diff options
Diffstat (limited to 'crypto/srp')
| -rw-r--r-- | crypto/srp/Makefile | 103 | ||||
| -rw-r--r-- | crypto/srp/build.info | 2 | ||||
| -rw-r--r-- | crypto/srp/srp.h | 179 | ||||
| -rw-r--r-- | crypto/srp/srp_grps.h | 528 | ||||
| -rw-r--r-- | crypto/srp/srp_lcl.h | 84 | ||||
| -rw-r--r-- | crypto/srp/srp_lib.c | 263 | ||||
| -rw-r--r-- | crypto/srp/srp_vfy.c | 406 | ||||
| -rw-r--r-- | crypto/srp/srptest.c | 155 |
8 files changed, 291 insertions, 1429 deletions
diff --git a/crypto/srp/Makefile b/crypto/srp/Makefile deleted file mode 100644 index 414af7bc66b1..000000000000 --- a/crypto/srp/Makefile +++ /dev/null @@ -1,103 +0,0 @@ -DIR= srp -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=srptest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=srp_lib.c srp_vfy.c -LIBOBJ=srp_lib.o srp_vfy.o - -SRC= $(LIBSRC) - -EXHEADER= srp.h -HEADER= $(EXHEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - -links: - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... - @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -srptest: top srptest.c $(LIB) - $(CC) $(CFLAGS) -Wall -Werror -g -o srptest srptest.c $(LIB) - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -update: depend - -depend: - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -srp_lib.o: ../../e_os.h ../../include/openssl/asn1.h -srp_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -srp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -srp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -srp_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -srp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -srp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -srp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -srp_lib.o: ../../include/openssl/sha.h ../../include/openssl/srp.h -srp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -srp_lib.o: ../cryptlib.h srp_grps.h srp_lcl.h srp_lib.c -srp_vfy.o: ../../e_os.h ../../include/openssl/asn1.h -srp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -srp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -srp_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -srp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -srp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -srp_vfy.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -srp_vfy.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -srp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -srp_vfy.o: ../../include/openssl/srp.h ../../include/openssl/stack.h -srp_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/txt_db.h -srp_vfy.o: ../cryptlib.h srp_lcl.h srp_vfy.c diff --git a/crypto/srp/build.info b/crypto/srp/build.info new file mode 100644 index 000000000000..b6c7fe7adcdf --- /dev/null +++ b/crypto/srp/build.info @@ -0,0 +1,2 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=srp_lib.c srp_vfy.c diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h deleted file mode 100644 index 028892a1ff5e..000000000000 --- a/crypto/srp/srp.h +++ /dev/null @@ -1,179 +0,0 @@ -/* crypto/srp/srp.h */ -/* - * Written by Christophe Renou (christophe.renou@edelweb.fr) with the - * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the - * EdelKey project and contributed to the OpenSSL project 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -#ifndef __SRP_H__ -# define __SRP_H__ - -# ifndef OPENSSL_NO_SRP - -# include <stdio.h> -# include <string.h> - -#ifdef __cplusplus -extern "C" { -#endif - -# include <openssl/safestack.h> -# include <openssl/bn.h> -# include <openssl/crypto.h> - -typedef struct SRP_gN_cache_st { - char *b64_bn; - BIGNUM *bn; -} SRP_gN_cache; - - -DECLARE_STACK_OF(SRP_gN_cache) - -typedef struct SRP_user_pwd_st { - /* Owned by us. */ - char *id; - BIGNUM *s; - BIGNUM *v; - /* Not owned by us. */ - const BIGNUM *g; - const BIGNUM *N; - /* Owned by us. */ - char *info; -} SRP_user_pwd; - -DECLARE_STACK_OF(SRP_user_pwd) - -void SRP_user_pwd_free(SRP_user_pwd *user_pwd); - -typedef struct SRP_VBASE_st { - STACK_OF(SRP_user_pwd) *users_pwd; - STACK_OF(SRP_gN_cache) *gN_cache; -/* to simulate a user */ - char *seed_key; - BIGNUM *default_g; - BIGNUM *default_N; -} SRP_VBASE; - -/* - * Structure interne pour retenir les couples N et g - */ -typedef struct SRP_gN_st { - char *id; - BIGNUM *g; - BIGNUM *N; -} SRP_gN; - -DECLARE_STACK_OF(SRP_gN) - -SRP_VBASE *SRP_VBASE_new(char *seed_key); -int SRP_VBASE_free(SRP_VBASE *vb); -int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); - -/* This method ignores the configured seed and fails for an unknown user. */ -SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); -/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ -SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); - -char *SRP_create_verifier(const char *user, const char *pass, char **salt, - char **verifier, const char *N, const char *g); -int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, BIGNUM *N, BIGNUM *g); - -# define SRP_NO_ERROR 0 -# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 -# define SRP_ERR_VBASE_BN_LIB 2 -# define SRP_ERR_OPEN_FILE 3 -# define SRP_ERR_MEMORY 4 - -# define DB_srptype 0 -# define DB_srpverifier 1 -# define DB_srpsalt 2 -# define DB_srpid 3 -# define DB_srpgN 4 -# define DB_srpinfo 5 -# undef DB_NUMBER -# define DB_NUMBER 6 - -# define DB_SRP_INDEX 'I' -# define DB_SRP_VALID 'V' -# define DB_SRP_REVOKED 'R' -# define DB_SRP_MODIF 'v' - -/* see srp.c */ -char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N); -SRP_gN *SRP_get_default_gN(const char *id); - -/* server side .... */ -BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, - BIGNUM *N); -BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v); -int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N); -BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N); - -/* client side .... */ -BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass); -BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g); -BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, - BIGNUM *a, BIGNUM *u); -int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N); - -# define SRP_MINIMAL_N 1024 - -#ifdef __cplusplus -} -#endif - -# endif -#endif diff --git a/crypto/srp/srp_grps.h b/crypto/srp/srp_grps.h deleted file mode 100644 index f76652cb8b9a..000000000000 --- a/crypto/srp/srp_grps.h +++ /dev/null @@ -1,528 +0,0 @@ -/* start of generated data */ - -static BN_ULONG bn_group_1024_value[] = { - bn_pack4(0x9FC6, 0x1D2F, 0xC0EB, 0x06E3), - bn_pack4(0xFD51, 0x38FE, 0x8376, 0x435B), - bn_pack4(0x2FD4, 0xCBF4, 0x976E, 0xAA9A), - bn_pack4(0x68ED, 0xBC3C, 0x0572, 0x6CC0), - bn_pack4(0xC529, 0xF566, 0x660E, 0x57EC), - bn_pack4(0x8255, 0x9B29, 0x7BCF, 0x1885), - bn_pack4(0xCE8E, 0xF4AD, 0x69B1, 0x5D49), - bn_pack4(0x5DC7, 0xD7B4, 0x6154, 0xD6B6), - bn_pack4(0x8E49, 0x5C1D, 0x6089, 0xDAD1), - bn_pack4(0xE0D5, 0xD8E2, 0x50B9, 0x8BE4), - bn_pack4(0x383B, 0x4813, 0xD692, 0xC6E0), - bn_pack4(0xD674, 0xDF74, 0x96EA, 0x81D3), - bn_pack4(0x9EA2, 0x314C, 0x9C25, 0x6576), - bn_pack4(0x6072, 0x6187, 0x75FF, 0x3C0B), - bn_pack4(0x9C33, 0xF80A, 0xFA8F, 0xC5E8), - bn_pack4(0xEEAF, 0x0AB9, 0xADB3, 0x8DD6) -}; - -static BIGNUM bn_group_1024 = { - bn_group_1024_value, - (sizeof(bn_group_1024_value)) / sizeof(BN_ULONG), - (sizeof(bn_group_1024_value)) / sizeof(BN_ULONG), - 0, - BN_FLG_STATIC_DATA -}; - -static BN_ULONG bn_group_1536_value[] = { - bn_pack4(0xCF76, 0xE3FE, 0xD135, 0xF9BB), - bn_pack4(0x1518, 0x0F93, 0x499A, 0x234D), - bn_pack4(0x8CE7, 0xA28C, 0x2442, 0xC6F3), - bn_pack4(0x5A02, 0x1FFF, 0x5E91, 0x479E), - bn_pack4(0x7F8A, 0x2FE9, 0xB8B5, 0x292E), - bn_pack4(0x837C, 0x264A, 0xE3A9, 0xBEB8), - bn_pack4(0xE442, 0x734A, 0xF7CC, 0xB7AE), - bn_pack4(0x6577, 0x2E43, 0x7D6C, 0x7F8C), - bn_pack4(0xDB2F, 0xD53D, 0x24B7, 0xC486), - bn_pack4(0x6EDF, 0x0195, 0x3934, 0x9627), - bn_pack4(0x158B, 0xFD3E, 0x2B9C, 0x8CF5), - bn_pack4(0x764E, 0x3F4B, 0x53DD, 0x9DA1), - bn_pack4(0x4754, 0x8381, 0xDBC5, 0xB1FC), - bn_pack4(0x9B60, 0x9E0B, 0xE3BA, 0xB63D), - bn_pack4(0x8134, 0xB1C8, 0xB979, 0x8914), - bn_pack4(0xDF02, 0x8A7C, 0xEC67, 0xF0D0), - bn_pack4(0x80B6, 0x55BB, 0x9A22, 0xE8DC), - bn_pack4(0x1558, 0x903B, 0xA0D0, 0xF843), - bn_pack4(0x51C6, 0xA94B, 0xE460, 0x7A29), - bn_pack4(0x5F4F, 0x5F55, 0x6E27, 0xCBDE), - bn_pack4(0xBEEE, 0xA961, 0x4B19, 0xCC4D), - bn_pack4(0xDBA5, 0x1DF4, 0x99AC, 0x4C80), - bn_pack4(0xB1F1, 0x2A86, 0x17A4, 0x7BBB), - bn_pack4(0x9DEF, 0x3CAF, 0xB939, 0x277A) -}; - -static BIGNUM bn_group_1536 = { - bn_group_1536_value, - (sizeof(bn_group_1536_value)) / sizeof(BN_ULONG), - (sizeof(bn_group_1536_value)) / sizeof(BN_ULONG), - 0, - BN_FLG_STATIC_DATA -}; - -static BN_ULONG bn_group_2048_value[] = { - bn_pack4(0x0FA7, 0x111F, 0x9E4A, 0xFF73), - bn_pack4(0x9B65, 0xE372, 0xFCD6, 0x8EF2), - bn_pack4(0x35DE, 0x236D, 0x525F, 0x5475), - bn_pack4(0x94B5, 0xC803, 0xD89F, 0x7AE4), - bn_pack4(0x71AE, 0x35F8, 0xE9DB, 0xFBB6), - bn_pack4(0x2A56, 0x98F3, 0xA8D0, 0xC382), - bn_pack4(0x9CCC, 0x041C, 0x7BC3, 0x08D8), - bn_pack4(0xAF87, 0x4E73, 0x03CE, 0x5329), - bn_pack4(0x6160, 0x2790, 0x04E5, 0x7AE6), - bn_pack4(0x032C, 0xFBDB, 0xF52F, 0xB378), - bn_pack4(0x5EA7, 0x7A27, 0x75D2, 0xECFA), - bn_pack4(0x5445, 0x23B5, 0x24B0, 0xD57D), - bn_pack4(0x5B9D, 0x32E6, 0x88F8, 0x7748), - bn_pack4(0xF1D2, 0xB907, 0x8717, 0x461A), - bn_pack4(0x76BD, 0x207A, 0x436C, 0x6481), - bn_pack4(0xCA97, 0xB43A, 0x23FB, 0x8016), - bn_pack4(0x1D28, 0x1E44, 0x6B14, 0x773B), - bn_pack4(0x7359, 0xD041, 0xD5C3, 0x3EA7), - bn_pack4(0xA80D, 0x740A, 0xDBF4, 0xFF74), - bn_pack4(0x55F9, 0x7993, 0xEC97, 0x5EEA), - bn_pack4(0x2918, 0xA996, 0x2F0B, 0x93B8), - bn_pack4(0x661A, 0x05FB, 0xD5FA, 0xAAE8), - bn_pack4(0xCF60, 0x9517, 0x9A16, 0x3AB3), - bn_pack4(0xE808, 0x3969, 0xEDB7, 0x67B0), - bn_pack4(0xCD7F, 0x48A9, 0xDA04, 0xFD50), - bn_pack4(0xD523, 0x12AB, 0x4B03, 0x310D), - bn_pack4(0x8193, 0xE075, 0x7767, 0xA13D), - bn_pack4(0xA373, 0x29CB, 0xB4A0, 0x99ED), - bn_pack4(0xFC31, 0x9294, 0x3DB5, 0x6050), - bn_pack4(0xAF72, 0xB665, 0x1987, 0xEE07), - bn_pack4(0xF166, 0xDE5E, 0x1389, 0x582F), - bn_pack4(0xAC6B, 0xDB41, 0x324A, 0x9A9B) -}; - -static BIGNUM bn_group_2048 = { - bn_group_2048_value, - (sizeof(bn_group_2048_value)) / sizeof(BN_ULONG), - (sizeof(bn_group_2048_value)) / sizeof(BN_ULONG), - 0, - BN_FLG_STATIC_DATA -}; - -static BN_ULONG bn_group_3072_value[] = { - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), - bn_pack4(0x4B82, 0xD120, 0xA93A, 0xD2CA), - bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), - bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), - bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), - bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), - bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), - bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), - bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), - bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), - bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), - bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), - bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), - bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), - bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), - bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), - bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), - bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), - bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), - bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), - bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), - bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), - bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), - bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), - bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), - bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), - bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), - bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), - bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), - bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), - bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), - bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), - bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), - bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), - bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), - bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), - bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), - bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), - bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), - bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), - bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), - bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), - bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), - bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), - bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), - bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), - bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) -}; - -static BIGNUM bn_group_3072 = { - bn_group_3072_value, - (sizeof(bn_group_3072_value)) / sizeof(BN_ULONG), - (sizeof(bn_group_3072_value)) / sizeof(BN_ULONG), - 0, - BN_FLG_STATIC_DATA -}; - -static BN_ULONG bn_group_4096_value[] = { - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), - bn_pack4(0x4DF4, 0x35C9, 0x3406, 0x3199), - bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), - bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), - bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), - bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), - bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), - bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), - bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), - bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), - bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), - bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), - bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), - bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), - bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), - bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), - bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), - bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), - bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), - bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), - bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), - bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), - bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), - bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), - bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), - bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), - bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), - bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), - bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), - bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), - bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), - bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), - bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), - bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), - bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), - bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), - bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), - bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), - bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), - bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), - bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), - bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), - bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), - bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), - bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), - bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), - bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), - bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), - bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), - bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), - bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), - bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), - bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), - bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), - bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), - bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), - bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), - bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), - bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), - bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), - bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), - bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), - bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) -}; - -static BIGNUM bn_group_4096 = { - bn_group_4096_value, - (sizeof(bn_group_4096_value)) / sizeof(BN_ULONG), - (sizeof(bn_group_4096_value)) / sizeof(BN_ULONG), - 0, - BN_FLG_STATIC_DATA -}; - -static BN_ULONG bn_group_6144_value[] = { - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), - bn_pack4(0xE694, 0xF91E, 0x6DCC, 0x4024), - bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6), - bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE), - bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468), - bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632), - bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C), - bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0), - bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76), - bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328), - bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0), - bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8), - bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA), - bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5), - bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE), - bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3), - bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E), - bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82), - bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6), - bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03), - bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC), - bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF), - bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42), - bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B), - bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B), - bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED), - bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918), - bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831), - bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE), - bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E), - bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD), - bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE), - bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026), - bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492), - bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), - bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), - bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), - bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), - bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), - bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), - bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), - bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), - bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), - bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), - bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), - bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), - bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), - bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), - bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), - bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), - bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), - bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), - bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), - bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), - bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), - bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), - bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), - bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), - bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), - bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), - bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), - bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), - bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), - bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), - bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), - bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), - bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), - bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), - bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), - bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), - bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), - bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), - bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), - bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), - bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), - bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), - bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), - bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), - bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), - bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), - bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), - bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), - bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), - bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), - bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), - bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), - bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), - bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), - bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), - bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), - bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), - bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), - bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), - bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), - bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) -}; - -static BIGNUM bn_group_6144 = { - bn_group_6144_value, - (sizeof(bn_group_6144_value)) / sizeof(BN_ULONG), - (sizeof(bn_group_6144_value)) / sizeof(BN_ULONG), - 0, - BN_FLG_STATIC_DATA -}; - -static BN_ULONG bn_group_8192_value[] = { - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), - bn_pack4(0x60C9, 0x80DD, 0x98ED, 0xD3DF), - bn_pack4(0xC81F, 0x56E8, 0x80B9, 0x6E71), - bn_pack4(0x9E30, 0x50E2, 0x7656, 0x94DF), - bn_pack4(0x9558, 0xE447, 0x5677, 0xE9AA), - bn_pack4(0xC919, 0x0DA6, 0xFC02, 0x6E47), - bn_pack4(0x889A, 0x002E, 0xD5EE, 0x382B), - bn_pack4(0x4009, 0x438B, 0x481C, 0x6CD7), - bn_pack4(0x3590, 0x46F4, 0xEB87, 0x9F92), - bn_pack4(0xFAF3, 0x6BC3, 0x1ECF, 0xA268), - bn_pack4(0xB1D5, 0x10BD, 0x7EE7, 0x4D73), - bn_pack4(0xF9AB, 0x4819, 0x5DED, 0x7EA1), - bn_pack4(0x64F3, 0x1CC5, 0x0846, 0x851D), - bn_pack4(0x4597, 0xE899, 0xA025, 0x5DC1), - bn_pack4(0xDF31, 0x0EE0, 0x74AB, 0x6A36), - bn_pack4(0x6D2A, 0x13F8, 0x3F44, 0xF82D), - bn_pack4(0x062B, 0x3CF5, 0xB3A2, 0x78A6), - bn_pack4(0x7968, 0x3303, 0xED5B, 0xDD3A), - bn_pack4(0xFA9D, 0x4B7F, 0xA2C0, 0x87E8), - bn_pack4(0x4BCB, 0xC886, 0x2F83, 0x85DD), - bn_pack4(0x3473, 0xFC64, 0x6CEA, 0x306B), - bn_pack4(0x13EB, 0x57A8, 0x1A23, 0xF0C7), - bn_pack4(0x2222, 0x2E04, 0xA403, 0x7C07), - bn_pack4(0xE3FD, 0xB8BE, 0xFC84, 0x8AD9), - bn_pack4(0x238F, 0x16CB, 0xE39D, 0x652D), - bn_pack4(0x3423, 0xB474, 0x2BF1, 0xC978), - bn_pack4(0x3AAB, 0x639C, 0x5AE4, 0xF568), - bn_pack4(0x2576, 0xF693, 0x6BA4, 0x2466), - bn_pack4(0x741F, 0xA7BF, 0x8AFC, 0x47ED), - bn_pack4(0x3BC8, 0x32B6, 0x8D9D, 0xD300), - bn_pack4(0xD8BE, 0xC4D0, 0x73B9, 0x31BA), - bn_pack4(0x3877, 0x7CB6, 0xA932, 0xDF8C), - bn_pack4(0x74A3, 0x926F, 0x12FE, 0xE5E4), - bn_pack4(0xE694, 0xF91E, 0x6DBE, 0x1159), - bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6), - bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE), - bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468), - bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632), - bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C), - bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0), - bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76), - bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328), - bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0), - bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8), - bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA), - bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5), - bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE), - bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3), - bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E), - bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82), - bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6), - bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03), - bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC), - bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF), - bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42), - bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B), - bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B), - bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED), - bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918), - bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831), - bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE), - bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E), - bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD), - bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE), - bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026), - bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492), - bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), - bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), - bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), - bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), - bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), - bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), - bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), - bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), - bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), - bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), - bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), - bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), - bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), - bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), - bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), - bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), - bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), - bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), - bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), - bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), - bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), - bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), - bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), - bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), - bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), - bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), - bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), - bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), - bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), - bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), - bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), - bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), - bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), - bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), - bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), - bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), - bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), - bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), - bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), - bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), - bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), - bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), - bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), - bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), - bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), - bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), - bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), - bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), - bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), - bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), - bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), - bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), - bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), - bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), - bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), - bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), - bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), - bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), - bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), - bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), - bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) -}; - -static BIGNUM bn_group_8192 = { - bn_group_8192_value, - (sizeof(bn_group_8192_value)) / sizeof(BN_ULONG), - (sizeof(bn_group_8192_value)) / sizeof(BN_ULONG), - 0, - BN_FLG_STATIC_DATA -}; - -static BN_ULONG bn_generator_19_value[] = { 19 }; - -static BIGNUM bn_generator_19 = { - bn_generator_19_value, - 1, - 1, - 0, - BN_FLG_STATIC_DATA -}; -static BN_ULONG bn_generator_5_value[] = { 5 }; - -static BIGNUM bn_generator_5 = { - bn_generator_5_value, - 1, - 1, - 0, - BN_FLG_STATIC_DATA -}; -static BN_ULONG bn_generator_2_value[] = { 2 }; - -static BIGNUM bn_generator_2 = { - bn_generator_2_value, - 1, - 1, - 0, - BN_FLG_STATIC_DATA -}; - -static SRP_gN knowngN[] = { - {"8192", &bn_generator_19, &bn_group_8192}, - {"6144", &bn_generator_5, &bn_group_6144}, - {"4096", &bn_generator_5, &bn_group_4096}, - {"3072", &bn_generator_5, &bn_group_3072}, - {"2048", &bn_generator_2, &bn_group_2048}, - {"1536", &bn_generator_2, &bn_group_1536}, - {"1024", &bn_generator_2, &bn_group_1024}, -}; - -#define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN) - -/* end of generated data */ diff --git a/crypto/srp/srp_lcl.h b/crypto/srp/srp_lcl.h deleted file mode 100644 index 9a7fce1b4cf9..000000000000 --- a/crypto/srp/srp_lcl.h +++ /dev/null @@ -1,84 +0,0 @@ -/* crypto/srp/srp_lcl.h */ -/* - * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey - * project and contributed to the OpenSSL project 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -#ifndef HEADER_SRP_LCL_H -# define HEADER_SRP_LCL_H - -# include <openssl/srp.h> -# include <openssl/sha.h> - -# if 0 -# define srp_bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \ - fprintf(stderr,"\n");} -# else -# define srp_bn_print(a) -# endif - - - -#ifdef __cplusplus -extern "C" { -#endif - - - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 6df3b1cee72e..b97d630d3753 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -1,157 +1,61 @@ -/* crypto/srp/srp_lib.c */ /* - * Written by Christophe Renou (christophe.renou@edelweb.fr) with the - * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the - * EdelKey project and contributed to the OpenSSL project 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. */ + #ifndef OPENSSL_NO_SRP -# include "cryptlib.h" -# include "srp_lcl.h" +# include "internal/cryptlib.h" +# include <openssl/sha.h> # include <openssl/srp.h> # include <openssl/evp.h> +# include "internal/bn_srp.h" -# if (BN_BYTES == 8) -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64) -# elif defined(__arch64__) -# define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL) -# else -# define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL) -# endif -# elif (BN_BYTES == 4) -# define bn_pack4(a1,a2,a3,a4) ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL) -# else -# error "unsupported BN_BYTES" -# endif - -# include "srp_grps.h" - -static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g) -{ - /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */ +/* calculate = SHA1(PAD(x) || PAD(y)) */ +static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N) +{ unsigned char digest[SHA_DIGEST_LENGTH]; - unsigned char *tmp; - EVP_MD_CTX ctxt; - int longg; - int longN = BN_num_bytes(N); - - if (BN_ucmp(g, N) >= 0) + unsigned char *tmp = NULL; + int numN = BN_num_bytes(N); + BIGNUM *res = NULL; + if (x != N && BN_ucmp(x, N) >= 0) return NULL; - - if ((tmp = OPENSSL_malloc(longN)) == NULL) + if (y != N && BN_ucmp(y, N) >= 0) return NULL; - BN_bn2bin(N, tmp); - - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, tmp, longN); - - memset(tmp, 0, longN); - longg = BN_bn2bin(g, tmp); - /* use the zeros behind to pad on left */ - EVP_DigestUpdate(&ctxt, tmp + longg, longN - longg); - EVP_DigestUpdate(&ctxt, tmp, longg); + if ((tmp = OPENSSL_malloc(numN * 2)) == NULL) + goto err; + if (BN_bn2binpad(x, tmp, numN) < 0 + || BN_bn2binpad(y, tmp + numN, numN) < 0 + || !EVP_Digest(tmp, numN * 2, digest, NULL, EVP_sha1(), NULL)) + goto err; + res = BN_bin2bn(digest, sizeof(digest), NULL); + err: OPENSSL_free(tmp); + return res; +} - EVP_DigestFinal_ex(&ctxt, digest, NULL); - EVP_MD_CTX_cleanup(&ctxt); - return BN_bin2bn(digest, sizeof(digest), NULL); +static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g) +{ + /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */ + return srp_Calc_xy(N, g, N); } -BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) +BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N) { /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */ - - BIGNUM *u; - unsigned char cu[SHA_DIGEST_LENGTH]; - unsigned char *cAB; - EVP_MD_CTX ctxt; - int longN; - if ((A == NULL) || (B == NULL) || (N == NULL)) - return NULL; - - if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0) - return NULL; - - longN = BN_num_bytes(N); - - if ((cAB = OPENSSL_malloc(2 * longN)) == NULL) - return NULL; - - memset(cAB, 0, longN); - - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A, cAB + longN), longN); - EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B, cAB + longN), longN); - OPENSSL_free(cAB); - EVP_DigestFinal_ex(&ctxt, cu, NULL); - EVP_MD_CTX_cleanup(&ctxt); - - if (!(u = BN_bin2bn(cu, sizeof(cu), NULL))) - return NULL; - if (!BN_is_zero(u)) - return u; - BN_free(u); - return NULL; + return srp_Calc_xy(A, B, N); } -BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, - BIGNUM *N) +BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, + const BIGNUM *b, const BIGNUM *N) { BIGNUM *tmp = NULL, *S = NULL; BN_CTX *bn_ctx; @@ -180,7 +84,8 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, return S; } -BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v) +BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, + const BIGNUM *v) { BIGNUM *kv = NULL, *gb = NULL; BIGNUM *B = NULL, *k = NULL; @@ -196,10 +101,10 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v) /* B = g**b + k*v */ - if (!BN_mod_exp(gb, g, b, N, bn_ctx) || - !(k = srp_Calc_k(N, g)) || - !BN_mod_mul(kv, v, k, N, bn_ctx) || - !BN_mod_add(B, gb, kv, N, bn_ctx)) { + if (!BN_mod_exp(gb, g, b, N, bn_ctx) + || (k = srp_Calc_k(N, g)) == NULL + || !BN_mod_mul(kv, v, k, N, bn_ctx) + || !BN_mod_add(B, gb, kv, N, bn_ctx)) { BN_free(B); B = NULL; } @@ -211,43 +116,51 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v) return B; } -BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass) +BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) { unsigned char dig[SHA_DIGEST_LENGTH]; - EVP_MD_CTX ctxt; - unsigned char *cs; + EVP_MD_CTX *ctxt; + unsigned char *cs = NULL; + BIGNUM *res = NULL; if ((s == NULL) || (user == NULL) || (pass == NULL)) return NULL; - if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) + ctxt = EVP_MD_CTX_new(); + if (ctxt == NULL) return NULL; + if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) + goto err; - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, user, strlen(user)); - EVP_DigestUpdate(&ctxt, ":", 1); - EVP_DigestUpdate(&ctxt, pass, strlen(pass)); - EVP_DigestFinal_ex(&ctxt, dig, NULL); - - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); + if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL) + || !EVP_DigestUpdate(ctxt, user, strlen(user)) + || !EVP_DigestUpdate(ctxt, ":", 1) + || !EVP_DigestUpdate(ctxt, pass, strlen(pass)) + || !EVP_DigestFinal_ex(ctxt, dig, NULL) + || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)) + goto err; BN_bn2bin(s, cs); - EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s)); - OPENSSL_free(cs); - EVP_DigestUpdate(&ctxt, dig, sizeof(dig)); - EVP_DigestFinal_ex(&ctxt, dig, NULL); - EVP_MD_CTX_cleanup(&ctxt); + if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s))) + goto err; - return BN_bin2bn(dig, sizeof(dig), NULL); + if (!EVP_DigestUpdate(ctxt, dig, sizeof(dig)) + || !EVP_DigestFinal_ex(ctxt, dig, NULL)) + goto err; + + res = BN_bin2bn(dig, sizeof(dig), NULL); + + err: + OPENSSL_free(cs); + EVP_MD_CTX_free(ctxt); + return res; } -BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g) +BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g) { BN_CTX *bn_ctx; BIGNUM *A = NULL; - if (a == NULL || N == NULL || g == NULL || - (bn_ctx = BN_CTX_new()) == NULL) + if (a == NULL || N == NULL || g == NULL || (bn_ctx = BN_CTX_new()) == NULL) return NULL; if ((A = BN_new()) != NULL && !BN_mod_exp(A, g, a, N, bn_ctx)) { @@ -258,8 +171,8 @@ BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g) return A; } -BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, - BIGNUM *a, BIGNUM *u) +BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, + const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) { BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL; BN_CTX *bn_ctx; @@ -275,13 +188,12 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, if (!BN_mod_exp(tmp, g, x, N, bn_ctx)) goto err; - if (!(k = srp_Calc_k(N, g))) + if ((k = srp_Calc_k(N, g)) == NULL) goto err; if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx)) goto err; if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx)) goto err; - if (!BN_mul(tmp3, u, x, bn_ctx)) goto err; if (!BN_add(tmp2, a, tmp3)) @@ -301,7 +213,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, return K; } -int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N) +int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N) { BIGNUM *r; BN_CTX *bn_ctx; @@ -322,25 +234,34 @@ int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N) return ret; } -int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N) +int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N) { /* Checks if A % N == 0 */ return SRP_Verify_B_mod_N(A, N); } +static SRP_gN knowngN[] = { + {"8192", &bn_generator_19, &bn_group_8192}, + {"6144", &bn_generator_5, &bn_group_6144}, + {"4096", &bn_generator_5, &bn_group_4096}, + {"3072", &bn_generator_5, &bn_group_3072}, + {"2048", &bn_generator_2, &bn_group_2048}, + {"1536", &bn_generator_2, &bn_group_1536}, + {"1024", &bn_generator_2, &bn_group_1024}, +}; + +# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN) + /* - * Check if G and N are kwown parameters. The values have been generated + * Check if G and N are known parameters. The values have been generated * from the ietf-tls-srp draft version 8 */ -char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N) +char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N) { size_t i; if ((g == NULL) || (N == NULL)) return 0; - srp_bn_print(g); - srp_bn_print(N); - for (i = 0; i < KNOWN_GN_NUMBER; i++) { if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0) return knowngN[i].id; diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index c8bc7a94b26c..17b35c00f9da 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -1,194 +1,176 @@ -/* crypto/srp/srp_vfy.c */ /* - * Written by Christophe Renou (christophe.renou@edelweb.fr) with the - * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the - * EdelKey project and contributed to the OpenSSL project 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. */ + #ifndef OPENSSL_NO_SRP -# include "cryptlib.h" -# include "srp_lcl.h" +# include "internal/cryptlib.h" +# include "internal/evp_int.h" +# include <openssl/sha.h> # include <openssl/srp.h> # include <openssl/evp.h> # include <openssl/buffer.h> # include <openssl/rand.h> # include <openssl/txt_db.h> +# include <openssl/err.h> # define SRP_RANDOM_SALT_LEN 20 # define MAX_LEN 2500 -static char b64table[] = - "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; - /* - * the following two conversion routines have been inspired by code from - * Stanford + * Note that SRP uses its own variant of base 64 encoding. A different base64 + * alphabet is used and no padding '=' characters are added. Instead we pad to + * the front with 0 bytes and subsequently strip off leading encoded padding. + * This variant is used for compatibility with other SRP implementations - + * notably libsrp, but also others. It is also required for backwards + * compatibility in order to load verifier files from other OpenSSL versions. */ /* * Convert a base64 string into raw byte array representation. + * Returns the length of the decoded data, or -1 on error. */ static int t_fromb64(unsigned char *a, size_t alen, const char *src) { - char *loc; - int i, j; - int size; + EVP_ENCODE_CTX *ctx; + int outl = 0, outl2 = 0; + size_t size, padsize; + const unsigned char *pad = (const unsigned char *)"00"; - if (alen == 0 || alen > INT_MAX) - return -1; - - while (*src && (*src == ' ' || *src == '\t' || *src == '\n')) + while (*src == ' ' || *src == '\t' || *src == '\n') ++src; size = strlen(src); - if (size < 0 || size >= (int)alen) + padsize = 4 - (size & 3); + padsize &= 3; + + /* Four bytes in src become three bytes output. */ + if (size > INT_MAX || ((size + padsize) / 4) * 3 > alen) + return -1; + + ctx = EVP_ENCODE_CTX_new(); + if (ctx == NULL) return -1; - i = 0; - while (i < size) { - loc = strchr(b64table, src[i]); - if (loc == (char *)0) - break; - else - a[i] = loc - b64table; - ++i; + /* + * This should never occur because 1 byte of data always requires 2 bytes of + * encoding, i.e. + * 0 bytes unencoded = 0 bytes encoded + * 1 byte unencoded = 2 bytes encoded + * 2 bytes unencoded = 3 bytes encoded + * 3 bytes unencoded = 4 bytes encoded + * 4 bytes unencoded = 6 bytes encoded + * etc + */ + if (padsize == 3) { + outl = -1; + goto err; } - /* if nothing valid to process we have a zero length response */ - if (i == 0) - return 0; - size = i; - i = size - 1; - j = size; - while (1) { - a[j] = a[i]; - if (--i < 0) - break; - a[j] |= (a[i] & 3) << 6; - --j; - a[j] = (unsigned char)((a[i] & 0x3c) >> 2); - if (--i < 0) - break; - a[j] |= (a[i] & 0xf) << 4; - --j; - a[j] = (unsigned char)((a[i] & 0x30) >> 4); - if (--i < 0) - break; - a[j] |= (a[i] << 2); - - a[--j] = 0; - if (--i < 0) - break; + + /* Valid padsize values are now 0, 1 or 2 */ + + EVP_DecodeInit(ctx); + evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_USE_SRP_ALPHABET); + + /* Add any encoded padding that is required */ + if (padsize != 0 + && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) { + outl = -1; + goto err; + } + if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) { + outl = -1; + goto err; + } + outl += outl2; + EVP_DecodeFinal(ctx, a + outl, &outl2); + outl += outl2; + + /* Strip off the leading padding */ + if (padsize != 0) { + if ((int)padsize >= outl) { + outl = -1; + goto err; + } + + /* + * If we added 1 byte of padding prior to encoding then we have 2 bytes + * of "real" data which gets spread across 4 encoded bytes like this: + * (6 bits pad)(2 bits pad | 4 bits data)(6 bits data)(6 bits data) + * So 1 byte of pre-encoding padding results in 1 full byte of encoded + * padding. + * If we added 2 bytes of padding prior to encoding this gets encoded + * as: + * (6 bits pad)(6 bits pad)(4 bits pad | 2 bits data)(6 bits data) + * So 2 bytes of pre-encoding padding results in 2 full bytes of encoded + * padding, i.e. we have to strip the same number of bytes of padding + * from the encoded data as we added to the pre-encoded data. + */ + memmove(a, a + padsize, outl - padsize); + outl -= padsize; } - while (j <= size && a[j] == 0) - ++j; - i = 0; - while (j <= size) - a[i++] = a[j++]; - return i; + + err: + EVP_ENCODE_CTX_free(ctx); + + return outl; } /* * Convert a raw byte string into a null-terminated base64 ASCII string. + * Returns 1 on success or 0 on error. */ -static char *t_tob64(char *dst, const unsigned char *src, int size) +static int t_tob64(char *dst, const unsigned char *src, int size) { - int c, pos = size % 3; - unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0; - char *olddst = dst; - - switch (pos) { - case 1: - b2 = src[0]; - break; - case 2: - b1 = src[0]; - b2 = src[1]; - break; + EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); + int outl = 0, outl2 = 0; + unsigned char pad[2] = {0, 0}; + size_t leadz = 0; + + if (ctx == NULL) + return 0; + + EVP_EncodeInit(ctx); + evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES + | EVP_ENCODE_CTX_USE_SRP_ALPHABET); + + /* + * We pad at the front with zero bytes until the length is a multiple of 3 + * so that EVP_EncodeUpdate/EVP_EncodeFinal does not add any of its own "=" + * padding + */ + leadz = 3 - (size % 3); + if (leadz != 3 + && !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad, + leadz)) { + EVP_ENCODE_CTX_free(ctx); + return 0; } - while (1) { - c = (b0 & 0xfc) >> 2; - if (notleading || c != 0) { - *dst++ = b64table[c]; - notleading = 1; - } - c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4); - if (notleading || c != 0) { - *dst++ = b64table[c]; - notleading = 1; - } - c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6); - if (notleading || c != 0) { - *dst++ = b64table[c]; - notleading = 1; - } - c = b2 & 0x3f; - if (notleading || c != 0) { - *dst++ = b64table[c]; - notleading = 1; - } - if (pos >= size) - break; - else { - b0 = src[pos++]; - b1 = src[pos++]; - b2 = src[pos++]; - } + if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst + outl, &outl2, src, + size)) { + EVP_ENCODE_CTX_free(ctx); + return 0; + } + outl += outl2; + EVP_EncodeFinal(ctx, (unsigned char *)dst + outl, &outl2); + outl += outl2; + + /* Strip the encoded padding at the front */ + if (leadz != 3) { + memmove(dst, dst + leadz, outl - leadz); + dst[outl - leadz] = '\0'; } - *dst++ = '\0'; - return olddst; + EVP_ENCODE_CTX_free(ctx); + return 1; } void SRP_user_pwd_free(SRP_user_pwd *user_pwd) @@ -202,11 +184,14 @@ void SRP_user_pwd_free(SRP_user_pwd *user_pwd) OPENSSL_free(user_pwd); } -static SRP_user_pwd *SRP_user_pwd_new() +static SRP_user_pwd *SRP_user_pwd_new(void) { - SRP_user_pwd *ret = OPENSSL_malloc(sizeof(SRP_user_pwd)); - if (ret == NULL) + SRP_user_pwd *ret; + + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { + /* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/ return NULL; + } ret->N = NULL; ret->g = NULL; ret->s = NULL; @@ -226,9 +211,9 @@ static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g, static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id, const char *info) { - if (id != NULL && NULL == (vinfo->id = BUF_strdup(id))) + if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id))) return 0; - return (info == NULL || NULL != (vinfo->info = BUF_strdup(info))); + return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info))); } static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, @@ -285,19 +270,19 @@ static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src) SRP_VBASE *SRP_VBASE_new(char *seed_key) { - SRP_VBASE *vb = (SRP_VBASE *)OPENSSL_malloc(sizeof(SRP_VBASE)); + SRP_VBASE *vb = OPENSSL_malloc(sizeof(*vb)); if (vb == NULL) return NULL; - if (!(vb->users_pwd = sk_SRP_user_pwd_new_null()) || - !(vb->gN_cache = sk_SRP_gN_cache_new_null())) { + if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL + || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) { OPENSSL_free(vb); return NULL; } vb->default_g = NULL; vb->default_N = NULL; vb->seed_key = NULL; - if ((seed_key != NULL) && (vb->seed_key = BUF_strdup(seed_key)) == NULL) { + if ((seed_key != NULL) && (vb->seed_key = OPENSSL_strdup(seed_key)) == NULL) { sk_SRP_user_pwd_free(vb->users_pwd); sk_SRP_gN_cache_free(vb->gN_cache); OPENSSL_free(vb); @@ -306,22 +291,22 @@ SRP_VBASE *SRP_VBASE_new(char *seed_key) return vb; } -int SRP_VBASE_free(SRP_VBASE *vb) +void SRP_VBASE_free(SRP_VBASE *vb) { + if (!vb) + return; sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free); sk_SRP_gN_cache_free(vb->gN_cache); OPENSSL_free(vb->seed_key); OPENSSL_free(vb); - return 0; } static SRP_gN_cache *SRP_gN_new_init(const char *ch) { unsigned char tmp[MAX_LEN]; int len; + SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(*newgN)); - SRP_gN_cache *newgN = - (SRP_gN_cache *)OPENSSL_malloc(sizeof(SRP_gN_cache)); if (newgN == NULL) return NULL; @@ -329,7 +314,7 @@ static SRP_gN_cache *SRP_gN_new_init(const char *ch) if (len < 0) goto err; - if ((newgN->b64_bn = BUF_strdup(ch)) == NULL) + if ((newgN->b64_bn = OPENSSL_strdup(ch)) == NULL) goto err; if ((newgN->bn = BN_bin2bn(tmp, len, NULL))) @@ -430,13 +415,14 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) * we add this couple in the internal Stack */ - if ((gN = (SRP_gN *) OPENSSL_malloc(sizeof(SRP_gN))) == NULL) + if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL) goto err; - if (!(gN->id = BUF_strdup(pp[DB_srpid])) - || !(gN->N = - SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier])) - || !(gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt])) + if ((gN->id = OPENSSL_strdup(pp[DB_srpid])) == NULL + || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier])) + == NULL + || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt])) + == NULL || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0) goto err; @@ -447,7 +433,8 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) } } else if (pp[DB_srptype][0] == DB_SRP_VALID) { /* it is a user .... */ - SRP_gN *lgN; + const SRP_gN *lgN; + if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) { error_code = SRP_ERR_MEMORY; if ((user_pwd = SRP_user_pwd_new()) == NULL) @@ -465,7 +452,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0) goto err; - user_pwd = NULL; /* abandon responsability */ + user_pwd = NULL; /* abandon responsibility */ } } } @@ -496,10 +483,8 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) SRP_user_pwd_free(user_pwd); - if (tmpdb) - TXT_DB_free(tmpdb); - if (in) - BIO_free_all(in); + TXT_DB_free(tmpdb); + BIO_free_all(in); sk_SRP_gN_free(SRP_gN_tab); @@ -524,7 +509,9 @@ static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username) return NULL; } +# if OPENSSL_API_COMPAT < 0x10100000L /* + * DEPRECATED: use SRP_VBASE_get1_by_user instead. * This method ignores the configured seed and fails for an unknown user. * Ownership of the returned pointer is not released to the caller. * In other words, caller must not free the result. @@ -533,6 +520,7 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) { return find_user(vb, username); } +# endif /* * Ownership of the returned pointer is released to the caller. @@ -543,7 +531,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username) SRP_user_pwd *user; unsigned char digv[SHA_DIGEST_LENGTH]; unsigned char digs[SHA_DIGEST_LENGTH]; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt = NULL; if (vb == NULL) return NULL; @@ -565,20 +553,25 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username) if (!SRP_user_pwd_set_ids(user, username, NULL)) goto err; - if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0) + if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0) + goto err; + ctxt = EVP_MD_CTX_new(); + if (ctxt == NULL + || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL) + || !EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key)) + || !EVP_DigestUpdate(ctxt, username, strlen(username)) + || !EVP_DigestFinal_ex(ctxt, digs, NULL)) goto err; - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key)); - EVP_DigestUpdate(&ctxt, username, strlen(username)); - EVP_DigestFinal_ex(&ctxt, digs, NULL); - EVP_MD_CTX_cleanup(&ctxt); - if (SRP_user_pwd_set_sv_BN - (user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), - BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) + EVP_MD_CTX_free(ctxt); + ctxt = NULL; + if (SRP_user_pwd_set_sv_BN(user, + BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), + BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) return user; - err:SRP_user_pwd_free(user); + err: + EVP_MD_CTX_free(ctxt); + SRP_user_pwd_free(user); return NULL; } @@ -590,7 +583,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, { int len; char *result = NULL, *vf = NULL; - BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL; + const BIGNUM *N_bn = NULL, *g_bn = NULL; + BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL; unsigned char tmp[MAX_LEN]; unsigned char tmp2[MAX_LEN]; char *defgNid = NULL; @@ -601,12 +595,14 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, goto err; if (N) { - if (!(len = t_fromb64(tmp, sizeof(tmp), N))) + if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0) goto err; - N_bn = BN_bin2bn(tmp, len, NULL); - if (!(len = t_fromb64(tmp, sizeof(tmp), g))) + N_bn_alloc = BN_bin2bn(tmp, len, NULL); + N_bn = N_bn_alloc; + if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0) goto err; - g_bn = BN_bin2bn(tmp, len, NULL); + g_bn_alloc = BN_bin2bn(tmp, len, NULL); + g_bn = g_bn_alloc; defgNid = "*"; } else { SRP_gN *gN = SRP_get_gN_by_id(g, NULL); @@ -623,7 +619,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); } else { - if (!(len = t_fromb64(tmp2, sizeof(tmp2), *salt))) + if ((len = t_fromb64(tmp2, sizeof(tmp2), *salt)) <= 0) goto err; s = BN_bin2bn(tmp2, len, NULL); } @@ -652,13 +648,9 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, result = defgNid; err: - if (N) { - BN_free(N_bn); - BN_free(g_bn); - } - if (vf != NULL) - OPENSSL_cleanse(vf, vfsize); - OPENSSL_free(vf); + BN_free(N_bn_alloc); + BN_free(g_bn_alloc); + OPENSSL_clear_free(vf, vfsize); BN_clear_free(s); BN_clear_free(v); return result; @@ -674,7 +666,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, * BIGNUMS. */ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, BIGNUM *N, BIGNUM *g) + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g) { int result = 0; BIGNUM *x = NULL; @@ -688,9 +681,6 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL)) goto err; - srp_bn_print(N); - srp_bn_print(g); - if (*salt == NULL) { if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0) goto err; @@ -711,13 +701,11 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, goto err; } - srp_bn_print(*verifier); - result = 1; *salt = salttmp; err: - if (*salt != salttmp) + if (salt != NULL && *salt != salttmp) BN_clear_free(salttmp); BN_clear_free(x); BN_CTX_free(bn_ctx); diff --git a/crypto/srp/srptest.c b/crypto/srp/srptest.c deleted file mode 100644 index 00e001bd6b83..000000000000 --- a/crypto/srp/srptest.c +++ /dev/null @@ -1,155 +0,0 @@ -#include <openssl/opensslconf.h> -#ifdef OPENSSL_NO_SRP - -# include <stdio.h> - -int main(int argc, char *argv[]) -{ - printf("No SRP support\n"); - return (0); -} - -#else - -# include <openssl/srp.h> -# include <openssl/rand.h> -# include <openssl/err.h> - -static void showbn(const char *name, const BIGNUM *bn) -{ - fputs(name, stdout); - fputs(" = ", stdout); - BN_print_fp(stdout, bn); - putc('\n', stdout); -} - -# define RANDOM_SIZE 32 /* use 256 bits on each side */ - -static int run_srp(const char *username, const char *client_pass, - const char *server_pass) -{ - int ret = -1; - BIGNUM *s = NULL; - BIGNUM *v = NULL; - BIGNUM *a = NULL; - BIGNUM *b = NULL; - BIGNUM *u = NULL; - BIGNUM *x = NULL; - BIGNUM *Apub = NULL; - BIGNUM *Bpub = NULL; - BIGNUM *Kclient = NULL; - BIGNUM *Kserver = NULL; - unsigned char rand_tmp[RANDOM_SIZE]; - /* use builtin 1024-bit params */ - SRP_gN *GN = SRP_get_default_gN("1024"); - - if (GN == NULL) { - fprintf(stderr, "Failed to get SRP parameters\n"); - return -1; - } - /* Set up server's password entry */ - if (!SRP_create_verifier_BN(username, server_pass, &s, &v, GN->N, GN->g)) { - fprintf(stderr, "Failed to create SRP verifier\n"); - return -1; - } - - showbn("N", GN->N); - showbn("g", GN->g); - showbn("Salt", s); - showbn("Verifier", v); - - /* Server random */ - RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp)); - b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); - /* TODO - check b != 0 */ - showbn("b", b); - - /* Server's first message */ - Bpub = SRP_Calc_B(b, GN->N, GN->g, v); - showbn("B", Bpub); - - if (!SRP_Verify_B_mod_N(Bpub, GN->N)) { - fprintf(stderr, "Invalid B\n"); - return -1; - } - - /* Client random */ - RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp)); - a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); - /* TODO - check a != 0 */ - showbn("a", a); - - /* Client's response */ - Apub = SRP_Calc_A(a, GN->N, GN->g); - showbn("A", Apub); - - if (!SRP_Verify_A_mod_N(Apub, GN->N)) { - fprintf(stderr, "Invalid A\n"); - return -1; - } - - /* Both sides calculate u */ - u = SRP_Calc_u(Apub, Bpub, GN->N); - - /* Client's key */ - x = SRP_Calc_x(s, username, client_pass); - Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); - showbn("Client's key", Kclient); - - /* Server's key */ - Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); - showbn("Server's key", Kserver); - - if (BN_cmp(Kclient, Kserver) == 0) { - ret = 0; - } else { - fprintf(stderr, "Keys mismatch\n"); - ret = 1; - } - - BN_clear_free(Kclient); - BN_clear_free(Kserver); - BN_clear_free(x); - BN_free(u); - BN_free(Apub); - BN_clear_free(a); - BN_free(Bpub); - BN_clear_free(b); - BN_free(s); - BN_clear_free(v); - - return ret; -} - -int main(int argc, char **argv) -{ - BIO *bio_err; - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); - - CRYPTO_malloc_debug_init(); - CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - ERR_load_crypto_strings(); - - /* "Negative" test, expect a mismatch */ - if (run_srp("alice", "password1", "password2") == 0) { - fprintf(stderr, "Mismatched SRP run failed\n"); - return 1; - } - - /* "Positive" test, should pass */ - if (run_srp("alice", "password", "password") != 0) { - fprintf(stderr, "Plain SRP run failed\n"); - return 1; - } - - CRYPTO_cleanup_all_ex_data(); - ERR_remove_thread_state(NULL); - ERR_free_strings(); - CRYPTO_mem_leaks(bio_err); - BIO_free(bio_err); - - return 0; -} -#endif |