Add DH keygen to providers
authorShane Lontis <shane.lontis@oracle.com>
Wed, 15 Apr 2020 15:14:00 +0000 (01:14 +1000)
committerShane Lontis <shane.lontis@oracle.com>
Wed, 15 Apr 2020 15:14:00 +0000 (01:14 +1000)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11332)

26 files changed:
crypto/dh/build.info
crypto/dh/dh_backend.c
crypto/dh/dh_gen.c
crypto/dh/dh_group_params.c
crypto/dh/dh_lib.c
crypto/evp/pmeth_lib.c
crypto/ffc/ffc_backend.c
crypto/ffc/ffc_params.c
doc/man3/EVP_PKEY_CTX_ctrl.pod
include/crypto/bn_dh.h
include/crypto/dh.h
include/internal/ffc.h
include/openssl/core_names.h
include/openssl/dh.h
providers/implementations/keymgmt/dh_kmgmt.c
providers/implementations/serializers/serializer_dh.c
providers/implementations/serializers/serializer_ffc_params.c
test/evp_pkey_provided_test.c
test/recipes/15-test_gendh.t [new file with mode: 0644]
test/recipes/30-test_evp_pkey_provided/DH.priv.der
test/recipes/30-test_evp_pkey_provided/DH.priv.pem
test/recipes/30-test_evp_pkey_provided/DH.priv.txt
test/recipes/30-test_evp_pkey_provided/DH.pub.der
test/recipes/30-test_evp_pkey_provided/DH.pub.pem
test/recipes/30-test_evp_pkey_provided/DH.pub.txt
util/libcrypto.num

index ce0918e..f4498f4 100644 (file)
@@ -1,9 +1,9 @@
 LIBS=../../libcrypto
 
-$COMMON=dh_lib.c dh_key.c dh_group_params.c dh_check.c dh_backend.c
+$COMMON=dh_lib.c dh_key.c dh_group_params.c dh_check.c dh_backend.c dh_gen.c
 
 SOURCE[../../libcrypto]=$COMMON\
-        dh_asn1.c dh_gen.c dh_err.c dh_depr.c \
+        dh_asn1.c dh_err.c dh_depr.c \
         dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_kdf.c dh_meth.c
 
 SOURCE[../../providers/libfips.a]=$COMMON
index bbeb096..704f6ef 100644 (file)
@@ -24,10 +24,8 @@ int dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
     if (dh == NULL)
         return 0;
 
-    param_priv_key =
-        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
-    param_pub_key =
-        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
+    param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
+    param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
 
     /*
      * DH documentation says that a public key must be present if a
index f8cda1b..39bb365 100644 (file)
@@ -26,6 +26,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/bn.h>
+#include <openssl/sha.h>
 #include "crypto/dh.h"
 #include "dh_local.h"
 
@@ -34,47 +35,45 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
                                 BN_GENCB *cb);
 #endif /* FIPS_MODE */
 
-/*
- * TODO(3.0): keygen should be able to use this method to do a FIPS186-4 style
- * paramgen.
- */
-int dh_generate_ffc_parameters(DH *dh, int bits,
-                               int qbits, int gindex, BN_GENCB *cb)
+int dh_generate_ffc_parameters(DH *dh, int type, int pbits,
+                               int qbits, EVP_MD *md, BN_GENCB *cb)
 {
     int ret, res;
 
     if (qbits <= 0) {
-        const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
-
-        qbits = EVP_MD_size(evpmd) * 8;
+        if (md != NULL)
+            qbits = EVP_MD_size(md) * 8;
+        else
+            qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH :
+                                     SHA_DIGEST_LENGTH) * 8;
     }
-    dh->params.gindex = gindex;
-    ret = ffc_params_FIPS186_4_generate(dh->libctx, &dh->params,
-                                        FFC_PARAM_TYPE_DH,
-                                        bits, qbits, NULL, &res, cb);
+#ifndef FIPS_MODE
+    if (type == DH_PARAMGEN_TYPE_FIPS_186_2)
+        ret = ffc_params_FIPS186_2_generate(dh->libctx, &dh->params,
+                                            FFC_PARAM_TYPE_DH,
+                                            pbits, qbits, md, &res, cb);
+    else
+#endif
+        ret = ffc_params_FIPS186_4_generate(dh->libctx, &dh->params,
+                                            FFC_PARAM_TYPE_DH,
+                                            pbits, qbits, md, &res, cb);
     if (ret > 0)
         dh->dirty_cnt++;
     return ret;
 }
 
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
-                              BN_GENCB *cb)
+int dh_get_named_group_uid_from_size(int pbits)
 {
-#ifdef FIPS_MODE
     /*
      * Just choose an approved safe prime group.
      * The alternative to this is to generate FIPS186-4 domain parameters i.e.
-     * return dh_generate_ffc_parameters(ret, prime_len, -1, -1, cb);
+     * return dh_generate_ffc_parameters(ret, prime_len, 0, NULL, cb);
      * As the FIPS186-4 generated params are for backwards compatability,
      * the safe prime group should be used as the default.
      */
-    DH *dh = NULL;
-    int ok = 0, nid;
+    int nid;
 
-    if (generator != 2)
-        return 0;
-
-    switch (prime_len) {
+    switch (pbits) {
     case 2048:
         nid = NID_ffdhe2048;
         break;
@@ -92,15 +91,40 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
         break;
     /* unsupported prime_len */
     default:
-        return 0;
+        return NID_undef;
     }
-    dh = DH_new_by_nid(nid);
-    if (dh != NULL && ffc_params_copy(&ret->params, &dh->params)) {
+    return nid;
+}
+
+#ifdef FIPS_MODE
+
+static int dh_gen_named_group(OPENSSL_CTX *libctx, DH *ret, int prime_len)
+{
+    DH *dh;
+    int ok = 0;
+    int nid = dh_get_named_group_uid_from_size(prime_len);
+
+    if (nid == NID_undef)
+        return 0;
+
+    dh = dh_new_by_nid_with_libctx(libctx, nid);
+    if (dh != NULL
+        && ffc_params_copy(&ret->params, &dh->params)) {
         ok = 1;
         ret->dirty_cnt++;
     }
     DH_free(dh);
     return ok;
+}
+#endif /* FIPS_MODE */
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
+                              BN_GENCB *cb)
+{
+#ifdef FIPS_MODE
+    if (generator != 2)
+        return 0;
+    return dh_gen_named_group(ret->libctx, ret, prime_len);
 #else
     if (ret->meth->generate_params)
         return ret->meth->generate_params(ret, prime_len, generator, cb);
index cc1c546..1f5a58e 100644 (file)
@@ -17,6 +17,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
+#include "internal/ffc.h"
 #include "dh_local.h"
 #include <openssl/bn.h>
 #include <openssl/objects.h>
 #include "crypto/security_bits.h"
 #include "e_os.h" /* strcasecmp */
 
+#define FFDHE(sz) {                                                            \
+    SN_ffdhe##sz, NID_ffdhe##sz,                                               \
+    sz,                                                                        \
+    &_bignum_ffdhe##sz##_p, NULL, &_bignum_const_2                             \
+}
+
+#define MODP(sz)  {                                                            \
+    SN_modp_##sz, NID_modp_##sz,                                               \
+    sz,                                                                        \
+    &_bignum_modp_##sz##_p, NULL,  &_bignum_const_2                            \
+}
 
-#define FFDHE(sz) { SN_ffdhe##sz, NID_ffdhe##sz, sz, &_bignum_ffdhe##sz##_p }
-#define MODP(sz)  { SN_modp_##sz, NID_modp_##sz, sz, &_bignum_modp_##sz##_p }
+#define RFC5114(name, uid, sz, tag)  {                                         \
+    name, uid,                                                                 \
+    sz,                                                                        \
+    &_bignum_dh##tag##_p, &_bignum_dh##tag##_q, &_bignum_dh##tag##_g           \
+}
 
-typedef struct safe_prime_group_st {
+typedef struct dh_named_group_st {
     const char *name;
-    int nid;
+    int uid;
     int32_t nbits;
     const BIGNUM *p;
-} SP_GROUP;
+    const BIGNUM *q;
+    const BIGNUM *g;
+} DH_NAMED_GROUP;
+
 
-static const SP_GROUP sp_groups[] = {
+static const DH_NAMED_GROUP dh_named_groups[] = {
     FFDHE(2048),
     FFDHE(3072),
     FFDHE(4096),
@@ -50,74 +68,89 @@ static const SP_GROUP sp_groups[] = {
     MODP(4096),
     MODP(6144),
     MODP(8192),
+    /*
+     * Additional dh named groups from RFC 5114 that have a different g.
+     * The uid can be any unique identifier.
+     */
+#ifndef FIPS_MODE
+    RFC5114("dh_1024_160", 1, 1024, 1024_160),
+    RFC5114("dh_2048_224", 2, 2048, 2048_224),
+    RFC5114("dh_2048_256", 3, 2048, 2048_256),
+#endif
 };
 
-int ffc_named_group_to_nid(const char *name)
+int ffc_named_group_to_uid(const char *name)
 {
     size_t i;
 
-    for (i = 0; i < OSSL_NELEM(sp_groups); ++i) {
-        if (strcasecmp(sp_groups[i].name, name) == 0)
-            return sp_groups[i].nid;
+    for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
+        if (strcasecmp(dh_named_groups[i].name, name) == 0)
+            return dh_named_groups[i].uid;
     }
     return NID_undef;
 }
 
-const char *ffc_named_group_from_nid(int nid)
+const char *ffc_named_group_from_uid(int uid)
 {
     size_t i;
 
-    for (i = 0; i < OSSL_NELEM(sp_groups); ++i) {
-        if (sp_groups[i].nid == nid)
-            return sp_groups[i].name;
+    for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
+        if (dh_named_groups[i].uid == uid)
+            return dh_named_groups[i].name;
     }
     return NULL;
 }
 
-#ifndef FIPS_MODE
-static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid);
-
-static DH *dh_param_init(OPENSSL_CTX *libctx, int nid, const BIGNUM *p,
+static DH *dh_param_init(OPENSSL_CTX *libctx, int uid, const BIGNUM *p,
+                         const BIGNUM *q, const BIGNUM *g,
                          int32_t nbits)
 {
-    BIGNUM *q = NULL;
-    DH *dh = dh_new_with_ctx(libctx);
+    BIGNUM *qtmp = NULL;
+    DH *dh = dh_new_with_libctx(libctx);
 
     if (dh == NULL)
         return NULL;
 
-    q = BN_dup(p);
-    /* Set q = (p - 1) / 2 (p is known to be odd so just shift right ) */
-    if (q == NULL || !BN_rshift1(q, q)) {
-        BN_free(q);
-        DH_free(dh);
-        return NULL;
+    if (q == NULL) {
+        qtmp = BN_dup(p);
+        /* Set q = (p - 1) / 2 (p is known to be odd so just shift right ) */
+        if (qtmp == NULL || !BN_rshift1(qtmp, qtmp)) {
+            BN_free(qtmp);
+            DH_free(dh);
+            return NULL;
+        }
     }
-    dh->params.nid = nid;
+    dh->params.nid = uid;
     dh->params.p = (BIGNUM *)p;
-    dh->params.q = (BIGNUM *)q;
-    dh->params.g = (BIGNUM *)&_bignum_const_2;
+    dh->params.q = (q != NULL ? (BIGNUM *)q : qtmp);
+    dh->params.g = (BIGNUM *)g;
     /* Private key length = 2 * max_target_security_strength */
     dh->length = nbits;
     dh->dirty_cnt++;
     return dh;
 }
 
-static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid)
+static DH *dh_new_by_group_name(OPENSSL_CTX *libctx, const char *name)
 {
     int i;
 
-    for (i = 0; i < (int)OSSL_NELEM(sp_groups); ++i) {
-        if (sp_groups[i].nid == nid) {
+    if (name == NULL)
+        return NULL;
+
+    for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
+        if (strcasecmp(dh_named_groups[i].name, name) == 0) {
             int max_target_security_strength =
-                ifc_ffc_compute_security_bits(sp_groups[i].nbits);
+                ifc_ffc_compute_security_bits(dh_named_groups[i].nbits);
 
             /*
              * The last parameter specified here is
              * 2 * max_target_security_strength.
              * See SP800-56Ar3 Table(s) 25 & 26.
              */
-            return dh_param_init(libctx, nid, sp_groups[i].p,
+            return dh_param_init(libctx, dh_named_groups[i].uid,
+                                 dh_named_groups[i].p,
+                                 dh_named_groups[i].q,
+                                 dh_named_groups[i].g,
                                  2 * max_target_security_strength);
         }
     }
@@ -125,11 +158,54 @@ static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid)
     return NULL;
 }
 
+DH *dh_new_by_nid_with_libctx(OPENSSL_CTX *libctx, int nid)
+{
+    const char *name = ffc_named_group_from_uid(nid);
+
+    return dh_new_by_group_name(libctx, name);
+}
+
 DH *DH_new_by_nid(int nid)
 {
-    return dh_new_by_nid_with_ctx(NULL, nid);
+    return dh_new_by_nid_with_libctx(NULL, nid);
+}
+
+int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name)
+{
+    int i;
+    BIGNUM *q = NULL;
+
+    if (ffc == NULL)
+        return 0;
+
+    for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
+        if (strcasecmp(dh_named_groups[i].name, group_name) == 0) {
+            if (dh_named_groups[i].q != NULL) {
+                /* For groups with a q */
+                ffc_params_set0_pqg(ffc,
+                                    (BIGNUM *)dh_named_groups[i].p,
+                                    (BIGNUM *)dh_named_groups[i].q,
+                                    (BIGNUM *)dh_named_groups[i].g);
+            } else {
+                /* For SAFE PRIME GROUPS */
+                /* Set q = (p - 1) / 2 (p is known to be odd so just shift right) */
+                q = BN_dup(dh_named_groups[i].p);
+                if (q == NULL || !BN_rshift1(q, q))
+                    break; /* exit with failure */
+
+                ffc_params_set0_pqg(ffc,
+                                    (BIGNUM *)dh_named_groups[i].p, q,
+                                    (BIGNUM *)dh_named_groups[i].g);
+            }
+            /* flush the cached nid, The DH layer is responsible for caching */
+            ffc->nid = NID_undef;
+            return 1;
+        }
+    }
+    /* gets here on error or if the name was not found */
+    BN_free(q);
+    return 0;
 }
-#endif
 
 int DH_get_nid(DH *dh)
 {
@@ -144,13 +220,28 @@ int DH_get_nid(DH *dh)
     if (nid != NID_undef)
         return nid;
 
-    if (BN_get_word(dh->params.g) != 2)
-        return NID_undef;
+    for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
+        /* Keep searching until a matching p is found */
+        if (BN_cmp(dh->params.p, dh_named_groups[i].p) != 0)
+            continue;
+
+        /* Return an error if g is not matching */
+        if (BN_cmp(dh->params.g, dh_named_groups[i].g) != 0)
+            break;
+        if (dh_named_groups[i].q != NULL) {
+            /* RFC5114 NAMED GROUPS have q defined */
+
+            /* Verify q is correct if it exists */
+            if (dh->params.q != NULL) {
+                if (BN_cmp(dh->params.q, dh_named_groups[i].q) != 0)
+                    break;  /* returns nid = NID_undef if q does not match */
+            } else {
+                dh->params.q = (BIGNUM *)dh_named_groups[i].q;
+            }
+        } else {
+            /* For SAFE PRIME GROUPS */
 
-    for (i = 0; i < (int)OSSL_NELEM(sp_groups); ++i) {
-        /* If a matching p is found then we will break out of the loop */
-        if (!BN_cmp(dh->params.p, sp_groups[i].p)) {
-            /* Set q = (p - 1) / 2 (p is known to be odd so just shift right ) */
+            /* Set q = (p - 1) / 2 (p is known to be odd so just shift right) */
             q = BN_dup(dh->params.p);
 
             if (q == NULL || !BN_rshift1(q, q))
@@ -165,11 +256,13 @@ int DH_get_nid(DH *dh)
                 dh->params.q = q;
                 q = NULL; /* set to NULL so it is not freed */
             }
-            dh->params.nid = sp_groups[i].nid; /* cache the nid */
-            dh->length = 2 * ifc_ffc_compute_security_bits(sp_groups[i].nbits);
-            dh->dirty_cnt++;
-            break;
         }
+        nid = dh->params.nid = dh_named_groups[i].uid; /* cache the nid */
+        dh->length =
+            2 * ifc_ffc_compute_security_bits(dh_named_groups[i].nbits);
+        dh->dirty_cnt++;
+        /* A matching p was found so break out of the loop */
+        break;
     }
     BN_free(q);
     return nid;
index 093695c..3643cb1 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
 #include <openssl/bn.h>
 #include <openssl/engine.h>
 #include <openssl/obj_mac.h>
+#include <openssl/core_names.h>
 #include "internal/cryptlib.h"
 #include "internal/refcount.h"
+#include "crypto/evp.h"
 #include "crypto/dh.h"
 #include "dh_local.h"
 
@@ -61,7 +63,7 @@ DH *DH_new_method(ENGINE *engine)
 }
 #endif /* !FIPS_MODE */
 
-DH *dh_new_with_ctx(OPENSSL_CTX *libctx)
+DH *dh_new_with_libctx(OPENSSL_CTX *libctx)
 {
     return dh_new_intern(NULL, libctx);
 }
@@ -319,3 +321,214 @@ int dh_get0_nid(const DH *dh)
 {
     return dh->params.nid;
 }
+
+int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[])
+{
+    int ret;
+    FFC_PARAMS *ffc;
+
+    if (dh == NULL)
+        return 0;
+    ffc = dh_get0_params(dh);
+    if (ffc == NULL)
+        return 0;
+
+    ret = ffc_params_fromdata(ffc, params);
+    if (ret) {
+        DH_get_nid(dh);
+        dh->dirty_cnt++;
+    }
+    return ret;
+}
+
+static int dh_paramgen_check(EVP_PKEY_CTX *ctx)
+{
+    if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+        /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+        return -2;
+    }
+    /* If key type not DH return error */
+    if (ctx->pmeth != NULL
+        && ctx->pmeth->pkey_id != EVP_PKEY_DH
+        && ctx->pmeth->pkey_id != EVP_PKEY_DHX)
+        return -1;
+    return 1;
+}
+
+int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+
+    if ((ret = dh_paramgen_check(ctx)) <= 0)
+        return ret;
+
+    *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex);
+    *p++ = OSSL_PARAM_construct_end();
+
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx,
+                                      const unsigned char *seed,
+                                      size_t seedlen)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+
+    if ((ret = dh_paramgen_check(ctx)) <= 0)
+        return ret;
+
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED,
+                                             (void *)seed, seedlen);
+    *p++ = OSSL_PARAM_construct_end();
+
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+    const char *name;
+
+    if ((ret = dh_paramgen_check(ctx)) <= 0)
+        return ret;
+
+#if !defined(FIPS_MODE)
+    /* TODO(3.0): Remove this eventually when no more legacy */
+    if (ctx->op.keymgmt.genctx == NULL)
+        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
+                                 EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL);
+#endif
+
+    name = dh_gen_type_id2name(typ);
+    if (name == NULL)
+        return 0;
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE,
+                                            (char *) name, 0);
+    *p++ = OSSL_PARAM_construct_end();
+
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+    size_t bits = pbits;
+
+    if ((ret = dh_paramgen_check(ctx)) <= 0)
+        return ret;
+
+#if !defined(FIPS_MODE)
+    /* TODO(3.0): Remove this eventually when no more legacy */
+    if (ctx->op.keymgmt.genctx == NULL)
+        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
+                                 EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, pbits,
+                                 NULL);
+#endif
+    *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits);
+    *p++ = OSSL_PARAM_construct_end();
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qbits)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+    size_t bits2 = qbits;
+
+    if ((ret = dh_paramgen_check(ctx)) <= 0)
+        return ret;
+
+#if !defined(FIPS_MODE)
+    /* TODO(3.0): Remove this eventually when no more legacy */
+    if (ctx->op.keymgmt.genctx == NULL)
+        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
+                                 EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, qbits,
+                                 NULL);
+#endif
+    *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2);
+    *p++ = OSSL_PARAM_construct_end();
+
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+
+    if ((ret = dh_paramgen_check(ctx)) <= 0)
+        return ret;
+
+#if !defined(FIPS_MODE)
+    /* TODO(3.0): Remove this eventually when no more legacy */
+    if (ctx->op.keymgmt.genctx == NULL)
+        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
+                                 EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL);
+#endif
+
+    *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GENERATOR, &gen);
+    *p++ = OSSL_PARAM_construct_end();
+
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+    const char *name;
+
+    if ((ret = dh_paramgen_check(ctx)) <= 0)
+        return ret;
+
+#if !defined(FIPS_MODE)
+    /* TODO(3.0): Remove this eventually when no more legacy */
+    if (ctx->op.keymgmt.genctx == NULL)
+        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN,
+                                 EVP_PKEY_CTRL_DH_RFC5114, gen, NULL);
+#endif
+    name = ffc_named_group_from_uid(gen);
+    if (name == NULL)
+        return 0;
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP,
+                                            (void *)name, 0);
+    *p++ = OSSL_PARAM_construct_end();
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen)
+{
+    return EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen);
+}
+
+int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid)
+{
+    int ret;
+    OSSL_PARAM params[2], *p = params;
+    const char *name;
+
+    if ((ret = dh_paramgen_check(ctx)) <= 0)
+        return ret;
+
+#if !defined(FIPS_MODE)
+    /* TODO(3.0): Remove this eventually when no more legacy */
+    if (ctx->op.keymgmt.genctx == NULL)
+        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
+                                 EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
+                                 EVP_PKEY_CTRL_DH_NID, nid, NULL);
+#endif
+    name = ffc_named_group_from_uid(nid);
+    if (name == NULL)
+        return 0;
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP,
+                                            (void *)name, 0);
+    *p++ = OSSL_PARAM_construct_end();
+    return EVP_PKEY_CTX_set_params(ctx, params);
+}
index 6d34acc..b661749 100644 (file)
@@ -24,6 +24,8 @@
 #include "internal/cryptlib.h"
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
+#include "crypto/dh.h"
+#include "internal/ffc.h"
 #include "internal/numbers.h"
 #include "internal/provider.h"
 #include "evp_local.h"
@@ -808,11 +810,22 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
      */
     if (cmd == EVP_PKEY_CTRL_CIPHER)
         return -2;
+
 # ifndef OPENSSL_NO_DH
     if (keytype == EVP_PKEY_DH) {
         switch (cmd) {
             case EVP_PKEY_CTRL_DH_PAD:
                 return EVP_PKEY_CTX_set_dh_pad(ctx, p1);
+            case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
+                return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, p1);
+            case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN:
+                return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, p1);
+            case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
+                return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, p1);
+            case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE:
+                return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, p1);
+            case EVP_PKEY_CTRL_DH_RFC5114:
+                return EVP_PKEY_CTX_set_dh_rfc5114(ctx, p1);
         }
     }
 # endif
@@ -1021,7 +1034,21 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
         name = OSSL_PKEY_PARAM_FFC_DIGEST;
 # endif
 # ifndef OPENSSL_NO_DH
-    else if (strcmp(name, "dh_pad") == 0)
+    else if (strcmp(name, "dh_paramgen_generator") == 0)
+        name = OSSL_PKEY_PARAM_FFC_GENERATOR;
+    else if (strcmp(name, "dh_paramgen_prime_len") == 0)
+        name = OSSL_PKEY_PARAM_FFC_PBITS;
+    else if (strcmp(name, "dh_paramgen_subprime_len") == 0)
+        name = OSSL_PKEY_PARAM_FFC_QBITS;
+    else if (strcmp(name, "dh_paramgen_type") == 0) {
+        name = OSSL_PKEY_PARAM_FFC_TYPE;
+        value = dh_gen_type_id2name(atoi(value));
+    } else if (strcmp(name, "dh_param") == 0)
+        name = OSSL_PKEY_PARAM_FFC_GROUP;
+    else if (strcmp(name, "dh_rfc5114") == 0) {
+        name = OSSL_PKEY_PARAM_FFC_GROUP;
+        value = ffc_named_group_from_uid(atoi(value));
+    } else if (strcmp(name, "dh_pad") == 0)
         name = OSSL_EXCHANGE_PARAM_PAD;
 # endif
 # ifndef OPENSSL_NO_EC
index 1d07618..d3661b1 100644 (file)
@@ -22,25 +22,19 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
     const OSSL_PARAM *prm;
     const OSSL_PARAM *param_p, *param_q, *param_g;
     BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
-#if 0
-    char group_name[OSSL_MAX_NAME_SIZE];
-    char *str = group_name;
-#endif
     int i;
 
     if (ffc == NULL)
         return 0;
 
-/* TODO(3.0) Add for DH PR */
-#if 0
     prm  = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GROUP);
     if (prm != NULL) {
-        if (!OSSL_PARAM_get_utf8_string(prm, &str, sizeof(group_name)))
+        if (prm->data_type != OSSL_PARAM_UTF8_STRING)
             goto err;
-        if (!ffc_set_group_pqg(ffc, group_name))
+        if (!ffc_set_group_pqg(ffc, prm->data))
             goto err;
     }
-#endif
+
     param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P);
     param_g = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G);
     param_q = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q);
@@ -66,6 +60,7 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
     if (prm != NULL) {
         if (!OSSL_PARAM_get_BN(prm, &j))
             goto err;
+        j = NULL;
     }
     prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);
     if (prm != NULL) {
index 5950847..89550be 100644 (file)
@@ -215,7 +215,7 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
                                               ffc->seed, ffc->seedlen))
         return 0;
     if (ffc->nid != NID_undef) {
-        const char *name = ffc_named_group_from_nid(ffc->nid);
+        const char *name = ffc_named_group_from_uid(ffc->nid);
 
         if (name == NULL
             || !ossl_param_build_set_utf8_string(bld, params,
@@ -227,7 +227,6 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
 }
 
 #ifndef FIPS_MODE
-
 int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent)
 {
     if (!ASN1_bn_print(bp, "prime P:", ffc->p, NULL, indent))
index ded779f..039073c 100644 (file)
@@ -41,6 +41,8 @@ EVP_PKEY_CTX_set_dh_paramgen_prime_len,
 EVP_PKEY_CTX_set_dh_paramgen_subprime_len,
 EVP_PKEY_CTX_set_dh_paramgen_generator,
 EVP_PKEY_CTX_set_dh_paramgen_type,
+EVP_PKEY_CTX_set_dh_paramgen_gindex,
+EVP_PKEY_CTX_set_dh_paramgen_seed,
 EVP_PKEY_CTX_set_dh_rfc5114,
 EVP_PKEY_CTX_set_dhx_rfc5114,
 EVP_PKEY_CTX_set_dh_pad,
@@ -144,6 +146,10 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len
  int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
  int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
  int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+ int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
+ int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx,
+                                        const unsigned char *seed,
+                                        size_t seedlen);
  int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
  int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
  int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
@@ -462,22 +468,39 @@ parameter generation. The supported parameters are:
 
 =over 4
 
-=item B<DH_PARAMGEN_TYPE_GENERATOR>
+=item B<DH_PARAMGEN_TYPE_GROUP>
+
+Use a named group. If only the safe prime parameter I<p> is set this can be
+used to select a ffdhe safe prime group of the correct size.
+
+=item B<DH_PARAMGEN_TYPE_FIPS_186_4>
 
-Uses a generator g (PKCS#3 format).
+FIPS186-4 FFC parameter generator.
 
 =item B<DH_PARAMGEN_TYPE_FIPS_186_2>
 
 FIPS186-2 FFC parameter generator (X9.42 DH).
 
-=item B<DH_PARAMGEN_TYPE_FIPS_186_4>
+=item B<DH_PARAMGEN_TYPE_GENERATOR>
 
-FIPS186-4 FFC parameter generator.
+Uses a safe prime generator g (PKCS#3 format).
 
 =back
 
 The default is B<DH_PARAMGEN_TYPE_GENERATOR>.
 
+The EVP_PKEY_CTX_set_dh_paramgen_gindex() method sets the I<gindex> used by
+the generator G. The default value is -1 which uses unverifiable g, otherwise
+a positive value uses verifiable g. This value must be saved if key validation
+of g is required, since it is not part of a persisted key.
+
+The EVP_PKEY_CTX_set_dh_paramgen_seed() method sets the I<seed> to use for
+generation rather than using a randomly generated value for the seed. This is
+useful for testing purposes only and can fail if the seed does not produce
+primes for both p & q on its first iteration. This value must be saved if
+key validation of p, q, and verifiable g are required, since it is not part of
+a persisted key.
+
 The EVP_PKEY_CTX_set_dh_pad() function sets the DH padding mode.
 If I<pad> is 1 the shared secret is padded with zeros up to the size of the DH
 prime I<p>.
index 2864fb3..c19d4f0 100644 (file)
@@ -16,12 +16,13 @@ declare_dh_bn(1024_160)
 declare_dh_bn(2048_224)
 declare_dh_bn(2048_256)
 
+extern const BIGNUM _bignum_const_2;
+
 extern const BIGNUM _bignum_ffdhe2048_p;
 extern const BIGNUM _bignum_ffdhe3072_p;
 extern const BIGNUM _bignum_ffdhe4096_p;
 extern const BIGNUM _bignum_ffdhe6144_p;
 extern const BIGNUM _bignum_ffdhe8192_p;
-extern const BIGNUM _bignum_const_2;
 
 extern const BIGNUM _bignum_modp_1536_p;
 extern const BIGNUM _bignum_modp_2048_p;
index 5d5470f..150d13b 100644 (file)
 #include <openssl/dh.h>
 #include "internal/ffc.h"
 
-DH *dh_new_with_ctx(OPENSSL_CTX *libctx);
+DH *dh_new_by_nid_with_libctx(OPENSSL_CTX *libctx, int nid);
+DH *dh_new_with_libctx(OPENSSL_CTX *libctx);
 
-int dh_generate_ffc_parameters(DH *dh, int bits,
-                               int qbits, int gindex, BN_GENCB *cb);
+int dh_generate_ffc_parameters(DH *dh, int type, int pbits,
+                               int qbits, EVP_MD *md, BN_GENCB *cb);
 int dh_generate_public_key(BN_CTX *ctx, DH *dh, const BIGNUM *priv_key,
                            BIGNUM *pub_key);
+int dh_get_named_group_uid_from_size(int pbits);
+const char *dh_gen_type_id2name(int id);
 
 FFC_PARAMS *dh_get0_params(DH *dh);
 int dh_get0_nid(const DH *dh);
+int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[]);
 int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]);
 
 int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
index c8b2cb8..90a13a5 100644 (file)
@@ -164,10 +164,11 @@ int ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv_key,
                              int *ret);
 
 int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *tmpl,
-                              OSSL_PARAM params[]);
+                      OSSL_PARAM params[]);
 int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]);
-int ffc_named_group_to_nid(const char *name);
-const char *ffc_named_group_from_nid(int nid);
+int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name);
+int ffc_named_group_to_uid(const char *name);
+const char *ffc_named_group_from_uid(int nid);
 int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name);
 
 #endif /* OSSL_INTERNAL_FFC_H */
index 18f8352..b5ee883 100644 (file)
@@ -198,6 +198,16 @@ extern "C" {
 #define OSSL_PKEY_PARAM_FFC_H        "hindex"
 #define OSSL_PKEY_PARAM_FFC_GROUP    "group"
 
+#define OSSL_PKEY_PARAM_FFC_GINDEX   "gindex"
+#define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+#define OSSL_PKEY_PARAM_FFC_SEED     "seed"
+#define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+#define OSSL_PKEY_PARAM_FFC_H        "hindex"
+
+/* Diffie-Hellman params */
+#define OSSL_PKEY_PARAM_FFC_GROUP    "group"
+#define OSSL_PKEY_PARAM_FFC_GENERATOR "safeprime-generator"
+
 /* Elliptic Curve Domain Parameters */
 #define OSSL_PKEY_PARAM_EC_NAME      "curve-name"
 
index 8af0670..d705f50 100644 (file)
@@ -104,11 +104,10 @@ DECLARE_ASN1_ITEM(DHparams)
 #  define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
 
 /* DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() */
-#   define DH_PARAMGEN_TYPE_GENERATOR    0   /* Use a generator g */
-#   define DH_PARAMGEN_TYPE_FIPS_186_2   1   /* Use legacy FIPS186-2 standard */
+#   define DH_PARAMGEN_TYPE_GENERATOR    0   /* Use a safe prime generator */
+#   define DH_PARAMGEN_TYPE_FIPS_186_2   1   /* Use FIPS186-2 standard */
 #   define DH_PARAMGEN_TYPE_FIPS_186_4   2   /* Use FIPS186-4 standard */
-
-#   define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
+#   define DH_PARAMGEN_TYPE_GROUP        3   /* Use a named safe prime group */
 
 #   define d2i_DHparams_fp(fp, x) \
         (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
@@ -270,35 +269,17 @@ DEPRECATEDIN_3_0(int DH_meth_set_generate_params(DH_METHOD *dhm,
                                                      (DH *, int, int,
                                                       BN_GENCB *)))
 
-#  define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-                          EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
-
-#  define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-                          EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
-
-#  define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-                          EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
-
-#  define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-                          EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
-
-#  define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
-                          EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
-
-#  define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
-                          EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
-
-#  define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \
-                        EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \
-                        EVP_PKEY_CTRL_DH_NID, nid, NULL)
-
+int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ);
+int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
+int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx,
+                                      const unsigned char *seed,
+                                      size_t seedlen);
+int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits);
+int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qlen);
+int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
+int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen);
+int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen);
 int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
 
 #  define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
index 250e7aa..31a7c0b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  */
 #include "internal/deprecated.h"
 
+#include <string.h> /* strcmp */
 #include <openssl/core_numbers.h>
 #include <openssl/core_names.h>
 #include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/params.h>
-#include <openssl/param_build.h>
+#include <openssl/err.h>
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 #include "prov/provider_ctx.h"
 #include "crypto/dh.h"
+#include "internal/sizes.h"
+#include "internal/nelem.h"
+#include "internal/param_build_set.h"
 
 static OSSL_OP_keymgmt_new_fn dh_newdata;
 static OSSL_OP_keymgmt_free_fn dh_freedata;
+static OSSL_OP_keymgmt_gen_init_fn dh_gen_init;
+static OSSL_OP_keymgmt_gen_set_template_fn dh_gen_set_template;
+static OSSL_OP_keymgmt_gen_set_params_fn dh_gen_set_params;
+static OSSL_OP_keymgmt_gen_settable_params_fn dh_gen_settable_params;
+static OSSL_OP_keymgmt_gen_fn dh_gen;
+static OSSL_OP_keymgmt_gen_cleanup_fn dh_gen_cleanup;
 static OSSL_OP_keymgmt_get_params_fn dh_get_params;
 static OSSL_OP_keymgmt_gettable_params_fn dh_gettable_params;
 static OSSL_OP_keymgmt_has_fn dh_has;
@@ -36,42 +44,81 @@ static OSSL_OP_keymgmt_import_types_fn dh_import_types;
 static OSSL_OP_keymgmt_export_fn dh_export;
 static OSSL_OP_keymgmt_export_types_fn dh_export_types;
 
-#define DH_POSSIBLE_SELECTIONS                 \
+#define DH_POSSIBLE_SELECTIONS                                                 \
     (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)
 
-static int domparams_to_params(DH *dh, OSSL_PARAM_BLD *tmpl)
+struct dh_gen_ctx {
+    OPENSSL_CTX *libctx;
+
+    FFC_PARAMS *ffc_params;
+    int selection;
+    /* All these parameters are used for parameter generation only */
+    /* If there is a group name then the remaining parameters are not needed */
+    int group_nid;
+    size_t pbits;
+    size_t qbits;
+    EVP_MD *md;
+    unsigned char *seed; /* optional FIPS186-4 param for testing */
+    size_t seedlen;
+    int gindex; /* optional  FIPS186-4 generator index (ignored if -1) */
+    int gen_type; /* see dhtype2id */
+    int generator; /* Used by DH_PARAMGEN_TYPE_GENERATOR in non fips mode only */
+    int pcounter;
+    int hindex;
+
+    OSSL_CALLBACK *cb;
+    void *cbarg;
+};
+
+typedef struct dh_name2id_st{
+    const char *name;
+    int id;
+} DH_GENTYPE_NAME2ID;
+
+static const DH_GENTYPE_NAME2ID dhtype2id[]=
 {
-    const BIGNUM *dh_p = NULL, *dh_g = NULL;
+    { "default", DH_PARAMGEN_TYPE_FIPS_186_4 },
+    { "fips186_4", DH_PARAMGEN_TYPE_FIPS_186_4 },
+    { "fips186_2", DH_PARAMGEN_TYPE_FIPS_186_2 },
+    { "group", DH_PARAMGEN_TYPE_GROUP },
+    { "generator", DH_PARAMGEN_TYPE_GENERATOR }
+};
 
-    if (dh == NULL)
-        return 0;
+const char *dh_gen_type_id2name(int id)
+{
+    size_t i;
 
-    DH_get0_pqg(dh, &dh_p, NULL, &dh_g);
-    if (dh_p != NULL
-        && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, dh_p))
-        return 0;
-    if (dh_g != NULL
-        && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, dh_g))
-        return 0;
+    for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
+        if (dhtype2id[i].id == id)
+            return dhtype2id[i].name;
+    }
+    return NULL;
+}
 
-    return 1;
+static int dh_gen_type_name2id(const char *name)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
+        if (strcmp(dhtype2id[i].name, name) == 0)
+            return dhtype2id[i].id;
+    }
+    return -1;
 }
 
-static int key_to_params(DH *dh, OSSL_PARAM_BLD *tmpl)
+static int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
 {
-    const BIGNUM *priv_key = NULL, *pub_key = NULL;
+    const BIGNUM *priv = NULL, *pub = NULL;
 
     if (dh == NULL)
         return 0;
-    if (!domparams_to_params(dh, tmpl))
-        return 0;
 
-    DH_get0_key(dh, &pub_key, &priv_key);
-    if (priv_key != NULL
-        && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, priv_key))
+    DH_get0_key(dh, &pub, &priv);
+    if (priv != NULL
+        && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PRIV_KEY, priv))
         return 0;
-    if (pub_key != NULL
-        && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
+    if (pub != NULL
+        && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PUB_KEY, pub))
         return 0;
 
     return 1;
@@ -79,7 +126,7 @@ static int key_to_params(DH *dh, OSSL_PARAM_BLD *tmpl)
 
 static void *dh_newdata(void *provctx)
 {
-    return dh_new_with_ctx(PROV_LIBRARY_CONTEXT_OF(provctx));
+    return dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx));
 }
 
 static void dh_freedata(void *keydata)
@@ -128,16 +175,17 @@ static int dh_match(const void *keydata1, const void *keydata2, int selection)
 static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
 {
     DH *dh = keydata;
-    int ok = 0;
+    int ok = 1;
 
     if (dh == NULL)
         return 0;
 
-    if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
-        ok = 1;
+    if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
+        return 0;
 
     if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
-        ok = ok && ffc_params_fromdata(dh_get0_params(dh), params);
+        ok = ok && dh_ffc_params_fromdata(dh, params);
+
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
         ok = ok && dh_key_fromdata(dh, params);
 
@@ -160,9 +208,9 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
         return 0;
 
     if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
-        ok = ok && domparams_to_params(dh, tmpl);
+        ok = ok && ffc_params_todata(dh_get0_params(dh), tmpl, NULL);
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
-        ok = ok && key_to_params(dh, tmpl);
+        ok = ok && dh_key_todata(dh, tmpl, NULL);
 
     if (!ok
         || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
@@ -178,12 +226,19 @@ err:
 
 /* IMEXPORT = IMPORT + EXPORT */
 
-# define DH_IMEXPORTABLE_PARAMETERS                     \
-    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0),      \
-    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0)
-# define DH_IMEXPORTABLE_PUBLIC_KEY                     \
+# define DH_IMEXPORTABLE_PARAMETERS                                            \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0),                             \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0),                             \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0),                             \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0),                      \
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL),                          \
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),                        \
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),                               \
+    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0),                \
+    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0)
+# define DH_IMEXPORTABLE_PUBLIC_KEY                                            \
     OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
-# define DH_IMEXPORTABLE_PRIVATE_KEY                    \
+# define DH_IMEXPORTABLE_PRIVATE_KEY                                           \
     OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
 static const OSSL_PARAM dh_all_types[] = {
     DH_IMEXPORTABLE_PARAMETERS,
@@ -242,13 +297,17 @@ static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])
     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
         && !OSSL_PARAM_set_int(p, DH_size(dh)))
         return 0;
-    return 1;
+    return ffc_params_todata(dh_get0_params(dh), NULL, params)
+           && dh_key_todata(dh, NULL, params);
 }
 
 static const OSSL_PARAM dh_params[] = {
     OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
     OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
     OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+    DH_IMEXPORTABLE_PARAMETERS,
+    DH_IMEXPORTABLE_PUBLIC_KEY,
+    DH_IMEXPORTABLE_PRIVATE_KEY,
     OSSL_PARAM_END
 };
 
@@ -297,8 +356,261 @@ static int dh_validate(void *keydata, int selection)
     return ok;
 }
 
+static void *dh_gen_init(void *provctx, int selection)
+{
+    OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
+    struct dh_gen_ctx *gctx = NULL;
+
+    if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
+                      | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
+        return NULL;
+
+    if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
+        gctx->selection = selection;
+        gctx->libctx = libctx;
+        gctx->pbits = 2048;
+        gctx->qbits = 224;
+        gctx->md = NULL;
+        gctx->gen_type = DH_PARAMGEN_TYPE_FIPS_186_4;
+        gctx->gindex = -1;
+        gctx->hindex = 0;
+        gctx->pcounter = -1;
+        gctx->generator = DH_GENERATOR_2;
+    }
+    return gctx;
+}
+
+static int dh_gen_set_template(void *genctx, void *templ)
+{
+    struct dh_gen_ctx *gctx = genctx;
+    DH *dh = templ;
+
+    if (gctx == NULL || dh == NULL)
+        return 0;
+    gctx->ffc_params = dh_get0_params(dh);
+    return 1;
+}
+
+static int dh_set_gen_seed(struct dh_gen_ctx *gctx, unsigned char *seed,
+                           size_t seedlen)
+{
+    OPENSSL_clear_free(gctx->seed, gctx->seedlen);
+    gctx->seed = NULL;
+    gctx->seedlen = 0;
+    if (seed != NULL && seedlen > 0) {
+        gctx->seed = OPENSSL_memdup(seed, seedlen);
+        if (gctx->seed == NULL)
+            return 0;
+        gctx->seedlen = seedlen;
+    }
+    return 1;
+}
+
+static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
+{
+    struct dh_gen_ctx *gctx = genctx;
+    const OSSL_PARAM *p;
+
+    if (gctx == NULL)
+        return 0;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE);
+    if (p != NULL) {
+        if (p->data_type != OSSL_PARAM_UTF8_STRING
+            || ((gctx->gen_type = dh_gen_type_name2id(p->data)) == -1)) {
+            ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
+            return 0;
+        }
+    }
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GROUP);
+    if (p != NULL) {
+        if (p->data_type != OSSL_PARAM_UTF8_STRING
+           || ((gctx->group_nid = ffc_named_group_to_uid(p->data)) == NID_undef)) {
+            ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
+            return 0;
+        }
+        gctx->gen_type = DH_PARAMGEN_TYPE_GROUP;
+    }
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GENERATOR);
+    if (p != NULL
+        && !OSSL_PARAM_get_int(p, &gctx->generator))
+        return 0;
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX);
+    if (p != NULL
+        && !OSSL_PARAM_get_int(p, &gctx->gindex))
+        return 0;
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER);
+    if (p != NULL
+        && !OSSL_PARAM_get_int(p, &gctx->pcounter))
+        return 0;
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);
+    if (p != NULL
+        && !OSSL_PARAM_get_int(p, &gctx->hindex))
+        return 0;
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED);
+    if (p != NULL
+        && (p->data_type != OSSL_PARAM_OCTET_STRING
+            || !dh_set_gen_seed(gctx, p->data, p->data_size)))
+            return 0;
+
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PBITS)) != NULL
+        && !OSSL_PARAM_get_size_t(p, &gctx->pbits))
+        return 0;
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_QBITS)) != NULL
+        && !OSSL_PARAM_get_size_t(p, &gctx->qbits))
+        return 0;
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST);
+    if (p != NULL) {
+        const OSSL_PARAM *p1;
+        char mdprops[OSSL_MAX_PROPQUERY_SIZE] = { '\0' };
+        char *str = mdprops;
+
+        if (p->data_type != OSSL_PARAM_UTF8_STRING)
+            return 0;
+        p1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);
+        if (p1 != NULL
+            && !OSSL_PARAM_get_utf8_string(p1, &str, sizeof(mdprops)))
+            return 0;
+        EVP_MD_free(gctx->md);
+        gctx->md = EVP_MD_fetch(gctx->libctx, p->data, mdprops);
+        if (gctx->md == NULL)
+            return 0;
+    }
+    return 1;
+}
+
+static const OSSL_PARAM *dh_gen_settable_params(void *provctx)
+{
+    static OSSL_PARAM settable[] = {
+        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0),
+        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
+        OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),
+        OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL),
+        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, NULL, 0),
+        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0),
+        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL),
+        OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0),
+        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GENERATOR, NULL),
+        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),
+        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),
+        OSSL_PARAM_END
+    };
+    return settable;
+}
+
+static int dh_gencb(int p, int n, BN_GENCB *cb)
+{
+    struct dh_gen_ctx *gctx = BN_GENCB_get_arg(cb);
+    OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
+
+    params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p);
+    params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n);
+
+    return gctx->cb(params, gctx->cbarg);
+}
+
+static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
+{
+    int ret = 0;
+    struct dh_gen_ctx *gctx = genctx;
+    DH *dh = NULL;
+    BN_GENCB *gencb = NULL;
+    FFC_PARAMS *ffc;
+
+    if (gctx == NULL)
+        return NULL;
+
+    /* For parameter generation - If there is a group name just create it */
+    if (gctx->gen_type == DH_PARAMGEN_TYPE_GROUP) {
+        /* Select a named group if there is not one already */
+        if (gctx->group_nid == NID_undef)
+            gctx->group_nid = dh_get_named_group_uid_from_size(gctx->pbits);
+        if (gctx->group_nid == NID_undef)
+            return NULL;
+        dh = dh_new_by_nid_with_libctx(gctx->libctx, gctx->group_nid);
+        if (dh == NULL)
+            return NULL;
+        ffc = dh_get0_params(dh);
+    } else {
+        dh = dh_new_with_libctx(gctx->libctx);
+        if (dh == NULL)
+            return NULL;
+        ffc = dh_get0_params(dh);
+
+        /* Copy the template value if one was passed */
+        if (gctx->ffc_params != NULL
+            && !ffc_params_copy(ffc, gctx->ffc_params))
+            goto end;
+
+        if (!ffc_params_set_seed(ffc, gctx->seed, gctx->seedlen))
+            goto end;
+        if (gctx->gindex != -1) {
+            ffc_params_set_gindex(ffc, gctx->gindex);
+            if (gctx->pcounter != -1)
+                ffc_params_set_pcounter(ffc, gctx->pcounter);
+        } else if (gctx->hindex != 0) {
+            ffc_params_set_h(ffc, gctx->hindex);
+        }
+        gctx->cb = osslcb;
+        gctx->cbarg = cbarg;
+        gencb = BN_GENCB_new();
+        if (gencb != NULL)
+            BN_GENCB_set(gencb, dh_gencb, genctx);
+
+        if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
+            /*
+             * NOTE: The old safe prime generator code is not used in fips mode,
+             * (i.e internally it ignores the generator and chooses a named
+             * group based on pbits.
+             */
+            if (gctx->gen_type == DH_PARAMGEN_TYPE_GENERATOR)
+                ret = DH_generate_parameters_ex(dh, gctx->pbits,
+                                                gctx->generator, gencb);
+            else
+                ret = dh_generate_ffc_parameters(dh, gctx->gen_type, gctx->pbits,
+                                                 gctx->qbits, gctx->md, gencb);
+            if (ret <= 0)
+                goto end;
+        }
+    }
+
+    if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
+        if (ffc->p == NULL || ffc->g == NULL)
+            goto end;
+        if (DH_generate_key(dh) <= 0)
+            goto end;
+    }
+    ret = 1;
+end:
+    if (ret <= 0) {
+        DH_free(dh);
+        dh = NULL;
+    }
+    BN_GENCB_free(gencb);
+    return dh;
+}
+
+static void dh_gen_cleanup(void *genctx)
+{
+    struct dh_gen_ctx *gctx = genctx;
+
+    if (gctx == NULL)
+        return;
+
+    OPENSSL_clear_free(gctx->seed, gctx->seedlen);
+    EVP_MD_free(gctx->md);
+    OPENSSL_free(gctx);
+}
+
 const OSSL_DISPATCH dh_keymgmt_functions[] = {
     { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dh_newdata },
+    { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dh_gen_init },
+    { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dh_gen_set_template },
+    { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dh_gen_set_params },
+    { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
+      (void (*)(void))dh_gen_settable_params },
+    { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dh_gen },
+    { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dh_gen_cleanup },
     { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata },
     { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params },
     { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params },
index b2517ed..d8e85a5 100644 (file)
  */
 #include "internal/deprecated.h"
 
-#include <openssl/dh.h>
 #include <openssl/err.h>
 #include "prov/bio.h"             /* ossl_prov_bio_printf() */
 #include "prov/implementations.h" /* rsa_keymgmt_functions */
 #include "prov/providercommonerr.h" /* PROV_R_BN_ERROR */
+#include "internal/ffc.h"
+#include "crypto/dh.h"
 #include "serializer_local.h"
 
 OSSL_OP_keymgmt_new_fn *ossl_prov_get_keymgmt_dh_new(void)
@@ -39,8 +40,7 @@ int ossl_prov_print_dh(BIO *out, DH *dh, enum dh_print_type type)
 {
     const char *type_label = NULL;
     const BIGNUM *priv_key = NULL, *pub_key = NULL;
-    const BIGNUM *p = NULL, *g = NULL;
-
+    const BIGNUM *p = NULL;
 
     switch (type) {
     case dh_print_priv:
@@ -67,35 +67,19 @@ int ossl_prov_print_dh(BIO *out, DH *dh, enum dh_print_type type)
     }
 
     p = DH_get0_p(dh);
-    g = DH_get0_g(dh);
-    if (p == NULL || g == NULL)
+    if (p == NULL)
         goto null_err;
 
-    /*
-     * TODO(3.0): add printing of:
-     *
-     * - q (label "subgroup order:")
-     * - j (label "subgroup factor:")
-     * - seed (label "seed:")
-     * - counter (label "counter:")
-     *
-     * This can happen as soon as there are DH_get0_ functions for them.
-     */
-
     if (ossl_prov_bio_printf(out, "%s: (%d bit)\n", type_label, BN_num_bits(p))
         <= 0)
         goto err;
     if (priv_key != NULL
-        && !ossl_prov_print_labeled_bignum(out, "    private-key:", priv_key))
+        && !ossl_prov_print_labeled_bignum(out, "private-key:", priv_key))
         goto err;
     if (pub_key != NULL
-        && !ossl_prov_print_labeled_bignum(out, "    public-key:", pub_key))
-        goto err;
-    if (p != NULL
-        && !ossl_prov_print_labeled_bignum(out, "    prime:", p))
+        && !ossl_prov_print_labeled_bignum(out, "public-key:", pub_key))
         goto err;
-    if (g != NULL
-        && !ossl_prov_print_labeled_bignum(out, "    generator:", g))
+    if (!ffc_params_prov_print(out, dh_get0_params(dh)))
         goto err;
 
     return 1;
index da38763..20cf4b3 100644 (file)
@@ -15,7 +15,7 @@
 int ffc_params_prov_print(BIO *out, const FFC_PARAMS *ffc)
 {
     if (ffc->nid != NID_undef) {
-        const char *name = ffc_named_group_from_nid(ffc->nid);
+        const char *name = ffc_named_group_from_uid(ffc->nid);
 
         if (name == NULL)
             goto err;
index 5a66162..7b61cbe 100644 (file)
 #include <openssl/pem.h>
 #include <openssl/serializer.h>
 #include <openssl/provider.h>
-#include <openssl/params.h>
+#include <openssl/param_build.h>
 #include <openssl/core_names.h>
 #include "crypto/ecx.h"
-#include "internal/nelem.h"
-#include "openssl/param_build.h"
 #include "crypto/evp.h"          /* For the internal API */
+#include "crypto/bn_dh.h"        /* _bignum_ffdhe2048_p */
+#include "internal/nelem.h"
 #include "testutil.h"
 
 static char *datadir = NULL;
@@ -391,73 +391,283 @@ static int test_evp_pkey_get_bn_param_large(void)
 
 
 #ifndef OPENSSL_NO_DH
-/* Array indexes used in test_fromdata_dh */
-#define PRIV_KEY        0
-#define PUB_KEY         1
-#define FFC_P           2
-#define FFC_G           3
-
-static int test_fromdata_dh(void)
+static int test_fromdata_dh_named_group(void)
 {
     int ret = 0;
+    int gindex = 0, pcounter = 0, hindex = 0;
     EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
     EVP_PKEY *pk = NULL, *copy_pk = NULL;
+    size_t len;
+    BIGNUM *pub = NULL, *priv = NULL;
+    BIGNUM *pub_out = NULL, *priv_out = NULL;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
+    OSSL_PARAM *fromdata_params = NULL;
+    OSSL_PARAM_BLD *bld = NULL;
+    char name_out[80];
+    unsigned char seed_out[32];
+
     /*
-     * 32-bit DH key, extracted from this command,
-     * executed with OpenSSL 1.0.2:
-     *
-     * openssl dhparam -out dhp.pem 32
-     * openssl genpkey -paramfile dhp.pem | openssl pkey -text
+     * DH key data was generated using the following:
+     * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048 -text
      */
-    static unsigned long key_numbers[] = {
-        0x666c2b06,              /* priv-key */
-        0x6fa6de50,              /* pub-key */
-        0x8bb45f53,              /* P */
-        0x2,                     /* G */
+    static const unsigned char priv_data[] = {
+        0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
+        0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
+        0x87, 0xe8, 0xa9, 0x7b,
     };
-    OSSL_PARAM fromdata_params[] = {
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_PRIV_KEY, &key_numbers[PRIV_KEY]),
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_PUB_KEY, &key_numbers[PUB_KEY]),
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_P, &key_numbers[FFC_P]),
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_G, &key_numbers[FFC_G]),
-        OSSL_PARAM_END
+    static const unsigned char pub_data[] = {
+        0x00, 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1,
+        0x82, 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd,
+        0x33, 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c,
+        0x64, 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6,
+        0xf9, 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5,
+        0xfa, 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03,
+        0x9d, 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9,
+        0x7e, 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a,
+        0x57, 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa,
+        0xe5, 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef,
+        0x9a, 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1,
+        0xdb, 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7,
+        0x22, 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f,
+        0x7c, 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20,
+        0x82, 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77,
+        0x14, 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2,
+        0x6e, 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12,
+        0xbc, 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0,
+        0xf1, 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67,
+        0xa1, 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc,
+        0xa8, 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab,
+        0xcf, 0x33, 0x42, 0x83, 0x42
     };
+    static const char group_name[] = "ffdhe2048";
+
+    if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
+        || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
+        || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
+        || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
+                                                      OSSL_PKEY_PARAM_FFC_GROUP,
+                                                      group_name, 0))
+        || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
+        || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
+        || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
+        goto err;
 
     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
         goto err;
 
     if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
         || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
-        || !TEST_int_eq(EVP_PKEY_bits(pk), 32)
-        || !TEST_int_eq(EVP_PKEY_security_bits(pk), 0) /* Missing Q */
-        || !TEST_int_eq(EVP_PKEY_size(pk), 4))
+        || !TEST_int_eq(EVP_PKEY_bits(pk), 2048)
+        || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112)
+        || !TEST_int_eq(EVP_PKEY_size(pk), 256))
+        goto err;
+
+    if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_FFC_GROUP,
+                                                  name_out, sizeof(name_out),
+                                                  &len))
+        || !TEST_str_eq(name_out, group_name)
+        || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
+                                            &pub_out))
+
+        || !TEST_BN_eq(pub, pub_out)
+        || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
+                                            &priv_out))
+        || !TEST_BN_eq(priv, priv_out)
+        || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
+        || !TEST_BN_eq(&_bignum_ffdhe2048_p, p)
+        || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
+        || !TEST_ptr(q)
+        || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
+        || !TEST_BN_eq(&_bignum_const_2, g)
+        || !TEST_false(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_COFACTOR,
+                                             &j))
+        || !TEST_ptr_null(j)
+        || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
+                                                       OSSL_PKEY_PARAM_FFC_SEED,
+                                                       seed_out,
+                                                       sizeof(seed_out), &len))
+        || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX,
+                                             &gindex))
+        || !TEST_int_eq(gindex, -1)
+        || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H, &hindex))
+        || !TEST_int_eq(hindex, 0)
+        || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_PCOUNTER,
+                                             &pcounter))
+        || !TEST_int_eq(pcounter, -1))
+        goto err;
+
+    if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
+        goto err;
+
+    if (!TEST_true(EVP_PKEY_check(key_ctx))
+        || !TEST_true(EVP_PKEY_public_check(key_ctx))
+        || !TEST_true(EVP_PKEY_private_check(key_ctx))
+        || !TEST_true(EVP_PKEY_pairwise_check(key_ctx)))
         goto err;
 
     if (!TEST_ptr(copy_pk = EVP_PKEY_new())
         || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
         goto err;
 
+    ret = test_print_key_using_pem("DH", pk)
+          && test_print_key_using_serializer("DH", pk);
+err:
+    BN_free(p);
+    BN_free(q);
+    BN_free(g);
+    BN_free(j);
+    BN_free(pub);
+    BN_free(priv);
+    BN_free(pub_out);
+    BN_free(priv_out);
+    EVP_PKEY_free(copy_pk);
+    EVP_PKEY_free(pk);
+    EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_CTX_free(key_ctx);
+    OSSL_PARAM_BLD_free_params(fromdata_params);
+    OSSL_PARAM_BLD_free(bld);
+
+    return ret;
+}
+
+static int test_fromdata_dh_fips186_4(void)
+{
+    int ret = 0;
+    int gindex = 0, pcounter = 0, hindex = 0;
+    EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
+    EVP_PKEY *pk = NULL;
+    size_t len;
+    BIGNUM *pub = NULL, *priv = NULL;
+    BIGNUM *pub_out = NULL, *priv_out = NULL;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
+    OSSL_PARAM_BLD *bld = NULL;
+    OSSL_PARAM *fromdata_params = NULL;
+    char name_out[80];
+    unsigned char seed_out[32];
+
+    /*
+     * DH key data was generated using the following:
+     * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048 -text
+     */
+    static const unsigned char priv_data[] = {
+       0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
+       0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
+       0x87, 0xe8, 0xa9, 0x7b,
+    };
+    static const unsigned char pub_data[] = {
+       0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82,
+       0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33,
+       0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64,
+       0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9,
+       0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa,
+       0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d,
+       0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e,
+       0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57,
+       0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5,
+       0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a,
+       0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb,
+       0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22,
+       0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c,
+       0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82,
+       0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14,
+       0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e,
+       0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc,
+       0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1,
+       0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1,
+       0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8,
+       0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf,
+       0x33, 0x42, 0x83, 0x42
+    };
+    static const char group_name[] = "ffdhe2048";
+
+
+    if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
+        || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
+        || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
+        || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
+                                                      OSSL_PKEY_PARAM_FFC_GROUP,
+                                                      group_name, 0))
+        || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
+        || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
+        || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
+        goto err;
+
+    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
+        goto err;
+
+    if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
+        || !TEST_int_eq(EVP_PKEY_bits(pk), 2048)
+        || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112)
+        || !TEST_int_eq(EVP_PKEY_size(pk), 256))
+        goto err;
+
+    if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_FFC_GROUP,
+                                                  name_out, sizeof(name_out),
+                                                  &len))
+        || !TEST_str_eq(name_out, group_name)
+        || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
+                                            &pub_out))
+        || !TEST_BN_eq(pub, pub_out)
+        || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
+                                            &priv_out))
+        || !TEST_BN_eq(priv, priv_out)
+        || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
+        || !TEST_BN_eq(&_bignum_ffdhe2048_p, p)
+        || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
+        || !TEST_ptr(q)
+        || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
+        || !TEST_BN_eq(&_bignum_const_2, g)
+        || !TEST_false(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_COFACTOR,
+                                             &j))
+        || !TEST_ptr_null(j)
+        || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
+                                                       OSSL_PKEY_PARAM_FFC_SEED,
+                                                       seed_out,
+                                                       sizeof(seed_out), &len))
+        || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX,
+                                             &gindex))
+        || !TEST_int_eq(gindex, -1)
+        || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H, &hindex))
+        || !TEST_int_eq(hindex, 0)
+        || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_PCOUNTER,
+                                             &pcounter))
+        || !TEST_int_eq(pcounter, -1))
+        goto err;
+
     if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
         goto err;
 
-    if (!TEST_false(EVP_PKEY_check(key_ctx))
+    if (!TEST_true(EVP_PKEY_check(key_ctx))
         || !TEST_true(EVP_PKEY_public_check(key_ctx))
-        || !TEST_false(EVP_PKEY_private_check(key_ctx)) /* Need a q */
-        || !TEST_false(EVP_PKEY_pairwise_check(key_ctx)))
+        || !TEST_true(EVP_PKEY_private_check(key_ctx))
+        || !TEST_true(EVP_PKEY_pairwise_check(key_ctx)))
         goto err;
 
     ret = test_print_key_using_pem("DH", pk)
           && test_print_key_using_serializer("DH", pk);
- err:
+err:
+    BN_free(p);
+    BN_free(q);
+    BN_free(g);
+    BN_free(j);
+    BN_free(pub);
+    BN_free(priv);
+    BN_free(pub_out);
+    BN_free(priv_out);
     EVP_PKEY_free(pk);
-    EVP_PKEY_free(copy_pk);
     EVP_PKEY_CTX_free(ctx);
     EVP_PKEY_CTX_free(key_ctx);
+    OSSL_PARAM_BLD_free_params(fromdata_params);
+    OSSL_PARAM_BLD_free(bld);
 
     return ret;
 }
+
 #endif
 
+
+
 #ifndef OPENSSL_NO_EC
 /* Array indexes used in test_fromdata_ecx */
 # define PRIV_KEY        0
@@ -677,7 +887,7 @@ static int test_fromdata_ec(void)
     int ret = 0;
     EVP_PKEY_CTX *ctx = NULL;
     EVP_PKEY *pk = NULL, *copy_pk = NULL;
-    OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
+    OSSL_PARAM_BLD *bld = NULL;
     BIGNUM *ec_priv_bn = NULL;
     BIGNUM *bn_priv = NULL;
     OSSL_PARAM *fromdata_params = NULL;
@@ -708,7 +918,7 @@ static int test_fromdata_ec(void)
     size_t len;
 
 
-    if (!TEST_ptr(bld))
+    if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()))
         goto err;
     if (!TEST_ptr(ec_priv_bn = BN_bin2bn(ec_priv_keydata,
                                          sizeof(ec_priv_keydata), NULL)))
@@ -1015,7 +1225,8 @@ int setup_tests(void)
     ADD_TEST(test_evp_pkey_get_bn_param_large);
     ADD_TEST(test_fromdata_rsa);
 #ifndef OPENSSL_NO_DH
-    ADD_TEST(test_fromdata_dh);
+    ADD_TEST(test_fromdata_dh_fips186_4);
+    ADD_TEST(test_fromdata_dh_named_group);
 #endif
 #ifndef OPENSSL_NO_DSA
     ADD_TEST(test_fromdata_dsa_fips186_4);
diff --git a/test/recipes/15-test_gendh.t b/test/recipes/15-test_gendh.t
new file mode 100644 (file)
index 0000000..87ddac9
--- /dev/null
@@ -0,0 +1,83 @@
+#! /usr/bin/env perl
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_gendh");
+
+plan skip_all => "This test is unsupported in a no-dh build" if disabled("dh");
+
+plan tests => 9;
+
+ok(run(app([ 'openssl', 'genpkey', '-genparam',
+             '-algorithm', 'DH',
+             '-pkeyopt', 'gindex:1',
+             '-pkeyopt', 'type:fips186_4',
+             '-text'])),
+   "genpkey DH params fips186_4 with verifiable g");
+
+ok(run(app([ 'openssl', 'genpkey', '-genparam',
+             '-algorithm', 'DH',
+             '-pkeyopt', 'type:fips186_4',
+             '-text'])),
+   "genpkey DH params fips186_4 with unverifiable g");
+
+ok(run(app([ 'openssl', 'genpkey', '-genparam',
+             '-algorithm', 'DH',
+             '-pkeyopt', 'type:fips186_2',
+             '-text'])),
+   "genpkey DH params fips186_2");
+
+ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'DH',
+             '-pkeyopt', 'type:group',
+             '-text'])),
+   "genpkey DH default group");
+
+ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'DH',
+             '-pkeyopt', 'type:group',
+             '-pkeyopt', 'group:ffdhe2048',
+             '-text'])),
+   "genpkey DH group ffdhe2048");
+
+ok(run(app([ 'openssl', 'genpkey', '-genparam',
+             '-algorithm', 'DH',
+             '-pkeyopt', 'gindex:1',
+             '-pkeyopt', 'type:fips186_4',
+             '-out', 'dhgen.pem'])),
+   "genpkey DH params fips186_4 PEM");
+
+ok(run(app([ 'openssl', 'genpkey', '-genparam',
+             '-algorithm', 'DH',
+             '-pkeyopt', 'gindex:1',
+             '-pkeyopt', 'pbits:2048',
+             '-pkeyopt', 'qbits:256',
+             '-pkeyopt', 'type:fips186_4',
+             '-outform', 'DER',
+             '-out', 'dhgen.der'])),
+   "genpkey DH params fips186_4 DER");
+
+# The seed and counter should be the ones generated from the param generation
+# Just put some dummy ones in to show it works.
+ok(run(app([ 'openssl', 'genpkey',
+             '-paramfile', 'dhgen.der',
+             '-pkeyopt', 'gindex:1',
+             '-pkeyopt', 'hexseed:0102030405060708090A0B0C0D0E0F1011121314',
+             '-pkeyopt', 'pcounter:25',
+             '-text'])),
+   "genpkey DH fips186_4 with DER params");
+
+ ok(!run(app([ 'openssl', 'genpkey',
+              '-algorithm', 'DH'])),
+   "genpkey DH with no params should fail");
+   
\ No newline at end of file
index 0063e62..d77f50d 100644 (file)
Binary files a/test/recipes/30-test_evp_pkey_provided/DH.priv.der and b/test/recipes/30-test_evp_pkey_provided/DH.priv.der differ
index 73cc465..2aa5f49 100644 (file)
@@ -1,3 +1,9 @@
 -----BEGIN PRIVATE KEY-----
-MCQCAQAwFwYJKoZIhvcNAQMBMAoCBQCLtF9TAgECBAYCBGZsKwY=
+MIIBQwIBADCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv
+3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT
+3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId
+8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu
+Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD
+/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8C
+AQICAgDgBB8CHQCIheef7m3FfHivY104KtDtVktHISv6VfqH6Kl7
 -----END PRIVATE KEY-----
index cedef99..0e6f951 100644 (file)
@@ -1,5 +1,24 @@
-DH Private-Key: (32 bit)
-    private-key: 1718364934 (0x666c2b06)
-    public-key: 1873206864 (0x6fa6de50)
-    prime: 2343853907 (0x8bb45f53)
-    generator: 2 (0x2)
+DH Private-Key: (2048 bit)
+private-key:
+    00:88:85:e7:9f:ee:6d:c5:7c:78:af:63:5d:38:2a:
+    d0:ed:56:4b:47:21:2b:fa:55:fa:87:e8:a9:7b
+public-key:
+    00:d6:2d:77:e0:d3:7d:f8:eb:98:50:a1:82:22:65:
+    d5:d9:fe:c9:3f:be:16:83:bd:33:e9:c6:93:cf:08:
+    af:83:fa:80:8a:6c:64:df:70:64:d5:0a:7c:5a:72:
+    da:66:e6:f9:f5:31:21:92:b0:60:1a:b5:d3:f0:a5:
+    fa:48:95:2e:38:d9:c5:e6:da:fb:6c:03:9d:4b:69:
+    b7:95:e4:5c:c0:93:4f:48:d9:7e:06:22:b2:de:f3:
+    79:24:ed:e1:d1:4a:57:f1:40:86:70:42:25:c5:27:
+    68:c9:fa:e5:8e:62:7e:ff:49:6c:5b:b5:ba:f9:ef:
+    9a:1a:10:d4:81:53:cf:83:04:18:1c:e1:db:e1:65:
+    a9:7f:e1:33:eb:c3:4f:e3:b7:22:f7:1c:09:4f:ed:
+    c6:07:8e:78:05:8f:7c:96:d9:12:e0:81:74:1a:e9:
+    13:c0:20:82:65:bb:42:3b:ed:08:6a:84:4f:ea:77:
+    14:32:f9:ed:c2:12:d6:c5:c6:b3:e5:f2:6e:f6:16:
+    7f:37:de:bc:09:c7:06:6b:12:bc:ad:2d:49:25:d5:
+    dc:f4:18:14:d2:f0:f1:1d:1f:3a:aa:15:55:bb:0d:
+    7f:be:67:a1:a7:f0:aa:b3:fb:41:82:39:49:93:bc:
+    a8:ee:72:13:45:65:15:42:17:aa:d8:ab:cf:33:42:
+    83:42
+GROUP: ffdhe2048
index 95a3001..a2d3730 100644 (file)
Binary files a/test/recipes/30-test_evp_pkey_provided/DH.pub.der and b/test/recipes/30-test_evp_pkey_provided/DH.pub.der differ
index 709ac89..b71c143 100644 (file)
@@ -1,3 +1,14 @@
 -----BEGIN PUBLIC KEY-----
-MCIwFwYJKoZIhvcNAQMBMAoCBQCLtF9TAgECAwcAAgRvpt5Q
+MIICKTCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv3FYg
+Jz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT3x7V
+1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId8Vih
+Nq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSuVu3n
+Y3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD/jsb
+TG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8CAQIC
+AgDgA4IBBgACggEBANYtd+DTffjrmFChgiJl1dn+yT++FoO9M+nGk88Ir4P6gIps
+ZN9wZNUKfFpy2mbm+fUxIZKwYBq10/Cl+kiVLjjZxeba+2wDnUtpt5XkXMCTT0jZ
+fgYist7zeSTt4dFKV/FAhnBCJcUnaMn65Y5ifv9JbFu1uvnvmhoQ1IFTz4MEGBzh
+2+FlqX/hM+vDT+O3IvccCU/txgeOeAWPfJbZEuCBdBrpE8AggmW7QjvtCGqET+p3
+FDL57cIS1sXGs+XybvYWfzfevAnHBmsSvK0tSSXV3PQYFNLw8R0fOqoVVbsNf75n
+oafwqrP7QYI5SZO8qO5yE0VlFUIXqtirzzNCg0I=
 -----END PUBLIC KEY-----
index b7b465f..325e160 100644 (file)
@@ -1,4 +1,21 @@
-DH Public-Key: (32 bit)
-    public-key: 1873206864 (0x6fa6de50)
-    prime: 2343853907 (0x8bb45f53)
-    generator: 2 (0x2)
+DH Public-Key: (2048 bit)
+public-key:
+    00:d6:2d:77:e0:d3:7d:f8:eb:98:50:a1:82:22:65:
+    d5:d9:fe:c9:3f:be:16:83:bd:33:e9:c6:93:cf:08:
+    af:83:fa:80:8a:6c:64:df:70:64:d5:0a:7c:5a:72:
+    da:66:e6:f9:f5:31:21:92:b0:60:1a:b5:d3:f0:a5:
+    fa:48:95:2e:38:d9:c5:e6:da:fb:6c:03:9d:4b:69:
+    b7:95:e4:5c:c0:93:4f:48:d9:7e:06:22:b2:de:f3:
+    79:24:ed:e1:d1:4a:57:f1:40:86:70:42:25:c5:27:
+    68:c9:fa:e5:8e:62:7e:ff:49:6c:5b:b5:ba:f9:ef:
+    9a:1a:10:d4:81:53:cf:83:04:18:1c:e1:db:e1:65:
+    a9:7f:e1:33:eb:c3:4f:e3:b7:22:f7:1c:09:4f:ed:
+    c6:07:8e:78:05:8f:7c:96:d9:12:e0:81:74:1a:e9:
+    13:c0:20:82:65:bb:42:3b:ed:08:6a:84:4f:ea:77:
+    14:32:f9:ed:c2:12:d6:c5:c6:b3:e5:f2:6e:f6:16:
+    7f:37:de:bc:09:c7:06:6b:12:bc:ad:2d:49:25:d5:
+    dc:f4:18:14:d2:f0:f1:1d:1f:3a:aa:15:55:bb:0d:
+    7f:be:67:a1:a7:f0:aa:b3:fb:41:82:39:49:93:bc:
+    a8:ee:72:13:45:65:15:42:17:aa:d8:ab:cf:33:42:
+    83:42
+GROUP: ffdhe2048
index 0325480..e14688c 100644 (file)
@@ -5063,3 +5063,12 @@ EVP_PKEY_CTX_set_dsa_paramgen_gindex    ?        3_0_0   EXIST::FUNCTION:DSA
 EVP_PKEY_CTX_set_dsa_paramgen_type      ?      3_0_0   EXIST::FUNCTION:DSA
 EVP_PKEY_CTX_set_dsa_paramgen_seed      ?      3_0_0   EXIST::FUNCTION:DSA
 EVP_PKEY_CTX_set_dsa_paramgen_md        ?      3_0_0   EXIST::FUNCTION:DSA
+EVP_PKEY_CTX_set_dh_paramgen_type       ?      3_0_0   EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_paramgen_gindex     ?      3_0_0   EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_paramgen_seed       ?      3_0_0   EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_paramgen_prime_len  ?      3_0_0   EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_paramgen_subprime_len ?    3_0_0   EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_paramgen_generator  ?      3_0_0   EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_nid                 ?      3_0_0   EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_rfc5114             ?      3_0_0   EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dhx_rfc5114            ?      3_0_0   EXIST::FUNCTION:DH