add me as a maintainer for a few other packages
[openwrt.git] / package / ead / src / tinysrp / t_client.c
1 /*
2 * Copyright (c) 1997-1999 The Stanford SRP Authentication Project
3 * All Rights Reserved.
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining
6 * a copy of this software and associated documentation files (the
7 * "Software"), to deal in the Software without restriction, including
8 * without limitation the rights to use, copy, modify, merge, publish,
9 * distribute, sublicense, and/or sell copies of the Software, and to
10 * permit persons to whom the Software is furnished to do so, subject to
11 * the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
18 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
19 *
20 * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
21 * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
22 * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
23 * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
24 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
25 *
26 * In addition, the following conditions apply:
27 *
28 * 1. Any software that incorporates the SRP authentication technology
29 * must display the following acknowlegment:
30 * "This product uses the 'Secure Remote Password' cryptographic
31 * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
32 *
33 * 2. Any software that incorporates all or part of the SRP distribution
34 * itself must also display the following acknowledgment:
35 * "This product includes software developed by Tom Wu and Eugene
36 * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
37 *
38 * 3. Redistributions in source or binary form must retain an intact copy
39 * of this copyright notice and list of conditions.
40 */
41
42 #include <stdio.h>
43 #include "t_defines.h"
44 #include "t_pwd.h"
45 #include "t_client.h"
46 #include "t_sha.h"
47
48 _TYPE( struct t_client * )
49 t_clientopen(u, n, g, s)
50 const char * u;
51 struct t_num * n;
52 struct t_num * g;
53 struct t_num * s;
54 {
55 struct t_client * tc;
56 unsigned char buf1[SHA_DIGESTSIZE], buf2[SHA_DIGESTSIZE];
57 SHA1_CTX ctxt;
58 int i, validated;
59 struct t_preconf * tpc;
60
61 BigInteger nn, gg, n12, r;
62
63 validated = 0;
64 if(n->len < MIN_MOD_BYTES)
65 return 0;
66 for(i = 0; i < t_getprecount(); ++i) {
67 tpc = t_getpreparam(i);
68 if(tpc->modulus.len == n->len && tpc->generator.len == g->len &&
69 memcmp(tpc->modulus.data, n->data, n->len) == 0 &&
70 memcmp(tpc->generator.data, g->data, g->len) == 0) {
71 validated = 1; /* Match found, done */
72 break;
73 }
74 }
75
76 if(validated == 0)
77 return 0;
78
79 if((tc = malloc(sizeof(struct t_client))) == 0)
80 return 0;
81
82 strncpy(tc->username, u, MAXUSERLEN);
83
84 SHA1Init(&tc->hash);
85
86 tc->n.len = n->len;
87 tc->n.data = tc->nbuf;
88 memcpy(tc->n.data, n->data, tc->n.len);
89
90 SHA1Init(&ctxt);
91 SHA1Update(&ctxt, tc->n.data, tc->n.len);
92 SHA1Final(buf1, &ctxt);
93
94 tc->g.len = g->len;
95 tc->g.data = tc->gbuf;
96 memcpy(tc->g.data, g->data, tc->g.len);
97
98 SHA1Init(&ctxt);
99 SHA1Update(&ctxt, tc->g.data, tc->g.len);
100 SHA1Final(buf2, &ctxt);
101
102 for(i = 0; i < sizeof(buf1); ++i)
103 buf1[i] ^= buf2[i];
104
105 SHA1Update(&tc->hash, buf1, sizeof(buf1));
106
107 SHA1Init(&ctxt);
108 SHA1Update(&ctxt, tc->username, strlen(tc->username));
109 SHA1Final(buf1, &ctxt);
110
111 SHA1Update(&tc->hash, buf1, sizeof(buf1));
112
113 tc->s.len = s->len;
114 tc->s.data = tc->sbuf;
115 memcpy(tc->s.data, s->data, tc->s.len);
116
117 SHA1Update(&tc->hash, tc->s.data, tc->s.len);
118
119 tc->a.data = tc->abuf;
120 tc->A.data = tc->Abuf;
121 tc->p.data = tc->pbuf;
122 tc->v.data = tc->vbuf;
123
124 SHA1Init(&tc->ckhash);
125
126 return tc;
127 }
128
129 _TYPE( struct t_num * )
130 t_clientgenexp(tc)
131 struct t_client * tc;
132 {
133 BigInteger a, A, n, g;
134
135 if(tc->n.len < ALEN)
136 tc->a.len = tc->n.len;
137 else
138 tc->a.len = ALEN;
139
140 t_random(tc->a.data, tc->a.len);
141 a = BigIntegerFromBytes(tc->a.data, tc->a.len);
142 n = BigIntegerFromBytes(tc->n.data, tc->n.len);
143 g = BigIntegerFromBytes(tc->g.data, tc->g.len);
144 A = BigIntegerFromInt(0);
145 BigIntegerModExp(A, g, a, n);
146 tc->A.len = BigIntegerToBytes(A, tc->A.data);
147
148 BigIntegerFree(A);
149 BigIntegerFree(a);
150 BigIntegerFree(g);
151 BigIntegerFree(n);
152
153 SHA1Update(&tc->hash, tc->A.data, tc->A.len);
154 SHA1Update(&tc->ckhash, tc->A.data, tc->A.len);
155
156 return &tc->A;
157 }
158
159 _TYPE( void )
160 t_clientpasswd(tc, password)
161 struct t_client * tc;
162 char * password;
163 {
164 BigInteger n, g, p, v;
165 SHA1_CTX ctxt;
166 unsigned char dig[SHA_DIGESTSIZE];
167
168 n = BigIntegerFromBytes(tc->n.data, tc->n.len);
169 g = BigIntegerFromBytes(tc->g.data, tc->g.len);
170
171 SHA1Init(&ctxt);
172 SHA1Update(&ctxt, tc->username, strlen(tc->username));
173 SHA1Update(&ctxt, ":", 1);
174 SHA1Update(&ctxt, password, strlen(password));
175 SHA1Final(dig, &ctxt);
176
177 SHA1Init(&ctxt);
178 SHA1Update(&ctxt, tc->s.data, tc->s.len);
179 SHA1Update(&ctxt, dig, sizeof(dig));
180 SHA1Final(dig, &ctxt);
181
182 p = BigIntegerFromBytes(dig, sizeof(dig));
183
184 v = BigIntegerFromInt(0);
185 BigIntegerModExp(v, g, p, n);
186
187 tc->p.len = BigIntegerToBytes(p, tc->p.data);
188 BigIntegerFree(p);
189
190 tc->v.len = BigIntegerToBytes(v, tc->v.data);
191 BigIntegerFree(v);
192 }
193
194 _TYPE( unsigned char * )
195 t_clientgetkey(tc, serverval)
196 struct t_client * tc;
197 struct t_num * serverval;
198 {
199 BigInteger n, B, v, p, a, sum, S;
200 unsigned char sbuf[MAXPARAMLEN];
201 unsigned char dig[SHA_DIGESTSIZE];
202 unsigned slen;
203 unsigned int u;
204 SHA1_CTX ctxt;
205
206 SHA1Init(&ctxt);
207 SHA1Update(&ctxt, serverval->data, serverval->len);
208 SHA1Final(dig, &ctxt);
209 u = (dig[0] << 24) | (dig[1] << 16) | (dig[2] << 8) | dig[3];
210 if(u == 0)
211 return NULL;
212
213 SHA1Update(&tc->hash, serverval->data, serverval->len);
214
215 B = BigIntegerFromBytes(serverval->data, serverval->len);
216 n = BigIntegerFromBytes(tc->n.data, tc->n.len);
217
218 if(BigIntegerCmp(B, n) >= 0 || BigIntegerCmpInt(B, 0) == 0) {
219 BigIntegerFree(B);
220 BigIntegerFree(n);
221 return NULL;
222 }
223 v = BigIntegerFromBytes(tc->v.data, tc->v.len);
224 if(BigIntegerCmp(B, v) < 0)
225 BigIntegerAdd(B, B, n);
226 BigIntegerSub(B, B, v);
227 BigIntegerFree(v);
228
229 a = BigIntegerFromBytes(tc->a.data, tc->a.len);
230 p = BigIntegerFromBytes(tc->p.data, tc->p.len);
231
232 sum = BigIntegerFromInt(0);
233 BigIntegerMulInt(sum, p, u);
234 BigIntegerAdd(sum, sum, a);
235
236 BigIntegerFree(p);
237 BigIntegerFree(a);
238
239 S = BigIntegerFromInt(0);
240 BigIntegerModExp(S, B, sum, n);
241 slen = BigIntegerToBytes(S, sbuf);
242
243 BigIntegerFree(S);
244 BigIntegerFree(sum);
245 BigIntegerFree(B);
246 BigIntegerFree(n);
247
248 t_sessionkey(tc->session_key, sbuf, slen);
249 memset(sbuf, 0, slen);
250
251 SHA1Update(&tc->hash, tc->session_key, sizeof(tc->session_key));
252
253 SHA1Final(tc->session_response, &tc->hash);
254 SHA1Update(&tc->ckhash, tc->session_response, sizeof(tc->session_response));
255 SHA1Update(&tc->ckhash, tc->session_key, sizeof(tc->session_key));
256
257 return tc->session_key;
258 }
259
260 _TYPE( int )
261 t_clientverify(tc, resp)
262 struct t_client * tc;
263 unsigned char * resp;
264 {
265 unsigned char expected[SHA_DIGESTSIZE];
266
267 SHA1Final(expected, &tc->ckhash);
268 return memcmp(expected, resp, sizeof(expected));
269 }
270
271 _TYPE( unsigned char * )
272 t_clientresponse(tc)
273 struct t_client * tc;
274 {
275 return tc->session_response;
276 }
277
278 _TYPE( void )
279 t_clientclose(tc)
280 struct t_client * tc;
281 {
282 memset(tc->abuf, 0, sizeof(tc->abuf));
283 memset(tc->pbuf, 0, sizeof(tc->pbuf));
284 memset(tc->vbuf, 0, sizeof(tc->vbuf));
285 memset(tc->session_key, 0, sizeof(tc->session_key));
286 free(tc);
287 }
This page took 0.075009 seconds and 5 git commands to generate.