1/*
2 * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18/* crypto/dh/dh_key.c */
19/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
20 * All rights reserved.
21 *
22 * This package is an SSL implementation written
23 * by Eric Young (eay@cryptsoft.com).
24 * The implementation was written so as to conform with Netscapes SSL.
25 *
26 * This library is free for commercial and non-commercial use as long as
27 * the following conditions are aheared to.  The following conditions
28 * apply to all code found in this distribution, be it the RC4, RSA,
29 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
30 * included with this distribution is covered by the same copyright terms
31 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
32 *
33 * Copyright remains Eric Young's, and as such any Copyright notices in
34 * the code are not to be removed.
35 * If this package is used in a product, Eric Young should be given attribution
36 * as the author of the parts of the library used.
37 * This can be in the form of a textual message at program startup or
38 * in documentation (online or textual) provided with the package.
39 *
40 * Redistribution and use in source and binary forms, with or without
41 * modification, are permitted provided that the following conditions
42 * are met:
43 * 1. Redistributions of source code must retain the copyright
44 *    notice, this list of conditions and the following disclaimer.
45 * 2. Redistributions in binary form must reproduce the above copyright
46 *    notice, this list of conditions and the following disclaimer in the
47 *    documentation and/or other materials provided with the distribution.
48 * 3. All advertising materials mentioning features or use of this software
49 *    must display the following acknowledgement:
50 *    "This product includes cryptographic software written by
51 *     Eric Young (eay@cryptsoft.com)"
52 *    The word 'cryptographic' can be left out if the rouines from the library
53 *    being used are not cryptographic related :-).
54 * 4. If you include any Windows specific code (or a derivative thereof) from
55 *    the apps directory (application code) you must include an acknowledgement:
56 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
57 *
58 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
59 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
60 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
61 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
62 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
63 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
64 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
65 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
66 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
67 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
68 * SUCH DAMAGE.
69 *
70 * The licence and distribution terms for any publically available version or
71 * derivative of this code cannot be changed.  i.e. this code cannot simply be
72 * copied and put under another distribution licence
73 * [including the GNU Public Licence.]
74 */
75
76#include <stdio.h>
77#include "cryptlib.h"
78#include <openssl/bn.h>
79#include <openssl/rand.h>
80#include <openssl/dh.h>
81
82static int generate_key(DH *dh);
83static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
84static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
85			const BIGNUM *m, BN_CTX *ctx,
86			BN_MONT_CTX *m_ctx);
87static int dh_init(DH *dh);
88static int dh_finish(DH *dh);
89
90int DH_generate_key(DH *dh)
91	{
92	return dh->meth->generate_key(dh);
93	}
94
95int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
96	{
97	return dh->meth->compute_key(key, pub_key, dh);
98	}
99
100static DH_METHOD dh_ossl = {
101"OpenSSL DH Method",
102generate_key,
103compute_key,
104dh_bn_mod_exp,
105dh_init,
106dh_finish,
1070,
108NULL
109};
110
111DH_METHOD *DH_OpenSSL(void)
112{
113	return &dh_ossl;
114}
115
116static int generate_key(DH *dh)
117	{
118	int ok=0;
119	BN_CTX ctx;
120	BN_MONT_CTX *mont;
121	BIGNUM *pub_key=NULL,*priv_key=NULL;
122
123	BN_CTX_init(&ctx);
124
125	if (dh->priv_key == NULL)
126		{
127		priv_key=BN_new();
128		if (priv_key == NULL) goto err;
129		do
130			if (!BN_rand_range(priv_key, dh->p)) goto err;
131		while (BN_is_zero(priv_key));
132		}
133	else
134		priv_key=dh->priv_key;
135
136	if (dh->pub_key == NULL)
137		{
138		pub_key=BN_new();
139		if (pub_key == NULL) goto err;
140		}
141	else
142		pub_key=dh->pub_key;
143
144	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
145		{
146		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
147			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
148				dh->p,&ctx)) goto err;
149		}
150	mont=(BN_MONT_CTX *)dh->method_mont_p;
151
152	if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
153								goto err;
154
155	dh->pub_key=pub_key;
156	dh->priv_key=priv_key;
157	ok=1;
158err:
159	if (ok != 1)
160		DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
161
162	if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
163	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
164	BN_CTX_free(&ctx);
165	return(ok);
166	}
167
168static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
169	{
170	BN_CTX ctx;
171	BN_MONT_CTX *mont;
172	BIGNUM *tmp;
173	int ret= -1;
174
175	BN_CTX_init(&ctx);
176	BN_CTX_start(&ctx);
177	tmp = BN_CTX_get(&ctx);
178
179	if (dh->priv_key == NULL)
180		{
181		DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
182		goto err;
183		}
184	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
185		{
186		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
187			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
188				dh->p,&ctx)) goto err;
189		}
190
191	mont=(BN_MONT_CTX *)dh->method_mont_p;
192	if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
193		{
194		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
195		goto err;
196		}
197
198	ret=BN_bn2bin(tmp,key);
199err:
200	BN_CTX_end(&ctx);
201	BN_CTX_free(&ctx);
202	return(ret);
203	}
204
205static int dh_bn_mod_exp(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
206			const BIGNUM *m, BN_CTX *ctx,
207			BN_MONT_CTX *m_ctx)
208	{
209	if (a->top == 1)
210		{
211		BN_ULONG A = a->d[0];
212		return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
213		}
214	else
215		return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
216	}
217
218
219static int dh_init(DH *dh)
220	{
221	dh->flags |= DH_FLAG_CACHE_MONT_P;
222	return(1);
223	}
224
225static int dh_finish(DH *dh)
226	{
227	if(dh->method_mont_p)
228		BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
229	return(1);
230	}
231