diff options
author | Richard Levitte <levitte@openssl.org> | 2015-03-26 21:33:18 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2015-03-31 20:16:01 +0200 |
commit | dee502be89e78e2979e3bd1d7724cf79daa6ef61 (patch) | |
tree | 53e97582c488f1a484bd42e570de6a99768fd1df /crypto/jpake | |
parent | 30cd4ff294252c4b6a4b69cbef6a5b4117705d22 (diff) | |
download | openssl-dee502be89e78e2979e3bd1d7724cf79daa6ef61.tar.gz |
Stop symlinking, move files to intended directory
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.
Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.
Originally-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/jpake')
-rw-r--r-- | crypto/jpake/jpake.h | 128 | ||||
-rw-r--r-- | crypto/jpake/jpaketest.c | 185 |
2 files changed, 0 insertions, 313 deletions
diff --git a/crypto/jpake/jpake.h b/crypto/jpake/jpake.h deleted file mode 100644 index 371eed679c..0000000000 --- a/crypto/jpake/jpake.h +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Implement J-PAKE, as described in - * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf - * - * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java. - */ - -#ifndef HEADER_JPAKE_H -# define HEADER_JPAKE_H - -# include <openssl/opensslconf.h> - -# ifdef OPENSSL_NO_JPAKE -# error JPAKE is disabled. -# endif - -#ifdef __cplusplus -extern "C" { -#endif - -# include <openssl/bn.h> -# include <openssl/sha.h> - -typedef struct JPAKE_CTX JPAKE_CTX; - -/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */ -typedef struct { - BIGNUM *gr; /* g^r (r random) */ - BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */ -} JPAKE_ZKP; - -typedef struct { - BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s - * in step 2 */ - JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */ -} JPAKE_STEP_PART; - -typedef struct { - JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */ - JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */ -} JPAKE_STEP1; - -typedef JPAKE_STEP_PART JPAKE_STEP2; - -typedef struct { - unsigned char hhk[SHA_DIGEST_LENGTH]; -} JPAKE_STEP3A; - -typedef struct { - unsigned char hk[SHA_DIGEST_LENGTH]; -} JPAKE_STEP3B; - -/* Parameters are copied */ -JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, - const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, - const BIGNUM *secret); -void JPAKE_CTX_free(JPAKE_CTX *ctx); - -/* - * Note that JPAKE_STEP1 can be used multiple times before release - * without another init. - */ -void JPAKE_STEP1_init(JPAKE_STEP1 *s1); -int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx); -int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received); -void JPAKE_STEP1_release(JPAKE_STEP1 *s1); - -/* - * Note that JPAKE_STEP2 can be used multiple times before release - * without another init. - */ -void JPAKE_STEP2_init(JPAKE_STEP2 *s2); -int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx); -int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received); -void JPAKE_STEP2_release(JPAKE_STEP2 *s2); - -/* - * Optionally verify the shared key. If the shared secrets do not - * match, the two ends will disagree about the shared key, but - * otherwise the protocol will succeed. - */ -void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a); -int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx); -int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received); -void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a); - -void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b); -int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx); -int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received); -void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b); - -/* - * the return value belongs to the library and will be released when - * ctx is released, and will change when a new handshake is performed. - */ -const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx); - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_JPAKE_strings(void); - -/* Error codes for the JPAKE functions. */ - -/* Function codes. */ -# define JPAKE_F_JPAKE_STEP1_PROCESS 101 -# define JPAKE_F_JPAKE_STEP2_PROCESS 102 -# define JPAKE_F_JPAKE_STEP3A_PROCESS 103 -# define JPAKE_F_JPAKE_STEP3B_PROCESS 104 -# define JPAKE_F_VERIFY_ZKP 100 - -/* Reason codes. */ -# define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108 -# define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109 -# define JPAKE_R_G_TO_THE_X4_IS_ONE 105 -# define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 -# define JPAKE_R_HASH_OF_KEY_MISMATCH 107 -# define JPAKE_R_VERIFY_B_FAILED 102 -# define JPAKE_R_VERIFY_X3_FAILED 103 -# define JPAKE_R_VERIFY_X4_FAILED 104 -# define JPAKE_R_ZKP_VERIFY_FAILED 100 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/crypto/jpake/jpaketest.c b/crypto/jpake/jpaketest.c deleted file mode 100644 index ef9e54bdb3..0000000000 --- a/crypto/jpake/jpaketest.c +++ /dev/null @@ -1,185 +0,0 @@ -#include <openssl/opensslconf.h> - -#ifdef OPENSSL_NO_JPAKE - -# include <stdio.h> - -int main(int argc, char *argv[]) -{ - printf("No J-PAKE support\n"); - return (0); -} - -#else - -# include <openssl/jpake.h> -# include <openssl/err.h> - -static void showbn(const char *name, const BIGNUM *bn) -{ - fputs(name, stdout); - fputs(" = ", stdout); - BN_print_fp(stdout, bn); - putc('\n', stdout); -} - -static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) -{ - JPAKE_STEP1 alice_s1; - JPAKE_STEP1 bob_s1; - JPAKE_STEP2 alice_s2; - JPAKE_STEP2 bob_s2; - JPAKE_STEP3A alice_s3a; - JPAKE_STEP3B bob_s3b; - - /* Alice -> Bob: step 1 */ - puts("A->B s1"); - JPAKE_STEP1_init(&alice_s1); - JPAKE_STEP1_generate(&alice_s1, alice); - if (!JPAKE_STEP1_process(bob, &alice_s1)) { - printf("Bob fails to process Alice's step 1\n"); - ERR_print_errors_fp(stdout); - return 1; - } - JPAKE_STEP1_release(&alice_s1); - - /* Bob -> Alice: step 1 */ - puts("B->A s1"); - JPAKE_STEP1_init(&bob_s1); - JPAKE_STEP1_generate(&bob_s1, bob); - if (!JPAKE_STEP1_process(alice, &bob_s1)) { - printf("Alice fails to process Bob's step 1\n"); - ERR_print_errors_fp(stdout); - return 2; - } - JPAKE_STEP1_release(&bob_s1); - - /* Alice -> Bob: step 2 */ - puts("A->B s2"); - JPAKE_STEP2_init(&alice_s2); - JPAKE_STEP2_generate(&alice_s2, alice); - if (!JPAKE_STEP2_process(bob, &alice_s2)) { - printf("Bob fails to process Alice's step 2\n"); - ERR_print_errors_fp(stdout); - return 3; - } - JPAKE_STEP2_release(&alice_s2); - - /* Bob -> Alice: step 2 */ - puts("B->A s2"); - JPAKE_STEP2_init(&bob_s2); - JPAKE_STEP2_generate(&bob_s2, bob); - if (!JPAKE_STEP2_process(alice, &bob_s2)) { - printf("Alice fails to process Bob's step 2\n"); - ERR_print_errors_fp(stdout); - return 4; - } - JPAKE_STEP2_release(&bob_s2); - - showbn("Alice's key", JPAKE_get_shared_key(alice)); - showbn("Bob's key ", JPAKE_get_shared_key(bob)); - - /* Alice -> Bob: step 3a */ - puts("A->B s3a"); - JPAKE_STEP3A_init(&alice_s3a); - JPAKE_STEP3A_generate(&alice_s3a, alice); - if (!JPAKE_STEP3A_process(bob, &alice_s3a)) { - printf("Bob fails to process Alice's step 3a\n"); - ERR_print_errors_fp(stdout); - return 5; - } - JPAKE_STEP3A_release(&alice_s3a); - - /* Bob -> Alice: step 3b */ - puts("B->A s3b"); - JPAKE_STEP3B_init(&bob_s3b); - JPAKE_STEP3B_generate(&bob_s3b, bob); - if (!JPAKE_STEP3B_process(alice, &bob_s3b)) { - printf("Alice fails to process Bob's step 3b\n"); - ERR_print_errors_fp(stdout); - return 6; - } - JPAKE_STEP3B_release(&bob_s3b); - - return 0; -} - -int main(int argc, char **argv) -{ - JPAKE_CTX *alice; - JPAKE_CTX *bob; - BIGNUM *p = NULL; - BIGNUM *g = NULL; - BIGNUM *q = NULL; - BIGNUM *secret = BN_new(); - BIO *bio_err; - - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); - - CRYPTO_malloc_debug_init(); - CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - ERR_load_crypto_strings(); - - /*- - BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7"); - BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a"); - BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5"); - */ - /*- - p = BN_new(); - BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL); - */ - /* Use a safe prime for p (that we found earlier) */ - BN_hex2bn(&p, - "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F"); - showbn("p", p); - g = BN_new(); - BN_set_word(g, 2); - showbn("g", g); - q = BN_new(); - BN_rshift1(q, p); - showbn("q", q); - - BN_rand(secret, 32, -1, 0); - - /* A normal run, expect this to work... */ - alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); - bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); - - if (run_jpake(alice, bob) != 0) { - fprintf(stderr, "Plain JPAKE run failed\n"); - return 1; - } - - JPAKE_CTX_free(bob); - JPAKE_CTX_free(alice); - - /* Now give Alice and Bob different secrets */ - alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); - BN_add_word(secret, 1); - bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); - - if (run_jpake(alice, bob) != 5) { - fprintf(stderr, "Mismatched secret JPAKE run failed\n"); - return 1; - } - - JPAKE_CTX_free(bob); - JPAKE_CTX_free(alice); - - BN_free(secret); - BN_free(q); - BN_free(g); - BN_free(p); - - CRYPTO_cleanup_all_ex_data(); - ERR_remove_thread_state(NULL); - ERR_free_strings(); - CRYPTO_mem_leaks(bio_err); - - return 0; -} - -#endif |