mirror of
https://github.com/openssl/openssl.git
synced 2024-12-09 05:51:54 +08:00
738ee1819e
DH_set0_pqg() is now responsible for caching the nid, q and length. DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1) when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation. The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p. Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names). The BIGNUMS were code generated. Fix error in documented return value for DH_get_nid Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11562)
173 lines
7.2 KiB
C
173 lines
7.2 KiB
C
/*
|
|
* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#ifndef OSSL_INTERNAL_FFC_H
|
|
# define OSSL_INTERNAL_FFC_H
|
|
|
|
# include <openssl/core.h>
|
|
# include <openssl/bn.h>
|
|
# include <openssl/evp.h>
|
|
# include <openssl/dh.h> /* Uses Error codes from DH */
|
|
# include <openssl/params.h>
|
|
# include <openssl/param_build.h>
|
|
|
|
/* Default value for gindex when canonical generation of g is not used */
|
|
# define FFC_UNVERIFIABLE_GINDEX -1
|
|
|
|
/* The different types of FFC keys */
|
|
# define FFC_PARAM_TYPE_DSA 0
|
|
# define FFC_PARAM_TYPE_DH 1
|
|
|
|
/* Return codes for generation and validation of FFC parameters */
|
|
#define FFC_PARAMS_RET_STATUS_FAILED 0
|
|
#define FFC_PARAMS_RET_STATUS_SUCCESS 1
|
|
/* Returned if validating and g is only partially verifiable */
|
|
#define FFC_PARAMS_RET_STATUS_UNVERIFIABLE_G 2
|
|
|
|
/* Validation flags */
|
|
# define FFC_PARAMS_GENERATE 0x00
|
|
# define FFC_PARAMS_VALIDATE_PQ 0x01
|
|
# define FFC_PARAMS_VALIDATE_G 0x02
|
|
# define FFC_PARAMS_VALIDATE_ALL (FFC_PARAMS_VALIDATE_PQ | FFC_PARAMS_VALIDATE_G)
|
|
|
|
/*
|
|
* NB: These values must align with the equivalently named macros in
|
|
* openssl/dh.h. We cannot use those macros here in case DH has been disabled.
|
|
*/
|
|
# define FFC_CHECK_P_NOT_PRIME 0x00001
|
|
# define FFC_CHECK_P_NOT_SAFE_PRIME 0x00002
|
|
# define FFC_CHECK_UNKNOWN_GENERATOR 0x00004
|
|
# define FFC_CHECK_NOT_SUITABLE_GENERATOR 0x00008
|
|
# define FFC_CHECK_Q_NOT_PRIME 0x00010
|
|
# define FFC_CHECK_INVALID_Q_VALUE 0x00020
|
|
# define FFC_CHECK_INVALID_J_VALUE 0x00040
|
|
|
|
# define FFC_CHECK_BAD_LN_PAIR 0x00080
|
|
# define FFC_CHECK_INVALID_SEED_SIZE 0x00100
|
|
# define FFC_CHECK_MISSING_SEED_OR_COUNTER 0x00200
|
|
# define FFC_CHECK_INVALID_G 0x00400
|
|
# define FFC_CHECK_INVALID_PQ 0x00800
|
|
# define FFC_CHECK_INVALID_COUNTER 0x01000
|
|
# define FFC_CHECK_P_MISMATCH 0x02000
|
|
# define FFC_CHECK_Q_MISMATCH 0x04000
|
|
# define FFC_CHECK_G_MISMATCH 0x08000
|
|
# define FFC_CHECK_COUNTER_MISMATCH 0x10000
|
|
|
|
/* Validation Return codes */
|
|
# define FFC_ERROR_PUBKEY_TOO_SMALL 0x01
|
|
# define FFC_ERROR_PUBKEY_TOO_LARGE 0x02
|
|
# define FFC_ERROR_PUBKEY_INVALID 0x04
|
|
# define FFC_ERROR_NOT_SUITABLE_GENERATOR 0x08
|
|
# define FFC_ERROR_PRIVKEY_TOO_SMALL 0x10
|
|
# define FFC_ERROR_PRIVKEY_TOO_LARGE 0x20
|
|
|
|
/*
|
|
* Finite field cryptography (FFC) domain parameters are used by DH and DSA.
|
|
* Refer to FIPS186_4 Appendix A & B.
|
|
*/
|
|
typedef struct ffc_params_st {
|
|
/* Primes */
|
|
BIGNUM *p;
|
|
BIGNUM *q;
|
|
/* Generator */
|
|
BIGNUM *g;
|
|
/* DH X9.42 Optional Subgroup factor j >= 2 where p = j * q + 1 */
|
|
BIGNUM *j;
|
|
|
|
/* Required for FIPS186_4 validation of p, q and optionally canonical g */
|
|
unsigned char *seed;
|
|
/* If this value is zero the hash size is used as the seed length */
|
|
size_t seedlen;
|
|
/* Required for FIPS186_4 validation of p and q */
|
|
int pcounter;
|
|
int nid; /* The identity of a named group */
|
|
|
|
/*
|
|
* Required for FIPS186_4 generation & validation of canonical g.
|
|
* It uses unverifiable g if this value is -1.
|
|
*/
|
|
int gindex;
|
|
int h; /* loop counter for unverifiable g */
|
|
} FFC_PARAMS;
|
|
|
|
void ffc_params_init(FFC_PARAMS *params);
|
|
void ffc_params_cleanup(FFC_PARAMS *params);
|
|
void ffc_params_set0_pqg(FFC_PARAMS *params, BIGNUM *p, BIGNUM *q, BIGNUM *g);
|
|
void ffc_params_get0_pqg(const FFC_PARAMS *params, const BIGNUM **p,
|
|
const BIGNUM **q, const BIGNUM **g);
|
|
void ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j);
|
|
int ffc_params_set_seed(FFC_PARAMS *params,
|
|
const unsigned char *seed, size_t seedlen);
|
|
void ffc_params_set_gindex(FFC_PARAMS *params, int index);
|
|
void ffc_params_set_pcounter(FFC_PARAMS *params, int index);
|
|
void ffc_params_set_h(FFC_PARAMS *params, int index);
|
|
|
|
int ffc_params_set_validate_params(FFC_PARAMS *params,
|
|
const unsigned char *seed, size_t seedlen,
|
|
int counter);
|
|
void ffc_params_get_validate_params(const FFC_PARAMS *params,
|
|
unsigned char **seed, size_t *seedlen,
|
|
int *pcounter);
|
|
|
|
int ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src);
|
|
int ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q);
|
|
|
|
#ifndef FIPS_MODE
|
|
int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent);
|
|
#endif /* FIPS_MODE */
|
|
|
|
|
|
int ffc_params_FIPS186_4_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params,
|
|
int type, size_t L, size_t N,
|
|
const EVP_MD *evpmd, int *res, BN_GENCB *cb);
|
|
int ffc_params_FIPS186_2_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params,
|
|
int type, size_t L, size_t N,
|
|
const EVP_MD *evpmd, int *res, BN_GENCB *cb);
|
|
|
|
int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
|
|
int type, size_t L, size_t N,
|
|
const EVP_MD *evpmd, int validate_flags,
|
|
int *res, BN_GENCB *cb);
|
|
int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
|
|
int type, size_t L, size_t N,
|
|
const EVP_MD *evpmd, int validate_flags,
|
|
int *res, BN_GENCB *cb);
|
|
|
|
int ffc_params_FIPS186_4_validate(const FFC_PARAMS *params, int type,
|
|
const EVP_MD *evpmd, int validate_flags,
|
|
int *res, BN_GENCB *cb);
|
|
int ffc_params_FIPS186_2_validate(const FFC_PARAMS *params, int type,
|
|
const EVP_MD *evpmd, int validate_flags,
|
|
int *res, BN_GENCB *cb);
|
|
|
|
|
|
int ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params,
|
|
int N, int s, BIGNUM *priv);
|
|
|
|
int ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont,
|
|
const BIGNUM *p, const BIGNUM *q,
|
|
const BIGNUM *g, BIGNUM *tmp, int *ret);
|
|
|
|
int ffc_validate_public_key(const FFC_PARAMS *params, const BIGNUM *pub_key,
|
|
int *ret);
|
|
int ffc_validate_public_key_partial(const FFC_PARAMS *params,
|
|
const BIGNUM *pub_key, int *ret);
|
|
int ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv_key,
|
|
int *ret);
|
|
|
|
int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *tmpl,
|
|
OSSL_PARAM params[]);
|
|
int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]);
|
|
int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name);
|
|
int ffc_named_group_to_uid(const char *name);
|
|
const char *ffc_named_group_from_uid(int nid);
|
|
int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name);
|
|
|
|
#endif /* OSSL_INTERNAL_FFC_H */
|