Skip to content

Commit

Permalink
Making SRP_user_pwd functions public
Browse files Browse the repository at this point in the history
Signed-off-by: Antoine Salon <[email protected]>

Reviewed-by: Paul Dale <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from openssl#7522)
  • Loading branch information
Antoine Salon authored and mattcaswell committed Nov 15, 2018
1 parent 51f03f1 commit ebfd055
Show file tree
Hide file tree
Showing 6 changed files with 109 additions and 33 deletions.
26 changes: 15 additions & 11 deletions crypto/srp/srp_vfy.c
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
OPENSSL_free(user_pwd);
}

static SRP_user_pwd *SRP_user_pwd_new(void)
SRP_user_pwd *SRP_user_pwd_new(void)
{
SRP_user_pwd *ret;

Expand All @@ -201,16 +201,18 @@ static SRP_user_pwd *SRP_user_pwd_new(void)
return ret;
}

static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
const BIGNUM *N)
void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
const BIGNUM *N)
{
vinfo->N = N;
vinfo->g = g;
}

static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
const char *info)
int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id,
const char *info)
{
OPENSSL_free(vinfo->id);
OPENSSL_free(vinfo->info);
if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
return 0;
return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
Expand Down Expand Up @@ -243,8 +245,10 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
return 0;
}

static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
int SRP_user_pwd_set0_sv(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
{
BN_free(vinfo->s);
BN_clear_free(vinfo->v);
vinfo->v = v;
vinfo->s = s;
return (vinfo->s != NULL && vinfo->v != NULL);
Expand All @@ -260,8 +264,8 @@ static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
return NULL;

SRP_user_pwd_set_gN(ret, src->g, src->N);
if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
|| !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
if (!SRP_user_pwd_set1_ids(ret, src->id, src->info)
|| !SRP_user_pwd_set0_sv(ret, BN_dup(src->s), BN_dup(src->v))) {
SRP_user_pwd_free(ret);
return NULL;
}
Expand Down Expand Up @@ -446,7 +450,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
goto err;

SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
if (!SRP_user_pwd_set_ids
if (!SRP_user_pwd_set1_ids
(user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
goto err;

Expand Down Expand Up @@ -562,7 +566,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)

SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);

if (!SRP_user_pwd_set_ids(user, username, NULL))
if (!SRP_user_pwd_set1_ids(user, username, NULL))
goto err;

if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
Expand All @@ -576,7 +580,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
goto err;
EVP_MD_CTX_free(ctxt);
ctxt = NULL;
if (SRP_user_pwd_set_sv_BN(user,
if (SRP_user_pwd_set0_sv(user,
BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
return user;
Expand Down
18 changes: 8 additions & 10 deletions doc/man3/SRP_VBASE_new.pod
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@

SRP_VBASE_new,
SRP_VBASE_free,
SRP_user_pwd_free,
SRP_VBASE_init,
SRP_VBASE_add0_user,
SRP_VBASE_get1_by_user,
Expand All @@ -17,7 +16,6 @@ SRP_VBASE_get_by_user

SRP_VBASE *SRP_VBASE_new(char *seed_key);
void SRP_VBASE_free(SRP_VBASE *vb);
void SRP_user_pwd_free(SRP_user_pwd *user_pwd);

int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);

Expand All @@ -28,19 +26,17 @@ SRP_VBASE_get_by_user
=head1 DESCRIPTION

The SRP_VBASE_new() function allocates a structure to store server side SRP
verifier information. If B<seed_key> is not NULL a copy is stored and used to
generate dummy parameters for users that are not found by SRP_VBASE_get1_by_user().
This allows the server to hide the fact that it doesn't have a verifier for a
particular username, as described in section 2.5.1.3 'Unknown SRP' of RFC 5054.
verifier information.
If B<seed_key> is not NULL a copy is stored and used to generate dummy parameters
for users that are not found by SRP_VBASE_get1_by_user(). This allows the server
to hide the fact that it doesn't have a verifier for a particular username,
as described in section 2.5.1.3 'Unknown SRP' of RFC 5054.
The seed string should contain random NUL terminated binary data (therefore
the random data should not contain NUL bytes!).

The SRP_VBASE_free() function frees up the B<vb> structure.
If B<vb> is NULL, nothing is done.

The SRP_user_pwd_free() function frees up the B<user_pwd> structure.
If B<user_pwd> is NULL, nothing is done.

The SRP_VBASE_init() function parses the information in a verifier file and
populates the B<vb> structure.
The verifier file is a text file containing multiple entries, whose format is:
Expand All @@ -50,7 +46,8 @@ Note that the base64 encoding used here is non-standard so it is recommended
to use L<srp(1)> to generate this file.

The SRP_VBASE_add0_user() function adds the B<user_pwd> verifier information
to the B<vb> structure.
to the B<vb> structure. See L<SRP_user_pwd_new(3)> to create and populate this
record.
The library takes ownership of B<user_pwd>, it should not be freed by the caller.

The SRP_VBASE_get1_by_user() function returns the password info for the user
Expand Down Expand Up @@ -81,6 +78,7 @@ SRP_VBASE_add0_user() returns 1 on success and 0 on failure.

L<srp(1)>,
L<SRP_create_verifier(3)>,
L<SRP_user_pwd_new(3)>,
L<SSL_CTX_set_srp_password(3)>

=head1 HISTORY
Expand Down
19 changes: 7 additions & 12 deletions doc/man3/SRP_create_verifier.pod
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ and its use is discouraged.
It is possible to pass NULL as B<N> and an SRP group id as B<g> instead to
load the appropriate gN values (see SRP_get_default_gN()).
If both B<N> and B<g> are NULL the 8192-bit SRP group parameters are used.
The caller is responsible for freeing the allocated *salt and *verifier char*
The caller is responsible for freeing the allocated B<*salt> and B<*verifier>
(use L<OPENSSL_free(3)>).

The SRP_check_known_gN_param() function checks that B<g> and B<N> are valid
Expand Down Expand Up @@ -76,28 +76,23 @@ omitted for clarity):

SRP_VBASE *srpData = SRP_VBASE_new(NULL);

SRP_user_pwd *pwd = (SRP_user_pwd*) OPENSSL_malloc(sizeof(SRP_user_pwd));
SRP_gN *gN = SRP_get_default_gN("8192");

BIGNUM *salt = NULL, *verifier = NULL;
SRP_create_verifier_BN(username, password, &salt, &verifier, gN->N, gN->g);

// TODO: replace with SRP_user_pwd_new()
pwd->id = OPENSSL_strdup(username);
pwd->g = gN->g;
pwd->N = gN->N;
pwd->s = salt;
pwd->v = verifier;
pwd->info = NULL;
SRP_user_pwd *pwd = SRP_user_pwd_new();
SRP_user_pwd_set1_ids(pwd, username, NULL);
SRP_user_pwd_set0_sv(pwd, salt, verifier);
SRP_user_pwd_set_gN(pwd, gN->g, gN->N);

SRP_VBASE_add0_user(srpData, pwd);

=head1 SEE ALSO

L<srp(1)>,
L<BN_new(3)>,
L<OPENSSL_malloc(3)>,
L<SRP_VBASE_new(3)>
L<SRP_VBASE_new(3)>,
L<SRP_user_pwd_new(3)>

=head1 HISTORY

Expand Down
70 changes: 70 additions & 0 deletions doc/man3/SRP_user_pwd_new.pod
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
=pod

=head1 NAME

SRP_user_pwd_new,
SRP_user_pwd_free,
SRP_user_pwd_set1_ids,
SRP_user_pwd_set_gN,
SRP_user_pwd_set0_sv
- Functions to create a record of SRP user verifier information

=head1 SYNOPSIS

#include <openssl/srp.h>

SRP_user_pwd *SRP_user_pwd_new(void);
void SRP_user_pwd_free(SRP_user_pwd *user_pwd);

int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info);
void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N);
int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v);

=head1 DESCRIPTION

The SRP_user_pwd_new() function allocates a structure to store a user verifier
record.

The SRP_user_pwd_free() function frees up the B<user_pwd> structure.
If B<user_pwd> is NULL, nothing is done.

The SRP_user_pwd_set1_ids() function sets the username to B<id> and the optional
user info to B<info> for B<user_pwd>.
The library allocates new copies of B<id> and B<info>, the caller still
owns the original memory.

The SRP_user_pwd_set0_sv() function sets the user salt to B<s> and the verifier
to B<v> for B<user_pwd>.
The library takes ownership of the values, they should not be freed by the caller.

The SRP_user_pwd_set_gN() function sets the SRP group parameters for B<user_pwd>.
The memory is not freed by SRP_user_pwd_free(), the caller must make sure it is
freed once it is no longer used.

=head1 RETURN VALUES

SRP_user_pwd_set1_ids() returns 1 on success and 0 on failure or if B<id> was NULL.

SRP_user_pwd_set0_sv() returns 1 if both B<s> and B<v> are not NULL, 0 otherwise.

=head1 SEE ALSO

L<srp(1)>,
L<SRP_create_verifier(3)>,
L<SRP_VBASE_new(3)>,
L<SSL_CTX_set_srp_password(3)>

=head1 HISTORY

These functions were made public in OpenSSL 1.2.0.

=head1 COPYRIGHT

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
5 changes: 5 additions & 0 deletions include/openssl/srp.h
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,13 @@ typedef struct SRP_user_pwd_st {
char *info;
} SRP_user_pwd;

SRP_user_pwd *SRP_user_pwd_new(void);
void SRP_user_pwd_free(SRP_user_pwd *user_pwd);

void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *N);
int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info);
int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v);

DEFINE_STACK_OF(SRP_user_pwd)

typedef struct SRP_VBASE_st {
Expand Down
4 changes: 4 additions & 0 deletions util/libcrypto.num
Original file line number Diff line number Diff line change
Expand Up @@ -4599,3 +4599,7 @@ EVP_str2ctrl 4552 1_1_2 EXIST::FUNCTION:
EVP_hex2ctrl 4553 1_1_2 EXIST::FUNCTION:
EVP_PKEY_supports_digest_nid 4554 1_1_2 EXIST::FUNCTION:
SRP_VBASE_add0_user 4555 1_1_2 EXIST::FUNCTION:SRP
SRP_user_pwd_new 4556 1_1_2 EXIST::FUNCTION:SRP
SRP_user_pwd_set_gN 4557 1_1_2 EXIST::FUNCTION:SRP
SRP_user_pwd_set1_ids 4558 1_1_2 EXIST::FUNCTION:SRP
SRP_user_pwd_set0_sv 4559 1_1_2 EXIST::FUNCTION:SRP

0 comments on commit ebfd055

Please sign in to comment.