1 /*

2 * Copyright (C) 1998-2002 D. Hugh Redelmeier.

3 * Copyright (C) 1999, 2000, 2001 Henry Spencer.

4 * Copyright (C) 2005-2008 Martin Willi

5 * Copyright (C) 2005 Jan Hutter

6 * Hochschule fuer Technik Rapperswil

7 *

8 * This program is free software; you can redistribute it and/or modify it

9 * under the terms of the GNU General Public License as published by the

10 * Free Software Foundation; either version 2 of the License, or (at your

11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.

12 *

13 * This program is distributed in the hope that it will be useful, but

14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License

16 * for more details.

17 */

19 #include <gmp.h>

23 #include <debug.h>

26 /**

27 * Modulus of Group 1 (MODP_768_BIT).

28 */

36 };

38 /**

39 * Modulus of Group 2 (MODP_1024_BIT).

40 */

50 };

52 /**

53 * Modulus of Group 5 (MODP_1536_BIT).

54 */

68 };

69 /**

70 * Modulus of Group 14 (MODP_2048_BIT).

71 */

89 };

91 /**

92 * Modulus of Group 15 (MODP_3072_BIT).

93 */

119 };

121 /**

122 * Modulus of Group 16 (MODP_4096_BIT).

123 */

157 };

159 /**

160 * Modulus of Group 17 (MODP_6144_BIT).

161 */

211 };

213 /**

214 * Modulus of Group 18 (MODP_8192_BIT).

215 */

281 };

285 /**

286 * Entry of the modulus list.

287 */

289 /**

290 * Group number as it is defined in file transform_substructure.h.

291 */

292 diffie_hellman_group_t group;

294 /**

295 * Pointer to first byte of modulus (network order).

296 */

299 /*

300 * Length of modulus in bytes.

301 */

304 /*

305 * Optimum length of exponent in bytes.

306 */

309 /*

310 * Generator value.

311 */

312 u_int16_t generator;

313 };

315 /**

316 * All supported modulus values - optimum exponent size according to RFC 3526.

317 */

327 };

331 /**

332 * Private data of an gmp_diffie_hellman_t object.

333 */

335 /**

336 * Public gmp_diffie_hellman_t interface.

337 */

340 /**

341 * Diffie Hellman group number.

342 */

343 u_int16_t group;

345 /*

346 * Generator value.

347 */

348 mpz_t g;

350 /**

351 * My private value.

352 */

353 mpz_t xa;

355 /**

356 * My public value.

357 */

358 mpz_t ya;

360 /**

361 * Other public value.

362 */

363 mpz_t yb;

365 /**

366 * Shared secret.

367 */

368 mpz_t zz;

370 /**

371 * Modulus.

372 */

373 mpz_t p;

375 /**

376 * Modulus length.

377 */

380 /**

381 * Optimal exponent length.

382 */

385 /**

386 * True if shared secret is computed and stored in my_public_value.

387 */

389 };

391 /**

392 * Implementation of gmp_diffie_hellman_t.set_other_public_value.

393 */

395 {

396 mpz_t p_min_1;

403 /* check public value:

404 * 1. 0 or 1 is invalid as 0^a = 0 and 1^a = 1

405 * 2. a public value larger or equal the modulus is invalid */

408 {

409 #ifdef EXTENDED_DH_TEST

410 /* 3. test if y ^ q mod p = 1, where q = (p - 1)/2. */

419 {

422 }

423 else

424 {

426 }

428 #else

431 #endif

432 }

433 else

434 {

436 }

438 }

440 /**

441 * Implementation of gmp_diffie_hellman_t.get_my_public_value.

442 */

444 {

448 {

450 }

451 }

453 /**

454 * Implementation of gmp_diffie_hellman_t.get_shared_secret.

455 */

457 {

459 {

461 }

465 {

467 }

469 }

471 /**

472 * Implementation of gmp_diffie_hellman_t.get_dh_group.

473 */

475 {

477 }

479 /**

480 * Lookup the modulus in modulo table

481 */

483 {

488 {

490 {

491 chunk_t chunk;

500 }

501 }

503 }

505 /**

506 * Implementation of gmp_diffie_hellman_t.destroy.

507 */

509 {

517 }

519 /*

520 * Described in header.

521 */

523 {

526 chunk_t random;

530 /* public functions */

531 this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;

532 this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;

533 this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;

537 /* private variables */

548 /* find a modulus according to group */

550 {

553 }

556 {

560 }

569 {

570 /* achieve bitsof(p)-1 by setting MSB to 0 */

572 }

580 }