Add RFC 5054 test vector tests and SHA-1 algorithm
parent
f4f75901d5
commit
e5a12b1d06
|
@ -44,13 +44,16 @@ The call `srp_random_seed` has been removed.
|
|||
|
||||
The call `srp_user_new` has a new parameter, `username_for_verifier`,
|
||||
allowing to use different usernames for verifier and srp login.
|
||||
Also, `srp_user_start_authentication` and `srp_verifier_new` have new
|
||||
parameters to specify `a` and `b` values.
|
||||
|
||||
Added option for `srp_create_salted_verification_key` call to specify
|
||||
a salt.
|
||||
|
||||
We ship with OpenSSL's implementation of the SHA256 hash algorithm.
|
||||
Support for other hash algoritms was dropped (but re-introducing is
|
||||
fairly easy, just copy from an OpenSSL source distribution).
|
||||
We ship with OpenSSL's implementation of the SHA256 and SHA-1 hash
|
||||
algorithms. Support for other hash algoritms was dropped (but
|
||||
re-introducing is fairly easy, just copy from an OpenSSL source
|
||||
distribution).
|
||||
|
||||
Usage Example
|
||||
-------------
|
||||
|
|
|
@ -118,6 +118,13 @@ typedef struct SHAstate_st {
|
|||
# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a
|
||||
* contiguous array of 32 bit wide
|
||||
* big-endian values. */
|
||||
|
||||
int SHA1_Init(SHA_CTX *c);
|
||||
int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
|
||||
int SHA1_Final(unsigned char *md, SHA_CTX *c);
|
||||
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
|
||||
void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
|
||||
|
||||
# define SHA224_DIGEST_LENGTH 28
|
||||
# define SHA256_DIGEST_LENGTH 32
|
||||
|
|
@ -0,0 +1,521 @@
|
|||
/* crypto/sha/sha_locl.h */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/sha.h>
|
||||
|
||||
#define DATA_ORDER_IS_BIG_ENDIAN
|
||||
|
||||
#define SHA_1
|
||||
|
||||
#define HASH_LONG SHA_LONG
|
||||
#define HASH_CTX SHA_CTX
|
||||
#define HASH_CBLOCK SHA_CBLOCK
|
||||
#define HASH_MAKE_STRING(c,s) do { \
|
||||
unsigned long ll; \
|
||||
ll=(c)->h0; (void)HOST_l2c(ll,(s)); \
|
||||
ll=(c)->h1; (void)HOST_l2c(ll,(s)); \
|
||||
ll=(c)->h2; (void)HOST_l2c(ll,(s)); \
|
||||
ll=(c)->h3; (void)HOST_l2c(ll,(s)); \
|
||||
ll=(c)->h4; (void)HOST_l2c(ll,(s)); \
|
||||
} while (0)
|
||||
|
||||
#if defined(SHA_0)
|
||||
|
||||
# define HASH_UPDATE SHA_Update
|
||||
# define HASH_TRANSFORM SHA_Transform
|
||||
# define HASH_FINAL SHA_Final
|
||||
# define HASH_INIT SHA_Init
|
||||
# define HASH_BLOCK_DATA_ORDER sha_block_data_order
|
||||
# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id))
|
||||
|
||||
static void sha_block_data_order(SHA_CTX *c, const void *p, size_t num);
|
||||
|
||||
#elif defined(SHA_1)
|
||||
|
||||
# define HASH_UPDATE SHA1_Update
|
||||
# define HASH_TRANSFORM SHA1_Transform
|
||||
# define HASH_FINAL SHA1_Final
|
||||
# define HASH_INIT SHA1_Init
|
||||
# define HASH_BLOCK_DATA_ORDER sha1_block_data_order
|
||||
# if defined(__MWERKS__) && defined(__MC68K__)
|
||||
/* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
|
||||
# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \
|
||||
ix=(a)=ROTATE((a),1); \
|
||||
} while (0)
|
||||
# else
|
||||
# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \
|
||||
ix=(a)=ROTATE((a),1) \
|
||||
)
|
||||
# endif
|
||||
|
||||
# ifndef SHA1_ASM
|
||||
static
|
||||
# endif
|
||||
void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
|
||||
|
||||
#else
|
||||
# error "Either SHA_0 or SHA_1 must be defined."
|
||||
#endif
|
||||
|
||||
#include "md32_common.h"
|
||||
|
||||
#define INIT_DATA_h0 0x67452301UL
|
||||
#define INIT_DATA_h1 0xefcdab89UL
|
||||
#define INIT_DATA_h2 0x98badcfeUL
|
||||
#define INIT_DATA_h3 0x10325476UL
|
||||
#define INIT_DATA_h4 0xc3d2e1f0UL
|
||||
|
||||
# define fips_md_init(alg) fips_md_init_ctx(alg, alg)
|
||||
# define fips_md_init_ctx(alg, cx) \
|
||||
int alg##_Init(cx##_CTX *c)
|
||||
# define fips_cipher_abort(alg) while(0)
|
||||
|
||||
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
|
||||
{
|
||||
SHA_CTX c;
|
||||
static unsigned char m[SHA_DIGEST_LENGTH];
|
||||
|
||||
if (md == NULL)
|
||||
md = m;
|
||||
if (!SHA1_Init(&c))
|
||||
return NULL;
|
||||
SHA1_Update(&c, d, n);
|
||||
SHA1_Final(md, &c);
|
||||
OPENSSL_cleanse(&c, sizeof(c));
|
||||
return (md);
|
||||
}
|
||||
|
||||
#ifdef SHA_0
|
||||
fips_md_init(SHA)
|
||||
#else
|
||||
fips_md_init_ctx(SHA1, SHA)
|
||||
#endif
|
||||
{
|
||||
memset(c, 0, sizeof(*c));
|
||||
c->h0 = INIT_DATA_h0;
|
||||
c->h1 = INIT_DATA_h1;
|
||||
c->h2 = INIT_DATA_h2;
|
||||
c->h3 = INIT_DATA_h3;
|
||||
c->h4 = INIT_DATA_h4;
|
||||
return 1;
|
||||
}
|
||||
|
||||
#define K_00_19 0x5a827999UL
|
||||
#define K_20_39 0x6ed9eba1UL
|
||||
#define K_40_59 0x8f1bbcdcUL
|
||||
#define K_60_79 0xca62c1d6UL
|
||||
|
||||
/*
|
||||
* As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be simplified
|
||||
* to the code in F_00_19. Wei attributes these optimisations to Peter
|
||||
* Gutmann's SHS code, and he attributes it to Rich Schroeppel. #define
|
||||
* F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) I've just become aware of another
|
||||
* tweak to be made, again from Wei Dai, in F_40_59, (x&a)|(y&a) -> (x|y)&a
|
||||
*/
|
||||
#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
|
||||
#define F_20_39(b,c,d) ((b) ^ (c) ^ (d))
|
||||
#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d)))
|
||||
#define F_60_79(b,c,d) F_20_39(b,c,d)
|
||||
|
||||
#ifndef OPENSSL_SMALL_FOOTPRINT
|
||||
|
||||
# define BODY_00_15(i,a,b,c,d,e,f,xi) \
|
||||
(f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
|
||||
(b)=ROTATE((b),30);
|
||||
|
||||
# define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
|
||||
Xupdate(f,xi,xa,xb,xc,xd); \
|
||||
(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
|
||||
(b)=ROTATE((b),30);
|
||||
|
||||
# define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
|
||||
Xupdate(f,xi,xa,xb,xc,xd); \
|
||||
(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
|
||||
(b)=ROTATE((b),30);
|
||||
|
||||
# define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
|
||||
Xupdate(f,xa,xa,xb,xc,xd); \
|
||||
(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
|
||||
(b)=ROTATE((b),30);
|
||||
|
||||
# define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
|
||||
Xupdate(f,xa,xa,xb,xc,xd); \
|
||||
(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
|
||||
(b)=ROTATE((b),30);
|
||||
|
||||
# define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
|
||||
Xupdate(f,xa,xa,xb,xc,xd); \
|
||||
(f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
|
||||
(b)=ROTATE((b),30);
|
||||
|
||||
# ifdef X
|
||||
# undef X
|
||||
# endif
|
||||
# ifndef MD32_XARRAY
|
||||
/*
|
||||
* Originally X was an array. As it's automatic it's natural
|
||||
* to expect RISC compiler to accomodate at least part of it in
|
||||
* the register bank, isn't it? Unfortunately not all compilers
|
||||
* "find" this expectation reasonable:-( On order to make such
|
||||
* compilers generate better code I replace X[] with a bunch of
|
||||
* X0, X1, etc. See the function body below...
|
||||
* <appro@fy.chalmers.se>
|
||||
*/
|
||||
# define X(i) XX##i
|
||||
# else
|
||||
/*
|
||||
* However! Some compilers (most notably HP C) get overwhelmed by
|
||||
* that many local variables so that we have to have the way to
|
||||
* fall down to the original behavior.
|
||||
*/
|
||||
# define X(i) XX[i]
|
||||
# endif
|
||||
|
||||
# if !defined(SHA_1) || !defined(SHA1_ASM)
|
||||
static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
|
||||
{
|
||||
const unsigned char *data = p;
|
||||
register unsigned MD32_REG_T A, B, C, D, E, T, l;
|
||||
# ifndef MD32_XARRAY
|
||||
unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
|
||||
XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
|
||||
# else
|
||||
SHA_LONG XX[16];
|
||||
# endif
|
||||
|
||||
A = c->h0;
|
||||
B = c->h1;
|
||||
C = c->h2;
|
||||
D = c->h3;
|
||||
E = c->h4;
|
||||
|
||||
for (;;) {
|
||||
const union {
|
||||
long one;
|
||||
char little;
|
||||
} is_endian = {
|
||||
1
|
||||
};
|
||||
|
||||
if (!is_endian.little && sizeof(SHA_LONG) == 4
|
||||
&& ((size_t)p % 4) == 0) {
|
||||
const SHA_LONG *W = (const SHA_LONG *)data;
|
||||
|
||||
X(0) = W[0];
|
||||
X(1) = W[1];
|
||||
BODY_00_15(0, A, B, C, D, E, T, X(0));
|
||||
X(2) = W[2];
|
||||
BODY_00_15(1, T, A, B, C, D, E, X(1));
|
||||
X(3) = W[3];
|
||||
BODY_00_15(2, E, T, A, B, C, D, X(2));
|
||||
X(4) = W[4];
|
||||
BODY_00_15(3, D, E, T, A, B, C, X(3));
|
||||
X(5) = W[5];
|
||||
BODY_00_15(4, C, D, E, T, A, B, X(4));
|
||||
X(6) = W[6];
|
||||
BODY_00_15(5, B, C, D, E, T, A, X(5));
|
||||
X(7) = W[7];
|
||||
BODY_00_15(6, A, B, C, D, E, T, X(6));
|
||||
X(8) = W[8];
|
||||
BODY_00_15(7, T, A, B, C, D, E, X(7));
|
||||
X(9) = W[9];
|
||||
BODY_00_15(8, E, T, A, B, C, D, X(8));
|
||||
X(10) = W[10];
|
||||
BODY_00_15(9, D, E, T, A, B, C, X(9));
|
||||
X(11) = W[11];
|
||||
BODY_00_15(10, C, D, E, T, A, B, X(10));
|
||||
X(12) = W[12];
|
||||
BODY_00_15(11, B, C, D, E, T, A, X(11));
|
||||
X(13) = W[13];
|
||||
BODY_00_15(12, A, B, C, D, E, T, X(12));
|
||||
X(14) = W[14];
|
||||
BODY_00_15(13, T, A, B, C, D, E, X(13));
|
||||
X(15) = W[15];
|
||||
BODY_00_15(14, E, T, A, B, C, D, X(14));
|
||||
BODY_00_15(15, D, E, T, A, B, C, X(15));
|
||||
|
||||
data += SHA_CBLOCK;
|
||||
} else {
|
||||
(void)HOST_c2l(data, l);
|
||||
X(0) = l;
|
||||
(void)HOST_c2l(data, l);
|
||||
X(1) = l;
|
||||
BODY_00_15(0, A, B, C, D, E, T, X(0));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(2) = l;
|
||||
BODY_00_15(1, T, A, B, C, D, E, X(1));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(3) = l;
|
||||
BODY_00_15(2, E, T, A, B, C, D, X(2));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(4) = l;
|
||||
BODY_00_15(3, D, E, T, A, B, C, X(3));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(5) = l;
|
||||
BODY_00_15(4, C, D, E, T, A, B, X(4));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(6) = l;
|
||||
BODY_00_15(5, B, C, D, E, T, A, X(5));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(7) = l;
|
||||
BODY_00_15(6, A, B, C, D, E, T, X(6));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(8) = l;
|
||||
BODY_00_15(7, T, A, B, C, D, E, X(7));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(9) = l;
|
||||
BODY_00_15(8, E, T, A, B, C, D, X(8));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(10) = l;
|
||||
BODY_00_15(9, D, E, T, A, B, C, X(9));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(11) = l;
|
||||
BODY_00_15(10, C, D, E, T, A, B, X(10));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(12) = l;
|
||||
BODY_00_15(11, B, C, D, E, T, A, X(11));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(13) = l;
|
||||
BODY_00_15(12, A, B, C, D, E, T, X(12));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(14) = l;
|
||||
BODY_00_15(13, T, A, B, C, D, E, X(13));
|
||||
(void)HOST_c2l(data, l);
|
||||
X(15) = l;
|
||||
BODY_00_15(14, E, T, A, B, C, D, X(14));
|
||||
BODY_00_15(15, D, E, T, A, B, C, X(15));
|
||||
}
|
||||
|
||||
BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13));
|
||||
BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14));
|
||||
BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15));
|
||||
BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0));
|
||||
|
||||
BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1));
|
||||
BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2));
|
||||
BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3));
|
||||
BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4));
|
||||
BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5));
|
||||
BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6));
|
||||
BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7));
|
||||
BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8));
|
||||
BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9));
|
||||
BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10));
|
||||
BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11));
|
||||
BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12));
|
||||
|
||||
BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13));
|
||||
BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14));
|
||||
BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15));
|
||||
BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0));
|
||||
BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1));
|
||||
BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2));
|
||||
BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3));
|
||||
BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4));
|
||||
|
||||
BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5));
|
||||
BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6));
|
||||
BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7));
|
||||
BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8));
|
||||
BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9));
|
||||
BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10));
|
||||
BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11));
|
||||
BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12));
|
||||
BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13));
|
||||
BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14));
|
||||
BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15));
|
||||
BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0));
|
||||
BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1));
|
||||
BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2));
|
||||
BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3));
|
||||
BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4));
|
||||
BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5));
|
||||
BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6));
|
||||
BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7));
|
||||
BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8));
|
||||
|
||||
BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9));
|
||||
BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10));
|
||||
BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11));
|
||||
BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12));
|
||||
BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13));
|
||||
BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14));
|
||||
BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15));
|
||||
BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0));
|
||||
BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1));
|
||||
BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2));
|
||||
BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3));
|
||||
BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4));
|
||||
BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5));
|
||||
BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6));
|
||||
BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7));
|
||||
BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8));
|
||||
BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9));
|
||||
BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10));
|
||||
BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11));
|
||||
BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12));
|
||||
|
||||
c->h0 = (c->h0 + E) & 0xffffffffL;
|
||||
c->h1 = (c->h1 + T) & 0xffffffffL;
|
||||
c->h2 = (c->h2 + A) & 0xffffffffL;
|
||||
c->h3 = (c->h3 + B) & 0xffffffffL;
|
||||
c->h4 = (c->h4 + C) & 0xffffffffL;
|
||||
|
||||
if (--num == 0)
|
||||
break;
|
||||
|
||||
A = c->h0;
|
||||
B = c->h1;
|
||||
C = c->h2;
|
||||
D = c->h3;
|
||||
E = c->h4;
|
||||
|
||||
}
|
||||
}
|
||||
# endif
|
||||
|
||||
#else /* OPENSSL_SMALL_FOOTPRINT */
|
||||
|
||||
# define BODY_00_15(xi) do { \
|
||||
T=E+K_00_19+F_00_19(B,C,D); \
|
||||
E=D, D=C, C=ROTATE(B,30), B=A; \
|
||||
A=ROTATE(A,5)+T+xi; } while(0)
|
||||
|
||||
# define BODY_16_19(xa,xb,xc,xd) do { \
|
||||
Xupdate(T,xa,xa,xb,xc,xd); \
|
||||
T+=E+K_00_19+F_00_19(B,C,D); \
|
||||
E=D, D=C, C=ROTATE(B,30), B=A; \
|
||||
A=ROTATE(A,5)+T; } while(0)
|
||||
|
||||
# define BODY_20_39(xa,xb,xc,xd) do { \
|
||||
Xupdate(T,xa,xa,xb,xc,xd); \
|
||||
T+=E+K_20_39+F_20_39(B,C,D); \
|
||||
E=D, D=C, C=ROTATE(B,30), B=A; \
|
||||
A=ROTATE(A,5)+T; } while(0)
|
||||
|
||||
# define BODY_40_59(xa,xb,xc,xd) do { \
|
||||
Xupdate(T,xa,xa,xb,xc,xd); \
|
||||
T+=E+K_40_59+F_40_59(B,C,D); \
|
||||
E=D, D=C, C=ROTATE(B,30), B=A; \
|
||||
A=ROTATE(A,5)+T; } while(0)
|
||||
|
||||
# define BODY_60_79(xa,xb,xc,xd) do { \
|
||||
Xupdate(T,xa,xa,xb,xc,xd); \
|
||||
T=E+K_60_79+F_60_79(B,C,D); \
|
||||
E=D, D=C, C=ROTATE(B,30), B=A; \
|
||||
A=ROTATE(A,5)+T+xa; } while(0)
|
||||
|
||||
# if !defined(SHA_1) || !defined(SHA1_ASM)
|
||||
static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
|
||||
{
|
||||
const unsigned char *data = p;
|
||||
register unsigned MD32_REG_T A, B, C, D, E, T, l;
|
||||
int i;
|
||||
SHA_LONG X[16];
|
||||
|
||||
A = c->h0;
|
||||
B = c->h1;
|
||||
C = c->h2;
|
||||
D = c->h3;
|
||||
E = c->h4;
|
||||
|
||||
for (;;) {
|
||||
for (i = 0; i < 16; i++) {
|
||||
HOST_c2l(data, l);
|
||||
X[i] = l;
|
||||
BODY_00_15(X[i]);
|
||||
}
|
||||
for (i = 0; i < 4; i++) {
|
||||
BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13) & 15]);
|
||||
}
|
||||
for (; i < 24; i++) {
|
||||
BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15],
|
||||
X[(i + 13) & 15]);
|
||||
}
|
||||
for (i = 0; i < 20; i++) {
|
||||
BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
|
||||
X[(i + 5) & 15]);
|
||||
}
|
||||
for (i = 4; i < 24; i++) {
|
||||
BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
|
||||
X[(i + 5) & 15]);
|
||||
}
|
||||
|
||||
c->h0 = (c->h0 + A) & 0xffffffffL;
|
||||
c->h1 = (c->h1 + B) & 0xffffffffL;
|
||||
c->h2 = (c->h2 + C) & 0xffffffffL;
|
||||
c->h3 = (c->h3 + D) & 0xffffffffL;
|
||||
c->h4 = (c->h4 + E) & 0xffffffffL;
|
||||
|
||||
if (--num == 0)
|
||||
break;
|
||||
|
||||
A = c->h0;
|
||||
B = c->h1;
|
||||
C = c->h2;
|
||||
D = c->h3;
|
||||
E = c->h4;
|
||||
|
||||
}
|
||||
}
|
||||
# endif
|
||||
|
||||
#endif
|
|
@ -7,12 +7,7 @@
|
|||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
|
||||
# include "sha2.h"
|
||||
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a 19 Mar 2015"
|
||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT;
|
||||
# include "sha.h"
|
||||
|
||||
/* mem_clr.c */
|
||||
unsigned char cleanse_ctr = 0;
|
||||
|
|
54
srp.c
54
srp.c
|
@ -37,11 +37,21 @@
|
|||
#include <stdio.h>
|
||||
|
||||
#include <gmp.h>
|
||||
#include <sha/sha2.h>
|
||||
#include <sha/sha.h>
|
||||
|
||||
#include "srp.h"
|
||||
|
||||
#define srp_dbg_data(data, datalen, prevtext) ;
|
||||
/*void srp_dbg_data(unsigned char * data, int datalen, char * prevtext)
|
||||
{
|
||||
printf(prevtext);
|
||||
int i;
|
||||
for (i = 0; i < datalen; i++)
|
||||
{
|
||||
printf("%02X", data[i]);
|
||||
}
|
||||
printf("\n");
|
||||
}*/
|
||||
|
||||
static int g_initialized = 0;
|
||||
|
||||
|
@ -229,8 +239,8 @@ static int hash_init( SRP_HashAlgorithm alg, HashCTX *c )
|
|||
{
|
||||
switch (alg)
|
||||
{
|
||||
/*case SRP_SHA1 : return SHA1_Init( &c->sha );
|
||||
case SRP_SHA224: return SHA224_Init( &c->sha256 );*/
|
||||
case SRP_SHA1 : return SHA1_Init( &c->sha );
|
||||
/*case SRP_SHA224: return SHA224_Init( &c->sha256 );*/
|
||||
case SRP_SHA256: return SHA256_Init( &c->sha256 );
|
||||
/*case SRP_SHA384: return SHA384_Init( &c->sha512 );
|
||||
case SRP_SHA512: return SHA512_Init( &c->sha512 );*/
|
||||
|
@ -242,8 +252,8 @@ static int hash_update( SRP_HashAlgorithm alg, HashCTX *c, const void *data, siz
|
|||
{
|
||||
switch (alg)
|
||||
{
|
||||
/*case SRP_SHA1 : return SHA1_Update( &c->sha, data, len );
|
||||
case SRP_SHA224: return SHA224_Update( &c->sha256, data, len );*/
|
||||
case SRP_SHA1 : return SHA1_Update( &c->sha, data, len );
|
||||
/*case SRP_SHA224: return SHA224_Update( &c->sha256, data, len );*/
|
||||
case SRP_SHA256: return SHA256_Update( &c->sha256, data, len );
|
||||
/*case SRP_SHA384: return SHA384_Update( &c->sha512, data, len );
|
||||
case SRP_SHA512: return SHA512_Update( &c->sha512, data, len );*/
|
||||
|
@ -255,8 +265,8 @@ static int hash_final( SRP_HashAlgorithm alg, HashCTX *c, unsigned char *md )
|
|||
{
|
||||
switch (alg)
|
||||
{
|
||||
/*case SRP_SHA1 : return SHA1_Final( md, &c->sha );
|
||||
case SRP_SHA224: return SHA224_Final( md, &c->sha256 );*/
|
||||
case SRP_SHA1 : return SHA1_Final( md, &c->sha );
|
||||
/*case SRP_SHA224: return SHA224_Final( md, &c->sha256 );*/
|
||||
case SRP_SHA256: return SHA256_Final( md, &c->sha256 );
|
||||
/*case SRP_SHA384: return SHA384_Final( md, &c->sha512 );
|
||||
case SRP_SHA512: return SHA512_Final( md, &c->sha512 );*/
|
||||
|
@ -268,8 +278,8 @@ static unsigned char * hash( SRP_HashAlgorithm alg, const unsigned char *d, size
|
|||
{
|
||||
switch (alg)
|
||||
{
|
||||
/*case SRP_SHA1 : return SHA1( d, n, md );
|
||||
case SRP_SHA224: return SHA224( d, n, md );*/
|
||||
case SRP_SHA1 : return SHA1( d, n, md );
|
||||
/*case SRP_SHA224: return SHA224( d, n, md );*/
|
||||
case SRP_SHA256: return SHA256( d, n, md );
|
||||
/*case SRP_SHA384: return SHA384( d, n, md );
|
||||
case SRP_SHA512: return SHA512( d, n, md );*/
|
||||
|
@ -281,8 +291,8 @@ static int hash_length( SRP_HashAlgorithm alg )
|
|||
{
|
||||
switch (alg)
|
||||
{
|
||||
/*case SRP_SHA1 : return SHA_DIGEST_LENGTH;
|
||||
case SRP_SHA224: return SHA224_DIGEST_LENGTH;*/
|
||||
case SRP_SHA1 : return SHA_DIGEST_LENGTH;
|
||||
/*case SRP_SHA224: return SHA224_DIGEST_LENGTH;*/
|
||||
case SRP_SHA256: return SHA256_DIGEST_LENGTH;
|
||||
/*case SRP_SHA384: return SHA384_DIGEST_LENGTH;
|
||||
case SRP_SHA512: return SHA512_DIGEST_LENGTH;*/
|
||||
|
@ -502,6 +512,15 @@ static void init_random()
|
|||
}
|
||||
|
||||
#define srp_dbg_num(num, text) ;
|
||||
/*void srp_dbg_num(mpz_t num, char * prevtext)
|
||||
{
|
||||
int len_num = mpz_num_bytes(num);
|
||||
char *bytes_num = (char*) malloc(len_num);
|
||||
mpz_to_bin(num, (unsigned char *) bytes_num);
|
||||
srp_dbg_data(bytes_num, len_num, prevtext);
|
||||
free(bytes_num);
|
||||
|
||||
}*/
|
||||
|
||||
/***********************************************************************************************************
|
||||
*
|
||||
|
@ -565,6 +584,7 @@ struct SRPVerifier * srp_verifier_new( SRP_HashAlgorithm alg, SRP_NGType ng_typ
|
|||
const unsigned char * bytes_s, int len_s,
|
||||
const unsigned char * bytes_v, int len_v,
|
||||
const unsigned char * bytes_A, int len_A,
|
||||
const unsigned char * bytes_b, int len_b,
|
||||
const unsigned char ** bytes_B, int * len_B,
|
||||
const char * n_hex, const char * g_hex )
|
||||
{
|
||||
|
@ -614,7 +634,12 @@ struct SRPVerifier * srp_verifier_new( SRP_HashAlgorithm alg, SRP_NGType ng_typ
|
|||
mpz_mod(tmp1, A, ng->N);
|
||||
if ( mpz_sgn(tmp1) != 0 )
|
||||
{
|
||||
if (bytes_b)
|
||||
{
|
||||
mpz_from_bin(bytes_b, len_b, b);
|
||||
} else {
|
||||
mpz_fill_random(b);
|
||||
}
|
||||
|
||||
if (!H_nn(k, alg, ng->N, ng->N, ng->g))
|
||||
{
|
||||
|
@ -860,10 +885,15 @@ int srp_user_get_session_key_length( struct SRPUser * usr )
|
|||
|
||||
/* Output: username, bytes_A, len_A */
|
||||
void srp_user_start_authentication( struct SRPUser * usr, const char ** username,
|
||||
const unsigned char * bytes_a, int len_a,
|
||||
const unsigned char ** bytes_A, int * len_A )
|
||||
{
|
||||
|
||||
if (bytes_a)
|
||||
{
|
||||
mpz_from_bin(bytes_a, len_a, usr->a);
|
||||
} else {
|
||||
mpz_fill_random(usr->a);
|
||||
}
|
||||
|
||||
mpz_powm(usr->A, usr->ng->g, usr->a, usr->ng->N);
|
||||
|
||||
|
|
11
srp.h
11
srp.h
|
@ -71,8 +71,8 @@ typedef enum
|
|||
|
||||
typedef enum
|
||||
{
|
||||
/*SRP_SHA1,
|
||||
SRP_SHA224,*/
|
||||
SRP_SHA1,
|
||||
/*SRP_SHA224,*/
|
||||
SRP_SHA256,
|
||||
/*SRP_SHA384,
|
||||
SRP_SHA512*/
|
||||
|
@ -99,11 +99,14 @@ void srp_create_salted_verification_key( SRP_HashAlgorithm alg,
|
|||
* On failure, bytes_B will be set to NULL and len_B will be set to 0
|
||||
*
|
||||
* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type
|
||||
*
|
||||
* If bytes_b == NULL, random data is used for b.
|
||||
*/
|
||||
struct SRPVerifier * srp_verifier_new( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char * username,
|
||||
const unsigned char * bytes_s, int len_s,
|
||||
const unsigned char * bytes_v, int len_v,
|
||||
const unsigned char * bytes_A, int len_A,
|
||||
const unsigned char * bytes_b, int len_b,
|
||||
const unsigned char ** bytes_B, int * len_B,
|
||||
const char * n_hex, const char * g_hex );
|
||||
|
||||
|
@ -148,8 +151,10 @@ const unsigned char * srp_user_get_session_key( struct SRPUser * usr, int * key_
|
|||
|
||||
int srp_user_get_session_key_length( struct SRPUser * usr );
|
||||
|
||||
/* Output: username, bytes_A, len_A. If you don't want it get written, set username to NULL */
|
||||
/* Output: username, bytes_A, len_A. If you don't want it get written, set username to NULL.
|
||||
* If bytes_a == NULL, random data is used for a. */
|
||||
void srp_user_start_authentication( struct SRPUser * usr, const char ** username,
|
||||
const unsigned char * bytes_a, int len_a,
|
||||
const unsigned char ** bytes_A, int * len_A );
|
||||
|
||||
/* Output: bytes_M, len_M (len_M may be null and will always be
|
||||
|
|
216
test_srp.c
216
test_srp.c
|
@ -18,15 +18,225 @@ unsigned long long get_usec()
|
|||
return (((unsigned long long)t.tv_sec) * 1000000) + t.tv_usec;
|
||||
}
|
||||
|
||||
// The test vectors from
|
||||
// https://tools.ietf.org/html/rfc5054#appendix-B
|
||||
|
||||
static const char srp_5054_salt[] = {
|
||||
0xBE, 0xB2, 0x53, 0x79, 0xD1, 0xA8, 0x58, 0x1E,
|
||||
0xB5, 0xA7, 0x27, 0x67, 0x3A, 0x24, 0x41, 0xEE,
|
||||
};
|
||||
|
||||
static const char srp_5054_v[] = {
|
||||
0x7E, 0x27, 0x3D, 0xE8, 0x69, 0x6F, 0xFC, 0x4F,
|
||||
0x4E, 0x33, 0x7D, 0x05, 0xB4, 0xB3, 0x75, 0xBE,
|
||||
0xB0, 0xDD, 0xE1, 0x56, 0x9E, 0x8F, 0xA0, 0x0A,
|
||||
0x98, 0x86, 0xD8, 0x12, 0x9B, 0xAD, 0xA1, 0xF1,
|
||||
0x82, 0x22, 0x23, 0xCA, 0x1A, 0x60, 0x5B, 0x53,
|
||||
0x0E, 0x37, 0x9B, 0xA4, 0x72, 0x9F, 0xDC, 0x59,
|
||||
0xF1, 0x05, 0xB4, 0x78, 0x7E, 0x51, 0x86, 0xF5,
|
||||
0xC6, 0x71, 0x08, 0x5A, 0x14, 0x47, 0xB5, 0x2A,
|
||||
0x48, 0xCF, 0x19, 0x70, 0xB4, 0xFB, 0x6F, 0x84,
|
||||
0x00, 0xBB, 0xF4, 0xCE, 0xBF, 0xBB, 0x16, 0x81,
|
||||
0x52, 0xE0, 0x8A, 0xB5, 0xEA, 0x53, 0xD1, 0x5C,
|
||||
0x1A, 0xFF, 0x87, 0xB2, 0xB9, 0xDA, 0x6E, 0x04,
|
||||
0xE0, 0x58, 0xAD, 0x51, 0xCC, 0x72, 0xBF, 0xC9,
|
||||
0x03, 0x3B, 0x56, 0x4E, 0x26, 0x48, 0x0D, 0x78,
|
||||
0xE9, 0x55, 0xA5, 0xE2, 0x9E, 0x7A, 0xB2, 0x45,
|
||||
0xDB, 0x2B, 0xE3, 0x15, 0xE2, 0x09, 0x9A, 0xFB,
|
||||
};
|
||||
|
||||
static const char srp_5054_a[] = {
|
||||
0x60, 0x97, 0x55, 0x27, 0x03, 0x5C, 0xF2, 0xAD,
|
||||
0x19, 0x89, 0x80, 0x6F, 0x04, 0x07, 0x21, 0x0B,
|
||||
0xC8, 0x1E, 0xDC, 0x04, 0xE2, 0x76, 0x2A, 0x56,
|
||||
0xAF, 0xD5, 0x29, 0xDD, 0xDA, 0x2D, 0x43, 0x93,
|
||||
};
|
||||
|
||||
static const char srp_5054_A[] = {
|
||||
0x61, 0xD5, 0xE4, 0x90, 0xF6, 0xF1, 0xB7, 0x95,
|
||||
0x47, 0xB0, 0x70, 0x4C, 0x43, 0x6F, 0x52, 0x3D,
|
||||
0xD0, 0xE5, 0x60, 0xF0, 0xC6, 0x41, 0x15, 0xBB,
|
||||
0x72, 0x55, 0x7E, 0xC4, 0x43, 0x52, 0xE8, 0x90,
|
||||
0x32, 0x11, 0xC0, 0x46, 0x92, 0x27, 0x2D, 0x8B,
|
||||
0x2D, 0x1A, 0x53, 0x58, 0xA2, 0xCF, 0x1B, 0x6E,
|
||||
0x0B, 0xFC, 0xF9, 0x9F, 0x92, 0x15, 0x30, 0xEC,
|
||||
0x8E, 0x39, 0x35, 0x61, 0x79, 0xEA, 0xE4, 0x5E,
|
||||
0x42, 0xBA, 0x92, 0xAE, 0xAC, 0xED, 0x82, 0x51,
|
||||
0x71, 0xE1, 0xE8, 0xB9, 0xAF, 0x6D, 0x9C, 0x03,
|
||||
0xE1, 0x32, 0x7F, 0x44, 0xBE, 0x08, 0x7E, 0xF0,
|
||||
0x65, 0x30, 0xE6, 0x9F, 0x66, 0x61, 0x52, 0x61,
|
||||
0xEE, 0xF5, 0x40, 0x73, 0xCA, 0x11, 0xCF, 0x58,
|
||||
0x58, 0xF0, 0xED, 0xFD, 0xFE, 0x15, 0xEF, 0xEA,
|
||||
0xB3, 0x49, 0xEF, 0x5D, 0x76, 0x98, 0x8A, 0x36,
|
||||
0x72, 0xFA, 0xC4, 0x7B, 0x07, 0x69, 0x44, 0x7B,
|
||||
};
|
||||
|
||||
static const char srp_5054_b[] = {
|
||||
0xE4, 0x87, 0xCB, 0x59, 0xD3, 0x1A, 0xC5, 0x50,
|
||||
0x47, 0x1E, 0x81, 0xF0, 0x0F, 0x69, 0x28, 0xE0,
|
||||
0x1D, 0xDA, 0x08, 0xE9, 0x74, 0xA0, 0x04, 0xF4,
|
||||
0x9E, 0x61, 0xF5, 0xD1, 0x05, 0x28, 0x4D, 0x20,
|
||||
};
|
||||
|
||||
static const char srp_5054_B[] = {
|
||||
0xBD, 0x0C, 0x61, 0x51, 0x2C, 0x69, 0x2C, 0x0C,
|
||||
0xB6, 0xD0, 0x41, 0xFA, 0x01, 0xBB, 0x15, 0x2D,
|
||||
0x49, 0x16, 0xA1, 0xE7, 0x7A, 0xF4, 0x6A, 0xE1,
|
||||
0x05, 0x39, 0x30, 0x11, 0xBA, 0xF3, 0x89, 0x64,
|
||||
0xDC, 0x46, 0xA0, 0x67, 0x0D, 0xD1, 0x25, 0xB9,
|
||||
0x5A, 0x98, 0x16, 0x52, 0x23, 0x6F, 0x99, 0xD9,
|
||||
0xB6, 0x81, 0xCB, 0xF8, 0x78, 0x37, 0xEC, 0x99,
|
||||
0x6C, 0x6D, 0xA0, 0x44, 0x53, 0x72, 0x86, 0x10,
|
||||
0xD0, 0xC6, 0xDD, 0xB5, 0x8B, 0x31, 0x88, 0x85,
|
||||
0xD7, 0xD8, 0x2C, 0x7F, 0x8D, 0xEB, 0x75, 0xCE,
|
||||
0x7B, 0xD4, 0xFB, 0xAA, 0x37, 0x08, 0x9E, 0x6F,
|
||||
0x9C, 0x60, 0x59, 0xF3, 0x88, 0x83, 0x8E, 0x7A,
|
||||
0x00, 0x03, 0x0B, 0x33, 0x1E, 0xB7, 0x68, 0x40,
|
||||
0x91, 0x04, 0x40, 0xB1, 0xB2, 0x7A, 0xAE, 0xAE,
|
||||
0xEB, 0x40, 0x12, 0xB7, 0xD7, 0x66, 0x52, 0x38,
|
||||
0xA8, 0xE3, 0xFB, 0x00, 0x4B, 0x11, 0x7B, 0x58,
|
||||
};
|
||||
|
||||
// This isn't used (yet)
|
||||
static const char srp_5054_u[] = {
|
||||
0xCE, 0x38, 0xB9, 0x59, 0x34, 0x87, 0xDA, 0x98,
|
||||
0x55, 0x4E, 0xD4, 0x7D, 0x70, 0xA7, 0xAE, 0x5F,
|
||||
0x46, 0x2E, 0xF0, 0x19,
|
||||
};
|
||||
|
||||
// This is SHA-1(<premaster secret>)
|
||||
static const char srp_5054_S[] = {
|
||||
0x01, 0x7e, 0xef, 0xa1, 0xce, 0xfc, 0x5c, 0x2e,
|
||||
0x62, 0x6e, 0x21, 0x59, 0x89, 0x87, 0xf3, 0x1e,
|
||||
0x0f, 0x1b, 0x11, 0xbb,
|
||||
};
|
||||
|
||||
int test_rfc_5054_compat()
|
||||
{
|
||||
struct SRPVerifier * ver;
|
||||
struct SRPUser * usr;
|
||||
|
||||
const unsigned char * bytes_s = (const unsigned char *) srp_5054_salt;
|
||||
const unsigned char * bytes_v = 0;
|
||||
const unsigned char * bytes_A = 0;
|
||||
const unsigned char * bytes_B = 0;
|
||||
|
||||
const unsigned char * bytes_M = 0;
|
||||
const unsigned char * bytes_HAMK = 0;
|
||||
const unsigned char * bytes_S = 0;
|
||||
|
||||
int len_s = 16;
|
||||
int len_v = 0;
|
||||
int len_A = 0;
|
||||
int len_B = 0;
|
||||
int len_M = 0;
|
||||
int len_S = 0;
|
||||
int i;
|
||||
|
||||
const char * username = "alice";
|
||||
const char * password = "password123";
|
||||
|
||||
SRP_HashAlgorithm alg = SRP_SHA1;
|
||||
SRP_NGType ng_type = SRP_NG_1024; //TEST_NG;
|
||||
|
||||
printf("Testing RFC 5054 test vectors...");
|
||||
|
||||
srp_create_salted_verification_key( alg, ng_type, username,
|
||||
(const unsigned char *)password,
|
||||
strlen(password), &bytes_s, &len_s, &bytes_v, &len_v, NULL, NULL );
|
||||
|
||||
if (len_v != 128 || memcmp(&srp_5054_v, bytes_v, len_v) != 0)
|
||||
{
|
||||
printf(" computed v doesn't match!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
usr = srp_user_new( alg, ng_type, username, username,
|
||||
(const unsigned char *)password,
|
||||
strlen(password), NULL, NULL );
|
||||
|
||||
srp_user_start_authentication( usr, NULL, srp_5054_a, 32, &bytes_A, &len_A );
|
||||
|
||||
if (memcmp(&srp_5054_A, bytes_A, len_A) != 0)
|
||||
{
|
||||
printf(" computed A doesn't match!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* User -> Host: (username, bytes_A) */
|
||||
ver = srp_verifier_new( alg, ng_type, username, (const unsigned char *) srp_5054_salt,
|
||||
len_s, bytes_v, len_v, bytes_A, len_A, srp_5054_b, 32, &bytes_B,
|
||||
&len_B, NULL, NULL );
|
||||
|
||||
if ( !bytes_B )
|
||||
{
|
||||
printf(" SRP-6a safety check violated for B!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (memcmp(&srp_5054_B, bytes_B, len_B) != 0)
|
||||
{
|
||||
printf(" computed B doesn't match!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
/* Host -> User: (bytes_s, bytes_B) */
|
||||
srp_user_process_challenge( usr, (const unsigned char *) srp_5054_salt, len_s, bytes_B, len_B, &bytes_M, &len_M );
|
||||
|
||||
if ( !bytes_M )
|
||||
{
|
||||
printf(" SRP-6a safety check violated for M!\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* User -> Host: (bytes_M) */
|
||||
srp_verifier_verify_session( ver, bytes_M, &bytes_HAMK );
|
||||
|
||||
if ( !bytes_HAMK )
|
||||
{
|
||||
printf(" user authentication failed!\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Host -> User: (HAMK) */
|
||||
srp_user_verify_session( usr, bytes_HAMK );
|
||||
|
||||
if ( !srp_user_is_authenticated(usr) )
|
||||
{
|
||||
printf(" server authentication failed!\n");
|
||||
}
|
||||
|
||||
bytes_S = srp_verifier_get_session_key(ver, &len_S);
|
||||
|
||||
if (memcmp(&srp_5054_S, bytes_S, len_S) != 0)
|
||||
{
|
||||
printf(" computed session key doesn't match!\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf(" success.\n");
|
||||
|
||||
cleanup:
|
||||
srp_verifier_delete( ver );
|
||||
srp_user_delete( usr );
|
||||
|
||||
free( (char *)bytes_v );
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
const char * test_n_hex = "EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496"
|
||||
"EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8E"
|
||||
"F4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA"
|
||||
"9AFD5138FE8376435B9FC61D2FC0EB06E3";
|
||||
const char * test_g_hex = "2";
|
||||
|
||||
|
||||
int main( int argc, char * argv[] )
|
||||
{
|
||||
test_rfc_5054_compat();
|
||||
printf("Performing the speedtest.\n");
|
||||
|
||||
struct SRPVerifier * ver;
|
||||
struct SRPUser * usr;
|
||||
|
||||
|
@ -80,11 +290,11 @@ int main( int argc, char * argv[] )
|
|||
(const unsigned char *)password,
|
||||
strlen(password), n_hex, g_hex );
|
||||
|
||||
srp_user_start_authentication( usr, NULL, &bytes_A, &len_A );
|
||||
srp_user_start_authentication( usr, NULL, NULL, 0, &bytes_A, &len_A );
|
||||
|
||||
/* User -> Host: (username, bytes_A) */
|
||||
ver = srp_verifier_new( alg, ng_type, username, bytes_s, len_s, bytes_v, len_v,
|
||||
bytes_A, len_A, & bytes_B, &len_B, n_hex, g_hex );
|
||||
bytes_A, len_A, NULL, 0, & bytes_B, &len_B, n_hex, g_hex );
|
||||
|
||||
if ( !bytes_B )
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue