1 /*

2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.

3 * Copyright (C) 1999, 2000, 2001 Henry Spencer.

4 * Copyright (C) 2005-2008 Martin Willi

5 * Copyright (C) 2005 Jan Hutter

6 * Hochschule fuer Technik Rapperswil

7 *

8 * This program is free software; you can redistribute it and/or modify it

9 * under the terms of the GNU General Public License as published by the

10 * Free Software Foundation; either version 2 of the License, or (at your

11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.

12 *

13 * This program is distributed in the hope that it will be useful, but

14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License

16 * for more details.

17 *

18 * $Id$

19 */

21 #include <gmp.h>

25 #include <debug.h>

28 /**

29 * Modulus of Group 1 (MODP_768_BIT).

30 */

38 };

40 /**

41 * Modulus of Group 2 (MODP_1024_BIT).

42 */

52 };

54 /**

55 * Modulus of Group 5 (MODP_1536_BIT).

56 */

70 };

71 /**

72 * Modulus of Group 14 (MODP_2048_BIT).

73 */

91 };

93 /**

94 * Modulus of Group 15 (MODP_3072_BIT).

95 */

121 };

123 /**

124 * Modulus of Group 16 (MODP_4096_BIT).

125 */

159 };

161 /**

162 * Modulus of Group 17 (MODP_6144_BIT).

163 */

213 };

215 /**

216 * Modulus of Group 18 (MODP_8192_BIT).

217 */

283 };

287 /**

288 * Entry of the modulus list.

289 */

291 /**

292 * Group number as it is defined in file transform_substructure.h.

293 */

294 diffie_hellman_group_t group;

296 /**

297 * Pointer to first byte of modulus (network order).

298 */

301 /*

302 * Length of modulus in bytes.

303 */

306 /*

307 * Optimum length of exponent in bytes.

308 */

311 /*

312 * Generator value.

313 */

314 u_int16_t generator;

315 };

317 /**

318 * All supported modulus values - optimum exponent size according to RFC 3526.

319 */

329 };

333 /**

334 * Private data of an gmp_diffie_hellman_t object.

335 */

337 /**

338 * Public gmp_diffie_hellman_t interface.

339 */

342 /**

343 * Diffie Hellman group number.

344 */

345 u_int16_t group;

347 /*

348 * Generator value.

349 */

350 mpz_t g;

352 /**

353 * My private value.

354 */

355 mpz_t xa;

357 /**

358 * My public value.

359 */

360 mpz_t ya;

362 /**

363 * Other public value.

364 */

365 mpz_t yb;

367 /**

368 * Shared secret.

369 */

370 mpz_t zz;

372 /**

373 * Modulus.

374 */

375 mpz_t p;

377 /**

378 * Modulus length.

379 */

382 /**

383 * Optimal exponent length.

384 */

387 /**

388 * True if shared secret is computed and stored in my_public_value.

389 */

391 };

393 /**

394 * Implementation of gmp_diffie_hellman_t.set_other_public_value.

395 */

397 {

398 mpz_t p_min_1;

405 /* check public value:

406 * 1. 0 or 1 is invalid as 0^a = 0 and 1^a = 1

407 * 2. a public value larger or equal the modulus is invalid */

410 {

411 #ifdef EXTENDED_DH_TEST

412 /* 3. test if y ^ q mod p = 1, where q = (p - 1)/2. */

421 {

424 }

425 else

426 {

428 }

430 #else

433 #endif

434 }

435 else

436 {

438 }

440 }

442 /**

443 * Implementation of gmp_diffie_hellman_t.get_other_public_value.

444 */

447 {

449 {

451 }

455 {

457 }

459 }

461 /**

462 * Implementation of gmp_diffie_hellman_t.get_my_public_value.

463 */

465 {

469 {

471 }

472 }

474 /**

475 * Implementation of gmp_diffie_hellman_t.get_shared_secret.

476 */

478 {

480 {

482 }

486 {

488 }

490 }

492 /**

493 * Implementation of gmp_diffie_hellman_t.get_dh_group.

494 */

496 {

498 }

500 /**

501 * Lookup the modulus in modulo table

502 */

504 {

509 {

511 {

512 chunk_t chunk;

521 }

522 }

524 }

526 /**

527 * Implementation of gmp_diffie_hellman_t.destroy.

528 */

530 {

538 }

540 /*

541 * Described in header.

542 */

544 {

547 chunk_t random;

551 /* public functions */

552 this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;

553 this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;

554 this->public.dh.get_other_public_value = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_other_public_value;

555 this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;

559 /* private variables */

570 /* find a modulus according to group */

572 {

575 }

578 {

582 }

591 {

592 /* achieve bitsof(p)-1 by setting MSB to 0 */

594 }

602 }