[gnutls-devel] GnuTLS | Support external PSK importer (#1355)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Mon May 1 14:54:30 CEST 2023
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1355#note_1373764559
This probably can be implemented in two levels of interfaces: callback-based and one-time assignment. The former is to done by adding a new `gnutls_psk_key_flags` enum value, say `GNUTLS_PSK_KEY_IMPORT` to indicate that PSK is imported, and extending `gnutls_psk_set_client_credentials_function` and `gnutls_psk_set_server_credentials_function` with a new callback function that takes `context` and `flag`, both as a return parameter. TLS 1.3 handshake state machine calls this new callback and if the returned `flag` indicates that it's an importable PSK, calculates the IPSK as defined in the RFC.
This interface is, however, not so intuitive to use. Therefore, the latter interface is provided for handy, which provides the following functions:
```c
int gnutls_psk_import_client_credentials(gnutls_psk_client_credentials_t res,
const gnutls_datum_t *username,
const gnutls_datum_t *key,
const gnutls_datum_t *context);
int gnutls_psk_import_server_credentials(gnutls_psk_server_credentials_t res,
const gnutls_datum_t *username,
const gnutls_datum_t *key,
const gnutls_datum_t *context);
```
This interface is less flexible than the callback-based interface, as the CONTEXT is assigned statically. The current server API also has an interface to read PSKs from a file, but I would rather not touch it.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1355#note_1373764559
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230501/26bf2130/attachment.html>
More information about the Gnutls-devel
mailing list