diff options
author | djm <> | 2012-10-13 21:23:57 +0000 |
---|---|---|
committer | djm <> | 2012-10-13 21:23:57 +0000 |
commit | 5bb3399db864c8865e0df73bd1564407bac5d182 (patch) | |
tree | 51d00d308f46148b4b341133936e44706703ad8b /src/lib/libcrypto/srp | |
parent | 7aa3571aba92d82f8dd3caabe48fad636f05a0fd (diff) | |
download | openbsd-5bb3399db864c8865e0df73bd1564407bac5d182.tar.gz openbsd-5bb3399db864c8865e0df73bd1564407bac5d182.tar.bz2 openbsd-5bb3399db864c8865e0df73bd1564407bac5d182.zip |
import OpenSSL-1.0.1c
Diffstat (limited to 'src/lib/libcrypto/srp')
-rw-r--r-- | src/lib/libcrypto/srp/Makefile | 98 | ||||
-rw-r--r-- | src/lib/libcrypto/srp/srp.h | 172 | ||||
-rw-r--r-- | src/lib/libcrypto/srp/srp_grps.h | 517 | ||||
-rw-r--r-- | src/lib/libcrypto/srp/srp_lcl.h | 83 | ||||
-rw-r--r-- | src/lib/libcrypto/srp/srp_lib.c | 357 | ||||
-rw-r--r-- | src/lib/libcrypto/srp/srp_vfy.c | 657 | ||||
-rw-r--r-- | src/lib/libcrypto/srp/srptest.c | 162 |
7 files changed, 2046 insertions, 0 deletions
diff --git a/src/lib/libcrypto/srp/Makefile b/src/lib/libcrypto/srp/Makefile new file mode 100644 index 0000000000..41859d46fa --- /dev/null +++ b/src/lib/libcrypto/srp/Makefile | |||
@@ -0,0 +1,98 @@ | |||
1 | DIR= srp | ||
2 | TOP= ../.. | ||
3 | CC= cc | ||
4 | INCLUDES= -I.. -I$(TOP) -I../../include | ||
5 | CFLAG=-g | ||
6 | INSTALL_PREFIX= | ||
7 | OPENSSLDIR= /usr/local/ssl | ||
8 | INSTALLTOP=/usr/local/ssl | ||
9 | MAKE= make -f Makefile.ssl | ||
10 | MAKEDEPPROG= makedepend | ||
11 | MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) | ||
12 | MAKEFILE= Makefile.ssl | ||
13 | AR= ar r | ||
14 | |||
15 | CFLAGS= $(INCLUDES) $(CFLAG) | ||
16 | |||
17 | GENERAL=Makefile | ||
18 | TEST=srptest.c | ||
19 | APPS= | ||
20 | |||
21 | LIB=$(TOP)/libcrypto.a | ||
22 | LIBSRC=srp_lib.c srp_vfy.c | ||
23 | LIBOBJ=srp_lib.o srp_vfy.o | ||
24 | |||
25 | SRC= $(LIBSRC) | ||
26 | |||
27 | EXHEADER= srp.h | ||
28 | HEADER= $(EXHEADER) | ||
29 | |||
30 | top: | ||
31 | (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) | ||
32 | |||
33 | all: lib | ||
34 | |||
35 | lib: $(LIBOBJ) | ||
36 | $(AR) $(LIB) $(LIBOBJ) | ||
37 | $(RANLIB) $(LIB) || echo Never mind. | ||
38 | @touch lib | ||
39 | |||
40 | links: | ||
41 | @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) | ||
42 | @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) | ||
43 | @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) | ||
44 | |||
45 | install: | ||
46 | @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... | ||
47 | @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ | ||
48 | do \ | ||
49 | (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ | ||
50 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ | ||
51 | done; | ||
52 | |||
53 | tags: | ||
54 | ctags $(SRC) | ||
55 | |||
56 | tests: | ||
57 | |||
58 | srptest: top srptest.c $(LIB) | ||
59 | $(CC) $(CFLAGS) -Wall -Werror -g -o srptest srptest.c $(LIB) | ||
60 | |||
61 | lint: | ||
62 | lint -DLINT $(INCLUDES) $(SRC)>fluff | ||
63 | |||
64 | depend: | ||
65 | $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) | ||
66 | |||
67 | dclean: | ||
68 | $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new | ||
69 | mv -f Makefile.new $(MAKEFILE) | ||
70 | |||
71 | clean: | ||
72 | rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff | ||
73 | |||
74 | # DO NOT DELETE THIS LINE -- make depend depends on it. | ||
75 | |||
76 | srp_lib.o: ../../e_os.h ../../include/openssl/asn1.h | ||
77 | srp_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h | ||
78 | srp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h | ||
79 | srp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | ||
80 | srp_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
81 | srp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
82 | srp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
83 | srp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h | ||
84 | srp_lib.o: ../../include/openssl/sha.h ../../include/openssl/srp.h | ||
85 | srp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
86 | srp_lib.o: ../cryptlib.h srp_grps.h srp_lcl.h srp_lib.c | ||
87 | srp_vfy.o: ../../e_os.h ../../include/openssl/asn1.h | ||
88 | srp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/bn.h | ||
89 | srp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h | ||
90 | srp_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | ||
91 | srp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
92 | srp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
93 | srp_vfy.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
94 | srp_vfy.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h | ||
95 | srp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
96 | srp_vfy.o: ../../include/openssl/srp.h ../../include/openssl/stack.h | ||
97 | srp_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/txt_db.h | ||
98 | srp_vfy.o: ../cryptlib.h srp_lcl.h srp_vfy.c | ||
diff --git a/src/lib/libcrypto/srp/srp.h b/src/lib/libcrypto/srp/srp.h new file mode 100644 index 0000000000..7ec7825cad --- /dev/null +++ b/src/lib/libcrypto/srp/srp.h | |||
@@ -0,0 +1,172 @@ | |||
1 | /* crypto/srp/srp.h */ | ||
2 | /* Written by Christophe Renou (christophe.renou@edelweb.fr) with | ||
3 | * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) | ||
4 | * for the EdelKey project and contributed to the OpenSSL project 2004. | ||
5 | */ | ||
6 | /* ==================================================================== | ||
7 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
8 | * | ||
9 | * Redistribution and use in source and binary forms, with or without | ||
10 | * modification, are permitted provided that the following conditions | ||
11 | * are met: | ||
12 | * | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in | ||
18 | * the documentation and/or other materials provided with the | ||
19 | * distribution. | ||
20 | * | ||
21 | * 3. All advertising materials mentioning features or use of this | ||
22 | * software must display the following acknowledgment: | ||
23 | * "This product includes software developed by the OpenSSL Project | ||
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
25 | * | ||
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
27 | * endorse or promote products derived from this software without | ||
28 | * prior written permission. For written permission, please contact | ||
29 | * licensing@OpenSSL.org. | ||
30 | * | ||
31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
32 | * nor may "OpenSSL" appear in their names without prior written | ||
33 | * permission of the OpenSSL Project. | ||
34 | * | ||
35 | * 6. Redistributions of any form whatsoever must retain the following | ||
36 | * acknowledgment: | ||
37 | * "This product includes software developed by the OpenSSL Project | ||
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
39 | * | ||
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
52 | * ==================================================================== | ||
53 | * | ||
54 | * This product includes cryptographic software written by Eric Young | ||
55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
56 | * Hudson (tjh@cryptsoft.com). | ||
57 | * | ||
58 | */ | ||
59 | #ifndef __SRP_H__ | ||
60 | #define __SRP_H__ | ||
61 | |||
62 | #ifndef OPENSSL_NO_SRP | ||
63 | |||
64 | #include <stdio.h> | ||
65 | #include <string.h> | ||
66 | |||
67 | #ifdef __cplusplus | ||
68 | extern "C" { | ||
69 | #endif | ||
70 | |||
71 | #include <openssl/safestack.h> | ||
72 | #include <openssl/bn.h> | ||
73 | #include <openssl/crypto.h> | ||
74 | |||
75 | typedef struct SRP_gN_cache_st | ||
76 | { | ||
77 | char *b64_bn; | ||
78 | BIGNUM *bn; | ||
79 | } SRP_gN_cache; | ||
80 | |||
81 | |||
82 | DECLARE_STACK_OF(SRP_gN_cache) | ||
83 | |||
84 | typedef struct SRP_user_pwd_st | ||
85 | { | ||
86 | char *id; | ||
87 | BIGNUM *s; | ||
88 | BIGNUM *v; | ||
89 | const BIGNUM *g; | ||
90 | const BIGNUM *N; | ||
91 | char *info; | ||
92 | } SRP_user_pwd; | ||
93 | |||
94 | DECLARE_STACK_OF(SRP_user_pwd) | ||
95 | |||
96 | typedef struct SRP_VBASE_st | ||
97 | { | ||
98 | STACK_OF(SRP_user_pwd) *users_pwd; | ||
99 | STACK_OF(SRP_gN_cache) *gN_cache; | ||
100 | /* to simulate a user */ | ||
101 | char *seed_key; | ||
102 | BIGNUM *default_g; | ||
103 | BIGNUM *default_N; | ||
104 | } SRP_VBASE; | ||
105 | |||
106 | |||
107 | /*Structure interne pour retenir les couples N et g*/ | ||
108 | typedef struct SRP_gN_st | ||
109 | { | ||
110 | char *id; | ||
111 | BIGNUM *g; | ||
112 | BIGNUM *N; | ||
113 | } SRP_gN; | ||
114 | |||
115 | DECLARE_STACK_OF(SRP_gN) | ||
116 | |||
117 | SRP_VBASE *SRP_VBASE_new(char *seed_key); | ||
118 | int SRP_VBASE_free(SRP_VBASE *vb); | ||
119 | int SRP_VBASE_init(SRP_VBASE *vb, char * verifier_file); | ||
120 | SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); | ||
121 | char *SRP_create_verifier(const char *user, const char *pass, char **salt, | ||
122 | char **verifier, const char *N, const char *g); | ||
123 | int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, BIGNUM *N, BIGNUM *g); | ||
124 | |||
125 | |||
126 | #define SRP_NO_ERROR 0 | ||
127 | #define SRP_ERR_VBASE_INCOMPLETE_FILE 1 | ||
128 | #define SRP_ERR_VBASE_BN_LIB 2 | ||
129 | #define SRP_ERR_OPEN_FILE 3 | ||
130 | #define SRP_ERR_MEMORY 4 | ||
131 | |||
132 | #define DB_srptype 0 | ||
133 | #define DB_srpverifier 1 | ||
134 | #define DB_srpsalt 2 | ||
135 | #define DB_srpid 3 | ||
136 | #define DB_srpgN 4 | ||
137 | #define DB_srpinfo 5 | ||
138 | #undef DB_NUMBER | ||
139 | #define DB_NUMBER 6 | ||
140 | |||
141 | #define DB_SRP_INDEX 'I' | ||
142 | #define DB_SRP_VALID 'V' | ||
143 | #define DB_SRP_REVOKED 'R' | ||
144 | #define DB_SRP_MODIF 'v' | ||
145 | |||
146 | |||
147 | /* see srp.c */ | ||
148 | char * SRP_check_known_gN_param(BIGNUM* g, BIGNUM* N); | ||
149 | SRP_gN *SRP_get_default_gN(const char * id) ; | ||
150 | |||
151 | /* server side .... */ | ||
152 | BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM *N); | ||
153 | BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v); | ||
154 | int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N); | ||
155 | BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) ; | ||
156 | |||
157 | |||
158 | |||
159 | /* client side .... */ | ||
160 | BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass); | ||
161 | BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g); | ||
162 | BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM *a, BIGNUM *u); | ||
163 | int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N); | ||
164 | |||
165 | #define SRP_MINIMAL_N 1024 | ||
166 | |||
167 | #ifdef __cplusplus | ||
168 | } | ||
169 | #endif | ||
170 | |||
171 | #endif | ||
172 | #endif | ||
diff --git a/src/lib/libcrypto/srp/srp_grps.h b/src/lib/libcrypto/srp/srp_grps.h new file mode 100644 index 0000000000..d77c9fff4b --- /dev/null +++ b/src/lib/libcrypto/srp/srp_grps.h | |||
@@ -0,0 +1,517 @@ | |||
1 | /* start of generated data */ | ||
2 | |||
3 | static BN_ULONG bn_group_1024_value[] = { | ||
4 | bn_pack4(9FC6,1D2F,C0EB,06E3), | ||
5 | bn_pack4(FD51,38FE,8376,435B), | ||
6 | bn_pack4(2FD4,CBF4,976E,AA9A), | ||
7 | bn_pack4(68ED,BC3C,0572,6CC0), | ||
8 | bn_pack4(C529,F566,660E,57EC), | ||
9 | bn_pack4(8255,9B29,7BCF,1885), | ||
10 | bn_pack4(CE8E,F4AD,69B1,5D49), | ||
11 | bn_pack4(5DC7,D7B4,6154,D6B6), | ||
12 | bn_pack4(8E49,5C1D,6089,DAD1), | ||
13 | bn_pack4(E0D5,D8E2,50B9,8BE4), | ||
14 | bn_pack4(383B,4813,D692,C6E0), | ||
15 | bn_pack4(D674,DF74,96EA,81D3), | ||
16 | bn_pack4(9EA2,314C,9C25,6576), | ||
17 | bn_pack4(6072,6187,75FF,3C0B), | ||
18 | bn_pack4(9C33,F80A,FA8F,C5E8), | ||
19 | bn_pack4(EEAF,0AB9,ADB3,8DD6) | ||
20 | }; | ||
21 | static BIGNUM bn_group_1024 = { | ||
22 | bn_group_1024_value, | ||
23 | (sizeof bn_group_1024_value)/sizeof(BN_ULONG), | ||
24 | (sizeof bn_group_1024_value)/sizeof(BN_ULONG), | ||
25 | 0, | ||
26 | BN_FLG_STATIC_DATA | ||
27 | }; | ||
28 | |||
29 | static BN_ULONG bn_group_1536_value[] = { | ||
30 | bn_pack4(CF76,E3FE,D135,F9BB), | ||
31 | bn_pack4(1518,0F93,499A,234D), | ||
32 | bn_pack4(8CE7,A28C,2442,C6F3), | ||
33 | bn_pack4(5A02,1FFF,5E91,479E), | ||
34 | bn_pack4(7F8A,2FE9,B8B5,292E), | ||
35 | bn_pack4(837C,264A,E3A9,BEB8), | ||
36 | bn_pack4(E442,734A,F7CC,B7AE), | ||
37 | bn_pack4(6577,2E43,7D6C,7F8C), | ||
38 | bn_pack4(DB2F,D53D,24B7,C486), | ||
39 | bn_pack4(6EDF,0195,3934,9627), | ||
40 | bn_pack4(158B,FD3E,2B9C,8CF5), | ||
41 | bn_pack4(764E,3F4B,53DD,9DA1), | ||
42 | bn_pack4(4754,8381,DBC5,B1FC), | ||
43 | bn_pack4(9B60,9E0B,E3BA,B63D), | ||
44 | bn_pack4(8134,B1C8,B979,8914), | ||
45 | bn_pack4(DF02,8A7C,EC67,F0D0), | ||
46 | bn_pack4(80B6,55BB,9A22,E8DC), | ||
47 | bn_pack4(1558,903B,A0D0,F843), | ||
48 | bn_pack4(51C6,A94B,E460,7A29), | ||
49 | bn_pack4(5F4F,5F55,6E27,CBDE), | ||
50 | bn_pack4(BEEE,A961,4B19,CC4D), | ||
51 | bn_pack4(DBA5,1DF4,99AC,4C80), | ||
52 | bn_pack4(B1F1,2A86,17A4,7BBB), | ||
53 | bn_pack4(9DEF,3CAF,B939,277A) | ||
54 | }; | ||
55 | static BIGNUM bn_group_1536 = { | ||
56 | bn_group_1536_value, | ||
57 | (sizeof bn_group_1536_value)/sizeof(BN_ULONG), | ||
58 | (sizeof bn_group_1536_value)/sizeof(BN_ULONG), | ||
59 | 0, | ||
60 | BN_FLG_STATIC_DATA | ||
61 | }; | ||
62 | |||
63 | static BN_ULONG bn_group_2048_value[] = { | ||
64 | bn_pack4(0FA7,111F,9E4A,FF73), | ||
65 | bn_pack4(9B65,E372,FCD6,8EF2), | ||
66 | bn_pack4(35DE,236D,525F,5475), | ||
67 | bn_pack4(94B5,C803,D89F,7AE4), | ||
68 | bn_pack4(71AE,35F8,E9DB,FBB6), | ||
69 | bn_pack4(2A56,98F3,A8D0,C382), | ||
70 | bn_pack4(9CCC,041C,7BC3,08D8), | ||
71 | bn_pack4(AF87,4E73,03CE,5329), | ||
72 | bn_pack4(6160,2790,04E5,7AE6), | ||
73 | bn_pack4(032C,FBDB,F52F,B378), | ||
74 | bn_pack4(5EA7,7A27,75D2,ECFA), | ||
75 | bn_pack4(5445,23B5,24B0,D57D), | ||
76 | bn_pack4(5B9D,32E6,88F8,7748), | ||
77 | bn_pack4(F1D2,B907,8717,461A), | ||
78 | bn_pack4(76BD,207A,436C,6481), | ||
79 | bn_pack4(CA97,B43A,23FB,8016), | ||
80 | bn_pack4(1D28,1E44,6B14,773B), | ||
81 | bn_pack4(7359,D041,D5C3,3EA7), | ||
82 | bn_pack4(A80D,740A,DBF4,FF74), | ||
83 | bn_pack4(55F9,7993,EC97,5EEA), | ||
84 | bn_pack4(2918,A996,2F0B,93B8), | ||
85 | bn_pack4(661A,05FB,D5FA,AAE8), | ||
86 | bn_pack4(CF60,9517,9A16,3AB3), | ||
87 | bn_pack4(E808,3969,EDB7,67B0), | ||
88 | bn_pack4(CD7F,48A9,DA04,FD50), | ||
89 | bn_pack4(D523,12AB,4B03,310D), | ||
90 | bn_pack4(8193,E075,7767,A13D), | ||
91 | bn_pack4(A373,29CB,B4A0,99ED), | ||
92 | bn_pack4(FC31,9294,3DB5,6050), | ||
93 | bn_pack4(AF72,B665,1987,EE07), | ||
94 | bn_pack4(F166,DE5E,1389,582F), | ||
95 | bn_pack4(AC6B,DB41,324A,9A9B) | ||
96 | }; | ||
97 | static BIGNUM bn_group_2048 = { | ||
98 | bn_group_2048_value, | ||
99 | (sizeof bn_group_2048_value)/sizeof(BN_ULONG), | ||
100 | (sizeof bn_group_2048_value)/sizeof(BN_ULONG), | ||
101 | 0, | ||
102 | BN_FLG_STATIC_DATA | ||
103 | }; | ||
104 | |||
105 | static BN_ULONG bn_group_3072_value[] = { | ||
106 | bn_pack4(FFFF,FFFF,FFFF,FFFF), | ||
107 | bn_pack4(4B82,D120,A93A,D2CA), | ||
108 | bn_pack4(43DB,5BFC,E0FD,108E), | ||
109 | bn_pack4(08E2,4FA0,74E5,AB31), | ||
110 | bn_pack4(7709,88C0,BAD9,46E2), | ||
111 | bn_pack4(BBE1,1757,7A61,5D6C), | ||
112 | bn_pack4(521F,2B18,177B,200C), | ||
113 | bn_pack4(D876,0273,3EC8,6A64), | ||
114 | bn_pack4(F12F,FA06,D98A,0864), | ||
115 | bn_pack4(CEE3,D226,1AD2,EE6B), | ||
116 | bn_pack4(1E8C,94E0,4A25,619D), | ||
117 | bn_pack4(ABF5,AE8C,DB09,33D7), | ||
118 | bn_pack4(B397,0F85,A6E1,E4C7), | ||
119 | bn_pack4(8AEA,7157,5D06,0C7D), | ||
120 | bn_pack4(ECFB,8504,58DB,EF0A), | ||
121 | bn_pack4(A855,21AB,DF1C,BA64), | ||
122 | bn_pack4(AD33,170D,0450,7A33), | ||
123 | bn_pack4(1572,8E5A,8AAA,C42D), | ||
124 | bn_pack4(15D2,2618,98FA,0510), | ||
125 | bn_pack4(3995,497C,EA95,6AE5), | ||
126 | bn_pack4(DE2B,CBF6,9558,1718), | ||
127 | bn_pack4(B5C5,5DF0,6F4C,52C9), | ||
128 | bn_pack4(9B27,83A2,EC07,A28F), | ||
129 | bn_pack4(E39E,772C,180E,8603), | ||
130 | bn_pack4(3290,5E46,2E36,CE3B), | ||
131 | bn_pack4(F174,6C08,CA18,217C), | ||
132 | bn_pack4(670C,354E,4ABC,9804), | ||
133 | bn_pack4(9ED5,2907,7096,966D), | ||
134 | bn_pack4(1C62,F356,2085,52BB), | ||
135 | bn_pack4(8365,5D23,DCA3,AD96), | ||
136 | bn_pack4(6916,3FA8,FD24,CF5F), | ||
137 | bn_pack4(98DA,4836,1C55,D39A), | ||
138 | bn_pack4(C200,7CB8,A163,BF05), | ||
139 | bn_pack4(4928,6651,ECE4,5B3D), | ||
140 | bn_pack4(AE9F,2411,7C4B,1FE6), | ||
141 | bn_pack4(EE38,6BFB,5A89,9FA5), | ||
142 | bn_pack4(0BFF,5CB6,F406,B7ED), | ||
143 | bn_pack4(F44C,42E9,A637,ED6B), | ||
144 | bn_pack4(E485,B576,625E,7EC6), | ||
145 | bn_pack4(4FE1,356D,6D51,C245), | ||
146 | bn_pack4(302B,0A6D,F25F,1437), | ||
147 | bn_pack4(EF95,19B3,CD3A,431B), | ||
148 | bn_pack4(514A,0879,8E34,04DD), | ||
149 | bn_pack4(020B,BEA6,3B13,9B22), | ||
150 | bn_pack4(2902,4E08,8A67,CC74), | ||
151 | bn_pack4(C4C6,628B,80DC,1CD1), | ||
152 | bn_pack4(C90F,DAA2,2168,C234), | ||
153 | bn_pack4(FFFF,FFFF,FFFF,FFFF) | ||
154 | }; | ||
155 | static BIGNUM bn_group_3072 = { | ||
156 | bn_group_3072_value, | ||
157 | (sizeof bn_group_3072_value)/sizeof(BN_ULONG), | ||
158 | (sizeof bn_group_3072_value)/sizeof(BN_ULONG), | ||
159 | 0, | ||
160 | BN_FLG_STATIC_DATA | ||
161 | }; | ||
162 | |||
163 | static BN_ULONG bn_group_4096_value[] = { | ||
164 | bn_pack4(FFFF,FFFF,FFFF,FFFF), | ||
165 | bn_pack4(4DF4,35C9,3406,3199), | ||
166 | bn_pack4(86FF,B7DC,90A6,C08F), | ||
167 | bn_pack4(93B4,EA98,8D8F,DDC1), | ||
168 | bn_pack4(D006,9127,D5B0,5AA9), | ||
169 | bn_pack4(B81B,DD76,2170,481C), | ||
170 | bn_pack4(1F61,2970,CEE2,D7AF), | ||
171 | bn_pack4(233B,A186,515B,E7ED), | ||
172 | bn_pack4(99B2,964F,A090,C3A2), | ||
173 | bn_pack4(287C,5947,4E6B,C05D), | ||
174 | bn_pack4(2E8E,FC14,1FBE,CAA6), | ||
175 | bn_pack4(DBBB,C2DB,04DE,8EF9), | ||
176 | bn_pack4(2583,E9CA,2AD4,4CE8), | ||
177 | bn_pack4(1A94,6834,B615,0BDA), | ||
178 | bn_pack4(99C3,2718,6AF4,E23C), | ||
179 | bn_pack4(8871,9A10,BDBA,5B26), | ||
180 | bn_pack4(1A72,3C12,A787,E6D7), | ||
181 | bn_pack4(4B82,D120,A921,0801), | ||
182 | bn_pack4(43DB,5BFC,E0FD,108E), | ||
183 | bn_pack4(08E2,4FA0,74E5,AB31), | ||
184 | bn_pack4(7709,88C0,BAD9,46E2), | ||
185 | bn_pack4(BBE1,1757,7A61,5D6C), | ||
186 | bn_pack4(521F,2B18,177B,200C), | ||
187 | bn_pack4(D876,0273,3EC8,6A64), | ||
188 | bn_pack4(F12F,FA06,D98A,0864), | ||
189 | bn_pack4(CEE3,D226,1AD2,EE6B), | ||
190 | bn_pack4(1E8C,94E0,4A25,619D), | ||
191 | bn_pack4(ABF5,AE8C,DB09,33D7), | ||
192 | bn_pack4(B397,0F85,A6E1,E4C7), | ||
193 | bn_pack4(8AEA,7157,5D06,0C7D), | ||
194 | bn_pack4(ECFB,8504,58DB,EF0A), | ||
195 | bn_pack4(A855,21AB,DF1C,BA64), | ||
196 | bn_pack4(AD33,170D,0450,7A33), | ||
197 | bn_pack4(1572,8E5A,8AAA,C42D), | ||
198 | bn_pack4(15D2,2618,98FA,0510), | ||
199 | bn_pack4(3995,497C,EA95,6AE5), | ||
200 | bn_pack4(DE2B,CBF6,9558,1718), | ||
201 | bn_pack4(B5C5,5DF0,6F4C,52C9), | ||
202 | bn_pack4(9B27,83A2,EC07,A28F), | ||
203 | bn_pack4(E39E,772C,180E,8603), | ||
204 | bn_pack4(3290,5E46,2E36,CE3B), | ||
205 | bn_pack4(F174,6C08,CA18,217C), | ||
206 | bn_pack4(670C,354E,4ABC,9804), | ||
207 | bn_pack4(9ED5,2907,7096,966D), | ||
208 | bn_pack4(1C62,F356,2085,52BB), | ||
209 | bn_pack4(8365,5D23,DCA3,AD96), | ||
210 | bn_pack4(6916,3FA8,FD24,CF5F), | ||
211 | bn_pack4(98DA,4836,1C55,D39A), | ||
212 | bn_pack4(C200,7CB8,A163,BF05), | ||
213 | bn_pack4(4928,6651,ECE4,5B3D), | ||
214 | bn_pack4(AE9F,2411,7C4B,1FE6), | ||
215 | bn_pack4(EE38,6BFB,5A89,9FA5), | ||
216 | bn_pack4(0BFF,5CB6,F406,B7ED), | ||
217 | bn_pack4(F44C,42E9,A637,ED6B), | ||
218 | bn_pack4(E485,B576,625E,7EC6), | ||
219 | bn_pack4(4FE1,356D,6D51,C245), | ||
220 | bn_pack4(302B,0A6D,F25F,1437), | ||
221 | bn_pack4(EF95,19B3,CD3A,431B), | ||
222 | bn_pack4(514A,0879,8E34,04DD), | ||
223 | bn_pack4(020B,BEA6,3B13,9B22), | ||
224 | bn_pack4(2902,4E08,8A67,CC74), | ||
225 | bn_pack4(C4C6,628B,80DC,1CD1), | ||
226 | bn_pack4(C90F,DAA2,2168,C234), | ||
227 | bn_pack4(FFFF,FFFF,FFFF,FFFF) | ||
228 | }; | ||
229 | static BIGNUM bn_group_4096 = { | ||
230 | bn_group_4096_value, | ||
231 | (sizeof bn_group_4096_value)/sizeof(BN_ULONG), | ||
232 | (sizeof bn_group_4096_value)/sizeof(BN_ULONG), | ||
233 | 0, | ||
234 | BN_FLG_STATIC_DATA | ||
235 | }; | ||
236 | |||
237 | static BN_ULONG bn_group_6144_value[] = { | ||
238 | bn_pack4(FFFF,FFFF,FFFF,FFFF), | ||
239 | bn_pack4(E694,F91E,6DCC,4024), | ||
240 | bn_pack4(12BF,2D5B,0B74,74D6), | ||
241 | bn_pack4(043E,8F66,3F48,60EE), | ||
242 | bn_pack4(387F,E8D7,6E3C,0468), | ||
243 | bn_pack4(DA56,C9EC,2EF2,9632), | ||
244 | bn_pack4(EB19,CCB1,A313,D55C), | ||
245 | bn_pack4(F550,AA3D,8A1F,BFF0), | ||
246 | bn_pack4(06A1,D58B,B7C5,DA76), | ||
247 | bn_pack4(A797,15EE,F29B,E328), | ||
248 | bn_pack4(14CC,5ED2,0F80,37E0), | ||
249 | bn_pack4(CC8F,6D7E,BF48,E1D8), | ||
250 | bn_pack4(4BD4,07B2,2B41,54AA), | ||
251 | bn_pack4(0F1D,45B7,FF58,5AC5), | ||
252 | bn_pack4(23A9,7A7E,36CC,88BE), | ||
253 | bn_pack4(59E7,C97F,BEC7,E8F3), | ||
254 | bn_pack4(B5A8,4031,900B,1C9E), | ||
255 | bn_pack4(D55E,702F,4698,0C82), | ||
256 | bn_pack4(F482,D7CE,6E74,FEF6), | ||
257 | bn_pack4(F032,EA15,D172,1D03), | ||
258 | bn_pack4(5983,CA01,C64B,92EC), | ||
259 | bn_pack4(6FB8,F401,378C,D2BF), | ||
260 | bn_pack4(3320,5151,2BD7,AF42), | ||
261 | bn_pack4(DB7F,1447,E6CC,254B), | ||
262 | bn_pack4(44CE,6CBA,CED4,BB1B), | ||
263 | bn_pack4(DA3E,DBEB,CF9B,14ED), | ||
264 | bn_pack4(1797,27B0,865A,8918), | ||
265 | bn_pack4(B06A,53ED,9027,D831), | ||
266 | bn_pack4(E5DB,382F,4130,01AE), | ||
267 | bn_pack4(F8FF,9406,AD9E,530E), | ||
268 | bn_pack4(C975,1E76,3DBA,37BD), | ||
269 | bn_pack4(C1D4,DCB2,6026,46DE), | ||
270 | bn_pack4(36C3,FAB4,D27C,7026), | ||
271 | bn_pack4(4DF4,35C9,3402,8492), | ||
272 | bn_pack4(86FF,B7DC,90A6,C08F), | ||
273 | bn_pack4(93B4,EA98,8D8F,DDC1), | ||
274 | bn_pack4(D006,9127,D5B0,5AA9), | ||
275 | bn_pack4(B81B,DD76,2170,481C), | ||
276 | bn_pack4(1F61,2970,CEE2,D7AF), | ||
277 | bn_pack4(233B,A186,515B,E7ED), | ||
278 | bn_pack4(99B2,964F,A090,C3A2), | ||
279 | bn_pack4(287C,5947,4E6B,C05D), | ||
280 | bn_pack4(2E8E,FC14,1FBE,CAA6), | ||
281 | bn_pack4(DBBB,C2DB,04DE,8EF9), | ||
282 | bn_pack4(2583,E9CA,2AD4,4CE8), | ||
283 | bn_pack4(1A94,6834,B615,0BDA), | ||
284 | bn_pack4(99C3,2718,6AF4,E23C), | ||
285 | bn_pack4(8871,9A10,BDBA,5B26), | ||
286 | bn_pack4(1A72,3C12,A787,E6D7), | ||
287 | bn_pack4(4B82,D120,A921,0801), | ||
288 | bn_pack4(43DB,5BFC,E0FD,108E), | ||
289 | bn_pack4(08E2,4FA0,74E5,AB31), | ||
290 | bn_pack4(7709,88C0,BAD9,46E2), | ||
291 | bn_pack4(BBE1,1757,7A61,5D6C), | ||
292 | bn_pack4(521F,2B18,177B,200C), | ||
293 | bn_pack4(D876,0273,3EC8,6A64), | ||
294 | bn_pack4(F12F,FA06,D98A,0864), | ||
295 | bn_pack4(CEE3,D226,1AD2,EE6B), | ||
296 | bn_pack4(1E8C,94E0,4A25,619D), | ||
297 | bn_pack4(ABF5,AE8C,DB09,33D7), | ||
298 | bn_pack4(B397,0F85,A6E1,E4C7), | ||
299 | bn_pack4(8AEA,7157,5D06,0C7D), | ||
300 | bn_pack4(ECFB,8504,58DB,EF0A), | ||
301 | bn_pack4(A855,21AB,DF1C,BA64), | ||
302 | bn_pack4(AD33,170D,0450,7A33), | ||
303 | bn_pack4(1572,8E5A,8AAA,C42D), | ||
304 | bn_pack4(15D2,2618,98FA,0510), | ||
305 | bn_pack4(3995,497C,EA95,6AE5), | ||
306 | bn_pack4(DE2B,CBF6,9558,1718), | ||
307 | bn_pack4(B5C5,5DF0,6F4C,52C9), | ||
308 | bn_pack4(9B27,83A2,EC07,A28F), | ||
309 | bn_pack4(E39E,772C,180E,8603), | ||
310 | bn_pack4(3290,5E46,2E36,CE3B), | ||
311 | bn_pack4(F174,6C08,CA18,217C), | ||
312 | bn_pack4(670C,354E,4ABC,9804), | ||
313 | bn_pack4(9ED5,2907,7096,966D), | ||
314 | bn_pack4(1C62,F356,2085,52BB), | ||
315 | bn_pack4(8365,5D23,DCA3,AD96), | ||
316 | bn_pack4(6916,3FA8,FD24,CF5F), | ||
317 | bn_pack4(98DA,4836,1C55,D39A), | ||
318 | bn_pack4(C200,7CB8,A163,BF05), | ||
319 | bn_pack4(4928,6651,ECE4,5B3D), | ||
320 | bn_pack4(AE9F,2411,7C4B,1FE6), | ||
321 | bn_pack4(EE38,6BFB,5A89,9FA5), | ||
322 | bn_pack4(0BFF,5CB6,F406,B7ED), | ||
323 | bn_pack4(F44C,42E9,A637,ED6B), | ||
324 | bn_pack4(E485,B576,625E,7EC6), | ||
325 | bn_pack4(4FE1,356D,6D51,C245), | ||
326 | bn_pack4(302B,0A6D,F25F,1437), | ||
327 | bn_pack4(EF95,19B3,CD3A,431B), | ||
328 | bn_pack4(514A,0879,8E34,04DD), | ||
329 | bn_pack4(020B,BEA6,3B13,9B22), | ||
330 | bn_pack4(2902,4E08,8A67,CC74), | ||
331 | bn_pack4(C4C6,628B,80DC,1CD1), | ||
332 | bn_pack4(C90F,DAA2,2168,C234), | ||
333 | bn_pack4(FFFF,FFFF,FFFF,FFFF) | ||
334 | }; | ||
335 | static BIGNUM bn_group_6144 = { | ||
336 | bn_group_6144_value, | ||
337 | (sizeof bn_group_6144_value)/sizeof(BN_ULONG), | ||
338 | (sizeof bn_group_6144_value)/sizeof(BN_ULONG), | ||
339 | 0, | ||
340 | BN_FLG_STATIC_DATA | ||
341 | }; | ||
342 | |||
343 | static BN_ULONG bn_group_8192_value[] = { | ||
344 | bn_pack4(FFFF,FFFF,FFFF,FFFF), | ||
345 | bn_pack4(60C9,80DD,98ED,D3DF), | ||
346 | bn_pack4(C81F,56E8,80B9,6E71), | ||
347 | bn_pack4(9E30,50E2,7656,94DF), | ||
348 | bn_pack4(9558,E447,5677,E9AA), | ||
349 | bn_pack4(C919,0DA6,FC02,6E47), | ||
350 | bn_pack4(889A,002E,D5EE,382B), | ||
351 | bn_pack4(4009,438B,481C,6CD7), | ||
352 | bn_pack4(3590,46F4,EB87,9F92), | ||
353 | bn_pack4(FAF3,6BC3,1ECF,A268), | ||
354 | bn_pack4(B1D5,10BD,7EE7,4D73), | ||
355 | bn_pack4(F9AB,4819,5DED,7EA1), | ||
356 | bn_pack4(64F3,1CC5,0846,851D), | ||
357 | bn_pack4(4597,E899,A025,5DC1), | ||
358 | bn_pack4(DF31,0EE0,74AB,6A36), | ||
359 | bn_pack4(6D2A,13F8,3F44,F82D), | ||
360 | bn_pack4(062B,3CF5,B3A2,78A6), | ||
361 | bn_pack4(7968,3303,ED5B,DD3A), | ||
362 | bn_pack4(FA9D,4B7F,A2C0,87E8), | ||
363 | bn_pack4(4BCB,C886,2F83,85DD), | ||
364 | bn_pack4(3473,FC64,6CEA,306B), | ||
365 | bn_pack4(13EB,57A8,1A23,F0C7), | ||
366 | bn_pack4(2222,2E04,A403,7C07), | ||
367 | bn_pack4(E3FD,B8BE,FC84,8AD9), | ||
368 | bn_pack4(238F,16CB,E39D,652D), | ||
369 | bn_pack4(3423,B474,2BF1,C978), | ||
370 | bn_pack4(3AAB,639C,5AE4,F568), | ||
371 | bn_pack4(2576,F693,6BA4,2466), | ||
372 | bn_pack4(741F,A7BF,8AFC,47ED), | ||
373 | bn_pack4(3BC8,32B6,8D9D,D300), | ||
374 | bn_pack4(D8BE,C4D0,73B9,31BA), | ||
375 | bn_pack4(3877,7CB6,A932,DF8C), | ||
376 | bn_pack4(74A3,926F,12FE,E5E4), | ||
377 | bn_pack4(E694,F91E,6DBE,1159), | ||
378 | bn_pack4(12BF,2D5B,0B74,74D6), | ||
379 | bn_pack4(043E,8F66,3F48,60EE), | ||
380 | bn_pack4(387F,E8D7,6E3C,0468), | ||
381 | bn_pack4(DA56,C9EC,2EF2,9632), | ||
382 | bn_pack4(EB19,CCB1,A313,D55C), | ||
383 | bn_pack4(F550,AA3D,8A1F,BFF0), | ||
384 | bn_pack4(06A1,D58B,B7C5,DA76), | ||
385 | bn_pack4(A797,15EE,F29B,E328), | ||
386 | bn_pack4(14CC,5ED2,0F80,37E0), | ||
387 | bn_pack4(CC8F,6D7E,BF48,E1D8), | ||
388 | bn_pack4(4BD4,07B2,2B41,54AA), | ||
389 | bn_pack4(0F1D,45B7,FF58,5AC5), | ||
390 | bn_pack4(23A9,7A7E,36CC,88BE), | ||
391 | bn_pack4(59E7,C97F,BEC7,E8F3), | ||
392 | bn_pack4(B5A8,4031,900B,1C9E), | ||
393 | bn_pack4(D55E,702F,4698,0C82), | ||
394 | bn_pack4(F482,D7CE,6E74,FEF6), | ||
395 | bn_pack4(F032,EA15,D172,1D03), | ||
396 | bn_pack4(5983,CA01,C64B,92EC), | ||
397 | bn_pack4(6FB8,F401,378C,D2BF), | ||
398 | bn_pack4(3320,5151,2BD7,AF42), | ||
399 | bn_pack4(DB7F,1447,E6CC,254B), | ||
400 | bn_pack4(44CE,6CBA,CED4,BB1B), | ||
401 | bn_pack4(DA3E,DBEB,CF9B,14ED), | ||
402 | bn_pack4(1797,27B0,865A,8918), | ||
403 | bn_pack4(B06A,53ED,9027,D831), | ||
404 | bn_pack4(E5DB,382F,4130,01AE), | ||
405 | bn_pack4(F8FF,9406,AD9E,530E), | ||
406 | bn_pack4(C975,1E76,3DBA,37BD), | ||
407 | bn_pack4(C1D4,DCB2,6026,46DE), | ||
408 | bn_pack4(36C3,FAB4,D27C,7026), | ||
409 | bn_pack4(4DF4,35C9,3402,8492), | ||
410 | bn_pack4(86FF,B7DC,90A6,C08F), | ||
411 | bn_pack4(93B4,EA98,8D8F,DDC1), | ||
412 | bn_pack4(D006,9127,D5B0,5AA9), | ||
413 | bn_pack4(B81B,DD76,2170,481C), | ||
414 | bn_pack4(1F61,2970,CEE2,D7AF), | ||
415 | bn_pack4(233B,A186,515B,E7ED), | ||
416 | bn_pack4(99B2,964F,A090,C3A2), | ||
417 | bn_pack4(287C,5947,4E6B,C05D), | ||
418 | bn_pack4(2E8E,FC14,1FBE,CAA6), | ||
419 | bn_pack4(DBBB,C2DB,04DE,8EF9), | ||
420 | bn_pack4(2583,E9CA,2AD4,4CE8), | ||
421 | bn_pack4(1A94,6834,B615,0BDA), | ||
422 | bn_pack4(99C3,2718,6AF4,E23C), | ||
423 | bn_pack4(8871,9A10,BDBA,5B26), | ||
424 | bn_pack4(1A72,3C12,A787,E6D7), | ||
425 | bn_pack4(4B82,D120,A921,0801), | ||
426 | bn_pack4(43DB,5BFC,E0FD,108E), | ||
427 | bn_pack4(08E2,4FA0,74E5,AB31), | ||
428 | bn_pack4(7709,88C0,BAD9,46E2), | ||
429 | bn_pack4(BBE1,1757,7A61,5D6C), | ||
430 | bn_pack4(521F,2B18,177B,200C), | ||
431 | bn_pack4(D876,0273,3EC8,6A64), | ||
432 | bn_pack4(F12F,FA06,D98A,0864), | ||
433 | bn_pack4(CEE3,D226,1AD2,EE6B), | ||
434 | bn_pack4(1E8C,94E0,4A25,619D), | ||
435 | bn_pack4(ABF5,AE8C,DB09,33D7), | ||
436 | bn_pack4(B397,0F85,A6E1,E4C7), | ||
437 | bn_pack4(8AEA,7157,5D06,0C7D), | ||
438 | bn_pack4(ECFB,8504,58DB,EF0A), | ||
439 | bn_pack4(A855,21AB,DF1C,BA64), | ||
440 | bn_pack4(AD33,170D,0450,7A33), | ||
441 | bn_pack4(1572,8E5A,8AAA,C42D), | ||
442 | bn_pack4(15D2,2618,98FA,0510), | ||
443 | bn_pack4(3995,497C,EA95,6AE5), | ||
444 | bn_pack4(DE2B,CBF6,9558,1718), | ||
445 | bn_pack4(B5C5,5DF0,6F4C,52C9), | ||
446 | bn_pack4(9B27,83A2,EC07,A28F), | ||
447 | bn_pack4(E39E,772C,180E,8603), | ||
448 | bn_pack4(3290,5E46,2E36,CE3B), | ||
449 | bn_pack4(F174,6C08,CA18,217C), | ||
450 | bn_pack4(670C,354E,4ABC,9804), | ||
451 | bn_pack4(9ED5,2907,7096,966D), | ||
452 | bn_pack4(1C62,F356,2085,52BB), | ||
453 | bn_pack4(8365,5D23,DCA3,AD96), | ||
454 | bn_pack4(6916,3FA8,FD24,CF5F), | ||
455 | bn_pack4(98DA,4836,1C55,D39A), | ||
456 | bn_pack4(C200,7CB8,A163,BF05), | ||
457 | bn_pack4(4928,6651,ECE4,5B3D), | ||
458 | bn_pack4(AE9F,2411,7C4B,1FE6), | ||
459 | bn_pack4(EE38,6BFB,5A89,9FA5), | ||
460 | bn_pack4(0BFF,5CB6,F406,B7ED), | ||
461 | bn_pack4(F44C,42E9,A637,ED6B), | ||
462 | bn_pack4(E485,B576,625E,7EC6), | ||
463 | bn_pack4(4FE1,356D,6D51,C245), | ||
464 | bn_pack4(302B,0A6D,F25F,1437), | ||
465 | bn_pack4(EF95,19B3,CD3A,431B), | ||
466 | bn_pack4(514A,0879,8E34,04DD), | ||
467 | bn_pack4(020B,BEA6,3B13,9B22), | ||
468 | bn_pack4(2902,4E08,8A67,CC74), | ||
469 | bn_pack4(C4C6,628B,80DC,1CD1), | ||
470 | bn_pack4(C90F,DAA2,2168,C234), | ||
471 | bn_pack4(FFFF,FFFF,FFFF,FFFF) | ||
472 | }; | ||
473 | static BIGNUM bn_group_8192 = { | ||
474 | bn_group_8192_value, | ||
475 | (sizeof bn_group_8192_value)/sizeof(BN_ULONG), | ||
476 | (sizeof bn_group_8192_value)/sizeof(BN_ULONG), | ||
477 | 0, | ||
478 | BN_FLG_STATIC_DATA | ||
479 | }; | ||
480 | |||
481 | static BN_ULONG bn_generator_19_value[] = {19} ; | ||
482 | static BIGNUM bn_generator_19 = { | ||
483 | bn_generator_19_value, | ||
484 | 1, | ||
485 | 1, | ||
486 | 0, | ||
487 | BN_FLG_STATIC_DATA | ||
488 | }; | ||
489 | static BN_ULONG bn_generator_5_value[] = {5} ; | ||
490 | static BIGNUM bn_generator_5 = { | ||
491 | bn_generator_5_value, | ||
492 | 1, | ||
493 | 1, | ||
494 | 0, | ||
495 | BN_FLG_STATIC_DATA | ||
496 | }; | ||
497 | static BN_ULONG bn_generator_2_value[] = {2} ; | ||
498 | static BIGNUM bn_generator_2 = { | ||
499 | bn_generator_2_value, | ||
500 | 1, | ||
501 | 1, | ||
502 | 0, | ||
503 | BN_FLG_STATIC_DATA | ||
504 | }; | ||
505 | |||
506 | static SRP_gN knowngN[] = { | ||
507 | {"8192",&bn_generator_19 , &bn_group_8192}, | ||
508 | {"6144",&bn_generator_5 , &bn_group_6144}, | ||
509 | {"4096",&bn_generator_5 , &bn_group_4096}, | ||
510 | {"3072",&bn_generator_5 , &bn_group_3072}, | ||
511 | {"2048",&bn_generator_2 , &bn_group_2048}, | ||
512 | {"1536",&bn_generator_2 , &bn_group_1536}, | ||
513 | {"1024",&bn_generator_2 , &bn_group_1024}, | ||
514 | }; | ||
515 | #define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN) | ||
516 | |||
517 | /* end of generated data */ | ||
diff --git a/src/lib/libcrypto/srp/srp_lcl.h b/src/lib/libcrypto/srp/srp_lcl.h new file mode 100644 index 0000000000..42bda3f148 --- /dev/null +++ b/src/lib/libcrypto/srp/srp_lcl.h | |||
@@ -0,0 +1,83 @@ | |||
1 | /* crypto/srp/srp_lcl.h */ | ||
2 | /* Written by Peter Sylvester (peter.sylvester@edelweb.fr) | ||
3 | * for the EdelKey project and contributed to the OpenSSL project 2004. | ||
4 | */ | ||
5 | /* ==================================================================== | ||
6 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions | ||
10 | * are met: | ||
11 | * | ||
12 | * 1. Redistributions of source code must retain the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer. | ||
14 | * | ||
15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
16 | * notice, this list of conditions and the following disclaimer in | ||
17 | * the documentation and/or other materials provided with the | ||
18 | * distribution. | ||
19 | * | ||
20 | * 3. All advertising materials mentioning features or use of this | ||
21 | * software must display the following acknowledgment: | ||
22 | * "This product includes software developed by the OpenSSL Project | ||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | * | ||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | * endorse or promote products derived from this software without | ||
27 | * prior written permission. For written permission, please contact | ||
28 | * licensing@OpenSSL.org. | ||
29 | * | ||
30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
31 | * nor may "OpenSSL" appear in their names without prior written | ||
32 | * permission of the OpenSSL Project. | ||
33 | * | ||
34 | * 6. Redistributions of any form whatsoever must retain the following | ||
35 | * acknowledgment: | ||
36 | * "This product includes software developed by the OpenSSL Project | ||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | * | ||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | * ==================================================================== | ||
52 | * | ||
53 | * This product includes cryptographic software written by Eric Young | ||
54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
55 | * Hudson (tjh@cryptsoft.com). | ||
56 | * | ||
57 | */ | ||
58 | #ifndef HEADER_SRP_LCL_H | ||
59 | #define HEADER_SRP_LCL_H | ||
60 | |||
61 | #include <openssl/srp.h> | ||
62 | #include <openssl/sha.h> | ||
63 | |||
64 | #if 0 | ||
65 | #define srp_bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \ | ||
66 | fprintf(stderr,"\n");} | ||
67 | #else | ||
68 | #define srp_bn_print(a) | ||
69 | #endif | ||
70 | |||
71 | |||
72 | |||
73 | #ifdef __cplusplus | ||
74 | extern "C" { | ||
75 | #endif | ||
76 | |||
77 | |||
78 | |||
79 | #ifdef __cplusplus | ||
80 | } | ||
81 | #endif | ||
82 | |||
83 | #endif | ||
diff --git a/src/lib/libcrypto/srp/srp_lib.c b/src/lib/libcrypto/srp/srp_lib.c new file mode 100644 index 0000000000..92cea98dcd --- /dev/null +++ b/src/lib/libcrypto/srp/srp_lib.c | |||
@@ -0,0 +1,357 @@ | |||
1 | /* crypto/srp/srp_lib.c */ | ||
2 | /* Written by Christophe Renou (christophe.renou@edelweb.fr) with | ||
3 | * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) | ||
4 | * for the EdelKey project and contributed to the OpenSSL project 2004. | ||
5 | */ | ||
6 | /* ==================================================================== | ||
7 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
8 | * | ||
9 | * Redistribution and use in source and binary forms, with or without | ||
10 | * modification, are permitted provided that the following conditions | ||
11 | * are met: | ||
12 | * | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in | ||
18 | * the documentation and/or other materials provided with the | ||
19 | * distribution. | ||
20 | * | ||
21 | * 3. All advertising materials mentioning features or use of this | ||
22 | * software must display the following acknowledgment: | ||
23 | * "This product includes software developed by the OpenSSL Project | ||
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
25 | * | ||
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
27 | * endorse or promote products derived from this software without | ||
28 | * prior written permission. For written permission, please contact | ||
29 | * licensing@OpenSSL.org. | ||
30 | * | ||
31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
32 | * nor may "OpenSSL" appear in their names without prior written | ||
33 | * permission of the OpenSSL Project. | ||
34 | * | ||
35 | * 6. Redistributions of any form whatsoever must retain the following | ||
36 | * acknowledgment: | ||
37 | * "This product includes software developed by the OpenSSL Project | ||
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
39 | * | ||
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
52 | * ==================================================================== | ||
53 | * | ||
54 | * This product includes cryptographic software written by Eric Young | ||
55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
56 | * Hudson (tjh@cryptsoft.com). | ||
57 | * | ||
58 | */ | ||
59 | #ifndef OPENSSL_NO_SRP | ||
60 | #include "cryptlib.h" | ||
61 | #include "srp_lcl.h" | ||
62 | #include <openssl/srp.h> | ||
63 | #include <openssl/evp.h> | ||
64 | |||
65 | #if (BN_BYTES == 8) | ||
66 | #define bn_pack4(a1,a2,a3,a4) 0x##a1##a2##a3##a4##ul | ||
67 | #endif | ||
68 | #if (BN_BYTES == 4) | ||
69 | #define bn_pack4(a1,a2,a3,a4) 0x##a3##a4##ul, 0x##a1##a2##ul | ||
70 | #endif | ||
71 | #if (BN_BYTES == 2) | ||
72 | #define bn_pack4(a1,a2,a3,a4) 0x##a4##u,0x##a3##u,0x##a2##u,0x##a1##u | ||
73 | #endif | ||
74 | |||
75 | |||
76 | #include "srp_grps.h" | ||
77 | |||
78 | static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g) | ||
79 | { | ||
80 | /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */ | ||
81 | |||
82 | unsigned char digest[SHA_DIGEST_LENGTH]; | ||
83 | unsigned char *tmp; | ||
84 | EVP_MD_CTX ctxt; | ||
85 | int longg ; | ||
86 | int longN = BN_num_bytes(N); | ||
87 | |||
88 | if ((tmp = OPENSSL_malloc(longN)) == NULL) | ||
89 | return NULL; | ||
90 | BN_bn2bin(N,tmp) ; | ||
91 | |||
92 | EVP_MD_CTX_init(&ctxt); | ||
93 | EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); | ||
94 | EVP_DigestUpdate(&ctxt, tmp, longN); | ||
95 | |||
96 | memset(tmp, 0, longN); | ||
97 | longg = BN_bn2bin(g,tmp) ; | ||
98 | /* use the zeros behind to pad on left */ | ||
99 | EVP_DigestUpdate(&ctxt, tmp + longg, longN-longg); | ||
100 | EVP_DigestUpdate(&ctxt, tmp, longg); | ||
101 | OPENSSL_free(tmp); | ||
102 | |||
103 | EVP_DigestFinal_ex(&ctxt, digest, NULL); | ||
104 | EVP_MD_CTX_cleanup(&ctxt); | ||
105 | return BN_bin2bn(digest, sizeof(digest), NULL); | ||
106 | } | ||
107 | |||
108 | BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) | ||
109 | { | ||
110 | /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */ | ||
111 | |||
112 | BIGNUM *u; | ||
113 | unsigned char cu[SHA_DIGEST_LENGTH]; | ||
114 | unsigned char *cAB; | ||
115 | EVP_MD_CTX ctxt; | ||
116 | int longN; | ||
117 | if ((A == NULL) ||(B == NULL) || (N == NULL)) | ||
118 | return NULL; | ||
119 | |||
120 | longN= BN_num_bytes(N); | ||
121 | |||
122 | if ((cAB = OPENSSL_malloc(2*longN)) == NULL) | ||
123 | return NULL; | ||
124 | |||
125 | memset(cAB, 0, longN); | ||
126 | |||
127 | EVP_MD_CTX_init(&ctxt); | ||
128 | EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); | ||
129 | EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A,cAB+longN), longN); | ||
130 | EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B,cAB+longN), longN); | ||
131 | OPENSSL_free(cAB); | ||
132 | EVP_DigestFinal_ex(&ctxt, cu, NULL); | ||
133 | EVP_MD_CTX_cleanup(&ctxt); | ||
134 | |||
135 | if (!(u = BN_bin2bn(cu, sizeof(cu), NULL))) | ||
136 | return NULL; | ||
137 | if (!BN_is_zero(u)) | ||
138 | return u; | ||
139 | BN_free(u); | ||
140 | return NULL; | ||
141 | } | ||
142 | |||
143 | BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM *N) | ||
144 | { | ||
145 | BIGNUM *tmp = NULL, *S = NULL; | ||
146 | BN_CTX *bn_ctx; | ||
147 | |||
148 | if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL) | ||
149 | return NULL; | ||
150 | |||
151 | if ((bn_ctx = BN_CTX_new()) == NULL || | ||
152 | (tmp = BN_new()) == NULL || | ||
153 | (S = BN_new()) == NULL ) | ||
154 | goto err; | ||
155 | |||
156 | /* S = (A*v**u) ** b */ | ||
157 | |||
158 | if (!BN_mod_exp(tmp,v,u,N,bn_ctx)) | ||
159 | goto err; | ||
160 | if (!BN_mod_mul(tmp,A,tmp,N,bn_ctx)) | ||
161 | goto err; | ||
162 | if (!BN_mod_exp(S,tmp,b,N,bn_ctx)) | ||
163 | goto err; | ||
164 | err: | ||
165 | BN_CTX_free(bn_ctx); | ||
166 | BN_clear_free(tmp); | ||
167 | return S; | ||
168 | } | ||
169 | |||
170 | BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v) | ||
171 | { | ||
172 | BIGNUM *kv = NULL, *gb = NULL; | ||
173 | BIGNUM *B = NULL, *k = NULL; | ||
174 | BN_CTX *bn_ctx; | ||
175 | |||
176 | if (b == NULL || N == NULL || g == NULL || v == NULL || | ||
177 | (bn_ctx = BN_CTX_new()) == NULL) | ||
178 | return NULL; | ||
179 | |||
180 | if ( (kv = BN_new()) == NULL || | ||
181 | (gb = BN_new()) == NULL || | ||
182 | (B = BN_new())== NULL) | ||
183 | goto err; | ||
184 | |||
185 | /* B = g**b + k*v */ | ||
186 | |||
187 | if (!BN_mod_exp(gb,g,b,N,bn_ctx) || | ||
188 | !(k = srp_Calc_k(N,g)) || | ||
189 | !BN_mod_mul(kv,v,k,N,bn_ctx) || | ||
190 | !BN_mod_add(B,gb,kv,N,bn_ctx)) | ||
191 | { | ||
192 | BN_free(B); | ||
193 | B = NULL; | ||
194 | } | ||
195 | err: | ||
196 | BN_CTX_free(bn_ctx); | ||
197 | BN_clear_free(kv); | ||
198 | BN_clear_free(gb); | ||
199 | BN_free(k); | ||
200 | return B; | ||
201 | } | ||
202 | |||
203 | BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass) | ||
204 | { | ||
205 | unsigned char dig[SHA_DIGEST_LENGTH]; | ||
206 | EVP_MD_CTX ctxt; | ||
207 | unsigned char *cs; | ||
208 | |||
209 | if ((s == NULL) || | ||
210 | (user == NULL) || | ||
211 | (pass == NULL)) | ||
212 | return NULL; | ||
213 | |||
214 | if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) | ||
215 | return NULL; | ||
216 | |||
217 | EVP_MD_CTX_init(&ctxt); | ||
218 | EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); | ||
219 | EVP_DigestUpdate(&ctxt, user, strlen(user)); | ||
220 | EVP_DigestUpdate(&ctxt, ":", 1); | ||
221 | EVP_DigestUpdate(&ctxt, pass, strlen(pass)); | ||
222 | EVP_DigestFinal_ex(&ctxt, dig, NULL); | ||
223 | |||
224 | EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); | ||
225 | BN_bn2bin(s,cs); | ||
226 | EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s)); | ||
227 | OPENSSL_free(cs); | ||
228 | EVP_DigestUpdate(&ctxt, dig, sizeof(dig)); | ||
229 | EVP_DigestFinal_ex(&ctxt, dig, NULL); | ||
230 | EVP_MD_CTX_cleanup(&ctxt); | ||
231 | |||
232 | return BN_bin2bn(dig, sizeof(dig), NULL); | ||
233 | } | ||
234 | |||
235 | BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g) | ||
236 | { | ||
237 | BN_CTX *bn_ctx; | ||
238 | BIGNUM * A = NULL; | ||
239 | |||
240 | if (a == NULL || N == NULL || g == NULL || | ||
241 | (bn_ctx = BN_CTX_new()) == NULL) | ||
242 | return NULL; | ||
243 | |||
244 | if ((A = BN_new()) != NULL && | ||
245 | !BN_mod_exp(A,g,a,N,bn_ctx)) | ||
246 | { | ||
247 | BN_free(A); | ||
248 | A = NULL; | ||
249 | } | ||
250 | BN_CTX_free(bn_ctx); | ||
251 | return A; | ||
252 | } | ||
253 | |||
254 | |||
255 | BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM *a, BIGNUM *u) | ||
256 | { | ||
257 | BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL , *k = NULL, *K = NULL; | ||
258 | BN_CTX *bn_ctx; | ||
259 | |||
260 | if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL || a == NULL || | ||
261 | (bn_ctx = BN_CTX_new()) == NULL) | ||
262 | return NULL; | ||
263 | |||
264 | if ((tmp = BN_new()) == NULL || | ||
265 | (tmp2 = BN_new())== NULL || | ||
266 | (tmp3 = BN_new())== NULL || | ||
267 | (K = BN_new()) == NULL) | ||
268 | goto err; | ||
269 | |||
270 | if (!BN_mod_exp(tmp,g,x,N,bn_ctx)) | ||
271 | goto err; | ||
272 | if (!(k = srp_Calc_k(N,g))) | ||
273 | goto err; | ||
274 | if (!BN_mod_mul(tmp2,tmp,k,N,bn_ctx)) | ||
275 | goto err; | ||
276 | if (!BN_mod_sub(tmp,B,tmp2,N,bn_ctx)) | ||
277 | goto err; | ||
278 | |||
279 | if (!BN_mod_mul(tmp3,u,x,N,bn_ctx)) | ||
280 | goto err; | ||
281 | if (!BN_mod_add(tmp2,a,tmp3,N,bn_ctx)) | ||
282 | goto err; | ||
283 | if (!BN_mod_exp(K,tmp,tmp2,N,bn_ctx)) | ||
284 | goto err; | ||
285 | |||
286 | err : | ||
287 | BN_CTX_free(bn_ctx); | ||
288 | BN_clear_free(tmp); | ||
289 | BN_clear_free(tmp2); | ||
290 | BN_clear_free(tmp3); | ||
291 | BN_free(k); | ||
292 | return K; | ||
293 | } | ||
294 | |||
295 | int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N) | ||
296 | { | ||
297 | BIGNUM *r; | ||
298 | BN_CTX *bn_ctx; | ||
299 | int ret = 0; | ||
300 | |||
301 | if (B == NULL || N == NULL || | ||
302 | (bn_ctx = BN_CTX_new()) == NULL) | ||
303 | return 0; | ||
304 | |||
305 | if ((r = BN_new()) == NULL) | ||
306 | goto err; | ||
307 | /* Checks if B % N == 0 */ | ||
308 | if (!BN_nnmod(r,B,N,bn_ctx)) | ||
309 | goto err; | ||
310 | ret = !BN_is_zero(r); | ||
311 | err: | ||
312 | BN_CTX_free(bn_ctx); | ||
313 | BN_free(r); | ||
314 | return ret; | ||
315 | } | ||
316 | |||
317 | int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N) | ||
318 | { | ||
319 | /* Checks if A % N == 0 */ | ||
320 | return SRP_Verify_B_mod_N(A,N) ; | ||
321 | } | ||
322 | |||
323 | |||
324 | /* Check if G and N are kwown parameters. | ||
325 | The values have been generated from the ietf-tls-srp draft version 8 | ||
326 | */ | ||
327 | char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N) | ||
328 | { | ||
329 | size_t i; | ||
330 | if ((g == NULL) || (N == NULL)) | ||
331 | return 0; | ||
332 | |||
333 | srp_bn_print(g); | ||
334 | srp_bn_print(N); | ||
335 | |||
336 | for(i = 0; i < KNOWN_GN_NUMBER; i++) | ||
337 | { | ||
338 | if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0) | ||
339 | return knowngN[i].id; | ||
340 | } | ||
341 | return NULL; | ||
342 | } | ||
343 | |||
344 | SRP_gN *SRP_get_default_gN(const char *id) | ||
345 | { | ||
346 | size_t i; | ||
347 | |||
348 | if (id == NULL) | ||
349 | return knowngN; | ||
350 | for(i = 0; i < KNOWN_GN_NUMBER; i++) | ||
351 | { | ||
352 | if (strcmp(knowngN[i].id, id)==0) | ||
353 | return knowngN + i; | ||
354 | } | ||
355 | return NULL; | ||
356 | } | ||
357 | #endif | ||
diff --git a/src/lib/libcrypto/srp/srp_vfy.c b/src/lib/libcrypto/srp/srp_vfy.c new file mode 100644 index 0000000000..c8be907d7f --- /dev/null +++ b/src/lib/libcrypto/srp/srp_vfy.c | |||
@@ -0,0 +1,657 @@ | |||
1 | /* crypto/srp/srp_vfy.c */ | ||
2 | /* Written by Christophe Renou (christophe.renou@edelweb.fr) with | ||
3 | * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) | ||
4 | * for the EdelKey project and contributed to the OpenSSL project 2004. | ||
5 | */ | ||
6 | /* ==================================================================== | ||
7 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
8 | * | ||
9 | * Redistribution and use in source and binary forms, with or without | ||
10 | * modification, are permitted provided that the following conditions | ||
11 | * are met: | ||
12 | * | ||
13 | * 1. Redistributions of source code must retain the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer. | ||
15 | * | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in | ||
18 | * the documentation and/or other materials provided with the | ||
19 | * distribution. | ||
20 | * | ||
21 | * 3. All advertising materials mentioning features or use of this | ||
22 | * software must display the following acknowledgment: | ||
23 | * "This product includes software developed by the OpenSSL Project | ||
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
25 | * | ||
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
27 | * endorse or promote products derived from this software without | ||
28 | * prior written permission. For written permission, please contact | ||
29 | * licensing@OpenSSL.org. | ||
30 | * | ||
31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
32 | * nor may "OpenSSL" appear in their names without prior written | ||
33 | * permission of the OpenSSL Project. | ||
34 | * | ||
35 | * 6. Redistributions of any form whatsoever must retain the following | ||
36 | * acknowledgment: | ||
37 | * "This product includes software developed by the OpenSSL Project | ||
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
39 | * | ||
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
52 | * ==================================================================== | ||
53 | * | ||
54 | * This product includes cryptographic software written by Eric Young | ||
55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
56 | * Hudson (tjh@cryptsoft.com). | ||
57 | * | ||
58 | */ | ||
59 | #ifndef OPENSSL_NO_SRP | ||
60 | #include "cryptlib.h" | ||
61 | #include "srp_lcl.h" | ||
62 | #include <openssl/srp.h> | ||
63 | #include <openssl/evp.h> | ||
64 | #include <openssl/buffer.h> | ||
65 | #include <openssl/rand.h> | ||
66 | #include <openssl/txt_db.h> | ||
67 | |||
68 | #define SRP_RANDOM_SALT_LEN 20 | ||
69 | #define MAX_LEN 2500 | ||
70 | |||
71 | static char b64table[] = | ||
72 | "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; | ||
73 | |||
74 | /* the following two conversion routines have been inspired by code from Stanford */ | ||
75 | |||
76 | /* | ||
77 | * Convert a base64 string into raw byte array representation. | ||
78 | */ | ||
79 | static int t_fromb64(unsigned char *a, const char *src) | ||
80 | { | ||
81 | char *loc; | ||
82 | int i, j; | ||
83 | int size; | ||
84 | |||
85 | while(*src && (*src == ' ' || *src == '\t' || *src == '\n')) | ||
86 | ++src; | ||
87 | size = strlen(src); | ||
88 | i = 0; | ||
89 | while(i < size) | ||
90 | { | ||
91 | loc = strchr(b64table, src[i]); | ||
92 | if(loc == (char *) 0) break; | ||
93 | else a[i] = loc - b64table; | ||
94 | ++i; | ||
95 | } | ||
96 | size = i; | ||
97 | i = size - 1; | ||
98 | j = size; | ||
99 | while(1) | ||
100 | { | ||
101 | a[j] = a[i]; | ||
102 | if(--i < 0) break; | ||
103 | a[j] |= (a[i] & 3) << 6; | ||
104 | --j; | ||
105 | a[j] = (unsigned char) ((a[i] & 0x3c) >> 2); | ||
106 | if(--i < 0) break; | ||
107 | a[j] |= (a[i] & 0xf) << 4; | ||
108 | --j; | ||
109 | a[j] = (unsigned char) ((a[i] & 0x30) >> 4); | ||
110 | if(--i < 0) break; | ||
111 | a[j] |= (a[i] << 2); | ||
112 | |||
113 | a[--j] = 0; | ||
114 | if(--i < 0) break; | ||
115 | } | ||
116 | while(a[j] == 0 && j <= size) ++j; | ||
117 | i = 0; | ||
118 | while (j <= size) a[i++] = a[j++]; | ||
119 | return i; | ||
120 | } | ||
121 | |||
122 | |||
123 | /* | ||
124 | * Convert a raw byte string into a null-terminated base64 ASCII string. | ||
125 | */ | ||
126 | static char *t_tob64(char *dst, const unsigned char *src, int size) | ||
127 | { | ||
128 | int c, pos = size % 3; | ||
129 | unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0; | ||
130 | char *olddst = dst; | ||
131 | |||
132 | switch(pos) | ||
133 | { | ||
134 | case 1: | ||
135 | b2 = src[0]; | ||
136 | break; | ||
137 | case 2: | ||
138 | b1 = src[0]; | ||
139 | b2 = src[1]; | ||
140 | break; | ||
141 | } | ||
142 | |||
143 | while(1) | ||
144 | { | ||
145 | c = (b0 & 0xfc) >> 2; | ||
146 | if(notleading || c != 0) | ||
147 | { | ||
148 | *dst++ = b64table[c]; | ||
149 | notleading = 1; | ||
150 | } | ||
151 | c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4); | ||
152 | if(notleading || c != 0) | ||
153 | { | ||
154 | *dst++ = b64table[c]; | ||
155 | notleading = 1; | ||
156 | } | ||
157 | c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6); | ||
158 | if(notleading || c != 0) | ||
159 | { | ||
160 | *dst++ = b64table[c]; | ||
161 | notleading = 1; | ||
162 | } | ||
163 | c = b2 & 0x3f; | ||
164 | if(notleading || c != 0) | ||
165 | { | ||
166 | *dst++ = b64table[c]; | ||
167 | notleading = 1; | ||
168 | } | ||
169 | if(pos >= size) break; | ||
170 | else | ||
171 | { | ||
172 | b0 = src[pos++]; | ||
173 | b1 = src[pos++]; | ||
174 | b2 = src[pos++]; | ||
175 | } | ||
176 | } | ||
177 | |||
178 | *dst++ = '\0'; | ||
179 | return olddst; | ||
180 | } | ||
181 | |||
182 | static void SRP_user_pwd_free(SRP_user_pwd *user_pwd) | ||
183 | { | ||
184 | if (user_pwd == NULL) | ||
185 | return; | ||
186 | BN_free(user_pwd->s); | ||
187 | BN_clear_free(user_pwd->v); | ||
188 | OPENSSL_free(user_pwd->id); | ||
189 | OPENSSL_free(user_pwd->info); | ||
190 | OPENSSL_free(user_pwd); | ||
191 | } | ||
192 | |||
193 | static SRP_user_pwd *SRP_user_pwd_new() | ||
194 | { | ||
195 | SRP_user_pwd *ret = OPENSSL_malloc(sizeof(SRP_user_pwd)); | ||
196 | if (ret == NULL) | ||
197 | return NULL; | ||
198 | ret->N = NULL; | ||
199 | ret->g = NULL; | ||
200 | ret->s = NULL; | ||
201 | ret->v = NULL; | ||
202 | ret->id = NULL ; | ||
203 | ret->info = NULL; | ||
204 | return ret; | ||
205 | } | ||
206 | |||
207 | static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g, | ||
208 | const BIGNUM *N) | ||
209 | { | ||
210 | vinfo->N = N; | ||
211 | vinfo->g = g; | ||
212 | } | ||
213 | |||
214 | static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id, | ||
215 | const char *info) | ||
216 | { | ||
217 | if (id != NULL && NULL == (vinfo->id = BUF_strdup(id))) | ||
218 | return 0; | ||
219 | return (info == NULL || NULL != (vinfo->info = BUF_strdup(info))) ; | ||
220 | } | ||
221 | |||
222 | static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, | ||
223 | const char *v) | ||
224 | { | ||
225 | unsigned char tmp[MAX_LEN]; | ||
226 | int len; | ||
227 | |||
228 | if (strlen(s) > MAX_LEN || strlen(v) > MAX_LEN) | ||
229 | return 0; | ||
230 | len = t_fromb64(tmp, v); | ||
231 | if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)) ) | ||
232 | return 0; | ||
233 | len = t_fromb64(tmp, s); | ||
234 | return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL) ; | ||
235 | } | ||
236 | |||
237 | static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v) | ||
238 | { | ||
239 | vinfo->v = v; | ||
240 | vinfo->s = s; | ||
241 | return (vinfo->s != NULL && vinfo->v != NULL) ; | ||
242 | } | ||
243 | |||
244 | SRP_VBASE *SRP_VBASE_new(char *seed_key) | ||
245 | { | ||
246 | SRP_VBASE *vb = (SRP_VBASE *) OPENSSL_malloc(sizeof(SRP_VBASE)); | ||
247 | |||
248 | if (vb == NULL) | ||
249 | return NULL; | ||
250 | if (!(vb->users_pwd = sk_SRP_user_pwd_new_null()) || | ||
251 | !(vb->gN_cache = sk_SRP_gN_cache_new_null())) | ||
252 | { | ||
253 | OPENSSL_free(vb); | ||
254 | return NULL; | ||
255 | } | ||
256 | vb->default_g = NULL; | ||
257 | vb->default_N = NULL; | ||
258 | vb->seed_key = NULL; | ||
259 | if ((seed_key != NULL) && | ||
260 | (vb->seed_key = BUF_strdup(seed_key)) == NULL) | ||
261 | { | ||
262 | sk_SRP_user_pwd_free(vb->users_pwd); | ||
263 | sk_SRP_gN_cache_free(vb->gN_cache); | ||
264 | OPENSSL_free(vb); | ||
265 | return NULL; | ||
266 | } | ||
267 | return vb; | ||
268 | } | ||
269 | |||
270 | |||
271 | int SRP_VBASE_free(SRP_VBASE *vb) | ||
272 | { | ||
273 | sk_SRP_user_pwd_pop_free(vb->users_pwd,SRP_user_pwd_free); | ||
274 | sk_SRP_gN_cache_free(vb->gN_cache); | ||
275 | OPENSSL_free(vb->seed_key); | ||
276 | OPENSSL_free(vb); | ||
277 | return 0; | ||
278 | } | ||
279 | |||
280 | |||
281 | static SRP_gN_cache *SRP_gN_new_init(const char *ch) | ||
282 | { | ||
283 | unsigned char tmp[MAX_LEN]; | ||
284 | int len; | ||
285 | |||
286 | SRP_gN_cache *newgN = (SRP_gN_cache *)OPENSSL_malloc(sizeof(SRP_gN_cache)); | ||
287 | if (newgN == NULL) | ||
288 | return NULL; | ||
289 | |||
290 | if ((newgN->b64_bn = BUF_strdup(ch)) == NULL) | ||
291 | goto err; | ||
292 | |||
293 | len = t_fromb64(tmp, ch); | ||
294 | if ((newgN->bn = BN_bin2bn(tmp, len, NULL))) | ||
295 | return newgN; | ||
296 | |||
297 | OPENSSL_free(newgN->b64_bn); | ||
298 | err: | ||
299 | OPENSSL_free(newgN); | ||
300 | return NULL; | ||
301 | } | ||
302 | |||
303 | |||
304 | static void SRP_gN_free(SRP_gN_cache *gN_cache) | ||
305 | { | ||
306 | if (gN_cache == NULL) | ||
307 | return; | ||
308 | OPENSSL_free(gN_cache->b64_bn); | ||
309 | BN_free(gN_cache->bn); | ||
310 | OPENSSL_free(gN_cache); | ||
311 | } | ||
312 | |||
313 | static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) | ||
314 | { | ||
315 | int i; | ||
316 | |||
317 | SRP_gN *gN; | ||
318 | if (gN_tab != NULL) | ||
319 | for(i = 0; i < sk_SRP_gN_num(gN_tab); i++) | ||
320 | { | ||
321 | gN = sk_SRP_gN_value(gN_tab, i); | ||
322 | if (gN && (id == NULL || strcmp(gN->id,id)==0)) | ||
323 | return gN; | ||
324 | } | ||
325 | |||
326 | return SRP_get_default_gN(id); | ||
327 | } | ||
328 | |||
329 | static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch) | ||
330 | { | ||
331 | int i; | ||
332 | if (gN_cache == NULL) | ||
333 | return NULL; | ||
334 | |||
335 | /* search if we have already one... */ | ||
336 | for(i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) | ||
337 | { | ||
338 | SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i); | ||
339 | if (strcmp(cache->b64_bn,ch)==0) | ||
340 | return cache->bn; | ||
341 | } | ||
342 | { /* it is the first time that we find it */ | ||
343 | SRP_gN_cache *newgN = SRP_gN_new_init(ch); | ||
344 | if (newgN) | ||
345 | { | ||
346 | if (sk_SRP_gN_cache_insert(gN_cache,newgN,0)>0) | ||
347 | return newgN->bn; | ||
348 | SRP_gN_free(newgN); | ||
349 | } | ||
350 | } | ||
351 | return NULL; | ||
352 | } | ||
353 | |||
354 | /* this function parses verifier file. Format is: | ||
355 | * string(index):base64(N):base64(g):0 | ||
356 | * string(username):base64(v):base64(salt):int(index) | ||
357 | */ | ||
358 | |||
359 | |||
360 | int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) | ||
361 | { | ||
362 | int error_code ; | ||
363 | STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null(); | ||
364 | char *last_index = NULL; | ||
365 | int i; | ||
366 | char **pp; | ||
367 | |||
368 | SRP_gN *gN = NULL; | ||
369 | SRP_user_pwd *user_pwd = NULL ; | ||
370 | |||
371 | TXT_DB *tmpdb = NULL; | ||
372 | BIO *in = BIO_new(BIO_s_file()); | ||
373 | |||
374 | error_code = SRP_ERR_OPEN_FILE; | ||
375 | |||
376 | if (in == NULL || BIO_read_filename(in,verifier_file) <= 0) | ||
377 | goto err; | ||
378 | |||
379 | error_code = SRP_ERR_VBASE_INCOMPLETE_FILE; | ||
380 | |||
381 | if ((tmpdb =TXT_DB_read(in,DB_NUMBER)) == NULL) | ||
382 | goto err; | ||
383 | |||
384 | error_code = SRP_ERR_MEMORY; | ||
385 | |||
386 | |||
387 | if (vb->seed_key) | ||
388 | { | ||
389 | last_index = SRP_get_default_gN(NULL)->id; | ||
390 | } | ||
391 | for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) | ||
392 | { | ||
393 | pp = (char **)sk_OPENSSL_PSTRING_value(tmpdb->data,i); | ||
394 | if (pp[DB_srptype][0] == DB_SRP_INDEX) | ||
395 | { | ||
396 | /*we add this couple in the internal Stack */ | ||
397 | |||
398 | if ((gN = (SRP_gN *)OPENSSL_malloc(sizeof(SRP_gN))) == NULL) | ||
399 | goto err; | ||
400 | |||
401 | if (!(gN->id = BUF_strdup(pp[DB_srpid])) | ||
402 | || !(gN->N = SRP_gN_place_bn(vb->gN_cache,pp[DB_srpverifier])) | ||
403 | || !(gN->g = SRP_gN_place_bn(vb->gN_cache,pp[DB_srpsalt])) | ||
404 | || sk_SRP_gN_insert(SRP_gN_tab,gN,0) == 0) | ||
405 | goto err; | ||
406 | |||
407 | gN = NULL; | ||
408 | |||
409 | if (vb->seed_key != NULL) | ||
410 | { | ||
411 | last_index = pp[DB_srpid]; | ||
412 | } | ||
413 | } | ||
414 | else if (pp[DB_srptype][0] == DB_SRP_VALID) | ||
415 | { | ||
416 | /* it is a user .... */ | ||
417 | SRP_gN *lgN; | ||
418 | if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN],SRP_gN_tab))!=NULL) | ||
419 | { | ||
420 | error_code = SRP_ERR_MEMORY; | ||
421 | if ((user_pwd = SRP_user_pwd_new()) == NULL) | ||
422 | goto err; | ||
423 | |||
424 | SRP_user_pwd_set_gN(user_pwd,lgN->g,lgN->N); | ||
425 | if (!SRP_user_pwd_set_ids(user_pwd, pp[DB_srpid],pp[DB_srpinfo])) | ||
426 | goto err; | ||
427 | |||
428 | error_code = SRP_ERR_VBASE_BN_LIB; | ||
429 | if (!SRP_user_pwd_set_sv(user_pwd, pp[DB_srpsalt],pp[DB_srpverifier])) | ||
430 | goto err; | ||
431 | |||
432 | if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0) | ||
433 | goto err; | ||
434 | user_pwd = NULL; /* abandon responsability */ | ||
435 | } | ||
436 | } | ||
437 | } | ||
438 | |||
439 | if (last_index != NULL) | ||
440 | { | ||
441 | /* this means that we want to simulate a default user */ | ||
442 | |||
443 | if (((gN = SRP_get_gN_by_id(last_index,SRP_gN_tab))==NULL)) | ||
444 | { | ||
445 | error_code = SRP_ERR_VBASE_BN_LIB; | ||
446 | goto err; | ||
447 | } | ||
448 | vb->default_g = gN->g ; | ||
449 | vb->default_N = gN->N ; | ||
450 | gN = NULL ; | ||
451 | } | ||
452 | error_code = SRP_NO_ERROR; | ||
453 | |||
454 | err: | ||
455 | /* there may be still some leaks to fix, if this fails, the application terminates most likely */ | ||
456 | |||
457 | if (gN != NULL) | ||
458 | { | ||
459 | OPENSSL_free(gN->id); | ||
460 | OPENSSL_free(gN); | ||
461 | } | ||
462 | |||
463 | SRP_user_pwd_free(user_pwd); | ||
464 | |||
465 | if (tmpdb) TXT_DB_free(tmpdb); | ||
466 | if (in) BIO_free_all(in); | ||
467 | |||
468 | sk_SRP_gN_free(SRP_gN_tab); | ||
469 | |||
470 | return error_code; | ||
471 | |||
472 | } | ||
473 | |||
474 | |||
475 | SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) | ||
476 | { | ||
477 | int i; | ||
478 | SRP_user_pwd *user; | ||
479 | unsigned char digv[SHA_DIGEST_LENGTH]; | ||
480 | unsigned char digs[SHA_DIGEST_LENGTH]; | ||
481 | EVP_MD_CTX ctxt; | ||
482 | |||
483 | if (vb == NULL) | ||
484 | return NULL; | ||
485 | for(i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) | ||
486 | { | ||
487 | user = sk_SRP_user_pwd_value(vb->users_pwd, i); | ||
488 | if (strcmp(user->id,username)==0) | ||
489 | return user; | ||
490 | } | ||
491 | if ((vb->seed_key == NULL) || | ||
492 | (vb->default_g == NULL) || | ||
493 | (vb->default_N == NULL)) | ||
494 | return NULL; | ||
495 | |||
496 | /* if the user is unknown we set parameters as well if we have a seed_key */ | ||
497 | |||
498 | if ((user = SRP_user_pwd_new()) == NULL) | ||
499 | return NULL; | ||
500 | |||
501 | SRP_user_pwd_set_gN(user,vb->default_g,vb->default_N); | ||
502 | |||
503 | if (!SRP_user_pwd_set_ids(user,username,NULL)) | ||
504 | goto err; | ||
505 | |||
506 | RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH); | ||
507 | EVP_MD_CTX_init(&ctxt); | ||
508 | EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); | ||
509 | EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key)); | ||
510 | EVP_DigestUpdate(&ctxt, username, strlen(username)); | ||
511 | EVP_DigestFinal_ex(&ctxt, digs, NULL); | ||
512 | EVP_MD_CTX_cleanup(&ctxt); | ||
513 | if (SRP_user_pwd_set_sv_BN(user, BN_bin2bn(digs,SHA_DIGEST_LENGTH,NULL), BN_bin2bn(digv,SHA_DIGEST_LENGTH, NULL))) | ||
514 | return user; | ||
515 | |||
516 | err: SRP_user_pwd_free(user); | ||
517 | return NULL; | ||
518 | } | ||
519 | |||
520 | |||
521 | /* | ||
522 | create a verifier (*salt,*verifier,g and N are in base64) | ||
523 | */ | ||
524 | char *SRP_create_verifier(const char *user, const char *pass, char **salt, | ||
525 | char **verifier, const char *N, const char *g) | ||
526 | { | ||
527 | int len; | ||
528 | char * result=NULL; | ||
529 | char *vf; | ||
530 | BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL; | ||
531 | unsigned char tmp[MAX_LEN]; | ||
532 | unsigned char tmp2[MAX_LEN]; | ||
533 | char * defgNid = NULL; | ||
534 | |||
535 | if ((user == NULL)|| | ||
536 | (pass == NULL)|| | ||
537 | (salt == NULL)|| | ||
538 | (verifier == NULL)) | ||
539 | goto err; | ||
540 | |||
541 | if (N) | ||
542 | { | ||
543 | if (!(len = t_fromb64(tmp, N))) goto err; | ||
544 | N_bn = BN_bin2bn(tmp, len, NULL); | ||
545 | if (!(len = t_fromb64(tmp, g))) goto err; | ||
546 | g_bn = BN_bin2bn(tmp, len, NULL); | ||
547 | defgNid = "*"; | ||
548 | } | ||
549 | else | ||
550 | { | ||
551 | SRP_gN * gN = SRP_get_gN_by_id(g, NULL) ; | ||
552 | if (gN == NULL) | ||
553 | goto err; | ||
554 | N_bn = gN->N; | ||
555 | g_bn = gN->g; | ||
556 | defgNid = gN->id; | ||
557 | } | ||
558 | |||
559 | if (*salt == NULL) | ||
560 | { | ||
561 | RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); | ||
562 | |||
563 | s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); | ||
564 | } | ||
565 | else | ||
566 | { | ||
567 | if (!(len = t_fromb64(tmp2, *salt))) | ||
568 | goto err; | ||
569 | s = BN_bin2bn(tmp2, len, NULL); | ||
570 | } | ||
571 | |||
572 | |||
573 | if(!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) goto err; | ||
574 | |||
575 | BN_bn2bin(v,tmp); | ||
576 | if (((vf = OPENSSL_malloc(BN_num_bytes(v)*2)) == NULL)) | ||
577 | goto err; | ||
578 | t_tob64(vf, tmp, BN_num_bytes(v)); | ||
579 | |||
580 | *verifier = vf; | ||
581 | if (*salt == NULL) | ||
582 | { | ||
583 | char *tmp_salt; | ||
584 | if ((tmp_salt = (char *)OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) | ||
585 | { | ||
586 | OPENSSL_free(vf); | ||
587 | goto err; | ||
588 | } | ||
589 | t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN); | ||
590 | *salt = tmp_salt; | ||
591 | } | ||
592 | |||
593 | result=defgNid; | ||
594 | |||
595 | err: | ||
596 | if(N) | ||
597 | { | ||
598 | BN_free(N_bn); | ||
599 | BN_free(g_bn); | ||
600 | } | ||
601 | return result; | ||
602 | } | ||
603 | |||
604 | /* | ||
605 | create a verifier (*salt,*verifier,g and N are BIGNUMs) | ||
606 | */ | ||
607 | int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, BIGNUM *N, BIGNUM *g) | ||
608 | { | ||
609 | int result=0; | ||
610 | BIGNUM *x = NULL; | ||
611 | BN_CTX *bn_ctx = BN_CTX_new(); | ||
612 | unsigned char tmp2[MAX_LEN]; | ||
613 | |||
614 | if ((user == NULL)|| | ||
615 | (pass == NULL)|| | ||
616 | (salt == NULL)|| | ||
617 | (verifier == NULL)|| | ||
618 | (N == NULL)|| | ||
619 | (g == NULL)|| | ||
620 | (bn_ctx == NULL)) | ||
621 | goto err; | ||
622 | |||
623 | srp_bn_print(N); | ||
624 | srp_bn_print(g); | ||
625 | |||
626 | if (*salt == NULL) | ||
627 | { | ||
628 | RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); | ||
629 | |||
630 | *salt = BN_bin2bn(tmp2,SRP_RANDOM_SALT_LEN,NULL); | ||
631 | } | ||
632 | |||
633 | x = SRP_Calc_x(*salt,user,pass); | ||
634 | |||
635 | *verifier = BN_new(); | ||
636 | if(*verifier == NULL) goto err; | ||
637 | |||
638 | if (!BN_mod_exp(*verifier,g,x,N,bn_ctx)) | ||
639 | { | ||
640 | BN_clear_free(*verifier); | ||
641 | goto err; | ||
642 | } | ||
643 | |||
644 | srp_bn_print(*verifier); | ||
645 | |||
646 | result=1; | ||
647 | |||
648 | err: | ||
649 | |||
650 | BN_clear_free(x); | ||
651 | BN_CTX_free(bn_ctx); | ||
652 | return result; | ||
653 | } | ||
654 | |||
655 | |||
656 | |||
657 | #endif | ||
diff --git a/src/lib/libcrypto/srp/srptest.c b/src/lib/libcrypto/srp/srptest.c new file mode 100644 index 0000000000..04b66b4544 --- /dev/null +++ b/src/lib/libcrypto/srp/srptest.c | |||
@@ -0,0 +1,162 @@ | |||
1 | #include <openssl/opensslconf.h> | ||
2 | #ifdef OPENSSL_NO_SRP | ||
3 | |||
4 | #include <stdio.h> | ||
5 | |||
6 | int main(int argc, char *argv[]) | ||
7 | { | ||
8 | printf("No SRP support\n"); | ||
9 | return(0); | ||
10 | } | ||
11 | |||
12 | #else | ||
13 | |||
14 | #include <openssl/srp.h> | ||
15 | #include <openssl/rand.h> | ||
16 | #include <openssl/err.h> | ||
17 | |||
18 | static void showbn(const char *name, const BIGNUM *bn) | ||
19 | { | ||
20 | fputs(name, stdout); | ||
21 | fputs(" = ", stdout); | ||
22 | BN_print_fp(stdout, bn); | ||
23 | putc('\n', stdout); | ||
24 | } | ||
25 | |||
26 | #define RANDOM_SIZE 32 /* use 256 bits on each side */ | ||
27 | |||
28 | static int run_srp(const char *username, const char *client_pass, const char *server_pass) | ||
29 | { | ||
30 | int ret=-1; | ||
31 | BIGNUM *s = NULL; | ||
32 | BIGNUM *v = NULL; | ||
33 | BIGNUM *a = NULL; | ||
34 | BIGNUM *b = NULL; | ||
35 | BIGNUM *u = NULL; | ||
36 | BIGNUM *x = NULL; | ||
37 | BIGNUM *Apub = NULL; | ||
38 | BIGNUM *Bpub = NULL; | ||
39 | BIGNUM *Kclient = NULL; | ||
40 | BIGNUM *Kserver = NULL; | ||
41 | unsigned char rand_tmp[RANDOM_SIZE]; | ||
42 | /* use builtin 1024-bit params */ | ||
43 | SRP_gN *GN = SRP_get_default_gN("1024"); | ||
44 | |||
45 | if(GN == NULL) | ||
46 | { | ||
47 | fprintf(stderr, "Failed to get SRP parameters\n"); | ||
48 | return -1; | ||
49 | } | ||
50 | /* Set up server's password entry */ | ||
51 | if(!SRP_create_verifier_BN(username, server_pass, &s, &v, GN->N, GN->g)) | ||
52 | { | ||
53 | fprintf(stderr, "Failed to create SRP verifier\n"); | ||
54 | return -1; | ||
55 | } | ||
56 | |||
57 | showbn("N", GN->N); | ||
58 | showbn("g", GN->g); | ||
59 | showbn("Salt", s); | ||
60 | showbn("Verifier", v); | ||
61 | |||
62 | /* Server random */ | ||
63 | RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp)); | ||
64 | b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); | ||
65 | /* TODO - check b != 0 */ | ||
66 | showbn("b", b); | ||
67 | |||
68 | /* Server's first message */ | ||
69 | Bpub = SRP_Calc_B(b, GN->N, GN->g, v); | ||
70 | showbn("B", Bpub); | ||
71 | |||
72 | if(!SRP_Verify_B_mod_N(Bpub, GN->N)) | ||
73 | { | ||
74 | fprintf(stderr, "Invalid B\n"); | ||
75 | return -1; | ||
76 | } | ||
77 | |||
78 | /* Client random */ | ||
79 | RAND_pseudo_bytes(rand_tmp, sizeof(rand_tmp)); | ||
80 | a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); | ||
81 | /* TODO - check a != 0 */ | ||
82 | showbn("a", a); | ||
83 | |||
84 | /* Client's response */ | ||
85 | Apub = SRP_Calc_A(a, GN->N, GN->g); | ||
86 | showbn("A", Apub); | ||
87 | |||
88 | if(!SRP_Verify_A_mod_N(Apub, GN->N)) | ||
89 | { | ||
90 | fprintf(stderr, "Invalid A\n"); | ||
91 | return -1; | ||
92 | } | ||
93 | |||
94 | /* Both sides calculate u */ | ||
95 | u = SRP_Calc_u(Apub, Bpub, GN->N); | ||
96 | |||
97 | /* Client's key */ | ||
98 | x = SRP_Calc_x(s, username, client_pass); | ||
99 | Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); | ||
100 | showbn("Client's key", Kclient); | ||
101 | |||
102 | /* Server's key */ | ||
103 | Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); | ||
104 | showbn("Server's key", Kserver); | ||
105 | |||
106 | if(BN_cmp(Kclient, Kserver) == 0) | ||
107 | { | ||
108 | ret = 0; | ||
109 | } | ||
110 | else | ||
111 | { | ||
112 | fprintf(stderr, "Keys mismatch\n"); | ||
113 | ret = 1; | ||
114 | } | ||
115 | |||
116 | BN_clear_free(Kclient); | ||
117 | BN_clear_free(Kserver); | ||
118 | BN_clear_free(x); | ||
119 | BN_free(u); | ||
120 | BN_free(Apub); | ||
121 | BN_clear_free(a); | ||
122 | BN_free(Bpub); | ||
123 | BN_clear_free(b); | ||
124 | BN_free(s); | ||
125 | BN_clear_free(v); | ||
126 | |||
127 | return ret; | ||
128 | } | ||
129 | |||
130 | int main(int argc, char **argv) | ||
131 | { | ||
132 | BIO *bio_err; | ||
133 | bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); | ||
134 | |||
135 | CRYPTO_malloc_debug_init(); | ||
136 | CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); | ||
137 | CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); | ||
138 | |||
139 | ERR_load_crypto_strings(); | ||
140 | |||
141 | /* "Negative" test, expect a mismatch */ | ||
142 | if(run_srp("alice", "password1", "password2") == 0) | ||
143 | { | ||
144 | fprintf(stderr, "Mismatched SRP run failed\n"); | ||
145 | return 1; | ||
146 | } | ||
147 | |||
148 | /* "Positive" test, should pass */ | ||
149 | if(run_srp("alice", "password", "password") != 0) | ||
150 | { | ||
151 | fprintf(stderr, "Plain SRP run failed\n"); | ||
152 | return 1; | ||
153 | } | ||
154 | |||
155 | CRYPTO_cleanup_all_ex_data(); | ||
156 | ERR_remove_thread_state(NULL); | ||
157 | ERR_free_strings(); | ||
158 | CRYPTO_mem_leaks(bio_err); | ||
159 | |||
160 | return 0; | ||
161 | } | ||
162 | #endif | ||