2 * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
4 * Author: Simon Josefsson
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
25 /* Functions to support draft-ietf-netconf-tls-01.txt. */
27 #include <gnutls_int.h>
28 #include <gnutls_hash_int.h>
29 #include <gnutls_errors.h>
35 * gnutls_psk_netconf_derive_key:
36 * @password: zero terminated string containing password.
37 * @psk_identity: zero terminated string with PSK identity.
38 * @psk_identity_hint: zero terminated string with PSK identity hint.
39 * @output_key: output variable, contains newly allocated *data pointer.
41 * This function will derive a PSK key from a password, for use with
42 * the Netconf protocol.
44 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
48 * Deprecated: The need for this interface was dropped from the
49 * standard on publication as a RFC. The function works now but will
50 * return a hard failure in a future release.
53 gnutls_psk_netconf_derive_key (const char *password,
54 const char *psk_identity,
55 const char *psk_identity_hint,
56 gnutls_datum_t * output_key)
58 const char netconf_key_pad[] = "Key Pad for Netconf";
59 size_t sha1len = _gnutls_hash_get_algo_len (GNUTLS_DIG_SHA1);
60 size_t hintlen = strlen (psk_identity_hint);
67 * PSK = SHA-1(SHA-1(psk_identity + "Key Pad for Netconf" + password) +
72 rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1);
79 rc = _gnutls_hash (&dig, psk_identity, strlen (psk_identity));
83 _gnutls_hash_deinit (&dig, NULL);
87 rc = _gnutls_hash (&dig, netconf_key_pad, strlen (netconf_key_pad));
91 _gnutls_hash_deinit (&dig, NULL);
95 rc = _gnutls_hash (&dig, password, strlen (password));
99 _gnutls_hash_deinit (&dig, NULL);
103 innerlen = sha1len + hintlen;
104 inner = gnutls_malloc (innerlen);
105 _gnutls_hash_deinit (&dig, inner);
109 return GNUTLS_E_MEMORY_ERROR;
112 memcpy (inner + sha1len, psk_identity_hint, hintlen);
114 rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1);
122 rc = _gnutls_hash (&dig, inner, innerlen);
127 _gnutls_hash_deinit (&dig, NULL);
131 output_key->data = gnutls_malloc (sha1len);
132 _gnutls_hash_deinit (&dig, output_key->data);
133 if (output_key->data == NULL)
136 return GNUTLS_E_MEMORY_ERROR;
138 output_key->size = sha1len;
143 #endif /* ENABLE_PSK */