2020-02-06 20:28:36 +08:00
|
|
|
/*
|
2021-06-17 20:24:59 +08:00
|
|
|
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
2020-02-06 20:28:36 +08:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "internal/ffc.h"
|
|
|
|
|
|
|
|
/*
|
|
|
|
* SP800-56Ar3 5.6.1.1.4 Key pair generation by testing candidates.
|
|
|
|
* Generates a private key in the interval [1, min(2 ^ N - 1, q - 1)].
|
|
|
|
*
|
|
|
|
* ctx must be set up with a libctx (for fips mode).
|
|
|
|
* params contains the FFC domain parameters p, q and g (for DH or DSA).
|
|
|
|
* N is the maximum bit length of the generated private key,
|
|
|
|
* s is the security strength.
|
|
|
|
* priv_key is the returned private key,
|
|
|
|
*/
|
ffc: add _ossl to exported but internal functions
The functions updated are:
ffc_generate_private_key, ffc_named_group_from_uid,
ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify,
ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate,
ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate,
ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp,
ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name,
ffc_params_flags_to_name, ffc_params_fromdata,
ffc_params_get0_pqg, ffc_params_get_validate_params,
ffc_params_init, ffc_params_print, ffc_params_set0_j,
ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex,
ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed,
ffc_params_set_validate_params, ffc_params_simple_validate,
ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest,
ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key
and ffc_validate_public_key_partial.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13041)
2020-09-30 13:07:24 +08:00
|
|
|
int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params,
|
|
|
|
int N, int s, BIGNUM *priv)
|
2020-02-16 11:03:46 +08:00
|
|
|
{
|
2020-03-07 05:47:58 +08:00
|
|
|
int ret = 0, qbits = BN_num_bits(params->q);
|
2020-02-06 20:28:36 +08:00
|
|
|
BIGNUM *m, *two_powN = NULL;
|
|
|
|
|
2020-03-07 05:47:58 +08:00
|
|
|
/* Deal with the edge case where the value of N is not set */
|
2020-04-20 09:07:38 +08:00
|
|
|
if (N == 0)
|
2020-03-07 05:47:58 +08:00
|
|
|
N = qbits;
|
2020-04-20 09:07:38 +08:00
|
|
|
if (s == 0)
|
2020-03-07 05:47:58 +08:00
|
|
|
s = N / 2;
|
2020-04-20 09:07:38 +08:00
|
|
|
|
|
|
|
/* Step (2) : check range of N */
|
|
|
|
if (N < 2 * s || N > qbits)
|
|
|
|
return 0;
|
2020-03-07 05:47:58 +08:00
|
|
|
|
2020-02-06 20:28:36 +08:00
|
|
|
two_powN = BN_new();
|
|
|
|
/* 2^N */
|
|
|
|
if (two_powN == NULL || !BN_lshift(two_powN, BN_value_one(), N))
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
/* Step (5) : M = min(2 ^ N, q) */
|
|
|
|
m = (BN_cmp(two_powN, params->q) > 0) ? params->q : two_powN;
|
2020-03-07 05:47:58 +08:00
|
|
|
|
2020-02-06 20:28:36 +08:00
|
|
|
do {
|
|
|
|
/* Steps (3, 4 & 7) : c + 1 = 1 + random[0..2^N - 1] */
|
2021-05-28 12:46:40 +08:00
|
|
|
if (!BN_priv_rand_range_ex(priv, two_powN, 0, ctx)
|
2020-02-06 20:28:36 +08:00
|
|
|
|| !BN_add_word(priv, 1))
|
|
|
|
goto err;
|
|
|
|
/* Step (6) : loop if c > M - 2 (i.e. c + 1 >= M) */
|
|
|
|
if (BN_cmp(priv, m) < 0)
|
|
|
|
break;
|
|
|
|
} while (1);
|
|
|
|
|
|
|
|
ret = 1;
|
|
|
|
err:
|
|
|
|
BN_free(two_powN);
|
|
|
|
return ret;
|
|
|
|
}
|