diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2008-10-27 13:02:52 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2008-10-27 13:02:52 +0100 |
commit | e9eda23ae6eced7cb0d71440cee0431273ce8520 (patch) | |
tree | fb1080c66de37f16f345469ec0835de3dfe1f9c2 /crypto/jpake | |
parent | Add JPAKE. (diff) | |
download | openssl-e9eda23ae6eced7cb0d71440cee0431273ce8520.tar.xz openssl-e9eda23ae6eced7cb0d71440cee0431273ce8520.zip |
Fix warnings and various issues.
C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile
Diffstat (limited to 'crypto/jpake')
-rw-r--r-- | crypto/jpake/Makefile | 7 | ||||
-rw-r--r-- | crypto/jpake/jpake.c | 142 | ||||
-rw-r--r-- | crypto/jpake/jpake.h | 42 | ||||
-rw-r--r-- | crypto/jpake/jpaketest.c | 18 |
4 files changed, 119 insertions, 90 deletions
diff --git a/crypto/jpake/Makefile b/crypto/jpake/Makefile index d508c977a9..ffc519895d 100644 --- a/crypto/jpake/Makefile +++ b/crypto/jpake/Makefile @@ -28,6 +28,13 @@ depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff + jpaketest: top jpaketest.c $(LIB) $(CC) $(CFLAGS) -Wall -Werror -g -o jpaketest jpaketest.c $(LIB) # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index 3ed1d1b158..d3c17c1178 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -13,23 +13,23 @@ typedef struct { - char *name; // Must be unique + char *name; /* Must be unique */ char *peer_name; BIGNUM *p; BIGNUM *g; BIGNUM *q; - BIGNUM *gxc; // Alice's g^{x3} or Bob's g^{x1} - BIGNUM *gxd; // Alice's g^{x4} or Bob's g^{x2} + BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */ + BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */ } JPAKE_CTX_PUBLIC; struct JPAKE_CTX { JPAKE_CTX_PUBLIC p; - BIGNUM *secret; // The shared secret + BIGNUM *secret; /* The shared secret */ BN_CTX *ctx; - BIGNUM *xa; // Alice's x1 or Bob's x3 - BIGNUM *xb; // Alice's x2 or Bob's x4 - BIGNUM *key; // The calculated (shared) key + BIGNUM *xa; /* Alice's x1 or Bob's x3 */ + BIGNUM *xb; /* Alice's x2 or Bob's x4 */ + BIGNUM *key; /* The calculated (shared) key */ }; static void JPAKE_ZKP_init(JPAKE_ZKP *zkp) @@ -44,7 +44,7 @@ static void JPAKE_ZKP_release(JPAKE_ZKP *zkp) BN_free(zkp->gr); } -// Two birds with one stone - make the global name as expected +/* Two birds with one stone - make the global name as expected */ #define JPAKE_STEP_PART_init JPAKE_STEP2_init #define JPAKE_STEP_PART_release JPAKE_STEP2_release @@ -158,15 +158,17 @@ static void hashbn(SHA_CTX *sha, const BIGNUM *bn) SHA1_Update(sha, bin, l); } -// h=hash(g, g^r, g^x, name) +/* h=hash(g, g^r, g^x, name) */ static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p, const char *proof_name) { unsigned char md[SHA_DIGEST_LENGTH]; SHA_CTX sha; - // XXX: hash should not allow moving of the boundaries - Java code - // is flawed in this respect. Length encoding seems simplest. + /* + * XXX: hash should not allow moving of the boundaries - Java code + * is flawed in this respect. Length encoding seems simplest. + */ SHA1_Init(&sha); hashbn(&sha, zkpg); assert(!BN_is_zero(p->zkpx.gr)); @@ -177,8 +179,10 @@ static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p, BN_bin2bn(md, SHA_DIGEST_LENGTH, h); } -// Prove knowledge of x -// Note that p->gx has already been calculated +/* + * Prove knowledge of x + * Note that p->gx has already been calculated + */ static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x, const BIGNUM *zkpg, JPAKE_CTX *ctx) { @@ -186,20 +190,22 @@ static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x, BIGNUM *h = BN_new(); BIGNUM *t = BN_new(); - // r in [0,q) - // XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform + /* + * r in [0,q) + * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform + */ BN_rand_range(r, ctx->p.q); - // g^r + /* g^r */ BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx); - // h=hash... + /* h=hash... */ zkp_hash(h, zkpg, p, ctx->p.name); - // b = r - x*h + /* b = r - x*h */ BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx); BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx); - // cleanup + /* cleanup */ BN_free(t); BN_free(h); BN_free(r); @@ -216,20 +222,20 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, zkp_hash(h, zkpg, p, ctx->p.peer_name); - // t1 = g^b + /* t1 = g^b */ BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx); - // t2 = (g^x)^h = g^{hx} + /* t2 = (g^x)^h = g^{hx} */ BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx); - // t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) + /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */ BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx); - // verify t3 == g^r + /* verify t3 == g^r */ if(BN_cmp(t3, p->zkpx.gr) == 0) ret = 1; else JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED); - // cleanup + /* cleanup */ BN_free(t3); BN_free(t2); BN_free(t1); @@ -245,25 +251,25 @@ static void generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x, generate_zkp(p, x, g, ctx); } -// Generate each party's random numbers. xa is in [0, q), xb is in [1, q). +/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */ static void genrand(JPAKE_CTX *ctx) { BIGNUM *qm1; - // xa in [0, q) + /* xa in [0, q) */ BN_rand_range(ctx->xa, ctx->p.q); - // q-1 + /* q-1 */ qm1 = BN_new(); BN_copy(qm1, ctx->p.q); BN_sub_word(qm1, 1); - // ... and xb in [0, q-1) + /* ... and xb in [0, q-1) */ BN_rand_range(ctx->xb, qm1); - // [1, q) + /* [1, q) */ BN_add_word(ctx->xb, 1); - // cleanup + /* cleanup */ BN_free(qm1); } @@ -278,28 +284,28 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) { - // verify their ZKP(xc) + /* verify their ZKP(xc) */ if(!verify_zkp(&received->p1, ctx->p.g, ctx)) { JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED); return 0; } - // verify their ZKP(xd) + /* verify their ZKP(xd) */ if(!verify_zkp(&received->p2, ctx->p.g, ctx)) { JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED); return 0; } - // g^xd != 1 + /* g^xd != 1 */ if(BN_is_one(received->p2.gx)) { JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE); return 0; } - // Save the bits we need for later + /* Save the bits we need for later */ BN_copy(ctx->p.gxc, received->p1.gx); BN_copy(ctx->p.gxd, received->p2.gx); @@ -312,57 +318,63 @@ int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx) BIGNUM *t1 = BN_new(); BIGNUM *t2 = BN_new(); - // X = g^{(xa + xc + xd) * xb * s} - // t1 = g^xa + /* + * X = g^{(xa + xc + xd) * xb * s} + * t1 = g^xa + */ BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx); - // t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} + /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */ BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx); - // t1 = t2 * g^{xd} = g^{xa + xc + xd} + /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */ BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx); - // t2 = xb * s + /* t2 = xb * s */ BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx); - // ZKP(xb * s) - // XXX: this is kinda funky, because we're using - // - // g' = g^{xa + xc + xd} - // - // as the generator, which means X is g'^{xb * s} - // X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s} + /* + * ZKP(xb * s) + * XXX: this is kinda funky, because we're using + * + * g' = g^{xa + xc + xd} + * + * as the generator, which means X is g'^{xb * s} + * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s} + */ generate_step_part(send, t2, t1, ctx); - // cleanup + /* cleanup */ BN_free(t1); BN_free(t2); return 1; } -// gx = g^{xc + xa + xb} * xd * s +/* gx = g^{xc + xa + xb} * xd * s */ static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx) { BIGNUM *t1 = BN_new(); BIGNUM *t2 = BN_new(); BIGNUM *t3 = BN_new(); - // K = (gx/g^{xb * xd * s})^{xb} - // = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb} - // = (g^{(xa + xc) * xd * s})^{xb} - // = g^{(xa + xc) * xb * xd * s} - // [which is the same regardless of who calculates it] + /* + * K = (gx/g^{xb * xd * s})^{xb} + * = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb} + * = (g^{(xa + xc) * xd * s})^{xb} + * = g^{(xa + xc) * xb * xd * s} + * [which is the same regardless of who calculates it] + */ - // t1 = (g^{xd})^{xb} = g^{xb * xd} + /* t1 = (g^{xd})^{xb} = g^{xb * xd} */ BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx); - // t2 = -s = q-s + /* t2 = -s = q-s */ BN_sub(t2, ctx->p.q, ctx->secret); - // t3 = t1^t2 = g^{-xb * xd * s} + /* t3 = t1^t2 = g^{-xb * xd * s} */ BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx); - // t1 = gx * t3 = X/g^{xb * xd * s} + /* t1 = gx * t3 = X/g^{xb * xd * s} */ BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx); - // K = t1^{xb} + /* K = t1^{xb} */ BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx); - // cleanup + /* cleanup */ BN_free(t3); BN_free(t2); BN_free(t1); @@ -376,12 +388,14 @@ int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received) BIGNUM *t2 = BN_new(); int ret = 0; - // g' = g^{xc + xa + xb} [from our POV] - // t1 = xa + xb + /* + * g' = g^{xc + xa + xb} [from our POV] + * t1 = xa + xb + */ BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx); - // t2 = g^{t1} = g^{xa+xb} + /* t2 = g^{t1} = g^{xa+xb} */ BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx); - // t1 = g^{xc} * t2 = g^{xc + xa + xb} + /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */ BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx); if(verify_zkp(received, t1, ctx)) @@ -391,7 +405,7 @@ int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received) compute_key(ctx, received->gx); - // cleanup + /* cleanup */ BN_free(t2); BN_free(t1); diff --git a/crypto/jpake/jpake.h b/crypto/jpake/jpake.h index 4c67a24378..becc66c334 100644 --- a/crypto/jpake/jpake.h +++ b/crypto/jpake/jpake.h @@ -17,23 +17,23 @@ extern "C" { typedef struct JPAKE_CTX JPAKE_CTX; -// Note that "g" in the ZKPs is not necessarily the J-PAKE g. +/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */ typedef struct { - BIGNUM *gr; // g^r (r random) - BIGNUM *b; // b = r - x*h, h=hash(g, g^r, g^x, name) + BIGNUM *gr; /* g^r (r random) */ + BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */ } JPAKE_ZKP; typedef struct { - BIGNUM *gx; // g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 - JPAKE_ZKP zkpx; // ZKP(x) or ZKP(xb * s) + BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */ + JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */ } JPAKE_STEP_PART; typedef struct { - JPAKE_STEP_PART p1; // g^x3, ZKP(x3) or g^x1, ZKP(x1) - JPAKE_STEP_PART p2; // g^x4, ZKP(x4) or g^x2, ZKP(x2) + JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */ + JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */ } JPAKE_STEP1; typedef JPAKE_STEP_PART JPAKE_STEP2; @@ -48,29 +48,35 @@ typedef struct unsigned char hk[SHA_DIGEST_LENGTH]; } JPAKE_STEP3B; -// Parameters are copied +/* Parameters are copied */ JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, const BIGNUM *secret); void JPAKE_CTX_free(JPAKE_CTX *ctx); -// Note that JPAKE_STEP1 can be used multiple times before release -// without another init. +/* + * Note that JPAKE_STEP1 can be used multiple times before release + * without another init. + */ void JPAKE_STEP1_init(JPAKE_STEP1 *s1); int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx); int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received); void JPAKE_STEP1_release(JPAKE_STEP1 *s1); -// Note that JPAKE_STEP2 can be used multiple times before release -// without another init. +/* + * Note that JPAKE_STEP2 can be used multiple times before release + * without another init. + */ void JPAKE_STEP2_init(JPAKE_STEP2 *s2); int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx); int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received); void JPAKE_STEP2_release(JPAKE_STEP2 *s2); -// Optionally verify the shared key. If the shared secrets do not -// match, the two ends will disagree about the shared key, but -// otherwise the protocol will succeed. +/* + * Optionally verify the shared key. If the shared secrets do not + * match, the two ends will disagree about the shared key, but + * otherwise the protocol will succeed. + */ void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a); int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx); int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received); @@ -81,8 +87,10 @@ int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx); int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received); void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b); -// the return value belongs to the library and will be released when -// ctx is released, and will change when a new handshake is performed. +/* + * the return value belongs to the library and will be released when + * ctx is released, and will change when a new handshake is performed. + */ const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx); /* BEGIN ERROR CODES */ diff --git a/crypto/jpake/jpaketest.c b/crypto/jpake/jpaketest.c index 13b2e1f119..c3a83ba3d6 100644 --- a/crypto/jpake/jpaketest.c +++ b/crypto/jpake/jpaketest.c @@ -18,7 +18,7 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) JPAKE_STEP3A alice_s3a; JPAKE_STEP3B bob_s3b; - // Alice -> Bob: step 1 + /* Alice -> Bob: step 1 */ puts("A->B s1"); JPAKE_STEP1_init(&alice_s1); JPAKE_STEP1_generate(&alice_s1, alice); @@ -30,7 +30,7 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) } JPAKE_STEP1_release(&alice_s1); - // Bob -> Alice: step 1 + /* Bob -> Alice: step 1 */ puts("B->A s1"); JPAKE_STEP1_init(&bob_s1); JPAKE_STEP1_generate(&bob_s1, bob); @@ -42,7 +42,7 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) } JPAKE_STEP1_release(&bob_s1); - // Alice -> Bob: step 2 + /* Alice -> Bob: step 2 */ puts("A->B s2"); JPAKE_STEP2_init(&alice_s2); JPAKE_STEP2_generate(&alice_s2, alice); @@ -54,7 +54,7 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) } JPAKE_STEP2_release(&alice_s2); - // Bob -> Alice: step 2 + /* Bob -> Alice: step 2 */ puts("B->A s2"); JPAKE_STEP2_init(&bob_s2); JPAKE_STEP2_generate(&bob_s2, bob); @@ -69,7 +69,7 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) showbn("Alice's key", JPAKE_get_shared_key(alice)); showbn("Bob's key ", JPAKE_get_shared_key(bob)); - // Alice -> Bob: step 3a + /* Alice -> Bob: step 3a */ puts("A->B s3a"); JPAKE_STEP3A_init(&alice_s3a); JPAKE_STEP3A_generate(&alice_s3a, alice); @@ -81,7 +81,7 @@ static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) } JPAKE_STEP3A_release(&alice_s3a); - // Bob -> Alice: step 3b + /* Bob -> Alice: step 3b */ puts("B->A s3b"); JPAKE_STEP3B_init(&bob_s3b); JPAKE_STEP3B_generate(&bob_s3b, bob); @@ -123,7 +123,7 @@ int main(int argc, char **argv) p = BN_new(); BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL); */ - // Use a safe prime for p (that we found earlier) + /* Use a safe prime for p (that we found earlier) */ BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F"); showbn("p", p); g = BN_new(); @@ -135,7 +135,7 @@ int main(int argc, char **argv) BN_rand(secret, 32, -1, 0); - // A normal run, expect this to work... + /* A normal run, expect this to work... */ alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); @@ -148,7 +148,7 @@ int main(int argc, char **argv) JPAKE_CTX_free(bob); JPAKE_CTX_free(alice); - // Now give Alice and Bob different secrets + /* Now give Alice and Bob different secrets */ alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); BN_add_word(secret, 1); bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); |