutls_session_t session, opaque * data, size_t _data_size) { const gnutls_anon_server_credentials_t cred; int bits; int ret; mpi_t p, g; gnutls_dh_params_t dh_params; const mpi_t *mpis; bits = _gnutls_dh_get_allowed_prime_bits(session); cred = _gnutls_get_cred(session->key, GNUTLS_CRD_ANON, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } dh_params = _gnutls_anon_get_dh_params(cred, session); mpis = _gnutls_get_dh_params(dh_params); if (mpis == NULL) { gnutls_assert(); return GNUTLS_E_NO_TEMPORARY_DH_PARAMS; } p = mpis[0]; g = mpis[1]; ret = _gnutls_proc_dh_common_client_kx(session, data, _data_size, g, p); return ret; } int proc_anon_server_kx(gnutls_session_t session, opaque * data, size_t _data_size) { int ret; /* set auth_info */ if ((ret = _gnutls_auth_info_set(session, GNUTLS_CRD_ANON, sizeof(anon_client_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } ret = _gnutls_proc_dh_common_server_kx(session, data, _data_size); if (ret < 0) { gnutls_assert(); return ret; } return 0; } #endif /* ENABLE_ANON */