tls_srp.c source code [ClickHouse/contrib/openssl/ssl/tls_srp.c]

1	/*
2	* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
3	* Copyright (c) 2004, EdelKey Project. All Rights Reserved.
4	*
5	* Licensed under the Apache License 2.0 (the "License"). You may not use
6	* this file except in compliance with the License. You can obtain a copy
7	* in the file LICENSE in the source distribution or at
8	* https://www.openssl.org/source/license.html
9	*
10	* Originally written by Christophe Renou and Peter Sylvester,
11	* for the EdelKey project.
12	*/
13
14	#include <openssl/crypto.h>
15	#include <openssl/rand.h>
16	#include <openssl/err.h>
17	#include "ssl_local.h"
18
19	#ifndef OPENSSL_NO_SRP
20	# include <openssl/srp.h>
21
22	int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
23	{
24	if (ctx == NULL)
25	return `0`;
26	OPENSSL_free(ctx->srp_ctx.login);
27	OPENSSL_free(ctx->srp_ctx.info);
28	BN_free(ctx->srp_ctx.N);
29	BN_free(ctx->srp_ctx.g);
30	BN_free(ctx->srp_ctx.s);
31	BN_free(ctx->srp_ctx.B);
32	BN_free(ctx->srp_ctx.A);
33	BN_free(ctx->srp_ctx.a);
34	BN_free(ctx->srp_ctx.b);
35	BN_free(ctx->srp_ctx.v);
36	memset(&ctx->srp_ctx, `0`, sizeof(ctx->srp_ctx));
37	ctx->srp_ctx.strength = SRP_MINIMAL_N;
38	return `1`;
39	}
40
41	int SSL_SRP_CTX_free(struct ssl_st *s)
42	{
43	if (s == NULL)
44	return `0`;
45	OPENSSL_free(s->srp_ctx.login);
46	OPENSSL_free(s->srp_ctx.info);
47	BN_free(s->srp_ctx.N);
48	BN_free(s->srp_ctx.g);
49	BN_free(s->srp_ctx.s);
50	BN_free(s->srp_ctx.B);
51	BN_free(s->srp_ctx.A);
52	BN_free(s->srp_ctx.a);
53	BN_free(s->srp_ctx.b);
54	BN_free(s->srp_ctx.v);
55	memset(&s->srp_ctx, `0`, sizeof(s->srp_ctx));
56	s->srp_ctx.strength = SRP_MINIMAL_N;
57	return `1`;
58	}
59
60	int SSL_SRP_CTX_init(struct ssl_st *s)
61	{
62	SSL_CTX *ctx;
63
64	if ((s == NULL) \|\| ((ctx = s->ctx) == NULL))
65	return `0`;
66
67	memset(&s->srp_ctx, `0`, sizeof(s->srp_ctx));
68
69	s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg;
70	/ set client Hello login callback /
71	s->srp_ctx.TLS_ext_srp_username_callback =
72	ctx->srp_ctx.TLS_ext_srp_username_callback;
73	/ set SRP N/g param callback for verification /
74	s->srp_ctx.SRP_verify_param_callback =
75	ctx->srp_ctx.SRP_verify_param_callback;
76	/ set SRP client passwd callback /
77	s->srp_ctx.SRP_give_srp_client_pwd_callback =
78	ctx->srp_ctx.SRP_give_srp_client_pwd_callback;
79
80	s->srp_ctx.strength = ctx->srp_ctx.strength;
81
82	if (((ctx->srp_ctx.N != NULL) &&
83	((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) \|\|
84	((ctx->srp_ctx.g != NULL) &&
85	((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) \|\|
86	((ctx->srp_ctx.s != NULL) &&
87	((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) \|\|
88	((ctx->srp_ctx.B != NULL) &&
89	((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) \|\|
90	((ctx->srp_ctx.A != NULL) &&
91	((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) \|\|
92	((ctx->srp_ctx.a != NULL) &&
93	((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) \|\|
94	((ctx->srp_ctx.v != NULL) &&
95	((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) \|\|
96	((ctx->srp_ctx.b != NULL) &&
97	((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) {
98	SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_BN_LIB);
99	goto err;
100	}
101	if ((ctx->srp_ctx.login != NULL) &&
102	((s->srp_ctx.login = OPENSSL_strdup(ctx->srp_ctx.login)) == NULL)) {
103	SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
104	goto err;
105	}
106	if ((ctx->srp_ctx.info != NULL) &&
107	((s->srp_ctx.info = OPENSSL_strdup(ctx->srp_ctx.info)) == NULL)) {
108	SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
109	goto err;
110	}
111	s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask;
112
113	return `1`;
114	err:
115	OPENSSL_free(s->srp_ctx.login);
116	OPENSSL_free(s->srp_ctx.info);
117	BN_free(s->srp_ctx.N);
118	BN_free(s->srp_ctx.g);
119	BN_free(s->srp_ctx.s);
120	BN_free(s->srp_ctx.B);
121	BN_free(s->srp_ctx.A);
122	BN_free(s->srp_ctx.a);
123	BN_free(s->srp_ctx.b);
124	BN_free(s->srp_ctx.v);
125	memset(&s->srp_ctx, `0`, sizeof(s->srp_ctx));
126	return `0`;
127	}
128
129	int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
130	{
131	if (ctx == NULL)
132	return `0`;
133
134	memset(&ctx->srp_ctx, `0`, sizeof(ctx->srp_ctx));
135	ctx->srp_ctx.strength = SRP_MINIMAL_N;
136
137	return `1`;
138	}
139
140	/ server side /
141	int SSL_srp_server_param_with_username(SSL s, int* *ad)
142	{
143	unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
144	int al;
145
146	*ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
147	if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) &&
148	((al =
149	s->srp_ctx.TLS_ext_srp_username_callback(s, ad,
150	s->srp_ctx.SRP_cb_arg)) !=
151	SSL_ERROR_NONE))
152	return al;
153
154	*ad = SSL_AD_INTERNAL_ERROR;
155	if ((s->srp_ctx.N == NULL) \|\|
156	(s->srp_ctx.g == NULL) \|\|
157	(s->srp_ctx.s == NULL) \|\| (s->srp_ctx.v == NULL))
158	return SSL3_AL_FATAL;
159
160	if (RAND_priv_bytes(b, sizeof(b)) <= `0`)
161	return SSL3_AL_FATAL;
162	s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
163	OPENSSL_cleanse(b, sizeof(b));
164
165	/ Calculate: B = (kv + g^b) % N /
166
167	return ((s->srp_ctx.B =
168	SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g,
169	s->srp_ctx.v)) !=
170	NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL;
171	}
172
173	/*
174	* If the server just has the raw password, make up a verifier entry on the
175	* fly
176	*/
177	int SSL_set_srp_server_param_pw(SSL s, const* char user, const* char *pass,
178	const char *grp)
179	{
180	SRP_gN *GN = SRP_get_default_gN(grp);
181	if (GN == NULL)
182	return -`1`;
183	s->srp_ctx.N = BN_dup(GN->N);
184	s->srp_ctx.g = BN_dup(GN->g);
185	BN_clear_free(s->srp_ctx.v);
186	s->srp_ctx.v = NULL;
187	BN_clear_free(s->srp_ctx.s);
188	s->srp_ctx.s = NULL;
189	if (!SRP_create_verifier_BN
190	(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g))
191	return -`1`;
192
193	return `1`;
194	}
195
196	int SSL_set_srp_server_param(SSL s, const* BIGNUM N, const* BIGNUM *g,
197	BIGNUM sa, BIGNUM v, char *info)
198	{
199	if (N != NULL) {
200	if (s->srp_ctx.N != NULL) {
201	if (!BN_copy(s->srp_ctx.N, N)) {
202	BN_free(s->srp_ctx.N);
203	s->srp_ctx.N = NULL;
204	}
205	} else
206	s->srp_ctx.N = BN_dup(N);
207	}
208	if (g != NULL) {
209	if (s->srp_ctx.g != NULL) {
210	if (!BN_copy(s->srp_ctx.g, g)) {
211	BN_free(s->srp_ctx.g);
212	s->srp_ctx.g = NULL;
213	}
214	} else
215	s->srp_ctx.g = BN_dup(g);
216	}
217	if (sa != NULL) {
218	if (s->srp_ctx.s != NULL) {
219	if (!BN_copy(s->srp_ctx.s, sa)) {
220	BN_free(s->srp_ctx.s);
221	s->srp_ctx.s = NULL;
222	}
223	} else
224	s->srp_ctx.s = BN_dup(sa);
225	}
226	if (v != NULL) {
227	if (s->srp_ctx.v != NULL) {
228	if (!BN_copy(s->srp_ctx.v, v)) {
229	BN_free(s->srp_ctx.v);
230	s->srp_ctx.v = NULL;
231	}
232	} else
233	s->srp_ctx.v = BN_dup(v);
234	}
235	if (info != NULL) {
236	if (s->srp_ctx.info)
237	OPENSSL_free(s->srp_ctx.info);
238	if ((s->srp_ctx.info = OPENSSL_strdup(info)) == NULL)
239	return -`1`;
240	}
241
242	if (!(s->srp_ctx.N) \|\|
243	!(s->srp_ctx.g) \|\| !(s->srp_ctx.s) \|\| !(s->srp_ctx.v))
244	return -`1`;
245
246	return `1`;
247	}
248
249	int srp_generate_server_master_secret(SSL *s)
250	{
251	BIGNUM K = NULL, u = NULL;
252	int ret = -`1`, tmp_len = `0`;
253	unsigned char *tmp = NULL;
254
255	if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
256	goto err;
257	if ((u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)) == NULL)
258	goto err;
259	if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b,
260	s->srp_ctx.N)) == NULL)
261	goto err;
262
263	tmp_len = BN_num_bytes(K);
264	if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) {
265	SSLfatal(s, SSL_AD_INTERNAL_ERROR,
266	SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
267	goto err;
268	}
269	BN_bn2bin(K, tmp);
270	/ Calls SSLfatal() as required /
271	ret = ssl_generate_master_secret(s, tmp, tmp_len, `1`);
272	err:
273	BN_clear_free(K);
274	BN_clear_free(u);
275	return ret;
276	}
277
278	/ client side /
279	int srp_generate_client_master_secret(SSL *s)
280	{
281	BIGNUM x = NULL, u = NULL, *K = NULL;
282	int ret = -`1`, tmp_len = `0`;
283	char *passwd = NULL;
284	unsigned char *tmp = NULL;
285
286	/*
287	* Checks if b % n == 0
288	*/
289	if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == `0`
290	\|\| (u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N))
291	== NULL
292	\|\| s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) {
293	SSLfatal(s, SSL_AD_INTERNAL_ERROR,
294	SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
295	goto err;
296	}
297	if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
298	s->srp_ctx.SRP_cb_arg))
299	== NULL) {
300	SSLfatal(s, SSL_AD_INTERNAL_ERROR,
301	SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET,
302	SSL_R_CALLBACK_FAILED);
303	goto err;
304	}
305	if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL
306	\|\| (K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B,
307	s->srp_ctx.g, x,
308	s->srp_ctx.a, u)) == NULL) {
309	SSLfatal(s, SSL_AD_INTERNAL_ERROR,
310	SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
311	goto err;
312	}
313
314	tmp_len = BN_num_bytes(K);
315	if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) {
316	SSLfatal(s, SSL_AD_INTERNAL_ERROR,
317	SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
318	goto err;
319	}
320	BN_bn2bin(K, tmp);
321	/ Calls SSLfatal() as required /
322	ret = ssl_generate_master_secret(s, tmp, tmp_len, `1`);
323	err:
324	BN_clear_free(K);
325	BN_clear_free(x);
326	if (passwd != NULL)
327	OPENSSL_clear_free(passwd, strlen(passwd));
328	BN_clear_free(u);
329	return ret;
330	}
331
332	int srp_verify_server_param(SSL *s)
333	{
334	SRP_CTX *srp = &s->srp_ctx;
335	/*
336	* Sanity check parameters: we can quickly check B % N == 0 by checking B
337	* != 0 since B < N
338	*/
339	if (BN_ucmp(srp->g, srp->N) >= `0` \|\| BN_ucmp(srp->B, srp->N) >= `0`
340	\|\| BN_is_zero(srp->B)) {
341	SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SRP_VERIFY_SERVER_PARAM,
342	SSL_R_BAD_DATA);
343	return `0`;
344	}
345
346	if (BN_num_bits(srp->N) < srp->strength) {
347	SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM,
348	SSL_R_INSUFFICIENT_SECURITY);
349	return `0`;
350	}
351
352	if (srp->SRP_verify_param_callback) {
353	if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= `0`) {
354	SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY,
355	SSL_F_SRP_VERIFY_SERVER_PARAM,
356	SSL_R_CALLBACK_FAILED);
357	return `0`;
358	}
359	} else if (!SRP_check_known_gN_param(srp->g, srp->N)) {
360	SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM,
361	SSL_R_INSUFFICIENT_SECURITY);
362	return `0`;
363	}
364
365	return `1`;
366	}
367
368	int SRP_Calc_A_param(SSL *s)
369	{
370	unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
371
372	if (RAND_priv_bytes(rnd, sizeof(rnd)) <= `0`)
373	return `0`;
374	s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
375	OPENSSL_cleanse(rnd, sizeof(rnd));
376
377	if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N, s->srp_ctx.g)))
378	return `0`;
379
380	return `1`;
381	}
382
383	BIGNUM SSL_get_srp_g(SSL s)
384	{
385	if (s->srp_ctx.g != NULL)
386	return s->srp_ctx.g;
387	return s->ctx->srp_ctx.g;
388	}
389
390	BIGNUM SSL_get_srp_N(SSL s)
391	{
392	if (s->srp_ctx.N != NULL)
393	return s->srp_ctx.N;
394	return s->ctx->srp_ctx.N;
395	}
396
397	char SSL_get_srp_username(SSL s)
398	{
399	if (s->srp_ctx.login != NULL)
400	return s->srp_ctx.login;
401	return s->ctx->srp_ctx.login;
402	}
403
404	char SSL_get_srp_userinfo(SSL s)
405	{
406	if (s->srp_ctx.info != NULL)
407	return s->srp_ctx.info;
408	return s->ctx->srp_ctx.info;
409	}
410
411	# define tls1_ctx_ctrl ssl3_ctx_ctrl
412	# define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl
413
414	int SSL_CTX_set_srp_username(SSL_CTX ctx, char* *name)
415	{
416	return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME, `0`, name);
417	}
418
419	int SSL_CTX_set_srp_password(SSL_CTX ctx, char* *password)
420	{
421	return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD, `0`, password);
422	}
423
424	int SSL_CTX_set_srp_strength(SSL_CTX ctx, int* strength)
425	{
426	return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength,
427	NULL);
428	}
429
430	int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
431	int (cb) (SSL , void *))
432	{
433	return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_VERIFY_PARAM_CB,
434	(void ()(void*))cb);
435	}
436
437	int SSL_CTX_set_srp_cb_arg(SSL_CTX ctx, void* *arg)
438	{
439	return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_SRP_ARG, `0`, arg);
440	}
441
442	int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
443	int (cb) (SSL , int , void* *))
444	{
445	return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB,
446	(void ()(void*))cb);
447	}
448
449	int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
450	char (cb) (SSL , void* *))
451	{
452	return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB,
453	(void ()(void*))cb);
454	}
455
456	#endif
457

Browse the source code of ClickHouse/contrib/openssl/ssl/tls_srp.c