2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * DH low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
16 #include <string.h> /* strcmp */
17 #include <openssl/core_numbers.h>
18 #include <openssl/core_names.h>
19 #include <openssl/bn.h>
20 #include <openssl/err.h>
21 #include "prov/implementations.h"
22 #include "prov/providercommon.h"
23 #include "prov/provider_ctx.h"
24 #include "crypto/dh.h"
25 #include "internal/sizes.h"
26 #include "internal/nelem.h"
27 #include "internal/param_build_set.h"
29 static OSSL_OP_keymgmt_new_fn dh_newdata;
30 static OSSL_OP_keymgmt_free_fn dh_freedata;
31 static OSSL_OP_keymgmt_gen_init_fn dh_gen_init;
32 static OSSL_OP_keymgmt_gen_set_template_fn dh_gen_set_template;
33 static OSSL_OP_keymgmt_gen_set_params_fn dh_gen_set_params;
34 static OSSL_OP_keymgmt_gen_settable_params_fn dh_gen_settable_params;
35 static OSSL_OP_keymgmt_gen_fn dh_gen;
36 static OSSL_OP_keymgmt_gen_cleanup_fn dh_gen_cleanup;
37 static OSSL_OP_keymgmt_get_params_fn dh_get_params;
38 static OSSL_OP_keymgmt_gettable_params_fn dh_gettable_params;
39 static OSSL_OP_keymgmt_has_fn dh_has;
40 static OSSL_OP_keymgmt_match_fn dh_match;
41 static OSSL_OP_keymgmt_validate_fn dh_validate;
42 static OSSL_OP_keymgmt_import_fn dh_import;
43 static OSSL_OP_keymgmt_import_types_fn dh_import_types;
44 static OSSL_OP_keymgmt_export_fn dh_export;
45 static OSSL_OP_keymgmt_export_types_fn dh_export_types;
47 #define DH_POSSIBLE_SELECTIONS \
48 (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)
53 FFC_PARAMS *ffc_params;
55 /* All these parameters are used for parameter generation only */
56 /* If there is a group name then the remaining parameters are not needed */
61 unsigned char *seed; /* optional FIPS186-4 param for testing */
63 int gindex; /* optional FIPS186-4 generator index (ignored if -1) */
64 int gen_type; /* see dhtype2id */
65 int generator; /* Used by DH_PARAMGEN_TYPE_GENERATOR in non fips mode only */
74 typedef struct dh_name2id_st{
79 static const DH_GENTYPE_NAME2ID dhtype2id[]=
81 { "default", DH_PARAMGEN_TYPE_FIPS_186_4 },
82 { "fips186_4", DH_PARAMGEN_TYPE_FIPS_186_4 },
83 { "fips186_2", DH_PARAMGEN_TYPE_FIPS_186_2 },
84 { "group", DH_PARAMGEN_TYPE_GROUP },
85 { "generator", DH_PARAMGEN_TYPE_GENERATOR }
88 const char *dh_gen_type_id2name(int id)
92 for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
93 if (dhtype2id[i].id == id)
94 return dhtype2id[i].name;
99 static int dh_gen_type_name2id(const char *name)
103 for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
104 if (strcmp(dhtype2id[i].name, name) == 0)
105 return dhtype2id[i].id;
110 static int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
112 const BIGNUM *priv = NULL, *pub = NULL;
117 DH_get0_key(dh, &pub, &priv);
119 && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PRIV_KEY, priv))
122 && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PUB_KEY, pub))
128 static void *dh_newdata(void *provctx)
130 return dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx));
133 static void dh_freedata(void *keydata)
138 static int dh_has(void *keydata, int selection)
144 if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
147 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
148 ok = ok && (DH_get0_pub_key(dh) != NULL);
149 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
150 ok = ok && (DH_get0_priv_key(dh) != NULL);
151 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
152 ok = ok && (DH_get0_p(dh) != NULL && DH_get0_g(dh) != NULL);
157 static int dh_match(const void *keydata1, const void *keydata2, int selection)
159 const DH *dh1 = keydata1;
160 const DH *dh2 = keydata2;
163 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
164 ok = ok && BN_cmp(DH_get0_pub_key(dh1), DH_get0_pub_key(dh2)) == 0;
165 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
166 ok = ok && BN_cmp(DH_get0_priv_key(dh1), DH_get0_priv_key(dh2)) == 0;
167 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
168 FFC_PARAMS *dhparams1 = dh_get0_params((DH *)dh1);
169 FFC_PARAMS *dhparams2 = dh_get0_params((DH *)dh2);
171 ok = ok && ffc_params_cmp(dhparams1, dhparams2, 1);
176 static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
184 if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
187 if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
188 ok = ok && dh_ffc_params_fromdata(dh, params);
190 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
191 ok = ok && dh_key_fromdata(dh, params);
196 static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
200 OSSL_PARAM_BLD *tmpl = NULL;
201 OSSL_PARAM *params = NULL;
207 tmpl = OSSL_PARAM_BLD_new();
211 if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
212 ok = ok && ffc_params_todata(dh_get0_params(dh), tmpl, NULL);
213 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
214 ok = ok && dh_key_todata(dh, tmpl, NULL);
217 || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
221 ok = param_cb(params, cbarg);
222 OSSL_PARAM_BLD_free_params(params);
224 OSSL_PARAM_BLD_free(tmpl);
228 /* IMEXPORT = IMPORT + EXPORT */
230 # define DH_IMEXPORTABLE_PARAMETERS \
231 OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \
232 OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), \
233 OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), \
234 OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0), \
235 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \
236 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \
237 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \
238 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0), \
239 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0)
240 # define DH_IMEXPORTABLE_PUBLIC_KEY \
241 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
242 # define DH_IMEXPORTABLE_PRIVATE_KEY \
243 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
244 static const OSSL_PARAM dh_all_types[] = {
245 DH_IMEXPORTABLE_PARAMETERS,
246 DH_IMEXPORTABLE_PUBLIC_KEY,
247 DH_IMEXPORTABLE_PRIVATE_KEY,
250 static const OSSL_PARAM dh_parameter_types[] = {
251 DH_IMEXPORTABLE_PARAMETERS,
254 static const OSSL_PARAM dh_key_types[] = {
255 DH_IMEXPORTABLE_PUBLIC_KEY,
256 DH_IMEXPORTABLE_PRIVATE_KEY,
259 static const OSSL_PARAM *dh_types[] = {
260 NULL, /* Index 0 = none of them */
261 dh_parameter_types, /* Index 1 = parameter types */
262 dh_key_types, /* Index 2 = key types */
263 dh_all_types /* Index 3 = 1 + 2 */
266 static const OSSL_PARAM *dh_imexport_types(int selection)
270 if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
272 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
274 return dh_types[type_select];
277 static const OSSL_PARAM *dh_import_types(int selection)
279 return dh_imexport_types(selection);
282 static const OSSL_PARAM *dh_export_types(int selection)
284 return dh_imexport_types(selection);
287 static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])
292 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
293 && !OSSL_PARAM_set_int(p, DH_bits(dh)))
295 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
296 && !OSSL_PARAM_set_int(p, DH_security_bits(dh)))
298 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
299 && !OSSL_PARAM_set_int(p, DH_size(dh)))
301 return ffc_params_todata(dh_get0_params(dh), NULL, params)
302 && dh_key_todata(dh, NULL, params);
305 static const OSSL_PARAM dh_params[] = {
306 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
307 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
308 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
309 DH_IMEXPORTABLE_PARAMETERS,
310 DH_IMEXPORTABLE_PUBLIC_KEY,
311 DH_IMEXPORTABLE_PRIVATE_KEY,
315 static const OSSL_PARAM *dh_gettable_params(void)
320 static int dh_validate_public(DH *dh)
322 const BIGNUM *pub_key = NULL;
324 DH_get0_key(dh, &pub_key, NULL);
327 return DH_check_pub_key_ex(dh, pub_key);
330 static int dh_validate_private(DH *dh)
333 const BIGNUM *priv_key = NULL;
335 DH_get0_key(dh, NULL, &priv_key);
336 if (priv_key == NULL)
338 return dh_check_priv_key(dh, priv_key, &status);;
341 static int dh_validate(void *keydata, int selection)
346 if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
349 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
350 ok = ok && DH_check_params_ex(dh);
352 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
353 ok = ok && dh_validate_public(dh);
355 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
356 ok = ok && dh_validate_private(dh);
358 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
359 == OSSL_KEYMGMT_SELECT_KEYPAIR)
360 ok = ok && dh_check_pairwise(dh);
364 static void *dh_gen_init(void *provctx, int selection)
366 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
367 struct dh_gen_ctx *gctx = NULL;
369 if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
370 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
373 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
374 gctx->selection = selection;
375 gctx->libctx = libctx;
379 gctx->gen_type = DH_PARAMGEN_TYPE_FIPS_186_4;
383 gctx->generator = DH_GENERATOR_2;
388 static int dh_gen_set_template(void *genctx, void *templ)
390 struct dh_gen_ctx *gctx = genctx;
393 if (gctx == NULL || dh == NULL)
395 gctx->ffc_params = dh_get0_params(dh);
399 static int dh_set_gen_seed(struct dh_gen_ctx *gctx, unsigned char *seed,
402 OPENSSL_clear_free(gctx->seed, gctx->seedlen);
405 if (seed != NULL && seedlen > 0) {
406 gctx->seed = OPENSSL_memdup(seed, seedlen);
407 if (gctx->seed == NULL)
409 gctx->seedlen = seedlen;
414 static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
416 struct dh_gen_ctx *gctx = genctx;
422 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE);
424 if (p->data_type != OSSL_PARAM_UTF8_STRING
425 || ((gctx->gen_type = dh_gen_type_name2id(p->data)) == -1)) {
426 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
430 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GROUP);
432 if (p->data_type != OSSL_PARAM_UTF8_STRING
433 || ((gctx->group_nid = ffc_named_group_to_uid(p->data)) == NID_undef)) {
434 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
437 gctx->gen_type = DH_PARAMGEN_TYPE_GROUP;
439 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GENERATOR);
440 if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->generator))
442 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX);
443 if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->gindex))
445 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER);
446 if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->pcounter))
448 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);
449 if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->hindex))
451 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED);
453 && (p->data_type != OSSL_PARAM_OCTET_STRING
454 || !dh_set_gen_seed(gctx, p->data, p->data_size)))
457 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PBITS)) != NULL
458 && !OSSL_PARAM_get_size_t(p, &gctx->pbits))
460 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_QBITS)) != NULL
461 && !OSSL_PARAM_get_size_t(p, &gctx->qbits))
463 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST);
465 const OSSL_PARAM *p1;
466 char mdprops[OSSL_MAX_PROPQUERY_SIZE] = { '\0' };
469 if (p->data_type != OSSL_PARAM_UTF8_STRING)
471 p1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);
473 && !OSSL_PARAM_get_utf8_string(p1, &str, sizeof(mdprops)))
475 EVP_MD_free(gctx->md);
476 gctx->md = EVP_MD_fetch(gctx->libctx, p->data, mdprops);
477 if (gctx->md == NULL)
480 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
481 if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->priv_len))
486 static const OSSL_PARAM *dh_gen_settable_params(void *provctx)
488 static OSSL_PARAM settable[] = {
489 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0),
490 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
491 OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),
492 OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL),
493 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, NULL, 0),
494 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0),
495 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL),
496 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0),
497 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GENERATOR, NULL),
498 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),
499 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),
500 OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),
506 static int dh_gencb(int p, int n, BN_GENCB *cb)
508 struct dh_gen_ctx *gctx = BN_GENCB_get_arg(cb);
509 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
511 params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p);
512 params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n);
514 return gctx->cb(params, gctx->cbarg);
517 static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
520 struct dh_gen_ctx *gctx = genctx;
522 BN_GENCB *gencb = NULL;
528 /* For parameter generation - If there is a group name just create it */
529 if (gctx->gen_type == DH_PARAMGEN_TYPE_GROUP) {
530 /* Select a named group if there is not one already */
531 if (gctx->group_nid == NID_undef)
532 gctx->group_nid = dh_get_named_group_uid_from_size(gctx->pbits);
533 if (gctx->group_nid == NID_undef)
535 dh = dh_new_by_nid_with_libctx(gctx->libctx, gctx->group_nid);
538 ffc = dh_get0_params(dh);
540 dh = dh_new_with_libctx(gctx->libctx);
543 ffc = dh_get0_params(dh);
545 /* Copy the template value if one was passed */
546 if (gctx->ffc_params != NULL
547 && !ffc_params_copy(ffc, gctx->ffc_params))
550 if (!ffc_params_set_seed(ffc, gctx->seed, gctx->seedlen))
552 if (gctx->gindex != -1) {
553 ffc_params_set_gindex(ffc, gctx->gindex);
554 if (gctx->pcounter != -1)
555 ffc_params_set_pcounter(ffc, gctx->pcounter);
556 } else if (gctx->hindex != 0) {
557 ffc_params_set_h(ffc, gctx->hindex);
561 gencb = BN_GENCB_new();
563 BN_GENCB_set(gencb, dh_gencb, genctx);
565 if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
567 * NOTE: The old safe prime generator code is not used in fips mode,
568 * (i.e internally it ignores the generator and chooses a named
569 * group based on pbits.
571 if (gctx->gen_type == DH_PARAMGEN_TYPE_GENERATOR)
572 ret = DH_generate_parameters_ex(dh, gctx->pbits,
573 gctx->generator, gencb);
575 ret = dh_generate_ffc_parameters(dh, gctx->gen_type, gctx->pbits,
576 gctx->qbits, gctx->md, gencb);
582 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
583 if (ffc->p == NULL || ffc->g == NULL)
585 if (gctx->priv_len > 0)
586 DH_set_length(dh, (long)gctx->priv_len);
587 if (DH_generate_key(dh) <= 0)
596 BN_GENCB_free(gencb);
600 static void dh_gen_cleanup(void *genctx)
602 struct dh_gen_ctx *gctx = genctx;
607 OPENSSL_clear_free(gctx->seed, gctx->seedlen);
608 EVP_MD_free(gctx->md);
612 const OSSL_DISPATCH dh_keymgmt_functions[] = {
613 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dh_newdata },
614 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dh_gen_init },
615 { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dh_gen_set_template },
616 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dh_gen_set_params },
617 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
618 (void (*)(void))dh_gen_settable_params },
619 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dh_gen },
620 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dh_gen_cleanup },
621 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata },
622 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params },
623 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params },
624 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has },
625 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dh_match },
626 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dh_validate },
627 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dh_import },
628 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dh_import_types },
629 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export },
630 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dh_export_types },
projects / openssl.git / blob