#include <stdio.h>
#include "internal/cryptlib.h"
+#include "internal/ffc.h"
#include "dh_local.h"
#include <openssl/bn.h>
#include <openssl/objects.h>
#include "crypto/bn_dh.h"
#include "crypto/dh.h"
-#include "crypto/security_bits.h"
#include "e_os.h" /* strcasecmp */
+#define FFDHE(sz) { \
+ SN_ffdhe##sz, NID_ffdhe##sz, \
+ sz, \
+ &_bignum_ffdhe##sz##_p, &_bignum_ffdhe##sz##_q, &_bignum_const_2 \
+}
-#define FFDHE(sz) { SN_ffdhe##sz, NID_ffdhe##sz, sz, &_bignum_ffdhe##sz##_p }
-#define MODP(sz) { SN_modp_##sz, NID_modp_##sz, sz, &_bignum_modp_##sz##_p }
+#define MODP(sz) { \
+ SN_modp_##sz, NID_modp_##sz, \
+ sz, \
+ &_bignum_modp_##sz##_p, &_bignum_modp_##sz##_q, &_bignum_const_2 \
+}
-typedef struct safe_prime_group_st {
+#define RFC5114(name, uid, sz, tag) { \
+ name, uid, \
+ sz, \
+ &_bignum_dh##tag##_p, &_bignum_dh##tag##_q, &_bignum_dh##tag##_g \
+}
+
+typedef struct dh_named_group_st {
const char *name;
- int nid;
+ int uid;
int32_t nbits;
const BIGNUM *p;
-} SP_GROUP;
+ const BIGNUM *q;
+ const BIGNUM *g;
+} DH_NAMED_GROUP;
+
-static const SP_GROUP sp_groups[] = {
+static const DH_NAMED_GROUP dh_named_groups[] = {
FFDHE(2048),
FFDHE(3072),
FFDHE(4096),
MODP(4096),
MODP(6144),
MODP(8192),
+ /*
+ * Additional dh named groups from RFC 5114 that have a different g.
+ * The uid can be any unique identifier.
+ */
+#ifndef FIPS_MODE
+ RFC5114("dh_1024_160", 1, 1024, 1024_160),
+ RFC5114("dh_2048_224", 2, 2048, 2048_224),
+ RFC5114("dh_2048_256", 3, 2048, 2048_256),
+#endif
};
-int ffc_named_group_to_nid(const char *name)
+int ffc_named_group_to_uid(const char *name)
{
size_t i;
- for (i = 0; i < OSSL_NELEM(sp_groups); ++i) {
- if (strcasecmp(sp_groups[i].name, name) == 0)
- return sp_groups[i].nid;
+ for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
+ if (strcasecmp(dh_named_groups[i].name, name) == 0)
+ return dh_named_groups[i].uid;
}
return NID_undef;
}
-const char *ffc_named_group_from_nid(int nid)
+const char *ffc_named_group_from_uid(int uid)
{
size_t i;
- for (i = 0; i < OSSL_NELEM(sp_groups); ++i) {
- if (sp_groups[i].nid == nid)
- return sp_groups[i].name;
+ for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
+ if (dh_named_groups[i].uid == uid)
+ return dh_named_groups[i].name;
}
return NULL;
}
-#ifndef FIPS_MODE
-static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid);
-
-static DH *dh_param_init(OPENSSL_CTX *libctx, int nid, const BIGNUM *p,
- int32_t nbits)
+static DH *dh_param_init(OPENSSL_CTX *libctx, int uid, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *g)
{
- BIGNUM *q = NULL;
- DH *dh = dh_new_with_ctx(libctx);
+ DH *dh = dh_new_with_libctx(libctx);
if (dh == NULL)
return NULL;
- q = BN_dup(p);
- /* Set q = (p - 1) / 2 (p is known to be odd so just shift right ) */
- if (q == NULL || !BN_rshift1(q, q)) {
- BN_free(q);
- DH_free(dh);
- return NULL;
- }
- dh->params.nid = nid;
+ dh->params.nid = uid;
dh->params.p = (BIGNUM *)p;
dh->params.q = (BIGNUM *)q;
- dh->params.g = (BIGNUM *)&_bignum_const_2;
- /* Private key length = 2 * max_target_security_strength */
- dh->length = nbits;
+ dh->params.g = (BIGNUM *)g;
+ dh->length = BN_num_bits(q);
dh->dirty_cnt++;
return dh;
}
-static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid)
+static DH *dh_new_by_group_name(OPENSSL_CTX *libctx, const char *name)
{
int i;
- for (i = 0; i < (int)OSSL_NELEM(sp_groups); ++i) {
- if (sp_groups[i].nid == nid) {
- int max_target_security_strength =
- ifc_ffc_compute_security_bits(sp_groups[i].nbits);
-
- /*
- * The last parameter specified here is
- * 2 * max_target_security_strength.
- * See SP800-56Ar3 Table(s) 25 & 26.
- */
- return dh_param_init(libctx, nid, sp_groups[i].p,
- 2 * max_target_security_strength);
+ if (name == NULL)
+ return NULL;
+
+ for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
+ if (strcasecmp(dh_named_groups[i].name, name) == 0) {
+ return dh_param_init(libctx, dh_named_groups[i].uid,
+ dh_named_groups[i].p,
+ dh_named_groups[i].q,
+ dh_named_groups[i].g);
}
}
DHerr(0, DH_R_INVALID_PARAMETER_NID);
return NULL;
}
+DH *dh_new_by_nid_with_libctx(OPENSSL_CTX *libctx, int nid)
+{
+ const char *name = ffc_named_group_from_uid(nid);
+
+ return dh_new_by_group_name(libctx, name);
+}
+
DH *DH_new_by_nid(int nid)
{
- return dh_new_by_nid_with_ctx(NULL, nid);
+ return dh_new_by_nid_with_libctx(NULL, nid);
}
-#endif
-int DH_get_nid(DH *dh)
+int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name)
{
+ int i;
BIGNUM *q = NULL;
- int i, nid;
- if (dh == NULL)
- return NID_undef;
-
- nid = dh->params.nid;
- /* Just return if it is already cached */
- if (nid != NID_undef)
- return nid;
+ if (ffc == NULL)
+ return 0;
+
+ for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
+ if (strcasecmp(dh_named_groups[i].name, group_name) == 0) {
+ ffc_params_set0_pqg(ffc,
+ (BIGNUM *)dh_named_groups[i].p,
+ (BIGNUM *)dh_named_groups[i].q,
+ (BIGNUM *)dh_named_groups[i].g);
+ /* flush the cached nid, The DH layer is responsible for caching */
+ ffc->nid = NID_undef;
+ return 1;
+ }
+ }
+ /* gets here on error or if the name was not found */
+ BN_free(q);
+ return 0;
+}
- if (BN_get_word(dh->params.g) != 2)
- return NID_undef;
+void dh_cache_named_group(DH *dh)
+{
+ int i;
- for (i = 0; i < (int)OSSL_NELEM(sp_groups); ++i) {
- /* If a matching p is found then we will break out of the loop */
- if (!BN_cmp(dh->params.p, sp_groups[i].p)) {
- /* Set q = (p - 1) / 2 (p is known to be odd so just shift right ) */
- q = BN_dup(dh->params.p);
-
- if (q == NULL || !BN_rshift1(q, q))
- break; /* returns nid = NID_undef on failure */
-
- /* Verify q is correct if it exists */
- if (dh->params.q != NULL) {
- if (BN_cmp(dh->params.q, q) != 0)
- break; /* returns nid = NID_undef if q does not match */
- } else {
- /* assign the calculated q */
- dh->params.q = q;
- q = NULL; /* set to NULL so it is not freed */
- }
- dh->params.nid = sp_groups[i].nid; /* cache the nid */
- dh->length = 2 * ifc_ffc_compute_security_bits(sp_groups[i].nbits);
- dh->dirty_cnt++;
- break;
+ if (dh == NULL)
+ return;
+
+ dh->params.nid = NID_undef; /* flush cached value */
+
+ /* Exit if p or g is not set */
+ if (dh->params.p == NULL
+ || dh->params.g == NULL)
+ return;
+
+ for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
+ /* Keep searching until a matching p and g is found */
+ if (BN_cmp(dh->params.p, dh_named_groups[i].p) == 0
+ && BN_cmp(dh->params.g, dh_named_groups[i].g) == 0) {
+ /* Verify q is correct if it exists */
+ if (dh->params.q != NULL) {
+ if (BN_cmp(dh->params.q, dh_named_groups[i].q) != 0)
+ continue; /* ignore if q does not match */
+ } else {
+ dh->params.q = (BIGNUM *)dh_named_groups[i].q;
+ }
+ dh->params.nid = dh_named_groups[i].uid; /* cache the nid */
+ dh->length = BN_num_bits(dh->params.q);
+ dh->dirty_cnt++;
+ break;
}
}
- BN_free(q);
- return nid;
+}
+
+int DH_get_nid(const DH *dh)
+{
+ if (dh == NULL)
+ return NID_undef;
+
+ return dh->params.nid;
}
projects / openssl.git / blobdiff