155714Skris/* crypto/dh/dhtest.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 8280304Sjkim * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15280304Sjkim * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 22280304Sjkim * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 37280304Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40280304Sjkim * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 52280304Sjkim * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 5855714Skris 59280304Sjkim/* 60280304Sjkim * Until the key-gen callbacks are modified to use newer prototypes, we allow 61280304Sjkim * deprecated functions for openssl-internal code 62280304Sjkim */ 63160814Ssimon#ifdef OPENSSL_NO_DEPRECATED 64280304Sjkim# undef OPENSSL_NO_DEPRECATED 65160814Ssimon#endif 66160814Ssimon 6755714Skris#include <stdio.h> 6855714Skris#include <stdlib.h> 6955714Skris#include <string.h> 70109998Smarkm 71109998Smarkm#include "../e_os.h" 72109998Smarkm 7355714Skris#include <openssl/crypto.h> 7455714Skris#include <openssl/bio.h> 7555714Skris#include <openssl/bn.h> 7659191Skris#include <openssl/rand.h> 77100928Snectar#include <openssl/err.h> 7855714Skris 79109998Smarkm#ifdef OPENSSL_NO_DH 8055714Skrisint main(int argc, char *argv[]) 8155714Skris{ 8255714Skris printf("No DH support\n"); 83280304Sjkim return (0); 8455714Skris} 8555714Skris#else 86280304Sjkim# include <openssl/dh.h> 8755714Skris 88280304Sjkim# ifdef OPENSSL_SYS_WIN16 89280304Sjkim# define MS_CALLBACK _far _loadds 90280304Sjkim# else 91280304Sjkim# define MS_CALLBACK 92280304Sjkim# endif 9355714Skris 94160814Ssimonstatic int MS_CALLBACK cb(int p, int n, BN_GENCB *arg); 9555714Skris 96280304Sjkimstatic const char rnd_seed[] = 97280304Sjkim "string to make the random number generator think it has entropy"; 9855714Skris 9955714Skrisint main(int argc, char *argv[]) 100280304Sjkim{ 101280304Sjkim BN_GENCB _cb; 102280304Sjkim DH *a; 103280304Sjkim DH *b = NULL; 104280304Sjkim char buf[12]; 105280304Sjkim unsigned char *abuf = NULL, *bbuf = NULL; 106280304Sjkim int i, alen, blen, aout, bout, ret = 1; 107280304Sjkim BIO *out; 10855714Skris 109280304Sjkim CRYPTO_malloc_debug_init(); 110280304Sjkim CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); 111280304Sjkim CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 112109998Smarkm 113280304Sjkim# ifdef OPENSSL_SYS_WIN32 114280304Sjkim CRYPTO_malloc_init(); 115280304Sjkim# endif 11655714Skris 117280304Sjkim RAND_seed(rnd_seed, sizeof rnd_seed); 11859191Skris 119280304Sjkim out = BIO_new(BIO_s_file()); 120280304Sjkim if (out == NULL) 121280304Sjkim EXIT(1); 122280304Sjkim BIO_set_fp(out, stdout, BIO_NOCLOSE); 12355714Skris 124280304Sjkim BN_GENCB_set(&_cb, &cb, out); 125280304Sjkim if (((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, 126280304Sjkim DH_GENERATOR_5, 127280304Sjkim &_cb)) 128280304Sjkim goto err; 12955714Skris 130280304Sjkim if (!DH_check(a, &i)) 131280304Sjkim goto err; 132280304Sjkim if (i & DH_CHECK_P_NOT_PRIME) 133280304Sjkim BIO_puts(out, "p value is not prime\n"); 134280304Sjkim if (i & DH_CHECK_P_NOT_SAFE_PRIME) 135280304Sjkim BIO_puts(out, "p value is not a safe prime\n"); 136280304Sjkim if (i & DH_UNABLE_TO_CHECK_GENERATOR) 137280304Sjkim BIO_puts(out, "unable to check the generator value\n"); 138280304Sjkim if (i & DH_NOT_SUITABLE_GENERATOR) 139280304Sjkim BIO_puts(out, "the g value is not a generator\n"); 140100928Snectar 141280304Sjkim BIO_puts(out, "\np ="); 142280304Sjkim BN_print(out, a->p); 143280304Sjkim BIO_puts(out, "\ng ="); 144280304Sjkim BN_print(out, a->g); 145280304Sjkim BIO_puts(out, "\n"); 14655714Skris 147280304Sjkim b = DH_new(); 148280304Sjkim if (b == NULL) 149280304Sjkim goto err; 15055714Skris 151280304Sjkim b->p = BN_dup(a->p); 152280304Sjkim b->g = BN_dup(a->g); 153280304Sjkim if ((b->p == NULL) || (b->g == NULL)) 154280304Sjkim goto err; 15555714Skris 156280304Sjkim /* Set a to run with normal modexp and b to use constant time */ 157280304Sjkim a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME; 158280304Sjkim b->flags |= DH_FLAG_NO_EXP_CONSTTIME; 159160814Ssimon 160280304Sjkim if (!DH_generate_key(a)) 161280304Sjkim goto err; 162280304Sjkim BIO_puts(out, "pri 1="); 163280304Sjkim BN_print(out, a->priv_key); 164280304Sjkim BIO_puts(out, "\npub 1="); 165280304Sjkim BN_print(out, a->pub_key); 166280304Sjkim BIO_puts(out, "\n"); 16755714Skris 168280304Sjkim if (!DH_generate_key(b)) 169280304Sjkim goto err; 170280304Sjkim BIO_puts(out, "pri 2="); 171280304Sjkim BN_print(out, b->priv_key); 172280304Sjkim BIO_puts(out, "\npub 2="); 173280304Sjkim BN_print(out, b->pub_key); 174280304Sjkim BIO_puts(out, "\n"); 17555714Skris 176280304Sjkim alen = DH_size(a); 177280304Sjkim abuf = (unsigned char *)OPENSSL_malloc(alen); 178280304Sjkim aout = DH_compute_key(abuf, b->pub_key, a); 17955714Skris 180280304Sjkim BIO_puts(out, "key1 ="); 181280304Sjkim for (i = 0; i < aout; i++) { 182280304Sjkim sprintf(buf, "%02X", abuf[i]); 183280304Sjkim BIO_puts(out, buf); 184280304Sjkim } 185280304Sjkim BIO_puts(out, "\n"); 18655714Skris 187280304Sjkim blen = DH_size(b); 188280304Sjkim bbuf = (unsigned char *)OPENSSL_malloc(blen); 189280304Sjkim bout = DH_compute_key(bbuf, a->pub_key, b); 19055714Skris 191280304Sjkim BIO_puts(out, "key2 ="); 192280304Sjkim for (i = 0; i < bout; i++) { 193280304Sjkim sprintf(buf, "%02X", bbuf[i]); 194280304Sjkim BIO_puts(out, buf); 195280304Sjkim } 196280304Sjkim BIO_puts(out, "\n"); 197280304Sjkim if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) { 198280304Sjkim fprintf(stderr, "Error in DH routines\n"); 199280304Sjkim ret = 1; 200280304Sjkim } else 201280304Sjkim ret = 0; 202280304Sjkim err: 203280304Sjkim ERR_print_errors_fp(stderr); 204100928Snectar 205280304Sjkim if (abuf != NULL) 206280304Sjkim OPENSSL_free(abuf); 207280304Sjkim if (bbuf != NULL) 208280304Sjkim OPENSSL_free(bbuf); 209280304Sjkim if (b != NULL) 210280304Sjkim DH_free(b); 211280304Sjkim if (a != NULL) 212280304Sjkim DH_free(a); 213280304Sjkim BIO_free(out); 214280304Sjkim# ifdef OPENSSL_SYS_NETWARE 215280304Sjkim if (ret) 216280304Sjkim printf("ERROR: %d\n", ret); 217280304Sjkim# endif 218280304Sjkim EXIT(ret); 219280304Sjkim return (ret); 220280304Sjkim} 22155714Skris 222160814Ssimonstatic int MS_CALLBACK cb(int p, int n, BN_GENCB *arg) 223280304Sjkim{ 224280304Sjkim char c = '*'; 22555714Skris 226280304Sjkim if (p == 0) 227280304Sjkim c = '.'; 228280304Sjkim if (p == 1) 229280304Sjkim c = '+'; 230280304Sjkim if (p == 2) 231280304Sjkim c = '*'; 232280304Sjkim if (p == 3) 233280304Sjkim c = '\n'; 234280304Sjkim BIO_write(arg->arg, &c, 1); 235280304Sjkim (void)BIO_flush(arg->arg); 236280304Sjkim# ifdef LINT 237280304Sjkim p = n; 238280304Sjkim# endif 239280304Sjkim return 1; 240280304Sjkim} 24155714Skris#endif 242