1d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * All rights reserved. 3d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This package is an SSL implementation written 5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * by Eric Young (eay@cryptsoft.com). 6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The implementation was written so as to conform with Netscapes SSL. 7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This library is free for commercial and non-commercial use as long as 9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the following conditions are aheared to. The following conditions 10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * apply to all code found in this distribution, be it the RC4, RSA, 11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * included with this distribution is covered by the same copyright terms 13d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright remains Eric Young's, and as such any Copyright notices in 16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the code are not to be removed. 17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * If this package is used in a product, Eric Young should be given attribution 18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * as the author of the parts of the library used. 19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This can be in the form of a textual message at program startup or 20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * in documentation (online or textual) provided with the package. 21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without 23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions 24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met: 25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the copyright 26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer. 27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright 28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer in the 29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * documentation and/or other materials provided with the distribution. 30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this software 31d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * must display the following acknowledgement: 32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes cryptographic software written by 33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Eric Young (eay@cryptsoft.com)" 34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The word 'cryptographic' can be left out if the rouines from the library 35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * being used are not cryptographic related :-). 36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. If you include any Windows specific code (or a derivative thereof) from 37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the apps directory (application code) you must include an acknowledgement: 38d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 40d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SUCH DAMAGE. 51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The licence and distribution terms for any publically available version or 53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * derivative of this code cannot be changed. i.e. this code cannot simply be 54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * copied and put under another distribution licence 55d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * [including the GNU Public Licence.] */ 56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#ifndef OPENSSL_HEADER_DH_H 58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define OPENSSL_HEADER_DH_H 59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/base.h> 61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/engine.h> 63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/ex_data.h> 64e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#include <openssl/thread.h> 65d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 66d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#if defined(__cplusplus) 67d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyextern "C" { 68d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif 69d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 70d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 71d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH contains functions for performing Diffie-Hellman key agreement in 72d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * multiplicative groups. */ 73d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 74d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 75d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Allocation and destruction. */ 76d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 77d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_new returns a new, empty DH object or NULL on error. */ 78d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *DH_new(void); 79d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 80d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_new_method acts the same as |DH_new| but takes an explicit |ENGINE|. */ 81d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *DH_new_method(const ENGINE *engine); 82d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 83d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_free decrements the reference count of |dh| and frees it if the reference 84d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * count drops to zero. */ 85d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT void DH_free(DH *dh); 86d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 87d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_up_ref increments the reference count of |dh|. */ 88d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_up_ref(DH *dh); 89d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 90d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 91d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Standard parameters. 92d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 93d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * These functions return new DH objects with standard parameters configured 94d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * that use the given ENGINE, which may be NULL. They return NULL on allocation 95d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * failure. */ 96d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 97d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* These parameters are taken from RFC 5114. */ 98d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 99d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *DH_get_1024_160(const ENGINE *engine); 100d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *DH_get_2048_224(const ENGINE *engine); 101d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *DH_get_2048_256(const ENGINE *engine); 102d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 103d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 104d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Parameter generation. */ 105d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 106d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_GENERATOR_2 2 107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_GENERATOR_5 5 108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 109d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_generate_parameters_ex generates a suitable Diffie-Hellman group with a 110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * prime that is |prime_bits| long and stores it in |dh|. The generator of the 111d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * group will be |generator|, which should be |DH_GENERATOR_2| unless there's a 112d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * good reason to use a different value. The |cb| argument contains a callback 113d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * function that will be called during the generation. See the documentation in 114d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |bn.h| about this. In addition to the callback invocations from |BN|, |cb| 115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * will also be called with |event| equal to three when the generation is 116d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * complete. */ 117d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_generate_parameters_ex(DH *dh, int prime_bits, 118d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int generator, BN_GENCB *cb); 119d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 120d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 121d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Diffie-Hellman operations. */ 122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 123d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_generate_key generates a new, random, private key and stores it in 124d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |dh|. It returns one on success and zero on error. */ 125d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_generate_key(DH *dh); 126d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 127d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_compute_key calculates the shared key between |dh| and |peers_key| and 128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * writes it as a big-endian integer into |out|, which must have |DH_size| 129d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * bytes of space. It returns the number of bytes written, or a negative number 130d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * on error. */ 131d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_compute_key(uint8_t *out, const BIGNUM *peers_key, 132d9e397b599b13d642138480a28c14db7a136bf0Adam Langley DH *dh); 133d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 135d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Utility functions. */ 136d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 137d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_size returns the number of bytes in the DH group's prime. */ 138d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_size(const DH *dh); 139d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 14053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley/* DH_num_bits returns the minimum number of bits needed to represent the 14153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * absolute value of the DH group's prime. */ 14253b272a2813a0b11f107d77100ff8805ada8fbd2Adam LangleyOPENSSL_EXPORT unsigned DH_num_bits(const DH *dh); 14353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 144d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_P_NOT_PRIME 0x01 145d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 146d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_UNABLE_TO_CHECK_GENERATOR 0x04 147d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_NOT_SUITABLE_GENERATOR 0x08 148d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_Q_NOT_PRIME 0x10 149d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_INVALID_Q_VALUE 0x20 150d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_INVALID_J_VALUE 0x40 151d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 152e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* These are compatibility defines. */ 153e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_NOT_SUITABLE_GENERATOR DH_CHECK_NOT_SUITABLE_GENERATOR 154e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_UNABLE_TO_CHECK_GENERATOR DH_CHECK_UNABLE_TO_CHECK_GENERATOR 155e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 156d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_check checks the suitability of |dh| as a Diffie-Hellman group. and sets 157d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |DH_CHECK_*| flags in |*out_flags| if it finds any errors. It returns one if 158d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |*out_flags| was successfully set and zero on error. 159d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 160d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Note: these checks may be quite computationally expensive. */ 161d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_check(const DH *dh, int *out_flags); 162d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 163d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_PUBKEY_TOO_SMALL 1 164d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_PUBKEY_TOO_LARGE 2 165d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 166d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_check_pub_key checks the suitability of |pub_key| as a public key for the 167d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * DH group in |dh| and sets |DH_CHECK_PUBKEY_*| flags in |*out_flags| if it 168d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * finds any errors. It returns one if |*out_flags| was successfully set and 169d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * zero on error. */ 170d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, 171d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int *out_flags); 172d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 173d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DHparams_dup allocates a fresh |DH| and copies the parameters from |dh| into 174d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * it. It returns the new |DH| or NULL on error. */ 175d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *DHparams_dup(const DH *dh); 176d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 177d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 178d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ASN.1 functions. */ 179d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 180d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* d2i_DHparams parses an ASN.1, DER encoded Diffie-Hellman parameters 181d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * structure from |len| bytes at |*inp|. If |ret| is not NULL then, on exit, a 182d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * pointer to the result is in |*ret|. If |*ret| is already non-NULL on entry 183d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * then the result is written directly into |*ret|, otherwise a fresh |DH| is 184d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * allocated. On successful exit, |*inp| is advanced past the DER structure. It 185d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * returns the result or NULL on error. */ 186d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *d2i_DHparams(DH **ret, const unsigned char **inp, long len); 187d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 188d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* i2d_DHparams marshals |in| to an ASN.1, DER structure. If |outp| is not NULL 189d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * then the result is written to |*outp| and |*outp| is advanced just past the 190d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * output. It returns the number of bytes in the result, whether written or 191d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * not, or a negative value on error. */ 192d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int i2d_DHparams(const DH *in, unsigned char **outp); 193d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 194d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 195d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ex_data functions. 196d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 197e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * See |ex_data.h| for details. */ 198d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 199d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_get_ex_new_index(long argl, void *argp, 200d9e397b599b13d642138480a28c14db7a136bf0Adam Langley CRYPTO_EX_new *new_func, 201d9e397b599b13d642138480a28c14db7a136bf0Adam Langley CRYPTO_EX_dup *dup_func, 202d9e397b599b13d642138480a28c14db7a136bf0Adam Langley CRYPTO_EX_free *free_func); 203d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_set_ex_data(DH *d, int idx, void *arg); 204d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT void *DH_get_ex_data(DH *d, int idx); 205d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 206d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 207d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* dh_method contains function pointers to override the implementation of DH. 208d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * See |engine.h| for details. */ 209d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystruct dh_method { 210d9e397b599b13d642138480a28c14db7a136bf0Adam Langley struct openssl_method_common_st common; 211d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 212d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* app_data is an opaque pointer for the method to use. */ 213d9e397b599b13d642138480a28c14db7a136bf0Adam Langley void *app_data; 214d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 215d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* init is called just before the return of |DH_new_method|. It returns one 216d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * on success or zero on error. */ 217d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*init)(DH *dh); 218d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 219d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* finish is called before |dh| is destructed. */ 220d9e397b599b13d642138480a28c14db7a136bf0Adam Langley void (*finish)(DH *dh); 221d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 222d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* generate_parameters is called by |DH_generate_parameters_ex|. */ 223d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*generate_parameters)(DH *dh, int prime_bits, int generator, 224d9e397b599b13d642138480a28c14db7a136bf0Adam Langley BN_GENCB *cb); 225d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 226d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* generate_parameters is called by |DH_generate_key|. */ 227d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*generate_key)(DH *dh); 228d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 229d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* compute_key is called by |DH_compute_key|. */ 230d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*compute_key)(DH *dh, uint8_t *out, const BIGNUM *pub_key); 231d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}; 232d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 233d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystruct dh_st { 234d9e397b599b13d642138480a28c14db7a136bf0Adam Langley DH_METHOD *meth; 235d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 236d9e397b599b13d642138480a28c14db7a136bf0Adam Langley BIGNUM *p; 237d9e397b599b13d642138480a28c14db7a136bf0Adam Langley BIGNUM *g; 238d9e397b599b13d642138480a28c14db7a136bf0Adam Langley BIGNUM *pub_key; /* g^x */ 239d9e397b599b13d642138480a28c14db7a136bf0Adam Langley BIGNUM *priv_key; /* x */ 240d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 241d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* priv_length contains the length, in bits, of the private value. If zero, 242d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the private value will be the same length as |p|. */ 243d9e397b599b13d642138480a28c14db7a136bf0Adam Langley unsigned priv_length; 244e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 245e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley CRYPTO_MUTEX method_mont_p_lock; 246d9e397b599b13d642138480a28c14db7a136bf0Adam Langley BN_MONT_CTX *method_mont_p; 247d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 248d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Place holders if we want to do X9.42 DH */ 249d9e397b599b13d642138480a28c14db7a136bf0Adam Langley BIGNUM *q; 250d9e397b599b13d642138480a28c14db7a136bf0Adam Langley BIGNUM *j; 251d9e397b599b13d642138480a28c14db7a136bf0Adam Langley unsigned char *seed; 252d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int seedlen; 253d9e397b599b13d642138480a28c14db7a136bf0Adam Langley BIGNUM *counter; 254d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 255d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int flags; 25653b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley CRYPTO_refcount_t references; 257d9e397b599b13d642138480a28c14db7a136bf0Adam Langley CRYPTO_EX_DATA ex_data; 258d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}; 259d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 260d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 261d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#if defined(__cplusplus) 262d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} /* extern C */ 263d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif 264d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 265e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_F_DH_new_method 100 266e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_F_compute_key 101 267e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_F_generate_key 102 268e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_F_generate_parameters 103 269e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_R_BAD_GENERATOR 100 270e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_R_INVALID_PUBKEY 101 271d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_R_MODULUS_TOO_LARGE 102 272d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_R_NO_PRIVATE_VALUE 103 273d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 274d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif /* OPENSSL_HEADER_DH_H */ 275