/* Generate client key exchange message
*
*
* struct {
* select (KeyExchangeAlgorithm) {
* uint8_t psk_identity<0..2^16-1>;
* EncryptedPreMasterSecret;
* } exchange_keys;
* } ClientKeyExchange;
*/
static int
_gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
gnutls_buffer_st * data)
{
cert_auth_info_t auth = session->key.auth_info;
gnutls_datum_t sdata; /* data to send */
gnutls_pk_params_st params;
gnutls_psk_client_credentials_t cred;
gnutls_datum_t username, key;
int ret, free;
unsigned init_pos;
if (auth == NULL) {
/* this shouldn't have happened. The proc_certificate
* function should have detected that.
*/
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
gnutls_datum_t premaster_secret;
premaster_secret.size = GNUTLS_MASTER_SIZE;
premaster_secret.data =
gnutls_malloc(premaster_secret.size);
if (premaster_secret.data == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
/* Generate random */
ret = gnutls_rnd(GNUTLS_RND_RANDOM, premaster_secret.data,
premaster_secret.size);
if (ret < 0) {
gnutls_assert();
return ret;
}
/* Set version */
if (session->internals.rsa_pms_version[0] == 0) {
premaster_secret.data[0] =
_gnutls_get_adv_version_major(session);
premaster_secret.data[1] =
_gnutls_get_adv_version_minor(session);
} else { /* use the version provided */
premaster_secret.data[0] =
session->internals.rsa_pms_version[0];
premaster_secret.data[1] =
session->internals.rsa_pms_version[1];
}
/* move RSA parameters to key (session).
*/
if ((ret = _gnutls_get_public_rsa_params(session, ¶ms)) < 0) {
gnutls_assert();
return ret;
}
/* Encrypt premaster secret */
if ((ret =
_gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &premaster_secret,
¶ms)) < 0) {
gnutls_assert();
return ret;
}
gnutls_pk_params_release(¶ms);
cred = (gnutls_psk_client_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_PSK);
if (cred == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
ret = _gnutls_find_psk_key(session, cred, &username, &key, &free);
if (ret < 0)
return gnutls_assert_val(ret);
/* Here we set the PSK key */
ret = set_rsa_psk_session_key(session, &key, &premaster_secret);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
/* Create message for client key exchange
*
* struct {
* uint8_t psk_identity<0..2^16-1>;
* EncryptedPreMasterSecret;
* }
*/
init_pos = data->length;
/* Write psk_identity and EncryptedPreMasterSecret into data stream
*/
ret =
_gnutls_buffer_append_data_prefix(data, 16,
username.data,
username.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret =
_gnutls_buffer_append_data_prefix(data, 16, sdata.data,
sdata.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = data->length - init_pos;
cleanup:
_gnutls_free_datum(&sdata);
_gnutls_free_temp_key_datum(&premaster_secret);
if (free) {
_gnutls_free_temp_key_datum(&key);
gnutls_free(username.data);
}
return ret;
}
/* return RSA(random) using the peers public key
*/
int
_gnutls_gen_rsa_client_kx(gnutls_session_t session,
gnutls_buffer_st * data)
{
cert_auth_info_t auth = session->key.auth_info;
gnutls_datum_t sdata; /* data to send */
gnutls_pk_params_st params;
int ret;
if (auth == NULL) {
/* this shouldn't have happened. The proc_certificate
* function should have detected that.
*/
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
session->key.key.size = GNUTLS_MASTER_SIZE;
session->key.key.data = gnutls_malloc(session->key.key.size);
if (session->key.key.data == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
ret = _gnutls_rnd(GNUTLS_RND_RANDOM, session->key.key.data,
session->key.key.size);
if (ret < 0) {
gnutls_assert();
return ret;
}
if (session->internals.rsa_pms_version[0] == 0) {
session->key.key.data[0] =
_gnutls_get_adv_version_major(session);
session->key.key.data[1] =
_gnutls_get_adv_version_minor(session);
} else { /* use the version provided */
session->key.key.data[0] =
session->internals.rsa_pms_version[0];
session->key.key.data[1] =
session->internals.rsa_pms_version[1];
}
/* move RSA parameters to key (session).
*/
if ((ret = _gnutls_get_public_rsa_params(session, ¶ms)) < 0) {
gnutls_assert();
return ret;
}
ret =
_gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &session->key.key,
¶ms);
gnutls_pk_params_release(¶ms);
if (ret < 0)
return gnutls_assert_val(ret);
if (get_num_version(session) == GNUTLS_SSL3) {
/* SSL 3.0 */
_gnutls_buffer_replace_data(data, &sdata);
return data->length;
} else { /* TLS 1 */
ret =
_gnutls_buffer_append_data_prefix(data, 16, sdata.data,
sdata.size);
_gnutls_free_datum(&sdata);
return ret;
}
}
/* return RSA(random) using the peers public key
*/
int
_gnutls_gen_rsa_client_kx (gnutls_session_t session, opaque ** data)
{
cert_auth_info_t auth = session->key->auth_info;
gnutls_datum_t sdata; /* data to send */
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
int params_len = MAX_PUBLIC_PARAMS_SIZE;
int ret, i;
gnutls_protocol_t ver;
if (auth == NULL)
{
/* this shouldn't have happened. The proc_certificate
* function should have detected that.
*/
gnutls_assert ();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
session->key->key.size = GNUTLS_MASTER_SIZE;
session->key->key.data = gnutls_secure_malloc (session->key->key.size);
if (session->key->key.data == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
ret = _gnutls_rnd (GNUTLS_RND_RANDOM, session->key->key.data,
session->key->key.size);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ver = _gnutls_get_adv_version (session);
if (session->internals.rsa_pms_version[0] == 0)
{
session->key->key.data[0] = _gnutls_version_get_major (ver);
session->key->key.data[1] = _gnutls_version_get_minor (ver);
}
else
{ /* use the version provided */
session->key->key.data[0] = session->internals.rsa_pms_version[0];
session->key->key.data[1] = session->internals.rsa_pms_version[1];
}
/* move RSA parameters to key (session).
*/
if ((ret =
_gnutls_get_public_rsa_params (session, params, ¶ms_len)) < 0)
{
gnutls_assert ();
return ret;
}
if ((ret =
_gnutls_pkcs1_rsa_encrypt (&sdata, &session->key->key,
params, params_len, 2)) < 0)
{
gnutls_assert ();
return ret;
}
for (i = 0; i < params_len; i++)
_gnutls_mpi_release (¶ms[i]);
if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
{
/* SSL 3.0 */
*data = sdata.data;
return sdata.size;
}
else
{ /* TLS 1 */
*data = gnutls_malloc (sdata.size + 2);
if (*data == NULL)
{
_gnutls_free_datum (&sdata);
return GNUTLS_E_MEMORY_ERROR;
}
_gnutls_write_datum16 (*data, sdata);
ret = sdata.size + 2;
_gnutls_free_datum (&sdata);
return ret;
}
}
