Symaptic: os/ossrv/ssl/libcrypto/src/crypto/dh/dh

     1 /* crypto/dh/dh_key.c */

     2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

     3  * All rights reserved.

     4  *

     5  * This package is an SSL implementation written

     6  * by Eric Young (eay@cryptsoft.com).

     7  * The implementation was written so as to conform with Netscapes SSL.

     8  *

     9  * This library is free for commercial and non-commercial use as long as

    10  * the following conditions are aheared to.  The following conditions

    11  * apply to all code found in this distribution, be it the RC4, RSA,

    12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

    13  * included with this distribution is covered by the same copyright terms

    14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

    15  *

    16  * Copyright remains Eric Young's, and as such any Copyright notices in

    17  * the code are not to be removed.

    18  * If this package is used in a product, Eric Young should be given attribution

    19  * as the author of the parts of the library used.

    20  * This can be in the form of a textual message at program startup or

    21  * in documentation (online or textual) provided with the package.

    22  *

    23  * Redistribution and use in source and binary forms, with or without

    24  * modification, are permitted provided that the following conditions

    25  * are met:

    26  * 1. Redistributions of source code must retain the copyright

    27  *    notice, this list of conditions and the following disclaimer.

    28  * 2. Redistributions in binary form must reproduce the above copyright

    29  *    notice, this list of conditions and the following disclaimer in the

    30  *    documentation and/or other materials provided with the distribution.

    31  * 3. All advertising materials mentioning features or use of this software

    32  *    must display the following acknowledgement:

    33  *    "This product includes cryptographic software written by

    34  *     Eric Young (eay@cryptsoft.com)"

    35  *    The word 'cryptographic' can be left out if the rouines from the library

    36  *    being used are not cryptographic related :-).

    37  * 4. If you include any Windows specific code (or a derivative thereof) from

    38  *    the apps directory (application code) you must include an acknowledgement:

    39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

    40  *

    41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

    42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

    43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

    44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

    45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

    46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

    47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

    48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

    49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

    50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

    51  * SUCH DAMAGE.

    52  *

    53  * The licence and distribution terms for any publically available version or

    54  * derivative of this code cannot be changed.  i.e. this code cannot simply be

    55  * copied and put under another distribution licence

    56  * [including the GNU Public Licence.]

    57  */

    59 /*

    60  © Portions copyright (c) 2006 Nokia Corporation.  All rights reserved.

    61  */

    64 #include <stdio.h>

    65 #include "cryptlib.h"

    66 #include <openssl/bn.h>

    67 #include <openssl/rand.h>

    68 #include <openssl/dh.h>

    69 #if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__)))

    70 #include "libcrypto_wsd_macros.h"

    71 #include "libcrypto_wsd.h"

    72 #endif

    75 static int generate_key(DH *dh);

    76 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);

    77 static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,

    78 			const BIGNUM *a, const BIGNUM *p,

    79 			const BIGNUM *m, BN_CTX *ctx,

    80 			BN_MONT_CTX *m_ctx);

    81 static int dh_init(DH *dh);

    82 static int dh_finish(DH *dh);

    84 EXPORT_C int DH_generate_key(DH *dh)

    85 	{

    86 	return dh->meth->generate_key(dh);

    87 	}

    89 EXPORT_C int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)

    90 	{

    91 	return dh->meth->compute_key(key, pub_key, dh);

    92 	}

    94 #ifndef EMULATOR

    95 static DH_METHOD dh_ossl = {

    96 "OpenSSL DH Method",

    97 generate_key,

    98 compute_key,

    99 dh_bn_mod_exp,

   100 dh_init,

   101 dh_finish,

   102 0,

   103 NULL,

   104 NULL

   105 };

   106 #else

   107 GET_STATIC_VAR_FROM_TLS(dh_ossl,dh_key,DH_METHOD)

   108 #define dh_ossl (*GET_WSD_VAR_NAME(dh_ossl,dh_key, s)())

   109 const DH_METHOD temp_s_dh_ossl = {

   110 "OpenSSL DH Method",

   111 generate_key,

   112 compute_key,

   113 dh_bn_mod_exp,

   114 dh_init,

   115 dh_finish,

   116 0,

   117 NULL,

   118 NULL

   119 };

   121 #endif

   122 EXPORT_C const DH_METHOD *DH_OpenSSL(void)

   123 {

   124 	return &dh_ossl;

   125 }

   127 static int generate_key(DH *dh)

   128 	{

   129 	int ok=0;

   130 	int generate_new_key=0;

   131 	unsigned l;

   132 	BN_CTX *ctx;

   133 	BN_MONT_CTX *mont=NULL;

   134 	BIGNUM *pub_key=NULL,*priv_key=NULL;

   136 	ctx = BN_CTX_new();

   137 	if (ctx == NULL) goto err;

   139 	if (dh->priv_key == NULL)

   140 		{

   141 		priv_key=BN_new();

   142 		if (priv_key == NULL) goto err;

   143 		generate_new_key=1;

   144 		}

   145 	else

   146 		priv_key=dh->priv_key;

   148 	if (dh->pub_key == NULL)

   149 		{

   150 		pub_key=BN_new();

   151 		if (pub_key == NULL) goto err;

   152 		}

   153 	else

   154 		pub_key=dh->pub_key;

   157 	if (dh->flags & DH_FLAG_CACHE_MONT_P)

   158 		{

   159 		mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,

   160 				CRYPTO_LOCK_DH, dh->p, ctx);

   161 		if (!mont)

   162 			goto err;

   163 		}

   165 	if (generate_new_key)

   166 		{

   167 		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */

   168 		if (!BN_rand(priv_key, l, 0, 0)) goto err;

   169 		}

   171 	{

   172 		BIGNUM local_prk;

   173 		BIGNUM *prk;

   175 		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)

   176 			{

   177 			BN_init(&local_prk);

   178 			prk = &local_prk;

   179 			BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);

   180 			}

   181 		else

   182 			prk = priv_key;

   184 		if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;

   185 	}

   187 	dh->pub_key=pub_key;

   188 	dh->priv_key=priv_key;

   189 	ok=1;

   190 err:

   191 	if (ok != 1)

   192 		DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);

   194 	if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);

   195 	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);

   196 	BN_CTX_free(ctx);

   197 	return(ok);

   198 	}

   200 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)

   201 	{

   202 	BN_CTX *ctx=NULL;

   203 	BN_MONT_CTX *mont=NULL;

   204 	BIGNUM *tmp;

   205 	int ret= -1;

   206         int check_result;

   207 	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)

   208 		{

   209 		DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);

   210 		goto err;

   211 		}

   212 	ctx = BN_CTX_new();

   213 	if (ctx == NULL) goto err;

   214 	BN_CTX_start(ctx);

   215 	tmp = BN_CTX_get(ctx);

   217 	if (dh->priv_key == NULL)

   218 		{

   219 		DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);

   220 		goto err;

   221 		}

   223 	if (dh->flags & DH_FLAG_CACHE_MONT_P)

   224 		{

   225 		mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,

   226 				CRYPTO_LOCK_DH, dh->p, ctx);

   227 		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)

   228 			{

   229 			/* XXX */

   230 			BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);

   231 			}

   232 		if (!mont)

   233 			goto err;

   234 		}

   236         if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)

   237 		{

   238 		DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);

   239 		goto err;

   240 		}

   242 	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))

   243 		{

   244 		DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);

   245 		goto err;

   246 		}

   248 	ret=BN_bn2bin(tmp,key);

   249 err:

   250 	if (ctx != NULL)

   251 		{

   252 		BN_CTX_end(ctx);

   253 		BN_CTX_free(ctx);

   254 		}

   255 	return(ret);

   256 	}

   258 static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,

   259 			const BIGNUM *a, const BIGNUM *p,

   260 			const BIGNUM *m, BN_CTX *ctx,

   261 			BN_MONT_CTX *m_ctx)

   262 	{

   263 	/* If a is only one word long and constant time is false, use the faster

   264 	 * exponenentiation function.

   265 	 */

   266 	if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))

   267 		{

   268 		BN_ULONG A = a->d[0];

   269 		return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);

   270 		}

   271 	else

   272 		return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);

   273 	}

   276 static int dh_init(DH *dh)

   277 	{

   278 	dh->flags |= DH_FLAG_CACHE_MONT_P;

   279 	return(1);

   280 	}

   282 static int dh_finish(DH *dh)

   283 	{

   284 	if(dh->method_mont_p)

   285 		BN_MONT_CTX_free(dh->method_mont_p);

   286 	return(1);

   287 	}

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--