src/crypto/crypto_internal-modexp.c

   1 /*
   2  * Crypto wrapper for internal crypto implementation - modexp
   3  * Copyright (c) 2006-2009, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  */
   8
   9 #include "includes.h"
  10
  11 #include "common.h"
  12 #include "tls/bignum.h"
  13 #include "crypto.h"
  14
  15
  16 int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
  17                    u8 *pubkey)
  18 {
  19         size_t pubkey_len, pad;
  20
  21         if (os_get_random(privkey, prime_len) < 0)
  22                 return -1;
  23         if (os_memcmp(privkey, prime, prime_len) > 0) {
  24                 /* Make sure private value is smaller than prime */
  25                 privkey[0] = 0;
  26         }
  27
  28         pubkey_len = prime_len;
  29         if (crypto_mod_exp(&generator, 1, privkey, prime_len, prime, prime_len,
  30                            pubkey, &pubkey_len) < 0)
  31                 return -1;
  32         if (pubkey_len < prime_len) {
  33                 pad = prime_len - pubkey_len;
  34                 os_memmove(pubkey + pad, pubkey, pubkey_len);
  35                 os_memset(pubkey, 0, pad);
  36         }
  37
  38         return 0;
  39 }
  40
  41
  42 int crypto_dh_derive_secret(u8 generator, const u8 *prime, size_t prime_len,
  43                             const u8 *order, size_t order_len,
  44                             const u8 *privkey, size_t privkey_len,
  45                             const u8 *pubkey, size_t pubkey_len,
  46                             u8 *secret, size_t *len)
  47 {
  48         struct bignum *pub;
  49         int res = -1;
  50
  51         if (pubkey_len > prime_len ||
  52             (pubkey_len == prime_len &&
  53              os_memcmp(pubkey, prime, prime_len) >= 0))
  54                 return -1;
  55
  56         pub = bignum_init();
  57         if (!pub || bignum_set_unsigned_bin(pub, pubkey, pubkey_len) < 0 ||
  58             bignum_cmp_d(pub, 1) <= 0)
  59                 goto fail;
  60
  61         if (order) {
  62                 struct bignum *p, *q, *tmp;
  63                 int failed;
  64
  65                 /* verify: pubkey^q == 1 mod p */
  66                 p = bignum_init();
  67                 q = bignum_init();
  68                 tmp = bignum_init();
  69                 failed = !p || !q || !tmp ||
  70                         bignum_set_unsigned_bin(p, prime, prime_len) < 0 ||
  71                         bignum_set_unsigned_bin(q, order, order_len) < 0 ||
  72                         bignum_exptmod(pub, q, p, tmp) < 0 ||
  73                         bignum_cmp_d(tmp, 1) != 0;
  74                 bignum_deinit(p);
  75                 bignum_deinit(q);
  76                 bignum_deinit(tmp);
  77                 if (failed)
  78                         goto fail;
  79         }
  80
  81         res = crypto_mod_exp(pubkey, pubkey_len, privkey, privkey_len,
  82                              prime, prime_len, secret, len);
  83 fail:
  84         bignum_deinit(pub);
  85         return res;
  86 }
  87
  88
  89 int crypto_mod_exp(const u8 *base, size_t base_len,
  90                    const u8 *power, size_t power_len,
  91                    const u8 *modulus, size_t modulus_len,
  92                    u8 *result, size_t *result_len)
  93 {
  94         struct bignum *bn_base, *bn_exp, *bn_modulus, *bn_result;
  95         int ret = -1;
  96
  97         bn_base = bignum_init();
  98         bn_exp = bignum_init();
  99         bn_modulus = bignum_init();
 100         bn_result = bignum_init();
 101
 102         if (bn_base == NULL || bn_exp == NULL || bn_modulus == NULL ||
 103             bn_result == NULL)
 104                 goto error;
 105
 106         if (bignum_set_unsigned_bin(bn_base, base, base_len) < 0 ||
 107             bignum_set_unsigned_bin(bn_exp, power, power_len) < 0 ||
 108             bignum_set_unsigned_bin(bn_modulus, modulus, modulus_len) < 0)
 109                 goto error;
 110
 111         if (bignum_exptmod(bn_base, bn_exp, bn_modulus, bn_result) < 0)
 112                 goto error;
 113
 114         ret = bignum_get_unsigned_bin(bn_result, result, result_len);
 115
 116 error:
 117         bignum_deinit(bn_base);
 118         bignum_deinit(bn_exp);
 119         bignum_deinit(bn_modulus);
 120         bignum_deinit(bn_result);
 121         return ret;
 122 }