PageRenderTime 117ms CodeModel.GetById 12ms RepoModel.GetById 1ms app.codeStats 0ms

/source/ruby-1.9.2-p180/ext/openssl/ossl_pkey_dh.c

https://github.com/akiernan/omnibus
C | 532 lines | 344 code | 65 blank | 123 comment | 47 complexity | 6ef02b33af215af0914ccdde3f2714b7 MD5 | raw file
Possible License(s): Apache-2.0, BSD-3-Clause
  1. /*
  2. * $Id: ossl_pkey_dh.c 27440 2010-04-22 08:21:01Z nobu $
  3. * 'OpenSSL for Ruby' project
  4. * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
  5. * All rights reserved.
  6. */
  7. /*
  8. * This program is licenced under the same licence as Ruby.
  9. * (See the file 'LICENCE'.)
  10. */
  11. #if !defined(OPENSSL_NO_DH)
  12. #include "ossl.h"
  13. #define GetPKeyDH(obj, pkey) do { \
  14. GetPKey(obj, pkey); \
  15. if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) { /* PARANOIA? */ \
  16. ossl_raise(rb_eRuntimeError, "THIS IS NOT A DH!") ; \
  17. } \
  18. } while (0)
  19. #define DH_HAS_PRIVATE(dh) ((dh)->priv_key)
  20. #ifdef OSSL_ENGINE_ENABLED
  21. # define DH_PRIVATE(dh) (DH_HAS_PRIVATE(dh) || (dh)->engine)
  22. #else
  23. # define DH_PRIVATE(dh) DH_HAS_PRIVATE(dh)
  24. #endif
  25. /*
  26. * Classes
  27. */
  28. VALUE cDH;
  29. VALUE eDHError;
  30. /*
  31. * Public
  32. */
  33. static VALUE
  34. dh_instance(VALUE klass, DH *dh)
  35. {
  36. EVP_PKEY *pkey;
  37. VALUE obj;
  38. if (!dh) {
  39. return Qfalse;
  40. }
  41. if (!(pkey = EVP_PKEY_new())) {
  42. return Qfalse;
  43. }
  44. if (!EVP_PKEY_assign_DH(pkey, dh)) {
  45. EVP_PKEY_free(pkey);
  46. return Qfalse;
  47. }
  48. WrapPKey(klass, obj, pkey);
  49. return obj;
  50. }
  51. VALUE
  52. ossl_dh_new(EVP_PKEY *pkey)
  53. {
  54. VALUE obj;
  55. if (!pkey) {
  56. obj = dh_instance(cDH, DH_new());
  57. } else {
  58. if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) {
  59. ossl_raise(rb_eTypeError, "Not a DH key!");
  60. }
  61. WrapPKey(cDH, obj, pkey);
  62. }
  63. if (obj == Qfalse) {
  64. ossl_raise(eDHError, NULL);
  65. }
  66. return obj;
  67. }
  68. /*
  69. * Private
  70. */
  71. static DH *
  72. dh_generate(int size, int gen)
  73. {
  74. DH *dh;
  75. dh = DH_generate_parameters(size, gen,
  76. rb_block_given_p() ? ossl_generate_cb : NULL,
  77. NULL);
  78. if (!dh) return 0;
  79. if (!DH_generate_key(dh)) {
  80. DH_free(dh);
  81. return 0;
  82. }
  83. return dh;
  84. }
  85. /*
  86. * call-seq:
  87. * DH.generate(size [, generator]) -> dh
  88. *
  89. * === Parameters
  90. * * +size+ is an integer representing the desired key size. Keys smaller than 1024 should be considered insecure.
  91. * * +generator+ is a small number > 1, typically 2 or 5.
  92. *
  93. */
  94. static VALUE
  95. ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass)
  96. {
  97. DH *dh ;
  98. int g = 2;
  99. VALUE size, gen, obj;
  100. if (rb_scan_args(argc, argv, "11", &size, &gen) == 2) {
  101. g = NUM2INT(gen);
  102. }
  103. dh = dh_generate(NUM2INT(size), g);
  104. obj = dh_instance(klass, dh);
  105. if (obj == Qfalse) {
  106. DH_free(dh);
  107. ossl_raise(eDHError, NULL);
  108. }
  109. return obj;
  110. }
  111. /*
  112. * call-seq:
  113. * DH.new([size [, generator] | string]) -> dh
  114. *
  115. * === Parameters
  116. * * +size+ is an integer representing the desired key size. Keys smaller than 1024 should be considered insecure.
  117. * * +generator+ is a small number > 1, typically 2 or 5.
  118. * * +string+ contains the DER or PEM encoded key.
  119. *
  120. * === Examples
  121. * * DH.new -> dh
  122. * * DH.new(1024) -> dh
  123. * * DH.new(1024, 5) -> dh
  124. * * DH.new(File.read('key.pem')) -> dh
  125. */
  126. static VALUE
  127. ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
  128. {
  129. EVP_PKEY *pkey;
  130. DH *dh;
  131. int g = 2;
  132. BIO *in;
  133. VALUE arg, gen;
  134. GetPKey(self, pkey);
  135. if(rb_scan_args(argc, argv, "02", &arg, &gen) == 0) {
  136. dh = DH_new();
  137. }
  138. else if (FIXNUM_P(arg)) {
  139. if (!NIL_P(gen)) {
  140. g = NUM2INT(gen);
  141. }
  142. if (!(dh = dh_generate(FIX2INT(arg), g))) {
  143. ossl_raise(eDHError, NULL);
  144. }
  145. }
  146. else {
  147. arg = ossl_to_der_if_possible(arg);
  148. in = ossl_obj2bio(arg);
  149. dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
  150. if (!dh){
  151. (void)BIO_reset(in);
  152. dh = d2i_DHparams_bio(in, NULL);
  153. }
  154. BIO_free(in);
  155. if (!dh) ossl_raise(eDHError, NULL);
  156. }
  157. if (!EVP_PKEY_assign_DH(pkey, dh)) {
  158. DH_free(dh);
  159. ossl_raise(eDHError, NULL);
  160. }
  161. return self;
  162. }
  163. /*
  164. * call-seq:
  165. * dh.public? -> true | false
  166. *
  167. */
  168. static VALUE
  169. ossl_dh_is_public(VALUE self)
  170. {
  171. EVP_PKEY *pkey;
  172. GetPKeyDH(self, pkey);
  173. return (pkey->pkey.dh->pub_key) ? Qtrue : Qfalse;
  174. }
  175. /*
  176. * call-seq:
  177. * dh.private? -> true | false
  178. *
  179. */
  180. static VALUE
  181. ossl_dh_is_private(VALUE self)
  182. {
  183. EVP_PKEY *pkey;
  184. GetPKeyDH(self, pkey);
  185. return (DH_PRIVATE(pkey->pkey.dh)) ? Qtrue : Qfalse;
  186. }
  187. /*
  188. * call-seq:
  189. * dh.to_pem -> aString
  190. *
  191. */
  192. static VALUE
  193. ossl_dh_export(VALUE self)
  194. {
  195. EVP_PKEY *pkey;
  196. BIO *out;
  197. VALUE str;
  198. GetPKeyDH(self, pkey);
  199. if (!(out = BIO_new(BIO_s_mem()))) {
  200. ossl_raise(eDHError, NULL);
  201. }
  202. if (!PEM_write_bio_DHparams(out, pkey->pkey.dh)) {
  203. BIO_free(out);
  204. ossl_raise(eDHError, NULL);
  205. }
  206. str = ossl_membio2str(out);
  207. return str;
  208. }
  209. /*
  210. * call-seq:
  211. * dh.to_der -> aString
  212. *
  213. */
  214. static VALUE
  215. ossl_dh_to_der(VALUE self)
  216. {
  217. EVP_PKEY *pkey;
  218. unsigned char *p;
  219. long len;
  220. VALUE str;
  221. GetPKeyDH(self, pkey);
  222. if((len = i2d_DHparams(pkey->pkey.dh, NULL)) <= 0)
  223. ossl_raise(eDHError, NULL);
  224. str = rb_str_new(0, len);
  225. p = (unsigned char *)RSTRING_PTR(str);
  226. if(i2d_DHparams(pkey->pkey.dh, &p) < 0)
  227. ossl_raise(eDHError, NULL);
  228. ossl_str_adjust(str, p);
  229. return str;
  230. }
  231. /*
  232. * call-seq:
  233. * dh.params -> hash
  234. *
  235. * Stores all parameters of key to the hash
  236. * INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
  237. * Don't use :-)) (I's up to you)
  238. */
  239. static VALUE
  240. ossl_dh_get_params(VALUE self)
  241. {
  242. EVP_PKEY *pkey;
  243. VALUE hash;
  244. GetPKeyDH(self, pkey);
  245. hash = rb_hash_new();
  246. rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.dh->p));
  247. rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(pkey->pkey.dh->g));
  248. rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pkey->pkey.dh->pub_key));
  249. rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(pkey->pkey.dh->priv_key));
  250. return hash;
  251. }
  252. /*
  253. * call-seq:
  254. * dh.to_text -> aString
  255. *
  256. * Prints all parameters of key to buffer
  257. * INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
  258. * Don't use :-)) (I's up to you)
  259. */
  260. static VALUE
  261. ossl_dh_to_text(VALUE self)
  262. {
  263. EVP_PKEY *pkey;
  264. BIO *out;
  265. VALUE str;
  266. GetPKeyDH(self, pkey);
  267. if (!(out = BIO_new(BIO_s_mem()))) {
  268. ossl_raise(eDHError, NULL);
  269. }
  270. if (!DHparams_print(out, pkey->pkey.dh)) {
  271. BIO_free(out);
  272. ossl_raise(eDHError, NULL);
  273. }
  274. str = ossl_membio2str(out);
  275. return str;
  276. }
  277. /*
  278. * call-seq:
  279. * dh.public_key -> aDH
  280. *
  281. * Makes new instance DH PUBLIC_KEY from PRIVATE_KEY
  282. */
  283. static VALUE
  284. ossl_dh_to_public_key(VALUE self)
  285. {
  286. EVP_PKEY *pkey;
  287. DH *dh;
  288. VALUE obj;
  289. GetPKeyDH(self, pkey);
  290. dh = DHparams_dup(pkey->pkey.dh); /* err check perfomed by dh_instance */
  291. obj = dh_instance(CLASS_OF(self), dh);
  292. if (obj == Qfalse) {
  293. DH_free(dh);
  294. ossl_raise(eDHError, NULL);
  295. }
  296. return obj;
  297. }
  298. /*
  299. * call-seq:
  300. * dh.check_params -> true | false
  301. *
  302. */
  303. static VALUE
  304. ossl_dh_check_params(VALUE self)
  305. {
  306. DH *dh;
  307. EVP_PKEY *pkey;
  308. int codes;
  309. GetPKeyDH(self, pkey);
  310. dh = pkey->pkey.dh;
  311. if (!DH_check(dh, &codes)) {
  312. return Qfalse;
  313. }
  314. return codes == 0 ? Qtrue : Qfalse;
  315. }
  316. /*
  317. * call-seq:
  318. * dh.generate_key -> self
  319. *
  320. */
  321. static VALUE
  322. ossl_dh_generate_key(VALUE self)
  323. {
  324. DH *dh;
  325. EVP_PKEY *pkey;
  326. GetPKeyDH(self, pkey);
  327. dh = pkey->pkey.dh;
  328. if (!DH_generate_key(dh))
  329. ossl_raise(eDHError, "Failed to generate key");
  330. return self;
  331. }
  332. /*
  333. * call-seq:
  334. * dh.compute_key(pub_bn) -> aString
  335. *
  336. * === Parameters
  337. * * +pub_bn+ is a OpenSSL::BN.
  338. *
  339. * Returns aString containing a shared secret computed from the other parties public value.
  340. *
  341. * See DH_compute_key() for further information.
  342. *
  343. */
  344. static VALUE
  345. ossl_dh_compute_key(VALUE self, VALUE pub)
  346. {
  347. DH *dh;
  348. EVP_PKEY *pkey;
  349. BIGNUM *pub_key;
  350. VALUE str;
  351. int len;
  352. GetPKeyDH(self, pkey);
  353. dh = pkey->pkey.dh;
  354. pub_key = GetBNPtr(pub);
  355. len = DH_size(dh);
  356. str = rb_str_new(0, len);
  357. if ((len = DH_compute_key((unsigned char *)RSTRING_PTR(str), pub_key, dh)) < 0) {
  358. ossl_raise(eDHError, NULL);
  359. }
  360. rb_str_set_len(str, len);
  361. return str;
  362. }
  363. OSSL_PKEY_BN(dh, p)
  364. OSSL_PKEY_BN(dh, g)
  365. OSSL_PKEY_BN(dh, pub_key)
  366. OSSL_PKEY_BN(dh, priv_key)
  367. /*
  368. * -----BEGIN DH PARAMETERS-----
  369. * MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
  370. * zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
  371. * -----END DH PARAMETERS-----
  372. */
  373. static unsigned char DEFAULT_DH_512_PRIM[] = {
  374. 0xf4, 0xcd, 0x71, 0xe5, 0x8d, 0x18, 0x3f, 0x98,
  375. 0x9f, 0x4f, 0x60, 0xb0, 0x02, 0x2e, 0xfe, 0x7c,
  376. 0x09, 0xdf, 0x15, 0xc4, 0x1c, 0x71, 0x63, 0xba,
  377. 0x04, 0xb8, 0x27, 0x94, 0x44, 0xc8, 0x93, 0xa8,
  378. 0x48, 0x4c, 0xca, 0x6d, 0x7a, 0xae, 0x18, 0x4a,
  379. 0x81, 0x91, 0xb6, 0xce, 0x4d, 0x8e, 0xf6, 0xe5,
  380. 0x08, 0x04, 0x8c, 0x52, 0x8f, 0xe3, 0x4a, 0x31,
  381. 0x44, 0x47, 0x19, 0xa1, 0x4a, 0xc8, 0x8b, 0xcb,
  382. };
  383. static unsigned char DEFAULT_DH_512_GEN[] = { 0x02 };
  384. DH *OSSL_DEFAULT_DH_512 = NULL;
  385. /*
  386. * -----BEGIN DH PARAMETERS-----
  387. * MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
  388. * AV/ZD2AWPbrTqV76mGRgJg4EddgT1zG0jq3rnFdMj2XzkBYx3BVvfR0Arnby0RHR
  389. * T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
  390. * -----END DH PARAMETERS-----
  391. */
  392. static unsigned char DEFAULT_DH_1024_PRIM[] = {
  393. 0x9d, 0x25, 0x39, 0x5c, 0xb4, 0x54, 0x8a, 0xff,
  394. 0x25, 0xe6, 0xd6, 0x9f, 0x4c, 0xc3, 0xc1, 0x8d,
  395. 0xa1, 0xfa, 0xba, 0x88, 0x4c, 0x53, 0xa9, 0x74,
  396. 0xda, 0xfa, 0xba, 0x0b, 0x20, 0xbe, 0x40, 0xd7,
  397. 0xba, 0xe7, 0x1d, 0x70, 0x28, 0x61, 0x60, 0x4c,
  398. 0x49, 0x01, 0x5f, 0xd9, 0x0f, 0x60, 0x16, 0x3d,
  399. 0xba, 0xd3, 0xa9, 0x5e, 0xfa, 0x98, 0x64, 0x60,
  400. 0x26, 0x0e, 0x04, 0x75, 0xd8, 0x13, 0xd7, 0x31,
  401. 0xb4, 0x8e, 0xad, 0xeb, 0x9c, 0x57, 0x4c, 0x8f,
  402. 0x65, 0xf3, 0x90, 0x16, 0x31, 0xdc, 0x15, 0x6f,
  403. 0x7d, 0x1d, 0x00, 0xae, 0x76, 0xf2, 0xd1, 0x11,
  404. 0xd1, 0x4f, 0x88, 0x7b, 0x29, 0x9f, 0xf6, 0xce,
  405. 0x68, 0xef, 0x57, 0xe7, 0x85, 0xf2, 0x40, 0x54,
  406. 0x1c, 0x12, 0x40, 0xa2, 0x35, 0x25, 0xcf, 0x12,
  407. 0xa3, 0xe1, 0x07, 0x8e, 0xdb, 0x1d, 0xb4, 0x14,
  408. 0xff, 0x57, 0xe7, 0x19, 0x8d, 0x51, 0x77, 0x83
  409. };
  410. static unsigned char DEFAULT_DH_1024_GEN[] = { 0x02 };
  411. DH *OSSL_DEFAULT_DH_1024 = NULL;
  412. static DH*
  413. ossl_create_dh(unsigned char *p, size_t plen, unsigned char *g, size_t glen)
  414. {
  415. DH *dh;
  416. if ((dh = DH_new()) == NULL) ossl_raise(eDHError, NULL);
  417. dh->p = BN_bin2bn(p, plen, NULL);
  418. dh->g = BN_bin2bn(g, glen, NULL);
  419. if (dh->p == NULL || dh->g == NULL){
  420. DH_free(dh);
  421. ossl_raise(eDHError, NULL);
  422. }
  423. return dh;
  424. }
  425. /*
  426. * INIT
  427. */
  428. void
  429. Init_ossl_dh()
  430. {
  431. #if 0 /* let rdoc know about mOSSL and mPKey */
  432. mOSSL = rb_define_module("OpenSSL");
  433. mPKey = rb_define_module_under(mOSSL, "PKey");
  434. #endif
  435. eDHError = rb_define_class_under(mPKey, "DHError", ePKeyError);
  436. cDH = rb_define_class_under(mPKey, "DH", cPKey);
  437. rb_define_singleton_method(cDH, "generate", ossl_dh_s_generate, -1);
  438. rb_define_method(cDH, "initialize", ossl_dh_initialize, -1);
  439. rb_define_method(cDH, "public?", ossl_dh_is_public, 0);
  440. rb_define_method(cDH, "private?", ossl_dh_is_private, 0);
  441. rb_define_method(cDH, "to_text", ossl_dh_to_text, 0);
  442. rb_define_method(cDH, "export", ossl_dh_export, 0);
  443. rb_define_alias(cDH, "to_pem", "export");
  444. rb_define_alias(cDH, "to_s", "export");
  445. rb_define_method(cDH, "to_der", ossl_dh_to_der, 0);
  446. rb_define_method(cDH, "public_key", ossl_dh_to_public_key, 0);
  447. rb_define_method(cDH, "params_ok?", ossl_dh_check_params, 0);
  448. rb_define_method(cDH, "generate_key!", ossl_dh_generate_key, 0);
  449. rb_define_method(cDH, "compute_key", ossl_dh_compute_key, 1);
  450. DEF_OSSL_PKEY_BN(cDH, dh, p);
  451. DEF_OSSL_PKEY_BN(cDH, dh, g);
  452. DEF_OSSL_PKEY_BN(cDH, dh, pub_key);
  453. DEF_OSSL_PKEY_BN(cDH, dh, priv_key);
  454. rb_define_method(cDH, "params", ossl_dh_get_params, 0);
  455. OSSL_DEFAULT_DH_512 = ossl_create_dh(
  456. DEFAULT_DH_512_PRIM, sizeof(DEFAULT_DH_512_PRIM),
  457. DEFAULT_DH_512_GEN, sizeof(DEFAULT_DH_512_GEN));
  458. OSSL_DEFAULT_DH_1024 = ossl_create_dh(
  459. DEFAULT_DH_1024_PRIM, sizeof(DEFAULT_DH_1024_PRIM),
  460. DEFAULT_DH_1024_GEN, sizeof(DEFAULT_DH_1024_GEN));
  461. }
  462. #else /* defined NO_DH */
  463. void
  464. Init_ossl_dh()
  465. {
  466. }
  467. #endif /* NO_DH */