Update CSRP-GMP to commit deaa11a7c29a73008

Backports 10 commits, with 8 commits
actually affecting source code:

695822e45d...deaa11a7c2
This commit is contained in:
est31 2016-04-10 04:08:22 +02:00
parent c566a8f2de
commit 9a04dfd0f5
2 changed files with 314 additions and 361 deletions

File diff suppressed because it is too large Load Diff

@ -56,12 +56,10 @@
#ifndef SRP_H #ifndef SRP_H
#define SRP_H #define SRP_H
struct SRPVerifier; struct SRPVerifier;
struct SRPUser; struct SRPUser;
typedef enum typedef enum {
{
SRP_NG_1024, SRP_NG_1024,
SRP_NG_2048, SRP_NG_2048,
SRP_NG_4096, SRP_NG_4096,
@ -69,8 +67,7 @@ typedef enum
SRP_NG_CUSTOM SRP_NG_CUSTOM
} SRP_NGType; } SRP_NGType;
typedef enum typedef enum {
{
/*SRP_SHA1,*/ /*SRP_SHA1,*/
/*SRP_SHA224,*/ /*SRP_SHA224,*/
SRP_SHA256, SRP_SHA256,
@ -78,12 +75,13 @@ typedef enum
SRP_SHA512*/ SRP_SHA512*/
} SRP_HashAlgorithm; } SRP_HashAlgorithm;
typedef enum typedef enum {
{
SRP_OK,
SRP_ERR, SRP_ERR,
SRP_OK,
} SRP_Result; } SRP_Result;
// clang-format off
/* Sets the memory functions used by srp. /* Sets the memory functions used by srp.
* Note: this doesn't set the memory functions used by gmp, * Note: this doesn't set the memory functions used by gmp,
* but it is supported to have different functions for srp and gmp. * but it is supported to have different functions for srp and gmp.
@ -101,17 +99,18 @@ void srp_set_memory_functions(
* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type. * The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type.
* If provided, they must contain ASCII text of the hexidecimal notation. * If provided, they must contain ASCII text of the hexidecimal notation.
* *
* If bytes_s == NULL, it is filled with random data. The caller is responsible for freeing. * If bytes_s == NULL, it is filled with random data.
* The caller is responsible for freeing.
* *
* Returns SRP_OK on success, and SRP_ERR on error. * Returns SRP_OK on success, and SRP_ERR on error.
* bytes_s might be in this case invalid, don't free it. * bytes_s might be in this case invalid, don't free it.
*/ */
SRP_Result srp_create_salted_verification_key( SRP_HashAlgorithm alg, SRP_Result srp_create_salted_verification_key(SRP_HashAlgorithm alg,
SRP_NGType ng_type, const char *username_for_verifier, SRP_NGType ng_type, const char *username_for_verifier,
const unsigned char *password, size_t len_password, const unsigned char *password, size_t len_password,
unsigned char **bytes_s, size_t *len_s, unsigned char **bytes_s, size_t *len_s,
unsigned char **bytes_v, size_t *len_v, unsigned char **bytes_v, size_t *len_v,
const char * n_hex, const char *g_hex ); const char *n_hex, const char *g_hex);
/* Out: bytes_B, len_B. /* Out: bytes_B, len_B.
* *
@ -132,54 +131,54 @@ struct SRPVerifier* srp_verifier_new(SRP_HashAlgorithm alg, SRP_NGType ng_type,
unsigned char** bytes_B, size_t *len_B, unsigned char** bytes_B, size_t *len_B,
const char* n_hex, const char* g_hex); const char* n_hex, const char* g_hex);
// clang-format on
void srp_verifier_delete( struct SRPVerifier* ver ); void srp_verifier_delete(struct SRPVerifier *ver);
// srp_verifier_verify_session must have been called before // srp_verifier_verify_session must have been called before
int srp_verifier_is_authenticated( struct SRPVerifier* ver ); int srp_verifier_is_authenticated(struct SRPVerifier *ver);
const char *srp_verifier_get_username(struct SRPVerifier *ver);
const char * srp_verifier_get_username( struct SRPVerifier* ver );
/* key_length may be null */ /* key_length may be null */
const unsigned char* srp_verifier_get_session_key( struct SRPVerifier* ver, const unsigned char *srp_verifier_get_session_key(
size_t *key_length ); struct SRPVerifier *ver, size_t *key_length);
size_t srp_verifier_get_session_key_length(struct SRPVerifier* ver);
size_t srp_verifier_get_session_key_length(struct SRPVerifier *ver);
/* Verifies session, on success, it writes bytes_HAMK. /* Verifies session, on success, it writes bytes_HAMK.
* user_M must be exactly srp_verifier_get_session_key_length() bytes in size * user_M must be exactly srp_verifier_get_session_key_length() bytes in size
*/ */
void srp_verifier_verify_session( struct SRPVerifier* ver, void srp_verifier_verify_session(
const unsigned char* user_M, unsigned char** bytes_HAMK ); struct SRPVerifier *ver, const unsigned char *user_M, unsigned char **bytes_HAMK);
/*******************************************************************************/ /*******************************************************************************/
/* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type */ /* The n_hex and g_hex parameters should be 0 unless SRP_NG_CUSTOM is used for ng_type */
struct SRPUser *srp_user_new(SRP_HashAlgorithm alg, SRP_NGType ng_type, struct SRPUser *srp_user_new(SRP_HashAlgorithm alg, SRP_NGType ng_type,
const char *username, const char *username_for_verifier, const char *username, const char *username_for_verifier,
const unsigned char *bytes_password, size_t len_password, const unsigned char *bytes_password, size_t len_password, const char *n_hex,
const char *n_hex, const char *g_hex); const char *g_hex);
void srp_user_delete(struct SRPUser * usr); void srp_user_delete(struct SRPUser *usr);
int srp_user_is_authenticated(struct SRPUser * usr); int srp_user_is_authenticated(struct SRPUser *usr);
const char *srp_user_get_username(struct SRPUser *usr);
const char* srp_user_get_username(struct SRPUser * usr);
/* key_length may be null */ /* key_length may be null */
const unsigned char* srp_user_get_session_key(struct SRPUser* usr, size_t* key_length); const unsigned char *srp_user_get_session_key(struct SRPUser *usr, size_t *key_length);
size_t srp_user_get_session_key_length(struct SRPUser* usr); size_t srp_user_get_session_key_length(struct SRPUser *usr);
/* Output: username, bytes_A, len_A. If you don't want it get written, set username to NULL. // clang-format off
/* Output: username, bytes_A, len_A.
* If you don't want it get written, set username to NULL.
* If bytes_a == NULL, random data is used for a. */ * If bytes_a == NULL, random data is used for a. */
SRP_Result srp_user_start_authentication(struct SRPUser* usr, char** username, SRP_Result srp_user_start_authentication(struct SRPUser* usr, char **username,
const unsigned char* bytes_a, size_t len_a, const unsigned char *bytes_a, size_t len_a,
unsigned char** bytes_A, size_t* len_A); unsigned char **bytes_A, size_t* len_A);
/* Output: bytes_M, len_M (len_M may be null and will always be /* Output: bytes_M, len_M (len_M may be null and will always be
* srp_user_get_session_key_length() bytes in size) */ * srp_user_get_session_key_length() bytes in size) */
@ -187,8 +186,9 @@ void srp_user_process_challenge(struct SRPUser *usr,
const unsigned char *bytes_s, size_t len_s, const unsigned char *bytes_s, size_t len_s,
const unsigned char *bytes_B, size_t len_B, const unsigned char *bytes_B, size_t len_B,
unsigned char **bytes_M, size_t *len_M); unsigned char **bytes_M, size_t *len_M);
// clang-format on
/* bytes_HAMK must be exactly srp_user_get_session_key_length() bytes in size */ /* bytes_HAMK must be exactly srp_user_get_session_key_length() bytes in size */
void srp_user_verify_session(struct SRPUser* usr, const unsigned char* bytes_HAMK); void srp_user_verify_session(struct SRPUser *usr, const unsigned char *bytes_HAMK);
#endif /* Include Guard */ #endif /* Include Guard */