| 1 | /* |
| 2 | * Copyright (c) 1997-1999 The Stanford SRP Authentication Project |
| 3 | * All Rights Reserved. |
| 4 | * |
| 5 | * Permission is hereby granted, free of charge, to any person obtaining |
| 6 | * a copy of this software and associated documentation files (the |
| 7 | * "Software"), to deal in the Software without restriction, including |
| 8 | * without limitation the rights to use, copy, modify, merge, publish, |
| 9 | * distribute, sublicense, and/or sell copies of the Software, and to |
| 10 | * permit persons to whom the Software is furnished to do so, subject to |
| 11 | * the following conditions: |
| 12 | * |
| 13 | * The above copyright notice and this permission notice shall be |
| 14 | * included in all copies or substantial portions of the Software. |
| 15 | * |
| 16 | * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, |
| 17 | * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY |
| 18 | * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. |
| 19 | * |
| 20 | * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, |
| 21 | * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER |
| 22 | * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF |
| 23 | * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT |
| 24 | * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 25 | * |
| 26 | * In addition, the following conditions apply: |
| 27 | * |
| 28 | * 1. Any software that incorporates the SRP authentication technology |
| 29 | * must display the following acknowlegment: |
| 30 | * "This product uses the 'Secure Remote Password' cryptographic |
| 31 | * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." |
| 32 | * |
| 33 | * 2. Any software that incorporates all or part of the SRP distribution |
| 34 | * itself must also display the following acknowledgment: |
| 35 | * "This product includes software developed by Tom Wu and Eugene |
| 36 | * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." |
| 37 | * |
| 38 | * 3. Redistributions in source or binary form must retain an intact copy |
| 39 | * of this copyright notice and list of conditions. |
| 40 | */ |
| 41 | |
| 42 | #ifndef T_SERVER_H |
| 43 | #define T_SERVER_H |
| 44 | |
| 45 | #include "t_sha.h" |
| 46 | |
| 47 | #if !defined(P) |
| 48 | #ifdef __STDC__ |
| 49 | #define P(x) x |
| 50 | #else |
| 51 | #define P(x) () |
| 52 | #endif |
| 53 | #endif |
| 54 | |
| 55 | #ifndef _DLLDECL |
| 56 | #define _DLLDECL |
| 57 | |
| 58 | #ifdef MSVC15 /* MSVC1.5 support for 16 bit apps */ |
| 59 | #define _MSVC15EXPORT _export |
| 60 | #define _MSVC20EXPORT |
| 61 | #define _DLLAPI _export _pascal |
| 62 | #define _TYPE(a) a _MSVC15EXPORT |
| 63 | #define DLLEXPORT 1 |
| 64 | |
| 65 | #elif MSVC20 |
| 66 | #define _MSVC15EXPORT |
| 67 | #define _MSVC20EXPORT _declspec(dllexport) |
| 68 | #define _DLLAPI |
| 69 | #define _TYPE(a) _MSVC20EXPORT a |
| 70 | #define DLLEXPORT 1 |
| 71 | |
| 72 | #else /* Default, non-dll. Use this for Unix or DOS */ |
| 73 | #define _MSVC15DEXPORT |
| 74 | #define _MSVC20EXPORT |
| 75 | #define _DLLAPI |
| 76 | #define _TYPE(a) a |
| 77 | #endif |
| 78 | #endif |
| 79 | |
| 80 | #define BLEN 32 |
| 81 | |
| 82 | struct t_server { |
| 83 | int index; |
| 84 | struct t_num n; |
| 85 | struct t_num g; |
| 86 | struct t_num v; |
| 87 | struct t_num s; |
| 88 | |
| 89 | struct t_num b; |
| 90 | struct t_num B; |
| 91 | |
| 92 | SHA1_CTX oldhash, hash, oldckhash, ckhash; |
| 93 | |
| 94 | unsigned char session_key[SESSION_KEY_LEN]; |
| 95 | unsigned char session_response[RESPONSE_LEN]; |
| 96 | |
| 97 | unsigned char nbuf[MAXPARAMLEN], gbuf[MAXPARAMLEN], vbuf[MAXPARAMLEN]; |
| 98 | unsigned char saltbuf[MAXSALTLEN], bbuf[BLEN], Bbuf[MAXPARAMLEN]; |
| 99 | }; |
| 100 | |
| 101 | /* |
| 102 | * SRP server-side negotiation |
| 103 | * |
| 104 | * This code negotiates the server side of an SRP exchange. |
| 105 | * "t_serveropen" accepts a username (sent by the client), a pointer |
| 106 | * to an open password file, and a pointer to an open configuration |
| 107 | * file. The server should then call... |
| 108 | * "t_servergenexp" will generate a random 256-bit exponent and |
| 109 | * raise g (from the configuration file) to that power, returning |
| 110 | * the result. This result should be sent to the client as y(p). |
| 111 | * "t_servergetkey" accepts the exponential w(p), which should be |
| 112 | * sent by the client, and computes the 256-bit session key. |
| 113 | * This data should be saved before the session is closed. |
| 114 | * "t_serverresponse" computes the session key proof as SHA(w(p), K). |
| 115 | * "t_serverclose" closes the session and frees its memory. |
| 116 | * |
| 117 | * Note that authentication is not performed per se; it is up |
| 118 | * to either/both sides of the protocol to now verify securely |
| 119 | * that their session keys agree in order to establish authenticity. |
| 120 | * One possible way is through "oracle hashing"; one side sends |
| 121 | * r, the other replies with H(r,K), where H() is a hash function. |
| 122 | * |
| 123 | * t_serverresponse and t_serververify now implement a version of |
| 124 | * the session-key verification described above. |
| 125 | */ |
| 126 | _TYPE( struct t_server * ) |
| 127 | t_serveropen P((const char *)); |
| 128 | _TYPE( struct t_server * ) |
| 129 | t_serveropenfromfiles P((const char *, struct t_pw *, struct t_conf *)); |
| 130 | _TYPE( struct t_server * ) |
| 131 | t_serveropenraw P((struct t_pwent *, struct t_confent *)); |
| 132 | _TYPE( struct t_num * ) t_servergenexp P((struct t_server *)); |
| 133 | _TYPE( unsigned char * ) t_servergetkey P((struct t_server *, struct t_num *)); |
| 134 | _TYPE( int ) t_serververify P((struct t_server *, unsigned char *)); |
| 135 | _TYPE( unsigned char * ) t_serverresponse P((struct t_server *)); |
| 136 | _TYPE( void ) t_serverclose P((struct t_server *)); |
| 137 | |
| 138 | #endif |
| 139 | |
