11305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* $OpenBSD: jpake.h,v 1.2 2009/03/05 07:18:19 djm Exp $ */
21305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/*
31305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Copyright (c) 2008 Damien Miller.  All rights reserved.
41305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *
51305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Permission to use, copy, modify, and distribute this software for any
61305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * purpose with or without fee is hereby granted, provided that the above
71305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * copyright notice and this permission notice appear in all copies.
81305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *
91305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */
171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifndef JPAKE_H
191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define JPAKE_H
201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/types.h>
221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <openssl/bn.h>
241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Set JPAKE_DEBUG in CFLAGS for privacy-violating debugging */
261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifndef JPAKE_DEBUG
271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# define JPAKE_DEBUG_BN(a)
281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# define JPAKE_DEBUG_BUF(a)
291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# define JPAKE_DEBUG_CTX(a)
301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#else
311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# define JPAKE_DEBUG_BN(a)	debug3_bn a
321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# define JPAKE_DEBUG_BUF(a)	debug3_buf a
331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# define JPAKE_DEBUG_CTX(a)	jpake_dump a
341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif /* JPAKE_DEBUG */
351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define KZP_ID_LEN	16	/* Length of client and server IDs */
371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstruct jpake_ctx {
391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	/* Parameters */
401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	struct modp_group *grp;
411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	/* Private values shared by client and server */
431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	BIGNUM *s;			/* Secret (salted, crypted password) */
441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	BIGNUM *k;			/* Derived key */
451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	/* Client private values (NULL for server) */
471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	BIGNUM *x1;			/* random in Zq */
481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	BIGNUM *x2;			/* random in Z*q */
491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	/* Server private values (NULL for server) */
511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	BIGNUM *x3;			/* random in Zq */
521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	BIGNUM *x4;			/* random in Z*q */
531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	/* Step 1: C->S */
551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	u_char *client_id;		/* Anti-replay nonce */
561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	u_int client_id_len;
571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	BIGNUM *g_x1;			/* g^x1 */
581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	BIGNUM *g_x2;			/* g^x2 */
591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	/* Step 1: S->C */
611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	u_char *server_id;		/* Anti-replay nonce */
621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	u_int server_id_len;
631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	BIGNUM *g_x3;			/* g^x3 */
641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	BIGNUM *g_x4;			/* g^x4 */
651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	/* Step 2: C->S */
671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	BIGNUM *a;			/* g^((x1+x3+x4)*x2*s) */
681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	/* Step 2: S->C */
701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	BIGNUM *b;			/* g^((x1+x2+x3)*x4*s) */
711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	/* Confirmation: C->S */
731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	u_char *h_k_cid_sessid;		/* H(k || client_id || session_id) */
741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	u_int h_k_cid_sessid_len;
751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	/* Confirmation: S->C */
771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	u_char *h_k_sid_sessid;		/* H(k || server_id || session_id) */
781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood	u_int h_k_sid_sessid_len;
791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood};
801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* jpake.c */
821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstruct modp_group *jpake_default_group(void);
831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid jpake_dump(struct jpake_ctx *, const char *, ...)
841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    __attribute__((__nonnull__ (2)))
851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    __attribute__((format(printf, 2, 3)));
861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstruct jpake_ctx *jpake_new(void);
871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid jpake_free(struct jpake_ctx *);
881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid jpake_step1(struct modp_group *, u_char **, u_int *,
901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **,
911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    u_char **, u_int *, u_char **, u_int *);
921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid jpake_step2(struct modp_group *, BIGNUM *,
941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    const u_char *, u_int, const u_char *, u_int,
961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    const u_char *, u_int, const u_char *, u_int,
971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    BIGNUM **, u_char **, u_int *);
981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid jpake_confirm_hash(const BIGNUM *,
1001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    const u_char *, u_int,
1011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    const u_char *, u_int,
1021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    u_char **, u_int *);
1031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
1041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *,
1051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
1061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    const u_char *, u_int, const u_char *, u_int,
1071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    const u_char *, u_int, const u_char *, u_int,
1081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    BIGNUM **, u_char **, u_int *);
1091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
1101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint jpake_check_confirm(const BIGNUM *, const u_char *, u_int,
1111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    const u_char *, u_int, const u_char *, u_int);
1121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
1131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif /* JPAKE_H */
1141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
115