2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * DH low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
16 #include <string.h> /* strcmp */
17 #include <openssl/core_numbers.h>
18 #include <openssl/core_names.h>
19 #include <openssl/bn.h>
20 #include <openssl/err.h>
21 #include "prov/implementations.h"
22 #include "prov/providercommon.h"
23 #include "prov/provider_ctx.h"
24 #include "crypto/dh.h"
25 #include "internal/sizes.h"
26 #include "internal/nelem.h"
27 #include "internal/param_build_set.h"
29 static OSSL_OP_keymgmt_new_fn dh_newdata;
30 static OSSL_OP_keymgmt_free_fn dh_freedata;
31 static OSSL_OP_keymgmt_gen_init_fn dh_gen_init;
32 static OSSL_OP_keymgmt_gen_set_template_fn dh_gen_set_template;
33 static OSSL_OP_keymgmt_gen_set_params_fn dh_gen_set_params;
34 static OSSL_OP_keymgmt_gen_settable_params_fn dh_gen_settable_params;
35 static OSSL_OP_keymgmt_gen_fn dh_gen;
36 static OSSL_OP_keymgmt_gen_cleanup_fn dh_gen_cleanup;
37 static OSSL_OP_keymgmt_get_params_fn dh_get_params;
38 static OSSL_OP_keymgmt_gettable_params_fn dh_gettable_params;
39 static OSSL_OP_keymgmt_has_fn dh_has;
40 static OSSL_OP_keymgmt_match_fn dh_match;
41 static OSSL_OP_keymgmt_validate_fn dh_validate;
42 static OSSL_OP_keymgmt_import_fn dh_import;
43 static OSSL_OP_keymgmt_import_types_fn dh_import_types;
44 static OSSL_OP_keymgmt_export_fn dh_export;
45 static OSSL_OP_keymgmt_export_types_fn dh_export_types;
47 #define DH_POSSIBLE_SELECTIONS \
48 (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)
53 FFC_PARAMS *ffc_params;
55 /* All these parameters are used for parameter generation only */
56 /* If there is a group name then the remaining parameters are not needed */
61 unsigned char *seed; /* optional FIPS186-4 param for testing */
63 int gindex; /* optional FIPS186-4 generator index (ignored if -1) */
64 int gen_type; /* see dhtype2id */
65 int generator; /* Used by DH_PARAMGEN_TYPE_GENERATOR in non fips mode only */
74 typedef struct dh_name2id_st{
79 static const DH_GENTYPE_NAME2ID dhtype2id[]=
81 { "default", DH_PARAMGEN_TYPE_FIPS_186_4 },
82 { "fips186_4", DH_PARAMGEN_TYPE_FIPS_186_4 },
83 { "fips186_2", DH_PARAMGEN_TYPE_FIPS_186_2 },
84 { "group", DH_PARAMGEN_TYPE_GROUP },
85 { "generator", DH_PARAMGEN_TYPE_GENERATOR }
88 const char *dh_gen_type_id2name(int id)
92 for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
93 if (dhtype2id[i].id == id)
94 return dhtype2id[i].name;
99 static int dh_gen_type_name2id(const char *name)
103 for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
104 if (strcmp(dhtype2id[i].name, name) == 0)
105 return dhtype2id[i].id;
110 static int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
112 const BIGNUM *priv = NULL, *pub = NULL;
117 DH_get0_key(dh, &pub, &priv);
119 && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PRIV_KEY, priv))
122 && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PUB_KEY, pub))
128 static void *dh_newdata(void *provctx)
130 return dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx));
133 static void dh_freedata(void *keydata)
138 static int dh_has(void *keydata, int selection)
144 if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
147 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
148 ok = ok && (DH_get0_pub_key(dh) != NULL);
149 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
150 ok = ok && (DH_get0_priv_key(dh) != NULL);
151 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
152 ok = ok && (DH_get0_p(dh) != NULL && DH_get0_g(dh) != NULL);
157 static int dh_match(const void *keydata1, const void *keydata2, int selection)
159 const DH *dh1 = keydata1;
160 const DH *dh2 = keydata2;
163 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
164 ok = ok && BN_cmp(DH_get0_pub_key(dh1), DH_get0_pub_key(dh2)) == 0;
165 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
166 ok = ok && BN_cmp(DH_get0_priv_key(dh1), DH_get0_priv_key(dh2)) == 0;
167 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
168 FFC_PARAMS *dhparams1 = dh_get0_params((DH *)dh1);
169 FFC_PARAMS *dhparams2 = dh_get0_params((DH *)dh2);
171 ok = ok && ffc_params_cmp(dhparams1, dhparams2, 1);
176 static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
184 if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
187 if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
188 ok = ok && dh_ffc_params_fromdata(dh, params);
190 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
191 ok = ok && dh_key_fromdata(dh, params);
196 static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
200 OSSL_PARAM_BLD *tmpl = NULL;
201 OSSL_PARAM *params = NULL;
207 tmpl = OSSL_PARAM_BLD_new();
211 if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
212 ok = ok && ffc_params_todata(dh_get0_params(dh), tmpl, NULL);
213 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
214 ok = ok && dh_key_todata(dh, tmpl, NULL);
217 || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
221 ok = param_cb(params, cbarg);
222 OSSL_PARAM_BLD_free_params(params);
224 OSSL_PARAM_BLD_free(tmpl);
228 /* IMEXPORT = IMPORT + EXPORT */
230 # define DH_IMEXPORTABLE_PARAMETERS \
231 OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \
232 OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), \
233 OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), \
234 OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0), \
235 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \
236 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \
237 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \
238 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0), \
239 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0)
240 # define DH_IMEXPORTABLE_PUBLIC_KEY \
241 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
242 # define DH_IMEXPORTABLE_PRIVATE_KEY \
243 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
244 static const OSSL_PARAM dh_all_types[] = {
245 DH_IMEXPORTABLE_PARAMETERS,
246 DH_IMEXPORTABLE_PUBLIC_KEY,
247 DH_IMEXPORTABLE_PRIVATE_KEY,
250 static const OSSL_PARAM dh_parameter_types[] = {
251 DH_IMEXPORTABLE_PARAMETERS,
254 static const OSSL_PARAM dh_key_types[] = {
255 DH_IMEXPORTABLE_PUBLIC_KEY,
256 DH_IMEXPORTABLE_PRIVATE_KEY,
259 static const OSSL_PARAM *dh_types[] = {
260 NULL, /* Index 0 = none of them */
261 dh_parameter_types, /* Index 1 = parameter types */
262 dh_key_types, /* Index 2 = key types */
263 dh_all_types /* Index 3 = 1 + 2 */
266 static const OSSL_PARAM *dh_imexport_types(int selection)
270 if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
272 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
274 return dh_types[type_select];
277 static const OSSL_PARAM *dh_import_types(int selection)
279 return dh_imexport_types(selection);
282 static const OSSL_PARAM *dh_export_types(int selection)
284 return dh_imexport_types(selection);
287 static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])
292 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
293 && !OSSL_PARAM_set_int(p, DH_bits(dh)))
295 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
296 && !OSSL_PARAM_set_int(p, DH_security_bits(dh)))
298 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
299 && !OSSL_PARAM_set_int(p, DH_size(dh)))
301 return ffc_params_todata(dh_get0_params(dh), NULL, params)
302 && dh_key_todata(dh, NULL, params);
305 static const OSSL_PARAM dh_params[] = {
306 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
307 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
308 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
309 DH_IMEXPORTABLE_PARAMETERS,
310 DH_IMEXPORTABLE_PUBLIC_KEY,
311 DH_IMEXPORTABLE_PRIVATE_KEY,
315 static const OSSL_PARAM *dh_gettable_params(void)
320 static int dh_validate_public(DH *dh)
322 const BIGNUM *pub_key = NULL;
324 DH_get0_key(dh, &pub_key, NULL);
325 return DH_check_pub_key_ex(dh, pub_key);
328 static int dh_validate_private(DH *dh)
331 const BIGNUM *priv_key = NULL;
333 DH_get0_key(dh, NULL, &priv_key);
334 return dh_check_priv_key(dh, priv_key, &status);;
337 static int dh_validate(void *keydata, int selection)
342 if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
345 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
346 ok = ok && DH_check_params_ex(dh);
348 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
349 ok = ok && dh_validate_public(dh);
351 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
352 ok = ok && dh_validate_private(dh);
354 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
355 == OSSL_KEYMGMT_SELECT_KEYPAIR)
356 ok = ok && dh_check_pairwise(dh);
360 static void *dh_gen_init(void *provctx, int selection)
362 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
363 struct dh_gen_ctx *gctx = NULL;
365 if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
366 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
369 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
370 gctx->selection = selection;
371 gctx->libctx = libctx;
375 gctx->gen_type = DH_PARAMGEN_TYPE_FIPS_186_4;
379 gctx->generator = DH_GENERATOR_2;
384 static int dh_gen_set_template(void *genctx, void *templ)
386 struct dh_gen_ctx *gctx = genctx;
389 if (gctx == NULL || dh == NULL)
391 gctx->ffc_params = dh_get0_params(dh);
395 static int dh_set_gen_seed(struct dh_gen_ctx *gctx, unsigned char *seed,
398 OPENSSL_clear_free(gctx->seed, gctx->seedlen);
401 if (seed != NULL && seedlen > 0) {
402 gctx->seed = OPENSSL_memdup(seed, seedlen);
403 if (gctx->seed == NULL)
405 gctx->seedlen = seedlen;
410 static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
412 struct dh_gen_ctx *gctx = genctx;
418 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE);
420 if (p->data_type != OSSL_PARAM_UTF8_STRING
421 || ((gctx->gen_type = dh_gen_type_name2id(p->data)) == -1)) {
422 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
426 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GROUP);
428 if (p->data_type != OSSL_PARAM_UTF8_STRING
429 || ((gctx->group_nid = ffc_named_group_to_uid(p->data)) == NID_undef)) {
430 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
433 gctx->gen_type = DH_PARAMGEN_TYPE_GROUP;
435 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GENERATOR);
436 if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->generator))
438 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX);
439 if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->gindex))
441 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER);
442 if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->pcounter))
444 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);
445 if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->hindex))
447 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED);
449 && (p->data_type != OSSL_PARAM_OCTET_STRING
450 || !dh_set_gen_seed(gctx, p->data, p->data_size)))
453 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PBITS)) != NULL
454 && !OSSL_PARAM_get_size_t(p, &gctx->pbits))
456 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_QBITS)) != NULL
457 && !OSSL_PARAM_get_size_t(p, &gctx->qbits))
459 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST);
461 const OSSL_PARAM *p1;
462 char mdprops[OSSL_MAX_PROPQUERY_SIZE] = { '\0' };
465 if (p->data_type != OSSL_PARAM_UTF8_STRING)
467 p1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);
469 && !OSSL_PARAM_get_utf8_string(p1, &str, sizeof(mdprops)))
471 EVP_MD_free(gctx->md);
472 gctx->md = EVP_MD_fetch(gctx->libctx, p->data, mdprops);
473 if (gctx->md == NULL)
476 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
477 if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->priv_len))
482 static const OSSL_PARAM *dh_gen_settable_params(void *provctx)
484 static OSSL_PARAM settable[] = {
485 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0),
486 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
487 OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),
488 OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL),
489 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, NULL, 0),
490 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0),
491 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL),
492 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0),
493 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GENERATOR, NULL),
494 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),
495 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),
496 OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),
502 static int dh_gencb(int p, int n, BN_GENCB *cb)
504 struct dh_gen_ctx *gctx = BN_GENCB_get_arg(cb);
505 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
507 params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p);
508 params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n);
510 return gctx->cb(params, gctx->cbarg);
513 static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
516 struct dh_gen_ctx *gctx = genctx;
518 BN_GENCB *gencb = NULL;
524 /* For parameter generation - If there is a group name just create it */
525 if (gctx->gen_type == DH_PARAMGEN_TYPE_GROUP) {
526 /* Select a named group if there is not one already */
527 if (gctx->group_nid == NID_undef)
528 gctx->group_nid = dh_get_named_group_uid_from_size(gctx->pbits);
529 if (gctx->group_nid == NID_undef)
531 dh = dh_new_by_nid_with_libctx(gctx->libctx, gctx->group_nid);
534 ffc = dh_get0_params(dh);
536 dh = dh_new_with_libctx(gctx->libctx);
539 ffc = dh_get0_params(dh);
541 /* Copy the template value if one was passed */
542 if (gctx->ffc_params != NULL
543 && !ffc_params_copy(ffc, gctx->ffc_params))
546 if (!ffc_params_set_seed(ffc, gctx->seed, gctx->seedlen))
548 if (gctx->gindex != -1) {
549 ffc_params_set_gindex(ffc, gctx->gindex);
550 if (gctx->pcounter != -1)
551 ffc_params_set_pcounter(ffc, gctx->pcounter);
552 } else if (gctx->hindex != 0) {
553 ffc_params_set_h(ffc, gctx->hindex);
557 gencb = BN_GENCB_new();
559 BN_GENCB_set(gencb, dh_gencb, genctx);
561 if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
563 * NOTE: The old safe prime generator code is not used in fips mode,
564 * (i.e internally it ignores the generator and chooses a named
565 * group based on pbits.
567 if (gctx->gen_type == DH_PARAMGEN_TYPE_GENERATOR)
568 ret = DH_generate_parameters_ex(dh, gctx->pbits,
569 gctx->generator, gencb);
571 ret = dh_generate_ffc_parameters(dh, gctx->gen_type, gctx->pbits,
572 gctx->qbits, gctx->md, gencb);
578 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
579 if (ffc->p == NULL || ffc->g == NULL)
581 if (gctx->priv_len > 0)
582 DH_set_length(dh, (long)gctx->priv_len);
583 if (DH_generate_key(dh) <= 0)
592 BN_GENCB_free(gencb);
596 static void dh_gen_cleanup(void *genctx)
598 struct dh_gen_ctx *gctx = genctx;
603 OPENSSL_clear_free(gctx->seed, gctx->seedlen);
604 EVP_MD_free(gctx->md);
608 const OSSL_DISPATCH dh_keymgmt_functions[] = {
609 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dh_newdata },
610 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dh_gen_init },
611 { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dh_gen_set_template },
612 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dh_gen_set_params },
613 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
614 (void (*)(void))dh_gen_settable_params },
615 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dh_gen },
616 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dh_gen_cleanup },
617 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata },
618 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params },
619 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params },
620 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has },
621 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dh_match },
622 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dh_validate },
623 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dh_import },
624 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dh_import_types },
625 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export },
626 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dh_export_types },
projects / openssl.git / blob