From 037d29672424a938090cdaa9f05cc1cfe1584577 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 20 Mar 2020 12:14:06 +1000 Subject: [PATCH] SRP examples srp_gen - generates the verifier for username and password srp_gen does client and server side work to create and verify proofs --- .gitignore | 2 + pk/srp/Makefile | 24 ++++ pk/srp/README | 22 ++++ pk/srp/srp.c | 277 ++++++++++++++++++++++++++++++++++++++++++++ pk/srp/srp_gen.c | 125 ++++++++++++++++++++ pk/srp/srp_params.h | 36 ++++++ pk/srp/srp_store.h | 14 +++ 7 files changed, 500 insertions(+) create mode 100644 pk/srp/Makefile create mode 100644 pk/srp/README create mode 100644 pk/srp/srp.c create mode 100644 pk/srp/srp_gen.c create mode 100644 pk/srp/srp_params.h create mode 100644 pk/srp/srp_store.h diff --git a/.gitignore b/.gitignore index 59935acb..e7dbe1e8 100644 --- a/.gitignore +++ b/.gitignore @@ -178,6 +178,8 @@ pk/ED25519/sign_and_verify pk/ecdh_generate_secret/ecdh_gen_secret pk/rsa-kg/rsa-kg-sv pk/dh-pg/dh-pg-ka +pk/srp/srp_gen +pk/srp/srp wolfCLU/tests/somejunk/*somejunk*.txt diff --git a/pk/srp/Makefile b/pk/srp/Makefile new file mode 100644 index 00000000..c53de4c4 --- /dev/null +++ b/pk/srp/Makefile @@ -0,0 +1,24 @@ +CC=gcc +WOLFPATH=/usr/local/lib +CFLAGS=-Wall -I$(WOLFPATH)/include -g +#LIBS= -lwolfssl -lm +LIBS= -L$(WOLFPATH)/lib -lwolfssl -lm + +all: srp srp_gen + +srp.o: srp.c srp_params.h srp_store.h + $(CC) -c -o $@ srp.c $(CFLAGS) + +srp_gen.o: srp_gen.c srp_params.h + $(CC) -c -o $@ srp_gen.c $(CFLAGS) + +srp: srp.o + $(CC) -o $@ $^ $(CFLAGS) $(LIBS) + +srp_gen: srp_gen.o + $(CC) -o $@ $^ $(CFLAGS) $(LIBS) + +.PHONY: clean + +clean: + rm -f *.der *.x963 *.o srp srp_gen diff --git a/pk/srp/README b/pk/srp/README new file mode 100644 index 00000000..cc0de5f7 --- /dev/null +++ b/pk/srp/README @@ -0,0 +1,22 @@ +Shows examples of how to work with SRP. + +srp_gen.c show how to generate a verifier to store on the server. +srp.c shows a client and server. + +The build option used for wolfSSL is + +``` +./configure --enable-srp +``` + +How to use: + +``` +./srp_gen wolfssl password > srp_store.h + +make + +./srp wolfssl password +``` + + diff --git a/pk/srp/srp.c b/pk/srp/srp.c new file mode 100644 index 00000000..16c589f1 --- /dev/null +++ b/pk/srp/srp.c @@ -0,0 +1,277 @@ +/* srp.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif +#include +#include +#include +#include + +#include "srp_params.h" +#include "srp_store.h" + +#include + +#ifdef WOLFCRYPT_HAVE_SRP + +/* Create a client side SRP object */ +static int client_init(Srp** srp) +{ + int ret = 0; + + *srp = XMALLOC(sizeof(Srp), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (*srp == NULL) { + ret = MEMORY_E; + } + + if (ret == 0) { + ret = wc_SrpInit(*srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE); + } + + return ret; +} + +/* Calcuate the client's public key */ +static int client_calc_public(Srp* srp, const char* username, char* password, + byte* salt, word32 saltSz, byte* pubKey, + word32* pubKeySz) +{ + int ret; + + ret = wc_SrpSetUsername(srp, (byte*)username, XSTRLEN(username)); + if (ret == 0) { + ret = wc_SrpSetParams(srp, srp_n_640, sizeof(srp_n_640), + srp_g_640, sizeof(srp_g_640), + salt, saltSz); + } + if (ret == 0) { + ret = wc_SrpSetPassword(srp, (byte*)password, XSTRLEN(password)); + } + if (ret == 0) { + ret = wc_SrpGetPublic(srp, pubKey, pubKeySz); + } + + return ret; +} + +/* Compute the client's proof */ +static int client_compute_proof(Srp *srp, byte* clientPubKey, + word32 clientPubKeySz, byte* serverPubKey, + word32 serverPubKeySz, byte* proof, + word32* proofSz) +{ + int ret; + + ret = wc_SrpComputeKey(srp, clientPubKey, clientPubKeySz, serverPubKey, + serverPubKeySz); + if (ret == 0) { + ret = wc_SrpGetProof(srp, proof, proofSz); + } + + return ret; +} + +/* Verify the server's proof */ +static int client_verify_proof(Srp *srp, byte* proof, word32 proofSz) +{ + return wc_SrpVerifyPeersProof(srp, proof, proofSz); +} + + +/* Create a server side SRP object */ +static int server_init(Srp** srp) +{ + int ret = 0; + + *srp = XMALLOC(sizeof(Srp), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (*srp == NULL) { + ret = MEMORY_E; + } + + if (ret == 0) { + ret = wc_SrpInit(*srp, SRP_TYPE_SHA, SRP_SERVER_SIDE); + } + + return ret; +} + +/* Calcuate the server's public key */ +static int server_calc_public(Srp* srp, const char* username, byte* salt, + word32 saltSz, byte* verifier, word32 vSz, + byte* pubKey, word32* pubKeySz) +{ + int ret; + + ret = wc_SrpSetUsername(srp, (byte*)username, XSTRLEN(username)); + if (ret == 0) { + ret = wc_SrpSetParams(srp, srp_n_640, sizeof(srp_n_640), + srp_g_640, sizeof(srp_g_640), + salt, saltSz); + } + if (ret == 0) { + ret = wc_SrpSetVerifier(srp, verifier, vSz); + } + if (ret == 0) { + ret = wc_SrpGetPublic(srp, pubKey, pubKeySz); + } + + return ret; +} + +/* Check the client's proof and generate the server's proof */ +static int server_compute_proof(Srp *srp, byte* clientPubKey, + word32 clientPubKeySz, byte* serverPubKey, + word32 serverPubKeySz, byte* clientProof, + word32 clientProofSz, byte* proof, + word32* proofSz) +{ + int ret; + + ret = wc_SrpComputeKey(srp, clientPubKey, clientPubKeySz, serverPubKey, + serverPubKeySz); + if (ret == 0) { + ret = wc_SrpVerifyPeersProof(srp, clientProof, clientProofSz); + } + if (ret == 0) { + ret = wc_SrpGetProof(srp, proof, proofSz); + } + + return ret; +} + +/* Dispose of the SRP object */ +static void srp_free(Srp* srp) +{ + if (srp != NULL) { + wc_SrpTerm(srp); + XFREE(srp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } +} + +/* Main entry point. */ +int main(int argc, char* argv[]) +{ + int ret = 0; + Srp* cli = NULL; + Srp* srv = NULL; + char* password = NULL; + char* username = NULL; + byte serverPubKey[80]; + word32 serverPubKeySz = (word32)sizeof(serverPubKey); + byte clientPubKey[80]; + word32 clientPubKeySz = (word32)sizeof(clientPubKey); + byte clientProof[SRP_MAX_DIGEST_SIZE]; + word32 clientProofSz = (word32)sizeof(clientProof); + byte serverProof[SRP_MAX_DIGEST_SIZE]; + word32 serverProofSz = (word32)sizeof(serverProof); + + if (argc < 3) { + fprintf(stderr, "Usage: srp \n"); + return 1; + } + + username = argv[1]; + password = argv[2]; + + /* Initialize wolfSSL library. */ + wolfSSL_Init(); + + if (XSTRNCMP(username, srp_username, XSTRLEN(srp_username)) != 0) { + printf("Username does not match stored verfier\n"); + ret = -1; + } + + if (ret == 0) { + ret = client_init(&cli); + } + if (ret == 0) { + ret = client_calc_public(cli, username, password, (byte*)salt, + sizeof(salt), clientPubKey, &clientPubKeySz); + } + + + if (ret == 0) { + ret = server_init(&srv); + } + if (ret == 0) { + ret = server_calc_public(srv, username, (byte*)salt, sizeof(salt), + (byte*)verifier, sizeof(verifier), + serverPubKey, &serverPubKeySz); + } + + + if (ret == 0) { + ret = client_compute_proof(cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz, clientProof, + &clientProofSz); + } + + if (ret == 0) { + ret = server_compute_proof(srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz, clientProof, + clientProofSz, serverProof, &serverProofSz); + if (ret == 0) { + printf("Server verified client proof\n"); + } + else { + printf("Server could not verify client proof\n"); + } + } + + if (ret == 0) { + ret = client_verify_proof(cli, serverProof, serverProofSz); + if (ret == 0) { + printf("Client verified server proof\n"); + } + else { + printf("Client could not verify server proof\n"); + } + } + + srp_free(cli); + srp_free(srv); + + /* Cleanup wolfSSL library. */ + wolfSSL_Cleanup(); + + if (ret == 0) + printf("Done\n"); + else { + char buffer[80]; + printf("Error: %d, %s\n", ret, wolfSSL_ERR_error_string(ret, buffer)); + } + + return (ret == 0) ? 0 : 1; +} + +#else + +int main(int argc, char* argv[]) +{ + (void)argc; + (void)argv; + fprintf(stderr, "Must build wolfSSL with SRP enabled for this example\n"); + return 0; +} + +#endif diff --git a/pk/srp/srp_gen.c b/pk/srp/srp_gen.c new file mode 100644 index 00000000..81083419 --- /dev/null +++ b/pk/srp/srp_gen.c @@ -0,0 +1,125 @@ +/* srp_gen.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif +#include +#include + +#include + +#ifdef WOLFCRYPT_HAVE_SRP + +#include "srp_params.h" + +/* Generate a new random salt */ +static int generate_random_salt(byte *buf, word32 size) +{ + int ret; + WC_RNG rng; + + ret = wc_InitRng(&rng); + if (ret == 0) { + ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size); + + wc_FreeRng(&rng); + } + + return ret; +} + +/* Print out the buffer as a C variable */ +static void print_buf(char *name, byte* buf, word32 sz) +{ + int i; + + printf("static const byte %s[%d] = {", name, sz); + for (i = 0; i < (int)sz; i++) { + if ((i % 12) == 0) { + printf("\n "); + } + printf("0x%02x,", buf[i]); + } + printf("\n};\n"); +} + +int main(int argc, char* argv[]) +{ + int ret; + Srp srp; + byte salt[20]; + byte verifier[80]; + word32 vSz = (word32)sizeof(verifier); + char* username; + char* password; + + if (argc < 3) { + fprintf(stderr, "usage: %s \n", argv[0]); + return 1; + } + + username = argv[1]; + password = argv[2]; + + ret = generate_random_salt(salt, sizeof(salt)); + if (ret == 0) { + ret = wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE); + } + if (ret == 0) { + ret = wc_SrpSetUsername(&srp, (byte*)username, XSTRLEN(username)); + if (ret == 0) { + ret = wc_SrpSetParams(&srp, srp_n_640, sizeof(srp_n_640), + srp_g_640, sizeof(srp_g_640), + salt, sizeof(salt)); + } + if (ret == 0) { + ret = wc_SrpSetPassword(&srp, (byte*)password, XSTRLEN(password)); + } + if (ret == 0) { + ret = wc_SrpGetVerifier(&srp, verifier, &vSz); + } + + wc_SrpTerm(&srp); + } + + /* Output the details to store on the server */ + printf("static const char* srp_username = \"%s\";\n", username); + print_buf("salt", salt, sizeof(salt)); + print_buf("verifier", verifier, vSz); + + return (ret == 0) ? 0 : 1; +} + +#else + +int main(int argc, char* argv[]) +{ + (void)argc; + (void)argv; + fprintf(stderr, "Must build wolfSSL with SRP enabled for this example\n"); + return 0; +} + +#endif + + + diff --git a/pk/srp/srp_params.h b/pk/srp/srp_params.h new file mode 100644 index 00000000..2c75f6d8 --- /dev/null +++ b/pk/srp/srp_params.h @@ -0,0 +1,36 @@ +/* srp_params.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +static const byte srp_n_640[] = { + 0xC9, 0x4D, 0x67, 0xEB, 0x5B, 0x1A, 0x23, 0x46, 0xE8, 0xAB, 0x42, 0x2F, + 0xC6, 0xA0, 0xED, 0xAE, 0xDA, 0x8C, 0x7F, 0x89, 0x4C, 0x9E, 0xEE, 0xC4, + 0x2F, 0x9E, 0xD2, 0x50, 0xFD, 0x7F, 0x00, 0x46, 0xE5, 0xAF, 0x2C, 0xF7, + 0x3D, 0x6B, 0x2F, 0xA2, 0x6B, 0xB0, 0x80, 0x33, 0xDA, 0x4D, 0xE3, 0x22, + 0xE1, 0x44, 0xE7, 0xA8, 0xE9, 0xB1, 0x2A, 0x0E, 0x46, 0x37, 0xF6, 0x37, + 0x1F, 0x34, 0xA2, 0x07, 0x1C, 0x4B, 0x38, 0x36, 0xCB, 0xEE, 0xAB, 0x15, + 0x03, 0x44, 0x60, 0xFA, 0xA7, 0xAD, 0xF4, 0x83 +}; + +static const byte srp_g_640[] = { + 0x02 +}; + + diff --git a/pk/srp/srp_store.h b/pk/srp/srp_store.h new file mode 100644 index 00000000..11822fb1 --- /dev/null +++ b/pk/srp/srp_store.h @@ -0,0 +1,14 @@ +static const char* srp_username = "wolfssl"; +static const byte salt[20] = { + 0xb8,0x4d,0x9c,0x1b,0xb0,0x35,0x7b,0xd7,0xf0,0x24,0xbc,0x4b, + 0xc6,0x12,0xac,0x44,0x6d,0x2a,0x77,0x02, +}; +static const byte verifier[80] = { + 0x61,0xb5,0xdf,0xfa,0xa0,0x99,0x54,0x9b,0xf1,0xb7,0x2d,0xf3, + 0xfa,0x6d,0xe0,0x96,0x94,0x40,0x10,0x1d,0x3c,0x7a,0xf4,0x11, + 0xf8,0x93,0x72,0x21,0xc6,0xcf,0x52,0x7e,0x32,0x82,0x9d,0x0d, + 0xcd,0x2c,0x87,0x8e,0x39,0x3e,0x56,0xf2,0x32,0x97,0x9e,0x28, + 0xce,0x1a,0x57,0x60,0x05,0x1e,0x2d,0x25,0x6f,0x59,0xcb,0xd9, + 0xd0,0x87,0x44,0xbd,0xb5,0xb4,0xeb,0xcf,0xeb,0x94,0xf2,0x96, + 0x2d,0xce,0xa9,0x33,0xd0,0xc1,0x10,0x54, +};