1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
/*
* Copyright (C) 2000-2012 Free Software Foundation, Inc.
* Copyright (C) 2017 Red Hat, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
* This file is part of GnuTLS.
*
* The GnuTLS is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>
*
*/
/* This file contains the Anonymous Diffie-Hellman key exchange part of
* the anonymous authentication. The functions here are used in the
* handshake.
*/
#include "gnutls_int.h"
#if defined(ENABLE_ANON) && defined(ENABLE_DHE)
# include "auth.h"
# include "errors.h"
# include "dh.h"
# include "auth/anon.h"
# include "num.h"
# include "mpi.h"
# include <state.h>
# include <auth/dh_common.h>
static int gen_anon_server_kx(gnutls_session_t, gnutls_buffer_st *);
static int proc_anon_client_kx(gnutls_session_t, uint8_t *, size_t);
static int proc_anon_server_kx(gnutls_session_t, uint8_t *, size_t);
const mod_auth_st anon_auth_struct = {
"ANON",
NULL,
NULL,
gen_anon_server_kx,
_gnutls_gen_dh_common_client_kx, /* this can be shared */
NULL,
NULL,
NULL,
NULL, /* certificate */
proc_anon_server_kx,
proc_anon_client_kx,
NULL,
NULL
};
static int gen_anon_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
int ret;
gnutls_anon_server_credentials_t cred;
cred = (gnutls_anon_server_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_ANON);
if (cred == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
if ((ret =
_gnutls_auth_info_init(session, GNUTLS_CRD_ANON,
sizeof(anon_auth_info_st), 1)) < 0) {
gnutls_assert();
return ret;
}
ret =
_gnutls_figure_dh_params(session, cred->dh_params,
cred->params_func, cred->dh_sec_param);
if (ret < 0) {
return gnutls_assert_val(ret);
}
ret = _gnutls_dh_common_print_server_kx(session, data);
if (ret < 0) {
gnutls_assert();
}
return ret;
}
static int
proc_anon_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size)
{
return
_gnutls_proc_dh_common_client_kx(session, data, _data_size, NULL);
}
int
proc_anon_server_kx(gnutls_session_t session, uint8_t * data, size_t _data_size)
{
int ret;
/* set auth_info */
if ((ret =
_gnutls_auth_info_init(session, GNUTLS_CRD_ANON,
sizeof(anon_auth_info_st), 1)) < 0) {
gnutls_assert();
return ret;
}
ret = _gnutls_proc_dh_common_server_kx(session, data, _data_size);
if (ret < 0) {
gnutls_assert();
return ret;
}
return 0;
}
#endif /* ENABLE_ANON */
|
