[thirdparty/openssl.git] / crypto / jpake / jpake.h

/*
 * Implement J-PAKE, as described in
 * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
 * 
 * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
 */

#ifndef HEADER_JPAKE_H
#define HEADER_JPAKE_H

#include <openssl/opensslconf.h>

#ifndef OPENSSL_EXPERIMENTAL_JPAKE
#error JPAKE is disabled.
#endif

#ifdef  __cplusplus
extern "C" {
#endif

#include <openssl/bn.h>
#include <openssl/sha.h>

typedef struct JPAKE_CTX JPAKE_CTX;

/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */
typedef struct
    {
    BIGNUM *gr; /* g^r (r random) */
    BIGNUM *b;  /* b = r - x*h, h=hash(g, g^r, g^x, name) */
    } JPAKE_ZKP;

typedef struct
    {
    BIGNUM *gx;       /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */
    JPAKE_ZKP zkpx;   /* ZKP(x) or ZKP(xb * s) */
    } JPAKE_STEP_PART;

typedef struct
    {
    JPAKE_STEP_PART p1;   /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */
    JPAKE_STEP_PART p2;   /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */
    } JPAKE_STEP1;

typedef JPAKE_STEP_PART JPAKE_STEP2;

typedef struct
    {
    unsigned char hhk[SHA_DIGEST_LENGTH];
    } JPAKE_STEP3A;

typedef struct
    {
    unsigned char hk[SHA_DIGEST_LENGTH];
    } JPAKE_STEP3B;

/* Parameters are copied */
JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
			 const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
			 const BIGNUM *secret);
void JPAKE_CTX_free(JPAKE_CTX *ctx);

/*
 * Note that JPAKE_STEP1 can be used multiple times before release
 * without another init.
 */
void JPAKE_STEP1_init(JPAKE_STEP1 *s1);
int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx);
int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received);
void JPAKE_STEP1_release(JPAKE_STEP1 *s1);

/*
 * Note that JPAKE_STEP2 can be used multiple times before release
 * without another init.
 */
void JPAKE_STEP2_init(JPAKE_STEP2 *s2);
int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx);
int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received);
void JPAKE_STEP2_release(JPAKE_STEP2 *s2);

/*
 * Optionally verify the shared key. If the shared secrets do not
 * match, the two ends will disagree about the shared key, but
 * otherwise the protocol will succeed.
 */
void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a);
int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx);
int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received);
void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a);

void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b);
int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx);
int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received);
void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b);

/*
 * the return value belongs to the library and will be released when
 * ctx is released, and will change when a new handshake is performed.
 */
const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx);

/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
void ERR_load_JPAKE_strings(void);

/* Error codes for the JPAKE functions. */

/* Function codes. */
#define JPAKE_F_JPAKE_STEP1_PROCESS			 101
#define JPAKE_F_JPAKE_STEP2_PROCESS			 102
#define JPAKE_F_JPAKE_STEP3A_PROCESS			 103
#define JPAKE_F_JPAKE_STEP3B_PROCESS			 104
#define JPAKE_F_VERIFY_ZKP				 100

/* Reason codes. */
#define JPAKE_R_G_TO_THE_X4_IS_ONE			 105
#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH		 106
#define JPAKE_R_HASH_OF_KEY_MISMATCH			 107
#define JPAKE_R_VERIFY_B_FAILED				 102
#define JPAKE_R_VERIFY_X3_FAILED			 103
#define JPAKE_R_VERIFY_X4_FAILED			 104
#define JPAKE_R_ZKP_VERIFY_FAILED			 100

#ifdef  __cplusplus
}
#endif
#endif
Commit	Line	Data
6caa4edd BL	1	/*
	2	* Implement J-PAKE, as described in
	3	* http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
	4	*
	5	* With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
	6	*/
	7
	8	#ifndef HEADER_JPAKE_H
	9	#define HEADER_JPAKE_H
	10
ed551cdd DSH	11	#include <openssl/opensslconf.h>
	12
	13	#ifndef OPENSSL_EXPERIMENTAL_JPAKE
	14	#error JPAKE is disabled.
	15	#endif
	16
6caa4edd BL	17	#ifdef __cplusplus
	18	extern "C" {
	19	#endif
	20
	21	#include <openssl/bn.h>
	22	#include <openssl/sha.h>
	23
	24	typedef struct JPAKE_CTX JPAKE_CTX;
	25
e9eda23a	26	/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */
6caa4edd BL	27	typedef struct
6caa4edd BL	28	{
e9eda23a DSH	29	BIGNUM gr; / g^r (r random) */
e9eda23a DSH	30	BIGNUM b; / b = r - xh, h=hash(g, g^r, g^x, name) /
6caa4edd BL	31	} JPAKE_ZKP;
	32
	33	typedef struct
	34	{
e9eda23a DSH	35	BIGNUM gx; / g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */
e9eda23a DSH	36	JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */
6caa4edd BL	37	} JPAKE_STEP_PART;
	38
	39	typedef struct
	40	{
e9eda23a DSH	41	JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */
e9eda23a DSH	42	JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */
6caa4edd BL	43	} JPAKE_STEP1;
	44
	45	typedef JPAKE_STEP_PART JPAKE_STEP2;
	46
	47	typedef struct
	48	{
	49	unsigned char hhk[SHA_DIGEST_LENGTH];
	50	} JPAKE_STEP3A;
	51
	52	typedef struct
	53	{
	54	unsigned char hk[SHA_DIGEST_LENGTH];
	55	} JPAKE_STEP3B;
	56
e9eda23a	57	/* Parameters are copied */
6caa4edd BL	58	JPAKE_CTX JPAKE_CTX_new(const char name, const char *peer_name,
	59	const BIGNUM p, const BIGNUM g, const BIGNUM *q,
	60	const BIGNUM *secret);
	61	void JPAKE_CTX_free(JPAKE_CTX *ctx);
	62
e9eda23a DSH	63	/*
	64	* Note that JPAKE_STEP1 can be used multiple times before release
	65	* without another init.
	66	*/
6caa4edd BL	67	void JPAKE_STEP1_init(JPAKE_STEP1 *s1);
	68	int JPAKE_STEP1_generate(JPAKE_STEP1 send, JPAKE_CTX ctx);
	69	int JPAKE_STEP1_process(JPAKE_CTX ctx, const JPAKE_STEP1 received);
	70	void JPAKE_STEP1_release(JPAKE_STEP1 *s1);
	71
e9eda23a DSH	72	/*
	73	* Note that JPAKE_STEP2 can be used multiple times before release
	74	* without another init.
	75	*/
6caa4edd BL	76	void JPAKE_STEP2_init(JPAKE_STEP2 *s2);
	77	int JPAKE_STEP2_generate(JPAKE_STEP2 send, JPAKE_CTX ctx);
	78	int JPAKE_STEP2_process(JPAKE_CTX ctx, const JPAKE_STEP2 received);
	79	void JPAKE_STEP2_release(JPAKE_STEP2 *s2);
	80
e9eda23a DSH	81	/*
	82	* Optionally verify the shared key. If the shared secrets do not
	83	* match, the two ends will disagree about the shared key, but
	84	* otherwise the protocol will succeed.
	85	*/
6caa4edd BL	86	void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a);
	87	int JPAKE_STEP3A_generate(JPAKE_STEP3A send, JPAKE_CTX ctx);
	88	int JPAKE_STEP3A_process(JPAKE_CTX ctx, const JPAKE_STEP3A received);
	89	void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a);
	90
	91	void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b);
	92	int JPAKE_STEP3B_generate(JPAKE_STEP3B send, JPAKE_CTX ctx);
	93	int JPAKE_STEP3B_process(JPAKE_CTX ctx, const JPAKE_STEP3B received);
	94	void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b);
	95
e9eda23a DSH	96	/*
	97	* the return value belongs to the library and will be released when
	98	* ctx is released, and will change when a new handshake is performed.
	99	*/
6caa4edd BL	100	const BIGNUM JPAKE_get_shared_key(JPAKE_CTX ctx);
	101
	102	/* BEGIN ERROR CODES */
	103	/* The following lines are auto generated by the script mkerr.pl. Any changes
	104	* made after this point may be overwritten when the script is next run.
	105	*/
	106	void ERR_load_JPAKE_strings(void);
	107
	108	/* Error codes for the JPAKE functions. */
	109
	110	/* Function codes. */
	111	#define JPAKE_F_JPAKE_STEP1_PROCESS 101
	112	#define JPAKE_F_JPAKE_STEP2_PROCESS 102
	113	#define JPAKE_F_JPAKE_STEP3A_PROCESS 103
	114	#define JPAKE_F_JPAKE_STEP3B_PROCESS 104
	115	#define JPAKE_F_VERIFY_ZKP 100
	116
	117	/* Reason codes. */
	118	#define JPAKE_R_G_TO_THE_X4_IS_ONE 105
	119	#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106
	120	#define JPAKE_R_HASH_OF_KEY_MISMATCH 107
	121	#define JPAKE_R_VERIFY_B_FAILED 102
	122	#define JPAKE_R_VERIFY_X3_FAILED 103
	123	#define JPAKE_R_VERIFY_X4_FAILED 104
	124	#define JPAKE_R_ZKP_VERIFY_FAILED 100
	125
	126	#ifdef __cplusplus
	127	}
	128	#endif
	129	#endif