2013-04-02 19:32:42 -07:00
|
|
|
/*
|
|
|
|
* Secure Remote Password 6a implementation
|
2015-04-16 10:07:34 -07:00
|
|
|
* https://github.com/est31/csrp-gmp
|
2013-04-02 19:32:42 -07:00
|
|
|
*
|
2013-10-09 06:08:49 -07:00
|
|
|
* The MIT License (MIT)
|
2015-04-11 18:40:29 -07:00
|
|
|
*
|
2015-04-16 10:07:34 -07:00
|
|
|
* Copyright (c) 2010, 2013 Tom Cocagne, 2015 est31 <MTest31@outlook.com>
|
2015-04-11 18:40:29 -07:00
|
|
|
*
|
2013-10-09 06:08:49 -07:00
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
|
|
* this software and associated documentation files (the "Software"), to deal in
|
|
|
|
* the Software without restriction, including without limitation the rights to
|
|
|
|
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
|
|
|
* of the Software, and to permit persons to whom the Software is furnished to do
|
|
|
|
* so, subject to the following conditions:
|
2015-04-11 18:40:29 -07:00
|
|
|
*
|
2013-10-09 06:08:49 -07:00
|
|
|
* The above copyright notice and this permission notice shall be included in all
|
|
|
|
* copies or substantial portions of the Software.
|
2015-04-11 18:40:29 -07:00
|
|
|
*
|
2013-10-09 06:08:49 -07:00
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
|
* SOFTWARE.
|
2015-04-11 18:40:29 -07:00
|
|
|
*
|
2013-04-02 19:32:42 -07:00
|
|
|
*/
|
|
|
|
|
2015-04-11 18:40:29 -07:00
|
|
|
/*
|
|
|
|
*
|
2013-04-02 19:32:42 -07:00
|
|
|
* Purpose: This is a direct implementation of the Secure Remote Password
|
2015-04-11 18:40:29 -07:00
|
|
|
* Protocol version 6a as described by
|
2013-04-02 19:32:42 -07:00
|
|
|
* http://srp.stanford.edu/design.html
|
2015-04-11 18:40:29 -07:00
|
|
|
*
|
2013-04-02 19:32:42 -07:00
|
|
|
* Author: tom.cocagne@gmail.com (Tom Cocagne)
|
2015-04-11 18:40:29 -07:00
|
|
|
*
|
|
|
|
* Dependencies: LibGMP
|
|
|
|
*
|
2013-04-02 19:32:42 -07:00
|
|
|
* Usage: Refer to test_srp.c for a demonstration
|
2015-04-11 18:40:29 -07:00
|
|
|
*
|
2013-04-02 19:32:42 -07:00
|
|
|
* Notes:
|
2015-04-11 18:40:29 -07:00
|
|
|
* This library allows multiple combinations of hashing algorithms and
|
2013-04-02 19:32:42 -07:00
|
|
|
* prime number constants. For authentication to succeed, the hash and
|
2015-04-11 18:40:29 -07:00
|
|
|
* prime number constants must match between
|
2013-04-02 19:32:42 -07:00
|
|
|
* srp_create_salted_verification_key(), srp_user_new(),
|
|
|
|
* and srp_verifier_new(). A recommended approach is to determine the
|
|
|
|
* desired level of security for an application and globally define the
|
|
|
|
* hash and prime number constants to the predetermined values.
|
2015-04-11 18:40:29 -07:00
|
|
|
*
|
2013-04-02 19:32:42 -07:00
|
|
|
* As one might suspect, more bits means more security. As one might also
|
2015-04-11 18:40:29 -07:00
|
|
|
* suspect, more bits also means more processing time. The test_srp.c
|
|
|
|
* program can be easily modified to profile various combinations of
|
2013-04-02 19:32:42 -07:00
|
|
|
* hash & prime number pairings.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef SRP_H
|
|
|
|
#define SRP_H
|
|
|
|
|
|
|
|
|
|
|
|
struct SRPVerifier;
|
|
|
|
struct SRPUser;
|
|
|
|
|
|
|
|
typedef enum
|
|
|
|
{
|
|
|
|
SRP_NG_1024,
|
|
|
|
SRP_NG_2048,
|
|
|
|
SRP_NG_4096,
|
|
|
|
SRP_NG_8192,
|
|
|
|
SRP_NG_CUSTOM
|
|
|
|
} SRP_NGType;
|
|
|
|
|
2015-04-11 18:40:29 -07:00
|
|
|
typedef enum
|
2013-04-02 19:32:42 -07:00
|
|
|
{
|
2015-04-23 21:58:24 -07:00
|
|
|
SRP_SHA1,
|
|
|
|
/*SRP_SHA224,*/
|
2013-04-02 19:32:42 -07:00
|
|
|
SRP_SHA256,
|
2015-04-11 18:40:29 -07:00
|
|
|
/*SRP_SHA384,
|
|
|
|
SRP_SHA512*/
|
2013-04-02 19:32:42 -07:00
|
|
|
} SRP_HashAlgorithm;
|
|
|
|
|
2015-04-11 18:40:29 -07:00
|
|
|
/* Out: bytes_v, len_v
|
|
|
|
*
|
|
|
|
* The caller is responsible for freeing the memory allocated for bytes_v
|
|
|
|
*
|
2013-04-02 19:32:42 -07:00
|
|
|
* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type.
|
|
|
|
* If provided, they must contain ASCII text of the hexidecimal notation.
|
2015-04-11 18:40:29 -07:00
|
|
|
*
|
|
|
|
* If bytes_s == NULL, it is filled with random data. The caller is responsible for freeing.
|
2013-04-02 19:32:42 -07:00
|
|
|
*/
|
2015-04-11 18:40:29 -07:00
|
|
|
void srp_create_salted_verification_key( SRP_HashAlgorithm alg,
|
|
|
|
SRP_NGType ng_type, const char * username_for_verifier,
|
2013-04-02 19:32:42 -07:00
|
|
|
const unsigned char * password, int len_password,
|
2015-04-11 18:40:29 -07:00
|
|
|
const unsigned char ** bytes_s, int * len_s,
|
2013-04-02 19:32:42 -07:00
|
|
|
const unsigned char ** bytes_v, int * len_v,
|
|
|
|
const char * n_hex, const char * g_hex );
|
|
|
|
|
|
|
|
/* Out: bytes_B, len_B.
|
2015-04-11 18:40:29 -07:00
|
|
|
*
|
2013-04-02 19:32:42 -07:00
|
|
|
* On failure, bytes_B will be set to NULL and len_B will be set to 0
|
2015-04-11 18:40:29 -07:00
|
|
|
*
|
2013-04-02 19:32:42 -07:00
|
|
|
* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type
|
2015-04-23 21:58:24 -07:00
|
|
|
*
|
|
|
|
* If bytes_b == NULL, random data is used for b.
|
2013-04-02 19:32:42 -07:00
|
|
|
*/
|
|
|
|
struct SRPVerifier * srp_verifier_new( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char * username,
|
2015-04-11 18:40:29 -07:00
|
|
|
const unsigned char * bytes_s, int len_s,
|
2013-04-02 19:32:42 -07:00
|
|
|
const unsigned char * bytes_v, int len_v,
|
|
|
|
const unsigned char * bytes_A, int len_A,
|
2015-04-23 21:58:24 -07:00
|
|
|
const unsigned char * bytes_b, int len_b,
|
2013-04-02 19:32:42 -07:00
|
|
|
const unsigned char ** bytes_B, int * len_B,
|
|
|
|
const char * n_hex, const char * g_hex );
|
|
|
|
|
|
|
|
|
|
|
|
void srp_verifier_delete( struct SRPVerifier * ver );
|
|
|
|
|
|
|
|
|
|
|
|
int srp_verifier_is_authenticated( struct SRPVerifier * ver );
|
|
|
|
|
|
|
|
|
|
|
|
const char * srp_verifier_get_username( struct SRPVerifier * ver );
|
|
|
|
|
|
|
|
/* key_length may be null */
|
|
|
|
const unsigned char * srp_verifier_get_session_key( struct SRPVerifier * ver, int * key_length );
|
|
|
|
|
|
|
|
|
|
|
|
int srp_verifier_get_session_key_length( struct SRPVerifier * ver );
|
|
|
|
|
|
|
|
|
|
|
|
/* user_M must be exactly srp_verifier_get_session_key_length() bytes in size */
|
|
|
|
void srp_verifier_verify_session( struct SRPVerifier * ver,
|
2015-04-11 18:40:29 -07:00
|
|
|
const unsigned char * user_M,
|
2013-04-02 19:32:42 -07:00
|
|
|
const unsigned char ** bytes_HAMK );
|
|
|
|
|
|
|
|
/*******************************************************************************/
|
|
|
|
|
|
|
|
/* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type */
|
2015-04-11 18:40:29 -07:00
|
|
|
struct SRPUser * srp_user_new( SRP_HashAlgorithm alg, SRP_NGType ng_type,
|
|
|
|
const char * username, const char * username_for_verifier,
|
2013-04-02 19:32:42 -07:00
|
|
|
const unsigned char * bytes_password, int len_password,
|
|
|
|
const char * n_hex, const char * g_hex );
|
2015-04-11 18:40:29 -07:00
|
|
|
|
2013-04-02 19:32:42 -07:00
|
|
|
void srp_user_delete( struct SRPUser * usr );
|
|
|
|
|
|
|
|
int srp_user_is_authenticated( struct SRPUser * usr);
|
|
|
|
|
|
|
|
|
|
|
|
const char * srp_user_get_username( struct SRPUser * usr );
|
|
|
|
|
|
|
|
/* key_length may be null */
|
|
|
|
const unsigned char * srp_user_get_session_key( struct SRPUser * usr, int * key_length );
|
|
|
|
|
|
|
|
int srp_user_get_session_key_length( struct SRPUser * usr );
|
|
|
|
|
2015-04-23 21:58:24 -07:00
|
|
|
/* Output: username, bytes_A, len_A. If you don't want it get written, set username to NULL.
|
|
|
|
* If bytes_a == NULL, random data is used for a. */
|
2015-04-11 18:40:29 -07:00
|
|
|
void srp_user_start_authentication( struct SRPUser * usr, const char ** username,
|
2015-04-23 21:58:24 -07:00
|
|
|
const unsigned char * bytes_a, int len_a,
|
2013-04-02 19:32:42 -07:00
|
|
|
const unsigned char ** bytes_A, int * len_A );
|
|
|
|
|
2015-04-11 18:40:29 -07:00
|
|
|
/* Output: bytes_M, len_M (len_M may be null and will always be
|
2013-04-02 19:32:42 -07:00
|
|
|
* srp_user_get_session_key_length() bytes in size) */
|
2015-04-11 18:40:29 -07:00
|
|
|
void srp_user_process_challenge( struct SRPUser * usr,
|
|
|
|
const unsigned char * bytes_s, int len_s,
|
2013-04-02 19:32:42 -07:00
|
|
|
const unsigned char * bytes_B, int len_B,
|
|
|
|
const unsigned char ** bytes_M, int * len_M );
|
2015-04-11 18:40:29 -07:00
|
|
|
|
2013-04-02 19:32:42 -07:00
|
|
|
/* bytes_HAMK must be exactly srp_user_get_session_key_length() bytes in size */
|
|
|
|
void srp_user_verify_session( struct SRPUser * usr, const unsigned char * bytes_HAMK );
|
|
|
|
|
|
|
|
#endif /* Include Guard */
|