openssl: Properly honor OPENSSL_NO_* defines
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_diffie_hellman.c
1 /*
2 * Copyright (C) 2008-2010 Tobias Brunner
3 * Copyright (C) 2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <openssl/opensslconf.h>
18
19 #ifndef OPENSSL_NO_DH
20
21 #include <openssl/dh.h>
22
23 #include "openssl_diffie_hellman.h"
24
25 #include <utils/debug.h>
26
27 typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
28
29 /**
30 * Private data of an openssl_diffie_hellman_t object.
31 */
32 struct private_openssl_diffie_hellman_t {
33 /**
34 * Public openssl_diffie_hellman_t interface.
35 */
36 openssl_diffie_hellman_t public;
37
38 /**
39 * Diffie Hellman group number.
40 */
41 u_int16_t group;
42
43 /**
44 * Diffie Hellman object
45 */
46 DH *dh;
47
48 /**
49 * Other public value
50 */
51 BIGNUM *pub_key;
52
53 /**
54 * Shared secret
55 */
56 chunk_t shared_secret;
57
58 /**
59 * True if shared secret is computed
60 */
61 bool computed;
62 };
63
64 METHOD(diffie_hellman_t, get_my_public_value, void,
65 private_openssl_diffie_hellman_t *this, chunk_t *value)
66 {
67 *value = chunk_alloc(DH_size(this->dh));
68 memset(value->ptr, 0, value->len);
69 BN_bn2bin(this->dh->pub_key,
70 value->ptr + value->len - BN_num_bytes(this->dh->pub_key));
71 }
72
73 METHOD(diffie_hellman_t, get_shared_secret, status_t,
74 private_openssl_diffie_hellman_t *this, chunk_t *secret)
75 {
76 if (!this->computed)
77 {
78 return FAILED;
79 }
80 /* shared secret should requires a len according the DH group */
81 *secret = chunk_alloc(DH_size(this->dh));
82 memset(secret->ptr, 0, secret->len);
83 memcpy(secret->ptr + secret->len - this->shared_secret.len,
84 this->shared_secret.ptr, this->shared_secret.len);
85 return SUCCESS;
86 }
87
88
89 METHOD(diffie_hellman_t, set_other_public_value, void,
90 private_openssl_diffie_hellman_t *this, chunk_t value)
91 {
92 int len;
93
94 BN_bin2bn(value.ptr, value.len, this->pub_key);
95 chunk_clear(&this->shared_secret);
96 this->shared_secret.ptr = malloc(DH_size(this->dh));
97 memset(this->shared_secret.ptr, 0xFF, this->shared_secret.len);
98 len = DH_compute_key(this->shared_secret.ptr, this->pub_key, this->dh);
99 if (len < 0)
100 {
101 DBG1(DBG_LIB, "DH shared secret computation failed");
102 return;
103 }
104 this->shared_secret.len = len;
105 this->computed = TRUE;
106 }
107
108 METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
109 private_openssl_diffie_hellman_t *this)
110 {
111 return this->group;
112 }
113
114 /**
115 * Lookup the modulus in modulo table
116 */
117 static status_t set_modulus(private_openssl_diffie_hellman_t *this)
118 {
119 diffie_hellman_params_t *params = diffie_hellman_get_params(this->group);
120 if (!params)
121 {
122 return NOT_FOUND;
123 }
124 this->dh->p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL);
125 this->dh->g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL);
126 if (params->exp_len != params->prime.len)
127 {
128 this->dh->length = params->exp_len * 8;
129 }
130 return SUCCESS;
131 }
132
133 METHOD(diffie_hellman_t, destroy, void,
134 private_openssl_diffie_hellman_t *this)
135 {
136 BN_clear_free(this->pub_key);
137 DH_free(this->dh);
138 chunk_clear(&this->shared_secret);
139 free(this);
140 }
141
142 /*
143 * Described in header.
144 */
145 openssl_diffie_hellman_t *openssl_diffie_hellman_create(
146 diffie_hellman_group_t group, chunk_t g, chunk_t p)
147 {
148 private_openssl_diffie_hellman_t *this;
149
150 INIT(this,
151 .public = {
152 .dh = {
153 .get_shared_secret = _get_shared_secret,
154 .set_other_public_value = _set_other_public_value,
155 .get_my_public_value = _get_my_public_value,
156 .get_dh_group = _get_dh_group,
157 .destroy = _destroy,
158 },
159 },
160 );
161
162 this->dh = DH_new();
163 if (!this->dh)
164 {
165 free(this);
166 return NULL;
167 }
168
169 this->group = group;
170 this->computed = FALSE;
171 this->pub_key = BN_new();
172 this->shared_secret = chunk_empty;
173
174 if (group == MODP_CUSTOM)
175 {
176 this->dh->p = BN_bin2bn(p.ptr, p.len, NULL);
177 this->dh->g = BN_bin2bn(g.ptr, g.len, NULL);
178 }
179 else
180 {
181 /* find a modulus according to group */
182 if (set_modulus(this) != SUCCESS)
183 {
184 destroy(this);
185 return NULL;
186 }
187 }
188
189 /* generate my public and private values */
190 if (!DH_generate_key(this->dh))
191 {
192 destroy(this);
193 return NULL;
194 }
195 DBG2(DBG_LIB, "size of DH secret exponent: %d bits",
196 BN_num_bits(this->dh->priv_key));
197
198 return &this->public;
199 }
200
201 #endif /* OPENSSL_NO_DH */