Kezdőlap Felfedezés Súgó
Bejelentkezés
miti
/
graphene
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: e0b701fd96
Branch-ok Tag-ek
graphene
/
Pal
/
lib
/
crypto
/
dh.c

dh.c 5.3 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233 
  1. /* -*- mode:c; c-file-style:"k&r"; c-basic-offset: 4; tab-width:4; indent-tabs-mode:nil; mode:auto-fill; fill-column:78; -*- */
    2. 

  2. /* vim: set ts=4 sw=4 et tw=78 fo=cqt wm=0: */
    3. 

  3. 

  4. /* dh.c
    5. 

  5.  *
    6. 

  6.  * Copyright (C) 2006-2014 wolfSSL Inc.
    7. 

  7.  *
    8. 

  8.  * This file is part of CyaSSL.
    9. 

  9.  *
    10. 

  10.  * CyaSSL is free software; you can redistribute it and/or modify
    11. 

  11.  * it under the terms of the GNU General Public License as published by
    12. 

  12.  * the Free Software Foundation; either version 2 of the License, or
    13. 

  13.  * (at your option) any later version.
    14. 

  14.  *
    15. 

  15.  * CyaSSL is distributed in the hope that it will be useful,
    16. 

  16.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    17. 

  17.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    18. 

  18.  * GNU General Public License for more details.
    19. 

  19.  *
    20. 

  20.  * You should have received a copy of the GNU General Public License
    21. 

  21.  * along with this program; if not, write to the Free Software
    22. 

  22.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
    23. 

  23.  */
    24. 

  24. 

  25. #include <stddef.h>
    26. 

  26. #include <stdint.h>
    27. 

  27. 

  28. #include "integer.h"
    29. 

  29. #include "dh.h"
    30. 

  30. #include "error-crypt.h"
    31. 

  31. 

  32. /*
    33. 

  33.  * source
    34. 

  34.  * http://fastapprox.googlecode.com/svn/trunk/fastapprox/src/fastonebigheader.h
    35. 

  35.  */
    36. 

  36. 

  37. static inline float
    38. 

  38. fastlog2 (float x)
    39. 

  39. {
    40. 

  40.     union { float f; uint32_t i; } vx = { x };
    41. 

  41.     union { uint32_t i; float f; } mx = { (vx.i & 0x007FFFFF) | 0x3f000000 };
    42. 

  42.     float y = vx.i;
    43. 

  43.     y *= 1.1920928955078125e-7f;
    44. 

  44. 

  45.     return y - 124.22551499f
    46. 

  46.              - 1.498030302f  *mx.f
    47. 

  47.              - 1.72587999f / (0.3520887068f + mx.f);
    48. 

  48. }
    49. 

  49. 

  50. static inline float
    51. 

  51. fastlog (float x)
    52. 

  52. {
    53. 

  53.     return 0.69314718f  *fastlog2 (x);
    54. 

  54. }
    55. 

  55. 

  56. static inline float
    57. 

  57. fastpow2 (float p)
    58. 

  58. {
    59. 

  59.   float offset = (p < 0) ? 1.0f : 0.0f;
    60. 

  60.   float clipp = (p < -126) ? -126.0f : p;
    61. 

  61.   int w = clipp;
    62. 

  62.   float z = clipp - w + offset;
    63. 

  63.   union { uint32_t i; float f; } v = { (uint32_t) ( (1 << 23)  *(clipp + 121.2740575f + 27.7280233f / (4.84252568f - z) - 1.49012907f  *z) ) };
    64. 

  64. 

  65.   return v.f;
    66. 

  66. }
    67. 

  67. 

  68. static inline float
    69. 

  69. fastpow (float x,
    70. 

  70.          float p)
    71. 

  71. {
    72. 

  72.   return fastpow2 (p  *fastlog2 (x));
    73. 

  73. }
    74. 

  74. 

  75. #define XPOW(x,y) fastpow((x),(y))
    76. 

  76. #define XLOG(x)   fastlog((x))
    77. 

  77. 

  78. #ifndef min
    79. 

  79. static inline word32 min(word32 a, word32 b)
    80. 

  80. {
    81. 

  81.     return a > b ? b : a;
    82. 

  82. }
    83. 

  83. #endif /* min */
    84. 

  84. 

  85. 

  86. void InitDhKey(DhKey *key)
    87. 

  87. {
    88. 

  88.     (void)key;
    89. 

  89.     key->p.dp = 0;
    90. 

  90.     key->g.dp = 0;
    91. 

  91. }
    92. 

  92. 

  93. 

  94. void FreeDhKey(DhKey *key)
    95. 

  95. {
    96. 

  96.     (void)key;
    97. 

  97.     mp_clear(&key->p);
    98. 

  98.     mp_clear(&key->g);
    99. 

  99. }
    100. 

  100. 

  101. static word32 DiscreteLogWorkFactor(word32 n)
    102. 

  102. {
    103. 

  103.     /* assuming discrete log takes about the same time as factoring */
    104. 

  104.     if (n<5)
    105. 

  105.         return 0;
    106. 

  106.     else
    107. 

  107.         return (word32)(2.4  *XPOW((double)n, 1.0/3.0) *
    108. 

  108.                 XPOW(XLOG((double)n), 2.0/3.0) - 5);
    109. 

  109. }
    110. 

  110. 

  111. int _DkRandomBitsRead (void  *buffer, int size);
    112. 

  112. 

  113. static int GeneratePrivate(DhKey *key, byte *priv, word32 *privSz)
    114. 

  114. {
    115. 

  115.     int ret;
    116. 

  116.     word32 sz = mp_unsigned_bin_size(&key->p);
    117. 

  117.     sz = min(sz, 2  * DiscreteLogWorkFactor(sz * BIT_SIZE) / BIT_SIZE + 1);
    118. 

  118. 

  119.     ret = _DkRandomBitsRead(priv, sz);
    120. 

  120.     if (ret < 0)
    121. 

  121.         return ret;
    122. 

  122. 

  123.     priv[0] |= 0x0C;
    124. 

  124.     *privSz = sz;
    125. 

  125.     return 0;
    126. 

  126. }
    127. 

  127. 

  128. 

  129. static int GeneratePublic(DhKey *key, const byte *priv, word32 privSz,
    130. 

  130.                           byte *pub, word32 *pubSz)
    131. 

  131. {
    132. 

  132.     int ret = 0;
    133. 

  133. 

  134.     mp_int x;
    135. 

  135.     mp_int y;
    136. 

  136. 

  137.     if (mp_init_multi(&x, &y, 0, 0, 0, 0) != MP_OKAY)
    138. 

  138.         return MP_INIT_E;
    139. 

  139. 

  140.     if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
    141. 

  141.         ret = MP_READ_E;
    142. 

  142. 

  143.     if (ret == 0 && mp_exptmod(&key->g, &x, &key->p, &y) != MP_OKAY)
    144. 

  144.         ret = MP_EXPTMOD_E;
    145. 

  145. 

  146.     if (ret == 0 && mp_to_unsigned_bin(&y, pub) != MP_OKAY)
    147. 

  147.         ret = MP_TO_E;
    148. 

  148. 

  149.     if (ret == 0)
    150. 

  150.         *pubSz = mp_unsigned_bin_size(&y);
    151. 

  151. 

  152.     mp_clear(&y);
    153. 

  153.     mp_clear(&x);
    154. 

  154. 

  155.     return ret;
    156. 

  156. }
    157. 

  157. 

  158. 

  159. int DhGenerateKeyPair(DhKey *key, byte *priv, word32 *privSz,
    160. 

  160.                       byte *pub, word32 *pubSz)
    161. 

  161. {
    162. 

  162.     int ret = GeneratePrivate(key, priv, privSz);
    163. 

  163. 

  164.     return (ret != 0) ? ret : GeneratePublic(key, priv, *privSz, pub, pubSz);
    165. 

  165. }
    166. 

  166. 

  167. int DhAgree(DhKey *key, byte *agree, word32 *agreeSz, const byte *priv,
    168. 

  168.             word32 privSz, const byte *otherPub, word32 pubSz)
    169. 

  169. {
    170. 

  170.     int ret = 0;
    171. 

  171. 

  172.     mp_int x;
    173. 

  173.     mp_int y;
    174. 

  174.     mp_int z;
    175. 

  175. 

  176.     if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY)
    177. 

  177.         return MP_INIT_E;
    178. 

  178. 

  179.     if (mp_read_unsigned_bin(&x, priv, privSz) != MP_OKAY)
    180. 

  180.         ret = MP_READ_E;
    181. 

  181. 

  182.     if (ret == 0 && mp_read_unsigned_bin(&y, otherPub, pubSz) != MP_OKAY)
    183. 

  183.         ret = MP_READ_E;
    184. 

  184. 

  185.     if (ret == 0 && mp_exptmod(&y, &x, &key->p, &z) != MP_OKAY)
    186. 

  186.         ret = MP_EXPTMOD_E;
    187. 

  187. 

  188.     if (ret == 0 && mp_to_unsigned_bin(&z, agree) != MP_OKAY)
    189. 

  189.         ret = MP_TO_E;
    190. 

  190. 

  191.     if (ret == 0)
    192. 

  192.         *agreeSz = mp_unsigned_bin_size(&z);
    193. 

  193. 

  194.     mp_clear(&z);
    195. 

  195.     mp_clear(&y);
    196. 

  196.     mp_clear(&x);
    197. 

  197. 

  198.     return ret;
    199. 

  199. }
    200. 

  200. 

  201. int DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz)
    202. 

  202. {
    203. 

  203.     if (key == NULL || p == NULL || g == NULL || pSz == 0 || gSz == 0)
    204. 

  204.         return BAD_FUNC_ARG;
    205. 

  205. 

  206.     /* may have leading 0 */
    207. 

  207.     if (p[0] == 0) {
    208. 

  208.         pSz--; p++;
    209. 

  209.     }
    210. 

  210. 

  211.     if (g[0] == 0) {
    212. 

  212.         gSz--; g++;
    213. 

  213.     }
    214. 

  214. 

  215.     if (mp_init(&key->p) != MP_OKAY)
    216. 

  216.         return MP_INIT_E;
    217. 

  217.     if (mp_read_unsigned_bin(&key->p, p, pSz) != 0) {
    218. 

  218.         mp_clear(&key->p);
    219. 

  219.         return ASN_DH_KEY_E;
    220. 

  220.     }
    221. 

  221. 

  222.     if (mp_init(&key->g) != MP_OKAY) {
    223. 

  223.         mp_clear(&key->p);
    224. 

  224.         return MP_INIT_E;
    225. 

  225.     }
    226. 

  226.     if (mp_read_unsigned_bin(&key->g, g, gSz) != 0) {
    227. 

  227.         mp_clear(&key->g);
    228. 

  228.         mp_clear(&key->p);
    229. 

  229.         return ASN_DH_KEY_E;
    230. 

  230.     }
    231. 

  231. 

  232.     return 0;
    233. 

  233. }
    234.