Updated to conform to the latest srp draft (draft-ietf-tls-srp-07).

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2004-05-31 12:15:04 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2004-05-31 12:15:04 +0000
commit: 316d6139cafb839e03b4b6fd62c39399091c3c93 (patch)
tree: 423d75f7e7d865d798a02290ff5b674885201ec3 /libextra
parent: 524960ed3b0fafe57ddfcdb90b9b5e5584c3cc57 (diff)
download: gnutls-316d6139cafb839e03b4b6fd62c39399091c3c93.tar.gz
2 files changed, 45 insertions, 59 deletions
diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c
index 31abf8ffdb..9526679376 100644
--- a/libextra/auth_srp.c
+++ b/libextra/auth_srp.c
@@ -113,11 +113,6 @@ GNUTLS_MPI r = _gnutls_mpi_alloc_like(a);
 
 	_gnutls_mpi_mod( r, a, n);
 	ret = _gnutls_mpi_cmp_ui(r, 0);
-	if (ret != 0) ret = _gnutls_mpi_cmp_ui(r, 1);
-	if (ret != 0) {
-		_gnutls_mpi_sub_ui( r, n, 1);
-		ret = _gnutls_mpi_cmp(a, r);
-	}
 	
 	_gnutls_mpi_release( &r);
 
@@ -181,7 +176,7 @@ int _gnutls_gen_srp_server_kx(gnutls_session session, opaque ** data)
 		return GNUTLS_E_MPI_SCAN_FAILED;
 	}
 
-	/* Calculate:  B = (3v + g^b) % N 
+	/* Calculate:  B = (k*v + g^b) % N 
 	 */
 	B = _gnutls_calc_srp_B( &_b, G, N, V);
 	if (B==NULL) {
@@ -361,8 +356,7 @@ int _gnutls_proc_srp_client_kx(gnutls_session session, opaque * data, size_t _da
 	_gnutls_dump_mpi( "SRP A: ", A);
 	_gnutls_dump_mpi( "SRP B: ", B);
 
-	/* Checks if A % n == 0 or
-	 * A % n == +-1.
+	/* Checks if A % n == 0.
 	 */
 	if ( (ret = check_a_mod_n( A, N)) < 0) {
 		gnutls_assert();
@@ -538,15 +532,7 @@ static int check_g_n( const opaque* g, size_t n_g,
 static int group_check_g_n( GNUTLS_MPI g, GNUTLS_MPI n) 
 {
 GNUTLS_MPI q = NULL, two = NULL, w = NULL;
-int ret, i;
-
-	/* Only allow small generators, to avoid getting stuck
-	 * into checking parameters.
-	 */
-	if (_gnutls_mpi_get_nbits(g) > 4) {
-		gnutls_assert();
-		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-	}
+int ret;
 
 	/* N must be of the form N=2q+1
 	 * where q is also a prime.
@@ -620,28 +606,6 @@ int ret, i;
 		goto error;
 	}
 
-	/* check that g is the smallest generator mod N.
-	 * Actually check if x^q % N == 1 for all 1 < x < g
-	 */
-	i = 2;
-
-	while( _gnutls_mpi_cmp( two, g) != 0) {
-
-		_gnutls_mpi_set_ui( two, i);
-
-		_gnutls_mpi_powm( w, two, q, n);
-
-		_gnutls_mpi_mod( w, w, n);
-		
-		if (_gnutls_mpi_cmp_ui( w, 1) != 0) {
-			gnutls_assert();
-			ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-			goto error;
-		}
-
-		i++;
-	}
-	
 	ret = 0;
 
 error:
diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c
index 3639eb409b..f2d09a5e5a 100644
--- a/libextra/gnutls_srp.c
+++ b/libextra/gnutls_srp.c
@@ -74,16 +74,17 @@ int _gnutls_srp_gx(opaque * text, size_t textsize, opaque ** result, GNUTLS_MPI
 
 
 /****************
- * Choose a random value b and calculate B = (v + g^b) % N.
+ * Choose a random value b and calculate B = (k* v + g^b) % N.
+ * where k == SHA1(N|g)
  * Return: B and if ret_b is not NULL b.
  */
 GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GNUTLS_MPI v)
 {
-	GNUTLS_MPI tmpB, tmpV;
-	GNUTLS_MPI b, B;
+	GNUTLS_MPI tmpB = NULL, tmpV = NULL;
+	GNUTLS_MPI b = NULL, B = NULL, k = NULL;
 	int bits;
 
-	/* calculate:  B = (3v + g^b) % N 
+	/* calculate:  B = (k*v + g^b) % N 
 	 */
 	bits = _gnutls_mpi_get_nbits(n);
 	b = _gnutls_mpi_snew(bits);
@@ -95,8 +96,8 @@ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GN
 	tmpV = _gnutls_mpi_alloc_like(n);
 
 	if (tmpV == NULL) {
-		_gnutls_mpi_release(&b);
-		return NULL;
+		gnutls_assert();
+		goto error;
 	}
 	
 	_gnutls_mpi_randomize(b, bits, GCRY_STRONG_RANDOM);
@@ -104,25 +105,27 @@ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GN
 	tmpB = _gnutls_mpi_snew(bits);
 	if (tmpB==NULL) {
 		gnutls_assert();
-		_gnutls_mpi_release( &b);
-		_gnutls_mpi_release(&tmpV);
-		return NULL;
+		goto error;
 	}
 
 	B = _gnutls_mpi_snew(bits);
-	if (tmpB==NULL) {
+	if (B==NULL) {
 		gnutls_assert();
-		_gnutls_mpi_release( &b);
-		_gnutls_mpi_release( &tmpB);
-		_gnutls_mpi_release(&tmpV);
-		return NULL;
+		goto error;
 	}
 
-	_gnutls_mpi_mul_ui(tmpV, v, 3);
+	k = _gnutls_calc_srp_u( n, g);
+	if (k == NULL) {
+		gnutls_assert();
+		goto error;
+	}
 
+	_gnutls_mpi_mulm(tmpV, k, v, n);
 	_gnutls_mpi_powm(tmpB, g, b, n);
+
 	_gnutls_mpi_addm(B, tmpV, tmpB, n);
 
+	_gnutls_mpi_release( &k);
 	_gnutls_mpi_release(&tmpB);
 	_gnutls_mpi_release(&tmpV);
 
@@ -132,8 +135,19 @@ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GN
 		_gnutls_mpi_release(&b);
 
 	return B;
+
+error:
+	_gnutls_mpi_release( &b);
+	_gnutls_mpi_release( &B);
+	_gnutls_mpi_release( &k);
+	_gnutls_mpi_release( &tmpB);
+	_gnutls_mpi_release(&tmpV);
+	return NULL;
+	
 }
 
+/* This calculates the SHA1(A | B)
+ */
 GNUTLS_MPI _gnutls_calc_srp_u(GNUTLS_MPI A, GNUTLS_MPI B)
 {
 	size_t b_size, a_size;
@@ -178,7 +192,7 @@ GNUTLS_MPI _gnutls_calc_srp_u(GNUTLS_MPI A, GNUTLS_MPI B)
 }
 
 /* S = (A * v^u) ^ b % N 
- * this is our shared key
+ * this is our shared key (server premaster secret)
  */
 GNUTLS_MPI _gnutls_calc_srp_S1(GNUTLS_MPI A, GNUTLS_MPI b, GNUTLS_MPI u, GNUTLS_MPI v, GNUTLS_MPI n)
 {
@@ -287,13 +301,13 @@ int _gnutls_calc_srp_x(char *username, char *password, opaque * salt,
 }
 
 
-/* S = (B - 3*g^x) ^ (a + u * x) % N
- * this is our shared key
+/* S = (B - k*g^x) ^ (a + u * x) % N
+ * this is our shared key (client premaster secret)
  */
 GNUTLS_MPI _gnutls_calc_srp_S2(GNUTLS_MPI B, GNUTLS_MPI g, GNUTLS_MPI x, GNUTLS_MPI a, GNUTLS_MPI u, GNUTLS_MPI n)
 {
 	GNUTLS_MPI S=NULL, tmp1=NULL, tmp2=NULL;
-	GNUTLS_MPI tmp4=NULL, tmp3=NULL;
+	GNUTLS_MPI tmp4=NULL, tmp3=NULL, k = NULL;
 
 	S = _gnutls_mpi_alloc_like(n);
 	if (S==NULL)
@@ -306,8 +320,14 @@ GNUTLS_MPI _gnutls_calc_srp_S2(GNUTLS_MPI B, GNUTLS_MPI g, GNUTLS_MPI x, GNUTLS_
 		goto freeall;
 	}
 
+	k = _gnutls_calc_srp_u( n, g);
+	if (k == NULL) {
+		gnutls_assert();
+		goto freeall;
+	}
+
 	_gnutls_mpi_powm(tmp1, g, x, n); /* g^x */
-	_gnutls_mpi_mul_ui(tmp3, tmp1, 3); /* 3*g^x */
+	_gnutls_mpi_mulm(tmp3, tmp1, k, n); /* k*g^x mod n */
 	_gnutls_mpi_subm(tmp2, B, tmp3, n);
 
 	tmp4 = _gnutls_mpi_alloc_like(n);
@@ -322,10 +342,12 @@ GNUTLS_MPI _gnutls_calc_srp_S2(GNUTLS_MPI B, GNUTLS_MPI g, GNUTLS_MPI x, GNUTLS_
 	_gnutls_mpi_release(&tmp2);
 	_gnutls_mpi_release(&tmp3);
 	_gnutls_mpi_release(&tmp4);
+	_gnutls_mpi_release(&k);
 	
 	return S;
 
 	freeall:
+		_gnutls_mpi_release(&k);
 		_gnutls_mpi_release(&tmp1);
 		_gnutls_mpi_release(&tmp2);
 		_gnutls_mpi_release(&tmp3);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2004-05-31 12:15:04 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2004-05-31 12:15:04 +0000
commit	316d6139cafb839e03b4b6fd62c39399091c3c93 (patch)
tree	423d75f7e7d865d798a02290ff5b674885201ec3 /libextra
parent	524960ed3b0fafe57ddfcdb90b9b5e5584c3cc57 (diff)
download	gnutls-316d6139cafb839e03b4b6fd62c39399091c3c93.tar.gz