mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-29 10:08:59 +00:00
2d86ea2a1d
SVN-Revision: 13738
288 lines
7.5 KiB
C
288 lines
7.5 KiB
C
/*
|
|
* Copyright (c) 1997-1999 The Stanford SRP Authentication Project
|
|
* All Rights Reserved.
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining
|
|
* a copy of this software and associated documentation files (the
|
|
* "Software"), to deal in the Software without restriction, including
|
|
* without limitation the rights to use, copy, modify, merge, publish,
|
|
* distribute, sublicense, and/or sell copies of the Software, and to
|
|
* permit persons to whom the Software is furnished to do so, subject to
|
|
* the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be
|
|
* included in all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
|
|
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
|
|
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
|
*
|
|
* IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
|
|
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
|
|
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
|
|
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
|
|
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
*
|
|
* In addition, the following conditions apply:
|
|
*
|
|
* 1. Any software that incorporates the SRP authentication technology
|
|
* must display the following acknowlegment:
|
|
* "This product uses the 'Secure Remote Password' cryptographic
|
|
* authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)."
|
|
*
|
|
* 2. Any software that incorporates all or part of the SRP distribution
|
|
* itself must also display the following acknowledgment:
|
|
* "This product includes software developed by Tom Wu and Eugene
|
|
* Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)."
|
|
*
|
|
* 3. Redistributions in source or binary form must retain an intact copy
|
|
* of this copyright notice and list of conditions.
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include "t_defines.h"
|
|
#include "t_pwd.h"
|
|
#include "t_client.h"
|
|
#include "t_sha.h"
|
|
|
|
_TYPE( struct t_client * )
|
|
t_clientopen(u, n, g, s)
|
|
const char * u;
|
|
struct t_num * n;
|
|
struct t_num * g;
|
|
struct t_num * s;
|
|
{
|
|
struct t_client * tc;
|
|
unsigned char buf1[SHA_DIGESTSIZE], buf2[SHA_DIGESTSIZE];
|
|
SHA1_CTX ctxt;
|
|
int i, validated;
|
|
struct t_preconf * tpc;
|
|
|
|
BigInteger nn, gg, n12, r;
|
|
|
|
validated = 0;
|
|
if(n->len < MIN_MOD_BYTES)
|
|
return 0;
|
|
for(i = 0; i < t_getprecount(); ++i) {
|
|
tpc = t_getpreparam(i);
|
|
if(tpc->modulus.len == n->len && tpc->generator.len == g->len &&
|
|
memcmp(tpc->modulus.data, n->data, n->len) == 0 &&
|
|
memcmp(tpc->generator.data, g->data, g->len) == 0) {
|
|
validated = 1; /* Match found, done */
|
|
break;
|
|
}
|
|
}
|
|
|
|
if(validated == 0)
|
|
return 0;
|
|
|
|
if((tc = malloc(sizeof(struct t_client))) == 0)
|
|
return 0;
|
|
|
|
strncpy(tc->username, u, MAXUSERLEN);
|
|
|
|
SHA1Init(&tc->hash);
|
|
|
|
tc->n.len = n->len;
|
|
tc->n.data = tc->nbuf;
|
|
memcpy(tc->n.data, n->data, tc->n.len);
|
|
|
|
SHA1Init(&ctxt);
|
|
SHA1Update(&ctxt, tc->n.data, tc->n.len);
|
|
SHA1Final(buf1, &ctxt);
|
|
|
|
tc->g.len = g->len;
|
|
tc->g.data = tc->gbuf;
|
|
memcpy(tc->g.data, g->data, tc->g.len);
|
|
|
|
SHA1Init(&ctxt);
|
|
SHA1Update(&ctxt, tc->g.data, tc->g.len);
|
|
SHA1Final(buf2, &ctxt);
|
|
|
|
for(i = 0; i < sizeof(buf1); ++i)
|
|
buf1[i] ^= buf2[i];
|
|
|
|
SHA1Update(&tc->hash, buf1, sizeof(buf1));
|
|
|
|
SHA1Init(&ctxt);
|
|
SHA1Update(&ctxt, tc->username, strlen(tc->username));
|
|
SHA1Final(buf1, &ctxt);
|
|
|
|
SHA1Update(&tc->hash, buf1, sizeof(buf1));
|
|
|
|
tc->s.len = s->len;
|
|
tc->s.data = tc->sbuf;
|
|
memcpy(tc->s.data, s->data, tc->s.len);
|
|
|
|
SHA1Update(&tc->hash, tc->s.data, tc->s.len);
|
|
|
|
tc->a.data = tc->abuf;
|
|
tc->A.data = tc->Abuf;
|
|
tc->p.data = tc->pbuf;
|
|
tc->v.data = tc->vbuf;
|
|
|
|
SHA1Init(&tc->ckhash);
|
|
|
|
return tc;
|
|
}
|
|
|
|
_TYPE( struct t_num * )
|
|
t_clientgenexp(tc)
|
|
struct t_client * tc;
|
|
{
|
|
BigInteger a, A, n, g;
|
|
|
|
if(tc->n.len < ALEN)
|
|
tc->a.len = tc->n.len;
|
|
else
|
|
tc->a.len = ALEN;
|
|
|
|
t_random(tc->a.data, tc->a.len);
|
|
a = BigIntegerFromBytes(tc->a.data, tc->a.len);
|
|
n = BigIntegerFromBytes(tc->n.data, tc->n.len);
|
|
g = BigIntegerFromBytes(tc->g.data, tc->g.len);
|
|
A = BigIntegerFromInt(0);
|
|
BigIntegerModExp(A, g, a, n);
|
|
tc->A.len = BigIntegerToBytes(A, tc->A.data);
|
|
|
|
BigIntegerFree(A);
|
|
BigIntegerFree(a);
|
|
BigIntegerFree(g);
|
|
BigIntegerFree(n);
|
|
|
|
SHA1Update(&tc->hash, tc->A.data, tc->A.len);
|
|
SHA1Update(&tc->ckhash, tc->A.data, tc->A.len);
|
|
|
|
return &tc->A;
|
|
}
|
|
|
|
_TYPE( void )
|
|
t_clientpasswd(tc, password)
|
|
struct t_client * tc;
|
|
char * password;
|
|
{
|
|
BigInteger n, g, p, v;
|
|
SHA1_CTX ctxt;
|
|
unsigned char dig[SHA_DIGESTSIZE];
|
|
|
|
n = BigIntegerFromBytes(tc->n.data, tc->n.len);
|
|
g = BigIntegerFromBytes(tc->g.data, tc->g.len);
|
|
|
|
SHA1Init(&ctxt);
|
|
SHA1Update(&ctxt, tc->username, strlen(tc->username));
|
|
SHA1Update(&ctxt, ":", 1);
|
|
SHA1Update(&ctxt, password, strlen(password));
|
|
SHA1Final(dig, &ctxt);
|
|
|
|
SHA1Init(&ctxt);
|
|
SHA1Update(&ctxt, tc->s.data, tc->s.len);
|
|
SHA1Update(&ctxt, dig, sizeof(dig));
|
|
SHA1Final(dig, &ctxt);
|
|
|
|
p = BigIntegerFromBytes(dig, sizeof(dig));
|
|
|
|
v = BigIntegerFromInt(0);
|
|
BigIntegerModExp(v, g, p, n);
|
|
|
|
tc->p.len = BigIntegerToBytes(p, tc->p.data);
|
|
BigIntegerFree(p);
|
|
|
|
tc->v.len = BigIntegerToBytes(v, tc->v.data);
|
|
BigIntegerFree(v);
|
|
}
|
|
|
|
_TYPE( unsigned char * )
|
|
t_clientgetkey(tc, serverval)
|
|
struct t_client * tc;
|
|
struct t_num * serverval;
|
|
{
|
|
BigInteger n, B, v, p, a, sum, S;
|
|
unsigned char sbuf[MAXPARAMLEN];
|
|
unsigned char dig[SHA_DIGESTSIZE];
|
|
unsigned slen;
|
|
unsigned int u;
|
|
SHA1_CTX ctxt;
|
|
|
|
SHA1Init(&ctxt);
|
|
SHA1Update(&ctxt, serverval->data, serverval->len);
|
|
SHA1Final(dig, &ctxt);
|
|
u = (dig[0] << 24) | (dig[1] << 16) | (dig[2] << 8) | dig[3];
|
|
if(u == 0)
|
|
return NULL;
|
|
|
|
SHA1Update(&tc->hash, serverval->data, serverval->len);
|
|
|
|
B = BigIntegerFromBytes(serverval->data, serverval->len);
|
|
n = BigIntegerFromBytes(tc->n.data, tc->n.len);
|
|
|
|
if(BigIntegerCmp(B, n) >= 0 || BigIntegerCmpInt(B, 0) == 0) {
|
|
BigIntegerFree(B);
|
|
BigIntegerFree(n);
|
|
return NULL;
|
|
}
|
|
v = BigIntegerFromBytes(tc->v.data, tc->v.len);
|
|
if(BigIntegerCmp(B, v) < 0)
|
|
BigIntegerAdd(B, B, n);
|
|
BigIntegerSub(B, B, v);
|
|
BigIntegerFree(v);
|
|
|
|
a = BigIntegerFromBytes(tc->a.data, tc->a.len);
|
|
p = BigIntegerFromBytes(tc->p.data, tc->p.len);
|
|
|
|
sum = BigIntegerFromInt(0);
|
|
BigIntegerMulInt(sum, p, u);
|
|
BigIntegerAdd(sum, sum, a);
|
|
|
|
BigIntegerFree(p);
|
|
BigIntegerFree(a);
|
|
|
|
S = BigIntegerFromInt(0);
|
|
BigIntegerModExp(S, B, sum, n);
|
|
slen = BigIntegerToBytes(S, sbuf);
|
|
|
|
BigIntegerFree(S);
|
|
BigIntegerFree(sum);
|
|
BigIntegerFree(B);
|
|
BigIntegerFree(n);
|
|
|
|
t_sessionkey(tc->session_key, sbuf, slen);
|
|
memset(sbuf, 0, slen);
|
|
|
|
SHA1Update(&tc->hash, tc->session_key, sizeof(tc->session_key));
|
|
|
|
SHA1Final(tc->session_response, &tc->hash);
|
|
SHA1Update(&tc->ckhash, tc->session_response, sizeof(tc->session_response));
|
|
SHA1Update(&tc->ckhash, tc->session_key, sizeof(tc->session_key));
|
|
|
|
return tc->session_key;
|
|
}
|
|
|
|
_TYPE( int )
|
|
t_clientverify(tc, resp)
|
|
struct t_client * tc;
|
|
unsigned char * resp;
|
|
{
|
|
unsigned char expected[SHA_DIGESTSIZE];
|
|
|
|
SHA1Final(expected, &tc->ckhash);
|
|
return memcmp(expected, resp, sizeof(expected));
|
|
}
|
|
|
|
_TYPE( unsigned char * )
|
|
t_clientresponse(tc)
|
|
struct t_client * tc;
|
|
{
|
|
return tc->session_response;
|
|
}
|
|
|
|
_TYPE( void )
|
|
t_clientclose(tc)
|
|
struct t_client * tc;
|
|
{
|
|
memset(tc->abuf, 0, sizeof(tc->abuf));
|
|
memset(tc->pbuf, 0, sizeof(tc->pbuf));
|
|
memset(tc->vbuf, 0, sizeof(tc->vbuf));
|
|
memset(tc->session_key, 0, sizeof(tc->session_key));
|
|
free(tc);
|
|
}
|