2 * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* DH parameters from RFC7919 and RFC3526 */
13 * DH low level APIs are deprecated for public use, but still ok for
16 #include "internal/deprecated.h"
19 #include "internal/cryptlib.h"
21 #include <openssl/bn.h>
22 #include <openssl/objects.h>
23 #include "crypto/bn_dh.h"
24 #include "crypto/dh.h"
27 static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid);
29 static DH *dh_param_init(OPENSSL_CTX *libctx, int nid, const BIGNUM *p,
33 DH *dh = dh_new_with_ctx(libctx);
39 /* Set q = (p - 1) / 2 (p is known to be odd so just shift right ) */
40 if (q == NULL || !BN_rshift1(q, q)) {
46 dh->params.p = (BIGNUM *)p;
47 dh->params.q = (BIGNUM *)q;
48 dh->params.g = (BIGNUM *)&_bignum_const_2;
49 /* Private key length = 2 * max_target_security_strength */
55 static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid)
58 * The last parameter specified in these fields is
59 * 2 * max_target_security_strength.
60 * See SP800-56Ar3 Table(s) 25 & 26.
64 return dh_param_init(libctx, nid, &_bignum_ffdhe2048_p, 225);
66 return dh_param_init(libctx, nid, &_bignum_ffdhe3072_p, 275);
68 return dh_param_init(libctx, nid, &_bignum_ffdhe4096_p, 325);
70 return dh_param_init(libctx, nid, &_bignum_ffdhe6144_p, 375);
72 return dh_param_init(libctx, nid, &_bignum_ffdhe8192_p, 400);
75 return dh_param_init(libctx, nid, &_bignum_modp_1536_p, 190);
78 return dh_param_init(libctx, nid, &_bignum_modp_2048_p, 225);
80 return dh_param_init(libctx, nid, &_bignum_modp_3072_p, 275);
82 return dh_param_init(libctx, nid, &_bignum_modp_4096_p, 325);
84 return dh_param_init(libctx, nid, &_bignum_modp_6144_p, 375);
86 return dh_param_init(libctx, nid, &_bignum_modp_8192_p, 400);
88 DHerr(0, DH_R_INVALID_PARAMETER_NID);
93 DH *DH_new_by_nid(int nid)
95 return dh_new_by_nid_with_ctx(NULL, nid);
99 int DH_get_nid(DH *dh)
101 int nid = dh->params.nid;
103 if (nid != NID_undef)
106 if (BN_get_word(dh->params.g) != 2)
108 if (!BN_cmp(dh->params.p, &_bignum_ffdhe2048_p))
110 else if (!BN_cmp(dh->params.p, &_bignum_ffdhe3072_p))
112 else if (!BN_cmp(dh->params.p, &_bignum_ffdhe4096_p))
114 else if (!BN_cmp(dh->params.p, &_bignum_ffdhe6144_p))
116 else if (!BN_cmp(dh->params.p, &_bignum_ffdhe8192_p))
119 else if (!BN_cmp(dh->params.p, &_bignum_modp_1536_p))
122 else if (!BN_cmp(dh->params.p, &_bignum_modp_2048_p))
124 else if (!BN_cmp(dh->params.p, &_bignum_modp_3072_p))
126 else if (!BN_cmp(dh->params.p, &_bignum_modp_4096_p))
128 else if (!BN_cmp(dh->params.p, &_bignum_modp_6144_p))
130 else if (!BN_cmp(dh->params.p, &_bignum_modp_8192_p))
135 /* Verify q is correct if it exists - reset the nid if it is not correct */
136 if (dh->params.q != NULL) {
137 BIGNUM *q = BN_dup(dh->params.p);
139 /* Check q = p * 2 + 1 we already know q is odd, so just shift right */
140 if (q == NULL || !BN_rshift1(q, q) || (BN_cmp(dh->params.q, q) != 0))
144 dh->params.nid = nid; /* cache the nid */