void srp_verifier_delete( struct SRPVerifier * ver )
{
delete_ng( ver->ng );
free( (char *) ver->username );
free( (unsigned char *) ver->bytes_B );
free( ver );
}
static NGConstant *new_ng(SRP_NGType ng_type, const char *n_hex, const char *g_hex)
{
NGConstant *ng = (NGConstant *)srp_alloc(sizeof(NGConstant));
if (!ng) return 0;
mpz_init(ng->N);
mpz_init(ng->g);
if (ng_type != SRP_NG_CUSTOM) {
n_hex = global_Ng_constants[ng_type].n_hex;
g_hex = global_Ng_constants[ng_type].g_hex;
}
int rv = 0;
rv = mpz_set_str(ng->N, n_hex, 16);
rv = rv | mpz_set_str(ng->g, g_hex, 16);
if (rv) {
delete_ng(ng);
return 0;
}
return ng;
}
struct SRPUser *srp_user_new(SRP_HashAlgorithm alg, SRP_NGType ng_type,
const char *username, const char *username_for_verifier,
const unsigned char *bytes_password, size_t len_password, const char *n_hex,
const char *g_hex)
{
struct SRPUser *usr = (struct SRPUser *)srp_alloc(sizeof(struct SRPUser));
size_t ulen = strlen(username) + 1;
size_t uvlen = strlen(username_for_verifier) + 1;
if (!usr) goto err_exit;
if (init_random() != SRP_OK) /* Only happens once */
goto err_exit;
usr->hash_alg = alg;
usr->ng = new_ng(ng_type, n_hex, g_hex);
mpz_init(usr->a);
mpz_init(usr->A);
mpz_init(usr->S);
if (!usr->ng) goto err_exit;
usr->username = (char *)srp_alloc(ulen);
usr->username_verifier = (char *)srp_alloc(uvlen);
usr->password = (unsigned char *)srp_alloc(len_password);
usr->password_len = len_password;
if (!usr->username || !usr->password || !usr->username_verifier) goto err_exit;
memcpy(usr->username, username, ulen);
memcpy(usr->username_verifier, username_for_verifier, uvlen);
memcpy(usr->password, bytes_password, len_password);
usr->authenticated = 0;
usr->bytes_A = 0;
return usr;
err_exit:
if (usr) {
mpz_clear(usr->a);
mpz_clear(usr->A);
mpz_clear(usr->S);
if (usr->ng) delete_ng(usr->ng);
srp_free(usr->username);
srp_free(usr->username_verifier);
if (usr->password) {
memset(usr->password, 0, usr->password_len);
srp_free(usr->password);
}
srp_free(usr);
}
return 0;
}
// clang-format off
SRP_Result srp_create_salted_verification_key( SRP_HashAlgorithm alg,
SRP_NGType ng_type, const char *username_for_verifier,
const unsigned char *password, size_t len_password,
unsigned char **bytes_s, size_t *len_s,
unsigned char **bytes_v, size_t *len_v,
const char *n_hex, const char *g_hex )
{
SRP_Result ret = SRP_OK;
mpz_t v; mpz_init(v);
mpz_t x; mpz_init(x);
// clang-format on
NGConstant *ng = new_ng(ng_type, n_hex, g_hex);
if (!ng) goto error_and_exit;
if (init_random() != SRP_OK) /* Only happens once */
goto error_and_exit;
if (*bytes_s == NULL) {
size_t size_to_fill = 16;
*len_s = size_to_fill;
if (RAND_BUFF_MAX - g_rand_idx < size_to_fill)
if (fill_buff() != SRP_OK) goto error_and_exit;
*bytes_s = (unsigned char *)srp_alloc(size_to_fill);
if (!*bytes_s) goto error_and_exit;
memcpy(*bytes_s, g_rand_buff + g_rand_idx, size_to_fill);
g_rand_idx += size_to_fill;
}
if (!calculate_x(
x, alg, *bytes_s, *len_s, username_for_verifier, password, len_password))
goto error_and_exit;
srp_dbg_num(x, "Server calculated x: ");
mpz_powm(v, ng->g, x, ng->N);
*len_v = mpz_num_bytes(v);
*bytes_v = (unsigned char *)srp_alloc(*len_v);
if (!*bytes_v) goto error_and_exit;
mpz_to_bin(v, *bytes_v);
cleanup_and_exit:
delete_ng(ng);
mpz_clear(v);
mpz_clear(x);
return ret;
error_and_exit:
ret = SRP_ERR;
goto cleanup_and_exit;
}
void srp_verifier_delete(struct SRPVerifier *ver)
{
if (ver) {
delete_ng(ver->ng);
srp_free(ver->username);
srp_free(ver->bytes_B);
memset(ver, 0, sizeof(*ver));
srp_free(ver);
}
}
void srp_user_delete( struct SRPUser * usr )
{
BN_free( usr->a );
BN_free( usr->A );
BN_free( usr->S );
delete_ng( usr->ng );
free((char *)usr->username);
free((char *)usr->password);
if (usr->bytes_A)
free( (char *)usr->bytes_A );
free( usr );
}
void srp_create_salted_verification_key( SRP_HashAlgorithm alg,
SRP_NGType ng_type, const char * username,
const unsigned char * password, int len_password,
const unsigned char ** bytes_s, int * len_s,
const unsigned char ** bytes_v, int * len_v,
const char * n_hex, const char * g_hex )
{
BIGNUM * s = BN_new();
BIGNUM * v = BN_new();
BIGNUM * x = 0;
BN_CTX * ctx = BN_CTX_new();
NGConstant * ng = new_ng( ng_type, n_hex, g_hex );
if( !s || !v || !ctx || !ng )
goto cleanup_and_exit;
init_random(); /* Only happens once */
BN_rand(s, 32, -1, 0);
x = calculate_x( alg, s, username, password, len_password );
if( !x )
goto cleanup_and_exit;
BN_mod_exp(v, ng->g, x, ng->N, ctx);
*len_s = BN_num_bytes(s);
*len_v = BN_num_bytes(v);
*bytes_s = (const unsigned char *) malloc( *len_s );
*bytes_v = (const unsigned char *) malloc( *len_v );
if (!bytes_s || !bytes_v)
goto cleanup_and_exit;
BN_bn2bin(s, (unsigned char *) *bytes_s);
BN_bn2bin(v, (unsigned char *) *bytes_v);
cleanup_and_exit:
delete_ng( ng );
BN_free(s);
BN_free(v);
BN_free(x);
BN_CTX_free(ctx);
}
void srp_user_delete( struct SRPUser * usr )
{
if( usr )
{
BN_free( usr->a );
BN_free( usr->A );
BN_free( usr->S );
delete_ng( usr->ng );
memset((void*)usr->password, 0, usr->password_len);
free((char *)usr->username);
free((char *)usr->password);
if (usr->bytes_A)
free( (char *)usr->bytes_A );
memset(usr, 0, sizeof(*usr));
free( usr );
}
}
void srp_user_delete(struct SRPUser *usr)
{
if (usr) {
mpz_clear(usr->a);
mpz_clear(usr->A);
mpz_clear(usr->S);
delete_ng(usr->ng);
memset(usr->password, 0, usr->password_len);
srp_free(usr->username);
srp_free(usr->username_verifier);
srp_free(usr->password);
if (usr->bytes_A) srp_free(usr->bytes_A);
memset(usr, 0, sizeof(*usr));
srp_free(usr);
}
}
void srp_user_delete( SRPUser * usr ) {
if(usr) {
delete_ng(usr->ng);
BN_free(usr->a);
BN_free(usr->A);
BN_free(usr->S);
memset((void*)usr->password, 0, usr->password_len);
free((char *)usr->password);
usr->password = NULL;
free((char *)usr->username);
usr->username = NULL;
free((char *)usr->HAMK);
usr->HAMK = NULL;
free((char *)usr->Astr);
usr->Astr = NULL;
free((char *)usr->Sstr);
usr->Sstr = NULL;
free(usr);
usr = NULL;
}
}
