[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DH: Draft RSAREF/Diffie-Hellman specification
Jim Bidzos sent the following to me, and I've received his blessing to
forward it to cyphperpunks. Note that it is a draft specification,
not the actual one. For those who have no idea what Diffie-Hellman
key exchange is, this document may give you some idea.
Eric
-----------------------------------------------------------------------------
Date: Wed, 5 May 93 15:21:20 PDT
From: [email protected] (Jim Bidzos)
FYI. Subject to change, but probably minor ones. This will be added
to RSAREF and will be subject to RSAREF license terms when released.
--Jim
Date: Fri, 30 Apr 93 16:05:14 PDT
From: [email protected] (Burt Kaliski)
To: [email protected]
Subject: Draft RSAREF/Diffie-Hellman specification
RSAREF/Diffie-Hellman Interface Specification
RSA Laboratories
April 30, 1993
Copyright (C) 1993 RSA Laboratories, a division of RSA Data
Security, Inc. All rights reserved.
DRAFT -- SUBJECT TO CHANGE
The Diffie-Hellman extension to RSAREF adds three routines:
R_GenerateDHParams generates Diffie-Hellman parameters
R_SetupDHAgreement sets up a key agreement
R_ComputeDHAgreedKey computes the agreed-upon key
To generate new Diffie-Hellman parameters, an application calls
R_GenerateDHParams, giving the length of the Diffie-Hellman prime and
a random structure. R_GenerateDHParams generates the parameters and
returns the status of the operation. Several users may share given
Diffie-Hellman parameters, or they may be unique to a given user.
To set up a key agreement, communicating applications call
R_SetupDHAgreement, giving these parameters:
- the Diffie-Hellman parameters
- a random structure
R_SetupDHAgreement generates a new "public value" and a new "private
value" for each party and returns the status of the operation. The
applications then exchange their public values.
To compute the agreed-upon key, the applications call
R_ComputeDHAgreedKey, giving these parameters:
- the Diffie-Hellman parameters
- the other party's public value
- the private value
R_ComputeDHAgreedKey computes the agreed-upon key and returns the
status of the operation.
The applications may encrypt subsequent data under the agreed-upon
key. When the length of the Diffie-Hellman prime is large enough, it
is considered impractical for someone who sees the Diffie-Hellman
parameters and the exchanged public values to determine to
agreed-upon key, so the subsequent encryption is secure.
R_GenerateDHParams
int R_GenerateDHParams (
R_DH_PARAMS *params, /* new Diffie-Hellman parameters */
R_DH_PROTO_PARAMS *protoParams, /* D-H prototype parameters */
R_RANDOM_STRUCT *randomStruct /* random structure */
);
R_GenerateDHParams generates random Diffie-Hellman parameters,
storing the result in params. protoParams specifies the lengths in
bits of the Diffie-Hellman prime.
randomStruct must have been seeded.
Return value: 0 success
RE_MODULUS_LEN prime length invalid
RE_NEED_RANDOM randomStruct is not seeded
R_SetupDHAgreement
int R_SetupDHAgreement (
unsigned char *publicValue, /* new public value */
unsigned int *publicValueLen, /* length of public value */
unsigned char *privateValue, /* new private value */
unsigned int *privateValueLen, /* length of private value */
R_DH_PARAMS *params, /* Diffie-Hellman parameters */
R_RANDOM_STRUCT *randomStruct /* random structure */
);
R_SetupDHAgreement sets up a Diffie-Hellman key agreement by
generating a public value and a private value from the Diffie-Hellman
parameters. It stores the resulting public value in publicValue and
the resulting private value in private value, and their lengths in
publicValueLen and privateValueLen.
The private value is a random number x, and the public value is the
number y such that
y = g^x mod p,
where p and g are the prime and generator in params.
publicValue and privateValue will be represented most significant
byte first, with no leading zero bytes. publicValueLen and
privateValueLen will not be greater than MAX_DH_PRIME_LEN.
randomStruct must have been seeded.
Return value: 0 success
RE_NEED_RANDOM randomStruct is not seeded
(others to be determined)
R_ComputeDHAgreedKey
int R_ComputeDHAgreedKey (
unsigned char *agreedKey, /* new agreed key */
unsigned int *agreedKeyLen, /* length of agreed key */
unsigned char *otherPublicValue, /* other's public value */
unsigned int otherPublicValueLen, /* length of public value */
unsigned char *privateValue, /* private value */
unsigned int privateValueLen, /* length of private value */
R_DH_PARAMS *params /* Diffie-Hellman parameters */
);
R_ComputeDHAgreedKey computes an agreed key from the other party's
public value, a private value, and the Diffie-Hellman parameters. It
stores the resulting agreed key in agreedKey, and its length in
agreedKeyLen.
The agreed key is the number z such that
z = (y')^x mod p,
where y' is the other party's public value, x is the private value,
and p is the prime in params.
agreedKey will be represented most significant byte first, with no
leading zero bytes. agreedKeyLen will not be greater than
MAX_DH_PRIME_LEN.
Return value: 0 success
(others to be determined)
R_DH_PARAMS
typedef struct {
unsigned int bits; /* length in bits of prime */
unsigned char prime[MAX_DH_PRIME_LEN]; /* prime */
unsigned char generator[MAX_DH_PRIME_LEN]; /* generator */
} R_DH_PARAMS;
An R_DH_PARAMS value is a structure specifying Diffie-Hellman
parameters. There are three fields:
bits length in bits of the prime (not less than
MIN_DH_PRIME_BITS and not greater than
MAX_DH_PRIME_BITS)
modulus prime p, represented as a MAX_DH_PRIME_LEN-
byte number, most significant byte first,
as many leading zero bytes as necessary
generator generator g, represented like prime
R_DH_PROTO_PARAMS
typedef struct {
unsigned int bits; /* length in bits of prime */
} R_DH_PROTO_PARAMS;
An R_DH_PROTO_PARAMS value is a structure specifying the length in
bits of the Diffie-Hellman prime for parameter generation. There is
one field:
bits length in bits of the prime (not less than
MIN_DH_PRIME_BITS and not greater than
MAX_DH_PRIME_BITS)