]>
Commit | Line | Data |
---|---|---|
6caa4edd BL |
1 | /* |
2 | * Implement J-PAKE, as described in | |
3 | * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf | |
0f113f3e | 4 | * |
6caa4edd BL |
5 | * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java. |
6 | */ | |
7 | ||
8 | #ifndef HEADER_JPAKE_H | |
0f113f3e | 9 | # define HEADER_JPAKE_H |
6caa4edd | 10 | |
0f113f3e | 11 | # include <openssl/opensslconf.h> |
ed551cdd | 12 | |
0f113f3e MC |
13 | # ifdef OPENSSL_NO_JPAKE |
14 | # error JPAKE is disabled. | |
15 | # endif | |
79bd20fd | 16 | |
6caa4edd BL |
17 | #ifdef __cplusplus |
18 | extern "C" { | |
19 | #endif | |
20 | ||
0f113f3e MC |
21 | # include <openssl/bn.h> |
22 | # include <openssl/sha.h> | |
6caa4edd BL |
23 | |
24 | typedef struct JPAKE_CTX JPAKE_CTX; | |
25 | ||
e9eda23a | 26 | /* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */ |
0f113f3e MC |
27 | typedef struct { |
28 | BIGNUM *gr; /* g^r (r random) */ | |
29 | BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */ | |
30 | } JPAKE_ZKP; | |
31 | ||
32 | typedef struct { | |
33 | BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s | |
34 | * in step 2 */ | |
35 | JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */ | |
36 | } JPAKE_STEP_PART; | |
37 | ||
38 | typedef struct { | |
39 | JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */ | |
40 | JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */ | |
41 | } JPAKE_STEP1; | |
6caa4edd BL |
42 | |
43 | typedef JPAKE_STEP_PART JPAKE_STEP2; | |
44 | ||
0f113f3e | 45 | typedef struct { |
6caa4edd | 46 | unsigned char hhk[SHA_DIGEST_LENGTH]; |
0f113f3e | 47 | } JPAKE_STEP3A; |
6caa4edd | 48 | |
0f113f3e | 49 | typedef struct { |
6caa4edd | 50 | unsigned char hk[SHA_DIGEST_LENGTH]; |
0f113f3e | 51 | } JPAKE_STEP3B; |
6caa4edd | 52 | |
e9eda23a | 53 | /* Parameters are copied */ |
6caa4edd | 54 | JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, |
0f113f3e MC |
55 | const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, |
56 | const BIGNUM *secret); | |
6caa4edd BL |
57 | void JPAKE_CTX_free(JPAKE_CTX *ctx); |
58 | ||
e9eda23a DSH |
59 | /* |
60 | * Note that JPAKE_STEP1 can be used multiple times before release | |
61 | * without another init. | |
62 | */ | |
6caa4edd BL |
63 | void JPAKE_STEP1_init(JPAKE_STEP1 *s1); |
64 | int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx); | |
65 | int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received); | |
66 | void JPAKE_STEP1_release(JPAKE_STEP1 *s1); | |
67 | ||
e9eda23a DSH |
68 | /* |
69 | * Note that JPAKE_STEP2 can be used multiple times before release | |
70 | * without another init. | |
71 | */ | |
6caa4edd BL |
72 | void JPAKE_STEP2_init(JPAKE_STEP2 *s2); |
73 | int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx); | |
74 | int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received); | |
75 | void JPAKE_STEP2_release(JPAKE_STEP2 *s2); | |
76 | ||
e9eda23a DSH |
77 | /* |
78 | * Optionally verify the shared key. If the shared secrets do not | |
79 | * match, the two ends will disagree about the shared key, but | |
80 | * otherwise the protocol will succeed. | |
81 | */ | |
6caa4edd BL |
82 | void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a); |
83 | int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx); | |
84 | int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received); | |
85 | void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a); | |
86 | ||
87 | void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b); | |
88 | int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx); | |
89 | int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received); | |
90 | void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b); | |
91 | ||
e9eda23a DSH |
92 | /* |
93 | * the return value belongs to the library and will be released when | |
94 | * ctx is released, and will change when a new handshake is performed. | |
95 | */ | |
6caa4edd BL |
96 | const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx); |
97 | ||
98 | /* BEGIN ERROR CODES */ | |
0f113f3e MC |
99 | /* |
100 | * The following lines are auto generated by the script mkerr.pl. Any changes | |
6caa4edd BL |
101 | * made after this point may be overwritten when the script is next run. |
102 | */ | |
103 | void ERR_load_JPAKE_strings(void); | |
104 | ||
105 | /* Error codes for the JPAKE functions. */ | |
106 | ||
107 | /* Function codes. */ | |
0f113f3e MC |
108 | # define JPAKE_F_JPAKE_STEP1_PROCESS 101 |
109 | # define JPAKE_F_JPAKE_STEP2_PROCESS 102 | |
110 | # define JPAKE_F_JPAKE_STEP3A_PROCESS 103 | |
111 | # define JPAKE_F_JPAKE_STEP3B_PROCESS 104 | |
112 | # define JPAKE_F_VERIFY_ZKP 100 | |
6caa4edd BL |
113 | |
114 | /* Reason codes. */ | |
0f113f3e MC |
115 | # define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108 |
116 | # define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109 | |
117 | # define JPAKE_R_G_TO_THE_X4_IS_ONE 105 | |
118 | # define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 | |
119 | # define JPAKE_R_HASH_OF_KEY_MISMATCH 107 | |
120 | # define JPAKE_R_VERIFY_B_FAILED 102 | |
121 | # define JPAKE_R_VERIFY_X3_FAILED 103 | |
122 | # define JPAKE_R_VERIFY_X4_FAILED 104 | |
123 | # define JPAKE_R_ZKP_VERIFY_FAILED 100 | |
6caa4edd BL |
124 | |
125 | #ifdef __cplusplus | |
126 | } | |
127 | #endif | |
128 | #endif |