summaryrefslogtreecommitdiffstats
path: root/crypto/jpake
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2008-10-27 13:02:52 +0100
committerDr. Stephen Henson <steve@openssl.org>2008-10-27 13:02:52 +0100
commite9eda23ae6eced7cb0d71440cee0431273ce8520 (patch)
treefb1080c66de37f16f345469ec0835de3dfe1f9c2 /crypto/jpake
parentAdd JPAKE. (diff)
downloadopenssl-e9eda23ae6eced7cb0d71440cee0431273ce8520.tar.xz
openssl-e9eda23ae6eced7cb0d71440cee0431273ce8520.zip
Fix warnings and various issues.
C++ style comments. Signed/unsigned warning in apps.c Missing targets in jpake/Makefile
Diffstat (limited to 'crypto/jpake')
-rw-r--r--crypto/jpake/Makefile7
-rw-r--r--crypto/jpake/jpake.c142
-rw-r--r--crypto/jpake/jpake.h42
-rw-r--r--crypto/jpake/jpaketest.c18
4 files changed, 119 insertions, 90 deletions
diff --git a/crypto/jpake/Makefile b/crypto/jpake/Makefile
index d508c977a9..ffc519895d 100644
--- a/crypto/jpake/Makefile
+++ b/crypto/jpake/Makefile
@@ -28,6 +28,13 @@ depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+
jpaketest: top jpaketest.c $(LIB)
$(CC) $(CFLAGS) -Wall -Werror -g -o jpaketest jpaketest.c $(LIB)
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c
index 3ed1d1b158..d3c17c1178 100644
--- a/crypto/jpake/jpake.c
+++ b/crypto/jpake/jpake.c
@@ -13,23 +13,23 @@
typedef struct
{
- char *name; // Must be unique
+ char *name; /* Must be unique */
char *peer_name;
BIGNUM *p;
BIGNUM *g;
BIGNUM *q;
- BIGNUM *gxc; // Alice's g^{x3} or Bob's g^{x1}
- BIGNUM *gxd; // Alice's g^{x4} or Bob's g^{x2}
+ BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */
+ BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */
} JPAKE_CTX_PUBLIC;
struct JPAKE_CTX
{
JPAKE_CTX_PUBLIC p;
- BIGNUM *secret; // The shared secret
+ BIGNUM *secret; /* The shared secret */
BN_CTX *ctx;
- BIGNUM *xa; // Alice's x1 or Bob's x3
- BIGNUM *xb; // Alice's x2 or Bob's x4
- BIGNUM *key; // The calculated (shared) key
+ BIGNUM *xa; /* Alice's x1 or Bob's x3 */
+ BIGNUM *xb; /* Alice's x2 or Bob's x4 */
+ BIGNUM *key; /* The calculated (shared) key */
};
static void JPAKE_ZKP_init(JPAKE_ZKP *zkp)
@@ -44,7 +44,7 @@ static void JPAKE_ZKP_release(JPAKE_ZKP *zkp)
BN_free(zkp->gr);
}
-// Two birds with one stone - make the global name as expected
+/* Two birds with one stone - make the global name as expected */
#define JPAKE_STEP_PART_init JPAKE_STEP2_init
#define JPAKE_STEP_PART_release JPAKE_STEP2_release
@@ -158,15 +158,17 @@ static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
SHA1_Update(sha, bin, l);
}
-// h=hash(g, g^r, g^x, name)
+/* h=hash(g, g^r, g^x, name) */
static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p,
const char *proof_name)
{
unsigned char md[SHA_DIGEST_LENGTH];
SHA_CTX sha;
- // XXX: hash should not allow moving of the boundaries - Java code
- // is flawed in this respect. Length encoding seems simplest.
+ /*
+ * XXX: hash should not allow moving of the boundaries - Java code
+ * is flawed in this respect. Length encoding seems simplest.
+ */
SHA1_Init(&sha);
hashbn(&sha, zkpg);
assert(!BN_is_zero(p->zkpx.gr));
@@ -177,8 +179,10 @@ static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p,
BN_bin2bn(md, SHA_DIGEST_LENGTH, h);
}
-// Prove knowledge of x
-// Note that p->gx has already been calculated
+/*
+ * Prove knowledge of x
+ * Note that p->gx has already been calculated
+ */
static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
const BIGNUM *zkpg, JPAKE_CTX *ctx)
{
@@ -186,20 +190,22 @@ static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
BIGNUM *h = BN_new();
BIGNUM *t = BN_new();
- // r in [0,q)
- // XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
+ /*
+ * r in [0,q)
+ * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
+ */
BN_rand_range(r, ctx->p.q);
- // g^r
+ /* g^r */
BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx);
- // h=hash...
+ /* h=hash... */
zkp_hash(h, zkpg, p, ctx->p.name);
- // b = r - x*h
+ /* b = r - x*h */
BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx);
BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx);
- // cleanup
+ /* cleanup */
BN_free(t);
BN_free(h);
BN_free(r);
@@ -216,20 +222,20 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg,
zkp_hash(h, zkpg, p, ctx->p.peer_name);
- // t1 = g^b
+ /* t1 = g^b */
BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx);
- // t2 = (g^x)^h = g^{hx}
+ /* t2 = (g^x)^h = g^{hx} */
BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx);
- // t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly)
+ /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */
BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx);
- // verify t3 == g^r
+ /* verify t3 == g^r */
if(BN_cmp(t3, p->zkpx.gr) == 0)
ret = 1;
else
JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED);
- // cleanup
+ /* cleanup */
BN_free(t3);
BN_free(t2);
BN_free(t1);
@@ -245,25 +251,25 @@ static void generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x,
generate_zkp(p, x, g, ctx);
}
-// Generate each party's random numbers. xa is in [0, q), xb is in [1, q).
+/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */
static void genrand(JPAKE_CTX *ctx)
{
BIGNUM *qm1;
- // xa in [0, q)
+ /* xa in [0, q) */
BN_rand_range(ctx->xa, ctx->p.q);
- // q-1
+ /* q-1 */
qm1 = BN_new();
BN_copy(qm1, ctx->p.q);
BN_sub_word(qm1, 1);
- // ... and xb in [0, q-1)
+ /* ... and xb in [0, q-1) */
BN_rand_range(ctx->xb, qm1);
- // [1, q)
+ /* [1, q) */
BN_add_word(ctx->xb, 1);
- // cleanup
+ /* cleanup */
BN_free(qm1);
}
@@ -278,28 +284,28 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
{
- // verify their ZKP(xc)
+ /* verify their ZKP(xc) */
if(!verify_zkp(&received->p1, ctx->p.g, ctx))
{
JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED);
return 0;
}
- // verify their ZKP(xd)
+ /* verify their ZKP(xd) */
if(!verify_zkp(&received->p2, ctx->p.g, ctx))
{
JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED);
return 0;
}
- // g^xd != 1
+ /* g^xd != 1 */
if(BN_is_one(received->p2.gx))
{
JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE);
return 0;
}
- // Save the bits we need for later
+ /* Save the bits we need for later */
BN_copy(ctx->p.gxc, received->p1.gx);
BN_copy(ctx->p.gxd, received->p2.gx);
@@ -312,57 +318,63 @@ int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx)
BIGNUM *t1 = BN_new();
BIGNUM *t2 = BN_new();
- // X = g^{(xa + xc + xd) * xb * s}
- // t1 = g^xa
+ /*
+ * X = g^{(xa + xc + xd) * xb * s}
+ * t1 = g^xa
+ */
BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx);
- // t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc}
+ /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */
BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx);
- // t1 = t2 * g^{xd} = g^{xa + xc + xd}
+ /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */
BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx);
- // t2 = xb * s
+ /* t2 = xb * s */
BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx);
- // ZKP(xb * s)
- // XXX: this is kinda funky, because we're using
- //
- // g' = g^{xa + xc + xd}
- //
- // as the generator, which means X is g'^{xb * s}
- // X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
+ /*
+ * ZKP(xb * s)
+ * XXX: this is kinda funky, because we're using
+ *
+ * g' = g^{xa + xc + xd}
+ *
+ * as the generator, which means X is g'^{xb * s}
+ * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
+ */
generate_step_part(send, t2, t1, ctx);
- // cleanup
+ /* cleanup */
BN_free(t1);
BN_free(t2);
return 1;
}
-// gx = g^{xc + xa + xb} * xd * s
+/* gx = g^{xc + xa + xb} * xd * s */
static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx)
{
BIGNUM *t1 = BN_new();
BIGNUM *t2 = BN_new();
BIGNUM *t3 = BN_new();
- // K = (gx/g^{xb * xd * s})^{xb}
- // = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
- // = (g^{(xa + xc) * xd * s})^{xb}
- // = g^{(xa + xc) * xb * xd * s}
- // [which is the same regardless of who calculates it]
+ /*
+ * K = (gx/g^{xb * xd * s})^{xb}
+ * = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
+ * = (g^{(xa + xc) * xd * s})^{xb}
+ * = g^{(xa + xc) * xb * xd * s}
+ * [which is the same regardless of who calculates it]
+ */
- // t1 = (g^{xd})^{xb} = g^{xb * xd}
+ /* t1 = (g^{xd})^{xb} = g^{xb * xd} */
BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx);
- // t2 = -s = q-s
+ /* t2 = -s = q-s */
BN_sub(t2, ctx->p.q, ctx->secret);
- // t3 = t1^t2 = g^{-xb * xd * s}
+ /* t3 = t1^t2 = g^{-xb * xd * s} */
BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx);
- // t1 = gx * t3 = X/g^{xb * xd * s}
+ /* t1 = gx * t3 = X/g^{xb * xd * s} */
BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx);
- // K = t1^{xb}
+ /* K = t1^{xb} */
BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx);
- // cleanup
+ /* cleanup */
BN_free(t3);
BN_free(t2);
BN_free(t1);
@@ -376,12 +388,14 @@ int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received)
BIGNUM *t2 = BN_new();
int ret = 0;
- // g' = g^{xc + xa + xb} [from our POV]
- // t1 = xa + xb
+ /*
+ * g' = g^{xc + xa + xb} [from our POV]
+ * t1 = xa + xb
+ */
BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx);
- // t2 = g^{t1} = g^{xa+xb}
+ /* t2 = g^{t1} = g^{xa+xb} */
BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx);
- // t1 = g^{xc} * t2 = g^{xc + xa + xb}
+ /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */
BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx);
if(verify_zkp(received, t1, ctx))
@@ -391,7 +405,7 @@ int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received)
compute_key(ctx, received->gx);
- // cleanup
+ /* cleanup */
BN_free(t2);
BN_free(t1);
diff --git a/crypto/jpake/jpake.h b/crypto/jpake/jpake.h
index 4c67a24378..becc66c334 100644
--- a/crypto/jpake/jpake.h
+++ b/crypto/jpake/jpake.h
@@ -17,23 +17,23 @@ extern "C" {
typedef struct JPAKE_CTX JPAKE_CTX;
-// Note that "g" in the ZKPs is not necessarily the J-PAKE g.
+/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */
typedef struct
{
- BIGNUM *gr; // g^r (r random)
- BIGNUM *b; // b = r - x*h, h=hash(g, g^r, g^x, name)
+ BIGNUM *gr; /* g^r (r random) */
+ BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */
} JPAKE_ZKP;
typedef struct
{
- BIGNUM *gx; // g^x in step 1, g^(xa + xc + xd) * xb * s in step 2
- JPAKE_ZKP zkpx; // ZKP(x) or ZKP(xb * s)
+ BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */
+ JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */
} JPAKE_STEP_PART;
typedef struct
{
- JPAKE_STEP_PART p1; // g^x3, ZKP(x3) or g^x1, ZKP(x1)
- JPAKE_STEP_PART p2; // g^x4, ZKP(x4) or g^x2, ZKP(x2)
+ JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */
+ JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */
} JPAKE_STEP1;
typedef JPAKE_STEP_PART JPAKE_STEP2;
@@ -48,29 +48,35 @@ typedef struct
unsigned char hk[SHA_DIGEST_LENGTH];
} JPAKE_STEP3B;
-// Parameters are copied
+/* Parameters are copied */
JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
const BIGNUM *secret);
void JPAKE_CTX_free(JPAKE_CTX *ctx);
-// Note that JPAKE_STEP1 can be used multiple times before release
-// without another init.
+/*
+ * Note that JPAKE_STEP1 can be used multiple times before release
+ * without another init.
+ */
void JPAKE_STEP1_init(JPAKE_STEP1 *s1);
int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx);
int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received);
void JPAKE_STEP1_release(JPAKE_STEP1 *s1);
-// Note that JPAKE_STEP2 can be used multiple times before release
-// without another init.
+/*
+ * Note that JPAKE_STEP2 can be used multiple times before release
+ * without another init.
+ */
void JPAKE_STEP2_init(JPAKE_STEP2 *s2);
int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx);
int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received);
void JPAKE_STEP2_release(JPAKE_STEP2 *s2);
-// Optionally verify the shared key. If the shared secrets do not
-// match, the two ends will disagree about the shared key, but
-// otherwise the protocol will succeed.
+/*
+ * Optionally verify the shared key. If the shared secrets do not
+ * match, the two ends will disagree about the shared key, but
+ * otherwise the protocol will succeed.
+ */
void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a);
int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx);
int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received);
@@ -81,8 +87,10 @@ int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx);
int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received);
void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b);
-// the return value belongs to the library and will be released when
-// ctx is released, and will change when a new handshake is performed.
+/*
+ * the return value belongs to the library and will be released when
+ * ctx is released, and will change when a new handshake is performed.
+ */
const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx);
/* BEGIN ERROR CODES */
diff --git a/crypto/jpake/jpaketest.c b/crypto/jpake/jpaketest.c
index 13b2e1f119..c3a83ba3d6 100644
--- a/crypto/jpake/jpaketest.c
+++ b/crypto/jpake/jpaketest.c
@@ -18,7 +18,7 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
JPAKE_STEP3A alice_s3a;
JPAKE_STEP3B bob_s3b;
- // Alice -> Bob: step 1
+ /* Alice -> Bob: step 1 */
puts("A->B s1");
JPAKE_STEP1_init(&alice_s1);
JPAKE_STEP1_generate(&alice_s1, alice);
@@ -30,7 +30,7 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
}
JPAKE_STEP1_release(&alice_s1);
- // Bob -> Alice: step 1
+ /* Bob -> Alice: step 1 */
puts("B->A s1");
JPAKE_STEP1_init(&bob_s1);
JPAKE_STEP1_generate(&bob_s1, bob);
@@ -42,7 +42,7 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
}
JPAKE_STEP1_release(&bob_s1);
- // Alice -> Bob: step 2
+ /* Alice -> Bob: step 2 */
puts("A->B s2");
JPAKE_STEP2_init(&alice_s2);
JPAKE_STEP2_generate(&alice_s2, alice);
@@ -54,7 +54,7 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
}
JPAKE_STEP2_release(&alice_s2);
- // Bob -> Alice: step 2
+ /* Bob -> Alice: step 2 */
puts("B->A s2");
JPAKE_STEP2_init(&bob_s2);
JPAKE_STEP2_generate(&bob_s2, bob);
@@ -69,7 +69,7 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
showbn("Alice's key", JPAKE_get_shared_key(alice));
showbn("Bob's key ", JPAKE_get_shared_key(bob));
- // Alice -> Bob: step 3a
+ /* Alice -> Bob: step 3a */
puts("A->B s3a");
JPAKE_STEP3A_init(&alice_s3a);
JPAKE_STEP3A_generate(&alice_s3a, alice);
@@ -81,7 +81,7 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
}
JPAKE_STEP3A_release(&alice_s3a);
- // Bob -> Alice: step 3b
+ /* Bob -> Alice: step 3b */
puts("B->A s3b");
JPAKE_STEP3B_init(&bob_s3b);
JPAKE_STEP3B_generate(&bob_s3b, bob);
@@ -123,7 +123,7 @@ int main(int argc, char **argv)
p = BN_new();
BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL);
*/
- // Use a safe prime for p (that we found earlier)
+ /* Use a safe prime for p (that we found earlier) */
BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
showbn("p", p);
g = BN_new();
@@ -135,7 +135,7 @@ int main(int argc, char **argv)
BN_rand(secret, 32, -1, 0);
- // A normal run, expect this to work...
+ /* A normal run, expect this to work... */
alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
@@ -148,7 +148,7 @@ int main(int argc, char **argv)
JPAKE_CTX_free(bob);
JPAKE_CTX_free(alice);
- // Now give Alice and Bob different secrets
+ /* Now give Alice and Bob different secrets */
alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
BN_add_word(secret, 1);
bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);