/* $OpenBSD: jpake.h,v 1.2 2009/03/05 07:18:19 djm Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef JPAKE_H #define JPAKE_H #include <sys/types.h> #include <openssl/bn.h> /* Set JPAKE_DEBUG in CFLAGS for privacy-violating debugging */ #ifndef JPAKE_DEBUG # define JPAKE_DEBUG_BN(a) # define JPAKE_DEBUG_BUF(a) # define JPAKE_DEBUG_CTX(a) #else # define JPAKE_DEBUG_BN(a) debug3_bn a # define JPAKE_DEBUG_BUF(a) debug3_buf a # define JPAKE_DEBUG_CTX(a) jpake_dump a #endif /* JPAKE_DEBUG */ #define KZP_ID_LEN 16 /* Length of client and server IDs */ struct jpake_ctx { /* Parameters */ struct modp_group *grp; /* Private values shared by client and server */ BIGNUM *s; /* Secret (salted, crypted password) */ BIGNUM *k; /* Derived key */ /* Client private values (NULL for server) */ BIGNUM *x1; /* random in Zq */ BIGNUM *x2; /* random in Z*q */ /* Server private values (NULL for server) */ BIGNUM *x3; /* random in Zq */ BIGNUM *x4; /* random in Z*q */ /* Step 1: C->S */ u_char *client_id; /* Anti-replay nonce */ u_int client_id_len; BIGNUM *g_x1; /* g^x1 */ BIGNUM *g_x2; /* g^x2 */ /* Step 1: S->C */ u_char *server_id; /* Anti-replay nonce */ u_int server_id_len; BIGNUM *g_x3; /* g^x3 */ BIGNUM *g_x4; /* g^x4 */ /* Step 2: C->S */ BIGNUM *a; /* g^((x1+x3+x4)*x2*s) */ /* Step 2: S->C */ BIGNUM *b; /* g^((x1+x2+x3)*x4*s) */ /* Confirmation: C->S */ u_char *h_k_cid_sessid; /* H(k || client_id || session_id) */ u_int h_k_cid_sessid_len; /* Confirmation: S->C */ u_char *h_k_sid_sessid; /* H(k || server_id || session_id) */ u_int h_k_sid_sessid_len; }; /* jpake.c */ struct modp_group *jpake_default_group(void); void jpake_dump(struct jpake_ctx *, const char *, ...) __attribute__((__nonnull__ (2))) __attribute__((format(printf, 2, 3))); struct jpake_ctx *jpake_new(void); void jpake_free(struct jpake_ctx *); void jpake_step1(struct modp_group *, u_char **, u_int *, BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **, u_char **, u_int *, u_char **, u_int *); void jpake_step2(struct modp_group *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, const u_char *, u_int, const u_char *, u_int, const u_char *, u_int, const u_char *, u_int, BIGNUM **, u_char **, u_int *); void jpake_confirm_hash(const BIGNUM *, const u_char *, u_int, const u_char *, u_int, u_char **, u_int *); void jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, const u_char *, u_int, const u_char *, u_int, const u_char *, u_int, const u_char *, u_int, BIGNUM **, u_char **, u_int *); int jpake_check_confirm(const BIGNUM *, const u_char *, u_int, const u_char *, u_int, const u_char *, u_int); #endif /* JPAKE_H */