2
* Copyright (c) 2006 Kungliga Tekniska Högskolan
3
* (Royal Institute of Technology, Stockholm, Sweden).
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
10
* 1. Redistributions of source code must retain the above copyright
11
* notice, this list of conditions and the following disclaimer.
13
* 2. Redistributions in binary form must reproduce the above copyright
14
* notice, this list of conditions and the following disclaimer in the
15
* documentation and/or other materials provided with the distribution.
17
* 3. Neither the name of the Institute nor the names of its contributors
18
* may be used to endorse or promote products derived from this software
19
* without specific prior written permission.
21
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47
BN2mpz(mp_int *s, const BIGNUM *bn)
52
len = BN_num_bytes(bn);
55
mp_read_unsigned_bin(s, p, len);
67
size = mp_unsigned_bin_size(s);
69
if (p == NULL && size != 0)
71
mp_to_unsigned_bin(s, p);
73
bn = BN_bin2bn(p, size, NULL);
82
#define DH_NUM_TRIES 10
85
ltm_dh_generate_key(DH *dh)
87
mp_int pub, priv_key, g, p;
88
int have_private_key = (dh->priv_key != NULL);
92
if (dh->p == NULL || dh->g == NULL)
95
while (times++ < DH_NUM_TRIES) {
96
if (!have_private_key) {
97
size_t bits = BN_num_bits(dh->p);
100
BN_free(dh->priv_key);
102
dh->priv_key = BN_new();
103
if (dh->priv_key == NULL)
105
if (!BN_rand(dh->priv_key, bits - 1, 0, 0)) {
106
BN_clear_free(dh->priv_key);
112
BN_free(dh->pub_key);
114
mp_init_multi(&pub, &priv_key, &g, &p, NULL);
116
BN2mpz(&priv_key, dh->priv_key);
120
res = mp_exptmod(&g, &priv_key, &p, &pub);
122
mp_clear_multi(&priv_key, &g, &p, NULL);
126
dh->pub_key = mpz2BN(&pub);
128
if (dh->pub_key == NULL)
131
if (DH_check_pubkey(dh, dh->pub_key, &codes) && codes == 0)
133
if (have_private_key)
137
if (times >= DH_NUM_TRIES) {
138
if (!have_private_key && dh->priv_key) {
139
BN_free(dh->priv_key);
143
BN_free(dh->pub_key);
153
ltm_dh_compute_key(unsigned char *shared, const BIGNUM * pub, DH *dh)
155
mp_int s, priv_key, p, peer_pub;
158
if (dh->pub_key == NULL || dh->g == NULL || dh->priv_key == NULL)
161
mp_init_multi(&s, &priv_key, &p, &peer_pub, NULL);
163
BN2mpz(&peer_pub, pub);
165
/* check if peers pubkey is reasonable */
166
if (mp_isneg(&peer_pub)
167
|| mp_cmp(&peer_pub, &p) >= 0
168
|| mp_cmp_d(&peer_pub, 1) <= 0)
174
BN2mpz(&priv_key, dh->priv_key);
176
ret = mp_exptmod(&peer_pub, &priv_key, &p, &s);
183
ret = mp_unsigned_bin_size(&s);
184
mp_to_unsigned_bin(&s, shared);
187
mp_clear_multi(&s, &priv_key, &p, &peer_pub, NULL);
193
ltm_dh_generate_params(DH *dh, int a, int b, BN_GENCB *callback)
195
/* groups should already be known, we don't care about this */
206
ltm_dh_finish(DH *dh)
216
const DH_METHOD _hc_dh_ltm_method = {
225
ltm_dh_generate_params
229
* DH implementation using libtommath.
231
* @return the DH_METHOD for the DH implementation using libtommath.
233
* @ingroup hcrypto_dh
239
return &_hc_dh_ltm_method;