1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libcrypto/src/crypto/dh/dh_key.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,287 @@
1.4 +/* crypto/dh/dh_key.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +
1.62 +/*
1.63 + © Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
1.64 + */
1.65 +
1.66 +
1.67 +#include <stdio.h>
1.68 +#include "cryptlib.h"
1.69 +#include <openssl/bn.h>
1.70 +#include <openssl/rand.h>
1.71 +#include <openssl/dh.h>
1.72 +#if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__)))
1.73 +#include "libcrypto_wsd_macros.h"
1.74 +#include "libcrypto_wsd.h"
1.75 +#endif
1.76 +
1.77 +
1.78 +static int generate_key(DH *dh);
1.79 +static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
1.80 +static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
1.81 + const BIGNUM *a, const BIGNUM *p,
1.82 + const BIGNUM *m, BN_CTX *ctx,
1.83 + BN_MONT_CTX *m_ctx);
1.84 +static int dh_init(DH *dh);
1.85 +static int dh_finish(DH *dh);
1.86 +
1.87 +EXPORT_C int DH_generate_key(DH *dh)
1.88 + {
1.89 + return dh->meth->generate_key(dh);
1.90 + }
1.91 +
1.92 +EXPORT_C int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
1.93 + {
1.94 + return dh->meth->compute_key(key, pub_key, dh);
1.95 + }
1.96 +
1.97 +#ifndef EMULATOR
1.98 +static DH_METHOD dh_ossl = {
1.99 +"OpenSSL DH Method",
1.100 +generate_key,
1.101 +compute_key,
1.102 +dh_bn_mod_exp,
1.103 +dh_init,
1.104 +dh_finish,
1.105 +0,
1.106 +NULL,
1.107 +NULL
1.108 +};
1.109 +#else
1.110 +GET_STATIC_VAR_FROM_TLS(dh_ossl,dh_key,DH_METHOD)
1.111 +#define dh_ossl (*GET_WSD_VAR_NAME(dh_ossl,dh_key, s)())
1.112 +const DH_METHOD temp_s_dh_ossl = {
1.113 +"OpenSSL DH Method",
1.114 +generate_key,
1.115 +compute_key,
1.116 +dh_bn_mod_exp,
1.117 +dh_init,
1.118 +dh_finish,
1.119 +0,
1.120 +NULL,
1.121 +NULL
1.122 +};
1.123 +
1.124 +#endif
1.125 +EXPORT_C const DH_METHOD *DH_OpenSSL(void)
1.126 +{
1.127 + return &dh_ossl;
1.128 +}
1.129 +
1.130 +static int generate_key(DH *dh)
1.131 + {
1.132 + int ok=0;
1.133 + int generate_new_key=0;
1.134 + unsigned l;
1.135 + BN_CTX *ctx;
1.136 + BN_MONT_CTX *mont=NULL;
1.137 + BIGNUM *pub_key=NULL,*priv_key=NULL;
1.138 +
1.139 + ctx = BN_CTX_new();
1.140 + if (ctx == NULL) goto err;
1.141 +
1.142 + if (dh->priv_key == NULL)
1.143 + {
1.144 + priv_key=BN_new();
1.145 + if (priv_key == NULL) goto err;
1.146 + generate_new_key=1;
1.147 + }
1.148 + else
1.149 + priv_key=dh->priv_key;
1.150 +
1.151 + if (dh->pub_key == NULL)
1.152 + {
1.153 + pub_key=BN_new();
1.154 + if (pub_key == NULL) goto err;
1.155 + }
1.156 + else
1.157 + pub_key=dh->pub_key;
1.158 +
1.159 +
1.160 + if (dh->flags & DH_FLAG_CACHE_MONT_P)
1.161 + {
1.162 + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
1.163 + CRYPTO_LOCK_DH, dh->p, ctx);
1.164 + if (!mont)
1.165 + goto err;
1.166 + }
1.167 +
1.168 + if (generate_new_key)
1.169 + {
1.170 + l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
1.171 + if (!BN_rand(priv_key, l, 0, 0)) goto err;
1.172 + }
1.173 +
1.174 + {
1.175 + BIGNUM local_prk;
1.176 + BIGNUM *prk;
1.177 +
1.178 + if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
1.179 + {
1.180 + BN_init(&local_prk);
1.181 + prk = &local_prk;
1.182 + BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
1.183 + }
1.184 + else
1.185 + prk = priv_key;
1.186 +
1.187 + if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
1.188 + }
1.189 +
1.190 + dh->pub_key=pub_key;
1.191 + dh->priv_key=priv_key;
1.192 + ok=1;
1.193 +err:
1.194 + if (ok != 1)
1.195 + DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
1.196 +
1.197 + if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key);
1.198 + if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
1.199 + BN_CTX_free(ctx);
1.200 + return(ok);
1.201 + }
1.202 +
1.203 +static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
1.204 + {
1.205 + BN_CTX *ctx=NULL;
1.206 + BN_MONT_CTX *mont=NULL;
1.207 + BIGNUM *tmp;
1.208 + int ret= -1;
1.209 + int check_result;
1.210 + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
1.211 + {
1.212 + DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
1.213 + goto err;
1.214 + }
1.215 + ctx = BN_CTX_new();
1.216 + if (ctx == NULL) goto err;
1.217 + BN_CTX_start(ctx);
1.218 + tmp = BN_CTX_get(ctx);
1.219 +
1.220 + if (dh->priv_key == NULL)
1.221 + {
1.222 + DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
1.223 + goto err;
1.224 + }
1.225 +
1.226 + if (dh->flags & DH_FLAG_CACHE_MONT_P)
1.227 + {
1.228 + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
1.229 + CRYPTO_LOCK_DH, dh->p, ctx);
1.230 + if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
1.231 + {
1.232 + /* XXX */
1.233 + BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
1.234 + }
1.235 + if (!mont)
1.236 + goto err;
1.237 + }
1.238 +
1.239 + if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
1.240 + {
1.241 + DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
1.242 + goto err;
1.243 + }
1.244 +
1.245 + if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
1.246 + {
1.247 + DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
1.248 + goto err;
1.249 + }
1.250 +
1.251 + ret=BN_bn2bin(tmp,key);
1.252 +err:
1.253 + if (ctx != NULL)
1.254 + {
1.255 + BN_CTX_end(ctx);
1.256 + BN_CTX_free(ctx);
1.257 + }
1.258 + return(ret);
1.259 + }
1.260 +
1.261 +static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
1.262 + const BIGNUM *a, const BIGNUM *p,
1.263 + const BIGNUM *m, BN_CTX *ctx,
1.264 + BN_MONT_CTX *m_ctx)
1.265 + {
1.266 + /* If a is only one word long and constant time is false, use the faster
1.267 + * exponenentiation function.
1.268 + */
1.269 + if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
1.270 + {
1.271 + BN_ULONG A = a->d[0];
1.272 + return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
1.273 + }
1.274 + else
1.275 + return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
1.276 + }
1.277 +
1.278 +
1.279 +static int dh_init(DH *dh)
1.280 + {
1.281 + dh->flags |= DH_FLAG_CACHE_MONT_P;
1.282 + return(1);
1.283 + }
1.284 +
1.285 +static int dh_finish(DH *dh)
1.286 + {
1.287 + if(dh->method_mont_p)
1.288 + BN_MONT_CTX_free(dh->method_mont_p);
1.289 + return(1);
1.290 + }