Beispiel #1
0
SRP_CLIENT_compat_param_verify_cb(SRP * srp, const unsigned char * mod, int modlen, const unsigned char * gen, int genlen)
{
  SRP_RESULT rc;
  BigInteger q, r;

  rc = SRP_CLIENT_builtin_param_verify_cb(srp, mod, modlen, gen, genlen);
  if(SRP_OK(rc))
    return rc;

  /* Now do a safe-primality and generator test */
  if(!t_isprime(srp->modulus))
    return SRP_ERROR;

  rc = SRP_ERROR;
  /* q = (n-1)/2 */
  q = BigIntegerFromInt(0);
  BigIntegerSubInt(q, srp->modulus, 1);
  BigIntegerDivInt(q, q, 2, srp->bctx);
  if(t_isprime(q) && BigIntegerCmp(srp->modulus, srp->generator) > 0) {
    r = BigIntegerFromInt(0);		/* Check g^q == -1 (mod n) */
    BigIntegerModExp(r, srp->generator, q, srp->modulus, srp->bctx, srp->accel);
    BigIntegerAddInt(r, r, 1);
    if(BigIntegerCmp(r, srp->modulus) == 0) {
      BigIntegerAddInt(r, srp->generator, 1);
      if(BigIntegerCmp(r, srp->modulus) != 0)
	rc = SRP_SUCCESS;
    }
    BigIntegerFree(r);
  }
  BigIntegerFree(q);
  return rc;
}
Beispiel #2
0
SRP_set_params(SRP * srp, const unsigned char * modulus, int modlen,
	       const unsigned char * generator, int genlen,
	       const unsigned char * salt, int saltlen)
{
  SRP_RESULT rc;

  if(modulus == NULL || generator == NULL || salt == NULL)
    return SRP_ERROR;

  /* Set fields in SRP context */
  srp->modulus = BigIntegerFromBytes(modulus, modlen);
  if(srp->flags & SRP_FLAG_MOD_ACCEL)
    srp->accel = BigIntegerModAccelNew(srp->modulus, srp->bctx);
  srp->generator = BigIntegerFromBytes(generator, genlen);
  if(srp->salt == NULL)
    srp->salt = cstr_new();
  cstr_setn(srp->salt, salt, saltlen);

  /* Now attempt to validate parameters */
  if(BigIntegerBitLen(srp->modulus) < SRP_get_modulus_min_bits())
    return SRP_ERROR;

  if(srp->param_cb) {
    rc = (*srp->param_cb)(srp, modulus, modlen, generator, genlen);
    if(!SRP_OK(rc))
      return rc;
  }

  return (*srp->meth->params)(srp, modulus, modlen, generator, genlen,
			      salt, saltlen);
}
Beispiel #3
0
cstr *ssrp_client_respond(SRP *srpc, cstr *server_pub, const char *pass)
{
    cstr * key_client = NULL;

    SRP_RESULT rc = SRP_set_auth_password(srpc, pass);
    check(SRP_OK(rc), "SRP_set_authenticator failed\n");

    rc = SRP_compute_key(srpc, &key_client, server_pub->data, server_pub->length);
    check(SRP_OK(rc), "SRP_compute_key failed\n");

    rc = SRP_respond(srpc, &key_client);
    check(SRP_OK(rc), "SRP_respond failed\n");

    return key_client;
error:
    return NULL;
}
Beispiel #4
0
int ssrp_client_verify(SRP *srpc, cstr *server_proof)
{
    SRP_RESULT rc = SRP_verify(srpc, server_proof->data, server_proof->length);
    check(SRP_OK(rc), "Failed to verify server.");

    return 0;
error:
    return -1;
}
Beispiel #5
0
static SRP_RESULT
slu_sys_lookup(SRP_SERVER_LOOKUP * slu, SRP * srp, cstr * username)
{
  struct t_passwd * p;

  p = gettpnam(username->data);
  if(p == NULL)
    return SRP_ERROR;
  if(!SRP_OK(SRP_set_params(srp, p->tc.modulus.data, p->tc.modulus.len,
			    p->tc.generator.data, p->tc.generator.len,
			    p->tp.salt.data, p->tp.salt.len)))
    return SRP_ERROR;
  if(!SRP_OK(SRP_set_authenticator(srp,
				   p->tp.password.data, p->tp.password.len)))
    return SRP_ERROR;

  return SRP_SUCCESS;
}
Beispiel #6
0
cstr *ssrp_server_verify(SRP *srps, cstr *client_pub, cstr *client_proof)
{
    SRP_RESULT rc;

    cstr *server_proof = NULL;

    rc = SRP_compute_key(srps, &server_proof, client_pub->data, client_pub->length);
    check(SRP_OK(rc), "SRP_compute_key failed\n");

    rc = SRP_verify(srps, client_proof->data, client_proof->length);
    check(SRP_OK(rc), "SRP_verify failed: %d", rc);

    rc = SRP_respond(srps, &server_proof);
    check(SRP_OK(rc), "Failed creating the response.");

    return server_proof;

error:

    return NULL;
}
Beispiel #7
0
cstr *ssrp_client_start(SRP *srpc, cstr *modulus, cstr *generator, cstr *salt, const char *user)
{
    SRP_RESULT rc;
    cstr * client_pub = NULL;

    rc = SRP_set_username(srpc, user);
    check(SRP_OK(rc), "Failed to set client username.");

    rc = SRP_set_params(srpc, modulus->data, modulus->length,
            generator->data, generator->length,
            salt->data, salt->length);
    check(SRP_OK(rc), "SRP_set_params failed\n");

    rc = SRP_gen_pub(srpc, &client_pub);
    check(SRP_OK(rc), "SRP_gen_pub failed\n");

    return client_pub;

error:
    return NULL;
}
Beispiel #8
0
cstr *ssrp_server_start(SRP *srps, cstr *modulus, cstr *generator,
        cstr *salt, cstr *auth, const char * user)
{
    SRP_RESULT rc;
    cstr *server_pub = NULL;

    rc = SRP_set_username(srps, user);
    check(SRP_OK(rc), "SRP_set_username failed\n");

    rc = SRP_set_params(srps, modulus->data, modulus->length,
            generator->data, generator->length, salt->data, salt->length);
    check(SRP_OK(rc), "SRP_set_params failed\n");

    rc = SRP_set_authenticator(srps, auth->data, auth->length);
    check(SRP_OK(rc), "SRP_set_authenticator failed\n");

    rc = SRP_gen_pub(srps, &server_pub);
    check(SRP_OK(rc), "SRP_gen_pub failed\n");

    return server_pub;

error:
    return NULL;
}