source: EcnlProtoTool/trunk/openssl-1.1.0e/crypto/srp/srp_lib.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago

prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新
ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新
以下のOSSをアップデート
・mruby-1.3.0
・musl-1.1.18
・onigmo-6.1.3
・tcc-0.9.27
以下のOSSを追加
・openssl-1.1.0e
・curl-7.57.0
・zlib-1.2.11
以下のmrbgemsを追加
・iij/mruby-digest
・iij/mruby-env
・iij/mruby-errno
・iij/mruby-iijson
・iij/mruby-ipaddr
・iij/mruby-mock
・iij/mruby-require
・iij/mruby-tls-openssl
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc
File size: 7.1 KB
Line 
1/*
2 * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#ifndef OPENSSL_NO_SRP
11# include "internal/cryptlib.h"
12# include <openssl/sha.h>
13# include <openssl/srp.h>
14# include <openssl/evp.h>
15# include "internal/bn_srp.h"
16
17/* calculate = SHA1(PAD(x) || PAD(y)) */
18
19static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N)
20{
21 unsigned char digest[SHA_DIGEST_LENGTH];
22 unsigned char *tmp = NULL;
23 int numN = BN_num_bytes(N);
24 BIGNUM *res = NULL;
25 if (x != N && BN_ucmp(x, N) >= 0)
26 return NULL;
27 if (y != N && BN_ucmp(y, N) >= 0)
28 return NULL;
29 if ((tmp = OPENSSL_malloc(numN * 2)) == NULL)
30 goto err;
31 if (BN_bn2binpad(x, tmp, numN) < 0
32 || BN_bn2binpad(y, tmp + numN, numN) < 0
33 || !EVP_Digest(tmp, numN * 2, digest, NULL, EVP_sha1(), NULL))
34 goto err;
35 res = BN_bin2bn(digest, sizeof(digest), NULL);
36 err:
37 OPENSSL_free(tmp);
38 return res;
39}
40
41static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
42{
43 /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
44 return srp_Calc_xy(N, g, N);
45}
46
47BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)
48{
49 /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
50 return srp_Calc_xy(A, B, N);
51}
52
53BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
54 const BIGNUM *b, const BIGNUM *N)
55{
56 BIGNUM *tmp = NULL, *S = NULL;
57 BN_CTX *bn_ctx;
58
59 if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
60 return NULL;
61
62 if ((bn_ctx = BN_CTX_new()) == NULL || (tmp = BN_new()) == NULL)
63 goto err;
64
65 /* S = (A*v**u) ** b */
66
67 if (!BN_mod_exp(tmp, v, u, N, bn_ctx))
68 goto err;
69 if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
70 goto err;
71
72 S = BN_new();
73 if (S != NULL && !BN_mod_exp(S, tmp, b, N, bn_ctx)) {
74 BN_free(S);
75 S = NULL;
76 }
77 err:
78 BN_CTX_free(bn_ctx);
79 BN_clear_free(tmp);
80 return S;
81}
82
83BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
84 const BIGNUM *v)
85{
86 BIGNUM *kv = NULL, *gb = NULL;
87 BIGNUM *B = NULL, *k = NULL;
88 BN_CTX *bn_ctx;
89
90 if (b == NULL || N == NULL || g == NULL || v == NULL ||
91 (bn_ctx = BN_CTX_new()) == NULL)
92 return NULL;
93
94 if ((kv = BN_new()) == NULL ||
95 (gb = BN_new()) == NULL || (B = BN_new()) == NULL)
96 goto err;
97
98 /* B = g**b + k*v */
99
100 if (!BN_mod_exp(gb, g, b, N, bn_ctx)
101 || (k = srp_Calc_k(N, g)) == NULL
102 || !BN_mod_mul(kv, v, k, N, bn_ctx)
103 || !BN_mod_add(B, gb, kv, N, bn_ctx)) {
104 BN_free(B);
105 B = NULL;
106 }
107 err:
108 BN_CTX_free(bn_ctx);
109 BN_clear_free(kv);
110 BN_clear_free(gb);
111 BN_free(k);
112 return B;
113}
114
115BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
116{
117 unsigned char dig[SHA_DIGEST_LENGTH];
118 EVP_MD_CTX *ctxt;
119 unsigned char *cs = NULL;
120 BIGNUM *res = NULL;
121
122 if ((s == NULL) || (user == NULL) || (pass == NULL))
123 return NULL;
124
125 ctxt = EVP_MD_CTX_new();
126 if (ctxt == NULL)
127 return NULL;
128 if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
129 goto err;
130
131 if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
132 || !EVP_DigestUpdate(ctxt, user, strlen(user))
133 || !EVP_DigestUpdate(ctxt, ":", 1)
134 || !EVP_DigestUpdate(ctxt, pass, strlen(pass))
135 || !EVP_DigestFinal_ex(ctxt, dig, NULL)
136 || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
137 goto err;
138 BN_bn2bin(s, cs);
139 if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
140 goto err;
141
142 if (!EVP_DigestUpdate(ctxt, dig, sizeof(dig))
143 || !EVP_DigestFinal_ex(ctxt, dig, NULL))
144 goto err;
145
146 res = BN_bin2bn(dig, sizeof(dig), NULL);
147
148 err:
149 OPENSSL_free(cs);
150 EVP_MD_CTX_free(ctxt);
151 return res;
152}
153
154BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g)
155{
156 BN_CTX *bn_ctx;
157 BIGNUM *A = NULL;
158
159 if (a == NULL || N == NULL || g == NULL || (bn_ctx = BN_CTX_new()) == NULL)
160 return NULL;
161
162 if ((A = BN_new()) != NULL && !BN_mod_exp(A, g, a, N, bn_ctx)) {
163 BN_free(A);
164 A = NULL;
165 }
166 BN_CTX_free(bn_ctx);
167 return A;
168}
169
170BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
171 const BIGNUM *x, const BIGNUM *a, const BIGNUM *u)
172{
173 BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
174 BN_CTX *bn_ctx;
175
176 if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL
177 || a == NULL || (bn_ctx = BN_CTX_new()) == NULL)
178 return NULL;
179
180 if ((tmp = BN_new()) == NULL ||
181 (tmp2 = BN_new()) == NULL ||
182 (tmp3 = BN_new()) == NULL)
183 goto err;
184
185 if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
186 goto err;
187 if ((k = srp_Calc_k(N, g)) == NULL)
188 goto err;
189 if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx))
190 goto err;
191 if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
192 goto err;
193 if (!BN_mul(tmp3, u, x, bn_ctx))
194 goto err;
195 if (!BN_add(tmp2, a, tmp3))
196 goto err;
197 K = BN_new();
198 if (K != NULL && !BN_mod_exp(K, tmp, tmp2, N, bn_ctx)) {
199 BN_free(K);
200 K = NULL;
201 }
202
203 err:
204 BN_CTX_free(bn_ctx);
205 BN_clear_free(tmp);
206 BN_clear_free(tmp2);
207 BN_clear_free(tmp3);
208 BN_free(k);
209 return K;
210}
211
212int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N)
213{
214 BIGNUM *r;
215 BN_CTX *bn_ctx;
216 int ret = 0;
217
218 if (B == NULL || N == NULL || (bn_ctx = BN_CTX_new()) == NULL)
219 return 0;
220
221 if ((r = BN_new()) == NULL)
222 goto err;
223 /* Checks if B % N == 0 */
224 if (!BN_nnmod(r, B, N, bn_ctx))
225 goto err;
226 ret = !BN_is_zero(r);
227 err:
228 BN_CTX_free(bn_ctx);
229 BN_free(r);
230 return ret;
231}
232
233int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N)
234{
235 /* Checks if A % N == 0 */
236 return SRP_Verify_B_mod_N(A, N);
237}
238
239static SRP_gN knowngN[] = {
240 {"8192", &bn_generator_19, &bn_group_8192},
241 {"6144", &bn_generator_5, &bn_group_6144},
242 {"4096", &bn_generator_5, &bn_group_4096},
243 {"3072", &bn_generator_5, &bn_group_3072},
244 {"2048", &bn_generator_2, &bn_group_2048},
245 {"1536", &bn_generator_2, &bn_group_1536},
246 {"1024", &bn_generator_2, &bn_group_1024},
247};
248
249# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
250
251/*
252 * Check if G and N are known parameters. The values have been generated
253 * from the ietf-tls-srp draft version 8
254 */
255char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N)
256{
257 size_t i;
258 if ((g == NULL) || (N == NULL))
259 return 0;
260
261 for (i = 0; i < KNOWN_GN_NUMBER; i++) {
262 if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0)
263 return knowngN[i].id;
264 }
265 return NULL;
266}
267
268SRP_gN *SRP_get_default_gN(const char *id)
269{
270 size_t i;
271
272 if (id == NULL)
273 return knowngN;
274 for (i = 0; i < KNOWN_GN_NUMBER; i++) {
275 if (strcmp(knowngN[i].id, id) == 0)
276 return knowngN + i;
277 }
278 return NULL;
279}
280#endif
Note: See TracBrowser for help on using the repository browser.