fe042efdc7a726192be96f27de85430b8e95433f
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_diffie_hellman.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <openssl/dh.h>
18
19 #include "openssl_diffie_hellman.h"
20
21 #include <debug.h>
22
23 typedef struct modulus_entry_t modulus_entry_t;
24
25 /**
26 * Entry of the modulus list.
27 */
28 struct modulus_entry_t {
29 /**
30 * Group number as it is defined in file transform_substructure.h.
31 */
32 diffie_hellman_group_t group;
33
34 /**
35 * Pointer to the function to get the modulus.
36 */
37 BIGNUM *(*get_prime)(BIGNUM *bn);
38
39 /*
40 * Optimum length of exponent in bits.
41 */
42 long opt_exponent_len;
43
44 /*
45 * Generator value.
46 */
47 u_int16_t generator;
48 };
49
50 /**
51 * All supported modulus values - optimum exponent size according to RFC 3526.
52 */
53 static modulus_entry_t modulus_entries[] = {
54 {MODP_768_BIT, get_rfc2409_prime_768, 256, 2},
55 {MODP_1024_BIT, get_rfc2409_prime_1024, 256, 2},
56 {MODP_1536_BIT, get_rfc3526_prime_1536, 256, 2},
57 {MODP_2048_BIT, get_rfc3526_prime_2048, 384, 2},
58 {MODP_3072_BIT, get_rfc3526_prime_3072, 384, 2},
59 {MODP_4096_BIT, get_rfc3526_prime_4096, 512, 2},
60 {MODP_6144_BIT, get_rfc3526_prime_6144, 512, 2},
61 {MODP_8192_BIT, get_rfc3526_prime_8192, 512, 2},
62 };
63
64 typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
65
66 /**
67 * Private data of an openssl_diffie_hellman_t object.
68 */
69 struct private_openssl_diffie_hellman_t {
70 /**
71 * Public openssl_diffie_hellman_t interface.
72 */
73 openssl_diffie_hellman_t public;
74
75 /**
76 * Diffie Hellman group number.
77 */
78 u_int16_t group;
79
80 /**
81 * Diffie Hellman object
82 */
83 DH *dh;
84
85 /**
86 * Other public value
87 */
88 BIGNUM *pub_key;
89
90 /**
91 * Shared secret
92 */
93 chunk_t shared_secret;
94
95 /**
96 * True if shared secret is computed
97 */
98 bool computed;
99 };
100
101 /**
102 * Implementation of openssl_diffie_hellman_t.get_my_public_value.
103 */
104 static void get_my_public_value(private_openssl_diffie_hellman_t *this,
105 chunk_t *value)
106 {
107 *value = chunk_alloc(DH_size(this->dh));
108 memset(value->ptr, 0, value->len);
109 BN_bn2bin(this->dh->pub_key,
110 value->ptr + value->len - BN_num_bytes(this->dh->pub_key));
111 }
112
113 /**
114 * Implementation of openssl_diffie_hellman_t.get_shared_secret.
115 */
116 static status_t get_shared_secret(private_openssl_diffie_hellman_t *this,
117 chunk_t *secret)
118 {
119 if (!this->computed)
120 {
121 return FAILED;
122 }
123 /* shared secret should requires a len according the DH group */
124 *secret = chunk_alloc(DH_size(this->dh));
125 memset(secret->ptr, 0, secret->len);
126 memcpy(secret->ptr + secret->len - this->shared_secret.len,
127 this->shared_secret.ptr, this->shared_secret.len);
128
129 return SUCCESS;
130 }
131
132
133 /**
134 * Implementation of openssl_diffie_hellman_t.set_other_public_value.
135 */
136 static void set_other_public_value(private_openssl_diffie_hellman_t *this,
137 chunk_t value)
138 {
139 int len;
140
141 BN_bin2bn(value.ptr, value.len, this->pub_key);
142 chunk_clear(&this->shared_secret);
143 this->shared_secret.ptr = malloc(DH_size(this->dh));
144 memset(this->shared_secret.ptr, 0xFF, this->shared_secret.len);
145 len = DH_compute_key(this->shared_secret.ptr, this->pub_key, this->dh);
146 if (len < 0)
147 {
148 DBG1("DH shared secret computation failed");
149 return;
150 }
151 this->shared_secret.len = len;
152 this->computed = TRUE;
153 }
154
155 /**
156 * Implementation of openssl_diffie_hellman_t.get_dh_group.
157 */
158 static diffie_hellman_group_t get_dh_group(private_openssl_diffie_hellman_t *this)
159 {
160 return this->group;
161 }
162
163 /**
164 * Lookup the modulus in modulo table
165 */
166 static status_t set_modulus(private_openssl_diffie_hellman_t *this)
167 {
168 int i;
169 bool ansi_x9_42;
170
171 ansi_x9_42 = lib->settings->get_bool(lib->settings,
172 "libstrongswan.dh_exponent_ansi_x9_42", TRUE);
173
174 for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++)
175 {
176 if (modulus_entries[i].group == this->group)
177 {
178 this->dh->p = modulus_entries[i].get_prime(NULL);
179 this->dh->g = BN_new();
180 BN_set_word(this->dh->g, modulus_entries[i].generator);
181 if (!ansi_x9_42)
182 {
183 this->dh->length = modulus_entries[i].opt_exponent_len;
184 }
185 return SUCCESS;
186 }
187 }
188 return NOT_FOUND;
189 }
190
191 /**
192 * Implementation of openssl_diffie_hellman_t.destroy.
193 */
194 static void destroy(private_openssl_diffie_hellman_t *this)
195 {
196 BN_clear_free(this->pub_key);
197 DH_free(this->dh);
198 chunk_clear(&this->shared_secret);
199 free(this);
200 }
201
202 /*
203 * Described in header.
204 */
205 openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group)
206 {
207 private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t);
208
209 this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
210 this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
211 this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
212 this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
213 this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
214
215 this->dh = DH_new();
216 if (!this->dh)
217 {
218 free(this);
219 return NULL;
220 }
221
222 this->group = group;
223 this->computed = FALSE;
224 this->pub_key = BN_new();
225 this->shared_secret = chunk_empty;
226
227 /* find a modulus according to group */
228 if (set_modulus(this) != SUCCESS)
229 {
230 destroy(this);
231 return NULL;
232 }
233
234 /* generate my public and private values */
235 if (!DH_generate_key(this->dh))
236 {
237 destroy(this);
238 return NULL;
239 }
240 DBG2("size of DH secret exponent: %d bits", BN_num_bits(this->dh->priv_key));
241
242 return &this->public;
243 }