diff options
Diffstat (limited to 'src/constructs/srp6/srp6.cpp')
| -rw-r--r-- | src/constructs/srp6/srp6.cpp | 81 |
1 files changed, 44 insertions, 37 deletions
diff --git a/src/constructs/srp6/srp6.cpp b/src/constructs/srp6/srp6.cpp index 287f0bdfb..f1927b648 100644 --- a/src/constructs/srp6/srp6.cpp +++ b/src/constructs/srp6/srp6.cpp @@ -1,6 +1,6 @@ /* -* SRP-6a -* (C) 2011 Jack Lloyd +* SRP-6a (RFC 5054 compatatible) +* (C) 2011,2012 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -20,7 +20,7 @@ BigInt hash_seq(const std::string& hash_id, const BigInt& in1, const BigInt& in2) { - std::auto_ptr<HashFunction> hash_fn( + std::unique_ptr<HashFunction> hash_fn( global_state().algorithm_factory().make_hash_function(hash_id)); hash_fn->update(BigInt::encode_1363(in1, pad_to)); @@ -29,54 +29,61 @@ BigInt hash_seq(const std::string& hash_id, return BigInt::decode(hash_fn->final()); } -BigInt hash_seq(const std::string& hash_id, - size_t pad_to, - const BigInt& in1, - const BigInt& in2, - const BigInt& in3) - { - std::auto_ptr<HashFunction> hash_fn( - global_state().algorithm_factory().make_hash_function(hash_id)); - - hash_fn->update(BigInt::encode_1363(in1, pad_to)); - hash_fn->update(BigInt::encode_1363(in2, pad_to)); - hash_fn->update(BigInt::encode_1363(in3, pad_to)); - - return BigInt::decode(hash_fn->final()); - } - BigInt compute_x(const std::string& hash_id, const std::string& identifier, const std::string& password, - const MemoryRegion<byte>& salt) + const std::vector<byte>& salt) { - std::auto_ptr<HashFunction> hash_fn( + std::unique_ptr<HashFunction> hash_fn( global_state().algorithm_factory().make_hash_function(hash_id)); hash_fn->update(identifier); hash_fn->update(":"); hash_fn->update(password); - SecureVector<byte> inner_h = hash_fn->final(); + secure_vector<byte> inner_h = hash_fn->final(); hash_fn->update(salt); hash_fn->update(inner_h); - SecureVector<byte> outer_h = hash_fn->final(); + secure_vector<byte> outer_h = hash_fn->final(); return BigInt::decode(outer_h); } } +std::string srp6_group_identifier(const BigInt& N, const BigInt& g) + { + /* + This function assumes that only one 'standard' SRP parameter set has + been defined for a particular bitsize. As of this writing that is the case. + */ + try + { + const std::string group_name = "modp/srp/" + std::to_string(N.bits()); + + DL_Group group(group_name); + + if(group.get_p() == N && group.get_g() == g) + return group_name; + + throw std::runtime_error("Unknown SRP params"); + } + catch(...) + { + throw Invalid_Argument("Bad SRP group parameters"); + } + } + std::pair<BigInt, SymmetricKey> -SRP6_Client_Session:: step1(const std::string& identifier, - const std::string& password, - const std::string& group_id, - const std::string& hash_id, - const MemoryRegion<byte>& salt, - const BigInt& B, - RandomNumberGenerator& rng) +srp6_client_agree(const std::string& identifier, + const std::string& password, + const std::string& group_id, + const std::string& hash_id, + const std::vector<byte>& salt, + const BigInt& B, + RandomNumberGenerator& rng) { DL_Group group(group_id); const BigInt& g = group.get_g(); @@ -89,7 +96,7 @@ SRP6_Client_Session:: step1(const std::string& identifier, BigInt k = hash_seq(hash_id, p_bytes, p, g); - BigInt a(rng, p.bits() - 1); + BigInt a(rng, 256); BigInt A = power_mod(g, a, p); @@ -104,11 +111,11 @@ SRP6_Client_Session:: step1(const std::string& identifier, return std::make_pair(A, Sk); } -BigInt SRP6_Client_Session::generate_verifier(const std::string& identifier, - const std::string& password, - const MemoryRegion<byte>& salt, - const std::string& group_id, - const std::string& hash_id) +BigInt generate_srp6_verifier(const std::string& identifier, + const std::string& password, + const std::vector<byte>& salt, + const std::string& group_id, + const std::string& hash_id) { const BigInt x = compute_x(hash_id, identifier, password, salt); @@ -129,7 +136,7 @@ BigInt SRP6_Server_Session::step1(const BigInt& v, BigInt k = hash_seq(hash_id, p_bytes, p, g); - BigInt b(rng, p.bits() - 1); + BigInt b(rng, 256); B = (v*k + power_mod(g, b, p)) % p; |