1e1051a39Sopenharmony_ci/*
2e1051a39Sopenharmony_ci * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
3e1051a39Sopenharmony_ci *
4e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License").  You may not use
5e1051a39Sopenharmony_ci * this file except in compliance with the License.  You can obtain a copy
6e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at
7e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html
8e1051a39Sopenharmony_ci */
9e1051a39Sopenharmony_ci
10e1051a39Sopenharmony_ci/*
11e1051a39Sopenharmony_ci * SRP is deprecated and there is no replacent. When SRP is removed, the code in
12e1051a39Sopenharmony_ci * this file can be removed too. Until then we have to use the deprecated APIs.
13e1051a39Sopenharmony_ci */
14e1051a39Sopenharmony_ci#define OPENSSL_SUPPRESS_DEPRECATED
15e1051a39Sopenharmony_ci
16e1051a39Sopenharmony_ci#include <openssl/srp.h>
17e1051a39Sopenharmony_ci#include <openssl/ssl.h>
18e1051a39Sopenharmony_ci#include "handshake.h"
19e1051a39Sopenharmony_ci#include "../testutil.h"
20e1051a39Sopenharmony_ci
21e1051a39Sopenharmony_cistatic char *client_srp_cb(SSL *s, void *arg)
22e1051a39Sopenharmony_ci{
23e1051a39Sopenharmony_ci    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
24e1051a39Sopenharmony_ci    return OPENSSL_strdup(ctx_data->srp_password);
25e1051a39Sopenharmony_ci}
26e1051a39Sopenharmony_ci
27e1051a39Sopenharmony_cistatic int server_srp_cb(SSL *s, int *ad, void *arg)
28e1051a39Sopenharmony_ci{
29e1051a39Sopenharmony_ci    CTX_DATA *ctx_data = (CTX_DATA*)(arg);
30e1051a39Sopenharmony_ci    if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0)
31e1051a39Sopenharmony_ci        return SSL3_AL_FATAL;
32e1051a39Sopenharmony_ci    if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user,
33e1051a39Sopenharmony_ci                                    ctx_data->srp_password,
34e1051a39Sopenharmony_ci                                    "2048" /* known group */) < 0) {
35e1051a39Sopenharmony_ci        *ad = SSL_AD_INTERNAL_ERROR;
36e1051a39Sopenharmony_ci        return SSL3_AL_FATAL;
37e1051a39Sopenharmony_ci    }
38e1051a39Sopenharmony_ci    return SSL_ERROR_NONE;
39e1051a39Sopenharmony_ci}
40e1051a39Sopenharmony_ci
41e1051a39Sopenharmony_ciint configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
42e1051a39Sopenharmony_ci                                    SSL_CTX *client_ctx,
43e1051a39Sopenharmony_ci                                    const SSL_TEST_EXTRA_CONF *extra,
44e1051a39Sopenharmony_ci                                    CTX_DATA *server_ctx_data,
45e1051a39Sopenharmony_ci                                    CTX_DATA *server2_ctx_data,
46e1051a39Sopenharmony_ci                                    CTX_DATA *client_ctx_data)
47e1051a39Sopenharmony_ci{
48e1051a39Sopenharmony_ci    if (extra->server.srp_user != NULL) {
49e1051a39Sopenharmony_ci        SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb);
50e1051a39Sopenharmony_ci        server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user);
51e1051a39Sopenharmony_ci        server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password);
52e1051a39Sopenharmony_ci        if (server_ctx_data->srp_user == NULL || server_ctx_data->srp_password == NULL) {
53e1051a39Sopenharmony_ci            OPENSSL_free(server_ctx_data->srp_user);
54e1051a39Sopenharmony_ci            OPENSSL_free(server_ctx_data->srp_password);
55e1051a39Sopenharmony_ci            server_ctx_data->srp_user = NULL;
56e1051a39Sopenharmony_ci            server_ctx_data->srp_password = NULL;
57e1051a39Sopenharmony_ci            return 0;
58e1051a39Sopenharmony_ci        }
59e1051a39Sopenharmony_ci        SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data);
60e1051a39Sopenharmony_ci    }
61e1051a39Sopenharmony_ci    if (extra->server2.srp_user != NULL) {
62e1051a39Sopenharmony_ci        if (!TEST_ptr(server2_ctx))
63e1051a39Sopenharmony_ci            return 0;
64e1051a39Sopenharmony_ci        SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb);
65e1051a39Sopenharmony_ci        server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user);
66e1051a39Sopenharmony_ci        server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password);
67e1051a39Sopenharmony_ci        if (server2_ctx_data->srp_user == NULL || server2_ctx_data->srp_password == NULL) {
68e1051a39Sopenharmony_ci            OPENSSL_free(server2_ctx_data->srp_user);
69e1051a39Sopenharmony_ci            OPENSSL_free(server2_ctx_data->srp_password);
70e1051a39Sopenharmony_ci            server2_ctx_data->srp_user = NULL;
71e1051a39Sopenharmony_ci            server2_ctx_data->srp_password = NULL;
72e1051a39Sopenharmony_ci            return 0;
73e1051a39Sopenharmony_ci        }
74e1051a39Sopenharmony_ci        SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data);
75e1051a39Sopenharmony_ci    }
76e1051a39Sopenharmony_ci    if (extra->client.srp_user != NULL) {
77e1051a39Sopenharmony_ci        if (!TEST_true(SSL_CTX_set_srp_username(client_ctx,
78e1051a39Sopenharmony_ci                                                extra->client.srp_user)))
79e1051a39Sopenharmony_ci            return 0;
80e1051a39Sopenharmony_ci        SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb);
81e1051a39Sopenharmony_ci        client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password);
82e1051a39Sopenharmony_ci        if (client_ctx_data->srp_password == NULL)
83e1051a39Sopenharmony_ci            return 0;
84e1051a39Sopenharmony_ci        SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data);
85e1051a39Sopenharmony_ci    }
86e1051a39Sopenharmony_ci    return 1;
87e1051a39Sopenharmony_ci}
88