/// XK1 ///
///////////
static const u8 xk1_ck0[32] = "Monokex XK1";
-void crypto_kex_xk1_init_client(crypto_kex_ctx *ctx,
- u8 random_seed[32],
- const u8 local_sk [32],
- const u8 local_pk [32],
- const u8 remote_pk [32])
-{
- kex_init (ctx, local_sk, local_pk);
+void crypto_kex_xk1_init_client(crypto_kex_client_ctx *client_ctx,
+ u8 random_seed[32],
+ const u8 client_sk [32],
+ const u8 client_pk [32],
+ const u8 server_pk [32])
+{
+ crypto_kex_ctx *ctx = &(client_ctx->ctx);
+ kex_init (ctx, client_sk, client_pk);
kex_seed (ctx, random_seed);
- kex_receive(ctx, ctx->remote_pk, remote_pk);
+ kex_receive(ctx, ctx->remote_pk, server_pk);
copy32(ctx->chaining_key, xk1_ck0);
}
-void crypto_kex_xk1_init_server(crypto_kex_ctx *ctx,
- u8 random_seed[32],
- const u8 local_sk [32],
- const u8 local_pk [32])
+void crypto_kex_xk1_init_server(crypto_kex_server_ctx *server_ctx,
+ u8 random_seed[32],
+ const u8 server_sk [32],
+ const u8 server_pk [32])
{
- kex_init (ctx, local_sk, local_pk);
+ crypto_kex_ctx *ctx = &(server_ctx->ctx);
+ kex_init (ctx, server_sk, server_pk);
kex_seed (ctx, random_seed);
kex_receive(ctx, ctx->local_pk, ctx->local_pk);
copy32(ctx->chaining_key, xk1_ck0);
}
-void crypto_kex_xk1_1(crypto_kex_ctx *ctx, u8 msg1[32])
+void crypto_kex_xk1_1(crypto_kex_client_ctx *client_ctx,
+ u8 msg1[32])
{
+ crypto_kex_ctx *ctx = &(client_ctx->ctx);
kex_send (ctx, msg1 , ctx->local_pke ); // -> IE
}
-void crypto_kex_xk1_2(crypto_kex_ctx *ctx, u8 msg2[48], const u8 msg1[32])
+void crypto_kex_xk1_2(crypto_kex_server_ctx *server_ctx,
+ u8 msg2[48],
+ const u8 msg1[32])
{
+ crypto_kex_ctx *ctx = &(server_ctx->ctx);
kex_receive (ctx, ctx->remote_pke, msg1 ); // -> IE
kex_send (ctx, msg2 , ctx->local_pke ); // <- RE
kex_update_key(ctx, ctx->local_ske , ctx->remote_pke); // ee
kex_auth (ctx, msg2 + 32); // auth
}
-int crypto_kex_xk1_3(crypto_kex_ctx *ctx,
- u8 session_key[32],
- u8 msg3[48],
- const u8 msg2[48])
+int crypto_kex_xk1_3(crypto_kex_client_ctx *client_ctx,
+ u8 session_key[32],
+ u8 msg3 [48],
+ const u8 msg2 [48])
{
+ crypto_kex_ctx *ctx = &(client_ctx->ctx);
kex_receive (ctx, ctx->remote_pke, msg2 ); // <- RE
kex_update_key(ctx, ctx->local_ske , ctx->remote_pke); // ee
kex_update_key(ctx, ctx->local_ske , ctx->remote_pk ); // es
return 0;
}
-int crypto_kex_xk1_4(crypto_kex_ctx *ctx,
- u8 session_key[32],
- u8 remote_pk[32],
- const u8 msg3[48])
+int crypto_kex_xk1_4(crypto_kex_server_ctx *server_ctx,
+ u8 session_key[32],
+ u8 client_pk [32],
+ const u8 msg3 [48])
{
+ crypto_kex_ctx *ctx = &(server_ctx->ctx);
kex_receive (ctx, ctx->remote_pk , msg3 ); // -> IS
kex_update_key(ctx, ctx->local_ske , ctx->remote_pk ); // se
if (kex_verify(ctx, msg3 + 32)) { return -1; } // verify
- copy32(remote_pk , ctx->remote_pk);
+ copy32(client_pk , ctx->remote_pk);
copy32(session_key, ctx->derived_keys + 32);
WIPE_CTX(ctx);
return 0;
/// X ///
/////////
static const u8 x_ck0[32] = "Monokex X";
-void crypto_kex_x_init_client(crypto_kex_ctx *ctx,
- u8 random_seed[32],
- const u8 local_sk [32],
- const u8 local_pk [32],
- const u8 remote_pk [32])
-{
- kex_init (ctx, local_sk, local_pk);
+void crypto_kex_x_init_client(crypto_kex_client_ctx *client_ctx,
+ u8 random_seed[32],
+ const u8 client_sk [32],
+ const u8 client_pk [32],
+ const u8 server_pk [32])
+{
+ crypto_kex_ctx *ctx = &(client_ctx->ctx);
+ kex_init (ctx, client_sk, client_pk);
kex_seed (ctx, random_seed);
- kex_receive(ctx, ctx->remote_pk, remote_pk);
+ kex_receive(ctx, ctx->remote_pk, server_pk);
copy32(ctx->chaining_key, x_ck0);
}
-void crypto_kex_x_init_server(crypto_kex_ctx *ctx,
- const u8 local_sk[32],
- const u8 local_pk[32])
+void crypto_kex_x_init_server(crypto_kex_server_ctx *server_ctx,
+ const u8 server_sk [32],
+ const u8 server_pk [32])
{
- kex_init (ctx, local_sk, local_pk);
+ crypto_kex_ctx *ctx = &(server_ctx->ctx);
+ kex_init (ctx, server_sk, server_pk);
kex_receive(ctx, ctx->local_pk, ctx->local_pk);
copy32(ctx->chaining_key, x_ck0);
}
-void crypto_kex_x_1(crypto_kex_ctx *ctx, u8 session_key[32], u8 msg1[80])
+void crypto_kex_x_1(crypto_kex_client_ctx *client_ctx,
+ u8 session_key[32],
+ u8 msg1 [80])
{
+ crypto_kex_ctx *ctx = &(client_ctx->ctx);
kex_send (ctx, msg1 , ctx->local_pke ); // -> IE
kex_update_key(ctx, ctx->local_ske , ctx->remote_pk ); // es
kex_send (ctx, msg1 + 32 , ctx->local_pk ); // -> IS
WIPE_CTX(ctx);
}
-int crypto_kex_x_2(crypto_kex_ctx *ctx,
- u8 session_key[32],
- u8 remote_pk [32],
- const u8 msg1 [80])
+int crypto_kex_x_2(crypto_kex_server_ctx *server_ctx,
+ u8 session_key[32],
+ u8 client_pk [32],
+ const u8 msg1 [80])
{
+ crypto_kex_ctx *ctx = &(server_ctx->ctx);
kex_receive (ctx, ctx->remote_pke, msg1 ); // -> IE
kex_update_key(ctx, ctx->local_sk , ctx->remote_pke); // es
kex_receive (ctx, ctx->remote_pk , msg1 + 32 ); // -> IS
kex_update_key(ctx, ctx->local_sk , ctx->remote_pk ); // ss
if (kex_verify(ctx, msg1 + 64)) { return -1; } // verify
- copy32(remote_pk , ctx->remote_pk);
+ copy32(client_pk , ctx->remote_pk);
copy32(session_key, ctx->derived_keys + 32);
WIPE_CTX(ctx);
return 0;
uint8_t remote_pke [32];
size_t transcript_size;
} crypto_kex_ctx;
+typedef struct { crypto_kex_ctx ctx; } crypto_kex_client_ctx;
+typedef struct { crypto_kex_ctx ctx; } crypto_kex_server_ctx;
////////////////////////////
/// High level interface ///
// Secure channel (interactive)
// ----------------------------
-void crypto_kex_xk1_init_client(crypto_kex_ctx *ctx,
- uint8_t random_seed[32],
- const uint8_t local_sk [32],
- const uint8_t local_pk [32],
- const uint8_t remote_pk [32]);
-void crypto_kex_xk1_init_server(crypto_kex_ctx *ctx,
- uint8_t random_seed[32],
- const uint8_t local_sk [32],
- const uint8_t local_pk [32]);
-
-void crypto_kex_xk1_1(crypto_kex_ctx *ctx,
- uint8_t msg1[32]);
-void crypto_kex_xk1_2(crypto_kex_ctx *ctx,
- uint8_t msg2[48],
- const uint8_t msg1[32]);
-int crypto_kex_xk1_3(crypto_kex_ctx *ctx,
- uint8_t session_key[32],
- uint8_t msg3 [48],
- const uint8_t msg2 [48]);
-int crypto_kex_xk1_4(crypto_kex_ctx *ctx,
- uint8_t session_key[32],
- uint8_t remote_pk [32],
- const uint8_t msg3 [48]);
+void crypto_kex_xk1_init_client(crypto_kex_client_ctx *client_ctx,
+ uint8_t random_seed[32],
+ const uint8_t client_sk [32],
+ const uint8_t client_pk [32],
+ const uint8_t server_pk [32]);
+void crypto_kex_xk1_init_server(crypto_kex_server_ctx *server_ctx,
+ uint8_t random_seed[32],
+ const uint8_t server_sk [32],
+ const uint8_t server_pk [32]);
+void crypto_kex_xk1_1(crypto_kex_client_ctx *client_ctx,
+ uint8_t msg1[32]);
+void crypto_kex_xk1_2(crypto_kex_server_ctx *server_ctx,
+ uint8_t msg2[48],
+ const uint8_t msg1[32]);
+int crypto_kex_xk1_3(crypto_kex_client_ctx *client_ctx,
+ uint8_t session_key[32],
+ uint8_t msg3 [48],
+ const uint8_t msg2 [48]);
+int crypto_kex_xk1_4(crypto_kex_server_ctx *server_ctx,
+ uint8_t session_key[32],
+ uint8_t client_pk [32],
+ const uint8_t msg3 [48]);
// Secure channel (one way)
// ------------------------
-void crypto_kex_x_init_client(crypto_kex_ctx *ctx,
- uint8_t random_seed[32],
- const uint8_t local_sk [32],
- const uint8_t local_pk [32],
- const uint8_t remote_pk [32]);
-void crypto_kex_x_init_server(crypto_kex_ctx *ctx,
- const uint8_t local_sk [32],
- const uint8_t local_pk [32]);
-void crypto_kex_x_1(crypto_kex_ctx *ctx,
- uint8_t session_key[32],
- uint8_t msg1 [80]);
-int crypto_kex_x_2(crypto_kex_ctx *ctx,
- uint8_t session_key[32],
- uint8_t remote_pk [32],
- const uint8_t msg1 [80]);
+void crypto_kex_x_init_client(crypto_kex_client_ctx *client_ctx,
+ uint8_t random_seed[32],
+ const uint8_t client_sk [32],
+ const uint8_t client_pk [32],
+ const uint8_t server_pk [32]);
+void crypto_kex_x_init_server(crypto_kex_server_ctx *server_ctx,
+ const uint8_t server_sk [32],
+ const uint8_t server_pk [32]);
+void crypto_kex_x_1(crypto_kex_client_ctx *client_ctx,
+ uint8_t session_key[32],
+ uint8_t msg1 [80]);
+int crypto_kex_x_2(crypto_kex_server_ctx *server_ctx,
+ uint8_t session_key[32],
+ uint8_t client_pk [32],
+ const uint8_t msg1 [80]);
+
////////////////////////////
c_seed[i] = client_seed[i];
s_seed[i] = server_seed[i];
}
- crypto_kex_ctx client_ctx;
+ crypto_kex_client_ctx client_ctx;
crypto_kex_xk1_init_client(&client_ctx, c_seed, client_sk, client_pk,
server_pk);
- crypto_kex_ctx server_ctx;
+ crypto_kex_server_ctx server_ctx;
crypto_kex_xk1_init_server(&server_ctx, s_seed, server_sk, server_pk);
crypto_kex_xk1_1(&client_ctx, msg1);
client_seed, server_seed);
TIMING_START {
u8 session_key[32];
- crypto_kex_ctx client_ctx;
+ crypto_kex_client_ctx client_ctx;
u8 seed[32];
FOR (i, 0, 32) {
seed[i] = client_seed[i];
TIMING_START {
u8 session_key[32];
u8 remote_pk [32]; // same as client_pk
- crypto_kex_ctx server_ctx;
+ crypto_kex_server_ctx server_ctx;
u8 seed[32];
FOR (i, 0, 32) {
seed[i] = server_seed[i];
c_seed[i] = client_seed[i];
}
- crypto_kex_ctx client_ctx;
+ crypto_kex_client_ctx client_ctx;
crypto_kex_x_init_client(&client_ctx, c_seed, client_sk, client_pk,
server_pk);
- crypto_kex_ctx server_ctx;
+ crypto_kex_server_ctx server_ctx;
crypto_kex_x_init_server(&server_ctx, server_sk, server_pk);
u8 client_session_key[32];
FOR (i, 0, 32) {
seed[i] = client_seed[i];
}
- crypto_kex_ctx client_ctx;
+ crypto_kex_client_ctx client_ctx;
crypto_kex_x_init_client(&client_ctx, seed, client_sk, client_pk,
server_pk);
crypto_kex_x_1(&client_ctx, session_key, msg);
TIMING_START {
u8 session_key[32];
u8 remote_pk [32]; // same as client_pk
- crypto_kex_ctx server_ctx;
+ crypto_kex_server_ctx server_ctx;
crypto_kex_x_init_server(&server_ctx, server_sk, server_pk);
if (crypto_kex_x_2(&server_ctx, session_key, remote_pk, msg)) {
fprintf(stderr, "Cannot receive\n");
const vector *msg1 = in + 6;
const vector *msg2 = in + 7;
const vector *msg3 = in + 8;
- crypto_kex_ctx client;
- crypto_kex_ctx server;
+ crypto_kex_client_ctx client;
+ crypto_kex_server_ctx server;
u8 client_seed[32]; memcpy(client_seed, ie->buf, ie->size);
u8 server_seed[32]; memcpy(server_seed, re->buf, re->size);
crypto_kex_xk1_init_client(&client, client_seed, is->buf, IS->buf, RS->buf);
const vector *IS = in + 3;
const vector *RS = in + 4;
const vector *msg1 = in + 5;
- crypto_kex_ctx client;
- crypto_kex_ctx server;
+ crypto_kex_client_ctx client;
+ crypto_kex_server_ctx server;
u8 seed[32]; memcpy(seed, ie->buf, ie->size);
crypto_kex_x_init_client(&client, seed, is->buf, IS->buf, RS->buf);
crypto_kex_x_init_server(&server, rs->buf, RS->buf);
u8 IS[32]; crypto_x25519_public_key(IS, is);
u8 RS[32]; crypto_x25519_public_key(RS, rs);
- crypto_kex_ctx client1, client2;
- crypto_kex_ctx server1, server2;
+ crypto_kex_client_ctx client1, client2;
+ crypto_kex_server_ctx server1, server2;
u8 client_seed1[32]; memcpy(client_seed1, ie, 32);
u8 client_seed2[32]; memcpy(client_seed2, ie, 32);
u8 server_seed1[32]; memcpy(server_seed1, re, 32);
crypto_kex_xk1_1(&client2, msg12);
crypto_kex_xk1_2(&server1, msg21, msg11);
crypto_kex_xk1_2(&server2, msg22, msg12);
- crypto_kex_ctx client_save = client1;
- crypto_kex_ctx server_save = server1;
+ crypto_kex_client_ctx client_save = client1;
+ crypto_kex_server_ctx server_save = server1;
// make sure everything is accepted as it should be
status |= crypto_kex_xk1_3(&client1, client_key1, msg31, msg21);
status |= crypto_kex_xk1_3(&client2, client_key2, msg32, msg22);
u8 IS[32]; crypto_x25519_public_key(IS, is);
u8 RS[32]; crypto_x25519_public_key(RS, rs);
- crypto_kex_ctx client1, client2;
- crypto_kex_ctx server1, server2;
+ crypto_kex_client_ctx client1, client2;
+ crypto_kex_server_ctx server1, server2;
u8 seed1[32]; memcpy(seed1, ie, 32);
u8 seed2[32]; memcpy(seed2, ie, 32);
crypto_kex_x_init_client(&client1, seed1, is, IS, RS);
u8 remote_pk1 [32]; u8 remote_pk2 [32];
crypto_kex_x_1(&client1, client_key1, msg11);
crypto_kex_x_1(&client2, client_key2, msg12);
- crypto_kex_ctx server_save = server1;
+ crypto_kex_server_ctx server_save = server1;
// make sure everything is accepted as it should be
status |= crypto_kex_x_2(&server1, server_key1, remote_pk1, msg11);
status |= crypto_kex_x_2(&server2, server_key2, remote_pk2, msg12);
projects / Monocypher.git / commitdiff