Remove references to SHA1 and SHA512 from SRP code

This commit is contained in:
sfan5 2024-01-15 21:20:42 +01:00
parent 2bcebc4e4e
commit b0f76d82c5

@ -56,6 +56,8 @@
//#define CSRP_USE_SHA1 //#define CSRP_USE_SHA1
#define CSRP_USE_SHA256 #define CSRP_USE_SHA256
#define CSRP_MAX_HASH (SHA256_DIGEST_LENGTH)
#define srp_dbg_data(data, datalen, prevtext) ; #define srp_dbg_data(data, datalen, prevtext) ;
/*void srp_dbg_data(unsigned char * data, size_t datalen, char * prevtext) /*void srp_dbg_data(unsigned char * data, size_t datalen, char * prevtext)
{ {
@ -218,7 +220,7 @@ static NGConstant *new_ng(SRP_NGType ng_type, const char *n_hex, const char *g_h
} }
typedef union { typedef union {
SHA_CTX sha; // SHA_CTX sha;
SHA256_CTX sha256; SHA256_CTX sha256;
// SHA512_CTX sha512; // SHA512_CTX sha512;
} HashCTX; } HashCTX;
@ -231,9 +233,9 @@ struct SRPVerifier {
unsigned char *bytes_B; unsigned char *bytes_B;
int authenticated; int authenticated;
unsigned char M[SHA512_DIGEST_LENGTH]; unsigned char M[CSRP_MAX_HASH];
unsigned char H_AMK[SHA512_DIGEST_LENGTH]; unsigned char H_AMK[CSRP_MAX_HASH];
unsigned char session_key[SHA512_DIGEST_LENGTH]; unsigned char session_key[CSRP_MAX_HASH];
}; };
struct SRPUser { struct SRPUser {
@ -252,9 +254,9 @@ struct SRPUser {
unsigned char *password; unsigned char *password;
size_t password_len; size_t password_len;
unsigned char M[SHA512_DIGEST_LENGTH]; unsigned char M[CSRP_MAX_HASH];
unsigned char H_AMK[SHA512_DIGEST_LENGTH]; unsigned char H_AMK[CSRP_MAX_HASH];
unsigned char session_key[SHA512_DIGEST_LENGTH]; unsigned char session_key[CSRP_MAX_HASH];
}; };
static int hash_init(SRP_HashAlgorithm alg, HashCTX *c) static int hash_init(SRP_HashAlgorithm alg, HashCTX *c)
@ -395,7 +397,7 @@ inline static void mpz_subm(
static SRP_Result H_nn( static SRP_Result H_nn(
mpz_t result, SRP_HashAlgorithm alg, const mpz_t N, const mpz_t n1, const mpz_t n2) mpz_t result, SRP_HashAlgorithm alg, const mpz_t N, const mpz_t n1, const mpz_t n2)
{ {
unsigned char buff[SHA512_DIGEST_LENGTH]; unsigned char buff[CSRP_MAX_HASH];
size_t len_N = mpz_num_bytes(N); size_t len_N = mpz_num_bytes(N);
size_t len_n1 = mpz_num_bytes(n1); size_t len_n1 = mpz_num_bytes(n1);
size_t len_n2 = mpz_num_bytes(n2); size_t len_n2 = mpz_num_bytes(n2);
@ -418,7 +420,7 @@ static SRP_Result H_nn(
static SRP_Result H_ns(mpz_t result, SRP_HashAlgorithm alg, const unsigned char *n, static SRP_Result H_ns(mpz_t result, SRP_HashAlgorithm alg, const unsigned char *n,
size_t len_n, const unsigned char *bytes, size_t len_bytes) size_t len_n, const unsigned char *bytes, size_t len_bytes)
{ {
unsigned char buff[SHA512_DIGEST_LENGTH]; unsigned char buff[CSRP_MAX_HASH];
size_t nbytes = len_n + len_bytes; size_t nbytes = len_n + len_bytes;
unsigned char *bin = (unsigned char *)srp_alloc(nbytes); unsigned char *bin = (unsigned char *)srp_alloc(nbytes);
if (!bin) return SRP_ERR; if (!bin) return SRP_ERR;
@ -434,7 +436,7 @@ static int calculate_x(mpz_t result, SRP_HashAlgorithm alg, const unsigned char
size_t salt_len, const char *username, const unsigned char *password, size_t salt_len, const char *username, const unsigned char *password,
size_t password_len) size_t password_len)
{ {
unsigned char ucp_hash[SHA512_DIGEST_LENGTH]; unsigned char ucp_hash[CSRP_MAX_HASH];
HashCTX ctx; HashCTX ctx;
hash_init(alg, &ctx); hash_init(alg, &ctx);
@ -475,10 +477,10 @@ static SRP_Result calculate_M(SRP_HashAlgorithm alg, NGConstant *ng, unsigned ch
const char *I, const unsigned char *s_bytes, size_t s_len, const mpz_t A, const char *I, const unsigned char *s_bytes, size_t s_len, const mpz_t A,
const mpz_t B, const unsigned char *K) const mpz_t B, const unsigned char *K)
{ {
unsigned char H_N[SHA512_DIGEST_LENGTH]; unsigned char H_N[CSRP_MAX_HASH];
unsigned char H_g[SHA512_DIGEST_LENGTH]; unsigned char H_g[CSRP_MAX_HASH];
unsigned char H_I[SHA512_DIGEST_LENGTH]; unsigned char H_I[CSRP_MAX_HASH];
unsigned char H_xor[SHA512_DIGEST_LENGTH]; unsigned char H_xor[CSRP_MAX_HASH];
HashCTX ctx; HashCTX ctx;
size_t i = 0; size_t i = 0;
size_t hash_len = hash_length(alg); size_t hash_len = hash_length(alg);
@ -798,7 +800,7 @@ size_t srp_verifier_get_session_key_length(struct SRPVerifier *ver)
return hash_length(ver->hash_alg); return hash_length(ver->hash_alg);
} }
/* user_M must be exactly SHA512_DIGEST_LENGTH bytes in size */ /* user_M must be exactly CSRP_MAX_HASH bytes in size */
void srp_verifier_verify_session( void srp_verifier_verify_session(
struct SRPVerifier *ver, const unsigned char *user_M, unsigned char **bytes_HAMK) struct SRPVerifier *ver, const unsigned char *user_M, unsigned char **bytes_HAMK)
{ {
@ -944,7 +946,7 @@ error_and_exit:
return SRP_ERR; return SRP_ERR;
} }
/* Output: bytes_M. Buffer length is SHA512_DIGEST_LENGTH */ /* Output: bytes_M. Buffer length is CSRP_MAX_HASH */
void srp_user_process_challenge(struct SRPUser *usr, void srp_user_process_challenge(struct SRPUser *usr,
const unsigned char *bytes_s, size_t len_s, const unsigned char *bytes_s, size_t len_s,
const unsigned char *bytes_B, size_t len_B, const unsigned char *bytes_B, size_t len_B,