diff options
| author | marha <marha@users.sourceforge.net> | 2015-02-22 21:39:56 +0100 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2015-02-22 21:39:56 +0100 |
| commit | 462f18c7b25fe3e467f837647d07ab0a78aa8d2b (patch) | |
| tree | fc8013c0a1bac05a1945846c1697e973f4c35013 /openssl/crypto/jpake | |
| parent | 36f711ee12b6dd5184198abed3aa551efb585587 (diff) | |
| download | vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.gz vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.bz2 vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.zip | |
Merged origin/release (checked in because wanted to merge new stuff)
Diffstat (limited to 'openssl/crypto/jpake')
| -rw-r--r-- | openssl/crypto/jpake/jpake.c | 361 | ||||
| -rw-r--r-- | openssl/crypto/jpake/jpake.h | 93 | ||||
| -rw-r--r-- | openssl/crypto/jpake/jpake_err.c | 67 | ||||
| -rw-r--r-- | openssl/crypto/jpake/jpaketest.c | 131 |
4 files changed, 320 insertions, 332 deletions
diff --git a/openssl/crypto/jpake/jpake.c b/openssl/crypto/jpake/jpake.c index 8e4b633cc..8c38727e2 100644 --- a/openssl/crypto/jpake/jpake.c +++ b/openssl/crypto/jpake/jpake.c @@ -4,78 +4,77 @@ #include <openssl/sha.h> #include <openssl/err.h> #include <memory.h> +#include <string.h> /* * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or * Bob's (x3, x4, x1, x2). If you see what I mean. */ -typedef struct - { - char *name; /* Must be unique */ +typedef struct { + char *name; /* Must be unique */ char *peer_name; BIGNUM *p; BIGNUM *g; BIGNUM *q; - BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */ - BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */ - } JPAKE_CTX_PUBLIC; + BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */ + BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */ +} JPAKE_CTX_PUBLIC; -struct JPAKE_CTX - { +struct JPAKE_CTX { JPAKE_CTX_PUBLIC p; - BIGNUM *secret; /* The shared secret */ + BIGNUM *secret; /* The shared secret */ BN_CTX *ctx; - BIGNUM *xa; /* Alice's x1 or Bob's x3 */ - BIGNUM *xb; /* Alice's x2 or Bob's x4 */ - BIGNUM *key; /* The calculated (shared) key */ - }; + BIGNUM *xa; /* Alice's x1 or Bob's x3 */ + BIGNUM *xb; /* Alice's x2 or Bob's x4 */ + BIGNUM *key; /* The calculated (shared) key */ +}; static void JPAKE_ZKP_init(JPAKE_ZKP *zkp) - { +{ zkp->gr = BN_new(); zkp->b = BN_new(); - } +} static void JPAKE_ZKP_release(JPAKE_ZKP *zkp) - { +{ BN_free(zkp->b); BN_free(zkp->gr); - } +} /* Two birds with one stone - make the global name as expected */ -#define JPAKE_STEP_PART_init JPAKE_STEP2_init -#define JPAKE_STEP_PART_release JPAKE_STEP2_release +#define JPAKE_STEP_PART_init JPAKE_STEP2_init +#define JPAKE_STEP_PART_release JPAKE_STEP2_release void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p) - { +{ p->gx = BN_new(); JPAKE_ZKP_init(&p->zkpx); - } +} void JPAKE_STEP_PART_release(JPAKE_STEP_PART *p) - { +{ JPAKE_ZKP_release(&p->zkpx); BN_free(p->gx); - } +} void JPAKE_STEP1_init(JPAKE_STEP1 *s1) - { +{ JPAKE_STEP_PART_init(&s1->p1); JPAKE_STEP_PART_init(&s1->p2); - } +} void JPAKE_STEP1_release(JPAKE_STEP1 *s1) - { +{ JPAKE_STEP_PART_release(&s1->p2); JPAKE_STEP_PART_release(&s1->p1); - } +} static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name, - const char *peer_name, const BIGNUM *p, - const BIGNUM *g, const BIGNUM *q, - const BIGNUM *secret) - { + const char *peer_name, const BIGNUM *p, + const BIGNUM *g, const BIGNUM *q, + const BIGNUM *secret) +{ ctx->p.name = OPENSSL_strdup(name); ctx->p.peer_name = OPENSSL_strdup(peer_name); ctx->p.p = BN_dup(p); @@ -90,10 +89,10 @@ static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name, ctx->xb = BN_new(); ctx->key = BN_new(); ctx->ctx = BN_CTX_new(); - } - +} + static void JPAKE_CTX_release(JPAKE_CTX *ctx) - { +{ BN_CTX_free(ctx->ctx); BN_clear_free(ctx->key); BN_clear_free(ctx->xb); @@ -110,45 +109,45 @@ static void JPAKE_CTX_release(JPAKE_CTX *ctx) OPENSSL_free(ctx->p.name); memset(ctx, '\0', sizeof *ctx); - } - +} + JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, - const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, - const BIGNUM *secret) - { + const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, + const BIGNUM *secret) +{ JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx); JPAKE_CTX_init(ctx, name, peer_name, p, g, q, secret); return ctx; - } +} void JPAKE_CTX_free(JPAKE_CTX *ctx) - { +{ JPAKE_CTX_release(ctx); OPENSSL_free(ctx); - } +} static void hashlength(SHA_CTX *sha, size_t l) - { +{ unsigned char b[2]; OPENSSL_assert(l <= 0xffff); b[0] = l >> 8; - b[1] = l&0xff; + b[1] = l & 0xff; SHA1_Update(sha, b, 2); - } +} static void hashstring(SHA_CTX *sha, const char *string) - { +{ size_t l = strlen(string); hashlength(sha, l); SHA1_Update(sha, string, l); - } +} static void hashbn(SHA_CTX *sha, const BIGNUM *bn) - { +{ size_t l = BN_num_bytes(bn); unsigned char *bin = OPENSSL_malloc(l); @@ -156,19 +155,19 @@ static void hashbn(SHA_CTX *sha, const BIGNUM *bn) BN_bn2bin(bn, bin); SHA1_Update(sha, bin, l); OPENSSL_free(bin); - } +} /* h=hash(g, g^r, g^x, name) */ static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p, - const char *proof_name) - { + const char *proof_name) +{ unsigned char md[SHA_DIGEST_LENGTH]; SHA_CTX sha; - /* - * XXX: hash should not allow moving of the boundaries - Java code - * is flawed in this respect. Length encoding seems simplest. - */ + /* + * XXX: hash should not allow moving of the boundaries - Java code + * is flawed in this respect. Length encoding seems simplest. + */ SHA1_Init(&sha); hashbn(&sha, zkpg); OPENSSL_assert(!BN_is_zero(p->zkpx.gr)); @@ -177,43 +176,43 @@ static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p, hashstring(&sha, proof_name); SHA1_Final(md, &sha); BN_bin2bn(md, SHA_DIGEST_LENGTH, h); - } +} /* * Prove knowledge of x * Note that p->gx has already been calculated */ static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x, - const BIGNUM *zkpg, JPAKE_CTX *ctx) - { + const BIGNUM *zkpg, JPAKE_CTX *ctx) +{ BIGNUM *r = BN_new(); BIGNUM *h = BN_new(); BIGNUM *t = BN_new(); - /* + /*- * r in [0,q) * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform */ BN_rand_range(r, ctx->p.q); - /* g^r */ + /* g^r */ BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx); - /* h=hash... */ + /* h=hash... */ zkp_hash(h, zkpg, p, ctx->p.name); - /* b = r - x*h */ + /* b = r - x*h */ BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx); BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx); - /* cleanup */ + /* cleanup */ BN_free(t); BN_free(h); BN_free(r); - } +} static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, - JPAKE_CTX *ctx) - { + JPAKE_CTX *ctx) +{ BIGNUM *h = BN_new(); BIGNUM *t1 = BN_new(); BIGNUM *t2 = BN_new(); @@ -222,74 +221,74 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, zkp_hash(h, zkpg, p, ctx->p.peer_name); - /* t1 = g^b */ + /* t1 = g^b */ BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx); - /* t2 = (g^x)^h = g^{hx} */ + /* t2 = (g^x)^h = g^{hx} */ BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx); - /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */ + /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */ BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx); - /* verify t3 == g^r */ - if(BN_cmp(t3, p->zkpx.gr) == 0) - ret = 1; + /* verify t3 == g^r */ + if (BN_cmp(t3, p->zkpx.gr) == 0) + ret = 1; else - JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED); + JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED); - /* cleanup */ + /* cleanup */ BN_free(t3); BN_free(t2); BN_free(t1); BN_free(h); return ret; - } +} static void generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x, - const BIGNUM *g, JPAKE_CTX *ctx) - { + const BIGNUM *g, JPAKE_CTX *ctx) +{ BN_mod_exp(p->gx, g, x, ctx->p.p, ctx->ctx); generate_zkp(p, x, g, ctx); - } +} /* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */ static void genrand(JPAKE_CTX *ctx) - { +{ BIGNUM *qm1; - /* xa in [0, q) */ + /* xa in [0, q) */ BN_rand_range(ctx->xa, ctx->p.q); - /* q-1 */ + /* q-1 */ qm1 = BN_new(); BN_copy(qm1, ctx->p.q); BN_sub_word(qm1, 1); - /* ... and xb in [0, q-1) */ + /* ... and xb in [0, q-1) */ BN_rand_range(ctx->xb, qm1); - /* [1, q) */ + /* [1, q) */ BN_add_word(ctx->xb, 1); - /* cleanup */ + /* cleanup */ BN_free(qm1); - } +} int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) - { +{ genrand(ctx); generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx); generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx); return 1; - } +} /* g^x is a legal value */ static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx) - { +{ BIGNUM *t; int res; - - if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0) - return 0; + + if (BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0) + return 0; t = BN_new(); BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx); @@ -297,69 +296,65 @@ static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx) BN_free(t); return res; - } +} int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) - { - if(!is_legal(received->p1.gx, ctx)) - { - JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL); - return 0; - } - - if(!is_legal(received->p2.gx, ctx)) - { - JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL); - return 0; - } - - /* verify their ZKP(xc) */ - if(!verify_zkp(&received->p1, ctx->p.g, ctx)) - { - JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED); - return 0; - } - - /* verify their ZKP(xd) */ - if(!verify_zkp(&received->p2, ctx->p.g, ctx)) - { - JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED); - return 0; - } - - /* g^xd != 1 */ - if(BN_is_one(received->p2.gx)) - { - JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE); - return 0; - } - - /* Save the bits we need for later */ +{ + if (!is_legal(received->p1.gx, ctx)) { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, + JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL); + return 0; + } + + if (!is_legal(received->p2.gx, ctx)) { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, + JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL); + return 0; + } + + /* verify their ZKP(xc) */ + if (!verify_zkp(&received->p1, ctx->p.g, ctx)) { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED); + return 0; + } + + /* verify their ZKP(xd) */ + if (!verify_zkp(&received->p2, ctx->p.g, ctx)) { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED); + return 0; + } + + /* g^xd != 1 */ + if (BN_is_one(received->p2.gx)) { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE); + return 0; + } + + /* Save the bits we need for later */ BN_copy(ctx->p.gxc, received->p1.gx); BN_copy(ctx->p.gxd, received->p2.gx); return 1; - } - +} int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx) - { +{ BIGNUM *t1 = BN_new(); BIGNUM *t2 = BN_new(); - /* + /*- * X = g^{(xa + xc + xd) * xb * s} * t1 = g^xa */ BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx); - /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */ + /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */ BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx); - /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */ + /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */ BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx); - /* t2 = xb * s */ + /* t2 = xb * s */ BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx); - /* + /*- * ZKP(xb * s) * XXX: this is kinda funky, because we're using * @@ -370,21 +365,21 @@ int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx) */ generate_step_part(send, t2, t1, ctx); - /* cleanup */ + /* cleanup */ BN_free(t1); BN_free(t2); return 1; - } +} /* gx = g^{xc + xa + xb} * xd * s */ static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx) - { +{ BIGNUM *t1 = BN_new(); BIGNUM *t2 = BN_new(); BIGNUM *t3 = BN_new(); - /* + /*- * K = (gx/g^{xb * xd * s})^{xb} * = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb} * = (g^{(xa + xc) * xd * s})^{xb} @@ -392,120 +387,122 @@ static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx) * [which is the same regardless of who calculates it] */ - /* t1 = (g^{xd})^{xb} = g^{xb * xd} */ + /* t1 = (g^{xd})^{xb} = g^{xb * xd} */ BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx); - /* t2 = -s = q-s */ + /* t2 = -s = q-s */ BN_sub(t2, ctx->p.q, ctx->secret); - /* t3 = t1^t2 = g^{-xb * xd * s} */ + /* t3 = t1^t2 = g^{-xb * xd * s} */ BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx); - /* t1 = gx * t3 = X/g^{xb * xd * s} */ + /* t1 = gx * t3 = X/g^{xb * xd * s} */ BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx); - /* K = t1^{xb} */ + /* K = t1^{xb} */ BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx); - /* cleanup */ + /* cleanup */ BN_free(t3); BN_free(t2); BN_free(t1); return 1; - } +} int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received) - { +{ BIGNUM *t1 = BN_new(); BIGNUM *t2 = BN_new(); int ret = 0; - /* + /*- * g' = g^{xc + xa + xb} [from our POV] * t1 = xa + xb */ BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx); - /* t2 = g^{t1} = g^{xa+xb} */ + /* t2 = g^{t1} = g^{xa+xb} */ BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx); - /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */ + /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */ BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx); - if(verify_zkp(received, t1, ctx)) - ret = 1; + if (verify_zkp(received, t1, ctx)) + ret = 1; else - JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED); + JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED); compute_key(ctx, received->gx); - /* cleanup */ + /* cleanup */ BN_free(t2); BN_free(t1); return ret; - } +} static void quickhashbn(unsigned char *md, const BIGNUM *bn) - { +{ SHA_CTX sha; SHA1_Init(&sha); hashbn(&sha, bn); SHA1_Final(md, &sha); - } +} void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a) - {} +{ +} int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx) - { +{ quickhashbn(send->hhk, ctx->key); SHA1(send->hhk, sizeof send->hhk, send->hhk); return 1; - } +} int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received) - { +{ unsigned char hhk[SHA_DIGEST_LENGTH]; quickhashbn(hhk, ctx->key); SHA1(hhk, sizeof hhk, hhk); - if(memcmp(hhk, received->hhk, sizeof hhk)) - { - JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH); - return 0; - } - return 1; + if (memcmp(hhk, received->hhk, sizeof hhk)) { + JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, + JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH); + return 0; } + return 1; +} void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a) - {} +{ +} void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b) - {} +{ +} int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx) - { +{ quickhashbn(send->hk, ctx->key); return 1; - } +} int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received) - { +{ unsigned char hk[SHA_DIGEST_LENGTH]; quickhashbn(hk, ctx->key); - if(memcmp(hk, received->hk, sizeof hk)) - { - JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH); - return 0; - } - return 1; + if (memcmp(hk, received->hk, sizeof hk)) { + JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH); + return 0; } + return 1; +} void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b) - {} +{ +} const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx) - { +{ return ctx->key; - } - +} diff --git a/openssl/crypto/jpake/jpake.h b/openssl/crypto/jpake/jpake.h index fd143b4d9..371eed679 100644 --- a/openssl/crypto/jpake/jpake.h +++ b/openssl/crypto/jpake/jpake.h @@ -1,63 +1,59 @@ /* * Implement J-PAKE, as described in * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf - * + * * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java. */ #ifndef HEADER_JPAKE_H -#define HEADER_JPAKE_H +# define HEADER_JPAKE_H -#include <openssl/opensslconf.h> +# include <openssl/opensslconf.h> -#ifdef OPENSSL_NO_JPAKE -#error JPAKE is disabled. -#endif +# ifdef OPENSSL_NO_JPAKE +# error JPAKE is disabled. +# endif #ifdef __cplusplus extern "C" { #endif -#include <openssl/bn.h> -#include <openssl/sha.h> +# include <openssl/bn.h> +# include <openssl/sha.h> typedef struct JPAKE_CTX JPAKE_CTX; /* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */ -typedef struct - { - BIGNUM *gr; /* g^r (r random) */ - BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */ - } JPAKE_ZKP; - -typedef struct - { - BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */ - JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */ - } JPAKE_STEP_PART; - -typedef struct - { - JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */ - JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */ - } JPAKE_STEP1; +typedef struct { + BIGNUM *gr; /* g^r (r random) */ + BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */ +} JPAKE_ZKP; + +typedef struct { + BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s + * in step 2 */ + JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */ +} JPAKE_STEP_PART; + +typedef struct { + JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */ + JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */ +} JPAKE_STEP1; typedef JPAKE_STEP_PART JPAKE_STEP2; -typedef struct - { +typedef struct { unsigned char hhk[SHA_DIGEST_LENGTH]; - } JPAKE_STEP3A; +} JPAKE_STEP3A; -typedef struct - { +typedef struct { unsigned char hk[SHA_DIGEST_LENGTH]; - } JPAKE_STEP3B; +} JPAKE_STEP3B; /* Parameters are copied */ JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, - const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, - const BIGNUM *secret); + const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, + const BIGNUM *secret); void JPAKE_CTX_free(JPAKE_CTX *ctx); /* @@ -100,7 +96,8 @@ void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b); const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx); /* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes +/* + * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ void ERR_load_JPAKE_strings(void); @@ -108,22 +105,22 @@ void ERR_load_JPAKE_strings(void); /* Error codes for the JPAKE functions. */ /* Function codes. */ -#define JPAKE_F_JPAKE_STEP1_PROCESS 101 -#define JPAKE_F_JPAKE_STEP2_PROCESS 102 -#define JPAKE_F_JPAKE_STEP3A_PROCESS 103 -#define JPAKE_F_JPAKE_STEP3B_PROCESS 104 -#define JPAKE_F_VERIFY_ZKP 100 +# define JPAKE_F_JPAKE_STEP1_PROCESS 101 +# define JPAKE_F_JPAKE_STEP2_PROCESS 102 +# define JPAKE_F_JPAKE_STEP3A_PROCESS 103 +# define JPAKE_F_JPAKE_STEP3B_PROCESS 104 +# define JPAKE_F_VERIFY_ZKP 100 /* Reason codes. */ -#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108 -#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109 -#define JPAKE_R_G_TO_THE_X4_IS_ONE 105 -#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 -#define JPAKE_R_HASH_OF_KEY_MISMATCH 107 -#define JPAKE_R_VERIFY_B_FAILED 102 -#define JPAKE_R_VERIFY_X3_FAILED 103 -#define JPAKE_R_VERIFY_X4_FAILED 104 -#define JPAKE_R_ZKP_VERIFY_FAILED 100 +# define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108 +# define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109 +# define JPAKE_R_G_TO_THE_X4_IS_ONE 105 +# define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 +# define JPAKE_R_HASH_OF_KEY_MISMATCH 107 +# define JPAKE_R_VERIFY_B_FAILED 102 +# define JPAKE_R_VERIFY_X3_FAILED 103 +# define JPAKE_R_VERIFY_X4_FAILED 104 +# define JPAKE_R_ZKP_VERIFY_FAILED 100 #ifdef __cplusplus } diff --git a/openssl/crypto/jpake/jpake_err.c b/openssl/crypto/jpake/jpake_err.c index a9a9dee75..be236d9ea 100644 --- a/openssl/crypto/jpake/jpake_err.c +++ b/openssl/crypto/jpake/jpake_err.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,7 +53,8 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ @@ -65,43 +66,43 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_JPAKE,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_JPAKE,0,reason) +# define ERR_FUNC(func) ERR_PACK(ERR_LIB_JPAKE,func,0) +# define ERR_REASON(reason) ERR_PACK(ERR_LIB_JPAKE,0,reason) -static ERR_STRING_DATA JPAKE_str_functs[]= - { -{ERR_FUNC(JPAKE_F_JPAKE_STEP1_PROCESS), "JPAKE_STEP1_process"}, -{ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS), "JPAKE_STEP2_process"}, -{ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS), "JPAKE_STEP3A_process"}, -{ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS), "JPAKE_STEP3B_process"}, -{ERR_FUNC(JPAKE_F_VERIFY_ZKP), "VERIFY_ZKP"}, -{0,NULL} - }; +static ERR_STRING_DATA JPAKE_str_functs[] = { + {ERR_FUNC(JPAKE_F_JPAKE_STEP1_PROCESS), "JPAKE_STEP1_process"}, + {ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS), "JPAKE_STEP2_process"}, + {ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS), "JPAKE_STEP3A_process"}, + {ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS), "JPAKE_STEP3B_process"}, + {ERR_FUNC(JPAKE_F_VERIFY_ZKP), "VERIFY_ZKP"}, + {0, NULL} +}; -static ERR_STRING_DATA JPAKE_str_reasons[]= - { -{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"}, -{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"}, -{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"}, -{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"}, -{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"}, -{ERR_REASON(JPAKE_R_VERIFY_B_FAILED) ,"verify b failed"}, -{ERR_REASON(JPAKE_R_VERIFY_X3_FAILED) ,"verify x3 failed"}, -{ERR_REASON(JPAKE_R_VERIFY_X4_FAILED) ,"verify x4 failed"}, -{ERR_REASON(JPAKE_R_ZKP_VERIFY_FAILED) ,"zkp verify failed"}, -{0,NULL} - }; +static ERR_STRING_DATA JPAKE_str_reasons[] = { + {ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL), + "g to the x3 is not legal"}, + {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL), + "g to the x4 is not legal"}, + {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE), "g to the x4 is one"}, + {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH), + "hash of hash of key mismatch"}, + {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH), "hash of key mismatch"}, + {ERR_REASON(JPAKE_R_VERIFY_B_FAILED), "verify b failed"}, + {ERR_REASON(JPAKE_R_VERIFY_X3_FAILED), "verify x3 failed"}, + {ERR_REASON(JPAKE_R_VERIFY_X4_FAILED), "verify x4 failed"}, + {ERR_REASON(JPAKE_R_ZKP_VERIFY_FAILED), "zkp verify failed"}, + {0, NULL} +}; #endif void ERR_load_JPAKE_strings(void) - { +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(JPAKE_str_functs[0].error) == NULL) - { - ERR_load_strings(0,JPAKE_str_functs); - ERR_load_strings(0,JPAKE_str_reasons); - } + if (ERR_func_error_string(JPAKE_str_functs[0].error) == NULL) { + ERR_load_strings(0, JPAKE_str_functs); + ERR_load_strings(0, JPAKE_str_reasons); + } #endif - } +} diff --git a/openssl/crypto/jpake/jpaketest.c b/openssl/crypto/jpake/jpaketest.c index eaba75ed8..ef9e54bdb 100644 --- a/openssl/crypto/jpake/jpaketest.c +++ b/openssl/crypto/jpake/jpaketest.c @@ -2,29 +2,29 @@ #ifdef OPENSSL_NO_JPAKE -#include <stdio.h> +# include <stdio.h> int main(int argc, char *argv[]) { printf("No J-PAKE support\n"); - return(0); + return (0); } #else -#include <openssl/jpake.h> -#include <openssl/err.h> +# include <openssl/jpake.h> +# include <openssl/err.h> static void showbn(const char *name, const BIGNUM *bn) - { +{ fputs(name, stdout); fputs(" = ", stdout); BN_print_fp(stdout, bn); putc('\n', stdout); - } +} static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) - { +{ JPAKE_STEP1 alice_s1; JPAKE_STEP1 bob_s1; JPAKE_STEP2 alice_s2; @@ -32,86 +32,80 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) JPAKE_STEP3A alice_s3a; JPAKE_STEP3B bob_s3b; - /* Alice -> Bob: step 1 */ + /* Alice -> Bob: step 1 */ puts("A->B s1"); JPAKE_STEP1_init(&alice_s1); JPAKE_STEP1_generate(&alice_s1, alice); - if(!JPAKE_STEP1_process(bob, &alice_s1)) - { - printf("Bob fails to process Alice's step 1\n"); - ERR_print_errors_fp(stdout); - return 1; - } + if (!JPAKE_STEP1_process(bob, &alice_s1)) { + printf("Bob fails to process Alice's step 1\n"); + ERR_print_errors_fp(stdout); + return 1; + } JPAKE_STEP1_release(&alice_s1); - /* Bob -> Alice: step 1 */ + /* Bob -> Alice: step 1 */ puts("B->A s1"); JPAKE_STEP1_init(&bob_s1); JPAKE_STEP1_generate(&bob_s1, bob); - if(!JPAKE_STEP1_process(alice, &bob_s1)) - { - printf("Alice fails to process Bob's step 1\n"); - ERR_print_errors_fp(stdout); - return 2; - } + if (!JPAKE_STEP1_process(alice, &bob_s1)) { + printf("Alice fails to process Bob's step 1\n"); + ERR_print_errors_fp(stdout); + return 2; + } JPAKE_STEP1_release(&bob_s1); - /* Alice -> Bob: step 2 */ + /* Alice -> Bob: step 2 */ puts("A->B s2"); JPAKE_STEP2_init(&alice_s2); JPAKE_STEP2_generate(&alice_s2, alice); - if(!JPAKE_STEP2_process(bob, &alice_s2)) - { - printf("Bob fails to process Alice's step 2\n"); - ERR_print_errors_fp(stdout); - return 3; - } + if (!JPAKE_STEP2_process(bob, &alice_s2)) { + printf("Bob fails to process Alice's step 2\n"); + ERR_print_errors_fp(stdout); + return 3; + } JPAKE_STEP2_release(&alice_s2); - /* Bob -> Alice: step 2 */ + /* Bob -> Alice: step 2 */ puts("B->A s2"); JPAKE_STEP2_init(&bob_s2); JPAKE_STEP2_generate(&bob_s2, bob); - if(!JPAKE_STEP2_process(alice, &bob_s2)) - { - printf("Alice fails to process Bob's step 2\n"); - ERR_print_errors_fp(stdout); - return 4; - } + if (!JPAKE_STEP2_process(alice, &bob_s2)) { + printf("Alice fails to process Bob's step 2\n"); + ERR_print_errors_fp(stdout); + return 4; + } JPAKE_STEP2_release(&bob_s2); showbn("Alice's key", JPAKE_get_shared_key(alice)); showbn("Bob's key ", JPAKE_get_shared_key(bob)); - /* Alice -> Bob: step 3a */ + /* Alice -> Bob: step 3a */ puts("A->B s3a"); JPAKE_STEP3A_init(&alice_s3a); JPAKE_STEP3A_generate(&alice_s3a, alice); - if(!JPAKE_STEP3A_process(bob, &alice_s3a)) - { - printf("Bob fails to process Alice's step 3a\n"); - ERR_print_errors_fp(stdout); - return 5; - } + if (!JPAKE_STEP3A_process(bob, &alice_s3a)) { + printf("Bob fails to process Alice's step 3a\n"); + ERR_print_errors_fp(stdout); + return 5; + } JPAKE_STEP3A_release(&alice_s3a); - - /* Bob -> Alice: step 3b */ + + /* Bob -> Alice: step 3b */ puts("B->A s3b"); JPAKE_STEP3B_init(&bob_s3b); JPAKE_STEP3B_generate(&bob_s3b, bob); - if(!JPAKE_STEP3B_process(alice, &bob_s3b)) - { - printf("Alice fails to process Bob's step 3b\n"); - ERR_print_errors_fp(stdout); - return 6; - } + if (!JPAKE_STEP3B_process(alice, &bob_s3b)) { + printf("Alice fails to process Bob's step 3b\n"); + ERR_print_errors_fp(stdout); + return 6; + } JPAKE_STEP3B_release(&bob_s3b); return 0; - } +} int main(int argc, char **argv) - { +{ JPAKE_CTX *alice; JPAKE_CTX *bob; BIGNUM *p = NULL; @@ -128,17 +122,18 @@ int main(int argc, char **argv) ERR_load_crypto_strings(); - /* + /*- BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7"); BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a"); BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5"); */ - /* + /*- p = BN_new(); BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL); */ - /* Use a safe prime for p (that we found earlier) */ - BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F"); + /* Use a safe prime for p (that we found earlier) */ + BN_hex2bn(&p, + "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F"); showbn("p", p); g = BN_new(); BN_set_word(g, 2); @@ -149,29 +144,27 @@ int main(int argc, char **argv) BN_rand(secret, 32, -1, 0); - /* A normal run, expect this to work... */ + /* A normal run, expect this to work... */ alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); - if(run_jpake(alice, bob) != 0) - { - fprintf(stderr, "Plain JPAKE run failed\n"); - return 1; - } + if (run_jpake(alice, bob) != 0) { + fprintf(stderr, "Plain JPAKE run failed\n"); + return 1; + } JPAKE_CTX_free(bob); JPAKE_CTX_free(alice); - /* Now give Alice and Bob different secrets */ + /* Now give Alice and Bob different secrets */ alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); BN_add_word(secret, 1); bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); - if(run_jpake(alice, bob) != 5) - { - fprintf(stderr, "Mismatched secret JPAKE run failed\n"); - return 1; - } + if (run_jpake(alice, bob) != 5) { + fprintf(stderr, "Mismatched secret JPAKE run failed\n"); + return 1; + } JPAKE_CTX_free(bob); JPAKE_CTX_free(alice); @@ -187,6 +180,6 @@ int main(int argc, char **argv) CRYPTO_mem_leaks(bio_err); return 0; - } +} #endif |