]> git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
projects / mirror_edk2.git / blob
? search:


20f13469b30f407367557e01e4f1fac16cbf967e
[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptDh.c
1 /** @file
2 Diffie-Hellman Wrapper Implementation over OpenSSL.
3
4 Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "InternalCryptLib.h"
16 #include <openssl/dh.h>
17
18
19 /**
20 Allocates and Initializes one Diffie-Hellman Context for subsequent use.
21
22 @return Pointer to the Diffie-Hellman Context that has been initialized.
23 If the allocations fails, DhNew() returns NULL.
24
25 **/
26 VOID *
27 EFIAPI
28 DhNew (
29 VOID
30 )
31 {
32 //
33 // Allocates & Initializes DH Context by OpenSSL DH_new()
34 //
35 return (VOID *)DH_new ();
36 }
37
38 /**
39 Release the specified DH context.
40
41 If DhContext is NULL, then return FALSE.
42
43 @param[in] DhContext Pointer to the DH context to be released.
44
45 **/
46 VOID
47 EFIAPI
48 DhFree (
49 IN VOID *DhContext
50 )
51 {
52 //
53 // Free OpenSSL DH Context
54 //
55 DH_free ((DH *)DhContext);
56 }
57
58 /**
59 Generates DH parameter.
60
61 Given generator g, and length of prime number p in bits, this function generates p,
62 and sets DH context according to value of g and p.
63
64 Before this function can be invoked, pseudorandom number generator must be correctly
65 initialized by RandomSeed().
66
67 If DhContext is NULL, then return FALSE.
68 If Prime is NULL, then return FALSE.
69
70 @param[in, out] DhContext Pointer to the DH context.
71 @param[in] Generator Value of generator.
72 @param[in] PrimeLength Length in bits of prime to be generated.
73 @param[out] Prime Pointer to the buffer to receive the generated prime number.
74
75 @retval TRUE DH pamameter generation succeeded.
76 @retval FALSE Value of Generator is not supported.
77 @retval FALSE PRNG fails to generate random prime number with PrimeLength.
78
79 **/
80 BOOLEAN
81 EFIAPI
82 DhGenerateParameter (
83 IN OUT VOID *DhContext,
84 IN UINTN Generator,
85 IN UINTN PrimeLength,
86 OUT UINT8 *Prime
87 )
88 {
89 BOOLEAN RetVal;
90
91 //
92 // Check input parameters.
93 //
94 if (DhContext == NULL || Prime == NULL) {
95 return FALSE;
96 }
97
98 if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
99 return FALSE;
100 }
101
102 RetVal = (BOOLEAN) DH_generate_parameters_ex (DhContext, (UINT32) PrimeLength, (UINT32) Generator, NULL);
103 if (!RetVal) {
104 return FALSE;
105 }
106
107 BN_bn2bin (((DH *) DhContext)->p, Prime);
108
109 return TRUE;
110 }
111
112 /**
113 Sets generator and prime parameters for DH.
114
115 Given generator g, and prime number p, this function and sets DH
116 context accordingly.
117
118 If DhContext is NULL, then return FALSE.
119 If Prime is NULL, then return FALSE.
120
121 @param[in, out] DhContext Pointer to the DH context.
122 @param[in] Generator Value of generator.
123 @param[in] PrimeLength Length in bits of prime to be generated.
124 @param[in] Prime Pointer to the prime number.
125
126 @retval TRUE DH pamameter setting succeeded.
127 @retval FALSE Value of Generator is not supported.
128 @retval FALSE Value of Generator is not suitable for the Prime.
129 @retval FALSE Value of Prime is not a prime number.
130 @retval FALSE Value of Prime is not a safe prime number.
131
132 **/
133 BOOLEAN
134 EFIAPI
135 DhSetParameter (
136 IN OUT VOID *DhContext,
137 IN UINTN Generator,
138 IN UINTN PrimeLength,
139 IN CONST UINT8 *Prime
140 )
141 {
142 DH *Dh;
143
144 //
145 // Check input parameters.
146 //
147 if (DhContext == NULL || Prime == NULL) {
148 return FALSE;
149 }
150
151 if (Generator != DH_GENERATOR_2 && Generator != DH_GENERATOR_5) {
152 return FALSE;
153 }
154
155 Dh = (DH *) DhContext;
156 Dh->p = BN_new();
157 Dh->g = BN_new();
158
159 BN_bin2bn (Prime, (UINT32) (PrimeLength / 8), Dh->p);
160 BN_set_word (Dh->g, (UINT32) Generator);
161
162 return TRUE;
163 }
164
165 /**
166 Generates DH public key.
167
168 This function generates random secret exponent, and computes the public key, which is
169 returned via parameter PublicKey and PublicKeySize. DH context is updated accordingly.
170 If the PublicKey buffer is too small to hold the public key, FALSE is returned and
171 PublicKeySize is set to the required buffer size to obtain the public key.
172
173 If DhContext is NULL, then return FALSE.
174 If PublicKeySize is NULL, then return FALSE.
175 If PublicKeySize is large enough but PublicKey is NULL, then return FALSE.
176
177 @param[in, out] DhContext Pointer to the DH context.
178 @param[out] PublicKey Pointer to the buffer to receive generated public key.
179 @param[in, out] PublicKeySize On input, the size of PublicKey buffer in bytes.
180 On output, the size of data returned in PublicKey buffer in bytes.
181
182 @retval TRUE DH public key generation succeeded.
183 @retval FALSE DH public key generation failed.
184 @retval FALSE PublicKeySize is not large enough.
185
186 **/
187 BOOLEAN
188 EFIAPI
189 DhGenerateKey (
190 IN OUT VOID *DhContext,
191 OUT UINT8 *PublicKey,
192 IN OUT UINTN *PublicKeySize
193 )
194 {
195 BOOLEAN RetVal;
196 DH *Dh;
197
198 //
199 // Check input parameters.
200 //
201 if (DhContext == NULL || PublicKeySize == NULL) {
202 return FALSE;
203 }
204
205 if (PublicKey == NULL && *PublicKeySize != 0) {
206 return FALSE;
207 }
208
209 Dh = (DH *) DhContext;
210 *PublicKeySize = 0;
211
212 RetVal = (BOOLEAN) DH_generate_key (DhContext);
213 if (RetVal) {
214 BN_bn2bin (Dh->pub_key, PublicKey);
215 *PublicKeySize = BN_num_bytes (Dh->pub_key);
216 }
217
218 return RetVal;
219 }
220
221 /**
222 Computes exchanged common key.
223
224 Given peer's public key, this function computes the exchanged common key, based on its own
225 context including value of prime modulus and random secret exponent.
226
227 If DhContext is NULL, then return FALSE.
228 If PeerPublicKey is NULL, then return FALSE.
229 If KeySize is NULL, then return FALSE.
230 If KeySize is large enough but Key is NULL, then return FALSE.
231
232 @param[in, out] DhContext Pointer to the DH context.
233 @param[in] PeerPublicKey Pointer to the peer's public key.
234 @param[in] PeerPublicKeySize Size of peer's public key in bytes.
235 @param[out] Key Pointer to the buffer to receive generated key.
236 @param[in, out] KeySize On input, the size of Key buffer in bytes.
237 On output, the size of data returned in Key buffer in bytes.
238
239 @retval TRUE DH exchanged key generation succeeded.
240 @retval FALSE DH exchanged key generation failed.
241 @retval FALSE KeySize is not large enough.
242
243 **/
244 BOOLEAN
245 EFIAPI
246 DhComputeKey (
247 IN OUT VOID *DhContext,
248 IN CONST UINT8 *PeerPublicKey,
249 IN UINTN PeerPublicKeySize,
250 OUT UINT8 *Key,
251 IN OUT UINTN *KeySize
252 )
253 {
254 BIGNUM *Bn;
255
256 //
257 // Check input parameters.
258 //
259 if (DhContext == NULL || PeerPublicKey == NULL || KeySize == NULL) {
260 return FALSE;
261 }
262
263 if (Key == NULL && *KeySize != 0) {
264 return FALSE;
265 }
266
267 Bn = BN_bin2bn (PeerPublicKey, (UINT32) PeerPublicKeySize, NULL);
268
269 *KeySize = (BOOLEAN) DH_compute_key (Key, Bn, DhContext);
270
271 BN_free (Bn);
272
273 return TRUE;
274 }
EFI Development Kit II mirror for PVE