aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-12-31 13:32:37 -0500
committerJack Lloyd <[email protected]>2016-12-31 13:32:37 -0500
commit67dd5f4e44d3c95fe30253a08220b1a5943f4b42 (patch)
tree8edd50ae5645dc33fb2ab0ca26ed4a2703099982
parent656db0a3509706a5a8abc0ce96cf460d82792828 (diff)
Remove SRP6 file support
It turns out SRP6 files use a different base64 alphabet than standard, and additionally Botan's decoding of the group id seems wrong though I haven't verified this second was a bug. In any case this code couldn't parse anything it was supposed to and never could. I had already planned on adding a database backed SRP store and removing this code but the fact that it's actually not functional for purpose suggests it's best to remove this now rather than let someone chance upon it and be endlessly frustrated that it doesn't seem to work because all the verifiers are garbled.
-rw-r--r--news.rst6
-rw-r--r--src/lib/misc/srp6/srp6_files.cpp66
-rw-r--r--src/lib/misc/srp6/srp6_files.h67
3 files changed, 6 insertions, 133 deletions
diff --git a/news.rst b/news.rst
index 7826d2cee..c29150400 100644
--- a/news.rst
+++ b/news.rst
@@ -56,6 +56,12 @@ Version 1.11.35, Not Yet Released
* The deprecated ECB Cipher_Mode class has been removed (GH #756)
+* The class SRP6_Authenticator_File (in srp6_files.h) was meant to parse GnuTLS
+ SRP files. But it was completely untested, and it turns out due to several
+ problems it was completely unable to parse any SRP file correctly. It has
+ been removed, with a future replacement planned that can handle both
+ flat files (in the actual SRP format) or using a SQL database.
+
* Fix tests errors when write access to /dev/urandom is prohibited (GH #748)
Version 1.11.34, 2016-11-28
diff --git a/src/lib/misc/srp6/srp6_files.cpp b/src/lib/misc/srp6/srp6_files.cpp
deleted file mode 100644
index 0e1569a1c..000000000
--- a/src/lib/misc/srp6/srp6_files.cpp
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
-* SRP-6a File Handling
-* (C) 2011 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/srp6_files.h>
-#include <botan/parsing.h>
-#include <botan/base64.h>
-
-namespace Botan {
-
-SRP6_Authenticator_File::SRP6_Authenticator_File(std::istream& in)
- {
- if(!in)
- return; // no entries
-
- while(in.good())
- {
- std::string line;
- std::getline(in, line);
-
- std::vector<std::string> parts = split_on(line, ':');
-
- if(parts.size() != 4)
- throw Decoding_Error("Invalid line in SRP authenticator file");
-
- std::string username = parts[0];
- BigInt v = BigInt::decode(base64_decode(parts[1]));
- std::vector<uint8_t> salt = unlock(base64_decode(parts[2]));
- BigInt group_id_idx = BigInt::decode(base64_decode(parts[3]));
-
- std::string group_id;
-
- if(group_id_idx == 1)
- group_id = "modp/srp/1024";
- else if(group_id_idx == 2)
- group_id = "modp/srp/1536";
- else if(group_id_idx == 3)
- group_id = "modp/srp/2048";
- else
- continue; // unknown group, ignored
-
- m_entries[username] = SRP6_Data(v, salt, group_id);
- }
- }
-
-bool SRP6_Authenticator_File::lookup_user(const std::string& username,
- BigInt& v,
- std::vector<uint8_t>& salt,
- std::string& group_id) const
- {
- std::map<std::string, SRP6_Data>::const_iterator i = m_entries.find(username);
-
- if(i == m_entries.end())
- return false;
-
- v = i->second.v;
- salt = i->second.salt;
- group_id = i->second.group_id;
-
- return true;
- }
-
-}
diff --git a/src/lib/misc/srp6/srp6_files.h b/src/lib/misc/srp6/srp6_files.h
deleted file mode 100644
index 124bfc86a..000000000
--- a/src/lib/misc/srp6/srp6_files.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
-* SRP-6a File Handling
-* (C) 2011 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#ifndef BOTAN_SRP6A_FILES_H__
-#define BOTAN_SRP6A_FILES_H__
-
-#include <botan/bigint.h>
-#include <iosfwd>
-#include <string>
-#include <map>
-
-namespace Botan {
-
-/**
-* A GnuTLS compatible SRP6 authenticator file
-*/
-class BOTAN_DLL SRP6_Authenticator_File
- {
- public:
-
- /**
- * @param input will be read and processed as SRP authenticator file
- */
- explicit SRP6_Authenticator_File(std::istream& input);
-
- /**
- * Looks up a user in the authenticator file.
- * @param username user to look up
- * @param v set to the host's password verifier
- * @param salt set to the user's salt value
- * @param group_id set to the user's group value
- * @return whether a user exists in the authenticator file
- */
- bool lookup_user(const std::string& username,
- BigInt& v,
- std::vector<uint8_t>& salt,
- std::string& group_id) const;
- private:
- struct SRP6_Data
- {
- SRP6_Data() {}
-
- SRP6_Data(const BigInt& v_,
- const std::vector<uint8_t>& salt_,
- const std::string& group_id_) :
- v(v_), salt(salt_), group_id(group_id_) {}
-
- // public member variable:
- BigInt v;
-
- // public member variable:
- std::vector<uint8_t> salt;
-
- // public member variable:
- std::string group_id;
- };
-
- std::map<std::string, SRP6_Data> m_entries;
- };
-
-}
-
-#endif