summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2002-08-28 14:08:32 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2002-08-28 14:08:32 +0000
commit7d5104e60f8b854577b81bb392b037f65e58b9b1 (patch)
tree0033047448a78a693d0b84dc9fd0f0741d5e771e
parentc75750a9866b32e34ae744aa47918ef704c35806 (diff)
downloadgnutls-7d5104e60f8b854577b81bb392b037f65e58b9b1.tar.gz
Added support for the new SRP draft by D. Taylor. This includes the
removal of the blowfish crypt hash option, and the change of SRP cipher suite numbers.
Diffstat
-rw-r--r--NEWS5
-rw-r--r--doc/README.autoconf4
-rw-r--r--doc/TODO2
-rw-r--r--doc/protocol/draft-ietf-tls-srp-02.txt (renamed from doc/protocol/draft-ietf-tls-srp-01.txt)406
-rw-r--r--lib/gnutls_algorithms.c39
-rw-r--r--lib/gnutls_int.h1
-rw-r--r--libextra/Makefile.am4
-rw-r--r--libextra/auth_srp.c17
-rw-r--r--libextra/auth_srp_passwd.c18
-rw-r--r--libextra/auth_srp_passwd.h1
-rw-r--r--libextra/crypt.c34
-rw-r--r--libextra/crypt.h4
-rw-r--r--libextra/crypt_bcrypt.c709
-rw-r--r--libextra/crypt_bcrypt.h3
-rw-r--r--libextra/crypt_srpsha1.c29
-rw-r--r--libextra/crypt_srpsha1.h5
-rw-r--r--libextra/gnutls_srp.c12
-rw-r--r--libextra/gnutls_srp.h2
-rw-r--r--src/crypt-gaa.c57
-rw-r--r--src/crypt-gaa.h12
-rw-r--r--src/crypt.c32
-rw-r--r--src/crypt.gaa5
22 files changed, 292 insertions, 1109 deletions
diff --git a/NEWS b/NEWS
index 0edce2ba63..afc0a33447 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,8 @@
+Version 0.5.5
+- Updated the SRP implementation to the latest draft. The blowfish
+ crypt implementation was removed, since the new draft does not allow
+ for other hash algorithms except for the srpsha.
+
Version 0.5.4 (27/08/2002)
- Fixes in TLS 1.0 PRF and SSL3 random functions.
- gnutls_handshake_set_exportable_detection() was obsoleted.
diff --git a/doc/README.autoconf b/doc/README.autoconf
index 0f93356347..7287ce6db0 100644
--- a/doc/README.autoconf
+++ b/doc/README.autoconf
@@ -5,7 +5,7 @@ aclocal.m4:
include(libgnutls.m4)
configure.in:
- AM_PATH_LIBGNUTLS( 0.4.2,, AC_MSG_ERROR([[
+ AM_PATH_LIBGNUTLS( 0.5.4,, AC_MSG_ERROR([[
***
*** libgnutls was not found. You may want to get it from
*** ftp://ftp.gnutls.org/pub/gnutls/
@@ -18,7 +18,7 @@ aclocal.m4:
include(libgnutls-extra.m4)
configure.in:
- AM_PATH_LIBGNUTLS_EXTRA( 0.4.2,, AC_MSG_ERROR([[
+ AM_PATH_LIBGNUTLS_EXTRA( 0.5.4,, AC_MSG_ERROR([[
***
*** libgnutls-extra was not found. You may want to get it from
*** ftp://ftp.gnutls.org/pub/gnutls/
diff --git a/doc/TODO b/doc/TODO
index fd82037561..a3442635f7 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -5,6 +5,8 @@ in order to avoid having people working on the same thing.
Current list:
+ Add ability to read PKCS-12 structures (certificate and private key)
+ Add support for temporary RSA keys (needed in EXPORT ciphersuites)
+* Add option to read the SRP parameters using a callback (server side)
+* Add support for the certificate authenticated SRP cipher suites
* Add function to return cipher suite names
* Convert documentation to texinfo format
* Merge common stuff in DHE and DHA key exchange
diff --git a/doc/protocol/draft-ietf-tls-srp-01.txt b/doc/protocol/draft-ietf-tls-srp-02.txt
index f122ddd944..1a438dc7c3 100644
--- a/doc/protocol/draft-ietf-tls-srp-01.txt
+++ b/doc/protocol/draft-ietf-tls-srp-02.txt
@@ -1,12 +1,14 @@
-Network Working Group D. Taylor
-Internet-Draft Forge Research Pty Ltd
-Expires: December 28, 2001 June 29, 2001
+
+Transport Layer Security Working D. Taylor
+Group Forge Research Pty Ltd
+Internet-Draft August 21, 2002
+Expires: February 19, 2003
Using SRP for TLS Authentication
- draft-ietf-tls-srp-01
+ draft-ietf-tls-srp-02
Status of this Memo
@@ -23,24 +25,23 @@ Status of this Memo
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
- The list of current Internet-Drafts can be accessed at
- http://www.ietf.org/ietf/1id-abstracts.txt.
+ The list of current Internet-Drafts can be accessed at http://
+ www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
- This Internet-Draft will expire on December 28, 2001.
+ This Internet-Draft will expire on February 19, 2003.
Copyright Notice
- Copyright (C) The Internet Society (2001). All Rights Reserved.
+ Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
- This memo presents a technique for using the SRP (Secure Remote
- Password) protocol as an authentication method for the TLS (Transport
- Layer Security) protocol.
-
+ This memo presents a technique for using the SRP [2] (Secure Remote
+ Password) protocol as an authentication method for the TLS
+ [1](Transport Layer Security) protocol.
@@ -52,9 +53,9 @@ Abstract
-Taylor Expires December 28, 2001 [Page 1]
+Taylor Expires February 19, 2003 [Page 1]
-Internet-Draft Using SRP for TLS Authentication June 2001
+Internet-Draft Using SRP for TLS Authentication August 2002
Table of Contents
@@ -63,13 +64,14 @@ Table of Contents
2. SRP Authentication in TLS . . . . . . . . . . . . . . . . . 4
2.1 Modifications to the TLS Handshake Sequence . . . . . . . . 4
2.1.1 Message Sequence . . . . . . . . . . . . . . . . . . . . . . 4
- 2.1.2 Session re-use . . . . . . . . . . . . . . . . . . . . . . . 4
+ 2.1.2 Session Re-use . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 SRP Verifier Message Digest Selection . . . . . . . . . . . 5
2.3 Changes to the Handshake Message Contents . . . . . . . . . 5
- 2.3.1 The Client Hello Message . . . . . . . . . . . . . . . . . . 6
- 2.3.2 The Server Hello Message . . . . . . . . . . . . . . . . . . 6
- 2.3.3 The Client Key Exchange Message . . . . . . . . . . . . . . 6
- 2.3.4 The Server Key Exchange Message . . . . . . . . . . . . . . 6
+ 2.3.1 Client hello . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 2.3.2 Server hello . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 2.3.3 Server certificate . . . . . . . . . . . . . . . . . . . . . 5
+ 2.3.4 Client key exchange . . . . . . . . . . . . . . . . . . . . 6
+ 2.3.5 Server key exchange . . . . . . . . . . . . . . . . . . . . 6
2.4 Calculating the Pre-master Secret . . . . . . . . . . . . . 6
2.5 Cipher Suite Definitions . . . . . . . . . . . . . . . . . . 6
2.6 New Message Structures . . . . . . . . . . . . . . . . . . . 7
@@ -77,7 +79,7 @@ Table of Contents
2.6.2 Client Hello . . . . . . . . . . . . . . . . . . . . . . . . 7
2.6.3 Server Hello . . . . . . . . . . . . . . . . . . . . . . . . 8
2.6.4 Client Key Exchange . . . . . . . . . . . . . . . . . . . . 8
- 2.6.5 Server Key Exchange . . . . . . . . . . . . . . . . . . . . 9
+ 2.6.5 Server Key Exchange . . . . . . . . . . . . . . . . . . . . 8
3. Security Considerations . . . . . . . . . . . . . . . . . . 10
References . . . . . . . . . . . . . . . . . . . . . . . . . 11
Author's Address . . . . . . . . . . . . . . . . . . . . . . 11
@@ -107,33 +109,36 @@ Table of Contents
-
-Taylor Expires December 28, 2001 [Page 2]
+Taylor Expires February 19, 2003 [Page 2]
-Internet-Draft Using SRP for TLS Authentication June 2001
+Internet-Draft Using SRP for TLS Authentication August 2002
1. Introduction
- At the time of writing, TLS [1] uses public key certificiates with
- RSA/DSA digital signatures, or Kerberos, for authentication.
+ At the time of writing, TLS uses public key certificiates with RSA/
+ DSA digital signatures, or Kerberos, for authentication.
These authentication methods do not seem well suited to the
- applications now being adapted to use TLS (IMAP [3], FTP [4], or
- TELNET [5], for example). Given these protocols (and others like
+ applications now being adapted to use TLS (IMAP [3], FTP [5], or
+ TELNET [6], for example). Given these protocols (and others like
them) are designed to use the user name and password method of
- authentication, being able to use user names and passwords to
- authenticate the TLS connection seems to be a useful feature.
+ authentication, being able to safely use user names and passwords to
+ authenticate the TLS connection provides a much easier route to
+ additional security than implementing a public key infrastructure in
+ certain situations.
- SRP [2] is an authentication method that allows the use of user names
- and passwords over unencrypted channels without revealing the
- password to an eavesdropper. SRP also supplies a shared secret at
- the end of the authetication sequence that can be used to generate
- encryption keys.
+ SRP is an authentication method that allows the use of user names and
+ passwords over unencrypted channels without revealing the password to
+ an eavesdropper. SRP also supplies a shared secret at the end of the
+ authetication sequence that can be used to generate encryption keys.
This document describes the use of the SRP authentication method for
TLS.
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC 2119.
@@ -160,13 +165,9 @@ Internet-Draft Using SRP for TLS Authentication June 2001
-
-
-
-
-Taylor Expires December 28, 2001 [Page 3]
+Taylor Expires February 19, 2003 [Page 3]
-Internet-Draft Using SRP for TLS Authentication June 2001
+Internet-Draft Using SRP for TLS Authentication August 2002
2. SRP Authentication in TLS
@@ -177,7 +178,7 @@ Internet-Draft Using SRP for TLS Authentication June 2001
handshake messages defined in [1] due to the sequence in which the
SRP messages must be sent.
- This document proposes a new sequence of handshake messages for
+ This document presents a new sequence of handshake messages for
handshakes using the SRP authentication method.
2.1.1 Message Sequence
@@ -186,8 +187,9 @@ Internet-Draft Using SRP for TLS Authentication June 2001
Client Server
| |
- Client Hello (U, mds)--------------------> |
- | <---------------------------- Server Hello (md, g, N, s)
+ Client Hello (U) ------------------------> |
+ | <---------------------------- Server Hello (g, N, s)
+ | <---------------------------- Certificate*
Client Key Exchange (A) -----------------> |
| <---------------------------- Server Key Exchange (B)
| <---------------------------- Server Hello Done
@@ -197,11 +199,14 @@ Internet-Draft Using SRP for TLS Authentication June 2001
| <---------------------------- Finished
| |
+ * Indicates optional or situation-dependent messages that are not
+ always sent.
+
The identifiers given after each message name refer to the SRP
- variables included in that message. The variables are defined in
- [2], except for (mds) and (md) which are defined in this document.
+ variables included in that message. The variables U, g, N, s, A, and
+ B are defined in [2].
- Extended client and server hello messages, as defined in [6], are
+ Extended client and server hello messages, as defined in [7], are
used to to send the initial client and server values.
The client key exchange message is sent during the sequence of server
@@ -209,22 +214,22 @@ Internet-Draft Using SRP for TLS Authentication June 2001
its public key (A) before it receives the servers public key (B), as
stated in Section 3 of [2].
-2.1.2 Session re-use
+2.1.2 Session Re-use
The short handshake mechanism for re-using sessions for new
connections, and renegotiating keys for existing connections will
- still work with the SRP authentication mechanism and handshake.
-
- When a client attemps to re-use a session that uses SRP
- authentication, it MUST still include the SRP extension carrying the
-Taylor Expires December 28, 2001 [Page 4]
+Taylor Expires February 19, 2003 [Page 4]
-Internet-Draft Using SRP for TLS Authentication June 2001
+Internet-Draft Using SRP for TLS Authentication August 2002
+ still work with the SRP authentication mechanism and handshake.
+
+ When a client attemps to re-use a session that uses SRP
+ authentication, it MUST still include the SRP extension carrying the
user name (U) in the client hello message, in case the server cannot
or will not allow re-use of the session, meaning a full handshake
sequence is required.
@@ -236,80 +241,68 @@ Internet-Draft Using SRP for TLS Authentication June 2001
2.2 SRP Verifier Message Digest Selection
- SRP uses a message digest algorithm when creating password verifiers,
- and when performing calculations during authentication. At the time
- of writing, SHA-1 is the only algorithm that has been defined for use
- with SRP. However, there is no reason other message digest
- algorithms cannot be used, and the handshake messages and extensions
- defined by this draft include a message digest algorithm selection
- mechanism.
-
- The passwordMessageDigest enumerated, the srp_mds vector, and srp_md
- value are used to determine which message digest alorithm is to be
- used by the client when it is performing the SRP calculation. The
- server determines which message digest algorithm to use based on the
- list of message digest algorithms requested by the client, and the
- list of available SRP verifiers known by the server.
-
- The client sends a list of message digest algorithms it can use for
- the SRP calculation using the srp_mds vector. The server MUST select
- a message digest algorithm that is in the list supplied by the
- client, and the server MUST have access to an SRP verifier calculated
- with the selected message digest algorithm.
-
- If the server has access to multiple SRP verifiers for the given user
- (each calculated using a different message disgest algorithm), the
- server may select whichever matching message digest algorithm it
- chooses, so long as the selected message digest algorithm appears in
- the list sent by the client.
-
- If the server does not have an SRP verifier calculated with any of
- the message digest algorithms suggested by the client, the server
- must send a handshake failure alert.
+ The cipher suites defined in this document use the SHA-1 message
+ digest with the SRP algorithm, as specified in [2]. Implementations
+ conforming to this document MUST use the SHA-1 message digest.
+
+ Future documents may define other cipher suites that use different
+ message digests, or other similar functions, with the SRP algorithm.
2.3 Changes to the Handshake Message Contents
This section describes the changes to the TLS handshake message
- contents when SRP is being used for authentication. The definitons
+ contents when SRP is being used for authentication. The definitions
of the new message contents and the on-the-wire changes are given in
Section 2.6.
+2.3.1 Client hello
+
+ The user name is appended to the standard client hello message using
+ the hello message extension mechanism defined in [7].
+2.3.2 Server hello
-Taylor Expires December 28, 2001 [Page 5]
-
-Internet-Draft Using SRP for TLS Authentication June 2001
+ The the generator (g), the prime (N), and the salt value (s) read
+ from the SRP password file are appended to the server hello message
+ using the hello message extension mechanism defined in [7].
+2.3.3 Server certificate
-2.3.1 The Client Hello Message
+ The server MUST send a certificate if it agrees to an SRP cipher
+ suite that requires the server to provide additional authentication
+ in the form of a digital signature. See Section 2.5 for details of
+ which ciphersuites defined in this document require a server
+ certificate to be sent.
- The user name is appended to the standard client hello message using
- the client hello extension mechanism defined in [6].
- The list of message digests the client can use is also included.
- This list represents all the message digests the client can use for
- the SRP calculations.
-2.3.2 The Server Hello Message
- The message digest selected by the server (md), the generator (g),
- the prime (N), and the salt value (s) read from the SRP password file
- are appended to the server hello message using the client hello
- extension mechanism defined in [6].
+Taylor Expires February 19, 2003 [Page 5]
+
+Internet-Draft Using SRP for TLS Authentication August 2002
+
+
+ Because the server's certificate is only used for generating a
+ digital signature in SRP cipher suites, the certificate sent MUST
+ contain a public key that can be used for generating digital
+ signatures.
-2.3.3 The Client Key Exchange Message
+2.3.4 Client key exchange
The client key exchange message carries the client's public key (A),
which is calculated using both information known locally, and
information received in the server hello message. This message MUST
be sent before the server key exchange message.
-2.3.4 The Server Key Exchange Message
+2.3.5 Server key exchange
- The server key exchange message contains the servers public key (B).
+ The server key exchange message contains the server's public key (B).
The server key exchange message MUST be sent after the client key
exchange message.
+ If the server has sent a certificate message, the server key exchange
+ message MUST be signed.
+
2.4 Calculating the Pre-master Secret
The shared secret resulting from the SRP calculations (S) (defined in
@@ -323,30 +316,47 @@ Internet-Draft Using SRP for TLS Authentication June 2001
2.5 Cipher Suite Definitions
- The following cipher suites are added by this draft. The numbers
- have been selected based on other RFCs and Internet Drafts that were
- current at the time of writing, so may need to be changed in future.
+ The following cipher suites are added by this draft. The usage of
+ AES ciphersuites is as defined in [4].
+
+ CipherSuite TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x50 };
+
+ CipherSuite TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x51 };
- CipherSuite TLS_SRP_WITH_3DES_EDE_CBC_SHA = { 0x00,0x5B };
+ CipherSuite TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x52 };
+ CipherSuite TLS_SRP_SHA_WITH_AES_128_CBC_SHA = { 0x00,0x53 };
+ CipherSuite TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x54 };
+ CipherSuite TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x55 };
-Taylor Expires December 28, 2001 [Page 6]
+
+
+Taylor Expires February 19, 2003 [Page 6]
-Internet-Draft Using SRP for TLS Authentication June 2001
+Internet-Draft Using SRP for TLS Authentication August 2002
- CipherSuite TLS_SRP_WITH_RC4_128_SHA = { 0x00,0x5C };
+ CipherSuite TLS_SRP_SHA_WITH_AES_256_CBC_SHA = { 0x00,0x56 };
- CipherSuite TLS_SRP_WITH_IDEA_CBC_SHA = { 0x00,0x5D };
+ CipherSuite TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x57 };
- CipherSuite TLS_SRP_WITH_3DES_EDE_CBC_MD5 = { 0x00,0x5E };
+ CipherSuite TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x58 };
- CipherSuite TLS_SRP_WITH_RC4_128_MD5 = { 0x00,0x5F };
+ Cipher suites that do not include a digitial signature algorithm
+ identifier assume the server is authenticated by its possesion of the
+ SRP database.
- CipherSuite TLS_SRP_WITH_IDEA_CBC_MD5 = { 0x00,0x60 };
+ Cipher suites that begin with TLS_SRP_SHA_RSA or TLS_SRP_SHA_DSS
+ require the server to send a certificate message containing a
+ certificate with the specified type of public key, and to sign the
+ server key exchange message using a matching private key.
+ Implementations conforming to this specification MUST implement the
+ TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA ciphersuite, SHOULD implement the
+ TLS_SRP_SHA_WITH_AES_128_CBC_SHA and TLS_SRP_SHA_WITH_AES_256_CBC_SHA
+ ciphersuites, and MAY implement the remaining ciphersuites.
2.6 New Message Structures
@@ -363,20 +373,15 @@ Internet-Draft Using SRP for TLS Authentication June 2001
2.6.1 ExtensionType
A new value, "srp(6)", has been added to the enumerated
- ExtensionType, defined in [6]. This value is used as the extension
+ ExtensionType, defined in [7]. This value is used as the extension
number for the extensions in both the client hello message and the
- server hello message. This value was chosen based on the version of
- defined in [6] that was current at the time of writing, so may be
- changed in future.
+ server hello message.
2.6.2 Client Hello
- The user name (U) and a list of message digests (srp_mds) are encoded
- in an SRPExtension structure, and sent in an extended client hello
- message, using an extension of type "srp".
-
- The list of message digests represents the list of message digests
- the client can use for the SRP calculations.
+ The user name (U) is encoded in an SRPExtension structure, and sent
+ in an extended client hello message, using an extension of type
+ "srp".
@@ -384,26 +389,18 @@ Internet-Draft Using SRP for TLS Authentication June 2001
-
-
-
-
-Taylor Expires December 28, 2001 [Page 7]
+Taylor Expires February 19, 2003 [Page 7]
-Internet-Draft Using SRP for TLS Authentication June 2001
+Internet-Draft Using SRP for TLS Authentication August 2002
enum { client, server } ClientOrServerExtension;
- enum { sha-1(0), (255) } PasswordMessageDigest;
-
struct {
select(ClientOrServerExtension) {
case client:
opaque srp_U<1..2^8-1>;
- PasswordMessageDigest srp_mds<1..2^8-1>;
case server:
- PasswordMessageDigest srp_md;
opaque srp_s<1..2^8-1>
opaque srp_N<1..2^16-1>;
opaque srp_g<1..2^16-1>;
@@ -413,12 +410,9 @@ Internet-Draft Using SRP for TLS Authentication June 2001
2.6.3 Server Hello
- The message digest selected by the server (md), the generator (g),
- the prime (N), and the salt value (s) are encoded in an SRPExtension
- structure, which is sent in an extended server hello message, using
- an extension of type "srp".
-
- The SRPParams structure is defined above.
+ The generator (g), the prime (N), and the salt value (s) are encoded
+ in an SRPExtension structure, which is sent in an extended server
+ hello message, using an extension of type "srp".
2.6.4 Client Key Exchange
@@ -429,46 +423,58 @@ Internet-Draft Using SRP for TLS Authentication June 2001
An extra value, srp, has been added to the enumerated
KeyExchangeAlgorithm, originally defined in TLS [1].
+ struct {
+ select (KeyExchangeAlgorithm) {
+ case rsa: EncryptedPreMasterSecret;
+ case diffie_hellman: ClientDiffieHellmanPublic;
+ case srp: ClientSRPPublic; /* new entry */
+ } exchange_keys;
+ } ClientKeyExchange;
+ enum { rsa, diffie_hellman, srp } KeyExchangeAlgorithm;
+ struct {
+ opaque srp_A<1..2^16-1>;
+ } ClientSRPPublic;
+2.6.5 Server Key Exchange
+ When the value of KeyExchangeAlgorithm is set to "srp", the server's
+ ephemeral public key (B) is sent in the server key exchange message,
+Taylor Expires February 19, 2003 [Page 8]
+
+Internet-Draft Using SRP for TLS Authentication August 2002
+ encoded in an ServerSRPPublic structure.
+ The following table gives the SignatureAlgorithm value to be used for
+ each ciphersuite.
+ Ciphersuite SignatureAlgorithm
+ TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA anonymous
+ TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA rsa
-Taylor Expires December 28, 2001 [Page 8]
-
-Internet-Draft Using SRP for TLS Authentication June 2001
+ TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA dsa
+ TLS_SRP_SHA_WITH_AES_128_CBC_SHA anonymous
- struct {
- select (KeyExchangeAlgorithm) {
- case rsa: EncryptedPreMasterSecret;
- case diffie_hellman: ClientDiffieHellmanPublic;
- case srp: ClientSRPPublic; /* new entry */
- } exchange_keys;
- } ClientKeyExchange;
+ TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA rsa
- enum { rsa, diffie_hellman, srp } KeyExchangeAlgorithm;
+ TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA dsa
- struct {
- opaque srp_A<1..2^16-1>;
- } ClientSRPPublic;
+ TLS_SRP_SHA_WITH_AES_256_CBC_SHA anonymous
+ TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA rsa
-2.6.5 Server Key Exchange
+ TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA dsa
- When the value of KeyExchangeAlgorithm is set to "srp", the server's
- ephemeral public key (B) is sent in the server key exchange message,
- encoded in an ServerSRPPublic structure.
struct {
select (KeyExchangeAlgorithm) {
@@ -478,8 +484,9 @@ Internet-Draft Using SRP for TLS Authentication June 2001
case rsa:
ServerRSAParams params;
Signature signed_params;
- case srp:
- ServerSRPPublic; /* new entry */
+ case srp: /* new entry */
+ ServerSRPPublic params;
+ Signature signed_params;
};
} ServerKeyExchange;
@@ -494,43 +501,22 @@ Internet-Draft Using SRP for TLS Authentication June 2001
-
-
-
-
-
-
-Taylor Expires December 28, 2001 [Page 9]
+Taylor Expires February 19, 2003 [Page 9]
-Internet-Draft Using SRP for TLS Authentication June 2001
+Internet-Draft Using SRP for TLS Authentication August 2002
3. Security Considerations
If an attacker is able to steal the SRP verifier file, the attacker
can masquerade as the real host. Filesystem based X.509 certificate
- installations are vulnerable to a similar attack unless the servers
+ installations are vulnerable to a similar attack unless the server's
certificate is issued from a PKI that maintains revocation lists, and
the client TLS code can both contact the PKI and make use of the
revocation list.
- Not all clients and servers will be able to interoperate once the
- number of message digest algorithms used for creating password
- verifiers is increased. For example, a client may only support SHA-
- 1, whereas the verifiers on the server were created with a different
- message digest algoritm.
- Because the initial handshake messages are unprotected, an attacker
- can modify the list of message digests in the client hello message.
- For example, an attacker could rewrite the message to remove all but
- the weakest message digest. There is no way to know this has
- happened until the finished messages are compared.
- An attacker can also modify the server hello message to use a
- different message digest than that selected by the server. If this
- happens, the handshake will fail after the change cipher spec
- messages are sent, as the client and server will have calculated
- different pre-master secret vales.
@@ -556,9 +542,24 @@ Internet-Draft Using SRP for TLS Authentication June 2001
-Taylor Expires December 28, 2001 [Page 10]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Taylor Expires February 19, 2003 [Page 10]
-Internet-Draft Using SRP for TLS Authentication June 2001
+Internet-Draft Using SRP for TLS Authentication August 2002
References
@@ -572,16 +573,19 @@ References
[3] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC 2595, June
1999.
- [4] Ford-Hutchinson, P., Carpenter, M., Hudson, T., Murray, E. and
+ [4] Chown, P., "Advanced Encryption Standard (AES) Ciphersuites for
+ Transport Layer Security (TLS)", RFC 3268, June 2002.
+
+ [5] Ford-Hutchinson, P., Carpenter, M., Hudson, T., Murray, E. and
V. Wiegand, "Securing FTP with TLS", draft-murray-auth-ftp-ssl-
- 06 (work in progress), September 2000.
+ 09 (work in progress), April 2002.
- [5] Boe, M. and J. Altman, "TLS-based Telnet Security", draft-ietf-
- tn3270e-telnet-tls-05 (work in progress), October 2000.
+ [6] Boe, M. and J. Altman, "TLS-based Telnet Security", draft-ietf-
+ tn3270e-telnet-tls-06 (work in progress), April 2002.
- [6] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J. and T.
- Wright, "TLS Extensions", draft-ietf-tls-extensions-00 (work in
- progress), June 2001.
+ [7] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J. and T.
+ Wright, "TLS Extensions", draft-ietf-tls-extensions-05 (work in
+ progress), July 2002.
Author's Address
@@ -609,18 +613,15 @@ Author's Address
-
-
-
-Taylor Expires December 28, 2001 [Page 11]
+Taylor Expires February 19, 2003 [Page 11]
-Internet-Draft Using SRP for TLS Authentication June 2001
+Internet-Draft Using SRP for TLS Authentication August 2002
Appendix A. Acknowledgements
- The following people have contributed ideas and time to this draft:
- Raif Naffah, Tom Wu, Nikos Mavroyanopoulos
+ Thanks to all on the IETF tls mailing list for ideas and analysis.
+
@@ -668,14 +669,14 @@ Appendix A. Acknowledgements
-Taylor Expires December 28, 2001 [Page 12]
+Taylor Expires February 19, 2003 [Page 12]
-Internet-Draft Using SRP for TLS Authentication June 2001
+Internet-Draft Using SRP for TLS Authentication August 2002
Full Copyright Statement
- Copyright (C) The Internet Society (2001). All Rights Reserved.
+ Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
@@ -724,5 +725,6 @@ Acknowledgement
-Taylor Expires December 28, 2001 [Page 13]
+Taylor Expires February 19, 2003 [Page 13]
+
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index db8f1a7cfc..289807bede 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -219,7 +219,7 @@ typedef struct {
#define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA { 0x00, 0x1B }
#define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 }
- /* draft-ietf-tls-ciphersuite-05: */
+ /* rfc3268: */
#define GNUTLS_ANON_DH_RIJNDAEL_128_CBC_SHA { 0x00, 0x34 }
#define GNUTLS_ANON_DH_RIJNDAEL_256_CBC_SHA { 0x00, 0x3A }
/* gnutls private extensions: */
@@ -227,17 +227,11 @@ typedef struct {
/** SRP (not in TLS 1.0)
- ** draft-ietf-tls-srp-01:
+ ** draft-ietf-tls-srp-02:
**/
-#define GNUTLS_SRP_3DES_EDE_CBC_SHA { 0x00, 0x5B }
-#define GNUTLS_SRP_ARCFOUR_SHA { 0x00, 0x5C }
-#define GNUTLS_SRP_ARCFOUR_MD5 { 0x00, 0x5F }
-
-/* gnutls private extensions:
- */
-#define GNUTLS_SRP_RIJNDAEL_128_CBC_SHA { 0xFF, 0x62 }
-#define GNUTLS_SRP_RIJNDAEL_256_CBC_SHA { 0xFF, 0x63 }
-#define GNUTLS_SRP_TWOFISH_128_CBC_SHA { 0xFF, 0x64 }
+#define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA { 0x00, 0x50 }
+#define GNUTLS_SRP_SHA_RIJNDAEL_128_CBC_SHA { 0x00, 0x53 }
+#define GNUTLS_SRP_SHA_RIJNDAEL_256_CBC_SHA { 0x00, 0x56 }
/** RSA
@@ -248,7 +242,7 @@ typedef struct {
#define GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5 { 0x00, 0x03 }
-/* draft-ietf-tls-ciphersuite-05:
+/* rfc3268:
*/
#define GNUTLS_RSA_RIJNDAEL_128_CBC_SHA { 0x00, 0x2F }
#define GNUTLS_RSA_RIJNDAEL_256_CBC_SHA { 0x00, 0x35 }
@@ -271,7 +265,7 @@ typedef struct {
*/
#define GNUTLS_DHE_DSS_ARCFOUR_SHA { 0x00, 0x66 }
-/* draft-ietf-tls-ciphersuite-05:
+/* rfc3268:
*/
#define GNUTLS_DHE_DSS_RIJNDAEL_256_CBC_SHA { 0x00, 0x38 }
#define GNUTLS_DHE_DSS_RIJNDAEL_128_CBC_SHA { 0x00, 0x32 }
@@ -285,9 +279,9 @@ typedef struct {
*/
#define GNUTLS_DHE_RSA_TWOFISH_128_CBC_SHA { 0xFF, 0x55 } /* gnutls */
-/* draft-ietf-tls-ciphersuite-05:
+/* rfc3268:
*/
-#define GNUTLS_DHE_RSA_RIJNDAEL_128_CBC_SHA { 0x00, 0x33 } /* draft-ietf-tls-ciphersuite-05 */
+#define GNUTLS_DHE_RSA_RIJNDAEL_128_CBC_SHA { 0x00, 0x33 }
#define GNUTLS_DHE_RSA_RIJNDAEL_256_CBC_SHA { 0x00, 0x39 }
#define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
@@ -311,24 +305,15 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_MAC_SHA, GNUTLS_TLS1),
/* SRP */
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_ARCFOUR_SHA,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_SRP, GNUTLS_MAC_SHA, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_ARCFOUR_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_SRP, GNUTLS_MAC_MD5, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_3DES_EDE_CBC_SHA,
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
GNUTLS_MAC_SHA, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_RIJNDAEL_128_CBC_SHA,
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RIJNDAEL_128_CBC_SHA,
GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_KX_SRP,
GNUTLS_MAC_SHA, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_RIJNDAEL_256_CBC_SHA,
+ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RIJNDAEL_256_CBC_SHA,
GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_KX_SRP,
GNUTLS_MAC_SHA, GNUTLS_TLS1),
- GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_TWOFISH_128_CBC_SHA,
- GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA, GNUTLS_TLS1),
/* DHE_DSS */
GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_ARCFOUR_SHA,
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 5f59aff9d2..311ef2a40a 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -102,7 +102,6 @@ typedef struct { opaque pint[3]; } uint24;
# include <gnutls_mpi.h>
-typedef enum crypt_algo { SRPSHA1_CRYPT, BLOWFISH_CRYPT=2 } crypt_algo;
typedef enum ChangeCipherSpecType { GNUTLS_TYPE_CHANGE_CIPHER_SPEC=1 } ChangeCipherSpecType;
typedef enum CertificateStatus {
diff --git a/libextra/Makefile.am b/libextra/Makefile.am
index e682c2c86a..403c7e1a9f 100644
--- a/libextra/Makefile.am
+++ b/libextra/Makefile.am
@@ -4,7 +4,7 @@ bin_SCRIPTS = libgnutls-extra-config
m4datadir = $(datadir)/aclocal
m4data_DATA = libgnutls-extra.m4
-EXTRA_DIST = ext_srp.h crypt_bcrypt.h crypt_srpsha1.h gnutls_srp.h \
+EXTRA_DIST = ext_srp.h crypt_srpsha1.h gnutls_srp.h \
auth_srp.h auth_srp_passwd.h crypt.h gnutls_openpgp.h \
gnutls-extra-api.tex gnutls_extra.h libgnutls-extra-config.in \
libgnutls-extra.m4
@@ -12,7 +12,7 @@ EXTRA_DIST = ext_srp.h crypt_bcrypt.h crypt_srpsha1.h gnutls_srp.h \
lib_LTLIBRARIES = libgnutls-extra.la
-COBJECTS_EXTRA = crypt_bcrypt.c crypt.c crypt_srpsha1.c ext_srp.c \
+COBJECTS_EXTRA = crypt.c crypt_srpsha1.c ext_srp.c \
gnutls_srp.c auth_srp.c auth_srp_passwd.c auth_srp_sb64.c \
gnutls_openpgp.c gnutls_extra.c gnutls_openssl.c
diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c
index 89b7b36fcb..685ef762ed 100644
--- a/libextra/auth_srp.c
+++ b/libextra/auth_srp.c
@@ -78,7 +78,6 @@ int gen_srp_server_hello(GNUTLS_STATE state, opaque * data, int data_size)
size_t ret;
uint8 *data_n, *data_s;
uint8 *data_g, *username;
- uint8 pwd_algo;
GNUTLS_SRP_PWD_ENTRY *pwd_entry;
int err;
SRP_SERVER_AUTH_INFO info;
@@ -105,8 +104,6 @@ int gen_srp_server_hello(GNUTLS_STATE state, opaque * data, int data_size)
return GNUTLS_E_PWD_ERROR;
}
- pwd_algo = (uint8) pwd_entry->algorithm;
-
if (_gnutls_mpi_print( NULL, &n_g, pwd_entry->g)!=0) {
gnutls_assert();
return GNUTLS_E_MPI_PRINT_FAILED;
@@ -130,21 +127,15 @@ int gen_srp_server_hello(GNUTLS_STATE state, opaque * data, int data_size)
_gnutls_mpi_set(N, pwd_entry->n);
_gnutls_mpi_set(V, pwd_entry->v);
- if (data_size < n_n + n_g + pwd_entry->salt_size + 6 + 1) {
+ if (data_size < n_n + n_g + pwd_entry->salt_size + 6) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
data_g = data;
- /* firstly copy the algorithm used to generate the verifier
- */
- data_g[0] = pwd_algo;
-
/* copy G (generator) to data */
- data_g++;
-
if(_gnutls_mpi_print( &data_g[2], &n_g, G)!=0) {
gnutls_assert();
return GNUTLS_E_MPI_PRINT_FAILED;
@@ -299,7 +290,6 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size
const uint8 *data_n;
const uint8 *data_g;
const uint8 *data_s;
- uint8 pwd_algo;
int i, ret;
opaque hd[SRP_MAX_HASH_SIZE];
char *username;
@@ -321,9 +311,6 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size
/* read the algorithm used to generate V */
i = 0;
- DECR_LEN( data_size, 1);
- pwd_algo = data[0];
- i++;
DECR_LEN( data_size, 2);
n_g = _gnutls_read_uint16( &data[i]);
@@ -370,7 +357,7 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size
/* generate x = SHA(s | SHA(U | ":" | p))
* (or the equivalent using bcrypt)
*/
- if ( ( ret =_gnutls_calc_srp_x( username, password, (opaque*)data_s, n_s, pwd_algo, &_n_g, hd)) < 0) {
+ if ( ( ret =_gnutls_calc_srp_x( username, password, (opaque*)data_s, n_s, &_n_g, hd)) < 0) {
gnutls_assert();
return ret;
}
diff --git a/libextra/auth_srp_passwd.c b/libextra/auth_srp_passwd.c
index f0e5ef663b..6d4c257307 100644
--- a/libextra/auth_srp_passwd.c
+++ b/libextra/auth_srp_passwd.c
@@ -39,7 +39,7 @@
* string(username):base64(v):base64(salt):int(index)
*/
static int pwd_put_values( GNUTLS_SRP_PWD_ENTRY *entry, char *str, int str_size) {
-char * p, *p2;
+char * p;
int len, ret;
opaque *verifier;
size_t verifier_size;
@@ -90,20 +90,6 @@ int indx;
*p='\0';
p++;
- if ( (p2 = index(p, '$')) == NULL) {
- entry->algorithm = SRPSHA1_CRYPT;
- } else {
- p++;
- entry->algorithm = atoi(p);
- p2 = index(p, '$'); /* find the last $ */
- if (p2==NULL) {
- gnutls_assert();
- gnutls_free(entry->salt);
- return GNUTLS_E_PARSING_ERROR;
- }
- p = p2+1;
- }
-
len = strlen(p);
ret = _gnutls_sbase64_decode( p, len, &verifier);
if (ret <= 0) {
@@ -365,8 +351,6 @@ GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() {
return NULL;
}
- pwd_entry->algorithm = 0;
-
return pwd_entry;
}
diff --git a/libextra/auth_srp_passwd.h b/libextra/auth_srp_passwd.h
index 6207265542..109aa7e640 100644
--- a/libextra/auth_srp_passwd.h
+++ b/libextra/auth_srp_passwd.h
@@ -2,7 +2,6 @@
typedef struct {
char* username;
- int algorithm;
opaque *salt;
int salt_size;
diff --git a/libextra/crypt.c b/libextra/crypt.c
index d4f9a21719..4680e048f8 100644
--- a/libextra/crypt.c
+++ b/libextra/crypt.c
@@ -22,41 +22,21 @@
#ifdef ENABLE_SRP
-#include "crypt_bcrypt.h"
#include "crypt_srpsha1.h"
#include "gnutls_random.h"
-char * gnutls_crypt(const char* username, const char *passwd, crypt_algo algo, int salt, GNUTLS_MPI g, GNUTLS_MPI n) {
+char * _gnutls_srp_crypt(const char* username, const char *passwd, int salt, GNUTLS_MPI g, GNUTLS_MPI n) {
- switch(algo) {
- case BLOWFISH_CRYPT: /* bcrypt */
- /* salt in bcrypt is actually the cost */
- return crypt_bcrypt_wrapper(username, passwd, salt, g, n);
- case SRPSHA1_CRYPT: /* bcrypt */
- /* salt in bcrypt is the salt size */
- return crypt_srpsha1_wrapper(username, passwd, salt, g, n);
- }
- return NULL;
+ return _gnutls_crypt_srpsha1_wrapper(username, passwd, salt, g, n);
}
-int gnutls_crypt_vrfy(const char* username, const char *passwd, char* salt, GNUTLS_MPI g, GNUTLS_MPI n) {
+int _gnutls_srp_crypt_vrfy(const char* username, const char *passwd, char* salt, GNUTLS_MPI g, GNUTLS_MPI n) {
char* cr;
- switch(salt[0]) {
- case '$':
- switch(salt[1]) {
- case '2':
- cr = crypt_bcrypt(username, passwd, salt, g, n);
- if (cr==NULL) return 1;
- if (strncmp(cr, salt, strlen(cr))==0) return 0;
- break;
- }
- default:
- cr = crypt_srpsha1(username, passwd, salt, g, n);
- if (cr==NULL) return 1;
- if (strncmp(cr, salt, strlen(cr))==0) return 0;
- break;
- }
+ cr = _gnutls_crypt_srpsha1(username, passwd, salt, g, n);
+ if (cr==NULL) return 1;
+ if (strncmp(cr, salt, strlen(cr))==0) return 0;
+
return 1;
}
diff --git a/libextra/crypt.h b/libextra/crypt.h
index 205ec72136..bca949ca0e 100644
--- a/libextra/crypt.h
+++ b/libextra/crypt.h
@@ -1,4 +1,4 @@
/* crypt functions */
-char * gnutls_crypt(const char* username, const char *passwd, crypt_algo algo, int salt, MPI g, MPI n);
-int gnutls_crypt_vrfy(const char* username, const char *passwd, char* salt, MPI g, MPI n);
+char * _gnutls_srp_crypt(const char* username, const char *passwd, int salt, MPI g, MPI n);
+int _gnutls_srp_crypt_vrfy(const char* username, const char *passwd, char* salt, MPI g, MPI n);
diff --git a/libextra/crypt_bcrypt.c b/libextra/crypt_bcrypt.c
deleted file mode 100644
index c699f2a92b..0000000000
--- a/libextra/crypt_bcrypt.c
+++ /dev/null
@@ -1,709 +0,0 @@
-/*
- * Copyright (C) 2000,2001 Nikos Mavroyanopoulos
- *
- * This file is part of GNUTLS.
- *
- * GNUTLS-EXTRA is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * GNUTLS-EXTRA is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-/*
- * This is a modified version of the blowfish algorithm.
- * It is an implementation of the bcrypt algorithm as described
- * in a usenix paper by Niels Provos and David Mazieres.
- * This is the encoding algorithm used in OpenBSD for passwords.
- * (includes a modified version of b64.c)
- */
-
-/* The differences here from the original openbsd bcrypt algorithm are:
- * 1. we use a different b64 hash function
- * (the one used in SRP password files),
- * 2. we use all the bytes from the encryption step (openbsd omited one byte),
- * 3. we use the first 24 bytes of CONCAT(username,NULL,"Orphean...") as the
- * encryption string.
- */
-
-#include <gnutls_int.h>
-
-#ifdef ENABLE_SRP
-
-#include "crypt_bcrypt.h"
-#include "gnutls_random.h"
-#include "auth_srp_passwd.h"
-#include "gnutls_srp.h"
-#include "gnutls_errors.h"
-#include "debug.h"
-
-typedef struct {
- uint32 S[4][256], P[18];
-} blf_ctx;
-
-#define BF_N 16
-
-#define F(bc, x) ( ((bc->S[0][(x >> 24) & 0xff] + bc->S[1][(x >> 16) & 0xff]) ^ bc->S[2][(x >> 8) & 0xff]) + bc->S[3][x & 0xff] )
-
-/* x should be a 64 bit integer */
-static void _blf_encrypt(blf_ctx * c, uint8 * x)
-{
- uint32 Xl;
- uint32 Xr, temp;
- short i;
-
- Xl = x[0] << 24 | x[1] << 16 | x[2] << 8 | x[3];
- Xr = x[4] << 24 | x[5] << 16 | x[6] << 8 | x[7];
-
- for (i = 0; i < BF_N; ++i) {
- Xl ^= c->P[i];
- Xr ^= F(c, Xl);
-
- temp = Xl;
- Xl = Xr;
- Xr = temp;
- }
-
- temp = Xl;
- Xl = Xr;
- Xr = temp;
-
- Xr ^= c->P[BF_N];
- Xl ^= c->P[BF_N + 1];
-
- x[0] = (Xl >> 24) & 0xff;
- x[1] = (Xl >> 16) & 0xff;
- x[2] = (Xl >> 8) & 0xff;
- x[3] = (Xl) & 0xff;
- x[4] = (Xr >> 24) & 0xff;
- x[5] = (Xr >> 16) & 0xff;
- x[6] = (Xr >> 8) & 0xff;
- x[7] = (Xr) & 0xff;
-}
-
-/* x should be a 64 bit integer */
-static void enblf_noswap(blf_ctx * c, uint32 * x)
-{ /* Used internally */
- uint32 Xl;
- uint32 Xr, temp;
- short i;
-
- Xl = x[0];
- Xr = x[1];
-
- for (i = 0; i < BF_N; ++i) {
- Xl ^= c->P[i];
- Xr ^= F(c, Xl);
-
- temp = Xl;
- Xl = Xr;
- Xr = temp;
- }
-
- temp = Xl;
- Xl = Xr;
- Xr = temp;
-
- Xr ^= c->P[BF_N];
- Xl ^= c->P[BF_N + 1];
-
- x[0] = Xl;
- x[1] = Xr;
-}
-
-
-static const uint32 ks0[] = {
- 0xd1310ba6UL, 0x98dfb5acUL, 0x2ffd72dbUL, 0xd01adfb7UL,
- 0xb8e1afedUL, 0x6a267e96UL, 0xba7c9045UL, 0xf12c7f99UL,
- 0x24a19947UL, 0xb3916cf7UL, 0x0801f2e2UL, 0x858efc16UL,
- 0x636920d8UL, 0x71574e69UL, 0xa458fea3UL, 0xf4933d7eUL,
- 0x0d95748fUL, 0x728eb658UL, 0x718bcd58UL, 0x82154aeeUL,
- 0x7b54a41dUL, 0xc25a59b5UL, 0x9c30d539UL, 0x2af26013UL,
- 0xc5d1b023UL, 0x286085f0UL, 0xca417918UL, 0xb8db38efUL,
- 0x8e79dcb0UL, 0x603a180eUL, 0x6c9e0e8bUL, 0xb01e8a3eUL,
- 0xd71577c1UL, 0xbd314b27UL, 0x78af2fdaUL, 0x55605c60UL,
- 0xe65525f3UL, 0xaa55ab94UL, 0x57489862UL, 0x63e81440UL,
- 0x55ca396aUL, 0x2aab10b6UL, 0xb4cc5c34UL, 0x1141e8ceUL,
- 0xa15486afUL, 0x7c72e993UL, 0xb3ee1411UL, 0x636fbc2aUL,
- 0x2ba9c55dUL, 0x741831f6UL, 0xce5c3e16UL, 0x9b87931eUL,
- 0xafd6ba33UL, 0x6c24cf5cUL, 0x7a325381UL, 0x28958677UL,
- 0x3b8f4898UL, 0x6b4bb9afUL, 0xc4bfe81bUL, 0x66282193UL,
- 0x61d809ccUL, 0xfb21a991UL, 0x487cac60UL, 0x5dec8032UL,
- 0xef845d5dUL, 0xe98575b1UL, 0xdc262302UL, 0xeb651b88UL,
- 0x23893e81UL, 0xd396acc5UL, 0x0f6d6ff3UL, 0x83f44239UL,
- 0x2e0b4482UL, 0xa4842004UL, 0x69c8f04aUL, 0x9e1f9b5eUL,
- 0x21c66842UL, 0xf6e96c9aUL, 0x670c9c61UL, 0xabd388f0UL,
- 0x6a51a0d2UL, 0xd8542f68UL, 0x960fa728UL, 0xab5133a3UL,
- 0x6eef0b6cUL, 0x137a3be4UL, 0xba3bf050UL, 0x7efb2a98UL,
- 0xa1f1651dUL, 0x39af0176UL, 0x66ca593eUL, 0x82430e88UL,
- 0x8cee8619UL, 0x456f9fb4UL, 0x7d84a5c3UL, 0x3b8b5ebeUL,
- 0xe06f75d8UL, 0x85c12073UL, 0x401a449fUL, 0x56c16aa6UL,
- 0x4ed3aa62UL, 0x363f7706UL, 0x1bfedf72UL, 0x429b023dUL,
- 0x37d0d724UL, 0xd00a1248UL, 0xdb0fead3UL, 0x49f1c09bUL,
- 0x075372c9UL, 0x80991b7bUL, 0x25d479d8UL, 0xf6e8def7UL,
- 0xe3fe501aUL, 0xb6794c3bUL, 0x976ce0bdUL, 0x04c006baUL,
- 0xc1a94fb6UL, 0x409f60c4UL, 0x5e5c9ec2UL, 0x196a2463UL,
- 0x68fb6fafUL, 0x3e6c53b5UL, 0x1339b2ebUL, 0x3b52ec6fUL,
- 0x6dfc511fUL, 0x9b30952cUL, 0xcc814544UL, 0xaf5ebd09UL,
- 0xbee3d004UL, 0xde334afdUL, 0x660f2807UL, 0x192e4bb3UL,
- 0xc0cba857UL, 0x45c8740fUL, 0xd20b5f39UL, 0xb9d3fbdbUL,
- 0x5579c0bdUL, 0x1a60320aUL, 0xd6a100c6UL, 0x402c7279UL,
- 0x679f25feUL, 0xfb1fa3ccUL, 0x8ea5e9f8UL, 0xdb3222f8UL,
- 0x3c7516dfUL, 0xfd616b15UL, 0x2f501ec8UL, 0xad0552abUL,
- 0x323db5faUL, 0xfd238760UL, 0x53317b48UL, 0x3e00df82UL,
- 0x9e5c57bbUL, 0xca6f8ca0UL, 0x1a87562eUL, 0xdf1769dbUL,
- 0xd542a8f6UL, 0x287effc3UL, 0xac6732c6UL, 0x8c4f5573UL,
- 0x695b27b0UL, 0xbbca58c8UL, 0xe1ffa35dUL, 0xb8f011a0UL,
- 0x10fa3d98UL, 0xfd2183b8UL, 0x4afcb56cUL, 0x2dd1d35bUL,
- 0x9a53e479UL, 0xb6f84565UL, 0xd28e49bcUL, 0x4bfb9790UL,
- 0xe1ddf2daUL, 0xa4cb7e33UL, 0x62fb1341UL, 0xcee4c6e8UL,
- 0xef20cadaUL, 0x36774c01UL, 0xd07e9efeUL, 0x2bf11fb4UL,
- 0x95dbda4dUL, 0xae909198UL, 0xeaad8e71UL, 0x6b93d5a0UL,
- 0xd08ed1d0UL, 0xafc725e0UL, 0x8e3c5b2fUL, 0x8e7594b7UL,
- 0x8ff6e2fbUL, 0xf2122b64UL, 0x8888b812UL, 0x900df01cUL,
- 0x4fad5ea0UL, 0x688fc31cUL, 0xd1cff191UL, 0xb3a8c1adUL,
- 0x2f2f2218UL, 0xbe0e1777UL, 0xea752dfeUL, 0x8b021fa1UL,
- 0xe5a0cc0fUL, 0xb56f74e8UL, 0x18acf3d6UL, 0xce89e299UL,
- 0xb4a84fe0UL, 0xfd13e0b7UL, 0x7cc43b81UL, 0xd2ada8d9UL,
- 0x165fa266UL, 0x80957705UL, 0x93cc7314UL, 0x211a1477UL,
- 0xe6ad2065UL, 0x77b5fa86UL, 0xc75442f5UL, 0xfb9d35cfUL,
- 0xebcdaf0cUL, 0x7b3e89a0UL, 0xd6411bd3UL, 0xae1e7e49UL,
- 0x00250e2dUL, 0x2071b35eUL, 0x226800bbUL, 0x57b8e0afUL,
- 0x2464369bUL, 0xf009b91eUL, 0x5563911dUL, 0x59dfa6aaUL,
- 0x78c14389UL, 0xd95a537fUL, 0x207d5ba2UL, 0x02e5b9c5UL,
- 0x83260376UL, 0x6295cfa9UL, 0x11c81968UL, 0x4e734a41UL,
- 0xb3472dcaUL, 0x7b14a94aUL, 0x1b510052UL, 0x9a532915UL,
- 0xd60f573fUL, 0xbc9bc6e4UL, 0x2b60a476UL, 0x81e67400UL,
- 0x08ba6fb5UL, 0x571be91fUL, 0xf296ec6bUL, 0x2a0dd915UL,
- 0xb6636521UL, 0xe7b9f9b6UL, 0xff34052eUL, 0xc5855664UL,
- 0x53b02d5dUL, 0xa99f8fa1UL, 0x08ba4799UL, 0x6e85076aUL
-};
-
-static const uint32 ks1[] = {
- 0x4b7a70e9UL, 0xb5b32944UL, 0xdb75092eUL, 0xc4192623UL,
- 0xad6ea6b0UL, 0x49a7df7dUL, 0x9cee60b8UL, 0x8fedb266UL,
- 0xecaa8c71UL, 0x699a17ffUL, 0x5664526cUL, 0xc2b19ee1UL,
- 0x193602a5UL, 0x75094c29UL, 0xa0591340UL, 0xe4183a3eUL,
- 0x3f54989aUL, 0x5b429d65UL, 0x6b8fe4d6UL, 0x99f73fd6UL,
- 0xa1d29c07UL, 0xefe830f5UL, 0x4d2d38e6UL, 0xf0255dc1UL,
- 0x4cdd2086UL, 0x8470eb26UL, 0x6382e9c6UL, 0x021ecc5eUL,
- 0x09686b3fUL, 0x3ebaefc9UL, 0x3c971814UL, 0x6b6a70a1UL,
- 0x687f3584UL, 0x52a0e286UL, 0xb79c5305UL, 0xaa500737UL,
- 0x3e07841cUL, 0x7fdeae5cUL, 0x8e7d44ecUL, 0x5716f2b8UL,
- 0xb03ada37UL, 0xf0500c0dUL, 0xf01c1f04UL, 0x0200b3ffUL,
- 0xae0cf51aUL, 0x3cb574b2UL, 0x25837a58UL, 0xdc0921bdUL,
- 0xd19113f9UL, 0x7ca92ff6UL, 0x94324773UL, 0x22f54701UL,
- 0x3ae5e581UL, 0x37c2dadcUL, 0xc8b57634UL, 0x9af3dda7UL,
- 0xa9446146UL, 0x0fd0030eUL, 0xecc8c73eUL, 0xa4751e41UL,
- 0xe238cd99UL, 0x3bea0e2fUL, 0x3280bba1UL, 0x183eb331UL,
- 0x4e548b38UL, 0x4f6db908UL, 0x6f420d03UL, 0xf60a04bfUL,
- 0x2cb81290UL, 0x24977c79UL, 0x5679b072UL, 0xbcaf89afUL,
- 0xde9a771fUL, 0xd9930810UL, 0xb38bae12UL, 0xdccf3f2eUL,
- 0x5512721fUL, 0x2e6b7124UL, 0x501adde6UL, 0x9f84cd87UL,
- 0x7a584718UL, 0x7408da17UL, 0xbc9f9abcUL, 0xe94b7d8cUL,
- 0xec7aec3aUL, 0xdb851dfaUL, 0x63094366UL, 0xc464c3d2UL,
- 0xef1c1847UL, 0x3215d908UL, 0xdd433b37UL, 0x24c2ba16UL,
- 0x12a14d43UL, 0x2a65c451UL, 0x50940002UL, 0x133ae4ddUL,
- 0x71dff89eUL, 0x10314e55UL, 0x81ac77d6UL, 0x5f11199bUL,
- 0x043556f1UL, 0xd7a3c76bUL, 0x3c11183bUL, 0x5924a509UL,
- 0xf28fe6edUL, 0x97f1fbfaUL, 0x9ebabf2cUL, 0x1e153c6eUL,
- 0x86e34570UL, 0xeae96fb1UL, 0x860e5e0aUL, 0x5a3e2ab3UL,
- 0x771fe71cUL, 0x4e3d06faUL, 0x2965dcb9UL, 0x99e71d0fUL,
- 0x803e89d6UL, 0x5266c825UL, 0x2e4cc978UL, 0x9c10b36aUL,
- 0xc6150ebaUL, 0x94e2ea78UL, 0xa5fc3c53UL, 0x1e0a2df4UL,
- 0xf2f74ea7UL, 0x361d2b3dUL, 0x1939260fUL, 0x19c27960UL,
- 0x5223a708UL, 0xf71312b6UL, 0xebadfe6eUL, 0xeac31f66UL,
- 0xe3bc4595UL, 0xa67bc883UL, 0xb17f37d1UL, 0x018cff28UL,
- 0xc332ddefUL, 0xbe6c5aa5UL, 0x65582185UL, 0x68ab9802UL,
- 0xeecea50fUL, 0xdb2f953bUL, 0x2aef7dadUL, 0x5b6e2f84UL,
- 0x1521b628UL, 0x29076170UL, 0xecdd4775UL, 0x619f1510UL,
- 0x13cca830UL, 0xeb61bd96UL, 0x0334fe1eUL, 0xaa0363cfUL,
- 0xb5735c90UL, 0x4c70a239UL, 0xd59e9e0bUL, 0xcbaade14UL,
- 0xeecc86bcUL, 0x60622ca7UL, 0x9cab5cabUL, 0xb2f3846eUL,
- 0x648b1eafUL, 0x19bdf0caUL, 0xa02369b9UL, 0x655abb50UL,
- 0x40685a32UL, 0x3c2ab4b3UL, 0x319ee9d5UL, 0xc021b8f7UL,
- 0x9b540b19UL, 0x875fa099UL, 0x95f7997eUL, 0x623d7da8UL,
- 0xf837889aUL, 0x97e32d77UL, 0x11ed935fUL, 0x16681281UL,
- 0x0e358829UL, 0xc7e61fd6UL, 0x96dedfa1UL, 0x7858ba99UL,
- 0x57f584a5UL, 0x1b227263UL, 0x9b83c3ffUL, 0x1ac24696UL,
- 0xcdb30aebUL, 0x532e3054UL, 0x8fd948e4UL, 0x6dbc3128UL,
- 0x58ebf2efUL, 0x34c6ffeaUL, 0xfe28ed61UL, 0xee7c3c73UL,
- 0x5d4a14d9UL, 0xe864b7e3UL, 0x42105d14UL, 0x203e13e0UL,
- 0x45eee2b6UL, 0xa3aaabeaUL, 0xdb6c4f15UL, 0xfacb4fd0UL,
- 0xc742f442UL, 0xef6abbb5UL, 0x654f3b1dUL, 0x41cd2105UL,
- 0xd81e799eUL, 0x86854dc7UL, 0xe44b476aUL, 0x3d816250UL,
- 0xcf62a1f2UL, 0x5b8d2646UL, 0xfc8883a0UL, 0xc1c7b6a3UL,
- 0x7f1524c3UL, 0x69cb7492UL, 0x47848a0bUL, 0x5692b285UL,
- 0x095bbf00UL, 0xad19489dUL, 0x1462b174UL, 0x23820e00UL,
- 0x58428d2aUL, 0x0c55f5eaUL, 0x1dadf43eUL, 0x233f7061UL,
- 0x3372f092UL, 0x8d937e41UL, 0xd65fecf1UL, 0x6c223bdbUL,
- 0x7cde3759UL, 0xcbee7460UL, 0x4085f2a7UL, 0xce77326eUL,
- 0xa6078084UL, 0x19f8509eUL, 0xe8efd855UL, 0x61d99735UL,
- 0xa969a7aaUL, 0xc50c06c2UL, 0x5a04abfcUL, 0x800bcadcUL,
- 0x9e447a2eUL, 0xc3453484UL, 0xfdd56705UL, 0x0e1e9ec9UL,
- 0xdb73dbd3UL, 0x105588cdUL, 0x675fda79UL, 0xe3674340UL,
- 0xc5c43465UL, 0x713e38d8UL, 0x3d28f89eUL, 0xf16dff20UL,
- 0x153e21e7UL, 0x8fb03d4aUL, 0xe6e39f2bUL, 0xdb83adf7UL
-};
-
-static const uint32 ks2[] = {
- 0xe93d5a68UL, 0x948140f7UL, 0xf64c261cUL, 0x94692934UL,
- 0x411520f7UL, 0x7602d4f7UL, 0xbcf46b2eUL, 0xd4a20068UL,
- 0xd4082471UL, 0x3320f46aUL, 0x43b7d4b7UL, 0x500061afUL,
- 0x1e39f62eUL, 0x97244546UL, 0x14214f74UL, 0xbf8b8840UL,
- 0x4d95fc1dUL, 0x96b591afUL, 0x70f4ddd3UL, 0x66a02f45UL,
- 0xbfbc09ecUL, 0x03bd9785UL, 0x7fac6dd0UL, 0x31cb8504UL,
- 0x96eb27b3UL, 0x55fd3941UL, 0xda2547e6UL, 0xabca0a9aUL,
- 0x28507825UL, 0x530429f4UL, 0x0a2c86daUL, 0xe9b66dfbUL,
- 0x68dc1462UL, 0xd7486900UL, 0x680ec0a4UL, 0x27a18deeUL,
- 0x4f3ffea2UL, 0xe887ad8cUL, 0xb58ce006UL, 0x7af4d6b6UL,
- 0xaace1e7cUL, 0xd3375fecUL, 0xce78a399UL, 0x406b2a42UL,
- 0x20fe9e35UL, 0xd9f385b9UL, 0xee39d7abUL, 0x3b124e8bUL,
- 0x1dc9faf7UL, 0x4b6d1856UL, 0x26a36631UL, 0xeae397b2UL,
- 0x3a6efa74UL, 0xdd5b4332UL, 0x6841e7f7UL, 0xca7820fbUL,
- 0xfb0af54eUL, 0xd8feb397UL, 0x454056acUL, 0xba489527UL,
- 0x55533a3aUL, 0x20838d87UL, 0xfe6ba9b7UL, 0xd096954bUL,
- 0x55a867bcUL, 0xa1159a58UL, 0xcca92963UL, 0x99e1db33UL,
- 0xa62a4a56UL, 0x3f3125f9UL, 0x5ef47e1cUL, 0x9029317cUL,
- 0xfdf8e802UL, 0x04272f70UL, 0x80bb155cUL, 0x05282ce3UL,
- 0x95c11548UL, 0xe4c66d22UL, 0x48c1133fUL, 0xc70f86dcUL,
- 0x07f9c9eeUL, 0x41041f0fUL, 0x404779a4UL, 0x5d886e17UL,
- 0x325f51ebUL, 0xd59bc0d1UL, 0xf2bcc18fUL, 0x41113564UL,
- 0x257b7834UL, 0x602a9c60UL, 0xdff8e8a3UL, 0x1f636c1bUL,
- 0x0e12b4c2UL, 0x02e1329eUL, 0xaf664fd1UL, 0xcad18115UL,
- 0x6b2395e0UL, 0x333e92e1UL, 0x3b240b62UL, 0xeebeb922UL,
- 0x85b2a20eUL, 0xe6ba0d99UL, 0xde720c8cUL, 0x2da2f728UL,
- 0xd0127845UL, 0x95b794fdUL, 0x647d0862UL, 0xe7ccf5f0UL,
- 0x5449a36fUL, 0x877d48faUL, 0xc39dfd27UL, 0xf33e8d1eUL,
- 0x0a476341UL, 0x992eff74UL, 0x3a6f6eabUL, 0xf4f8fd37UL,
- 0xa812dc60UL, 0xa1ebddf8UL, 0x991be14cUL, 0xdb6e6b0dUL,
- 0xc67b5510UL, 0x6d672c37UL, 0x2765d43bUL, 0xdcd0e804UL,
- 0xf1290dc7UL, 0xcc00ffa3UL, 0xb5390f92UL, 0x690fed0bUL,
- 0x667b9ffbUL, 0xcedb7d9cUL, 0xa091cf0bUL, 0xd9155ea3UL,
- 0xbb132f88UL, 0x515bad24UL, 0x7b9479bfUL, 0x763bd6ebUL,
- 0x37392eb3UL, 0xcc115979UL, 0x8026e297UL, 0xf42e312dUL,
- 0x6842ada7UL, 0xc66a2b3bUL, 0x12754cccUL, 0x782ef11cUL,
- 0x6a124237UL, 0xb79251e7UL, 0x06a1bbe6UL, 0x4bfb6350UL,
- 0x1a6b1018UL, 0x11caedfaUL, 0x3d25bdd8UL, 0xe2e1c3c9UL,
- 0x44421659UL, 0x0a121386UL, 0xd90cec6eUL, 0xd5abea2aUL,
- 0x64af674eUL, 0xda86a85fUL, 0xbebfe988UL, 0x64e4c3feUL,
- 0x9dbc8057UL, 0xf0f7c086UL, 0x60787bf8UL, 0x6003604dUL,
- 0xd1fd8346UL, 0xf6381fb0UL, 0x7745ae04UL, 0xd736fcccUL,
- 0x83426b33UL, 0xf01eab71UL, 0xb0804187UL, 0x3c005e5fUL,
- 0x77a057beUL, 0xbde8ae24UL, 0x55464299UL, 0xbf582e61UL,
- 0x4e58f48fUL, 0xf2ddfda2UL, 0xf474ef38UL, 0x8789bdc2UL,
- 0x5366f9c3UL, 0xc8b38e74UL, 0xb475f255UL, 0x46fcd9b9UL,
- 0x7aeb2661UL, 0x8b1ddf84UL, 0x846a0e79UL, 0x915f95e2UL,
- 0x466e598eUL, 0x20b45770UL, 0x8cd55591UL, 0xc902de4cUL,
- 0xb90bace1UL, 0xbb8205d0UL, 0x11a86248UL, 0x7574a99eUL,
- 0xb77f19b6UL, 0xe0a9dc09UL, 0x662d09a1UL, 0xc4324633UL,
- 0xe85a1f02UL, 0x09f0be8cUL, 0x4a99a025UL, 0x1d6efe10UL,
- 0x1ab93d1dUL, 0x0ba5a4dfUL, 0xa186f20fUL, 0x2868f169UL,
- 0xdcb7da83UL, 0x573906feUL, 0xa1e2ce9bUL, 0x4fcd7f52UL,
- 0x50115e01UL, 0xa70683faUL, 0xa002b5c4UL, 0x0de6d027UL,
- 0x9af88c27UL, 0x773f8641UL, 0xc3604c06UL, 0x61a806b5UL,
- 0xf0177a28UL, 0xc0f586e0UL, 0x006058aaUL, 0x30dc7d62UL,
- 0x11e69ed7UL, 0x2338ea63UL, 0x53c2dd94UL, 0xc2c21634UL,
- 0xbbcbee56UL, 0x90bcb6deUL, 0xebfc7da1UL, 0xce591d76UL,
- 0x6f05e409UL, 0x4b7c0188UL, 0x39720a3dUL, 0x7c927c24UL,
- 0x86e3725fUL, 0x724d9db9UL, 0x1ac15bb4UL, 0xd39eb8fcUL,
- 0xed545578UL, 0x08fca5b5UL, 0xd83d7cd3UL, 0x4dad0fc4UL,
- 0x1e50ef5eUL, 0xb161e6f8UL, 0xa28514d9UL, 0x6c51133cUL,
- 0x6fd5c7e7UL, 0x56e14ec4UL, 0x362abfceUL, 0xddc6c837UL,
- 0xd79a3234UL, 0x92638212UL, 0x670efa8eUL, 0x406000e0UL
-};
-
-static const uint32 ks3[] = {
- 0x3a39ce37UL, 0xd3faf5cfUL, 0xabc27737UL, 0x5ac52d1bUL,
- 0x5cb0679eUL, 0x4fa33742UL, 0xd3822740UL, 0x99bc9bbeUL,
- 0xd5118e9dUL, 0xbf0f7315UL, 0xd62d1c7eUL, 0xc700c47bUL,
- 0xb78c1b6bUL, 0x21a19045UL, 0xb26eb1beUL, 0x6a366eb4UL,
- 0x5748ab2fUL, 0xbc946e79UL, 0xc6a376d2UL, 0x6549c2c8UL,
- 0x530ff8eeUL, 0x468dde7dUL, 0xd5730a1dUL, 0x4cd04dc6UL,
- 0x2939bbdbUL, 0xa9ba4650UL, 0xac9526e8UL, 0xbe5ee304UL,
- 0xa1fad5f0UL, 0x6a2d519aUL, 0x63ef8ce2UL, 0x9a86ee22UL,
- 0xc089c2b8UL, 0x43242ef6UL, 0xa51e03aaUL, 0x9cf2d0a4UL,
- 0x83c061baUL, 0x9be96a4dUL, 0x8fe51550UL, 0xba645bd6UL,
- 0x2826a2f9UL, 0xa73a3ae1UL, 0x4ba99586UL, 0xef5562e9UL,
- 0xc72fefd3UL, 0xf752f7daUL, 0x3f046f69UL, 0x77fa0a59UL,
- 0x80e4a915UL, 0x87b08601UL, 0x9b09e6adUL, 0x3b3ee593UL,
- 0xe990fd5aUL, 0x9e34d797UL, 0x2cf0b7d9UL, 0x022b8b51UL,
- 0x96d5ac3aUL, 0x017da67dUL, 0xd1cf3ed6UL, 0x7c7d2d28UL,
- 0x1f9f25cfUL, 0xadf2b89bUL, 0x5ad6b472UL, 0x5a88f54cUL,
- 0xe029ac71UL, 0xe019a5e6UL, 0x47b0acfdUL, 0xed93fa9bUL,
- 0xe8d3c48dUL, 0x283b57ccUL, 0xf8d56629UL, 0x79132e28UL,
- 0x785f0191UL, 0xed756055UL, 0xf7960e44UL, 0xe3d35e8cUL,
- 0x15056dd4UL, 0x88f46dbaUL, 0x03a16125UL, 0x0564f0bdUL,
- 0xc3eb9e15UL, 0x3c9057a2UL, 0x97271aecUL, 0xa93a072aUL,
- 0x1b3f6d9bUL, 0x1e6321f5UL, 0xf59c66fbUL, 0x26dcf319UL,
- 0x7533d928UL, 0xb155fdf5UL, 0x03563482UL, 0x8aba3cbbUL,
- 0x28517711UL, 0xc20ad9f8UL, 0xabcc5167UL, 0xccad925fUL,
- 0x4de81751UL, 0x3830dc8eUL, 0x379d5862UL, 0x9320f991UL,
- 0xea7a90c2UL, 0xfb3e7bceUL, 0x5121ce64UL, 0x774fbe32UL,
- 0xa8b6e37eUL, 0xc3293d46UL, 0x48de5369UL, 0x6413e680UL,
- 0xa2ae0810UL, 0xdd6db224UL, 0x69852dfdUL, 0x09072166UL,
- 0xb39a460aUL, 0x6445c0ddUL, 0x586cdecfUL, 0x1c20c8aeUL,
- 0x5bbef7ddUL, 0x1b588d40UL, 0xccd2017fUL, 0x6bb4e3bbUL,
- 0xdda26a7eUL, 0x3a59ff45UL, 0x3e350a44UL, 0xbcb4cdd5UL,
- 0x72eacea8UL, 0xfa6484bbUL, 0x8d6612aeUL, 0xbf3c6f47UL,
- 0xd29be463UL, 0x542f5d9eUL, 0xaec2771bUL, 0xf64e6370UL,
- 0x740e0d8dUL, 0xe75b1357UL, 0xf8721671UL, 0xaf537d5dUL,
- 0x4040cb08UL, 0x4eb4e2ccUL, 0x34d2466aUL, 0x0115af84UL,
- 0xe1b00428UL, 0x95983a1dUL, 0x06b89fb4UL, 0xce6ea048UL,
- 0x6f3f3b82UL, 0x3520ab82UL, 0x011a1d4bUL, 0x277227f8UL,
- 0x611560b1UL, 0xe7933fdcUL, 0xbb3a792bUL, 0x344525bdUL,
- 0xa08839e1UL, 0x51ce794bUL, 0x2f32c9b7UL, 0xa01fbac9UL,
- 0xe01cc87eUL, 0xbcc7d1f6UL, 0xcf0111c3UL, 0xa1e8aac7UL,
- 0x1a908749UL, 0xd44fbd9aUL, 0xd0dadecbUL, 0xd50ada38UL,
- 0x0339c32aUL, 0xc6913667UL, 0x8df9317cUL, 0xe0b12b4fUL,
- 0xf79e59b7UL, 0x43f5bb3aUL, 0xf2d519ffUL, 0x27d9459cUL,
- 0xbf97222cUL, 0x15e6fc2aUL, 0x0f91fc71UL, 0x9b941525UL,
- 0xfae59361UL, 0xceb69cebUL, 0xc2a86459UL, 0x12baa8d1UL,
- 0xb6c1075eUL, 0xe3056a0cUL, 0x10d25065UL, 0xcb03a442UL,
- 0xe0ec6e0eUL, 0x1698db3bUL, 0x4c98a0beUL, 0x3278e964UL,
- 0x9f1f9532UL, 0xe0d392dfUL, 0xd3a0342bUL, 0x8971f21eUL,
- 0x1b0a7441UL, 0x4ba3348cUL, 0xc5be7120UL, 0xc37632d8UL,
- 0xdf359f8dUL, 0x9b992f2eUL, 0xe60b6f47UL, 0x0fe3f11dUL,
- 0xe54cda54UL, 0x1edad891UL, 0xce6279cfUL, 0xcd3e7e6fUL,
- 0x1618b166UL, 0xfd2c1d05UL, 0x848fd2c5UL, 0xf6fb2299UL,
- 0xf523f357UL, 0xa6327623UL, 0x93a83531UL, 0x56cccd02UL,
- 0xacf08162UL, 0x5a75ebb5UL, 0x6e163697UL, 0x88d273ccUL,
- 0xde966292UL, 0x81b949d0UL, 0x4c50901bUL, 0x71c65614UL,
- 0xe6c6c7bdUL, 0x327a140aUL, 0x45e1d006UL, 0xc3f27b9aUL,
- 0xc9aa53fdUL, 0x62a80f00UL, 0xbb25bfe2UL, 0x35bdd2f6UL,
- 0x71126905UL, 0xb2040222UL, 0xb6cbcf7cUL, 0xcd769c2bUL,
- 0x53113ec0UL, 0x1640e3d3UL, 0x38abbd60UL, 0x2547adf0UL,
- 0xba38209cUL, 0xf746ce76UL, 0x77afa1c5UL, 0x20756060UL,
- 0x85cbfe4eUL, 0x8ae88dd8UL, 0x7aaaf9b0UL, 0x4cf9aa7eUL,
- 0x1948c25cUL, 0x02fb8a8cUL, 0x01c36ae4UL, 0xd6ebe1f9UL,
- 0x90d4f869UL, 0xa65cdea0UL, 0x3f09252dUL, 0xc208e69fUL,
- 0xb74e6132UL, 0xce77e25bUL, 0x578fdfe3UL, 0x3ac372e6UL
-};
-
-
-static const uint32 pi[] = {
- 0x243f6a88UL, 0x85a308d3UL, 0x13198a2eUL, 0x03707344UL,
- 0xa4093822UL, 0x299f31d0UL, 0x082efa98UL, 0xec4e6c89UL,
- 0x452821e6UL, 0x38d01377UL, 0xbe5466cfUL, 0x34e90c6cUL,
- 0xc0ac29b7UL, 0xc97c50ddUL, 0x3f84d5b5UL, 0xb5470917UL,
- 0x9216d5d9UL, 0x8979fb1bUL
-};
-
-
-/* salt is an 128 bit integer */
-static short initialize_blowfish(blf_ctx * c)
-{
- short i;
-
- for (i = 0; i < 256; i++) {
- c->S[0][i] = ks0[i];
- c->S[1][i] = ks1[i];
- c->S[2][i] = ks2[i];
- c->S[3][i] = ks3[i];
- }
-
-/* P-boxes */
- for (i = 0; i < 18; i++) {
- c->P[i] = pi[i];
- }
- return 0;
-}
-
-static short _blf_ExpandKey(blf_ctx * c, const uint8 * key, short keybytes,
- const uint8 * bsalt)
-{
- short i, j;
- int k;
- uint32 data, temp[2];
- uint32 wsalt[4];
-
- if (bsalt != NULL) {
- wsalt[0] = 0x00000000;
- wsalt[1] = 0x00000000;
- wsalt[2] = 0x00000000;
- wsalt[3] = 0x00000000;
- for (i = 0; i < 4; i++) {
- wsalt[0] = (wsalt[0] << 8) | bsalt[i];
- wsalt[1] = (wsalt[1] << 8) | bsalt[i + 4];
- wsalt[2] = (wsalt[2] << 8) | bsalt[i + 8];
- wsalt[3] = (wsalt[3] << 8) | bsalt[i + 12];
- }
- }
-
- temp[0] = temp[1] = 0x00000000;
-
- j = 0;
- /* Step 1: XOR the Pbox with the key */
- for (i = 0; i < BF_N + 2; i++) {
- data = 0x00000000;
- data = (data << 8) | key[(j) % keybytes];
- data = (data << 8) | key[(j + 1) % keybytes];
- data = (data << 8) | key[(j + 2) % keybytes];
- data = (data << 8) | key[(j + 3) % keybytes];
-
- c->P[i] ^= data;
- j = (j + 4) % keybytes;
- }
-
- k = 2; /* This should be 0 ??? */
- /* Step 2: Use the salt on Pbox */
- for (i = 0; i < BF_N + 2; i += 2) {
- if (bsalt != NULL) {
- temp[0] ^= wsalt[(k + 2) % 4];
- temp[1] ^= wsalt[(k + 3) % 4];
- k = (k + 2) % 4;
- }
- enblf_noswap(c, temp);
- c->P[i] = temp[0];
- c->P[i + 1] = temp[1];
- }
-
- for (i = 0; i < 4; i++) {
- for (j = 0; j < 256; j += 2) {
- if (bsalt != NULL) {
- temp[0] ^= wsalt[(k + 2) % 4];
- temp[1] ^= wsalt[(k + 3) % 4];
- k = (k + 2) % 4;
- }
- enblf_noswap(c, temp);
- c->S[i][j] = temp[0];
- c->S[i][j + 1] = temp[1];
-
- }
- }
- return 0;
-}
-
-static blf_ctx *_blf_init(uint8 * salt, const char *key, int key_len,
- int cost)
-{
- blf_ctx *state = gnutls_malloc(sizeof(blf_ctx));
- uint32 i, rcost;
-
- if (state == NULL)
- return NULL;
-
- rcost = (uint32) 1 << cost; /* 2^cost */
-
- initialize_blowfish(state);
- _blf_ExpandKey(state, (uint8 *) key, key_len, salt);
- for (i = 0; i < rcost; i++) {
- /* these should have been in reverse order */
- _blf_ExpandKey(state, (uint8 *) key, key_len, NULL);
- _blf_ExpandKey(state, salt, 16, NULL);
- }
- return state;
-}
-
-static void _blf_deinit(blf_ctx * ctx)
-{
- gnutls_free(ctx);
-}
-
-static const char magic[] = "$2$";
-
-#define B64TEXT "OrpheanBeholderScryDoubt"
-
-/* This function Does the actual bcrypt encoding. The only difference
- * than the original bcrypt is that it accepts a username as a parameter.
- *
- */
-char *crypt_bcrypt(const char *username, const char *passwd,
- const char *salt, GNUTLS_MPI g, GNUTLS_MPI n)
-{
- unsigned char *sp, *spe;
- blf_ctx *ctx;
- uint8 *csalt;
- uint8 text[24];
- uint8 *rtext;
- uint8 cost;
- int i, salt_size = strlen(salt);
- size_t len;
- unsigned char *local_salt, *v;
- int passwd_len, vsize, tmpsize;
- opaque *tmp;
-
- /* copy username+null+B64TEXT to text
- */
- if (username != NULL) {
- strncpy(text, username, sizeof(text));
- if ((sizeof(text) - strlen(username) - 1) > 0)
- strncpy(&text[strlen(username) + 1], B64TEXT,
- sizeof(text) - strlen(username) - 1);
- } else {
- /* normal operation without username
- */
- memcpy(text, B64TEXT, sizeof(text));
- }
-
- passwd_len = strlen(passwd) + 1; /* we want the null also */
- if (passwd_len > 56)
- passwd_len = 56;
-
- local_salt = gnutls_alloca(salt_size + 1);
- if (local_salt == NULL) {
- gnutls_assert();
- return NULL;
- }
- strcpy((char *) local_salt, salt); /* Flawfinder: ignore */
-
- sp = index(local_salt, ':'); /* move to salt - after verifier */
- if (sp == NULL) {
- gnutls_afree(local_salt);
- gnutls_assert();
- return NULL;
- }
- sp++;
-
- spe = rindex(sp, ':');
- if (spe == NULL) { /* no ':' was found */
- len = strlen(sp);
- } else
- len = (ptrdiff_t) spe - (ptrdiff_t) sp;
-
- if (_gnutls_sbase64_decode(sp, len, &csalt) < 0) {
- gnutls_afree(local_salt);
- gnutls_assert();
- return NULL;
- }
-
- cost = (int) csalt[0];
- ctx = _blf_init(&csalt[1], passwd, passwd_len, cost);
- gnutls_free(csalt);
-
- if (ctx == NULL) {
- gnutls_afree(local_salt);
- return NULL;
- }
-
- for (i = 0; i < 64; i++) {
- _blf_encrypt(ctx, (uint8 *) text);
- _blf_encrypt(ctx, (uint8 *) & text[8]);
- _blf_encrypt(ctx, (uint8 *) & text[16]);
- }
-
- /* v = g^x mod n */
- vsize = _gnutls_srp_gx(text, 8 * 3, &v, g, n);
- if (vsize == -1 || v == NULL) {
- gnutls_afree(local_salt);
- gnutls_assert();
- return NULL;
- }
-
- if (_gnutls_sbase64_encode(v, vsize, &rtext) < 0) {
- gnutls_afree(local_salt);
- gnutls_free(v);
- gnutls_assert();
- return NULL;
- }
- gnutls_free(v);
-
- tmpsize = strlen(magic) + 3 + strlen(sp) + 1 + strlen(rtext) + 1;
- tmp = gnutls_malloc(tmpsize);
- if (tmp == NULL) {
- gnutls_afree(local_salt);
- gnutls_assert();
- return NULL;
- }
-
- sprintf(tmp, "%s%s:%s", magic, rtext, sp); /* Flawfinder: ignore */
-
- gnutls_afree(local_salt);
- gnutls_free(rtext);
-
- _blf_deinit(ctx);
- return tmp;
-}
-
-/* cost is stored as the first byte in salt (thus < 255) which is
- * just fine!
- */
-char *crypt_bcrypt_wrapper(const char *username, const char *pass_new,
- int cost, GNUTLS_MPI g, GNUTLS_MPI n)
-{
- opaque *result;
- char *tcp;
- uint8 rand[17];
- char *e = NULL;
- int result_size;
-
- if (_gnutls_get_random(&rand[1], 17, GNUTLS_WEAK_RANDOM) < 0) {
- gnutls_assert();
- return NULL;
- }
- /* cost should be <32 and >6 */
- if (cost >= 32)
- cost = 31;
- if (cost < 1)
- cost = 1;
-
- rand[0] = (uint8) cost;
- result_size = _gnutls_sbase64_encode(rand, 17, &result);
-
- if (result_size < 0) {
- gnutls_assert();
- return NULL;
- }
-
- tcp = gnutls_calloc(1, 1 + result_size + 1);
- sprintf(tcp, ":%s", result); /* Flawfinder: ignore */
-
- gnutls_free(result);
-
-
- e = crypt_bcrypt(username, pass_new, (const char *) tcp, g, n);
- gnutls_free(tcp);
-
- return e;
-}
-
-#define BCRYPT_SIZE 24
-int _gnutls_calc_srp_bcrypt(const char *username, const char *passwd,
- opaque * salt, int salt_size, int *size,
- void *digest)
-{
- blf_ctx *ctx;
- opaque text[BCRYPT_SIZE];
- int passwd_len, i;
-
- strncpy(text, username, sizeof(text));
- if ((sizeof(text) - strlen(username) - 1) > 0)
- strncpy(&text[strlen(username) + 1], B64TEXT,
- sizeof(text) - strlen(username) - 1);
-
- *size = sizeof(text);
-
- /* we need 16 + cost */
- if (salt_size < 17)
- return -1;
-
- passwd_len = strlen(passwd) + 1; /* we want the null also */
- if (passwd_len > 56)
- passwd_len = 56;
-
- ctx = _blf_init(&salt[1], passwd, passwd_len, (int) (salt[0]));
- if (ctx == NULL) {
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- for (i = 0; i < 64; i++) {
- _blf_encrypt(ctx, (uint8 *) text);
- _blf_encrypt(ctx, (uint8 *) & text[8]);
- _blf_encrypt(ctx, (uint8 *) & text[16]);
- }
-
- _blf_deinit(ctx);
-
- memcpy(digest, text, BCRYPT_SIZE);
- return 0;
-}
-
-#endif /* ENABLE_SRP */
diff --git a/libextra/crypt_bcrypt.h b/libextra/crypt_bcrypt.h
deleted file mode 100644
index 00458a2e2b..0000000000
--- a/libextra/crypt_bcrypt.h
+++ /dev/null
@@ -1,3 +0,0 @@
-char * crypt_bcrypt (const char* username, const char *passwd, const char *salt, MPI g, MPI n);
-char *crypt_bcrypt_wrapper(const char* username, const char *pass_new, int cost, MPI g, MPI n);
-int _gnutls_calc_srp_bcrypt( const char* username, const char *passwd, opaque *salt, int salt_size, int* size, void* digest);
diff --git a/libextra/crypt_srpsha1.c b/libextra/crypt_srpsha1.c
index 78d8764f05..f09dff5a14 100644
--- a/libextra/crypt_srpsha1.c
+++ b/libextra/crypt_srpsha1.c
@@ -28,11 +28,15 @@
#include "gnutls_srp.h"
#include <gnutls_errors.h>
-/* x = SHA(<salt> | SHA(<username> | ":" | <raw password>)) */
+/*
+ * x = SHA(<salt> | SHA(<username> | ":" | <raw password>))
+ */
static const char magic[] = "";
-char *crypt_srpsha1(const char *username, const char *passwd,
+/* This function does the actual srpsha1 encoding.
+ */
+char *_gnutls_crypt_srpsha1(const char *username, const char *passwd,
const char *salt, GNUTLS_MPI g, GNUTLS_MPI n)
{
unsigned char *sp, *spe, r1[MAX_HASH_SIZE];
@@ -129,9 +133,8 @@ char *crypt_srpsha1(const char *username, const char *passwd,
return tmp;
}
-/* salt here is the salt size */
-char *crypt_srpsha1_wrapper(const char *username, const char *pass_new,
- int salt, GNUTLS_MPI g, GNUTLS_MPI n)
+char *_gnutls_crypt_srpsha1_wrapper(const char *username, const char *pass_new,
+ int salt_size, GNUTLS_MPI g, GNUTLS_MPI n)
{
unsigned char *result;
char *tcp;
@@ -139,18 +142,18 @@ char *crypt_srpsha1_wrapper(const char *username, const char *pass_new,
char *e = NULL;
int result_size;
- if (salt > 50 || salt <= 0)
+ if (salt_size > 50 || salt_size <= 0)
return NULL; /* wow that's pretty long salt */
- rand = gnutls_malloc(salt);
- if (rand==NULL || _gnutls_get_random(rand, salt, GNUTLS_WEAK_RANDOM) < 0) {
+ rand = gnutls_alloca(salt_size);
+ if (rand==NULL || _gnutls_get_random(rand, salt_size, GNUTLS_WEAK_RANDOM) < 0) {
gnutls_assert();
return NULL;
}
- result_size = _gnutls_sbase64_encode(rand, salt, &result);
+ result_size = _gnutls_sbase64_encode(rand, salt_size, &result);
if (result_size < 0) {
- gnutls_free(rand);
+ gnutls_afree(rand);
gnutls_assert();
return NULL;
}
@@ -158,16 +161,16 @@ char *crypt_srpsha1_wrapper(const char *username, const char *pass_new,
tcp = gnutls_calloc(1, 1+ result_size + 1);
if (tcp==NULL) {
gnutls_assert();
- gnutls_free(rand);
+ gnutls_afree(rand);
return NULL;
}
sprintf(tcp, ":%s", result); /* Flawfinder: ignore */
gnutls_free(result);
- gnutls_free(rand);
+ gnutls_afree(rand);
/* no longer need cleartext */
- e = crypt_srpsha1(username, pass_new, (const char *) tcp, g, n);
+ e = _gnutls_crypt_srpsha1(username, pass_new, (const char *) tcp, g, n);
gnutls_free(tcp);
return e;
diff --git a/libextra/crypt_srpsha1.h b/libextra/crypt_srpsha1.h
index bf0d55ebbe..c348b2b734 100644
--- a/libextra/crypt_srpsha1.h
+++ b/libextra/crypt_srpsha1.h
@@ -1,2 +1,3 @@
-char * crypt_srpsha1(const char* username, const char *passwd, const char *salt, MPI g, MPI n);
-char *crypt_srpsha1_wrapper(const char* username, const char *pass_new, int salt, MPI g, MPI n);
+char *_gnutls_crypt_srpsha1_wrapper(const char* username, const char *pass_new, int salt, MPI g, MPI n);
+char *_gnutls_crypt_srpsha1(const char *username, const char *passwd,
+ const char *salt, GNUTLS_MPI g, GNUTLS_MPI n);
diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c
index f8a232abaf..e520c92321 100644
--- a/libextra/gnutls_srp.c
+++ b/libextra/gnutls_srp.c
@@ -27,7 +27,6 @@
#include <gnutls_srp.h>
#include <auth_srp_passwd.h>
-#include <crypt_bcrypt.h>
#include <gnutls_mpi.h>
#include "debug.h"
@@ -258,18 +257,11 @@ int _gnutls_calc_srp_sha(char *username, char *password, opaque * salt,
}
int _gnutls_calc_srp_x(char *username, char *password, opaque * salt,
- size_t salt_size, uint8 crypt_algo, size_t *size, void* digest)
+ size_t salt_size, size_t *size, void* digest)
{
- switch (crypt_algo) {
- case SRPSHA1_CRYPT:
- return _gnutls_calc_srp_sha(username, password, salt,
+ return _gnutls_calc_srp_sha(username, password, salt,
salt_size, size, digest);
- case BLOWFISH_CRYPT:
- return _gnutls_calc_srp_bcrypt(username, password, salt, salt_size,
- size, digest);
- }
- return -1;
}
diff --git a/libextra/gnutls_srp.h b/libextra/gnutls_srp.h
index e43140803f..db2c73692c 100644
--- a/libextra/gnutls_srp.h
+++ b/libextra/gnutls_srp.h
@@ -6,7 +6,7 @@ MPI _gnutls_calc_srp_u( MPI B);
MPI _gnutls_calc_srp_S1(MPI A, MPI b, MPI u, MPI v, MPI n);
MPI _gnutls_calc_srp_A(MPI *a, MPI g, MPI n);
MPI _gnutls_calc_srp_S2(MPI B, MPI g, MPI x, MPI a, MPI u, MPI n);
-int _gnutls_calc_srp_x( char* username, char* password, opaque* salt, size_t salt_size, uint8 crypt_algo, size_t* size, void* digest);
+int _gnutls_calc_srp_x( char* username, char* password, opaque* salt, size_t salt_size, size_t* size, void* digest);
int _gnutls_srp_gn( opaque** ret_g, opaque** ret_n, int bits);
/* our prime */
diff --git a/src/crypt-gaa.c b/src/crypt-gaa.c
index a6486638bb..f864ad76c6 100644
--- a/src/crypt-gaa.c
+++ b/src/crypt-gaa.c
@@ -120,7 +120,6 @@ void gaa_help(void)
__gaa_helpsingle('u', "username", "username ", "specify username.");
__gaa_helpsingle('p', "passwd", "FILE ", "specify a password file.");
__gaa_helpsingle('i', "index", "INDEX ", "specify the index of the parameters in tpasswd.conf to use.");
- __gaa_helpsingle('c', "crypt", "CRYPT ", "specify crypt algorithm (bcrypt/srpsha).");
__gaa_helpsingle('s', "salt", "SALT ", "specify salt/cost size for crypt algorithm.");
__gaa_helpsingle(0, "verify", "", "just verify password.");
__gaa_helpsingle(0, "passwd-conf", "FILE ", "specify a password conf file.");
@@ -141,18 +140,16 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 27 "crypt.gaa"
- int bits;
#line 24 "crypt.gaa"
- char *create_conf;
+ int bits;
#line 21 "crypt.gaa"
- char *passwd_conf;
+ char *create_conf;
#line 18 "crypt.gaa"
- int verify;
+ char *passwd_conf;
#line 15 "crypt.gaa"
- int salt;
+ int verify;
#line 12 "crypt.gaa"
- char *crypt;
+ int salt;
#line 9 "crypt.gaa"
int index;
#line 6 "crypt.gaa"
@@ -213,17 +210,16 @@ int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 10
+#define GAA_NB_OPTION 9
#define GAAOPTID_help 1
#define GAAOPTID_bits 2
#define GAAOPTID_create_conf 3
#define GAAOPTID_passwd_conf 4
#define GAAOPTID_verify 5
#define GAAOPTID_salt 6
-#define GAAOPTID_crypt 7
-#define GAAOPTID_index 8
-#define GAAOPTID_passwd 9
-#define GAAOPTID_username 10
+#define GAAOPTID_index 7
+#define GAAOPTID_passwd 8
+#define GAAOPTID_username 9
#line 168 "gaa.skel"
@@ -434,12 +430,6 @@ struct GAAOPTION_salt
int size1;
};
-struct GAAOPTION_crypt
-{
- char* arg1;
- int size1;
-};
-
struct GAAOPTION_index
{
int arg1;
@@ -491,7 +481,6 @@ int gaa_get_option_num(char *str, int status)
GAA_CHECK1STR("", GAAOPTID_create_conf);
GAA_CHECK1STR("", GAAOPTID_passwd_conf);
GAA_CHECK1STR("s", GAAOPTID_salt);
- GAA_CHECK1STR("c", GAAOPTID_crypt);
GAA_CHECK1STR("i", GAAOPTID_index);
GAA_CHECK1STR("p", GAAOPTID_passwd);
GAA_CHECK1STR("u", GAAOPTID_username);
@@ -509,7 +498,6 @@ int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("passwd-conf", GAAOPTID_passwd_conf);
GAA_CHECKSTR("verify", GAAOPTID_verify);
GAA_CHECKSTR("salt", GAAOPTID_salt);
- GAA_CHECKSTR("crypt", GAAOPTID_crypt);
GAA_CHECKSTR("index", GAAOPTID_index);
GAA_CHECKSTR("passwd", GAAOPTID_passwd);
GAA_CHECKSTR("username", GAAOPTID_username);
@@ -529,7 +517,6 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
struct GAAOPTION_create_conf GAATMP_create_conf;
struct GAAOPTION_passwd_conf GAATMP_passwd_conf;
struct GAAOPTION_salt GAATMP_salt;
- struct GAAOPTION_crypt GAATMP_crypt;
struct GAAOPTION_index GAATMP_index;
struct GAAOPTION_passwd GAATMP_passwd;
struct GAAOPTION_username GAATMP_username;
@@ -555,7 +542,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
{
case GAAOPTID_help:
OK = 0;
-#line 30 "crypt.gaa"
+#line 27 "crypt.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
@@ -565,7 +552,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1);
gaa_index++;
-#line 28 "crypt.gaa"
+#line 25 "crypt.gaa"
{ gaaval->bits = GAATMP_bits.arg1 ;};
return GAA_OK;
@@ -575,7 +562,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_create_conf.arg1, gaa_getstr, GAATMP_create_conf.size1);
gaa_index++;
-#line 25 "crypt.gaa"
+#line 22 "crypt.gaa"
{ gaaval->create_conf = GAATMP_create_conf.arg1 ;};
return GAA_OK;
@@ -585,14 +572,14 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_passwd_conf.arg1, gaa_getstr, GAATMP_passwd_conf.size1);
gaa_index++;
-#line 22 "crypt.gaa"
+#line 19 "crypt.gaa"
{ gaaval->passwd_conf = GAATMP_passwd_conf.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_verify:
OK = 0;
-#line 19 "crypt.gaa"
+#line 16 "crypt.gaa"
{ gaaval->verify = 1 ;};
return GAA_OK;
@@ -602,18 +589,8 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_salt.arg1, gaa_getint, GAATMP_salt.size1);
gaa_index++;
-#line 16 "crypt.gaa"
-{ gaaval->salt = GAATMP_salt.arg1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_crypt:
- OK = 0;
- GAA_TESTMOREARGS;
- GAA_FILL(GAATMP_crypt.arg1, gaa_getstr, GAATMP_crypt.size1);
- gaa_index++;
#line 13 "crypt.gaa"
-{ gaaval->crypt = GAATMP_crypt.arg1 ;};
+{ gaaval->salt = GAATMP_salt.arg1 ;};
return GAA_OK;
break;
@@ -671,8 +648,8 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
if(inited == 0)
{
-#line 32 "crypt.gaa"
-{ gaaval->username=NULL; gaaval->passwd=NULL; gaaval->crypt=NULL; gaaval->salt=0;
+#line 29 "crypt.gaa"
+{ gaaval->username=NULL; gaaval->passwd=NULL; gaaval->salt=0;
gaaval->create_conf=NULL; gaaval->passwd_conf=NULL; gaaval->verify = 0; gaaval->bits=1040;
gaaval->index = 1; ;};
diff --git a/src/crypt-gaa.h b/src/crypt-gaa.h
index 13421f9d76..189b7c0410 100644
--- a/src/crypt-gaa.h
+++ b/src/crypt-gaa.h
@@ -8,18 +8,16 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 27 "crypt.gaa"
- int bits;
#line 24 "crypt.gaa"
- char *create_conf;
+ int bits;
#line 21 "crypt.gaa"
- char *passwd_conf;
+ char *create_conf;
#line 18 "crypt.gaa"
- int verify;
+ char *passwd_conf;
#line 15 "crypt.gaa"
- int salt;
+ int verify;
#line 12 "crypt.gaa"
- char *crypt;
+ int salt;
#line 9 "crypt.gaa"
int index;
#line 6 "crypt.gaa"
diff --git a/src/crypt.c b/src/crypt.c
index 8b1a76d295..9c8d31e91e 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -39,7 +39,7 @@
* are in the library, which is not good.
*/
-int crypt_int(char *username, char *passwd, int crypt, int salt,
+int crypt_int(char *username, char *passwd, int salt,
char *tpasswd_conf, char *tpasswd, int uindex);
static int read_conf_values(MPI * g, MPI * n, char *str, int str_size);
static int _verify_passwd_int(char* username, char* passwd, char* salt, MPI g, MPI n);
@@ -72,7 +72,7 @@ int generate_create_conf(char *tpasswd_conf, int bits)
static int _verify_passwd_int(char* username, char* passwd, char* salt, MPI g, MPI n) {
if (salt==NULL) return -1;
- if (gnutls_crypt_vrfy
+ if (_gnutls_srp_crypt_vrfy
(username, passwd, salt, g, n) == 0) {
fprintf(stderr, "Password verified\n");
return 0;
@@ -225,7 +225,7 @@ int main(int argc, char **argv)
{
gaainfo info;
char *passwd;
- int crypt, salt;
+ int salt;
struct passwd *pwd;
if (gaa(argc, argv, &info) != -1) {
@@ -255,23 +255,7 @@ int main(int argc, char **argv)
info.username = pwd->pw_name;
}
- if (info.crypt == NULL) {
- crypt = SRPSHA1_CRYPT;
- salt = 16;
- } else {
- if (strcasecmp(info.crypt, "bcrypt") == 0) {
- crypt = BLOWFISH_CRYPT;
- if (salt == 0)
- salt = 6; /* cost is 6 */
- } else if (strcasecmp(info.crypt, "srpsha") == 0) {
- crypt = SRPSHA1_CRYPT;
- if (salt == 0)
- salt = 10; /* 10 bytes salt */
- } else {
- fprintf(stderr, "Unknown algorithm\n");
- return -1;
- }
- }
+ salt = 16;
passwd = getpass("Enter password: ");
@@ -282,12 +266,12 @@ int main(int argc, char **argv)
}
- return crypt_int(info.username, passwd, crypt, salt,
+ return crypt_int(info.username, passwd, salt,
info.passwd_conf, info.passwd, info.index);
}
-int crypt_int(char *username, char *passwd, int crypt, int salt,
+int crypt_int(char *username, char *passwd, int salt,
char *tpasswd_conf, char *tpasswd, int uindex)
{
FILE *fd;
@@ -322,9 +306,9 @@ int crypt_int(char *username, char *passwd, int crypt, int salt,
return -1;
}
- cr = gnutls_crypt(username, passwd, crypt, salt, g, n);
+ cr = _gnutls_srp_crypt(username, passwd, salt, g, n);
if (cr == NULL) {
- fprintf(stderr, "Cannot gnutls_crypt()...\n");
+ fprintf(stderr, "Cannot _gnutls_srp_crypt()...\n");
return -1;
} else {
/* delete previous entry */
diff --git a/src/crypt.gaa b/src/crypt.gaa
index 4408a1d841..9b75943640 100644
--- a/src/crypt.gaa
+++ b/src/crypt.gaa
@@ -9,9 +9,6 @@ option (p, passwd) STR "FILE" { $passwd = $1 } "specify a password file."
#int index;
option (i, index) INT "INDEX" { $index = $1 } "specify the index of the parameters in tpasswd.conf to use."
-#char *crypt;
-option (c, crypt) STR "CRYPT" { $crypt = $1 } "specify crypt algorithm (bcrypt/srpsha)."
-
#int salt;
option (s, salt) INT "SALT" { $salt = $1 } "specify salt/cost size for crypt algorithm."
@@ -29,7 +26,7 @@ option (bits) INT "BITS" { $bits = $1 } "specify the number of bits for prime nu
option (h, help) { gaa_help(); exit(0); } "shows this help text"
-init { $username=NULL; $passwd=NULL; $crypt=NULL; $salt=0;
+init { $username=NULL; $passwd=NULL; $salt=0;
$create_conf=NULL; $passwd_conf=NULL; $verify = 0; $bits=1040;
$index = 1; }
View Lorry Controller Status