fixed bignum export if BN_num_bytes() != DH_size()
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_diffie_hellman.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 *
16 * $Id$
17 */
18
19 #include <openssl/dh.h>
20
21 #include "openssl_diffie_hellman.h"
22
23 #include <debug.h>
24
25 typedef struct modulus_entry_t modulus_entry_t;
26
27 /**
28 * Entry of the modulus list.
29 */
30 struct modulus_entry_t {
31 /**
32 * Group number as it is defined in file transform_substructure.h.
33 */
34 diffie_hellman_group_t group;
35
36 /**
37 * Pointer to the function to get the modulus.
38 */
39 BIGNUM *(*get_prime)(BIGNUM *bn);
40
41 /*
42 * Optimum length of exponent in bits.
43 */
44 long opt_exponent_len;
45
46 /*
47 * Generator value.
48 */
49 u_int16_t generator;
50 };
51
52 /**
53 * All supported modulus values - optimum exponent size according to RFC 3526.
54 */
55 static modulus_entry_t modulus_entries[] = {
56 {MODP_768_BIT, get_rfc2409_prime_768, 256, 2},
57 {MODP_1024_BIT, get_rfc2409_prime_1024, 256, 2},
58 {MODP_1536_BIT, get_rfc3526_prime_1536, 256, 2},
59 {MODP_2048_BIT, get_rfc3526_prime_2048, 384, 2},
60 {MODP_3072_BIT, get_rfc3526_prime_3072, 384, 2},
61 {MODP_4096_BIT, get_rfc3526_prime_4096, 512, 2},
62 {MODP_6144_BIT, get_rfc3526_prime_6144, 512, 2},
63 {MODP_8192_BIT, get_rfc3526_prime_8192, 512, 2},
64 };
65
66 typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
67
68 /**
69 * Private data of an openssl_diffie_hellman_t object.
70 */
71 struct private_openssl_diffie_hellman_t {
72 /**
73 * Public openssl_diffie_hellman_t interface.
74 */
75 openssl_diffie_hellman_t public;
76
77 /**
78 * Diffie Hellman group number.
79 */
80 u_int16_t group;
81
82 /**
83 * Diffie Hellman object
84 */
85 DH *dh;
86
87 /**
88 * Other public value
89 */
90 BIGNUM *pub_key;
91
92 /**
93 * Shared secret
94 */
95 chunk_t shared_secret;
96
97 /**
98 * True if shared secret is computed
99 */
100 bool computed;
101 };
102
103 /**
104 * Convert a BIGNUM to a chunk
105 */
106 static void bn2chunk(private_openssl_diffie_hellman_t *this,
107 BIGNUM *bn, chunk_t *chunk)
108 {
109 *chunk = chunk_alloc(DH_size(this->dh));
110 memset(chunk->ptr, 0, chunk->len);
111 BN_bn2bin(bn, chunk->ptr + chunk->len - BN_num_bytes(bn));
112 }
113
114 /**
115 * Implementation of openssl_diffie_hellman_t.get_other_public_value.
116 */
117 static status_t get_other_public_value(private_openssl_diffie_hellman_t *this,
118 chunk_t *value)
119 {
120 if (!this->computed)
121 {
122 return FAILED;
123 }
124 bn2chunk(this, this->pub_key, value);
125 return SUCCESS;
126 }
127
128 /**
129 * Implementation of openssl_diffie_hellman_t.get_my_public_value.
130 */
131 static void get_my_public_value(private_openssl_diffie_hellman_t *this,
132 chunk_t *value)
133 {
134 bn2chunk(this, this->dh->pub_key, value);
135 }
136
137 /**
138 * Implementation of openssl_diffie_hellman_t.get_shared_secret.
139 */
140 static status_t get_shared_secret(private_openssl_diffie_hellman_t *this,
141 chunk_t *secret)
142 {
143 if (!this->computed)
144 {
145 return FAILED;
146 }
147 /* shared secret should requires a len according the DH group */
148 *secret = chunk_alloc(DH_size(this->dh));
149 memset(secret->ptr, 0, secret->len);
150 memcpy(secret->ptr + secret->len - this->shared_secret.len,
151 this->shared_secret.ptr, this->shared_secret.len);
152
153 return SUCCESS;
154 }
155
156
157 /**
158 * Implementation of openssl_diffie_hellman_t.set_other_public_value.
159 */
160 static void set_other_public_value(private_openssl_diffie_hellman_t *this,
161 chunk_t value)
162 {
163 int len;
164
165 BN_bin2bn(value.ptr, value.len, this->pub_key);
166 chunk_clear(&this->shared_secret);
167 this->shared_secret.ptr = malloc(DH_size(this->dh));
168 memset(this->shared_secret.ptr, 0xFF, this->shared_secret.len);
169 len = DH_compute_key(this->shared_secret.ptr, this->pub_key, this->dh);
170 if (len < 0)
171 {
172 DBG1("DH shared secret computation failed");
173 return;
174 }
175 this->shared_secret.len = len;
176 this->computed = TRUE;
177 }
178
179 /**
180 * Implementation of openssl_diffie_hellman_t.get_dh_group.
181 */
182 static diffie_hellman_group_t get_dh_group(private_openssl_diffie_hellman_t *this)
183 {
184 return this->group;
185 }
186
187 /**
188 * Lookup the modulus in modulo table
189 */
190 static status_t set_modulus(private_openssl_diffie_hellman_t *this)
191 {
192 int i;
193 bool ansi_x9_42;
194
195 ansi_x9_42 = lib->settings->get_bool(lib->settings,
196 "charon.dh_exponent_ansi_x9_42", TRUE);
197
198 for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++)
199 {
200 if (modulus_entries[i].group == this->group)
201 {
202 this->dh->p = modulus_entries[i].get_prime(NULL);
203 this->dh->g = BN_new();
204 BN_set_word(this->dh->g, modulus_entries[i].generator);
205 if (!ansi_x9_42)
206 {
207 this->dh->length = modulus_entries[i].opt_exponent_len;
208 }
209 return SUCCESS;
210 }
211 }
212 return NOT_FOUND;
213 }
214
215 /**
216 * Implementation of openssl_diffie_hellman_t.destroy.
217 */
218 static void destroy(private_openssl_diffie_hellman_t *this)
219 {
220 BN_clear_free(this->pub_key);
221 DH_free(this->dh);
222 chunk_clear(&this->shared_secret);
223 free(this);
224 }
225
226 /*
227 * Described in header.
228 */
229 openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group)
230 {
231 private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t);
232
233 this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
234 this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
235 this->public.dh.get_other_public_value = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_other_public_value;
236 this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
237 this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
238 this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
239
240 this->dh = DH_new();
241 if (!this->dh)
242 {
243 free(this);
244 return NULL;
245 }
246
247 this->group = group;
248 this->computed = FALSE;
249 this->pub_key = BN_new();
250 this->shared_secret = chunk_empty;
251
252 /* find a modulus according to group */
253 if (set_modulus(this) != SUCCESS)
254 {
255 destroy(this);
256 return NULL;
257 }
258
259 /* generate my public and private values */
260 if (!DH_generate_key(this->dh))
261 {
262 destroy(this);
263 return NULL;
264 }
265 DBG2("size of DH secret exponent: %d bits", BN_num_bits(this->dh->priv_key));
266
267 return &this->public;
268 }