1 /* 2 * Implement J-PAKE, as described in 3 * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf 4 * 5 * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java. 6 */ 7 8 #ifndef HEADER_JPAKE_H 9 #define HEADER_JPAKE_H 10 11 #include <openssl/opensslconf.h> 12 13 #ifdef OPENSSL_NO_JPAKE 14 #error JPAKE is disabled. 15 #endif 16 17 #ifdef __cplusplus 18 extern "C" { 19 #endif 20 21 #include <openssl/bn.h> 22 #include <openssl/sha.h> 23 24 typedef struct JPAKE_CTX JPAKE_CTX; 25 26 /* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */ 27 typedef struct 28 { 29 BIGNUM *gr; /* g^r (r random) */ 30 BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */ 31 } JPAKE_ZKP; 32 33 typedef struct 34 { 35 BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */ 36 JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */ 37 } JPAKE_STEP_PART; 38 39 typedef struct 40 { 41 JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */ 42 JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */ 43 } JPAKE_STEP1; 44 45 typedef JPAKE_STEP_PART JPAKE_STEP2; 46 47 typedef struct 48 { 49 unsigned char hhk[SHA_DIGEST_LENGTH]; 50 } JPAKE_STEP3A; 51 52 typedef struct 53 { 54 unsigned char hk[SHA_DIGEST_LENGTH]; 55 } JPAKE_STEP3B; 56 57 /* Parameters are copied */ 58 JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, 59 const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, 60 const BIGNUM *secret); 61 void JPAKE_CTX_free(JPAKE_CTX *ctx); 62 63 /* 64 * Note that JPAKE_STEP1 can be used multiple times before release 65 * without another init. 66 */ 67 void JPAKE_STEP1_init(JPAKE_STEP1 *s1); 68 int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx); 69 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received); 70 void JPAKE_STEP1_release(JPAKE_STEP1 *s1); 71 72 /* 73 * Note that JPAKE_STEP2 can be used multiple times before release 74 * without another init. 75 */ 76 void JPAKE_STEP2_init(JPAKE_STEP2 *s2); 77 int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx); 78 int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received); 79 void JPAKE_STEP2_release(JPAKE_STEP2 *s2); 80 81 /* 82 * Optionally verify the shared key. If the shared secrets do not 83 * match, the two ends will disagree about the shared key, but 84 * otherwise the protocol will succeed. 85 */ 86 void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a); 87 int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx); 88 int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received); 89 void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a); 90 91 void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b); 92 int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx); 93 int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received); 94 void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b); 95 96 /* 97 * the return value belongs to the library and will be released when 98 * ctx is released, and will change when a new handshake is performed. 99 */ 100 const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx); 101 102 /* BEGIN ERROR CODES */ 103 /* The following lines are auto generated by the script mkerr.pl. Any changes 104 * made after this point may be overwritten when the script is next run. 105 */ 106 void ERR_load_JPAKE_strings(void); 107 108 /* Error codes for the JPAKE functions. */ 109 110 /* Function codes. */ 111 #define JPAKE_F_JPAKE_STEP1_PROCESS 101 112 #define JPAKE_F_JPAKE_STEP2_PROCESS 102 113 #define JPAKE_F_JPAKE_STEP3A_PROCESS 103 114 #define JPAKE_F_JPAKE_STEP3B_PROCESS 104 115 #define JPAKE_F_VERIFY_ZKP 100 116 117 /* Reason codes. */ 118 #define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108 119 #define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109 120 #define JPAKE_R_G_TO_THE_X4_IS_ONE 105 121 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 122 #define JPAKE_R_HASH_OF_KEY_MISMATCH 107 123 #define JPAKE_R_VERIFY_B_FAILED 102 124 #define JPAKE_R_VERIFY_X3_FAILED 103 125 #define JPAKE_R_VERIFY_X4_FAILED 104 126 #define JPAKE_R_ZKP_VERIFY_FAILED 100 127 128 #ifdef __cplusplus 129 } 130 #endif 131 #endif 132
