2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * DH low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
17 #include "crypto/evp.h"
18 #include <openssl/bn.h>
19 #include <openssl/engine.h>
20 #include <openssl/obj_mac.h>
21 #include <openssl/core_names.h>
22 #include "internal/cryptlib.h"
23 #include "internal/refcount.h"
24 #include "crypto/dh.h"
27 static int dh_paramgen_check(EVP_PKEY_CTX *ctx)
29 if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
30 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
31 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
34 /* If key type not DH return error */
35 if (ctx->pmeth != NULL
36 && ctx->pmeth->pkey_id != EVP_PKEY_DH
37 && ctx->pmeth->pkey_id != EVP_PKEY_DHX)
42 static int dh_param_derive_check(EVP_PKEY_CTX *ctx)
44 if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
45 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
46 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
49 /* If key type not DH return error */
50 if (ctx->pmeth != NULL
51 && ctx->pmeth->pkey_id != EVP_PKEY_DH
52 && ctx->pmeth->pkey_id != EVP_PKEY_DHX)
57 int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex)
60 OSSL_PARAM params[2], *p = params;
62 if ((ret = dh_paramgen_check(ctx)) <= 0)
65 *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex);
66 *p = OSSL_PARAM_construct_end();
68 return EVP_PKEY_CTX_set_params(ctx, params);
71 int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx,
72 const unsigned char *seed,
76 OSSL_PARAM params[2], *p = params;
78 if ((ret = dh_paramgen_check(ctx)) <= 0)
81 *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED,
82 (void *)seed, seedlen);
83 *p = OSSL_PARAM_construct_end();
85 return EVP_PKEY_CTX_set_params(ctx, params);
88 int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ)
91 OSSL_PARAM params[2], *p = params;
94 if ((ret = dh_paramgen_check(ctx)) <= 0)
97 /* TODO(3.0): Remove this eventually when no more legacy */
98 if (ctx->op.keymgmt.genctx == NULL)
99 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
100 EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL);
102 name = dh_gen_type_id2name(typ);
105 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE,
107 *p = OSSL_PARAM_construct_end();
109 return EVP_PKEY_CTX_set_params(ctx, params);
112 int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits)
115 OSSL_PARAM params[2], *p = params;
118 if ((ret = dh_paramgen_check(ctx)) <= 0)
121 /* TODO(3.0): Remove this eventually when no more legacy */
122 if (ctx->op.keymgmt.genctx == NULL)
123 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
124 EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, pbits,
126 *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits);
127 *p = OSSL_PARAM_construct_end();
128 return EVP_PKEY_CTX_set_params(ctx, params);
131 int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qbits)
134 OSSL_PARAM params[2], *p = params;
135 size_t bits2 = qbits;
137 if ((ret = dh_paramgen_check(ctx)) <= 0)
140 /* TODO(3.0): Remove this eventually when no more legacy */
141 if (ctx->op.keymgmt.genctx == NULL)
142 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
143 EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, qbits,
145 *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2);
146 *p = OSSL_PARAM_construct_end();
148 return EVP_PKEY_CTX_set_params(ctx, params);
151 int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen)
154 OSSL_PARAM params[2], *p = params;
156 if ((ret = dh_paramgen_check(ctx)) <= 0)
159 /* TODO(3.0): Remove this eventually when no more legacy */
160 if (ctx->op.keymgmt.genctx == NULL)
161 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
162 EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL);
163 *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_DH_GENERATOR, &gen);
164 *p = OSSL_PARAM_construct_end();
166 return EVP_PKEY_CTX_set_params(ctx, params);
169 int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen)
172 OSSL_PARAM params[2], *p = params;
175 if ((ret = dh_paramgen_check(ctx)) <= 0)
178 /* TODO(3.0): Remove this eventually when no more legacy */
179 if (ctx->op.keymgmt.genctx == NULL)
180 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN,
181 EVP_PKEY_CTRL_DH_RFC5114, gen, NULL);
182 name = ffc_named_group_from_uid(gen);
186 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
188 *p = OSSL_PARAM_construct_end();
189 return EVP_PKEY_CTX_set_params(ctx, params);
192 int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen)
194 return EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen);
197 int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid)
200 OSSL_PARAM params[2], *p = params;
203 if ((ret = dh_paramgen_check(ctx)) <= 0)
206 /* TODO(3.0): Remove this eventually when no more legacy */
207 if (ctx->op.keymgmt.genctx == NULL)
208 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
209 EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
210 EVP_PKEY_CTRL_DH_NID, nid, NULL);
211 name = ffc_named_group_from_uid(nid);
215 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
217 *p = OSSL_PARAM_construct_end();
218 return EVP_PKEY_CTX_set_params(ctx, params);
221 int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf)
224 const char *kdf_type;
225 OSSL_PARAM params[2], *p = params;
227 ret = dh_param_derive_check(ctx);
231 /* TODO(3.0): Remove this eventually when no more legacy */
232 if (ctx->op.kex.exchprovctx == NULL)
233 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
234 EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL);
236 case EVP_PKEY_DH_KDF_NONE:
239 case EVP_PKEY_DH_KDF_X9_42:
240 kdf_type = OSSL_KDF_NAME_X942KDF;
245 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
247 * Cast away the const. This is read
248 * only so should be safe
250 (char *)kdf_type, 0);
251 *p = OSSL_PARAM_construct_end();
253 ret = evp_pkey_ctx_set_params_strict(ctx, params);
255 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
256 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
263 int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx)
266 char kdf_type[80]; /* 80 should be big enough */
267 OSSL_PARAM params[2], *p = params;
269 ret = dh_param_derive_check(ctx);
273 /* TODO(3.0): Remove this eventually when no more legacy */
274 if (ctx->op.kex.exchprovctx == NULL)
275 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
276 EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL);
277 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
278 kdf_type, sizeof(kdf_type));
279 *p = OSSL_PARAM_construct_end();
281 ret = evp_pkey_ctx_get_params_strict(ctx, params);
283 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
284 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
286 } else if (ret != 1) {
290 if (kdf_type[0] == '\0')
291 return EVP_PKEY_DH_KDF_NONE;
292 else if (strcmp(kdf_type, OSSL_KDF_NAME_X942KDF) == 0)
293 return EVP_PKEY_DH_KDF_X9_42;
298 int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid)
301 OSSL_PARAM params[2], *p = params;
302 const char *oid_name;
304 ret = dh_param_derive_check(ctx);
308 /* TODO(3.0): Remove this eventually when no more legacy */
309 if (ctx->op.kex.exchprovctx == NULL)
310 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
311 EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid));
312 oid_name = OBJ_nid2sn(OBJ_obj2nid(oid));
314 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
315 (char *)oid_name, 0);
316 *p = OSSL_PARAM_construct_end();
317 ret = evp_pkey_ctx_set_params_strict(ctx, params);
319 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
320 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
327 int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid)
330 OSSL_PARAM params[2], *p = params;
331 char oid_name[80]; /* 80 should be big enough */
333 ret = dh_param_derive_check(ctx);
337 /* TODO(3.0): Remove this eventually when no more legacy */
338 if (ctx->op.kex.exchprovctx == NULL)
339 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
340 EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(oid));
341 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
342 oid_name, sizeof(oid_name));
343 *p = OSSL_PARAM_construct_end();
345 ret = evp_pkey_ctx_get_params_strict(ctx, params);
347 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
348 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
350 } else if (ret != 1) {
353 nid = OBJ_sn2nid(oid_name);
354 if (nid == NID_undef)
355 nid = OBJ_ln2nid(oid_name);
356 *oid = (nid == NID_undef ? NULL : OBJ_nid2obj(nid));
360 int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
363 OSSL_PARAM params[2], *p = params;
364 const char *md_name = NULL;
366 ret = dh_param_derive_check(ctx);
370 /* TODO(3.0): Remove this eventually when no more legacy */
371 if (ctx->op.kex.exchprovctx == NULL)
372 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
373 EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md));
374 md_name = (md == NULL) ? "" : EVP_MD_name(md);
376 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
378 * Cast away the const. This is read
379 * only so should be safe
382 *p = OSSL_PARAM_construct_end();
384 ret = evp_pkey_ctx_set_params_strict(ctx, params);
386 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
387 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
393 int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd)
396 char name[80] = ""; /* 80 should be big enough */
397 OSSL_PARAM params[2], *p = params;
399 ret = dh_param_derive_check(ctx);
403 /* TODO(3.0): Remove this eventually when no more legacy */
404 if (ctx->op.kex.exchprovctx == NULL)
405 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
406 EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd));
407 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
409 *p = OSSL_PARAM_construct_end();
411 ret = evp_pkey_ctx_get_params_strict(ctx, params);
413 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
414 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
416 } else if (ret != 1) {
420 /* May be NULL meaning "unknown" */
421 *pmd = EVP_get_digestbyname(name);
426 int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int inlen)
430 OSSL_PARAM params[2], *p = params;
432 ret = dh_param_derive_check(ctx);
436 /* TODO(3.0): Remove this eventually when no more legacy */
437 if (ctx->op.kex.exchprovctx == NULL)
438 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
439 EVP_PKEY_CTRL_DH_KDF_OUTLEN, inlen, NULL);
442 * This would ideally be -1 or 0, but we have to retain compatibility
443 * with legacy behaviour of EVP_PKEY_CTX_ctrl() which returned -2 if
449 *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
451 *p = OSSL_PARAM_construct_end();
453 ret = evp_pkey_ctx_set_params_strict(ctx, params);
455 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
456 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
462 int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *plen)
465 size_t len = UINT_MAX;
466 OSSL_PARAM params[2], *p = params;
468 ret = dh_param_derive_check(ctx);
472 /* TODO(3.0): Remove this eventually when no more legacy */
473 if (ctx->op.kex.exchprovctx == NULL)
474 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
475 EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0,
477 *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
479 *p = OSSL_PARAM_construct_end();
481 ret = evp_pkey_ctx_get_params_strict(ctx, params);
483 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
484 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
486 } else if (ret != 1) {
498 int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len)
501 OSSL_PARAM params[2], *p = params;
506 ret = dh_param_derive_check(ctx);
510 /* TODO(3.0): Remove this eventually when no more legacy */
511 if (ctx->op.kex.exchprovctx == NULL)
512 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
513 EVP_PKEY_CTRL_DH_KDF_UKM, len, (void *)(ukm));
515 *p++ = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM,
517 * Cast away the const. This is read
518 * only so should be safe
522 *p = OSSL_PARAM_construct_end();
524 ret = evp_pkey_ctx_set_params_strict(ctx, params);
526 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
527 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
535 int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm)
539 OSSL_PARAM params[3], *p = params;
541 ret = dh_param_derive_check(ctx);
545 /* TODO(3.0): Remove this eventually when no more legacy */
546 if (ctx->op.kex.exchprovctx == NULL)
547 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
548 EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(pukm));
550 *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_EXCHANGE_PARAM_KDF_UKM,
552 *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_UKM_LEN,
554 *p = OSSL_PARAM_construct_end();
556 ret = evp_pkey_ctx_get_params_strict(ctx, params);
558 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
559 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
561 } else if (ret != 1) {
565 if (ukmlen > INT_MAX)