/src/gnutls/lib/auth/dhe.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2000-2012 Free Software Foundation, Inc. |
3 | | * Copyright (C) 2017 Red Hat, Inc. |
4 | | * |
5 | | * Author: Nikos Mavrogiannopoulos |
6 | | * |
7 | | * This file is part of GnuTLS. |
8 | | * |
9 | | * The GnuTLS is free software; you can redistribute it and/or |
10 | | * modify it under the terms of the GNU Lesser General Public License |
11 | | * as published by the Free Software Foundation; either version 2.1 of |
12 | | * the License, or (at your option) any later version. |
13 | | * |
14 | | * This library is distributed in the hope that it will be useful, but |
15 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | | * Lesser General Public License for more details. |
18 | | * |
19 | | * You should have received a copy of the GNU Lesser General Public License |
20 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
21 | | * |
22 | | */ |
23 | | |
24 | | /* This file contains everything for the Ephemeral Diffie-Hellman |
25 | | * (DHE) key exchange. This is used in the handshake procedure of the |
26 | | * certificate authentication. |
27 | | */ |
28 | | |
29 | | #include "gnutls_int.h" |
30 | | #include "auth.h" |
31 | | #include "errors.h" |
32 | | #include "dh.h" |
33 | | #include "num.h" |
34 | | #include "tls-sig.h" |
35 | | #include <datum.h> |
36 | | #include <algorithms.h> |
37 | | #include <auth/cert.h> |
38 | | #include <x509.h> |
39 | | #include <state.h> |
40 | | #include <auth/dh_common.h> |
41 | | #include <auth/ecdhe.h> |
42 | | |
43 | | static int gen_dhe_server_kx(gnutls_session_t, gnutls_buffer_st *); |
44 | | static int proc_dhe_server_kx(gnutls_session_t, uint8_t *, size_t); |
45 | | static int proc_dhe_client_kx(gnutls_session_t, uint8_t *, size_t); |
46 | | |
47 | | #ifdef ENABLE_DHE |
48 | | |
49 | | const mod_auth_st dhe_rsa_auth_struct = { |
50 | | "DHE_RSA", |
51 | | _gnutls_gen_cert_server_crt, |
52 | | _gnutls_gen_cert_client_crt, |
53 | | gen_dhe_server_kx, |
54 | | _gnutls_gen_dh_common_client_kx, |
55 | | _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */ |
56 | | _gnutls_gen_cert_server_cert_req, /* server cert request */ |
57 | | |
58 | | _gnutls_proc_crt, |
59 | | _gnutls_proc_crt, |
60 | | proc_dhe_server_kx, |
61 | | proc_dhe_client_kx, |
62 | | _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */ |
63 | | _gnutls_proc_cert_cert_req /* proc server cert request */ |
64 | | }; |
65 | | |
66 | | const mod_auth_st dhe_dss_auth_struct = { |
67 | | "DHE_DSS", |
68 | | _gnutls_gen_cert_server_crt, |
69 | | _gnutls_gen_cert_client_crt, |
70 | | gen_dhe_server_kx, |
71 | | _gnutls_gen_dh_common_client_kx, |
72 | | _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */ |
73 | | _gnutls_gen_cert_server_cert_req, /* server cert request */ |
74 | | |
75 | | _gnutls_proc_crt, |
76 | | _gnutls_proc_crt, |
77 | | proc_dhe_server_kx, |
78 | | proc_dhe_client_kx, |
79 | | _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */ |
80 | | _gnutls_proc_cert_cert_req /* proc server cert request */ |
81 | | }; |
82 | | |
83 | | #endif |
84 | | |
85 | | static int gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) |
86 | 0 | { |
87 | 0 | int ret = 0; |
88 | 0 | gnutls_certificate_credentials_t cred; |
89 | 0 | unsigned sig_pos; |
90 | |
|
91 | 0 | cred = (gnutls_certificate_credentials_t) |
92 | 0 | _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); |
93 | 0 | if (cred == NULL) { |
94 | 0 | gnutls_assert(); |
95 | 0 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; |
96 | 0 | } |
97 | | |
98 | 0 | if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, |
99 | 0 | sizeof(cert_auth_info_st), 1)) < 0) { |
100 | 0 | gnutls_assert(); |
101 | 0 | return ret; |
102 | 0 | } |
103 | | |
104 | 0 | ret = |
105 | 0 | _gnutls_figure_dh_params(session, cred->dh_params, |
106 | 0 | cred->params_func, cred->dh_sec_param); |
107 | 0 | if (ret < 0) { |
108 | 0 | return gnutls_assert_val(ret); |
109 | 0 | } |
110 | | |
111 | 0 | sig_pos = data->length; |
112 | |
|
113 | 0 | ret = _gnutls_dh_common_print_server_kx(session, data); |
114 | 0 | if (ret < 0) { |
115 | 0 | gnutls_assert(); |
116 | 0 | return ret; |
117 | 0 | } |
118 | | |
119 | | /* Generate the signature. */ |
120 | 0 | return _gnutls_gen_dhe_signature(session, data, &data->data[sig_pos], |
121 | 0 | data->length - sig_pos); |
122 | 0 | } |
123 | | |
124 | | static int |
125 | | proc_dhe_server_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) |
126 | 0 | { |
127 | 0 | gnutls_datum_t vdata; |
128 | 0 | int ret; |
129 | |
|
130 | 0 | ret = _gnutls_proc_dh_common_server_kx(session, data, _data_size); |
131 | 0 | if (ret < 0) |
132 | 0 | return gnutls_assert_val(ret); |
133 | | |
134 | 0 | vdata.data = data; |
135 | 0 | vdata.size = ret; |
136 | |
|
137 | 0 | return _gnutls_proc_dhe_signature(session, data + ret, |
138 | 0 | _data_size - ret, &vdata); |
139 | 0 | } |
140 | | |
141 | | static int |
142 | | proc_dhe_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) |
143 | 0 | { |
144 | 0 | return _gnutls_proc_dh_common_client_kx(session, data, _data_size, |
145 | 0 | NULL); |
146 | 0 | } |