[thirdparty/openssl.git] / crypto / srp / srp_vfy.c

/* crypto/srp/srp_vfy.c */
/*
 * Written by Christophe Renou (christophe.renou@edelweb.fr) with the
 * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
 * EdelKey project and contributed to the OpenSSL project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
#ifndef OPENSSL_NO_SRP
# include "cryptlib.h"
# include "srp_lcl.h"
# include <openssl/srp.h>
# include <openssl/evp.h>
# include <openssl/buffer.h>
# include <openssl/rand.h>
# include <openssl/txt_db.h>

# define SRP_RANDOM_SALT_LEN 20
# define MAX_LEN 2500

static char b64table[] =
    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";

/*
 * the following two conversion routines have been inspired by code from
 * Stanford
 */

/*
 * Convert a base64 string into raw byte array representation.
 */
static int t_fromb64(unsigned char *a, const char *src)
{
    char *loc;
    int i, j;
    int size;

    while (*src && (*src == ' ' || *src == '\t' || *src == '\n'))
        ++src;
    size = strlen(src);
    i = 0;
    while (i < size) {
        loc = strchr(b64table, src[i]);
        if (loc == (char *)0)
            break;
        else
            a[i] = loc - b64table;
        ++i;
    }
    /* if nothing valid to process we have a zero length response */
    if (i == 0)
        return 0;
    size = i;
    i = size - 1;
    j = size;
    while (1) {
        a[j] = a[i];
        if (--i < 0)
            break;
        a[j] |= (a[i] & 3) << 6;
        --j;
        a[j] = (unsigned char)((a[i] & 0x3c) >> 2);
        if (--i < 0)
            break;
        a[j] |= (a[i] & 0xf) << 4;
        --j;
        a[j] = (unsigned char)((a[i] & 0x30) >> 4);
        if (--i < 0)
            break;
        a[j] |= (a[i] << 2);

        a[--j] = 0;
        if (--i < 0)
            break;
    }
    while (a[j] == 0 && j <= size)
        ++j;
    i = 0;
    while (j <= size)
        a[i++] = a[j++];
    return i;
}

/*
 * Convert a raw byte string into a null-terminated base64 ASCII string.
 */
static char *t_tob64(char *dst, const unsigned char *src, int size)
{
    int c, pos = size % 3;
    unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0;
    char *olddst = dst;

    switch (pos) {
    case 1:
        b2 = src[0];
        break;
    case 2:
        b1 = src[0];
        b2 = src[1];
        break;
    }

    while (1) {
        c = (b0 & 0xfc) >> 2;
        if (notleading || c != 0) {
            *dst++ = b64table[c];
            notleading = 1;
        }
        c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4);
        if (notleading || c != 0) {
            *dst++ = b64table[c];
            notleading = 1;
        }
        c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6);
        if (notleading || c != 0) {
            *dst++ = b64table[c];
            notleading = 1;
        }
        c = b2 & 0x3f;
        if (notleading || c != 0) {
            *dst++ = b64table[c];
            notleading = 1;
        }
        if (pos >= size)
            break;
        else {
            b0 = src[pos++];
            b1 = src[pos++];
            b2 = src[pos++];
        }
    }

    *dst++ = '\0';
    return olddst;
}

static void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
{
    if (user_pwd == NULL)
        return;
    BN_free(user_pwd->s);
    BN_clear_free(user_pwd->v);
    OPENSSL_free(user_pwd->id);
    OPENSSL_free(user_pwd->info);
    OPENSSL_free(user_pwd);
}

static SRP_user_pwd *SRP_user_pwd_new(void)
{
    SRP_user_pwd *ret = OPENSSL_malloc(sizeof(SRP_user_pwd));
    if (ret == NULL)
        return NULL;
    ret->N = NULL;
    ret->g = NULL;
    ret->s = NULL;
    ret->v = NULL;
    ret->id = NULL;
    ret->info = NULL;
    return ret;
}

static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
                                const BIGNUM *N)
{
    vinfo->N = N;
    vinfo->g = g;
}

static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
                                const char *info)
{
    if (id != NULL && NULL == (vinfo->id = BUF_strdup(id)))
        return 0;
    return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));
}

static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
                               const char *v)
{
    unsigned char tmp[MAX_LEN];
    int len;

    if (strlen(s) > MAX_LEN || strlen(v) > MAX_LEN)
        return 0;
    len = t_fromb64(tmp, v);
    if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)))
        return 0;
    len = t_fromb64(tmp, s);
    return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
}

static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
{
    vinfo->v = v;
    vinfo->s = s;
    return (vinfo->s != NULL && vinfo->v != NULL);
}

SRP_VBASE *SRP_VBASE_new(char *seed_key)
{
    SRP_VBASE *vb = (SRP_VBASE *)OPENSSL_malloc(sizeof(SRP_VBASE));

    if (vb == NULL)
        return NULL;
    if (!(vb->users_pwd = sk_SRP_user_pwd_new_null()) ||
        !(vb->gN_cache = sk_SRP_gN_cache_new_null())) {
        OPENSSL_free(vb);
        return NULL;
    }
    vb->default_g = NULL;
    vb->default_N = NULL;
    vb->seed_key = NULL;
    if ((seed_key != NULL) && (vb->seed_key = BUF_strdup(seed_key)) == NULL) {
        sk_SRP_user_pwd_free(vb->users_pwd);
        sk_SRP_gN_cache_free(vb->gN_cache);
        OPENSSL_free(vb);
        return NULL;
    }
    return vb;
}

int SRP_VBASE_free(SRP_VBASE *vb)
{
    sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free);
    sk_SRP_gN_cache_free(vb->gN_cache);
    OPENSSL_free(vb->seed_key);
    OPENSSL_free(vb);
    return 0;
}

static SRP_gN_cache *SRP_gN_new_init(const char *ch)
{
    unsigned char tmp[MAX_LEN];
    int len;

    SRP_gN_cache *newgN =
        (SRP_gN_cache *)OPENSSL_malloc(sizeof(SRP_gN_cache));
    if (newgN == NULL)
        return NULL;

    if ((newgN->b64_bn = BUF_strdup(ch)) == NULL)
        goto err;

    len = t_fromb64(tmp, ch);
    if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
        return newgN;

    OPENSSL_free(newgN->b64_bn);
 err:
    OPENSSL_free(newgN);
    return NULL;
}

static void SRP_gN_free(SRP_gN_cache *gN_cache)
{
    if (gN_cache == NULL)
        return;
    OPENSSL_free(gN_cache->b64_bn);
    BN_free(gN_cache->bn);
    OPENSSL_free(gN_cache);
}

static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
{
    int i;

    SRP_gN *gN;
    if (gN_tab != NULL)
        for (i = 0; i < sk_SRP_gN_num(gN_tab); i++) {
            gN = sk_SRP_gN_value(gN_tab, i);
            if (gN && (id == NULL || strcmp(gN->id, id) == 0))
                return gN;
        }

    return SRP_get_default_gN(id);
}

static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
{
    int i;
    if (gN_cache == NULL)
        return NULL;

    /* search if we have already one... */
    for (i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) {
        SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i);
        if (strcmp(cache->b64_bn, ch) == 0)
            return cache->bn;
    }
    {                           /* it is the first time that we find it */
        SRP_gN_cache *newgN = SRP_gN_new_init(ch);
        if (newgN) {
            if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0)
                return newgN->bn;
            SRP_gN_free(newgN);
        }
    }
    return NULL;
}

/*
 * this function parses verifier file. Format is:
 * string(index):base64(N):base64(g):0
 * string(username):base64(v):base64(salt):int(index)
 */

int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
{
    int error_code;
    STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null();
    char *last_index = NULL;
    int i;
    char **pp;

    SRP_gN *gN = NULL;
    SRP_user_pwd *user_pwd = NULL;

    TXT_DB *tmpdb = NULL;
    BIO *in = BIO_new(BIO_s_file());

    error_code = SRP_ERR_OPEN_FILE;

    if (in == NULL || BIO_read_filename(in, verifier_file) <= 0)
        goto err;

    error_code = SRP_ERR_VBASE_INCOMPLETE_FILE;

    if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
        goto err;

    error_code = SRP_ERR_MEMORY;

    if (vb->seed_key) {
        last_index = SRP_get_default_gN(NULL)->id;
    }
    for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) {
        pp = sk_OPENSSL_PSTRING_value(tmpdb->data, i);
        if (pp[DB_srptype][0] == DB_SRP_INDEX) {
            /*
             * we add this couple in the internal Stack
             */

            if ((gN = (SRP_gN *) OPENSSL_malloc(sizeof(SRP_gN))) == NULL)
                goto err;

            if (!(gN->id = BUF_strdup(pp[DB_srpid]))
                || !(gN->N =
                     SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
                || !(gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
                || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0)
                goto err;

            gN = NULL;

            if (vb->seed_key != NULL) {
                last_index = pp[DB_srpid];
            }
        } else if (pp[DB_srptype][0] == DB_SRP_VALID) {
            /* it is a user .... */
            const SRP_gN *lgN;

            if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) {
                error_code = SRP_ERR_MEMORY;
                if ((user_pwd = SRP_user_pwd_new()) == NULL)
                    goto err;

                SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
                if (!SRP_user_pwd_set_ids
                    (user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
                    goto err;

                error_code = SRP_ERR_VBASE_BN_LIB;
                if (!SRP_user_pwd_set_sv
                    (user_pwd, pp[DB_srpsalt], pp[DB_srpverifier]))
                    goto err;

                if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
                    goto err;
                user_pwd = NULL; /* abandon responsability */
            }
        }
    }

    if (last_index != NULL) {
        /* this means that we want to simulate a default user */

        if (((gN = SRP_get_gN_by_id(last_index, SRP_gN_tab)) == NULL)) {
            error_code = SRP_ERR_VBASE_BN_LIB;
            goto err;
        }
        vb->default_g = gN->g;
        vb->default_N = gN->N;
        gN = NULL;
    }
    error_code = SRP_NO_ERROR;

 err:
    /*
     * there may be still some leaks to fix, if this fails, the application
     * terminates most likely
     */

    if (gN != NULL) {
        OPENSSL_free(gN->id);
        OPENSSL_free(gN);
    }

    SRP_user_pwd_free(user_pwd);

    if (tmpdb)
        TXT_DB_free(tmpdb);
    if (in)
        BIO_free_all(in);

    sk_SRP_gN_free(SRP_gN_tab);

    return error_code;

}

SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
{
    int i;
    SRP_user_pwd *user;
    unsigned char digv[SHA_DIGEST_LENGTH];
    unsigned char digs[SHA_DIGEST_LENGTH];
    EVP_MD_CTX ctxt;

    if (vb == NULL)
        return NULL;
    for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
        user = sk_SRP_user_pwd_value(vb->users_pwd, i);
        if (strcmp(user->id, username) == 0)
            return user;
    }
    if ((vb->seed_key == NULL) ||
        (vb->default_g == NULL) || (vb->default_N == NULL))
        return NULL;

/* if the user is unknown we set parameters as well if we have a seed_key */

    if ((user = SRP_user_pwd_new()) == NULL)
        return NULL;

    SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);

    if (!SRP_user_pwd_set_ids(user, username, NULL))
        goto err;

    RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH);
    EVP_MD_CTX_init(&ctxt);
    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
    EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key));
    EVP_DigestUpdate(&ctxt, username, strlen(username));
    EVP_DigestFinal_ex(&ctxt, digs, NULL);
    EVP_MD_CTX_cleanup(&ctxt);
    if (SRP_user_pwd_set_sv_BN
        (user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
         BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
        return user;

 err:SRP_user_pwd_free(user);
    return NULL;
}

/*
 * create a verifier (*salt,*verifier,g and N are in base64)
 */
char *SRP_create_verifier(const char *user, const char *pass, char **salt,
                          char **verifier, const char *N, const char *g)
{
    int len;
    char *result = NULL;
    char *vf;
    BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
    unsigned char tmp[MAX_LEN];
    unsigned char tmp2[MAX_LEN];
    char *defgNid = NULL;

    if ((user == NULL) ||
        (pass == NULL) || (salt == NULL) || (verifier == NULL))
        goto err;

    if (N) {
        if (!(len = t_fromb64(tmp, N)))
            goto err;
        N_bn = BN_bin2bn(tmp, len, NULL);
        if (!(len = t_fromb64(tmp, g)))
            goto err;
        g_bn = BN_bin2bn(tmp, len, NULL);
        defgNid = "*";
    } else {
        SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
        if (gN == NULL)
            goto err;
        N_bn = gN->N;
        g_bn = gN->g;
        defgNid = gN->id;
    }

    if (*salt == NULL) {
        RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);

        s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
    } else {
        if (!(len = t_fromb64(tmp2, *salt)))
            goto err;
        s = BN_bin2bn(tmp2, len, NULL);
    }

    if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
        goto err;

    BN_bn2bin(v, tmp);
    if (((vf = OPENSSL_malloc(BN_num_bytes(v) * 2)) == NULL))
        goto err;
    t_tob64(vf, tmp, BN_num_bytes(v));

    *verifier = vf;
    if (*salt == NULL) {
        char *tmp_salt;

        if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
            OPENSSL_free(vf);
            goto err;
        }
        t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
        *salt = tmp_salt;
    }

    result = defgNid;

 err:
    if (N) {
        BN_free(N_bn);
        BN_free(g_bn);
    }
    return result;
}

/*
 * create a verifier (*salt,*verifier,g and N are BIGNUMs)
 */
int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
                           BIGNUM **verifier, const BIGNUM *N,
                           const BIGNUM *g)
{
    int result = 0;
    BIGNUM *x = NULL;
    BN_CTX *bn_ctx = BN_CTX_new();
    unsigned char tmp2[MAX_LEN];

    if ((user == NULL) ||
        (pass == NULL) ||
        (salt == NULL) ||
        (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL))
        goto err;

    srp_bn_print(N);
    srp_bn_print(g);

    if (*salt == NULL) {
        RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);

        *salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
    }

    x = SRP_Calc_x(*salt, user, pass);

    *verifier = BN_new();
    if (*verifier == NULL)
        goto err;

    if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) {
        BN_clear_free(*verifier);
        goto err;
    }

    srp_bn_print(*verifier);

    result = 1;

 err:

    BN_clear_free(x);
    BN_CTX_free(bn_ctx);
    return result;
}

#endif
Commit	Line	Data
edc032b5	1	/* crypto/srp/srp_vfy.c */
0f113f3e MC	2	/*
	3	* Written by Christophe Renou (christophe.renou@edelweb.fr) with the
	4	* precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
	5	* EdelKey project and contributed to the OpenSSL project 2004.
edc032b5 BL	6	*/
	7	/* ====================================================================
	8	* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
	9	*
	10	* Redistribution and use in source and binary forms, with or without
	11	* modification, are permitted provided that the following conditions
	12	* are met:
	13	*
	14	* 1. Redistributions of source code must retain the above copyright
0f113f3e	15	* notice, this list of conditions and the following disclaimer.
edc032b5 BL	16	*
	17	* 2. Redistributions in binary form must reproduce the above copyright
	18	* notice, this list of conditions and the following disclaimer in
	19	* the documentation and/or other materials provided with the
	20	* distribution.
	21	*
	22	* 3. All advertising materials mentioning features or use of this
	23	* software must display the following acknowledgment:
	24	* "This product includes software developed by the OpenSSL Project
	25	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	26	*
	27	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	28	* endorse or promote products derived from this software without
	29	* prior written permission. For written permission, please contact
	30	* licensing@OpenSSL.org.
	31	*
	32	* 5. Products derived from this software may not be called "OpenSSL"
	33	* nor may "OpenSSL" appear in their names without prior written
	34	* permission of the OpenSSL Project.
	35	*
	36	* 6. Redistributions of any form whatsoever must retain the following
	37	* acknowledgment:
	38	* "This product includes software developed by the OpenSSL Project
	39	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	42	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	44	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	45	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	46	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	47	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	48	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	49	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	50	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	51	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	52	* OF THE POSSIBILITY OF SUCH DAMAGE.
	53	* ====================================================================
	54	*
	55	* This product includes cryptographic software written by Eric Young
	56	* (eay@cryptsoft.com). This product includes software written by Tim
	57	* Hudson (tjh@cryptsoft.com).
	58	*
	59	*/
	60	#ifndef OPENSSL_NO_SRP
0f113f3e MC	61	# include "cryptlib.h"
	62	# include "srp_lcl.h"
	63	# include <openssl/srp.h>
	64	# include <openssl/evp.h>
	65	# include <openssl/buffer.h>
	66	# include <openssl/rand.h>
	67	# include <openssl/txt_db.h>
edc032b5	68
0f113f3e MC	69	# define SRP_RANDOM_SALT_LEN 20
0f113f3e MC	70	# define MAX_LEN 2500
edc032b5 BL	71
edc032b5 BL	72	static char b64table[] =
0f113f3e	73	"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
edc032b5	74
0f113f3e MC	75	/*
	76	* the following two conversion routines have been inspired by code from
	77	* Stanford
	78	*/
edc032b5 BL	79
	80	/*
	81	* Convert a base64 string into raw byte array representation.
	82	*/
	83	static int t_fromb64(unsigned char a, const char src)
0f113f3e MC	84	{
	85	char *loc;
	86	int i, j;
	87	int size;
	88
	89	while (src && (src == ' ' \|\| src == '\t' \|\| src == '\n'))
	90	++src;
	91	size = strlen(src);
	92	i = 0;
	93	while (i < size) {
	94	loc = strchr(b64table, src[i]);
	95	if (loc == (char *)0)
	96	break;
	97	else
	98	a[i] = loc - b64table;
	99	++i;
	100	}
	101	/* if nothing valid to process we have a zero length response */
	102	if (i == 0)
	103	return 0;
	104	size = i;
	105	i = size - 1;
	106	j = size;
	107	while (1) {
	108	a[j] = a[i];
	109	if (--i < 0)
	110	break;
	111	a[j] \|= (a[i] & 3) << 6;
	112	--j;
	113	a[j] = (unsigned char)((a[i] & 0x3c) >> 2);
	114	if (--i < 0)
	115	break;
	116	a[j] \|= (a[i] & 0xf) << 4;
	117	--j;
	118	a[j] = (unsigned char)((a[i] & 0x30) >> 4);
	119	if (--i < 0)
	120	break;
	121	a[j] \|= (a[i] << 2);
	122
	123	a[--j] = 0;
	124	if (--i < 0)
	125	break;
	126	}
	127	while (a[j] == 0 && j <= size)
	128	++j;
	129	i = 0;
	130	while (j <= size)
	131	a[i++] = a[j++];
	132	return i;
	133	}
edc032b5 BL	134
	135	/*
	136	* Convert a raw byte string into a null-terminated base64 ASCII string.
	137	*/
	138	static char t_tob64(char dst, const unsigned char *src, int size)
0f113f3e MC	139	{
	140	int c, pos = size % 3;
	141	unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0;
	142	char *olddst = dst;
	143
	144	switch (pos) {
	145	case 1:
	146	b2 = src[0];
	147	break;
	148	case 2:
	149	b1 = src[0];
	150	b2 = src[1];
	151	break;
	152	}
	153
	154	while (1) {
	155	c = (b0 & 0xfc) >> 2;
	156	if (notleading \|\| c != 0) {
	157	*dst++ = b64table[c];
	158	notleading = 1;
	159	}
	160	c = ((b0 & 3) << 4) \| ((b1 & 0xf0) >> 4);
	161	if (notleading \|\| c != 0) {
	162	*dst++ = b64table[c];
	163	notleading = 1;
	164	}
	165	c = ((b1 & 0xf) << 2) \| ((b2 & 0xc0) >> 6);
	166	if (notleading \|\| c != 0) {
	167	*dst++ = b64table[c];
	168	notleading = 1;
	169	}
	170	c = b2 & 0x3f;
	171	if (notleading \|\| c != 0) {
	172	*dst++ = b64table[c];
	173	notleading = 1;
	174	}
	175	if (pos >= size)
	176	break;
	177	else {
	178	b0 = src[pos++];
	179	b1 = src[pos++];
	180	b2 = src[pos++];
	181	}
	182	}
	183
	184	*dst++ = '\0';
	185	return olddst;
	186	}
edc032b5 BL	187
edc032b5 BL	188	static void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
0f113f3e MC	189	{
	190	if (user_pwd == NULL)
	191	return;
	192	BN_free(user_pwd->s);
	193	BN_clear_free(user_pwd->v);
	194	OPENSSL_free(user_pwd->id);
	195	OPENSSL_free(user_pwd->info);
	196	OPENSSL_free(user_pwd);
	197	}
edc032b5	198
71fa4513	199	static SRP_user_pwd *SRP_user_pwd_new(void)
0f113f3e MC	200	{
	201	SRP_user_pwd *ret = OPENSSL_malloc(sizeof(SRP_user_pwd));
	202	if (ret == NULL)
	203	return NULL;
	204	ret->N = NULL;
	205	ret->g = NULL;
	206	ret->s = NULL;
	207	ret->v = NULL;
	208	ret->id = NULL;
	209	ret->info = NULL;
	210	return ret;
	211	}
edc032b5 BL	212
edc032b5 BL	213	static void SRP_user_pwd_set_gN(SRP_user_pwd vinfo, const BIGNUM g,
0f113f3e MC	214	const BIGNUM *N)
	215	{
	216	vinfo->N = N;
	217	vinfo->g = g;
	218	}
edc032b5 BL	219
edc032b5 BL	220	static int SRP_user_pwd_set_ids(SRP_user_pwd vinfo, const char id,
0f113f3e MC	221	const char *info)
	222	{
	223	if (id != NULL && NULL == (vinfo->id = BUF_strdup(id)))
	224	return 0;
	225	return (info == NULL \|\| NULL != (vinfo->info = BUF_strdup(info)));
	226	}
edc032b5 BL	227
edc032b5 BL	228	static int SRP_user_pwd_set_sv(SRP_user_pwd vinfo, const char s,
0f113f3e MC	229	const char *v)
	230	{
	231	unsigned char tmp[MAX_LEN];
	232	int len;
	233
	234	if (strlen(s) > MAX_LEN \|\| strlen(v) > MAX_LEN)
	235	return 0;
	236	len = t_fromb64(tmp, v);
	237	if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)))
	238	return 0;
	239	len = t_fromb64(tmp, s);
	240	return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
	241	}
edc032b5	242
71fa4513	243	static int SRP_user_pwd_set_sv_BN(SRP_user_pwd vinfo, BIGNUM s, BIGNUM *v)
0f113f3e MC	244	{
	245	vinfo->v = v;
	246	vinfo->s = s;
	247	return (vinfo->s != NULL && vinfo->v != NULL);
	248	}
edc032b5 BL	249
edc032b5 BL	250	SRP_VBASE SRP_VBASE_new(char seed_key)
0f113f3e MC	251	{
	252	SRP_VBASE vb = (SRP_VBASE )OPENSSL_malloc(sizeof(SRP_VBASE));
	253
	254	if (vb == NULL)
	255	return NULL;
	256	if (!(vb->users_pwd = sk_SRP_user_pwd_new_null()) \|\|
	257	!(vb->gN_cache = sk_SRP_gN_cache_new_null())) {
	258	OPENSSL_free(vb);
	259	return NULL;
	260	}
	261	vb->default_g = NULL;
	262	vb->default_N = NULL;
	263	vb->seed_key = NULL;
	264	if ((seed_key != NULL) && (vb->seed_key = BUF_strdup(seed_key)) == NULL) {
	265	sk_SRP_user_pwd_free(vb->users_pwd);
	266	sk_SRP_gN_cache_free(vb->gN_cache);
	267	OPENSSL_free(vb);
	268	return NULL;
	269	}
	270	return vb;
	271	}
edc032b5 BL	272
edc032b5 BL	273	int SRP_VBASE_free(SRP_VBASE *vb)
0f113f3e MC	274	{
	275	sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free);
	276	sk_SRP_gN_cache_free(vb->gN_cache);
	277	OPENSSL_free(vb->seed_key);
	278	OPENSSL_free(vb);
	279	return 0;
	280	}
edc032b5 BL	281
edc032b5 BL	282	static SRP_gN_cache SRP_gN_new_init(const char ch)
0f113f3e MC	283	{
	284	unsigned char tmp[MAX_LEN];
	285	int len;
edc032b5	286
0f113f3e MC	287	SRP_gN_cache *newgN =
	288	(SRP_gN_cache *)OPENSSL_malloc(sizeof(SRP_gN_cache));
	289	if (newgN == NULL)
	290	return NULL;
edc032b5	291
0f113f3e MC	292	if ((newgN->b64_bn = BUF_strdup(ch)) == NULL)
0f113f3e MC	293	goto err;
edc032b5	294
0f113f3e MC	295	len = t_fromb64(tmp, ch);
	296	if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
	297	return newgN;
edc032b5	298
0f113f3e MC	299	OPENSSL_free(newgN->b64_bn);
	300	err:
	301	OPENSSL_free(newgN);
	302	return NULL;
	303	}
edc032b5 BL	304
edc032b5 BL	305	static void SRP_gN_free(SRP_gN_cache *gN_cache)
0f113f3e MC	306	{
	307	if (gN_cache == NULL)
	308	return;
	309	OPENSSL_free(gN_cache->b64_bn);
	310	BN_free(gN_cache->bn);
	311	OPENSSL_free(gN_cache);
	312	}
edc032b5 BL	313
edc032b5 BL	314	static SRP_gN SRP_get_gN_by_id(const char id, STACK_OF(SRP_gN) *gN_tab)
0f113f3e MC	315	{
	316	int i;
	317
	318	SRP_gN *gN;
	319	if (gN_tab != NULL)
	320	for (i = 0; i < sk_SRP_gN_num(gN_tab); i++) {
	321	gN = sk_SRP_gN_value(gN_tab, i);
	322	if (gN && (id == NULL \|\| strcmp(gN->id, id) == 0))
	323	return gN;
	324	}
	325
	326	return SRP_get_default_gN(id);
	327	}
edc032b5 BL	328
edc032b5 BL	329	static BIGNUM SRP_gN_place_bn(STACK_OF(SRP_gN_cache) gN_cache, char *ch)
0f113f3e MC	330	{
	331	int i;
	332	if (gN_cache == NULL)
	333	return NULL;
	334
	335	/* search if we have already one... */
	336	for (i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) {
	337	SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i);
	338	if (strcmp(cache->b64_bn, ch) == 0)
	339	return cache->bn;
	340	}
	341	{ /* it is the first time that we find it */
	342	SRP_gN_cache *newgN = SRP_gN_new_init(ch);
	343	if (newgN) {
	344	if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0)
	345	return newgN->bn;
	346	SRP_gN_free(newgN);
	347	}
	348	}
	349	return NULL;
	350	}
	351
	352	/*
	353	* this function parses verifier file. Format is:
edc032b5 BL	354	* string(index):base64(N):base64(g):0
	355	* string(username):base64(v):base64(salt):int(index)
	356	*/
	357
edc032b5	358	int SRP_VBASE_init(SRP_VBASE vb, char verifier_file)
0f113f3e MC	359	{
	360	int error_code;
	361	STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null();
	362	char *last_index = NULL;
	363	int i;
	364	char **pp;
	365
	366	SRP_gN *gN = NULL;
	367	SRP_user_pwd *user_pwd = NULL;
	368
	369	TXT_DB *tmpdb = NULL;
	370	BIO *in = BIO_new(BIO_s_file());
	371
	372	error_code = SRP_ERR_OPEN_FILE;
	373
	374	if (in == NULL \|\| BIO_read_filename(in, verifier_file) <= 0)
	375	goto err;
	376
	377	error_code = SRP_ERR_VBASE_INCOMPLETE_FILE;
	378
	379	if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
	380	goto err;
	381
	382	error_code = SRP_ERR_MEMORY;
	383
	384	if (vb->seed_key) {
	385	last_index = SRP_get_default_gN(NULL)->id;
	386	}
	387	for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) {
	388	pp = sk_OPENSSL_PSTRING_value(tmpdb->data, i);
	389	if (pp[DB_srptype][0] == DB_SRP_INDEX) {
	390	/*
	391	* we add this couple in the internal Stack
	392	*/
	393
	394	if ((gN = (SRP_gN *) OPENSSL_malloc(sizeof(SRP_gN))) == NULL)
	395	goto err;
	396
	397	if (!(gN->id = BUF_strdup(pp[DB_srpid]))
	398	\|\| !(gN->N =
	399	SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
	400	\|\| !(gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
	401	\|\| sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0)
	402	goto err;
	403
	404	gN = NULL;
	405
	406	if (vb->seed_key != NULL) {
	407	last_index = pp[DB_srpid];
	408	}
	409	} else if (pp[DB_srptype][0] == DB_SRP_VALID) {
	410	/* it is a user .... */
	411	const SRP_gN *lgN;
	412
	413	if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) {
	414	error_code = SRP_ERR_MEMORY;
	415	if ((user_pwd = SRP_user_pwd_new()) == NULL)
	416	goto err;
	417
	418	SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
	419	if (!SRP_user_pwd_set_ids
	420	(user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
	421	goto err;
	422
423	error_code = SRP_ERR_VBASE_BN_LIB;
424	if (!SRP_user_pwd_set_sv
425	(user_pwd, pp[DB_srpsalt], pp[DB_srpverifier]))
426	goto err;
427
428	if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
429	goto err;
430	user_pwd = NULL; /* abandon responsability */
431	}
432	}
433	}
434
435	if (last_index != NULL) {
436	/* this means that we want to simulate a default user */
437
438	if (((gN = SRP_get_gN_by_id(last_index, SRP_gN_tab)) == NULL)) {
439	error_code = SRP_ERR_VBASE_BN_LIB;
440	goto err;
441	}
442	vb->default_g = gN->g;
443	vb->default_N = gN->N;
444	gN = NULL;
445	}
446	error_code = SRP_NO_ERROR;
edc032b5 BL	447
edc032b5 BL	448	err:
0f113f3e MC	449	/*
	450	* there may be still some leaks to fix, if this fails, the application
	451	* terminates most likely
	452	*/
edc032b5	453
0f113f3e MC	454	if (gN != NULL) {
	455	OPENSSL_free(gN->id);
	456	OPENSSL_free(gN);
	457	}
edc032b5	458
0f113f3e	459	SRP_user_pwd_free(user_pwd);
edc032b5	460
0f113f3e MC	461	if (tmpdb)
	462	TXT_DB_free(tmpdb);
	463	if (in)
	464	BIO_free_all(in);
edc032b5	465
0f113f3e	466	sk_SRP_gN_free(SRP_gN_tab);
edc032b5	467
0f113f3e	468	return error_code;
edc032b5	469
0f113f3e	470	}
edc032b5 BL	471
edc032b5 BL	472	SRP_user_pwd SRP_VBASE_get_by_user(SRP_VBASE vb, char *username)
0f113f3e MC	473	{
	474	int i;
	475	SRP_user_pwd *user;
	476	unsigned char digv[SHA_DIGEST_LENGTH];
	477	unsigned char digs[SHA_DIGEST_LENGTH];
	478	EVP_MD_CTX ctxt;
	479
	480	if (vb == NULL)
	481	return NULL;
	482	for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
	483	user = sk_SRP_user_pwd_value(vb->users_pwd, i);
	484	if (strcmp(user->id, username) == 0)
	485	return user;
	486	}
	487	if ((vb->seed_key == NULL) \|\|
	488	(vb->default_g == NULL) \|\| (vb->default_N == NULL))
	489	return NULL;
edc032b5 BL	490
	491	/* if the user is unknown we set parameters as well if we have a seed_key */
	492
0f113f3e MC	493	if ((user = SRP_user_pwd_new()) == NULL)
	494	return NULL;
	495
	496	SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);
edc032b5	497
0f113f3e MC	498	if (!SRP_user_pwd_set_ids(user, username, NULL))
	499	goto err;
	500
	501	RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH);
	502	EVP_MD_CTX_init(&ctxt);
	503	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
	504	EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key));
	505	EVP_DigestUpdate(&ctxt, username, strlen(username));
	506	EVP_DigestFinal_ex(&ctxt, digs, NULL);
	507	EVP_MD_CTX_cleanup(&ctxt);
	508	if (SRP_user_pwd_set_sv_BN
	509	(user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
	510	BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
	511	return user;
	512
	513	err:SRP_user_pwd_free(user);
	514	return NULL;
	515	}
edc032b5 BL	516
edc032b5 BL	517	/*
0f113f3e MC	518	* create a verifier (salt,verifier,g and N are in base64)
0f113f3e MC	519	*/
edc032b5	520	char SRP_create_verifier(const char user, const char pass, char *salt,
0f113f3e MC	521	char *verifier, const char N, const char *g)
	522	{
	523	int len;
	524	char *result = NULL;
	525	char *vf;
	526	BIGNUM N_bn = NULL, g_bn = NULL, s = NULL, v = NULL;
	527	unsigned char tmp[MAX_LEN];
	528	unsigned char tmp2[MAX_LEN];
	529	char *defgNid = NULL;
	530
	531	if ((user == NULL) \|\|
	532	(pass == NULL) \|\| (salt == NULL) \|\| (verifier == NULL))
	533	goto err;
	534
	535	if (N) {
	536	if (!(len = t_fromb64(tmp, N)))
	537	goto err;
	538	N_bn = BN_bin2bn(tmp, len, NULL);
	539	if (!(len = t_fromb64(tmp, g)))
	540	goto err;
	541	g_bn = BN_bin2bn(tmp, len, NULL);
	542	defgNid = "*";
	543	} else {
	544	SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
	545	if (gN == NULL)
	546	goto err;
	547	N_bn = gN->N;
	548	g_bn = gN->g;
	549	defgNid = gN->id;
	550	}
	551
	552	if (*salt == NULL) {
	553	RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);
	554
	555	s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
	556	} else {
	557	if (!(len = t_fromb64(tmp2, *salt)))
	558	goto err;
	559	s = BN_bin2bn(tmp2, len, NULL);
	560	}
	561
	562	if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
	563	goto err;
	564
	565	BN_bn2bin(v, tmp);
	566	if (((vf = OPENSSL_malloc(BN_num_bytes(v) * 2)) == NULL))
	567	goto err;
	568	t_tob64(vf, tmp, BN_num_bytes(v));
	569
	570	*verifier = vf;
	571	if (*salt == NULL) {
	572	char *tmp_salt;
	573
	574	if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
	575	OPENSSL_free(vf);
	576	goto err;
	577	}
	578	t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
	579	*salt = tmp_salt;
	580	}
	581
	582	result = defgNid;
	583
	584	err:
585	if (N) {
586	BN_free(N_bn);
587	BN_free(g_bn);
588	}
589	return result;
590	}
edc032b5 BL	591
edc032b5 BL	592	/*
0f113f3e MC	593	* create a verifier (salt,verifier,g and N are BIGNUMs)
0f113f3e MC	594	*/
8892ce77	595	int SRP_create_verifier_BN(const char user, const char pass, BIGNUM **salt,
0f113f3e MC	596	BIGNUM *verifier, const BIGNUM N,
	597	const BIGNUM *g)
	598	{
	599	int result = 0;
	600	BIGNUM *x = NULL;
	601	BN_CTX *bn_ctx = BN_CTX_new();
	602	unsigned char tmp2[MAX_LEN];
edc032b5	603
0f113f3e MC	604	if ((user == NULL) \|\|
	605	(pass == NULL) \|\|
	606	(salt == NULL) \|\|
	607	(verifier == NULL) \|\| (N == NULL) \|\| (g == NULL) \|\| (bn_ctx == NULL))
	608	goto err;
edc032b5	609
0f113f3e MC	610	srp_bn_print(N);
0f113f3e MC	611	srp_bn_print(g);
edc032b5	612
0f113f3e MC	613	if (*salt == NULL) {
0f113f3e MC	614	RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);
edc032b5	615
0f113f3e MC	616	*salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
0f113f3e MC	617	}
edc032b5	618
0f113f3e	619	x = SRP_Calc_x(*salt, user, pass);
edc032b5	620
0f113f3e MC	621	*verifier = BN_new();
	622	if (*verifier == NULL)
	623	goto err;
edc032b5	624
0f113f3e MC	625	if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) {
	626	BN_clear_free(*verifier);
	627	goto err;
	628	}
edc032b5	629
0f113f3e	630	srp_bn_print(*verifier);
edc032b5	631
0f113f3e	632	result = 1;
edc032b5	633
0f113f3e	634	err:
edc032b5	635
0f113f3e MC	636	BN_clear_free(x);
	637	BN_CTX_free(bn_ctx);
	638	return result;
	639	}
edc032b5 BL	640
edc032b5 BL	641	#endif