package/ead/src/tinysrp/t_client.c

   1 /*
   2  * Copyright (c) 1997-1999  The Stanford SRP Authentication Project
   3  * All Rights Reserved.
   4  *
   5  * Permission is hereby granted, free of charge, to any person obtaining
   6  * a copy of this software and associated documentation files (the
   7  * "Software"), to deal in the Software without restriction, including
   8  * without limitation the rights to use, copy, modify, merge, publish,
   9  * distribute, sublicense, and/or sell copies of the Software, and to
  10  * permit persons to whom the Software is furnished to do so, subject to
  11  * the following conditions:
  12  *
  13  * The above copyright notice and this permission notice shall be
  14  * included in all copies or substantial portions of the Software.
  15  *
  16  * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
  17  * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
  18  * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
  19  *
  20  * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
  21  * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
  22  * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
  23  * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
  24  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  25  *
  26  * In addition, the following conditions apply:
  27  *
  28  * 1. Any software that incorporates the SRP authentication technology
  29  *    must display the following acknowlegment:
  30  *    "This product uses the 'Secure Remote Password' cryptographic
  31  *     authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
  32  *
  33  * 2. Any software that incorporates all or part of the SRP distribution
  34  *    itself must also display the following acknowledgment:
  35  *    "This product includes software developed by Tom Wu and Eugene
  36  *     Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
  37  *
  38  * 3. Redistributions in source or binary form must retain an intact copy
  39  *    of this copyright notice and list of conditions.
  40  */
  41
  42 #include <stdio.h>
  43 #include "t_defines.h"
  44 #include "t_pwd.h"
  45 #include "t_client.h"
  46 #include "t_sha.h"
  47
  48 _TYPE( struct t_client * )
  49 t_clientopen(u, n, g, s)
  50      const char * u;
  51      struct t_num * n;
  52      struct t_num * g;
  53      struct t_num * s;
  54 {
  55   struct t_client * tc;
  56   unsigned char buf1[SHA_DIGESTSIZE], buf2[SHA_DIGESTSIZE];
  57   SHA1_CTX ctxt;
  58   int i, validated;
  59   struct t_preconf * tpc;
  60
  61   BigInteger nn, gg, n12, r;
  62
  63   validated = 0;
  64   if(n->len < MIN_MOD_BYTES)
  65     return 0;
  66   for(i = 0; i < t_getprecount(); ++i) {
  67     tpc = t_getpreparam(i);
  68     if(tpc->modulus.len == n->len && tpc->generator.len == g->len &&
  69        memcmp(tpc->modulus.data, n->data, n->len) == 0 &&
  70        memcmp(tpc->generator.data, g->data, g->len) == 0) {
  71       validated = 1;    /* Match found, done */
  72       break;
  73     }
  74   }
  75
  76   if(validated == 0)
  77     return 0;
  78
  79   if((tc = malloc(sizeof(struct t_client))) == 0)
  80     return 0;
  81
  82   strncpy(tc->username, u, MAXUSERLEN);
  83
  84   SHA1Init(&tc->hash);
  85
  86   tc->n.len = n->len;
  87   tc->n.data = tc->nbuf;
  88   memcpy(tc->n.data, n->data, tc->n.len);
  89
  90   SHA1Init(&ctxt);
  91   SHA1Update(&ctxt, tc->n.data, tc->n.len);
  92   SHA1Final(buf1, &ctxt);
  93
  94   tc->g.len = g->len;
  95   tc->g.data = tc->gbuf;
  96   memcpy(tc->g.data, g->data, tc->g.len);
  97
  98   SHA1Init(&ctxt);
  99   SHA1Update(&ctxt, tc->g.data, tc->g.len);
 100   SHA1Final(buf2, &ctxt);
 101
 102   for(i = 0; i < sizeof(buf1); ++i)
 103     buf1[i] ^= buf2[i];
 104
 105   SHA1Update(&tc->hash, buf1, sizeof(buf1));
 106
 107   SHA1Init(&ctxt);
 108   SHA1Update(&ctxt, tc->username, strlen(tc->username));
 109   SHA1Final(buf1, &ctxt);
 110
 111   SHA1Update(&tc->hash, buf1, sizeof(buf1));
 112
 113   tc->s.len = s->len;
 114   tc->s.data = tc->sbuf;
 115   memcpy(tc->s.data, s->data, tc->s.len);
 116
 117   SHA1Update(&tc->hash, tc->s.data, tc->s.len);
 118
 119   tc->a.data = tc->abuf;
 120   tc->A.data = tc->Abuf;
 121   tc->p.data = tc->pbuf;
 122   tc->v.data = tc->vbuf;
 123
 124   SHA1Init(&tc->ckhash);
 125
 126   return tc;
 127 }
 128
 129 _TYPE( struct t_num * )
 130 t_clientgenexp(tc)
 131      struct t_client * tc;
 132 {
 133   BigInteger a, A, n, g;
 134
 135   if(tc->n.len < ALEN)
 136     tc->a.len = tc->n.len;
 137   else
 138     tc->a.len = ALEN;
 139
 140   t_random(tc->a.data, tc->a.len);
 141   a = BigIntegerFromBytes(tc->a.data, tc->a.len);
 142   n = BigIntegerFromBytes(tc->n.data, tc->n.len);
 143   g = BigIntegerFromBytes(tc->g.data, tc->g.len);
 144   A = BigIntegerFromInt(0);
 145   BigIntegerModExp(A, g, a, n);
 146   tc->A.len = BigIntegerToBytes(A, tc->A.data);
 147
 148   BigIntegerFree(A);
 149   BigIntegerFree(a);
 150   BigIntegerFree(g);
 151   BigIntegerFree(n);
 152
 153   SHA1Update(&tc->hash, tc->A.data, tc->A.len);
 154   SHA1Update(&tc->ckhash, tc->A.data, tc->A.len);
 155
 156   return &tc->A;
 157 }
 158
 159 _TYPE( void )
 160 t_clientpasswd(tc, password)
 161      struct t_client * tc;
 162      char * password;
 163 {
 164   BigInteger n, g, p, v;
 165   SHA1_CTX ctxt;
 166   unsigned char dig[SHA_DIGESTSIZE];
 167
 168   n = BigIntegerFromBytes(tc->n.data, tc->n.len);
 169   g = BigIntegerFromBytes(tc->g.data, tc->g.len);
 170
 171   SHA1Init(&ctxt);
 172   SHA1Update(&ctxt, tc->username, strlen(tc->username));
 173   SHA1Update(&ctxt, ":", 1);
 174   SHA1Update(&ctxt, password, strlen(password));
 175   SHA1Final(dig, &ctxt);
 176
 177   SHA1Init(&ctxt);
 178   SHA1Update(&ctxt, tc->s.data, tc->s.len);
 179   SHA1Update(&ctxt, dig, sizeof(dig));
 180   SHA1Final(dig, &ctxt);
 181
 182   p = BigIntegerFromBytes(dig, sizeof(dig));
 183
 184   v = BigIntegerFromInt(0);
 185   BigIntegerModExp(v, g, p, n);
 186
 187   tc->p.len = BigIntegerToBytes(p, tc->p.data);
 188   BigIntegerFree(p);
 189
 190   tc->v.len = BigIntegerToBytes(v, tc->v.data);
 191   BigIntegerFree(v);
 192 }
 193
 194 _TYPE( unsigned char * )
 195 t_clientgetkey(tc, serverval)
 196      struct t_client * tc;
 197      struct t_num * serverval;
 198 {
 199   BigInteger n, B, v, p, a, sum, S;
 200   unsigned char sbuf[MAXPARAMLEN];
 201   unsigned char dig[SHA_DIGESTSIZE];
 202   unsigned slen;
 203   unsigned int u;
 204   SHA1_CTX ctxt;
 205
 206   SHA1Init(&ctxt);
 207   SHA1Update(&ctxt, serverval->data, serverval->len);
 208   SHA1Final(dig, &ctxt);
 209   u = (dig[0] << 24) | (dig[1] << 16) | (dig[2] << 8) | dig[3];
 210   if(u == 0)
 211     return NULL;
 212
 213   SHA1Update(&tc->hash, serverval->data, serverval->len);
 214
 215   B = BigIntegerFromBytes(serverval->data, serverval->len);
 216   n = BigIntegerFromBytes(tc->n.data, tc->n.len);
 217
 218   if(BigIntegerCmp(B, n) >= 0 || BigIntegerCmpInt(B, 0) == 0) {
 219     BigIntegerFree(B);
 220     BigIntegerFree(n);
 221     return NULL;
 222   }
 223   v = BigIntegerFromBytes(tc->v.data, tc->v.len);
 224   if(BigIntegerCmp(B, v) < 0)
 225     BigIntegerAdd(B, B, n);
 226   BigIntegerSub(B, B, v);
 227   BigIntegerFree(v);
 228
 229   a = BigIntegerFromBytes(tc->a.data, tc->a.len);
 230   p = BigIntegerFromBytes(tc->p.data, tc->p.len);
 231
 232   sum = BigIntegerFromInt(0);
 233   BigIntegerMulInt(sum, p, u);
 234   BigIntegerAdd(sum, sum, a);
 235
 236   BigIntegerFree(p);
 237   BigIntegerFree(a);
 238
 239   S = BigIntegerFromInt(0);
 240   BigIntegerModExp(S, B, sum, n);
 241   slen = BigIntegerToBytes(S, sbuf);
 242
 243   BigIntegerFree(S);
 244   BigIntegerFree(sum);
 245   BigIntegerFree(B);
 246   BigIntegerFree(n);
 247
 248   t_sessionkey(tc->session_key, sbuf, slen);
 249   memset(sbuf, 0, slen);
 250
 251   SHA1Update(&tc->hash, tc->session_key, sizeof(tc->session_key));
 252
 253   SHA1Final(tc->session_response, &tc->hash);
 254   SHA1Update(&tc->ckhash, tc->session_response, sizeof(tc->session_response));
 255   SHA1Update(&tc->ckhash, tc->session_key, sizeof(tc->session_key));
 256
 257   return tc->session_key;
 258 }
 259
 260 _TYPE( int )
 261 t_clientverify(tc, resp)
 262     struct t_client * tc;
 263     unsigned char * resp;
 264 {
 265   unsigned char expected[SHA_DIGESTSIZE];
 266
 267   SHA1Final(expected, &tc->ckhash);
 268   return memcmp(expected, resp, sizeof(expected));
 269 }
 270
 271 _TYPE( unsigned char * )
 272 t_clientresponse(tc)
 273     struct t_client * tc;
 274 {
 275   return tc->session_response;
 276 }
 277
 278 _TYPE( void )
 279 t_clientclose(tc)
 280      struct t_client * tc;
 281 {
 282   memset(tc->abuf, 0, sizeof(tc->abuf));
 283   memset(tc->pbuf, 0, sizeof(tc->pbuf));
 284   memset(tc->vbuf, 0, sizeof(tc->vbuf));
 285   memset(tc->session_key, 0, sizeof(tc->session_key));
 286   free(tc);
 287 }