[thirdparty/openssl.git] / crypto / srp / srp_lib.c

/* crypto/srp/srp_lib.c */
/*
 * Written by Christophe Renou (christophe.renou@edelweb.fr) with the
 * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
 * EdelKey project and contributed to the OpenSSL project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
#ifndef OPENSSL_NO_SRP
# include "cryptlib.h"
# include <openssl/sha.h>
# include <openssl/srp.h>
# include <openssl/evp.h>
# include "internal/bn_srp.h"

static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
{
    /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */

    unsigned char digest[SHA_DIGEST_LENGTH];
    unsigned char *tmp;
    EVP_MD_CTX ctxt;
    int longg;
    int longN = BN_num_bytes(N);

    if (BN_ucmp(g, N) >= 0)
        return NULL;

    if ((tmp = OPENSSL_malloc(longN)) == NULL)
        return NULL;
    BN_bn2bin(N, tmp);

    EVP_MD_CTX_init(&ctxt);
    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
    EVP_DigestUpdate(&ctxt, tmp, longN);

    memset(tmp, 0, longN);
    longg = BN_bn2bin(g, tmp);
    /* use the zeros behind to pad on left */
    EVP_DigestUpdate(&ctxt, tmp + longg, longN - longg);
    EVP_DigestUpdate(&ctxt, tmp, longg);
    OPENSSL_free(tmp);

    EVP_DigestFinal_ex(&ctxt, digest, NULL);
    EVP_MD_CTX_cleanup(&ctxt);
    return BN_bin2bn(digest, sizeof(digest), NULL);
}

BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
{
    /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */

    BIGNUM *u;
    unsigned char cu[SHA_DIGEST_LENGTH];
    unsigned char *cAB;
    EVP_MD_CTX ctxt;
    int longN;
    if ((A == NULL) || (B == NULL) || (N == NULL))
        return NULL;

    if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0)
        return NULL;

    longN = BN_num_bytes(N);

    if ((cAB = OPENSSL_malloc(2 * longN)) == NULL)
        return NULL;

    memset(cAB, 0, longN);

    EVP_MD_CTX_init(&ctxt);
    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
    EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
    EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
    OPENSSL_free(cAB);
    EVP_DigestFinal_ex(&ctxt, cu, NULL);
    EVP_MD_CTX_cleanup(&ctxt);

    if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL)
        return NULL;
    if (!BN_is_zero(u))
        return u;
    BN_free(u);
    return NULL;
}

BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
                            BIGNUM *N)
{
    BIGNUM *tmp = NULL, *S = NULL;
    BN_CTX *bn_ctx;

    if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
        return NULL;

    if ((bn_ctx = BN_CTX_new()) == NULL ||
        (tmp = BN_new()) == NULL || (S = BN_new()) == NULL)
        goto err;

    /* S = (A*v**u) ** b */

    if (!BN_mod_exp(tmp, v, u, N, bn_ctx))
        goto err;
    if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
        goto err;
    if (!BN_mod_exp(S, tmp, b, N, bn_ctx))
        goto err;
 err:
    BN_CTX_free(bn_ctx);
    BN_clear_free(tmp);
    return S;
}

BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
{
    BIGNUM *kv = NULL, *gb = NULL;
    BIGNUM *B = NULL, *k = NULL;
    BN_CTX *bn_ctx;

    if (b == NULL || N == NULL || g == NULL || v == NULL ||
        (bn_ctx = BN_CTX_new()) == NULL)
        return NULL;

    if ((kv = BN_new()) == NULL ||
        (gb = BN_new()) == NULL || (B = BN_new()) == NULL)
        goto err;

    /* B = g**b + k*v */

    if (!BN_mod_exp(gb, g, b, N, bn_ctx)
        || (k = srp_Calc_k(N, g)) == NULL
        || !BN_mod_mul(kv, v, k, N, bn_ctx)
        || !BN_mod_add(B, gb, kv, N, bn_ctx)) {
        BN_free(B);
        B = NULL;
    }
 err:
    BN_CTX_free(bn_ctx);
    BN_clear_free(kv);
    BN_clear_free(gb);
    BN_free(k);
    return B;
}

BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
{
    unsigned char dig[SHA_DIGEST_LENGTH];
    EVP_MD_CTX ctxt;
    unsigned char *cs;

    if ((s == NULL) || (user == NULL) || (pass == NULL))
        return NULL;

    if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
        return NULL;

    EVP_MD_CTX_init(&ctxt);
    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
    EVP_DigestUpdate(&ctxt, user, strlen(user));
    EVP_DigestUpdate(&ctxt, ":", 1);
    EVP_DigestUpdate(&ctxt, pass, strlen(pass));
    EVP_DigestFinal_ex(&ctxt, dig, NULL);

    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
    BN_bn2bin(s, cs);
    EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s));
    OPENSSL_free(cs);
    EVP_DigestUpdate(&ctxt, dig, sizeof(dig));
    EVP_DigestFinal_ex(&ctxt, dig, NULL);
    EVP_MD_CTX_cleanup(&ctxt);

    return BN_bin2bn(dig, sizeof(dig), NULL);
}

BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
{
    BN_CTX *bn_ctx;
    BIGNUM *A = NULL;

    if (a == NULL || N == NULL || g == NULL || (bn_ctx = BN_CTX_new()) == NULL)
        return NULL;

    if ((A = BN_new()) != NULL && !BN_mod_exp(A, g, a, N, bn_ctx)) {
        BN_free(A);
        A = NULL;
    }
    BN_CTX_free(bn_ctx);
    return A;
}

BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
                            BIGNUM *a, BIGNUM *u)
{
    BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
    BN_CTX *bn_ctx;

    if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL
        || a == NULL || (bn_ctx = BN_CTX_new()) == NULL)
        return NULL;

    if ((tmp = BN_new()) == NULL ||
        (tmp2 = BN_new()) == NULL ||
        (tmp3 = BN_new()) == NULL ||
        (K = BN_new()) == NULL)
        goto err;

    if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
        goto err;
    if ((k = srp_Calc_k(N, g)) == NULL)
        goto err;
    if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx))
        goto err;
    if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
        goto err;
    if (!BN_mod_mul(tmp3, u, x, N, bn_ctx))
        goto err;
    if (!BN_mod_add(tmp2, a, tmp3, N, bn_ctx))
        goto err;
    if (!BN_mod_exp(K, tmp, tmp2, N, bn_ctx))
        goto err;

 err:
    BN_CTX_free(bn_ctx);
    BN_clear_free(tmp);
    BN_clear_free(tmp2);
    BN_clear_free(tmp3);
    BN_free(k);
    return K;
}

int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
{
    BIGNUM *r;
    BN_CTX *bn_ctx;
    int ret = 0;

    if (B == NULL || N == NULL || (bn_ctx = BN_CTX_new()) == NULL)
        return 0;

    if ((r = BN_new()) == NULL)
        goto err;
    /* Checks if B % N == 0 */
    if (!BN_nnmod(r, B, N, bn_ctx))
        goto err;
    ret = !BN_is_zero(r);
 err:
    BN_CTX_free(bn_ctx);
    BN_free(r);
    return ret;
}

int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N)
{
    /* Checks if A % N == 0 */
    return SRP_Verify_B_mod_N(A, N);
}

/*
 * Check if G and N are kwown parameters. The values have been generated
 * from the ietf-tls-srp draft version 8
 */
char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
{
    size_t i;
    if ((g == NULL) || (N == NULL))
        return 0;

    for (i = 0; i < KNOWN_GN_NUMBER; i++) {
        if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0)
            return knowngN[i].id;
    }
    return NULL;
}

SRP_gN *SRP_get_default_gN(const char *id)
{
    size_t i;

    if (id == NULL)
        return knowngN;
    for (i = 0; i < KNOWN_GN_NUMBER; i++) {
        if (strcmp(knowngN[i].id, id) == 0)
            return knowngN + i;
    }
    return NULL;
}
#endif
Commit	Line	Data
edc032b5	1	/* crypto/srp/srp_lib.c */
0f113f3e MC	2	/*
	3	* Written by Christophe Renou (christophe.renou@edelweb.fr) with the
	4	* precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
	5	* EdelKey project and contributed to the OpenSSL project 2004.
edc032b5 BL	6	*/
	7	/* ====================================================================
	8	* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
	9	*
	10	* Redistribution and use in source and binary forms, with or without
	11	* modification, are permitted provided that the following conditions
	12	* are met:
	13	*
	14	* 1. Redistributions of source code must retain the above copyright
0f113f3e	15	* notice, this list of conditions and the following disclaimer.
edc032b5 BL	16	*
	17	* 2. Redistributions in binary form must reproduce the above copyright
	18	* notice, this list of conditions and the following disclaimer in
	19	* the documentation and/or other materials provided with the
	20	* distribution.
	21	*
	22	* 3. All advertising materials mentioning features or use of this
	23	* software must display the following acknowledgment:
	24	* "This product includes software developed by the OpenSSL Project
	25	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	26	*
	27	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	28	* endorse or promote products derived from this software without
	29	* prior written permission. For written permission, please contact
	30	* licensing@OpenSSL.org.
	31	*
	32	* 5. Products derived from this software may not be called "OpenSSL"
	33	* nor may "OpenSSL" appear in their names without prior written
	34	* permission of the OpenSSL Project.
	35	*
	36	* 6. Redistributions of any form whatsoever must retain the following
	37	* acknowledgment:
	38	* "This product includes software developed by the OpenSSL Project
	39	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	42	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	44	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	45	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	46	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	47	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	48	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	49	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	50	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	51	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	52	* OF THE POSSIBILITY OF SUCH DAMAGE.
	53	* ====================================================================
	54	*
	55	* This product includes cryptographic software written by Eric Young
	56	* (eay@cryptsoft.com). This product includes software written by Tim
	57	* Hudson (tjh@cryptsoft.com).
	58	*
	59	*/
	60	#ifndef OPENSSL_NO_SRP
0f113f3e	61	# include "cryptlib.h"
dfb56425	62	# include <openssl/sha.h>
0f113f3e MC	63	# include <openssl/srp.h>
	64	# include <openssl/evp.h>
	65	# include "internal/bn_srp.h"
edc032b5 BL	66
edc032b5 BL	67	static BIGNUM srp_Calc_k(BIGNUM N, BIGNUM *g)
0f113f3e MC	68	{
	69	/* k = SHA1(N \| PAD(g)) -- tls-srp draft 8 */
	70
	71	unsigned char digest[SHA_DIGEST_LENGTH];
	72	unsigned char *tmp;
	73	EVP_MD_CTX ctxt;
	74	int longg;
	75	int longN = BN_num_bytes(N);
	76
	77	if (BN_ucmp(g, N) >= 0)
	78	return NULL;
	79
	80	if ((tmp = OPENSSL_malloc(longN)) == NULL)
	81	return NULL;
	82	BN_bn2bin(N, tmp);
	83
	84	EVP_MD_CTX_init(&ctxt);
	85	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
	86	EVP_DigestUpdate(&ctxt, tmp, longN);
	87
	88	memset(tmp, 0, longN);
	89	longg = BN_bn2bin(g, tmp);
	90	/* use the zeros behind to pad on left */
	91	EVP_DigestUpdate(&ctxt, tmp + longg, longN - longg);
	92	EVP_DigestUpdate(&ctxt, tmp, longg);
	93	OPENSSL_free(tmp);
	94
	95	EVP_DigestFinal_ex(&ctxt, digest, NULL);
	96	EVP_MD_CTX_cleanup(&ctxt);
	97	return BN_bin2bn(digest, sizeof(digest), NULL);
	98	}
edc032b5 BL	99
edc032b5 BL	100	BIGNUM SRP_Calc_u(BIGNUM A, BIGNUM B, BIGNUM N)
0f113f3e MC	101	{
	102	/* k = SHA1(PAD(A) \|\| PAD(B) ) -- tls-srp draft 8 */
	103
	104	BIGNUM *u;
	105	unsigned char cu[SHA_DIGEST_LENGTH];
	106	unsigned char *cAB;
	107	EVP_MD_CTX ctxt;
	108	int longN;
	109	if ((A == NULL) \|\| (B == NULL) \|\| (N == NULL))
	110	return NULL;
	111
	112	if (BN_ucmp(A, N) >= 0 \|\| BN_ucmp(B, N) >= 0)
	113	return NULL;
	114
	115	longN = BN_num_bytes(N);
	116
	117	if ((cAB = OPENSSL_malloc(2 * longN)) == NULL)
	118	return NULL;
	119
	120	memset(cAB, 0, longN);
	121
	122	EVP_MD_CTX_init(&ctxt);
	123	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
	124	EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
	125	EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
	126	OPENSSL_free(cAB);
	127	EVP_DigestFinal_ex(&ctxt, cu, NULL);
	128	EVP_MD_CTX_cleanup(&ctxt);
	129
75ebbd9a	130	if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL)
0f113f3e MC	131	return NULL;
	132	if (!BN_is_zero(u))
	133	return u;
	134	BN_free(u);
	135	return NULL;
edc032b5 BL	136	}
edc032b5 BL	137
0f113f3e MC	138	BIGNUM SRP_Calc_server_key(BIGNUM A, BIGNUM v, BIGNUM u, BIGNUM *b,
	139	BIGNUM *N)
	140	{
	141	BIGNUM tmp = NULL, S = NULL;
	142	BN_CTX *bn_ctx;
	143
	144	if (u == NULL \|\| A == NULL \|\| v == NULL \|\| b == NULL \|\| N == NULL)
	145	return NULL;
	146
	147	if ((bn_ctx = BN_CTX_new()) == NULL \|\|
	148	(tmp = BN_new()) == NULL \|\| (S = BN_new()) == NULL)
	149	goto err;
	150
	151	/* S = (Avu) * b */
	152
	153	if (!BN_mod_exp(tmp, v, u, N, bn_ctx))
	154	goto err;
	155	if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
	156	goto err;
	157	if (!BN_mod_exp(S, tmp, b, N, bn_ctx))
	158	goto err;
	159	err:
	160	BN_CTX_free(bn_ctx);
	161	BN_clear_free(tmp);
	162	return S;
	163	}
edc032b5 BL	164
edc032b5 BL	165	BIGNUM SRP_Calc_B(BIGNUM b, BIGNUM N, BIGNUM g, BIGNUM *v)
0f113f3e MC	166	{
	167	BIGNUM kv = NULL, gb = NULL;
	168	BIGNUM B = NULL, k = NULL;
	169	BN_CTX *bn_ctx;
	170
	171	if (b == NULL \|\| N == NULL \|\| g == NULL \|\| v == NULL \|\|
	172	(bn_ctx = BN_CTX_new()) == NULL)
	173	return NULL;
	174
	175	if ((kv = BN_new()) == NULL \|\|
	176	(gb = BN_new()) == NULL \|\| (B = BN_new()) == NULL)
	177	goto err;
	178
	179	/* B = g*b + kv */
	180
75ebbd9a RS	181	if (!BN_mod_exp(gb, g, b, N, bn_ctx)
	182	\|\| (k = srp_Calc_k(N, g)) == NULL
	183	\|\| !BN_mod_mul(kv, v, k, N, bn_ctx)
	184	\|\| !BN_mod_add(B, gb, kv, N, bn_ctx)) {
0f113f3e MC	185	BN_free(B);
	186	B = NULL;
	187	}
	188	err:
	189	BN_CTX_free(bn_ctx);
	190	BN_clear_free(kv);
	191	BN_clear_free(gb);
	192	BN_free(k);
	193	return B;
	194	}
edc032b5 BL	195
edc032b5 BL	196	BIGNUM SRP_Calc_x(BIGNUM s, const char user, const char pass)
0f113f3e MC	197	{
	198	unsigned char dig[SHA_DIGEST_LENGTH];
	199	EVP_MD_CTX ctxt;
	200	unsigned char *cs;
	201
	202	if ((s == NULL) \|\| (user == NULL) \|\| (pass == NULL))
	203	return NULL;
	204
	205	if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
	206	return NULL;
	207
	208	EVP_MD_CTX_init(&ctxt);
	209	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
	210	EVP_DigestUpdate(&ctxt, user, strlen(user));
	211	EVP_DigestUpdate(&ctxt, ":", 1);
	212	EVP_DigestUpdate(&ctxt, pass, strlen(pass));
	213	EVP_DigestFinal_ex(&ctxt, dig, NULL);
	214
	215	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
	216	BN_bn2bin(s, cs);
	217	EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s));
	218	OPENSSL_free(cs);
	219	EVP_DigestUpdate(&ctxt, dig, sizeof(dig));
	220	EVP_DigestFinal_ex(&ctxt, dig, NULL);
	221	EVP_MD_CTX_cleanup(&ctxt);
	222
	223	return BN_bin2bn(dig, sizeof(dig), NULL);
	224	}
edc032b5 BL	225
edc032b5 BL	226	BIGNUM SRP_Calc_A(BIGNUM a, BIGNUM N, BIGNUM g)
0f113f3e MC	227	{
	228	BN_CTX *bn_ctx;
	229	BIGNUM *A = NULL;
	230
23a1d5e9	231	if (a == NULL \|\| N == NULL \|\| g == NULL \|\| (bn_ctx = BN_CTX_new()) == NULL)
0f113f3e MC	232	return NULL;
	233
	234	if ((A = BN_new()) != NULL && !BN_mod_exp(A, g, a, N, bn_ctx)) {
	235	BN_free(A);
	236	A = NULL;
	237	}
	238	BN_CTX_free(bn_ctx);
	239	return A;
	240	}
	241
	242	BIGNUM SRP_Calc_client_key(BIGNUM N, BIGNUM B, BIGNUM g, BIGNUM *x,
	243	BIGNUM a, BIGNUM u)
	244	{
	245	BIGNUM tmp = NULL, tmp2 = NULL, tmp3 = NULL, k = NULL, *K = NULL;
	246	BN_CTX *bn_ctx;
	247
	248	if (u == NULL \|\| B == NULL \|\| N == NULL \|\| g == NULL \|\| x == NULL
	249	\|\| a == NULL \|\| (bn_ctx = BN_CTX_new()) == NULL)
	250	return NULL;
	251
	252	if ((tmp = BN_new()) == NULL \|\|
	253	(tmp2 = BN_new()) == NULL \|\|
23a1d5e9 RS	254	(tmp3 = BN_new()) == NULL \|\|
23a1d5e9 RS	255	(K = BN_new()) == NULL)
0f113f3e MC	256	goto err;
	257
	258	if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
	259	goto err;
75ebbd9a	260	if ((k = srp_Calc_k(N, g)) == NULL)
0f113f3e MC	261	goto err;
	262	if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx))
	263	goto err;
	264	if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
	265	goto err;
0f113f3e MC	266	if (!BN_mod_mul(tmp3, u, x, N, bn_ctx))
	267	goto err;
	268	if (!BN_mod_add(tmp2, a, tmp3, N, bn_ctx))
	269	goto err;
	270	if (!BN_mod_exp(K, tmp, tmp2, N, bn_ctx))
	271	goto err;
	272
	273	err:
	274	BN_CTX_free(bn_ctx);
	275	BN_clear_free(tmp);
	276	BN_clear_free(tmp2);
	277	BN_clear_free(tmp3);
	278	BN_free(k);
	279	return K;
	280	}
edc032b5 BL	281
edc032b5 BL	282	int SRP_Verify_B_mod_N(BIGNUM B, BIGNUM N)
0f113f3e MC	283	{
	284	BIGNUM *r;
	285	BN_CTX *bn_ctx;
	286	int ret = 0;
	287
	288	if (B == NULL \|\| N == NULL \|\| (bn_ctx = BN_CTX_new()) == NULL)
	289	return 0;
	290
	291	if ((r = BN_new()) == NULL)
	292	goto err;
	293	/* Checks if B % N == 0 */
	294	if (!BN_nnmod(r, B, N, bn_ctx))
	295	goto err;
	296	ret = !BN_is_zero(r);
	297	err:
	298	BN_CTX_free(bn_ctx);
	299	BN_free(r);
	300	return ret;
	301	}
edc032b5 BL	302
edc032b5 BL	303	int SRP_Verify_A_mod_N(BIGNUM A, BIGNUM N)
0f113f3e MC	304	{
	305	/* Checks if A % N == 0 */
	306	return SRP_Verify_B_mod_N(A, N);
	307	}
	308
	309	/*
	310	* Check if G and N are kwown parameters. The values have been generated
	311	* from the ietf-tls-srp draft version 8
	312	*/
	313	char SRP_check_known_gN_param(BIGNUM g, BIGNUM *N)
	314	{
	315	size_t i;
	316	if ((g == NULL) \|\| (N == NULL))
	317	return 0;
	318
0f113f3e MC	319	for (i = 0; i < KNOWN_GN_NUMBER; i++) {
	320	if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0)
	321	return knowngN[i].id;
	322	}
	323	return NULL;
	324	}
edc032b5	325
71fa4513	326	SRP_gN SRP_get_default_gN(const char id)
0f113f3e MC	327	{
	328	size_t i;
	329
	330	if (id == NULL)
	331	return knowngN;
	332	for (i = 0; i < KNOWN_GN_NUMBER; i++) {
	333	if (strcmp(knowngN[i].id, id) == 0)
	334	return knowngN + i;
	335	}
	336	return NULL;
	337	}
edc032b5	338	#endif