Skip to content

Commit

Permalink
[mod] added opaque_ prefix to public pake fns
Browse files Browse the repository at this point in the history
  • Loading branch information
@stef
stef committed Mar 14, 2018
1 parent 4238b40 commit d3a155e
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 54 deletions.
32 changes: 16 additions & 16 deletions src/pake.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
#include <sodium/utils.h>

// server shares pk as P_s with client_init
void server_init(uint8_t *p_s, uint8_t *P_s) {
void opaque_server_init(uint8_t *p_s, uint8_t *P_s) {
randombytes(p_s, DECAF_X25519_PRIVATE_BYTES); // random secret key
decaf_x25519_derive_public_key(P_s, p_s);
}
Expand Down Expand Up @@ -65,8 +65,8 @@ static void oprf(const uint8_t *x, const size_t x_len, const uint8_t *k, uint8_t
}

// sends c, C, k_s , P_u , m_u to server
void client_init(const uint8_t *rwd, const size_t rwd_len, const uint8_t *P_s, // input params
uint8_t k_s[32], uint8_t c[32], uint8_t C[32], uint8_t P_u[32], uint8_t m_u[32]) { // output params
void opaque_client_init(const uint8_t *rwd, const size_t rwd_len, const uint8_t *P_s, // input params
uint8_t k_s[32], uint8_t c[32], uint8_t C[32], uint8_t P_u[32], uint8_t m_u[32]) { // output params
uint8_t z[32], tmp[32];
// U chooses z ∈_R {0, 1}^τ
randombytes(z, 32);
Expand Down Expand Up @@ -113,9 +113,9 @@ void client_init(const uint8_t *rwd, const size_t rwd_len, const uint8_t *P_s,
}

// done by user
void start_pake(const uint8_t *rwd, const size_t rwd_len, // input params
uint8_t alpha[32], uint8_t x_u[32], // output params
uint8_t X_u[32], uint8_t sp[32]) {
void opaque_start_pake(const uint8_t *rwd, const size_t rwd_len, // input params
uint8_t alpha[32], uint8_t x_u[32], // output params
uint8_t X_u[32], uint8_t sp[32]) {
// choose ρ, x_u ← Z_q
randombytes(sp, 32);
decaf_255_scalar_t p;
Expand Down Expand Up @@ -173,11 +173,11 @@ static int server_kex(uint8_t *mk, const uint8_t ix[32], const uint8_t ex[32], c
// c, C, P_u , m_u, (received from U in init)
// P_s (from server init),
// X_s (from here)
int server_pake(const uint8_t alpha[32], const uint8_t X_u[32], // input params
const uint8_t k_s[32], const uint8_t P_u[32],
const uint8_t p_s[32],
uint8_t beta[32], uint8_t X_s[32], // output params
uint8_t SK[DECAF_X25519_PUBLIC_BYTES]) { // this is the final result: shared secret from the PAKE
int opaque_server_pake(const uint8_t alpha[32], const uint8_t X_u[32], // input params
const uint8_t k_s[32], const uint8_t P_u[32],
const uint8_t p_s[32],
uint8_t beta[32], uint8_t X_s[32], // output params
uint8_t SK[DECAF_X25519_PUBLIC_BYTES]) { // this is the final result: shared secret from the PAKE
decaf_255_point_t Alpha;
if(DECAF_SUCCESS!=decaf_255_point_decode(Alpha, alpha, DECAF_FALSE)) return 1;

Expand Down Expand Up @@ -221,11 +221,11 @@ static int user_kex(uint8_t *mk, const uint8_t ix[32], const uint8_t ex[32], con
return 0;
}

int user_pake(const uint8_t *rwd, const size_t rwd_len, const uint8_t sp[32],
const uint8_t x_u[32], const uint8_t beta[32], const uint8_t c[32],
const uint8_t C[32], const uint8_t P_u[32], const uint8_t m_u[32],
const uint8_t P_s[32], const uint8_t X_s[32],
uint8_t SK[DECAF_X25519_PUBLIC_BYTES]) {
int opaque_user_pake(const uint8_t *rwd, const size_t rwd_len, const uint8_t sp[32],
const uint8_t x_u[32], const uint8_t beta[32], const uint8_t c[32],
const uint8_t C[32], const uint8_t P_u[32], const uint8_t m_u[32],
const uint8_t P_s[32], const uint8_t X_s[32],
uint8_t SK[DECAF_X25519_PUBLIC_BYTES]) {
// note: β, c, C, P_u , m_u , P_s , X_s are sent by server_pake
// sp(==p) is from start_pake
// Sets z = c ⊕ H(rwd, β^(1/ρ)), r = f_z(0), p_u = f_z (1) mod q.
Expand Down
34 changes: 17 additions & 17 deletions src/pake.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,23 +12,23 @@ typedef struct {
uint8_t k_s[32];
uint8_t P_u[32]; // users Identity pubkey
uint8_t m_u[32];
} __attribute((packed)) UserRecord;
} __attribute((packed)) Opaque_UserRecord;

void server_init(uint8_t *p_s, uint8_t *P_s);
void client_init(const uint8_t *rwd, const size_t rwd_len, const uint8_t *P_s, // input params
uint8_t k_s[32], uint8_t c[32], uint8_t C[32], uint8_t P_u[32], uint8_t m_u[32]);
void start_pake(const uint8_t *rwd, const size_t rwd_len, // input params
uint8_t alpha[32], uint8_t x_u[32], // output params
uint8_t X_u[32], uint8_t sp[32]);
int server_pake(const uint8_t alpha[32], const uint8_t X_u[32], // input params
const uint8_t k_s[32], const uint8_t P_u[32],
const uint8_t p_s[32],
uint8_t beta[32], uint8_t X_s[32], // output params
uint8_t SK[DECAF_X25519_PUBLIC_BYTES]);
int user_pake(const uint8_t *rwd, const size_t rwd_len, const uint8_t sp[32],
const uint8_t x_u[32], const uint8_t beta[32], const uint8_t c[32],
const uint8_t C[32], const uint8_t P_u[32], const uint8_t m_u[32],
const uint8_t P_s[32], const uint8_t X_s[32],
uint8_t SK[DECAF_X25519_PUBLIC_BYTES]);
void opaque_server_init(uint8_t *p_s, uint8_t *P_s);
void opaque_client_init(const uint8_t *rwd, const size_t rwd_len, const uint8_t *P_s, // input params
uint8_t k_s[32], uint8_t c[32], uint8_t C[32], uint8_t P_u[32], uint8_t m_u[32]);
void opaque_start_pake(const uint8_t *rwd, const size_t rwd_len, // input params
uint8_t alpha[32], uint8_t x_u[32], // output params
uint8_t X_u[32], uint8_t sp[32]);
int opaque_server_pake(const uint8_t alpha[32], const uint8_t X_u[32], // input params
const uint8_t k_s[32], const uint8_t P_u[32],
const uint8_t p_s[32],
uint8_t beta[32], uint8_t X_s[32], // output params
uint8_t SK[DECAF_X25519_PUBLIC_BYTES]);
int opaque_user_pake(const uint8_t *rwd, const size_t rwd_len, const uint8_t sp[32],
const uint8_t x_u[32], const uint8_t beta[32], const uint8_t c[32],
const uint8_t C[32], const uint8_t P_u[32], const uint8_t m_u[32],
const uint8_t P_s[32], const uint8_t X_s[32],
uint8_t SK[DECAF_X25519_PUBLIC_BYTES]);

#endif // pake_h
42 changes: 21 additions & 21 deletions src/tests/pake-test.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,45 +32,45 @@ int main(void) {
// server setup - only done once in the lifetime of a server
uint8_t p_s[DECAF_X25519_PRIVATE_BYTES], // server Identity Secret key
P_s[DECAF_X25519_PUBLIC_BYTES]; // server Identity pubkey
server_init(p_s, P_s);
opaque_server_init(p_s, P_s);
// publish P_s widely so all clients have access to it.

// create user
uint8_t rwd[32]=" "; // FK-PTR output (from sphinx derive), here static for testing only
UserRecord user; // output from user init, stored in server.
client_init(rwd, sizeof rwd, P_s, // input params
user.k_s, user.c, user.C, user.P_u, user.m_u);
Opaque_UserRecord user; // output from user init, stored in server.
opaque_client_init(rwd, sizeof rwd, P_s, // input params
user.k_s, user.c, user.C, user.P_u, user.m_u);

// user initializes a login session with the server
uint8_t alpha[32], // blinded rwd to be sent to server
x_u[32], // users ephemeral secret key
X_u[32], // users ephemeral pubkey
p[32]; // factor used to blind rwd
start_pake(rwd, sizeof rwd, // input params
alpha, x_u, X_u, p); // output params
opaque_start_pake(rwd, sizeof rwd, // input params
alpha, x_u, X_u, p); // output params

// server login function
uint8_t beta[32],
X_s[32], // servers Ephemeral pubkey
SK_s[DECAF_X25519_PUBLIC_BYTES]; // the final result of the PAKE (server-side)
if(0!=server_pake(alpha, X_u, // these come from start_pake done by the user when trying to login
user.k_s, user.P_u, // comes from user rec stored by the server
p_s, // is the servers Identity secret key
beta, X_s, SK_s)) return 1; // output params
if(0!=opaque_server_pake(alpha, X_u, // these come from start_pake done by the user when trying to login
user.k_s, user.P_u, // comes from user rec stored by the server
p_s, // is the servers Identity secret key
beta, X_s, SK_s)) return 1; // output params

// finish login sequence and calculate result of PAKE
uint8_t SK_u[DECAF_X25519_PUBLIC_BYTES]; // final result of the PAKE (user-side)
if(0!=user_pake(rwd, sizeof rwd, // rwd from FK-PTR
p, // blinding factor from users start_pake
x_u, // user ephemeral secret key
beta, // sent from server_pake
user.c, // sent by server from storage
user.C, // sent by server from storage
user.P_u, // sent by server from storage
user.m_u, // sent by server from storage
P_s, // servers Identity pubkey
X_s, // servers Ephemeral pubkey
SK_u)) return 2; // result of the PAKE
if(0!=opaque_user_pake(rwd, sizeof rwd, // rwd from FK-PTR
p, // blinding factor from users start_pake
x_u, // user ephemeral secret key
beta, // sent from server_pake
user.c, // sent by server from storage
user.C, // sent by server from storage
user.P_u, // sent by server from storage
user.m_u, // sent by server from storage
P_s, // servers Identity pubkey
X_s, // servers Ephemeral pubkey
SK_u)) return 2; // result of the PAKE
dump(SK_u,32,"SK_u:");
dump(SK_s,32,"SK_s:");
return 0;
Expand Down

0 comments on commit d3a155e

Please sign in to comment.