2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "internal/deprecated.h"
12 #include <openssl/core_names.h>
13 #include <openssl/params.h>
14 #include <openssl/err.h>
15 #include <openssl/dh.h>
16 #include "crypto/dh.h"
17 #include "crypto/evp.h"
19 static int dh_paramgen_check(EVP_PKEY_CTX *ctx)
21 if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
22 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
23 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
26 /* If key type not DH return error */
27 if (evp_pkey_ctx_is_legacy(ctx)
28 && ctx->pmeth->pkey_id != EVP_PKEY_DH
29 && ctx->pmeth->pkey_id != EVP_PKEY_DHX)
34 static int dh_param_derive_check(EVP_PKEY_CTX *ctx)
36 if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
37 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
38 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
41 /* If key type not DH return error */
42 if (evp_pkey_ctx_is_legacy(ctx)
43 && ctx->pmeth->pkey_id != EVP_PKEY_DH
44 && ctx->pmeth->pkey_id != EVP_PKEY_DHX)
49 int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex)
52 OSSL_PARAM params[2], *p = params;
54 if ((ret = dh_paramgen_check(ctx)) <= 0)
57 *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex);
58 *p = OSSL_PARAM_construct_end();
60 return evp_pkey_ctx_set_params_strict(ctx, params);
63 int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx,
64 const unsigned char *seed,
68 OSSL_PARAM params[2], *p = params;
70 if ((ret = dh_paramgen_check(ctx)) <= 0)
73 *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED,
74 (void *)seed, seedlen);
75 *p = OSSL_PARAM_construct_end();
77 return evp_pkey_ctx_set_params_strict(ctx, params);
81 * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
82 * simply because that's easier.
84 int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ)
86 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
87 EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL);
90 int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits)
93 OSSL_PARAM params[2], *p = params;
96 if ((ret = dh_paramgen_check(ctx)) <= 0)
99 *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits);
100 *p = OSSL_PARAM_construct_end();
101 return evp_pkey_ctx_set_params_strict(ctx, params);
104 int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qbits)
107 OSSL_PARAM params[2], *p = params;
108 size_t bits2 = qbits;
110 if ((ret = dh_paramgen_check(ctx)) <= 0)
113 *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2);
114 *p = OSSL_PARAM_construct_end();
116 return evp_pkey_ctx_set_params_strict(ctx, params);
119 int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen)
122 OSSL_PARAM params[2], *p = params;
124 if ((ret = dh_paramgen_check(ctx)) <= 0)
127 *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_DH_GENERATOR, &gen);
128 *p = OSSL_PARAM_construct_end();
130 return evp_pkey_ctx_set_params_strict(ctx, params);
134 * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
135 * simply because that's easier.
137 int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen)
139 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN,
140 EVP_PKEY_CTRL_DH_RFC5114, gen, NULL);
143 int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen)
145 return EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen);
149 * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
150 * simply because that's easier.
151 * TODO(3.0) Should this be deprecated in favor of passing a name or an
152 * ASN1_OBJECT (which can be converted to text internally)?
154 int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid)
156 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
157 EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
158 EVP_PKEY_CTRL_DH_NID, nid, NULL);
161 int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad)
163 OSSL_PARAM dh_pad_params[2];
164 unsigned int upad = pad;
166 /* We use EVP_PKEY_CTX_ctrl return values */
167 if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
168 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
172 dh_pad_params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD, &upad);
173 dh_pad_params[1] = OSSL_PARAM_construct_end();
175 return evp_pkey_ctx_set_params_strict(ctx, dh_pad_params);
179 * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
180 * simply because that's easier.
181 * TODO(3.0) Should this be deprecated in favor of passing a name?
183 int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf)
185 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
186 EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL);
190 * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
191 * simply because that's easier.
192 * TODO(3.0) Should this be deprecated in favor of getting a name?
194 int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx)
196 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
197 EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL);
201 * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
202 * simply because that's easier.
204 int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid)
206 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
207 EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid));
211 * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
212 * simply because that's easier.
214 int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid)
216 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
217 EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(oid));
221 * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
222 * simply because that's easier.
223 * TODO(3.0) Should this be deprecated in favor of passing a name?
225 int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
227 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
228 EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md));
232 * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
233 * simply because that's easier.
234 * TODO(3.0) Should this be deprecated in favor of getting a name?
236 int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd)
238 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
239 EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd));
242 int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int outlen)
246 OSSL_PARAM params[2], *p = params;
248 ret = dh_param_derive_check(ctx);
254 * This would ideally be -1 or 0, but we have to retain compatibility
255 * with legacy behaviour of EVP_PKEY_CTX_ctrl() which returned -2 if
261 *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
263 *p = OSSL_PARAM_construct_end();
265 ret = evp_pkey_ctx_set_params_strict(ctx, params);
267 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
271 int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *plen)
274 size_t len = UINT_MAX;
275 OSSL_PARAM params[2], *p = params;
277 ret = dh_param_derive_check(ctx);
281 *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
283 *p = OSSL_PARAM_construct_end();
285 ret = evp_pkey_ctx_get_params_strict(ctx, params);
287 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
288 if (ret != 1 || len > INT_MAX)
296 int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len)
299 OSSL_PARAM params[2], *p = params;
304 ret = dh_param_derive_check(ctx);
308 *p++ = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM,
310 * Cast away the const. This is read
311 * only so should be safe
315 *p = OSSL_PARAM_construct_end();
317 ret = evp_pkey_ctx_set_params_strict(ctx, params);
319 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
325 #ifndef OPENSSL_NO_DEPRECATED_3_0
326 int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm)
330 OSSL_PARAM params[2], *p = params;
332 ret = dh_param_derive_check(ctx);
336 *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_EXCHANGE_PARAM_KDF_UKM,
338 *p = OSSL_PARAM_construct_end();
340 ret = evp_pkey_ctx_get_params_strict(ctx, params);
342 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
346 ukmlen = params[0].return_size;
347 if (ukmlen > INT_MAX)