2015-01-22 11:40:55 +08:00
|
|
|
/*
|
2021-03-11 21:27:36 +08:00
|
|
|
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
|
2006-03-21 02:37:40 +08:00
|
|
|
*
|
2018-12-06 20:36:05 +08:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 03:38:09 +08:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
|
* https://www.openssl.org/source/license.html
|
2006-03-21 02:37:40 +08:00
|
|
|
*/
|
|
|
|
|
|
2020-02-03 17:05:31 +08:00
|
|
|
/*
|
|
|
|
|
* DH low level APIs are deprecated for public use, but still ok for
|
|
|
|
|
* internal use.
|
|
|
|
|
*/
|
|
|
|
|
#include "internal/deprecated.h"
|
|
|
|
|
|
2006-03-21 02:37:40 +08:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <openssl/x509.h>
|
|
|
|
|
#include <openssl/asn1.h>
|
2008-03-17 05:05:46 +08:00
|
|
|
#include <openssl/bn.h>
|
2019-07-07 16:56:46 +08:00
|
|
|
#include <openssl/core_names.h>
|
2020-04-15 19:02:52 +08:00
|
|
|
#include <openssl/param_build.h>
|
2020-03-23 12:40:47 +08:00
|
|
|
#include "internal/ffc.h"
|
2020-10-06 23:02:43 +08:00
|
|
|
#include "internal/cryptlib.h"
|
|
|
|
|
#include "crypto/asn1.h"
|
|
|
|
|
#include "crypto/dh.h"
|
|
|
|
|
#include "crypto/evp.h"
|
|
|
|
|
#include "dh_local.h"
|
2006-03-21 02:37:40 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
/*
|
|
|
|
|
* i2d/d2i like DH parameter functions which use the appropriate routine for
|
|
|
|
|
* PKCS#3 DH or X9.42 DH.
|
2011-12-07 08:32:34 +08:00
|
|
|
*/
|
|
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp,
|
|
|
|
|
long length)
|
|
|
|
|
{
|
2020-08-04 09:39:49 +08:00
|
|
|
DH *dh = NULL;
|
2021-03-09 07:48:16 +08:00
|
|
|
int is_dhx = (pkey->ameth == &ossl_dhx_asn1_meth);
|
2020-08-04 09:39:49 +08:00
|
|
|
|
|
|
|
|
if (is_dhx)
|
|
|
|
|
dh = d2i_DHxparams(NULL, pp, length);
|
|
|
|
|
else
|
|
|
|
|
dh = d2i_DHparams(NULL, pp, length);
|
|
|
|
|
|
|
|
|
|
return dh;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2011-12-07 08:32:34 +08:00
|
|
|
|
|
|
|
|
static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2021-03-09 07:48:16 +08:00
|
|
|
if (pkey->ameth == &ossl_dhx_asn1_meth)
|
2015-01-22 11:40:55 +08:00
|
|
|
return i2d_DHxparams(a, pp);
|
|
|
|
|
return i2d_DHparams(a, pp);
|
|
|
|
|
}
|
2011-12-07 08:32:34 +08:00
|
|
|
|
2006-03-21 02:37:40 +08:00
|
|
|
static void int_dh_free(EVP_PKEY *pkey)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
|
DH_free(pkey->pkey.dh);
|
|
|
|
|
}
|
2006-03-21 02:37:40 +08:00
|
|
|
|
2020-05-25 00:28:06 +08:00
|
|
|
static int dh_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
|
const unsigned char *p, *pm;
|
|
|
|
|
int pklen, pmlen;
|
|
|
|
|
int ptype;
|
2016-08-17 03:18:04 +08:00
|
|
|
const void *pval;
|
|
|
|
|
const ASN1_STRING *pstr;
|
2015-01-22 11:40:55 +08:00
|
|
|
X509_ALGOR *palg;
|
|
|
|
|
ASN1_INTEGER *public_key = NULL;
|
|
|
|
|
|
|
|
|
|
DH *dh = NULL;
|
|
|
|
|
|
|
|
|
|
if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
|
|
|
|
|
return 0;
|
|
|
|
|
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
|
|
|
|
|
|
|
|
|
|
if (ptype != V_ASN1_SEQUENCE) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, DH_R_PARAMETER_ENCODING_ERROR);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pstr = pval;
|
|
|
|
|
pm = pstr->data;
|
|
|
|
|
pmlen = pstr->length;
|
|
|
|
|
|
2015-05-07 01:43:59 +08:00
|
|
|
if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, DH_R_DECODE_ERROR);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-07 01:43:59 +08:00
|
|
|
if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, DH_R_DECODE_ERROR);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We have parameters now set public key */
|
2015-05-07 01:43:59 +08:00
|
|
|
if ((dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, DH_R_BN_DECODE_ERROR);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ASN1_INTEGER_free(public_key);
|
|
|
|
|
EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
err:
|
2015-04-30 23:30:03 +08:00
|
|
|
ASN1_INTEGER_free(public_key);
|
2015-03-24 22:17:37 +08:00
|
|
|
DH_free(dh);
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
2006-04-13 07:06:10 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
|
|
|
|
|
{
|
|
|
|
|
DH *dh;
|
|
|
|
|
int ptype;
|
|
|
|
|
unsigned char *penc = NULL;
|
|
|
|
|
int penclen;
|
|
|
|
|
ASN1_STRING *str;
|
|
|
|
|
ASN1_INTEGER *pub_key = NULL;
|
|
|
|
|
|
|
|
|
|
dh = pkey->pkey.dh;
|
|
|
|
|
|
|
|
|
|
str = ASN1_STRING_new();
|
2015-10-30 19:12:26 +08:00
|
|
|
if (str == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
|
2015-03-12 04:08:16 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
str->length = i2d_dhp(pkey, dh, &str->data);
|
|
|
|
|
if (str->length <= 0) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
ptype = V_ASN1_SEQUENCE;
|
|
|
|
|
|
|
|
|
|
pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
|
2019-09-17 03:28:57 +08:00
|
|
|
if (pub_key == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
penclen = i2d_ASN1_INTEGER(pub_key, &penc);
|
|
|
|
|
|
|
|
|
|
ASN1_INTEGER_free(pub_key);
|
|
|
|
|
|
|
|
|
|
if (penclen <= 0) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
|
2015-03-12 04:08:16 +08:00
|
|
|
ptype, str, penc, penclen))
|
2015-01-22 11:40:55 +08:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
err:
|
2015-05-01 22:02:07 +08:00
|
|
|
OPENSSL_free(penc);
|
2015-03-24 19:52:24 +08:00
|
|
|
ASN1_STRING_free(str);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2006-04-13 07:06:10 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
/*
|
|
|
|
|
* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that
|
|
|
|
|
* the AlgorithmIdentifier contains the parameters, the private key is
|
2016-02-06 04:23:54 +08:00
|
|
|
* explicitly included and the pubkey must be recalculated.
|
2015-01-22 11:40:55 +08:00
|
|
|
*/
|
2006-04-13 07:06:10 +08:00
|
|
|
|
2016-08-17 07:21:55 +08:00
|
|
|
static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
|
const unsigned char *p, *pm;
|
|
|
|
|
int pklen, pmlen;
|
|
|
|
|
int ptype;
|
2016-08-17 03:18:04 +08:00
|
|
|
const void *pval;
|
|
|
|
|
const ASN1_STRING *pstr;
|
2016-08-17 07:21:55 +08:00
|
|
|
const X509_ALGOR *palg;
|
2015-01-22 11:40:55 +08:00
|
|
|
ASN1_INTEGER *privkey = NULL;
|
|
|
|
|
DH *dh = NULL;
|
|
|
|
|
|
|
|
|
|
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
|
|
|
|
|
|
|
|
|
|
if (ptype != V_ASN1_SEQUENCE)
|
|
|
|
|
goto decerr;
|
2015-05-07 01:43:59 +08:00
|
|
|
if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
goto decerr;
|
|
|
|
|
|
|
|
|
|
pstr = pval;
|
|
|
|
|
pm = pstr->data;
|
|
|
|
|
pmlen = pstr->length;
|
2015-05-07 01:43:59 +08:00
|
|
|
if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
goto decerr;
|
2015-05-07 01:43:59 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
/* We have parameters now set private key */
|
2015-04-25 04:39:40 +08:00
|
|
|
if ((dh->priv_key = BN_secure_new()) == NULL
|
|
|
|
|
|| !ASN1_INTEGER_to_BN(privkey, dh->priv_key)) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, DH_R_BN_ERROR);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto dherr;
|
|
|
|
|
}
|
2019-07-07 16:56:46 +08:00
|
|
|
/* Calculate public key, increments dirty_cnt */
|
2015-01-22 11:40:55 +08:00
|
|
|
if (!DH_generate_key(dh))
|
|
|
|
|
goto dherr;
|
|
|
|
|
|
|
|
|
|
EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
|
|
|
|
|
|
2015-03-03 22:20:23 +08:00
|
|
|
ASN1_STRING_clear_free(privkey);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
decerr:
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, EVP_R_DECODE_ERROR);
|
2015-01-22 11:40:55 +08:00
|
|
|
dherr:
|
|
|
|
|
DH_free(dh);
|
2015-03-03 22:20:23 +08:00
|
|
|
ASN1_STRING_clear_free(privkey);
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
2006-04-13 07:06:10 +08:00
|
|
|
|
|
|
|
|
static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
|
|
|
|
|
{
|
2015-01-22 11:40:55 +08:00
|
|
|
ASN1_STRING *params = NULL;
|
|
|
|
|
ASN1_INTEGER *prkey = NULL;
|
|
|
|
|
unsigned char *dp = NULL;
|
|
|
|
|
int dplen;
|
|
|
|
|
|
|
|
|
|
params = ASN1_STRING_new();
|
|
|
|
|
|
2015-10-30 19:12:26 +08:00
|
|
|
if (params == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
params->length = i2d_dhp(pkey, pkey->pkey.dh, ¶ms->data);
|
|
|
|
|
if (params->length <= 0) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
params->type = V_ASN1_SEQUENCE;
|
|
|
|
|
|
|
|
|
|
/* Get private key into integer */
|
|
|
|
|
prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
|
|
|
|
|
|
2019-09-17 03:28:57 +08:00
|
|
|
if (prkey == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, DH_R_BN_ERROR);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dplen = i2d_ASN1_INTEGER(prkey, &dp);
|
|
|
|
|
|
2015-03-03 22:20:23 +08:00
|
|
|
ASN1_STRING_clear_free(prkey);
|
2015-01-08 10:21:01 +08:00
|
|
|
prkey = NULL;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
|
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
|
|
|
|
|
V_ASN1_SEQUENCE, params, dp, dplen))
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
err:
|
2015-05-01 22:02:07 +08:00
|
|
|
OPENSSL_free(dp);
|
2015-03-24 19:52:24 +08:00
|
|
|
ASN1_STRING_free(params);
|
2015-04-30 23:30:03 +08:00
|
|
|
ASN1_STRING_clear_free(prkey);
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
2006-04-13 07:06:10 +08:00
|
|
|
}
|
|
|
|
|
|
2006-03-28 22:35:32 +08:00
|
|
|
static int dh_param_decode(EVP_PKEY *pkey,
|
2015-01-22 11:40:55 +08:00
|
|
|
const unsigned char **pder, int derlen)
|
|
|
|
|
{
|
|
|
|
|
DH *dh;
|
2015-05-07 01:43:59 +08:00
|
|
|
|
2020-09-16 18:52:09 +08:00
|
|
|
if ((dh = d2i_dhp(pkey, pder, derlen)) == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
2019-07-07 16:56:46 +08:00
|
|
|
dh->dirty_cnt++;
|
2015-01-22 11:40:55 +08:00
|
|
|
EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2006-03-28 22:35:32 +08:00
|
|
|
|
|
|
|
|
static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
|
return i2d_dhp(pkey, pkey->pkey.dh, pder);
|
|
|
|
|
}
|
2006-03-28 22:35:32 +08:00
|
|
|
|
2016-02-14 11:33:56 +08:00
|
|
|
static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2015-05-02 02:29:48 +08:00
|
|
|
int reason = ERR_R_BUF_LIB;
|
2015-01-22 11:40:55 +08:00
|
|
|
const char *ktype = NULL;
|
|
|
|
|
BIGNUM *priv_key, *pub_key;
|
|
|
|
|
|
|
|
|
|
if (ptype == 2)
|
|
|
|
|
priv_key = x->priv_key;
|
|
|
|
|
else
|
|
|
|
|
priv_key = NULL;
|
|
|
|
|
|
|
|
|
|
if (ptype > 0)
|
|
|
|
|
pub_key = x->pub_key;
|
|
|
|
|
else
|
|
|
|
|
pub_key = NULL;
|
|
|
|
|
|
2020-01-24 12:09:33 +08:00
|
|
|
if (x->params.p == NULL || (ptype == 2 && priv_key == NULL)
|
2016-05-27 20:55:47 +08:00
|
|
|
|| (ptype > 0 && pub_key == NULL)) {
|
2015-01-22 11:40:55 +08:00
|
|
|
reason = ERR_R_PASSED_NULL_PARAMETER;
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ptype == 2)
|
|
|
|
|
ktype = "DH Private-Key";
|
|
|
|
|
else if (ptype == 1)
|
|
|
|
|
ktype = "DH Public-Key";
|
|
|
|
|
else
|
|
|
|
|
ktype = "DH Parameters";
|
|
|
|
|
|
2020-01-06 09:21:14 +08:00
|
|
|
if (!BIO_indent(bp, indent, 128)
|
2020-01-24 12:09:33 +08:00
|
|
|
|| BIO_printf(bp, "%s: (%d bit)\n", ktype, DH_bits(x)) <= 0)
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
indent += 4;
|
|
|
|
|
|
2016-02-14 11:33:56 +08:00
|
|
|
if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent))
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
2016-02-14 11:33:56 +08:00
|
|
|
if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent))
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
|
ffc: add _ossl to exported but internal functions
The functions updated are:
ffc_generate_private_key, ffc_named_group_from_uid,
ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify,
ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate,
ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate,
ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp,
ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name,
ffc_params_flags_to_name, ffc_params_fromdata,
ffc_params_get0_pqg, ffc_params_get_validate_params,
ffc_params_init, ffc_params_print, ffc_params_set0_j,
ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex,
ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed,
ffc_params_set_validate_params, ffc_params_simple_validate,
ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest,
ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key
and ffc_validate_public_key_partial.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13041)
2020-09-30 13:07:24 +08:00
|
|
|
if (!ossl_ffc_params_print(bp, &x->params, indent))
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
2020-01-06 09:21:14 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (x->length != 0) {
|
2020-01-06 09:21:14 +08:00
|
|
|
if (!BIO_indent(bp, indent, 128)
|
|
|
|
|
|| BIO_printf(bp, "recommended-private-length: %d bits\n",
|
|
|
|
|
(int)x->length) <= 0)
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-02 02:29:48 +08:00
|
|
|
return 1;
|
|
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
err:
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, reason);
|
2015-05-02 02:29:48 +08:00
|
|
|
return 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-03-28 22:35:32 +08:00
|
|
|
|
2006-04-13 01:14:48 +08:00
|
|
|
static int int_dh_size(const EVP_PKEY *pkey)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2017-10-17 22:04:09 +08:00
|
|
|
return DH_size(pkey->pkey.dh);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-04-13 01:14:48 +08:00
|
|
|
|
|
|
|
|
static int dh_bits(const EVP_PKEY *pkey)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2020-01-24 12:09:33 +08:00
|
|
|
return DH_bits(pkey->pkey.dh);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-04-13 01:14:48 +08:00
|
|
|
|
2014-01-18 22:51:40 +08:00
|
|
|
static int dh_security_bits(const EVP_PKEY *pkey)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
|
return DH_security_bits(pkey->pkey.dh);
|
|
|
|
|
}
|
2014-01-18 22:51:40 +08:00
|
|
|
|
2006-04-14 04:16:56 +08:00
|
|
|
static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
ffc: add _ossl to exported but internal functions
The functions updated are:
ffc_generate_private_key, ffc_named_group_from_uid,
ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify,
ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate,
ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate,
ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp,
ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name,
ffc_params_flags_to_name, ffc_params_fromdata,
ffc_params_get0_pqg, ffc_params_get_validate_params,
ffc_params_init, ffc_params_print, ffc_params_set0_j,
ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex,
ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed,
ffc_params_set_validate_params, ffc_params_simple_validate,
ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest,
ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key
and ffc_validate_public_key_partial.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13041)
2020-09-30 13:07:24 +08:00
|
|
|
return ossl_ffc_params_cmp(&a->pkey.dh->params, &a->pkey.dh->params,
|
2021-03-09 07:48:16 +08:00
|
|
|
a->ameth != &ossl_dhx_asn1_meth);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-04-13 01:14:48 +08:00
|
|
|
|
2013-07-21 04:25:50 +08:00
|
|
|
static int int_dh_param_copy(DH *to, const DH *from, int is_x942)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
|
if (is_x942 == -1)
|
2020-01-24 12:09:33 +08:00
|
|
|
is_x942 = (from->params.q != NULL);
|
ffc: add _ossl to exported but internal functions
The functions updated are:
ffc_generate_private_key, ffc_named_group_from_uid,
ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify,
ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate,
ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate,
ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp,
ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name,
ffc_params_flags_to_name, ffc_params_fromdata,
ffc_params_get0_pqg, ffc_params_get_validate_params,
ffc_params_init, ffc_params_print, ffc_params_set0_j,
ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex,
ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed,
ffc_params_set_validate_params, ffc_params_simple_validate,
ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest,
ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key
and ffc_validate_public_key_partial.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13041)
2020-09-30 13:07:24 +08:00
|
|
|
if (!ossl_ffc_params_copy(&to->params, &from->params))
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
2020-01-24 12:09:33 +08:00
|
|
|
if (!is_x942)
|
2015-01-22 11:40:55 +08:00
|
|
|
to->length = from->length;
|
2019-07-07 16:56:46 +08:00
|
|
|
to->dirty_cnt++;
|
2015-01-22 11:40:55 +08:00
|
|
|
return 1;
|
|
|
|
|
}
|
2013-07-21 04:25:50 +08:00
|
|
|
|
2019-01-16 04:51:25 +08:00
|
|
|
DH *DHparams_dup(const DH *dh)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
|
DH *ret;
|
|
|
|
|
ret = DH_new();
|
2015-10-30 19:12:26 +08:00
|
|
|
if (ret == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
return NULL;
|
|
|
|
|
if (!int_dh_param_copy(ret, dh, -1)) {
|
|
|
|
|
DH_free(ret);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
2013-07-21 04:25:50 +08:00
|
|
|
|
|
|
|
|
static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2015-12-14 01:28:40 +08:00
|
|
|
if (to->pkey.dh == NULL) {
|
|
|
|
|
to->pkey.dh = DH_new();
|
|
|
|
|
if (to->pkey.dh == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
return int_dh_param_copy(to->pkey.dh, from->pkey.dh,
|
2021-03-09 07:48:16 +08:00
|
|
|
from->ameth == &ossl_dhx_asn1_meth);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2013-07-21 04:25:50 +08:00
|
|
|
|
2006-04-14 04:16:56 +08:00
|
|
|
static int dh_missing_parameters(const EVP_PKEY *a)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2020-01-24 12:09:33 +08:00
|
|
|
return a->pkey.dh == NULL
|
|
|
|
|
|| a->pkey.dh->params.p == NULL
|
|
|
|
|
|| a->pkey.dh->params.g == NULL;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-04-13 01:14:48 +08:00
|
|
|
|
|
|
|
|
static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
|
if (dh_cmp_parameters(a, b) == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
|
|
|
|
|
return 0;
|
|
|
|
|
else
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2006-04-13 01:14:48 +08:00
|
|
|
|
2006-03-28 22:35:32 +08:00
|
|
|
static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
|
2015-01-22 11:40:55 +08:00
|
|
|
ASN1_PCTX *ctx)
|
|
|
|
|
{
|
2016-02-14 11:33:56 +08:00
|
|
|
return do_dh_print(bp, pkey->pkey.dh, indent, 0);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-04-13 01:14:48 +08:00
|
|
|
|
|
|
|
|
static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
|
2015-01-22 11:40:55 +08:00
|
|
|
ASN1_PCTX *ctx)
|
|
|
|
|
{
|
2016-02-14 11:33:56 +08:00
|
|
|
return do_dh_print(bp, pkey->pkey.dh, indent, 1);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-04-13 01:14:48 +08:00
|
|
|
|
|
|
|
|
static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
|
2015-01-22 11:40:55 +08:00
|
|
|
ASN1_PCTX *ctx)
|
|
|
|
|
{
|
2016-02-14 11:33:56 +08:00
|
|
|
return do_dh_print(bp, pkey->pkey.dh, indent, 2);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-03-28 22:35:32 +08:00
|
|
|
|
|
|
|
|
int DHparams_print(BIO *bp, const DH *x)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2016-02-14 11:33:56 +08:00
|
|
|
return do_dh_print(bp, x, 4, 0);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-03-28 22:35:32 +08:00
|
|
|
|
2013-07-21 04:31:10 +08:00
|
|
|
static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
|
2019-01-25 23:34:49 +08:00
|
|
|
{
|
|
|
|
|
switch (op) {
|
|
|
|
|
case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
|
2021-03-02 23:52:00 +08:00
|
|
|
/* We should only be here if we have a legacy key */
|
|
|
|
|
if (!ossl_assert(evp_pkey_is_legacy(pkey)))
|
|
|
|
|
return 0;
|
|
|
|
|
return ossl_dh_buf2key(evp_pkey_get0_DH_int(pkey), arg2, arg1);
|
2019-01-25 23:34:49 +08:00
|
|
|
case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
|
Fix external symbols related to dh keys
Partial fix for #12964
This adds ossl_ names for the following symbols:
dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_generate_public_key,
dh_get_named_group_uid_from_size, dh_gen_type_id2name, dh_gen_type_name2id,
dh_cache_named_group, dh_get0_params, dh_get0_nid,
dh_params_fromdata, dh_key_fromdata, dh_params_todata, dh_key_todata,
dh_check_pub_key_partial, dh_check_priv_key, dh_check_pairwise,
dh_get_method, dh_buf2key, dh_key2buf, dh_KDF_X9_42_asn1,
dh_pkey_method, dhx_pkey_method
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-18 13:56:53 +08:00
|
|
|
return ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1);
|
2019-01-25 23:34:49 +08:00
|
|
|
default:
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int dhx_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
|
switch (op) {
|
|
|
|
|
default:
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-01 00:45:24 +08:00
|
|
|
static int dh_pkey_public_check(const EVP_PKEY *pkey)
|
|
|
|
|
{
|
|
|
|
|
DH *dh = pkey->pkey.dh;
|
|
|
|
|
|
|
|
|
|
if (dh->pub_key == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_DH, DH_R_MISSING_PUBKEY);
|
2017-11-01 00:45:24 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return DH_check_pub_key_ex(dh, dh->pub_key);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int dh_pkey_param_check(const EVP_PKEY *pkey)
|
|
|
|
|
{
|
|
|
|
|
DH *dh = pkey->pkey.dh;
|
|
|
|
|
|
|
|
|
|
return DH_check_ex(dh);
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-07 16:56:46 +08:00
|
|
|
static size_t dh_pkey_dirty_cnt(const EVP_PKEY *pkey)
|
|
|
|
|
{
|
|
|
|
|
return pkey->pkey.dh->dirty_cnt;
|
|
|
|
|
}
|
|
|
|
|
|
Redesign the KEYMGMT libcrypto <-> provider interface - the basics
The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:
1. provider side domain parameters and key data isn't mutable. In
other words, as soon as a key has been created in any (loaded,
imported data, ...), it's set in stone.
2. provider side domain parameters can be strictly separated from the
key data.
This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:
- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key
To remedy all this, we:
1. let go of the distinction between domain parameters and key
material proper in the libcrypto <-> provider interface.
As a consequence, functions that still need it gain a selection
argument, which is a set of bits that indicate what parts of the
key object are to be considered in a specific call. This allows
a reduction of very similar functions into one.
2. Rework the libcrypto <-> provider interface so provider side key
objects are created and destructed with a separate function, and
get their data filled and extracted in through import and export.
(future work will see other key object constructors and other
functions to fill them with data)
Fixes #10979
squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics
Remedy 1 needs a rewrite:
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
2020-02-03 01:56:07 +08:00
|
|
|
static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
|
2020-10-15 17:55:50 +08:00
|
|
|
EVP_KEYMGMT *to_keymgmt, OSSL_LIB_CTX *libctx,
|
2020-04-06 23:05:24 +08:00
|
|
|
const char *propq)
|
2019-07-07 16:56:46 +08:00
|
|
|
{
|
Redesign the KEYMGMT libcrypto <-> provider interface - the basics
The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:
1. provider side domain parameters and key data isn't mutable. In
other words, as soon as a key has been created in any (loaded,
imported data, ...), it's set in stone.
2. provider side domain parameters can be strictly separated from the
key data.
This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:
- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key
To remedy all this, we:
1. let go of the distinction between domain parameters and key
material proper in the libcrypto <-> provider interface.
As a consequence, functions that still need it gain a selection
argument, which is a set of bits that indicate what parts of the
key object are to be considered in a specific call. This allows
a reduction of very similar functions into one.
2. Rework the libcrypto <-> provider interface so provider side key
objects are created and destructed with a separate function, and
get their data filled and extracted in through import and export.
(future work will see other key object constructors and other
functions to fill them with data)
Fixes #10979
squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics
Remedy 1 needs a rewrite:
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
2020-02-03 01:56:07 +08:00
|
|
|
DH *dh = from->pkey.dh;
|
2020-03-26 07:28:01 +08:00
|
|
|
OSSL_PARAM_BLD *tmpl;
|
2019-07-07 16:56:46 +08:00
|
|
|
const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh);
|
2020-10-15 13:10:29 +08:00
|
|
|
long l = DH_get_length(dh);
|
2019-07-07 16:56:46 +08:00
|
|
|
const BIGNUM *pub_key = DH_get0_pub_key(dh);
|
|
|
|
|
const BIGNUM *priv_key = DH_get0_priv_key(dh);
|
2020-03-26 07:28:01 +08:00
|
|
|
OSSL_PARAM *params = NULL;
|
2020-03-20 05:29:10 +08:00
|
|
|
int selection = 0;
|
2020-03-26 07:28:01 +08:00
|
|
|
int rv = 0;
|
2019-07-07 16:56:46 +08:00
|
|
|
|
EVP: Check that key methods aren't foreign when exporting
The EVP_PKEY_ASN1_METHOD function export_to() must check that the key
we're trying to export has a known libcrypto method, i.e. is a built
in RSA_METHOD, DSA_METHOD, etc. Otherwise, the method may be defined
by the calling application, by an engine, by another library, and we
simply cannot know all the quirks hidden behind that method, if we
have access to the key data, or much anything.
Such keys are simply deemed impossible to export to provider keys,
i.e. have export_to() return 0. This cascades back to functions like
evp_pkey_export_to_provider() and evp_pkey_upgrade_to_provider() and
their callers. In most cases, this is fine, but if these get mixed in
with provider side keys in any function, that function will fail.
Fixes #11179
Fixes #9915
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11193)
2020-02-27 17:51:45 +08:00
|
|
|
/*
|
|
|
|
|
* If the DH method is foreign, then we can't be sure of anything, and
|
|
|
|
|
* can therefore not export or pretend to export.
|
|
|
|
|
*/
|
Fix external symbols related to dh keys
Partial fix for #12964
This adds ossl_ names for the following symbols:
dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_generate_public_key,
dh_get_named_group_uid_from_size, dh_gen_type_id2name, dh_gen_type_name2id,
dh_cache_named_group, dh_get0_params, dh_get0_nid,
dh_params_fromdata, dh_key_fromdata, dh_params_todata, dh_key_todata,
dh_check_pub_key_partial, dh_check_priv_key, dh_check_pairwise,
dh_get_method, dh_buf2key, dh_key2buf, dh_KDF_X9_42_asn1,
dh_pkey_method, dhx_pkey_method
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-18 13:56:53 +08:00
|
|
|
if (ossl_dh_get_method(dh) != DH_OpenSSL())
|
EVP: Check that key methods aren't foreign when exporting
The EVP_PKEY_ASN1_METHOD function export_to() must check that the key
we're trying to export has a known libcrypto method, i.e. is a built
in RSA_METHOD, DSA_METHOD, etc. Otherwise, the method may be defined
by the calling application, by an engine, by another library, and we
simply cannot know all the quirks hidden behind that method, if we
have access to the key data, or much anything.
Such keys are simply deemed impossible to export to provider keys,
i.e. have export_to() return 0. This cascades back to functions like
evp_pkey_export_to_provider() and evp_pkey_upgrade_to_provider() and
their callers. In most cases, this is fine, but if these get mixed in
with provider side keys in any function, that function will fail.
Fixes #11179
Fixes #9915
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11193)
2020-02-27 17:51:45 +08:00
|
|
|
return 0;
|
|
|
|
|
|
2019-09-04 17:58:59 +08:00
|
|
|
if (p == NULL || g == NULL)
|
Redesign the KEYMGMT libcrypto <-> provider interface - the basics
The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:
1. provider side domain parameters and key data isn't mutable. In
other words, as soon as a key has been created in any (loaded,
imported data, ...), it's set in stone.
2. provider side domain parameters can be strictly separated from the
key data.
This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:
- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key
To remedy all this, we:
1. let go of the distinction between domain parameters and key
material proper in the libcrypto <-> provider interface.
As a consequence, functions that still need it gain a selection
argument, which is a set of bits that indicate what parts of the
key object are to be considered in a specific call. This allows
a reduction of very similar functions into one.
2. Rework the libcrypto <-> provider interface so provider side key
objects are created and destructed with a separate function, and
get their data filled and extracted in through import and export.
(future work will see other key object constructors and other
functions to fill them with data)
Fixes #10979
squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics
Remedy 1 needs a rewrite:
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
2020-02-03 01:56:07 +08:00
|
|
|
return 0;
|
2019-07-07 16:56:46 +08:00
|
|
|
|
2020-03-26 07:28:01 +08:00
|
|
|
tmpl = OSSL_PARAM_BLD_new();
|
|
|
|
|
if (tmpl == NULL)
|
Redesign the KEYMGMT libcrypto <-> provider interface - the basics
The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:
1. provider side domain parameters and key data isn't mutable. In
other words, as soon as a key has been created in any (loaded,
imported data, ...), it's set in stone.
2. provider side domain parameters can be strictly separated from the
key data.
This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:
- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key
To remedy all this, we:
1. let go of the distinction between domain parameters and key
material proper in the libcrypto <-> provider interface.
As a consequence, functions that still need it gain a selection
argument, which is a set of bits that indicate what parts of the
key object are to be considered in a specific call. This allows
a reduction of very similar functions into one.
2. Rework the libcrypto <-> provider interface so provider side key
objects are created and destructed with a separate function, and
get their data filled and extracted in through import and export.
(future work will see other key object constructors and other
functions to fill them with data)
Fixes #10979
squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics
Remedy 1 needs a rewrite:
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
2020-02-03 01:56:07 +08:00
|
|
|
return 0;
|
2020-03-26 07:28:01 +08:00
|
|
|
if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
|
|
|
|
|
|| !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g))
|
|
|
|
|
goto err;
|
2019-07-07 16:56:46 +08:00
|
|
|
if (q != NULL) {
|
2020-03-26 07:28:01 +08:00
|
|
|
if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, q))
|
|
|
|
|
goto err;
|
2019-07-07 16:56:46 +08:00
|
|
|
}
|
2020-03-20 05:29:10 +08:00
|
|
|
selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
|
2020-10-15 13:10:29 +08:00
|
|
|
if (l > 0) {
|
|
|
|
|
if (!OSSL_PARAM_BLD_push_long(tmpl, OSSL_PKEY_PARAM_DH_PRIV_LEN, l))
|
|
|
|
|
goto err;
|
|
|
|
|
selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;
|
|
|
|
|
}
|
2020-03-20 05:29:10 +08:00
|
|
|
if (pub_key != NULL) {
|
2020-03-26 07:28:01 +08:00
|
|
|
if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
|
|
|
|
|
goto err;
|
2020-03-20 05:29:10 +08:00
|
|
|
selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
|
|
|
|
|
}
|
Redesign the KEYMGMT libcrypto <-> provider interface - the basics
The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:
1. provider side domain parameters and key data isn't mutable. In
other words, as soon as a key has been created in any (loaded,
imported data, ...), it's set in stone.
2. provider side domain parameters can be strictly separated from the
key data.
This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:
- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key
To remedy all this, we:
1. let go of the distinction between domain parameters and key
material proper in the libcrypto <-> provider interface.
As a consequence, functions that still need it gain a selection
argument, which is a set of bits that indicate what parts of the
key object are to be considered in a specific call. This allows
a reduction of very similar functions into one.
2. Rework the libcrypto <-> provider interface so provider side key
objects are created and destructed with a separate function, and
get their data filled and extracted in through import and export.
(future work will see other key object constructors and other
functions to fill them with data)
Fixes #10979
squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics
Remedy 1 needs a rewrite:
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
2020-02-03 01:56:07 +08:00
|
|
|
if (priv_key != NULL) {
|
2020-03-26 07:28:01 +08:00
|
|
|
if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
|
Redesign the KEYMGMT libcrypto <-> provider interface - the basics
The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:
1. provider side domain parameters and key data isn't mutable. In
other words, as soon as a key has been created in any (loaded,
imported data, ...), it's set in stone.
2. provider side domain parameters can be strictly separated from the
key data.
This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:
- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key
To remedy all this, we:
1. let go of the distinction between domain parameters and key
material proper in the libcrypto <-> provider interface.
As a consequence, functions that still need it gain a selection
argument, which is a set of bits that indicate what parts of the
key object are to be considered in a specific call. This allows
a reduction of very similar functions into one.
2. Rework the libcrypto <-> provider interface so provider side key
objects are created and destructed with a separate function, and
get their data filled and extracted in through import and export.
(future work will see other key object constructors and other
functions to fill them with data)
Fixes #10979
squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics
Remedy 1 needs a rewrite:
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
2020-02-03 01:56:07 +08:00
|
|
|
priv_key))
|
2020-03-26 07:28:01 +08:00
|
|
|
goto err;
|
2020-03-20 05:29:10 +08:00
|
|
|
selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
|
2019-07-07 16:56:46 +08:00
|
|
|
}
|
|
|
|
|
|
2020-03-26 07:28:01 +08:00
|
|
|
if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
|
|
|
|
|
goto err;
|
2019-07-07 16:56:46 +08:00
|
|
|
|
|
|
|
|
/* We export, the provider imports */
|
2020-03-20 05:29:10 +08:00
|
|
|
rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
|
2019-07-07 16:56:46 +08:00
|
|
|
|
2020-03-26 07:28:01 +08:00
|
|
|
OSSL_PARAM_BLD_free_params(params);
|
|
|
|
|
err:
|
|
|
|
|
OSSL_PARAM_BLD_free(tmpl);
|
Redesign the KEYMGMT libcrypto <-> provider interface - the basics
The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:
1. provider side domain parameters and key data isn't mutable. In
other words, as soon as a key has been created in any (loaded,
imported data, ...), it's set in stone.
2. provider side domain parameters can be strictly separated from the
key data.
This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:
- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key
To remedy all this, we:
1. let go of the distinction between domain parameters and key
material proper in the libcrypto <-> provider interface.
As a consequence, functions that still need it gain a selection
argument, which is a set of bits that indicate what parts of the
key object are to be considered in a specific call. This allows
a reduction of very similar functions into one.
2. Rework the libcrypto <-> provider interface so provider side key
objects are created and destructed with a separate function, and
get their data filled and extracted in through import and export.
(future work will see other key object constructors and other
functions to fill them with data)
Fixes #10979
squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics
Remedy 1 needs a rewrite:
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
2020-02-03 01:56:07 +08:00
|
|
|
return rv;
|
2019-07-07 16:56:46 +08:00
|
|
|
}
|
|
|
|
|
|
2020-08-04 09:39:49 +08:00
|
|
|
static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx,
|
|
|
|
|
int type)
|
2020-03-23 12:40:47 +08:00
|
|
|
{
|
2020-04-11 01:28:24 +08:00
|
|
|
EVP_PKEY_CTX *pctx = vpctx;
|
|
|
|
|
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
|
Fix external symbols related to dh keys
Partial fix for #12964
This adds ossl_ names for the following symbols:
dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_generate_public_key,
dh_get_named_group_uid_from_size, dh_gen_type_id2name, dh_gen_type_name2id,
dh_cache_named_group, dh_get0_params, dh_get0_nid,
dh_params_fromdata, dh_key_fromdata, dh_params_todata, dh_key_todata,
dh_check_pub_key_partial, dh_check_priv_key, dh_check_pairwise,
dh_get_method, dh_buf2key, dh_key2buf, dh_KDF_X9_42_asn1,
dh_pkey_method, dhx_pkey_method
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-18 13:56:53 +08:00
|
|
|
DH *dh = ossl_dh_new_ex(pctx->libctx);
|
2020-03-23 12:40:47 +08:00
|
|
|
|
|
|
|
|
if (dh == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2020-08-24 10:02:02 +08:00
|
|
|
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
|
|
|
|
|
DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX);
|
2020-03-23 12:40:47 +08:00
|
|
|
|
Fix external symbols related to dh keys
Partial fix for #12964
This adds ossl_ names for the following symbols:
dh_new_by_nid_ex, dh_new_ex, dh_generate_ffc_parameters, dh_generate_public_key,
dh_get_named_group_uid_from_size, dh_gen_type_id2name, dh_gen_type_name2id,
dh_cache_named_group, dh_get0_params, dh_get0_nid,
dh_params_fromdata, dh_key_fromdata, dh_params_todata, dh_key_todata,
dh_check_pub_key_partial, dh_check_priv_key, dh_check_pairwise,
dh_get_method, dh_buf2key, dh_key2buf, dh_KDF_X9_42_asn1,
dh_pkey_method, dhx_pkey_method
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-18 13:56:53 +08:00
|
|
|
if (!ossl_dh_params_fromdata(dh, params)
|
|
|
|
|
|| !ossl_dh_key_fromdata(dh, params)
|
2020-08-04 09:39:49 +08:00
|
|
|
|| !EVP_PKEY_assign(pkey, type, dh)) {
|
2020-03-23 12:40:47 +08:00
|
|
|
DH_free(dh);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-04 09:39:49 +08:00
|
|
|
static int dh_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
|
|
|
|
|
{
|
|
|
|
|
return dh_pkey_import_from_type(params, vpctx, EVP_PKEY_DH);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int dhx_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
|
|
|
|
|
{
|
|
|
|
|
return dh_pkey_import_from_type(params, vpctx, EVP_PKEY_DHX);
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-09 07:48:16 +08:00
|
|
|
const EVP_PKEY_ASN1_METHOD ossl_dh_asn1_meth = {
|
2015-01-22 11:40:55 +08:00
|
|
|
EVP_PKEY_DH,
|
|
|
|
|
EVP_PKEY_DH,
|
|
|
|
|
0,
|
|
|
|
|
|
|
|
|
|
"DH",
|
|
|
|
|
"OpenSSL PKCS#3 DH method",
|
|
|
|
|
|
|
|
|
|
dh_pub_decode,
|
|
|
|
|
dh_pub_encode,
|
|
|
|
|
dh_pub_cmp,
|
|
|
|
|
dh_public_print,
|
|
|
|
|
|
|
|
|
|
dh_priv_decode,
|
|
|
|
|
dh_priv_encode,
|
|
|
|
|
dh_private_print,
|
|
|
|
|
|
|
|
|
|
int_dh_size,
|
|
|
|
|
dh_bits,
|
|
|
|
|
dh_security_bits,
|
|
|
|
|
|
|
|
|
|
dh_param_decode,
|
|
|
|
|
dh_param_encode,
|
|
|
|
|
dh_missing_parameters,
|
|
|
|
|
dh_copy_parameters,
|
|
|
|
|
dh_cmp_parameters,
|
|
|
|
|
dh_param_print,
|
|
|
|
|
0,
|
|
|
|
|
|
|
|
|
|
int_dh_free,
|
2019-01-25 23:34:49 +08:00
|
|
|
dh_pkey_ctrl,
|
2017-11-01 00:45:24 +08:00
|
|
|
|
|
|
|
|
0, 0, 0, 0, 0,
|
|
|
|
|
|
|
|
|
|
0,
|
|
|
|
|
dh_pkey_public_check,
|
2019-07-07 16:56:46 +08:00
|
|
|
dh_pkey_param_check,
|
|
|
|
|
|
|
|
|
|
0, 0, 0, 0,
|
|
|
|
|
|
|
|
|
|
dh_pkey_dirty_cnt,
|
|
|
|
|
dh_pkey_export_to,
|
2020-03-23 12:40:47 +08:00
|
|
|
dh_pkey_import_from,
|
2015-01-22 11:40:55 +08:00
|
|
|
};
|
|
|
|
|
|
2021-03-09 07:48:16 +08:00
|
|
|
const EVP_PKEY_ASN1_METHOD ossl_dhx_asn1_meth = {
|
2015-01-22 11:40:55 +08:00
|
|
|
EVP_PKEY_DHX,
|
|
|
|
|
EVP_PKEY_DHX,
|
|
|
|
|
0,
|
|
|
|
|
|
|
|
|
|
"X9.42 DH",
|
|
|
|
|
"OpenSSL X9.42 DH method",
|
|
|
|
|
|
|
|
|
|
dh_pub_decode,
|
|
|
|
|
dh_pub_encode,
|
|
|
|
|
dh_pub_cmp,
|
|
|
|
|
dh_public_print,
|
|
|
|
|
|
|
|
|
|
dh_priv_decode,
|
|
|
|
|
dh_priv_encode,
|
|
|
|
|
dh_private_print,
|
|
|
|
|
|
|
|
|
|
int_dh_size,
|
|
|
|
|
dh_bits,
|
|
|
|
|
dh_security_bits,
|
|
|
|
|
|
|
|
|
|
dh_param_decode,
|
|
|
|
|
dh_param_encode,
|
|
|
|
|
dh_missing_parameters,
|
|
|
|
|
dh_copy_parameters,
|
|
|
|
|
dh_cmp_parameters,
|
|
|
|
|
dh_param_print,
|
|
|
|
|
0,
|
|
|
|
|
|
|
|
|
|
int_dh_free,
|
2019-01-25 23:34:49 +08:00
|
|
|
dhx_pkey_ctrl,
|
2017-11-01 00:45:24 +08:00
|
|
|
|
|
|
|
|
0, 0, 0, 0, 0,
|
|
|
|
|
|
|
|
|
|
0,
|
|
|
|
|
dh_pkey_public_check,
|
2020-08-04 09:39:49 +08:00
|
|
|
dh_pkey_param_check,
|
|
|
|
|
0, 0, 0, 0,
|
|
|
|
|
dh_pkey_dirty_cnt,
|
|
|
|
|
dh_pkey_export_to,
|
|
|
|
|
dhx_pkey_import_from,
|
2015-01-22 11:40:55 +08:00
|
|
|
};
|
