2 * Copyright (c) 1997-1999 The Stanford SRP Authentication Project
5 * Permission is hereby granted, free of charge, to any person obtaining
6 * a copy of this software and associated documentation files (the
7 * "Software"), to deal in the Software without restriction, including
8 * without limitation the rights to use, copy, modify, merge, publish,
9 * distribute, sublicense, and/or sell copies of the Software, and to
10 * permit persons to whom the Software is furnished to do so, subject to
11 * the following conditions:
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
18 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
20 * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
21 * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
22 * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
23 * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
24 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
26 * In addition, the following conditions apply:
28 * 1. Any software that incorporates the SRP authentication technology
29 * must display the following acknowlegment:
30 * "This product uses the 'Secure Remote Password' cryptographic
31 * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
33 * 2. Any software that incorporates all or part of the SRP distribution
34 * itself must also display the following acknowledgment:
35 * "This product includes software developed by Tom Wu and Eugene
36 * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
38 * 3. Redistributions in source or binary form must retain an intact copy
39 * of this copyright notice and list of conditions.
43 #include "t_defines.h"
47 _TYPE( struct t_server
* )
48 t_serveropenraw(ent
, tce
)
50 struct t_confent
* tce
;
53 unsigned char buf1
[SHA_DIGESTSIZE
], buf2
[SHA_DIGESTSIZE
];
57 if((ts
= malloc(sizeof(struct t_server
))) == 0)
60 SHA1Init(&ts
->ckhash
);
62 ts
->index
= ent
->index
;
63 ts
->n
.len
= tce
->modulus
.len
;
64 ts
->n
.data
= ts
->nbuf
;
65 memcpy(ts
->n
.data
, tce
->modulus
.data
, ts
->n
.len
);
68 SHA1Update(&ctxt
, ts
->n
.data
, ts
->n
.len
);
69 SHA1Final(buf1
, &ctxt
);
71 ts
->g
.len
= tce
->generator
.len
;
72 ts
->g
.data
= ts
->gbuf
;
73 memcpy(ts
->g
.data
, tce
->generator
.data
, ts
->g
.len
);
76 SHA1Update(&ctxt
, ts
->g
.data
, ts
->g
.len
);
77 SHA1Final(buf2
, &ctxt
);
79 for(i
= 0; i
< sizeof(buf1
); ++i
)
82 SHA1Update(&ts
->ckhash
, buf1
, sizeof(buf1
));
85 SHA1Update(&ctxt
, ent
->name
, strlen(ent
->name
));
86 SHA1Final(buf1
, &ctxt
);
88 SHA1Update(&ts
->ckhash
, buf1
, sizeof(buf1
));
90 ts
->v
.len
= ent
->password
.len
;
91 ts
->v
.data
= ts
->vbuf
;
92 memcpy(ts
->v
.data
, ent
->password
.data
, ts
->v
.len
);
94 ts
->s
.len
= ent
->salt
.len
;
95 ts
->s
.data
= ts
->saltbuf
;
96 memcpy(ts
->s
.data
, ent
->salt
.data
, ts
->s
.len
);
98 SHA1Update(&ts
->ckhash
, ts
->s
.data
, ts
->s
.len
);
100 ts
->b
.data
= ts
->bbuf
;
101 ts
->B
.data
= ts
->Bbuf
;
104 SHA1Init(&ts
->oldhash
);
105 SHA1Init(&ts
->oldckhash
);
110 _TYPE( struct t_num
* )
112 struct t_server
* ts
;
114 BigInteger b
, B
, v
, n
, g
;
117 ts
->b
.len
= ts
->n
.len
;
121 t_random(ts
->b
.data
, ts
->b
.len
);
122 b
= BigIntegerFromBytes(ts
->b
.data
, ts
->b
.len
);
123 n
= BigIntegerFromBytes(ts
->n
.data
, ts
->n
.len
);
124 g
= BigIntegerFromBytes(ts
->g
.data
, ts
->g
.len
);
125 B
= BigIntegerFromInt(0);
126 BigIntegerModExp(B
, g
, b
, n
);
128 v
= BigIntegerFromBytes(ts
->v
.data
, ts
->v
.len
);
129 BigIntegerAdd(B
, B
, v
);
130 if(BigIntegerCmp(B
, n
) > 0)
131 BigIntegerSub(B
, B
, n
);
133 ts
->B
.len
= BigIntegerToBytes(B
, ts
->B
.data
);
141 SHA1Update(&ts
->oldckhash
, ts
->B
.data
, ts
->B
.len
);
146 _TYPE( unsigned char * )
147 t_servergetkey(ts
, clientval
)
148 struct t_server
* ts
;
149 struct t_num
* clientval
;
151 BigInteger n
, v
, A
, b
, prod
, res
, S
;
153 unsigned char sbuf
[MAXPARAMLEN
];
154 unsigned char dig
[SHA_DIGESTSIZE
];
158 SHA1Update(&ts
->ckhash
, clientval
->data
, clientval
->len
);
159 SHA1Update(&ts
->ckhash
, ts
->B
.data
, ts
->B
.len
);
162 SHA1Update(&ctxt
, ts
->B
.data
, ts
->B
.len
);
163 SHA1Final(dig
, &ctxt
);
164 u
= (dig
[0] << 24) | (dig
[1] << 16) | (dig
[2] << 8) | dig
[3];
166 SHA1Update(&ts
->oldhash
, clientval
->data
, clientval
->len
);
167 SHA1Update(&ts
->hash
, clientval
->data
, clientval
->len
);
169 n
= BigIntegerFromBytes(ts
->n
.data
, ts
->n
.len
);
170 b
= BigIntegerFromBytes(ts
->b
.data
, ts
->b
.len
);
171 v
= BigIntegerFromBytes(ts
->v
.data
, ts
->v
.len
);
172 A
= BigIntegerFromBytes(clientval
->data
, clientval
->len
);
174 prod
= BigIntegerFromInt(0);
175 BigIntegerModExpInt(prod
, v
, u
, n
);
176 res
= BigIntegerFromInt(0);
177 BigIntegerModMul(res
, prod
, A
, n
);
181 BigIntegerFree(prod
);
183 if(BigIntegerCmpInt(res
, 1) <= 0) { /* Check for Av^u == 1 (mod n) */
190 S
= BigIntegerFromInt(0);
192 BigIntegerAddInt(S
, res
, 1);
193 if(BigIntegerCmp(S
, n
) == 0) { /* Check for Av^u == -1 (mod n) */
201 BigIntegerModExp(S
, res
, b
, n
);
202 slen
= BigIntegerToBytes(S
, sbuf
);
209 t_sessionkey(ts
->session_key
, sbuf
, slen
);
210 memset(sbuf
, 0, slen
);
212 SHA1Update(&ts
->oldhash
, ts
->session_key
, sizeof(ts
->session_key
));
213 SHA1Update(&ts
->oldckhash
, ts
->session_key
, sizeof(ts
->session_key
));
214 SHA1Update(&ts
->ckhash
, ts
->session_key
, sizeof(ts
->session_key
));
216 return ts
->session_key
;
220 t_serververify(ts
, resp
)
221 struct t_server
* ts
;
222 unsigned char * resp
;
224 unsigned char expected
[SHA_DIGESTSIZE
];
227 SHA1Final(expected
, &ts
->oldckhash
);
228 i
= memcmp(expected
, resp
, sizeof(expected
));
230 SHA1Final(ts
->session_response
, &ts
->oldhash
);
233 SHA1Final(expected
, &ts
->ckhash
);
234 i
= memcmp(expected
, resp
, sizeof(expected
));
236 SHA1Update(&ts
->hash
, expected
, sizeof(expected
));
237 SHA1Update(&ts
->hash
, ts
->session_key
, sizeof(ts
->session_key
));
238 SHA1Final(ts
->session_response
, &ts
->hash
);
243 _TYPE( unsigned char * )
245 struct t_server
* ts
;
247 return ts
->session_response
;
252 struct t_server
* ts
;
254 memset(ts
->bbuf
, 0, sizeof(ts
->bbuf
));
255 memset(ts
->vbuf
, 0, sizeof(ts
->vbuf
));
256 memset(ts
->saltbuf
, 0, sizeof(ts
->saltbuf
));
257 memset(ts
->session_key
, 0, sizeof(ts
->session_key
));
This page took 0.070959 seconds and 5 git commands to generate.