root/source4/heimdal/lib/hcrypto/dh-imath.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. BN2mpz
  2. mpz2BN
  3. dh_generate_key
  4. dh_compute_key
  5. dh_generate_params
  6. dh_init
  7. dh_finish
  8. DH_imath_method

   1 /*
   2  * Copyright (c) 2006 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33 
  34 #ifdef HAVE_CONFIG_H
  35 #include <config.h>
  36 #endif
  37 
  38 #include <stdio.h>
  39 #include <stdlib.h>
  40 #include <dh.h>
  41 
  42 #include <roken.h>
  43 
  44 #include "imath/imath.h"
  45 
  46 RCSID("$Id$");
  47 
  48 static void
  49 BN2mpz(mpz_t *s, const BIGNUM *bn)
     /* [<][>][^][v][top][bottom][index][help] */
  50 {
  51     size_t len;
  52     void *p;
  53 
  54     len = BN_num_bytes(bn);
  55     p = malloc(len);
  56     BN_bn2bin(bn, p);
  57     mp_int_read_unsigned(s, p, len);
  58     free(p);
  59 }
  60 
  61 
  62 static BIGNUM *
  63 mpz2BN(mpz_t *s)
     /* [<][>][^][v][top][bottom][index][help] */
  64 {
  65     size_t size;
  66     BIGNUM *bn;
  67     void *p;
  68 
  69     size = mp_int_unsigned_len(s);
  70     p = malloc(size);
  71     if (p == NULL && size != 0)
  72         return NULL;
  73     mp_int_to_unsigned(s, p, size);
  74 
  75     bn = BN_bin2bn(p, size, NULL);
  76     free(p);
  77     return bn;
  78 }
  79 
  80 /*
  81  *
  82  */
  83 
  84 #define DH_NUM_TRIES 10
  85 
  86 static int
  87 dh_generate_key(DH *dh)
     /* [<][>][^][v][top][bottom][index][help] */
  88 {
  89     mpz_t pub, priv_key, g, p;
  90     int have_private_key = (dh->priv_key != NULL);
  91     int codes, times = 0;
  92     mp_result res;
  93 
  94     if (dh->p == NULL || dh->g == NULL)
  95         return 0;
  96 
  97     while (times++ < DH_NUM_TRIES) {
  98         if (!have_private_key) {
  99             size_t bits = BN_num_bits(dh->p);
 100 
 101             if (dh->priv_key)
 102                 BN_free(dh->priv_key);
 103 
 104             dh->priv_key = BN_new();
 105             if (dh->priv_key == NULL)
 106                 return 0;
 107             if (!BN_rand(dh->priv_key, bits - 1, 0, 0)) {
 108                 BN_clear_free(dh->priv_key);
 109                 dh->priv_key = NULL;
 110                 return 0;
 111             }
 112         }
 113         if (dh->pub_key)
 114             BN_free(dh->pub_key);
 115 
 116         mp_int_init(&pub);
 117         mp_int_init(&priv_key);
 118         mp_int_init(&g);
 119         mp_int_init(&p);
 120         
 121         BN2mpz(&priv_key, dh->priv_key);
 122         BN2mpz(&g, dh->g);
 123         BN2mpz(&p, dh->p);
 124         
 125         res = mp_int_exptmod(&g, &priv_key, &p, &pub);
 126 
 127         mp_int_clear(&priv_key);
 128         mp_int_clear(&g);
 129         mp_int_clear(&p);
 130         if (res != MP_OK)
 131             continue;
 132 
 133         dh->pub_key = mpz2BN(&pub);
 134         mp_int_clear(&pub);
 135         if (dh->pub_key == NULL)
 136             return 0;
 137         
 138         if (DH_check_pubkey(dh, dh->pub_key, &codes) && codes == 0)
 139             break;
 140         if (have_private_key)
 141             return 0;
 142     }
 143 
 144     if (times >= DH_NUM_TRIES) {
 145         if (!have_private_key && dh->priv_key) {
 146             BN_free(dh->priv_key);
 147             dh->priv_key = NULL;
 148         }
 149         if (dh->pub_key) {
 150             BN_free(dh->pub_key);
 151             dh->pub_key = NULL;
 152         }
 153         return 0;
 154     }
 155 
 156     return 1;
 157 }
 158 
 159 static int
 160 dh_compute_key(unsigned char *shared, const BIGNUM * pub, DH *dh)
     /* [<][>][^][v][top][bottom][index][help] */
 161 {
 162     mpz_t s, priv_key, p, peer_pub;
 163     size_t size = 0;
 164     mp_result res;
 165 
 166     if (dh->pub_key == NULL || dh->g == NULL || dh->priv_key == NULL)
 167         return -1;
 168 
 169     mp_int_init(&p);
 170     BN2mpz(&p, dh->p);
 171 
 172     mp_int_init(&peer_pub);
 173     BN2mpz(&peer_pub, pub);
 174 
 175     /* check if peers pubkey is reasonable */
 176     if (MP_SIGN(&peer_pub) == MP_NEG
 177         || mp_int_compare(&peer_pub, &p) >= 0
 178         || mp_int_compare_value(&peer_pub, 1) <= 0)
 179     {
 180         mp_int_clear(&p);
 181         mp_int_clear(&peer_pub);
 182         return -1;
 183     }
 184 
 185     mp_int_init(&priv_key);
 186     BN2mpz(&priv_key, dh->priv_key);
 187 
 188     mp_int_init(&s);
 189 
 190     mp_int_exptmod(&peer_pub, &priv_key, &p, &s);
 191 
 192     mp_int_clear(&p);
 193     mp_int_clear(&peer_pub);
 194     mp_int_clear(&priv_key);
 195 
 196     size = mp_int_unsigned_len(&s);
 197     res = mp_int_to_unsigned(&s, shared, size);
 198     mp_int_clear(&s);
 199 
 200     return (res == MP_OK) ? size : -1;
 201 }
 202 
 203 static int
 204 dh_generate_params(DH *dh, int a, int b, BN_GENCB *callback)
     /* [<][>][^][v][top][bottom][index][help] */
 205 {
 206     /* groups should already be known, we don't care about this */
 207     return 0;
 208 }
 209 
 210 static int
 211 dh_init(DH *dh)
     /* [<][>][^][v][top][bottom][index][help] */
 212 {
 213     return 1;
 214 }
 215 
 216 static int
 217 dh_finish(DH *dh)
     /* [<][>][^][v][top][bottom][index][help] */
 218 {
 219     return 1;
 220 }
 221 
 222 
 223 /*
 224  *
 225  */
 226 
 227 const DH_METHOD _hc_dh_imath_method = {
 228     "hcrypto imath DH",
 229     dh_generate_key,
 230     dh_compute_key,
 231     NULL,
 232     dh_init,
 233     dh_finish,
 234     0,
 235     NULL,
 236     dh_generate_params
 237 };
 238 
 239 /**
 240  * DH implementation using libimath.
 241  *
 242  * @return the DH_METHOD for the DH implementation using libimath.
 243  *
 244  * @ingroup hcrypto_dh
 245  */
 246 
 247 const DH_METHOD *
 248 DH_imath_method(void)
     /* [<][>][^][v][top][bottom][index][help] */
 249 {
 250     return &_hc_dh_imath_method;
 251 }

/* [<][>][^][v][top][bottom][index][help] */