1d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * All rights reserved.
3d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
4d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This package is an SSL implementation written
5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * by Eric Young (eay@cryptsoft.com).
6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The implementation was written so as to conform with Netscapes SSL.
7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This library is free for commercial and non-commercial use as long as
9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the following conditions are aheared to.  The following conditions
10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * apply to all code found in this distribution, be it the RC4, RSA,
11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * included with this distribution is covered by the same copyright terms
13d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright remains Eric Young's, and as such any Copyright notices in
16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the code are not to be removed.
17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * If this package is used in a product, Eric Young should be given attribution
18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * as the author of the parts of the library used.
19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This can be in the form of a textual message at program startup or
20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * in documentation (online or textual) provided with the package.
21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without
23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions
24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met:
25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the copyright
26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    notice, this list of conditions and the following disclaimer.
27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright
28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    notice, this list of conditions and the following disclaimer in the
29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    documentation and/or other materials provided with the distribution.
30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this software
31d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    must display the following acknowledgement:
32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    "This product includes cryptographic software written by
33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *     Eric Young (eay@cryptsoft.com)"
34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    The word 'cryptographic' can be left out if the rouines from the library
35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    being used are not cryptographic related :-).
36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. If you include any Windows specific code (or a derivative thereof) from
37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    the apps directory (application code) you must include an acknowledgement:
38d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
40d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SUCH DAMAGE.
51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The licence and distribution terms for any publically available version or
53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * derivative of this code cannot be changed.  i.e. this code cannot simply be
54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * copied and put under another distribution licence
55d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * [including the GNU Public Licence.] */
56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#ifndef OPENSSL_HEADER_DH_H
58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define OPENSSL_HEADER_DH_H
59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/base.h>
61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/engine.h>
63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/ex_data.h>
64e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#include <openssl/thread.h>
65d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
66d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#if defined(__cplusplus)
67d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyextern "C" {
68d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif
69d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
70d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
71d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH contains functions for performing Diffie-Hellman key agreement in
72d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * multiplicative groups. */
73d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
74d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
75d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Allocation and destruction. */
76d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
77d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_new returns a new, empty DH object or NULL on error. */
78d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *DH_new(void);
79d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
80d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_new_method acts the same as |DH_new| but takes an explicit |ENGINE|. */
81d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *DH_new_method(const ENGINE *engine);
82d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
83d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_free decrements the reference count of |dh| and frees it if the reference
84d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * count drops to zero. */
85d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT void DH_free(DH *dh);
86d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
87d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_up_ref increments the reference count of |dh|. */
88d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_up_ref(DH *dh);
89d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
90d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
91d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Standard parameters.
92d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
93d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * These functions return new DH objects with standard parameters configured
94d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * that use the given ENGINE, which may be NULL. They return NULL on allocation
95d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * failure. */
96d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
97d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* These parameters are taken from RFC 5114. */
98d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
99d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *DH_get_1024_160(const ENGINE *engine);
100d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *DH_get_2048_224(const ENGINE *engine);
101d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *DH_get_2048_256(const ENGINE *engine);
102d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
103d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
104d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Parameter generation. */
105d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
106d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_GENERATOR_2 2
107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_GENERATOR_5 5
108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
109d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_generate_parameters_ex generates a suitable Diffie-Hellman group with a
110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * prime that is |prime_bits| long and stores it in |dh|. The generator of the
111d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * group will be |generator|, which should be |DH_GENERATOR_2| unless there's a
112d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * good reason to use a different value. The |cb| argument contains a callback
113d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * function that will be called during the generation. See the documentation in
114d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |bn.h| about this. In addition to the callback invocations from |BN|, |cb|
115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * will also be called with |event| equal to three when the generation is
116d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * complete. */
117d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_generate_parameters_ex(DH *dh, int prime_bits,
118d9e397b599b13d642138480a28c14db7a136bf0Adam Langley                                             int generator, BN_GENCB *cb);
119d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
120d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
121d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Diffie-Hellman operations. */
122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
123d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_generate_key generates a new, random, private key and stores it in
124d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |dh|. It returns one on success and zero on error. */
125d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_generate_key(DH *dh);
126d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
127d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_compute_key calculates the shared key between |dh| and |peers_key| and
128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * writes it as a big-endian integer into |out|, which must have |DH_size|
129d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * bytes of space. It returns the number of bytes written, or a negative number
130d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * on error. */
131d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_compute_key(uint8_t *out, const BIGNUM *peers_key,
132d9e397b599b13d642138480a28c14db7a136bf0Adam Langley                                  DH *dh);
133d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
135d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Utility functions. */
136d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
137d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_size returns the number of bytes in the DH group's prime. */
138d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_size(const DH *dh);
139d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
14053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley/* DH_num_bits returns the minimum number of bits needed to represent the
14153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * absolute value of the DH group's prime. */
14253b272a2813a0b11f107d77100ff8805ada8fbd2Adam LangleyOPENSSL_EXPORT unsigned DH_num_bits(const DH *dh);
14353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley
144d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_P_NOT_PRIME 0x01
145d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
146d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_UNABLE_TO_CHECK_GENERATOR 0x04
147d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_NOT_SUITABLE_GENERATOR 0x08
148d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_Q_NOT_PRIME 0x10
149d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_INVALID_Q_VALUE 0x20
150d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_INVALID_J_VALUE 0x40
151d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
152e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* These are compatibility defines. */
153e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_NOT_SUITABLE_GENERATOR DH_CHECK_NOT_SUITABLE_GENERATOR
154e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_UNABLE_TO_CHECK_GENERATOR DH_CHECK_UNABLE_TO_CHECK_GENERATOR
155e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley
156d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_check checks the suitability of |dh| as a Diffie-Hellman group. and sets
157d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |DH_CHECK_*| flags in |*out_flags| if it finds any errors. It returns one if
158d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |*out_flags| was successfully set and zero on error.
159d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
160d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Note: these checks may be quite computationally expensive. */
161d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_check(const DH *dh, int *out_flags);
162d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
163d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_PUBKEY_TOO_SMALL 1
164d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_CHECK_PUBKEY_TOO_LARGE 2
165d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
166d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DH_check_pub_key checks the suitability of |pub_key| as a public key for the
167d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * DH group in |dh| and sets |DH_CHECK_PUBKEY_*| flags in |*out_flags| if it
168d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * finds any errors. It returns one if |*out_flags| was successfully set and
169d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * zero on error. */
170d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key,
171d9e397b599b13d642138480a28c14db7a136bf0Adam Langley                                    int *out_flags);
172d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
173d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* DHparams_dup allocates a fresh |DH| and copies the parameters from |dh| into
174d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * it. It returns the new |DH| or NULL on error. */
175d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *DHparams_dup(const DH *dh);
176d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
177d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
178d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ASN.1 functions. */
179d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
180d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* d2i_DHparams parses an ASN.1, DER encoded Diffie-Hellman parameters
181d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * structure from |len| bytes at |*inp|. If |ret| is not NULL then, on exit, a
182d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * pointer to the result is in |*ret|. If |*ret| is already non-NULL on entry
183d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * then the result is written directly into |*ret|, otherwise a fresh |DH| is
184d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * allocated. On successful exit, |*inp| is advanced past the DER structure. It
185d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * returns the result or NULL on error. */
186d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT DH *d2i_DHparams(DH **ret, const unsigned char **inp, long len);
187d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
188d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* i2d_DHparams marshals |in| to an ASN.1, DER structure. If |outp| is not NULL
189d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * then the result is written to |*outp| and |*outp| is advanced just past the
190d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * output. It returns the number of bytes in the result, whether written or
191d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * not, or a negative value on error. */
192d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int i2d_DHparams(const DH *in, unsigned char **outp);
193d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
194d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
195d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ex_data functions.
196d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
197e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * See |ex_data.h| for details. */
198d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
199d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_get_ex_new_index(long argl, void *argp,
200d9e397b599b13d642138480a28c14db7a136bf0Adam Langley                                       CRYPTO_EX_new *new_func,
201d9e397b599b13d642138480a28c14db7a136bf0Adam Langley                                       CRYPTO_EX_dup *dup_func,
202d9e397b599b13d642138480a28c14db7a136bf0Adam Langley                                       CRYPTO_EX_free *free_func);
203d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT int DH_set_ex_data(DH *d, int idx, void *arg);
204d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyOPENSSL_EXPORT void *DH_get_ex_data(DH *d, int idx);
205d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
206d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
207d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* dh_method contains function pointers to override the implementation of DH.
208d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * See |engine.h| for details. */
209d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystruct dh_method {
210d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  struct openssl_method_common_st common;
211d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
212d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  /* app_data is an opaque pointer for the method to use. */
213d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  void *app_data;
214d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
215d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  /* init is called just before the return of |DH_new_method|. It returns one
216d9e397b599b13d642138480a28c14db7a136bf0Adam Langley   * on success or zero on error. */
217d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  int (*init)(DH *dh);
218d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
219d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  /* finish is called before |dh| is destructed. */
220d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  void (*finish)(DH *dh);
221d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
222d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  /* generate_parameters is called by |DH_generate_parameters_ex|. */
223d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  int (*generate_parameters)(DH *dh, int prime_bits, int generator,
224d9e397b599b13d642138480a28c14db7a136bf0Adam Langley                             BN_GENCB *cb);
225d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
226d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  /* generate_parameters is called by |DH_generate_key|. */
227d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  int (*generate_key)(DH *dh);
228d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
229d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  /* compute_key is called by |DH_compute_key|. */
230d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  int (*compute_key)(DH *dh, uint8_t *out, const BIGNUM *pub_key);
231d9e397b599b13d642138480a28c14db7a136bf0Adam Langley};
232d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
233d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystruct dh_st {
234d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  DH_METHOD *meth;
235d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
236d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  BIGNUM *p;
237d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  BIGNUM *g;
238d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  BIGNUM *pub_key;  /* g^x */
239d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  BIGNUM *priv_key; /* x */
240d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
241d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  /* priv_length contains the length, in bits, of the private value. If zero,
242d9e397b599b13d642138480a28c14db7a136bf0Adam Langley   * the private value will be the same length as |p|. */
243d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  unsigned priv_length;
244e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley
245e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley  CRYPTO_MUTEX method_mont_p_lock;
246d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  BN_MONT_CTX *method_mont_p;
247d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
248d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  /* Place holders if we want to do X9.42 DH */
249d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  BIGNUM *q;
250d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  BIGNUM *j;
251d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  unsigned char *seed;
252d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  int seedlen;
253d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  BIGNUM *counter;
254d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
255d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  int flags;
25653b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley  CRYPTO_refcount_t references;
257d9e397b599b13d642138480a28c14db7a136bf0Adam Langley  CRYPTO_EX_DATA ex_data;
258d9e397b599b13d642138480a28c14db7a136bf0Adam Langley};
259d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
260d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
261d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#if defined(__cplusplus)
262d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}  /* extern C */
263d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif
264d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
265e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_F_DH_new_method 100
266e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_F_compute_key 101
267e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_F_generate_key 102
268e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_F_generate_parameters 103
269e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_R_BAD_GENERATOR 100
270e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DH_R_INVALID_PUBKEY 101
271d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_R_MODULUS_TOO_LARGE 102
272d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DH_R_NO_PRIVATE_VALUE 103
273d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
274d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif  /* OPENSSL_HEADER_DH_H */
275