csrp-gmp/srp.h

/*
 * Secure Remote Password 6a implementation
 * https://github.com/est31/csrp-gmp
 *
 * The MIT License (MIT)
 *
 * Copyright (c) 2010, 2013 Tom Cocagne, 2015 est31 <MTest31@outlook.com>
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy of
 * this software and associated documentation files (the "Software"), to deal in
 * the Software without restriction, including without limitation the rights to
 * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
 * of the Software, and to permit persons to whom the Software is furnished to do
 * so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 *
 */

/*
 *
 * Purpose:       This is a direct implementation of the Secure Remote Password
 *                Protocol version 6a as described by
 *                http://srp.stanford.edu/design.html
 *
 * Author:        tom.cocagne@gmail.com (Tom Cocagne)
 *
 * Dependencies:  LibGMP
 *
 * Usage:         Refer to test_srp.c for a demonstration
 *
 * Notes:
 *    This library allows multiple combinations of hashing algorithms and
 *    prime number constants. For authentication to succeed, the hash and
 *    prime number constants must match between
 *    srp_create_salted_verification_key(), srp_user_new(),
 *    and srp_verifier_new(). A recommended approach is to determine the
 *    desired level of security for an application and globally define the
 *    hash and prime number constants to the predetermined values.
 *
 *    As one might suspect, more bits means more security. As one might also
 *    suspect, more bits also means more processing time. The test_srp.c
 *    program can be easily modified to profile various combinations of
 *    hash & prime number pairings.
 */

#ifndef SRP_H
#define SRP_H


struct SRPVerifier;
struct SRPUser;

typedef enum
{
    SRP_NG_1024,
    SRP_NG_2048,
    SRP_NG_4096,
    SRP_NG_8192,
    SRP_NG_CUSTOM
} SRP_NGType;

typedef enum
{
    SRP_SHA1,
    /*SRP_SHA224,*/
    SRP_SHA256,
    /*SRP_SHA384,
    SRP_SHA512*/
} SRP_HashAlgorithm;

/* Out: bytes_v, len_v
 *
 * The caller is responsible for freeing the memory allocated for bytes_v
 *
 * The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type.
 * If provided, they must contain ASCII text of the hexidecimal notation.
 *
 * If bytes_s == NULL, it is filled with random data. The caller is responsible for freeing.
 */
void srp_create_salted_verification_key( SRP_HashAlgorithm alg,
                                         SRP_NGType ng_type, const char * username_for_verifier,
                                         const unsigned char * password, int len_password,
                                         const unsigned char ** bytes_s,  int * len_s,
                                         const unsigned char ** bytes_v, int * len_v,
                                         const char * n_hex, const char * g_hex );

/* Out: bytes_B, len_B.
 *
 * On failure, bytes_B will be set to NULL and len_B will be set to 0
 *
 * The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type
 *
 * If bytes_b == NULL, random data is used for b.
 */
struct SRPVerifier *  srp_verifier_new( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char * username,
                                        const unsigned char * bytes_s, int len_s,
                                        const unsigned char * bytes_v, int len_v,
                                        const unsigned char * bytes_A, int len_A,
                                        const unsigned char * bytes_b, int len_b,
                                        const unsigned char ** bytes_B, int * len_B,
                                        const char * n_hex, const char * g_hex );


void                  srp_verifier_delete( struct SRPVerifier * ver );


int                   srp_verifier_is_authenticated( struct SRPVerifier * ver );


const char *          srp_verifier_get_username( struct SRPVerifier * ver );

/* key_length may be null */
const unsigned char * srp_verifier_get_session_key( struct SRPVerifier * ver, int * key_length );


int                   srp_verifier_get_session_key_length( struct SRPVerifier * ver );


/* user_M must be exactly srp_verifier_get_session_key_length() bytes in size */
void                  srp_verifier_verify_session( struct SRPVerifier * ver,
                                                   const unsigned char * user_M,
                                                   const unsigned char ** bytes_HAMK );

/*******************************************************************************/

/* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type */
struct SRPUser *      srp_user_new( SRP_HashAlgorithm alg, SRP_NGType ng_type,
                                    const char * username, const char * username_for_verifier,
                                    const unsigned char * bytes_password, int len_password,
                                    const char * n_hex, const char * g_hex );

void                  srp_user_delete( struct SRPUser * usr );

int                   srp_user_is_authenticated( struct SRPUser * usr);


const char *          srp_user_get_username( struct SRPUser * usr );

/* key_length may be null */
const unsigned char * srp_user_get_session_key( struct SRPUser * usr, int * key_length );

int                   srp_user_get_session_key_length( struct SRPUser * usr );

/* Output: username, bytes_A, len_A. If you don't want it get written, set username to NULL.
 * If bytes_a == NULL, random data is used for a. */
void                  srp_user_start_authentication( struct SRPUser * usr, const char ** username,
                                                     const unsigned char  * bytes_a, int   len_a,
                                                     const unsigned char ** bytes_A, int * len_A );

/* Output: bytes_M, len_M  (len_M may be null and will always be
 *                          srp_user_get_session_key_length() bytes in size) */
void                  srp_user_process_challenge( struct SRPUser * usr,
                                                  const unsigned char * bytes_s, int len_s,
                                                  const unsigned char * bytes_B, int len_B,
                                                  const unsigned char ** bytes_M, int * len_M );

/* bytes_HAMK must be exactly srp_user_get_session_key_length() bytes in size */
void                  srp_user_verify_session( struct SRPUser * usr, const unsigned char * bytes_HAMK );

#endif /* Include Guard */
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`/*`
			`* Secure Remote Password 6a implementation`
Change copyright boilerplate 2015-04-16 10:07:34 -07:00			`* https://github.com/est31/csrp-gmp`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`*`
Updated licence description in srp.h and srp.c to match the LICENSE file 2013-10-09 06:08:49 -07:00			`* The MIT License (MIT)`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`*`
Change copyright boilerplate 2015-04-16 10:07:34 -07:00			`* Copyright (c) 2010, 2013 Tom Cocagne, 2015 est31 <MTest31@outlook.com>`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`*`
Updated licence description in srp.h and srp.c to match the LICENSE file 2013-10-09 06:08:49 -07:00			`* Permission is hereby granted, free of charge, to any person obtaining a copy of`
			`* this software and associated documentation files (the "Software"), to deal in`
			`* the Software without restriction, including without limitation the rights to`
			`* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies`
			`* of the Software, and to permit persons to whom the Software is furnished to do`
			`* so, subject to the following conditions:`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`*`
Updated licence description in srp.h and srp.c to match the LICENSE file 2013-10-09 06:08:49 -07:00			`* The above copyright notice and this permission notice shall be included in all`
			`* copies or substantial portions of the Software.`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`*`
Updated licence description in srp.h and srp.c to match the LICENSE file 2013-10-09 06:08:49 -07:00			`* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR`
			`* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,`
			`* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE`
			`* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER`
			`* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,`
			`* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE`
			`* SOFTWARE.`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`*`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`*/`

Port to LibGMP 2015-04-11 18:40:29 -07:00			`/*`
			`*`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* Purpose: This is a direct implementation of the Secure Remote Password`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`* Protocol version 6a as described by`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* http://srp.stanford.edu/design.html`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`*`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* Author: tom.cocagne@gmail.com (Tom Cocagne)`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`*`
			`* Dependencies: LibGMP`
			`*`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* Usage: Refer to test_srp.c for a demonstration`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`*`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* Notes:`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`* This library allows multiple combinations of hashing algorithms and`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* prime number constants. For authentication to succeed, the hash and`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`* prime number constants must match between`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* srp_create_salted_verification_key(), srp_user_new(),`
			`* and srp_verifier_new(). A recommended approach is to determine the`
			`* desired level of security for an application and globally define the`
			`* hash and prime number constants to the predetermined values.`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`*`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* As one might suspect, more bits means more security. As one might also`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`* suspect, more bits also means more processing time. The test_srp.c`
			`* program can be easily modified to profile various combinations of`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* hash & prime number pairings.`
			`*/`

			`#ifndef SRP_H`
			`#define SRP_H`


			`struct SRPVerifier;`
			`struct SRPUser;`

			`typedef enum`
			`{`
			`SRP_NG_1024,`
			`SRP_NG_2048,`
			`SRP_NG_4096,`
			`SRP_NG_8192,`
			`SRP_NG_CUSTOM`
			`} SRP_NGType;`

Port to LibGMP 2015-04-11 18:40:29 -07:00			`typedef enum`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`{`
Add RFC 5054 test vector tests and SHA-1 algorithm 2015-04-23 21:58:24 -07:00			`SRP_SHA1,`
			`/SRP_SHA224,/`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`SRP_SHA256,`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`/*SRP_SHA384,`
			`SRP_SHA512*/`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`} SRP_HashAlgorithm;`

Port to LibGMP 2015-04-11 18:40:29 -07:00			`/* Out: bytes_v, len_v`
			`*`
			`* The caller is responsible for freeing the memory allocated for bytes_v`
			`*`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type.`
			`* If provided, they must contain ASCII text of the hexidecimal notation.`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`*`
			`* If bytes_s == NULL, it is filled with random data. The caller is responsible for freeing.`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`*/`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`void srp_create_salted_verification_key( SRP_HashAlgorithm alg,`
			`SRP_NGType ng_type, const char * username_for_verifier,`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`const unsigned char * password, int len_password,`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`const unsigned char ** bytes_s, int * len_s,`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`const unsigned char ** bytes_v, int * len_v,`
			`const char * n_hex, const char * g_hex );`

			`/* Out: bytes_B, len_B.`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`*`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* On failure, bytes_B will be set to NULL and len_B will be set to 0`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`*`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type`
Add RFC 5054 test vector tests and SHA-1 algorithm 2015-04-23 21:58:24 -07:00			`*`
			`* If bytes_b == NULL, random data is used for b.`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`*/`
			`struct SRPVerifier * srp_verifier_new( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char * username,`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`const unsigned char * bytes_s, int len_s,`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`const unsigned char * bytes_v, int len_v,`
			`const unsigned char * bytes_A, int len_A,`
Add RFC 5054 test vector tests and SHA-1 algorithm 2015-04-23 21:58:24 -07:00			`const unsigned char * bytes_b, int len_b,`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`const unsigned char ** bytes_B, int * len_B,`
			`const char * n_hex, const char * g_hex );`


			`void srp_verifier_delete( struct SRPVerifier * ver );`


			`int srp_verifier_is_authenticated( struct SRPVerifier * ver );`


			`const char * srp_verifier_get_username( struct SRPVerifier * ver );`

			`/* key_length may be null */`
			`const unsigned char * srp_verifier_get_session_key( struct SRPVerifier * ver, int * key_length );`


			`int srp_verifier_get_session_key_length( struct SRPVerifier * ver );`


			`/* user_M must be exactly srp_verifier_get_session_key_length() bytes in size */`
			`void srp_verifier_verify_session( struct SRPVerifier * ver,`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`const unsigned char * user_M,`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`const unsigned char ** bytes_HAMK );`

			`/*******************************************************************************/`

			`/* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type */`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`struct SRPUser * srp_user_new( SRP_HashAlgorithm alg, SRP_NGType ng_type,`
			`const char * username, const char * username_for_verifier,`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`const unsigned char * bytes_password, int len_password,`
			`const char * n_hex, const char * g_hex );`
Port to LibGMP 2015-04-11 18:40:29 -07:00
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`void srp_user_delete( struct SRPUser * usr );`

			`int srp_user_is_authenticated( struct SRPUser * usr);`


			`const char * srp_user_get_username( struct SRPUser * usr );`

			`/* key_length may be null */`
			`const unsigned char * srp_user_get_session_key( struct SRPUser * usr, int * key_length );`

			`int srp_user_get_session_key_length( struct SRPUser * usr );`

Add RFC 5054 test vector tests and SHA-1 algorithm 2015-04-23 21:58:24 -07:00			`/* Output: username, bytes_A, len_A. If you don't want it get written, set username to NULL.`
			`* If bytes_a == NULL, random data is used for a. */`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`void srp_user_start_authentication( struct SRPUser * usr, const char ** username,`
Add RFC 5054 test vector tests and SHA-1 algorithm 2015-04-23 21:58:24 -07:00			`const unsigned char * bytes_a, int len_a,`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`const unsigned char ** bytes_A, int * len_A );`

Port to LibGMP 2015-04-11 18:40:29 -07:00			`/* Output: bytes_M, len_M (len_M may be null and will always be`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`* srp_user_get_session_key_length() bytes in size) */`
Port to LibGMP 2015-04-11 18:40:29 -07:00			`void srp_user_process_challenge( struct SRPUser * usr,`
			`const unsigned char * bytes_s, int len_s,`
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`const unsigned char * bytes_B, int len_B,`
			`const unsigned char ** bytes_M, int * len_M );`
Port to LibGMP 2015-04-11 18:40:29 -07:00
Converted to Unix line endings 2013-04-02 19:32:42 -07:00			`/* bytes_HAMK must be exactly srp_user_get_session_key_length() bytes in size */`
			`void srp_user_verify_session( struct SRPUser * usr, const unsigned char * bytes_HAMK );`

			`#endif /* Include Guard */`