OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313
							/* srp.h
 *
 * Copyright (C) 2006-2022 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

/*!
    \file wolfssl/wolfcrypt/srp.h
*/

#ifdef WOLFCRYPT_HAVE_SRP

#ifndef WOLFCRYPT_SRP_H
#define WOLFCRYPT_SRP_H

#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/sha512.h>
#include <wolfssl/wolfcrypt/integer.h>

#ifdef __cplusplus
    extern "C" {
#endif

/* Select the largest available hash for the buffer size. */
#if defined(WOLFSSL_SHA512)
    #define SRP_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE
#elif defined(WOLFSSL_SHA384)
    #define SRP_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE
#elif !defined(NO_SHA256)
    #define SRP_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#elif !defined(NO_SHA)
    #define SRP_MAX_DIGEST_SIZE WC_SHA_DIGEST_SIZE
#else
    #error "You have to have some kind of SHA hash if you want to use SRP."
#endif

/* Set the minimum number of bits acceptable in an SRP modulus */
#define SRP_MODULUS_MIN_BITS 512

/* Set the minimum number of bits acceptable for private keys (RFC 5054) */
#define SRP_PRIVATE_KEY_MIN_BITS 256

/* salt size for SRP password */
#define SRP_SALT_SIZE  16

/**
 * SRP side, client or server.
 */
typedef enum {
    SRP_CLIENT_SIDE  = 0,
    SRP_SERVER_SIDE  = 1,
} SrpSide;

/**
 * SRP hash type, SHA[1|256|384|512].
 */
typedef enum {
        SRP_TYPE_SHA    = 1,
        SRP_TYPE_SHA256 = 2,
        SRP_TYPE_SHA384 = 3,
        SRP_TYPE_SHA512 = 4,
} SrpType;


/**
 * SRP hash struct.
 */
typedef struct {
    byte type;
    union {
        #ifndef NO_SHA
            wc_Sha sha;
        #endif
        #ifndef NO_SHA256
            wc_Sha256 sha256;
        #endif
        #ifdef WOLFSSL_SHA384
            wc_Sha384 sha384;
        #endif
        #ifdef WOLFSSL_SHA512
            wc_Sha512 sha512;
        #endif
    } data;
} SrpHash;

typedef struct Srp {
    SrpSide side;                   /**< Client or Server, @see SrpSide.      */
    SrpType type;                   /**< Hash type, @see SrpType.             */
    byte*   user;                   /**< Username, login.                     */
    word32  userSz;                 /**< Username length.                     */
    byte*   salt;                   /**< Small salt.                          */
    word32  saltSz;                 /**< Salt length.                         */
    mp_int  N;                      /**< Modulus. N = 2q+1, [q, N] are primes.*/
    mp_int  g;                      /**< Generator. A generator modulo N.     */
    byte    k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameter. k = H(N, g)   */
    mp_int  auth;                   /**< Client: x = H(salt + H(user:pswd))   */
                                    /**< Server: v = g ^ x % N                */
    mp_int  priv;                   /**< Private ephemeral value.             */
    SrpHash client_proof;           /**< Client proof. Sent to the Server.    */
    SrpHash server_proof;           /**< Server proof. Sent to the Client.    */
    byte*   key;                    /**< Session key.                         */
    word32  keySz;                  /**< Session key length.                  */
    int (*keyGenFunc_cb) (struct Srp* srp, byte* secret, word32 size);
        /**< Function responsible for generating the session key.             */
        /**< It MUST use XMALLOC with type DYNAMIC_TYPE_SRP to allocate the   */
        /**< key buffer for this structure and set keySz to the buffer size.  */
        /**< The default function used by this implementation is a modified   */
        /**< version of t_mgf1 that uses the proper hash function according   */
        /**< to srp->type.                                                    */
    void*   heap;                   /**< heap hint pointer                    */
} Srp;

/**
 * Initializes the Srp struct for usage.
 *
 * @param[out] srp   the Srp structure to be initialized.
 * @param[in]  type  the hash type to be used.
 * @param[in]  side  the side of the communication.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
WOLFSSL_API int wc_SrpInit(Srp* srp, SrpType type, SrpSide side);
WOLFSSL_API int wc_SrpInit_ex(Srp* srp, SrpType type, SrpSide side,
    void* heap, int devId);

/**
 * Releases the Srp struct resources after usage.
 *
 * @param[in,out] srp    the Srp structure to be terminated.
 */
WOLFSSL_API void wc_SrpTerm(Srp* srp);

/**
 * Sets the username.
 *
 * This function MUST be called after wc_SrpInit.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[in]     username  the buffer containing the username.
 * @param[in]     size      the username size in bytes
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size);


/**
 * Sets the srp parameters based on the username.
 *
 * This function MUST be called after wc_SrpSetUsername.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[in]     N         the Modulus. N = 2q+1, [q, N] are primes.
 * @param[in]     nSz       the N size in bytes.
 * @param[in]     g         the Generator modulo N.
 * @param[in]     gSz       the g size in bytes
 * @param[in]     salt      a small random salt. Specific for each username.
 * @param[in]     saltSz    the salt size in bytes
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
                                          const byte* g,    word32 gSz,
                                          const byte* salt, word32 saltSz);

/**
 * Sets the password.
 *
 * Setting the password does not persists the clear password data in the
 * srp structure. The client calculates x = H(salt + H(user:pswd)) and stores
 * it in the auth field.
 *
 * This function MUST be called after wc_SrpSetParams and is CLIENT SIDE ONLY.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[in]     password  the buffer containing the password.
 * @param[in]     size      the password size in bytes.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size);

/**
 * Sets the verifier.
 *
 * This function MUST be called after wc_SrpSetParams and is SERVER SIDE ONLY.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[in]     verifier  the buffer containing the verifier.
 * @param[in]     size      the verifier size in bytes.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
WOLFSSL_API int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size);

/**
 * Gets the verifier.
 *
 * The client calculates the verifier with v = g ^ x % N.
 * This function MAY be called after wc_SrpSetPassword and is CLIENT SIDE ONLY.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[out]    verifier  the buffer to write the verifier.
 * @param[in,out] size      the buffer size in bytes. Will be updated with the
 *                          verifier size.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size);

/**
 * Sets the private ephemeral value.
 *
 * The private ephemeral value is known as:
 *   a at the client side. a = random()
 *   b at the server side. b = random()
 * This function is handy for unit test cases or if the developer wants to use
 * an external random source to set the ephemeral value.
 * This function MAY be called before wc_SrpGetPublic.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[in]     priv      the ephemeral value.
 * @param[in]     size      the private size in bytes.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size);

/**
 * Gets the public ephemeral value.
 *
 * The public ephemeral value is known as:
 *   A at the client side. A = g ^ a % N
 *   B at the server side. B = (k * v + (g ^ b % N)) % N
 * This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[out]    pub       the buffer to write the public ephemeral value.
 * @param[in,out] size      the the buffer size in bytes. Will be updated with
 *                          the ephemeral value size.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
WOLFSSL_API int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size);


/**
 * Computes the session key.
 *
 * The key can be accessed at srp->key after success.
 *
 * @param[in,out] srp               the Srp structure.
 * @param[in]     clientPubKey      the client's public ephemeral value.
 * @param[in]     clientPubKeySz    the client's public ephemeral value size.
 * @param[in]     serverPubKey      the server's public ephemeral value.
 * @param[in]     serverPubKeySz    the server's public ephemeral value size.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
WOLFSSL_API int wc_SrpComputeKey(Srp* srp,
                                 byte* clientPubKey, word32 clientPubKeySz,
                                 byte* serverPubKey, word32 serverPubKeySz);

/**
 * Gets the proof.
 *
 * This function MUST be called after wc_SrpComputeKey.
 *
 * @param[in,out] srp   the Srp structure.
 * @param[out]    proof the buffer to write the proof.
 * @param[in,out] size  the buffer size in bytes. Will be updated with the
 *                          proof size.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size);

/**
 * Verifies the peers proof.
 *
 * This function MUST be called before wc_SrpGetSessionKey.
 *
 * @param[in,out] srp   the Srp structure.
 * @param[in]     proof the peers proof.
 * @param[in]     size  the proof size in bytes.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size);

#ifdef __cplusplus
   } /* extern "C" */
#endif

#endif /* WOLFCRYPT_SRP_H */
#endif /* WOLFCRYPT_HAVE_SRP */