generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Distinguish public/private data more clearly.

Browse Source
This commit is contained in:
Ben Laurie
2008-10-20 09:26:04 +00:00
parent 5790921aea
commit cc40dcce58
1 changed files with 53 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
demos/jpake/jpakedemo.c
View File

@@ -64,21 +64,26 @@ typedef struct
JPakeZKP zkpxbs; // ZKP(xb * s) JPakeZKP zkpxbs; // ZKP(xb * s)
} JPakeStep2; } JPakeStep2;
typedef struct
{
const char *name; // Must be unique
int base; // 1 for Alice, 3 for Bob. Only used for printing stuff.
JPakeStep1 s1c; // Alice's g^x3, ZKP(x3) or Bob's g^x1, ZKP(x1)
JPakeStep1 s1d; // Alice's g^x4, ZKP(x4) or Bob's g^x2, ZKP(x2)
JPakeStep2 s2; // Alice's A, ZKP(x2 * s) or Bob's B, ZKP(x4 * s)
} JPakeUserPublic;
/* /*
* The user structure. In the definition, (xa, xb, xc, xd) are Alice's * The user structure. In the definition, (xa, xb, xc, xd) are Alice's
* (x1, x2, x3, x4) or Bob's (x3, x4, x1, x2). If you see what I mean. * (x1, x2, x3, x4) or Bob's (x3, x4, x1, x2). If you see what I mean.
*/ */
typedef struct typedef struct
{ {
const char *name; // Must be unique JPakeUserPublic p;
int base; // 1 for Alice, 3 for Bob. Only used for printing stuff.
BIGNUM *secret; // The shared secret BIGNUM *secret; // The shared secret
BIGNUM *key; // The calculated (shared) key BIGNUM *key; // The calculated (shared) key
BIGNUM *xa; // Alice's x1 or Bob's x3 BIGNUM *xa; // Alice's x1 or Bob's x3
BIGNUM *xb; // Alice's x2 or Bob's x4 BIGNUM *xb; // Alice's x2 or Bob's x4
JPakeStep1 s1c; // Alice's g^x3, ZKP(x3) or Bob's g^x1, ZKP(x1)
JPakeStep1 s1d; // Alice's g^x4, ZKP(x4) or Bob's g^x2, ZKP(x2)
JPakeStep2 s2; // Alice's A, ZKP(x2 * s) or Bob's B, ZKP(x4 * s)
} JPakeUser; } JPakeUser;
// Generate each party's random numbers. xa is in [0, q), xb is in [1, q). // Generate each party's random numbers. xa is in [0, q), xb is in [1, q).
@@ -105,9 +110,9 @@ static void genrand(JPakeUser *user, const JPakeParameters *params)
BN_free(qm1); BN_free(qm1);
// Show // Show
printf("x%d", user->base); printf("x%d", user->p.base);
showbn("", user->xa); showbn("", user->xa);
printf("x%d", user->base+1); printf("x%d", user->p.base+1);
showbn("", user->xb); showbn("", user->xb);
} }
@@ -141,7 +146,7 @@ static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
// h=hash(g, g^r, g^x, name) // h=hash(g, g^r, g^x, name)
static void zkpHash(BIGNUM *h, const JPakeZKP *zkp, const BIGNUM *gx, static void zkpHash(BIGNUM *h, const JPakeZKP *zkp, const BIGNUM *gx,
const JPakeUser *from, const JPakeParameters *params) const JPakeUserPublic *from, const JPakeParameters *params)
{ {
unsigned char md[SHA_DIGEST_LENGTH]; unsigned char md[SHA_DIGEST_LENGTH];
SHA_CTX sha; SHA_CTX sha;
@@ -179,7 +184,7 @@ static void CreateZKP(JPakeZKP *zkp, const BIGNUM *x, const JPakeUser *us,
BN_mod_exp(gx, zkpg, x, params->p, params->ctx); BN_mod_exp(gx, zkpg, x, params->p, params->ctx);
// h=hash... // h=hash...
zkpHash(h, zkp, gx, us, params); zkpHash(h, zkp, gx, &us->p, params);
// b = r - x*h // b = r - x*h
BN_mod_mul(t, x, h, params->q, params->ctx); BN_mod_mul(t, x, h, params->q, params->ctx);
@@ -200,9 +205,9 @@ static void CreateZKP(JPakeZKP *zkp, const BIGNUM *x, const JPakeUser *us,
BN_free(r); BN_free(r);
} }
static int VerifyZKP(const JPakeZKP *zkp, BIGNUM *x, const JPakeUser *them, static int VerifyZKP(const JPakeZKP *zkp, BIGNUM *x,
const BIGNUM *zkpg, const JPakeParameters *params, const JPakeUserPublic *them, const BIGNUM *zkpg,
int n, const char *suffix) const JPakeParameters *params, int n, const char *suffix)
{ {
BIGNUM *h = BN_new(); BIGNUM *h = BN_new();
BIGNUM *t1 = BN_new(); BIGNUM *t1 = BN_new();
@@ -253,35 +258,35 @@ static void sendstep1_substep(JPakeStep1 *s1, const BIGNUM *x,
CreateZKP(&s1->zkpx, x, us, params->g, params, n, ""); CreateZKP(&s1->zkpx, x, us, params->g, params, n, "");
} }
static void sendstep1(const JPakeUser *us, JPakeUser *them, static void sendstep1(const JPakeUser *us, JPakeUserPublic *them,
const JPakeParameters *params) const JPakeParameters *params)
{ {
printf("\n%s sends %s:\n\n", us->name, them->name); printf("\n%s sends %s:\n\n", us->p.name, them->name);
// from's g^xa (which becomes to's g^xc) and ZKP(xa) // from's g^xa (which becomes to's g^xc) and ZKP(xa)
sendstep1_substep(&them->s1c, us->xa, us, params, us->base); sendstep1_substep(&them->s1c, us->xa, us, params, us->p.base);
// from's g^xb (which becomes to's g^xd) and ZKP(xb) // from's g^xb (which becomes to's g^xd) and ZKP(xb)
sendstep1_substep(&them->s1d, us->xb, us, params, us->base+1); sendstep1_substep(&them->s1d, us->xb, us, params, us->p.base+1);
} }
static int verifystep1(const JPakeUser *us, const JPakeUser *them, static int verifystep1(const JPakeUser *us, const JPakeUserPublic *them,
const JPakeParameters *params) const JPakeParameters *params)
{ {
printf("\n%s verifies %s:\n\n", us->name, them->name); printf("\n%s verifies %s:\n\n", us->p.name, them->name);
// verify their ZKP(xc) // verify their ZKP(xc)
if(!VerifyZKP(&us->s1c.zkpx, us->s1c.gx, them, params->g, params, if(!VerifyZKP(&us->p.s1c.zkpx, us->p.s1c.gx, them, params->g, params,
them->base, "")) them->base, ""))
return 0; return 0;
// verify their ZKP(xd) // verify their ZKP(xd)
if(!VerifyZKP(&us->s1d.zkpx, us->s1d.gx, them, params->g, params, if(!VerifyZKP(&us->p.s1d.zkpx, us->p.s1d.gx, them, params->g, params,
them->base+1, "")) them->base+1, ""))
return 0; return 0;
// g^xd != 1 // g^xd != 1
printf(" g^{x%d} != 1: ", them->base+1); printf(" g^{x%d} != 1: ", them->base+1);
if(BN_is_one(us->s1d.gx)) if(BN_is_one(us->p.s1d.gx))
{ {
puts("FAIL"); puts("FAIL");
return 0; return 0;
@@ -291,21 +296,21 @@ static int verifystep1(const JPakeUser *us, const JPakeUser *them,
return 1; return 1;
} }
static void sendstep2(const JPakeUser *us, JPakeUser *them, static void sendstep2(const JPakeUser *us, JPakeUserPublic *them,
const JPakeParameters *params) const JPakeParameters *params)
{ {
BIGNUM *t1 = BN_new(); BIGNUM *t1 = BN_new();
BIGNUM *t2 = BN_new(); BIGNUM *t2 = BN_new();
printf("\n%s sends %s:\n\n", us->name, them->name); printf("\n%s sends %s:\n\n", us->p.name, them->name);
// X = g^{(xa + xc + xd) * xb * s} // X = g^{(xa + xc + xd) * xb * s}
// t1 = g^xa // t1 = g^xa
BN_mod_exp(t1, params->g, us->xa, params->p, params->ctx); BN_mod_exp(t1, params->g, us->xa, params->p, params->ctx);
// t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} // t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc}
BN_mod_mul(t2, t1, us->s1c.gx, params->p, params->ctx); BN_mod_mul(t2, t1, us->p.s1c.gx, params->p, params->ctx);
// t1 = t2 * g^{xd} = g^{xa + xc + xd} // t1 = t2 * g^{xd} = g^{xa + xc + xd}
BN_mod_mul(t1, t2, us->s1d.gx, params->p, params->ctx); BN_mod_mul(t1, t2, us->p.s1d.gx, params->p, params->ctx);
// t2 = xb * s // t2 = xb * s
BN_mod_mul(t2, us->xb, us->secret, params->q, params->ctx); BN_mod_mul(t2, us->xb, us->secret, params->q, params->ctx);
// X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s} // X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
@@ -313,8 +318,8 @@ static void sendstep2(const JPakeUser *us, JPakeUser *them,
BN_mod_exp(them->s2.X, t1, t2, params->p, params->ctx); BN_mod_exp(them->s2.X, t1, t2, params->p, params->ctx);
// Show // Show
printf(" g^{(x%d + x%d + x%d) * x%d * s)", us->base, them->base, printf(" g^{(x%d + x%d + x%d) * x%d * s)", us->p.base, them->base,
them->base+1, us->base+1); them->base+1, us->p.base+1);
showbn("", them->s2.X); showbn("", them->s2.X);
// ZKP(xb * s) // ZKP(xb * s)
@@ -322,22 +327,22 @@ static void sendstep2(const JPakeUser *us, JPakeUser *them,
// //
// g' = g^{xa + xc + xd} // g' = g^{xa + xc + xd}
// //
// as the generator, which means B is g'^{xb * s} // as the generator, which means X is g'^{xb * s}
CreateZKP(&them->s2.zkpxbs, t2, us, t1, params, us->base+1, " * s"); CreateZKP(&them->s2.zkpxbs, t2, us, t1, params, us->p.base+1, " * s");
// cleanup // cleanup
BN_free(t1); BN_free(t1);
BN_free(t2); BN_free(t2);
} }
static int verifystep2(const JPakeUser *us, const JPakeUser *them, static int verifystep2(const JPakeUser *us, const JPakeUserPublic *them,
const JPakeParameters *params) const JPakeParameters *params)
{ {
BIGNUM *t1 = BN_new(); BIGNUM *t1 = BN_new();
BIGNUM *t2 = BN_new(); BIGNUM *t2 = BN_new();
int ret = 0; int ret = 0;
printf("\n%s verifies %s:\n\n", us->name, them->name); printf("\n%s verifies %s:\n\n", us->p.name, them->name);
// g' = g^{xc + xa + xb} [from our POV] // g' = g^{xc + xa + xb} [from our POV]
// t1 = xa + xb // t1 = xa + xb
@@ -345,9 +350,9 @@ static int verifystep2(const JPakeUser *us, const JPakeUser *them,
// t2 = g^{t1} = g^{xa+xb} // t2 = g^{t1} = g^{xa+xb}
BN_mod_exp(t2, params->g, t1, params->p, params->ctx); BN_mod_exp(t2, params->g, t1, params->p, params->ctx);
// t1 = g^{xc} * t2 = g^{xc + xa + xb} // t1 = g^{xc} * t2 = g^{xc + xa + xb}
BN_mod_mul(t1, us->s1c.gx, t2, params->p, params->ctx); BN_mod_mul(t1, us->p.s1c.gx, t2, params->p, params->ctx);
if(VerifyZKP(&us->s2.zkpxbs, us->s2.X, them, t1, params, them->base+1, if(VerifyZKP(&us->p.s2.zkpxbs, us->p.s2.X, them, t1, params, them->base+1,
" * s")) " * s"))
ret = 1; ret = 1;
@@ -364,7 +369,7 @@ static void computekey(JPakeUser *us, const JPakeParameters *params)
BIGNUM *t2 = BN_new(); BIGNUM *t2 = BN_new();
BIGNUM *t3 = BN_new(); BIGNUM *t3 = BN_new();
printf("\n%s calculates the shared key:\n\n", us->name); printf("\n%s calculates the shared key:\n\n", us->p.name);
// K = (X/g^{xb * xd * s})^{xb} // K = (X/g^{xb * xd * s})^{xb}
// = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb} // = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
@@ -373,13 +378,13 @@ static void computekey(JPakeUser *us, const JPakeParameters *params)
// [which is the same regardless of who calculates it] // [which is the same regardless of who calculates it]
// t1 = (g^{xd})^{xb} = g^{xb * xd} // t1 = (g^{xd})^{xb} = g^{xb * xd}
BN_mod_exp(t1, us->s1d.gx, us->xb, params->p, params->ctx); BN_mod_exp(t1, us->p.s1d.gx, us->xb, params->p, params->ctx);
// t2 = -s = q-s // t2 = -s = q-s
BN_sub(t2, params->q, us->secret); BN_sub(t2, params->q, us->secret);
// t3 = t1^t2 = g^{-xb * xd * s} // t3 = t1^t2 = g^{-xb * xd * s}
BN_mod_exp(t3, t1, t2, params->p, params->ctx); BN_mod_exp(t3, t1, t2, params->p, params->ctx);
// t1 = X * t3 = X/g^{xb * xd * s} // t1 = X * t3 = X/g^{xb * xd * s}
BN_mod_mul(t1, us->s2.X, t3, params->p, params->ctx); BN_mod_mul(t1, us->p.s2.X, t3, params->p, params->ctx);
// K = t1^{xb} // K = t1^{xb}
us->key = BN_new(); us->key = BN_new();
BN_mod_exp(us->key, t1, us->xb, params->p, params->ctx); BN_mod_exp(us->key, t1, us->xb, params->p, params->ctx);
@@ -398,10 +403,10 @@ int main(int argc, char **argv)
JPakeParameters params; JPakeParameters params;
JPakeUser alice, bob; JPakeUser alice, bob;
alice.name = "Alice"; alice.p.name = "Alice";
alice.base = 1; alice.p.base = 1;
bob.name = "Bob"; bob.p.name = "Bob";
bob.base = 3; bob.p.base = 3;
JPakeParametersInit(&params); JPakeParametersInit(&params);
@@ -420,23 +425,23 @@ int main(int argc, char **argv)
genrand(&bob, &params); genrand(&bob, &params);
// Now send stuff to each other... // Now send stuff to each other...
sendstep1(&alice, &bob, &params); sendstep1(&alice, &bob.p, &params);
sendstep1(&bob, &alice, &params); sendstep1(&bob, &alice.p, &params);
// And verify what each other sent // And verify what each other sent
if(!verifystep1(&alice, &bob, &params)) if(!verifystep1(&alice, &bob.p, &params))
return 1; return 1;
if(!verifystep1(&bob, &alice, &params)) if(!verifystep1(&bob, &alice.p, &params))
return 2; return 2;
// Second send // Second send
sendstep2(&alice, &bob, &params); sendstep2(&alice, &bob.p, &params);
sendstep2(&bob, &alice, &params); sendstep2(&bob, &alice.p, &params);
// And second verify // And second verify
if(!verifystep2(&alice, &bob, &params)) if(!verifystep2(&alice, &bob.p, &params))
return 3; return 3;
if(!verifystep2(&bob, &alice, &params)) if(!verifystep2(&bob, &alice.p, &params))
return 4; return 4;
// Compute common key // Compute common key