On Oct 21, 7:58 pm, Robert Relyea <rrel...@redhat.com> wrote: > > SHA1Context > > SHA1_Hash > > SHA1_HashBuf > > SHA1_NewContext > > SHA1_DestroyContext > > SHA1_Begin > > SHA1_Update > > SHA1_End > > The exported equivalence to these functions are: > #include "sechash.h"
I see. Having found the SHA1_* functions in blapi.h I assumed they were exported, too. > It depends on what J-PAKE is doing. My guess is it's doing a zero > knowledge proof algorithm (given the need for add and sub), which is > generally useful. Yes, J-PAKE uses zero knowledge proofs. mpi is used to do those as well as compute the key that both sides agree upon. > I would be view a patch that puts the zero knowledge > proof into freebl with favor (and would clear out time to review such a > patch). Not sure how generic the signature of the zero knowledge proof we use in J-PAKE is. Compatibility with the implementation found in OpenSSL is important for us right now (the Firefox Home app for the iPhone uses OpenSSL). It hashes things in a particular way to avoid "moving goalposts" attacks. See http://www.links.org/?p=393. As Brian points out, pushing the J-PAKE implementation down to NSS may have several advantages. This might include building blocks in freebl or not. For Firefox Sync we'd just need a public API that we can use going forward. I for one would feel more comfortable with this officially being in NSS. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
