re-factor dh_make_key() and variants
This commit is contained in:
Steffen Jaeckel
@@ -217,32 +217,29 @@ typedef struct {
|
||||
|
||||
int dh_get_groupsize(dh_key *key);
|
||||
|
||||
int dh_make_key(prng_state *prng, int wprng, int groupsize, dh_key *key);
|
||||
int dh_make_key_ex(prng_state *prng, int wprng, int radix,
|
||||
void *prime, unsigned long primelen,
|
||||
void *base, unsigned long baselen,
|
||||
dh_key *key);
|
||||
int dh_make_key_dhparam(prng_state *prng, int wprng, unsigned char *dhparam, unsigned long dhparamlen, dh_key *key);
|
||||
void dh_free(dh_key *key);
|
||||
|
||||
int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key);
|
||||
int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key);
|
||||
|
||||
int dh_set_pg(const unsigned char *p, unsigned long plen,
|
||||
const unsigned char *g, unsigned long glen,
|
||||
dh_key *key);
|
||||
/* here we can support either one or both */
|
||||
int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh_key *key);
|
||||
int dh_set_pg_groupsize(int groupsize, dh_key *key);
|
||||
|
||||
int dh_set_key(const unsigned char *pub, unsigned long publen,
|
||||
const unsigned char *priv, unsigned long privlen,
|
||||
dh_key *key);
|
||||
int dh_make_key(prng_state *prng, int wprng, dh_key *key);
|
||||
|
||||
int dh_shared_secret(dh_key *private_key, dh_key *public_key,
|
||||
unsigned char *out, unsigned long *outlen);
|
||||
|
||||
void dh_free(dh_key *key);
|
||||
|
||||
int dh_export_radix(int radix,
|
||||
void *out, unsigned long *outlen,
|
||||
int type, dh_key *key);
|
||||
|
||||
int dh_shared_secret(dh_key *private_key, dh_key *public_key,
|
||||
unsigned char *out, unsigned long *outlen);
|
||||
|
||||
#ifdef LTC_SOURCE
|
||||
/* internal helper functions */
|
||||
int dh_check_pubkey(dh_key *key);
|
||||
|
||||
+8
-108
@@ -42,31 +42,25 @@ static int _dh_groupsize_to_keysize(int groupsize)
|
||||
}
|
||||
}
|
||||
|
||||
static int _dh_make_key(prng_state *prng, int wprng, void *prime, void *base, dh_key *key)
|
||||
int dh_make_key(prng_state *prng, int wprng, dh_key *key)
|
||||
{
|
||||
unsigned char *buf;
|
||||
unsigned long keysize;
|
||||
int err, max_iterations = PK_MAX_RETRIES;
|
||||
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
LTC_ARGCHK(prime != NULL);
|
||||
LTC_ARGCHK(base != NULL);
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(key->x != NULL);
|
||||
LTC_ARGCHK(key->y != NULL);
|
||||
LTC_ARGCHK(key->base != NULL);
|
||||
LTC_ARGCHK(key->prime != NULL);
|
||||
LTC_ARGCHK(ltc_mp.name != NULL);
|
||||
LTC_ARGCHK(prng != NULL);
|
||||
|
||||
/* good prng? */
|
||||
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* init big numbers */
|
||||
if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* load the prime and the base */
|
||||
if ((err = mp_copy(base, key->base)) != CRYPT_OK) { goto freemp; }
|
||||
if ((err = mp_copy(prime, key->prime)) != CRYPT_OK) { goto freemp; }
|
||||
|
||||
keysize = _dh_groupsize_to_keysize(mp_unsigned_bin_size(key->prime));
|
||||
if (keysize == 0) {
|
||||
err = CRYPT_INVALID_KEYSIZE;
|
||||
@@ -106,100 +100,6 @@ freemp:
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
Make a DH key (custom DH group) [private key pair]
|
||||
@param prng An active PRNG state
|
||||
@param wprng The index for the PRNG you desire to use
|
||||
@param prime_hex The prime p (hexadecimal string)
|
||||
@param base_hex The base g (hexadecimal string)
|
||||
@param key [out] Where the newly created DH key will be stored
|
||||
@return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically.
|
||||
*/
|
||||
int dh_make_key_ex(prng_state *prng, int wprng, int radix,
|
||||
void *prime, unsigned long primelen,
|
||||
void *base, unsigned long baselen,
|
||||
dh_key *key)
|
||||
{
|
||||
void *p, *b;
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(prime != NULL);
|
||||
LTC_ARGCHK(base != NULL);
|
||||
LTC_ARGCHK((radix >= 2 && radix <= 64) || radix == 256);
|
||||
|
||||
if ((err = mp_init_multi(&p, &b, NULL)) != CRYPT_OK) { return err; }
|
||||
if (radix == 256) {
|
||||
if ((err = mp_read_unsigned_bin(b, base, baselen)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_read_unsigned_bin(p, prime, primelen)) != CRYPT_OK) { goto error; }
|
||||
}
|
||||
else {
|
||||
if ((err = mp_read_radix(b, base, radix)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_read_radix(p, prime, radix)) != CRYPT_OK) { goto error; }
|
||||
}
|
||||
err = _dh_make_key(prng, wprng, p, b, key);
|
||||
|
||||
error:
|
||||
mp_clear_multi(p, b, NULL);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
Make a DH key (use built-in DH groups) [private key pair]
|
||||
@param prng An active PRNG state
|
||||
@param wprng The index for the PRNG you desire to use
|
||||
@param groupsize The size (octets) of used DH group
|
||||
@param key [out] Where the newly created DH key will be stored
|
||||
@return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically.
|
||||
*/
|
||||
int dh_make_key(prng_state *prng, int wprng, int groupsize, dh_key *key)
|
||||
{
|
||||
int i;
|
||||
|
||||
LTC_ARGCHK(groupsize > 0);
|
||||
|
||||
for (i = 0; (groupsize > ltc_dh_sets[i].size) && (ltc_dh_sets[i].size != 0); i++);
|
||||
if (ltc_dh_sets[i].size == 0) return CRYPT_INVALID_KEYSIZE;
|
||||
|
||||
return dh_make_key_ex(prng, wprng, 16,
|
||||
ltc_dh_sets[i].prime, strlen(ltc_dh_sets[i].prime) + 1,
|
||||
ltc_dh_sets[i].base, strlen(ltc_dh_sets[i].base) + 1,
|
||||
key);
|
||||
}
|
||||
|
||||
/**
|
||||
Make a DH key (dhparam data: openssl dhparam -outform DER -out dhparam.der 2048)
|
||||
@param prng An active PRNG state
|
||||
@param wprng The index for the PRNG you desire to use
|
||||
@param dhparam The DH param DER encoded data
|
||||
@param dhparamlen The length of dhparam data
|
||||
@param key [out] Where the newly created DH key will be stored
|
||||
@return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically.
|
||||
*/
|
||||
int dh_make_key_dhparam(prng_state *prng, int wprng, unsigned char *dhparam, unsigned long dhparamlen, dh_key *key)
|
||||
{
|
||||
void *prime, *base;
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(dhparam != NULL);
|
||||
LTC_ARGCHK(dhparamlen > 0);
|
||||
|
||||
if ((err = mp_init_multi(&prime, &base, NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if ((err = der_decode_sequence_multi(dhparam, dhparamlen,
|
||||
LTC_ASN1_INTEGER, 1UL, prime,
|
||||
LTC_ASN1_INTEGER, 1UL, base,
|
||||
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
|
||||
goto error;
|
||||
}
|
||||
err = _dh_make_key(prng, wprng, prime, base, key);
|
||||
|
||||
error:
|
||||
mp_clear_multi(prime, base, NULL);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
#endif /* LTC_MDH */
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
|
||||
@@ -50,6 +50,82 @@ LBL_ERR:
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
Import DH key parts p and g from dhparam
|
||||
|
||||
dhparam data: openssl dhparam -outform DER -out dhparam.der 2048
|
||||
|
||||
@param dhparam The DH param DER encoded data
|
||||
@param dhparamlen The length of dhparam data
|
||||
@param key [out] Where the newly created DH key will be stored
|
||||
@return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically.
|
||||
*/
|
||||
int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh_key *key)
|
||||
{
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(key->x == NULL);
|
||||
LTC_ARGCHK(key->y == NULL);
|
||||
LTC_ARGCHK(key->base == NULL);
|
||||
LTC_ARGCHK(key->prime == NULL);
|
||||
LTC_ARGCHK(ltc_mp.name != NULL);
|
||||
LTC_ARGCHK(dhparam != NULL);
|
||||
LTC_ARGCHK(dhparamlen > 0);
|
||||
|
||||
if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if ((err = der_decode_sequence_multi(dhparam, dhparamlen,
|
||||
LTC_ASN1_INTEGER, 1UL, key->prime,
|
||||
LTC_ASN1_INTEGER, 1UL, key->base,
|
||||
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
|
||||
goto LBL_ERR;
|
||||
}
|
||||
|
||||
return CRYPT_OK;
|
||||
|
||||
LBL_ERR:
|
||||
dh_free(key);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
Import DH key parts p and g from built-in DH groups
|
||||
|
||||
@param dhparam The DH param DER encoded data
|
||||
@param dhparamlen The length of dhparam data
|
||||
@param key [out] Where the newly created DH key will be stored
|
||||
@return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically.
|
||||
*/
|
||||
int dh_set_pg_groupsize(int groupsize, dh_key *key)
|
||||
{
|
||||
int err, i;
|
||||
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(key->x == NULL);
|
||||
LTC_ARGCHK(key->y == NULL);
|
||||
LTC_ARGCHK(key->base == NULL);
|
||||
LTC_ARGCHK(key->prime == NULL);
|
||||
LTC_ARGCHK(ltc_mp.name != NULL);
|
||||
LTC_ARGCHK(groupsize > 0);
|
||||
|
||||
for (i = 0; (groupsize > ltc_dh_sets[i].size) && (ltc_dh_sets[i].size != 0); i++);
|
||||
if (ltc_dh_sets[i].size == 0) return CRYPT_INVALID_KEYSIZE;
|
||||
|
||||
if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if ((err = mp_read_radix(key->base, ltc_dh_sets[i].base, 16)) != CRYPT_OK) { goto LBL_ERR; }
|
||||
if ((err = mp_read_radix(key->prime, ltc_dh_sets[i].prime, 16)) != CRYPT_OK) { goto LBL_ERR; }
|
||||
|
||||
return CRYPT_OK;
|
||||
|
||||
LBL_ERR:
|
||||
dh_free(key);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
Import DH key parts pub and priv from raw numbers
|
||||
|
||||
|
||||
Reference in New Issue
Block a user