| OLD | NEW |
|---|
| 1 #include "jpake.h" | 1 #include "jpake.h" |
| 2 | 2 |
| 3 #include <openssl/crypto.h> | 3 #include <openssl/crypto.h> |
| 4 #include <openssl/sha.h> | 4 #include <openssl/sha.h> |
| 5 #include <openssl/err.h> | 5 #include <openssl/err.h> |
| 6 #include <memory.h> | 6 #include <memory.h> |
| 7 #include <assert.h> | |
| 8 | 7 |
| 9 /* | 8 /* |
| 10 * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or | 9 * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or |
| 11 * Bob's (x3, x4, x1, x2). If you see what I mean. | 10 * Bob's (x3, x4, x1, x2). If you see what I mean. |
| 12 */ | 11 */ |
| 13 | 12 |
| 14 typedef struct | 13 typedef struct |
| 15 { | 14 { |
| 16 char *name; /* Must be unique */ | 15 char *name; /* Must be unique */ |
| 17 char *peer_name; | 16 char *peer_name; |
| (...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 127 void JPAKE_CTX_free(JPAKE_CTX *ctx) | 126 void JPAKE_CTX_free(JPAKE_CTX *ctx) |
| 128 { | 127 { |
| 129 JPAKE_CTX_release(ctx); | 128 JPAKE_CTX_release(ctx); |
| 130 OPENSSL_free(ctx); | 129 OPENSSL_free(ctx); |
| 131 } | 130 } |
| 132 | 131 |
| 133 static void hashlength(SHA_CTX *sha, size_t l) | 132 static void hashlength(SHA_CTX *sha, size_t l) |
| 134 { | 133 { |
| 135 unsigned char b[2]; | 134 unsigned char b[2]; |
| 136 | 135 |
| 137 assert(l <= 0xffff); | 136 OPENSSL_assert(l <= 0xffff); |
| 138 b[0] = l >> 8; | 137 b[0] = l >> 8; |
| 139 b[1] = l&0xff; | 138 b[1] = l&0xff; |
| 140 SHA1_Update(sha, b, 2); | 139 SHA1_Update(sha, b, 2); |
| 141 } | 140 } |
| 142 | 141 |
| 143 static void hashstring(SHA_CTX *sha, const char *string) | 142 static void hashstring(SHA_CTX *sha, const char *string) |
| 144 { | 143 { |
| 145 size_t l = strlen(string); | 144 size_t l = strlen(string); |
| 146 | 145 |
| 147 hashlength(sha, l); | 146 hashlength(sha, l); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 165 { | 164 { |
| 166 unsigned char md[SHA_DIGEST_LENGTH]; | 165 unsigned char md[SHA_DIGEST_LENGTH]; |
| 167 SHA_CTX sha; | 166 SHA_CTX sha; |
| 168 | 167 |
| 169 /* | 168 /* |
| 170 * XXX: hash should not allow moving of the boundaries - Java code | 169 * XXX: hash should not allow moving of the boundaries - Java code |
| 171 * is flawed in this respect. Length encoding seems simplest. | 170 * is flawed in this respect. Length encoding seems simplest. |
| 172 */ | 171 */ |
| 173 SHA1_Init(&sha); | 172 SHA1_Init(&sha); |
| 174 hashbn(&sha, zkpg); | 173 hashbn(&sha, zkpg); |
| 175 assert(!BN_is_zero(p->zkpx.gr)); | 174 OPENSSL_assert(!BN_is_zero(p->zkpx.gr)); |
| 176 hashbn(&sha, p->zkpx.gr); | 175 hashbn(&sha, p->zkpx.gr); |
| 177 hashbn(&sha, p->gx); | 176 hashbn(&sha, p->gx); |
| 178 hashstring(&sha, proof_name); | 177 hashstring(&sha, proof_name); |
| 179 SHA1_Final(md, &sha); | 178 SHA1_Final(md, &sha); |
| 180 BN_bin2bn(md, SHA_DIGEST_LENGTH, h); | 179 BN_bin2bn(md, SHA_DIGEST_LENGTH, h); |
| 181 } | 180 } |
| 182 | 181 |
| 183 /* | 182 /* |
| 184 * Prove knowledge of x | 183 * Prove knowledge of x |
| 185 * Note that p->gx has already been calculated | 184 * Note that p->gx has already been calculated |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 276 | 275 |
| 277 int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) | 276 int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) |
| 278 { | 277 { |
| 279 genrand(ctx); | 278 genrand(ctx); |
| 280 generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx); | 279 generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx); |
| 281 generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx); | 280 generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx); |
| 282 | 281 |
| 283 return 1; | 282 return 1; |
| 284 } | 283 } |
| 285 | 284 |
| 285 /* g^x is a legal value */ |
| 286 static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx) |
| 287 { |
| 288 BIGNUM *t; |
| 289 int res; |
| 290 |
| 291 if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0) |
| 292 return 0; |
| 293 |
| 294 t = BN_new(); |
| 295 BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx); |
| 296 res = BN_is_one(t); |
| 297 BN_free(t); |
| 298 |
| 299 return res; |
| 300 } |
| 301 |
| 286 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) | 302 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) |
| 287 { | 303 { |
| 304 if(!is_legal(received->p1.gx, ctx)) |
| 305 { |
| 306 JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL); |
| 307 return 0; |
| 308 } |
| 309 |
| 310 if(!is_legal(received->p2.gx, ctx)) |
| 311 { |
| 312 JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL); |
| 313 return 0; |
| 314 } |
| 315 |
| 288 /* verify their ZKP(xc) */ | 316 /* verify their ZKP(xc) */ |
| 289 if(!verify_zkp(&received->p1, ctx->p.g, ctx)) | 317 if(!verify_zkp(&received->p1, ctx->p.g, ctx)) |
| 290 { | 318 { |
| 291 JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED); | 319 JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED); |
| 292 return 0; | 320 return 0; |
| 293 } | 321 } |
| 294 | 322 |
| 295 /* verify their ZKP(xd) */ | 323 /* verify their ZKP(xd) */ |
| 296 if(!verify_zkp(&received->p2, ctx->p.g, ctx)) | 324 if(!verify_zkp(&received->p2, ctx->p.g, ctx)) |
| 297 { | 325 { |
| (...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 474 } | 502 } |
| 475 | 503 |
| 476 void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b) | 504 void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b) |
| 477 {} | 505 {} |
| 478 | 506 |
| 479 const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx) | 507 const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx) |
| 480 { | 508 { |
| 481 return ctx->key; | 509 return ctx->key; |
| 482 } | 510 } |
| 483 | 511 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/