srp.h 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507
  1. /*!
  2. \ingroup SRP
  3. \brief Initializes the Srp struct for usage.
  4. \return 0 on success.
  5. \return BAD_FUNC_ARG Returns when there's an issue with the arguments such
  6. as srp being null or SrpSide not being SRP_CLIENT_SIDE or SRP_SERVER_SIDE.
  7. \return NOT_COMPILED_IN Returns when a type is passed as an argument but
  8. hasn't been configured in the wolfCrypt build.
  9. \return <0 on error.
  10. \param srp the Srp structure to be initialized.
  11. \param type the hash type to be used.
  12. \param side the side of the communication.
  13. _Example_
  14. \code
  15. Srp srp;
  16. if (wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE) != 0)
  17. {
  18. // Initialization error
  19. }
  20. else
  21. {
  22. wc_SrpTerm(&srp);
  23. }
  24. \endcode
  25. \sa wc_SrpTerm
  26. \sa wc_SrpSetUsername
  27. */
  28. int wc_SrpInit(Srp* srp, SrpType type, SrpSide side);
  29. /*!
  30. \ingroup SRP
  31. \brief Releases the Srp struct resources after usage.
  32. \return none No returns.
  33. \param srp Pointer to the Srp structure to be terminated.
  34. _Example_
  35. \code
  36. Srp srp;
  37. wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
  38. // Use srp
  39. wc_SrpTerm(&srp)
  40. \endcode
  41. \sa wc_SrpInit
  42. */
  43. void wc_SrpTerm(Srp* srp);
  44. /*!
  45. \ingroup SRP
  46. \brief Sets the username. This function MUST be called after wc_SrpInit.
  47. \return 0 Username set successfully.
  48. \return BAD_FUNC_ARG: Return if srp or username is null.
  49. \return MEMORY_E: Returns if there is an issue allocating memory
  50. for srp->user
  51. \return < 0: Error.
  52. \param srp the Srp structure.
  53. \param username the buffer containing the username.
  54. \param size the username size in bytes
  55. _Example_
  56. \code
  57. Srp srp;
  58. byte username[] = "user";
  59. word32 usernameSize = 4;
  60. wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
  61. if(wc_SrpSetUsername(&srp, username, usernameSize) != 0)
  62. {
  63. // Error occurred setting username.
  64. }
  65. wc_SrpTerm(&srp);
  66. \endcode
  67. \sa wc_SrpInit
  68. \sa wc_SrpSetParams
  69. \sa wc_SrpTerm
  70. */
  71. int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size);
  72. /*!
  73. \ingroup SRP
  74. \brief Sets the srp parameters based on the username.. Must be called
  75. after wc_SrpSetUsername.
  76. \return 0 Success
  77. \return BAD_FUNC_ARG Returns if srp, N, g, or salt is null or if nSz < gSz.
  78. \return SRP_CALL_ORDER_E Returns if wc_SrpSetParams is called before
  79. wc_SrpSetUsername.
  80. \return <0 Error
  81. \param srp the Srp structure.
  82. \param N the Modulus. N = 2q+1, [q, N] are primes.
  83. \param nSz the N size in bytes.
  84. \param g the Generator modulo N.
  85. \param gSz the g size in bytes
  86. \param salt a small random salt. Specific for each username.
  87. \param saltSz the salt size in bytes
  88. _Example_
  89. \code
  90. Srp srp;
  91. byte username[] = "user";
  92. word32 usernameSize = 4;
  93. byte N[] = { }; // Contents of byte array N
  94. byte g[] = { }; // Contents of byte array g
  95. byte salt[] = { }; // Contents of byte array salt
  96. wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
  97. wc_SrpSetUsername(&srp, username, usernameSize);
  98. if(wc_SrpSetParams(&srp, N, sizeof(N), g, sizeof(g), salt,
  99. sizeof(salt)) != 0)
  100. {
  101. // Error setting params
  102. }
  103. wc_SrpTerm(&srp);
  104. \endcode
  105. \sa wc_SrpInit
  106. \sa wc_SrpSetUsername
  107. \sa wc_SrpTerm
  108. */
  109. int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
  110. const byte* g, word32 gSz,
  111. const byte* salt, word32 saltSz);
  112. /*!
  113. \ingroup SRP
  114. \brief Sets the password. Setting the password does not persists the
  115. clear password data in the srp structure. The client calculates
  116. x = H(salt + H(user:pswd)) and stores it in the auth field. This function
  117. MUST be called after wc_SrpSetParams and is CLIENT SIDE ONLY.
  118. \return 0 Success
  119. \return BAD_FUNC_ARG Returns if srp or password is null or if srp->side
  120. is not set to SRP_CLIENT_SIDE.
  121. \return SRP_CALL_ORDER_E Returns when wc_SrpSetPassword is called out
  122. of order.
  123. \return <0 Error
  124. \param srp The Srp structure.
  125. \param password The buffer containing the password.
  126. \param size The size of the password in bytes.
  127. _Example_
  128. \code
  129. Srp srp;
  130. byte username[] = "user";
  131. word32 usernameSize = 4;
  132. byte password[] = "password";
  133. word32 passwordSize = 8;
  134. byte N[] = { }; // Contents of byte array N
  135. byte g[] = { }; // Contents of byte array g
  136. byte salt[] = { }; // Contents of byte array salt
  137. wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
  138. wc_SrpSetUsername(&srp, username, usernameSize);
  139. wc_SrpSetParams(&srp, N, sizeof(N), g, sizeof(g), salt, sizeof(salt));
  140. if(wc_SrpSetPassword(&srp, password, passwordSize) != 0)
  141. {
  142. // Error setting password
  143. }
  144. wc_SrpTerm(&srp);
  145. \endcode
  146. \sa wc_SrpInit
  147. \sa wc_SrpSetUsername
  148. \sa wc_SrpSetParams
  149. */
  150. int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size);
  151. /*!
  152. \ingroup SRP
  153. \brief Sets the verifier. This function MUST be called after
  154. wc_SrpSetParams and is SERVER SIDE ONLY.
  155. \return 0 Success
  156. \return BAD_FUNC_ARG Returned if srp or verifier is null or
  157. srp->side is not SRP_SERVER_SIDE.
  158. \return <0 Error
  159. \param srp The Srp structure.
  160. \param verifier The structure containing the verifier.
  161. \param size The verifier size in bytes.
  162. _Example_
  163. \code
  164. Srp srp;
  165. byte username[] = "user";
  166. word32 usernameSize = 4;
  167. byte N[] = { }; // Contents of byte array N
  168. byte g[] = { }; // Contents of byte array g
  169. byte salt[] = { }; // Contents of byte array salt
  170. wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE);
  171. wc_SrpSetUsername(&srp, username, usernameSize);
  172. wc_SrpSetParams(&srp, N, sizeof(N), g, sizeof(g), salt, sizeof(salt))
  173. byte verifier[] = { }; // Contents of some verifier
  174. if(wc_SrpSetVerifier(&srp, verifier, sizeof(verifier)) != 0)
  175. {
  176. // Error setting verifier
  177. }
  178. wc_SrpTerm(&srp);
  179. \endcode
  180. \sa wc_SrpInit
  181. \sa wc_SrpSetParams
  182. \sa wc_SrpGetVerifier
  183. */
  184. int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size);
  185. /*!
  186. \ingroup SRP
  187. \brief Gets the verifier. The client calculates the verifier
  188. with v = g ^ x % N.
  189. This function MAY be called after wc_SrpSetPassword and
  190. is CLIENT SIDE ONLY.
  191. \return 0 Success
  192. \return BAD_FUNC_ARG Returned if srp, verifier or size is null
  193. or if srp->side is not SRP_CLIENT_SIDE.
  194. \return SRP_CALL_ORDER_E Returned if wc_SrpGetVerifier is called
  195. out of order.
  196. \return <0 Error
  197. \param srp The Srp structure.
  198. \param verifier The buffer to write the verifier.
  199. \param size Buffer size in bytes. Updated with the verifier size.
  200. _Example_
  201. \code
  202. Srp srp;
  203. byte username[] = "user";
  204. word32 usernameSize = 4;
  205. byte password[] = "password";
  206. word32 passwordSize = 8;
  207. byte N[] = { }; // Contents of byte array N
  208. byte g[] = { }; // Contents of byte array g
  209. byte salt[] = { }; // Contents of byte array salt
  210. byte v[64];
  211. word32 vSz = 0;
  212. vSz = sizeof(v);
  213. wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
  214. wc_SrpSetUsername(&srp, username, usernameSize);
  215. wc_SrpSetParams(&srp, N, sizeof(N), g, sizeof(g), salt, sizeof(salt))
  216. wc_SrpSetPassword(&srp, password, passwordSize)
  217. if( wc_SrpGetVerifier(&srp, v, &vSz ) != 0)
  218. {
  219. // Error getting verifier
  220. }
  221. wc_SrpTerm(&srp);
  222. \endcode
  223. \sa wc_SrpSetVerifier
  224. \sa wc_SrpSetPassword
  225. */
  226. int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size);
  227. /*!
  228. \ingroup SRP
  229. \brief Sets the private ephemeral value. The private ephemeral value
  230. is known as:
  231. a at the client side. a = random()
  232. b at the server side. b = random()
  233. This function is handy for unit test cases or if the developer wants
  234. to use an external
  235. random source to set the ephemeral value. This function MAY be called
  236. before wc_SrpGetPublic.
  237. \return 0 Success
  238. \return BAD_FUNC_ARG Returned if srp, private, or size is null.
  239. \return SRP_CALL_ORDER_E Returned if wc_SrpSetPrivate is called out
  240. of order.
  241. \return <0 Error
  242. \param srp the Srp structure.
  243. \param priv the ephemeral value.
  244. \param size the private size in bytes.
  245. _Example_
  246. \code
  247. Srp srp;
  248. byte username[] = "user";
  249. word32 usernameSize = 4;
  250. byte N[] = { }; // Contents of byte array N
  251. byte g[] = { }; // Contents of byte array g
  252. byte salt[] = { }; // Contents of byte array salt
  253. byte verifier = { }; // Contents of some verifier
  254. wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE);
  255. wc_SrpSetUsername(&srp, username, usernameSize);
  256. wc_SrpSetParams(&srp, N, sizeof(N), g, sizeof(g), salt, sizeof(salt))
  257. wc_SrpSetVerifier(&srp, verifier, sizeof(verifier))
  258. byte b[] = { }; // Some ephemeral value
  259. if( wc_SrpSetPrivate(&srp, b, sizeof(b)) != 0)
  260. {
  261. // Error setting private ephemeral
  262. }
  263. wc_SrpTerm(&srp);
  264. \endcode
  265. \sa wc_SrpGetPublic
  266. */
  267. int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size);
  268. /*!
  269. \ingroup SRP
  270. \brief Gets the public ephemeral value. The public ephemeral value
  271. is known as:
  272. A at the client side. A = g ^ a % N
  273. B at the server side. B = (k * v + (g ˆ b % N)) % N
  274. This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier.
  275. The function wc_SrpSetPrivate may be called before wc_SrpGetPublic.
  276. \return 0 Success
  277. \return BAD_FUNC_ARG Returned if srp, pub, or size is null.
  278. \return SRP_CALL_ORDER_E Returned if wc_SrpGetPublic is called out
  279. of order.
  280. \return BUFFER_E Returned if size < srp.N.
  281. \return <0 Error
  282. \param srp the Srp structure.
  283. \param pub the buffer to write the public ephemeral value.
  284. \param size the the buffer size in bytes. Will be updated with
  285. the ephemeral value size.
  286. _Example_
  287. \code
  288. Srp srp;
  289. byte username[] = "user";
  290. word32 usernameSize = 4;
  291. byte password[] = "password";
  292. word32 passwordSize = 8;
  293. byte N[] = { }; // Contents of byte array N
  294. byte g[] = { }; // Contents of byte array g
  295. byte salt[] = { }; // Contents of byte array salt
  296. wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
  297. wc_SrpSetUsername(&srp, username, usernameSize);
  298. wc_SrpSetParams(&srp, N, sizeof(N), g, sizeof(g), salt, sizeof(salt));
  299. wc_SrpSetPassword(&srp, password, passwordSize)
  300. byte public[64];
  301. word32 publicSz = 0;
  302. if( wc_SrpGetPublic(&srp, public, &publicSz) != 0)
  303. {
  304. // Error getting public ephemeral
  305. }
  306. wc_SrpTerm(&srp);
  307. \endcode
  308. \sa wc_SrpSetPrivate
  309. \sa wc_SrpSetPassword
  310. \sa wc_SrpSetVerifier
  311. */
  312. int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size);
  313. /*!
  314. \ingroup SRP
  315. \brief Computes the session key. The key can be accessed at
  316. srp->key after success.
  317. \return 0 Success
  318. \return BAD_FUNC_ARG Returned if srp, clientPubKey, or serverPubKey
  319. or if clientPubKeySz or serverPubKeySz is 0.
  320. \return SRP_CALL_ORDER_E Returned if wc_SrpComputeKey is called out
  321. of order.
  322. \return <0 Error
  323. \param srp the Srp structure.
  324. \param clientPubKey the client's public ephemeral value.
  325. \param clientPubKeySz the client's public ephemeral value size.
  326. \param serverPubKey the server's public ephemeral value.
  327. \param serverPubKeySz the server's public ephemeral value size.
  328. _Example_
  329. \code
  330. Srp server;
  331. byte username[] = "user";
  332. word32 usernameSize = 4;
  333. byte password[] = "password";
  334. word32 passwordSize = 8;
  335. byte N[] = { }; // Contents of byte array N
  336. byte g[] = { }; // Contents of byte array g
  337. byte salt[] = { }; // Contents of byte array salt
  338. byte verifier[] = { }; // Contents of some verifier
  339. byte serverPubKey[] = { }; // Contents of server pub key
  340. word32 serverPubKeySize = sizeof(serverPubKey);
  341. byte clientPubKey[64];
  342. word32 clientPubKeySize = 64;
  343. wc_SrpInit(&server, SRP_TYPE_SHA, SRP_SERVER_SIDE);
  344. wc_SrpSetUsername(&server, username, usernameSize);
  345. wc_SrpSetParams(&server, N, sizeof(N), g, sizeof(g), salt, sizeof(salt));
  346. wc_SrpSetVerifier(&server, verifier, sizeof(verifier));
  347. wc_SrpGetPublic(&server, serverPubKey, &serverPubKeySize);
  348. wc_SrpComputeKey(&server, clientPubKey, clientPubKeySz,
  349. serverPubKey, serverPubKeySize)
  350. wc_SrpTerm(&server);
  351. \endcode
  352. \sa wc_SrpGetPublic
  353. */
  354. int wc_SrpComputeKey(Srp* srp,
  355. byte* clientPubKey, word32 clientPubKeySz,
  356. byte* serverPubKey, word32 serverPubKeySz);
  357. /*!
  358. \ingroup SRP
  359. \brief Gets the proof. This function MUST be called after wc_SrpComputeKey.
  360. \return 0 Success
  361. \return BAD_FUNC_ARG Returns if srp, proof, or size is null.
  362. \return BUFFER_E Returns if size is less than the hash size of srp->type.
  363. \return <0 Error
  364. \param srp the Srp structure.
  365. \param proof the peers proof.
  366. \param size the proof size in bytes.
  367. _Example_
  368. \code
  369. Srp cli;
  370. byte clientProof[SRP_MAX_DIGEST_SIZE];
  371. word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
  372. // Initialize Srp following steps from previous examples
  373. if (wc_SrpGetProof(&cli, clientProof, &clientProofSz) != 0)
  374. {
  375. // Error getting proof
  376. }
  377. \endcode
  378. \sa wc_SrpComputeKey
  379. */
  380. int wc_SrpGetProof(Srp* srp, byte* proof, word32* size);
  381. /*!
  382. \ingroup SRP
  383. \brief Verifies the peers proof. This function MUST be called before
  384. wc_SrpGetSessionKey.
  385. \return 0 Success
  386. \return <0 Error
  387. \param srp the Srp structure.
  388. \param proof the peers proof.
  389. \param size the proof size in bytes.
  390. _Example_
  391. \code
  392. Srp cli;
  393. Srp srv;
  394. byte clientProof[SRP_MAX_DIGEST_SIZE];
  395. word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
  396. // Initialize Srp following steps from previous examples
  397. // First get the proof
  398. wc_SrpGetProof(&cli, clientProof, &clientProofSz)
  399. if (wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz) != 0)
  400. {
  401. // Error verifying proof
  402. }
  403. \endcode
  404. \sa wc_SrpGetSessionKey
  405. \sa wc_SrpGetProof
  406. \sa wc_SrpTerm
  407. */
  408. int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size);