kris
/
boringssl
1
0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
3155 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tag: 867bcba05d
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 867bcba05d
${ noResults }
boringssl/include/openssl/curve25519.h

173 linhas
7.2 KiB
Original Anotar Histórico 

  1. /* Copyright (c) 2015, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #ifndef OPENSSL_HEADER_CURVE25519_H

  16. #define OPENSSL_HEADER_CURVE25519_H

  17. 

  18. #include <openssl/base.h>

  19. 

  20. #if defined(__cplusplus)

  21. extern "C" {

  22. #endif

  23. 

  24. 

  25. /* Curve25519.

  26.  *

  27.  * Curve25519 is an elliptic curve. See https://tools.ietf.org/html/rfc7748. */

  28. 

  29. 

  30. /* X25519.

  31.  *

  32.  * X25519 is the Diffie-Hellman primitive built from curve25519. It is

  33.  * sometimes referred to as “curve25519”, but “X25519” is a more precise name.

  34.  * See http://cr.yp.to/ecdh.html and https://tools.ietf.org/html/rfc7748. */

  35. 

  36. /* X25519_keypair sets |out_public_value| and |out_private_key| to a freshly

  37.  * generated, public–private key pair. */

  38. OPENSSL_EXPORT void X25519_keypair(uint8_t out_public_value[32],

  39.                                    uint8_t out_private_key[32]);

  40. 

  41. /* X25519 writes a shared key to |out_shared_key| that is calculated from the

  42.  * given private key and the peer's public value. It returns one on success and

  43.  * zero on error.

  44.  *

  45.  * Don't use the shared key directly, rather use a KDF and also include the two

  46.  * public values as inputs. */

  47. OPENSSL_EXPORT int X25519(uint8_t out_shared_key[32],

  48.                           const uint8_t private_key[32],

  49.                           const uint8_t peers_public_value[32]);

  50. 

  51. /* X25519_public_from_private calculates a Diffie-Hellman public value from the

  52.  * given private key and writes it to |out_public_value|. */

  53. OPENSSL_EXPORT void X25519_public_from_private(uint8_t out_public_value[32],

  54.                                                const uint8_t private_key[32]);

  55. 

  56. 

  57. /* Ed25519.

  58.  *

  59.  * Ed25519 is a signature scheme using a twisted-Edwards curve that is

  60.  * birationally equivalent to curve25519. */

  61. 

  62. #define ED25519_PRIVATE_KEY_LEN 64

  63. #define ED25519_PUBLIC_KEY_LEN 32

  64. #define ED25519_SIGNATURE_LEN 64

  65. 

  66. /* ED25519_keypair sets |out_public_key| and |out_private_key| to a freshly

  67.  * generated, public–private key pair. */

  68. OPENSSL_EXPORT void ED25519_keypair(uint8_t out_public_key[32],

  69.                                     uint8_t out_private_key[64]);

  70. 

  71. /* ED25519_sign sets |out_sig| to be a signature of |message_len| bytes from

  72.  * |message| using |private_key|. It returns one on success or zero on

  73.  * error. */

  74. OPENSSL_EXPORT int ED25519_sign(uint8_t out_sig[64], const uint8_t *message,

  75.                                 size_t message_len,

  76.                                 const uint8_t private_key[64]);

  77. 

  78. /* ED25519_verify returns one iff |signature| is a valid signature, by

  79.  * |public_key| of |message_len| bytes from |message|. It returns zero

  80.  * otherwise. */

  81. OPENSSL_EXPORT int ED25519_verify(const uint8_t *message, size_t message_len,

  82.                                   const uint8_t signature[64],

  83.                                   const uint8_t public_key[32]);

  84. 

  85. 

  86. /* SPAKE2.

  87.  *

  88.  * SPAKE2 is a password-authenticated key-exchange. It allows two parties,

  89.  * who share a low-entropy secret (i.e. password), to agree on a shared key.

  90.  * An attacker can only make one guess of the password per execution of the

  91.  * protocol.

  92.  *

  93.  * See https://tools.ietf.org/html/draft-irtf-cfrg-spake2-02. */

  94. 

  95. /* spake2_role_t enumerates the different “roles” in SPAKE2. The protocol

  96.  * requires that the symmetry of the two parties be broken so one participant

  97.  * must be “Alice” and the other be “Bob”. */

  98. enum spake2_role_t {

  99.   spake2_role_alice,

  100.   spake2_role_bob,

  101. };

  102. 

  103. /* SPAKE2_CTX_new creates a new |SPAKE2_CTX| (which can only be used for a

  104.  * single execution of the protocol). SPAKE2 requires the symmetry of the two

  105.  * parties to be broken which is indicated via |my_role| – each party must pass

  106.  * a different value for this argument.

  107.  *

  108.  * The |my_name| and |their_name| arguments allow optional, opaque names to be

  109.  * bound into the protocol. For example MAC addresses, hostnames, usernames

  110.  * etc. These values are not exposed and can avoid context-confusion attacks

  111.  * when a password is shared between several devices. */

  112. OPENSSL_EXPORT SPAKE2_CTX *SPAKE2_CTX_new(

  113.     enum spake2_role_t my_role,

  114.     const uint8_t *my_name, size_t my_name_len,

  115.     const uint8_t *their_name, size_t their_name_len);

  116. 

  117. /* SPAKE2_CTX_free frees |ctx| and all the resources that it has allocated. */

  118. OPENSSL_EXPORT void SPAKE2_CTX_free(SPAKE2_CTX *ctx);

  119. 

  120. /* SPAKE2_MAX_MSG_SIZE is the maximum size of a SPAKE2 message. */

  121. #define SPAKE2_MAX_MSG_SIZE 32

  122. 

  123. /* SPAKE2_generate_msg generates a SPAKE2 message given |password|, writes

  124.  * it to |out| and sets |*out_len| to the number of bytes written.

  125.  *

  126.  * At most |max_out_len| bytes are written to |out| and, in order to ensure

  127.  * success, |max_out_len| should be at least |SPAKE2_MAX_MSG_SIZE| bytes.

  128.  *

  129.  * This function can only be called once for a given |SPAKE2_CTX|.

  130.  *

  131.  * It returns one on success and zero on error. */

  132. OPENSSL_EXPORT int SPAKE2_generate_msg(SPAKE2_CTX *ctx, uint8_t *out,

  133.                                        size_t *out_len, size_t max_out_len,

  134.                                        const uint8_t *password,

  135.                                        size_t password_len);

  136. 

  137. /* SPAKE2_MAX_KEY_SIZE is the maximum amount of key material that SPAKE2 will

  138.  * produce. */

  139. #define SPAKE2_MAX_KEY_SIZE 64

  140. 

  141. /* SPAKE2_process_msg completes the SPAKE2 exchange given the peer's message in

  142.  * |their_msg|, writes at most |max_out_key_len| bytes to |out_key| and sets

  143.  * |*out_key_len| to the number of bytes written.

  144.  *

  145.  * The resulting keying material is suitable for:

  146.  *   a) Using directly in a key-confirmation step: i.e. each side could

  147.  *      transmit a hash of their role, a channel-binding value and the key

  148.  *      material to prove to the other side that they know the shared key.

  149.  *   b) Using as input keying material to HKDF to generate a variety of subkeys

  150.  *      for encryption etc.

  151.  *

  152.  * If |max_out_key_key| is smaller than the amount of key material generated

  153.  * then the key is silently truncated. If you want to ensure that no truncation

  154.  * occurs then |max_out_key| should be at least |SPAKE2_MAX_KEY_SIZE|.

  155.  *

  156.  * You must call |SPAKE2_generate_msg| on a given |SPAKE2_CTX| before calling

  157.  * this function. On successful return, |ctx| is complete and calling

  158.  * |SPAKE2_CTX_free| is the only acceptable operation on it.

  159.  *

  160.  * Returns one on success or zero on error. */

  161. OPENSSL_EXPORT int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key,

  162.                                       size_t *out_key_len,

  163.                                       size_t max_out_key_len,

  164.                                       const uint8_t *their_msg,

  165.                                       size_t their_msg_len);

  166. 

  167. 

  168. #if defined(__cplusplus)

  169. }  /* extern C */

  170. #endif

  171. 

  172. #endif  /* OPENSSL_HEADER_CURVE25519_H */