/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- BN2mpz
- mpz2BN
- dh_generate_key
- dh_compute_key
- dh_generate_params
- dh_init
- dh_finish
- DH_imath_method
1 /*
2 * Copyright (c) 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include <config.h>
36 #endif
37
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <dh.h>
41
42 #include <roken.h>
43
44 #include "imath/imath.h"
45
46 RCSID("$Id$");
47
48 static void
49 BN2mpz(mpz_t *s, const BIGNUM *bn)
/* [<][>][^][v][top][bottom][index][help] */
50 {
51 size_t len;
52 void *p;
53
54 len = BN_num_bytes(bn);
55 p = malloc(len);
56 BN_bn2bin(bn, p);
57 mp_int_read_unsigned(s, p, len);
58 free(p);
59 }
60
61
62 static BIGNUM *
63 mpz2BN(mpz_t *s)
/* [<][>][^][v][top][bottom][index][help] */
64 {
65 size_t size;
66 BIGNUM *bn;
67 void *p;
68
69 size = mp_int_unsigned_len(s);
70 p = malloc(size);
71 if (p == NULL && size != 0)
72 return NULL;
73 mp_int_to_unsigned(s, p, size);
74
75 bn = BN_bin2bn(p, size, NULL);
76 free(p);
77 return bn;
78 }
79
80 /*
81 *
82 */
83
84 #define DH_NUM_TRIES 10
85
86 static int
87 dh_generate_key(DH *dh)
/* [<][>][^][v][top][bottom][index][help] */
88 {
89 mpz_t pub, priv_key, g, p;
90 int have_private_key = (dh->priv_key != NULL);
91 int codes, times = 0;
92 mp_result res;
93
94 if (dh->p == NULL || dh->g == NULL)
95 return 0;
96
97 while (times++ < DH_NUM_TRIES) {
98 if (!have_private_key) {
99 size_t bits = BN_num_bits(dh->p);
100
101 if (dh->priv_key)
102 BN_free(dh->priv_key);
103
104 dh->priv_key = BN_new();
105 if (dh->priv_key == NULL)
106 return 0;
107 if (!BN_rand(dh->priv_key, bits - 1, 0, 0)) {
108 BN_clear_free(dh->priv_key);
109 dh->priv_key = NULL;
110 return 0;
111 }
112 }
113 if (dh->pub_key)
114 BN_free(dh->pub_key);
115
116 mp_int_init(&pub);
117 mp_int_init(&priv_key);
118 mp_int_init(&g);
119 mp_int_init(&p);
120
121 BN2mpz(&priv_key, dh->priv_key);
122 BN2mpz(&g, dh->g);
123 BN2mpz(&p, dh->p);
124
125 res = mp_int_exptmod(&g, &priv_key, &p, &pub);
126
127 mp_int_clear(&priv_key);
128 mp_int_clear(&g);
129 mp_int_clear(&p);
130 if (res != MP_OK)
131 continue;
132
133 dh->pub_key = mpz2BN(&pub);
134 mp_int_clear(&pub);
135 if (dh->pub_key == NULL)
136 return 0;
137
138 if (DH_check_pubkey(dh, dh->pub_key, &codes) && codes == 0)
139 break;
140 if (have_private_key)
141 return 0;
142 }
143
144 if (times >= DH_NUM_TRIES) {
145 if (!have_private_key && dh->priv_key) {
146 BN_free(dh->priv_key);
147 dh->priv_key = NULL;
148 }
149 if (dh->pub_key) {
150 BN_free(dh->pub_key);
151 dh->pub_key = NULL;
152 }
153 return 0;
154 }
155
156 return 1;
157 }
158
159 static int
160 dh_compute_key(unsigned char *shared, const BIGNUM * pub, DH *dh)
/* [<][>][^][v][top][bottom][index][help] */
161 {
162 mpz_t s, priv_key, p, peer_pub;
163 size_t size = 0;
164 mp_result res;
165
166 if (dh->pub_key == NULL || dh->g == NULL || dh->priv_key == NULL)
167 return -1;
168
169 mp_int_init(&p);
170 BN2mpz(&p, dh->p);
171
172 mp_int_init(&peer_pub);
173 BN2mpz(&peer_pub, pub);
174
175 /* check if peers pubkey is reasonable */
176 if (MP_SIGN(&peer_pub) == MP_NEG
177 || mp_int_compare(&peer_pub, &p) >= 0
178 || mp_int_compare_value(&peer_pub, 1) <= 0)
179 {
180 mp_int_clear(&p);
181 mp_int_clear(&peer_pub);
182 return -1;
183 }
184
185 mp_int_init(&priv_key);
186 BN2mpz(&priv_key, dh->priv_key);
187
188 mp_int_init(&s);
189
190 mp_int_exptmod(&peer_pub, &priv_key, &p, &s);
191
192 mp_int_clear(&p);
193 mp_int_clear(&peer_pub);
194 mp_int_clear(&priv_key);
195
196 size = mp_int_unsigned_len(&s);
197 res = mp_int_to_unsigned(&s, shared, size);
198 mp_int_clear(&s);
199
200 return (res == MP_OK) ? size : -1;
201 }
202
203 static int
204 dh_generate_params(DH *dh, int a, int b, BN_GENCB *callback)
/* [<][>][^][v][top][bottom][index][help] */
205 {
206 /* groups should already be known, we don't care about this */
207 return 0;
208 }
209
210 static int
211 dh_init(DH *dh)
/* [<][>][^][v][top][bottom][index][help] */
212 {
213 return 1;
214 }
215
216 static int
217 dh_finish(DH *dh)
/* [<][>][^][v][top][bottom][index][help] */
218 {
219 return 1;
220 }
221
222
223 /*
224 *
225 */
226
227 const DH_METHOD _hc_dh_imath_method = {
228 "hcrypto imath DH",
229 dh_generate_key,
230 dh_compute_key,
231 NULL,
232 dh_init,
233 dh_finish,
234 0,
235 NULL,
236 dh_generate_params
237 };
238
239 /**
240 * DH implementation using libimath.
241 *
242 * @return the DH_METHOD for the DH implementation using libimath.
243 *
244 * @ingroup hcrypto_dh
245 */
246
247 const DH_METHOD *
248 DH_imath_method(void)
/* [<][>][^][v][top][bottom][index][help] */
249 {
250 return &_hc_dh_imath_method;
251 }