2 * Copyright (c) 1997-1999 The Stanford SRP Authentication Project
5 * Permission is hereby granted, free of charge, to any person obtaining
6 * a copy of this software and associated documentation files (the
7 * "Software"), to deal in the Software without restriction, including
8 * without limitation the rights to use, copy, modify, merge, publish,
9 * distribute, sublicense, and/or sell copies of the Software, and to
10 * permit persons to whom the Software is furnished to do so, subject to
11 * the following conditions:
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
18 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
20 * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
21 * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
22 * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
23 * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
24 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
26 * In addition, the following conditions apply:
28 * 1. Any software that incorporates the SRP authentication technology
29 * must display the following acknowlegment:
30 * "This product uses the 'Secure Remote Password' cryptographic
31 * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
33 * 2. Any software that incorporates all or part of the SRP distribution
34 * itself must also display the following acknowledgment:
35 * "This product includes software developed by Tom Wu and Eugene
36 * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
38 * 3. Redistributions in source or binary form must retain an intact copy
39 * of this copyright notice and list of conditions.
43 #include "t_defines.h"
48 _TYPE( struct t_client
* )
49 t_clientopen(u
, n
, g
, s
)
56 unsigned char buf1
[SHA_DIGESTSIZE
], buf2
[SHA_DIGESTSIZE
];
59 struct t_preconf
* tpc
;
61 BigInteger nn
, gg
, n12
, r
;
64 if(n
->len
< MIN_MOD_BYTES
)
66 for(i
= 0; i
< t_getprecount(); ++i
) {
67 tpc
= t_getpreparam(i
);
68 if(tpc
->modulus
.len
== n
->len
&& tpc
->generator
.len
== g
->len
&&
69 memcmp(tpc
->modulus
.data
, n
->data
, n
->len
) == 0 &&
70 memcmp(tpc
->generator
.data
, g
->data
, g
->len
) == 0) {
71 validated
= 1; /* Match found, done */
79 if((tc
= malloc(sizeof(struct t_client
))) == 0)
82 strncpy(tc
->username
, u
, MAXUSERLEN
);
87 tc
->n
.data
= tc
->nbuf
;
88 memcpy(tc
->n
.data
, n
->data
, tc
->n
.len
);
91 SHA1Update(&ctxt
, tc
->n
.data
, tc
->n
.len
);
92 SHA1Final(buf1
, &ctxt
);
95 tc
->g
.data
= tc
->gbuf
;
96 memcpy(tc
->g
.data
, g
->data
, tc
->g
.len
);
99 SHA1Update(&ctxt
, tc
->g
.data
, tc
->g
.len
);
100 SHA1Final(buf2
, &ctxt
);
102 for(i
= 0; i
< sizeof(buf1
); ++i
)
105 SHA1Update(&tc
->hash
, buf1
, sizeof(buf1
));
108 SHA1Update(&ctxt
, tc
->username
, strlen(tc
->username
));
109 SHA1Final(buf1
, &ctxt
);
111 SHA1Update(&tc
->hash
, buf1
, sizeof(buf1
));
114 tc
->s
.data
= tc
->sbuf
;
115 memcpy(tc
->s
.data
, s
->data
, tc
->s
.len
);
117 SHA1Update(&tc
->hash
, tc
->s
.data
, tc
->s
.len
);
119 tc
->a
.data
= tc
->abuf
;
120 tc
->A
.data
= tc
->Abuf
;
121 tc
->p
.data
= tc
->pbuf
;
122 tc
->v
.data
= tc
->vbuf
;
124 SHA1Init(&tc
->ckhash
);
129 _TYPE( struct t_num
* )
131 struct t_client
* tc
;
133 BigInteger a
, A
, n
, g
;
136 tc
->a
.len
= tc
->n
.len
;
140 t_random(tc
->a
.data
, tc
->a
.len
);
141 a
= BigIntegerFromBytes(tc
->a
.data
, tc
->a
.len
);
142 n
= BigIntegerFromBytes(tc
->n
.data
, tc
->n
.len
);
143 g
= BigIntegerFromBytes(tc
->g
.data
, tc
->g
.len
);
144 A
= BigIntegerFromInt(0);
145 BigIntegerModExp(A
, g
, a
, n
);
146 tc
->A
.len
= BigIntegerToBytes(A
, tc
->A
.data
);
153 SHA1Update(&tc
->hash
, tc
->A
.data
, tc
->A
.len
);
154 SHA1Update(&tc
->ckhash
, tc
->A
.data
, tc
->A
.len
);
160 t_clientpasswd(tc
, password
)
161 struct t_client
* tc
;
164 BigInteger n
, g
, p
, v
;
166 unsigned char dig
[SHA_DIGESTSIZE
];
168 n
= BigIntegerFromBytes(tc
->n
.data
, tc
->n
.len
);
169 g
= BigIntegerFromBytes(tc
->g
.data
, tc
->g
.len
);
172 SHA1Update(&ctxt
, tc
->username
, strlen(tc
->username
));
173 SHA1Update(&ctxt
, ":", 1);
174 SHA1Update(&ctxt
, password
, strlen(password
));
175 SHA1Final(dig
, &ctxt
);
178 SHA1Update(&ctxt
, tc
->s
.data
, tc
->s
.len
);
179 SHA1Update(&ctxt
, dig
, sizeof(dig
));
180 SHA1Final(dig
, &ctxt
);
182 p
= BigIntegerFromBytes(dig
, sizeof(dig
));
184 v
= BigIntegerFromInt(0);
185 BigIntegerModExp(v
, g
, p
, n
);
187 tc
->p
.len
= BigIntegerToBytes(p
, tc
->p
.data
);
190 tc
->v
.len
= BigIntegerToBytes(v
, tc
->v
.data
);
194 _TYPE( unsigned char * )
195 t_clientgetkey(tc
, serverval
)
196 struct t_client
* tc
;
197 struct t_num
* serverval
;
199 BigInteger n
, B
, v
, p
, a
, sum
, S
;
200 unsigned char sbuf
[MAXPARAMLEN
];
201 unsigned char dig
[SHA_DIGESTSIZE
];
207 SHA1Update(&ctxt
, serverval
->data
, serverval
->len
);
208 SHA1Final(dig
, &ctxt
);
209 u
= (dig
[0] << 24) | (dig
[1] << 16) | (dig
[2] << 8) | dig
[3];
213 SHA1Update(&tc
->hash
, serverval
->data
, serverval
->len
);
215 B
= BigIntegerFromBytes(serverval
->data
, serverval
->len
);
216 n
= BigIntegerFromBytes(tc
->n
.data
, tc
->n
.len
);
218 if(BigIntegerCmp(B
, n
) >= 0 || BigIntegerCmpInt(B
, 0) == 0) {
223 v
= BigIntegerFromBytes(tc
->v
.data
, tc
->v
.len
);
224 if(BigIntegerCmp(B
, v
) < 0)
225 BigIntegerAdd(B
, B
, n
);
226 BigIntegerSub(B
, B
, v
);
229 a
= BigIntegerFromBytes(tc
->a
.data
, tc
->a
.len
);
230 p
= BigIntegerFromBytes(tc
->p
.data
, tc
->p
.len
);
232 sum
= BigIntegerFromInt(0);
233 BigIntegerMulInt(sum
, p
, u
);
234 BigIntegerAdd(sum
, sum
, a
);
239 S
= BigIntegerFromInt(0);
240 BigIntegerModExp(S
, B
, sum
, n
);
241 slen
= BigIntegerToBytes(S
, sbuf
);
248 t_sessionkey(tc
->session_key
, sbuf
, slen
);
249 memset(sbuf
, 0, slen
);
251 SHA1Update(&tc
->hash
, tc
->session_key
, sizeof(tc
->session_key
));
253 SHA1Final(tc
->session_response
, &tc
->hash
);
254 SHA1Update(&tc
->ckhash
, tc
->session_response
, sizeof(tc
->session_response
));
255 SHA1Update(&tc
->ckhash
, tc
->session_key
, sizeof(tc
->session_key
));
257 return tc
->session_key
;
261 t_clientverify(tc
, resp
)
262 struct t_client
* tc
;
263 unsigned char * resp
;
265 unsigned char expected
[SHA_DIGESTSIZE
];
267 SHA1Final(expected
, &tc
->ckhash
);
268 return memcmp(expected
, resp
, sizeof(expected
));
271 _TYPE( unsigned char * )
273 struct t_client
* tc
;
275 return tc
->session_response
;
280 struct t_client
* tc
;
282 memset(tc
->abuf
, 0, sizeof(tc
->abuf
));
283 memset(tc
->pbuf
, 0, sizeof(tc
->pbuf
));
284 memset(tc
->vbuf
, 0, sizeof(tc
->vbuf
));
285 memset(tc
->session_key
, 0, sizeof(tc
->session_key
));
This page took 0.072879 seconds and 5 git commands to generate.