Elijah P / CyaSSL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Fork of CyaSSL by wolf SSL

ctaocrypt/src/dh.c@4:e505054279ed, 2015-01-14 (annotated)

Committer:
Vanger
Date:
Wed Jan 14 22:07:14 2015 +0000
Revision:
4:e505054279ed
Parent:
0:1239e9b70ca2 
Implemented some platform specific functions in the Cyassl library code: time functions, seed random functions, and also changed the settings.h file to define settings specific to the platform being used

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:1239e9b70ca2 1 /* dh.c
wolfSSL 0:1239e9b70ca2 2 *
wolfSSL 0:1239e9b70ca2 3 * Copyright (C) 2006-2014 wolfSSL Inc.
wolfSSL 0:1239e9b70ca2 4 *
wolfSSL 0:1239e9b70ca2 5 * This file is part of CyaSSL.
wolfSSL 0:1239e9b70ca2 6 *
wolfSSL 0:1239e9b70ca2 7 * CyaSSL is free software; you can redistribute it and/or modify
wolfSSL 0:1239e9b70ca2 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:1239e9b70ca2 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:1239e9b70ca2 10 * (at your option) any later version.
wolfSSL 0:1239e9b70ca2 11 *
wolfSSL 0:1239e9b70ca2 12 * CyaSSL is distributed in the hope that it will be useful,
wolfSSL 0:1239e9b70ca2 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:1239e9b70ca2 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:1239e9b70ca2 15 * GNU General Public License for more details.
wolfSSL 0:1239e9b70ca2 16 *
wolfSSL 0:1239e9b70ca2 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:1239e9b70ca2 18 * along with this program; if not, write to the Free Software
wolfSSL 0:1239e9b70ca2 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:1239e9b70ca2 20 */
wolfSSL 0:1239e9b70ca2 21
wolfSSL 0:1239e9b70ca2 22 #ifdef HAVE_CONFIG_H
wolfSSL 0:1239e9b70ca2 23 #include <config.h>
wolfSSL 0:1239e9b70ca2 24 #endif
wolfSSL 0:1239e9b70ca2 25
wolfSSL 0:1239e9b70ca2 26 #include <cyassl/ctaocrypt/settings.h>
wolfSSL 0:1239e9b70ca2 27
wolfSSL 0:1239e9b70ca2 28 #ifndef NO_DH
wolfSSL 0:1239e9b70ca2 29
wolfSSL 0:1239e9b70ca2 30 #include <cyassl/ctaocrypt/dh.h>
wolfSSL 0:1239e9b70ca2 31 #include <cyassl/ctaocrypt/error-crypt.h>
wolfSSL 0:1239e9b70ca2 32
wolfSSL 0:1239e9b70ca2 33 #ifndef USER_MATH_LIB
wolfSSL 0:1239e9b70ca2 34 #include <math.h>
wolfSSL 0:1239e9b70ca2 35 #define XPOW(x,y) pow((x),(y))
wolfSSL 0:1239e9b70ca2 36 #define XLOG(x) log((x))
wolfSSL 0:1239e9b70ca2 37 #else
wolfSSL 0:1239e9b70ca2 38 /* user's own math lib */
wolfSSL 0:1239e9b70ca2 39 #endif
wolfSSL 0:1239e9b70ca2 40
wolfSSL 0:1239e9b70ca2 41
wolfSSL 0:1239e9b70ca2 42 #ifndef min
wolfSSL 0:1239e9b70ca2 43
wolfSSL 0:1239e9b70ca2 44 static INLINE word32 min(word32 a, word32 b)
wolfSSL 0:1239e9b70ca2 45 {
wolfSSL 0:1239e9b70ca2 46 return a > b ? b : a;
wolfSSL 0:1239e9b70ca2 47 }
wolfSSL 0:1239e9b70ca2 48
wolfSSL 0:1239e9b70ca2 49 #endif /* min */
wolfSSL 0:1239e9b70ca2 50
wolfSSL 0:1239e9b70ca2 51
wolfSSL 0:1239e9b70ca2 52 void InitDhKey(DhKey* key)
wolfSSL 0:1239e9b70ca2 53 {
wolfSSL 0:1239e9b70ca2 54 (void)key;
wolfSSL 0:1239e9b70ca2 55 /* TomsFastMath doesn't use memory allocation */
wolfSSL 0:1239e9b70ca2 56 #ifndef USE_FAST_MATH
wolfSSL 0:1239e9b70ca2 57 key->p.dp = 0;
wolfSSL 0:1239e9b70ca2 58 key->g.dp = 0;
wolfSSL 0:1239e9b70ca2 59 #endif
wolfSSL 0:1239e9b70ca2 60 }
wolfSSL 0:1239e9b70ca2 61
wolfSSL 0:1239e9b70ca2 62
wolfSSL 0:1239e9b70ca2 63 void FreeDhKey(DhKey* key)
wolfSSL 0:1239e9b70ca2 64 {
wolfSSL 0:1239e9b70ca2 65 (void)key;
wolfSSL 0:1239e9b70ca2 66 /* TomsFastMath doesn't use memory allocation */
wolfSSL 0:1239e9b70ca2 67 #ifndef USE_FAST_MATH
wolfSSL 0:1239e9b70ca2 68 mp_clear(&key->p);
wolfSSL 0:1239e9b70ca2 69 mp_clear(&key->g);
wolfSSL 0:1239e9b70ca2 70 #endif
wolfSSL 0:1239e9b70ca2 71 }
wolfSSL 0:1239e9b70ca2 72
wolfSSL 0:1239e9b70ca2 73
wolfSSL 0:1239e9b70ca2 74 static word32 DiscreteLogWorkFactor(word32 n)
wolfSSL 0:1239e9b70ca2 75 {
wolfSSL 0:1239e9b70ca2 76 /* assuming discrete log takes about the same time as factoring */
wolfSSL 0:1239e9b70ca2 77 if (n<5)
wolfSSL 0:1239e9b70ca2 78 return 0;
wolfSSL 0:1239e9b70ca2 79 else
wolfSSL 0:1239e9b70ca2 80 return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
wolfSSL 0:1239e9b70ca2 81 XPOW(XLOG((double)n), 2.0/3.0) - 5);
wolfSSL 0:1239e9b70ca2 82 }
wolfSSL 0:1239e9b70ca2 83
wolfSSL 0:1239e9b70ca2 84
wolfSSL 0:1239e9b70ca2 85 static int GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
wolfSSL 0:1239e9b70ca2 86 {
wolfSSL 0:1239e9b70ca2 87 int ret;
wolfSSL 0:1239e9b70ca2 88 word32 sz = mp_unsigned_bin_size(&key->p);
wolfSSL 0:1239e9b70ca2 89 sz = min(sz, 2 * DiscreteLogWorkFactor(sz * CYASSL_BIT_SIZE) /
wolfSSL 0:1239e9b70ca2 90 CYASSL_BIT_SIZE + 1);
wolfSSL 0:1239e9b70ca2 91
wolfSSL 0:1239e9b70ca2 92 ret = RNG_GenerateBlock(rng, priv, sz);
wolfSSL 0:1239e9b70ca2 93 if (ret != 0)
wolfSSL 0:1239e9b70ca2 94 return ret;
wolfSSL 0:1239e9b70ca2 95
wolfSSL 0:1239e9b70ca2 96 priv[0] |= 0x0C;
wolfSSL 0:1239e9b70ca2 97
wolfSSL 0:1239e9b70ca2 98 *privSz = sz;
wolfSSL 0:1239e9b70ca2 99
wolfSSL 0:1239e9b70ca2 100 return 0;
wolfSSL 0:1239e9b70ca2 101 }
wolfSSL 0:1239e9b70ca2 102
wolfSSL 0:1239e9b70ca2 103
wolfSSL 0:1239e9b70ca2 104 static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz,
wolfSSL 0:1239e9b70ca2 105 byte* pub, word32* pubSz)
wolfSSL 0:1239e9b70ca2 106 {
wolfSSL 0:1239e9b70ca2 107 int ret = 0;
wolfSSL 0:1239e9b70ca2 108
wolfSSL 0:1239e9b70ca2 109 mp_int x;
wolfSSL 0:1239e9b70ca2 110 mp_int y;
wolfSSL 0:1239e9b70ca2 111
wolfSSL 0:1239e9b70ca2 112 if (mp_init_multi(&x, &y, 0, 0, 0, 0) != MP_OKAY)
wolfSSL 0:1239e9b70ca2 113 return MP_INIT_E;
wolfSSL 0:1239e9b70ca2 114
wolfSSL 0:1239e9b70ca2 115 if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
wolfSSL 0:1239e9b70ca2 116 ret = MP_READ_E;
wolfSSL 0:1239e9b70ca2 117
wolfSSL 0:1239e9b70ca2 118 if (ret == 0 && mp_exptmod(&key->g, &x, &key->p, &y) != MP_OKAY)
wolfSSL 0:1239e9b70ca2 119 ret = MP_EXPTMOD_E;
wolfSSL 0:1239e9b70ca2 120
wolfSSL 0:1239e9b70ca2 121 if (ret == 0 && mp_to_unsigned_bin(&y, pub) != MP_OKAY)
wolfSSL 0:1239e9b70ca2 122 ret = MP_TO_E;
wolfSSL 0:1239e9b70ca2 123
wolfSSL 0:1239e9b70ca2 124 if (ret == 0)
wolfSSL 0:1239e9b70ca2 125 *pubSz = mp_unsigned_bin_size(&y);
wolfSSL 0:1239e9b70ca2 126
wolfSSL 0:1239e9b70ca2 127 mp_clear(&y);
wolfSSL 0:1239e9b70ca2 128 mp_clear(&x);
wolfSSL 0:1239e9b70ca2 129
wolfSSL 0:1239e9b70ca2 130 return ret;
wolfSSL 0:1239e9b70ca2 131 }
wolfSSL 0:1239e9b70ca2 132
wolfSSL 0:1239e9b70ca2 133
wolfSSL 0:1239e9b70ca2 134 int DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz,
wolfSSL 0:1239e9b70ca2 135 byte* pub, word32* pubSz)
wolfSSL 0:1239e9b70ca2 136 {
wolfSSL 0:1239e9b70ca2 137 int ret = GeneratePrivate(key, rng, priv, privSz);
wolfSSL 0:1239e9b70ca2 138
wolfSSL 0:1239e9b70ca2 139 return (ret != 0) ? ret : GeneratePublic(key, priv, *privSz, pub, pubSz);
wolfSSL 0:1239e9b70ca2 140 }
wolfSSL 0:1239e9b70ca2 141
wolfSSL 0:1239e9b70ca2 142 int DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
wolfSSL 0:1239e9b70ca2 143 word32 privSz, const byte* otherPub, word32 pubSz)
wolfSSL 0:1239e9b70ca2 144 {
wolfSSL 0:1239e9b70ca2 145 int ret = 0;
wolfSSL 0:1239e9b70ca2 146
wolfSSL 0:1239e9b70ca2 147 mp_int x;
wolfSSL 0:1239e9b70ca2 148 mp_int y;
wolfSSL 0:1239e9b70ca2 149 mp_int z;
wolfSSL 0:1239e9b70ca2 150
wolfSSL 0:1239e9b70ca2 151 if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY)
wolfSSL 0:1239e9b70ca2 152 return MP_INIT_E;
wolfSSL 0:1239e9b70ca2 153
wolfSSL 0:1239e9b70ca2 154 if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
wolfSSL 0:1239e9b70ca2 155 ret = MP_READ_E;
wolfSSL 0:1239e9b70ca2 156
wolfSSL 0:1239e9b70ca2 157 if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
wolfSSL 0:1239e9b70ca2 158 ret = MP_READ_E;
wolfSSL 0:1239e9b70ca2 159
wolfSSL 0:1239e9b70ca2 160 if (ret == 0 && mp_exptmod(&y, &x, &key->p, &z) != MP_OKAY)
wolfSSL 0:1239e9b70ca2 161 ret = MP_EXPTMOD_E;
wolfSSL 0:1239e9b70ca2 162
wolfSSL 0:1239e9b70ca2 163 if (ret == 0 && mp_to_unsigned_bin(&z, agree) != MP_OKAY)
wolfSSL 0:1239e9b70ca2 164 ret = MP_TO_E;
wolfSSL 0:1239e9b70ca2 165
wolfSSL 0:1239e9b70ca2 166 if (ret == 0)
wolfSSL 0:1239e9b70ca2 167 *agreeSz = mp_unsigned_bin_size(&z);
wolfSSL 0:1239e9b70ca2 168
wolfSSL 0:1239e9b70ca2 169 mp_clear(&z);
wolfSSL 0:1239e9b70ca2 170 mp_clear(&y);
wolfSSL 0:1239e9b70ca2 171 mp_clear(&x);
wolfSSL 0:1239e9b70ca2 172
wolfSSL 0:1239e9b70ca2 173 return ret;
wolfSSL 0:1239e9b70ca2 174 }
wolfSSL 0:1239e9b70ca2 175
wolfSSL 0:1239e9b70ca2 176
wolfSSL 0:1239e9b70ca2 177 #endif /* NO_DH */
wolfSSL 0:1239e9b70ca2 178
wolfSSL 0:1239e9b70ca2 179