adding diffie hellman with OpenSSL
authorTobias Brunner <tobias@strongswan.org>
Tue, 29 Apr 2008 15:42:34 +0000 (15:42 -0000)
committerTobias Brunner <tobias@strongswan.org>
Tue, 29 Apr 2008 15:42:34 +0000 (15:42 -0000)
src/libstrongswan/plugins/openssl/Makefile.am
src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c [new file with mode: 0644]
src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h [new file with mode: 0644]
src/libstrongswan/plugins/openssl/openssl_plugin.c

index dee5789..da3b173 100644 (file)
@@ -7,7 +7,8 @@ plugin_LTLIBRARIES = libstrongswan-openssl.la
 
 libstrongswan_openssl_la_SOURCES = openssl_plugin.h openssl_plugin.c \
        openssl_crypter.c openssl_crypter.h \
-       openssl_hasher.c openssl_hasher.h
+       openssl_hasher.c openssl_hasher.h \
+       openssl_diffie_hellman.c openssl_diffie_hellman.h
 
 libstrongswan_openssl_la_LDFLAGS = -module
 libstrongswan_openssl_la_LIBADD  = -lssl
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
new file mode 100644 (file)
index 0000000..d3e5491
--- /dev/null
@@ -0,0 +1,242 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include <openssl/dh.h>
+
+#include "openssl_diffie_hellman.h"
+
+#include <debug.h>
+
+typedef struct modulus_entry_t modulus_entry_t;
+
+/** 
+ * Entry of the modulus list.
+ */
+struct modulus_entry_t {
+       /**
+        * Group number as it is defined in file transform_substructure.h.
+        */
+       diffie_hellman_group_t group;
+       
+       /**
+        * Pointer to the function to get the modulus.
+        */
+       BIGNUM *(*get_prime)(BIGNUM *bn);
+       
+       /* 
+        * Generator value.
+        */     
+       u_int16_t generator;
+};
+
+/**
+ * All supported modulus values.
+ */
+static modulus_entry_t modulus_entries[] = {
+       {MODP_768_BIT,  get_rfc2409_prime_768,  2},
+       {MODP_1024_BIT, get_rfc2409_prime_1024, 2},
+       {MODP_1536_BIT, get_rfc3526_prime_1536, 2},
+       {MODP_2048_BIT, get_rfc3526_prime_2048, 2},
+       {MODP_3072_BIT, get_rfc3526_prime_3072, 2},
+       {MODP_4096_BIT, get_rfc3526_prime_4096, 2},
+       {MODP_6144_BIT, get_rfc3526_prime_6144, 2},
+       {MODP_8192_BIT, get_rfc3526_prime_8192, 2},
+};
+
+typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
+
+/**
+ * Private data of an openssl_diffie_hellman_t object.
+ */
+struct private_openssl_diffie_hellman_t {
+       /**
+        * Public openssl_diffie_hellman_t interface.
+        */
+       openssl_diffie_hellman_t public;
+       
+       /**
+        * Diffie Hellman group number.
+        */
+       u_int16_t group;
+       
+       /**
+        * Diffie Hellman object
+        */
+       DH *dh;
+       
+       /**
+        * Other public value
+        */
+       BIGNUM *pub_key;
+       
+       /**
+        * Shared secret
+        */
+       chunk_t shared_secret;
+
+       /**
+        * True if shared secret is computed
+        */
+       bool computed;
+};
+
+/**
+ * Convert a BIGNUM to a chunk
+ */
+static void bn2chunk(BIGNUM *bn, chunk_t *chunk)
+{
+       chunk->len = BN_num_bytes(bn);
+       chunk->ptr = malloc(chunk->len);
+       BN_bn2bin(bn, chunk->ptr);
+}
+
+/**
+ * Implementation of openssl_diffie_hellman_t.set_other_public_value.
+ */
+static void set_other_public_value(private_openssl_diffie_hellman_t *this, chunk_t value)
+{
+       int len;
+       BN_bin2bn(value.ptr, value.len, this->pub_key);
+
+       len = DH_size(this->dh);
+       chunk_free(&this->shared_secret);
+       this->shared_secret = chunk_alloc(len);
+       
+       if (DH_compute_key(this->shared_secret.ptr, this->pub_key, this->dh) < 0) {
+       DBG1("DH shared secret computation failed");
+       return;
+    }
+       
+    this->computed = TRUE;
+}
+
+/**
+ * Implementation of openssl_diffie_hellman_t.get_other_public_value.
+ */
+static status_t get_other_public_value(private_openssl_diffie_hellman_t *this, 
+                                                                          chunk_t *value)
+{
+       if (!this->computed)
+       {
+               return FAILED;
+       }
+       bn2chunk(this->pub_key, value);
+       return SUCCESS;
+}
+
+/**
+ * Implementation of openssl_diffie_hellman_t.get_my_public_value.
+ */
+static void get_my_public_value(private_openssl_diffie_hellman_t *this,chunk_t *value)
+{
+       bn2chunk(this->dh->pub_key, value);
+}
+
+/**
+ * Implementation of openssl_diffie_hellman_t.get_shared_secret.
+ */
+static status_t get_shared_secret(private_openssl_diffie_hellman_t *this, chunk_t *secret)
+{
+       if (!this->computed)
+       {
+               return FAILED;
+       }
+       *secret = chunk_clone(this->shared_secret);
+       return SUCCESS;
+}
+
+/**
+ * Implementation of openssl_diffie_hellman_t.get_dh_group.
+ */
+static diffie_hellman_group_t get_dh_group(private_openssl_diffie_hellman_t *this)
+{
+       return this->group;
+}
+
+/**
+ * Lookup the modulus in modulo table
+ */
+static status_t set_modulus(private_openssl_diffie_hellman_t *this)
+{
+       int i;
+       for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++)
+       {
+               if (modulus_entries[i].group == this->group)
+               {
+                       this->dh->p = modulus_entries[i].get_prime(NULL);
+                       this->dh->g = BN_new();
+                       BN_set_word(this->dh->g, modulus_entries[i].generator);
+                       return SUCCESS;
+               }
+       }
+       return NOT_FOUND;
+}
+
+/**
+ * Implementation of openssl_diffie_hellman_t.destroy.
+ */
+static void destroy(private_openssl_diffie_hellman_t *this)
+{
+       BN_clear_free(this->pub_key);
+       DH_free(this->dh);
+       chunk_free(&this->shared_secret);
+       free(this);
+}
+
+/*
+ * Described in header.
+ */
+openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group)
+{
+       private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t);
+       
+       this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
+       this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
+       this->public.dh.get_other_public_value = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_other_public_value;
+       this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
+       this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
+       this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
+       
+       this->dh = DH_new();
+       if (!this->dh)
+       {
+               free(this);
+               return NULL;
+       }
+       
+       this->group = group;
+       this->computed = FALSE;
+       
+       this->pub_key = BN_new();
+       this->shared_secret = chunk_empty;
+       
+       /* find a modulus according to group */
+       if (set_modulus(this) != SUCCESS)
+       {
+               destroy(this);
+               return NULL;
+       }
+       
+       /* generate my public and private values */
+       if (!DH_generate_key(this->dh))
+       {
+               destroy(this);
+               return NULL;
+       }
+       
+       return &this->public;
+}
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
new file mode 100644 (file)
index 0000000..80142be
--- /dev/null
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup openssl_diffie_hellman openssl_diffie_hellman
+ * @{ @ingroup openssl_p
+ */
+
+#ifndef OPENSSL_DIFFIE_HELLMAN_H_
+#define OPENSSL_DIFFIE_HELLMAN_H_
+
+typedef struct openssl_diffie_hellman_t openssl_diffie_hellman_t;
+
+#include <library.h>
+
+/**
+ * Implementation of the Diffie-Hellman algorithm using OpenSSL.
+ */
+struct openssl_diffie_hellman_t {
+       
+       /**
+        * Implements diffie_hellman_t interface.
+        */
+       diffie_hellman_t dh;
+};
+
+/**
+ * Creates a new openssl_diffie_hellman_t object.
+ * 
+ * @param group                        Diffie Hellman group number to use
+ * @return                             openssl_diffie_hellman_t object, NULL if not supported
+ */
+openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group);
+
+#endif /*OPENSSL_DIFFIE_HELLMAN_H_ @}*/
+
index 8145093..8b77f09 100644 (file)
@@ -22,6 +22,7 @@
 #include <library.h>
 #include "openssl_crypter.h"
 #include "openssl_hasher.h"
+#include "openssl_diffie_hellman.h"
 
 typedef struct private_openssl_plugin_t private_openssl_plugin_t;
 
@@ -45,6 +46,8 @@ static void destroy(private_openssl_plugin_t *this)
                                        (crypter_constructor_t)openssl_crypter_create);
        lib->crypto->remove_hasher(lib->crypto,
                                        (hasher_constructor_t)openssl_hasher_create);
+       lib->crypto->remove_dh(lib->crypto, 
+                                       (dh_constructor_t)openssl_diffie_hellman_create);
        
        EVP_cleanup();
        
@@ -94,5 +97,23 @@ plugin_t *plugin_create()
        lib->crypto->add_hasher(lib->crypto, HASH_SHA512,
                                        (hasher_constructor_t)openssl_hasher_create);
        
+       /* diffie hellman */
+       lib->crypto->add_dh(lib->crypto, MODP_768_BIT, 
+                                               (dh_constructor_t)openssl_diffie_hellman_create);
+       lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
+                                               (dh_constructor_t)openssl_diffie_hellman_create);
+       lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, 
+                                               (dh_constructor_t)openssl_diffie_hellman_create);
+       lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, 
+                                               (dh_constructor_t)openssl_diffie_hellman_create);
+       lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, 
+                                               (dh_constructor_t)openssl_diffie_hellman_create);
+       lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, 
+                                               (dh_constructor_t)openssl_diffie_hellman_create);
+       lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, 
+                                               (dh_constructor_t)openssl_diffie_hellman_create);
+       lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, 
+                                               (dh_constructor_t)openssl_diffie_hellman_create);
+       
        return &this->public.plugin;
 }