1 /* 2 * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * SRP is deprecated, so we're going to have to use some deprecated APIs in 12 * order to test it. 13 */ 14 #define OPENSSL_SUPPRESS_DEPRECATED 15 16 #include <openssl/opensslconf.h> 17 # include "testutil.h" 18 19 #ifdef OPENSSL_NO_SRP 20 # include <stdio.h> 21 #else 22 23 # include <openssl/srp.h> 24 # include <openssl/rand.h> 25 # include <openssl/err.h> 26 27 # define RANDOM_SIZE 32 /* use 256 bits on each side */ 28 29 static int run_srp(const char *username, const char *client_pass, 30 const char *server_pass) 31 { 32 int ret = 0; 33 BIGNUM *s = NULL; 34 BIGNUM *v = NULL; 35 BIGNUM *a = NULL; 36 BIGNUM *b = NULL; 37 BIGNUM *u = NULL; 38 BIGNUM *x = NULL; 39 BIGNUM *Apub = NULL; 40 BIGNUM *Bpub = NULL; 41 BIGNUM *Kclient = NULL; 42 BIGNUM *Kserver = NULL; 43 unsigned char rand_tmp[RANDOM_SIZE]; 44 /* use builtin 1024-bit params */ 45 const SRP_gN *GN; 46 47 if (!TEST_ptr(GN = SRP_get_default_gN("1024"))) 48 return 0; 49 50 /* Set up server's password entry */ 51 if (!TEST_true(SRP_create_verifier_BN(username, server_pass, 52 &s, &v, GN->N, GN->g))) 53 goto end; 54 55 test_output_bignum("N", GN->N); 56 test_output_bignum("g", GN->g); 57 test_output_bignum("Salt", s); 58 test_output_bignum("Verifier", v); 59 60 /* Server random */ 61 RAND_bytes(rand_tmp, sizeof(rand_tmp)); 62 b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); 63 if (!TEST_BN_ne_zero(b)) 64 goto end; 65 test_output_bignum("b", b); 66 67 /* Server's first message */ 68 Bpub = SRP_Calc_B(b, GN->N, GN->g, v); 69 test_output_bignum("B", Bpub); 70 71 if (!TEST_true(SRP_Verify_B_mod_N(Bpub, GN->N))) 72 goto end; 73 74 /* Client random */ 75 RAND_bytes(rand_tmp, sizeof(rand_tmp)); 76 a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); 77 if (!TEST_BN_ne_zero(a)) 78 goto end; 79 test_output_bignum("a", a); 80 81 /* Client's response */ 82 Apub = SRP_Calc_A(a, GN->N, GN->g); 83 test_output_bignum("A", Apub); 84 85 if (!TEST_true(SRP_Verify_A_mod_N(Apub, GN->N))) 86 goto end; 87 88 /* Both sides calculate u */ 89 u = SRP_Calc_u(Apub, Bpub, GN->N); 90 91 /* Client's key */ 92 x = SRP_Calc_x(s, username, client_pass); 93 Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); 94 test_output_bignum("Client's key", Kclient); 95 96 /* Server's key */ 97 Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); 98 test_output_bignum("Server's key", Kserver); 99 100 if (!TEST_BN_eq(Kclient, Kserver)) 101 goto end; 102 103 ret = 1; 104 105 end: 106 BN_clear_free(Kclient); 107 BN_clear_free(Kserver); 108 BN_clear_free(x); 109 BN_free(u); 110 BN_free(Apub); 111 BN_clear_free(a); 112 BN_free(Bpub); 113 BN_clear_free(b); 114 BN_free(s); 115 BN_clear_free(v); 116 117 return ret; 118 } 119 120 static int check_bn(const char *name, const BIGNUM *bn, const char *hexbn) 121 { 122 BIGNUM *tmp = NULL; 123 int r; 124 125 if (!TEST_true(BN_hex2bn(&tmp, hexbn))) 126 return 0; 127 128 if (BN_cmp(bn, tmp) != 0) 129 TEST_error("unexpected %s value", name); 130 r = TEST_BN_eq(bn, tmp); 131 BN_free(tmp); 132 return r; 133 } 134 135 /* SRP test vectors from RFC5054 */ 136 static int run_srp_kat(void) 137 { 138 int ret = 0; 139 BIGNUM *s = NULL; 140 BIGNUM *v = NULL; 141 BIGNUM *a = NULL; 142 BIGNUM *b = NULL; 143 BIGNUM *u = NULL; 144 BIGNUM *x = NULL; 145 BIGNUM *Apub = NULL; 146 BIGNUM *Bpub = NULL; 147 BIGNUM *Kclient = NULL; 148 BIGNUM *Kserver = NULL; 149 /* use builtin 1024-bit params */ 150 const SRP_gN *GN; 151 152 if (!TEST_ptr(GN = SRP_get_default_gN("1024"))) 153 goto err; 154 BN_hex2bn(&s, "BEB25379D1A8581EB5A727673A2441EE"); 155 /* Set up server's password entry */ 156 if (!TEST_true(SRP_create_verifier_BN("alice", "password123", &s, &v, GN->N, 157 GN->g))) 158 goto err; 159 160 TEST_info("checking v"); 161 if (!TEST_true(check_bn("v", v, 162 "7E273DE8696FFC4F4E337D05B4B375BEB0DDE1569E8FA00A9886D812" 163 "9BADA1F1822223CA1A605B530E379BA4729FDC59F105B4787E5186F5" 164 "C671085A1447B52A48CF1970B4FB6F8400BBF4CEBFBB168152E08AB5" 165 "EA53D15C1AFF87B2B9DA6E04E058AD51CC72BFC9033B564E26480D78" 166 "E955A5E29E7AB245DB2BE315E2099AFB"))) 167 goto err; 168 TEST_note(" okay"); 169 170 /* Server random */ 171 BN_hex2bn(&b, "E487CB59D31AC550471E81F00F6928E01DDA08E974A004F49E61F5D1" 172 "05284D20"); 173 174 /* Server's first message */ 175 Bpub = SRP_Calc_B(b, GN->N, GN->g, v); 176 if (!TEST_true(SRP_Verify_B_mod_N(Bpub, GN->N))) 177 goto err; 178 179 TEST_info("checking B"); 180 if (!TEST_true(check_bn("B", Bpub, 181 "BD0C61512C692C0CB6D041FA01BB152D4916A1E77AF46AE105393011" 182 "BAF38964DC46A0670DD125B95A981652236F99D9B681CBF87837EC99" 183 "6C6DA04453728610D0C6DDB58B318885D7D82C7F8DEB75CE7BD4FBAA" 184 "37089E6F9C6059F388838E7A00030B331EB76840910440B1B27AAEAE" 185 "EB4012B7D7665238A8E3FB004B117B58"))) 186 goto err; 187 TEST_note(" okay"); 188 189 /* Client random */ 190 BN_hex2bn(&a, "60975527035CF2AD1989806F0407210BC81EDC04E2762A56AFD529DD" 191 "DA2D4393"); 192 193 /* Client's response */ 194 Apub = SRP_Calc_A(a, GN->N, GN->g); 195 if (!TEST_true(SRP_Verify_A_mod_N(Apub, GN->N))) 196 goto err; 197 198 TEST_info("checking A"); 199 if (!TEST_true(check_bn("A", Apub, 200 "61D5E490F6F1B79547B0704C436F523DD0E560F0C64115BB72557EC4" 201 "4352E8903211C04692272D8B2D1A5358A2CF1B6E0BFCF99F921530EC" 202 "8E39356179EAE45E42BA92AEACED825171E1E8B9AF6D9C03E1327F44" 203 "BE087EF06530E69F66615261EEF54073CA11CF5858F0EDFDFE15EFEA" 204 "B349EF5D76988A3672FAC47B0769447B"))) 205 goto err; 206 TEST_note(" okay"); 207 208 /* Both sides calculate u */ 209 u = SRP_Calc_u(Apub, Bpub, GN->N); 210 211 if (!TEST_true(check_bn("u", u, 212 "CE38B9593487DA98554ED47D70A7AE5F462EF019"))) 213 goto err; 214 215 /* Client's key */ 216 x = SRP_Calc_x(s, "alice", "password123"); 217 Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); 218 TEST_info("checking client's key"); 219 if (!TEST_true(check_bn("Client's key", Kclient, 220 "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" 221 "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" 222 "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" 223 "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" 224 "C346D7E474B29EDE8A469FFECA686E5A"))) 225 goto err; 226 TEST_note(" okay"); 227 228 /* Server's key */ 229 Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); 230 TEST_info("checking server's key"); 231 if (!TEST_true(check_bn("Server's key", Kserver, 232 "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" 233 "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" 234 "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" 235 "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" 236 "C346D7E474B29EDE8A469FFECA686E5A"))) 237 goto err; 238 TEST_note(" okay"); 239 240 ret = 1; 241 242 err: 243 BN_clear_free(Kclient); 244 BN_clear_free(Kserver); 245 BN_clear_free(x); 246 BN_free(u); 247 BN_free(Apub); 248 BN_clear_free(a); 249 BN_free(Bpub); 250 BN_clear_free(b); 251 BN_free(s); 252 BN_clear_free(v); 253 254 return ret; 255 } 256 257 static int run_srp_tests(void) 258 { 259 /* "Negative" test, expect a mismatch */ 260 TEST_info("run_srp: expecting a mismatch"); 261 if (!TEST_false(run_srp("alice", "password1", "password2"))) 262 return 0; 263 264 /* "Positive" test, should pass */ 265 TEST_info("run_srp: expecting a match"); 266 if (!TEST_true(run_srp("alice", "password", "password"))) 267 return 0; 268 269 return 1; 270 } 271 #endif 272 273 int setup_tests(void) 274 { 275 #ifdef OPENSSL_NO_SRP 276 printf("No SRP support\n"); 277 #else 278 ADD_TEST(run_srp_tests); 279 ADD_TEST(run_srp_kat); 280 #endif 281 return 1; 282 } 283