WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

SRP examples 

srp_gen - generates the verifier for username and password
srp_gen does client and server side work to create and verify proofs
pull/193/head
Sean Parkinson 2020-03-20 12:14:06 +10:00
parent aeedfa36c0
commit 037d296724
7 changed files with 500 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -178,6 +178,8 @@ pk/ED25519/sign_and_verify
pk/ecdh_generate_secret/ecdh_gen_secret
pk/rsa-kg/rsa-kg-sv
pk/dh-pg/dh-pg-ka
pk/srp/srp_gen
pk/srp/srp
wolfCLU/tests/somejunk/*somejunk*.txt

24
pk/srp/Makefile 100644
View File

@ -0,0 +1,24 @@
CC=gcc
WOLFPATH=/usr/local/lib
CFLAGS=-Wall -I$(WOLFPATH)/include -g
#LIBS= -lwolfssl -lm
LIBS= -L$(WOLFPATH)/lib -lwolfssl -lm
all: srp srp_gen
srp.o: srp.c srp_params.h srp_store.h
$(CC) -c -o $@ srp.c $(CFLAGS)
srp_gen.o: srp_gen.c srp_params.h
$(CC) -c -o $@ srp_gen.c $(CFLAGS)
srp: srp.o
$(CC) -o $@ $^ $(CFLAGS) $(LIBS)
srp_gen: srp_gen.o
$(CC) -o $@ $^ $(CFLAGS) $(LIBS)
.PHONY: clean
clean:
rm -f *.der *.x963 *.o srp srp_gen

22
pk/srp/README 100644
View File

@ -0,0 +1,22 @@
Shows examples of how to work with SRP.
srp_gen.c show how to generate a verifier to store on the server.
srp.c shows a client and server.
The build option used for wolfSSL is
```
./configure --enable-srp
```
How to use:
```
./srp_gen wolfssl password > srp_store.h
make
./srp wolfssl password
```

277
pk/srp/srp.c 100644
View File

@ -0,0 +1,277 @@
/* srp.c
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/srp.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include "srp_params.h"
#include "srp_store.h"
#include <stdio.h>
#ifdef WOLFCRYPT_HAVE_SRP
/* Create a client side SRP object */
static int client_init(Srp** srp)
{
int ret = 0;
*srp = XMALLOC(sizeof(Srp), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (*srp == NULL) {
ret = MEMORY_E;
}
if (ret == 0) {
ret = wc_SrpInit(*srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
}
return ret;
}
/* Calcuate the client's public key */
static int client_calc_public(Srp* srp, const char* username, char* password,
byte* salt, word32 saltSz, byte* pubKey,
word32* pubKeySz)
{
int ret;
ret = wc_SrpSetUsername(srp, (byte*)username, XSTRLEN(username));
if (ret == 0) {
ret = wc_SrpSetParams(srp, srp_n_640, sizeof(srp_n_640),
srp_g_640, sizeof(srp_g_640),
salt, saltSz);
}
if (ret == 0) {
ret = wc_SrpSetPassword(srp, (byte*)password, XSTRLEN(password));
}
if (ret == 0) {
ret = wc_SrpGetPublic(srp, pubKey, pubKeySz);
}
return ret;
}
/* Compute the client's proof */
static int client_compute_proof(Srp *srp, byte* clientPubKey,
word32 clientPubKeySz, byte* serverPubKey,
word32 serverPubKeySz, byte* proof,
word32* proofSz)
{
int ret;
ret = wc_SrpComputeKey(srp, clientPubKey, clientPubKeySz, serverPubKey,
serverPubKeySz);
if (ret == 0) {
ret = wc_SrpGetProof(srp, proof, proofSz);
}
return ret;
}
/* Verify the server's proof */
static int client_verify_proof(Srp *srp, byte* proof, word32 proofSz)
{
return wc_SrpVerifyPeersProof(srp, proof, proofSz);
}
/* Create a server side SRP object */
static int server_init(Srp** srp)
{
int ret = 0;
*srp = XMALLOC(sizeof(Srp), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (*srp == NULL) {
ret = MEMORY_E;
}
if (ret == 0) {
ret = wc_SrpInit(*srp, SRP_TYPE_SHA, SRP_SERVER_SIDE);
}
return ret;
}
/* Calcuate the server's public key */
static int server_calc_public(Srp* srp, const char* username, byte* salt,
word32 saltSz, byte* verifier, word32 vSz,
byte* pubKey, word32* pubKeySz)
{
int ret;
ret = wc_SrpSetUsername(srp, (byte*)username, XSTRLEN(username));
if (ret == 0) {
ret = wc_SrpSetParams(srp, srp_n_640, sizeof(srp_n_640),
srp_g_640, sizeof(srp_g_640),
salt, saltSz);
}
if (ret == 0) {
ret = wc_SrpSetVerifier(srp, verifier, vSz);
}
if (ret == 0) {
ret = wc_SrpGetPublic(srp, pubKey, pubKeySz);
}
return ret;
}
/* Check the client's proof and generate the server's proof */
static int server_compute_proof(Srp *srp, byte* clientPubKey,
word32 clientPubKeySz, byte* serverPubKey,
word32 serverPubKeySz, byte* clientProof,
word32 clientProofSz, byte* proof,
word32* proofSz)
{
int ret;
ret = wc_SrpComputeKey(srp, clientPubKey, clientPubKeySz, serverPubKey,
serverPubKeySz);
if (ret == 0) {
ret = wc_SrpVerifyPeersProof(srp, clientProof, clientProofSz);
}
if (ret == 0) {
ret = wc_SrpGetProof(srp, proof, proofSz);
}
return ret;
}
/* Dispose of the SRP object */
static void srp_free(Srp* srp)
{
if (srp != NULL) {
wc_SrpTerm(srp);
XFREE(srp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
}
/* Main entry point. */
int main(int argc, char* argv[])
{
int ret = 0;
Srp* cli = NULL;
Srp* srv = NULL;
char* password = NULL;
char* username = NULL;
byte serverPubKey[80];
word32 serverPubKeySz = (word32)sizeof(serverPubKey);
byte clientPubKey[80];
word32 clientPubKeySz = (word32)sizeof(clientPubKey);
byte clientProof[SRP_MAX_DIGEST_SIZE];
word32 clientProofSz = (word32)sizeof(clientProof);
byte serverProof[SRP_MAX_DIGEST_SIZE];
word32 serverProofSz = (word32)sizeof(serverProof);
if (argc < 3) {
fprintf(stderr, "Usage: srp <username> <password>\n");
return 1;
}
username = argv[1];
password = argv[2];
/* Initialize wolfSSL library. */
wolfSSL_Init();
if (XSTRNCMP(username, srp_username, XSTRLEN(srp_username)) != 0) {
printf("Username does not match stored verfier\n");
ret = -1;
}
if (ret == 0) {
ret = client_init(&cli);
}
if (ret == 0) {
ret = client_calc_public(cli, username, password, (byte*)salt,
sizeof(salt), clientPubKey, &clientPubKeySz);
}
if (ret == 0) {
ret = server_init(&srv);
}
if (ret == 0) {
ret = server_calc_public(srv, username, (byte*)salt, sizeof(salt),
(byte*)verifier, sizeof(verifier),
serverPubKey, &serverPubKeySz);
}
if (ret == 0) {
ret = client_compute_proof(cli, clientPubKey, clientPubKeySz,
serverPubKey, serverPubKeySz, clientProof,
&clientProofSz);
}
if (ret == 0) {
ret = server_compute_proof(srv, clientPubKey, clientPubKeySz,
serverPubKey, serverPubKeySz, clientProof,
clientProofSz, serverProof, &serverProofSz);
if (ret == 0) {
printf("Server verified client proof\n");
}
else {
printf("Server could not verify client proof\n");
}
}
if (ret == 0) {
ret = client_verify_proof(cli, serverProof, serverProofSz);
if (ret == 0) {
printf("Client verified server proof\n");
}
else {
printf("Client could not verify server proof\n");
}
}
srp_free(cli);
srp_free(srv);
/* Cleanup wolfSSL library. */
wolfSSL_Cleanup();
if (ret == 0)
printf("Done\n");
else {
char buffer[80];
printf("Error: %d, %s\n", ret, wolfSSL_ERR_error_string(ret, buffer));
}
return (ret == 0) ? 0 : 1;
}
#else
int main(int argc, char* argv[])
{
(void)argc;
(void)argv;
fprintf(stderr, "Must build wolfSSL with SRP enabled for this example\n");
return 0;
}
#endif

125
pk/srp/srp_gen.c 100644
View File

@ -0,0 +1,125 @@
/* srp_gen.c
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/srp.h>
#include <stdio.h>
#ifdef WOLFCRYPT_HAVE_SRP
#include "srp_params.h"
/* Generate a new random salt */
static int generate_random_salt(byte *buf, word32 size)
{
int ret;
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size);
wc_FreeRng(&rng);
}
return ret;
}
/* Print out the buffer as a C variable */
static void print_buf(char *name, byte* buf, word32 sz)
{
int i;
printf("static const byte %s[%d] = {", name, sz);
for (i = 0; i < (int)sz; i++) {
if ((i % 12) == 0) {
printf("\n ");
}
printf("0x%02x,", buf[i]);
}
printf("\n};\n");
}
int main(int argc, char* argv[])
{
int ret;
Srp srp;
byte salt[20];
byte verifier[80];
word32 vSz = (word32)sizeof(verifier);
char* username;
char* password;
if (argc < 3) {
fprintf(stderr, "usage: %s <username> <password>\n", argv[0]);
return 1;
}
username = argv[1];
password = argv[2];
ret = generate_random_salt(salt, sizeof(salt));
if (ret == 0) {
ret = wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
}
if (ret == 0) {
ret = wc_SrpSetUsername(&srp, (byte*)username, XSTRLEN(username));
if (ret == 0) {
ret = wc_SrpSetParams(&srp, srp_n_640, sizeof(srp_n_640),
srp_g_640, sizeof(srp_g_640),
salt, sizeof(salt));
}
if (ret == 0) {
ret = wc_SrpSetPassword(&srp, (byte*)password, XSTRLEN(password));
}
if (ret == 0) {
ret = wc_SrpGetVerifier(&srp, verifier, &vSz);
}
wc_SrpTerm(&srp);
}
/* Output the details to store on the server */
printf("static const char* srp_username = \"%s\";\n", username);
print_buf("salt", salt, sizeof(salt));
print_buf("verifier", verifier, vSz);
return (ret == 0) ? 0 : 1;
}
#else
int main(int argc, char* argv[])
{
(void)argc;
(void)argv;
fprintf(stderr, "Must build wolfSSL with SRP enabled for this example\n");
return 0;
}
#endif

36
pk/srp/srp_params.h 100644
View File

@ -0,0 +1,36 @@
/* srp_params.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
static const byte srp_n_640[] = {
0xC9, 0x4D, 0x67, 0xEB, 0x5B, 0x1A, 0x23, 0x46, 0xE8, 0xAB, 0x42, 0x2F,
0xC6, 0xA0, 0xED, 0xAE, 0xDA, 0x8C, 0x7F, 0x89, 0x4C, 0x9E, 0xEE, 0xC4,
0x2F, 0x9E, 0xD2, 0x50, 0xFD, 0x7F, 0x00, 0x46, 0xE5, 0xAF, 0x2C, 0xF7,
0x3D, 0x6B, 0x2F, 0xA2, 0x6B, 0xB0, 0x80, 0x33, 0xDA, 0x4D, 0xE3, 0x22,
0xE1, 0x44, 0xE7, 0xA8, 0xE9, 0xB1, 0x2A, 0x0E, 0x46, 0x37, 0xF6, 0x37,
0x1F, 0x34, 0xA2, 0x07, 0x1C, 0x4B, 0x38, 0x36, 0xCB, 0xEE, 0xAB, 0x15,
0x03, 0x44, 0x60, 0xFA, 0xA7, 0xAD, 0xF4, 0x83
};
static const byte srp_g_640[] = {
0x02
};

14
pk/srp/srp_store.h 100644
View File

@ -0,0 +1,14 @@
static const char* srp_username = "wolfssl";
static const byte salt[20] = {
0xb8,0x4d,0x9c,0x1b,0xb0,0x35,0x7b,0xd7,0xf0,0x24,0xbc,0x4b,
0xc6,0x12,0xac,0x44,0x6d,0x2a,0x77,0x02,
};
static const byte verifier[80] = {
0x61,0xb5,0xdf,0xfa,0xa0,0x99,0x54,0x9b,0xf1,0xb7,0x2d,0xf3,
0xfa,0x6d,0xe0,0x96,0x94,0x40,0x10,0x1d,0x3c,0x7a,0xf4,0x11,
0xf8,0x93,0x72,0x21,0xc6,0xcf,0x52,0x7e,0x32,0x82,0x9d,0x0d,
0xcd,0x2c,0x87,0x8e,0x39,0x3e,0x56,0xf2,0x32,0x97,0x9e,0x28,
0xce,0x1a,0x57,0x60,0x05,0x1e,0x2d,0x25,0x6f,0x59,0xcb,0xd9,
0xd0,0x87,0x44,0xbd,0xb5,0xb4,0xeb,0xcf,0xeb,0x94,0xf2,0x96,
0x2d,0xce,0xa9,0x33,0xd0,0xc1,0x10,0x54,
};