Digi XBee(R) ANSI C Host Library
srp.h
1 /*
2  * Secure Remote Password 6a implementation
3  * Copyright (c) 2010 Tom Cocagne. All rights reserved.
4  * https://github.com/cocagne/csrp
5  *
6  * Modified by Digi International to use Mbed TLS instead of OpenSSL.
7  * Copyright (c) 2019 Digi International Inc.
8  * All rights not expressly granted are reserved.
9  *
10  * The MIT License (MIT)
11  *
12  * Copyright (c) 2013 Tom Cocagne
13  *
14  * Permission is hereby granted, free of charge, to any person obtaining a copy of
15  * this software and associated documentation files (the "Software"), to deal in
16  * the Software without restriction, including without limitation the rights to
17  * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
18  * of the Software, and to permit persons to whom the Software is furnished to do
19  * so, subject to the following conditions:
20  *
21  * The above copyright notice and this permission notice shall be included in all
22  * copies or substantial portions of the Software.
23  *
24  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
25  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
26  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
27  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
28  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
29  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30  * SOFTWARE.
31  *
32  */
33 
34 /*
35  *
36  * Purpose: This is a direct implementation of the Secure Remote Password
37  * Protocol version 6a as described by
38  * http://srp.stanford.edu/design.html
39  *
40  * Author: tom.cocagne@gmail.com (Tom Cocagne)
41  *
42  * Dependencies: original: OpenSSL (and Advapi32.lib on Windows)
43  * modified: Mbed TLS (BIGNUM, CTR_DRBG, ENTROPY, SHA256)
44  *
45  * Usage: Refer to test_srp.c for a demonstration
46  *
47  * Notes:
48  * This library allows multiple combinations of hashing algorithms and
49  * prime number constants. For authentication to succeed, the hash and
50  * prime number constants must match between
51  * srp_create_salted_verification_key(), srp_user_new(),
52  * and srp_verifier_new(). A recommended approach is to determine the
53  * desired level of security for an application and globally define the
54  * hash and prime number constants to the predetermined values.
55  *
56  * As one might suspect, more bits means more security. As one might also
57  * suspect, more bits also means more processing time. The test_srp.c
58  * program can be easily modified to profile various combinations of
59  * hash & prime number pairings.
60  */
61 
62 #ifndef SRP_H
63 #define SRP_H
64 
65 // Digi International's XBee products use the following SRP configuration.
66 #define SRP_GROUP_LEN 128
67 #define SRP_HASH_LEN 32
68 
69 struct SRPVerifier;
70 struct SRPUser;
71 
72 /* Out: bytes_s, len_s, bytes_v, len_v
73  *
74  * The caller is responsible for freeing the memory allocated for bytes_s and bytes_v
75  */
76 int srp_create_salted_verification_key( const char * username,
77  const unsigned char * password, int len_password,
78  const unsigned char ** bytes_s, int * len_s,
79  const unsigned char ** bytes_v, int * len_v );
80 
81 
82 /* Out: bytes_B, len_B.
83  *
84  * On failure, bytes_B will be set to NULL and len_B will be set to 0
85  */
86 struct SRPVerifier * srp_verifier_new( const char * username,
87  const unsigned char * bytes_s, int len_s,
88  const unsigned char * bytes_v, int len_v,
89  const unsigned char * bytes_A, int len_A,
90  const unsigned char ** bytes_B, int * len_B );
91 
92 
93 void srp_verifier_delete( struct SRPVerifier * ver );
94 
95 
96 int srp_verifier_is_authenticated( struct SRPVerifier * ver );
97 
98 
99 const char * srp_verifier_get_username( struct SRPVerifier * ver );
100 
101 /* key_length may be null */
102 const unsigned char * srp_verifier_get_session_key( struct SRPVerifier * ver, int * key_length );
103 
104 
105 int srp_verifier_get_session_key_length( struct SRPVerifier * ver );
106 
107 
108 /* user_M must be exactly srp_verifier_get_session_key_length() bytes in size */
109 void srp_verifier_verify_session( struct SRPVerifier * ver,
110  const unsigned char * user_M,
111  const unsigned char ** bytes_HAMK );
112 
113 /*******************************************************************************/
114 
115 struct SRPUser * srp_user_new( const char * username,
116  const unsigned char * bytes_password, int len_password );
117 
118 void srp_user_delete( struct SRPUser * usr );
119 
120 int srp_user_is_authenticated( struct SRPUser * usr);
121 
122 
123 const char * srp_user_get_username( struct SRPUser * usr );
124 
125 /* key_length may be null */
126 const unsigned char * srp_user_get_session_key( struct SRPUser * usr, int * key_length );
127 
128 int srp_user_get_session_key_length( struct SRPUser * usr );
129 
130 /* Output: username, bytes_A, len_A */
131 int srp_user_start_authentication( struct SRPUser * usr, const char ** username,
132  const unsigned char ** bytes_A, int * len_A );
133 
134 /* Output: bytes_M, len_M (len_M may be null and will always be
135  * srp_user_get_session_key_length() bytes in size) */
136 int srp_user_process_challenge( struct SRPUser * usr,
137  const unsigned char * bytes_s, int len_s,
138  const unsigned char * bytes_B, int len_B,
139  const unsigned char ** bytes_M, int * len_M );
140 
141 /* bytes_HAMK must be exactly srp_user_get_session_key_length() bytes in size */
142 void srp_user_verify_session( struct SRPUser * usr, const unsigned char * bytes_HAMK );
143 
144 #endif /* Include Guard */
SRPVerifier
Definition: srp.c:84
SRPUser
Definition: srp.c:96
Generated on Sat Nov 21 2020 22:08:39 for Digi XBee(R) ANSI C Host Library by   doxygen 1.8.11