OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CRYPTO_P224_SPAKE_H_ | 5 #ifndef CRYPTO_P224_SPAKE_H_ |
6 #define CRYPTO_P224_SPAKE_H_ | 6 #define CRYPTO_P224_SPAKE_H_ |
7 | 7 |
8 #include <base/gtest_prod_util.h> | |
9 #include <base/strings/string_piece.h> | |
10 #include <crypto/p224.h> | 8 #include <crypto/p224.h> |
11 #include <crypto/sha2.h> | 9 #include <crypto/sha2.h> |
| 10 #include <stdint.h> |
| 11 |
| 12 #include "base/gtest_prod_util.h" |
| 13 #include "base/strings/string_piece.h" |
12 | 14 |
13 namespace crypto { | 15 namespace crypto { |
14 | 16 |
15 // P224EncryptedKeyExchange implements SPAKE2, a variant of Encrypted | 17 // P224EncryptedKeyExchange implements SPAKE2, a variant of Encrypted |
16 // Key Exchange. It allows two parties that have a secret common | 18 // Key Exchange. It allows two parties that have a secret common |
17 // password to establish a common secure key by exchanging messages | 19 // password to establish a common secure key by exchanging messages |
18 // over an insecure channel without disclosing the password. | 20 // over an insecure channel without disclosing the password. |
19 // | 21 // |
20 // The password can be low entropy as authenticating with an attacker only | 22 // The password can be low entropy as authenticating with an attacker only |
21 // gives the attacker a one-shot password oracle. No other information about | 23 // gives the attacker a one-shot password oracle. No other information about |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
94 void SetXForTesting(const std::string& x); | 96 void SetXForTesting(const std::string& x); |
95 | 97 |
96 State state_; | 98 State state_; |
97 const bool is_server_; | 99 const bool is_server_; |
98 // next_message_ contains a value for GetNextMessage() to return. | 100 // next_message_ contains a value for GetNextMessage() to return. |
99 std::string next_message_; | 101 std::string next_message_; |
100 std::string error_; | 102 std::string error_; |
101 | 103 |
102 // CalculateHash computes the verification hash for the given peer and writes | 104 // CalculateHash computes the verification hash for the given peer and writes |
103 // |kSHA256Length| bytes at |out_digest|. | 105 // |kSHA256Length| bytes at |out_digest|. |
104 void CalculateHash( | 106 void CalculateHash(PeerType peer_type, |
105 PeerType peer_type, | 107 const std::string& client_masked_dh, |
106 const std::string& client_masked_dh, | 108 const std::string& server_masked_dh, |
107 const std::string& server_masked_dh, | 109 const std::string& k, |
108 const std::string& k, | 110 uint8_t* out_digest); |
109 uint8* out_digest); | |
110 | 111 |
111 // x_ is the secret Diffie-Hellman exponent (see paper referenced in .cc | 112 // x_ is the secret Diffie-Hellman exponent (see paper referenced in .cc |
112 // file). | 113 // file). |
113 uint8 x_[p224::kScalarBytes]; | 114 uint8_t x_[p224::kScalarBytes]; |
114 // pw_ is SHA256(P(password), P(session))[:28] where P() prepends a uint32, | 115 // pw_ is SHA256(P(password), P(session))[:28] where P() prepends a uint32_t, |
115 // big-endian length prefix (see paper referenced in .cc file). | 116 // big-endian length prefix (see paper referenced in .cc file). |
116 uint8 pw_[p224::kScalarBytes]; | 117 uint8_t pw_[p224::kScalarBytes]; |
117 // expected_authenticator_ is used to store the hash value expected from the | 118 // expected_authenticator_ is used to store the hash value expected from the |
118 // other party. | 119 // other party. |
119 uint8 expected_authenticator_[kSHA256Length]; | 120 uint8_t expected_authenticator_[kSHA256Length]; |
120 | 121 |
121 std::string key_; | 122 std::string key_; |
122 }; | 123 }; |
123 | 124 |
124 } // namespace crypto | 125 } // namespace crypto |
125 | 126 |
126 #endif // CRYPTO_P224_SPAKE_H_ | 127 #endif // CRYPTO_P224_SPAKE_H_ |
OLD | NEW |