// clang-format off SRP_Result srp_create_salted_verification_key( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char *username_for_verifier, const unsigned char *password, size_t len_password, unsigned char **bytes_s, size_t *len_s, unsigned char **bytes_v, size_t *len_v, const char *n_hex, const char *g_hex ) { SRP_Result ret = SRP_OK; mpz_t v; mpz_init(v); mpz_t x; mpz_init(x); // clang-format on NGConstant *ng = new_ng(ng_type, n_hex, g_hex); if (!ng) goto error_and_exit; if (init_random() != SRP_OK) /* Only happens once */ goto error_and_exit; if (*bytes_s == NULL) { size_t size_to_fill = 16; *len_s = size_to_fill; if (RAND_BUFF_MAX - g_rand_idx < size_to_fill) if (fill_buff() != SRP_OK) goto error_and_exit; *bytes_s = (unsigned char *)srp_alloc(size_to_fill); if (!*bytes_s) goto error_and_exit; memcpy(*bytes_s, g_rand_buff + g_rand_idx, size_to_fill); g_rand_idx += size_to_fill; } if (!calculate_x( x, alg, *bytes_s, *len_s, username_for_verifier, password, len_password)) goto error_and_exit; srp_dbg_num(x, "Server calculated x: "); mpz_powm(v, ng->g, x, ng->N); *len_v = mpz_num_bytes(v); *bytes_v = (unsigned char *)srp_alloc(*len_v); if (!*bytes_v) goto error_and_exit; mpz_to_bin(v, *bytes_v); cleanup_and_exit: delete_ng(ng); mpz_clear(v); mpz_clear(x); return ret; error_and_exit: ret = SRP_ERR; goto cleanup_and_exit; }
void srp_create_salted_verification_key( SRP_HashAlgorithm alg, SRP_NGType ng_type, const char * username, const unsigned char * password, int len_password, const unsigned char ** bytes_s, int * len_s, const unsigned char ** bytes_v, int * len_v, const char * n_hex, const char * g_hex ) { BIGNUM * s = BN_new(); BIGNUM * v = BN_new(); BIGNUM * x = 0; BN_CTX * ctx = BN_CTX_new(); NGConstant * ng = new_ng( ng_type, n_hex, g_hex ); if( !s || !v || !ctx || !ng ) goto cleanup_and_exit; init_random(); /* Only happens once */ BN_rand(s, 32, -1, 0); x = calculate_x( alg, s, username, password, len_password ); if( !x ) goto cleanup_and_exit; BN_mod_exp(v, ng->g, x, ng->N, ctx); *len_s = BN_num_bytes(s); *len_v = BN_num_bytes(v); *bytes_s = (const unsigned char *) malloc( *len_s ); *bytes_v = (const unsigned char *) malloc( *len_v ); if (!bytes_s || !bytes_v) goto cleanup_and_exit; BN_bn2bin(s, (unsigned char *) *bytes_s); BN_bn2bin(v, (unsigned char *) *bytes_v); cleanup_and_exit: delete_ng( ng ); BN_free(s); BN_free(v); BN_free(x); BN_CTX_free(ctx); }
/* Output: bytes_M. Buffer length is SHA512_DIGEST_LENGTH */ void srp_user_process_challenge( struct SRPUser * usr, const unsigned char * bytes_s, int len_s, const unsigned char * bytes_B, int len_B, const unsigned char ** bytes_M, int * len_M ) { BIGNUM *s = BN_bin2bn(bytes_s, len_s, NULL); BIGNUM *B = BN_bin2bn(bytes_B, len_B, NULL); BIGNUM *u = 0; BIGNUM *x = 0; BIGNUM *k = 0; BIGNUM *v = BN_new(); BIGNUM *tmp1 = BN_new(); BIGNUM *tmp2 = BN_new(); BIGNUM *tmp3 = BN_new(); BN_CTX *ctx = BN_CTX_new(); *len_M = 0; *bytes_M = 0; if( !s || !B || !v || !tmp1 || !tmp2 || !tmp3 || !ctx ) goto cleanup_and_exit; u = H_nn(usr->hash_alg, usr->A, B); if (!u) goto cleanup_and_exit; x = calculate_x( usr->hash_alg, s, usr->username, usr->password, usr->password_len ); if (!x) goto cleanup_and_exit; k = H_nn(usr->hash_alg, usr->ng->N, usr->ng->g); if (!k) goto cleanup_and_exit; /* SRP-6a safety check */ if ( !BN_is_zero(B) && !BN_is_zero(u) ) { BN_mod_exp(v, usr->ng->g, x, usr->ng->N, ctx); /* S = (B - k*(g^x)) ^ (a + ux) */ BN_mul(tmp1, u, x, ctx); BN_add(tmp2, usr->a, tmp1); /* tmp2 = (a + ux) */ BN_mod_exp(tmp1, usr->ng->g, x, usr->ng->N, ctx); BN_mul(tmp3, k, tmp1, ctx); /* tmp3 = k*(g^x) */ BN_sub(tmp1, B, tmp3); /* tmp1 = (B - K*(g^x)) */ BN_mod_exp(usr->S, tmp1, tmp2, usr->ng->N, ctx); hash_num(usr->hash_alg, usr->S, usr->session_key); calculate_M( usr->hash_alg, usr->ng, usr->M, usr->username, s, usr->A, B, usr->session_key ); calculate_H_AMK( usr->hash_alg, usr->H_AMK, usr->A, usr->M, usr->session_key ); *bytes_M = usr->M; if (len_M) *len_M = hash_length( usr->hash_alg ); } else { *bytes_M = NULL; if (len_M) *len_M = 0; } cleanup_and_exit: BN_free(s); BN_free(B); BN_free(u); BN_free(x); BN_free(k); BN_free(v); BN_free(tmp1); BN_free(tmp2); BN_free(tmp3); BN_CTX_free(ctx); }
/* Output: bytes_M. Buffer length is SHA512_DIGEST_LENGTH */ void srp_user_process_challenge(struct SRPUser *usr, const unsigned char *bytes_s, size_t len_s, const unsigned char *bytes_B, size_t len_B, unsigned char **bytes_M, size_t *len_M) { mpz_t B; mpz_init(B); mpz_from_bin(bytes_B, len_B, B); mpz_t u; mpz_init(u); mpz_t x; mpz_init(x); mpz_t k; mpz_init(k); mpz_t v; mpz_init(v); mpz_t tmp1; mpz_init(tmp1); mpz_t tmp2; mpz_init(tmp2); mpz_t tmp3; mpz_init(tmp3); mpz_t tmp4; mpz_init(tmp4); // clang-format on if(len_M) *len_M = 0; *bytes_M = 0; if (!H_nn(u, usr->hash_alg, usr->ng->N, usr->A, B)) goto cleanup_and_exit; srp_dbg_num(u, "Client calculated u: "); if (!calculate_x(x, usr->hash_alg, bytes_s, len_s, usr->username_verifier, usr->password, usr->password_len)) goto cleanup_and_exit; srp_dbg_num(x, "Client calculated x: "); if (!H_nn(k, usr->hash_alg, usr->ng->N, usr->ng->N, usr->ng->g)) goto cleanup_and_exit; /* SRP-6a safety check */ if (mpz_sgn(B) != 0 && mpz_sgn(u) != 0) { mpz_powm(v, usr->ng->g, x, usr->ng->N); srp_dbg_num(v, "Client calculated v: "); // clang-format off /* S = (B - k*(g^x)) ^ (a + ux) */ mpz_mul(tmp1, u, x); mpz_add(tmp2, usr->a, tmp1); /* tmp2 = (a + ux) */ mpz_powm(tmp1, usr->ng->g, x, usr->ng->N); /* tmp1 = g^x */ mpz_mulm(tmp3, k, tmp1, usr->ng->N, tmp4); /* tmp3 = k*(g^x) */ mpz_subm(tmp1, B, tmp3, usr->ng->N, tmp4); /* tmp1 = (B - K*(g^x)) */ mpz_powm(usr->S, tmp1, tmp2, usr->ng->N); // clang-format on if (!hash_num(usr->hash_alg, usr->S, usr->session_key)) goto cleanup_and_exit; if (!calculate_M(usr->hash_alg, usr->ng, usr->M, usr->username, bytes_s, len_s, usr->A, B, usr->session_key)) goto cleanup_and_exit; if (!calculate_H_AMK(usr->hash_alg, usr->H_AMK, usr->A, usr->M, usr->session_key)) goto cleanup_and_exit; *bytes_M = usr->M; if (len_M) *len_M = hash_length(usr->hash_alg); } else { *bytes_M = NULL; if (len_M) *len_M = 0; } cleanup_and_exit: mpz_clear(B); mpz_clear(u); mpz_clear(x); mpz_clear(k); mpz_clear(v); mpz_clear(tmp1); mpz_clear(tmp2); mpz_clear(tmp3); mpz_clear(tmp4); }