srptest.c revision 1.2
1/* 2 * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10#include <openssl/opensslconf.h> 11#ifdef OPENSSL_NO_SRP 12 13# include <stdio.h> 14 15int main(int argc, char *argv[]) 16{ 17 printf("No SRP support\n"); 18 return (0); 19} 20 21#else 22 23# include <openssl/srp.h> 24# include <openssl/rand.h> 25# include <openssl/err.h> 26 27static void showbn(const char *name, const BIGNUM *bn) 28{ 29 fputs(name, stdout); 30 fputs(" = ", stdout); 31 BN_print_fp(stdout, bn); 32 putc('\n', stdout); 33} 34 35# define RANDOM_SIZE 32 /* use 256 bits on each side */ 36 37static int run_srp(const char *username, const char *client_pass, 38 const char *server_pass) 39{ 40 int ret = -1; 41 BIGNUM *s = NULL; 42 BIGNUM *v = NULL; 43 BIGNUM *a = NULL; 44 BIGNUM *b = NULL; 45 BIGNUM *u = NULL; 46 BIGNUM *x = NULL; 47 BIGNUM *Apub = NULL; 48 BIGNUM *Bpub = NULL; 49 BIGNUM *Kclient = NULL; 50 BIGNUM *Kserver = NULL; 51 unsigned char rand_tmp[RANDOM_SIZE]; 52 /* use builtin 1024-bit params */ 53 const SRP_gN *GN = SRP_get_default_gN("1024"); 54 55 if (GN == NULL) { 56 fprintf(stderr, "Failed to get SRP parameters\n"); 57 return -1; 58 } 59 /* Set up server's password entry */ 60 if (!SRP_create_verifier_BN(username, server_pass, &s, &v, GN->N, GN->g)) { 61 fprintf(stderr, "Failed to create SRP verifier\n"); 62 return -1; 63 } 64 65 showbn("N", GN->N); 66 showbn("g", GN->g); 67 showbn("Salt", s); 68 showbn("Verifier", v); 69 70 /* Server random */ 71 RAND_bytes(rand_tmp, sizeof(rand_tmp)); 72 b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); 73 /* TODO - check b != 0 */ 74 showbn("b", b); 75 76 /* Server's first message */ 77 Bpub = SRP_Calc_B(b, GN->N, GN->g, v); 78 showbn("B", Bpub); 79 80 if (!SRP_Verify_B_mod_N(Bpub, GN->N)) { 81 fprintf(stderr, "Invalid B\n"); 82 return -1; 83 } 84 85 /* Client random */ 86 RAND_bytes(rand_tmp, sizeof(rand_tmp)); 87 a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); 88 /* TODO - check a != 0 */ 89 showbn("a", a); 90 91 /* Client's response */ 92 Apub = SRP_Calc_A(a, GN->N, GN->g); 93 showbn("A", Apub); 94 95 if (!SRP_Verify_A_mod_N(Apub, GN->N)) { 96 fprintf(stderr, "Invalid A\n"); 97 return -1; 98 } 99 100 /* Both sides calculate u */ 101 u = SRP_Calc_u(Apub, Bpub, GN->N); 102 103 /* Client's key */ 104 x = SRP_Calc_x(s, username, client_pass); 105 Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); 106 showbn("Client's key", Kclient); 107 108 /* Server's key */ 109 Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); 110 showbn("Server's key", Kserver); 111 112 if (BN_cmp(Kclient, Kserver) == 0) { 113 ret = 0; 114 } else { 115 fprintf(stderr, "Keys mismatch\n"); 116 ret = 1; 117 } 118 119 BN_clear_free(Kclient); 120 BN_clear_free(Kserver); 121 BN_clear_free(x); 122 BN_free(u); 123 BN_free(Apub); 124 BN_clear_free(a); 125 BN_free(Bpub); 126 BN_clear_free(b); 127 BN_free(s); 128 BN_clear_free(v); 129 130 return ret; 131} 132 133static int check_bn(const char *name, const BIGNUM *bn, const char *hexbn) 134{ 135 BIGNUM *tmp = NULL; 136 int rv; 137 if (BN_hex2bn(&tmp, hexbn) == 0) 138 return 0; 139 rv = BN_cmp(bn, tmp); 140 if (rv == 0) { 141 printf("%s = ", name); 142 BN_print_fp(stdout, bn); 143 printf("\n"); 144 BN_free(tmp); 145 return 1; 146 } 147 printf("Unexpected %s value\n", name); 148 printf("Expecting: "); 149 BN_print_fp(stdout, tmp); 150 printf("\nReceived: "); 151 BN_print_fp(stdout, bn); 152 printf("\n"); 153 BN_free(tmp); 154 return 0; 155} 156 157/* SRP test vectors from RFC5054 */ 158static int run_srp_kat(void) 159{ 160 int ret = 0; 161 BIGNUM *s = NULL; 162 BIGNUM *v = NULL; 163 BIGNUM *a = NULL; 164 BIGNUM *b = NULL; 165 BIGNUM *u = NULL; 166 BIGNUM *x = NULL; 167 BIGNUM *Apub = NULL; 168 BIGNUM *Bpub = NULL; 169 BIGNUM *Kclient = NULL; 170 BIGNUM *Kserver = NULL; 171 /* use builtin 1024-bit params */ 172 const SRP_gN *GN = SRP_get_default_gN("1024"); 173 174 if (GN == NULL) { 175 fprintf(stderr, "Failed to get SRP parameters\n"); 176 goto err; 177 } 178 BN_hex2bn(&s, "BEB25379D1A8581EB5A727673A2441EE"); 179 /* Set up server's password entry */ 180 if (!SRP_create_verifier_BN("alice", "password123", &s, &v, GN->N, 181 GN->g)) { 182 fprintf(stderr, "Failed to create SRP verifier\n"); 183 goto err; 184 } 185 186 if (!check_bn("v", v, 187 "7E273DE8696FFC4F4E337D05B4B375BEB0DDE1569E8FA00A9886D812" 188 "9BADA1F1822223CA1A605B530E379BA4729FDC59F105B4787E5186F5" 189 "C671085A1447B52A48CF1970B4FB6F8400BBF4CEBFBB168152E08AB5" 190 "EA53D15C1AFF87B2B9DA6E04E058AD51CC72BFC9033B564E26480D78" 191 "E955A5E29E7AB245DB2BE315E2099AFB")) 192 goto err; 193 194 /* Server random */ 195 BN_hex2bn(&b, "E487CB59D31AC550471E81F00F6928E01DDA08E974A004F49E61F5D1" 196 "05284D20"); 197 198 /* Server's first message */ 199 Bpub = SRP_Calc_B(b, GN->N, GN->g, v); 200 201 if (!SRP_Verify_B_mod_N(Bpub, GN->N)) { 202 fprintf(stderr, "Invalid B\n"); 203 goto err; 204 } 205 206 if (!check_bn("B", Bpub, 207 "BD0C61512C692C0CB6D041FA01BB152D4916A1E77AF46AE105393011" 208 "BAF38964DC46A0670DD125B95A981652236F99D9B681CBF87837EC99" 209 "6C6DA04453728610D0C6DDB58B318885D7D82C7F8DEB75CE7BD4FBAA" 210 "37089E6F9C6059F388838E7A00030B331EB76840910440B1B27AAEAE" 211 "EB4012B7D7665238A8E3FB004B117B58")) 212 goto err; 213 214 /* Client random */ 215 BN_hex2bn(&a, "60975527035CF2AD1989806F0407210BC81EDC04E2762A56AFD529DD" 216 "DA2D4393"); 217 218 /* Client's response */ 219 Apub = SRP_Calc_A(a, GN->N, GN->g); 220 221 if (!SRP_Verify_A_mod_N(Apub, GN->N)) { 222 fprintf(stderr, "Invalid A\n"); 223 return -1; 224 } 225 226 if (!check_bn("A", Apub, 227 "61D5E490F6F1B79547B0704C436F523DD0E560F0C64115BB72557EC4" 228 "4352E8903211C04692272D8B2D1A5358A2CF1B6E0BFCF99F921530EC" 229 "8E39356179EAE45E42BA92AEACED825171E1E8B9AF6D9C03E1327F44" 230 "BE087EF06530E69F66615261EEF54073CA11CF5858F0EDFDFE15EFEA" 231 "B349EF5D76988A3672FAC47B0769447B")) 232 goto err; 233 234 /* Both sides calculate u */ 235 u = SRP_Calc_u(Apub, Bpub, GN->N); 236 237 if (!check_bn("u", u, "CE38B9593487DA98554ED47D70A7AE5F462EF019")) 238 goto err; 239 240 /* Client's key */ 241 x = SRP_Calc_x(s, "alice", "password123"); 242 Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); 243 if (!check_bn("Client's key", Kclient, 244 "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" 245 "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" 246 "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" 247 "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" 248 "C346D7E474B29EDE8A469FFECA686E5A")) 249 goto err; 250 /* Server's key */ 251 Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); 252 if (!check_bn("Server's key", Kserver, 253 "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" 254 "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" 255 "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" 256 "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" 257 "C346D7E474B29EDE8A469FFECA686E5A")) 258 goto err; 259 260 ret = 1; 261 262 err: 263 BN_clear_free(Kclient); 264 BN_clear_free(Kserver); 265 BN_clear_free(x); 266 BN_free(u); 267 BN_free(Apub); 268 BN_clear_free(a); 269 BN_free(Bpub); 270 BN_clear_free(b); 271 BN_free(s); 272 BN_clear_free(v); 273 274 return ret; 275} 276 277int main(int argc, char **argv) 278{ 279 BIO *bio_err; 280 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); 281 282 CRYPTO_set_mem_debug(1); 283 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 284 285 286 /* "Negative" test, expect a mismatch */ 287 if (run_srp("alice", "password1", "password2") == 0) { 288 fprintf(stderr, "Mismatched SRP run failed\n"); 289 return 1; 290 } 291 292 /* "Positive" test, should pass */ 293 if (run_srp("alice", "password", "password") != 0) { 294 fprintf(stderr, "Plain SRP run failed\n"); 295 return 1; 296 } 297 298 /* KAT from RFC5054: should pass */ 299 if (run_srp_kat() != 1) { 300 fprintf(stderr, "SRP KAT failed\n"); 301 return 1; 302 } 303 304#ifndef OPENSSL_NO_CRYPTO_MDEBUG 305 if (CRYPTO_mem_leaks(bio_err) <= 0) 306 return 1; 307#endif 308 BIO_free(bio_err); 309 310 return 0; 311} 312#endif 313