OLD | NEW |
1 #include "jpake.h" | 1 #include "jpake.h" |
2 | 2 |
3 #include <openssl/crypto.h> | 3 #include <openssl/crypto.h> |
4 #include <openssl/sha.h> | 4 #include <openssl/sha.h> |
5 #include <openssl/err.h> | 5 #include <openssl/err.h> |
6 #include <memory.h> | 6 #include <memory.h> |
7 #include <assert.h> | |
8 | 7 |
9 /* | 8 /* |
10 * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or | 9 * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or |
11 * Bob's (x3, x4, x1, x2). If you see what I mean. | 10 * Bob's (x3, x4, x1, x2). If you see what I mean. |
12 */ | 11 */ |
13 | 12 |
14 typedef struct | 13 typedef struct |
15 { | 14 { |
16 char *name; /* Must be unique */ | 15 char *name; /* Must be unique */ |
17 char *peer_name; | 16 char *peer_name; |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
127 void JPAKE_CTX_free(JPAKE_CTX *ctx) | 126 void JPAKE_CTX_free(JPAKE_CTX *ctx) |
128 { | 127 { |
129 JPAKE_CTX_release(ctx); | 128 JPAKE_CTX_release(ctx); |
130 OPENSSL_free(ctx); | 129 OPENSSL_free(ctx); |
131 } | 130 } |
132 | 131 |
133 static void hashlength(SHA_CTX *sha, size_t l) | 132 static void hashlength(SHA_CTX *sha, size_t l) |
134 { | 133 { |
135 unsigned char b[2]; | 134 unsigned char b[2]; |
136 | 135 |
137 assert(l <= 0xffff); | 136 OPENSSL_assert(l <= 0xffff); |
138 b[0] = l >> 8; | 137 b[0] = l >> 8; |
139 b[1] = l&0xff; | 138 b[1] = l&0xff; |
140 SHA1_Update(sha, b, 2); | 139 SHA1_Update(sha, b, 2); |
141 } | 140 } |
142 | 141 |
143 static void hashstring(SHA_CTX *sha, const char *string) | 142 static void hashstring(SHA_CTX *sha, const char *string) |
144 { | 143 { |
145 size_t l = strlen(string); | 144 size_t l = strlen(string); |
146 | 145 |
147 hashlength(sha, l); | 146 hashlength(sha, l); |
(...skipping 17 matching lines...) Expand all Loading... |
165 { | 164 { |
166 unsigned char md[SHA_DIGEST_LENGTH]; | 165 unsigned char md[SHA_DIGEST_LENGTH]; |
167 SHA_CTX sha; | 166 SHA_CTX sha; |
168 | 167 |
169 /* | 168 /* |
170 * XXX: hash should not allow moving of the boundaries - Java code | 169 * XXX: hash should not allow moving of the boundaries - Java code |
171 * is flawed in this respect. Length encoding seems simplest. | 170 * is flawed in this respect. Length encoding seems simplest. |
172 */ | 171 */ |
173 SHA1_Init(&sha); | 172 SHA1_Init(&sha); |
174 hashbn(&sha, zkpg); | 173 hashbn(&sha, zkpg); |
175 assert(!BN_is_zero(p->zkpx.gr)); | 174 OPENSSL_assert(!BN_is_zero(p->zkpx.gr)); |
176 hashbn(&sha, p->zkpx.gr); | 175 hashbn(&sha, p->zkpx.gr); |
177 hashbn(&sha, p->gx); | 176 hashbn(&sha, p->gx); |
178 hashstring(&sha, proof_name); | 177 hashstring(&sha, proof_name); |
179 SHA1_Final(md, &sha); | 178 SHA1_Final(md, &sha); |
180 BN_bin2bn(md, SHA_DIGEST_LENGTH, h); | 179 BN_bin2bn(md, SHA_DIGEST_LENGTH, h); |
181 } | 180 } |
182 | 181 |
183 /* | 182 /* |
184 * Prove knowledge of x | 183 * Prove knowledge of x |
185 * Note that p->gx has already been calculated | 184 * Note that p->gx has already been calculated |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
276 | 275 |
277 int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) | 276 int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) |
278 { | 277 { |
279 genrand(ctx); | 278 genrand(ctx); |
280 generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx); | 279 generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx); |
281 generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx); | 280 generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx); |
282 | 281 |
283 return 1; | 282 return 1; |
284 } | 283 } |
285 | 284 |
| 285 /* g^x is a legal value */ |
| 286 static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx) |
| 287 { |
| 288 BIGNUM *t; |
| 289 int res; |
| 290 |
| 291 if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0) |
| 292 return 0; |
| 293 |
| 294 t = BN_new(); |
| 295 BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx); |
| 296 res = BN_is_one(t); |
| 297 BN_free(t); |
| 298 |
| 299 return res; |
| 300 } |
| 301 |
286 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) | 302 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) |
287 { | 303 { |
| 304 if(!is_legal(received->p1.gx, ctx)) |
| 305 { |
| 306 JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL); |
| 307 return 0; |
| 308 } |
| 309 |
| 310 if(!is_legal(received->p2.gx, ctx)) |
| 311 { |
| 312 JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL); |
| 313 return 0; |
| 314 } |
| 315 |
288 /* verify their ZKP(xc) */ | 316 /* verify their ZKP(xc) */ |
289 if(!verify_zkp(&received->p1, ctx->p.g, ctx)) | 317 if(!verify_zkp(&received->p1, ctx->p.g, ctx)) |
290 { | 318 { |
291 JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED); | 319 JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED); |
292 return 0; | 320 return 0; |
293 } | 321 } |
294 | 322 |
295 /* verify their ZKP(xd) */ | 323 /* verify their ZKP(xd) */ |
296 if(!verify_zkp(&received->p2, ctx->p.g, ctx)) | 324 if(!verify_zkp(&received->p2, ctx->p.g, ctx)) |
297 { | 325 { |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
474 } | 502 } |
475 | 503 |
476 void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b) | 504 void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b) |
477 {} | 505 {} |
478 | 506 |
479 const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx) | 507 const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx) |
480 { | 508 { |
481 return ctx->key; | 509 return ctx->key; |
482 } | 510 } |
483 | 511 |
OLD | NEW |