1 /* $OpenBSD: jpake.h,v 1.1 2008/11/04 08:22:13 djm Exp $ */
3 * Copyright (c) 2008 Damien Miller. All rights reserved.
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 #include <sys/types.h>
23 #include <openssl/bn.h>
25 /* Set JPAKE_DEBUG in CFLAGS for privacy-violating debugging */
27 # define JPAKE_DEBUG_BN(a)
28 # define JPAKE_DEBUG_BUF(a)
29 # define JPAKE_DEBUG_CTX(a)
31 # define JPAKE_DEBUG_BN(a) jpake_debug3_bn a
32 # define JPAKE_DEBUG_BUF(a) jpake_debug3_buf a
33 # define JPAKE_DEBUG_CTX(a) jpake_dump a
34 #endif /* SCHNORR_DEBUG */
40 #define KZP_ID_LEN 16 /* Length of client and server IDs */
44 struct jpake_group
*grp
;
46 /* Private values shared by client and server */
47 BIGNUM
*s
; /* Secret (salted, crypted password) */
48 BIGNUM
*k
; /* Derived key */
50 /* Client private values (NULL for server) */
51 BIGNUM
*x1
; /* random in Zq */
52 BIGNUM
*x2
; /* random in Z*q */
54 /* Server private values (NULL for server) */
55 BIGNUM
*x3
; /* random in Zq */
56 BIGNUM
*x4
; /* random in Z*q */
59 u_char
*client_id
; /* Anti-replay nonce */
61 BIGNUM
*g_x1
; /* g^x1 */
62 BIGNUM
*g_x2
; /* g^x2 */
65 u_char
*server_id
; /* Anti-replay nonce */
67 BIGNUM
*g_x3
; /* g^x3 */
68 BIGNUM
*g_x4
; /* g^x4 */
71 BIGNUM
*a
; /* g^((x1+x3+x4)*x2*s) */
74 BIGNUM
*b
; /* g^((x1+x2+x3)*x4*s) */
76 /* Confirmation: C->S */
77 u_char
*h_k_cid_sessid
; /* H(k || client_id || session_id) */
78 u_int h_k_cid_sessid_len
;
80 /* Confirmation: S->C */
81 u_char
*h_k_sid_sessid
; /* H(k || server_id || session_id) */
82 u_int h_k_sid_sessid_len
;
86 struct jpake_group
*jpake_default_group(void);
87 BIGNUM
*bn_rand_range_gt_one(const BIGNUM
*high
);
88 int hash_buffer(const u_char
*, u_int
, const EVP_MD
*, u_char
**, u_int
*);
89 void jpake_debug3_bn(const BIGNUM
*, const char *, ...)
90 __attribute__((__nonnull__ (2)))
91 __attribute__((format(printf
, 2, 3)));
92 void jpake_debug3_buf(const u_char
*, u_int
, const char *, ...)
93 __attribute__((__nonnull__ (3)))
94 __attribute__((format(printf
, 3, 4)));
95 void jpake_dump(struct jpake_ctx
*, const char *, ...)
96 __attribute__((__nonnull__ (2)))
97 __attribute__((format(printf
, 2, 3)));
98 struct jpake_ctx
*jpake_new(void);
99 void jpake_free(struct jpake_ctx
*);
101 void jpake_step1(struct jpake_group
*, u_char
**, u_int
*,
102 BIGNUM
**, BIGNUM
**, BIGNUM
**, BIGNUM
**,
103 u_char
**, u_int
*, u_char
**, u_int
*);
105 void jpake_step2(struct jpake_group
*, BIGNUM
*,
106 BIGNUM
*, BIGNUM
*, BIGNUM
*, BIGNUM
*,
107 const u_char
*, u_int
, const u_char
*, u_int
,
108 const u_char
*, u_int
, const u_char
*, u_int
,
109 BIGNUM
**, u_char
**, u_int
*);
111 void jpake_confirm_hash(const BIGNUM
*,
112 const u_char
*, u_int
,
113 const u_char
*, u_int
,
116 void jpake_key_confirm(struct jpake_group
*, BIGNUM
*, BIGNUM
*,
117 BIGNUM
*, BIGNUM
*, BIGNUM
*, BIGNUM
*, BIGNUM
*,
118 const u_char
*, u_int
, const u_char
*, u_int
,
119 const u_char
*, u_int
, const u_char
*, u_int
,
120 BIGNUM
**, u_char
**, u_int
*);
122 int jpake_check_confirm(const BIGNUM
*, const u_char
*, u_int
,
123 const u_char
*, u_int
, const u_char
*, u_int
);
126 int schnorr_sign(const BIGNUM
*, const BIGNUM
*, const BIGNUM
*,
127 const BIGNUM
*, const BIGNUM
*, const u_char
*, u_int
,
129 int schnorr_verify(const BIGNUM
*, const BIGNUM
*, const BIGNUM
*,
130 const BIGNUM
*, const u_char
*, u_int
,
131 const u_char
*, u_int
);