more srp related fixes. No longer fails authentication if wrong username

is provided.

6 files changed, 83 insertions, 28 deletions

diff --git a/lib/auth_srp.c b/lib/auth_srp.c
index 12429eb9b7..5c667b1ac3 100644
--- a/lib/auth_srp.c
+++ b/lib/auth_srp.c
@@ -78,7 +78,8 @@ int gen_srp_server_kx(GNUTLS_KEY key, opaque ** data)
 	pwd_entry = _gnutls_srp_pwd_read_entry( key, key->username);
 
 	if (pwd_entry == NULL) {
-		return GNUTLS_E_PWD_ERROR;
+		pwd_entry = _gnutls_randomize_pwd_entry();
+		/* return GNUTLS_E_PWD_ERROR; */
 	}
 
 	pwd_algo = (uint8) pwd_entry->algorithm;
@@ -99,6 +100,11 @@ int gen_srp_server_kx(GNUTLS_KEY key, opaque ** data)
 
 	/* copy G (generator) to data */
 	data_g = (*data);
+
+	/* but first copy the algorithm used to generate the verifier */
+	memcpy( data_g, &pwd_algo, 1);
+	data_g++;
+	
 	gcry_mpi_print(GCRYMPI_FMT_USG, &data_g[2], &n_g, G);
 	_n_g = n_g;
 #ifndef WORDS_BIGENDIAN
@@ -132,11 +138,8 @@ int gen_srp_server_kx(GNUTLS_KEY key, opaque ** data)
 	memcpy(data_s, &_n_s, 2);
 #endif
 
-	/* copy the algorithm used to generate the verifier */
-	memcpy( &data_s[2+n_s], &pwd_algo, 1);
-
 	ret = n_g + n_n + pwd_entry->salt_size + 6 + 1;
-	gnutls_free(pwd_entry);
+	_gnutls_srp_clear_pwd_entry(pwd_entry);
 
 	return ret;
 }
@@ -248,7 +251,10 @@ int proc_srp_server_kx(GNUTLS_KEY key, opaque * data, int data_size)
 	if (username == NULL || password == NULL)
 		return GNUTLS_E_INSUFICIENT_CRED;
 
-	i = 0;
+/* read the algorithm used to generate V */
+	memcpy( &pwd_algo, data, 1);
+
+	i = 1;
 	memcpy(&n_g, &data[i], 2);
 	i += 2;
 #ifndef WORDS_BIGENDIAN
@@ -298,9 +304,6 @@ int proc_srp_server_kx(GNUTLS_KEY key, opaque * data, int data_size)
 		return GNUTLS_E_MPI_SCAN_FAILED;
 	}
 
-/* read the algorithm used to generate V */
-	memcpy( &pwd_algo, &data_s[n_s], 1);
-
 	/* generate x = SHA(s | SHA(U | ":" | p))
 	 * (or the equivalent using bcrypt)
 	 */
diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c
index 47e4f3506d..e60b6f0c84 100644
--- a/lib/auth_srp_passwd.c
+++ b/lib/auth_srp_passwd.c
@@ -27,6 +27,8 @@
 #include "auth_srp_passwd.h"
 #include "auth_srp.h"
 #include "gnutls_auth_int.h"
+#include "gnutls_srp.h"
+#include "gnutls_random.h"
 
 static int pwd_put_values( GNUTLS_SRP_PWD_ENTRY *entry, char *str, int str_size) {
 char * p;
@@ -154,6 +156,7 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( GNUTLS_KEY key, char* username
 
 	fd = fopen( cred->password_file, "r");
 	if (fd==NULL) {
+		gnutls_assert();
 		gnutls_free(entry);
 		return NULL;
 	}
@@ -176,3 +179,43 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( GNUTLS_KEY key, char* username
 	return NULL;
 	
 }
+
+#define RND_SALT_SIZE 16
+GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() {
+	GNUTLS_SRP_PWD_ENTRY * pwd_entry = gnutls_malloc(sizeof(GNUTLS_SRP_PWD_ENTRY));
+	size_t n = sizeof diffie_hellman_group1_prime;
+	opaque * rand;
+	
+	pwd_entry->g = gcry_mpi_set_ui(NULL, SRP_G);
+	pwd_entry->v = gcry_mpi_new(160);
+    gcry_mpi_randomize( pwd_entry->v, 160, GCRY_WEAK_RANDOM);
+
+	if (gcry_mpi_scan(&pwd_entry->n, GCRYMPI_FMT_USG,
+                          diffie_hellman_group1_prime, &n)) {
+                gnutls_assert();
+   	        return NULL;
+	}
+
+	pwd_entry->salt_size = RND_SALT_SIZE;
+	rand = _gnutls_get_random(RND_SALT_SIZE, GNUTLS_WEAK_RANDOM);
+	pwd_entry->salt = gnutls_malloc(RND_SALT_SIZE);
+	memcpy( pwd_entry->salt, rand, RND_SALT_SIZE);
+	_gnutls_free_rand( rand);
+	
+	pwd_entry->algorithm = 0;
+
+	return pwd_entry;
+}
+
+void _gnutls_srp_clear_pwd_entry( GNUTLS_SRP_PWD_ENTRY * entry) {
+	mpi_release(entry->v);
+	mpi_release(entry->g);
+	mpi_release(entry->n);
+	
+	gnutls_free(entry->salt);
+	gnutls_free(entry->username);
+	
+	gnutls_free(entry);
+	
+	return;
+}
diff --git a/lib/auth_srp_passwd.h b/lib/auth_srp_passwd.h
index b83ce0cc5a..e686cb57cb 100644
--- a/lib/auth_srp_passwd.h
+++ b/lib/auth_srp_passwd.h
@@ -2,7 +2,7 @@ typedef struct {
 	char* username;
 	int algorithm;
 	
-	opaque* salt;
+	opaque *salt;
 	int salt_size;
 	
 	MPI v;
@@ -10,6 +10,7 @@ typedef struct {
 	MPI n;
 } GNUTLS_SRP_PWD_ENTRY;
 
-/* this is localy alocated. It should be freed */
+/* this is localy alocated. It should be freed using the provided function */
 GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( GNUTLS_KEY key, char* username);
-
+void _gnutls_srp_clear_pwd_entry( GNUTLS_SRP_PWD_ENTRY * entry);
+GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry();
diff --git a/lib/ext_srp.c b/lib/ext_srp.c
index 14c43c6a4b..3b5222bcc0 100644
--- a/lib/ext_srp.c
+++ b/lib/ext_srp.c
@@ -24,10 +24,12 @@
 #include "auth_srp.h"
 
 int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_size) {
-	if (data_size > 0) {
-		state->gnutls_key->username = gnutls_malloc(data_size+1);
-		memcpy(state->gnutls_key->username, data, data_size);
-		state->gnutls_key->username[data_size]=0; /* null terminated */
+	if (state->security_parameters.entity == GNUTLS_SERVER) {
+		if (data_size > 0) {
+			state->gnutls_key->username = gnutls_malloc(data_size+1);
+			memcpy(state->gnutls_key->username, data, data_size);
+			state->gnutls_key->username[data_size]=0; /* null terminated */
+		}
 	}
 	return 0;
 }
@@ -36,16 +38,18 @@ int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_si
  * data is allocated localy
  */
 int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) {
-	/* this functions sends the server extension data */
-SRP_CLIENT_CREDENTIALS* cred = _gnutls_get_kx_cred( state->gnutls_key, GNUTLS_KX_SRP);
+	/* this function sends the client extension data (username) */
+	if (state->security_parameters.entity == GNUTLS_CLIENT) {
+		SRP_CLIENT_CREDENTIALS* cred = _gnutls_get_kx_cred( state->gnutls_key, GNUTLS_KX_SRP);
 
-	(*data) = NULL;
+		(*data) = NULL;
 
-	if (cred==NULL) return 0;
+		if (cred==NULL) return 0;
 
-	if (cred->username!=NULL) { /* send username */
-		(*data) = strdup( cred->username);
-		return strlen( cred->username);
+		if (cred->username!=NULL) { /* send username */
+			(*data) = strdup( cred->username);
+			return strlen( cred->username);
+		}
 	}
 	return 0;
 }
diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c
index 5b4634e49d..6f87b35b5d 100644
--- a/lib/gnutls_srp.c
+++ b/lib/gnutls_srp.c
@@ -22,17 +22,15 @@
 #include <gnutls_int.h>
 #include <gnutls_errors.h>
 #include <crypt_bcrypt.h>
+#include <gnutls_srp.h>
 
 /* Here functions for SRP (like g^x mod n) are defined 
  */
 
 /* Taken from gsti -- this is n 
- * g is defined to be 2
  */
 
-#define SRP_G 2
-
-static const uint8 diffie_hellman_group1_prime[130] = { 0x04, 0x00,
+const uint8 diffie_hellman_group1_prime[130] = { 0x04, 0x00,
 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
 	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
 	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
diff --git a/lib/gnutls_srp.h b/lib/gnutls_srp.h
index 03ea949d30..5e89797c94 100644
--- a/lib/gnutls_srp.h
+++ b/lib/gnutls_srp.h
@@ -3,5 +3,11 @@ MPI _gnutls_calc_srp_B(MPI * ret_b, MPI g, MPI n, MPI v);
 MPI _gnutls_calc_srp_u( MPI B);
 MPI _gnutls_calc_srp_S1(MPI A, MPI b, MPI u, MPI v, MPI n);
 MPI _gnutls_calc_srp_A(MPI *a, MPI g, MPI n);
-void* _gnutls_calc_srp_x( char* username, char* password, opaque* salt, int salt_size, int crypt_algo);
 MPI _gnutls_calc_srp_S2(MPI B, MPI g, MPI x, MPI a, MPI u, MPI n);
+void* _gnutls_calc_srp_x( char* username, char* password, opaque* salt, int salt_size, uint8 crypt_algo);
+
+/* our prime */
+extern const uint8 diffie_hellman_group1_prime[130];
+
+/* g is defined to be 2 */
+#define SRP_G 2