]>
Commit | Line | Data |
---|---|---|
6caa4edd BL |
1 | /* |
2 | * Implement J-PAKE, as described in | |
3 | * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf | |
4 | * | |
5 | * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java. | |
6 | */ | |
7 | ||
8 | #ifndef HEADER_JPAKE_H | |
9 | #define HEADER_JPAKE_H | |
10 | ||
ed551cdd DSH |
11 | #include <openssl/opensslconf.h> |
12 | ||
13 | #ifndef OPENSSL_EXPERIMENTAL_JPAKE | |
14 | #error JPAKE is disabled. | |
15 | #endif | |
16 | ||
6caa4edd BL |
17 | #ifdef __cplusplus |
18 | extern "C" { | |
19 | #endif | |
20 | ||
21 | #include <openssl/bn.h> | |
22 | #include <openssl/sha.h> | |
23 | ||
24 | typedef struct JPAKE_CTX JPAKE_CTX; | |
25 | ||
e9eda23a | 26 | /* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */ |
6caa4edd BL |
27 | typedef struct |
28 | { | |
e9eda23a DSH |
29 | BIGNUM *gr; /* g^r (r random) */ |
30 | BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */ | |
6caa4edd BL |
31 | } JPAKE_ZKP; |
32 | ||
33 | typedef struct | |
34 | { | |
e9eda23a DSH |
35 | BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */ |
36 | JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */ | |
6caa4edd BL |
37 | } JPAKE_STEP_PART; |
38 | ||
39 | typedef struct | |
40 | { | |
e9eda23a DSH |
41 | JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */ |
42 | JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */ | |
6caa4edd BL |
43 | } JPAKE_STEP1; |
44 | ||
45 | typedef JPAKE_STEP_PART JPAKE_STEP2; | |
46 | ||
47 | typedef struct | |
48 | { | |
49 | unsigned char hhk[SHA_DIGEST_LENGTH]; | |
50 | } JPAKE_STEP3A; | |
51 | ||
52 | typedef struct | |
53 | { | |
54 | unsigned char hk[SHA_DIGEST_LENGTH]; | |
55 | } JPAKE_STEP3B; | |
56 | ||
e9eda23a | 57 | /* Parameters are copied */ |
6caa4edd BL |
58 | JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, |
59 | const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, | |
60 | const BIGNUM *secret); | |
61 | void JPAKE_CTX_free(JPAKE_CTX *ctx); | |
62 | ||
e9eda23a DSH |
63 | /* |
64 | * Note that JPAKE_STEP1 can be used multiple times before release | |
65 | * without another init. | |
66 | */ | |
6caa4edd BL |
67 | void JPAKE_STEP1_init(JPAKE_STEP1 *s1); |
68 | int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx); | |
69 | int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received); | |
70 | void JPAKE_STEP1_release(JPAKE_STEP1 *s1); | |
71 | ||
e9eda23a DSH |
72 | /* |
73 | * Note that JPAKE_STEP2 can be used multiple times before release | |
74 | * without another init. | |
75 | */ | |
6caa4edd BL |
76 | void JPAKE_STEP2_init(JPAKE_STEP2 *s2); |
77 | int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx); | |
78 | int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received); | |
79 | void JPAKE_STEP2_release(JPAKE_STEP2 *s2); | |
80 | ||
e9eda23a DSH |
81 | /* |
82 | * Optionally verify the shared key. If the shared secrets do not | |
83 | * match, the two ends will disagree about the shared key, but | |
84 | * otherwise the protocol will succeed. | |
85 | */ | |
6caa4edd BL |
86 | void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a); |
87 | int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx); | |
88 | int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received); | |
89 | void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a); | |
90 | ||
91 | void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b); | |
92 | int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx); | |
93 | int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received); | |
94 | void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b); | |
95 | ||
e9eda23a DSH |
96 | /* |
97 | * the return value belongs to the library and will be released when | |
98 | * ctx is released, and will change when a new handshake is performed. | |
99 | */ | |
6caa4edd BL |
100 | const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx); |
101 | ||
102 | /* BEGIN ERROR CODES */ | |
103 | /* The following lines are auto generated by the script mkerr.pl. Any changes | |
104 | * made after this point may be overwritten when the script is next run. | |
105 | */ | |
106 | void ERR_load_JPAKE_strings(void); | |
107 | ||
108 | /* Error codes for the JPAKE functions. */ | |
109 | ||
110 | /* Function codes. */ | |
111 | #define JPAKE_F_JPAKE_STEP1_PROCESS 101 | |
112 | #define JPAKE_F_JPAKE_STEP2_PROCESS 102 | |
113 | #define JPAKE_F_JPAKE_STEP3A_PROCESS 103 | |
114 | #define JPAKE_F_JPAKE_STEP3B_PROCESS 104 | |
115 | #define JPAKE_F_VERIFY_ZKP 100 | |
116 | ||
117 | /* Reason codes. */ | |
118 | #define JPAKE_R_G_TO_THE_X4_IS_ONE 105 | |
119 | #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 | |
120 | #define JPAKE_R_HASH_OF_KEY_MISMATCH 107 | |
121 | #define JPAKE_R_VERIFY_B_FAILED 102 | |
122 | #define JPAKE_R_VERIFY_X3_FAILED 103 | |
123 | #define JPAKE_R_VERIFY_X4_FAILED 104 | |
124 | #define JPAKE_R_ZKP_VERIFY_FAILED 100 | |
125 | ||
126 | #ifdef __cplusplus | |
127 | } | |
128 | #endif | |
129 | #endif |