Google Git
Sign in
fuchsia / third_party / openssl-ecjpake / 380c94c492ed126e3f58530bf95b24b5fb1cf199 / . / openssl / ecjpake.h
blob: 0d75138b6713ca758130603e1ba5b08ab7a6b514 [file] [log] [blame]
/*
*
* Copyright (c) 2017 Google LLC.
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HEADER_ECJPAKE_H
# define HEADER_ECJPAKE_H
# include <openssl/opensslconf.h>
# ifdef __cplusplus
extern "C" {
# endif
# include <openssl/ec.h>
# include <openssl/bn.h>
# include <openssl/sha.h>
typedef struct ECJPAKE_CTX ECJPAKE_CTX;
typedef struct {
EC_POINT *Gr; /* G * r (r random) */
BIGNUM *b; /* b = r - x * h,
h = hash(G, G * r, G * x, name) */
} ECJPAKE_ZKP;
typedef struct {
EC_POINT *Gx; /* G * x in step 1,
G * ((xa + xc + xd) * xb * s) in step 2 */
ECJPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */
} ECJPAKE_STEP_PART;
typedef struct {
ECJPAKE_STEP_PART p1; /* {G * x3, ZKP(x3)} or {G * x1, ZKP(x1)} */
ECJPAKE_STEP_PART p2; /* {G * x4, ZKP(x4)} or {G * x2, ZKP(x2)} */
} ECJPAKE_STEP1;
typedef ECJPAKE_STEP_PART ECJPAKE_STEP2;
typedef struct {
unsigned char hhk[SHA256_DIGEST_LENGTH];
} ECJPAKE_STEP3A;
typedef struct {
unsigned char hk[SHA256_DIGEST_LENGTH];
} ECJPAKE_STEP3B;
/*
* Defines pointer to the function that calculates SHA256 hash of elliptic curve
* point. ECJPAKE implements it's own point hash function.
* Use ECJPAKE_Set_HashECPoint() to provide alternative implementation of the
* point hash.
*/
typedef int(*ECJPAKE_HASHPOINT_FUNC_PTR)(ECJPAKE_CTX *, SHA256_CTX *,
const EC_POINT *);
/*
* Sets the function that will be used to hash elliptic curve point.
* If this function is not called the ecjpake uses it's own (default)
* implementation of the point hash function.
*/
void ECJPAKE_Set_HashECPoint(ECJPAKE_HASHPOINT_FUNC_PTR hashpoint_custom);
/* Initializes ECJPAKE_CTX with protocol parameters */
ECJPAKE_CTX *ECJPAKE_CTX_new(const EC_GROUP *group, const BIGNUM *secret,
const unsigned char *local_id_num,
const size_t local_id_len,
const unsigned char *peer_id_num,
const size_t peer_id_len);
/* Releases ECJPAKE_CTX */
void ECJPAKE_CTX_free(ECJPAKE_CTX *ctx);
/*
* Functions to initialize, generate, process, and release ECJPAKE_STEP1 data.
* Note that ECJPAKE_STEP1 can be used multiple times before release
* without another init.
*/
int ECJPAKE_STEP1_init(ECJPAKE_STEP1 *s1, const ECJPAKE_CTX *ctx);
int ECJPAKE_STEP1_generate(ECJPAKE_STEP1 *send, ECJPAKE_CTX *ctx);
int ECJPAKE_STEP1_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP1 *received);
void ECJPAKE_STEP1_release(ECJPAKE_STEP1 *s1);
/*
* Functions to initialize, generate, process, and release ECJPAKE_STEP2 data.
* Note that ECJPAKE_STEP2 can be used multiple times before release
* without another init.
*/
int ECJPAKE_STEP2_init(ECJPAKE_STEP2 *s2, const ECJPAKE_CTX *ctx);
int ECJPAKE_STEP2_generate(ECJPAKE_STEP2 *send, ECJPAKE_CTX *ctx);
int ECJPAKE_STEP2_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP2 *received);
void ECJPAKE_STEP2_release(ECJPAKE_STEP2 *s2);
/*
* Optionally verify the shared key. If the shared secrets do not
* match, the two ends will disagree about the shared key, but
* otherwise the protocol will succeed.
*/
void ECJPAKE_STEP3A_init(ECJPAKE_STEP3A *s3a);
int ECJPAKE_STEP3A_generate(ECJPAKE_STEP3A *send, ECJPAKE_CTX *ctx);
int ECJPAKE_STEP3A_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3A *received);
void ECJPAKE_STEP3A_release(ECJPAKE_STEP3A *s3a);
void ECJPAKE_STEP3B_init(ECJPAKE_STEP3B *s3b);
int ECJPAKE_STEP3B_generate(ECJPAKE_STEP3B *send, ECJPAKE_CTX *ctx);
int ECJPAKE_STEP3B_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3B *received);
void ECJPAKE_STEP3B_release(ECJPAKE_STEP3B *s3b);
/*
* Returns shared secret value. The value belongs to the library and will be
* released when ctx is released, and will change when a new handshake is
* performed.
*/
const unsigned char *ECJPAKE_get_shared_key(const ECJPAKE_CTX *ctx);
/* Returns elliptic curve group used in the current ECJPAKE handshake. */
const EC_GROUP *ECJPAKE_get_ecGroup(const ECJPAKE_CTX *ctx);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_ECJPAKE_strings(void);
/* Error codes for the ECJPAKE functions. */
/* Function codes. */
# define ECJPAKE_F_COMPUTE_KEY 100
# define ECJPAKE_F_EC_POINT_IS_LEGAL 101
# define ECJPAKE_F_ECJPAKE_CTX_NEW 102
# define ECJPAKE_F_ECJPAKE_STEP1_GENERATE 103
# define ECJPAKE_F_ECJPAKE_STEP1_PROCESS 104
# define ECJPAKE_F_ECJPAKE_STEP2_GENERATE 105
# define ECJPAKE_F_ECJPAKE_STEP2_PROCESS 106
# define ECJPAKE_F_ECJPAKE_STEP3A_PROCESS 107
# define ECJPAKE_F_ECJPAKE_STEP3B_PROCESS 108
# define ECJPAKE_F_GENERATE_ZKP 109
# define ECJPAKE_F_GENRAND 110
# define ECJPAKE_F_STEP_PART_GENERATE 111
# define ECJPAKE_F_STEP_PART_INIT 112
# define ECJPAKE_F_VERIFY_ZKP 113
# define ECJPAKE_F_ZKP_HASH 114
/* Reason codes. */
# define ECJPAKE_R_G_IS_NOT_LEGAL 100
# define ECJPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 101
# define ECJPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 102
# define ECJPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 103
# define ECJPAKE_R_HASH_OF_KEY_MISMATCH 104
# define ECJPAKE_R_VERIFY_X3_FAILED 105
# define ECJPAKE_R_VERIFY_X4_FAILED 106
# define ECJPAKE_R_VERIFY_X4S_FAILED 107
# define ECJPAKE_R_ZKP_VERIFY_FAILED 108
#ifndef ERR_LIB_ECJPAKE
# define ERR_LIB_ECJPAKE 50
#endif
#ifndef ECJPAKEerr
# ifndef OPENSSL_IS_BORINGSSL
# define ECJPAKEerr(f,r) ERR_PUT_error(ERR_LIB_ECJPAKE,(f),(r),__FILE__,__LINE__)
# else
# define ECJPAKEerr(f,r) ERR_put_error(ERR_LIB_ECJPAKE,(f),(r),__FILE__,__LINE__)
# endif
#endif
# ifdef __cplusplus
}
# endif
#endif