d 0773d / CyaSSL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   CyaSSL_Example

Fork of CyaSSL by wolf SSL

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers dh.c Source File

dh.c

00001 /* dh.c
00002  *
00003  * Copyright (C) 2006-2014 wolfSSL Inc.
00004  *
00005  * This file is part of CyaSSL.
00006  *
00007  * CyaSSL is free software; you can redistribute it and/or modify
00008  * it under the terms of the GNU General Public License as published by
00009  * the Free Software Foundation; either version 2 of the License, or
00010  * (at your option) any later version.
00011  *
00012  * CyaSSL is distributed in the hope that it will be useful,
00013  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00014  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00015  * GNU General Public License for more details.
00016  *
00017  * You should have received a copy of the GNU General Public License
00018  * along with this program; if not, write to the Free Software
00019  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
00020  */
00021 
00022 #ifdef HAVE_CONFIG_H
00023     #include <config.h>
00024 #endif
00025 
00026 #include <cyassl/ctaocrypt/settings.h>
00027 
00028 #ifndef NO_DH
00029 
00030 #include <cyassl/ctaocrypt/dh.h>
00031 #include <cyassl/ctaocrypt/error-crypt.h>
00032 
00033 #ifndef USER_MATH_LIB
00034     #include <math.h>
00035     #define XPOW(x,y) pow((x),(y))
00036     #define XLOG(x)   log((x))
00037 #else
00038     /* user's own math lib */
00039 #endif
00040 
00041 
00042 #ifndef min
00043 
00044     static INLINE word32 min(word32 a, word32 b)
00045     {
00046         return a > b ? b : a;
00047     }
00048 
00049 #endif /* min */
00050 
00051 
00052 void InitDhKey(DhKey* key)
00053 {
00054     (void)key;
00055 /* TomsFastMath doesn't use memory allocation */
00056 #ifndef USE_FAST_MATH
00057     key->p.dp = 0;
00058     key->g.dp = 0;
00059 #endif
00060 }
00061 
00062 
00063 void FreeDhKey(DhKey* key)
00064 {
00065     (void)key;
00066 /* TomsFastMath doesn't use memory allocation */
00067 #ifndef USE_FAST_MATH
00068     mp_clear(&key->p);
00069     mp_clear(&key->g);
00070 #endif
00071 }
00072 
00073 
00074 static word32 DiscreteLogWorkFactor(word32 n)
00075 {
00076     /* assuming discrete log takes about the same time as factoring */
00077     if (n<5)
00078         return 0;
00079     else
00080         return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
00081                 XPOW(XLOG((double)n), 2.0/3.0) - 5);
00082 }
00083 
00084 
00085 static int GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
00086 {
00087     int ret;
00088     word32 sz = mp_unsigned_bin_size(&key->p);
00089     sz = min(sz, 2 * DiscreteLogWorkFactor(sz * CYASSL_BIT_SIZE) /
00090                                            CYASSL_BIT_SIZE + 1);
00091 
00092     ret = RNG_GenerateBlock(rng, priv, sz);
00093     if (ret != 0)
00094         return ret;
00095 
00096     priv[0] |= 0x0C;
00097 
00098     *privSz = sz;
00099 
00100     return 0;
00101 }
00102 
00103 
00104 static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz,
00105                           byte* pub, word32* pubSz)
00106 {
00107     int ret = 0;
00108 
00109     mp_int x; 
00110     mp_int y;
00111 
00112     if (mp_init_multi(&x, &y, 0, 0, 0, 0) != MP_OKAY)
00113         return MP_INIT_E;
00114 
00115     if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
00116         ret = MP_READ_E;
00117 
00118     if (ret == 0 && mp_exptmod(&key->g, &x, &key->p, &y) != MP_OKAY)
00119         ret = MP_EXPTMOD_E;
00120 
00121     if (ret == 0 && mp_to_unsigned_bin(&y, pub) != MP_OKAY)
00122         ret = MP_TO_E;
00123 
00124     if (ret == 0)
00125         *pubSz = mp_unsigned_bin_size(&y);
00126 
00127     mp_clear(&y);
00128     mp_clear(&x);
00129 
00130     return ret;
00131 }
00132 
00133 
00134 int DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz,
00135                       byte* pub, word32* pubSz)
00136 {
00137     int ret = GeneratePrivate(key, rng, priv, privSz);
00138 
00139     return (ret != 0) ? ret : GeneratePublic(key, priv, *privSz, pub, pubSz);
00140 }
00141 
00142 int DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
00143             word32 privSz, const byte* otherPub, word32 pubSz)
00144 {
00145     int ret = 0;
00146 
00147     mp_int x; 
00148     mp_int y;
00149     mp_int z;
00150 
00151     if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY)
00152         return MP_INIT_E;
00153 
00154     if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
00155         ret = MP_READ_E;
00156 
00157     if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
00158         ret = MP_READ_E;
00159 
00160     if (ret == 0 && mp_exptmod(&y, &x, &key->p, &z) != MP_OKAY)
00161         ret = MP_EXPTMOD_E;
00162 
00163     if (ret == 0 && mp_to_unsigned_bin(&z, agree) != MP_OKAY)
00164         ret = MP_TO_E;
00165 
00166     if (ret == 0)
00167         *agreeSz = mp_unsigned_bin_size(&z);
00168 
00169     mp_clear(&z);
00170     mp_clear(&y);
00171     mp_clear(&x);
00172 
00173     return ret;
00174 }
00175 
00176 
00177 #endif /* NO_DH */
00178 
00179
Generated on Tue Jul 12 2022 21:40:04 by  doxygen 1.7.2