Line data Source code
1 : /*
2 : * Copyright (C) 2001-2012 Free Software Foundation, Inc.
3 : *
4 : * Author: Nikos Mavrogiannopoulos
5 : *
6 : * This file is part of GnuTLS.
7 : *
8 : * The GnuTLS is free software; you can redistribute it and/or
9 : * modify it under the terms of the GNU Lesser General Public License
10 : * as published by the Free Software Foundation; either version 2.1 of
11 : * the License, or (at your option) any later version.
12 : *
13 : * This library is distributed in the hope that it will be useful, but
14 : * WITHOUT ANY WARRANTY; without even the implied warranty of
15 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 : * Lesser General Public License for more details.
17 : *
18 : * You should have received a copy of the GNU Lesser General Public License
19 : * along with this program. If not, see <https://www.gnu.org/licenses/>
20 : *
21 : */
22 :
23 : #include "gnutls_int.h"
24 :
25 : #ifdef ENABLE_SRP
26 :
27 : #include "errors.h"
28 : #include <auth/srp_passwd.h>
29 : #include "auth.h"
30 : #include "srp.h"
31 : #include "num.h"
32 : #include <auth/srp_kx.h>
33 : #include <str.h>
34 : #include <datum.h>
35 : #include <ext/srp.h>
36 :
37 : const mod_auth_st srp_auth_struct = {
38 : "SRP",
39 : NULL,
40 : NULL,
41 : _gnutls_gen_srp_server_kx,
42 : _gnutls_gen_srp_client_kx,
43 : NULL,
44 : NULL,
45 :
46 : NULL,
47 : NULL, /* certificate */
48 : _gnutls_proc_srp_server_kx,
49 : _gnutls_proc_srp_client_kx,
50 : NULL,
51 : NULL
52 : };
53 :
54 :
55 : #define _b session->key.proto.tls12.srp.b
56 : #define B session->key.proto.tls12.srp.B
57 : #define _a session->key.proto.tls12.srp.a
58 : #define A session->key.proto.tls12.srp.A
59 : #define N session->key.proto.tls12.srp.srp_p
60 : #define G session->key.proto.tls12.srp.srp_g
61 : #define V session->key.proto.tls12.srp.x
62 : #define S session->key.proto.tls12.srp.srp_key
63 :
64 : /* Checks if a%n==0,+1,-1%n which is a fatal srp error.
65 : * Returns a proper error code in that case, and 0 when
66 : * all are ok.
67 : */
68 195 : inline static int check_param_mod_n(bigint_t a, bigint_t n, int is_a)
69 : {
70 195 : int ret, err = 0;
71 195 : bigint_t r;
72 :
73 195 : ret = _gnutls_mpi_init(&r);
74 195 : if (ret < 0)
75 0 : return gnutls_assert_val(ret);
76 :
77 195 : ret = _gnutls_mpi_modm(r, a, n);
78 195 : if (ret < 0) {
79 0 : _gnutls_mpi_release(&r);
80 0 : return gnutls_assert_val(ret);
81 : }
82 :
83 195 : ret = _gnutls_mpi_cmp_ui(r, 0);
84 195 : if (ret == 0)
85 1 : err = 1;
86 :
87 195 : if (is_a != 0) {
88 62 : ret = _gnutls_mpi_cmp_ui(r, 1);
89 62 : if (ret == 0)
90 1 : err = 1;
91 :
92 62 : ret = _gnutls_mpi_add_ui(r, r, 1);
93 62 : if (ret < 0) {
94 0 : _gnutls_mpi_release(&r);
95 0 : return gnutls_assert_val(ret);
96 : }
97 :
98 62 : ret = _gnutls_mpi_cmp(r, n);
99 62 : if (ret == 0)
100 0 : err = 1;
101 : }
102 :
103 195 : _gnutls_mpi_release(&r);
104 :
105 195 : if (err != 0) {
106 2 : gnutls_assert();
107 2 : return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
108 : }
109 :
110 : return 0;
111 : }
112 :
113 :
114 : /* Send the first key exchange message ( g, n, s) and append the verifier algorithm number
115 : * Data is allocated by the caller, and should have data_size size.
116 : */
117 : int
118 218 : _gnutls_gen_srp_server_kx(gnutls_session_t session,
119 : gnutls_buffer_st * data)
120 : {
121 218 : int ret;
122 218 : char *username;
123 218 : SRP_PWD_ENTRY *pwd_entry;
124 218 : srp_server_auth_info_t info;
125 218 : size_t tmp_size;
126 218 : gnutls_ext_priv_data_t epriv;
127 218 : srp_ext_st *priv;
128 218 : unsigned init_pos;
129 :
130 218 : ret =
131 218 : _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_SRP,
132 : &epriv);
133 218 : if (ret < 0) { /* peer didn't send a username */
134 44 : gnutls_assert();
135 44 : return GNUTLS_E_UNKNOWN_SRP_USERNAME;
136 : }
137 174 : priv = epriv;
138 :
139 348 : if ((ret =
140 174 : _gnutls_auth_info_init(session, GNUTLS_CRD_SRP,
141 : sizeof(srp_server_auth_info_st),
142 : 1)) < 0) {
143 0 : gnutls_assert();
144 0 : return ret;
145 : }
146 :
147 174 : info = _gnutls_get_auth_info(session, GNUTLS_CRD_SRP);
148 174 : if (info == NULL)
149 0 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
150 :
151 174 : username = info->username;
152 :
153 174 : _gnutls_str_cpy(username, MAX_USERNAME_SIZE, priv->username);
154 :
155 174 : ret = _gnutls_srp_pwd_read_entry(session, username, &pwd_entry);
156 :
157 174 : if (ret < 0) {
158 0 : gnutls_assert();
159 0 : return ret;
160 : }
161 :
162 174 : init_pos = data->length;
163 :
164 : /* copy from pwd_entry to local variables (actually in session) */
165 174 : tmp_size = pwd_entry->g.size;
166 174 : if (_gnutls_mpi_init_scan_nz(&G, pwd_entry->g.data, tmp_size) < 0) {
167 0 : gnutls_assert();
168 0 : ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
169 0 : goto cleanup;
170 : }
171 :
172 174 : tmp_size = pwd_entry->n.size;
173 174 : if (_gnutls_mpi_init_scan_nz(&N, pwd_entry->n.data, tmp_size) < 0) {
174 0 : gnutls_assert();
175 0 : ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
176 0 : goto cleanup;
177 : }
178 :
179 174 : tmp_size = pwd_entry->v.size;
180 174 : if (_gnutls_mpi_init_scan_nz(&V, pwd_entry->v.data, tmp_size) < 0) {
181 0 : gnutls_assert();
182 0 : ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
183 0 : goto cleanup;
184 : }
185 :
186 : /* Calculate: B = (k*v + g^b) % N
187 : */
188 174 : B = _gnutls_calc_srp_B(&_b, G, N, V);
189 174 : if (B == NULL) {
190 0 : gnutls_assert();
191 0 : ret = GNUTLS_E_MEMORY_ERROR;
192 0 : goto cleanup;
193 : }
194 :
195 : /* copy N (mod n)
196 : */
197 174 : ret =
198 348 : _gnutls_buffer_append_data_prefix(data, 16, pwd_entry->n.data,
199 174 : pwd_entry->n.size);
200 174 : if (ret < 0) {
201 0 : gnutls_assert();
202 0 : goto cleanup;
203 : }
204 :
205 : /* copy G (generator) to data
206 : */
207 174 : ret =
208 348 : _gnutls_buffer_append_data_prefix(data, 16, pwd_entry->g.data,
209 174 : pwd_entry->g.size);
210 174 : if (ret < 0) {
211 0 : gnutls_assert();
212 0 : goto cleanup;
213 : }
214 :
215 : /* copy the salt
216 : */
217 174 : ret =
218 348 : _gnutls_buffer_append_data_prefix(data, 8,
219 174 : pwd_entry->salt.data,
220 174 : pwd_entry->salt.size);
221 174 : if (ret < 0) {
222 0 : gnutls_assert();
223 0 : goto cleanup;
224 : }
225 :
226 : /* Copy the B value
227 : */
228 :
229 174 : ret = _gnutls_buffer_append_mpi(data, 16, B, 0);
230 174 : if (ret < 0) {
231 0 : gnutls_assert();
232 0 : goto cleanup;
233 : }
234 :
235 174 : _gnutls_mpi_log("SRP B: ", B);
236 :
237 174 : ret = data->length - init_pos;
238 :
239 174 : cleanup:
240 174 : _gnutls_srp_entry_free(pwd_entry);
241 174 : return ret;
242 : }
243 :
244 : /* return A = g^a % N */
245 : int
246 114 : _gnutls_gen_srp_client_kx(gnutls_session_t session,
247 : gnutls_buffer_st * data)
248 : {
249 114 : int ret;
250 114 : char *username, *password;
251 114 : gnutls_srp_client_credentials_t cred;
252 114 : gnutls_ext_priv_data_t epriv;
253 114 : srp_ext_st *priv;
254 :
255 114 : ret =
256 114 : _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_SRP,
257 : &epriv);
258 114 : if (ret < 0) { /* peer didn't send a username */
259 0 : gnutls_assert();
260 0 : return GNUTLS_E_UNKNOWN_SRP_USERNAME;
261 : }
262 114 : priv = epriv;
263 :
264 114 : cred = (gnutls_srp_client_credentials_t)
265 114 : _gnutls_get_cred(session, GNUTLS_CRD_SRP);
266 :
267 114 : if (cred == NULL) {
268 0 : gnutls_assert();
269 0 : return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
270 : }
271 :
272 114 : if (priv->username == NULL) {
273 0 : username = cred->username;
274 0 : password = cred->password;
275 : } else {
276 :
277 114 : username = priv->username;
278 114 : password = priv->password;
279 : }
280 :
281 114 : if (username == NULL || password == NULL) {
282 0 : gnutls_assert();
283 0 : return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
284 : }
285 :
286 : /* calc A = g^a % N
287 : */
288 114 : if (G == NULL || N == NULL) {
289 0 : gnutls_assert();
290 0 : return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
291 : }
292 :
293 114 : A = _gnutls_calc_srp_A(&_a, G, N);
294 114 : if (A == NULL) {
295 0 : gnutls_assert();
296 0 : return GNUTLS_E_MEMORY_ERROR;
297 : }
298 :
299 : /* Rest of SRP calculations
300 : */
301 :
302 : /* calculate u */
303 114 : session->key.proto.tls12.srp.u = _gnutls_calc_srp_u(A, B, N);
304 114 : if (session->key.proto.tls12.srp.u == NULL) {
305 1 : gnutls_assert();
306 1 : return GNUTLS_E_MEMORY_ERROR;
307 : }
308 :
309 113 : _gnutls_mpi_log("SRP U: ", session->key.proto.tls12.srp.u);
310 :
311 : /* S = (B - g^x) ^ (a + u * x) % N */
312 113 : S = _gnutls_calc_srp_S2(B, G, session->key.proto.tls12.srp.x, _a, session->key.proto.tls12.srp.u,
313 : N);
314 113 : if (S == NULL) {
315 0 : gnutls_assert();
316 0 : return GNUTLS_E_MEMORY_ERROR;
317 : }
318 :
319 113 : _gnutls_mpi_log("SRP B: ", B);
320 :
321 113 : zrelease_temp_mpi_key(&_b);
322 113 : zrelease_temp_mpi_key(&V);
323 113 : zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
324 113 : zrelease_temp_mpi_key(&B);
325 :
326 113 : ret = _gnutls_mpi_dprint(session->key.proto.tls12.srp.srp_key, &session->key.key);
327 113 : zrelease_temp_mpi_key(&S);
328 :
329 113 : if (ret < 0) {
330 0 : gnutls_assert();
331 0 : return ret;
332 : }
333 :
334 113 : ret = _gnutls_buffer_append_mpi(data, 16, A, 0);
335 113 : if (ret < 0)
336 0 : return gnutls_assert_val(ret);
337 :
338 113 : _gnutls_mpi_log("SRP A: ", A);
339 :
340 113 : _gnutls_mpi_release(&A);
341 :
342 113 : return data->length;
343 : }
344 :
345 :
346 : /* just read A and put it to session */
347 : int
348 65 : _gnutls_proc_srp_client_kx(gnutls_session_t session, uint8_t * data,
349 : size_t _data_size)
350 : {
351 65 : ssize_t _n_A;
352 65 : ssize_t data_size = _data_size;
353 65 : int ret;
354 :
355 65 : DECR_LEN(data_size, 2);
356 64 : _n_A = _gnutls_read_uint16(&data[0]);
357 :
358 64 : DECR_LEN(data_size, _n_A);
359 63 : if (_gnutls_mpi_init_scan_nz(&A, &data[2], _n_A) || A == NULL) {
360 1 : gnutls_assert();
361 1 : return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
362 : }
363 :
364 62 : _gnutls_mpi_log("SRP A: ", A);
365 62 : _gnutls_mpi_log("SRP B: ", B);
366 :
367 : /* Checks if A % n == 0.
368 : */
369 62 : if ((ret = check_param_mod_n(A, N, 1)) < 0) {
370 1 : gnutls_assert();
371 1 : return ret;
372 : }
373 :
374 : /* Start the SRP calculations.
375 : * - Calculate u
376 : */
377 61 : session->key.proto.tls12.srp.u = _gnutls_calc_srp_u(A, B, N);
378 61 : if (session->key.proto.tls12.srp.u == NULL) {
379 2 : gnutls_assert();
380 2 : return GNUTLS_E_MEMORY_ERROR;
381 : }
382 :
383 59 : _gnutls_mpi_log("SRP U: ", session->key.proto.tls12.srp.u);
384 :
385 : /* S = (A * v^u) ^ b % N
386 : */
387 59 : S = _gnutls_calc_srp_S1(A, _b, session->key.proto.tls12.srp.u, V, N);
388 59 : if (S == NULL) {
389 0 : gnutls_assert();
390 0 : return GNUTLS_E_MEMORY_ERROR;
391 : }
392 :
393 59 : _gnutls_mpi_log("SRP S: ", S);
394 :
395 59 : _gnutls_mpi_release(&A);
396 59 : zrelease_temp_mpi_key(&_b);
397 59 : zrelease_temp_mpi_key(&V);
398 59 : zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
399 59 : zrelease_temp_mpi_key(&B);
400 :
401 59 : ret = _gnutls_mpi_dprint(session->key.proto.tls12.srp.srp_key, &session->key.key);
402 59 : zrelease_temp_mpi_key(&S);
403 :
404 59 : if (ret < 0) {
405 0 : gnutls_assert();
406 0 : return ret;
407 : }
408 :
409 : return 0;
410 : }
411 :
412 :
413 :
414 : /* Static parameters according to draft-ietf-tls-srp-07
415 : * Note that if more parameters are added check_g_n()
416 : * and _gnutls_srp_entry_free() should be changed.
417 : */
418 : static const unsigned char srp_params_1024[] = {
419 : 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6,
420 : 0x9C, 0x33, 0xF8, 0x0A, 0xFA, 0x8F, 0xC5, 0xE8,
421 : 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 0x3C, 0x0B,
422 : 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76,
423 : 0xD6, 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3,
424 : 0x38, 0x3B, 0x48, 0x13, 0xD6, 0x92, 0xC6, 0xE0,
425 : 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 0xE4,
426 : 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1,
427 : 0x5D, 0xC7, 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6,
428 : 0xCE, 0x8E, 0xF4, 0xAD, 0x69, 0xB1, 0x5D, 0x49,
429 : 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85,
430 : 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC,
431 : 0x68, 0xED, 0xBC, 0x3C, 0x05, 0x72, 0x6C, 0xC0,
432 : 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, 0xAA, 0x9A,
433 : 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B,
434 : 0x9F, 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3
435 : };
436 :
437 : static const unsigned char srp_generator = 0x02;
438 : static const unsigned char srp3072_generator = 0x05;
439 : static const unsigned char srp8192_generator = 19;
440 :
441 : const gnutls_datum_t gnutls_srp_1024_group_prime = {
442 : (void *) srp_params_1024, sizeof(srp_params_1024)
443 : };
444 :
445 : const gnutls_datum_t gnutls_srp_1024_group_generator = {
446 : (void *) &srp_generator, sizeof(srp_generator)
447 : };
448 :
449 : static const unsigned char srp_params_1536[] = {
450 : 0x9D, 0xEF, 0x3C, 0xAF, 0xB9, 0x39, 0x27, 0x7A, 0xB1,
451 : 0xF1, 0x2A, 0x86, 0x17, 0xA4, 0x7B, 0xBB, 0xDB, 0xA5,
452 : 0x1D, 0xF4, 0x99, 0xAC, 0x4C, 0x80, 0xBE, 0xEE, 0xA9,
453 : 0x61, 0x4B, 0x19, 0xCC, 0x4D, 0x5F, 0x4F, 0x5F, 0x55,
454 : 0x6E, 0x27, 0xCB, 0xDE, 0x51, 0xC6, 0xA9, 0x4B, 0xE4,
455 : 0x60, 0x7A, 0x29, 0x15, 0x58, 0x90, 0x3B, 0xA0, 0xD0,
456 : 0xF8, 0x43, 0x80, 0xB6, 0x55, 0xBB, 0x9A, 0x22, 0xE8,
457 : 0xDC, 0xDF, 0x02, 0x8A, 0x7C, 0xEC, 0x67, 0xF0, 0xD0,
458 : 0x81, 0x34, 0xB1, 0xC8, 0xB9, 0x79, 0x89, 0x14, 0x9B,
459 : 0x60, 0x9E, 0x0B, 0xE3, 0xBA, 0xB6, 0x3D, 0x47, 0x54,
460 : 0x83, 0x81, 0xDB, 0xC5, 0xB1, 0xFC, 0x76, 0x4E, 0x3F,
461 : 0x4B, 0x53, 0xDD, 0x9D, 0xA1, 0x15, 0x8B, 0xFD, 0x3E,
462 : 0x2B, 0x9C, 0x8C, 0xF5, 0x6E, 0xDF, 0x01, 0x95, 0x39,
463 : 0x34, 0x96, 0x27, 0xDB, 0x2F, 0xD5, 0x3D, 0x24, 0xB7,
464 : 0xC4, 0x86, 0x65, 0x77, 0x2E, 0x43, 0x7D, 0x6C, 0x7F,
465 : 0x8C, 0xE4, 0x42, 0x73, 0x4A, 0xF7, 0xCC, 0xB7, 0xAE,
466 : 0x83, 0x7C, 0x26, 0x4A, 0xE3, 0xA9, 0xBE, 0xB8, 0x7F,
467 : 0x8A, 0x2F, 0xE9, 0xB8, 0xB5, 0x29, 0x2E, 0x5A, 0x02,
468 : 0x1F, 0xFF, 0x5E, 0x91, 0x47, 0x9E, 0x8C, 0xE7, 0xA2,
469 : 0x8C, 0x24, 0x42, 0xC6, 0xF3, 0x15, 0x18, 0x0F, 0x93,
470 : 0x49, 0x9A, 0x23, 0x4D, 0xCF, 0x76, 0xE3, 0xFE, 0xD1,
471 : 0x35, 0xF9, 0xBB
472 : };
473 :
474 : const gnutls_datum_t gnutls_srp_1536_group_prime = {
475 : (void *) srp_params_1536, sizeof(srp_params_1536)
476 : };
477 :
478 : const gnutls_datum_t gnutls_srp_1536_group_generator = {
479 : (void *) &srp_generator, sizeof(srp_generator)
480 : };
481 :
482 : static const unsigned char srp_params_2048[] = {
483 : 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1,
484 : 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, 0xAF, 0x72,
485 : 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, 0xFC, 0x31, 0x92,
486 : 0x94, 0x3D, 0xB5, 0x60, 0x50, 0xA3, 0x73, 0x29, 0xCB,
487 : 0xB4, 0xA0, 0x99, 0xED, 0x81, 0x93, 0xE0, 0x75, 0x77,
488 : 0x67, 0xA1, 0x3D, 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03,
489 : 0x31, 0x0D, 0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD,
490 : 0x50, 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0,
491 : 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, 0x66,
492 : 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8, 0x29, 0x18,
493 : 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, 0x55, 0xF9, 0x79,
494 : 0x93, 0xEC, 0x97, 0x5E, 0xEA, 0xA8, 0x0D, 0x74, 0x0A,
495 : 0xDB, 0xF4, 0xFF, 0x74, 0x73, 0x59, 0xD0, 0x41, 0xD5,
496 : 0xC3, 0x3E, 0xA7, 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14,
497 : 0x77, 0x3B, 0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80,
498 : 0x16, 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81,
499 : 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, 0x5B,
500 : 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48, 0x54, 0x45,
501 : 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, 0x5E, 0xA7, 0x7A,
502 : 0x27, 0x75, 0xD2, 0xEC, 0xFA, 0x03, 0x2C, 0xFB, 0xDB,
503 : 0xF5, 0x2F, 0xB3, 0x78, 0x61, 0x60, 0x27, 0x90, 0x04,
504 : 0xE5, 0x7A, 0xE6, 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE,
505 : 0x53, 0x29, 0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08,
506 : 0xD8, 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82,
507 : 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, 0x94,
508 : 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4, 0x35, 0xDE,
509 : 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, 0x9B, 0x65, 0xE3,
510 : 0x72, 0xFC, 0xD6, 0x8E, 0xF2, 0x0F, 0xA7, 0x11, 0x1F,
511 : 0x9E, 0x4A, 0xFF, 0x73
512 : };
513 :
514 : const gnutls_datum_t gnutls_srp_2048_group_prime = {
515 : (void *) srp_params_2048, sizeof(srp_params_2048)
516 : };
517 :
518 : const gnutls_datum_t gnutls_srp_2048_group_generator = {
519 : (void *) &srp_generator, sizeof(srp_generator)
520 : };
521 :
522 : static const unsigned char srp_params_3072[] = {
523 : 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9,
524 : 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6,
525 : 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E,
526 : 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
527 : 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E,
528 : 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A,
529 : 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14,
530 : 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
531 : 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4,
532 : 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF,
533 : 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B,
534 : 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
535 : 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC,
536 : 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63,
537 : 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3,
538 : 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
539 : 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C,
540 : 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5,
541 : 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35,
542 : 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
543 : 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E,
544 : 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E,
545 : 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2,
546 : 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
547 : 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39,
548 : 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2,
549 : 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, 0x8E,
550 : 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
551 : 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF,
552 : 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB,
553 : 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C,
554 : 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
555 : 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E,
556 : 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3,
557 : 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA,
558 : 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
559 : 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17,
560 : 0x7B, 0x20, 0x0C, 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61,
561 : 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46,
562 : 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
563 : 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B,
564 : 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF,
565 : 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
566 : };
567 :
568 : const gnutls_datum_t gnutls_srp_3072_group_generator = {
569 : (void *) &srp3072_generator, sizeof(srp3072_generator)
570 : };
571 :
572 : const gnutls_datum_t gnutls_srp_3072_group_prime = {
573 : (void *) srp_params_3072, sizeof(srp_params_3072)
574 : };
575 :
576 : static const unsigned char srp_params_4096[] = {
577 : 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA,
578 : 0xA2,
579 : 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C,
580 : 0xD1,
581 : 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE,
582 : 0xA6,
583 : 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04,
584 : 0xDD,
585 : 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A,
586 : 0x6D,
587 : 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2,
588 : 0x45,
589 : 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42,
590 : 0xE9,
591 : 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7,
592 : 0xED,
593 : 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24,
594 : 0x11,
595 : 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B,
596 : 0x3D,
597 : 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48,
598 : 0x36,
599 : 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF,
600 : 0x5F,
601 : 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3,
602 : 0x56,
603 : 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96,
604 : 0x6D,
605 : 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C,
606 : 0x08,
607 : 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE,
608 : 0x3B,
609 : 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83,
610 : 0xA2,
611 : 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52,
612 : 0xC9,
613 : 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49,
614 : 0x7C,
615 : 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05,
616 : 0x10,
617 : 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17,
618 : 0x0D,
619 : 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA,
620 : 0x64,
621 : 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71,
622 : 0x57,
623 : 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4,
624 : 0xC7,
625 : 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94,
626 : 0xE0,
627 : 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE,
628 : 0x6B,
629 : 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02,
630 : 0x73,
631 : 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20,
632 : 0x0C,
633 : 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88,
634 : 0xC0,
635 : 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB,
636 : 0x31,
637 : 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1,
638 : 0x20,
639 : 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6,
640 : 0xD7,
641 : 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27,
642 : 0x18,
643 : 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B,
644 : 0xDA,
645 : 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2,
646 : 0xDB,
647 : 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA,
648 : 0xA6,
649 : 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96,
650 : 0x4F,
651 : 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7,
652 : 0xED,
653 : 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD,
654 : 0x76,
655 : 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A,
656 : 0xA9,
657 : 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7,
658 : 0xDC,
659 : 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31,
660 : 0x99,
661 : 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
662 : };
663 :
664 : const gnutls_datum_t gnutls_srp_4096_group_generator = {
665 : (void *) &srp3072_generator, sizeof(srp3072_generator)
666 : };
667 :
668 : const gnutls_datum_t gnutls_srp_4096_group_prime = {
669 : (void *) srp_params_4096, sizeof(srp_params_4096)
670 : };
671 :
672 : static const unsigned char srp_params_8192[] = {
673 : 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
674 : 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
675 : 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
676 : 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
677 : 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
678 : 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
679 : 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
680 : 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
681 : 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
682 : 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
683 : 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
684 : 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
685 : 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
686 : 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
687 : 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
688 : 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
689 : 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
690 : 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
691 : 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
692 : 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
693 : 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
694 : 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
695 : 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
696 : 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
697 : 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
698 : 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
699 : 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
700 : 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
701 : 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
702 : 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
703 : 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
704 : 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
705 : 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
706 : 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
707 : 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
708 : 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
709 : 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
710 : 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
711 : 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
712 : 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
713 : 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
714 : 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
715 : 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
716 : 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
717 : 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
718 : 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
719 : 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
720 : 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
721 : 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
722 : 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
723 : 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
724 : 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
725 : 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
726 : 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
727 : 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
728 : 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
729 : 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
730 : 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
731 : 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
732 : 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
733 : 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
734 : 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
735 : 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
736 : 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
737 : 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
738 : 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
739 : 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
740 : 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
741 : 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
742 : 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
743 : 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
744 : 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
745 : 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
746 : 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
747 : 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
748 : 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
749 : 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
750 : 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
751 : 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
752 : 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
753 : 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
754 : 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
755 : 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
756 : 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
757 : 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
758 : 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
759 : 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
760 : 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
761 : 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
762 : 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
763 : 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
764 : 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
765 : 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
766 : 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
767 : 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59,
768 : 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
769 : 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C,
770 : 0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA,
771 : 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
772 : 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED,
773 : 0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66,
774 : 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
775 : 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78,
776 : 0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D,
777 : 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
778 : 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07,
779 : 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7,
780 : 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
781 : 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD,
782 : 0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8,
783 : 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
784 : 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6,
785 : 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D,
786 : 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
787 : 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1,
788 : 0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D,
789 : 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
790 : 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73,
791 : 0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68,
792 : 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
793 : 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7,
794 : 0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B,
795 : 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
796 : 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA,
797 : 0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF,
798 : 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
799 : 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF,
800 : 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
801 : };
802 :
803 : const gnutls_datum_t gnutls_srp_8192_group_prime = {
804 : (void *) srp_params_8192, sizeof(srp_params_8192)
805 : };
806 :
807 : const gnutls_datum_t gnutls_srp_8192_group_generator = {
808 : (void *) &srp8192_generator, sizeof(srp8192_generator)
809 : };
810 :
811 : /* Check if G and N are parameters from the SRP draft.
812 : */
813 : static int
814 146 : check_g_n(const uint8_t * g, size_t n_g, const uint8_t * n, size_t n_n)
815 : {
816 :
817 146 : if (n_n == sizeof(srp_params_8192)) {
818 5 : if (memcmp(srp_params_8192, n, n_n) == 0 &&
819 4 : n_g == 1 && g[0] == srp8192_generator)
820 : return 0;
821 1 : return
822 1 : gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
823 : }
824 :
825 141 : if (n_n == sizeof(srp_params_4096)) {
826 6 : if (memcmp(srp_params_4096, n, n_n) == 0 &&
827 5 : n_g == 1 && g[0] == srp3072_generator)
828 : return 0;
829 1 : return
830 1 : gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
831 : }
832 :
833 135 : if (n_n == sizeof(srp_params_3072)) {
834 7 : if (memcmp(srp_params_3072, n, n_n) == 0 &&
835 6 : n_g == 1 && g[0] == srp3072_generator)
836 : return 0;
837 1 : return
838 1 : gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
839 : }
840 :
841 : /* 2048, 1536 and 1024 */
842 128 : if (n_g != 1 || g[0] != srp_generator) {
843 2 : gnutls_assert();
844 2 : return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
845 : }
846 :
847 126 : if (n_n == sizeof(srp_params_1024) &&
848 104 : memcmp(srp_params_1024, n, n_n) == 0) {
849 : return 0;
850 : }
851 :
852 23 : if (n_n == sizeof(srp_params_1536) &&
853 9 : memcmp(srp_params_1536, n, n_n) == 0) {
854 : return 0;
855 : }
856 :
857 15 : if (n_n == sizeof(srp_params_2048) &&
858 12 : memcmp(srp_params_2048, n, n_n) == 0) {
859 : return 0;
860 : }
861 :
862 8 : gnutls_assert();
863 : return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
864 : }
865 :
866 : /* receive the key exchange message ( n, g, s, B)
867 : */
868 : int
869 153 : _gnutls_proc_srp_server_kx(gnutls_session_t session, uint8_t * data,
870 : size_t _data_size)
871 : {
872 153 : uint8_t n_s;
873 153 : uint16_t n_g, n_n, n_b;
874 153 : size_t _n_g, _n_n, _n_b;
875 153 : const uint8_t *data_n;
876 153 : const uint8_t *data_g;
877 153 : const uint8_t *data_s;
878 153 : const uint8_t *data_b;
879 153 : int i, ret;
880 153 : uint8_t hd[SRP_MAX_HASH_SIZE];
881 153 : char *username, *password;
882 153 : ssize_t data_size = _data_size;
883 153 : gnutls_srp_client_credentials_t cred;
884 153 : gnutls_ext_priv_data_t epriv;
885 153 : srp_ext_st *priv;
886 :
887 153 : ret =
888 153 : _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_SRP,
889 : &epriv);
890 153 : if (ret < 0) {
891 0 : gnutls_assert();
892 0 : return GNUTLS_E_UNKNOWN_SRP_USERNAME;
893 : }
894 153 : priv = epriv;
895 :
896 153 : cred = (gnutls_srp_client_credentials_t)
897 153 : _gnutls_get_cred(session, GNUTLS_CRD_SRP);
898 :
899 153 : if (cred == NULL) {
900 0 : gnutls_assert();
901 0 : return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
902 : }
903 :
904 153 : if (priv->username == NULL) {
905 0 : username = cred->username;
906 0 : password = cred->password;
907 : } else {
908 153 : username = priv->username;
909 153 : password = priv->password;
910 : }
911 :
912 153 : if (username == NULL || password == NULL) {
913 0 : gnutls_assert();
914 0 : return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
915 : }
916 :
917 153 : i = 0;
918 :
919 : /* Read N
920 : */
921 153 : DECR_LEN(data_size, 2);
922 152 : n_n = _gnutls_read_uint16(&data[i]);
923 152 : i += 2;
924 :
925 152 : DECR_LEN(data_size, n_n);
926 151 : data_n = &data[i];
927 151 : i += n_n;
928 :
929 : /* Read G
930 : */
931 151 : DECR_LEN(data_size, 2);
932 151 : n_g = _gnutls_read_uint16(&data[i]);
933 151 : i += 2;
934 :
935 151 : DECR_LEN(data_size, n_g);
936 151 : data_g = &data[i];
937 151 : i += n_g;
938 :
939 : /* Read salt
940 : */
941 151 : DECR_LEN(data_size, 1);
942 150 : n_s = data[i];
943 150 : i += 1;
944 :
945 150 : DECR_LEN(data_size, n_s);
946 149 : data_s = &data[i];
947 149 : i += n_s;
948 :
949 : /* Read B
950 : */
951 149 : DECR_LEN(data_size, 2);
952 149 : n_b = _gnutls_read_uint16(&data[i]);
953 149 : i += 2;
954 :
955 149 : DECR_LEN(data_size, n_b);
956 148 : data_b = &data[i];
957 148 : i += n_b;
958 :
959 148 : _n_g = n_g;
960 148 : _n_n = n_n;
961 148 : _n_b = n_b;
962 :
963 148 : if (_gnutls_mpi_init_scan_nz(&N, data_n, _n_n) != 0) {
964 1 : gnutls_assert();
965 1 : return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
966 : }
967 :
968 147 : if (_gnutls_mpi_init_scan_nz(&G, data_g, _n_g) != 0) {
969 0 : gnutls_assert();
970 0 : return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
971 : }
972 :
973 147 : if (_gnutls_mpi_init_scan_nz(&B, data_b, _n_b) != 0) {
974 1 : gnutls_assert();
975 1 : return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
976 : }
977 :
978 :
979 : /* Check if the g and n are from the SRP
980 : * draft. Otherwise check if N is a prime and G
981 : * a generator.
982 : */
983 146 : if ((ret = check_g_n(data_g, _n_g, data_n, _n_n)) < 0) {
984 13 : _gnutls_audit_log(session,
985 : "SRP group parameters are not in the white list; rejecting.\n");
986 13 : return gnutls_assert_val(ret);
987 : }
988 :
989 : /* Checks if b % n == 0
990 : */
991 133 : if ((ret = check_param_mod_n(B, N, 0)) < 0) {
992 1 : gnutls_assert();
993 1 : return ret;
994 : }
995 :
996 :
997 : /* generate x = SHA(s | SHA(U | ":" | p))
998 : * (or the equivalent using bcrypt)
999 : */
1000 264 : if ((ret =
1001 132 : _gnutls_calc_srp_x(username, password, (uint8_t *) data_s,
1002 : n_s, &_n_g, hd)) < 0) {
1003 0 : gnutls_assert();
1004 0 : return ret;
1005 : }
1006 :
1007 132 : if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.srp.x, hd, _n_g) != 0) {
1008 0 : gnutls_assert();
1009 0 : return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
1010 : }
1011 :
1012 :
1013 : return i; /* return the processed data
1014 : * needed in auth_srp_rsa.
1015 : */
1016 : }
1017 :
1018 : #endif /* ENABLE_SRP */
|