1/* 2 * Implement J-PAKE, as described in 3 * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf 4 * 5 * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java. 6 */ 7 8#ifndef HEADER_JPAKE_H 9#define HEADER_JPAKE_H 10 11#include <openssl/opensslconf.h> 12 13#ifdef OPENSSL_NO_JPAKE 14#error JPAKE is disabled. 15#endif 16 17#ifdef __cplusplus 18extern "C" { 19#endif 20 21#include <openssl/bn.h> 22#include <openssl/sha.h> 23 24typedef struct JPAKE_CTX JPAKE_CTX; 25 26/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */ 27typedef struct 28 { 29 BIGNUM *gr; /* g^r (r random) */ 30 BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */ 31 } JPAKE_ZKP; 32 33typedef struct 34 { 35 BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */ 36 JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */ 37 } JPAKE_STEP_PART; 38 39typedef struct 40 { 41 JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */ 42 JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */ 43 } JPAKE_STEP1; 44 45typedef JPAKE_STEP_PART JPAKE_STEP2; 46 47typedef struct 48 { 49 unsigned char hhk[SHA_DIGEST_LENGTH]; 50 } JPAKE_STEP3A; 51 52typedef struct 53 { 54 unsigned char hk[SHA_DIGEST_LENGTH]; 55 } JPAKE_STEP3B; 56 57/* Parameters are copied */ 58JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, 59 const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, 60 const BIGNUM *secret); 61void JPAKE_CTX_free(JPAKE_CTX *ctx); 62 63/* 64 * Note that JPAKE_STEP1 can be used multiple times before release 65 * without another init. 66 */ 67void JPAKE_STEP1_init(JPAKE_STEP1 *s1); 68int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx); 69int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received); 70void JPAKE_STEP1_release(JPAKE_STEP1 *s1); 71 72/* 73 * Note that JPAKE_STEP2 can be used multiple times before release 74 * without another init. 75 */ 76void JPAKE_STEP2_init(JPAKE_STEP2 *s2); 77int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx); 78int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received); 79void JPAKE_STEP2_release(JPAKE_STEP2 *s2); 80 81/* 82 * Optionally verify the shared key. If the shared secrets do not 83 * match, the two ends will disagree about the shared key, but 84 * otherwise the protocol will succeed. 85 */ 86void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a); 87int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx); 88int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received); 89void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a); 90 91void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b); 92int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx); 93int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received); 94void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b); 95 96/* 97 * the return value belongs to the library and will be released when 98 * ctx is released, and will change when a new handshake is performed. 99 */ 100const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx); 101 102/* BEGIN ERROR CODES */ 103/* The following lines are auto generated by the script mkerr.pl. Any changes 104 * made after this point may be overwritten when the script is next run. 105 */ 106void ERR_load_JPAKE_strings(void); 107 108/* Error codes for the JPAKE functions. */ 109 110/* Function codes. */ 111#define JPAKE_F_JPAKE_STEP1_PROCESS 101 112#define JPAKE_F_JPAKE_STEP2_PROCESS 102 113#define JPAKE_F_JPAKE_STEP3A_PROCESS 103 114#define JPAKE_F_JPAKE_STEP3B_PROCESS 104 115#define JPAKE_F_VERIFY_ZKP 100 116 117/* Reason codes. */ 118#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108 119#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109 120#define JPAKE_R_G_TO_THE_X4_IS_ONE 105 121#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 122#define JPAKE_R_HASH_OF_KEY_MISMATCH 107 123#define JPAKE_R_VERIFY_B_FAILED 102 124#define JPAKE_R_VERIFY_X3_FAILED 103 125#define JPAKE_R_VERIFY_X4_FAILED 104 126#define JPAKE_R_ZKP_VERIFY_FAILED 100 127 128#ifdef __cplusplus 129} 130#endif 131#endif 132