1 /* $OpenBSD: jpake.h,v 1.1 2008/11/04 08:22:13 djm Exp $ */
3 * Copyright (c) 2008 Damien Miller. All rights reserved.
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 #include <sys/types.h>
23 #include <openssl/bn.h>
25 /* Set JPAKE_DEBUG in CFLAGS for privacy-violating debugging */
27 # define JPAKE_DEBUG_BN(a)
28 # define JPAKE_DEBUG_BUF(a)
29 # define JPAKE_DEBUG_CTX(a)
31 # define JPAKE_DEBUG_BN(a) jpake_debug3_bn a
32 # define JPAKE_DEBUG_BUF(a) jpake_debug3_buf a
33 # define JPAKE_DEBUG_CTX(a) jpake_dump a
34 #endif /* SCHNORR_DEBUG */
40 #define KZP_ID_LEN 16 /* Length of client and server IDs */
44 struct jpake_group *grp;
46 /* Private values shared by client and server */
47 BIGNUM *s; /* Secret (salted, crypted password) */
48 BIGNUM *k; /* Derived key */
50 /* Client private values (NULL for server) */
51 BIGNUM *x1; /* random in Zq */
52 BIGNUM *x2; /* random in Z*q */
54 /* Server private values (NULL for server) */
55 BIGNUM *x3; /* random in Zq */
56 BIGNUM *x4; /* random in Z*q */
59 u_char *client_id; /* Anti-replay nonce */
61 BIGNUM *g_x1; /* g^x1 */
62 BIGNUM *g_x2; /* g^x2 */
65 u_char *server_id; /* Anti-replay nonce */
67 BIGNUM *g_x3; /* g^x3 */
68 BIGNUM *g_x4; /* g^x4 */
71 BIGNUM *a; /* g^((x1+x3+x4)*x2*s) */
74 BIGNUM *b; /* g^((x1+x2+x3)*x4*s) */
76 /* Confirmation: C->S */
77 u_char *h_k_cid_sessid; /* H(k || client_id || session_id) */
78 u_int h_k_cid_sessid_len;
80 /* Confirmation: S->C */
81 u_char *h_k_sid_sessid; /* H(k || server_id || session_id) */
82 u_int h_k_sid_sessid_len;
86 struct jpake_group *jpake_default_group(void);
87 BIGNUM *bn_rand_range_gt_one(const BIGNUM *high);
88 int hash_buffer(const u_char *, u_int, const EVP_MD *, u_char **, u_int *);
89 void jpake_debug3_bn(const BIGNUM *, const char *, ...)
90 __attribute__((__nonnull__ (2)))
91 __attribute__((format(printf, 2, 3)));
92 void jpake_debug3_buf(const u_char *, u_int, const char *, ...)
93 __attribute__((__nonnull__ (3)))
94 __attribute__((format(printf, 3, 4)));
95 void jpake_dump(struct jpake_ctx *, const char *, ...)
96 __attribute__((__nonnull__ (2)))
97 __attribute__((format(printf, 2, 3)));
98 struct jpake_ctx *jpake_new(void);
99 void jpake_free(struct jpake_ctx *);
101 void jpake_step1(struct jpake_group *, u_char **, u_int *,
102 BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **,
103 u_char **, u_int *, u_char **, u_int *);
105 void jpake_step2(struct jpake_group *, BIGNUM *,
106 BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
107 const u_char *, u_int, const u_char *, u_int,
108 const u_char *, u_int, const u_char *, u_int,
109 BIGNUM **, u_char **, u_int *);
111 void jpake_confirm_hash(const BIGNUM *,
112 const u_char *, u_int,
113 const u_char *, u_int,
116 void jpake_key_confirm(struct jpake_group *, BIGNUM *, BIGNUM *,
117 BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
118 const u_char *, u_int, const u_char *, u_int,
119 const u_char *, u_int, const u_char *, u_int,
120 BIGNUM **, u_char **, u_int *);
122 int jpake_check_confirm(const BIGNUM *, const u_char *, u_int,
123 const u_char *, u_int, const u_char *, u_int);
126 int schnorr_sign(const BIGNUM *, const BIGNUM *, const BIGNUM *,
127 const BIGNUM *, const BIGNUM *, const u_char *, u_int ,
129 int schnorr_verify(const BIGNUM *, const BIGNUM *, const BIGNUM *,
130 const BIGNUM *, const u_char *, u_int,
131 const u_char *, u_int);