xref: /freebsd/crypto/openssl/apps/lib/tlssrp_depr.c (revision b077aed33b7b6aefca7b17ddb250cf521f938613) 
1*b077aed3SPierre Pronchery /*
2*b077aed3SPierre Pronchery  * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3*b077aed3SPierre Pronchery  * Copyright 2005 Nokia. All rights reserved.
4*b077aed3SPierre Pronchery  *
5*b077aed3SPierre Pronchery  * Licensed under the Apache License 2.0 (the "License").  You may not use
6*b077aed3SPierre Pronchery  * this file except in compliance with the License.  You can obtain a copy
7*b077aed3SPierre Pronchery  * in the file LICENSE in the source distribution or at
8*b077aed3SPierre Pronchery  * https://www.openssl.org/source/license.html
9*b077aed3SPierre Pronchery  */
10*b077aed3SPierre Pronchery 
11*b077aed3SPierre Pronchery /*
12*b077aed3SPierre Pronchery  * This file is to enable backwards compatibility for the SRP features of
13*b077aed3SPierre Pronchery  * s_client, s_server and ciphers. All of those features are deprecated and will
14*b077aed3SPierre Pronchery  * eventually disappear. In the meantime, to continue to support them, we
15*b077aed3SPierre Pronchery  * need to access deprecated SRP APIs.
16*b077aed3SPierre Pronchery  */
17*b077aed3SPierre Pronchery #define OPENSSL_SUPPRESS_DEPRECATED
18*b077aed3SPierre Pronchery 
19*b077aed3SPierre Pronchery #include <openssl/bn.h>
20*b077aed3SPierre Pronchery #include <openssl/bio.h>
21*b077aed3SPierre Pronchery #include <openssl/ssl.h>
22*b077aed3SPierre Pronchery #include <openssl/srp.h>
23*b077aed3SPierre Pronchery #include "apps_ui.h"
24*b077aed3SPierre Pronchery #include "apps.h"
25*b077aed3SPierre Pronchery #include "s_apps.h"
26*b077aed3SPierre Pronchery 
srp_Verify_N_and_g(const BIGNUM * N,const BIGNUM * g)27*b077aed3SPierre Pronchery static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
28*b077aed3SPierre Pronchery {
29*b077aed3SPierre Pronchery     BN_CTX *bn_ctx = BN_CTX_new();
30*b077aed3SPierre Pronchery     BIGNUM *p = BN_new();
31*b077aed3SPierre Pronchery     BIGNUM *r = BN_new();
32*b077aed3SPierre Pronchery     int ret =
33*b077aed3SPierre Pronchery         g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
34*b077aed3SPierre Pronchery         BN_check_prime(N, bn_ctx, NULL) == 1 &&
35*b077aed3SPierre Pronchery         p != NULL && BN_rshift1(p, N) &&
36*b077aed3SPierre Pronchery         /* p = (N-1)/2 */
37*b077aed3SPierre Pronchery         BN_check_prime(p, bn_ctx, NULL) == 1 &&
38*b077aed3SPierre Pronchery         r != NULL &&
39*b077aed3SPierre Pronchery         /* verify g^((N-1)/2) == -1 (mod N) */
40*b077aed3SPierre Pronchery         BN_mod_exp(r, g, p, N, bn_ctx) &&
41*b077aed3SPierre Pronchery         BN_add_word(r, 1) && BN_cmp(r, N) == 0;
42*b077aed3SPierre Pronchery 
43*b077aed3SPierre Pronchery     BN_free(r);
44*b077aed3SPierre Pronchery     BN_free(p);
45*b077aed3SPierre Pronchery     BN_CTX_free(bn_ctx);
46*b077aed3SPierre Pronchery     return ret;
47*b077aed3SPierre Pronchery }
48*b077aed3SPierre Pronchery 
49*b077aed3SPierre Pronchery /*-
50*b077aed3SPierre Pronchery  * This callback is used here for two purposes:
51*b077aed3SPierre Pronchery  * - extended debugging
52*b077aed3SPierre Pronchery  * - making some primality tests for unknown groups
53*b077aed3SPierre Pronchery  * The callback is only called for a non default group.
54*b077aed3SPierre Pronchery  *
55*b077aed3SPierre Pronchery  * An application does not need the call back at all if
56*b077aed3SPierre Pronchery  * only the standard groups are used.  In real life situations,
57*b077aed3SPierre Pronchery  * client and server already share well known groups,
58*b077aed3SPierre Pronchery  * thus there is no need to verify them.
59*b077aed3SPierre Pronchery  * Furthermore, in case that a server actually proposes a group that
60*b077aed3SPierre Pronchery  * is not one of those defined in RFC 5054, it is more appropriate
61*b077aed3SPierre Pronchery  * to add the group to a static list and then compare since
62*b077aed3SPierre Pronchery  * primality tests are rather cpu consuming.
63*b077aed3SPierre Pronchery  */
64*b077aed3SPierre Pronchery 
ssl_srp_verify_param_cb(SSL * s,void * arg)65*b077aed3SPierre Pronchery static int ssl_srp_verify_param_cb(SSL *s, void *arg)
66*b077aed3SPierre Pronchery {
67*b077aed3SPierre Pronchery     SRP_ARG *srp_arg = (SRP_ARG *)arg;
68*b077aed3SPierre Pronchery     BIGNUM *N = NULL, *g = NULL;
69*b077aed3SPierre Pronchery 
70*b077aed3SPierre Pronchery     if (((N = SSL_get_srp_N(s)) == NULL) || ((g = SSL_get_srp_g(s)) == NULL))
71*b077aed3SPierre Pronchery         return 0;
72*b077aed3SPierre Pronchery     if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) {
73*b077aed3SPierre Pronchery         BIO_printf(bio_err, "SRP parameters:\n");
74*b077aed3SPierre Pronchery         BIO_printf(bio_err, "\tN=");
75*b077aed3SPierre Pronchery         BN_print(bio_err, N);
76*b077aed3SPierre Pronchery         BIO_printf(bio_err, "\n\tg=");
77*b077aed3SPierre Pronchery         BN_print(bio_err, g);
78*b077aed3SPierre Pronchery         BIO_printf(bio_err, "\n");
79*b077aed3SPierre Pronchery     }
80*b077aed3SPierre Pronchery 
81*b077aed3SPierre Pronchery     if (SRP_check_known_gN_param(g, N))
82*b077aed3SPierre Pronchery         return 1;
83*b077aed3SPierre Pronchery 
84*b077aed3SPierre Pronchery     if (srp_arg->amp == 1) {
85*b077aed3SPierre Pronchery         if (srp_arg->debug)
86*b077aed3SPierre Pronchery             BIO_printf(bio_err,
87*b077aed3SPierre Pronchery                        "SRP param N and g are not known params, going to check deeper.\n");
88*b077aed3SPierre Pronchery 
89*b077aed3SPierre Pronchery         /*
90*b077aed3SPierre Pronchery          * The srp_moregroups is a real debugging feature. Implementors
91*b077aed3SPierre Pronchery          * should rather add the value to the known ones. The minimal size
92*b077aed3SPierre Pronchery          * has already been tested.
93*b077aed3SPierre Pronchery          */
94*b077aed3SPierre Pronchery         if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g))
95*b077aed3SPierre Pronchery             return 1;
96*b077aed3SPierre Pronchery     }
97*b077aed3SPierre Pronchery     BIO_printf(bio_err, "SRP param N and g rejected.\n");
98*b077aed3SPierre Pronchery     return 0;
99*b077aed3SPierre Pronchery }
100*b077aed3SPierre Pronchery 
101*b077aed3SPierre Pronchery #define PWD_STRLEN 1024
102*b077aed3SPierre Pronchery 
ssl_give_srp_client_pwd_cb(SSL * s,void * arg)103*b077aed3SPierre Pronchery static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
104*b077aed3SPierre Pronchery {
105*b077aed3SPierre Pronchery     SRP_ARG *srp_arg = (SRP_ARG *)arg;
106*b077aed3SPierre Pronchery     char *pass = app_malloc(PWD_STRLEN + 1, "SRP password buffer");
107*b077aed3SPierre Pronchery     PW_CB_DATA cb_tmp;
108*b077aed3SPierre Pronchery     int l;
109*b077aed3SPierre Pronchery 
110*b077aed3SPierre Pronchery     cb_tmp.password = (char *)srp_arg->srppassin;
111*b077aed3SPierre Pronchery     cb_tmp.prompt_info = "SRP user";
112*b077aed3SPierre Pronchery     if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
113*b077aed3SPierre Pronchery         BIO_printf(bio_err, "Can't read Password\n");
114*b077aed3SPierre Pronchery         OPENSSL_free(pass);
115*b077aed3SPierre Pronchery         return NULL;
116*b077aed3SPierre Pronchery     }
117*b077aed3SPierre Pronchery     *(pass + l) = '\0';
118*b077aed3SPierre Pronchery 
119*b077aed3SPierre Pronchery     return pass;
120*b077aed3SPierre Pronchery }
121*b077aed3SPierre Pronchery 
set_up_srp_arg(SSL_CTX * ctx,SRP_ARG * srp_arg,int srp_lateuser,int c_msg,int c_debug)122*b077aed3SPierre Pronchery int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg,
123*b077aed3SPierre Pronchery                    int c_debug)
124*b077aed3SPierre Pronchery {
125*b077aed3SPierre Pronchery     if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg->srplogin)) {
126*b077aed3SPierre Pronchery         BIO_printf(bio_err, "Unable to set SRP username\n");
127*b077aed3SPierre Pronchery         return 0;
128*b077aed3SPierre Pronchery     }
129*b077aed3SPierre Pronchery     srp_arg->msg = c_msg;
130*b077aed3SPierre Pronchery     srp_arg->debug = c_debug;
131*b077aed3SPierre Pronchery     SSL_CTX_set_srp_cb_arg(ctx, &srp_arg);
132*b077aed3SPierre Pronchery     SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
133*b077aed3SPierre Pronchery     SSL_CTX_set_srp_strength(ctx, srp_arg->strength);
134*b077aed3SPierre Pronchery     if (c_msg || c_debug || srp_arg->amp == 0)
135*b077aed3SPierre Pronchery         SSL_CTX_set_srp_verify_param_callback(ctx, ssl_srp_verify_param_cb);
136*b077aed3SPierre Pronchery 
137*b077aed3SPierre Pronchery     return 1;
138*b077aed3SPierre Pronchery }
139*b077aed3SPierre Pronchery 
dummy_srp(SSL * ssl,void * arg)140*b077aed3SPierre Pronchery static char *dummy_srp(SSL *ssl, void *arg)
141*b077aed3SPierre Pronchery {
142*b077aed3SPierre Pronchery     return "";
143*b077aed3SPierre Pronchery }
144*b077aed3SPierre Pronchery 
set_up_dummy_srp(SSL_CTX * ctx)145*b077aed3SPierre Pronchery void set_up_dummy_srp(SSL_CTX *ctx)
146*b077aed3SPierre Pronchery {
147*b077aed3SPierre Pronchery         SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
148*b077aed3SPierre Pronchery }
149*b077aed3SPierre Pronchery 
150*b077aed3SPierre Pronchery /*
151*b077aed3SPierre Pronchery  * This callback pretends to require some asynchronous logic in order to
152*b077aed3SPierre Pronchery  * obtain a verifier. When the callback is called for a new connection we
153*b077aed3SPierre Pronchery  * return with a negative value. This will provoke the accept etc to return
154*b077aed3SPierre Pronchery  * with an LOOKUP_X509. The main logic of the reinvokes the suspended call
155*b077aed3SPierre Pronchery  * (which would normally occur after a worker has finished) and we set the
156*b077aed3SPierre Pronchery  * user parameters.
157*b077aed3SPierre Pronchery  */
ssl_srp_server_param_cb(SSL * s,int * ad,void * arg)158*b077aed3SPierre Pronchery static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
159*b077aed3SPierre Pronchery {
160*b077aed3SPierre Pronchery     srpsrvparm *p = (srpsrvparm *) arg;
161*b077aed3SPierre Pronchery     int ret = SSL3_AL_FATAL;
162*b077aed3SPierre Pronchery 
163*b077aed3SPierre Pronchery     if (p->login == NULL && p->user == NULL) {
164*b077aed3SPierre Pronchery         p->login = SSL_get_srp_username(s);
165*b077aed3SPierre Pronchery         BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
166*b077aed3SPierre Pronchery         return -1;
167*b077aed3SPierre Pronchery     }
168*b077aed3SPierre Pronchery 
169*b077aed3SPierre Pronchery     if (p->user == NULL) {
170*b077aed3SPierre Pronchery         BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
171*b077aed3SPierre Pronchery         goto err;
172*b077aed3SPierre Pronchery     }
173*b077aed3SPierre Pronchery 
174*b077aed3SPierre Pronchery     if (SSL_set_srp_server_param
175*b077aed3SPierre Pronchery         (s, p->user->N, p->user->g, p->user->s, p->user->v,
176*b077aed3SPierre Pronchery          p->user->info) < 0) {
177*b077aed3SPierre Pronchery         *ad = SSL_AD_INTERNAL_ERROR;
178*b077aed3SPierre Pronchery         goto err;
179*b077aed3SPierre Pronchery     }
180*b077aed3SPierre Pronchery     BIO_printf(bio_err,
181*b077aed3SPierre Pronchery                "SRP parameters set: username = \"%s\" info=\"%s\" \n",
182*b077aed3SPierre Pronchery                p->login, p->user->info);
183*b077aed3SPierre Pronchery     ret = SSL_ERROR_NONE;
184*b077aed3SPierre Pronchery 
185*b077aed3SPierre Pronchery  err:
186*b077aed3SPierre Pronchery     SRP_user_pwd_free(p->user);
187*b077aed3SPierre Pronchery     p->user = NULL;
188*b077aed3SPierre Pronchery     p->login = NULL;
189*b077aed3SPierre Pronchery     return ret;
190*b077aed3SPierre Pronchery }
191*b077aed3SPierre Pronchery 
set_up_srp_verifier_file(SSL_CTX * ctx,srpsrvparm * srp_callback_parm,char * srpuserseed,char * srp_verifier_file)192*b077aed3SPierre Pronchery int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm,
193*b077aed3SPierre Pronchery                              char *srpuserseed, char *srp_verifier_file)
194*b077aed3SPierre Pronchery {
195*b077aed3SPierre Pronchery     int ret;
196*b077aed3SPierre Pronchery 
197*b077aed3SPierre Pronchery     srp_callback_parm->vb = SRP_VBASE_new(srpuserseed);
198*b077aed3SPierre Pronchery     srp_callback_parm->user = NULL;
199*b077aed3SPierre Pronchery     srp_callback_parm->login = NULL;
200*b077aed3SPierre Pronchery 
201*b077aed3SPierre Pronchery     if (srp_callback_parm->vb == NULL) {
202*b077aed3SPierre Pronchery         BIO_printf(bio_err, "Failed to initialize SRP verifier file \n");
203*b077aed3SPierre Pronchery         return 0;
204*b077aed3SPierre Pronchery     }
205*b077aed3SPierre Pronchery     if ((ret =
206*b077aed3SPierre Pronchery             SRP_VBASE_init(srp_callback_parm->vb,
207*b077aed3SPierre Pronchery                            srp_verifier_file)) != SRP_NO_ERROR) {
208*b077aed3SPierre Pronchery         BIO_printf(bio_err,
209*b077aed3SPierre Pronchery                     "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
210*b077aed3SPierre Pronchery                     srp_verifier_file, ret);
211*b077aed3SPierre Pronchery         return 0;
212*b077aed3SPierre Pronchery     }
213*b077aed3SPierre Pronchery     SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
214*b077aed3SPierre Pronchery     SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
215*b077aed3SPierre Pronchery     SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
216*b077aed3SPierre Pronchery 
217*b077aed3SPierre Pronchery     return 1;
218*b077aed3SPierre Pronchery }
219*b077aed3SPierre Pronchery 
lookup_srp_user(srpsrvparm * srp_callback_parm,BIO * bio_s_out)220*b077aed3SPierre Pronchery void lookup_srp_user(srpsrvparm *srp_callback_parm, BIO *bio_s_out)
221*b077aed3SPierre Pronchery {
222*b077aed3SPierre Pronchery     SRP_user_pwd_free(srp_callback_parm->user);
223*b077aed3SPierre Pronchery     srp_callback_parm->user = SRP_VBASE_get1_by_user(srp_callback_parm->vb,
224*b077aed3SPierre Pronchery                                                      srp_callback_parm->login);
225*b077aed3SPierre Pronchery 
226*b077aed3SPierre Pronchery     if (srp_callback_parm->user != NULL)
227*b077aed3SPierre Pronchery         BIO_printf(bio_s_out, "LOOKUP done %s\n",
228*b077aed3SPierre Pronchery                     srp_callback_parm->user->info);
229*b077aed3SPierre Pronchery     else
230*b077aed3SPierre Pronchery         BIO_printf(bio_s_out, "LOOKUP not successful\n");
231*b077aed3SPierre Pronchery }
232