diff options
| author | lloyd <[email protected]> | 2012-01-27 15:47:33 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-01-27 15:47:33 +0000 |
| commit | b96fde715dddbb3fe1eb6a9077bb92182dfa1635 (patch) | |
| tree | c0ff39002fbe7bff1a72a296140827388ccef468 | |
| parent | 681a587b4766f660c758539110b6b8adb73a62a6 (diff) | |
Split up the psk function as the server also wants to be able to look
up a PSK from an identity.
| -rw-r--r-- | doc/examples/credentials.h | 14 | ||||
| -rw-r--r-- | src/credentials/credentials_manager.cpp | 16 | ||||
| -rw-r--r-- | src/credentials/credentials_manager.h | 26 | ||||
| -rw-r--r-- | src/tls/c_kex.cpp | 17 |
4 files changed, 51 insertions, 22 deletions
diff --git a/doc/examples/credentials.h b/doc/examples/credentials.h index e97d28e5d..160fec772 100644 --- a/doc/examples/credentials.h +++ b/doc/examples/credentials.h @@ -19,6 +19,20 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager public: Credentials_Manager_Simple(Botan::RandomNumberGenerator& rng) : rng(rng) {} + std::string psk_identity(const std::string&, const std::string&, + const std::string& identity_hint) + { + return "Client_identity"; + } + + Botan::SymmetricKey psk(const std::string&, const std::string&, + const std::string& identity) + { + if(identity == "Client_identity") + return Botan::SymmetricKey("AABBCC"); + throw Botan::Internal_Error("No PSK set for " + identity); + } + std::vector<Botan::X509_Certificate> cert_chain( const std::vector<std::string>& cert_key_types, const std::string& type, diff --git a/src/credentials/credentials_manager.cpp b/src/credentials/credentials_manager.cpp index fee849e47..7ca6ac657 100644 --- a/src/credentials/credentials_manager.cpp +++ b/src/credentials/credentials_manager.cpp @@ -15,12 +15,18 @@ std::string Credentials_Manager::psk_identity_hint(const std::string&, return ""; } -std::pair<std::string, SymmetricKey> -Credentials_Manager::psk(const std::string&, - const std::string&, - const std::string& identity_hint) +std::string Credentials_Manager::psk_identity(const std::string&, + const std::string&, + const std::string&) + { + return ""; + } + +SymmetricKey Credentials_Manager::psk(const std::string&, + const std::string&, + const std::string& identity) { - throw Internal_Error("No PSK set for " + identity_hint); + throw Internal_Error("No PSK set for identity " + identity); } std::string Credentials_Manager::srp_identifier(const std::string&, diff --git a/src/credentials/credentials_manager.h b/src/credentials/credentials_manager.h index 3c7eec3e7..7dc049722 100644 --- a/src/credentials/credentials_manager.h +++ b/src/credentials/credentials_manager.h @@ -34,12 +34,18 @@ class BOTAN_DLL Credentials_Manager /** * @param identity_hint was passed by the server (but may be empty) - * @return pair of PSK identity and the PSK itself. + * @return the PSK identity we want to use */ - virtual std::pair<std::string, SymmetricKey> - psk(const std::string& type, - const std::string& context, - const std::string& identity_hint); + virtual std::string psk_identity(const std::string& type, + const std::string& context, + const std::string& identity_hint); + + /** + * @return the PSK used for identity + */ + virtual SymmetricKey psk(const std::string& type, + const std::string& context, + const std::string& identity); /** * @return identifier for client-side SRP auth, if available @@ -56,16 +62,16 @@ class BOTAN_DLL Credentials_Manager * @return password for client-side SRP auth, if available for this identifier/type/context. */ - virtual std::string srp_password(const std::string& identifier, - const std::string& type, - const std::string& context); + virtual std::string srp_password(const std::string& type, + const std::string& context, + const std::string& identifier); /** * Retrieve SRP verifier parameters */ - virtual bool srp_verifier(const std::string& identifier, - const std::string& type, + virtual bool srp_verifier(const std::string& type, const std::string& context, + const std::string& identifier, BigInt& group_prime, BigInt& group_generator, BigInt& verifier, diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index 8dccb05c9..9f492c5a5 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -63,17 +63,20 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, identity_hint = reader.get_string(2, 0, 65535); } - std::pair<std::string, SymmetricKey> psk = - creds.psk("tls-client", - state->client_hello->sni_hostname(), - identity_hint); + const std::string hostname = state->client_hello->sni_hostname(); - append_tls_length_value(key_material, psk.first, 2); + const std::string psk_identity = creds.psk_identity("tls-client", + hostname, + identity_hint); - MemoryVector<byte> zeros(psk.second.length()); + append_tls_length_value(key_material, psk_identity, 2); + + SymmetricKey psk = creds.psk("tls-client", hostname, psk_identity); + + MemoryVector<byte> zeros(psk.length()); append_tls_length_value(pre_master, zeros, 2); - append_tls_length_value(pre_master, psk.second.bits_of(), 2); + append_tls_length_value(pre_master, psk.bits_of(), 2); } else if(state->server_kex) { |