est31/csrp-gmp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added hash and Ng specification

Browse Source
This commit is contained in:
Tom Cocagne 2010-11-24 11:26:03 -05:00
parent 14bf5988c0
commit f4650c1c45
3 changed files with 413 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

468
srp.c
View File

@ -46,30 +46,115 @@
#include "srp.h"
/* 2048-bit prime & generator pair from RFC 5054 */
#define N_HEX "AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73"
#define G_HEX "2"
static int g_initialized = 0;
typedef struct
{
const char * n_hex;
const char * g_hex;
BIGNUM * N;
BIGNUM * g;
int should_delete;
} NGConstant;
static NGConstant * new_ng( const char * n_hex, const char * g_hex )
{
NGConstant * ng = (NGConstant *) malloc( sizeof(NGConstant) );
ng->n_hex = n_hex;
ng->g_hex = g_hex;
ng->N = BN_new();
ng->g = BN_new();
ng->should_delete = 1;
BN_hex2bn( &ng->N, ng->n_hex );
BN_hex2bn( &ng->g, ng->g_hex );
return ng;
}
static void delete_ng( NGConstant * ng )
{
BN_free( ng->N );
BN_free( ng->g );
ng->N = 0;
ng->g = 0;
free(ng);
}
static const BIGNUM * N = 0;
static const BIGNUM * g = 0;
static const BIGNUM * k = 0;
static int g_initialized = 0;
/* All constants here were pulled from Appendix A of RFC 5054 */
static NGConstant global_Ng_array[] = {
{ /* 1024 */
"EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496"
"EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8E"
"F4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA"
"9AFD5138FE8376435B9FC61D2FC0EB06E3",
"2", 0, 0, 0
},
{ /* 2048 */
"AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4"
"A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF60"
"95179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF"
"747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B907"
"8717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB37861"
"60279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DB"
"FBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73",
"2", 0, 0, 0
},
{ /* 4096 */
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
"8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
"302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
"A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
"49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
"FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
"180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
"3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
"04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
"B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
"1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
"E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
"99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
"04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
"233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
"D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199"
"FFFFFFFFFFFFFFFF",
"5", 0, 0, 0
},
{0,0,0,0,0} /* null sentinel */
};
typedef union
{
SHA_CTX sha;
SHA256_CTX sha256;
SHA512_CTX sha512;
} HashCTX;
struct SRPVerifier
{
SRP_HashAlgorithm hash_alg;
NGConstant *ng;
const char * username;
const unsigned char * bytes_B;
int authenticated;
unsigned char M [SRP_SHA256_DIGEST_LENGTH];
unsigned char H_AMK [SRP_SHA256_DIGEST_LENGTH];
unsigned char session_key [SRP_SHA256_DIGEST_LENGTH];
unsigned char M [SHA512_DIGEST_LENGTH];
unsigned char H_AMK [SHA512_DIGEST_LENGTH];
unsigned char session_key [SHA512_DIGEST_LENGTH];
};
struct SRPUser
{
SRP_HashAlgorithm hash_alg;
NGConstant *ng;
BIGNUM *a;
BIGNUM *A;
BIGNUM *S;
@ -81,113 +166,191 @@ struct SRPUser
const unsigned char * password;
int password_len;
unsigned char M [SRP_SHA256_DIGEST_LENGTH];
unsigned char H_AMK [SRP_SHA256_DIGEST_LENGTH];
unsigned char session_key [SRP_SHA256_DIGEST_LENGTH];
unsigned char M [SHA512_DIGEST_LENGTH];
unsigned char H_AMK [SHA512_DIGEST_LENGTH];
unsigned char session_key [SHA512_DIGEST_LENGTH];
};
static BIGNUM * H_nn( const BIGNUM * n1, const BIGNUM * n2 )
static int hash_init( SRP_HashAlgorithm alg, HashCTX *c )
{
unsigned char buff[ SHA256_DIGEST_LENGTH ];
switch (alg)
{
case SRP_SHA1 : return SHA1_Init( &c->sha );
case SRP_SHA224: return SHA224_Init( &c->sha256 );
case SRP_SHA256: return SHA256_Init( &c->sha256 );
case SRP_SHA384: return SHA384_Init( &c->sha512 );
case SRP_SHA512: return SHA512_Init( &c->sha512 );
default:
return -1;
};
}
static int hash_update( SRP_HashAlgorithm alg, HashCTX *c, const void *data, size_t len )
{
switch (alg)
{
case SRP_SHA1 : return SHA1_Update( &c->sha, data, len );
case SRP_SHA224: return SHA224_Update( &c->sha256, data, len );
case SRP_SHA256: return SHA256_Update( &c->sha256, data, len );
case SRP_SHA384: return SHA384_Update( &c->sha512, data, len );
case SRP_SHA512: return SHA512_Update( &c->sha512, data, len );
default:
return -1;
};
}
static int hash_final( SRP_HashAlgorithm alg, HashCTX *c, unsigned char *md )
{
switch (alg)
{
case SRP_SHA1 : return SHA1_Final( md, &c->sha );
case SRP_SHA224: return SHA224_Final( md, &c->sha256 );
case SRP_SHA256: return SHA256_Final( md, &c->sha256 );
case SRP_SHA384: return SHA384_Final( md, &c->sha512 );
case SRP_SHA512: return SHA512_Final( md, &c->sha512 );
default:
return -1;
};
}
static unsigned char * hash( SRP_HashAlgorithm alg, const unsigned char *d, size_t n, unsigned char *md )
{
switch (alg)
{
case SRP_SHA1 : return SHA1( d, n, md );
case SRP_SHA224: return SHA224( d, n, md );
case SRP_SHA256: return SHA256( d, n, md );
case SRP_SHA384: return SHA384( d, n, md );
case SRP_SHA512: return SHA512( d, n, md );
default:
return 0;
};
}
static int hash_length( SRP_HashAlgorithm alg )
{
switch (alg)
{
case SRP_SHA1 : return SHA_DIGEST_LENGTH;
case SRP_SHA224: return SHA224_DIGEST_LENGTH;
case SRP_SHA256: return SHA256_DIGEST_LENGTH;
case SRP_SHA384: return SHA384_DIGEST_LENGTH;
case SRP_SHA512: return SHA512_DIGEST_LENGTH;
default:
return -1;
};
}
static BIGNUM * H_nn( SRP_HashAlgorithm alg, const BIGNUM * n1, const BIGNUM * n2 )
{
unsigned char buff[ SHA512_DIGEST_LENGTH ];
int len_n1 = BN_num_bytes(n1);
int len_n2 = BN_num_bytes(n2);
int nbytes = len_n1 + len_n2;
unsigned char * bin = (unsigned char *) alloca( nbytes );
BN_bn2bin(n1, bin);
BN_bn2bin(n2, bin + len_n1);
SHA256( bin, nbytes, buff );
return BN_bin2bn(buff, SHA256_DIGEST_LENGTH, NULL);
hash( alg, bin, nbytes, buff );
return BN_bin2bn(buff, hash_length(alg), NULL);
}
static BIGNUM * H_ns( const BIGNUM * n, const unsigned char * bytes, int len_bytes )
static BIGNUM * H_ns( SRP_HashAlgorithm alg, const BIGNUM * n, const unsigned char * bytes, int len_bytes )
{
unsigned char buff[ SHA256_DIGEST_LENGTH ];
unsigned char buff[ SHA512_DIGEST_LENGTH ];
int len_n = BN_num_bytes(n);
int nbytes = len_n + len_bytes;
unsigned char * bin = (unsigned char *) alloca( nbytes );
BN_bn2bin(n, bin);
memcpy( bin + len_n, bytes, len_bytes );
SHA256( bin, nbytes, buff );
return BN_bin2bn(buff, SHA256_DIGEST_LENGTH, NULL);
hash( alg, bin, nbytes, buff );
return BN_bin2bn(buff, hash_length(alg), NULL);
}
static BIGNUM * calculate_x( const BIGNUM * salt, const char * username, const unsigned char * password, int password_len )
static BIGNUM * calculate_x( SRP_HashAlgorithm alg, const BIGNUM * salt, const char * username, const unsigned char * password, int password_len )
{
unsigned char ucp_hash[SHA256_DIGEST_LENGTH];
SHA256_CTX ctx;
SHA256_Init( &ctx );
unsigned char ucp_hash[SHA512_DIGEST_LENGTH];
HashCTX ctx;
hash_init( alg, &ctx );
hash_update( alg, &ctx, username, strlen(username) );
hash_update( alg, &ctx, ":", 1 );
hash_update( alg, &ctx, password, password_len );
SHA256_Update( &ctx, username, strlen(username) );
SHA256_Update( &ctx, ":", 1 );
SHA256_Update( &ctx, password, password_len );
SHA256_Final( ucp_hash, &ctx );
hash_final( alg, &ctx, ucp_hash );
return H_ns( salt, ucp_hash, sizeof(ucp_hash) );
return H_ns( alg, salt, ucp_hash, hash_length(alg) );
}
static void update_hash( SHA256_CTX *ctx, const BIGNUM * n )
static void update_hash_n( SRP_HashAlgorithm alg, HashCTX *ctx, const BIGNUM * n )
{
unsigned long len = BN_num_bytes(n);
unsigned char * n_bytes = (unsigned char *) alloca( len );
BN_bn2bin(n, n_bytes);
SHA256_Update(ctx, n_bytes, len);
hash_update(alg, ctx, n_bytes, len);
}
static void hash_num( const BIGNUM * n, unsigned char * dest )
static void hash_num( SRP_HashAlgorithm alg, const BIGNUM * n, unsigned char * dest )
{
int nbytes = BN_num_bytes(n);
unsigned char * bin = (unsigned char *) alloca( nbytes );
BN_bn2bin(n, bin);
SHA256( bin, nbytes, dest );
hash( alg, bin, nbytes, dest );
}
static void calculate_M( unsigned char * dest, const char * I, const BIGNUM * s,
static void calculate_M( SRP_HashAlgorithm alg, NGConstant *ng, unsigned char * dest, const char * I, const BIGNUM * s,
const BIGNUM * A, const BIGNUM * B, const unsigned char * K )
{
unsigned char H_N[ SHA256_DIGEST_LENGTH ];
unsigned char H_g[ SHA256_DIGEST_LENGTH ];
unsigned char H_I[ SHA256_DIGEST_LENGTH ];
unsigned char H_xor[ SHA256_DIGEST_LENGTH ];
SHA256_CTX ctx;
unsigned char H_N[ SHA512_DIGEST_LENGTH ];
unsigned char H_g[ SHA512_DIGEST_LENGTH ];
unsigned char H_I[ SHA512_DIGEST_LENGTH ];
unsigned char H_xor[ SHA512_DIGEST_LENGTH ];
HashCTX ctx;
int i = 0;
int hash_len = hash_length(alg);
hash_num( N, H_N );
hash_num( g, H_g );
hash_num( alg, ng->N, H_N );
hash_num( alg, ng->g, H_g );
SHA256((const unsigned char *)I, strlen(I), H_I);
hash(alg, (const unsigned char *)I, strlen(I), H_I);
for (i=0; i < SHA256_DIGEST_LENGTH; i++ )
for (i=0; i < hash_len; i++ )
H_xor[i] = H_N[i] ^ H_g[i];
SHA256_Init( &ctx );
hash_init( alg, &ctx );
SHA256_Update( &ctx, H_xor, sizeof(H_xor) );
SHA256_Update( &ctx, H_I, sizeof(H_I) );
update_hash( &ctx, s );
update_hash( &ctx, A );
update_hash( &ctx, B );
SHA256_Update( &ctx, K, SHA256_DIGEST_LENGTH );
hash_update( alg, &ctx, H_xor, hash_len );
hash_update( alg, &ctx, H_I, hash_len );
update_hash_n( alg, &ctx, s );
update_hash_n( alg, &ctx, A );
update_hash_n( alg, &ctx, B );
hash_update( alg, &ctx, K, hash_len );
SHA256_Final( dest, &ctx );
hash_final( alg, &ctx, dest );
}
static void calculate_H_AMK( unsigned char *dest, const BIGNUM * A, const unsigned char * M, const unsigned char * K )
static void calculate_H_AMK( SRP_HashAlgorithm alg, unsigned char *dest, const BIGNUM * A, const unsigned char * M, const unsigned char * K )
{
SHA256_CTX ctx;
HashCTX ctx;
SHA256_Init( &ctx );
hash_init( alg, &ctx );
update_hash( &ctx, A );
SHA256_Update( &ctx, M, SHA256_DIGEST_LENGTH);
SHA256_Update( &ctx, K, SHA256_DIGEST_LENGTH);
update_hash_n( alg, &ctx, A );
hash_update( alg, &ctx, M, hash_length(alg) );
hash_update( alg, &ctx, K, hash_length(alg) );
SHA256_Final( dest, &ctx );
hash_final( alg, &ctx, dest );
}
static NGConstant * get_ng( SRP_NGType ng_type, const char * n_hex, const char * g_hex )
{
if (ng_type > SRP_NG_CUSTOM || ng_type < SRP_NG_1024)
return 0;
if ( ng_type == SRP_NG_CUSTOM )
return new_ng( n_hex, g_hex );
else
return &global_Ng_array[ ng_type ];
}
/***********************************************************************************************************
*
@ -204,17 +367,21 @@ void srp_init()
#endif
unsigned char buff[32];
NGConstant *ng = &global_Ng_array[0];
BIGNUM *tN = BN_new();
BIGNUM *tg = BN_new();
while( ng->n_hex )
{
ng->N = BN_new();
ng->g = BN_new();
BN_hex2bn( &ng->N, ng->n_hex );
BN_hex2bn( &ng->g, ng->g_hex );
++ng;
}
BN_hex2bn( &tN, N_HEX );
BN_hex2bn( &tg, G_HEX );
N = tN;
g = tg;
k = H_nn(N,g);
//k = H_nn(N,g);
#ifdef WIN32
@ -249,13 +416,17 @@ void srp_init()
void srp_fini()
{
g_initialized = 0;
NGConstant *ng = &global_Ng_array[0];
BN_free((BIGNUM *)N);
BN_free((BIGNUM *)g);
BN_free((BIGNUM *)k);
N = 0;
g = 0;
while( ng->n_hex )
{
BN_free( ng->N );
BN_free( ng->g );
ng->N = 0;
ng->g = 0;
++ng;
}
}
@ -265,21 +436,23 @@ int srp_is_initialized()
}
void srp_gen_sv( const char * username,
void srp_gen_sv( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char * username,
const unsigned char * password, int len_password,
const unsigned char ** bytes_s, int * len_s,
const unsigned char ** bytes_v, int * len_v )
const unsigned char ** bytes_v, int * len_v,
const char * n_hex, const char * g_hex )
{
BIGNUM * s = BN_new();
BIGNUM * v = BN_new();
BIGNUM * x = 0;
BN_CTX *ctx = BN_CTX_new();
BIGNUM * s = BN_new();
BIGNUM * v = BN_new();
BIGNUM * x = 0;
BN_CTX * ctx = BN_CTX_new();
NGConstant * ng = get_ng( ng_type, n_hex, g_hex );
BN_rand(s, 32, -1, 0);
x = calculate_x( s, username, password, len_password );
x = calculate_x( alg, s, username, password, len_password );
BN_mod_exp(v, g, x, N, ctx);
BN_mod_exp(v, ng->g, x, ng->N, ctx);
*len_s = BN_num_bytes(s);
*len_v = BN_num_bytes(v);
@ -302,54 +475,61 @@ void srp_gen_sv( const char * username,
*
* On failure, bytes_B will be set to NULL and len_B will be set to 0
*/
struct SRPVerifier * srp_verifier_new( const char * username,
struct SRPVerifier * srp_verifier_new( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char * username,
const unsigned char * bytes_s, int len_s,
const unsigned char * bytes_v, int len_v,
const unsigned char * bytes_A, int len_A,
const unsigned char ** bytes_B, int * len_B)
const unsigned char ** bytes_B, int * len_B,
const char * n_hex, const char * g_hex )
{
BIGNUM *s = BN_bin2bn(bytes_s, len_s, NULL);
BIGNUM *v = BN_bin2bn(bytes_v, len_v, NULL);
BIGNUM *A = BN_bin2bn(bytes_A, len_A, NULL);
BIGNUM *u = 0;
BIGNUM *B = BN_new();
BIGNUM *S = BN_new();
BIGNUM *b = BN_new();
BIGNUM *tmp1 = BN_new();
BIGNUM *tmp2 = BN_new();
BN_CTX *ctx = BN_CTX_new();
int ulen = strlen(username) + 1;
BIGNUM *s = BN_bin2bn(bytes_s, len_s, NULL);
BIGNUM *v = BN_bin2bn(bytes_v, len_v, NULL);
BIGNUM *A = BN_bin2bn(bytes_A, len_A, NULL);
BIGNUM *u = 0;
BIGNUM *B = BN_new();
BIGNUM *S = BN_new();
BIGNUM *b = BN_new();
BIGNUM *k = 0;
BIGNUM *tmp1 = BN_new();
BIGNUM *tmp2 = BN_new();
BN_CTX *ctx = BN_CTX_new();
int ulen = strlen(username) + 1;
NGConstant *ng = get_ng( ng_type, n_hex, g_hex );
struct SRPVerifier * ver = (struct SRPVerifier *) malloc( sizeof(struct SRPVerifier) );
ver->username = (char *) malloc( ulen );
ver->hash_alg = alg;
ver->ng = ng;
memcpy( (char*)ver->username, username, ulen );
ver->authenticated = 0;
/* SRP-6a safety check */
BN_mod(tmp1, A, N, ctx);
BN_mod(tmp1, A, ng->N, ctx);
if ( !BN_is_zero(tmp1) )
{
BN_rand(b, 256, -1, 0);
k = H_nn(alg, ng->N, ng->g);
/* B = kv + g^b */
BN_mul(tmp1, k, v, ctx);
BN_mod_exp(tmp2, g, b, N, ctx);
BN_mod_exp(tmp2, ng->g, b, ng->N, ctx);
BN_add(B, tmp1, tmp2);
u = H_nn(A,B);
u = H_nn(alg, A, B);
/* S = (A *(v^u)) ^ b */
BN_mod_exp(tmp1, v, u, N, ctx);
BN_mod_exp(tmp1, v, u, ng->N, ctx);
BN_mul(tmp2, A, tmp1, ctx);
BN_mod_exp(S, tmp2, b, N, ctx);
BN_mod_exp(S, tmp2, b, ng->N, ctx);
hash_num(S, ver->session_key);
hash_num(alg, S, ver->session_key);
calculate_M( ver->M, username, s, A, B, ver->session_key );
calculate_H_AMK( ver->H_AMK, A, ver->M, ver->session_key );
calculate_M( alg, ng, ver->M, username, s, A, B, ver->session_key );
calculate_H_AMK( alg, ver->H_AMK, A, ver->M, ver->session_key );
*len_B = BN_num_bytes(B);
*bytes_B = malloc( *len_B );
@ -368,6 +548,7 @@ struct SRPVerifier * srp_verifier_new( const char * username,
BN_free(v);
BN_free(A);
if (u) BN_free(u);
if (k) BN_free(k);
BN_free(B);
BN_free(S);
BN_free(b);
@ -383,6 +564,8 @@ struct SRPVerifier * srp_verifier_new( const char * username,
void srp_verifier_delete( struct SRPVerifier * ver )
{
if ( ver->ng && ver->ng->should_delete )
delete_ng( ver->ng );
free( (char *) ver->username );
free( (unsigned char *) ver->bytes_B );
free( ver );
@ -401,18 +584,25 @@ const char * srp_verifier_get_username( struct SRPVerifier * ver )
return ver->username;
}
/* Key length is SRP_SHA256_DIGEST_LENGTH */
const unsigned char * srp_verifier_get_session_key( struct SRPVerifier * ver )
const unsigned char * srp_verifier_get_session_key( struct SRPVerifier * ver, int * key_length )
{
if (key_length)
*key_length = hash_length( ver->hash_alg );
return ver->session_key;
}
int srp_verifier_get_session_key_length( struct SRPVerifier * ver )
{
return hash_length( ver->hash_alg );
}
/* user_M must be exactly SRP_SHA256_DIGEST_LENGTH bytes in size */
/* user_M must be exactly SHA512_DIGEST_LENGTH bytes in size */
void srp_verifier_verify_session( struct SRPVerifier * ver, const unsigned char * user_M, const unsigned char ** bytes_HAMK )
{
if ( memcmp( ver->M, user_M, SRP_SHA256_DIGEST_LENGTH ) == 0 )
if ( memcmp( ver->M, user_M, hash_length(ver->hash_alg) ) == 0 )
{
ver->authenticated = 1;
*bytes_HAMK = ver->H_AMK;
@ -423,12 +613,16 @@ void srp_verifier_verify_session( struct SRPVerifier * ver, const unsigned char
/*******************************************************************************/
struct SRPUser * srp_user_new( const char * username,
const unsigned char * bytes_password, int len_password )
struct SRPUser * srp_user_new( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char * username,
const unsigned char * bytes_password, int len_password,
const char * n_hex, const char * g_hex )
{
struct SRPUser *usr = (struct SRPUser *) malloc( sizeof(struct SRPUser) );
int ulen = strlen(username) + 1;
usr->hash_alg = alg;
usr->ng = get_ng( ng_type, n_hex, g_hex );
usr->a = BN_new();
usr->A = BN_new();
usr->S = BN_new();
@ -453,6 +647,9 @@ void srp_user_delete( struct SRPUser * usr )
BN_free( usr->A );
BN_free( usr->S );
if ( usr->ng && usr->ng->should_delete )
delete_ng( usr->ng );
free((char *)usr->username);
free((char *)usr->password);
@ -477,12 +674,21 @@ const char * srp_user_get_username( struct SRPUser * usr )
/* Key length is SRP_SHA256_DIGEST_LENGTH */
const unsigned char * srp_user_get_session_key( struct SRPUser * usr )
const unsigned char * srp_user_get_session_key( struct SRPUser * usr, int * key_length )
{
if (key_length)
*key_length = hash_length( usr->hash_alg );
return usr->session_key;
}
int srp_user_get_session_key_length( struct SRPUser * usr )
{
return hash_length( usr->hash_alg );
}
/* Output: username, bytes_A, len_A */
void srp_user_start_authentication( struct SRPUser * usr, const char ** username,
const unsigned char ** bytes_A, int * len_A )
@ -491,7 +697,7 @@ void srp_user_start_authentication( struct SRPUser * usr, const char ** usernam
BN_rand(usr->a, 256, -1, 0);
BN_mod_exp(usr->A, g, usr->a, N, ctx);
BN_mod_exp(usr->A, usr->ng->g, usr->a, usr->ng->N, ctx);
BN_CTX_free(ctx);
@ -505,55 +711,63 @@ void srp_user_start_authentication( struct SRPUser * usr, const char ** usernam
}
/* Output: bytes_M. Buffer length is SRP_SHA256_DIGEST_LENGTH */
/* Output: bytes_M. Buffer length is SHA512_DIGEST_LENGTH */
void srp_user_process_challenge( struct SRPUser * usr,
const unsigned char * bytes_s, int len_s,
const unsigned char * bytes_B, int len_B,
const unsigned char ** bytes_M )
const unsigned char ** bytes_M, int * len_M )
{
BIGNUM *s = BN_bin2bn(bytes_s, len_s, NULL);
BIGNUM *B = BN_bin2bn(bytes_B, len_B, NULL);
BIGNUM *u = 0;
BIGNUM *x = 0;
BIGNUM *k = 0;
BIGNUM *v = BN_new();
BIGNUM *tmp1 = BN_new();
BIGNUM *tmp2 = BN_new();
BIGNUM *tmp3 = BN_new();
BN_CTX *ctx = BN_CTX_new();
u = H_nn(usr->A,B);
u = H_nn(usr->hash_alg, usr->A, B);
x = calculate_x( s, usr->username, usr->password, usr->password_len );
x = calculate_x( usr->hash_alg, s, usr->username, usr->password, usr->password_len );
k = H_nn(usr->hash_alg, usr->ng->N, usr->ng->g);
/* SRP-6a safety check */
if ( !BN_is_zero(B) && !BN_is_zero(u) )
{
BN_mod_exp(v, g, x, N, ctx);
BN_mod_exp(v, usr->ng->g, x, usr->ng->N, ctx);
/* S = (B - k*(g^x)) ^ (a + ux) */
BN_mul(tmp1, u, x, ctx);
BN_add(tmp2, usr->a, tmp1); /* tmp2 = (a + ux) */
BN_mod_exp(tmp1, g, x, N, ctx);
BN_mod_exp(tmp1, usr->ng->g, x, usr->ng->N, ctx);
BN_mul(tmp3, k, tmp1, ctx); /* tmp3 = k*(g^x) */
BN_sub(tmp1, B, tmp3); /* tmp1 = (B - K*(g^x)) */
BN_mod_exp(usr->S, tmp1, tmp2, N, ctx);
BN_mod_exp(usr->S, tmp1, tmp2, usr->ng->N, ctx);
hash_num(usr->S, usr->session_key);
hash_num(usr->hash_alg, usr->S, usr->session_key);
calculate_M( usr->M, usr->username, s, usr->A, B, usr->session_key );
calculate_H_AMK( usr->H_AMK, usr->A, usr->M, usr->session_key );
calculate_M( usr->hash_alg, usr->ng, usr->M, usr->username, s, usr->A, B, usr->session_key );
calculate_H_AMK( usr->hash_alg, usr->H_AMK, usr->A, usr->M, usr->session_key );
*bytes_M = usr->M;
if (len_M)
*len_M = hash_length( usr->hash_alg );
}
else
{
*bytes_M = NULL;
if (len_M)
*len_M = 0;
}
BN_free(s);
BN_free(B);
BN_free(u);
BN_free(x);
BN_free(k);
BN_free(v);
BN_free(tmp1);
BN_free(tmp2);
@ -561,9 +775,9 @@ void srp_user_process_challenge( struct SRPUser * usr,
BN_CTX_free(ctx);
}
/* bytes_HAMK must be exactly SRP_SHA256_DIGEST_LENGTH bytes in size */
void srp_user_verify_session( struct SRPUser * usr, const unsigned char * bytes_HAMK )
{
if ( memcmp( usr->H_AMK, bytes_HAMK, SRP_SHA256_DIGEST_LENGTH ) == 0 )
if ( memcmp( usr->H_AMK, bytes_HAMK, hash_length(usr->hash_alg) ) == 0 )
usr->authenticated = 1;
}

62
srp.h
View File

@ -51,8 +51,6 @@
#ifndef SRP_H
#define SRP_H
#define SRP_SHA256_DIGEST_LENGTH 32
/* srp_init() must be called prior to usage of any other srp_* functions.
* and a matching srp_fini() will clean up all memory allocated by srp_init().
*/
@ -66,26 +64,49 @@ int srp_is_initialized();
struct SRPVerifier;
struct SRPUser;
typedef enum
{
SRP_NG_1024,
SRP_NG_2048,
SRP_NG_4096,
SRP_NG_CUSTOM
} SRP_NGType;
typedef enum
{
SRP_SHA1,
SRP_SHA224,
SRP_SHA256,
SRP_SHA384,
SRP_SHA512
} SRP_HashAlgorithm;
/* Out: bytes_s, len_s, bytes_v, len_v
*
* The caller is responsible for freeing the memory allocated for bytes_s and bytes_v
*
* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type
*/
void srp_gen_sv( const char * username,
void srp_gen_sv( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char * username,
const unsigned char * password, int len_password,
const unsigned char ** bytes_s, int * len_s,
const unsigned char ** bytes_v, int * len_v );
const unsigned char ** bytes_v, int * len_v,
const char * n_hex, const char * g_hex );
/* Out: bytes_B, len_B.
*
* On failure, bytes_B will be set to NULL and len_B will be set to 0
*
* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type
*/
struct SRPVerifier * srp_verifier_new( const char * username,
struct SRPVerifier * srp_verifier_new( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char * username,
const unsigned char * bytes_s, int len_s,
const unsigned char * bytes_v, int len_v,
const unsigned char * bytes_A, int len_A,
const unsigned char ** bytes_B, int * len_B);
const unsigned char ** bytes_B, int * len_B,
const char * n_hex, const char * g_hex );
void srp_verifier_delete( struct SRPVerifier * ver );
@ -96,20 +117,24 @@ int srp_verifier_is_authenticated( struct SRPVerifier * ver );
const char * srp_verifier_get_username( struct SRPVerifier * ver );
/* Key length is SRP_SHA256_DIGEST_LENGTH */
const unsigned char * srp_verifier_get_session_key( struct SRPVerifier * ver );
/* key_length may be null */
const unsigned char * srp_verifier_get_session_key( struct SRPVerifier * ver, int * key_length );
/* user_M must be exactly SRP_SHA256_DIGEST_LENGTH bytes in size */
int srp_verifier_get_session_key_length( struct SRPVerifier * ver );
/* user_M must be exactly srp_verifier_get_session_key_length() bytes in size */
void srp_verifier_verify_session( struct SRPVerifier * ver,
const unsigned char * user_M,
const unsigned char ** bytes_HAMK );
/*******************************************************************************/
struct SRPUser * srp_user_new( const char * username,
const unsigned char * bytes_password, int len_password );
/* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type */
struct SRPUser * srp_user_new( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char * username,
const unsigned char * bytes_password, int len_password,
const char * n_hex, const char * g_hex );
void srp_user_delete( struct SRPUser * usr );
@ -118,20 +143,23 @@ int srp_user_is_authenticated( struct SRPUser * usr);
const char * srp_user_get_username( struct SRPUser * usr );
/* Key length is SRP_SHA256_DIGEST_LENGTH */
const unsigned char * srp_user_get_session_key( struct SRPUser * usr );
/* key_length may be null */
const unsigned char * srp_user_get_session_key( struct SRPUser * usr, int * key_length );
int srp_user_get_session_key_length( struct SRPUser * usr );
/* Output: username, bytes_A, len_A */
void srp_user_start_authentication( struct SRPUser * usr, const char ** username,
const unsigned char ** bytes_A, int * len_A );
/* Output: bytes_M. Buffer length is SRP_SHA256_DIGEST_LENGTH */
/* Output: bytes_M, len_M (len_M may be null and will always be
* srp_user_get_session_key_length() bytes in size) */
void srp_user_process_challenge( struct SRPUser * usr,
const unsigned char * bytes_s, int len_s,
const unsigned char * bytes_B, int len_B,
const unsigned char ** bytes_M );
const unsigned char ** bytes_M, int * len_M );
/* bytes_HAMK must be exactly SRP_SHA256_DIGEST_LENGTH bytes in size */
/* bytes_HAMK must be exactly srp_user_get_session_key_length() bytes in size */
void srp_user_verify_session( struct SRPUser * usr, const unsigned char * bytes_HAMK );
#endif /* Include Guard */

35
test_srp.c
View File

@ -7,8 +7,9 @@
#include "srp.h"
#define NITER 100
#define NITER 100
#define TEST_HASH SRP_SHA1
#define TEST_NG SRP_NG_CUSTOM
unsigned long long get_usec()
{
@ -17,6 +18,12 @@ unsigned long long get_usec()
return (((unsigned long long)t.tv_sec) * 1000000) + t.tv_usec;
}
const char * test_n_hex = "EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496"
"EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8E"
"F4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA"
"9AFD5138FE8376435B9FC61D2FC0EB06E3";
const char * test_g_hex = "2";
int main( int argc, char * argv[] )
{
@ -35,6 +42,7 @@ int main( int argc, char * argv[] )
int len_v = 0;
int len_A = 0;
int len_B = 0;
int len_M = 0;
int i;
unsigned long long start;
@ -44,11 +52,22 @@ int main( int argc, char * argv[] )
const char * password = "password";
const char * auth_username = 0;
const char * n_hex = 0;
const char * g_hex = 0;
SRP_HashAlgorithm alg = TEST_HASH;
SRP_NGType ng_type = TEST_NG;
if (ng_type == SRP_NG_CUSTOM)
{
n_hex = test_n_hex;
g_hex = test_g_hex;
}
srp_init(NULL,0);
srp_gen_sv( username, password, strlen(password),
&bytes_s, &len_s, &bytes_v, &len_v );
srp_gen_sv( alg, ng_type, username, password, strlen(password),
&bytes_s, &len_s, &bytes_v, &len_v, n_hex, g_hex );
@ -56,13 +75,13 @@ int main( int argc, char * argv[] )
for( i = 0; i < NITER; i++ )
{
usr = srp_user_new( username, password, strlen(password) );
usr = srp_user_new( alg, ng_type, username, password, strlen(password), n_hex, g_hex );
srp_user_start_authentication( usr, &auth_username, &bytes_A, &len_A );
/* User -> Host: (username, bytes_A) */
ver = srp_verifier_new( username, bytes_s, len_s, bytes_v, len_v,
bytes_A, len_A, & bytes_B, &len_B );
ver = srp_verifier_new( alg, ng_type, username, bytes_s, len_s, bytes_v, len_v,
bytes_A, len_A, & bytes_B, &len_B, n_hex, g_hex );
if ( !bytes_B )
{
@ -71,7 +90,7 @@ int main( int argc, char * argv[] )
}
/* Host -> User: (bytes_s, bytes_B) */
srp_user_process_challenge( usr, bytes_s, len_s, bytes_B, len_B, &bytes_M );
srp_user_process_challenge( usr, bytes_s, len_s, bytes_B, len_B, &bytes_M, &len_M );
if ( !bytes_M )
{