summaryrefslogtreecommitdiff
path: root/lib/lib5.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/lib5.c')
-rw-r--r--lib/lib5.c84
1 files changed, 83 insertions, 1 deletions
diff --git a/lib/lib5.c b/lib/lib5.c
index 04c7806..f87014c 100644
--- a/lib/lib5.c
+++ b/lib/lib5.c
@@ -215,7 +215,7 @@ void srp_compute_x(BIGNUM *salt, unsigned char *password, char *sha1_hash)
memcpy(&to_hash[BN_num_bytes(salt)-1], password, strlen(password));
SHA1Reset(&sha1);
- SHA1Input(&sha1, to_hash, strlen(to_hash));
+ SHA1Input(&sha1, to_hash, strlen(password)+BN_num_bytes(salt));
SHA1Result(&sha1);
memcpy(sha1_hash, &(sha1.Message_Digest), 20);
}
@@ -248,6 +248,17 @@ void srp_server_send1(struct srp_context *srpc)
BN_mod_add(srpc->B, t, t2, srpc->N, ctx);
}
+void ssrp_server_send1(struct srp_context *srpc)
+{
+ BN_pseudo_rand(srpc->b, 1024, -1, -1);
+ BN_mod_exp(srpc->B, srpc->g, srpc->b, srpc->N, ctx);
+}
+
+void ssrp_compute_uH(struct srp_context *srpc)
+{
+ BN_pseudo_rand(srpc->u, 1024, -1, -1);
+}
+
void srp_compute_uH(struct srp_context *srpc)
{
SHA1Context sha1;
@@ -309,6 +320,31 @@ void srp_client_prepare_k(struct srp_context *srpc, char *password)
memcpy(srpc->client_K, &(sha1.Message_Digest), 20);
}
+void ssrp_client_prepare_k(struct srp_context *srpc, char *password)
+{
+ SHA1Context sha1;
+ BIGNUM *x = BN_new();
+ char K[20];
+ char sha1_hash[20];
+
+ srp_compute_x(srpc->salt, password, sha1_hash);
+ BN_bin2bn(sha1_hash, 20, x);
+
+ BIGNUM *S = BN_new();
+ BIGNUM *tmp = BN_new();
+
+ BN_mod_mul(tmp, srpc->u, x, srpc->N, ctx);
+ BN_mod_add(tmp, tmp, srpc->a, srpc->N, ctx);
+ BN_mod_exp(S, srpc->B, tmp, srpc->N, ctx);
+
+ char *s_str = malloc(BN_num_bytes(S));
+ BN_bn2bin(S, s_str);
+ SHA1Reset(&sha1);
+ SHA1Input(&sha1, s_str, BN_num_bytes(S));
+ SHA1Result(&sha1);
+ memcpy(srpc->client_K, &(sha1.Message_Digest), 20);
+}
+
void srp_server_prepare_k(struct srp_context *srpc)
{
BIGNUM *S = BN_new();
@@ -684,3 +720,49 @@ double nth_root_wr(double x, int n)
return r;
}
+
+void ssrp_dictionary_attack(struct srp_context *srpc)
+{
+
+ // in srpc.client_K is the hash given by the client
+ // attack with all passwords in task38.dictionary
+ size_t line_len = 1024;
+ char *line = NULL;
+ FILE *fp = fopen("task38.dictionary", "r");
+ int read = 0;
+ char sha1_hash[20];
+ char cK[40];
+ SHA1Context sha1;
+ BIGNUM *x = BN_new();
+ BIGNUM *S= BN_new();
+
+ while((read = getline(&line, &line_len, fp)) != -1) {
+ BN_zero(x);
+ BN_zero(S);
+ memset(sha1_hash, 0, 20);
+ line[read-1] = 0;
+ printf("try password: %s\n", line);
+ srp_compute_x(srpc->salt, line, sha1_hash);
+ BN_bin2bn(sha1_hash, 20, x);
+ BN_mod_exp(S, srpc->g, x, srpc->N, ctx);
+ BN_mod_exp(S, S, srpc->u, srpc->N, ctx);
+ BN_mod_mul(S, S, srpc->A, srpc->N, ctx);
+ BN_mod_exp(S, S, srpc->b, srpc->N, ctx);
+
+ char *s_str = malloc(BN_num_bytes(S));
+ memset(s_str, 0, BN_num_bytes(S));
+ BN_bn2bin(S, s_str);
+ SHA1Reset(&sha1);
+ SHA1Input(&sha1, s_str, BN_num_bytes(S));
+ SHA1Result(&sha1);
+ memcpy(sha1_hash, &(sha1.Message_Digest), 20);
+ if(strncmp(sha1_hash, srpc->client_K, 20) == 0) {
+ printf("found password: %s\n", line);
+ hex_binary_to_string(sha1_hash, cK, 20);
+ printf("hash is: %s\n", cK);
+ free(s_str);
+ break;
+ }
+ free(s_str);
+ }
+}
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2025-12-08 18:34:54 +0000