Xuyi Wang / wolfSSL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   OS

wolfcrypt/src/dh.c@0:d92f9d21154c, 2015-06-26 (annotated)

Committer:
wolfSSL
Date:
Fri Jun 26 00:39:20 2015 +0000
Revision:
0:d92f9d21154c
wolfSSL 3.6.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:d92f9d21154c 1 /* dh.c
wolfSSL 0:d92f9d21154c 2 *
wolfSSL 0:d92f9d21154c 3 * Copyright (C) 2006-2015 wolfSSL Inc.
wolfSSL 0:d92f9d21154c 4 *
wolfSSL 0:d92f9d21154c 5 * This file is part of wolfSSL. (formerly known as CyaSSL)
wolfSSL 0:d92f9d21154c 6 *
wolfSSL 0:d92f9d21154c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 0:d92f9d21154c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:d92f9d21154c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:d92f9d21154c 10 * (at your option) any later version.
wolfSSL 0:d92f9d21154c 11 *
wolfSSL 0:d92f9d21154c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 0:d92f9d21154c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:d92f9d21154c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:d92f9d21154c 15 * GNU General Public License for more details.
wolfSSL 0:d92f9d21154c 16 *
wolfSSL 0:d92f9d21154c 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:d92f9d21154c 18 * along with this program; if not, write to the Free Software
wolfSSL 0:d92f9d21154c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:d92f9d21154c 20 */
wolfSSL 0:d92f9d21154c 21
wolfSSL 0:d92f9d21154c 22 #ifdef HAVE_CONFIG_H
wolfSSL 0:d92f9d21154c 23 #include <config.h>
wolfSSL 0:d92f9d21154c 24 #endif
wolfSSL 0:d92f9d21154c 25
wolfSSL 0:d92f9d21154c 26 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 0:d92f9d21154c 27
wolfSSL 0:d92f9d21154c 28 #ifndef NO_DH
wolfSSL 0:d92f9d21154c 29
wolfSSL 0:d92f9d21154c 30 #include <wolfssl/wolfcrypt/dh.h>
wolfSSL 0:d92f9d21154c 31 #include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL 0:d92f9d21154c 32
wolfSSL 0:d92f9d21154c 33 #ifndef USER_MATH_LIB
wolfSSL 0:d92f9d21154c 34 #include <math.h>
wolfSSL 0:d92f9d21154c 35 #define XPOW(x,y) pow((x),(y))
wolfSSL 0:d92f9d21154c 36 #define XLOG(x) log((x))
wolfSSL 0:d92f9d21154c 37 #else
wolfSSL 0:d92f9d21154c 38 /* user's own math lib */
wolfSSL 0:d92f9d21154c 39 #endif
wolfSSL 0:d92f9d21154c 40
wolfSSL 0:d92f9d21154c 41
wolfSSL 0:d92f9d21154c 42 #ifndef WOLFSSL_HAVE_MIN
wolfSSL 0:d92f9d21154c 43 #define WOLFSSL_HAVE_MIN
wolfSSL 0:d92f9d21154c 44
wolfSSL 0:d92f9d21154c 45 static INLINE word32 min(word32 a, word32 b)
wolfSSL 0:d92f9d21154c 46 {
wolfSSL 0:d92f9d21154c 47 return a > b ? b : a;
wolfSSL 0:d92f9d21154c 48 }
wolfSSL 0:d92f9d21154c 49
wolfSSL 0:d92f9d21154c 50 #endif /* WOLFSSL_HAVE_MIN */
wolfSSL 0:d92f9d21154c 51
wolfSSL 0:d92f9d21154c 52
wolfSSL 0:d92f9d21154c 53 void wc_InitDhKey(DhKey* key)
wolfSSL 0:d92f9d21154c 54 {
wolfSSL 0:d92f9d21154c 55 (void)key;
wolfSSL 0:d92f9d21154c 56 /* TomsFastMath doesn't use memory allocation */
wolfSSL 0:d92f9d21154c 57 #ifndef USE_FAST_MATH
wolfSSL 0:d92f9d21154c 58 key->p.dp = 0;
wolfSSL 0:d92f9d21154c 59 key->g.dp = 0;
wolfSSL 0:d92f9d21154c 60 #endif
wolfSSL 0:d92f9d21154c 61 }
wolfSSL 0:d92f9d21154c 62
wolfSSL 0:d92f9d21154c 63
wolfSSL 0:d92f9d21154c 64 void wc_FreeDhKey(DhKey* key)
wolfSSL 0:d92f9d21154c 65 {
wolfSSL 0:d92f9d21154c 66 (void)key;
wolfSSL 0:d92f9d21154c 67 /* TomsFastMath doesn't use memory allocation */
wolfSSL 0:d92f9d21154c 68 #ifndef USE_FAST_MATH
wolfSSL 0:d92f9d21154c 69 mp_clear(&key->p);
wolfSSL 0:d92f9d21154c 70 mp_clear(&key->g);
wolfSSL 0:d92f9d21154c 71 #endif
wolfSSL 0:d92f9d21154c 72 }
wolfSSL 0:d92f9d21154c 73
wolfSSL 0:d92f9d21154c 74
wolfSSL 0:d92f9d21154c 75 static word32 DiscreteLogWorkFactor(word32 n)
wolfSSL 0:d92f9d21154c 76 {
wolfSSL 0:d92f9d21154c 77 /* assuming discrete log takes about the same time as factoring */
wolfSSL 0:d92f9d21154c 78 if (n<5)
wolfSSL 0:d92f9d21154c 79 return 0;
wolfSSL 0:d92f9d21154c 80 else
wolfSSL 0:d92f9d21154c 81 return (word32)(2.4 * XPOW((double)n, 1.0/3.0) *
wolfSSL 0:d92f9d21154c 82 XPOW(XLOG((double)n), 2.0/3.0) - 5);
wolfSSL 0:d92f9d21154c 83 }
wolfSSL 0:d92f9d21154c 84
wolfSSL 0:d92f9d21154c 85
wolfSSL 0:d92f9d21154c 86 static int GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
wolfSSL 0:d92f9d21154c 87 {
wolfSSL 0:d92f9d21154c 88 int ret;
wolfSSL 0:d92f9d21154c 89 word32 sz = mp_unsigned_bin_size(&key->p);
wolfSSL 0:d92f9d21154c 90 sz = min(sz, 2 * DiscreteLogWorkFactor(sz * WOLFSSL_BIT_SIZE) /
wolfSSL 0:d92f9d21154c 91 WOLFSSL_BIT_SIZE + 1);
wolfSSL 0:d92f9d21154c 92
wolfSSL 0:d92f9d21154c 93 ret = wc_RNG_GenerateBlock(rng, priv, sz);
wolfSSL 0:d92f9d21154c 94 if (ret != 0)
wolfSSL 0:d92f9d21154c 95 return ret;
wolfSSL 0:d92f9d21154c 96
wolfSSL 0:d92f9d21154c 97 priv[0] |= 0x0C;
wolfSSL 0:d92f9d21154c 98
wolfSSL 0:d92f9d21154c 99 *privSz = sz;
wolfSSL 0:d92f9d21154c 100
wolfSSL 0:d92f9d21154c 101 return 0;
wolfSSL 0:d92f9d21154c 102 }
wolfSSL 0:d92f9d21154c 103
wolfSSL 0:d92f9d21154c 104
wolfSSL 0:d92f9d21154c 105 static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz,
wolfSSL 0:d92f9d21154c 106 byte* pub, word32* pubSz)
wolfSSL 0:d92f9d21154c 107 {
wolfSSL 0:d92f9d21154c 108 int ret = 0;
wolfSSL 0:d92f9d21154c 109
wolfSSL 0:d92f9d21154c 110 mp_int x;
wolfSSL 0:d92f9d21154c 111 mp_int y;
wolfSSL 0:d92f9d21154c 112
wolfSSL 0:d92f9d21154c 113 if (mp_init_multi(&x, &y, 0, 0, 0, 0) != MP_OKAY)
wolfSSL 0:d92f9d21154c 114 return MP_INIT_E;
wolfSSL 0:d92f9d21154c 115
wolfSSL 0:d92f9d21154c 116 if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
wolfSSL 0:d92f9d21154c 117 ret = MP_READ_E;
wolfSSL 0:d92f9d21154c 118
wolfSSL 0:d92f9d21154c 119 if (ret == 0 && mp_exptmod(&key->g, &x, &key->p, &y) != MP_OKAY)
wolfSSL 0:d92f9d21154c 120 ret = MP_EXPTMOD_E;
wolfSSL 0:d92f9d21154c 121
wolfSSL 0:d92f9d21154c 122 if (ret == 0 && mp_to_unsigned_bin(&y, pub) != MP_OKAY)
wolfSSL 0:d92f9d21154c 123 ret = MP_TO_E;
wolfSSL 0:d92f9d21154c 124
wolfSSL 0:d92f9d21154c 125 if (ret == 0)
wolfSSL 0:d92f9d21154c 126 *pubSz = mp_unsigned_bin_size(&y);
wolfSSL 0:d92f9d21154c 127
wolfSSL 0:d92f9d21154c 128 mp_clear(&y);
wolfSSL 0:d92f9d21154c 129 mp_clear(&x);
wolfSSL 0:d92f9d21154c 130
wolfSSL 0:d92f9d21154c 131 return ret;
wolfSSL 0:d92f9d21154c 132 }
wolfSSL 0:d92f9d21154c 133
wolfSSL 0:d92f9d21154c 134
wolfSSL 0:d92f9d21154c 135 int wc_DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz,
wolfSSL 0:d92f9d21154c 136 byte* pub, word32* pubSz)
wolfSSL 0:d92f9d21154c 137 {
wolfSSL 0:d92f9d21154c 138 int ret = GeneratePrivate(key, rng, priv, privSz);
wolfSSL 0:d92f9d21154c 139
wolfSSL 0:d92f9d21154c 140 return (ret != 0) ? ret : GeneratePublic(key, priv, *privSz, pub, pubSz);
wolfSSL 0:d92f9d21154c 141 }
wolfSSL 0:d92f9d21154c 142
wolfSSL 0:d92f9d21154c 143 int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
wolfSSL 0:d92f9d21154c 144 word32 privSz, const byte* otherPub, word32 pubSz)
wolfSSL 0:d92f9d21154c 145 {
wolfSSL 0:d92f9d21154c 146 int ret = 0;
wolfSSL 0:d92f9d21154c 147
wolfSSL 0:d92f9d21154c 148 mp_int x;
wolfSSL 0:d92f9d21154c 149 mp_int y;
wolfSSL 0:d92f9d21154c 150 mp_int z;
wolfSSL 0:d92f9d21154c 151
wolfSSL 0:d92f9d21154c 152 if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY)
wolfSSL 0:d92f9d21154c 153 return MP_INIT_E;
wolfSSL 0:d92f9d21154c 154
wolfSSL 0:d92f9d21154c 155 if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
wolfSSL 0:d92f9d21154c 156 ret = MP_READ_E;
wolfSSL 0:d92f9d21154c 157
wolfSSL 0:d92f9d21154c 158 if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
wolfSSL 0:d92f9d21154c 159 ret = MP_READ_E;
wolfSSL 0:d92f9d21154c 160
wolfSSL 0:d92f9d21154c 161 if (ret == 0 && mp_exptmod(&y, &x, &key->p, &z) != MP_OKAY)
wolfSSL 0:d92f9d21154c 162 ret = MP_EXPTMOD_E;
wolfSSL 0:d92f9d21154c 163
wolfSSL 0:d92f9d21154c 164 if (ret == 0 && mp_to_unsigned_bin(&z, agree) != MP_OKAY)
wolfSSL 0:d92f9d21154c 165 ret = MP_TO_E;
wolfSSL 0:d92f9d21154c 166
wolfSSL 0:d92f9d21154c 167 if (ret == 0)
wolfSSL 0:d92f9d21154c 168 *agreeSz = mp_unsigned_bin_size(&z);
wolfSSL 0:d92f9d21154c 169
wolfSSL 0:d92f9d21154c 170 mp_clear(&z);
wolfSSL 0:d92f9d21154c 171 mp_clear(&y);
wolfSSL 0:d92f9d21154c 172 mp_clear(&x);
wolfSSL 0:d92f9d21154c 173
wolfSSL 0:d92f9d21154c 174 return ret;
wolfSSL 0:d92f9d21154c 175 }
wolfSSL 0:d92f9d21154c 176
wolfSSL 0:d92f9d21154c 177
wolfSSL 0:d92f9d21154c 178 /* not in asn anymore since no actual asn types used */
wolfSSL 0:d92f9d21154c 179 int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
wolfSSL 0:d92f9d21154c 180 word32 gSz)
wolfSSL 0:d92f9d21154c 181 {
wolfSSL 0:d92f9d21154c 182 if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0)
wolfSSL 0:d92f9d21154c 183 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 184
wolfSSL 0:d92f9d21154c 185 /* may have leading 0 */
wolfSSL 0:d92f9d21154c 186 if (p[0] == 0) {
wolfSSL 0:d92f9d21154c 187 pSz--; p++;
wolfSSL 0:d92f9d21154c 188 }
wolfSSL 0:d92f9d21154c 189
wolfSSL 0:d92f9d21154c 190 if (g[0] == 0) {
wolfSSL 0:d92f9d21154c 191 gSz--; g++;
wolfSSL 0:d92f9d21154c 192 }
wolfSSL 0:d92f9d21154c 193
wolfSSL 0:d92f9d21154c 194 if (mp_init(&key->p) != MP_OKAY)
wolfSSL 0:d92f9d21154c 195 return MP_INIT_E;
wolfSSL 0:d92f9d21154c 196 if (mp_read_unsigned_bin(&key->p, p, pSz) != 0) {
wolfSSL 0:d92f9d21154c 197 mp_clear(&key->p);
wolfSSL 0:d92f9d21154c 198 return ASN_DH_KEY_E;
wolfSSL 0:d92f9d21154c 199 }
wolfSSL 0:d92f9d21154c 200
wolfSSL 0:d92f9d21154c 201 if (mp_init(&key->g) != MP_OKAY) {
wolfSSL 0:d92f9d21154c 202 mp_clear(&key->p);
wolfSSL 0:d92f9d21154c 203 return MP_INIT_E;
wolfSSL 0:d92f9d21154c 204 }
wolfSSL 0:d92f9d21154c 205 if (mp_read_unsigned_bin(&key->g, g, gSz) != 0) {
wolfSSL 0:d92f9d21154c 206 mp_clear(&key->g);
wolfSSL 0:d92f9d21154c 207 mp_clear(&key->p);
wolfSSL 0:d92f9d21154c 208 return ASN_DH_KEY_E;
wolfSSL 0:d92f9d21154c 209 }
wolfSSL 0:d92f9d21154c 210
wolfSSL 0:d92f9d21154c 211 return 0;
wolfSSL 0:d92f9d21154c 212 }
wolfSSL 0:d92f9d21154c 213
wolfSSL 0:d92f9d21154c 214
wolfSSL 0:d92f9d21154c 215 #endif /* NO_DH */
wolfSSL 0:d92f9d21154c 216
wolfSSL 0:d92f9d21154c 217