diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-05-31 12:15:04 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-05-31 12:15:04 +0000 |
commit | 316d6139cafb839e03b4b6fd62c39399091c3c93 (patch) | |
tree | 423d75f7e7d865d798a02290ff5b674885201ec3 /libextra | |
parent | 524960ed3b0fafe57ddfcdb90b9b5e5584c3cc57 (diff) | |
download | gnutls-316d6139cafb839e03b4b6fd62c39399091c3c93.tar.gz |
Updated to conform to the latest srp draft (draft-ietf-tls-srp-07).
Diffstat (limited to 'libextra')
-rw-r--r-- | libextra/auth_srp.c | 42 | ||||
-rw-r--r-- | libextra/gnutls_srp.c | 62 |
2 files changed, 45 insertions, 59 deletions
diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c index 31abf8ffdb..9526679376 100644 --- a/libextra/auth_srp.c +++ b/libextra/auth_srp.c @@ -113,11 +113,6 @@ GNUTLS_MPI r = _gnutls_mpi_alloc_like(a); _gnutls_mpi_mod( r, a, n); ret = _gnutls_mpi_cmp_ui(r, 0); - if (ret != 0) ret = _gnutls_mpi_cmp_ui(r, 1); - if (ret != 0) { - _gnutls_mpi_sub_ui( r, n, 1); - ret = _gnutls_mpi_cmp(a, r); - } _gnutls_mpi_release( &r); @@ -181,7 +176,7 @@ int _gnutls_gen_srp_server_kx(gnutls_session session, opaque ** data) return GNUTLS_E_MPI_SCAN_FAILED; } - /* Calculate: B = (3v + g^b) % N + /* Calculate: B = (k*v + g^b) % N */ B = _gnutls_calc_srp_B( &_b, G, N, V); if (B==NULL) { @@ -361,8 +356,7 @@ int _gnutls_proc_srp_client_kx(gnutls_session session, opaque * data, size_t _da _gnutls_dump_mpi( "SRP A: ", A); _gnutls_dump_mpi( "SRP B: ", B); - /* Checks if A % n == 0 or - * A % n == +-1. + /* Checks if A % n == 0. */ if ( (ret = check_a_mod_n( A, N)) < 0) { gnutls_assert(); @@ -538,15 +532,7 @@ static int check_g_n( const opaque* g, size_t n_g, static int group_check_g_n( GNUTLS_MPI g, GNUTLS_MPI n) { GNUTLS_MPI q = NULL, two = NULL, w = NULL; -int ret, i; - - /* Only allow small generators, to avoid getting stuck - * into checking parameters. - */ - if (_gnutls_mpi_get_nbits(g) > 4) { - gnutls_assert(); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } +int ret; /* N must be of the form N=2q+1 * where q is also a prime. @@ -620,28 +606,6 @@ int ret, i; goto error; } - /* check that g is the smallest generator mod N. - * Actually check if x^q % N == 1 for all 1 < x < g - */ - i = 2; - - while( _gnutls_mpi_cmp( two, g) != 0) { - - _gnutls_mpi_set_ui( two, i); - - _gnutls_mpi_powm( w, two, q, n); - - _gnutls_mpi_mod( w, w, n); - - if (_gnutls_mpi_cmp_ui( w, 1) != 0) { - gnutls_assert(); - ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - goto error; - } - - i++; - } - ret = 0; error: diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c index 3639eb409b..f2d09a5e5a 100644 --- a/libextra/gnutls_srp.c +++ b/libextra/gnutls_srp.c @@ -74,16 +74,17 @@ int _gnutls_srp_gx(opaque * text, size_t textsize, opaque ** result, GNUTLS_MPI /**************** - * Choose a random value b and calculate B = (v + g^b) % N. + * Choose a random value b and calculate B = (k* v + g^b) % N. + * where k == SHA1(N|g) * Return: B and if ret_b is not NULL b. */ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GNUTLS_MPI v) { - GNUTLS_MPI tmpB, tmpV; - GNUTLS_MPI b, B; + GNUTLS_MPI tmpB = NULL, tmpV = NULL; + GNUTLS_MPI b = NULL, B = NULL, k = NULL; int bits; - /* calculate: B = (3v + g^b) % N + /* calculate: B = (k*v + g^b) % N */ bits = _gnutls_mpi_get_nbits(n); b = _gnutls_mpi_snew(bits); @@ -95,8 +96,8 @@ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GN tmpV = _gnutls_mpi_alloc_like(n); if (tmpV == NULL) { - _gnutls_mpi_release(&b); - return NULL; + gnutls_assert(); + goto error; } _gnutls_mpi_randomize(b, bits, GCRY_STRONG_RANDOM); @@ -104,25 +105,27 @@ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GN tmpB = _gnutls_mpi_snew(bits); if (tmpB==NULL) { gnutls_assert(); - _gnutls_mpi_release( &b); - _gnutls_mpi_release(&tmpV); - return NULL; + goto error; } B = _gnutls_mpi_snew(bits); - if (tmpB==NULL) { + if (B==NULL) { gnutls_assert(); - _gnutls_mpi_release( &b); - _gnutls_mpi_release( &tmpB); - _gnutls_mpi_release(&tmpV); - return NULL; + goto error; } - _gnutls_mpi_mul_ui(tmpV, v, 3); + k = _gnutls_calc_srp_u( n, g); + if (k == NULL) { + gnutls_assert(); + goto error; + } + _gnutls_mpi_mulm(tmpV, k, v, n); _gnutls_mpi_powm(tmpB, g, b, n); + _gnutls_mpi_addm(B, tmpV, tmpB, n); + _gnutls_mpi_release( &k); _gnutls_mpi_release(&tmpB); _gnutls_mpi_release(&tmpV); @@ -132,8 +135,19 @@ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GN _gnutls_mpi_release(&b); return B; + +error: + _gnutls_mpi_release( &b); + _gnutls_mpi_release( &B); + _gnutls_mpi_release( &k); + _gnutls_mpi_release( &tmpB); + _gnutls_mpi_release(&tmpV); + return NULL; + } +/* This calculates the SHA1(A | B) + */ GNUTLS_MPI _gnutls_calc_srp_u(GNUTLS_MPI A, GNUTLS_MPI B) { size_t b_size, a_size; @@ -178,7 +192,7 @@ GNUTLS_MPI _gnutls_calc_srp_u(GNUTLS_MPI A, GNUTLS_MPI B) } /* S = (A * v^u) ^ b % N - * this is our shared key + * this is our shared key (server premaster secret) */ GNUTLS_MPI _gnutls_calc_srp_S1(GNUTLS_MPI A, GNUTLS_MPI b, GNUTLS_MPI u, GNUTLS_MPI v, GNUTLS_MPI n) { @@ -287,13 +301,13 @@ int _gnutls_calc_srp_x(char *username, char *password, opaque * salt, } -/* S = (B - 3*g^x) ^ (a + u * x) % N - * this is our shared key +/* S = (B - k*g^x) ^ (a + u * x) % N + * this is our shared key (client premaster secret) */ GNUTLS_MPI _gnutls_calc_srp_S2(GNUTLS_MPI B, GNUTLS_MPI g, GNUTLS_MPI x, GNUTLS_MPI a, GNUTLS_MPI u, GNUTLS_MPI n) { GNUTLS_MPI S=NULL, tmp1=NULL, tmp2=NULL; - GNUTLS_MPI tmp4=NULL, tmp3=NULL; + GNUTLS_MPI tmp4=NULL, tmp3=NULL, k = NULL; S = _gnutls_mpi_alloc_like(n); if (S==NULL) @@ -306,8 +320,14 @@ GNUTLS_MPI _gnutls_calc_srp_S2(GNUTLS_MPI B, GNUTLS_MPI g, GNUTLS_MPI x, GNUTLS_ goto freeall; } + k = _gnutls_calc_srp_u( n, g); + if (k == NULL) { + gnutls_assert(); + goto freeall; + } + _gnutls_mpi_powm(tmp1, g, x, n); /* g^x */ - _gnutls_mpi_mul_ui(tmp3, tmp1, 3); /* 3*g^x */ + _gnutls_mpi_mulm(tmp3, tmp1, k, n); /* k*g^x mod n */ _gnutls_mpi_subm(tmp2, B, tmp3, n); tmp4 = _gnutls_mpi_alloc_like(n); @@ -322,10 +342,12 @@ GNUTLS_MPI _gnutls_calc_srp_S2(GNUTLS_MPI B, GNUTLS_MPI g, GNUTLS_MPI x, GNUTLS_ _gnutls_mpi_release(&tmp2); _gnutls_mpi_release(&tmp3); _gnutls_mpi_release(&tmp4); + _gnutls_mpi_release(&k); return S; freeall: + _gnutls_mpi_release(&k); _gnutls_mpi_release(&tmp1); _gnutls_mpi_release(&tmp2); _gnutls_mpi_release(&tmp3); |