tlssrp_depr.c 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231
  1. /*
  2. * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright 2005 Nokia. All rights reserved.
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. /*
  11. * This file is to enable backwards compatibility for the SRP features of
  12. * s_client, s_server and ciphers. All of those features are deprecated and will
  13. * eventually disappear. In the meantime, to continue to support them, we
  14. * need to access deprecated SRP APIs.
  15. */
  16. #define OPENSSL_SUPPRESS_DEPRECATED
  17. #include <openssl/bn.h>
  18. #include <openssl/bio.h>
  19. #include <openssl/ssl.h>
  20. #include <openssl/srp.h>
  21. #include "apps_ui.h"
  22. #include "apps.h"
  23. #include "s_apps.h"
  24. static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
  25. {
  26. BN_CTX *bn_ctx = BN_CTX_new();
  27. BIGNUM *p = BN_new();
  28. BIGNUM *r = BN_new();
  29. int ret =
  30. g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
  31. BN_check_prime(N, bn_ctx, NULL) == 1 &&
  32. p != NULL && BN_rshift1(p, N) &&
  33. /* p = (N-1)/2 */
  34. BN_check_prime(p, bn_ctx, NULL) == 1 &&
  35. r != NULL &&
  36. /* verify g^((N-1)/2) == -1 (mod N) */
  37. BN_mod_exp(r, g, p, N, bn_ctx) &&
  38. BN_add_word(r, 1) && BN_cmp(r, N) == 0;
  39. BN_free(r);
  40. BN_free(p);
  41. BN_CTX_free(bn_ctx);
  42. return ret;
  43. }
  44. /*-
  45. * This callback is used here for two purposes:
  46. * - extended debugging
  47. * - making some primality tests for unknown groups
  48. * The callback is only called for a non default group.
  49. *
  50. * An application does not need the call back at all if
  51. * only the standard groups are used. In real life situations,
  52. * client and server already share well known groups,
  53. * thus there is no need to verify them.
  54. * Furthermore, in case that a server actually proposes a group that
  55. * is not one of those defined in RFC 5054, it is more appropriate
  56. * to add the group to a static list and then compare since
  57. * primality tests are rather cpu consuming.
  58. */
  59. static int ssl_srp_verify_param_cb(SSL *s, void *arg)
  60. {
  61. SRP_ARG *srp_arg = (SRP_ARG *)arg;
  62. BIGNUM *N = NULL, *g = NULL;
  63. if (((N = SSL_get_srp_N(s)) == NULL) || ((g = SSL_get_srp_g(s)) == NULL))
  64. return 0;
  65. if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) {
  66. BIO_printf(bio_err, "SRP parameters:\n");
  67. BIO_printf(bio_err, "\tN=");
  68. BN_print(bio_err, N);
  69. BIO_printf(bio_err, "\n\tg=");
  70. BN_print(bio_err, g);
  71. BIO_printf(bio_err, "\n");
  72. }
  73. if (SRP_check_known_gN_param(g, N))
  74. return 1;
  75. if (srp_arg->amp == 1) {
  76. if (srp_arg->debug)
  77. BIO_printf(bio_err,
  78. "SRP param N and g are not known params, going to check deeper.\n");
  79. /*
  80. * The srp_moregroups is a real debugging feature. Implementers
  81. * should rather add the value to the known ones. The minimal size
  82. * has already been tested.
  83. */
  84. if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g))
  85. return 1;
  86. }
  87. BIO_printf(bio_err, "SRP param N and g rejected.\n");
  88. return 0;
  89. }
  90. #define PWD_STRLEN 1024
  91. static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
  92. {
  93. SRP_ARG *srp_arg = (SRP_ARG *)arg;
  94. char *pass = app_malloc(PWD_STRLEN + 1, "SRP password buffer");
  95. PW_CB_DATA cb_tmp;
  96. int l;
  97. cb_tmp.password = (char *)srp_arg->srppassin;
  98. cb_tmp.prompt_info = "SRP user";
  99. if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
  100. BIO_printf(bio_err, "Can't read Password\n");
  101. OPENSSL_free(pass);
  102. return NULL;
  103. }
  104. *(pass + l) = '\0';
  105. return pass;
  106. }
  107. int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg,
  108. int c_debug)
  109. {
  110. if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg->srplogin)) {
  111. BIO_printf(bio_err, "Unable to set SRP username\n");
  112. return 0;
  113. }
  114. srp_arg->msg = c_msg;
  115. srp_arg->debug = c_debug;
  116. SSL_CTX_set_srp_cb_arg(ctx, &srp_arg);
  117. SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
  118. SSL_CTX_set_srp_strength(ctx, srp_arg->strength);
  119. if (c_msg || c_debug || srp_arg->amp == 0)
  120. SSL_CTX_set_srp_verify_param_callback(ctx, ssl_srp_verify_param_cb);
  121. return 1;
  122. }
  123. static char *dummy_srp(SSL *ssl, void *arg)
  124. {
  125. return "";
  126. }
  127. void set_up_dummy_srp(SSL_CTX *ctx)
  128. {
  129. SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
  130. }
  131. /*
  132. * This callback pretends to require some asynchronous logic in order to
  133. * obtain a verifier. When the callback is called for a new connection we
  134. * return with a negative value. This will provoke the accept etc to return
  135. * with an LOOKUP_X509. The main logic of the reinvokes the suspended call
  136. * (which would normally occur after a worker has finished) and we set the
  137. * user parameters.
  138. */
  139. static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
  140. {
  141. srpsrvparm *p = (srpsrvparm *) arg;
  142. int ret = SSL3_AL_FATAL;
  143. if (p->login == NULL && p->user == NULL) {
  144. p->login = SSL_get_srp_username(s);
  145. BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
  146. return -1;
  147. }
  148. if (p->user == NULL) {
  149. BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
  150. goto err;
  151. }
  152. if (SSL_set_srp_server_param
  153. (s, p->user->N, p->user->g, p->user->s, p->user->v,
  154. p->user->info) < 0) {
  155. *ad = SSL_AD_INTERNAL_ERROR;
  156. goto err;
  157. }
  158. BIO_printf(bio_err,
  159. "SRP parameters set: username = \"%s\" info=\"%s\" \n",
  160. p->login, p->user->info);
  161. ret = SSL_ERROR_NONE;
  162. err:
  163. SRP_user_pwd_free(p->user);
  164. p->user = NULL;
  165. p->login = NULL;
  166. return ret;
  167. }
  168. int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm,
  169. char *srpuserseed, char *srp_verifier_file)
  170. {
  171. int ret;
  172. srp_callback_parm->vb = SRP_VBASE_new(srpuserseed);
  173. srp_callback_parm->user = NULL;
  174. srp_callback_parm->login = NULL;
  175. if (srp_callback_parm->vb == NULL) {
  176. BIO_printf(bio_err, "Failed to initialize SRP verifier file \n");
  177. return 0;
  178. }
  179. if ((ret =
  180. SRP_VBASE_init(srp_callback_parm->vb,
  181. srp_verifier_file)) != SRP_NO_ERROR) {
  182. BIO_printf(bio_err,
  183. "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
  184. srp_verifier_file, ret);
  185. return 0;
  186. }
  187. SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
  188. SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
  189. SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
  190. return 1;
  191. }
  192. void lookup_srp_user(srpsrvparm *srp_callback_parm, BIO *bio_s_out)
  193. {
  194. SRP_user_pwd_free(srp_callback_parm->user);
  195. srp_callback_parm->user = SRP_VBASE_get1_by_user(srp_callback_parm->vb,
  196. srp_callback_parm->login);
  197. if (srp_callback_parm->user != NULL)
  198. BIO_printf(bio_s_out, "LOOKUP done %s\n",
  199. srp_callback_parm->user->info);
  200. else
  201. BIO_printf(bio_s_out, "LOOKUP not successful\n");
  202. }