crypto/p224_spake.h - Issue 8903001: Simplify SPAKE2 implementation.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: crypto/p224_spake.h

Issue 8903001: Simplify SPAKE2 implementation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: - Created 9 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: crypto/p224_spake.h

diff --git a/crypto/p224_spake.h b/crypto/p224_spake.h

index 0441efb84d8582be6b0072b1d00cd6916bd877aa..01507c9d6928df8fddf38f9a0c6ce80f9348e402 100644

--- a/crypto/p224_spake.h

+++ b/crypto/p224_spake.h

@@ -12,12 +12,10 @@

namespace crypto {

-// P224EncryptedKeyExchange provides a means to authenticate an

-// encrypted transport using a low-entropy, shared secret.

-//

-// You need a value derived from the master secret of the connection in order

-// to bind the authentication to the encrypted channel. It's the |session|

-// argument to the constructor and can be of any length.

+// P224EncryptedKeyExchange implements SPAKE2, a variant of Encrypted

+// Key Exchange. It allows two parties that have a secret common

+// password to establish a common secure key by exchanging messages

+// over unsecure channel without disclosing the password.

// The password can be low entropy as authenticating with an attacker only

// gives the attacker a one-shot password oracle. No other information about

@@ -51,13 +49,11 @@ class CRYPTO_EXPORT P224EncryptedKeyExchange {

};

// peer_type: the type of the local authentication party.

- // password: a, possibly low-entropy, mutually known password.

- // session: a value securely derived from the connection's master secret.

- // Both parties to the authentication must pass the same value. For the

- // case of a TLS connection, see RFC 5705.

+ // password: secret session password. Both parties to the

+ // authentication must pass the same value. For the case of a

+ // TLS connection, see RFC 5705.

P224EncryptedKeyExchange(PeerType peer_type,

- const base::StringPiece& password,

- const base::StringPiece& session);

+ const base::StringPiece& password);

// GetMessage returns a byte string which must be passed to the other party

// in the authentication.

@@ -71,6 +67,10 @@ class CRYPTO_EXPORT P224EncryptedKeyExchange {

// return a human readable error message.

const std::string& error() const;

+ // The key established as result of the key exchange. Must be called

+ // at then end after ProcessMessage() returns kResultSuccess.

+ const std::string& GetKey();

private:

// The authentication state machine is very simple and each party proceeds

// through each of these states, in order.

@@ -106,6 +106,8 @@ class CRYPTO_EXPORT P224EncryptedKeyExchange {

// expected_authenticator_ is used to store the hash value expected from the

// other party.

uint8 expected_authenticator_[kSHA256Length];

+ std::string key_;

};

} // namespace crypto

« no previous file with comments | « no previous file | crypto/p224_spake.cc » ('j') | no next file with comments »