1 /*

2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.

3 * Copyright (C) 1999, 2000, 2001 Henry Spencer.

4 * Copyright (C) 2005-2008 Martin Willi

5 * Copyright (C) 2005 Jan Hutter

6 * Hochschule fuer Technik Rapperswil

7 *

8 * This program is free software; you can redistribute it and/or modify it

9 * under the terms of the GNU General Public License as published by the

10 * Free Software Foundation; either version 2 of the License, or (at your

11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.

12 *

13 * This program is distributed in the hope that it will be useful, but

14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License

16 * for more details.

17 *

18 * $Id$

19 */

21 #include <gmp.h>

25 #include <debug.h>

28 /**

29 * Modulus of Group 1 (MODP_768_BIT).

30 */

38 };

40 /**

41 * Modulus of Group 2 (MODP_1024_BIT).

42 */

52 };

54 /**

55 * Modulus of Group 5 (MODP_1536_BIT).

56 */

70 };

71 /**

72 * Modulus of Group 14 (MODP_2048_BIT).

73 */

91 };

93 /**

94 * Modulus of Group 15 (MODP_3072_BIT).

95 */

121 };

123 /**

124 * Modulus of Group 16 (MODP_4096_BIT).

125 */

159 };

161 /**

162 * Modulus of Group 17 (MODP_6144_BIT).

163 */

213 };

215 /**

216 * Modulus of Group 18 (MODP_8192_BIT).

217 */

283 };

287 /**

288 * Entry of the modulus list.

289 */

291 /**

292 * Group number as it is defined in file transform_substructure.h.

293 */

294 diffie_hellman_group_t group;

296 /**

297 * Pointer to first byte of modulus (network order).

298 */

301 /*

302 * Length of modulus in bytes.

303 */

306 /*

307 * Optimum length of exponent in bytes.

308 */

311 /*

312 * Generator value.

313 */

314 u_int16_t generator;

315 };

317 /**

318 * All supported modulus values - optimum exponent size according to RFC 3526.

319 */

329 };

333 /**

334 * Private data of an gmp_diffie_hellman_t object.

335 */

337 /**

338 * Public gmp_diffie_hellman_t interface.

339 */

342 /**

343 * Diffie Hellman group number.

344 */

345 u_int16_t group;

347 /*

348 * Generator value.

349 */

350 mpz_t g;

352 /**

353 * My private value.

354 */

355 mpz_t xa;

357 /**

358 * My public value.

359 */

360 mpz_t ya;

362 /**

363 * Other public value.

364 */

365 mpz_t yb;

367 /**

368 * Shared secret.

369 */

370 mpz_t zz;

372 /**

373 * Modulus.

374 */

375 mpz_t p;

377 /**

378 * Modulus length.

379 */

382 /**

383 * Optimal exponent length.

384 */

387 /**

388 * True if shared secret is computed and stored in my_public_value.

389 */

391 };

393 /**

394 * Implementation of gmp_diffie_hellman_t.set_other_public_value.

395 */

397 {

398 mpz_t p_min_1;

405 /* check public value:

406 * 1. 0 or 1 is invalid as 0^a = 0 and 1^a = 1

407 * 2. a public value larger or equal the modulus is invalid */

410 {

411 #ifdef EXTENDED_DH_TEST

412 /* 3. test if y ^ q mod p = 1, where q = (p - 1)/2. */

421 {

424 }

425 else

426 {

428 }

430 #else

433 #endif

434 }

435 else

436 {

438 }

440 }

442 /**

443 * Implementation of gmp_diffie_hellman_t.get_my_public_value.

444 */

446 {

450 {

452 }

453 }

455 /**

456 * Implementation of gmp_diffie_hellman_t.get_shared_secret.

457 */

459 {

461 {

463 }

467 {

469 }

471 }

473 /**

474 * Implementation of gmp_diffie_hellman_t.get_dh_group.

475 */

477 {

479 }

481 /**

482 * Lookup the modulus in modulo table

483 */

485 {

490 {

492 {

493 chunk_t chunk;

502 }

503 }

505 }

507 /**

508 * Implementation of gmp_diffie_hellman_t.destroy.

509 */

511 {

519 }

521 /*

522 * Described in header.

523 */

525 {

528 chunk_t random;

532 /* public functions */

533 this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;

534 this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;

535 this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;

539 /* private variables */

550 /* find a modulus according to group */

552 {

555 }

558 {

562 }

571 {

572 /* achieve bitsof(p)-1 by setting MSB to 0 */

574 }

582 }