1/* $OpenBSD: jpake.h,v 1.2 2009/03/05 07:18:19 djm Exp $ */ 2/* 3 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18#ifndef JPAKE_H 19#define JPAKE_H 20 21#include <sys/types.h> 22 23#ifdef __APPLE_CRYPTO__ 24#include "ossl-bn.h" 25#else 26#include <openssl/bn.h> 27#endif 28 29/* Set JPAKE_DEBUG in CFLAGS for privacy-violating debugging */ 30#ifndef JPAKE_DEBUG 31# define JPAKE_DEBUG_BN(a) 32# define JPAKE_DEBUG_BUF(a) 33# define JPAKE_DEBUG_CTX(a) 34#else 35# define JPAKE_DEBUG_BN(a) debug3_bn a 36# define JPAKE_DEBUG_BUF(a) debug3_buf a 37# define JPAKE_DEBUG_CTX(a) jpake_dump a 38#endif /* JPAKE_DEBUG */ 39 40#define KZP_ID_LEN 16 /* Length of client and server IDs */ 41 42struct jpake_ctx { 43 /* Parameters */ 44 struct modp_group *grp; 45 46 /* Private values shared by client and server */ 47 BIGNUM *s; /* Secret (salted, crypted password) */ 48 BIGNUM *k; /* Derived key */ 49 50 /* Client private values (NULL for server) */ 51 BIGNUM *x1; /* random in Zq */ 52 BIGNUM *x2; /* random in Z*q */ 53 54 /* Server private values (NULL for server) */ 55 BIGNUM *x3; /* random in Zq */ 56 BIGNUM *x4; /* random in Z*q */ 57 58 /* Step 1: C->S */ 59 u_char *client_id; /* Anti-replay nonce */ 60 u_int client_id_len; 61 BIGNUM *g_x1; /* g^x1 */ 62 BIGNUM *g_x2; /* g^x2 */ 63 64 /* Step 1: S->C */ 65 u_char *server_id; /* Anti-replay nonce */ 66 u_int server_id_len; 67 BIGNUM *g_x3; /* g^x3 */ 68 BIGNUM *g_x4; /* g^x4 */ 69 70 /* Step 2: C->S */ 71 BIGNUM *a; /* g^((x1+x3+x4)*x2*s) */ 72 73 /* Step 2: S->C */ 74 BIGNUM *b; /* g^((x1+x2+x3)*x4*s) */ 75 76 /* Confirmation: C->S */ 77 u_char *h_k_cid_sessid; /* H(k || client_id || session_id) */ 78 u_int h_k_cid_sessid_len; 79 80 /* Confirmation: S->C */ 81 u_char *h_k_sid_sessid; /* H(k || server_id || session_id) */ 82 u_int h_k_sid_sessid_len; 83}; 84 85/* jpake.c */ 86struct modp_group *jpake_default_group(void); 87void jpake_dump(struct jpake_ctx *, const char *, ...) 88 __attribute__((__nonnull__ (2))) 89 __attribute__((format(printf, 2, 3))); 90struct jpake_ctx *jpake_new(void); 91void jpake_free(struct jpake_ctx *); 92 93void jpake_step1(struct modp_group *, u_char **, u_int *, 94 BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **, 95 u_char **, u_int *, u_char **, u_int *); 96 97void jpake_step2(struct modp_group *, BIGNUM *, 98 BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, 99 const u_char *, u_int, const u_char *, u_int, 100 const u_char *, u_int, const u_char *, u_int, 101 BIGNUM **, u_char **, u_int *); 102 103void jpake_confirm_hash(const BIGNUM *, 104 const u_char *, u_int, 105 const u_char *, u_int, 106 u_char **, u_int *); 107 108void jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *, 109 BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, 110 const u_char *, u_int, const u_char *, u_int, 111 const u_char *, u_int, const u_char *, u_int, 112 BIGNUM **, u_char **, u_int *); 113 114int jpake_check_confirm(const BIGNUM *, const u_char *, u_int, 115 const u_char *, u_int, const u_char *, u_int); 116 117#endif /* JPAKE_H */ 118 119