Root/package/ead/src/tinysrp/t_server.c

1/*
2 * Copyright (c) 1997-1999 The Stanford SRP Authentication Project
3 * All Rights Reserved.
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining
6 * a copy of this software and associated documentation files (the
7 * "Software"), to deal in the Software without restriction, including
8 * without limitation the rights to use, copy, modify, merge, publish,
9 * distribute, sublicense, and/or sell copies of the Software, and to
10 * permit persons to whom the Software is furnished to do so, subject to
11 * the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
18 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
19 *
20 * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
21 * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
22 * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
23 * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
24 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
25 *
26 * In addition, the following conditions apply:
27 *
28 * 1. Any software that incorporates the SRP authentication technology
29 * must display the following acknowlegment:
30 * "This product uses the 'Secure Remote Password' cryptographic
31 * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
32 *
33 * 2. Any software that incorporates all or part of the SRP distribution
34 * itself must also display the following acknowledgment:
35 * "This product includes software developed by Tom Wu and Eugene
36 * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
37 *
38 * 3. Redistributions in source or binary form must retain an intact copy
39 * of this copyright notice and list of conditions.
40 */
41
42#include <stdio.h>
43#include "t_defines.h"
44#include "t_pwd.h"
45#include "t_server.h"
46
47_TYPE( struct t_server * )
48t_serveropenraw(ent, tce)
49     struct t_pwent * ent;
50     struct t_confent * tce;
51{
52  struct t_server * ts;
53  unsigned char buf1[SHA_DIGESTSIZE], buf2[SHA_DIGESTSIZE];
54  SHA1_CTX ctxt;
55  int i;
56
57  if((ts = malloc(sizeof(struct t_server))) == 0)
58    return 0;
59
60  SHA1Init(&ts->ckhash);
61
62  ts->index = ent->index;
63  ts->n.len = tce->modulus.len;
64  ts->n.data = ts->nbuf;
65  memcpy(ts->n.data, tce->modulus.data, ts->n.len);
66
67  SHA1Init(&ctxt);
68  SHA1Update(&ctxt, ts->n.data, ts->n.len);
69  SHA1Final(buf1, &ctxt);
70
71  ts->g.len = tce->generator.len;
72  ts->g.data = ts->gbuf;
73  memcpy(ts->g.data, tce->generator.data, ts->g.len);
74
75  SHA1Init(&ctxt);
76  SHA1Update(&ctxt, ts->g.data, ts->g.len);
77  SHA1Final(buf2, &ctxt);
78
79  for(i = 0; i < sizeof(buf1); ++i)
80    buf1[i] ^= buf2[i];
81
82  SHA1Update(&ts->ckhash, buf1, sizeof(buf1));
83
84  SHA1Init(&ctxt);
85  SHA1Update(&ctxt, ent->name, strlen(ent->name));
86  SHA1Final(buf1, &ctxt);
87
88  SHA1Update(&ts->ckhash, buf1, sizeof(buf1));
89
90  ts->v.len = ent->password.len;
91  ts->v.data = ts->vbuf;
92  memcpy(ts->v.data, ent->password.data, ts->v.len);
93
94  ts->s.len = ent->salt.len;
95  ts->s.data = ts->saltbuf;
96  memcpy(ts->s.data, ent->salt.data, ts->s.len);
97
98  SHA1Update(&ts->ckhash, ts->s.data, ts->s.len);
99
100  ts->b.data = ts->bbuf;
101  ts->B.data = ts->Bbuf;
102
103  SHA1Init(&ts->hash);
104  SHA1Init(&ts->oldhash);
105  SHA1Init(&ts->oldckhash);
106
107  return ts;
108}
109
110_TYPE( struct t_num * )
111t_servergenexp(ts)
112     struct t_server * ts;
113{
114  BigInteger b, B, v, n, g;
115
116  if(ts->n.len < BLEN)
117    ts->b.len = ts->n.len;
118  else
119    ts->b.len = BLEN;
120
121  t_random(ts->b.data, ts->b.len);
122  b = BigIntegerFromBytes(ts->b.data, ts->b.len);
123  n = BigIntegerFromBytes(ts->n.data, ts->n.len);
124  g = BigIntegerFromBytes(ts->g.data, ts->g.len);
125  B = BigIntegerFromInt(0);
126  BigIntegerModExp(B, g, b, n);
127
128  v = BigIntegerFromBytes(ts->v.data, ts->v.len);
129  BigIntegerAdd(B, B, v);
130  if(BigIntegerCmp(B, n) > 0)
131    BigIntegerSub(B, B, n);
132
133  ts->B.len = BigIntegerToBytes(B, ts->B.data);
134
135  BigIntegerFree(v);
136  BigIntegerFree(B);
137  BigIntegerFree(b);
138  BigIntegerFree(g);
139  BigIntegerFree(n);
140
141  SHA1Update(&ts->oldckhash, ts->B.data, ts->B.len);
142
143  return &ts->B;
144}
145
146_TYPE( unsigned char * )
147t_servergetkey(ts, clientval)
148     struct t_server * ts;
149     struct t_num * clientval;
150{
151  BigInteger n, v, A, b, prod, res, S;
152  SHA1_CTX ctxt;
153  unsigned char sbuf[MAXPARAMLEN];
154  unsigned char dig[SHA_DIGESTSIZE];
155  unsigned slen;
156  unsigned int u;
157
158  SHA1Update(&ts->ckhash, clientval->data, clientval->len);
159  SHA1Update(&ts->ckhash, ts->B.data, ts->B.len);
160
161  SHA1Init(&ctxt);
162  SHA1Update(&ctxt, ts->B.data, ts->B.len);
163  SHA1Final(dig, &ctxt);
164  u = (dig[0] << 24) | (dig[1] << 16) | (dig[2] << 8) | dig[3];
165
166  SHA1Update(&ts->oldhash, clientval->data, clientval->len);
167  SHA1Update(&ts->hash, clientval->data, clientval->len);
168
169  n = BigIntegerFromBytes(ts->n.data, ts->n.len);
170  b = BigIntegerFromBytes(ts->b.data, ts->b.len);
171  v = BigIntegerFromBytes(ts->v.data, ts->v.len);
172  A = BigIntegerFromBytes(clientval->data, clientval->len);
173
174  prod = BigIntegerFromInt(0);
175  BigIntegerModExpInt(prod, v, u, n);
176  res = BigIntegerFromInt(0);
177  BigIntegerModMul(res, prod, A, n);
178
179  BigIntegerFree(A);
180  BigIntegerFree(v);
181  BigIntegerFree(prod);
182
183  if(BigIntegerCmpInt(res, 1) <= 0) { /* Check for Av^u == 1 (mod n) */
184    BigIntegerFree(res);
185    BigIntegerFree(b);
186    BigIntegerFree(n);
187    return NULL;
188  }
189
190  S = BigIntegerFromInt(0);
191
192  BigIntegerAddInt(S, res, 1);
193  if(BigIntegerCmp(S, n) == 0) { /* Check for Av^u == -1 (mod n) */
194    BigIntegerFree(res);
195    BigIntegerFree(b);
196    BigIntegerFree(n);
197    BigIntegerFree(S);
198    return NULL;
199  }
200
201  BigIntegerModExp(S, res, b, n);
202  slen = BigIntegerToBytes(S, sbuf);
203
204  BigIntegerFree(S);
205  BigIntegerFree(res);
206  BigIntegerFree(b);
207  BigIntegerFree(n);
208
209  t_sessionkey(ts->session_key, sbuf, slen);
210  memset(sbuf, 0, slen);
211
212  SHA1Update(&ts->oldhash, ts->session_key, sizeof(ts->session_key));
213  SHA1Update(&ts->oldckhash, ts->session_key, sizeof(ts->session_key));
214  SHA1Update(&ts->ckhash, ts->session_key, sizeof(ts->session_key));
215
216  return ts->session_key;
217}
218
219_TYPE( int )
220t_serververify(ts, resp)
221    struct t_server * ts;
222    unsigned char * resp;
223{
224  unsigned char expected[SHA_DIGESTSIZE];
225  int i;
226
227  SHA1Final(expected, &ts->oldckhash);
228  i = memcmp(expected, resp, sizeof(expected));
229  if(i == 0) {
230    SHA1Final(ts->session_response, &ts->oldhash);
231    return 0;
232  }
233  SHA1Final(expected, &ts->ckhash);
234  i = memcmp(expected, resp, sizeof(expected));
235  if(i == 0) {
236    SHA1Update(&ts->hash, expected, sizeof(expected));
237    SHA1Update(&ts->hash, ts->session_key, sizeof(ts->session_key));
238    SHA1Final(ts->session_response, &ts->hash);
239  }
240  return i;
241}
242
243_TYPE( unsigned char * )
244t_serverresponse(ts)
245    struct t_server * ts;
246{
247  return ts->session_response;
248}
249
250_TYPE( void )
251t_serverclose(ts)
252     struct t_server * ts;
253{
254  memset(ts->bbuf, 0, sizeof(ts->bbuf));
255  memset(ts->vbuf, 0, sizeof(ts->vbuf));
256  memset(ts->saltbuf, 0, sizeof(ts->saltbuf));
257  memset(ts->session_key, 0, sizeof(ts->session_key));
258  free(ts);
259}
260

Archive Download this file

Branches:
backfire
history
master
release_2010-11-17
release_2010-12-14
release_2011-02-23
release_2011-05-28
release_2011-08-27
release_2011-11-13
release_2012-03-18
release_2012-04-09
release_2012-10-11
uclibc_nptl



interactive