]>
Commit | Line | Data |
---|---|---|
440e5d80 | 1 | /* |
ad887416 | 2 | * Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved. |
440e5d80 RS |
3 | * |
4 | * Licensed under the OpenSSL license (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
edc032b5 | 10 | #include <openssl/opensslconf.h> |
b6e32506 | 11 | # include "testutil.h" |
edc032b5 | 12 | |
b6e32506 | 13 | #ifdef OPENSSL_NO_SRP |
0f113f3e | 14 | # include <stdio.h> |
edc032b5 BL |
15 | #else |
16 | ||
0f113f3e MC |
17 | # include <openssl/srp.h> |
18 | # include <openssl/rand.h> | |
19 | # include <openssl/err.h> | |
edc032b5 | 20 | |
0f113f3e MC |
21 | # define RANDOM_SIZE 32 /* use 256 bits on each side */ |
22 | ||
23 | static int run_srp(const char *username, const char *client_pass, | |
24 | const char *server_pass) | |
25 | { | |
b66411f6 | 26 | int ret = 0; |
0f113f3e MC |
27 | BIGNUM *s = NULL; |
28 | BIGNUM *v = NULL; | |
29 | BIGNUM *a = NULL; | |
30 | BIGNUM *b = NULL; | |
31 | BIGNUM *u = NULL; | |
32 | BIGNUM *x = NULL; | |
33 | BIGNUM *Apub = NULL; | |
34 | BIGNUM *Bpub = NULL; | |
35 | BIGNUM *Kclient = NULL; | |
36 | BIGNUM *Kserver = NULL; | |
37 | unsigned char rand_tmp[RANDOM_SIZE]; | |
38 | /* use builtin 1024-bit params */ | |
b66411f6 | 39 | const SRP_gN *GN; |
bd91e3c8 | 40 | |
b66411f6 RS |
41 | if (!TEST_ptr(GN = SRP_get_default_gN("1024"))) |
42 | return 0; | |
0f113f3e | 43 | |
0f113f3e | 44 | /* Set up server's password entry */ |
b66411f6 RS |
45 | if (!TEST_true(SRP_create_verifier_BN(username, server_pass, |
46 | &s, &v, GN->N, GN->g))) | |
47 | goto end; | |
0f113f3e | 48 | |
37916462 P |
49 | test_output_bignum("N", GN->N); |
50 | test_output_bignum("g", GN->g); | |
51 | test_output_bignum("Salt", s); | |
52 | test_output_bignum("Verifier", v); | |
0f113f3e MC |
53 | |
54 | /* Server random */ | |
266483d2 | 55 | RAND_bytes(rand_tmp, sizeof(rand_tmp)); |
0f113f3e | 56 | b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); |
dc352c19 | 57 | if (!TEST_BN_ne_zero(b)) |
b66411f6 | 58 | goto end; |
37916462 | 59 | test_output_bignum("b", b); |
0f113f3e MC |
60 | |
61 | /* Server's first message */ | |
62 | Bpub = SRP_Calc_B(b, GN->N, GN->g, v); | |
37916462 | 63 | test_output_bignum("B", Bpub); |
0f113f3e | 64 | |
b66411f6 RS |
65 | if (!TEST_true(SRP_Verify_B_mod_N(Bpub, GN->N))) |
66 | goto end; | |
0f113f3e MC |
67 | |
68 | /* Client random */ | |
266483d2 | 69 | RAND_bytes(rand_tmp, sizeof(rand_tmp)); |
0f113f3e | 70 | a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); |
dc352c19 | 71 | if (!TEST_BN_ne_zero(a)) |
b66411f6 | 72 | goto end; |
37916462 | 73 | test_output_bignum("a", a); |
0f113f3e MC |
74 | |
75 | /* Client's response */ | |
76 | Apub = SRP_Calc_A(a, GN->N, GN->g); | |
37916462 | 77 | test_output_bignum("A", Apub); |
0f113f3e | 78 | |
b66411f6 RS |
79 | if (!TEST_true(SRP_Verify_A_mod_N(Apub, GN->N))) |
80 | goto end; | |
0f113f3e MC |
81 | |
82 | /* Both sides calculate u */ | |
83 | u = SRP_Calc_u(Apub, Bpub, GN->N); | |
84 | ||
85 | /* Client's key */ | |
86 | x = SRP_Calc_x(s, username, client_pass); | |
87 | Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); | |
37916462 | 88 | test_output_bignum("Client's key", Kclient); |
0f113f3e MC |
89 | |
90 | /* Server's key */ | |
91 | Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); | |
37916462 | 92 | test_output_bignum("Server's key", Kserver); |
0f113f3e | 93 | |
dc352c19 | 94 | if (!TEST_BN_eq(Kclient, Kserver)) |
b66411f6 RS |
95 | goto end; |
96 | ||
97 | ret = 1; | |
0f113f3e | 98 | |
b66411f6 | 99 | end: |
0f113f3e MC |
100 | BN_clear_free(Kclient); |
101 | BN_clear_free(Kserver); | |
102 | BN_clear_free(x); | |
103 | BN_free(u); | |
104 | BN_free(Apub); | |
105 | BN_clear_free(a); | |
106 | BN_free(Bpub); | |
107 | BN_clear_free(b); | |
108 | BN_free(s); | |
109 | BN_clear_free(v); | |
110 | ||
111 | return ret; | |
112 | } | |
edc032b5 | 113 | |
198d8059 DSH |
114 | static int check_bn(const char *name, const BIGNUM *bn, const char *hexbn) |
115 | { | |
116 | BIGNUM *tmp = NULL; | |
dc352c19 | 117 | int r; |
b66411f6 RS |
118 | |
119 | if (!TEST_true(BN_hex2bn(&tmp, hexbn))) | |
198d8059 | 120 | return 0; |
b66411f6 | 121 | |
dc352c19 P |
122 | if (BN_cmp(bn, tmp) != 0) |
123 | TEST_error("unexpected %s value", name); | |
124 | r = TEST_BN_eq(bn, tmp); | |
198d8059 | 125 | BN_free(tmp); |
dc352c19 | 126 | return r; |
198d8059 DSH |
127 | } |
128 | ||
129 | /* SRP test vectors from RFC5054 */ | |
130 | static int run_srp_kat(void) | |
131 | { | |
132 | int ret = 0; | |
133 | BIGNUM *s = NULL; | |
134 | BIGNUM *v = NULL; | |
135 | BIGNUM *a = NULL; | |
136 | BIGNUM *b = NULL; | |
137 | BIGNUM *u = NULL; | |
138 | BIGNUM *x = NULL; | |
139 | BIGNUM *Apub = NULL; | |
140 | BIGNUM *Bpub = NULL; | |
141 | BIGNUM *Kclient = NULL; | |
142 | BIGNUM *Kserver = NULL; | |
143 | /* use builtin 1024-bit params */ | |
b66411f6 | 144 | const SRP_gN *GN; |
bd91e3c8 | 145 | |
b66411f6 | 146 | if (!TEST_ptr(GN = SRP_get_default_gN("1024"))) |
198d8059 | 147 | goto err; |
198d8059 DSH |
148 | BN_hex2bn(&s, "BEB25379D1A8581EB5A727673A2441EE"); |
149 | /* Set up server's password entry */ | |
b66411f6 | 150 | if (!TEST_true(SRP_create_verifier_BN("alice", "password123", &s, &v, GN->N, |
37916462 | 151 | GN->g))) |
198d8059 | 152 | goto err; |
198d8059 | 153 | |
37916462 | 154 | TEST_info("checking v"); |
b66411f6 | 155 | if (!TEST_true(check_bn("v", v, |
198d8059 DSH |
156 | "7E273DE8696FFC4F4E337D05B4B375BEB0DDE1569E8FA00A9886D812" |
157 | "9BADA1F1822223CA1A605B530E379BA4729FDC59F105B4787E5186F5" | |
158 | "C671085A1447B52A48CF1970B4FB6F8400BBF4CEBFBB168152E08AB5" | |
159 | "EA53D15C1AFF87B2B9DA6E04E058AD51CC72BFC9033B564E26480D78" | |
b66411f6 | 160 | "E955A5E29E7AB245DB2BE315E2099AFB"))) |
198d8059 | 161 | goto err; |
37916462 | 162 | TEST_note(" okay"); |
198d8059 DSH |
163 | |
164 | /* Server random */ | |
165 | BN_hex2bn(&b, "E487CB59D31AC550471E81F00F6928E01DDA08E974A004F49E61F5D1" | |
166 | "05284D20"); | |
167 | ||
168 | /* Server's first message */ | |
169 | Bpub = SRP_Calc_B(b, GN->N, GN->g, v); | |
b66411f6 | 170 | if (!TEST_true(SRP_Verify_B_mod_N(Bpub, GN->N))) |
198d8059 | 171 | goto err; |
198d8059 | 172 | |
37916462 | 173 | TEST_info("checking B"); |
b66411f6 | 174 | if (!TEST_true(check_bn("B", Bpub, |
198d8059 DSH |
175 | "BD0C61512C692C0CB6D041FA01BB152D4916A1E77AF46AE105393011" |
176 | "BAF38964DC46A0670DD125B95A981652236F99D9B681CBF87837EC99" | |
177 | "6C6DA04453728610D0C6DDB58B318885D7D82C7F8DEB75CE7BD4FBAA" | |
178 | "37089E6F9C6059F388838E7A00030B331EB76840910440B1B27AAEAE" | |
b66411f6 | 179 | "EB4012B7D7665238A8E3FB004B117B58"))) |
198d8059 | 180 | goto err; |
37916462 | 181 | TEST_note(" okay"); |
198d8059 DSH |
182 | |
183 | /* Client random */ | |
184 | BN_hex2bn(&a, "60975527035CF2AD1989806F0407210BC81EDC04E2762A56AFD529DD" | |
185 | "DA2D4393"); | |
186 | ||
187 | /* Client's response */ | |
188 | Apub = SRP_Calc_A(a, GN->N, GN->g); | |
b66411f6 RS |
189 | if (!TEST_true(SRP_Verify_A_mod_N(Apub, GN->N))) |
190 | goto err; | |
198d8059 | 191 | |
37916462 | 192 | TEST_info("checking A"); |
b66411f6 | 193 | if (!TEST_true(check_bn("A", Apub, |
198d8059 DSH |
194 | "61D5E490F6F1B79547B0704C436F523DD0E560F0C64115BB72557EC4" |
195 | "4352E8903211C04692272D8B2D1A5358A2CF1B6E0BFCF99F921530EC" | |
196 | "8E39356179EAE45E42BA92AEACED825171E1E8B9AF6D9C03E1327F44" | |
197 | "BE087EF06530E69F66615261EEF54073CA11CF5858F0EDFDFE15EFEA" | |
b66411f6 | 198 | "B349EF5D76988A3672FAC47B0769447B"))) |
198d8059 | 199 | goto err; |
37916462 | 200 | TEST_note(" okay"); |
198d8059 DSH |
201 | |
202 | /* Both sides calculate u */ | |
203 | u = SRP_Calc_u(Apub, Bpub, GN->N); | |
204 | ||
b66411f6 RS |
205 | if (!TEST_true(check_bn("u", u, |
206 | "CE38B9593487DA98554ED47D70A7AE5F462EF019"))) | |
198d8059 DSH |
207 | goto err; |
208 | ||
209 | /* Client's key */ | |
210 | x = SRP_Calc_x(s, "alice", "password123"); | |
211 | Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); | |
37916462 | 212 | TEST_info("checking client's key"); |
b66411f6 | 213 | if (!TEST_true(check_bn("Client's key", Kclient, |
198d8059 DSH |
214 | "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" |
215 | "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" | |
216 | "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" | |
217 | "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" | |
b66411f6 | 218 | "C346D7E474B29EDE8A469FFECA686E5A"))) |
198d8059 | 219 | goto err; |
37916462 | 220 | TEST_note(" okay"); |
b66411f6 | 221 | |
198d8059 DSH |
222 | /* Server's key */ |
223 | Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); | |
37916462 | 224 | TEST_info("checking server's key"); |
b66411f6 | 225 | if (!TEST_true(check_bn("Server's key", Kserver, |
198d8059 DSH |
226 | "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" |
227 | "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" | |
228 | "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" | |
229 | "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" | |
b66411f6 | 230 | "C346D7E474B29EDE8A469FFECA686E5A"))) |
198d8059 | 231 | goto err; |
37916462 | 232 | TEST_note(" okay"); |
198d8059 DSH |
233 | |
234 | ret = 1; | |
235 | ||
b66411f6 | 236 | err: |
198d8059 DSH |
237 | BN_clear_free(Kclient); |
238 | BN_clear_free(Kserver); | |
239 | BN_clear_free(x); | |
240 | BN_free(u); | |
241 | BN_free(Apub); | |
242 | BN_clear_free(a); | |
243 | BN_free(Bpub); | |
244 | BN_clear_free(b); | |
245 | BN_free(s); | |
246 | BN_clear_free(v); | |
247 | ||
248 | return ret; | |
249 | } | |
250 | ||
b66411f6 | 251 | static int run_srp_tests(void) |
0f113f3e | 252 | { |
0f113f3e | 253 | /* "Negative" test, expect a mismatch */ |
37916462 | 254 | TEST_info("run_srp: expecting a mismatch"); |
b66411f6 RS |
255 | if (!TEST_false(run_srp("alice", "password1", "password2"))) |
256 | return 0; | |
0f113f3e MC |
257 | |
258 | /* "Positive" test, should pass */ | |
37916462 | 259 | TEST_info("run_srp: expecting a match"); |
b66411f6 RS |
260 | if (!TEST_true(run_srp("alice", "password", "password"))) |
261 | return 0; | |
198d8059 | 262 | |
b66411f6 RS |
263 | return 1; |
264 | } | |
b6e32506 | 265 | #endif |
0f113f3e | 266 | |
ad887416 | 267 | int setup_tests(void) |
b66411f6 | 268 | { |
b6e32506 RS |
269 | #ifdef OPENSSL_NO_SRP |
270 | printf("No SRP support\n"); | |
271 | #else | |
b66411f6 RS |
272 | ADD_TEST(run_srp_tests); |
273 | ADD_TEST(run_srp_kat); | |
edc032b5 | 274 | #endif |
ad887416 | 275 | return 1; |
b6e32506 | 276 | } |