2 * Copyright (c) 1997-1999 The Stanford SRP Authentication Project
5 * Permission is hereby granted, free of charge, to any person obtaining
6 * a copy of this software and associated documentation files (the
7 * "Software"), to deal in the Software without restriction, including
8 * without limitation the rights to use, copy, modify, merge, publish,
9 * distribute, sublicense, and/or sell copies of the Software, and to
10 * permit persons to whom the Software is furnished to do so, subject to
11 * the following conditions:
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
18 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
20 * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
21 * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
22 * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
23 * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
24 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
26 * In addition, the following conditions apply:
28 * 1. Any software that incorporates the SRP authentication technology
29 * must display the following acknowlegment:
30 * "This product uses the 'Secure Remote Password' cryptographic
31 * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
33 * 2. Any software that incorporates all or part of the SRP distribution
34 * itself must also display the following acknowledgment:
35 * "This product includes software developed by Tom Wu and Eugene
36 * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
38 * 3. Redistributions in source or binary form must retain an intact copy
39 * of this copyright notice and list of conditions.
46 #if defined (__STDC__) || defined (__cplusplus)
53 /* For building dynamic link libraries under windows, windows NT
54 * using MSVC1.5 or MSVC2.0
60 #ifdef MSVC15 /* MSVC1.5 support for 16 bit apps */
61 #define _MSVC15EXPORT _export
63 #define _DLLAPI _export _pascal
64 #define _TYPE(a) a _MSVC15EXPORT
69 #define _MSVC20EXPORT _declspec(dllexport)
71 #define _TYPE(a) _MSVC20EXPORT a
74 #else /* Default, non-dll. Use this for Unix or DOS */
75 #define _MSVC15DEXPORT
82 #define MAXPARAMBITS 2048
83 #define MAXPARAMLEN ((MAXPARAMBITS + 7) / 8)
84 #define MAXB64PARAMLEN ((MAXPARAMBITS + 5) / 6 + 1)
85 #define MAXHEXPARAMLEN ((MAXPARAMBITS + 3) / 4 + 1)
86 #define MAXOCTPARAMLEN ((MAXPARAMBITS + 2) / 3 + 1)
90 #define MAXB64SALTLEN 44 /* 256 bits in b64 + null */
91 #define SALTLEN 10 /* Normally 80 bits */
93 #define RESPONSE_LEN 20 /* 160-bit proof hashes */
94 #define SESSION_KEY_LEN (2 * RESPONSE_LEN) /* 320-bit session key */
96 #define DEFAULT_PASSWD "tpasswd"
98 struct t_num
{ /* Standard byte-oriented integer representation */
100 unsigned char * data
;
103 struct t_preconf
{ /* Structure returned by t_getpreparam() */
108 struct t_num modulus
;
109 struct t_num generator
;
113 * The built-in (known good) parameters access routines
115 * "t_getprecount" returns the number of precompiled parameter sets.
116 * "t_getpreparam" returns the indicated parameter set.
117 * Memory is statically allocated - callers need not perform any memory mgmt.
119 _TYPE( int ) t_getprecount();
120 _TYPE( struct t_preconf
* ) t_getpreparam
P((int));
122 struct t_confent
{ /* One configuration file entry (index, N, g) */
124 struct t_num modulus
;
125 struct t_num generator
;
128 struct t_conf
{ /* An open configuration file */
131 unsigned char modbuf
[MAXPARAMLEN
];
132 unsigned char genbuf
[MAXPARAMLEN
];
133 struct t_confent tcbuf
;
137 * The configuration file routines are designed along the lines of the
138 * "getpw" functions in the standard C library.
140 * "t_openconf" accepts a stdio stream and interprets it as a config file.
141 * "t_openconfbyname" accepts a filename and does the same thing.
142 * "t_closeconf" closes the config file.
143 * "t_getconfent" fetches the next sequential configuration entry.
144 * "t_getconfbyindex" fetches the configuration entry whose index
145 * matches the one supplied, or NULL if one can't be found.
146 * "t_getconflast" fetches the last configuration entry in the file.
147 * "t_makeconfent" generates a set of configuration entry parameters
149 * "t_newconfent" returns an empty configuration entry.
150 * "t_cmpconfent" compares two configuration entries a la strcmp.
151 * "t_checkconfent" verifies that a set of configuration parameters
152 * are suitable. N must be prime and should be a safe prime.
153 * "t_putconfent" writes a configuration entry to a stream.
155 _TYPE( struct t_conf
* ) t_openconf
P((FILE *));
156 _TYPE( struct t_conf
* ) t_openconfbyname
P((const char *));
157 _TYPE( void ) t_closeconf
P((struct t_conf
*));
158 _TYPE( void ) t_rewindconf
P((struct t_conf
*));
159 _TYPE( struct t_confent
* ) t_getconfent
P((struct t_conf
*));
160 _TYPE( struct t_confent
* ) t_getconfbyindex
P((struct t_conf
*, int));
161 _TYPE( struct t_confent
* ) t_getconflast
P((struct t_conf
*));
162 _TYPE( struct t_confent
* ) t_makeconfent
P((struct t_conf
*, int));
163 _TYPE( struct t_confent
* ) t_makeconfent_c
P((struct t_conf
*, int));
164 _TYPE( struct t_confent
* ) t_newconfent
P((struct t_conf
*));
165 _TYPE( int ) t_cmpconfent
P((const struct t_confent
*, const struct t_confent
*));
166 _TYPE( int ) t_checkconfent
P((const struct t_confent
*));
167 _TYPE( void ) t_putconfent
P((const struct t_confent
*, FILE *));
169 /* libc-style system conf file access */
170 _TYPE( struct t_confent
*) gettcent();
171 _TYPE( struct t_confent
*) gettcid
P((int));
172 _TYPE( void ) settcent();
173 _TYPE( void ) endtcent();
176 extern struct t_confent
* _gettcent();
177 extern struct t_confent
* _gettcid
P((int));
178 extern void _settcent();
179 extern void _endtcent();
182 /* A hack to support '+'-style entries in the passwd file */
184 typedef enum fstate
{
185 FILE_ONLY
, /* Ordinary file, don't consult NIS ever */
186 FILE_NIS
, /* Currently accessing file, use NIS if encountered */
187 IN_NIS
, /* Currently in a '+' entry; use NIS for getXXent */
190 struct t_pwent
{ /* A single password file entry */
192 struct t_num password
;
197 struct t_pw
{ /* An open password file */
201 char userbuf
[MAXUSERLEN
];
202 unsigned char pwbuf
[MAXPARAMLEN
];
203 unsigned char saltbuf
[SALTLEN
];
204 struct t_pwent pebuf
;
208 * The password manipulation routines are patterned after the getpw*
209 * standard C library function calls.
211 * "t_openpw" reads a stream as if it were a password file.
212 * "t_openpwbyname" opens the named file as a password file.
213 * "t_closepw" closes an open password file.
214 * "t_rewindpw" starts the internal file pointer from the beginning
215 * of the password file.
216 * "t_getpwent" retrieves the next sequential password entry.
217 * "t_getpwbyname" looks up the password entry corresponding to the
219 * "t_makepwent" constructs a password entry from a username, password,
220 * numeric salt, and configuration entry.
221 * "t_putpwent" writes a password entry to a stream.
223 _TYPE( struct t_pw
* ) t_openpw
P((FILE *));
224 _TYPE( struct t_pw
* ) t_openpwbyname
P((const char *));
225 _TYPE( void ) t_closepw
P((struct t_pw
*));
226 _TYPE( void ) t_rewindpw
P((struct t_pw
*));
227 _TYPE( struct t_pwent
* ) t_getpwent
P((struct t_pw
*));
228 _TYPE( struct t_pwent
* ) t_getpwbyname
P((struct t_pw
*, const char *));
229 _TYPE( struct t_pwent
* ) t_makepwent
P((struct t_pw
*, const char *,
230 const char *, const struct t_num
*,
231 const struct t_confent
*));
232 _TYPE( void ) t_putpwent
P((const struct t_pwent
*, FILE *));
239 /* libc-style system password file access */
240 _TYPE( struct t_passwd
* ) gettpent();
241 _TYPE( struct t_passwd
* ) gettpnam
P((const char *));
242 _TYPE( void ) settpent();
243 _TYPE( void ) endtpent();
246 extern struct t_passwd
* _gettpent();
247 extern struct t_passwd
* _gettpnam
P((const char *));
248 extern void _settpent();
249 extern void _endtpent();
255 * "t_verifypw" accepts a username and password, and checks against the
256 * system password file to see if the password for that user is correct.
257 * Returns > 0 if it is correct, 0 if not, and -1 if some error occurred
258 * (i.e. the user doesn't exist on the system). This is intended ONLY
259 * for local authentication; for remote authentication, look at the
260 * t_client and t_server source. (That's the whole point of SRP!)
261 * "t_changepw" modifies the specified file, substituting the given password
262 * entry for the one already in the file. If no matching entry is found,
263 * the new entry is simply appended to the file.
264 * "t_deletepw" removes the specified user from the specified file.
266 _TYPE( int ) t_verifypw
P((const char *, const char *));
267 _TYPE( int ) t_changepw
P((const char *, const struct t_pwent
*));
268 _TYPE( int ) t_deletepw
P((const char *, const char *));
270 /* Conversion utilities */
273 * All these calls accept output as the first parameter. In the case of
274 * t_tohex and t_tob64, the last argument is the length of the byte-string
277 _TYPE( char * t_tohex
) P((char *, char *, unsigned));
278 _TYPE( int ) t_fromhex
P((char *, char *));
279 _TYPE( char * ) t_tob64
P((char *, char *, unsigned));
280 _TYPE( int ) t_fromb64
P((char *, char *));
282 /* Miscellaneous utilities */
285 * "t_random" is a cryptographic random number generator, which is seeded
286 * from various high-entropy sources and uses a one-way hash function
287 * in a feedback configuration.
288 * "t_sessionkey" is the interleaved hash used to generate session keys
289 * from a large integer.
290 * "t_getpass" reads a password from the terminal without echoing.
292 _TYPE( void ) t_random
P((unsigned char *, unsigned));
293 _TYPE( void ) t_stronginitrand();
294 _TYPE( unsigned char * )
295 t_sessionkey
P((unsigned char *, unsigned char *, unsigned));
296 _TYPE( int ) t_getpass
P((char *, unsigned, const char *));
299 * Return value of t_checkprime:
301 * = 0 : prime, but not safe
304 #define NUM_NOTPRIME -1
305 #define NUM_NOTSAFE 0
308 _TYPE( int ) t_checkprime
P((const struct t_num
*));
This page took 0.058296 seconds and 5 git commands to generate.