diff options
author | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-13 07:00:19 +0000 |
---|---|---|
committer | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-13 07:00:19 +0000 |
commit | 78df46aceb47bbb91eb1c4fed658c87a366129dc (patch) | |
tree | f157058a51d424447a3e6ed39ab2ab14456d1b46 /crypto/p224_spake.cc | |
parent | 291d774464e6532e32d95e5d7b58fd4fe9c0ab40 (diff) | |
download | chromium_src-78df46aceb47bbb91eb1c4fed658c87a366129dc.zip chromium_src-78df46aceb47bbb91eb1c4fed658c87a366129dc.tar.gz chromium_src-78df46aceb47bbb91eb1c4fed658c87a366129dc.tar.bz2 |
Simplify SPAKE2 implementation.
Currently P224EncryptedKeyExchange uses two pieces of secret: password
and session-specific key. They are combined and used together as one
password. It is not really needed and the calling code can do
it when neccessary.
BUG=105214
Review URL: http://codereview.chromium.org/8903001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114189 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto/p224_spake.cc')
-rw-r--r-- | crypto/p224_spake.cc | 40 |
1 files changed, 13 insertions, 27 deletions
diff --git a/crypto/p224_spake.cc b/crypto/p224_spake.cc index 3d83e25..ec0c416 100644 --- a/crypto/p224_spake.cc +++ b/crypto/p224_spake.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -// This code implements SPAKE2, a varient of EKE: +// This code implements SPAKE2, a variant of EKE: // http://www.di.ens.fr/~pointche/pub.php?reference=AbPo04 #include <crypto/p224_spake.h> @@ -96,9 +96,7 @@ const crypto::p224::Point kN = { namespace crypto { P224EncryptedKeyExchange::P224EncryptedKeyExchange( - PeerType peer_type, - const base::StringPiece& password, - const base::StringPiece& session) + PeerType peer_type, const base::StringPiece& password) : state_(kStateInitial), is_server_(peer_type == kPeerTypeServer) { // x_ is a random scalar. @@ -108,26 +106,9 @@ P224EncryptedKeyExchange::P224EncryptedKeyExchange( p224::Point X; p224::ScalarBaseMult(x_, &X); - // The "password" in the SPAKE2 protocol is - // SHA256(P(password) + P(session)) where P is function that prepends a - // uint32, big-endian length prefix. - uint8 password_length[4], session_length[4]; - password_length[0] = password.size() >> 24; - password_length[1] = password.size() >> 16; - password_length[2] = password.size() >> 8; - password_length[3] = password.size(); - session_length[0] = session.size() >> 24; - session_length[1] = session.size() >> 16; - session_length[2] = session.size() >> 8; - session_length[3] = session.size(); - SHA256HashString(std::string(reinterpret_cast<const char *>(password_length), - sizeof(password_length)) + - password.as_string() + - std::string(reinterpret_cast<const char *>(session_length), - sizeof(session_length)) + - session.as_string(), - pw_, - sizeof(pw_)); + // Calculate |password| hash to get SPAKE password value. + SHA256HashString(std::string(password.data(), password.length()), + pw_, sizeof(pw_)); // The client masks the Diffie-Hellman value, X, by adding M**pw and the // server uses N**pw. @@ -200,7 +181,7 @@ P224EncryptedKeyExchange::Result P224EncryptedKeyExchange::ProcessMessage( p224::ScalarMult(Y, x_, &k); // If everything worked out, then K is the same for both parties. - std::string k_str = k.ToString(); + key_ = k.ToString(); std::string client_masked_dh, server_masked_dh; if (is_server_) { @@ -214,9 +195,9 @@ P224EncryptedKeyExchange::Result P224EncryptedKeyExchange::ProcessMessage( // Now we calculate the hashes that each side will use to prove to the other // that they derived the correct value for K. uint8 client_hash[kSHA256Length], server_hash[kSHA256Length]; - CalculateHash(kPeerTypeClient, client_masked_dh, server_masked_dh, k_str, + CalculateHash(kPeerTypeClient, client_masked_dh, server_masked_dh, key_, client_hash); - CalculateHash(kPeerTypeServer, client_masked_dh, server_masked_dh, k_str, + CalculateHash(kPeerTypeServer, client_masked_dh, server_masked_dh, key_, server_hash); const uint8* my_hash = is_server_ ? server_hash : client_hash; @@ -256,4 +237,9 @@ const std::string& P224EncryptedKeyExchange::error() const { return error_; } +const std::string& P224EncryptedKeyExchange::GetKey() { + DCHECK_EQ(state_, kStateDone); + return key_; +} + } // namespace crypto |