2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
62 #include <openssl/e_os2.h>
65 #error DH is disabled.
68 #ifndef OPENSSL_NO_BIO
69 #include <openssl/bio.h>
71 #include <openssl/ossl_typ.h>
72 #ifndef OPENSSL_NO_DEPRECATED
73 #include <openssl/bn.h>
76 #ifndef OPENSSL_DH_MAX_MODULUS_BITS
77 # define OPENSSL_DH_MAX_MODULUS_BITS 10000
80 #define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
82 #define DH_FLAG_CACHE_MONT_P 0x01
83 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
84 * implementation now uses constant time
85 * modular exponentiation for secret exponents
86 * by default. This flag causes the
87 * faster variable sliding window method to
88 * be used for all exponents.
95 /* Already defined in ossl_typ.h */
96 /* typedef struct dh_st DH; */
97 /* typedef struct dh_method DH_METHOD; */
103 int (*generate_key
)(DH
*dh
);
104 int (*compute_key
)(unsigned char *key
,const BIGNUM
*pub_key
,DH
*dh
);
105 int (*bn_mod_exp
)(const DH
*dh
, BIGNUM
*r
, const BIGNUM
*a
,
106 const BIGNUM
*p
, const BIGNUM
*m
, BN_CTX
*ctx
,
107 BN_MONT_CTX
*m_ctx
); /* Can be null */
110 int (*finish
)(DH
*dh
);
113 /* If this is non-NULL, it will be used to generate parameters */
114 int (*generate_params
)(DH
*dh
, int prime_len
, int generator
, BN_GENCB
*cb
);
119 /* This first argument is used to pick up errors when
120 * a DH is passed instead of a EVP_PKEY */
125 long length
; /* optional */
126 BIGNUM
*pub_key
; /* g^x */
127 BIGNUM
*priv_key
; /* x */
130 BN_MONT_CTX
*method_mont_p
;
131 /* Place holders if we want to do X9.42 DH */
139 CRYPTO_EX_DATA ex_data
;
140 const DH_METHOD
*meth
;
144 #define DH_GENERATOR_2 2
145 /* #define DH_GENERATOR_3 3 */
146 #define DH_GENERATOR_5 5
148 /* DH_check error codes */
149 #define DH_CHECK_P_NOT_PRIME 0x01
150 #define DH_CHECK_P_NOT_SAFE_PRIME 0x02
151 #define DH_UNABLE_TO_CHECK_GENERATOR 0x04
152 #define DH_NOT_SUITABLE_GENERATOR 0x08
154 /* DH_check_pub_key error codes */
155 #define DH_CHECK_PUBKEY_TOO_SMALL 0x01
156 #define DH_CHECK_PUBKEY_TOO_LARGE 0x02
158 /* primes p where (p-1)/2 is prime too are called "safe"; we define
159 this for backward compatibility: */
160 #define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
162 #define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x)
163 #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
164 (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
165 #define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
166 (unsigned char *)(x))
167 #define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
168 #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
170 const DH_METHOD
*DH_OpenSSL(void);
173 DH
* FIPS_dh_new(void);
174 void FIPS_dh_free(DH
*dh
);
177 void DH_set_default_method(const DH_METHOD
*meth
);
178 const DH_METHOD
*DH_get_default_method(void);
179 int DH_set_method(DH
*dh
, const DH_METHOD
*meth
);
180 DH
*DH_new_method(ENGINE
*engine
);
183 void DH_free(DH
*dh
);
184 int DH_up_ref(DH
*dh
);
185 int DH_size(const DH
*dh
);
186 int DH_get_ex_new_index(long argl
, void *argp
, CRYPTO_EX_new
*new_func
,
187 CRYPTO_EX_dup
*dup_func
, CRYPTO_EX_free
*free_func
);
188 int DH_set_ex_data(DH
*d
, int idx
, void *arg
);
189 void *DH_get_ex_data(DH
*d
, int idx
);
191 /* Deprecated version */
192 #ifndef OPENSSL_NO_DEPRECATED
193 DH
* DH_generate_parameters(int prime_len
,int generator
,
194 void (*callback
)(int,int,void *),void *cb_arg
);
195 #endif /* !defined(OPENSSL_NO_DEPRECATED) */
198 int DH_generate_parameters_ex(DH
*dh
, int prime_len
,int generator
, BN_GENCB
*cb
);
200 int DH_check(const DH
*dh
,int *codes
);
201 int DH_check_pub_key(const DH
*dh
,const BIGNUM
*pub_key
, int *codes
);
202 int DH_generate_key(DH
*dh
);
203 int DH_compute_key(unsigned char *key
,const BIGNUM
*pub_key
,DH
*dh
);
204 DH
* d2i_DHparams(DH
**a
,const unsigned char **pp
, long length
);
205 int i2d_DHparams(const DH
*a
,unsigned char **pp
);
206 #ifndef OPENSSL_NO_FP_API
207 int DHparams_print_fp(FILE *fp
, const DH
*x
);
209 #ifndef OPENSSL_NO_BIO
210 int DHparams_print(BIO
*bp
, const DH
*x
);
212 int DHparams_print(char *bp
, const DH
*x
);
215 /* BEGIN ERROR CODES */
216 /* The following lines are auto generated by the script mkerr.pl. Any changes
217 * made after this point may be overwritten when the script is next run.
219 void ERR_load_DH_strings(void);
221 /* Error codes for the DH functions. */
223 /* Function codes. */
224 #define DH_F_COMPUTE_KEY 102
225 #define DH_F_DHPARAMS_PRINT 100
226 #define DH_F_DHPARAMS_PRINT_FP 101
227 #define DH_F_DH_BUILTIN_GENPARAMS 106
228 #define DH_F_DH_COMPUTE_KEY 107
229 #define DH_F_DH_GENERATE_KEY 108
230 #define DH_F_DH_GENERATE_PARAMETERS 109
231 #define DH_F_DH_NEW_METHOD 105
232 #define DH_F_GENERATE_KEY 103
233 #define DH_F_GENERATE_PARAMETERS 104
236 #define DH_R_BAD_GENERATOR 101
237 #define DH_R_INVALID_PUBKEY 102
238 #define DH_R_KEY_SIZE_TOO_SMALL 104
239 #define DH_R_MODULUS_TOO_LARGE 103
240 #define DH_R_NO_PRIVATE_VALUE 100