SRP_CLIENT_compat_param_verify_cb(SRP * srp, const unsigned char * mod, int modlen, const unsigned char * gen, int genlen)
{
SRP_RESULT rc;
BigInteger q, r;
rc = SRP_CLIENT_builtin_param_verify_cb(srp, mod, modlen, gen, genlen);
if(SRP_OK(rc))
return rc;
/* Now do a safe-primality and generator test */
if(!t_isprime(srp->modulus))
return SRP_ERROR;
rc = SRP_ERROR;
/* q = (n-1)/2 */
q = BigIntegerFromInt(0);
BigIntegerSubInt(q, srp->modulus, 1);
BigIntegerDivInt(q, q, 2, srp->bctx);
if(t_isprime(q) && BigIntegerCmp(srp->modulus, srp->generator) > 0) {
r = BigIntegerFromInt(0); /* Check g^q == -1 (mod n) */
BigIntegerModExp(r, srp->generator, q, srp->modulus, srp->bctx, srp->accel);
BigIntegerAddInt(r, r, 1);
if(BigIntegerCmp(r, srp->modulus) == 0) {
BigIntegerAddInt(r, srp->generator, 1);
if(BigIntegerCmp(r, srp->modulus) != 0)
rc = SRP_SUCCESS;
}
BigIntegerFree(r);
}
BigIntegerFree(q);
return rc;
}
SRP_set_params(SRP * srp, const unsigned char * modulus, int modlen,
const unsigned char * generator, int genlen,
const unsigned char * salt, int saltlen)
{
SRP_RESULT rc;
if(modulus == NULL || generator == NULL || salt == NULL)
return SRP_ERROR;
/* Set fields in SRP context */
srp->modulus = BigIntegerFromBytes(modulus, modlen);
if(srp->flags & SRP_FLAG_MOD_ACCEL)
srp->accel = BigIntegerModAccelNew(srp->modulus, srp->bctx);
srp->generator = BigIntegerFromBytes(generator, genlen);
if(srp->salt == NULL)
srp->salt = cstr_new();
cstr_setn(srp->salt, salt, saltlen);
/* Now attempt to validate parameters */
if(BigIntegerBitLen(srp->modulus) < SRP_get_modulus_min_bits())
return SRP_ERROR;
if(srp->param_cb) {
rc = (*srp->param_cb)(srp, modulus, modlen, generator, genlen);
if(!SRP_OK(rc))
return rc;
}
return (*srp->meth->params)(srp, modulus, modlen, generator, genlen,
salt, saltlen);
}
cstr *ssrp_client_respond(SRP *srpc, cstr *server_pub, const char *pass)
{
cstr * key_client = NULL;
SRP_RESULT rc = SRP_set_auth_password(srpc, pass);
check(SRP_OK(rc), "SRP_set_authenticator failed\n");
rc = SRP_compute_key(srpc, &key_client, server_pub->data, server_pub->length);
check(SRP_OK(rc), "SRP_compute_key failed\n");
rc = SRP_respond(srpc, &key_client);
check(SRP_OK(rc), "SRP_respond failed\n");
return key_client;
error:
return NULL;
}
int ssrp_client_verify(SRP *srpc, cstr *server_proof)
{
SRP_RESULT rc = SRP_verify(srpc, server_proof->data, server_proof->length);
check(SRP_OK(rc), "Failed to verify server.");
return 0;
error:
return -1;
}
static SRP_RESULT
slu_sys_lookup(SRP_SERVER_LOOKUP * slu, SRP * srp, cstr * username)
{
struct t_passwd * p;
p = gettpnam(username->data);
if(p == NULL)
return SRP_ERROR;
if(!SRP_OK(SRP_set_params(srp, p->tc.modulus.data, p->tc.modulus.len,
p->tc.generator.data, p->tc.generator.len,
p->tp.salt.data, p->tp.salt.len)))
return SRP_ERROR;
if(!SRP_OK(SRP_set_authenticator(srp,
p->tp.password.data, p->tp.password.len)))
return SRP_ERROR;
return SRP_SUCCESS;
}
cstr *ssrp_server_verify(SRP *srps, cstr *client_pub, cstr *client_proof)
{
SRP_RESULT rc;
cstr *server_proof = NULL;
rc = SRP_compute_key(srps, &server_proof, client_pub->data, client_pub->length);
check(SRP_OK(rc), "SRP_compute_key failed\n");
rc = SRP_verify(srps, client_proof->data, client_proof->length);
check(SRP_OK(rc), "SRP_verify failed: %d", rc);
rc = SRP_respond(srps, &server_proof);
check(SRP_OK(rc), "Failed creating the response.");
return server_proof;
error:
return NULL;
}
cstr *ssrp_client_start(SRP *srpc, cstr *modulus, cstr *generator, cstr *salt, const char *user)
{
SRP_RESULT rc;
cstr * client_pub = NULL;
rc = SRP_set_username(srpc, user);
check(SRP_OK(rc), "Failed to set client username.");
rc = SRP_set_params(srpc, modulus->data, modulus->length,
generator->data, generator->length,
salt->data, salt->length);
check(SRP_OK(rc), "SRP_set_params failed\n");
rc = SRP_gen_pub(srpc, &client_pub);
check(SRP_OK(rc), "SRP_gen_pub failed\n");
return client_pub;
error:
return NULL;
}
cstr *ssrp_server_start(SRP *srps, cstr *modulus, cstr *generator,
cstr *salt, cstr *auth, const char * user)
{
SRP_RESULT rc;
cstr *server_pub = NULL;
rc = SRP_set_username(srps, user);
check(SRP_OK(rc), "SRP_set_username failed\n");
rc = SRP_set_params(srps, modulus->data, modulus->length,
generator->data, generator->length, salt->data, salt->length);
check(SRP_OK(rc), "SRP_set_params failed\n");
rc = SRP_set_authenticator(srps, auth->data, auth->length);
check(SRP_OK(rc), "SRP_set_authenticator failed\n");
rc = SRP_gen_pub(srps, &server_pub);
check(SRP_OK(rc), "SRP_gen_pub failed\n");
return server_pub;
error:
return NULL;
}