LCOV - code coverage report
Current view: top level - builds/gnutls/coverage/gnutls-git/lib - psk.c (source / functions) Hit Total Coverage
Test: GnuTLS-3.6.14 Code Coverage Lines: 110 152 72.4 %
Date: 2020-10-30 04:50:48 Functions: 18 21 85.7 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*
       2             :  * Copyright (C) 2005-2012 Free Software Foundation, Inc.
       3             :  *
       4             :  * Author: Nikos Mavrogiannopoulos
       5             :  *
       6             :  * This file is part of GnuTLS.
       7             :  *
       8             :  * The GnuTLS is free software; you can redistribute it and/or
       9             :  * modify it under the terms of the GNU Lesser General Public License
      10             :  * as published by the Free Software Foundation; either version 2.1 of
      11             :  * the License, or (at your option) any later version.
      12             :  *
      13             :  * This library is distributed in the hope that it will be useful, but
      14             :  * WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      16             :  * Lesser General Public License for more details.
      17             :  *
      18             :  * You should have received a copy of the GNU Lesser General Public License
      19             :  * along with this program.  If not, see <https://www.gnu.org/licenses/>
      20             :  *
      21             :  */
      22             : 
      23             : /* Functions for manipulating the PSK credentials. */
      24             : 
      25             : #include "gnutls_int.h"
      26             : #include "errors.h"
      27             : #include <str.h>
      28             : #include <auth/psk.h>
      29             : #include <state.h>
      30             : 
      31             : #ifdef ENABLE_PSK
      32             : 
      33             : #include <auth/psk_passwd.h>
      34             : #include <num.h>
      35             : #include <file.h>
      36             : #include <datum.h>
      37             : #include "debug.h"
      38             : #include "dh.h"
      39             : 
      40             : /**
      41             :  * gnutls_psk_free_client_credentials:
      42             :  * @sc: is a #gnutls_psk_client_credentials_t type.
      43             :  *
      44             :  * Free a gnutls_psk_client_credentials_t structure.
      45             :  **/
      46         899 : void gnutls_psk_free_client_credentials(gnutls_psk_client_credentials_t sc)
      47             : {
      48         899 :         _gnutls_free_datum(&sc->username);
      49         899 :         _gnutls_free_datum(&sc->key);
      50         899 :         gnutls_free(sc);
      51         899 : }
      52             : 
      53             : /**
      54             :  * gnutls_psk_allocate_client_credentials:
      55             :  * @sc: is a pointer to a #gnutls_psk_server_credentials_t type.
      56             :  *
      57             :  * Allocate a gnutls_psk_client_credentials_t structure.
      58             :  *
      59             :  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
      60             :  *   an error code is returned.
      61             :  **/
      62             : int
      63         941 : gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t *
      64             :                                        sc)
      65             : {
      66         941 :         *sc = gnutls_calloc(1, sizeof(psk_client_credentials_st));
      67             : 
      68         941 :         if (*sc == NULL)
      69             :                 return GNUTLS_E_MEMORY_ERROR;
      70             : 
      71             :         /* TLS 1.3 - Default binder HMAC algorithm is SHA-256 */
      72         941 :         (*sc)->binder_algo = _gnutls_mac_to_entry(GNUTLS_MAC_SHA256);
      73         941 :         return 0;
      74             : }
      75             : 
      76             : /**
      77             :  * gnutls_psk_set_client_credentials:
      78             :  * @res: is a #gnutls_psk_client_credentials_t type.
      79             :  * @username: is the user's zero-terminated userid
      80             :  * @key: is the user's key
      81             :  * @flags: indicate the format of the key, either
      82             :  *   %GNUTLS_PSK_KEY_RAW or %GNUTLS_PSK_KEY_HEX.
      83             :  *
      84             :  * This function sets the username and password, in a
      85             :  * gnutls_psk_client_credentials_t type.  Those will be used in
      86             :  * PSK authentication.  @username should be an ASCII string or UTF-8
      87             :  * string. In case of a UTF-8 string it is recommended to be following
      88             :  * the PRECIS framework for usernames (rfc8265). The key can be either
      89             :  * in raw byte format or in Hex format (without the 0x prefix).
      90             :  *
      91             :  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
      92             :  *   an error code is returned.
      93             :  **/
      94             : int
      95         609 : gnutls_psk_set_client_credentials(gnutls_psk_client_credentials_t res,
      96             :                                   const char *username,
      97             :                                   const gnutls_datum_t * key,
      98             :                                   gnutls_psk_key_flags flags)
      99             : {
     100         609 :         gnutls_datum_t dat;
     101             : 
     102         609 :         if (username == NULL)
     103           0 :                 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
     104             : 
     105         609 :         dat.data = (unsigned char *) username;
     106         609 :         dat.size = strlen(username);
     107             : 
     108         609 :         return gnutls_psk_set_client_credentials2(res, &dat, key, flags);
     109             : }
     110             : 
     111             : /**
     112             :  * gnutls_psk_set_client_credentials2:
     113             :  * @res: is a #gnutls_psk_client_credentials_t type.
     114             :  * @username: is the userid
     115             :  * @key: is the user's key
     116             :  * @flags: indicate the format of the key, either
     117             :  *   %GNUTLS_PSK_KEY_RAW or %GNUTLS_PSK_KEY_HEX.
     118             :  *
     119             :  * This function is identical to gnutls_psk_set_client_credentials(),
     120             :  * except that it allows a non-null-terminated username to be introduced.
     121             :  *
     122             :  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
     123             :  *   an error code is returned.
     124             :  */
     125             : int
     126         676 : gnutls_psk_set_client_credentials2(gnutls_psk_client_credentials_t res,
     127             :                                    const gnutls_datum_t *username,
     128             :                                    const gnutls_datum_t *key,
     129             :                                    gnutls_psk_key_flags flags)
     130             : {
     131         676 :         int ret;
     132             : 
     133         676 :         if (username == NULL || username->data == NULL || key == NULL || key->data == NULL) {
     134           0 :                 gnutls_assert();
     135           0 :                 return GNUTLS_E_INVALID_REQUEST;
     136             :         }
     137             : 
     138         676 :         ret =
     139         676 :             _gnutls_set_datum(&res->username, username->data, username->size);
     140         676 :         if (ret < 0)
     141             :                 return ret;
     142             : 
     143         676 :         if (flags == GNUTLS_PSK_KEY_RAW) {
     144         337 :                 if (_gnutls_set_datum(&res->key, key->data, key->size) < 0) {
     145           0 :                         gnutls_assert();
     146           0 :                         ret = GNUTLS_E_MEMORY_ERROR;
     147           0 :                         goto error;
     148             :                 }
     149             :         } else {                /* HEX key */
     150         339 :                 size_t size;
     151         339 :                 size = res->key.size = key->size / 2;
     152         339 :                 res->key.data = gnutls_malloc(size);
     153         339 :                 if (res->key.data == NULL) {
     154           0 :                         gnutls_assert();
     155           0 :                         ret = GNUTLS_E_MEMORY_ERROR;
     156           0 :                         goto error;
     157             :                 }
     158             : 
     159         339 :                 ret =
     160         339 :                     gnutls_hex_decode(key, (char *) res->key.data, &size);
     161         339 :                 res->key.size = (unsigned int) size;
     162         339 :                 if (ret < 0) {
     163             :                         
     164           0 :                         gnutls_assert();
     165           0 :                         goto error;
     166             :                 }
     167             : 
     168         339 :                 if (size < 4) {
     169           0 :                         gnutls_assert();
     170           0 :                         ret = GNUTLS_E_INVALID_REQUEST;
     171           0 :                         goto error;
     172             :                 }
     173             :         }
     174             : 
     175             :         return 0;
     176             : 
     177           0 :       error:
     178           0 :         _gnutls_free_datum(&res->username);
     179           0 :         _gnutls_free_datum(&res->key);
     180             : 
     181             :         return ret;
     182             : }
     183             : 
     184             : /**
     185             :  * gnutls_psk_free_server_credentials:
     186             :  * @sc: is a #gnutls_psk_server_credentials_t type.
     187             :  *
     188             :  * Free a gnutls_psk_server_credentials_t structure.
     189             :  **/
     190        4525 : void gnutls_psk_free_server_credentials(gnutls_psk_server_credentials_t sc)
     191             : {
     192        4525 :         if (sc->deinit_dh_params) {
     193           0 :                 gnutls_dh_params_deinit(sc->dh_params);
     194             :         }
     195             : 
     196        4525 :         gnutls_free(sc->password_file);
     197        4525 :         gnutls_free(sc->hint);
     198        4525 :         gnutls_free(sc);
     199        4525 : }
     200             : 
     201             : /**
     202             :  * gnutls_psk_allocate_server_credentials:
     203             :  * @sc: is a pointer to a #gnutls_psk_server_credentials_t type.
     204             :  *
     205             :  * Allocate a gnutls_psk_server_credentials_t structure.
     206             :  *
     207             :  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
     208             :  *   an error code is returned.
     209             :  **/
     210             : int
     211        4565 : gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t *
     212             :                                        sc)
     213             : {
     214        4565 :         *sc = gnutls_calloc(1, sizeof(psk_server_cred_st));
     215             : 
     216        4565 :         if (*sc == NULL)
     217             :                 return GNUTLS_E_MEMORY_ERROR;
     218             : 
     219             :         /* TLS 1.3 - Default binder HMAC algorithm is SHA-256 */
     220        4565 :         (*sc)->binder_algo = _gnutls_mac_to_entry(GNUTLS_MAC_SHA256);
     221        4565 :         return 0;
     222             : }
     223             : 
     224             : 
     225             : /**
     226             :  * gnutls_psk_set_server_credentials_file:
     227             :  * @res: is a #gnutls_psk_server_credentials_t type.
     228             :  * @password_file: is the PSK password file (passwd.psk)
     229             :  *
     230             :  * This function sets the password file, in a
     231             :  * #gnutls_psk_server_credentials_t type.  This password file
     232             :  * holds usernames and keys and will be used for PSK authentication.
     233             :  *
     234             :  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
     235             :  *   an error code is returned.
     236             :  **/
     237             : int
     238        3200 : gnutls_psk_set_server_credentials_file(gnutls_psk_server_credentials_t
     239             :                                        res, const char *password_file)
     240             : {
     241             : 
     242        3200 :         if (password_file == NULL) {
     243           0 :                 gnutls_assert();
     244           0 :                 return GNUTLS_E_INVALID_REQUEST;
     245             :         }
     246             : 
     247             :         /* Check if the files can be opened */
     248        3200 :         if (_gnutls_file_exists(password_file) != 0) {
     249           0 :                 gnutls_assert();
     250           0 :                 return GNUTLS_E_FILE_ERROR;
     251             :         }
     252             : 
     253        3200 :         res->password_file = gnutls_strdup(password_file);
     254        3200 :         if (res->password_file == NULL) {
     255           0 :                 gnutls_assert();
     256           0 :                 return GNUTLS_E_MEMORY_ERROR;
     257             :         }
     258             : 
     259             :         return 0;
     260             : }
     261             : 
     262             : /**
     263             :  * gnutls_psk_set_server_credentials_hint:
     264             :  * @res: is a #gnutls_psk_server_credentials_t type.
     265             :  * @hint: is the PSK identity hint string
     266             :  *
     267             :  * This function sets the identity hint, in a
     268             :  * #gnutls_psk_server_credentials_t type.  This hint is sent to
     269             :  * the client to help it chose a good PSK credential (i.e., username
     270             :  * and password).
     271             :  *
     272             :  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
     273             :  *   an error code is returned.
     274             :  *
     275             :  * Since: 2.4.0
     276             :  **/
     277             : int
     278        3308 : gnutls_psk_set_server_credentials_hint(gnutls_psk_server_credentials_t res,
     279             :                                        const char *hint)
     280             : {
     281        3308 :         res->hint = gnutls_strdup(hint);
     282        3308 :         if (res->hint == NULL) {
     283           0 :                 gnutls_assert();
     284           0 :                 return GNUTLS_E_MEMORY_ERROR;
     285             :         }
     286             : 
     287             :         return 0;
     288             : }
     289             : 
     290         568 : static int call_server_callback_legacy(gnutls_session_t session,
     291             :                                        const gnutls_datum_t *username,
     292             :                                        gnutls_datum_t *key)
     293             : {
     294         568 :         gnutls_psk_server_credentials_t cred =
     295             :                         (gnutls_psk_server_credentials_t)
     296         568 :                                 _gnutls_get_cred(session, GNUTLS_CRD_PSK);
     297         568 :         if (unlikely(cred == NULL))
     298           0 :           return gnutls_assert_val(-1);
     299             : 
     300         568 :         return cred->pwd_callback_legacy(session, (const char *) username->data, key);
     301             : }
     302             : 
     303             : /**
     304             :  * gnutls_psk_set_server_credentials_function:
     305             :  * @cred: is a #gnutls_psk_server_credentials_t type.
     306             :  * @func: is the callback function
     307             :  *
     308             :  * This function can be used to set a callback to retrieve the user's PSK credentials.
     309             :  * The callback's function form is:
     310             :  * int (*callback)(gnutls_session_t, const char* username,
     311             :  *  gnutls_datum_t* key);
     312             :  *
     313             :  * @username contains the actual username.
     314             :  * The @key must be filled in using the gnutls_malloc().
     315             :  *
     316             :  * In case the callback returned a negative number then gnutls will
     317             :  * assume that the username does not exist.
     318             :  *
     319             :  * The callback function will only be called once per handshake.  The
     320             :  * callback function should return 0 on success, while -1 indicates
     321             :  * an error.
     322             :  **/
     323             : void
     324        1129 : gnutls_psk_set_server_credentials_function(gnutls_psk_server_credentials_t
     325             :                                            cred,
     326             :                                            gnutls_psk_server_credentials_function
     327             :                                            * func)
     328             : {
     329        1129 :         cred->pwd_callback_legacy = func;
     330        1129 :         cred->pwd_callback = call_server_callback_legacy;
     331        1129 : }
     332             : 
     333             : /**
     334             :  * gnutls_psk_set_server_credentials_function2:
     335             :  * @cred: is a #gnutls_psk_server_credentials_t type.
     336             :  * @func: is the callback function
     337             :  *
     338             :  * This function can be used to set a callback to retrieve the user's PSK credentials.
     339             :  * The callback's function form is:
     340             :  * int (*callback)(gnutls_session_t, const gnutls_datum_t* username,
     341             :  *  gnutls_datum_t* key);
     342             :  *
     343             :  * This callback function has the same semantics as that of gnutls_psk_set_server_credentials_function(),
     344             :  * but it allows non-string usernames to be used.
     345             :  *
     346             :  * @username contains the actual username.
     347             :  * The @key must be filled in using the gnutls_malloc().
     348             :  *
     349             :  * In case the callback returned a negative number then gnutls will
     350             :  * assume that the username does not exist.
     351             :  *
     352             :  * The callback function will only be called once per handshake.  The
     353             :  * callback function should return 0 on success, while -1 indicates
     354             :  * an error.
     355             :  **/
     356             : void
     357          91 : gnutls_psk_set_server_credentials_function2(gnutls_psk_server_credentials_t cred,
     358             :                                             gnutls_psk_server_credentials_function2 func)
     359             : {
     360          91 :         cred->pwd_callback = func;
     361          91 :         cred->pwd_callback_legacy = NULL;
     362          91 : }
     363             : 
     364           1 : static int call_client_callback_legacy(gnutls_session_t session,
     365             :                                        gnutls_datum_t *username,
     366             :                                        gnutls_datum_t *key)
     367             : {
     368           1 :         int ret;
     369           1 :         char *user_p;
     370           1 :         gnutls_psk_client_credentials_t cred =
     371             :                         (gnutls_psk_client_credentials_t)
     372           1 :                                 _gnutls_get_cred(session, GNUTLS_CRD_PSK);
     373           1 :         if (unlikely(cred == NULL))
     374           0 :           return gnutls_assert_val(-1);
     375             : 
     376             : 
     377           1 :         ret = cred->get_function_legacy(session, &user_p, key);
     378             : 
     379           1 :         if (ret)
     380           0 :                 goto end;
     381             : 
     382           1 :         username->data = (uint8_t *) user_p;
     383           1 :         username->size = strlen(user_p);
     384             : 
     385             : end:
     386             :         return ret;
     387             : }
     388             : 
     389             : /**
     390             :  * gnutls_psk_set_client_credentials_function:
     391             :  * @cred: is a #gnutls_psk_server_credentials_t type.
     392             :  * @func: is the callback function
     393             :  *
     394             :  * This function can be used to set a callback to retrieve the username and
     395             :  * password for client PSK authentication.
     396             :  * The callback's function form is:
     397             :  * int (*callback)(gnutls_session_t, char** username,
     398             :  *  gnutls_datum_t* key);
     399             :  *
     400             :  * The @username and @key->data must be allocated using gnutls_malloc().
     401             :  * The @username should be an ASCII string or UTF-8
     402             :  * string. In case of a UTF-8 string it is recommended to be following
     403             :  * the PRECIS framework for usernames (rfc8265).
     404             :  *
     405             :  * The callback function will be called once per handshake.
     406             :  *
     407             :  * The callback function should return 0 on success.
     408             :  * -1 indicates an error.
     409             :  **/
     410             : void
     411         265 : gnutls_psk_set_client_credentials_function(gnutls_psk_client_credentials_t
     412             :                                            cred,
     413             :                                            gnutls_psk_client_credentials_function
     414             :                                            * func)
     415             : {
     416         265 :         cred->get_function = call_client_callback_legacy;
     417         265 :         cred->get_function_legacy = func;
     418         265 : }
     419             : 
     420             : /**
     421             :  * gnutls_psk_set_client_credentials_function2:
     422             :  * @cred: is a #gnutls_psk_server_credentials_t type.
     423             :  * @func: is the callback function
     424             :  *
     425             :  * This function can be used to set a callback to retrieve the username and
     426             :  * password for client PSK authentication.
     427             :  * The callback's function form is:
     428             :  * int (*callback)(gnutls_session_t, gnutls_datum_t* username,
     429             :  *  gnutls_datum_t* key);
     430             :  *
     431             :  * This callback function has the same semantics as that of gnutls_psk_set_client_credentials_function(),
     432             :  * but it allows non-string usernames to be used.
     433             :  *
     434             :  * The @username and @key->data must be allocated using gnutls_malloc().
     435             :  * The @username should be an ASCII string or UTF-8
     436             :  * string. In case of a UTF-8 string it is recommended to be following
     437             :  * the PRECIS framework for usernames (rfc8265).
     438             :  *
     439             :  * The callback function will be called once per handshake.
     440             :  *
     441             :  * The callback function should return 0 on success.
     442             :  * -1 indicates an error.
     443             :  **/
     444             : void
     445           0 : gnutls_psk_set_client_credentials_function2(gnutls_psk_client_credentials_t cred,
     446             :                                             gnutls_psk_client_credentials_function2 *func)
     447             : {
     448           0 :         cred->get_function = func;
     449           0 :         cred->get_function_legacy = NULL;
     450           0 : }
     451             : 
     452             : 
     453             : /**
     454             :  * gnutls_psk_server_get_username:
     455             :  * @session: is a gnutls session
     456             :  *
     457             :  * This should only be called in case of PSK authentication and in
     458             :  * case of a server.
     459             :  *
     460             :  * The returned pointer should be considered constant (do not free) and valid 
     461             :  * for the lifetime of the session.
     462             :  *
     463             :  * This function will return %NULL if the username has embedded NULL bytes.
     464             :  * In that case, gnutls_psk_server_get_username2() should be used to retrieve the username.
     465             :  *
     466             :  * Returns: the username of the peer, or %NULL in case of an error,
     467             :  * or if the username has embedded NULLs.
     468             :  **/
     469        1062 : const char *gnutls_psk_server_get_username(gnutls_session_t session)
     470             : {
     471        1062 :         psk_auth_info_t info;
     472             : 
     473        1062 :         CHECK_AUTH_TYPE(GNUTLS_CRD_PSK, NULL);
     474             : 
     475        1062 :         info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
     476        1062 :         if (info == NULL)
     477             :                 return NULL;
     478             : 
     479        1062 :         if (info->username[0] != 0 && !_gnutls_has_embedded_null(info->username, info->username_len))
     480        1062 :                 return info->username;
     481             : 
     482             :         return NULL;
     483             : }
     484             : 
     485             : /**
     486             :  * gnutls_psk_server_get_username2:
     487             :  * @session: is a gnutls session
     488             :  * @username: a datum that will be filled in by this function
     489             :  *
     490             :  * Return a pointer to the username of the peer in the supplied datum. Does not
     491             :  * need to be null-terminated.
     492             :  *
     493             :  * This should only be called in case of PSK authentication and in
     494             :  * case of a server.
     495             :  *
     496             :  * The returned pointer should be considered constant (do not free) and valid 
     497             :  * for the lifetime of the session.
     498             :  *
     499             :  * Returns: %GNUTLS_E_SUCCESS, or a negative value in case of an error.
     500             :  **/
     501        1521 : int gnutls_psk_server_get_username2(gnutls_session_t session, gnutls_datum_t *username)
     502             : {
     503        1521 :         psk_auth_info_t info;
     504             : 
     505        1521 :         CHECK_AUTH_TYPE(GNUTLS_CRD_PSK, GNUTLS_E_INVALID_REQUEST);
     506             : 
     507        1521 :         info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
     508        1521 :         if (info == NULL)
     509             :                 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
     510             : 
     511        1521 :         if (info->username_len > 0) {
     512        1521 :                 username->data = (unsigned char *) info->username;
     513        1521 :                 username->size = info->username_len;
     514        1521 :                 return 0;
     515             :         }
     516             : 
     517             :         return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
     518             : }
     519             : 
     520             : /**
     521             :  * gnutls_psk_client_get_hint:
     522             :  * @session: is a gnutls session
     523             :  *
     524             :  * The PSK identity hint may give the client help in deciding which
     525             :  * username to use.  This should only be called in case of PSK
     526             :  * authentication and in case of a client.
     527             :  *
     528             :  * Note: there is no hint in TLS 1.3, so this function will return %NULL
     529             :  * if TLS 1.3 has been negotiated.
     530             :  *
     531             :  * Returns: the identity hint of the peer, or %NULL in case of an error or if TLS 1.3 is being used.
     532             :  *
     533             :  * Since: 2.4.0
     534             :  **/
     535          34 : const char *gnutls_psk_client_get_hint(gnutls_session_t session)
     536             : {
     537          34 :         psk_auth_info_t info;
     538             : 
     539          34 :         CHECK_AUTH_TYPE(GNUTLS_CRD_PSK, NULL);
     540             : 
     541          34 :         info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
     542          34 :         if (info == NULL)
     543             :                 return NULL;
     544             : 
     545          34 :         if (info->hint[0] != 0)
     546          19 :                 return info->hint;
     547             : 
     548             :         return NULL;
     549             : }
     550             : 
     551             : /**
     552             :  * gnutls_psk_set_server_dh_params:
     553             :  * @res: is a gnutls_psk_server_credentials_t type
     554             :  * @dh_params: is a structure that holds Diffie-Hellman parameters.
     555             :  *
     556             :  * This function will set the Diffie-Hellman parameters for an
     557             :  * anonymous server to use. These parameters will be used in
     558             :  * Diffie-Hellman exchange with PSK cipher suites.
     559             :  *
     560             :  * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0
     561             :  * or later. Since 3.6.0, DH parameters are negotiated
     562             :  * following RFC7919.
     563             :  *
     564             :  **/
     565             : void
     566          64 : gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res,
     567             :                                 gnutls_dh_params_t dh_params)
     568             : {
     569          64 :         if (res->deinit_dh_params) {
     570           0 :                 res->deinit_dh_params = 0;
     571           0 :                 gnutls_dh_params_deinit(res->dh_params);
     572           0 :                 res->dh_params = NULL;
     573             :         }
     574             : 
     575          64 :         res->dh_params = dh_params;
     576          64 :         res->dh_sec_param = gnutls_pk_bits_to_sec_param(GNUTLS_PK_DH, _gnutls_mpi_get_nbits(dh_params->params[0]));
     577          64 : }
     578             : 
     579             : /**
     580             :  * gnutls_psk_set_server_known_dh_params:
     581             :  * @res: is a gnutls_psk_server_credentials_t type
     582             :  * @sec_param: is an option of the %gnutls_sec_param_t enumeration
     583             :  *
     584             :  * This function will set the Diffie-Hellman parameters for a
     585             :  * PSK server to use. These parameters will be used in
     586             :  * Ephemeral Diffie-Hellman cipher suites and will be selected from
     587             :  * the FFDHE set of RFC7919 according to the security level provided.
     588             :  *
     589             :  * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0
     590             :  * or later. Since 3.6.0, DH parameters are negotiated
     591             :  * following RFC7919.
     592             :  *
     593             :  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
     594             :  *   negative error value.
     595             :  *
     596             :  * Since: 3.5.6
     597             :  **/
     598             : int
     599         842 : gnutls_psk_set_server_known_dh_params(gnutls_psk_server_credentials_t res,
     600             :                                        gnutls_sec_param_t sec_param)
     601             : {
     602         842 :         res->dh_sec_param = sec_param;
     603             : 
     604         842 :         return 0;
     605             : }
     606             : 
     607             : /**
     608             :  * gnutls_psk_set_server_params_function:
     609             :  * @res: is a #gnutls_certificate_credentials_t type
     610             :  * @func: is the function to be called
     611             :  *
     612             :  * This function will set a callback in order for the server to get
     613             :  * the Diffie-Hellman parameters for PSK authentication.  The callback
     614             :  * should return %GNUTLS_E_SUCCESS (0) on success.
     615             :  *
     616             :  * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0
     617             :  * or later. Since 3.6.0, DH parameters are negotiated
     618             :  * following RFC7919.
     619             :  *
     620             :  **/
     621             : void
     622           0 : gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t res,
     623             :                                       gnutls_params_function * func)
     624             : {
     625           0 :         res->params_func = func;
     626           0 : }
     627             : 
     628             : /**
     629             :  * gnutls_psk_set_params_function:
     630             :  * @res: is a gnutls_psk_server_credentials_t type
     631             :  * @func: is the function to be called
     632             :  *
     633             :  * This function will set a callback in order for the server to get
     634             :  * the Diffie-Hellman or RSA parameters for PSK authentication.  The
     635             :  * callback should return %GNUTLS_E_SUCCESS (0) on success.
     636             :  *
     637             :  * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0
     638             :  * or later. Since 3.6.0, DH parameters are negotiated
     639             :  * following RFC7919.
     640             :  *
     641             :  **/
     642             : void
     643           0 : gnutls_psk_set_params_function(gnutls_psk_server_credentials_t res,
     644             :                                gnutls_params_function * func)
     645             : {
     646           0 :         res->params_func = func;
     647           0 : }
     648             : 
     649             : #endif                          /* ENABLE_PSK */

Generated by: LCOV version 1.14