openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove JPAKE 

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Rich Salz 2016-02-14 00:17:59 -05:00 committed by Rich Salz
parent 6a78ae2821
commit dba3177745
25 changed files with 19 additions and 1374 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -4,6 +4,9 @@
Changes between 1.0.2f and 1.1.0 [xx XXX xxxx]
*) Removed JPAKE code. It was experimental and has no wide use.
[Rich Salz]
*) The INSTALL_PREFIX Makefile variable has been renamed to
DESTDIR. That makes for less confusion on what this variable
is for. Also, the configuration option --install_prefix is

5
Configure
View File

@ -226,7 +226,7 @@ $config{sdirs} = [
"bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
"buffer", "bio", "stack", "lhash", "rand", "err",
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "jpake", "srp", "cmac", "ct", "async", "kdf"
"cms", "ts", "srp", "cmac", "ct", "async", "kdf"
];
# Known TLS and DTLS protocols
@ -274,7 +274,6 @@ my @disablables = (
"hmac",
"hw(-.+)?",
"idea",
"jpake",
"locking", # Really???
"md2",
"md4",
@ -327,7 +326,6 @@ foreach my $proto ((@tls, @dtls))
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
"ec_nistp_64_gcc_128" => "default",
"egd" => "default",
"jpake" => "experimental",
"md2" => "default",
"rc5" => "default",
"sctp" => "default",
@ -351,7 +349,6 @@ my @disable_cascades = (
"rijndael" => [ "aes" ],
"des" => [ "mdc2" ],
"ec" => [ "ecdsa", "ecdh" ],
"psk" => [ "jpake" ],
"dgram" => [ "dtls" ],
"dtls" => [ @dtls ],

226
apps/apps.c
View File

@ -141,9 +141,6 @@
# include <openssl/rsa.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_JPAKE
# include <openssl/jpake.h>
#endif
#include <openssl/ssl.h>
#include "apps.h"
@ -1990,229 +1987,6 @@ void policies_print(X509_STORE_CTX *ctx)
nodes_print("User", X509_policy_tree_get0_user_policies(tree));
}
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
static JPAKE_CTX *jpake_init(const char *us, const char *them,
const char *secret)
{
BIGNUM *p = NULL;
BIGNUM *g = NULL;
BIGNUM *q = NULL;
BIGNUM *bnsecret = BN_new();
JPAKE_CTX *ctx;
/* Use a safe prime for p (that we found earlier) */
BN_hex2bn(&p,
"F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
g = BN_new();
BN_set_word(g, 2);
q = BN_new();
BN_rshift1(q, p);
BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
BN_free(bnsecret);
BN_free(q);
BN_free(g);
BN_free(p);
return ctx;
}
static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
{
BN_print(conn, p->gx);
BIO_puts(conn, "\n");
BN_print(conn, p->zkpx.gr);
BIO_puts(conn, "\n");
BN_print(conn, p->zkpx.b);
BIO_puts(conn, "\n");
}
static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
{
JPAKE_STEP1 s1;
JPAKE_STEP1_init(&s1);
JPAKE_STEP1_generate(&s1, ctx);
jpake_send_part(bconn, &s1.p1);
jpake_send_part(bconn, &s1.p2);
(void)BIO_flush(bconn);
JPAKE_STEP1_release(&s1);
}
static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
{
JPAKE_STEP2 s2;
JPAKE_STEP2_init(&s2);
JPAKE_STEP2_generate(&s2, ctx);
jpake_send_part(bconn, &s2);
(void)BIO_flush(bconn);
JPAKE_STEP2_release(&s2);
}
static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
{
JPAKE_STEP3A s3a;
JPAKE_STEP3A_init(&s3a);
JPAKE_STEP3A_generate(&s3a, ctx);
BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
(void)BIO_flush(bconn);
JPAKE_STEP3A_release(&s3a);
}
static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
{
JPAKE_STEP3B s3b;
JPAKE_STEP3B_init(&s3b);
JPAKE_STEP3B_generate(&s3b, ctx);
BIO_write(bconn, s3b.hk, sizeof s3b.hk);
(void)BIO_flush(bconn);
JPAKE_STEP3B_release(&s3b);
}
static void readbn(BIGNUM **bn, BIO *bconn)
{
char buf[10240];
int l;
l = BIO_gets(bconn, buf, sizeof buf);
assert(l > 0);
assert(buf[l - 1] == '\n');
buf[l - 1] = '\0';
BN_hex2bn(bn, buf);
}
static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
{
readbn(&p->gx, bconn);
readbn(&p->zkpx.gr, bconn);
readbn(&p->zkpx.b, bconn);
}
static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
{
JPAKE_STEP1 s1;
JPAKE_STEP1_init(&s1);
jpake_receive_part(&s1.p1, bconn);
jpake_receive_part(&s1.p2, bconn);
if (!JPAKE_STEP1_process(ctx, &s1)) {
ERR_print_errors(bio_err);
exit(1);
}
JPAKE_STEP1_release(&s1);
}
static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
{
JPAKE_STEP2 s2;
JPAKE_STEP2_init(&s2);
jpake_receive_part(&s2, bconn);
if (!JPAKE_STEP2_process(ctx, &s2)) {
ERR_print_errors(bio_err);
exit(1);
}
JPAKE_STEP2_release(&s2);
}
static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
{
JPAKE_STEP3A s3a;
int l;
JPAKE_STEP3A_init(&s3a);
l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
assert(l == sizeof s3a.hhk);
if (!JPAKE_STEP3A_process(ctx, &s3a)) {
ERR_print_errors(bio_err);
exit(1);
}
JPAKE_STEP3A_release(&s3a);
}
static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
{
JPAKE_STEP3B s3b;
int l;
JPAKE_STEP3B_init(&s3b);
l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
assert(l == sizeof s3b.hk);
if (!JPAKE_STEP3B_process(ctx, &s3b)) {
ERR_print_errors(bio_err);
exit(1);
}
JPAKE_STEP3B_release(&s3b);
}
void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
{
JPAKE_CTX *ctx;
BIO *bconn;
BIO_puts(out, "Authenticating with JPAKE\n");
ctx = jpake_init("client", "server", secret);
bconn = BIO_new(BIO_f_buffer());
BIO_push(bconn, conn);
jpake_send_step1(bconn, ctx);
jpake_receive_step1(ctx, bconn);
jpake_send_step2(bconn, ctx);
jpake_receive_step2(ctx, bconn);
jpake_send_step3a(bconn, ctx);
jpake_receive_step3b(ctx, bconn);
BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
OPENSSL_free(psk_key);
psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
BIO_pop(bconn);
BIO_free(bconn);
JPAKE_CTX_free(ctx);
}
void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
{
JPAKE_CTX *ctx;
BIO *bconn;
BIO_puts(out, "Authenticating with JPAKE\n");
ctx = jpake_init("server", "client", secret);
bconn = BIO_new(BIO_f_buffer());
BIO_push(bconn, conn);
jpake_receive_step1(ctx, bconn);
jpake_send_step1(bconn, ctx);
jpake_receive_step2(ctx, bconn);
jpake_send_step2(bconn, ctx);
jpake_receive_step3a(ctx, bconn);
jpake_send_step3b(bconn, ctx);
BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
OPENSSL_free(psk_key);
psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
BIO_pop(bconn);
BIO_free(bconn);
JPAKE_CTX_free(ctx);
}
#endif
/*-
* next_protos_parse parses a comma separated list of strings into a string
* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.

4
apps/apps.h
View File

@ -571,10 +571,6 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
# ifndef OPENSSL_NO_PSK
extern char *psk_key;
# endif
# ifndef OPENSSL_NO_JPAKE
void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
# endif
unsigned char *next_protos_parse(unsigned short *outlen, const char *in);

3
apps/openssl.c
View File

@ -757,9 +757,6 @@ static void list_disabled(void)
#ifdef OPENSSL_NO_IDEA
BIO_puts(bio_out, "IDEA\n");
#endif
#ifdef OPENSSL_NO_JPAKE
BIO_puts(bio_out, "JPAKE\n");
#endif
#ifdef OPENSSL_NO_MD2
BIO_puts(bio_out, "MD2\n");
#endif

3
apps/s_apps.h
View File

@ -195,8 +195,7 @@ int load_excert(SSL_EXCERT **pexc);
void print_verify_detail(SSL *s, BIO *bio);
void print_ssl_summary(SSL *s);
#ifdef HEADER_SSL_H
int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
SSL_CTX *ctx, int no_jpake);
int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx);
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
int crl_download);
int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,

17
apps/s_cb.c
View File

@ -1198,7 +1198,7 @@ void print_ssl_summary(SSL *s)
}
int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
SSL_CTX *ctx, int no_jpake)
SSL_CTX *ctx)
{
int i;
@ -1206,12 +1206,6 @@ int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) {
const char *flag = sk_OPENSSL_STRING_value(str, i);
const char *arg = sk_OPENSSL_STRING_value(str, i + 1);
#ifndef OPENSSL_NO_JPAKE
if (!no_jpake && (strcmp(flag, "-cipher") == 0)) {
BIO_puts(bio_err, "JPAKE sets cipher to PSK\n");
return 0;
}
#endif
if (SSL_CONF_cmd(cctx, flag, arg) <= 0) {
if (arg)
BIO_printf(bio_err, "Error with command: \"%s %s\"\n",
@ -1222,15 +1216,6 @@ int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
return 0;
}
}
#ifndef OPENSSL_NO_JPAKE
if (!no_jpake) {
if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0) {
BIO_puts(bio_err, "Error setting cipher to PSK\n");
ERR_print_errors(bio_err);
return 0;
}
}
#endif
if (!SSL_CONF_CTX_finish(cctx)) {
BIO_puts(bio_err, "Error finishing context\n");
ERR_print_errors(bio_err);

31
apps/s_client.c
View File

@ -648,7 +648,7 @@ typedef enum OPTION_choice {
OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH,
OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE,
OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_JPAKE,
OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME,
OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST,
OPT_ASYNC,
OPT_V_ENUM,
@ -780,9 +780,6 @@ OPTIONS s_client_options[] = {
#ifndef OPENSSL_NO_PSK
{"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity"},
{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
# ifndef OPENSSL_NO_JPAKE
{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
#ifndef OPENSSL_NO_SRP
{"srpuser", OPT_SRPUSER, 's', "SRP authentification for 'user'"},
@ -853,7 +850,7 @@ int s_client_main(int argc, char **argv)
char *inrand = NULL;
char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
char *sess_in = NULL, *sess_out = NULL, *crl_file = NULL, *p;
char *jpake_secret = NULL, *xmpphost = NULL;
char *xmpphost = NULL;
const char *ehlo = "mail.example.com";
struct sockaddr peer;
struct timeval timeout, *timeoutp;
@ -1316,11 +1313,6 @@ int s_client_main(int argc, char **argv)
case OPT_SERVERNAME:
servername = opt_arg();
break;
case OPT_JPAKE:
#ifndef OPENSSL_NO_JPAKE
jpake_secret = opt_arg();
#endif
break;
case OPT_USE_SRTP:
srtp_profiles = opt_arg();
break;
@ -1378,15 +1370,6 @@ int s_client_main(int argc, char **argv)
"Can't use unix sockets and datagrams together\n");
goto end;
}
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
if (jpake_secret) {
if (psk_key) {
BIO_printf(bio_err, "Can't use JPAKE and PSK together\n");
goto end;
}
psk_identity = "JPAKE";
}
#endif
#if !defined(OPENSSL_NO_NEXTPROTONEG)
next_proto.status = -1;
@ -1506,7 +1489,7 @@ int s_client_main(int argc, char **argv)
SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC);
}
if (!config_ctx(cctx, ssl_args, ctx, jpake_secret == NULL))
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
@ -1528,10 +1511,10 @@ int s_client_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_PSK
if (psk_key != NULL || jpake_secret) {
if (psk_key != NULL) {
if (c_debug)
BIO_printf(bio_c_out,
"PSK key given or JPAKE in use, setting client callback\n");
"PSK key given, setting client callback\n");
SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
}
#endif
@ -1774,10 +1757,6 @@ int s_client_main(int argc, char **argv)
SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
}
#ifndef OPENSSL_NO_JPAKE
if (jpake_secret)
jpake_client_auth(bio_c_out, sbio, jpake_secret);
#endif
SSL_set_bio(con, sbio, sbio);
SSL_set_connect_state(con);

37
apps/s_server.c
View File

@ -785,7 +785,6 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
return is_forward_secure;
}
static char *jpake_secret = NULL;
#ifndef OPENSSL_NO_SRP
static srpsrvparm srp_callback_parm;
#endif
@ -814,7 +813,7 @@ typedef enum OPTION_choice {
OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_LISTEN,
OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_JPAKE,
OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
OPT_S_ENUM,
OPT_V_ENUM,
@ -952,9 +951,6 @@ OPTIONS s_server_options[] = {
#ifndef OPENSSL_NO_PSK
{"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
# ifndef OPENSSL_NO_JPAKE
{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
@ -1501,14 +1497,6 @@ int s_server_main(int argc, char *argv[])
case OPT_ALPN:
alpn_in = opt_arg();
break;
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
case OPT_JPAKE:
jpake_secret = opt_arg();
break;
#else
case OPT_JPAKE:
goto opthelp;
#endif
case OPT_SRTP_PROFILES:
srtp_profiles = opt_arg();
break;
@ -1545,15 +1533,6 @@ int s_server_main(int argc, char *argv[])
goto end;
}
#endif
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
if (jpake_secret) {
if (psk_key) {
BIO_printf(bio_err, "Can't use JPAKE and PSK together\n");
goto end;
}
psk_identity = "JPAKE";
}
#endif
if (!app_passwd(passarg, dpassarg, &pass, &dpass)) {
BIO_printf(bio_err, "Error getting password\n");
@ -1768,7 +1747,7 @@ int s_server_main(int argc, char *argv[])
}
ssl_ctx_add_crls(ctx, crls, 0);
if (!config_ctx(cctx, ssl_args, ctx, jpake_secret == NULL))
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
@ -1831,7 +1810,7 @@ int s_server_main(int argc, char *argv[])
}
ssl_ctx_add_crls(ctx2, crls, 0);
if (!config_ctx(cctx, ssl_args, ctx2, jpake_secret == NULL))
if (!config_ctx(cctx, ssl_args, ctx2))
goto end;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
@ -1917,15 +1896,11 @@ int s_server_main(int argc, char *argv[])
not_resumable_sess_cb);
}
#ifndef OPENSSL_NO_PSK
# ifdef OPENSSL_NO_JPAKE
if (psk_key != NULL)
# else
if (psk_key != NULL || jpake_secret)
# endif
{
if (s_debug)
BIO_printf(bio_s_out,
"PSK key given or JPAKE in use, setting server callback\n");
"PSK key given, setting server callback\n");
SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
}
@ -2175,10 +2150,6 @@ static int sv_body(const char *hostname, int s, int stype,
test = BIO_new(BIO_f_nbio_test());
sbio = BIO_push(test, sbio);
}
#ifndef OPENSSL_NO_JPAKE
if (jpake_secret)
jpake_server_auth(bio_s_out, sbio, jpake_secret);
#endif
SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);

6
crypto/err/err_all.c
View File

@ -98,9 +98,6 @@
#ifndef OPENSSL_NO_CMS
# include <openssl/cms.h>
#endif
#ifndef OPENSSL_NO_JPAKE
# include <openssl/jpake.h>
#endif
#include <internal/ct_int.h>
#include <openssl/async.h>
@ -154,9 +151,6 @@ void err_load_crypto_strings_intern(void)
# ifndef OPENSSL_NO_CMS
ERR_load_CMS_strings();
# endif
# ifndef OPENSSL_NO_JPAKE
ERR_load_JPAKE_strings();
# endif
# ifndef OPENSSL_NO_CT
ERR_load_CT_strings();
# endif

1
crypto/err/openssl.ec
View File

@ -32,7 +32,6 @@ L STORE include/openssl/store.h crypto/store/str_err.c
L TS include/openssl/ts.h crypto/ts/ts_err.c
L HMAC include/openssl/hmac.h crypto/hmac/hmac_err.c
L CMS include/openssl/cms.h crypto/cms/cms_err.c
L JPAKE include/openssl/jpake.h crypto/jpake/jpake_err.c
L FIPS include/openssl/fips.h crypto/fips_err.h
L ASYNC include/openssl/async.h crypto/async/async_err.c

36
crypto/jpake/Makefile.in
View File

@ -1,36 +0,0 @@
DIR=jpake
TOP=../..
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL= Makefile
LIB=$(TOP)/libcrypto.a
LIBOBJ=jpake.o jpake_err.o
LIBSRC=jpake.c jpake_err.c
SRC= $(LIBSRC)
HEADER=
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
depend:
$(TOP)/util/domd $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
clean:
rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.

3
crypto/jpake/build.info
View File

@ -1,3 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
jpake.c jpake_err.c

543
crypto/jpake/jpake.c
View File

@ -1,543 +0,0 @@
#include <openssl/jpake.h>
#include <openssl/crypto.h>
#include <openssl/sha.h>
#include <openssl/err.h>
#include <memory.h>
#include <string.h>
/*
* In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or
* Bob's (x3, x4, x1, x2). If you see what I mean.
*/
typedef struct {
char *name; /* Must be unique */
char *peer_name;
BIGNUM *p;
BIGNUM *g;
BIGNUM *q;
BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */
BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */
} JPAKE_CTX_PUBLIC;
struct JPAKE_CTX {
JPAKE_CTX_PUBLIC p;
BIGNUM *secret; /* The shared secret */
BN_CTX *ctx;
BIGNUM *xa; /* Alice's x1 or Bob's x3 */
BIGNUM *xb; /* Alice's x2 or Bob's x4 */
BIGNUM *key; /* The calculated (shared) key */
};
static void JPAKE_ZKP_init(JPAKE_ZKP *zkp)
{
zkp->gr = BN_new();
zkp->b = BN_new();
}
static void JPAKE_ZKP_release(JPAKE_ZKP *zkp)
{
BN_free(zkp->b);
BN_free(zkp->gr);
}
/* Two birds with one stone - make the global name as expected */
#define JPAKE_STEP_PART_init JPAKE_STEP2_init
#define JPAKE_STEP_PART_release JPAKE_STEP2_release
void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p)
{
p->gx = BN_new();
JPAKE_ZKP_init(&p->zkpx);
}
void JPAKE_STEP_PART_release(JPAKE_STEP_PART *p)
{
JPAKE_ZKP_release(&p->zkpx);
BN_free(p->gx);
}
void JPAKE_STEP1_init(JPAKE_STEP1 *s1)
{
JPAKE_STEP_PART_init(&s1->p1);
JPAKE_STEP_PART_init(&s1->p2);
}
void JPAKE_STEP1_release(JPAKE_STEP1 *s1)
{
JPAKE_STEP_PART_release(&s1->p2);
JPAKE_STEP_PART_release(&s1->p1);
}
static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name,
const char *peer_name, const BIGNUM *p,
const BIGNUM *g, const BIGNUM *q,
const BIGNUM *secret)
{
ctx->p.name = OPENSSL_strdup(name);
ctx->p.peer_name = OPENSSL_strdup(peer_name);
ctx->p.p = BN_dup(p);
ctx->p.g = BN_dup(g);
ctx->p.q = BN_dup(q);
ctx->secret = BN_dup(secret);
ctx->p.gxc = BN_new();
ctx->p.gxd = BN_new();
ctx->xa = BN_new();
ctx->xb = BN_new();
ctx->key = BN_new();
ctx->ctx = BN_CTX_new();
}
static void JPAKE_CTX_release(JPAKE_CTX *ctx)
{
BN_CTX_free(ctx->ctx);
BN_clear_free(ctx->key);
BN_clear_free(ctx->xb);
BN_clear_free(ctx->xa);
BN_free(ctx->p.gxd);
BN_free(ctx->p.gxc);
BN_clear_free(ctx->secret);
BN_free(ctx->p.q);
BN_free(ctx->p.g);
BN_free(ctx->p.p);
OPENSSL_free(ctx->p.peer_name);
OPENSSL_free(ctx->p.name);
memset(ctx, 0, sizeof(*ctx));
}
JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
const BIGNUM *secret)
{
JPAKE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
if (ctx == NULL)
return NULL;
JPAKE_CTX_init(ctx, name, peer_name, p, g, q, secret);
return ctx;
}
void JPAKE_CTX_free(JPAKE_CTX *ctx)
{
if (!ctx)
return;
JPAKE_CTX_release(ctx);
OPENSSL_free(ctx);
}
static void hashlength(SHA_CTX *sha, size_t l)
{
unsigned char b[2];
OPENSSL_assert(l <= 0xffff);
b[0] = l >> 8;
b[1] = l & 0xff;
SHA1_Update(sha, b, 2);
}
static void hashstring(SHA_CTX *sha, const char *string)
{
size_t l = strlen(string);
hashlength(sha, l);
SHA1_Update(sha, string, l);
}
static int hashbn(SHA_CTX *sha, const BIGNUM *bn)
{
size_t l = BN_num_bytes(bn);
unsigned char *bin = OPENSSL_malloc(l);
if (bin == NULL)
return 0;
hashlength(sha, l);
BN_bn2bin(bn, bin);
SHA1_Update(sha, bin, l);
OPENSSL_free(bin);
return 1;
}
/* h=hash(g, g^r, g^x, name) */
static int zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p,
const char *proof_name)
{
unsigned char md[SHA_DIGEST_LENGTH];
SHA_CTX sha;
/*
* XXX: hash should not allow moving of the boundaries - Java code
* is flawed in this respect. Length encoding seems simplest.
*/
SHA1_Init(&sha);
if (!hashbn(&sha, zkpg))
return 0;
OPENSSL_assert(!BN_is_zero(p->zkpx.gr));
if (!hashbn(&sha, p->zkpx.gr))
return 0;
if (!hashbn(&sha, p->gx))
return 0;
hashstring(&sha, proof_name);
SHA1_Final(md, &sha);
BN_bin2bn(md, SHA_DIGEST_LENGTH, h);
return 1;
}
/*
* Prove knowledge of x
* Note that p->gx has already been calculated
*/
static int generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
const BIGNUM *zkpg, JPAKE_CTX *ctx)
{
int res = 0;
BIGNUM *r = BN_new();
BIGNUM *h = BN_new();
BIGNUM *t = BN_new();
if (r == NULL || h == NULL || t == NULL)
goto end;
/*-
* r in [0,q)
* XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
*/
BN_rand_range(r, ctx->p.q);
/* g^r */
BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx);
/* h=hash... */
if (!zkp_hash(h, zkpg, p, ctx->p.name))
goto end;
/* b = r - x*h */
BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx);
BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx);
res = 1;
end:
/* cleanup */
BN_free(t);
BN_free(h);
BN_free(r);
return res;
}
static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg,
JPAKE_CTX *ctx)
{
BIGNUM *h = BN_new();
BIGNUM *t1 = BN_new();
BIGNUM *t2 = BN_new();
BIGNUM *t3 = BN_new();
int ret = 0;
if (h == NULL || t1 == NULL || t2 == NULL || t3 == NULL)
goto end;
if (!zkp_hash(h, zkpg, p, ctx->p.peer_name))
goto end;
/* t1 = g^b */
BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx);
/* t2 = (g^x)^h = g^{hx} */
BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx);
/* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */
BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx);
/* verify t3 == g^r */
if (BN_cmp(t3, p->zkpx.gr) == 0)
ret = 1;
else
JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED);
end:
/* cleanup */
BN_free(t3);
BN_free(t2);
BN_free(t1);
BN_free(h);
return ret;
}
static int generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x,
const BIGNUM *g, JPAKE_CTX *ctx)
{
BN_mod_exp(p->gx, g, x, ctx->p.p, ctx->ctx);
if (!generate_zkp(p, x, g, ctx))
return 0;
return 1;
}
/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */
static void genrand(JPAKE_CTX *ctx)
{
BIGNUM *qm1;
/* xa in [0, q) */
BN_rand_range(ctx->xa, ctx->p.q);
/* q-1 */
qm1 = BN_new();
BN_copy(qm1, ctx->p.q);
BN_sub_word(qm1, 1);
/* ... and xb in [0, q-1) */
BN_rand_range(ctx->xb, qm1);
/* [1, q) */
BN_add_word(ctx->xb, 1);
/* cleanup */
BN_free(qm1);
}
int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
{
genrand(ctx);
if (!generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx))
return 0;
if (!generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx))
return 0;
return 1;
}
/* g^x is a legal value */
static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
{
BIGNUM *t;
int res;
if (BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
return 0;
t = BN_new();
BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
res = BN_is_one(t);
BN_free(t);
return res;
}
int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
{
if (!is_legal(received->p1.gx, ctx)) {
JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS,
JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
return 0;
}
if (!is_legal(received->p2.gx, ctx)) {
JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS,
JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
return 0;
}
/* verify their ZKP(xc) */
if (!verify_zkp(&received->p1, ctx->p.g, ctx)) {
JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED);
return 0;
}
/* verify their ZKP(xd) */
if (!verify_zkp(&received->p2, ctx->p.g, ctx)) {
JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED);
return 0;
}
/* g^xd != 1 */
if (BN_is_one(received->p2.gx)) {
JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE);
return 0;
}
/* Save the bits we need for later */
BN_copy(ctx->p.gxc, received->p1.gx);
BN_copy(ctx->p.gxd, received->p2.gx);
return 1;
}
int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx)
{
int ret;
BIGNUM *t1 = BN_new();
BIGNUM *t2 = BN_new();
/*-
* X = g^{(xa + xc + xd) * xb * s}
* t1 = g^xa
*/
BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx);
/* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */
BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx);
/* t1 = t2 * g^{xd} = g^{xa + xc + xd} */
BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx);
/* t2 = xb * s */
BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx);
/*-
* ZKP(xb * s)
* XXX: this is kinda funky, because we're using
*
* g' = g^{xa + xc + xd}
*
* as the generator, which means X is g'^{xb * s}
* X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
*/
ret = generate_step_part(send, t2, t1, ctx);
/* cleanup */
BN_free(t1);
BN_free(t2);
return ret;
}
/* gx = g^{xc + xa + xb} * xd * s */
static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx)
{
BIGNUM *t1 = BN_new();
BIGNUM *t2 = BN_new();
BIGNUM *t3 = BN_new();
/*-
* K = (gx/g^{xb * xd * s})^{xb}
* = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
* = (g^{(xa + xc) * xd * s})^{xb}
* = g^{(xa + xc) * xb * xd * s}
* [which is the same regardless of who calculates it]
*/
/* t1 = (g^{xd})^{xb} = g^{xb * xd} */
BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx);
/* t2 = -s = q-s */
BN_sub(t2, ctx->p.q, ctx->secret);
/* t3 = t1^t2 = g^{-xb * xd * s} */
BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx);
/* t1 = gx * t3 = X/g^{xb * xd * s} */
BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx);
/* K = t1^{xb} */
BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx);
/* cleanup */
BN_free(t3);
BN_free(t2);
BN_free(t1);
return 1;
}
int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received)
{
BIGNUM *t1 = BN_new();
BIGNUM *t2 = BN_new();
int ret = 0;
/*-
* g' = g^{xc + xa + xb} [from our POV]
* t1 = xa + xb
*/
BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx);
/* t2 = g^{t1} = g^{xa+xb} */
BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx);
/* t1 = g^{xc} * t2 = g^{xc + xa + xb} */
BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx);
if (verify_zkp(received, t1, ctx))
ret = 1;
else
JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED);
compute_key(ctx, received->gx);
/* cleanup */
BN_free(t2);
BN_free(t1);
return ret;
}
static int quickhashbn(unsigned char *md, const BIGNUM *bn)
{
SHA_CTX sha;
SHA1_Init(&sha);
if (!hashbn(&sha, bn))
return 0;
SHA1_Final(md, &sha);
return 1;
}
void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a)
{
}
int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx)
{
if (!quickhashbn(send->hhk, ctx->key))
return 0;
SHA1(send->hhk, sizeof send->hhk, send->hhk);
return 1;
}
int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received)
{
unsigned char hhk[SHA_DIGEST_LENGTH];
if (!quickhashbn(hhk, ctx->key))
return 0;
SHA1(hhk, sizeof hhk, hhk);
if (memcmp(hhk, received->hhk, sizeof hhk)) {
JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS,
JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH);
return 0;
}
return 1;
}
void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a)
{
}
void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b)
{
}
int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx)
{
if (!quickhashbn(send->hk, ctx->key))
return 0;
return 1;
}
int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received)
{
unsigned char hk[SHA_DIGEST_LENGTH];
if (!quickhashbn(hk, ctx->key))
return 0;
if (memcmp(hk, received->hk, sizeof hk)) {
JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH);
return 0;
}
return 1;
}
void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b)
{
}
const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx)
{
return ctx->key;
}

107
crypto/jpake/jpake_err.c
View File

@ -1,107 +0,0 @@
/* ====================================================================
* Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/jpake.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_JPAKE,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_JPAKE,0,reason)
static ERR_STRING_DATA JPAKE_str_functs[] = {
{ERR_FUNC(JPAKE_F_JPAKE_STEP1_PROCESS), "JPAKE_STEP1_process"},
{ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS), "JPAKE_STEP2_process"},
{ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS), "JPAKE_STEP3A_process"},
{ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS), "JPAKE_STEP3B_process"},
{ERR_FUNC(JPAKE_F_VERIFY_ZKP), "verify_zkp"},
{0, NULL}
};
static ERR_STRING_DATA JPAKE_str_reasons[] = {
{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),
"g to the x3 is not legal"},
{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),
"g to the x4 is not legal"},
{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE), "g to the x4 is one"},
{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),
"hash of hash of key mismatch"},
{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH), "hash of key mismatch"},
{ERR_REASON(JPAKE_R_VERIFY_B_FAILED), "verify b failed"},
{ERR_REASON(JPAKE_R_VERIFY_X3_FAILED), "verify x3 failed"},
{ERR_REASON(JPAKE_R_VERIFY_X4_FAILED), "verify x4 failed"},
{ERR_REASON(JPAKE_R_ZKP_VERIFY_FAILED), "zkp verify failed"},
{0, NULL}
};
#endif
void ERR_load_JPAKE_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(JPAKE_str_functs[0].error) == NULL) {
ERR_load_strings(0, JPAKE_str_functs);
ERR_load_strings(0, JPAKE_str_reasons);
}
#endif
}

128
include/openssl/jpake.h
View File

@ -1,128 +0,0 @@
/*
* Implement J-PAKE, as described in
* http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
*
* With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
*/
#ifndef HEADER_JPAKE_H
# define HEADER_JPAKE_H
# include <openssl/opensslconf.h>
# ifdef OPENSSL_NO_JPAKE
# error JPAKE is disabled.
# endif
#ifdef __cplusplus
extern "C" {
#endif
# include <openssl/bn.h>
# include <openssl/sha.h>
typedef struct JPAKE_CTX JPAKE_CTX;
/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */
typedef struct {
BIGNUM *gr; /* g^r (r random) */
BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */
} JPAKE_ZKP;
typedef struct {
BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s
* in step 2 */
JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */
} JPAKE_STEP_PART;
typedef struct {
JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */
JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */
} JPAKE_STEP1;
typedef JPAKE_STEP_PART JPAKE_STEP2;
typedef struct {
unsigned char hhk[SHA_DIGEST_LENGTH];
} JPAKE_STEP3A;
typedef struct {
unsigned char hk[SHA_DIGEST_LENGTH];
} JPAKE_STEP3B;
/* Parameters are copied */
JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
const BIGNUM *secret);
void JPAKE_CTX_free(JPAKE_CTX *ctx);
/*
* Note that JPAKE_STEP1 can be used multiple times before release
* without another init.
*/
void JPAKE_STEP1_init(JPAKE_STEP1 *s1);
int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx);
int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received);
void JPAKE_STEP1_release(JPAKE_STEP1 *s1);
/*
* Note that JPAKE_STEP2 can be used multiple times before release
* without another init.
*/
void JPAKE_STEP2_init(JPAKE_STEP2 *s2);
int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx);
int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received);
void JPAKE_STEP2_release(JPAKE_STEP2 *s2);
/*
* Optionally verify the shared key. If the shared secrets do not
* match, the two ends will disagree about the shared key, but
* otherwise the protocol will succeed.
*/
void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a);
int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx);
int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received);
void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a);
void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b);
int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx);
int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received);
void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b);
/*
* the return value belongs to the library and will be released when
* ctx is released, and will change when a new handshake is performed.
*/
const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_JPAKE_strings(void);
/* Error codes for the JPAKE functions. */
/* Function codes. */
# define JPAKE_F_JPAKE_STEP1_PROCESS 101
# define JPAKE_F_JPAKE_STEP2_PROCESS 102
# define JPAKE_F_JPAKE_STEP3A_PROCESS 103
# define JPAKE_F_JPAKE_STEP3B_PROCESS 104
# define JPAKE_F_VERIFY_ZKP 100
/* Reason codes. */
# define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108
# define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109
# define JPAKE_R_G_TO_THE_X4_IS_ONE 105
# define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106
# define JPAKE_R_HASH_OF_KEY_MISMATCH 107
# define JPAKE_R_VERIFY_B_FAILED 102
# define JPAKE_R_VERIFY_X3_FAILED 103
# define JPAKE_R_VERIFY_X4_FAILED 104
# define JPAKE_R_ZKP_VERIFY_FAILED 100
#ifdef __cplusplus
}
#endif
#endif

10
test/Makefile.in
View File

@ -67,7 +67,6 @@ EVPTEST= evp_test
EVPEXTRATEST=evp_extra_test
P5_CRPT2_TEST= p5_crpt2_test
IGETEST= igetest
JPAKETEST= jpaketest
SECMEMTEST= secmemtest
SRPTEST= srptest
V3NAMETEST= v3nametest
@ -98,7 +97,7 @@ EXE= $(NPTEST)$(EXE_EXT) $(MEMLEAKTEST)$(EXE_EXT) \
$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) \
$(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
$(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) \
$(JPAKETEST)$(EXE_EXT) $(SECMEMTEST)$(EXE_EXT) \
$(SECMEMTEST)$(EXE_EXT) \
$(SRPTEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) \
$(HEARTBEATTEST)$(EXE_EXT) $(P5_CRPT2_TEST)$(EXE_EXT) \
$(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \
@ -117,7 +116,7 @@ OBJ= $(NPTEST).o $(MEMLEAKTEST).o \
$(MDC2TEST).o $(RMDTEST).o $(DANETEST).o \
$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
$(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(V3NAMETEST).o \
$(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(V3NAMETEST).o \
$(HEARTBEATTEST).o $(P5_CRPT2_TEST).o \
$(CONSTTIMETEST).o $(VERIFYEXTRATEST).o $(CLIENTHELLOTEST).o \
$(PACKETTEST).o $(ASYNCTEST).o $(DTLSV1LISTENTEST).o testutil.o
@ -131,7 +130,7 @@ SRC= $(NPTEST).c $(MEMLEAKTEST).c \
$(DESTEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
$(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \
$(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(V3NAMETEST).c \
$(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(V3NAMETEST).c \
$(HEARTBEATTEST).c $(P5_CRPT2_TEST).c \
$(CONSTTIMETEST).c $(VERIFYEXTRATEST).c $(CLIENTHELLOTEST).c \
$(PACKETTEST).c $(ASYNCTEST).c $(DTLSV1LISTENTEST).c testutil.c
@ -340,9 +339,6 @@ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
$(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
@target=$(IGETEST); $(BUILD_CMD)
$(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
@target=$(JPAKETEST); $(BUILD_CMD)
$(SECMEMTEST)$(EXE_EXT): $(SECMEMTEST).o $(DLIBCRYPTO)
@target=$(SECMEMTEST); $(BUILD_CMD)

6
test/build.info
View File

@ -9,7 +9,7 @@ PROGRAMS=\
mdc2test rmdtest \
randtest dhtest enginetest casttest \
bftest ssltest dsatest exptest rsa_test \
evp_test evp_extra_test igetest jpaketest v3nametest \
evp_test evp_extra_test igetest v3nametest \
danetest heartbeat_test p5_crpt2_test \
constant_time_test verify_extra_test clienthellotest \
packettest asynctest secmemtest srptest memleaktest \
@ -151,10 +151,6 @@ SOURCE[igetest]=igetest.c
INCLUDE[igetest]={- rel2abs(catdir($builddir,"../include")) -} .. ../include
DEPEND[igetest]=../libcrypto
SOURCE[jpaketest]=jpaketest.c
INCLUDE[jpaketest]={- rel2abs(catdir($builddir,"../include")) -} ../include
DEPEND[jpaketest]=../libcrypto
SOURCE[v3nametest]=v3nametest.c
INCLUDE[v3nametest]={- rel2abs(catdir($builddir,"../include")) -} ../include
DEPEND[v3nametest]=../libcrypto

184
test/jpaketest.c
View File

@ -1,184 +0,0 @@
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_JPAKE
# include <stdio.h>
int main(int argc, char *argv[])
{
printf("No J-PAKE support\n");
return (0);
}
#else
# include <openssl/jpake.h>
# include <openssl/err.h>
static void showbn(const char *name, const BIGNUM *bn)
{
fputs(name, stdout);
fputs(" = ", stdout);
BN_print_fp(stdout, bn);
putc('\n', stdout);
}
static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
{
JPAKE_STEP1 alice_s1;
JPAKE_STEP1 bob_s1;
JPAKE_STEP2 alice_s2;
JPAKE_STEP2 bob_s2;
JPAKE_STEP3A alice_s3a;
JPAKE_STEP3B bob_s3b;
/* Alice -> Bob: step 1 */
puts("A->B s1");
JPAKE_STEP1_init(&alice_s1);
JPAKE_STEP1_generate(&alice_s1, alice);
if (!JPAKE_STEP1_process(bob, &alice_s1)) {
printf("Bob fails to process Alice's step 1\n");
ERR_print_errors_fp(stdout);
return 1;
}
JPAKE_STEP1_release(&alice_s1);
/* Bob -> Alice: step 1 */
puts("B->A s1");
JPAKE_STEP1_init(&bob_s1);
JPAKE_STEP1_generate(&bob_s1, bob);
if (!JPAKE_STEP1_process(alice, &bob_s1)) {
printf("Alice fails to process Bob's step 1\n");
ERR_print_errors_fp(stdout);
return 2;
}
JPAKE_STEP1_release(&bob_s1);
/* Alice -> Bob: step 2 */
puts("A->B s2");
JPAKE_STEP2_init(&alice_s2);
JPAKE_STEP2_generate(&alice_s2, alice);
if (!JPAKE_STEP2_process(bob, &alice_s2)) {
printf("Bob fails to process Alice's step 2\n");
ERR_print_errors_fp(stdout);
return 3;
}
JPAKE_STEP2_release(&alice_s2);
/* Bob -> Alice: step 2 */
puts("B->A s2");
JPAKE_STEP2_init(&bob_s2);
JPAKE_STEP2_generate(&bob_s2, bob);
if (!JPAKE_STEP2_process(alice, &bob_s2)) {
printf("Alice fails to process Bob's step 2\n");
ERR_print_errors_fp(stdout);
return 4;
}
JPAKE_STEP2_release(&bob_s2);
showbn("Alice's key", JPAKE_get_shared_key(alice));
showbn("Bob's key ", JPAKE_get_shared_key(bob));
/* Alice -> Bob: step 3a */
puts("A->B s3a");
JPAKE_STEP3A_init(&alice_s3a);
JPAKE_STEP3A_generate(&alice_s3a, alice);
if (!JPAKE_STEP3A_process(bob, &alice_s3a)) {
printf("Bob fails to process Alice's step 3a\n");
ERR_print_errors_fp(stdout);
return 5;
}
JPAKE_STEP3A_release(&alice_s3a);
/* Bob -> Alice: step 3b */
puts("B->A s3b");
JPAKE_STEP3B_init(&bob_s3b);
JPAKE_STEP3B_generate(&bob_s3b, bob);
if (!JPAKE_STEP3B_process(alice, &bob_s3b)) {
printf("Alice fails to process Bob's step 3b\n");
ERR_print_errors_fp(stdout);
return 6;
}
JPAKE_STEP3B_release(&bob_s3b);
return 0;
}
int main(int argc, char **argv)
{
JPAKE_CTX *alice;
JPAKE_CTX *bob;
BIGNUM *p = NULL;
BIGNUM *g = NULL;
BIGNUM *q = NULL;
BIGNUM *secret = BN_new();
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
BIO *bio_err;
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif
/*-
BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7");
BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a");
BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5");
*/
/*-
p = BN_new();
BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL);
*/
/* Use a safe prime for p (that we found earlier) */
BN_hex2bn(&p,
"F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
showbn("p", p);
g = BN_new();
BN_set_word(g, 2);
showbn("g", g);
q = BN_new();
BN_rshift1(q, p);
showbn("q", q);
BN_rand(secret, 32, -1, 0);
/* A normal run, expect this to work... */
alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
if (run_jpake(alice, bob) != 0) {
fprintf(stderr, "Plain JPAKE run failed\n");
return 1;
}
JPAKE_CTX_free(bob);
JPAKE_CTX_free(alice);
/* Now give Alice and Bob different secrets */
alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
BN_add_word(secret, 1);
bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
if (run_jpake(alice, bob) != 5) {
fprintf(stderr, "Mismatched secret JPAKE run failed\n");
return 1;
}
JPAKE_CTX_free(bob);
JPAKE_CTX_free(alice);
BN_free(secret);
BN_free(q);
BN_free(g);
BN_free(p);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (CRYPTO_mem_leaks(bio_err) <= 0)
return 1;
#endif
return 0;
}
#endif

5
test/recipes/90-test_jpake.t
View File

@ -1,5 +0,0 @@
#! /usr/bin/perl
use OpenSSL::Test::Simple;
simple_test("test_jpake", "jpaketest", "jpake");

7
util/indent.pro
View File

@ -297,13 +297,6 @@
-T IPAddressOrRange
-T IPAddressOrRanges
-T ISSUING_DIST_POINT
-T JPAKE_CTX
-T JPAKE_STEP1
-T JPAKE_STEP2
-T JPAKE_STEP3A
-T JPAKE_STEP3B
-T JPAKE_STEP_PART
-T JPAKE_ZKP
-T KEY_TABLE_TYPE
-T LHASH
-T LHASH_COMP_FN_TYPE

21
util/libeay.num
View File

@ -3616,27 +3616,6 @@ CRYPTO_dbg_remove_all_info 4090 1_1_0 NOEXIST::FUNCTION:
OPENSSL_init 4091 1_1_0 EXIST::FUNCTION:
private_Camellia_set_key 4092 1_1_0 NOEXIST::FUNCTION:
CRYPTO_strdup 4093 1_1_0 EXIST::FUNCTION:
JPAKE_STEP3A_process 4094 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP1_release 4095 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_get_shared_key 4096 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP3B_init 4097 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP1_generate 4098 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP1_init 4099 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP3B_process 4100 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP2_generate 4101 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_CTX_new 4102 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_CTX_free 4103 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP3B_release 4104 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP3A_release 4105 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP2_process 4106 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP3B_generate 4107 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP1_process 4108 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP3A_generate 4109 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP2_release 4110 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP3A_init 4111 1_1_0 EXIST::FUNCTION:JPAKE
ERR_load_JPAKE_strings 4112 1_1_0 EXIST::FUNCTION:JPAKE
JPAKE_STEP2_init 4113 1_1_0 EXIST::FUNCTION:JPAKE
pqueue_size 4114 1_1_0 NOEXIST::FUNCTION:
i2d_TS_ACCURACY 4115 1_1_0 EXIST::FUNCTION:
i2d_TS_MSG_IMPRINT_fp 4116 1_1_0 EXIST::FUNCTION:STDIO
i2d_TS_MSG_IMPRINT 4117 1_1_0 EXIST::FUNCTION:

3
util/mk1mf.pl
View File

@ -306,7 +306,6 @@ $cflags.=" -DOPENSSL_NO_ASYNC" if $no_async;
$cflags.=" -DOPENSSL_NO_AUTOALGINIT" if $no_autoalginit;
$cflags.=" -DOPENSSL_NO_AUTOERRINIT" if $no_autoerrinit;
$cflags.=" -DOPENSSL_FIPS" if $fips;
$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
$cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m;
$cflags.= " -DZLIB" if $zlib_opt;
$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
@ -1037,7 +1036,6 @@ sub var_add
return("") if $no_dh && $dir =~ /\/dh/;
return("") if $no_ec && $dir =~ /\/ec/;
return("") if $no_cms && $dir =~ /\/cms/;
return("") if $no_jpake && $dir =~ /\/jpake/;
return("") if !$fips && $dir =~ /^fips/;
if ($no_des && $dir =~ /\/des/)
{
@ -1397,7 +1395,6 @@ sub read_options
"no-ssl3-method" => 0,
"no-srp" => \$no_srp,
"no-cms" => \$no_cms,
"no-jpake" => \$no_jpake,
"no-ec2m" => \$no_ec2m,
"no-ec_nistp_64_gcc_128" => 0,
"no-err" => \$no_err,

3
util/mkdef.pl
View File

@ -102,8 +102,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CAPIENG",
# SSL v3 method
"SSL3_METHOD",
# JPAKE
"JPAKE",
# NEXTPROTONEG
"NEXTPROTONEG",
# Deprecated functions
@ -293,7 +291,6 @@ $crypto.=" include/openssl/ocsp.h";
$crypto.=" include/openssl/ui.h";
#$crypto.=" include/openssl/store.h";
$crypto.=" include/openssl/cms.h";
$crypto.=" include/openssl/jpake.h";
$crypto.=" include/openssl/srp.h";
$crypto.=" include/openssl/modes.h";
$crypto.=" include/openssl/async.h";

1
util/mkfiles.pl
View File

@ -48,7 +48,6 @@ my @dirs = (
"crypto/x509v3",
"crypto/cms",
"crypto/conf",
"crypto/jpake",
"crypto/txt_db",
"crypto/pkcs7",
"crypto/pkcs12",