1 /* crypto/srp/srp_vfy.c */
2 /* Written by Christophe Renou (christophe.renou@edelweb.fr) with
3 * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr)
4 * for the EdelKey project and contributed to the OpenSSL project 2004.
6 /* ====================================================================
7 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
35 * 6. Redistributions of any form whatsoever must retain the following
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
59 #ifndef OPENSSL_NO_SRP
62 #include <openssl/srp.h>
63 #include <openssl/evp.h>
64 #include <openssl/buffer.h>
65 #include <openssl/rand.h>
66 #include <openssl/txt_db.h>
68 #define SRP_RANDOM_SALT_LEN 20
71 static char b64table
[] =
72 "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
74 /* the following two conversion routines have been inspired by code from Stanford */
77 * Convert a base64 string into raw byte array representation.
79 static int t_fromb64(unsigned char *a
, const char *src
)
85 while(*src
&& (*src
== ' ' || *src
== '\t' || *src
== '\n'))
91 loc
= strchr(b64table
, src
[i
]);
92 if(loc
== (char *) 0) break;
93 else a
[i
] = loc
- b64table
;
96 /* if nothing valid to process we have a zero length response */
106 a
[j
] |= (a
[i
] & 3) << 6;
108 a
[j
] = (unsigned char) ((a
[i
] & 0x3c) >> 2);
110 a
[j
] |= (a
[i
] & 0xf) << 4;
112 a
[j
] = (unsigned char) ((a
[i
] & 0x30) >> 4);
119 while(a
[j
] == 0 && j
<= size
) ++j
;
121 while (j
<= size
) a
[i
++] = a
[j
++];
127 * Convert a raw byte string into a null-terminated base64 ASCII string.
129 static char *t_tob64(char *dst
, const unsigned char *src
, int size
)
131 int c
, pos
= size
% 3;
132 unsigned char b0
= 0, b1
= 0, b2
= 0, notleading
= 0;
148 c
= (b0
& 0xfc) >> 2;
149 if(notleading
|| c
!= 0)
151 *dst
++ = b64table
[c
];
154 c
= ((b0
& 3) << 4) | ((b1
& 0xf0) >> 4);
155 if(notleading
|| c
!= 0)
157 *dst
++ = b64table
[c
];
160 c
= ((b1
& 0xf) << 2) | ((b2
& 0xc0) >> 6);
161 if(notleading
|| c
!= 0)
163 *dst
++ = b64table
[c
];
167 if(notleading
|| c
!= 0)
169 *dst
++ = b64table
[c
];
172 if(pos
>= size
) break;
185 static void SRP_user_pwd_free(SRP_user_pwd
*user_pwd
)
187 if (user_pwd
== NULL
)
189 BN_free(user_pwd
->s
);
190 BN_clear_free(user_pwd
->v
);
191 OPENSSL_free(user_pwd
->id
);
192 OPENSSL_free(user_pwd
->info
);
193 OPENSSL_free(user_pwd
);
196 static SRP_user_pwd
*SRP_user_pwd_new()
198 SRP_user_pwd
*ret
= OPENSSL_malloc(sizeof(SRP_user_pwd
));
210 static void SRP_user_pwd_set_gN(SRP_user_pwd
*vinfo
, const BIGNUM
*g
,
217 static int SRP_user_pwd_set_ids(SRP_user_pwd
*vinfo
, const char *id
,
220 if (id
!= NULL
&& NULL
== (vinfo
->id
= BUF_strdup(id
)))
222 return (info
== NULL
|| NULL
!= (vinfo
->info
= BUF_strdup(info
))) ;
225 static int SRP_user_pwd_set_sv(SRP_user_pwd
*vinfo
, const char *s
,
228 unsigned char tmp
[MAX_LEN
];
231 if (strlen(s
) > MAX_LEN
|| strlen(v
) > MAX_LEN
)
233 len
= t_fromb64(tmp
, v
);
234 if (NULL
== (vinfo
->v
= BN_bin2bn(tmp
, len
, NULL
)) )
236 len
= t_fromb64(tmp
, s
);
237 return ((vinfo
->s
= BN_bin2bn(tmp
, len
, NULL
)) != NULL
) ;
240 static int SRP_user_pwd_set_sv_BN(SRP_user_pwd
*vinfo
, BIGNUM
*s
, BIGNUM
*v
)
244 return (vinfo
->s
!= NULL
&& vinfo
->v
!= NULL
) ;
247 SRP_VBASE
*SRP_VBASE_new(char *seed_key
)
249 SRP_VBASE
*vb
= (SRP_VBASE
*) OPENSSL_malloc(sizeof(SRP_VBASE
));
253 if (!(vb
->users_pwd
= sk_SRP_user_pwd_new_null()) ||
254 !(vb
->gN_cache
= sk_SRP_gN_cache_new_null()))
259 vb
->default_g
= NULL
;
260 vb
->default_N
= NULL
;
262 if ((seed_key
!= NULL
) &&
263 (vb
->seed_key
= BUF_strdup(seed_key
)) == NULL
)
265 sk_SRP_user_pwd_free(vb
->users_pwd
);
266 sk_SRP_gN_cache_free(vb
->gN_cache
);
274 int SRP_VBASE_free(SRP_VBASE
*vb
)
276 sk_SRP_user_pwd_pop_free(vb
->users_pwd
,SRP_user_pwd_free
);
277 sk_SRP_gN_cache_free(vb
->gN_cache
);
278 OPENSSL_free(vb
->seed_key
);
284 static SRP_gN_cache
*SRP_gN_new_init(const char *ch
)
286 unsigned char tmp
[MAX_LEN
];
289 SRP_gN_cache
*newgN
= (SRP_gN_cache
*)OPENSSL_malloc(sizeof(SRP_gN_cache
));
293 if ((newgN
->b64_bn
= BUF_strdup(ch
)) == NULL
)
296 len
= t_fromb64(tmp
, ch
);
297 if ((newgN
->bn
= BN_bin2bn(tmp
, len
, NULL
)))
300 OPENSSL_free(newgN
->b64_bn
);
307 static void SRP_gN_free(SRP_gN_cache
*gN_cache
)
309 if (gN_cache
== NULL
)
311 OPENSSL_free(gN_cache
->b64_bn
);
312 BN_free(gN_cache
->bn
);
313 OPENSSL_free(gN_cache
);
316 static SRP_gN
*SRP_get_gN_by_id(const char *id
, STACK_OF(SRP_gN
) *gN_tab
)
322 for(i
= 0; i
< sk_SRP_gN_num(gN_tab
); i
++)
324 gN
= sk_SRP_gN_value(gN_tab
, i
);
325 if (gN
&& (id
== NULL
|| strcmp(gN
->id
,id
)==0))
329 return SRP_get_default_gN(id
);
332 static BIGNUM
*SRP_gN_place_bn(STACK_OF(SRP_gN_cache
) *gN_cache
, char *ch
)
335 if (gN_cache
== NULL
)
338 /* search if we have already one... */
339 for(i
= 0; i
< sk_SRP_gN_cache_num(gN_cache
); i
++)
341 SRP_gN_cache
*cache
= sk_SRP_gN_cache_value(gN_cache
, i
);
342 if (strcmp(cache
->b64_bn
,ch
)==0)
345 { /* it is the first time that we find it */
346 SRP_gN_cache
*newgN
= SRP_gN_new_init(ch
);
349 if (sk_SRP_gN_cache_insert(gN_cache
,newgN
,0)>0)
357 /* this function parses verifier file. Format is:
358 * string(index):base64(N):base64(g):0
359 * string(username):base64(v):base64(salt):int(index)
363 int SRP_VBASE_init(SRP_VBASE
*vb
, char *verifier_file
)
366 STACK_OF(SRP_gN
) *SRP_gN_tab
= sk_SRP_gN_new_null();
367 char *last_index
= NULL
;
372 SRP_user_pwd
*user_pwd
= NULL
;
374 TXT_DB
*tmpdb
= NULL
;
375 BIO
*in
= BIO_new(BIO_s_file());
377 error_code
= SRP_ERR_OPEN_FILE
;
379 if (in
== NULL
|| BIO_read_filename(in
,verifier_file
) <= 0)
382 error_code
= SRP_ERR_VBASE_INCOMPLETE_FILE
;
384 if ((tmpdb
=TXT_DB_read(in
,DB_NUMBER
)) == NULL
)
387 error_code
= SRP_ERR_MEMORY
;
392 last_index
= SRP_get_default_gN(NULL
)->id
;
394 for (i
= 0; i
< sk_OPENSSL_PSTRING_num(tmpdb
->data
); i
++)
396 pp
= sk_OPENSSL_PSTRING_value(tmpdb
->data
,i
);
397 if (pp
[DB_srptype
][0] == DB_SRP_INDEX
)
399 /*we add this couple in the internal Stack */
401 if ((gN
= (SRP_gN
*)OPENSSL_malloc(sizeof(SRP_gN
))) == NULL
)
404 if (!(gN
->id
= BUF_strdup(pp
[DB_srpid
]))
405 || !(gN
->N
= SRP_gN_place_bn(vb
->gN_cache
,pp
[DB_srpverifier
]))
406 || !(gN
->g
= SRP_gN_place_bn(vb
->gN_cache
,pp
[DB_srpsalt
]))
407 || sk_SRP_gN_insert(SRP_gN_tab
,gN
,0) == 0)
412 if (vb
->seed_key
!= NULL
)
414 last_index
= pp
[DB_srpid
];
417 else if (pp
[DB_srptype
][0] == DB_SRP_VALID
)
419 /* it is a user .... */
421 if ((lgN
= SRP_get_gN_by_id(pp
[DB_srpgN
],SRP_gN_tab
))!=NULL
)
423 error_code
= SRP_ERR_MEMORY
;
424 if ((user_pwd
= SRP_user_pwd_new()) == NULL
)
427 SRP_user_pwd_set_gN(user_pwd
,lgN
->g
,lgN
->N
);
428 if (!SRP_user_pwd_set_ids(user_pwd
, pp
[DB_srpid
],pp
[DB_srpinfo
]))
431 error_code
= SRP_ERR_VBASE_BN_LIB
;
432 if (!SRP_user_pwd_set_sv(user_pwd
, pp
[DB_srpsalt
],pp
[DB_srpverifier
]))
435 if (sk_SRP_user_pwd_insert(vb
->users_pwd
, user_pwd
, 0) == 0)
437 user_pwd
= NULL
; /* abandon responsability */
442 if (last_index
!= NULL
)
444 /* this means that we want to simulate a default user */
446 if (((gN
= SRP_get_gN_by_id(last_index
,SRP_gN_tab
))==NULL
))
448 error_code
= SRP_ERR_VBASE_BN_LIB
;
451 vb
->default_g
= gN
->g
;
452 vb
->default_N
= gN
->N
;
455 error_code
= SRP_NO_ERROR
;
458 /* there may be still some leaks to fix, if this fails, the application terminates most likely */
462 OPENSSL_free(gN
->id
);
466 SRP_user_pwd_free(user_pwd
);
468 if (tmpdb
) TXT_DB_free(tmpdb
);
469 if (in
) BIO_free_all(in
);
471 sk_SRP_gN_free(SRP_gN_tab
);
478 SRP_user_pwd
*SRP_VBASE_get_by_user(SRP_VBASE
*vb
, char *username
)
482 unsigned char digv
[SHA_DIGEST_LENGTH
];
483 unsigned char digs
[SHA_DIGEST_LENGTH
];
488 for(i
= 0; i
< sk_SRP_user_pwd_num(vb
->users_pwd
); i
++)
490 user
= sk_SRP_user_pwd_value(vb
->users_pwd
, i
);
491 if (strcmp(user
->id
,username
)==0)
494 if ((vb
->seed_key
== NULL
) ||
495 (vb
->default_g
== NULL
) ||
496 (vb
->default_N
== NULL
))
499 /* if the user is unknown we set parameters as well if we have a seed_key */
501 if ((user
= SRP_user_pwd_new()) == NULL
)
504 SRP_user_pwd_set_gN(user
,vb
->default_g
,vb
->default_N
);
506 if (!SRP_user_pwd_set_ids(user
,username
,NULL
))
509 RAND_pseudo_bytes(digv
, SHA_DIGEST_LENGTH
);
510 EVP_MD_CTX_init(&ctxt
);
511 EVP_DigestInit_ex(&ctxt
, EVP_sha1(), NULL
);
512 EVP_DigestUpdate(&ctxt
, vb
->seed_key
, strlen(vb
->seed_key
));
513 EVP_DigestUpdate(&ctxt
, username
, strlen(username
));
514 EVP_DigestFinal_ex(&ctxt
, digs
, NULL
);
515 EVP_MD_CTX_cleanup(&ctxt
);
516 if (SRP_user_pwd_set_sv_BN(user
, BN_bin2bn(digs
,SHA_DIGEST_LENGTH
,NULL
), BN_bin2bn(digv
,SHA_DIGEST_LENGTH
, NULL
)))
519 err
: SRP_user_pwd_free(user
);
525 create a verifier (*salt,*verifier,g and N are in base64)
527 char *SRP_create_verifier(const char *user
, const char *pass
, char **salt
,
528 char **verifier
, const char *N
, const char *g
)
533 BIGNUM
*N_bn
= NULL
, *g_bn
= NULL
, *s
= NULL
, *v
= NULL
;
534 unsigned char tmp
[MAX_LEN
];
535 unsigned char tmp2
[MAX_LEN
];
536 char * defgNid
= NULL
;
546 if (!(len
= t_fromb64(tmp
, N
))) goto err
;
547 N_bn
= BN_bin2bn(tmp
, len
, NULL
);
548 if (!(len
= t_fromb64(tmp
, g
))) goto err
;
549 g_bn
= BN_bin2bn(tmp
, len
, NULL
);
554 SRP_gN
* gN
= SRP_get_gN_by_id(g
, NULL
) ;
564 RAND_pseudo_bytes(tmp2
, SRP_RANDOM_SALT_LEN
);
566 s
= BN_bin2bn(tmp2
, SRP_RANDOM_SALT_LEN
, NULL
);
570 if (!(len
= t_fromb64(tmp2
, *salt
)))
572 s
= BN_bin2bn(tmp2
, len
, NULL
);
576 if(!SRP_create_verifier_BN(user
, pass
, &s
, &v
, N_bn
, g_bn
)) goto err
;
579 if (((vf
= OPENSSL_malloc(BN_num_bytes(v
)*2)) == NULL
))
581 t_tob64(vf
, tmp
, BN_num_bytes(v
));
588 if ((tmp_salt
= OPENSSL_malloc(SRP_RANDOM_SALT_LEN
* 2)) == NULL
)
593 t_tob64(tmp_salt
, tmp2
, SRP_RANDOM_SALT_LEN
);
609 create a verifier (*salt,*verifier,g and N are BIGNUMs)
611 int SRP_create_verifier_BN(const char *user
, const char *pass
, BIGNUM
**salt
, BIGNUM
**verifier
, BIGNUM
*N
, BIGNUM
*g
)
615 BN_CTX
*bn_ctx
= BN_CTX_new();
616 unsigned char tmp2
[MAX_LEN
];
632 RAND_pseudo_bytes(tmp2
, SRP_RANDOM_SALT_LEN
);
634 *salt
= BN_bin2bn(tmp2
,SRP_RANDOM_SALT_LEN
,NULL
);
637 x
= SRP_Calc_x(*salt
,user
,pass
);
639 *verifier
= BN_new();
640 if(*verifier
== NULL
) goto err
;
642 if (!BN_mod_exp(*verifier
,g
,x
,N
,bn_ctx
))
644 BN_clear_free(*verifier
);
648 srp_bn_print(*verifier
);