OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This code implements SPAKE2, a variant of EKE: | 5 // This code implements SPAKE2, a variant of EKE: |
6 // http://www.di.ens.fr/~pointche/pub.php?reference=AbPo04 | 6 // http://www.di.ens.fr/~pointche/pub.php?reference=AbPo04 |
7 | 7 |
8 #include <crypto/p224_spake.h> | 8 #include "crypto/p224_spake.h" |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
11 | 11 |
12 #include <base/logging.h> | 12 #include "base/logging.h" |
13 #include <crypto/p224.h> | 13 #include "crypto/p224.h" |
14 #include <crypto/random.h> | 14 #include "crypto/random.h" |
15 #include <crypto/secure_util.h> | 15 #include "crypto/secure_util.h" |
16 | 16 |
17 namespace { | 17 namespace { |
18 | 18 |
19 // The following two points (M and N in the protocol) are verifiable random | 19 // The following two points (M and N in the protocol) are verifiable random |
20 // points on the curve and can be generated with the following code: | 20 // points on the curve and can be generated with the following code: |
21 | 21 |
22 // #include <stdint.h> | 22 // #include <stdint.h> |
23 // #include <stdio.h> | 23 // #include <stdio.h> |
24 // #include <string.h> | 24 // #include <string.h> |
25 // | 25 // |
26 // #include <openssl/ec.h> | 26 // #include <openssl/ec.h> |
27 // #include <openssl/obj_mac.h> | 27 // #include <openssl/obj_mac.h> |
28 // #include <openssl/sha.h> | 28 // #include <openssl/sha.h> |
29 // | 29 // |
| 30 // // Silence a presubmit. |
| 31 // #define PRINTF printf |
| 32 // |
30 // static const char kSeed1[] = "P224 point generation seed (M)"; | 33 // static const char kSeed1[] = "P224 point generation seed (M)"; |
31 // static const char kSeed2[] = "P224 point generation seed (N)"; | 34 // static const char kSeed2[] = "P224 point generation seed (N)"; |
32 // | 35 // |
33 // void find_seed(const char* seed) { | 36 // void find_seed(const char* seed) { |
34 // SHA256_CTX sha256; | 37 // SHA256_CTX sha256; |
35 // uint8_t digest[SHA256_DIGEST_LENGTH]; | 38 // uint8_t digest[SHA256_DIGEST_LENGTH]; |
36 // | 39 // |
37 // SHA256_Init(&sha256); | 40 // SHA256_Init(&sha256); |
38 // SHA256_Update(&sha256, seed, strlen(seed)); | 41 // SHA256_Update(&sha256, seed, strlen(seed)); |
39 // SHA256_Final(digest, &sha256); | 42 // SHA256_Final(digest, &sha256); |
40 // | 43 // |
41 // BIGNUM x, y; | 44 // BIGNUM x, y; |
42 // EC_GROUP* p224 = EC_GROUP_new_by_curve_name(NID_secp224r1); | 45 // EC_GROUP* p224 = EC_GROUP_new_by_curve_name(NID_secp224r1); |
43 // EC_POINT* p = EC_POINT_new(p224); | 46 // EC_POINT* p = EC_POINT_new(p224); |
44 // | 47 // |
45 // for (unsigned i = 0;; i++) { | 48 // for (unsigned i = 0;; i++) { |
46 // BN_init(&x); | 49 // BN_init(&x); |
47 // BN_bin2bn(digest, 28, &x); | 50 // BN_bin2bn(digest, 28, &x); |
48 // | 51 // |
49 // if (EC_POINT_set_compressed_coordinates_GFp( | 52 // if (EC_POINT_set_compressed_coordinates_GFp( |
50 // p224, p, &x, digest[28] & 1, NULL)) { | 53 // p224, p, &x, digest[28] & 1, NULL)) { |
51 // BN_init(&y); | 54 // BN_init(&y); |
52 // EC_POINT_get_affine_coordinates_GFp(p224, p, &x, &y, NULL); | 55 // EC_POINT_get_affine_coordinates_GFp(p224, p, &x, &y, NULL); |
53 // char* x_str = BN_bn2hex(&x); | 56 // char* x_str = BN_bn2hex(&x); |
54 // char* y_str = BN_bn2hex(&y); | 57 // char* y_str = BN_bn2hex(&y); |
55 // printf("Found after %u iterations:\n%s\n%s\n", i, x_str, y_str); | 58 // PRINTF("Found after %u iterations:\n%s\n%s\n", i, x_str, y_str); |
56 // OPENSSL_free(x_str); | 59 // OPENSSL_free(x_str); |
57 // OPENSSL_free(y_str); | 60 // OPENSSL_free(y_str); |
58 // BN_free(&x); | 61 // BN_free(&x); |
59 // BN_free(&y); | 62 // BN_free(&y); |
60 // break; | 63 // break; |
61 // } | 64 // } |
62 // | 65 // |
63 // SHA256_Init(&sha256); | 66 // SHA256_Init(&sha256); |
64 // SHA256_Update(&sha256, digest, sizeof(digest)); | 67 // SHA256_Update(&sha256, digest, sizeof(digest)); |
65 // SHA256_Final(digest, &sha256); | 68 // SHA256_Final(digest, &sha256); |
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
259 return key_; | 262 return key_; |
260 } | 263 } |
261 | 264 |
262 void P224EncryptedKeyExchange::SetXForTesting(const std::string& x) { | 265 void P224EncryptedKeyExchange::SetXForTesting(const std::string& x) { |
263 memset(&x_, 0, sizeof(x_)); | 266 memset(&x_, 0, sizeof(x_)); |
264 memcpy(&x_, x.data(), std::min(x.size(), sizeof(x_))); | 267 memcpy(&x_, x.data(), std::min(x.size(), sizeof(x_))); |
265 Init(); | 268 Init(); |
266 } | 269 } |
267 | 270 |
268 } // namespace crypto | 271 } // namespace crypto |
OLD | NEW |