102 lines
3.9 KiB
C++
102 lines
3.9 KiB
C++
/*
|
|
Copyright (c) 2009-2010 Christopher A. Taylor. All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions are met:
|
|
|
|
* Redistributions of source code must retain the above copyright notice,
|
|
this list of conditions and the following disclaimer.
|
|
* Redistributions in binary form must reproduce the above copyright notice,
|
|
this list of conditions and the following disclaimer in the documentation
|
|
and/or other materials provided with the distribution.
|
|
* Neither the name of LibCat nor the names of its contributors may be used
|
|
to endorse or promote products derived from this software without
|
|
specific prior written permission.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
|
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#ifndef CAT_KEY_AGREEMENT_INITIATOR_HPP
|
|
#define CAT_KEY_AGREEMENT_INITIATOR_HPP
|
|
|
|
#include <cat/crypt/tunnel/KeyAgreement.hpp>
|
|
#include <cat/crypt/tunnel/AuthenticatedEncryption.hpp>
|
|
|
|
namespace cat {
|
|
|
|
|
|
class CAT_EXPORT KeyAgreementInitiator : public KeyAgreementCommon
|
|
{
|
|
Leg *B; // Responder's public key (pre-shared with initiator)
|
|
Leg *a; // Initiator's private key (kept secret)
|
|
Leg *A; // Initiator's public key (shared with responder in Challenge message)
|
|
Leg *hB; // h*B
|
|
Leg *G_MultPrecomp; // Precomputed table for multiplication
|
|
Leg *B_MultPrecomp; // Precomputed table for multiplication
|
|
Leg *Y_MultPrecomp; // Precomputed table for multiplication
|
|
Leg *A_neutral; // Endian-neutral A
|
|
Leg *B_neutral; // Endian-neutral B
|
|
|
|
// Identity data
|
|
Leg *I_private; // Initiator's identity private key
|
|
Leg *I_public; // Endian-neutral initiator's identity public key
|
|
|
|
bool AllocateMemory();
|
|
void FreeMemory();
|
|
|
|
public:
|
|
KeyAgreementInitiator();
|
|
~KeyAgreementInitiator();
|
|
|
|
bool Initialize(BigTwistedEdwards *math,
|
|
const u8 *responder_public_key, int public_bytes);
|
|
|
|
// Call after Initialize()
|
|
bool SetIdentity(BigTwistedEdwards *math,
|
|
const u8 *initiator_public_key, int public_bytes,
|
|
const u8 *initiator_private_key, int private_bytes);
|
|
|
|
public:
|
|
bool GenerateChallenge(BigTwistedEdwards *math, FortunaOutput *csprng,
|
|
u8 *initiator_challenge, int challenge_bytes);
|
|
|
|
bool ProcessAnswer(BigTwistedEdwards *math,
|
|
const u8 *responder_answer, int answer_bytes,
|
|
Skein *key_hash);
|
|
|
|
// Will fail if SetIdentity() has not been called
|
|
bool ProcessAnswerWithIdentity(BigTwistedEdwards *math, FortunaOutput *csprng,
|
|
const u8 *responder_answer, int answer_bytes,
|
|
Skein *key_hash,
|
|
u8 *identity_proof, int proof_bytes);
|
|
|
|
CAT_INLINE bool KeyEncryption(Skein *key_hash, AuthenticatedEncryption *auth_enc, const char *key_name)
|
|
{
|
|
return auth_enc->SetKey(KeyBytes, key_hash, true, key_name);
|
|
}
|
|
|
|
// Erase the private key after handshake completes
|
|
// Also done as this object is destroyed
|
|
void SecureErasePrivateKey();
|
|
|
|
public:
|
|
bool Verify(BigTwistedEdwards *math,
|
|
const u8 *message, int message_bytes,
|
|
const u8 *signature, int signature_bytes);
|
|
};
|
|
|
|
|
|
} // namespace cat
|
|
|
|
#endif // CAT_KEY_AGREEMENT_INITIATOR_HPP
|