1/* $OpenBSD: jpake.h,v 1.2 2009/03/05 07:18:19 djm Exp $ */ 2/* 3 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18#ifndef JPAKE_H 19#define JPAKE_H 20 21#include <sys/types.h> 22 23#include <openssl/bn.h> 24 25/* Set JPAKE_DEBUG in CFLAGS for privacy-violating debugging */ 26#ifndef JPAKE_DEBUG 27# define JPAKE_DEBUG_BN(a) 28# define JPAKE_DEBUG_BUF(a) 29# define JPAKE_DEBUG_CTX(a) 30#else 31# define JPAKE_DEBUG_BN(a) debug3_bn a 32# define JPAKE_DEBUG_BUF(a) debug3_buf a 33# define JPAKE_DEBUG_CTX(a) jpake_dump a 34#endif /* JPAKE_DEBUG */ 35 36#define KZP_ID_LEN 16 /* Length of client and server IDs */ 37 38struct jpake_ctx { 39 /* Parameters */ 40 struct modp_group *grp; 41 42 /* Private values shared by client and server */ 43 BIGNUM *s; /* Secret (salted, crypted password) */ 44 BIGNUM *k; /* Derived key */ 45 46 /* Client private values (NULL for server) */ 47 BIGNUM *x1; /* random in Zq */ 48 BIGNUM *x2; /* random in Z*q */ 49 50 /* Server private values (NULL for server) */ 51 BIGNUM *x3; /* random in Zq */ 52 BIGNUM *x4; /* random in Z*q */ 53 54 /* Step 1: C->S */ 55 u_char *client_id; /* Anti-replay nonce */ 56 u_int client_id_len; 57 BIGNUM *g_x1; /* g^x1 */ 58 BIGNUM *g_x2; /* g^x2 */ 59 60 /* Step 1: S->C */ 61 u_char *server_id; /* Anti-replay nonce */ 62 u_int server_id_len; 63 BIGNUM *g_x3; /* g^x3 */ 64 BIGNUM *g_x4; /* g^x4 */ 65 66 /* Step 2: C->S */ 67 BIGNUM *a; /* g^((x1+x3+x4)*x2*s) */ 68 69 /* Step 2: S->C */ 70 BIGNUM *b; /* g^((x1+x2+x3)*x4*s) */ 71 72 /* Confirmation: C->S */ 73 u_char *h_k_cid_sessid; /* H(k || client_id || session_id) */ 74 u_int h_k_cid_sessid_len; 75 76 /* Confirmation: S->C */ 77 u_char *h_k_sid_sessid; /* H(k || server_id || session_id) */ 78 u_int h_k_sid_sessid_len; 79}; 80 81/* jpake.c */ 82struct modp_group *jpake_default_group(void); 83void jpake_dump(struct jpake_ctx *, const char *, ...) 84 __attribute__((__nonnull__ (2))) 85 __attribute__((format(printf, 2, 3))); 86struct jpake_ctx *jpake_new(void); 87void jpake_free(struct jpake_ctx *); 88 89void jpake_step1(struct modp_group *, u_char **, u_int *, 90 BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **, 91 u_char **, u_int *, u_char **, u_int *); 92 93void jpake_step2(struct modp_group *, BIGNUM *, 94 BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, 95 const u_char *, u_int, const u_char *, u_int, 96 const u_char *, u_int, const u_char *, u_int, 97 BIGNUM **, u_char **, u_int *); 98 99void jpake_confirm_hash(const BIGNUM *, 100 const u_char *, u_int, 101 const u_char *, u_int, 102 u_char **, u_int *); 103 104void jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *, 105 BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, 106 const u_char *, u_int, const u_char *, u_int, 107 const u_char *, u_int, const u_char *, u_int, 108 BIGNUM **, u_char **, u_int *); 109 110int jpake_check_confirm(const BIGNUM *, const u_char *, u_int, 111 const u_char *, u_int, const u_char *, u_int); 112 113#endif /* JPAKE_H */ 114 115