diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-05-07 11:11:49 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-05-07 11:11:49 +0000 |
commit | 4a25412e8773031b9ec541b1d6c5f0944d88f909 (patch) | |
tree | 77f25986ad07affcf0d07f3fbd22393115fb5db4 | |
parent | 132aec6a41f3b3e7eea73db83063b61b58043384 (diff) | |
download | gnutls-4a25412e8773031b9ec541b1d6c5f0944d88f909.tar.gz |
several fixes for srp
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | lib/auth_srp.c | 3 | ||||
-rw-r--r-- | lib/auth_srp_passwd.c | 29 | ||||
-rw-r--r-- | lib/ext_srp.c | 6 | ||||
-rw-r--r-- | lib/gnutls.c | 6 | ||||
-rw-r--r-- | lib/gnutls.h | 5 | ||||
-rw-r--r-- | lib/gnutls_extensions.c | 34 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 4 | ||||
-rw-r--r-- | lib/gnutls_int.h | 3 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 226 | ||||
-rw-r--r-- | lib/gnutls_srp.c | 7 | ||||
-rw-r--r-- | src/cli.c | 9 | ||||
-rw-r--r-- | src/serv.c | 11 |
13 files changed, 159 insertions, 186 deletions
diff --git a/configure.in b/configure.in index 02ce37d8dd..49d74786f1 100644 --- a/configure.in +++ b/configure.in @@ -114,7 +114,7 @@ if test $ac_cv_prog_gcc != no; then fi if test $opt_maintainer_mode = yes; then - CFLAGS="${CFLAGS} -g -Wall -Wpointer-arith" + CFLAGS="${CFLAGS} -ggdb3 -Wall -Wpointer-arith" fi if test $opt_dmalloc_mode = yes; then AC_CHECK_LIB( dmalloc, main) diff --git a/lib/auth_srp.c b/lib/auth_srp.c index 40c6eb1eda..1a4034e01b 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -358,6 +358,9 @@ int proc_srp_server_kx2(GNUTLS_KEY key, opaque * data, int data_size) return GNUTLS_E_MPI_SCAN_FAILED; } + /* calculate u */ + key->u = _gnutls_calc_srp_u( B); + /* S = (B - g^x) ^ (a + u * x) % N */ S = _gnutls_calc_srp_S2( B, G, key->x, _a, key->u, N); diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c index 26a960b2b7..674b4da98e 100644 --- a/lib/auth_srp_passwd.c +++ b/lib/auth_srp_passwd.c @@ -36,20 +36,20 @@ int len; opaque *verifier; int verifier_size; - p = strrchr( str, '$'); /* we have n */ + p = rindex( str, '$'); /* we have n */ if (p==NULL) return -1; *p='\0'; p++; len = strlen(p); - if (gcry_mpi_scan(&entry->n, GCRYMPI_FMT_HEX, p, &len)) { + if (gcry_mpi_scan(&entry->n, GCRYMPI_FMT_HEX, p, NULL)) { gnutls_assert(); return -1; } /* now go for g */ - p = strrchr( str, '$'); /* we have g */ + p = rindex( str, '$'); /* we have g */ if (p==NULL) { mpi_release(entry->n); return -1; @@ -59,14 +59,14 @@ int verifier_size; p++; len = strlen(p); - if (gcry_mpi_scan(&entry->g, GCRYMPI_FMT_HEX, p, &len)) { + if (gcry_mpi_scan(&entry->g, GCRYMPI_FMT_HEX, p, NULL)) { gnutls_assert(); mpi_release(entry->n); return -1; } /* now go for verifier */ - p = strrchr( str, '$'); /* we have verifier */ + p = rindex( str, '$'); /* we have verifier */ if (p==NULL) { mpi_release(entry->n); mpi_release(entry->g); @@ -94,7 +94,7 @@ int verifier_size; /* now go for salt */ - p = strrchr( str, '$'); /* we have salt */ + p = rindex( str, '$'); /* we have salt */ if (p==NULL) { mpi_release(entry->n); mpi_release(entry->g); @@ -115,7 +115,7 @@ int verifier_size; } /* now go for algorithm */ - p = strrchr( str, '$'); /* we have algorithm */ + p = rindex( str, '$'); /* we have algorithm */ if (p==NULL) { mpi_release(entry->n); mpi_release(entry->g); @@ -130,7 +130,7 @@ int verifier_size; entry->algorithm = atoi(p); /* now go for username */ - p = strchr( str, ':'); /* we have algorithm */ + p = index( str, ':'); /* we have algorithm */ if (p==NULL) { mpi_release(entry->n); mpi_release(entry->g); @@ -151,7 +151,7 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( GNUTLS_KEY key, char* username char line[5*1024]; int i; GNUTLS_SRP_PWD_ENTRY * entry = gnutls_malloc(sizeof(GNUTLS_SRP_PWD_ENTRY)); - + cred = _gnutls_get_kx_cred( key, GNUTLS_KX_SRP, NULL); if (cred==NULL) { gnutls_assert(); @@ -173,7 +173,7 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( GNUTLS_KEY key, char* username i++; } if (strncmp( username, line, i) == 0) { - if (pwd_put_values( entry, line, sizeof(line)-i)==0) + if (pwd_put_values( entry, line, strlen(line))==0) return entry; else { gnutls_free(entry); @@ -181,19 +181,22 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( GNUTLS_KEY key, char* username } } } - return NULL; + return NULL; } - +#define RNDUSER "rnd" #define RND_SALT_SIZE 16 GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() { GNUTLS_SRP_PWD_ENTRY * pwd_entry = gnutls_malloc(sizeof(GNUTLS_SRP_PWD_ENTRY)); size_t n = sizeof diffie_hellman_group1_prime; opaque * rand; + pwd_entry->username = gnutls_malloc(strlen(RNDUSER)+1); + strcpy( pwd_entry->username, RNDUSER); + pwd_entry->g = gcry_mpi_set_ui(NULL, SRP_G); pwd_entry->v = gcry_mpi_new(160); - gcry_mpi_randomize( pwd_entry->v, 160, GCRY_WEAK_RANDOM); + gcry_mpi_randomize( pwd_entry->v, 160, GCRY_WEAK_RANDOM); if (gcry_mpi_scan(&pwd_entry->n, GCRYMPI_FMT_USG, diffie_hellman_group1_prime, &n)) { diff --git a/lib/ext_srp.c b/lib/ext_srp.c index 37d9ed6ef7..9c545ef6a9 100644 --- a/lib/ext_srp.c +++ b/lib/ext_srp.c @@ -47,8 +47,10 @@ int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) { if (cred==NULL) return 0; if (cred->username!=NULL) { /* send username */ - (*data) = strdup( cred->username); - return strlen( cred->username); + int len = strlen(cred->username); + (*data) = gnutls_malloc(len); + memcpy( (*data), cred->username, len); + return len; } } return 0; diff --git a/lib/gnutls.c b/lib/gnutls.c index 2bdbb57dd7..641037b5f7 100644 --- a/lib/gnutls.c +++ b/lib/gnutls.c @@ -99,12 +99,12 @@ int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end) (*state)->gnutls_internals.buffer_handshake = NULL; (*state)->gnutls_internals.resumable = RESUME_TRUE; - (*state)->gnutls_key->cred = NULL; /* no credentials by default */ - (*state)->gnutls_key->username = NULL; /* no default username */ - gnutls_set_current_version ( (*state), GNUTLS_TLS1); /* default */ (*state)->gnutls_key = gnutls_malloc(sizeof(GNUTLS_KEY_A)); + + (*state)->gnutls_key->username = NULL; /* no default username */ + (*state)->gnutls_key->cred = NULL; /* no credentials by default */ (*state)->gnutls_key->KEY = NULL; (*state)->gnutls_key->client_Y = NULL; diff --git a/lib/gnutls.h b/lib/gnutls.h index bc4658cff8..70f72c52d0 100644 --- a/lib/gnutls.h +++ b/lib/gnutls.h @@ -78,8 +78,6 @@ void gnutls_set_mac_priority( GNUTLS_STATE state, int num, ...); void gnutls_set_compression_priority( GNUTLS_STATE state, int num, ...); void gnutls_set_kx_priority( GNUTLS_STATE state, int num, ...); -/* cred is a structure defined by the kx algorithm */ -int gnutls_set_kx_cred( GNUTLS_STATE, int kx, void* cred); /* set our version - 0 for TLS 1.0 and 1 for SSL3 */ void gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version); @@ -105,7 +103,8 @@ int gnutls_crypt_vrfy(const char* username, const char *passwd, char* salt); /* Functions for setting/clearing credentials */ int gnutls_clear_creds( GNUTLS_STATE state); -int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred); +/* cred is a structure defined by the kx algorithm */ +int gnutls_set_kx_cred( GNUTLS_STATE, int kx, void* cred, int cred_size); /* Credential structures for SRP - used in gnutls_set_cred(); */ typedef struct { diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 5cfdf42b1e..829eb74f0a 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -35,7 +35,7 @@ typedef struct { int (*gnutls_ext_func_send)( GNUTLS_STATE, opaque**); /* send data */ } gnutls_extension_entry; -#define MAX_EXT 256 /* maximum supported extension */ +#define MAX_EXT 20 /* maximum supported extension */ static gnutls_extension_entry extensions[] = { GNUTLS_EXTENSION_ENTRY(GNUTLS_EXTENSION_SRP, _gnutls_srp_recv_params, _gnutls_srp_send_params), {0} @@ -88,25 +88,35 @@ char *_gnutls_extension_get_name(int type) } int _gnutls_parse_extensions( GNUTLS_STATE state, const opaque* data, int data_size) { -int next, size, pos=0; -int type; +int next; +int pos=0; +uint8 type; const opaque* sdata; int (*ext_func_recv)( GNUTLS_STATE, const opaque*, int); +uint16 size, next1; if (data_size < 2) return 0; - next = *((uint16*) &data); + memcpy( &next1, data, 2); +#ifndef WORDS_BIGENDIAN + next = byteswap16(next1); +#else + next = next1; +#endif if (data_size < next) return 0; pos+=2; do { next--; if (next < 0) return 0; - type = *((uint8*)&data[pos]); + memcpy( &type, &data[pos], 1); pos++; next-=2; if (next < 0) return 0; - size = *((uint16*)&data[pos]); + memcpy( &size, &data[pos], 2); pos+=2; +#ifndef WORDS_BIGENDIAN + size = byteswap16(size); +#endif sdata = &data[pos]; pos+=size; @@ -126,6 +136,7 @@ int _gnutls_gen_extensions( GNUTLS_STATE state, opaque** data) { int next, size; uint16 pos=0; opaque* sdata; +uint16 ssize; int (*ext_func_send)( GNUTLS_STATE, opaque**); @@ -139,7 +150,16 @@ int (*ext_func_send)( GNUTLS_STATE, opaque**); if (ext_func_send == NULL) continue; size = ext_func_send( state, &sdata); if (size > 0) { - (*data) = gnutls_realloc( (*data), pos+size); + (*data) = gnutls_realloc( (*data), pos+size+3); + (*data)[pos++] = (uint8) next; /* set type */ +#ifndef WORDS_BIGENDIAN + ssize = byteswap16( (uint16)size); +#else + ssize = size; +#endif + memcpy( &(*data)[pos], &ssize, 2); + pos+=2; + memcpy( &(*data)[pos], sdata, size); pos+=size; gnutls_free(sdata); diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index ae8f74141d..af3867a8f2 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -764,7 +764,7 @@ int _gnutls_recv_hello(int cd, GNUTLS_STATE state, char *data, int datalen) gnutls_free(cipher_suites); gnutls_free(compression_methods); - ret = _gnutls_parse_extensions( state, &data[pos], datalen); /* datalen is the rest of the parsed length */ + ret = _gnutls_parse_extensions( state, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) { gnutls_assert(); return ret; @@ -879,7 +879,7 @@ int _gnutls_recv_hello(int cd, GNUTLS_STATE state, char *data, int datalen) return ret; } - ret = _gnutls_parse_extensions( state, &data[pos], datalen); /* datalen is the rest of the parsed length */ + ret = _gnutls_parse_extensions( state, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) { gnutls_assert(); return ret; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index b4b6ad5de5..fbac103cb6 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -28,8 +28,9 @@ #define WRITE_DEBUG #define BUFFERS_DEBUG #define HARD_DEBUG -#define DEBUG */ +#define DEBUG + #define MAX32 4294967295 #define MAX24 16777215 diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index 3ac40f3f3a..362ca423ab 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -29,6 +29,55 @@ #define MASTER_SECRET "master secret" + +static int generate_master( GNUTLS_STATE state) { +int premaster_size; +#ifdef HARD_DEBUG +int i; +#endif +opaque* premaster, *master; +int ret = 0; +char random[64]; + + memmove(random, state->security_parameters.client_random, 32); + memmove(&random[32], state->security_parameters.server_random, 32); + + /* generate premaster */ + gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &premaster_size, state->gnutls_key->KEY); + premaster = secure_malloc(premaster_size); + gcry_mpi_print(GCRYMPI_FMT_USG, premaster, &premaster_size, state->gnutls_key->KEY); + + /* THIS SHOULD BE DISCARDED */ + gnutls_mpi_release(state->gnutls_key->KEY); + state->gnutls_key->KEY = NULL; + +#ifdef HARD_DEBUG + fprintf(stderr, "PREMASTER SECRET: "); + for (i=0;i<premaster_size;i++) fprintf(stderr, "%x",premaster[i]); + fprintf(stderr, "\n"); +#endif + + if (_gnutls_version_ssl3(state->connection_state.version) == 0) { + master = + gnutls_ssl3_generate_random( premaster, premaster_size, + random, 64, 48); + + } else { + master = + gnutls_PRF( premaster, premaster_size, + MASTER_SECRET, strlen(MASTER_SECRET), + random, 64, 48); + } + secure_free(premaster); +#ifdef HARD_DEBUG + fprintf(stderr, "MASTER SECRET: %s\n", _gnutls_bin2hex(master, 48)); +#endif + memmove(state->security_parameters.master_secret, master, 48); + secure_free(master); + return ret; + +} + /* This is called when we want to receive the key exchange message of the * server. It does nothing if this type of message is not required * by the selected ciphersuite. @@ -79,8 +128,17 @@ int _gnutls_send_server_kx_message2(int cd, GNUTLS_STATE state) ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_SERVER_KEY_EXCHANGE); gnutls_free(data); + if (ret<0) { + gnutls_assert(); + return ret; + } + + ret = generate_master( state); + if (ret<0) { + gnutls_assert(); + return ret; + } } - return data_size; } @@ -92,10 +150,6 @@ int _gnutls_send_client_kx_message(int cd, GNUTLS_STATE state) uint8 *data; int data_size; int ret = 0; - uint8 *premaster = NULL; - int premaster_size = 0; - svoid *master; - char random[64]; KXAlgorithm algorithm = _gnutls_cipher_suite_get_kx_algo (state->gnutls_internals.current_cipher_suite); @@ -109,8 +163,6 @@ int _gnutls_send_client_kx_message(int cd, GNUTLS_STATE state) } #endif - memmove(random, state->security_parameters.client_random, 32); - memmove(&random[32], state->security_parameters.server_random, 32); data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_kx( state->gnutls_key, &data); if (data_size < 0) { @@ -120,38 +172,13 @@ int _gnutls_send_client_kx_message(int cd, GNUTLS_STATE state) ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE); gnutls_free(data); - - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &premaster_size, state->gnutls_key->KEY); - premaster = secure_malloc(premaster_size); - gcry_mpi_print(GCRYMPI_FMT_USG, premaster, &premaster_size, state->gnutls_key->KEY); - -#ifdef HARD_DEBUG - fprintf(stderr, "PREMASTER SECRET: "); - for (i=0;i<premaster_size;i++) fprintf(stderr, "%x",premaster[i]); - fprintf(stderr, "\n"); -#endif - - /* THIS SHOULD BE DISCARDED */ - gnutls_mpi_release(state->gnutls_key->KEY); - state->gnutls_key->KEY = NULL; - - if (_gnutls_version_ssl3(state->connection_state.version) == 0) { - master = - gnutls_ssl3_generate_random( premaster, premaster_size, - random, 64, 48); - } else { - master = - gnutls_PRF( premaster, premaster_size, - MASTER_SECRET, strlen(MASTER_SECRET), random, 64, - 48); + ret = generate_master( state); + if (ret<0) { + gnutls_assert(); + return ret; } - secure_free(premaster); -#ifdef HARD_DEBUG - fprintf(stderr, "MASTER SECRET: %s\n", _gnutls_bin2hex(master, 48)); -#endif - memmove(state->security_parameters.master_secret, master, 48); - secure_free(master); + return ret; } @@ -162,10 +189,6 @@ int _gnutls_send_client_kx_message0(int cd, GNUTLS_STATE state) uint8 *data; int data_size; int ret = 0; - uint8 *premaster = NULL; - int premaster_size = 0; - svoid *master; - char random[64]; KXAlgorithm algorithm = _gnutls_cipher_suite_get_kx_algo (state->gnutls_internals.current_cipher_suite); @@ -179,9 +202,6 @@ int _gnutls_send_client_kx_message0(int cd, GNUTLS_STATE state) } #endif - memmove(random, state->security_parameters.client_random, 32); - memmove(&random[32], state->security_parameters.server_random, 32); - data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_kx0( state->gnutls_key, &data); if (data_size < 0) { gnutls_assert(); @@ -190,38 +210,7 @@ int _gnutls_send_client_kx_message0(int cd, GNUTLS_STATE state) ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE); gnutls_free(data); - - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &premaster_size, state->gnutls_key->KEY); - premaster = secure_malloc(premaster_size); - gcry_mpi_print(GCRYMPI_FMT_USG, premaster, &premaster_size, state->gnutls_key->KEY); -#ifdef HARD_DEBUG - fprintf(stderr, "PREMASTER SECRET: "); - for (i=0;i<premaster_size;i++) fprintf(stderr, "%x",premaster[i]); - fprintf(stderr, "\n"); -#endif - - /* THIS SHOULD BE DISCARDED */ - gnutls_mpi_release(state->gnutls_key->KEY); - state->gnutls_key->KEY = NULL; - - - if (_gnutls_version_ssl3(state->connection_state.version) == 0) { - master = - gnutls_ssl3_generate_random( premaster, premaster_size, - random, 64, 48); - } else { - master = - gnutls_PRF( premaster, premaster_size, - MASTER_SECRET, strlen(MASTER_SECRET), random, 64, - 48); - } - secure_free(premaster); -#ifdef HARD_DEBUG - fprintf(stderr, "MASTER SECRET: %s\n", _gnutls_bin2hex(master, 48)); -#endif - memmove(state->security_parameters.master_secret, master, 48); - secure_free(master); return ret; } @@ -322,7 +311,12 @@ int _gnutls_recv_server_kx_message2(int cd, GNUTLS_STATE state) gnutls_free(data); if (ret < 0) return ret; - + + ret = generate_master( state); + if (ret<0) { + gnutls_assert(); + return ret; + } } return ret; } @@ -336,16 +330,10 @@ int _gnutls_recv_client_kx_message(int cd, GNUTLS_STATE state) #endif int datasize; int ret = 0; - uint8 *premaster = NULL; - int premaster_size = 0; - svoid *master; - uint8 random[64]; #ifdef HARD_DEBUG fprintf(stderr, "Receiving client KX message\n"); #endif - memmove(random, state->security_parameters.client_random, 32); - memmove(&random[32], state->security_parameters.server_random, 32); algorithm = _gnutls_cipher_suite_get_kx_algo @@ -366,39 +354,13 @@ int _gnutls_recv_client_kx_message(int cd, GNUTLS_STATE state) if (ret < 0) return ret; - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &premaster_size, state->gnutls_key->KEY); - premaster = secure_malloc(premaster_size); - gcry_mpi_print(GCRYMPI_FMT_USG, premaster, &premaster_size, state->gnutls_key->KEY); - - /* THIS SHOULD BE DISCARDED */ - gnutls_mpi_release(state->gnutls_key->KEY); - state->gnutls_key->KEY = NULL; - + ret = generate_master( state); + if (ret<0) { + gnutls_assert(); + return ret; + } } -#ifdef HARD_DEBUG - fprintf(stderr, "PREMASTER SECRET: "); - for (i=0;i<premaster_size;i++) fprintf(stderr, "%x",premaster[i]); - fprintf(stderr, "\n"); -#endif - - if (_gnutls_version_ssl3(state->connection_state.version) == 0) { - master = - gnutls_ssl3_generate_random( premaster, premaster_size, - random, 64, 48); - - } else { - master = - gnutls_PRF( premaster, premaster_size, - MASTER_SECRET, strlen(MASTER_SECRET), - random, 64, 48); - } - secure_free(premaster); -#ifdef HARD_DEBUG - fprintf(stderr, "MASTER SECRET: %s\n", _gnutls_bin2hex(master, 48)); -#endif - memmove(state->security_parameters.master_secret, master, 48); - secure_free(master); return ret; } @@ -412,16 +374,10 @@ int _gnutls_recv_client_kx_message0(int cd, GNUTLS_STATE state) #endif int datasize; int ret = 0; - uint8 *premaster = NULL; - int premaster_size = 0; - svoid *master; - uint8 random[64]; #ifdef HARD_DEBUG fprintf(stderr, "Receiving client KX message0\n"); #endif - memmove(random, state->security_parameters.client_random, 32); - memmove(&random[32], state->security_parameters.server_random, 32); algorithm = _gnutls_cipher_suite_get_kx_algo @@ -442,39 +398,7 @@ int _gnutls_recv_client_kx_message0(int cd, GNUTLS_STATE state) if (ret < 0) return ret; - gcry_mpi_print(GCRYMPI_FMT_USG, NULL, &premaster_size, state->gnutls_key->KEY); - premaster = secure_malloc(premaster_size); - gcry_mpi_print(GCRYMPI_FMT_USG, premaster, &premaster_size, state->gnutls_key->KEY); - - /* THIS SHOULD BE DISCARDED */ - gnutls_mpi_release(state->gnutls_key->KEY); - state->gnutls_key->KEY = NULL; - } - -#ifdef HARD_DEBUG - fprintf(stderr, "PREMASTER SECRET: "); - for (i=0;i<premaster_size;i++) fprintf(stderr, "%x",premaster[i]); - fprintf(stderr, "\n"); -#endif - - if (_gnutls_version_ssl3(state->connection_state.version) == 0) { - master = - gnutls_ssl3_generate_random( premaster, premaster_size, - random, 64, 48); - - } else { - master = - gnutls_PRF( premaster, premaster_size, - MASTER_SECRET, strlen(MASTER_SECRET), - random, 64, 48); - } - secure_free(premaster); -#ifdef HARD_DEBUG - fprintf(stderr, "MASTER SECRET: %s\n", _gnutls_bin2hex(master, 48)); -#endif - memmove(state->security_parameters.master_secret, master, 48); - secure_free(master); return ret; } diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index 540914c1ea..c85d6b7fd5 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -24,6 +24,13 @@ #include <crypt_bcrypt.h> #include <gnutls_srp.h> +// temp here --- +#define gcry_mpi_add mpi_add +#define gcry_mpi_subm mpi_subm +#define gcry_mpi_addm mpi_addm +#define gcry_mpi_mul mpi_mul +#define gcry_mpi_mulm mpi_mulm + /* Here functions for SRP (like g^x mod n) are defined */ @@ -58,6 +58,10 @@ int main() struct timeval tv; int user_term = 0; char *tmp; + SRP_CLIENT_CREDENTIALS cred; + + cred.username = "test"; + cred.password = "test"; // signal(SIGPIPE, SIG_IGN); @@ -78,7 +82,10 @@ int main() gnutls_set_cipher_priority( state, 3, GNUTLS_3DES, GNUTLS_ARCFOUR, GNUTLS_RIJNDAEL); gnutls_set_compression_priority( state, 2, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION); - gnutls_set_kx_priority( state, 3, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH); + gnutls_set_kx_priority( state, 2, GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH); + gnutls_set_kx_cred( state, GNUTLS_KX_ANON_DH, NULL, 0); + gnutls_set_kx_cred( state, GNUTLS_KX_SRP, &cred, sizeof(cred)); + gnutls_set_mac_priority( state, 2, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5); ret = gnutls_handshake(sd, state); diff --git a/src/serv.c b/src/serv.c index 521c4dd18d..dddc6d73c3 100644 --- a/src/serv.c +++ b/src/serv.c @@ -44,7 +44,10 @@ int main() GNUTLS_STATE state; char buffer[MAX_BUF+1]; int optval = 1; - + SRP_SERVER_CREDENTIALS cred; + + cred.password_file="/tmp/pwd"; + listen_sd = socket(AF_INET, SOCK_STREAM, 0); ERR(listen_sd, "socket"); @@ -67,7 +70,11 @@ int main() gnutls_set_db_name(state, "/tmp/gdb"); gnutls_set_cipher_priority( state, 4, GNUTLS_TWOFISH, GNUTLS_RIJNDAEL, GNUTLS_3DES, GNUTLS_ARCFOUR); gnutls_set_compression_priority( state, 2, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION); - gnutls_set_kx_priority( state, 1, GNUTLS_KX_ANON_DH); + gnutls_set_kx_priority( state, 2, GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH); + + gnutls_set_kx_cred( state, GNUTLS_KX_ANON_DH, NULL, 0); + gnutls_set_kx_cred( state, GNUTLS_KX_SRP, &cred, sizeof(cred)); + gnutls_set_mac_priority( state, 2, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5); sd = accept(listen_sd, (SA *) & sa_cli, &client_len); |