[331] | 1 | /*
|
---|
| 2 | * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
| 3 | *
|
---|
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
---|
| 6 | * in the file LICENSE in the source distribution or at
|
---|
| 7 | * https://www.openssl.org/source/license.html
|
---|
| 8 | */
|
---|
| 9 |
|
---|
| 10 | #ifndef OPENSSL_NO_SRP
|
---|
| 11 | # include "internal/cryptlib.h"
|
---|
| 12 | # include <openssl/sha.h>
|
---|
| 13 | # include <openssl/srp.h>
|
---|
| 14 | # include <openssl/evp.h>
|
---|
| 15 | # include <openssl/buffer.h>
|
---|
| 16 | # include <openssl/rand.h>
|
---|
| 17 | # include <openssl/txt_db.h>
|
---|
| 18 |
|
---|
| 19 | # define SRP_RANDOM_SALT_LEN 20
|
---|
| 20 | # define MAX_LEN 2500
|
---|
| 21 |
|
---|
| 22 | static char b64table[] =
|
---|
| 23 | "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
|
---|
| 24 |
|
---|
| 25 | /*
|
---|
| 26 | * the following two conversion routines have been inspired by code from
|
---|
| 27 | * Stanford
|
---|
| 28 | */
|
---|
| 29 |
|
---|
| 30 | /*
|
---|
| 31 | * Convert a base64 string into raw byte array representation.
|
---|
| 32 | */
|
---|
| 33 | static int t_fromb64(unsigned char *a, size_t alen, const char *src)
|
---|
| 34 | {
|
---|
| 35 | char *loc;
|
---|
| 36 | int i, j;
|
---|
| 37 | int size;
|
---|
| 38 |
|
---|
| 39 | while (*src && (*src == ' ' || *src == '\t' || *src == '\n'))
|
---|
| 40 | ++src;
|
---|
| 41 | size = strlen(src);
|
---|
| 42 | if (alen > INT_MAX || size > (int)alen)
|
---|
| 43 | return -1;
|
---|
| 44 |
|
---|
| 45 | i = 0;
|
---|
| 46 | while (i < size) {
|
---|
| 47 | loc = strchr(b64table, src[i]);
|
---|
| 48 | if (loc == (char *)0)
|
---|
| 49 | break;
|
---|
| 50 | else
|
---|
| 51 | a[i] = loc - b64table;
|
---|
| 52 | ++i;
|
---|
| 53 | }
|
---|
| 54 | /* if nothing valid to process we have a zero length response */
|
---|
| 55 | if (i == 0)
|
---|
| 56 | return 0;
|
---|
| 57 | size = i;
|
---|
| 58 | i = size - 1;
|
---|
| 59 | j = size;
|
---|
| 60 | while (1) {
|
---|
| 61 | a[j] = a[i];
|
---|
| 62 | if (--i < 0)
|
---|
| 63 | break;
|
---|
| 64 | a[j] |= (a[i] & 3) << 6;
|
---|
| 65 | --j;
|
---|
| 66 | a[j] = (unsigned char)((a[i] & 0x3c) >> 2);
|
---|
| 67 | if (--i < 0)
|
---|
| 68 | break;
|
---|
| 69 | a[j] |= (a[i] & 0xf) << 4;
|
---|
| 70 | --j;
|
---|
| 71 | a[j] = (unsigned char)((a[i] & 0x30) >> 4);
|
---|
| 72 | if (--i < 0)
|
---|
| 73 | break;
|
---|
| 74 | a[j] |= (a[i] << 2);
|
---|
| 75 |
|
---|
| 76 | a[--j] = 0;
|
---|
| 77 | if (--i < 0)
|
---|
| 78 | break;
|
---|
| 79 | }
|
---|
| 80 | while (a[j] == 0 && j <= size)
|
---|
| 81 | ++j;
|
---|
| 82 | i = 0;
|
---|
| 83 | while (j <= size)
|
---|
| 84 | a[i++] = a[j++];
|
---|
| 85 | return i;
|
---|
| 86 | }
|
---|
| 87 |
|
---|
| 88 | /*
|
---|
| 89 | * Convert a raw byte string into a null-terminated base64 ASCII string.
|
---|
| 90 | */
|
---|
| 91 | static char *t_tob64(char *dst, const unsigned char *src, int size)
|
---|
| 92 | {
|
---|
| 93 | int c, pos = size % 3;
|
---|
| 94 | unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0;
|
---|
| 95 | char *olddst = dst;
|
---|
| 96 |
|
---|
| 97 | switch (pos) {
|
---|
| 98 | case 1:
|
---|
| 99 | b2 = src[0];
|
---|
| 100 | break;
|
---|
| 101 | case 2:
|
---|
| 102 | b1 = src[0];
|
---|
| 103 | b2 = src[1];
|
---|
| 104 | break;
|
---|
| 105 | }
|
---|
| 106 |
|
---|
| 107 | while (1) {
|
---|
| 108 | c = (b0 & 0xfc) >> 2;
|
---|
| 109 | if (notleading || c != 0) {
|
---|
| 110 | *dst++ = b64table[c];
|
---|
| 111 | notleading = 1;
|
---|
| 112 | }
|
---|
| 113 | c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4);
|
---|
| 114 | if (notleading || c != 0) {
|
---|
| 115 | *dst++ = b64table[c];
|
---|
| 116 | notleading = 1;
|
---|
| 117 | }
|
---|
| 118 | c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6);
|
---|
| 119 | if (notleading || c != 0) {
|
---|
| 120 | *dst++ = b64table[c];
|
---|
| 121 | notleading = 1;
|
---|
| 122 | }
|
---|
| 123 | c = b2 & 0x3f;
|
---|
| 124 | if (notleading || c != 0) {
|
---|
| 125 | *dst++ = b64table[c];
|
---|
| 126 | notleading = 1;
|
---|
| 127 | }
|
---|
| 128 | if (pos >= size)
|
---|
| 129 | break;
|
---|
| 130 | else {
|
---|
| 131 | b0 = src[pos++];
|
---|
| 132 | b1 = src[pos++];
|
---|
| 133 | b2 = src[pos++];
|
---|
| 134 | }
|
---|
| 135 | }
|
---|
| 136 |
|
---|
| 137 | *dst++ = '\0';
|
---|
| 138 | return olddst;
|
---|
| 139 | }
|
---|
| 140 |
|
---|
| 141 | void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
|
---|
| 142 | {
|
---|
| 143 | if (user_pwd == NULL)
|
---|
| 144 | return;
|
---|
| 145 | BN_free(user_pwd->s);
|
---|
| 146 | BN_clear_free(user_pwd->v);
|
---|
| 147 | OPENSSL_free(user_pwd->id);
|
---|
| 148 | OPENSSL_free(user_pwd->info);
|
---|
| 149 | OPENSSL_free(user_pwd);
|
---|
| 150 | }
|
---|
| 151 |
|
---|
| 152 | static SRP_user_pwd *SRP_user_pwd_new(void)
|
---|
| 153 | {
|
---|
| 154 | SRP_user_pwd *ret = OPENSSL_malloc(sizeof(*ret));
|
---|
| 155 | if (ret == NULL)
|
---|
| 156 | return NULL;
|
---|
| 157 | ret->N = NULL;
|
---|
| 158 | ret->g = NULL;
|
---|
| 159 | ret->s = NULL;
|
---|
| 160 | ret->v = NULL;
|
---|
| 161 | ret->id = NULL;
|
---|
| 162 | ret->info = NULL;
|
---|
| 163 | return ret;
|
---|
| 164 | }
|
---|
| 165 |
|
---|
| 166 | static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
|
---|
| 167 | const BIGNUM *N)
|
---|
| 168 | {
|
---|
| 169 | vinfo->N = N;
|
---|
| 170 | vinfo->g = g;
|
---|
| 171 | }
|
---|
| 172 |
|
---|
| 173 | static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
|
---|
| 174 | const char *info)
|
---|
| 175 | {
|
---|
| 176 | if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
|
---|
| 177 | return 0;
|
---|
| 178 | return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
|
---|
| 179 | }
|
---|
| 180 |
|
---|
| 181 | static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
|
---|
| 182 | const char *v)
|
---|
| 183 | {
|
---|
| 184 | unsigned char tmp[MAX_LEN];
|
---|
| 185 | int len;
|
---|
| 186 |
|
---|
| 187 | vinfo->v = NULL;
|
---|
| 188 | vinfo->s = NULL;
|
---|
| 189 |
|
---|
| 190 | len = t_fromb64(tmp, sizeof(tmp), v);
|
---|
| 191 | if (len < 0)
|
---|
| 192 | return 0;
|
---|
| 193 | if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)))
|
---|
| 194 | return 0;
|
---|
| 195 | len = t_fromb64(tmp, sizeof(tmp), s);
|
---|
| 196 | if (len < 0)
|
---|
| 197 | goto err;
|
---|
| 198 | vinfo->s = BN_bin2bn(tmp, len, NULL);
|
---|
| 199 | if (vinfo->s == NULL)
|
---|
| 200 | goto err;
|
---|
| 201 | return 1;
|
---|
| 202 | err:
|
---|
| 203 | BN_free(vinfo->v);
|
---|
| 204 | vinfo->v = NULL;
|
---|
| 205 | return 0;
|
---|
| 206 | }
|
---|
| 207 |
|
---|
| 208 | static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
|
---|
| 209 | {
|
---|
| 210 | vinfo->v = v;
|
---|
| 211 | vinfo->s = s;
|
---|
| 212 | return (vinfo->s != NULL && vinfo->v != NULL);
|
---|
| 213 | }
|
---|
| 214 |
|
---|
| 215 | static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
|
---|
| 216 | {
|
---|
| 217 | SRP_user_pwd *ret;
|
---|
| 218 |
|
---|
| 219 | if (src == NULL)
|
---|
| 220 | return NULL;
|
---|
| 221 | if ((ret = SRP_user_pwd_new()) == NULL)
|
---|
| 222 | return NULL;
|
---|
| 223 |
|
---|
| 224 | SRP_user_pwd_set_gN(ret, src->g, src->N);
|
---|
| 225 | if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
|
---|
| 226 | || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
|
---|
| 227 | SRP_user_pwd_free(ret);
|
---|
| 228 | return NULL;
|
---|
| 229 | }
|
---|
| 230 | return ret;
|
---|
| 231 | }
|
---|
| 232 |
|
---|
| 233 | SRP_VBASE *SRP_VBASE_new(char *seed_key)
|
---|
| 234 | {
|
---|
| 235 | SRP_VBASE *vb = OPENSSL_malloc(sizeof(*vb));
|
---|
| 236 |
|
---|
| 237 | if (vb == NULL)
|
---|
| 238 | return NULL;
|
---|
| 239 | if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL
|
---|
| 240 | || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) {
|
---|
| 241 | OPENSSL_free(vb);
|
---|
| 242 | return NULL;
|
---|
| 243 | }
|
---|
| 244 | vb->default_g = NULL;
|
---|
| 245 | vb->default_N = NULL;
|
---|
| 246 | vb->seed_key = NULL;
|
---|
| 247 | if ((seed_key != NULL) && (vb->seed_key = OPENSSL_strdup(seed_key)) == NULL) {
|
---|
| 248 | sk_SRP_user_pwd_free(vb->users_pwd);
|
---|
| 249 | sk_SRP_gN_cache_free(vb->gN_cache);
|
---|
| 250 | OPENSSL_free(vb);
|
---|
| 251 | return NULL;
|
---|
| 252 | }
|
---|
| 253 | return vb;
|
---|
| 254 | }
|
---|
| 255 |
|
---|
| 256 | void SRP_VBASE_free(SRP_VBASE *vb)
|
---|
| 257 | {
|
---|
| 258 | if (!vb)
|
---|
| 259 | return;
|
---|
| 260 | sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free);
|
---|
| 261 | sk_SRP_gN_cache_free(vb->gN_cache);
|
---|
| 262 | OPENSSL_free(vb->seed_key);
|
---|
| 263 | OPENSSL_free(vb);
|
---|
| 264 | }
|
---|
| 265 |
|
---|
| 266 | static SRP_gN_cache *SRP_gN_new_init(const char *ch)
|
---|
| 267 | {
|
---|
| 268 | unsigned char tmp[MAX_LEN];
|
---|
| 269 | int len;
|
---|
| 270 | SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(*newgN));
|
---|
| 271 |
|
---|
| 272 | if (newgN == NULL)
|
---|
| 273 | return NULL;
|
---|
| 274 |
|
---|
| 275 | len = t_fromb64(tmp, sizeof(tmp), ch);
|
---|
| 276 | if (len < 0)
|
---|
| 277 | goto err;
|
---|
| 278 |
|
---|
| 279 | if ((newgN->b64_bn = OPENSSL_strdup(ch)) == NULL)
|
---|
| 280 | goto err;
|
---|
| 281 |
|
---|
| 282 | if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
|
---|
| 283 | return newgN;
|
---|
| 284 |
|
---|
| 285 | OPENSSL_free(newgN->b64_bn);
|
---|
| 286 | err:
|
---|
| 287 | OPENSSL_free(newgN);
|
---|
| 288 | return NULL;
|
---|
| 289 | }
|
---|
| 290 |
|
---|
| 291 | static void SRP_gN_free(SRP_gN_cache *gN_cache)
|
---|
| 292 | {
|
---|
| 293 | if (gN_cache == NULL)
|
---|
| 294 | return;
|
---|
| 295 | OPENSSL_free(gN_cache->b64_bn);
|
---|
| 296 | BN_free(gN_cache->bn);
|
---|
| 297 | OPENSSL_free(gN_cache);
|
---|
| 298 | }
|
---|
| 299 |
|
---|
| 300 | static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
|
---|
| 301 | {
|
---|
| 302 | int i;
|
---|
| 303 |
|
---|
| 304 | SRP_gN *gN;
|
---|
| 305 | if (gN_tab != NULL)
|
---|
| 306 | for (i = 0; i < sk_SRP_gN_num(gN_tab); i++) {
|
---|
| 307 | gN = sk_SRP_gN_value(gN_tab, i);
|
---|
| 308 | if (gN && (id == NULL || strcmp(gN->id, id) == 0))
|
---|
| 309 | return gN;
|
---|
| 310 | }
|
---|
| 311 |
|
---|
| 312 | return SRP_get_default_gN(id);
|
---|
| 313 | }
|
---|
| 314 |
|
---|
| 315 | static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
|
---|
| 316 | {
|
---|
| 317 | int i;
|
---|
| 318 | if (gN_cache == NULL)
|
---|
| 319 | return NULL;
|
---|
| 320 |
|
---|
| 321 | /* search if we have already one... */
|
---|
| 322 | for (i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) {
|
---|
| 323 | SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i);
|
---|
| 324 | if (strcmp(cache->b64_bn, ch) == 0)
|
---|
| 325 | return cache->bn;
|
---|
| 326 | }
|
---|
| 327 | { /* it is the first time that we find it */
|
---|
| 328 | SRP_gN_cache *newgN = SRP_gN_new_init(ch);
|
---|
| 329 | if (newgN) {
|
---|
| 330 | if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0)
|
---|
| 331 | return newgN->bn;
|
---|
| 332 | SRP_gN_free(newgN);
|
---|
| 333 | }
|
---|
| 334 | }
|
---|
| 335 | return NULL;
|
---|
| 336 | }
|
---|
| 337 |
|
---|
| 338 | /*
|
---|
| 339 | * this function parses verifier file. Format is:
|
---|
| 340 | * string(index):base64(N):base64(g):0
|
---|
| 341 | * string(username):base64(v):base64(salt):int(index)
|
---|
| 342 | */
|
---|
| 343 |
|
---|
| 344 | int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
|
---|
| 345 | {
|
---|
| 346 | int error_code;
|
---|
| 347 | STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null();
|
---|
| 348 | char *last_index = NULL;
|
---|
| 349 | int i;
|
---|
| 350 | char **pp;
|
---|
| 351 |
|
---|
| 352 | SRP_gN *gN = NULL;
|
---|
| 353 | SRP_user_pwd *user_pwd = NULL;
|
---|
| 354 |
|
---|
| 355 | TXT_DB *tmpdb = NULL;
|
---|
| 356 | BIO *in = BIO_new(BIO_s_file());
|
---|
| 357 |
|
---|
| 358 | error_code = SRP_ERR_OPEN_FILE;
|
---|
| 359 |
|
---|
| 360 | if (in == NULL || BIO_read_filename(in, verifier_file) <= 0)
|
---|
| 361 | goto err;
|
---|
| 362 |
|
---|
| 363 | error_code = SRP_ERR_VBASE_INCOMPLETE_FILE;
|
---|
| 364 |
|
---|
| 365 | if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
|
---|
| 366 | goto err;
|
---|
| 367 |
|
---|
| 368 | error_code = SRP_ERR_MEMORY;
|
---|
| 369 |
|
---|
| 370 | if (vb->seed_key) {
|
---|
| 371 | last_index = SRP_get_default_gN(NULL)->id;
|
---|
| 372 | }
|
---|
| 373 | for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) {
|
---|
| 374 | pp = sk_OPENSSL_PSTRING_value(tmpdb->data, i);
|
---|
| 375 | if (pp[DB_srptype][0] == DB_SRP_INDEX) {
|
---|
| 376 | /*
|
---|
| 377 | * we add this couple in the internal Stack
|
---|
| 378 | */
|
---|
| 379 |
|
---|
| 380 | if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL)
|
---|
| 381 | goto err;
|
---|
| 382 |
|
---|
| 383 | if ((gN->id = OPENSSL_strdup(pp[DB_srpid])) == NULL
|
---|
| 384 | || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
|
---|
| 385 | == NULL
|
---|
| 386 | || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
|
---|
| 387 | == NULL
|
---|
| 388 | || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0)
|
---|
| 389 | goto err;
|
---|
| 390 |
|
---|
| 391 | gN = NULL;
|
---|
| 392 |
|
---|
| 393 | if (vb->seed_key != NULL) {
|
---|
| 394 | last_index = pp[DB_srpid];
|
---|
| 395 | }
|
---|
| 396 | } else if (pp[DB_srptype][0] == DB_SRP_VALID) {
|
---|
| 397 | /* it is a user .... */
|
---|
| 398 | const SRP_gN *lgN;
|
---|
| 399 |
|
---|
| 400 | if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) {
|
---|
| 401 | error_code = SRP_ERR_MEMORY;
|
---|
| 402 | if ((user_pwd = SRP_user_pwd_new()) == NULL)
|
---|
| 403 | goto err;
|
---|
| 404 |
|
---|
| 405 | SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
|
---|
| 406 | if (!SRP_user_pwd_set_ids
|
---|
| 407 | (user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
|
---|
| 408 | goto err;
|
---|
| 409 |
|
---|
| 410 | error_code = SRP_ERR_VBASE_BN_LIB;
|
---|
| 411 | if (!SRP_user_pwd_set_sv
|
---|
| 412 | (user_pwd, pp[DB_srpsalt], pp[DB_srpverifier]))
|
---|
| 413 | goto err;
|
---|
| 414 |
|
---|
| 415 | if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
|
---|
| 416 | goto err;
|
---|
| 417 | user_pwd = NULL; /* abandon responsibility */
|
---|
| 418 | }
|
---|
| 419 | }
|
---|
| 420 | }
|
---|
| 421 |
|
---|
| 422 | if (last_index != NULL) {
|
---|
| 423 | /* this means that we want to simulate a default user */
|
---|
| 424 |
|
---|
| 425 | if (((gN = SRP_get_gN_by_id(last_index, SRP_gN_tab)) == NULL)) {
|
---|
| 426 | error_code = SRP_ERR_VBASE_BN_LIB;
|
---|
| 427 | goto err;
|
---|
| 428 | }
|
---|
| 429 | vb->default_g = gN->g;
|
---|
| 430 | vb->default_N = gN->N;
|
---|
| 431 | gN = NULL;
|
---|
| 432 | }
|
---|
| 433 | error_code = SRP_NO_ERROR;
|
---|
| 434 |
|
---|
| 435 | err:
|
---|
| 436 | /*
|
---|
| 437 | * there may be still some leaks to fix, if this fails, the application
|
---|
| 438 | * terminates most likely
|
---|
| 439 | */
|
---|
| 440 |
|
---|
| 441 | if (gN != NULL) {
|
---|
| 442 | OPENSSL_free(gN->id);
|
---|
| 443 | OPENSSL_free(gN);
|
---|
| 444 | }
|
---|
| 445 |
|
---|
| 446 | SRP_user_pwd_free(user_pwd);
|
---|
| 447 |
|
---|
| 448 | TXT_DB_free(tmpdb);
|
---|
| 449 | BIO_free_all(in);
|
---|
| 450 |
|
---|
| 451 | sk_SRP_gN_free(SRP_gN_tab);
|
---|
| 452 |
|
---|
| 453 | return error_code;
|
---|
| 454 |
|
---|
| 455 | }
|
---|
| 456 |
|
---|
| 457 | static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
|
---|
| 458 | {
|
---|
| 459 | int i;
|
---|
| 460 | SRP_user_pwd *user;
|
---|
| 461 |
|
---|
| 462 | if (vb == NULL)
|
---|
| 463 | return NULL;
|
---|
| 464 |
|
---|
| 465 | for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
|
---|
| 466 | user = sk_SRP_user_pwd_value(vb->users_pwd, i);
|
---|
| 467 | if (strcmp(user->id, username) == 0)
|
---|
| 468 | return user;
|
---|
| 469 | }
|
---|
| 470 |
|
---|
| 471 | return NULL;
|
---|
| 472 | }
|
---|
| 473 |
|
---|
| 474 | #if OPENSSL_API_COMPAT < 0x10100000L
|
---|
| 475 | /*
|
---|
| 476 | * DEPRECATED: use SRP_VBASE_get1_by_user instead.
|
---|
| 477 | * This method ignores the configured seed and fails for an unknown user.
|
---|
| 478 | * Ownership of the returned pointer is not released to the caller.
|
---|
| 479 | * In other words, caller must not free the result.
|
---|
| 480 | */
|
---|
| 481 | SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
|
---|
| 482 | {
|
---|
| 483 | return find_user(vb, username);
|
---|
| 484 | }
|
---|
| 485 | #endif
|
---|
| 486 |
|
---|
| 487 | /*
|
---|
| 488 | * Ownership of the returned pointer is released to the caller.
|
---|
| 489 | * In other words, caller must free the result once done.
|
---|
| 490 | */
|
---|
| 491 | SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
|
---|
| 492 | {
|
---|
| 493 | SRP_user_pwd *user;
|
---|
| 494 | unsigned char digv[SHA_DIGEST_LENGTH];
|
---|
| 495 | unsigned char digs[SHA_DIGEST_LENGTH];
|
---|
| 496 | EVP_MD_CTX *ctxt = NULL;
|
---|
| 497 |
|
---|
| 498 | if (vb == NULL)
|
---|
| 499 | return NULL;
|
---|
| 500 |
|
---|
| 501 | if ((user = find_user(vb, username)) != NULL)
|
---|
| 502 | return srp_user_pwd_dup(user);
|
---|
| 503 |
|
---|
| 504 | if ((vb->seed_key == NULL) ||
|
---|
| 505 | (vb->default_g == NULL) || (vb->default_N == NULL))
|
---|
| 506 | return NULL;
|
---|
| 507 |
|
---|
| 508 | /* if the user is unknown we set parameters as well if we have a seed_key */
|
---|
| 509 |
|
---|
| 510 | if ((user = SRP_user_pwd_new()) == NULL)
|
---|
| 511 | return NULL;
|
---|
| 512 |
|
---|
| 513 | SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);
|
---|
| 514 |
|
---|
| 515 | if (!SRP_user_pwd_set_ids(user, username, NULL))
|
---|
| 516 | goto err;
|
---|
| 517 |
|
---|
| 518 | if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
|
---|
| 519 | goto err;
|
---|
| 520 | ctxt = EVP_MD_CTX_new();
|
---|
| 521 | if (ctxt == NULL
|
---|
| 522 | || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
|
---|
| 523 | || !EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key))
|
---|
| 524 | || !EVP_DigestUpdate(ctxt, username, strlen(username))
|
---|
| 525 | || !EVP_DigestFinal_ex(ctxt, digs, NULL))
|
---|
| 526 | goto err;
|
---|
| 527 | EVP_MD_CTX_free(ctxt);
|
---|
| 528 | ctxt = NULL;
|
---|
| 529 | if (SRP_user_pwd_set_sv_BN(user,
|
---|
| 530 | BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
|
---|
| 531 | BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
|
---|
| 532 | return user;
|
---|
| 533 |
|
---|
| 534 | err:
|
---|
| 535 | EVP_MD_CTX_free(ctxt);
|
---|
| 536 | SRP_user_pwd_free(user);
|
---|
| 537 | return NULL;
|
---|
| 538 | }
|
---|
| 539 |
|
---|
| 540 | /*
|
---|
| 541 | * create a verifier (*salt,*verifier,g and N are in base64)
|
---|
| 542 | */
|
---|
| 543 | char *SRP_create_verifier(const char *user, const char *pass, char **salt,
|
---|
| 544 | char **verifier, const char *N, const char *g)
|
---|
| 545 | {
|
---|
| 546 | int len;
|
---|
| 547 | char *result = NULL, *vf = NULL;
|
---|
| 548 | const BIGNUM *N_bn = NULL, *g_bn = NULL;
|
---|
| 549 | BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL;
|
---|
| 550 | unsigned char tmp[MAX_LEN];
|
---|
| 551 | unsigned char tmp2[MAX_LEN];
|
---|
| 552 | char *defgNid = NULL;
|
---|
| 553 | int vfsize = 0;
|
---|
| 554 |
|
---|
| 555 | if ((user == NULL) ||
|
---|
| 556 | (pass == NULL) || (salt == NULL) || (verifier == NULL))
|
---|
| 557 | goto err;
|
---|
| 558 |
|
---|
| 559 | if (N) {
|
---|
| 560 | if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0)
|
---|
| 561 | goto err;
|
---|
| 562 | N_bn_alloc = BN_bin2bn(tmp, len, NULL);
|
---|
| 563 | N_bn = N_bn_alloc;
|
---|
| 564 | if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0)
|
---|
| 565 | goto err;
|
---|
| 566 | g_bn_alloc = BN_bin2bn(tmp, len, NULL);
|
---|
| 567 | g_bn = g_bn_alloc;
|
---|
| 568 | defgNid = "*";
|
---|
| 569 | } else {
|
---|
| 570 | SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
|
---|
| 571 | if (gN == NULL)
|
---|
| 572 | goto err;
|
---|
| 573 | N_bn = gN->N;
|
---|
| 574 | g_bn = gN->g;
|
---|
| 575 | defgNid = gN->id;
|
---|
| 576 | }
|
---|
| 577 |
|
---|
| 578 | if (*salt == NULL) {
|
---|
| 579 | if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
|
---|
| 580 | goto err;
|
---|
| 581 |
|
---|
| 582 | s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
|
---|
| 583 | } else {
|
---|
| 584 | if ((len = t_fromb64(tmp2, sizeof(tmp2), *salt)) <= 0)
|
---|
| 585 | goto err;
|
---|
| 586 | s = BN_bin2bn(tmp2, len, NULL);
|
---|
| 587 | }
|
---|
| 588 |
|
---|
| 589 | if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
|
---|
| 590 | goto err;
|
---|
| 591 |
|
---|
| 592 | BN_bn2bin(v, tmp);
|
---|
| 593 | vfsize = BN_num_bytes(v) * 2;
|
---|
| 594 | if (((vf = OPENSSL_malloc(vfsize)) == NULL))
|
---|
| 595 | goto err;
|
---|
| 596 | t_tob64(vf, tmp, BN_num_bytes(v));
|
---|
| 597 |
|
---|
| 598 | if (*salt == NULL) {
|
---|
| 599 | char *tmp_salt;
|
---|
| 600 |
|
---|
| 601 | if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
|
---|
| 602 | goto err;
|
---|
| 603 | }
|
---|
| 604 | t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
|
---|
| 605 | *salt = tmp_salt;
|
---|
| 606 | }
|
---|
| 607 |
|
---|
| 608 | *verifier = vf;
|
---|
| 609 | vf = NULL;
|
---|
| 610 | result = defgNid;
|
---|
| 611 |
|
---|
| 612 | err:
|
---|
| 613 | BN_free(N_bn_alloc);
|
---|
| 614 | BN_free(g_bn_alloc);
|
---|
| 615 | OPENSSL_clear_free(vf, vfsize);
|
---|
| 616 | BN_clear_free(s);
|
---|
| 617 | BN_clear_free(v);
|
---|
| 618 | return result;
|
---|
| 619 | }
|
---|
| 620 |
|
---|
| 621 | /*
|
---|
| 622 | * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL
|
---|
| 623 | * then the provided salt will be used. On successful exit *verifier will point
|
---|
| 624 | * to a newly allocated BIGNUM containing the verifier and (if a salt was not
|
---|
| 625 | * provided) *salt will be populated with a newly allocated BIGNUM containing a
|
---|
| 626 | * random salt.
|
---|
| 627 | * The caller is responsible for freeing the allocated *salt and *verifier
|
---|
| 628 | * BIGNUMS.
|
---|
| 629 | */
|
---|
| 630 | int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
|
---|
| 631 | BIGNUM **verifier, const BIGNUM *N,
|
---|
| 632 | const BIGNUM *g)
|
---|
| 633 | {
|
---|
| 634 | int result = 0;
|
---|
| 635 | BIGNUM *x = NULL;
|
---|
| 636 | BN_CTX *bn_ctx = BN_CTX_new();
|
---|
| 637 | unsigned char tmp2[MAX_LEN];
|
---|
| 638 | BIGNUM *salttmp = NULL;
|
---|
| 639 |
|
---|
| 640 | if ((user == NULL) ||
|
---|
| 641 | (pass == NULL) ||
|
---|
| 642 | (salt == NULL) ||
|
---|
| 643 | (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL))
|
---|
| 644 | goto err;
|
---|
| 645 |
|
---|
| 646 | if (*salt == NULL) {
|
---|
| 647 | if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
|
---|
| 648 | goto err;
|
---|
| 649 |
|
---|
| 650 | salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
|
---|
| 651 | } else {
|
---|
| 652 | salttmp = *salt;
|
---|
| 653 | }
|
---|
| 654 |
|
---|
| 655 | x = SRP_Calc_x(salttmp, user, pass);
|
---|
| 656 |
|
---|
| 657 | *verifier = BN_new();
|
---|
| 658 | if (*verifier == NULL)
|
---|
| 659 | goto err;
|
---|
| 660 |
|
---|
| 661 | if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) {
|
---|
| 662 | BN_clear_free(*verifier);
|
---|
| 663 | goto err;
|
---|
| 664 | }
|
---|
| 665 |
|
---|
| 666 | result = 1;
|
---|
| 667 | *salt = salttmp;
|
---|
| 668 |
|
---|
| 669 | err:
|
---|
| 670 | if (salt != NULL && *salt != salttmp)
|
---|
| 671 | BN_clear_free(salttmp);
|
---|
| 672 | BN_clear_free(x);
|
---|
| 673 | BN_CTX_free(bn_ctx);
|
---|
| 674 | return result;
|
---|
| 675 | }
|
---|
| 676 |
|
---|
| 677 | #endif
|
---|