]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
3b855b1f TH |
2 | * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | * Copyright (c) 2004, EdelKey Project. All Rights Reserved. | |
edc032b5 | 4 | * |
aa6bb135 RS |
5 | * Licensed under the OpenSSL license (the "License"). You may not use |
6 | * this file except in compliance with the License. You can obtain a copy | |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
3b855b1f TH |
9 | * |
10 | * Originally written by Christophe Renou and Peter Sylvester, | |
11 | * for the EdelKey project. | |
edc032b5 | 12 | */ |
aa6bb135 | 13 | |
edc032b5 | 14 | #ifndef OPENSSL_NO_SRP |
b39fc560 | 15 | # include "internal/cryptlib.h" |
c0804614 | 16 | # include "internal/evp_int.h" |
dfb56425 | 17 | # include <openssl/sha.h> |
0f113f3e MC |
18 | # include <openssl/srp.h> |
19 | # include <openssl/evp.h> | |
20 | # include <openssl/buffer.h> | |
21 | # include <openssl/rand.h> | |
22 | # include <openssl/txt_db.h> | |
cdb10bae | 23 | # include <openssl/err.h> |
edc032b5 | 24 | |
0f113f3e MC |
25 | # define SRP_RANDOM_SALT_LEN 20 |
26 | # define MAX_LEN 2500 | |
edc032b5 | 27 | |
3fd59700 MC |
28 | /* |
29 | * Note that SRP uses its own variant of base 64 encoding. A different base64 | |
30 | * alphabet is used and no padding '=' characters are added. Instead we pad to | |
31 | * the front with 0 bytes and subsequently strip off leading encoded padding. | |
32 | * This variant is used for compatibility with other SRP implementations - | |
33 | * notably libsrp, but also others. It is also required for backwards | |
34 | * compatibility in order to load verifier files from other OpenSSL versions. | |
35 | */ | |
36 | ||
edc032b5 BL |
37 | /* |
38 | * Convert a base64 string into raw byte array representation. | |
c0804614 | 39 | * Returns the length of the decoded data, or -1 on error. |
edc032b5 | 40 | */ |
73f0df83 | 41 | static int t_fromb64(unsigned char *a, size_t alen, const char *src) |
0f113f3e | 42 | { |
c0804614 MC |
43 | EVP_ENCODE_CTX *ctx; |
44 | int outl = 0, outl2 = 0; | |
3fd59700 MC |
45 | size_t size, padsize; |
46 | const unsigned char *pad = (const unsigned char *)"00"; | |
ecca1663 | 47 | |
3fd59700 MC |
48 | while (*src == ' ' || *src == '\t' || *src == '\n') |
49 | ++src; | |
50 | size = strlen(src); | |
51 | padsize = 4 - (size & 3); | |
52 | padsize &= 3; | |
53 | ||
54 | /* Four bytes in src become three bytes output. */ | |
55 | if (size > INT_MAX || ((size + padsize) / 4) * 3 > alen) | |
73f0df83 MC |
56 | return -1; |
57 | ||
c0804614 MC |
58 | ctx = EVP_ENCODE_CTX_new(); |
59 | if (ctx == NULL) | |
60 | return -1; | |
61 | ||
3fd59700 MC |
62 | /* |
63 | * This should never occur because 1 byte of data always requires 2 bytes of | |
64 | * encoding, i.e. | |
65 | * 0 bytes unencoded = 0 bytes encoded | |
66 | * 1 byte unencoded = 2 bytes encoded | |
67 | * 2 bytes unencoded = 3 bytes encoded | |
68 | * 3 bytes unencoded = 4 bytes encoded | |
69 | * 4 bytes unencoded = 6 bytes encoded | |
70 | * etc | |
71 | */ | |
9f2a3bb1 MC |
72 | if (padsize == 3) { |
73 | outl = -1; | |
74 | goto err; | |
75 | } | |
3fd59700 MC |
76 | |
77 | /* Valid padsize values are now 0, 1 or 2 */ | |
78 | ||
c0804614 | 79 | EVP_DecodeInit(ctx); |
3fd59700 MC |
80 | evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_USE_SRP_ALPHABET); |
81 | ||
82 | /* Add any encoded padding that is required */ | |
83 | if (padsize != 0 | |
84 | && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) { | |
9f2a3bb1 MC |
85 | outl = -1; |
86 | goto err; | |
3fd59700 MC |
87 | } |
88 | if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) { | |
9f2a3bb1 MC |
89 | outl = -1; |
90 | goto err; | |
c0804614 | 91 | } |
3fd59700 | 92 | outl += outl2; |
c0804614 | 93 | EVP_DecodeFinal(ctx, a + outl, &outl2); |
3fd59700 MC |
94 | outl += outl2; |
95 | ||
96 | /* Strip off the leading padding */ | |
97 | if (padsize != 0) { | |
9f2a3bb1 MC |
98 | if ((int)padsize >= outl) { |
99 | outl = -1; | |
100 | goto err; | |
101 | } | |
102 | ||
3fd59700 MC |
103 | /* |
104 | * If we added 1 byte of padding prior to encoding then we have 2 bytes | |
105 | * of "real" data which gets spread across 4 encoded bytes like this: | |
106 | * (6 bits pad)(2 bits pad | 4 bits data)(6 bits data)(6 bits data) | |
107 | * So 1 byte of pre-encoding padding results in 1 full byte of encoded | |
108 | * padding. | |
109 | * If we added 2 bytes of padding prior to encoding this gets encoded | |
110 | * as: | |
111 | * (6 bits pad)(6 bits pad)(4 bits pad | 2 bits data)(6 bits data) | |
112 | * So 2 bytes of pre-encoding padding results in 2 full bytes of encoded | |
113 | * padding, i.e. we have to strip the same number of bytes of padding | |
114 | * from the encoded data as we added to the pre-encoded data. | |
115 | */ | |
116 | memmove(a, a + padsize, outl - padsize); | |
117 | outl -= padsize; | |
118 | } | |
c0804614 | 119 | |
9f2a3bb1 | 120 | err: |
c0804614 | 121 | EVP_ENCODE_CTX_free(ctx); |
3fd59700 MC |
122 | |
123 | return outl; | |
0f113f3e | 124 | } |
edc032b5 BL |
125 | |
126 | /* | |
127 | * Convert a raw byte string into a null-terminated base64 ASCII string. | |
c0804614 | 128 | * Returns 1 on success or 0 on error. |
edc032b5 | 129 | */ |
c0804614 | 130 | static int t_tob64(char *dst, const unsigned char *src, int size) |
0f113f3e | 131 | { |
c0804614 MC |
132 | EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); |
133 | int outl = 0, outl2 = 0; | |
3fd59700 MC |
134 | unsigned char pad[2] = {0, 0}; |
135 | size_t leadz = 0; | |
c0804614 MC |
136 | |
137 | if (ctx == NULL) | |
138 | return 0; | |
139 | ||
140 | EVP_EncodeInit(ctx); | |
3fd59700 MC |
141 | evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES |
142 | | EVP_ENCODE_CTX_USE_SRP_ALPHABET); | |
143 | ||
144 | /* | |
145 | * We pad at the front with zero bytes until the length is a multiple of 3 | |
146 | * so that EVP_EncodeUpdate/EVP_EncodeFinal does not add any of its own "=" | |
147 | * padding | |
148 | */ | |
149 | leadz = 3 - (size % 3); | |
150 | if (leadz != 3 | |
151 | && !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad, | |
152 | leadz)) { | |
153 | EVP_ENCODE_CTX_free(ctx); | |
154 | return 0; | |
155 | } | |
c0804614 | 156 | |
3fd59700 MC |
157 | if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst + outl, &outl2, src, |
158 | size)) { | |
c0804614 MC |
159 | EVP_ENCODE_CTX_free(ctx); |
160 | return 0; | |
161 | } | |
3fd59700 | 162 | outl += outl2; |
c0804614 | 163 | EVP_EncodeFinal(ctx, (unsigned char *)dst + outl, &outl2); |
3fd59700 MC |
164 | outl += outl2; |
165 | ||
166 | /* Strip the encoded padding at the front */ | |
167 | if (leadz != 3) { | |
168 | memmove(dst, dst + leadz, outl - leadz); | |
169 | dst[outl - leadz] = '\0'; | |
170 | } | |
c0804614 MC |
171 | |
172 | EVP_ENCODE_CTX_free(ctx); | |
173 | return 1; | |
0f113f3e | 174 | } |
edc032b5 | 175 | |
380f18ed | 176 | void SRP_user_pwd_free(SRP_user_pwd *user_pwd) |
0f113f3e MC |
177 | { |
178 | if (user_pwd == NULL) | |
179 | return; | |
180 | BN_free(user_pwd->s); | |
181 | BN_clear_free(user_pwd->v); | |
182 | OPENSSL_free(user_pwd->id); | |
183 | OPENSSL_free(user_pwd->info); | |
184 | OPENSSL_free(user_pwd); | |
185 | } | |
edc032b5 | 186 | |
ebfd055b | 187 | SRP_user_pwd *SRP_user_pwd_new(void) |
0f113f3e | 188 | { |
cdb10bae RS |
189 | SRP_user_pwd *ret; |
190 | ||
191 | if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { | |
3ccfcd8a | 192 | /* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/ |
0f113f3e | 193 | return NULL; |
cdb10bae | 194 | } |
0f113f3e MC |
195 | ret->N = NULL; |
196 | ret->g = NULL; | |
197 | ret->s = NULL; | |
198 | ret->v = NULL; | |
199 | ret->id = NULL; | |
200 | ret->info = NULL; | |
201 | return ret; | |
202 | } | |
edc032b5 | 203 | |
ebfd055b AS |
204 | void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g, |
205 | const BIGNUM *N) | |
0f113f3e MC |
206 | { |
207 | vinfo->N = N; | |
208 | vinfo->g = g; | |
209 | } | |
edc032b5 | 210 | |
ebfd055b AS |
211 | int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id, |
212 | const char *info) | |
0f113f3e | 213 | { |
ebfd055b AS |
214 | OPENSSL_free(vinfo->id); |
215 | OPENSSL_free(vinfo->info); | |
7644a9ae | 216 | if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id))) |
0f113f3e | 217 | return 0; |
7644a9ae | 218 | return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info))); |
0f113f3e | 219 | } |
edc032b5 BL |
220 | |
221 | static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, | |
0f113f3e MC |
222 | const char *v) |
223 | { | |
224 | unsigned char tmp[MAX_LEN]; | |
225 | int len; | |
226 | ||
73f0df83 MC |
227 | vinfo->v = NULL; |
228 | vinfo->s = NULL; | |
229 | ||
230 | len = t_fromb64(tmp, sizeof(tmp), v); | |
231 | if (len < 0) | |
0f113f3e | 232 | return 0; |
0f113f3e MC |
233 | if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL))) |
234 | return 0; | |
73f0df83 MC |
235 | len = t_fromb64(tmp, sizeof(tmp), s); |
236 | if (len < 0) | |
237 | goto err; | |
238 | vinfo->s = BN_bin2bn(tmp, len, NULL); | |
239 | if (vinfo->s == NULL) | |
240 | goto err; | |
241 | return 1; | |
242 | err: | |
243 | BN_free(vinfo->v); | |
244 | vinfo->v = NULL; | |
245 | return 0; | |
0f113f3e | 246 | } |
edc032b5 | 247 | |
ebfd055b | 248 | int SRP_user_pwd_set0_sv(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v) |
0f113f3e | 249 | { |
ebfd055b AS |
250 | BN_free(vinfo->s); |
251 | BN_clear_free(vinfo->v); | |
0f113f3e MC |
252 | vinfo->v = v; |
253 | vinfo->s = s; | |
254 | return (vinfo->s != NULL && vinfo->v != NULL); | |
255 | } | |
edc032b5 | 256 | |
380f18ed EK |
257 | static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src) |
258 | { | |
259 | SRP_user_pwd *ret; | |
260 | ||
261 | if (src == NULL) | |
262 | return NULL; | |
263 | if ((ret = SRP_user_pwd_new()) == NULL) | |
264 | return NULL; | |
265 | ||
266 | SRP_user_pwd_set_gN(ret, src->g, src->N); | |
ebfd055b AS |
267 | if (!SRP_user_pwd_set1_ids(ret, src->id, src->info) |
268 | || !SRP_user_pwd_set0_sv(ret, BN_dup(src->s), BN_dup(src->v))) { | |
380f18ed EK |
269 | SRP_user_pwd_free(ret); |
270 | return NULL; | |
271 | } | |
272 | return ret; | |
273 | } | |
274 | ||
edc032b5 | 275 | SRP_VBASE *SRP_VBASE_new(char *seed_key) |
0f113f3e | 276 | { |
b4faea50 | 277 | SRP_VBASE *vb = OPENSSL_malloc(sizeof(*vb)); |
0f113f3e MC |
278 | |
279 | if (vb == NULL) | |
280 | return NULL; | |
75ebbd9a RS |
281 | if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL |
282 | || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) { | |
0f113f3e MC |
283 | OPENSSL_free(vb); |
284 | return NULL; | |
285 | } | |
286 | vb->default_g = NULL; | |
287 | vb->default_N = NULL; | |
288 | vb->seed_key = NULL; | |
7644a9ae | 289 | if ((seed_key != NULL) && (vb->seed_key = OPENSSL_strdup(seed_key)) == NULL) { |
0f113f3e MC |
290 | sk_SRP_user_pwd_free(vb->users_pwd); |
291 | sk_SRP_gN_cache_free(vb->gN_cache); | |
292 | OPENSSL_free(vb); | |
293 | return NULL; | |
294 | } | |
295 | return vb; | |
296 | } | |
edc032b5 | 297 | |
895cba19 | 298 | void SRP_VBASE_free(SRP_VBASE *vb) |
0f113f3e | 299 | { |
895cba19 RS |
300 | if (!vb) |
301 | return; | |
0f113f3e MC |
302 | sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free); |
303 | sk_SRP_gN_cache_free(vb->gN_cache); | |
304 | OPENSSL_free(vb->seed_key); | |
305 | OPENSSL_free(vb); | |
0f113f3e | 306 | } |
edc032b5 BL |
307 | |
308 | static SRP_gN_cache *SRP_gN_new_init(const char *ch) | |
0f113f3e MC |
309 | { |
310 | unsigned char tmp[MAX_LEN]; | |
311 | int len; | |
b4faea50 | 312 | SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(*newgN)); |
edc032b5 | 313 | |
0f113f3e MC |
314 | if (newgN == NULL) |
315 | return NULL; | |
edc032b5 | 316 | |
73f0df83 MC |
317 | len = t_fromb64(tmp, sizeof(tmp), ch); |
318 | if (len < 0) | |
319 | goto err; | |
320 | ||
7644a9ae | 321 | if ((newgN->b64_bn = OPENSSL_strdup(ch)) == NULL) |
0f113f3e | 322 | goto err; |
edc032b5 | 323 | |
0f113f3e MC |
324 | if ((newgN->bn = BN_bin2bn(tmp, len, NULL))) |
325 | return newgN; | |
edc032b5 | 326 | |
0f113f3e MC |
327 | OPENSSL_free(newgN->b64_bn); |
328 | err: | |
329 | OPENSSL_free(newgN); | |
330 | return NULL; | |
331 | } | |
edc032b5 BL |
332 | |
333 | static void SRP_gN_free(SRP_gN_cache *gN_cache) | |
0f113f3e MC |
334 | { |
335 | if (gN_cache == NULL) | |
336 | return; | |
337 | OPENSSL_free(gN_cache->b64_bn); | |
338 | BN_free(gN_cache->bn); | |
339 | OPENSSL_free(gN_cache); | |
340 | } | |
edc032b5 BL |
341 | |
342 | static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) | |
0f113f3e MC |
343 | { |
344 | int i; | |
345 | ||
346 | SRP_gN *gN; | |
495a1e5c | 347 | if (gN_tab != NULL) { |
0f113f3e MC |
348 | for (i = 0; i < sk_SRP_gN_num(gN_tab); i++) { |
349 | gN = sk_SRP_gN_value(gN_tab, i); | |
350 | if (gN && (id == NULL || strcmp(gN->id, id) == 0)) | |
351 | return gN; | |
352 | } | |
495a1e5c | 353 | } |
0f113f3e MC |
354 | |
355 | return SRP_get_default_gN(id); | |
356 | } | |
edc032b5 BL |
357 | |
358 | static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch) | |
0f113f3e MC |
359 | { |
360 | int i; | |
361 | if (gN_cache == NULL) | |
362 | return NULL; | |
363 | ||
364 | /* search if we have already one... */ | |
365 | for (i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) { | |
366 | SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i); | |
367 | if (strcmp(cache->b64_bn, ch) == 0) | |
368 | return cache->bn; | |
369 | } | |
370 | { /* it is the first time that we find it */ | |
371 | SRP_gN_cache *newgN = SRP_gN_new_init(ch); | |
372 | if (newgN) { | |
373 | if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0) | |
374 | return newgN->bn; | |
375 | SRP_gN_free(newgN); | |
376 | } | |
377 | } | |
378 | return NULL; | |
379 | } | |
380 | ||
381 | /* | |
495a1e5c AS |
382 | * This function parses the verifier file generated by the srp app. |
383 | * The format for each entry is: | |
384 | * V base64(verifier) base64(salt) username gNid userinfo(optional) | |
385 | * or | |
386 | * I base64(N) base64(g) | |
387 | * Note that base64 is the SRP variant of base64 encoding described | |
388 | * in t_fromb64(). | |
edc032b5 BL |
389 | */ |
390 | ||
edc032b5 | 391 | int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) |
0f113f3e MC |
392 | { |
393 | int error_code; | |
394 | STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null(); | |
395 | char *last_index = NULL; | |
396 | int i; | |
397 | char **pp; | |
398 | ||
399 | SRP_gN *gN = NULL; | |
400 | SRP_user_pwd *user_pwd = NULL; | |
401 | ||
402 | TXT_DB *tmpdb = NULL; | |
403 | BIO *in = BIO_new(BIO_s_file()); | |
404 | ||
405 | error_code = SRP_ERR_OPEN_FILE; | |
406 | ||
407 | if (in == NULL || BIO_read_filename(in, verifier_file) <= 0) | |
408 | goto err; | |
409 | ||
410 | error_code = SRP_ERR_VBASE_INCOMPLETE_FILE; | |
411 | ||
412 | if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL) | |
413 | goto err; | |
414 | ||
415 | error_code = SRP_ERR_MEMORY; | |
416 | ||
417 | if (vb->seed_key) { | |
418 | last_index = SRP_get_default_gN(NULL)->id; | |
419 | } | |
420 | for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) { | |
421 | pp = sk_OPENSSL_PSTRING_value(tmpdb->data, i); | |
422 | if (pp[DB_srptype][0] == DB_SRP_INDEX) { | |
423 | /* | |
424 | * we add this couple in the internal Stack | |
425 | */ | |
426 | ||
b4faea50 | 427 | if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL) |
0f113f3e MC |
428 | goto err; |
429 | ||
7644a9ae | 430 | if ((gN->id = OPENSSL_strdup(pp[DB_srpid])) == NULL |
75ebbd9a RS |
431 | || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier])) |
432 | == NULL | |
433 | || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt])) | |
434 | == NULL | |
0f113f3e MC |
435 | || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0) |
436 | goto err; | |
437 | ||
438 | gN = NULL; | |
439 | ||
440 | if (vb->seed_key != NULL) { | |
441 | last_index = pp[DB_srpid]; | |
442 | } | |
443 | } else if (pp[DB_srptype][0] == DB_SRP_VALID) { | |
444 | /* it is a user .... */ | |
445 | const SRP_gN *lgN; | |
446 | ||
447 | if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) { | |
448 | error_code = SRP_ERR_MEMORY; | |
449 | if ((user_pwd = SRP_user_pwd_new()) == NULL) | |
450 | goto err; | |
451 | ||
452 | SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N); | |
ebfd055b | 453 | if (!SRP_user_pwd_set1_ids |
0f113f3e MC |
454 | (user_pwd, pp[DB_srpid], pp[DB_srpinfo])) |
455 | goto err; | |
456 | ||
457 | error_code = SRP_ERR_VBASE_BN_LIB; | |
458 | if (!SRP_user_pwd_set_sv | |
459 | (user_pwd, pp[DB_srpsalt], pp[DB_srpverifier])) | |
460 | goto err; | |
461 | ||
462 | if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0) | |
463 | goto err; | |
8483a003 | 464 | user_pwd = NULL; /* abandon responsibility */ |
0f113f3e MC |
465 | } |
466 | } | |
467 | } | |
468 | ||
469 | if (last_index != NULL) { | |
470 | /* this means that we want to simulate a default user */ | |
471 | ||
472 | if (((gN = SRP_get_gN_by_id(last_index, SRP_gN_tab)) == NULL)) { | |
473 | error_code = SRP_ERR_VBASE_BN_LIB; | |
474 | goto err; | |
475 | } | |
476 | vb->default_g = gN->g; | |
477 | vb->default_N = gN->N; | |
478 | gN = NULL; | |
479 | } | |
480 | error_code = SRP_NO_ERROR; | |
edc032b5 BL |
481 | |
482 | err: | |
0f113f3e MC |
483 | /* |
484 | * there may be still some leaks to fix, if this fails, the application | |
485 | * terminates most likely | |
486 | */ | |
edc032b5 | 487 | |
0f113f3e MC |
488 | if (gN != NULL) { |
489 | OPENSSL_free(gN->id); | |
490 | OPENSSL_free(gN); | |
491 | } | |
edc032b5 | 492 | |
0f113f3e | 493 | SRP_user_pwd_free(user_pwd); |
edc032b5 | 494 | |
895cba19 | 495 | TXT_DB_free(tmpdb); |
ca3a82c3 | 496 | BIO_free_all(in); |
edc032b5 | 497 | |
0f113f3e | 498 | sk_SRP_gN_free(SRP_gN_tab); |
edc032b5 | 499 | |
0f113f3e | 500 | return error_code; |
edc032b5 | 501 | |
0f113f3e | 502 | } |
edc032b5 | 503 | |
380f18ed | 504 | static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username) |
0f113f3e MC |
505 | { |
506 | int i; | |
507 | SRP_user_pwd *user; | |
0f113f3e MC |
508 | |
509 | if (vb == NULL) | |
510 | return NULL; | |
380f18ed | 511 | |
0f113f3e MC |
512 | for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) { |
513 | user = sk_SRP_user_pwd_value(vb->users_pwd, i); | |
514 | if (strcmp(user->id, username) == 0) | |
515 | return user; | |
516 | } | |
380f18ed EK |
517 | |
518 | return NULL; | |
519 | } | |
520 | ||
51f03f12 AS |
521 | int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd) |
522 | { | |
523 | if (sk_SRP_user_pwd_push(vb->users_pwd, user_pwd) <= 0) | |
524 | return 0; | |
525 | return 1; | |
526 | } | |
527 | ||
d88ab353 | 528 | # if OPENSSL_API_COMPAT < 0x10100000L |
380f18ed EK |
529 | /* |
530 | * DEPRECATED: use SRP_VBASE_get1_by_user instead. | |
531 | * This method ignores the configured seed and fails for an unknown user. | |
532 | * Ownership of the returned pointer is not released to the caller. | |
533 | * In other words, caller must not free the result. | |
534 | */ | |
535 | SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) | |
536 | { | |
537 | return find_user(vb, username); | |
538 | } | |
d88ab353 | 539 | # endif |
380f18ed EK |
540 | |
541 | /* | |
542 | * Ownership of the returned pointer is released to the caller. | |
543 | * In other words, caller must free the result once done. | |
544 | */ | |
545 | SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username) | |
546 | { | |
547 | SRP_user_pwd *user; | |
548 | unsigned char digv[SHA_DIGEST_LENGTH]; | |
549 | unsigned char digs[SHA_DIGEST_LENGTH]; | |
550 | EVP_MD_CTX *ctxt = NULL; | |
551 | ||
552 | if (vb == NULL) | |
553 | return NULL; | |
554 | ||
555 | if ((user = find_user(vb, username)) != NULL) | |
556 | return srp_user_pwd_dup(user); | |
557 | ||
0f113f3e MC |
558 | if ((vb->seed_key == NULL) || |
559 | (vb->default_g == NULL) || (vb->default_N == NULL)) | |
560 | return NULL; | |
edc032b5 BL |
561 | |
562 | /* if the user is unknown we set parameters as well if we have a seed_key */ | |
563 | ||
0f113f3e MC |
564 | if ((user = SRP_user_pwd_new()) == NULL) |
565 | return NULL; | |
566 | ||
567 | SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N); | |
edc032b5 | 568 | |
ebfd055b | 569 | if (!SRP_user_pwd_set1_ids(user, username, NULL)) |
0f113f3e MC |
570 | goto err; |
571 | ||
4cffafe9 | 572 | if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0) |
266483d2 | 573 | goto err; |
bfb0641f | 574 | ctxt = EVP_MD_CTX_new(); |
d166ed8c DSH |
575 | if (ctxt == NULL |
576 | || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL) | |
577 | || !EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key)) | |
578 | || !EVP_DigestUpdate(ctxt, username, strlen(username)) | |
579 | || !EVP_DigestFinal_ex(ctxt, digs, NULL)) | |
580 | goto err; | |
bfb0641f | 581 | EVP_MD_CTX_free(ctxt); |
6e59a892 | 582 | ctxt = NULL; |
ebfd055b | 583 | if (SRP_user_pwd_set0_sv(user, |
6e59a892 RL |
584 | BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), |
585 | BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) | |
0f113f3e MC |
586 | return user; |
587 | ||
895cba19 | 588 | err: |
bfb0641f | 589 | EVP_MD_CTX_free(ctxt); |
895cba19 | 590 | SRP_user_pwd_free(user); |
0f113f3e MC |
591 | return NULL; |
592 | } | |
edc032b5 BL |
593 | |
594 | /* | |
0f113f3e MC |
595 | * create a verifier (*salt,*verifier,g and N are in base64) |
596 | */ | |
edc032b5 | 597 | char *SRP_create_verifier(const char *user, const char *pass, char **salt, |
0f113f3e MC |
598 | char **verifier, const char *N, const char *g) |
599 | { | |
600 | int len; | |
bf95cde2 | 601 | char *result = NULL, *vf = NULL; |
98370c2d MC |
602 | const BIGNUM *N_bn = NULL, *g_bn = NULL; |
603 | BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL; | |
0f113f3e MC |
604 | unsigned char tmp[MAX_LEN]; |
605 | unsigned char tmp2[MAX_LEN]; | |
606 | char *defgNid = NULL; | |
bf95cde2 | 607 | int vfsize = 0; |
0f113f3e MC |
608 | |
609 | if ((user == NULL) || | |
610 | (pass == NULL) || (salt == NULL) || (verifier == NULL)) | |
611 | goto err; | |
612 | ||
613 | if (N) { | |
73f0df83 | 614 | if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0) |
0f113f3e | 615 | goto err; |
98370c2d MC |
616 | N_bn_alloc = BN_bin2bn(tmp, len, NULL); |
617 | N_bn = N_bn_alloc; | |
73f0df83 | 618 | if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0) |
0f113f3e | 619 | goto err; |
98370c2d MC |
620 | g_bn_alloc = BN_bin2bn(tmp, len, NULL); |
621 | g_bn = g_bn_alloc; | |
0f113f3e MC |
622 | defgNid = "*"; |
623 | } else { | |
495a1e5c | 624 | SRP_gN *gN = SRP_get_default_gN(g); |
0f113f3e MC |
625 | if (gN == NULL) |
626 | goto err; | |
627 | N_bn = gN->N; | |
628 | g_bn = gN->g; | |
629 | defgNid = gN->id; | |
630 | } | |
631 | ||
632 | if (*salt == NULL) { | |
266483d2 MC |
633 | if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0) |
634 | goto err; | |
0f113f3e MC |
635 | |
636 | s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); | |
637 | } else { | |
73f0df83 | 638 | if ((len = t_fromb64(tmp2, sizeof(tmp2), *salt)) <= 0) |
0f113f3e MC |
639 | goto err; |
640 | s = BN_bin2bn(tmp2, len, NULL); | |
641 | } | |
642 | ||
643 | if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) | |
644 | goto err; | |
645 | ||
646 | BN_bn2bin(v, tmp); | |
bf95cde2 MC |
647 | vfsize = BN_num_bytes(v) * 2; |
648 | if (((vf = OPENSSL_malloc(vfsize)) == NULL)) | |
0f113f3e MC |
649 | goto err; |
650 | t_tob64(vf, tmp, BN_num_bytes(v)); | |
651 | ||
0f113f3e MC |
652 | if (*salt == NULL) { |
653 | char *tmp_salt; | |
654 | ||
655 | if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) { | |
0f113f3e MC |
656 | goto err; |
657 | } | |
658 | t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN); | |
659 | *salt = tmp_salt; | |
660 | } | |
661 | ||
bf95cde2 MC |
662 | *verifier = vf; |
663 | vf = NULL; | |
0f113f3e MC |
664 | result = defgNid; |
665 | ||
666 | err: | |
98370c2d MC |
667 | BN_free(N_bn_alloc); |
668 | BN_free(g_bn_alloc); | |
bf95cde2 MC |
669 | OPENSSL_clear_free(vf, vfsize); |
670 | BN_clear_free(s); | |
671 | BN_clear_free(v); | |
0f113f3e MC |
672 | return result; |
673 | } | |
edc032b5 BL |
674 | |
675 | /* | |
bf95cde2 MC |
676 | * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL |
677 | * then the provided salt will be used. On successful exit *verifier will point | |
678 | * to a newly allocated BIGNUM containing the verifier and (if a salt was not | |
679 | * provided) *salt will be populated with a newly allocated BIGNUM containing a | |
680 | * random salt. | |
681 | * The caller is responsible for freeing the allocated *salt and *verifier | |
682 | * BIGNUMS. | |
0f113f3e | 683 | */ |
8892ce77 | 684 | int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, |
0f113f3e MC |
685 | BIGNUM **verifier, const BIGNUM *N, |
686 | const BIGNUM *g) | |
687 | { | |
688 | int result = 0; | |
689 | BIGNUM *x = NULL; | |
690 | BN_CTX *bn_ctx = BN_CTX_new(); | |
691 | unsigned char tmp2[MAX_LEN]; | |
bf95cde2 | 692 | BIGNUM *salttmp = NULL; |
edc032b5 | 693 | |
0f113f3e MC |
694 | if ((user == NULL) || |
695 | (pass == NULL) || | |
696 | (salt == NULL) || | |
697 | (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL)) | |
698 | goto err; | |
edc032b5 | 699 | |
0f113f3e | 700 | if (*salt == NULL) { |
266483d2 MC |
701 | if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0) |
702 | goto err; | |
edc032b5 | 703 | |
bf95cde2 MC |
704 | salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); |
705 | } else { | |
706 | salttmp = *salt; | |
0f113f3e | 707 | } |
edc032b5 | 708 | |
bf95cde2 | 709 | x = SRP_Calc_x(salttmp, user, pass); |
edc032b5 | 710 | |
0f113f3e MC |
711 | *verifier = BN_new(); |
712 | if (*verifier == NULL) | |
713 | goto err; | |
edc032b5 | 714 | |
0f113f3e MC |
715 | if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) { |
716 | BN_clear_free(*verifier); | |
717 | goto err; | |
718 | } | |
edc032b5 | 719 | |
0f113f3e | 720 | result = 1; |
bf95cde2 | 721 | *salt = salttmp; |
edc032b5 | 722 | |
0f113f3e | 723 | err: |
3bbd1d63 | 724 | if (salt != NULL && *salt != salttmp) |
bf95cde2 | 725 | BN_clear_free(salttmp); |
0f113f3e MC |
726 | BN_clear_free(x); |
727 | BN_CTX_free(bn_ctx); | |
728 | return result; | |
729 | } | |
edc032b5 BL |
730 | |
731 | #endif |