| blob | 7e3b673d473e7d0e961d8c308cb2e0e0c2841a6c |
1 /*
2 * dh.c: Diffie Hellman implementation.
3 *
4 * Code copied from openssl distribution and
5 * Modified just enough so that compiles and runs standalone
6 *
7 * Copyright (C) 2010, Broadcom Corporation. All Rights Reserved.
8 *
9 * Permission to use, copy, modify, and/or distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
16 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
18 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
19 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 *
21 * $Id: dh.c,v 1.9.108.1 2010-08-13 18:00:15 Exp $
22 */
23 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
24 * All rights reserved.
25 *
26 * This package is an SSL implementation written
27 * by Eric Young (eay@cryptsoft.com).
28 * The implementation was written so as to conform with Netscapes SSL.
29 *
30 * This library is free for commercial and non-commercial use as long as
31 * the following conditions are aheared to. The following conditions
32 * apply to all code found in this distribution, be it the RC4, RSA,
33 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
34 * included with this distribution is covered by the same copyright terms
35 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
36 *
37 * Copyright remains Eric Young's, and as such any Copyright notices in
38 * the code are not to be removed.
39 * If this package is used in a product, Eric Young should be given attribution
40 * as the author of the parts of the library used.
41 * This can be in the form of a textual message at program startup or
42 * in documentation (online or textual) provided with the package.
43 *
44 * Redistribution and use in source and binary forms, with or without
45 * modification, are permitted provided that the following conditions
46 * are met:
47 * 1. Redistributions of source code must retain the copyright
48 * notice, this list of conditions and the following disclaimer.
49 * 2. Redistributions in binary form must reproduce the above copyright
50 * notice, this list of conditions and the following disclaimer in the
51 * documentation and/or other materials provided with the distribution.
52 * 3. All advertising materials mentioning features or use of this software
53 * must display the following acknowledgement:
54 * "This product includes cryptographic software written by
55 * Eric Young (eay@cryptsoft.com)"
56 * The word 'cryptographic' can be left out if the rouines from the library
57 * being used are not cryptographic related :-).
58 * 4. If you include any Windows specific code (or a derivative thereof) from
59 * the apps directory (application code) you must include an acknowledgement:
60 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
61 *
62 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
63 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
64 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
65 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
66 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
67 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
68 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
69 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
70 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
71 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
72 * SUCH DAMAGE.
73 *
74 * The licence and distribution terms for any publically available version or
75 * derivative of this code cannot be changed. i.e. this code cannot simply be
76 * copied and put under another distribution licence
77 * [including the GNU Public Licence.]
78 */
80 #include <typedefs.h>
81 #include <stdio.h>
82 #include <stdlib.h>
83 #include <string.h>
85 /* #include <shutils.h> */
87 #include <bcmcrypto/dh.h>
89 #define OPENSSL_malloc malloc
90 #define OPENSSL_free free
98 #ifdef BCMDH_TEST
100 #include <getopt.h>
109 };
120 };
139 };
141 /* uncomment this and write a matching function when testing on another OS */
142 #ifndef WIN32
143 #define BCMDH_TEST_LINUX
144 #endif
146 #ifdef BCMDH_TEST_LINUX
148 #define dbg(fmt, arg...) printf(fmt, ##arg)
153 int
155 {
171 }
172 }
174 #ifdef BCMDH_TEST_LINUX
175 {
178 }
179 #endif
190 }
216 /* dbg("%s\n", file2str("/proc/uptime")); */
218 /* dbg("%s\n", file2str("/proc/uptime")); */
235 /* dbg("%s\n", file2str("/proc/uptime")); */
237 /* dbg("%s\n", file2str("/proc/uptime")); */
253 else
255 err:
262 }
264 static void
266 {
271 }
275 static int
277 {
285 /* strip leading zeros */
290 }
291 }
292 }
294 end:
296 }
299 {
301 }
303 /* We generate DH parameters as follows
304 * find a prime q which is prime_len/2 bits long.
305 * p=(2*q)+1 or (p-1)/2 = q
306 * For this case, g is a generator if
307 * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
308 * Since the factors of p-1 are q and 2, we just need to check
309 * g^2 mod p != 1 and g^q mod p != 1.
310 *
311 * Having said all that,
312 * there is another special case method for the generators 2, 3 and 5.
313 * for 2, p mod 24 == 11
314 * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
315 * for 5, p mod 10 == 3 or 7
316 *
317 * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
318 * special generators and for answering some of my questions.
319 *
320 * I've implemented the second simple method :-).
321 * Since DH should be using a safe prime (both p and q are prime),
322 * this generator function can take a very very long time to run.
323 */
324 /* Actually there is no reason to insist that 'generator' be a generator.
325 * It's just as OK (and in some sense better) to use a generator of the
326 * order-q subgroup.
327 */
328 DH *
331 {
348 }
353 }
358 /* BN_set_word(t3, 7); just have to miss
359 * out on these ones :-(
360 */
363 /* in the general case, don't worry if 'generator' is a
364 * generator or not: since we are using safe primes,
365 * it will generate either an order-q or an order-2q group,
366 * which both is OK
367 */
371 }
380 err:
383 }
388 }
392 }
394 }
396 /* Check that p is a safe prime and
397 * if g is 2, 3 or 5, check that is is a suitable generator
398 * where
399 * for 2, p mod 24 == 11
400 * for 3, p mod 12 == 5
401 * for 5, p mod 10 == 3 or 7
402 * should hold.
403 */
405 int
407 {
410 BN_ULONG l;
422 }
437 }
439 err:
443 }
447 DH *
449 {
455 }
470 }
472 void
474 {
487 }
489 int
491 {
502 else
504 }
505 /* first time in here */
520 }
534 else
536 err:
544 }
547 int
549 {
562 }
568 }
573 }
576 err:
582 }
585 int
587 {
592 }
594 DH *
596 {
604 }
606 static int
611 {
617 }