Store DH generator in a chunk, hide non-public data in a private struct
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_diffie_hellman.c
index d3e5491..9a032c5 100644 (file)
@@ -1,5 +1,6 @@
 /*
 /*
- * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2008-2010 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -11,8 +12,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id$
  */
 
 #include <openssl/dh.h>
  */
 
 #include <openssl/dh.h>
 
 #include <debug.h>
 
 
 #include <debug.h>
 
-typedef struct modulus_entry_t modulus_entry_t;
-
-/** 
- * Entry of the modulus list.
- */
-struct modulus_entry_t {
-       /**
-        * Group number as it is defined in file transform_substructure.h.
-        */
-       diffie_hellman_group_t group;
-       
-       /**
-        * Pointer to the function to get the modulus.
-        */
-       BIGNUM *(*get_prime)(BIGNUM *bn);
-       
-       /* 
-        * Generator value.
-        */     
-       u_int16_t generator;
-};
-
-/**
- * All supported modulus values.
- */
-static modulus_entry_t modulus_entries[] = {
-       {MODP_768_BIT,  get_rfc2409_prime_768,  2},
-       {MODP_1024_BIT, get_rfc2409_prime_1024, 2},
-       {MODP_1536_BIT, get_rfc3526_prime_1536, 2},
-       {MODP_2048_BIT, get_rfc3526_prime_2048, 2},
-       {MODP_3072_BIT, get_rfc3526_prime_3072, 2},
-       {MODP_4096_BIT, get_rfc3526_prime_4096, 2},
-       {MODP_6144_BIT, get_rfc3526_prime_6144, 2},
-       {MODP_8192_BIT, get_rfc3526_prime_8192, 2},
-};
-
 typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
 
 /**
 typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
 
 /**
@@ -67,22 +30,22 @@ struct private_openssl_diffie_hellman_t {
         * Public openssl_diffie_hellman_t interface.
         */
        openssl_diffie_hellman_t public;
         * Public openssl_diffie_hellman_t interface.
         */
        openssl_diffie_hellman_t public;
-       
+
        /**
         * Diffie Hellman group number.
         */
        u_int16_t group;
        /**
         * Diffie Hellman group number.
         */
        u_int16_t group;
-       
+
        /**
         * Diffie Hellman object
         */
        DH *dh;
        /**
         * Diffie Hellman object
         */
        DH *dh;
-       
+
        /**
         * Other public value
         */
        BIGNUM *pub_key;
        /**
         * Other public value
         */
        BIGNUM *pub_key;
-       
+
        /**
         * Shared secret
         */
        /**
         * Shared secret
         */
@@ -95,68 +58,56 @@ struct private_openssl_diffie_hellman_t {
 };
 
 /**
 };
 
 /**
- * Convert a BIGNUM to a chunk
- */
-static void bn2chunk(BIGNUM *bn, chunk_t *chunk)
-{
-       chunk->len = BN_num_bytes(bn);
-       chunk->ptr = malloc(chunk->len);
-       BN_bn2bin(bn, chunk->ptr);
-}
-
-/**
- * Implementation of openssl_diffie_hellman_t.set_other_public_value.
+ * Implementation of openssl_diffie_hellman_t.get_my_public_value.
  */
  */
-static void set_other_public_value(private_openssl_diffie_hellman_t *this, chunk_t value)
+static void get_my_public_value(private_openssl_diffie_hellman_t *this,
+                                                               chunk_t *value)
 {
 {
-       int len;
-       BN_bin2bn(value.ptr, value.len, this->pub_key);
-
-       len = DH_size(this->dh);
-       chunk_free(&this->shared_secret);
-       this->shared_secret = chunk_alloc(len);
-       
-       if (DH_compute_key(this->shared_secret.ptr, this->pub_key, this->dh) < 0) {
-       DBG1("DH shared secret computation failed");
-       return;
-    }
-       
-    this->computed = TRUE;
+       *value = chunk_alloc(DH_size(this->dh));
+       memset(value->ptr, 0, value->len);
+       BN_bn2bin(this->dh->pub_key,
+                         value->ptr + value->len - BN_num_bytes(this->dh->pub_key));
 }
 
 /**
 }
 
 /**
- * Implementation of openssl_diffie_hellman_t.get_other_public_value.
+ * Implementation of openssl_diffie_hellman_t.get_shared_secret.
  */
  */
-static status_t get_other_public_value(private_openssl_diffie_hellman_t *this, 
-                                                                          chunk_t *value)
+static status_t get_shared_secret(private_openssl_diffie_hellman_t *this,
+                                                                 chunk_t *secret)
 {
        if (!this->computed)
        {
                return FAILED;
        }
 {
        if (!this->computed)
        {
                return FAILED;
        }
-       bn2chunk(this->pub_key, value);
+       /* shared secret should requires a len according the DH group */
+       *secret = chunk_alloc(DH_size(this->dh));
+       memset(secret->ptr, 0, secret->len);
+       memcpy(secret->ptr + secret->len - this->shared_secret.len,
+                  this->shared_secret.ptr, this->shared_secret.len);
        return SUCCESS;
 }
 
        return SUCCESS;
 }
 
-/**
- * Implementation of openssl_diffie_hellman_t.get_my_public_value.
- */
-static void get_my_public_value(private_openssl_diffie_hellman_t *this,chunk_t *value)
-{
-       bn2chunk(this->dh->pub_key, value);
-}
 
 /**
 
 /**
- * Implementation of openssl_diffie_hellman_t.get_shared_secret.
+ * Implementation of openssl_diffie_hellman_t.set_other_public_value.
  */
  */
-static status_t get_shared_secret(private_openssl_diffie_hellman_t *this, chunk_t *secret)
+static void set_other_public_value(private_openssl_diffie_hellman_t *this,
+                                                                  chunk_t value)
 {
 {
-       if (!this->computed)
+       int len;
+
+       BN_bin2bn(value.ptr, value.len, this->pub_key);
+       chunk_clear(&this->shared_secret);
+       this->shared_secret.ptr = malloc(DH_size(this->dh));
+       memset(this->shared_secret.ptr, 0xFF, this->shared_secret.len);
+       len = DH_compute_key(this->shared_secret.ptr, this->pub_key, this->dh);
+       if (len < 0)
        {
        {
-               return FAILED;
+               DBG1(DBG_LIB, "DH shared secret computation failed");
+               return;
        }
        }
-       *secret = chunk_clone(this->shared_secret);
-       return SUCCESS;
+       this->shared_secret.len = len;
+       this->computed = TRUE;
 }
 
 /**
 }
 
 /**
@@ -172,18 +123,18 @@ static diffie_hellman_group_t get_dh_group(private_openssl_diffie_hellman_t *thi
  */
 static status_t set_modulus(private_openssl_diffie_hellman_t *this)
 {
  */
 static status_t set_modulus(private_openssl_diffie_hellman_t *this)
 {
-       int i;
-       for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++)
+       diffie_hellman_params_t *params = diffie_hellman_get_params(this->group);
+       if (!params)
        {
        {
-               if (modulus_entries[i].group == this->group)
-               {
-                       this->dh->p = modulus_entries[i].get_prime(NULL);
-                       this->dh->g = BN_new();
-                       BN_set_word(this->dh->g, modulus_entries[i].generator);
-                       return SUCCESS;
-               }
+               return NOT_FOUND;
        }
        }
-       return NOT_FOUND;
+       this->dh->p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL);
+       this->dh->g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL);
+       if (params->exp_len != params->prime.len)
+       {
+               this->dh->length = params->exp_len * 8;
+       }
+       return SUCCESS;
 }
 
 /**
 }
 
 /**
@@ -193,7 +144,7 @@ static void destroy(private_openssl_diffie_hellman_t *this)
 {
        BN_clear_free(this->pub_key);
        DH_free(this->dh);
 {
        BN_clear_free(this->pub_key);
        DH_free(this->dh);
-       chunk_free(&this->shared_secret);
+       chunk_clear(&this->shared_secret);
        free(this);
 }
 
        free(this);
 }
 
@@ -203,40 +154,40 @@ static void destroy(private_openssl_diffie_hellman_t *this)
 openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group)
 {
        private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t);
 openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group)
 {
        private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t);
-       
+
        this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
        this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
        this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
        this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
-       this->public.dh.get_other_public_value = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_other_public_value;
        this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
        this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
        this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
        this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
        this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
        this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
-       
+
        this->dh = DH_new();
        if (!this->dh)
        {
                free(this);
                return NULL;
        }
        this->dh = DH_new();
        if (!this->dh)
        {
                free(this);
                return NULL;
        }
-       
+
        this->group = group;
        this->computed = FALSE;
        this->group = group;
        this->computed = FALSE;
-       
        this->pub_key = BN_new();
        this->shared_secret = chunk_empty;
        this->pub_key = BN_new();
        this->shared_secret = chunk_empty;
-       
+
        /* find a modulus according to group */
        if (set_modulus(this) != SUCCESS)
        {
                destroy(this);
                return NULL;
        }
        /* find a modulus according to group */
        if (set_modulus(this) != SUCCESS)
        {
                destroy(this);
                return NULL;
        }
-       
+
        /* generate my public and private values */
        if (!DH_generate_key(this->dh))
        {
                destroy(this);
                return NULL;
        }
        /* generate my public and private values */
        if (!DH_generate_key(this->dh))
        {
                destroy(this);
                return NULL;
        }
-       
+       DBG2(DBG_LIB, "size of DH secret exponent: %d bits",
+                BN_num_bits(this->dh->priv_key));
+
        return &this->public;
 }
        return &this->public;
 }