[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Wed Apr 15 15:22:09 UTC 2020
The branch master has been updated
via 7165593ce5a07a6860d4d408ad640ee707172936 (commit)
from b03ec3b5d62ee26bf8437556b9040d4141d5bdd8 (commit)
- Log -----------------------------------------------------------------
commit 7165593ce5a07a6860d4d408ad640ee707172936
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Thu Apr 16 01:14:00 2020 +1000
Add DH keygen to providers
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11332)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/build.info | 4 +-
crypto/dh/dh_backend.c | 6 +-
crypto/dh/dh_gen.c | 76 ++--
crypto/dh/dh_group_params.c | 185 +++++++---
crypto/dh/dh_lib.c | 217 +++++++++++-
crypto/evp/pmeth_lib.c | 29 +-
crypto/ffc/ffc_backend.c | 13 +-
crypto/ffc/ffc_params.c | 3 +-
doc/man3/EVP_PKEY_CTX_ctrl.pod | 31 +-
include/crypto/bn_dh.h | 3 +-
include/crypto/dh.h | 10 +-
include/internal/ffc.h | 7 +-
include/openssl/core_names.h | 10 +
include/openssl/dh.h | 47 +--
providers/implementations/keymgmt/dh_kmgmt.c | 390 ++++++++++++++++++---
.../implementations/serializers/serializer_dh.c | 30 +-
.../serializers/serializer_ffc_params.c | 2 +-
test/evp_pkey_provided_test.c | 285 +++++++++++++--
test/recipes/{15-test_gendsa.t => 15-test_gendh.t} | 52 +--
test/recipes/30-test_evp_pkey_provided/DH.priv.der | Bin 38 -> 327 bytes
test/recipes/30-test_evp_pkey_provided/DH.priv.pem | 8 +-
test/recipes/30-test_evp_pkey_provided/DH.priv.txt | 29 +-
test/recipes/30-test_evp_pkey_provided/DH.pub.der | Bin 36 -> 557 bytes
test/recipes/30-test_evp_pkey_provided/DH.pub.pem | 13 +-
test/recipes/30-test_evp_pkey_provided/DH.pub.txt | 25 +-
util/libcrypto.num | 9 +
26 files changed, 1214 insertions(+), 270 deletions(-)
copy test/recipes/{15-test_gendsa.t => 15-test_gendh.t} (60%)
diff --git a/crypto/dh/build.info b/crypto/dh/build.info
index ce0918e7d3..f4498f4d2b 100644
--- a/crypto/dh/build.info
+++ b/crypto/dh/build.info
@@ -1,9 +1,9 @@
LIBS=../../libcrypto
-$COMMON=dh_lib.c dh_key.c dh_group_params.c dh_check.c dh_backend.c
+$COMMON=dh_lib.c dh_key.c dh_group_params.c dh_check.c dh_backend.c dh_gen.c
SOURCE[../../libcrypto]=$COMMON\
- dh_asn1.c dh_gen.c dh_err.c dh_depr.c \
+ dh_asn1.c dh_err.c dh_depr.c \
dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_kdf.c dh_meth.c
SOURCE[../../providers/libfips.a]=$COMMON
diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index bbeb096d55..704f6efac1 100644
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -24,10 +24,8 @@ int dh_key_fromdata(DH *dh, const OSSL_PARAM params[])
if (dh == NULL)
return 0;
- param_priv_key =
- OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
- param_pub_key =
- OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
+ param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
+ param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
/*
* DH documentation says that a public key must be present if a
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index f8cda1b7e9..39bb365216 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -26,6 +26,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
+#include <openssl/sha.h>
#include "crypto/dh.h"
#include "dh_local.h"
@@ -34,47 +35,45 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_GENCB *cb);
#endif /* FIPS_MODE */
-/*
- * TODO(3.0): keygen should be able to use this method to do a FIPS186-4 style
- * paramgen.
- */
-int dh_generate_ffc_parameters(DH *dh, int bits,
- int qbits, int gindex, BN_GENCB *cb)
+int dh_generate_ffc_parameters(DH *dh, int type, int pbits,
+ int qbits, EVP_MD *md, BN_GENCB *cb)
{
int ret, res;
if (qbits <= 0) {
- const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
-
- qbits = EVP_MD_size(evpmd) * 8;
+ if (md != NULL)
+ qbits = EVP_MD_size(md) * 8;
+ else
+ qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH :
+ SHA_DIGEST_LENGTH) * 8;
}
- dh->params.gindex = gindex;
- ret = ffc_params_FIPS186_4_generate(dh->libctx, &dh->params,
- FFC_PARAM_TYPE_DH,
- bits, qbits, NULL, &res, cb);
+#ifndef FIPS_MODE
+ if (type == DH_PARAMGEN_TYPE_FIPS_186_2)
+ ret = ffc_params_FIPS186_2_generate(dh->libctx, &dh->params,
+ FFC_PARAM_TYPE_DH,
+ pbits, qbits, md, &res, cb);
+ else
+#endif
+ ret = ffc_params_FIPS186_4_generate(dh->libctx, &dh->params,
+ FFC_PARAM_TYPE_DH,
+ pbits, qbits, md, &res, cb);
if (ret > 0)
dh->dirty_cnt++;
return ret;
}
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
- BN_GENCB *cb)
+int dh_get_named_group_uid_from_size(int pbits)
{
-#ifdef FIPS_MODE
/*
* Just choose an approved safe prime group.
* The alternative to this is to generate FIPS186-4 domain parameters i.e.
- * return dh_generate_ffc_parameters(ret, prime_len, -1, -1, cb);
+ * return dh_generate_ffc_parameters(ret, prime_len, 0, NULL, cb);
* As the FIPS186-4 generated params are for backwards compatability,
* the safe prime group should be used as the default.
*/
- DH *dh = NULL;
- int ok = 0, nid;
+ int nid;
- if (generator != 2)
- return 0;
-
- switch (prime_len) {
+ switch (pbits) {
case 2048:
nid = NID_ffdhe2048;
break;
@@ -92,15 +91,40 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
break;
/* unsupported prime_len */
default:
- return 0;
+ return NID_undef;
}
- dh = DH_new_by_nid(nid);
- if (dh != NULL && ffc_params_copy(&ret->params, &dh->params)) {
+ return nid;
+}
+
+#ifdef FIPS_MODE
+
+static int dh_gen_named_group(OPENSSL_CTX *libctx, DH *ret, int prime_len)
+{
+ DH *dh;
+ int ok = 0;
+ int nid = dh_get_named_group_uid_from_size(prime_len);
+
+ if (nid == NID_undef)
+ return 0;
+
+ dh = dh_new_by_nid_with_libctx(libctx, nid);
+ if (dh != NULL
+ && ffc_params_copy(&ret->params, &dh->params)) {
ok = 1;
ret->dirty_cnt++;
}
DH_free(dh);
return ok;
+}
+#endif /* FIPS_MODE */
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb)
+{
+#ifdef FIPS_MODE
+ if (generator != 2)
+ return 0;
+ return dh_gen_named_group(ret->libctx, ret, prime_len);
#else
if (ret->meth->generate_params)
return ret->meth->generate_params(ret, prime_len, generator, cb);
diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c
index cc1c546655..1f5a58ed87 100644
--- a/crypto/dh/dh_group_params.c
+++ b/crypto/dh/dh_group_params.c
@@ -17,6 +17,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
+#include "internal/ffc.h"
#include "dh_local.h"
#include <openssl/bn.h>
#include <openssl/objects.h>
@@ -25,18 +26,35 @@
#include "crypto/security_bits.h"
#include "e_os.h" /* strcasecmp */
+#define FFDHE(sz) { \
+ SN_ffdhe##sz, NID_ffdhe##sz, \
+ sz, \
+ &_bignum_ffdhe##sz##_p, NULL, &_bignum_const_2 \
+}
+
+#define MODP(sz) { \
+ SN_modp_##sz, NID_modp_##sz, \
+ sz, \
+ &_bignum_modp_##sz##_p, NULL, &_bignum_const_2 \
+}
-#define FFDHE(sz) { SN_ffdhe##sz, NID_ffdhe##sz, sz, &_bignum_ffdhe##sz##_p }
-#define MODP(sz) { SN_modp_##sz, NID_modp_##sz, sz, &_bignum_modp_##sz##_p }
+#define RFC5114(name, uid, sz, tag) { \
+ name, uid, \
+ sz, \
+ &_bignum_dh##tag##_p, &_bignum_dh##tag##_q, &_bignum_dh##tag##_g \
+}
-typedef struct safe_prime_group_st {
+typedef struct dh_named_group_st {
const char *name;
- int nid;
+ int uid;
int32_t nbits;
const BIGNUM *p;
-} SP_GROUP;
+ const BIGNUM *q;
+ const BIGNUM *g;
+} DH_NAMED_GROUP;
+
-static const SP_GROUP sp_groups[] = {
+static const DH_NAMED_GROUP dh_named_groups[] = {
FFDHE(2048),
FFDHE(3072),
FFDHE(4096),
@@ -50,74 +68,89 @@ static const SP_GROUP sp_groups[] = {
MODP(4096),
MODP(6144),
MODP(8192),
+ /*
+ * Additional dh named groups from RFC 5114 that have a different g.
+ * The uid can be any unique identifier.
+ */
+#ifndef FIPS_MODE
+ RFC5114("dh_1024_160", 1, 1024, 1024_160),
+ RFC5114("dh_2048_224", 2, 2048, 2048_224),
+ RFC5114("dh_2048_256", 3, 2048, 2048_256),
+#endif
};
-int ffc_named_group_to_nid(const char *name)
+int ffc_named_group_to_uid(const char *name)
{
size_t i;
- for (i = 0; i < OSSL_NELEM(sp_groups); ++i) {
- if (strcasecmp(sp_groups[i].name, name) == 0)
- return sp_groups[i].nid;
+ for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
+ if (strcasecmp(dh_named_groups[i].name, name) == 0)
+ return dh_named_groups[i].uid;
}
return NID_undef;
}
-const char *ffc_named_group_from_nid(int nid)
+const char *ffc_named_group_from_uid(int uid)
{
size_t i;
- for (i = 0; i < OSSL_NELEM(sp_groups); ++i) {
- if (sp_groups[i].nid == nid)
- return sp_groups[i].name;
+ for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
+ if (dh_named_groups[i].uid == uid)
+ return dh_named_groups[i].name;
}
return NULL;
}
-#ifndef FIPS_MODE
-static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid);
-
-static DH *dh_param_init(OPENSSL_CTX *libctx, int nid, const BIGNUM *p,
+static DH *dh_param_init(OPENSSL_CTX *libctx, int uid, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *g,
int32_t nbits)
{
- BIGNUM *q = NULL;
- DH *dh = dh_new_with_ctx(libctx);
+ BIGNUM *qtmp = NULL;
+ DH *dh = dh_new_with_libctx(libctx);
if (dh == NULL)
return NULL;
- q = BN_dup(p);
- /* Set q = (p - 1) / 2 (p is known to be odd so just shift right ) */
- if (q == NULL || !BN_rshift1(q, q)) {
- BN_free(q);
- DH_free(dh);
- return NULL;
+ if (q == NULL) {
+ qtmp = BN_dup(p);
+ /* Set q = (p - 1) / 2 (p is known to be odd so just shift right ) */
+ if (qtmp == NULL || !BN_rshift1(qtmp, qtmp)) {
+ BN_free(qtmp);
+ DH_free(dh);
+ return NULL;
+ }
}
- dh->params.nid = nid;
+ dh->params.nid = uid;
dh->params.p = (BIGNUM *)p;
- dh->params.q = (BIGNUM *)q;
- dh->params.g = (BIGNUM *)&_bignum_const_2;
+ dh->params.q = (q != NULL ? (BIGNUM *)q : qtmp);
+ dh->params.g = (BIGNUM *)g;
/* Private key length = 2 * max_target_security_strength */
dh->length = nbits;
dh->dirty_cnt++;
return dh;
}
-static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid)
+static DH *dh_new_by_group_name(OPENSSL_CTX *libctx, const char *name)
{
int i;
- for (i = 0; i < (int)OSSL_NELEM(sp_groups); ++i) {
- if (sp_groups[i].nid == nid) {
+ if (name == NULL)
+ return NULL;
+
+ for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
+ if (strcasecmp(dh_named_groups[i].name, name) == 0) {
int max_target_security_strength =
- ifc_ffc_compute_security_bits(sp_groups[i].nbits);
+ ifc_ffc_compute_security_bits(dh_named_groups[i].nbits);
/*
* The last parameter specified here is
* 2 * max_target_security_strength.
* See SP800-56Ar3 Table(s) 25 & 26.
*/
- return dh_param_init(libctx, nid, sp_groups[i].p,
+ return dh_param_init(libctx, dh_named_groups[i].uid,
+ dh_named_groups[i].p,
+ dh_named_groups[i].q,
+ dh_named_groups[i].g,
2 * max_target_security_strength);
}
}
@@ -125,11 +158,54 @@ static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid)
return NULL;
}
+DH *dh_new_by_nid_with_libctx(OPENSSL_CTX *libctx, int nid)
+{
+ const char *name = ffc_named_group_from_uid(nid);
+
+ return dh_new_by_group_name(libctx, name);
+}
+
DH *DH_new_by_nid(int nid)
{
- return dh_new_by_nid_with_ctx(NULL, nid);
+ return dh_new_by_nid_with_libctx(NULL, nid);
+}
+
+int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name)
+{
+ int i;
+ BIGNUM *q = NULL;
+
+ if (ffc == NULL)
+ return 0;
+
+ for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
+ if (strcasecmp(dh_named_groups[i].name, group_name) == 0) {
+ if (dh_named_groups[i].q != NULL) {
+ /* For groups with a q */
+ ffc_params_set0_pqg(ffc,
+ (BIGNUM *)dh_named_groups[i].p,
+ (BIGNUM *)dh_named_groups[i].q,
+ (BIGNUM *)dh_named_groups[i].g);
+ } else {
+ /* For SAFE PRIME GROUPS */
+ /* Set q = (p - 1) / 2 (p is known to be odd so just shift right) */
+ q = BN_dup(dh_named_groups[i].p);
+ if (q == NULL || !BN_rshift1(q, q))
+ break; /* exit with failure */
+
+ ffc_params_set0_pqg(ffc,
+ (BIGNUM *)dh_named_groups[i].p, q,
+ (BIGNUM *)dh_named_groups[i].g);
+ }
+ /* flush the cached nid, The DH layer is responsible for caching */
+ ffc->nid = NID_undef;
+ return 1;
+ }
+ }
+ /* gets here on error or if the name was not found */
+ BN_free(q);
+ return 0;
}
-#endif
int DH_get_nid(DH *dh)
{
@@ -144,13 +220,28 @@ int DH_get_nid(DH *dh)
if (nid != NID_undef)
return nid;
- if (BN_get_word(dh->params.g) != 2)
- return NID_undef;
+ for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
+ /* Keep searching until a matching p is found */
+ if (BN_cmp(dh->params.p, dh_named_groups[i].p) != 0)
+ continue;
+
+ /* Return an error if g is not matching */
+ if (BN_cmp(dh->params.g, dh_named_groups[i].g) != 0)
+ break;
+ if (dh_named_groups[i].q != NULL) {
+ /* RFC5114 NAMED GROUPS have q defined */
+
+ /* Verify q is correct if it exists */
+ if (dh->params.q != NULL) {
+ if (BN_cmp(dh->params.q, dh_named_groups[i].q) != 0)
+ break; /* returns nid = NID_undef if q does not match */
+ } else {
+ dh->params.q = (BIGNUM *)dh_named_groups[i].q;
+ }
+ } else {
+ /* For SAFE PRIME GROUPS */
- for (i = 0; i < (int)OSSL_NELEM(sp_groups); ++i) {
- /* If a matching p is found then we will break out of the loop */
- if (!BN_cmp(dh->params.p, sp_groups[i].p)) {
- /* Set q = (p - 1) / 2 (p is known to be odd so just shift right ) */
+ /* Set q = (p - 1) / 2 (p is known to be odd so just shift right) */
q = BN_dup(dh->params.p);
if (q == NULL || !BN_rshift1(q, q))
@@ -165,11 +256,13 @@ int DH_get_nid(DH *dh)
dh->params.q = q;
q = NULL; /* set to NULL so it is not freed */
}
- dh->params.nid = sp_groups[i].nid; /* cache the nid */
- dh->length = 2 * ifc_ffc_compute_security_bits(sp_groups[i].nbits);
- dh->dirty_cnt++;
- break;
}
+ nid = dh->params.nid = dh_named_groups[i].uid; /* cache the nid */
+ dh->length =
+ 2 * ifc_ffc_compute_security_bits(dh_named_groups[i].nbits);
+ dh->dirty_cnt++;
+ /* A matching p was found so break out of the loop */
+ break;
}
BN_free(q);
return nid;
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 093695c637..3643cb1471 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -17,8 +17,10 @@
#include <openssl/bn.h>
#include <openssl/engine.h>
#include <openssl/obj_mac.h>
+#include <openssl/core_names.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"
+#include "crypto/evp.h"
#include "crypto/dh.h"
#include "dh_local.h"
@@ -61,7 +63,7 @@ DH *DH_new_method(ENGINE *engine)
}
#endif /* !FIPS_MODE */
-DH *dh_new_with_ctx(OPENSSL_CTX *libctx)
+DH *dh_new_with_libctx(OPENSSL_CTX *libctx)
{
return dh_new_intern(NULL, libctx);
}
@@ -319,3 +321,214 @@ int dh_get0_nid(const DH *dh)
{
return dh->params.nid;
}
+
+int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[])
+{
+ int ret;
+ FFC_PARAMS *ffc;
+
+ if (dh == NULL)
+ return 0;
+ ffc = dh_get0_params(dh);
+ if (ffc == NULL)
+ return 0;
+
+ ret = ffc_params_fromdata(ffc, params);
+ if (ret) {
+ DH_get_nid(dh);
+ dh->dirty_cnt++;
+ }
+ return ret;
+}
+
+static int dh_paramgen_check(EVP_PKEY_CTX *ctx)
+{
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+ /* If key type not DH return error */
+ if (ctx->pmeth != NULL
+ && ctx->pmeth->pkey_id != EVP_PKEY_DH
+ && ctx->pmeth->pkey_id != EVP_PKEY_DHX)
+ return -1;
+ return 1;
+}
+
+int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ if ((ret = dh_paramgen_check(ctx)) <= 0)
+ return ret;
+
+ *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex);
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx,
+ const unsigned char *seed,
+ size_t seedlen)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ if ((ret = dh_paramgen_check(ctx)) <= 0)
+ return ret;
+
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED,
+ (void *)seed, seedlen);
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+ const char *name;
+
+ if ((ret = dh_paramgen_check(ctx)) <= 0)
+ return ret;
+
+#if !defined(FIPS_MODE)
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.keymgmt.genctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
+ EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL);
+#endif
+
+ name = dh_gen_type_id2name(typ);
+ if (name == NULL)
+ return 0;
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE,
+ (char *) name, 0);
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+ size_t bits = pbits;
+
+ if ((ret = dh_paramgen_check(ctx)) <= 0)
+ return ret;
+
+#if !defined(FIPS_MODE)
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.keymgmt.genctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
+ EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, pbits,
+ NULL);
+#endif
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits);
+ *p++ = OSSL_PARAM_construct_end();
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qbits)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+ size_t bits2 = qbits;
+
+ if ((ret = dh_paramgen_check(ctx)) <= 0)
+ return ret;
+
+#if !defined(FIPS_MODE)
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.keymgmt.genctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
+ EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, qbits,
+ NULL);
+#endif
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2);
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ if ((ret = dh_paramgen_check(ctx)) <= 0)
+ return ret;
+
+#if !defined(FIPS_MODE)
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.keymgmt.genctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
+ EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL);
+#endif
+
+ *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GENERATOR, &gen);
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+ const char *name;
+
+ if ((ret = dh_paramgen_check(ctx)) <= 0)
+ return ret;
+
+#if !defined(FIPS_MODE)
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.keymgmt.genctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN,
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL);
+#endif
+ name = ffc_named_group_from_uid(gen);
+ if (name == NULL)
+ return 0;
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP,
+ (void *)name, 0);
+ *p++ = OSSL_PARAM_construct_end();
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
+
+int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen)
+{
+ return EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen);
+}
+
+int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+ const char *name;
+
+ if ((ret = dh_paramgen_check(ctx)) <= 0)
+ return ret;
+
+#if !defined(FIPS_MODE)
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.keymgmt.genctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
+ EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
+ EVP_PKEY_CTRL_DH_NID, nid, NULL);
+#endif
+ name = ffc_named_group_from_uid(nid);
+ if (name == NULL)
+ return 0;
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP,
+ (void *)name, 0);
+ *p++ = OSSL_PARAM_construct_end();
+ return EVP_PKEY_CTX_set_params(ctx, params);
+}
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 6d34accc3c..b6617492da 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -24,6 +24,8 @@
#include "internal/cryptlib.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
+#include "crypto/dh.h"
+#include "internal/ffc.h"
#include "internal/numbers.h"
#include "internal/provider.h"
#include "evp_local.h"
@@ -808,11 +810,22 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
*/
if (cmd == EVP_PKEY_CTRL_CIPHER)
return -2;
+
# ifndef OPENSSL_NO_DH
if (keytype == EVP_PKEY_DH) {
switch (cmd) {
case EVP_PKEY_CTRL_DH_PAD:
return EVP_PKEY_CTX_set_dh_pad(ctx, p1);
+ case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
+ return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, p1);
+ case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN:
+ return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, p1);
+ case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
+ return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, p1);
+ case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE:
+ return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, p1);
+ case EVP_PKEY_CTRL_DH_RFC5114:
+ return EVP_PKEY_CTX_set_dh_rfc5114(ctx, p1);
}
}
# endif
@@ -1021,7 +1034,21 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
name = OSSL_PKEY_PARAM_FFC_DIGEST;
# endif
# ifndef OPENSSL_NO_DH
- else if (strcmp(name, "dh_pad") == 0)
+ else if (strcmp(name, "dh_paramgen_generator") == 0)
+ name = OSSL_PKEY_PARAM_FFC_GENERATOR;
+ else if (strcmp(name, "dh_paramgen_prime_len") == 0)
+ name = OSSL_PKEY_PARAM_FFC_PBITS;
+ else if (strcmp(name, "dh_paramgen_subprime_len") == 0)
+ name = OSSL_PKEY_PARAM_FFC_QBITS;
+ else if (strcmp(name, "dh_paramgen_type") == 0) {
+ name = OSSL_PKEY_PARAM_FFC_TYPE;
+ value = dh_gen_type_id2name(atoi(value));
+ } else if (strcmp(name, "dh_param") == 0)
+ name = OSSL_PKEY_PARAM_FFC_GROUP;
+ else if (strcmp(name, "dh_rfc5114") == 0) {
+ name = OSSL_PKEY_PARAM_FFC_GROUP;
+ value = ffc_named_group_from_uid(atoi(value));
+ } else if (strcmp(name, "dh_pad") == 0)
name = OSSL_EXCHANGE_PARAM_PAD;
# endif
# ifndef OPENSSL_NO_EC
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index 1d076184bc..d3661b1706 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -22,25 +22,19 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
const OSSL_PARAM *prm;
const OSSL_PARAM *param_p, *param_q, *param_g;
BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
-#if 0
- char group_name[OSSL_MAX_NAME_SIZE];
- char *str = group_name;
-#endif
int i;
if (ffc == NULL)
return 0;
-/* TODO(3.0) Add for DH PR */
-#if 0
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GROUP);
if (prm != NULL) {
- if (!OSSL_PARAM_get_utf8_string(prm, &str, sizeof(group_name)))
+ if (prm->data_type != OSSL_PARAM_UTF8_STRING)
goto err;
- if (!ffc_set_group_pqg(ffc, group_name))
+ if (!ffc_set_group_pqg(ffc, prm->data))
goto err;
}
-#endif
+
param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P);
param_g = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G);
param_q = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q);
@@ -66,6 +60,7 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
if (prm != NULL) {
if (!OSSL_PARAM_get_BN(prm, &j))
goto err;
+ j = NULL;
}
prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);
if (prm != NULL) {
diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
index 5950847703..89550bedec 100644
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@@ -215,7 +215,7 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
ffc->seed, ffc->seedlen))
return 0;
if (ffc->nid != NID_undef) {
- const char *name = ffc_named_group_from_nid(ffc->nid);
+ const char *name = ffc_named_group_from_uid(ffc->nid);
if (name == NULL
|| !ossl_param_build_set_utf8_string(bld, params,
@@ -227,7 +227,6 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
}
#ifndef FIPS_MODE
-
int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent)
{
if (!ASN1_bn_print(bp, "prime P:", ffc->p, NULL, indent))
diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
index ded779feb0..039073cacf 100644
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -41,6 +41,8 @@ EVP_PKEY_CTX_set_dh_paramgen_prime_len,
EVP_PKEY_CTX_set_dh_paramgen_subprime_len,
EVP_PKEY_CTX_set_dh_paramgen_generator,
EVP_PKEY_CTX_set_dh_paramgen_type,
+EVP_PKEY_CTX_set_dh_paramgen_gindex,
+EVP_PKEY_CTX_set_dh_paramgen_seed,
EVP_PKEY_CTX_set_dh_rfc5114,
EVP_PKEY_CTX_set_dhx_rfc5114,
EVP_PKEY_CTX_set_dh_pad,
@@ -144,6 +146,10 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len
int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+ int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
+ int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx,
+ const unsigned char *seed,
+ size_t seedlen);
int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
@@ -462,22 +468,39 @@ parameter generation. The supported parameters are:
=over 4
-=item B<DH_PARAMGEN_TYPE_GENERATOR>
+=item B<DH_PARAMGEN_TYPE_GROUP>
+
+Use a named group. If only the safe prime parameter I<p> is set this can be
+used to select a ffdhe safe prime group of the correct size.
+
+=item B<DH_PARAMGEN_TYPE_FIPS_186_4>
-Uses a generator g (PKCS#3 format).
+FIPS186-4 FFC parameter generator.
=item B<DH_PARAMGEN_TYPE_FIPS_186_2>
FIPS186-2 FFC parameter generator (X9.42 DH).
-=item B<DH_PARAMGEN_TYPE_FIPS_186_4>
+=item B<DH_PARAMGEN_TYPE_GENERATOR>
-FIPS186-4 FFC parameter generator.
+Uses a safe prime generator g (PKCS#3 format).
=back
The default is B<DH_PARAMGEN_TYPE_GENERATOR>.
+The EVP_PKEY_CTX_set_dh_paramgen_gindex() method sets the I<gindex> used by
+the generator G. The default value is -1 which uses unverifiable g, otherwise
+a positive value uses verifiable g. This value must be saved if key validation
+of g is required, since it is not part of a persisted key.
+
+The EVP_PKEY_CTX_set_dh_paramgen_seed() method sets the I<seed> to use for
+generation rather than using a randomly generated value for the seed. This is
+useful for testing purposes only and can fail if the seed does not produce
+primes for both p & q on its first iteration. This value must be saved if
+key validation of p, q, and verifiable g are required, since it is not part of
+a persisted key.
+
The EVP_PKEY_CTX_set_dh_pad() function sets the DH padding mode.
If I<pad> is 1 the shared secret is padded with zeros up to the size of the DH
prime I<p>.
diff --git a/include/crypto/bn_dh.h b/include/crypto/bn_dh.h
index 2864fb3319..c19d4f0734 100644
--- a/include/crypto/bn_dh.h
+++ b/include/crypto/bn_dh.h
@@ -16,12 +16,13 @@ declare_dh_bn(1024_160)
declare_dh_bn(2048_224)
declare_dh_bn(2048_256)
+extern const BIGNUM _bignum_const_2;
+
extern const BIGNUM _bignum_ffdhe2048_p;
extern const BIGNUM _bignum_ffdhe3072_p;
extern const BIGNUM _bignum_ffdhe4096_p;
extern const BIGNUM _bignum_ffdhe6144_p;
extern const BIGNUM _bignum_ffdhe8192_p;
-extern const BIGNUM _bignum_const_2;
extern const BIGNUM _bignum_modp_1536_p;
extern const BIGNUM _bignum_modp_2048_p;
diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index 5d5470f165..150d13b370 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -11,15 +11,19 @@
#include <openssl/dh.h>
#include "internal/ffc.h"
-DH *dh_new_with_ctx(OPENSSL_CTX *libctx);
+DH *dh_new_by_nid_with_libctx(OPENSSL_CTX *libctx, int nid);
+DH *dh_new_with_libctx(OPENSSL_CTX *libctx);
-int dh_generate_ffc_parameters(DH *dh, int bits,
- int qbits, int gindex, BN_GENCB *cb);
+int dh_generate_ffc_parameters(DH *dh, int type, int pbits,
+ int qbits, EVP_MD *md, BN_GENCB *cb);
int dh_generate_public_key(BN_CTX *ctx, DH *dh, const BIGNUM *priv_key,
BIGNUM *pub_key);
+int dh_get_named_group_uid_from_size(int pbits);
+const char *dh_gen_type_id2name(int id);
FFC_PARAMS *dh_get0_params(DH *dh);
int dh_get0_nid(const DH *dh);
+int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[]);
int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]);
int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
diff --git a/include/internal/ffc.h b/include/internal/ffc.h
index c8b2cb8c3c..90a13a5fd4 100644
--- a/include/internal/ffc.h
+++ b/include/internal/ffc.h
@@ -164,10 +164,11 @@ int ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv_key,
int *ret);
int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *tmpl,
- OSSL_PARAM params[]);
+ OSSL_PARAM params[]);
int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]);
-int ffc_named_group_to_nid(const char *name);
-const char *ffc_named_group_from_nid(int nid);
+int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name);
+int ffc_named_group_to_uid(const char *name);
+const char *ffc_named_group_from_uid(int nid);
int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name);
#endif /* OSSL_INTERNAL_FFC_H */
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 18f835231c..b5ee883bc7 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -198,6 +198,16 @@ extern "C" {
#define OSSL_PKEY_PARAM_FFC_H "hindex"
#define OSSL_PKEY_PARAM_FFC_GROUP "group"
+#define OSSL_PKEY_PARAM_FFC_GINDEX "gindex"
+#define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
+#define OSSL_PKEY_PARAM_FFC_SEED "seed"
+#define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
+#define OSSL_PKEY_PARAM_FFC_H "hindex"
+
+/* Diffie-Hellman params */
+#define OSSL_PKEY_PARAM_FFC_GROUP "group"
+#define OSSL_PKEY_PARAM_FFC_GENERATOR "safeprime-generator"
+
/* Elliptic Curve Domain Parameters */
#define OSSL_PKEY_PARAM_EC_NAME "curve-name"
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 8af0670ecf..d705f50f09 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -104,11 +104,10 @@ DECLARE_ASN1_ITEM(DHparams)
# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
/* DH parameter generation types used by EVP_PKEY_CTX_set_dh_paramgen_type() */
-# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a generator g */
-# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */
+# define DH_PARAMGEN_TYPE_GENERATOR 0 /* Use a safe prime generator */
+# define DH_PARAMGEN_TYPE_FIPS_186_2 1 /* Use FIPS186-2 standard */
# define DH_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */
-
-# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
+# define DH_PARAMGEN_TYPE_GROUP 3 /* Use a named safe prime group */
# define d2i_DHparams_fp(fp, x) \
(DH *)ASN1_d2i_fp((char *(*)())DH_new, \
@@ -270,35 +269,17 @@ DEPRECATEDIN_3_0(int DH_meth_set_generate_params(DH_METHOD *dhm,
(DH *, int, int,
BN_GENCB *)))
-# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
-
-# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
-
-# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
-
-# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
-
-# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
-
-# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
-
-# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \
- EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \
- EVP_PKEY_CTRL_DH_NID, nid, NULL)
-
+int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ);
+int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex);
+int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx,
+ const unsigned char *seed,
+ size_t seedlen);
+int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits);
+int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qlen);
+int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
+int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen);
+int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen);
int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 250e7aac95..31a7c0b95c 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -13,19 +13,27 @@
*/
#include "internal/deprecated.h"
+#include <string.h> /* strcmp */
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/params.h>
-#include <openssl/param_build.h>
+#include <openssl/err.h>
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
#include "crypto/dh.h"
+#include "internal/sizes.h"
+#include "internal/nelem.h"
+#include "internal/param_build_set.h"
static OSSL_OP_keymgmt_new_fn dh_newdata;
static OSSL_OP_keymgmt_free_fn dh_freedata;
+static OSSL_OP_keymgmt_gen_init_fn dh_gen_init;
+static OSSL_OP_keymgmt_gen_set_template_fn dh_gen_set_template;
+static OSSL_OP_keymgmt_gen_set_params_fn dh_gen_set_params;
+static OSSL_OP_keymgmt_gen_settable_params_fn dh_gen_settable_params;
+static OSSL_OP_keymgmt_gen_fn dh_gen;
+static OSSL_OP_keymgmt_gen_cleanup_fn dh_gen_cleanup;
static OSSL_OP_keymgmt_get_params_fn dh_get_params;
static OSSL_OP_keymgmt_gettable_params_fn dh_gettable_params;
static OSSL_OP_keymgmt_has_fn dh_has;
@@ -36,42 +44,81 @@ static OSSL_OP_keymgmt_import_types_fn dh_import_types;
static OSSL_OP_keymgmt_export_fn dh_export;
static OSSL_OP_keymgmt_export_types_fn dh_export_types;
-#define DH_POSSIBLE_SELECTIONS \
+#define DH_POSSIBLE_SELECTIONS \
(OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)
-static int domparams_to_params(DH *dh, OSSL_PARAM_BLD *tmpl)
+struct dh_gen_ctx {
+ OPENSSL_CTX *libctx;
+
+ FFC_PARAMS *ffc_params;
+ int selection;
+ /* All these parameters are used for parameter generation only */
+ /* If there is a group name then the remaining parameters are not needed */
+ int group_nid;
+ size_t pbits;
+ size_t qbits;
+ EVP_MD *md;
+ unsigned char *seed; /* optional FIPS186-4 param for testing */
+ size_t seedlen;
+ int gindex; /* optional FIPS186-4 generator index (ignored if -1) */
+ int gen_type; /* see dhtype2id */
+ int generator; /* Used by DH_PARAMGEN_TYPE_GENERATOR in non fips mode only */
+ int pcounter;
+ int hindex;
+
+ OSSL_CALLBACK *cb;
+ void *cbarg;
+};
+
+typedef struct dh_name2id_st{
+ const char *name;
+ int id;
+} DH_GENTYPE_NAME2ID;
+
+static const DH_GENTYPE_NAME2ID dhtype2id[]=
{
- const BIGNUM *dh_p = NULL, *dh_g = NULL;
+ { "default", DH_PARAMGEN_TYPE_FIPS_186_4 },
+ { "fips186_4", DH_PARAMGEN_TYPE_FIPS_186_4 },
+ { "fips186_2", DH_PARAMGEN_TYPE_FIPS_186_2 },
+ { "group", DH_PARAMGEN_TYPE_GROUP },
+ { "generator", DH_PARAMGEN_TYPE_GENERATOR }
+};
- if (dh == NULL)
- return 0;
+const char *dh_gen_type_id2name(int id)
+{
+ size_t i;
- DH_get0_pqg(dh, &dh_p, NULL, &dh_g);
- if (dh_p != NULL
- && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, dh_p))
- return 0;
- if (dh_g != NULL
- && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, dh_g))
- return 0;
+ for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
+ if (dhtype2id[i].id == id)
+ return dhtype2id[i].name;
+ }
+ return NULL;
+}
- return 1;
+static int dh_gen_type_name2id(const char *name)
+{
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) {
+ if (strcmp(dhtype2id[i].name, name) == 0)
+ return dhtype2id[i].id;
+ }
+ return -1;
}
-static int key_to_params(DH *dh, OSSL_PARAM_BLD *tmpl)
+static int dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
{
- const BIGNUM *priv_key = NULL, *pub_key = NULL;
+ const BIGNUM *priv = NULL, *pub = NULL;
if (dh == NULL)
return 0;
- if (!domparams_to_params(dh, tmpl))
- return 0;
- DH_get0_key(dh, &pub_key, &priv_key);
- if (priv_key != NULL
- && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, priv_key))
+ DH_get0_key(dh, &pub, &priv);
+ if (priv != NULL
+ && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PRIV_KEY, priv))
return 0;
- if (pub_key != NULL
- && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
+ if (pub != NULL
+ && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PUB_KEY, pub))
return 0;
return 1;
@@ -79,7 +126,7 @@ static int key_to_params(DH *dh, OSSL_PARAM_BLD *tmpl)
static void *dh_newdata(void *provctx)
{
- return dh_new_with_ctx(PROV_LIBRARY_CONTEXT_OF(provctx));
+ return dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx));
}
static void dh_freedata(void *keydata)
@@ -128,16 +175,17 @@ static int dh_match(const void *keydata1, const void *keydata2, int selection)
static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
{
DH *dh = keydata;
- int ok = 0;
+ int ok = 1;
if (dh == NULL)
return 0;
- if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
- ok = 1;
+ if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
+ return 0;
if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
- ok = ok && ffc_params_fromdata(dh_get0_params(dh), params);
+ ok = ok && dh_ffc_params_fromdata(dh, params);
+
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
ok = ok && dh_key_fromdata(dh, params);
@@ -160,9 +208,9 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
- ok = ok && domparams_to_params(dh, tmpl);
+ ok = ok && ffc_params_todata(dh_get0_params(dh), tmpl, NULL);
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
- ok = ok && key_to_params(dh, tmpl);
+ ok = ok && dh_key_todata(dh, tmpl, NULL);
if (!ok
|| (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
@@ -178,12 +226,19 @@ err:
/* IMEXPORT = IMPORT + EXPORT */
-# define DH_IMEXPORTABLE_PARAMETERS \
- OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \
- OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0)
-# define DH_IMEXPORTABLE_PUBLIC_KEY \
+# define DH_IMEXPORTABLE_PARAMETERS \
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), \
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), \
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0), \
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0), \
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0)
+# define DH_IMEXPORTABLE_PUBLIC_KEY \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
-# define DH_IMEXPORTABLE_PRIVATE_KEY \
+# define DH_IMEXPORTABLE_PRIVATE_KEY \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
static const OSSL_PARAM dh_all_types[] = {
DH_IMEXPORTABLE_PARAMETERS,
@@ -242,13 +297,17 @@ static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])
if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
&& !OSSL_PARAM_set_int(p, DH_size(dh)))
return 0;
- return 1;
+ return ffc_params_todata(dh_get0_params(dh), NULL, params)
+ && dh_key_todata(dh, NULL, params);
}
static const OSSL_PARAM dh_params[] = {
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+ DH_IMEXPORTABLE_PARAMETERS,
+ DH_IMEXPORTABLE_PUBLIC_KEY,
+ DH_IMEXPORTABLE_PRIVATE_KEY,
OSSL_PARAM_END
};
@@ -297,8 +356,261 @@ static int dh_validate(void *keydata, int selection)
return ok;
}
+static void *dh_gen_init(void *provctx, int selection)
+{
+ OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
+ struct dh_gen_ctx *gctx = NULL;
+
+ if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
+ | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
+ return NULL;
+
+ if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
+ gctx->selection = selection;
+ gctx->libctx = libctx;
+ gctx->pbits = 2048;
+ gctx->qbits = 224;
+ gctx->md = NULL;
+ gctx->gen_type = DH_PARAMGEN_TYPE_FIPS_186_4;
+ gctx->gindex = -1;
+ gctx->hindex = 0;
+ gctx->pcounter = -1;
+ gctx->generator = DH_GENERATOR_2;
+ }
+ return gctx;
+}
+
+static int dh_gen_set_template(void *genctx, void *templ)
+{
+ struct dh_gen_ctx *gctx = genctx;
+ DH *dh = templ;
+
+ if (gctx == NULL || dh == NULL)
+ return 0;
+ gctx->ffc_params = dh_get0_params(dh);
+ return 1;
+}
+
+static int dh_set_gen_seed(struct dh_gen_ctx *gctx, unsigned char *seed,
+ size_t seedlen)
+{
+ OPENSSL_clear_free(gctx->seed, gctx->seedlen);
+ gctx->seed = NULL;
+ gctx->seedlen = 0;
+ if (seed != NULL && seedlen > 0) {
+ gctx->seed = OPENSSL_memdup(seed, seedlen);
+ if (gctx->seed == NULL)
+ return 0;
+ gctx->seedlen = seedlen;
+ }
+ return 1;
+}
+
+static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
+{
+ struct dh_gen_ctx *gctx = genctx;
+ const OSSL_PARAM *p;
+
+ if (gctx == NULL)
+ return 0;
+
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE);
+ if (p != NULL) {
+ if (p->data_type != OSSL_PARAM_UTF8_STRING
+ || ((gctx->gen_type = dh_gen_type_name2id(p->data)) == -1)) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
+ return 0;
+ }
+ }
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GROUP);
+ if (p != NULL) {
+ if (p->data_type != OSSL_PARAM_UTF8_STRING
+ || ((gctx->group_nid = ffc_named_group_to_uid(p->data)) == NID_undef)) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
+ return 0;
+ }
+ gctx->gen_type = DH_PARAMGEN_TYPE_GROUP;
+ }
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GENERATOR);
+ if (p != NULL
+ && !OSSL_PARAM_get_int(p, &gctx->generator))
+ return 0;
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX);
+ if (p != NULL
+ && !OSSL_PARAM_get_int(p, &gctx->gindex))
+ return 0;
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER);
+ if (p != NULL
+ && !OSSL_PARAM_get_int(p, &gctx->pcounter))
+ return 0;
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);
+ if (p != NULL
+ && !OSSL_PARAM_get_int(p, &gctx->hindex))
+ return 0;
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED);
+ if (p != NULL
+ && (p->data_type != OSSL_PARAM_OCTET_STRING
+ || !dh_set_gen_seed(gctx, p->data, p->data_size)))
+ return 0;
+
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PBITS)) != NULL
+ && !OSSL_PARAM_get_size_t(p, &gctx->pbits))
+ return 0;
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_QBITS)) != NULL
+ && !OSSL_PARAM_get_size_t(p, &gctx->qbits))
+ return 0;
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST);
+ if (p != NULL) {
+ const OSSL_PARAM *p1;
+ char mdprops[OSSL_MAX_PROPQUERY_SIZE] = { '\0' };
+ char *str = mdprops;
+
+ if (p->data_type != OSSL_PARAM_UTF8_STRING)
+ return 0;
+ p1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);
+ if (p1 != NULL
+ && !OSSL_PARAM_get_utf8_string(p1, &str, sizeof(mdprops)))
+ return 0;
+ EVP_MD_free(gctx->md);
+ gctx->md = EVP_MD_fetch(gctx->libctx, p->data, mdprops);
+ if (gctx->md == NULL)
+ return 0;
+ }
+ return 1;
+}
+
+static const OSSL_PARAM *dh_gen_settable_params(void *provctx)
+{
+ static OSSL_PARAM settable[] = {
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
+ OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),
+ OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0),
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0),
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GENERATOR, NULL),
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),
+ OSSL_PARAM_END
+ };
+ return settable;
+}
+
+static int dh_gencb(int p, int n, BN_GENCB *cb)
+{
+ struct dh_gen_ctx *gctx = BN_GENCB_get_arg(cb);
+ OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
+
+ params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p);
+ params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n);
+
+ return gctx->cb(params, gctx->cbarg);
+}
+
+static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
+{
+ int ret = 0;
+ struct dh_gen_ctx *gctx = genctx;
+ DH *dh = NULL;
+ BN_GENCB *gencb = NULL;
+ FFC_PARAMS *ffc;
+
+ if (gctx == NULL)
+ return NULL;
+
+ /* For parameter generation - If there is a group name just create it */
+ if (gctx->gen_type == DH_PARAMGEN_TYPE_GROUP) {
+ /* Select a named group if there is not one already */
+ if (gctx->group_nid == NID_undef)
+ gctx->group_nid = dh_get_named_group_uid_from_size(gctx->pbits);
+ if (gctx->group_nid == NID_undef)
+ return NULL;
+ dh = dh_new_by_nid_with_libctx(gctx->libctx, gctx->group_nid);
+ if (dh == NULL)
+ return NULL;
+ ffc = dh_get0_params(dh);
+ } else {
+ dh = dh_new_with_libctx(gctx->libctx);
+ if (dh == NULL)
+ return NULL;
+ ffc = dh_get0_params(dh);
+
+ /* Copy the template value if one was passed */
+ if (gctx->ffc_params != NULL
+ && !ffc_params_copy(ffc, gctx->ffc_params))
+ goto end;
+
+ if (!ffc_params_set_seed(ffc, gctx->seed, gctx->seedlen))
+ goto end;
+ if (gctx->gindex != -1) {
+ ffc_params_set_gindex(ffc, gctx->gindex);
+ if (gctx->pcounter != -1)
+ ffc_params_set_pcounter(ffc, gctx->pcounter);
+ } else if (gctx->hindex != 0) {
+ ffc_params_set_h(ffc, gctx->hindex);
+ }
+ gctx->cb = osslcb;
+ gctx->cbarg = cbarg;
+ gencb = BN_GENCB_new();
+ if (gencb != NULL)
+ BN_GENCB_set(gencb, dh_gencb, genctx);
+
+ if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
+ /*
+ * NOTE: The old safe prime generator code is not used in fips mode,
+ * (i.e internally it ignores the generator and chooses a named
+ * group based on pbits.
+ */
+ if (gctx->gen_type == DH_PARAMGEN_TYPE_GENERATOR)
+ ret = DH_generate_parameters_ex(dh, gctx->pbits,
+ gctx->generator, gencb);
+ else
+ ret = dh_generate_ffc_parameters(dh, gctx->gen_type, gctx->pbits,
+ gctx->qbits, gctx->md, gencb);
+ if (ret <= 0)
+ goto end;
+ }
+ }
+
+ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
+ if (ffc->p == NULL || ffc->g == NULL)
+ goto end;
+ if (DH_generate_key(dh) <= 0)
+ goto end;
+ }
+ ret = 1;
+end:
+ if (ret <= 0) {
+ DH_free(dh);
+ dh = NULL;
+ }
+ BN_GENCB_free(gencb);
+ return dh;
+}
+
+static void dh_gen_cleanup(void *genctx)
+{
+ struct dh_gen_ctx *gctx = genctx;
+
+ if (gctx == NULL)
+ return;
+
+ OPENSSL_clear_free(gctx->seed, gctx->seedlen);
+ EVP_MD_free(gctx->md);
+ OPENSSL_free(gctx);
+}
+
const OSSL_DISPATCH dh_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dh_newdata },
+ { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dh_gen_init },
+ { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dh_gen_set_template },
+ { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dh_gen_set_params },
+ { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
+ (void (*)(void))dh_gen_settable_params },
+ { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dh_gen },
+ { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dh_gen_cleanup },
{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata },
{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params },
{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params },
diff --git a/providers/implementations/serializers/serializer_dh.c b/providers/implementations/serializers/serializer_dh.c
index b2517ed947..d8e85a5482 100644
--- a/providers/implementations/serializers/serializer_dh.c
+++ b/providers/implementations/serializers/serializer_dh.c
@@ -13,11 +13,12 @@
*/
#include "internal/deprecated.h"
-#include <openssl/dh.h>
#include <openssl/err.h>
#include "prov/bio.h" /* ossl_prov_bio_printf() */
#include "prov/implementations.h" /* rsa_keymgmt_functions */
#include "prov/providercommonerr.h" /* PROV_R_BN_ERROR */
+#include "internal/ffc.h"
+#include "crypto/dh.h"
#include "serializer_local.h"
OSSL_OP_keymgmt_new_fn *ossl_prov_get_keymgmt_dh_new(void)
@@ -39,8 +40,7 @@ int ossl_prov_print_dh(BIO *out, DH *dh, enum dh_print_type type)
{
const char *type_label = NULL;
const BIGNUM *priv_key = NULL, *pub_key = NULL;
- const BIGNUM *p = NULL, *g = NULL;
-
+ const BIGNUM *p = NULL;
switch (type) {
case dh_print_priv:
@@ -67,35 +67,19 @@ int ossl_prov_print_dh(BIO *out, DH *dh, enum dh_print_type type)
}
p = DH_get0_p(dh);
- g = DH_get0_g(dh);
- if (p == NULL || g == NULL)
+ if (p == NULL)
goto null_err;
- /*
- * TODO(3.0): add printing of:
- *
- * - q (label "subgroup order:")
- * - j (label "subgroup factor:")
- * - seed (label "seed:")
- * - counter (label "counter:")
- *
- * This can happen as soon as there are DH_get0_ functions for them.
- */
-
if (ossl_prov_bio_printf(out, "%s: (%d bit)\n", type_label, BN_num_bits(p))
<= 0)
goto err;
if (priv_key != NULL
- && !ossl_prov_print_labeled_bignum(out, " private-key:", priv_key))
+ && !ossl_prov_print_labeled_bignum(out, "private-key:", priv_key))
goto err;
if (pub_key != NULL
- && !ossl_prov_print_labeled_bignum(out, " public-key:", pub_key))
- goto err;
- if (p != NULL
- && !ossl_prov_print_labeled_bignum(out, " prime:", p))
+ && !ossl_prov_print_labeled_bignum(out, "public-key:", pub_key))
goto err;
- if (g != NULL
- && !ossl_prov_print_labeled_bignum(out, " generator:", g))
+ if (!ffc_params_prov_print(out, dh_get0_params(dh)))
goto err;
return 1;
diff --git a/providers/implementations/serializers/serializer_ffc_params.c b/providers/implementations/serializers/serializer_ffc_params.c
index da38763cfe..20cf4b3d24 100644
--- a/providers/implementations/serializers/serializer_ffc_params.c
+++ b/providers/implementations/serializers/serializer_ffc_params.c
@@ -15,7 +15,7 @@
int ffc_params_prov_print(BIO *out, const FFC_PARAMS *ffc)
{
if (ffc->nid != NID_undef) {
- const char *name = ffc_named_group_from_nid(ffc->nid);
+ const char *name = ffc_named_group_from_uid(ffc->nid);
if (name == NULL)
goto err;
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index 5a66162cae..7b61cbe11f 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -12,12 +12,12 @@
#include <openssl/pem.h>
#include <openssl/serializer.h>
#include <openssl/provider.h>
-#include <openssl/params.h>
+#include <openssl/param_build.h>
#include <openssl/core_names.h>
#include "crypto/ecx.h"
-#include "internal/nelem.h"
-#include "openssl/param_build.h"
#include "crypto/evp.h" /* For the internal API */
+#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
+#include "internal/nelem.h"
#include "testutil.h"
static char *datadir = NULL;
@@ -391,73 +391,283 @@ static int test_evp_pkey_get_bn_param_large(void)
#ifndef OPENSSL_NO_DH
-/* Array indexes used in test_fromdata_dh */
-#define PRIV_KEY 0
-#define PUB_KEY 1
-#define FFC_P 2
-#define FFC_G 3
-
-static int test_fromdata_dh(void)
+static int test_fromdata_dh_named_group(void)
{
int ret = 0;
+ int gindex = 0, pcounter = 0, hindex = 0;
EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
EVP_PKEY *pk = NULL, *copy_pk = NULL;
+ size_t len;
+ BIGNUM *pub = NULL, *priv = NULL;
+ BIGNUM *pub_out = NULL, *priv_out = NULL;
+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
+ OSSL_PARAM *fromdata_params = NULL;
+ OSSL_PARAM_BLD *bld = NULL;
+ char name_out[80];
+ unsigned char seed_out[32];
+
/*
- * 32-bit DH key, extracted from this command,
- * executed with OpenSSL 1.0.2:
- *
- * openssl dhparam -out dhp.pem 32
- * openssl genpkey -paramfile dhp.pem | openssl pkey -text
+ * DH key data was generated using the following:
+ * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048 -text
*/
- static unsigned long key_numbers[] = {
- 0x666c2b06, /* priv-key */
- 0x6fa6de50, /* pub-key */
- 0x8bb45f53, /* P */
- 0x2, /* G */
+ static const unsigned char priv_data[] = {
+ 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
+ 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
+ 0x87, 0xe8, 0xa9, 0x7b,
};
- OSSL_PARAM fromdata_params[] = {
- OSSL_PARAM_ulong(OSSL_PKEY_PARAM_PRIV_KEY, &key_numbers[PRIV_KEY]),
- OSSL_PARAM_ulong(OSSL_PKEY_PARAM_PUB_KEY, &key_numbers[PUB_KEY]),
- OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_P, &key_numbers[FFC_P]),
- OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_G, &key_numbers[FFC_G]),
- OSSL_PARAM_END
+ static const unsigned char pub_data[] = {
+ 0x00, 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1,
+ 0x82, 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd,
+ 0x33, 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c,
+ 0x64, 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6,
+ 0xf9, 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5,
+ 0xfa, 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03,
+ 0x9d, 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9,
+ 0x7e, 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a,
+ 0x57, 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa,
+ 0xe5, 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef,
+ 0x9a, 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1,
+ 0xdb, 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7,
+ 0x22, 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f,
+ 0x7c, 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20,
+ 0x82, 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77,
+ 0x14, 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2,
+ 0x6e, 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12,
+ 0xbc, 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0,
+ 0xf1, 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67,
+ 0xa1, 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc,
+ 0xa8, 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab,
+ 0xcf, 0x33, 0x42, 0x83, 0x42
};
+ static const char group_name[] = "ffdhe2048";
+
+ if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
+ || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
+ || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
+ || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
+ OSSL_PKEY_PARAM_FFC_GROUP,
+ group_name, 0))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
+ || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
+ goto err;
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
goto err;
if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
|| !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
- || !TEST_int_eq(EVP_PKEY_bits(pk), 32)
- || !TEST_int_eq(EVP_PKEY_security_bits(pk), 0) /* Missing Q */
- || !TEST_int_eq(EVP_PKEY_size(pk), 4))
+ || !TEST_int_eq(EVP_PKEY_bits(pk), 2048)
+ || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112)
+ || !TEST_int_eq(EVP_PKEY_size(pk), 256))
+ goto err;
+
+ if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_FFC_GROUP,
+ name_out, sizeof(name_out),
+ &len))
+ || !TEST_str_eq(name_out, group_name)
+ || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
+ &pub_out))
+
+ || !TEST_BN_eq(pub, pub_out)
+ || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
+ &priv_out))
+ || !TEST_BN_eq(priv, priv_out)
+ || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
+ || !TEST_BN_eq(&_bignum_ffdhe2048_p, p)
+ || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
+ || !TEST_ptr(q)
+ || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
+ || !TEST_BN_eq(&_bignum_const_2, g)
+ || !TEST_false(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_COFACTOR,
+ &j))
+ || !TEST_ptr_null(j)
+ || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
+ OSSL_PKEY_PARAM_FFC_SEED,
+ seed_out,
+ sizeof(seed_out), &len))
+ || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX,
+ &gindex))
+ || !TEST_int_eq(gindex, -1)
+ || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H, &hindex))
+ || !TEST_int_eq(hindex, 0)
+ || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_PCOUNTER,
+ &pcounter))
+ || !TEST_int_eq(pcounter, -1))
+ goto err;
+
+ if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
+ goto err;
+
+ if (!TEST_true(EVP_PKEY_check(key_ctx))
+ || !TEST_true(EVP_PKEY_public_check(key_ctx))
+ || !TEST_true(EVP_PKEY_private_check(key_ctx))
+ || !TEST_true(EVP_PKEY_pairwise_check(key_ctx)))
goto err;
if (!TEST_ptr(copy_pk = EVP_PKEY_new())
|| !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
goto err;
+ ret = test_print_key_using_pem("DH", pk)
+ && test_print_key_using_serializer("DH", pk);
+err:
+ BN_free(p);
+ BN_free(q);
+ BN_free(g);
+ BN_free(j);
+ BN_free(pub);
+ BN_free(priv);
+ BN_free(pub_out);
+ BN_free(priv_out);
+ EVP_PKEY_free(copy_pk);
+ EVP_PKEY_free(pk);
+ EVP_PKEY_CTX_free(ctx);
+ EVP_PKEY_CTX_free(key_ctx);
+ OSSL_PARAM_BLD_free_params(fromdata_params);
+ OSSL_PARAM_BLD_free(bld);
+
+ return ret;
+}
+
+static int test_fromdata_dh_fips186_4(void)
+{
+ int ret = 0;
+ int gindex = 0, pcounter = 0, hindex = 0;
+ EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
+ EVP_PKEY *pk = NULL;
+ size_t len;
+ BIGNUM *pub = NULL, *priv = NULL;
+ BIGNUM *pub_out = NULL, *priv_out = NULL;
+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
+ OSSL_PARAM_BLD *bld = NULL;
+ OSSL_PARAM *fromdata_params = NULL;
+ char name_out[80];
+ unsigned char seed_out[32];
+
+ /*
+ * DH key data was generated using the following:
+ * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048 -text
+ */
+ static const unsigned char priv_data[] = {
+ 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
+ 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
+ 0x87, 0xe8, 0xa9, 0x7b,
+ };
+ static const unsigned char pub_data[] = {
+ 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82,
+ 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33,
+ 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64,
+ 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9,
+ 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa,
+ 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d,
+ 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e,
+ 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57,
+ 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5,
+ 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a,
+ 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb,
+ 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22,
+ 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c,
+ 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82,
+ 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14,
+ 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e,
+ 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc,
+ 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1,
+ 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1,
+ 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8,
+ 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf,
+ 0x33, 0x42, 0x83, 0x42
+ };
+ static const char group_name[] = "ffdhe2048";
+
+
+ if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
+ || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
+ || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
+ || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
+ OSSL_PKEY_PARAM_FFC_GROUP,
+ group_name, 0))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
+ || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
+ || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
+ goto err;
+
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
+ goto err;
+
+ if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
+ || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
+ || !TEST_int_eq(EVP_PKEY_bits(pk), 2048)
+ || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112)
+ || !TEST_int_eq(EVP_PKEY_size(pk), 256))
+ goto err;
+
+ if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_FFC_GROUP,
+ name_out, sizeof(name_out),
+ &len))
+ || !TEST_str_eq(name_out, group_name)
+ || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
+ &pub_out))
+ || !TEST_BN_eq(pub, pub_out)
+ || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
+ &priv_out))
+ || !TEST_BN_eq(priv, priv_out)
+ || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
+ || !TEST_BN_eq(&_bignum_ffdhe2048_p, p)
+ || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
+ || !TEST_ptr(q)
+ || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
+ || !TEST_BN_eq(&_bignum_const_2, g)
+ || !TEST_false(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_COFACTOR,
+ &j))
+ || !TEST_ptr_null(j)
+ || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
+ OSSL_PKEY_PARAM_FFC_SEED,
+ seed_out,
+ sizeof(seed_out), &len))
+ || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX,
+ &gindex))
+ || !TEST_int_eq(gindex, -1)
+ || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H, &hindex))
+ || !TEST_int_eq(hindex, 0)
+ || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_PCOUNTER,
+ &pcounter))
+ || !TEST_int_eq(pcounter, -1))
+ goto err;
+
if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
goto err;
- if (!TEST_false(EVP_PKEY_check(key_ctx))
+ if (!TEST_true(EVP_PKEY_check(key_ctx))
|| !TEST_true(EVP_PKEY_public_check(key_ctx))
- || !TEST_false(EVP_PKEY_private_check(key_ctx)) /* Need a q */
- || !TEST_false(EVP_PKEY_pairwise_check(key_ctx)))
+ || !TEST_true(EVP_PKEY_private_check(key_ctx))
+ || !TEST_true(EVP_PKEY_pairwise_check(key_ctx)))
goto err;
ret = test_print_key_using_pem("DH", pk)
&& test_print_key_using_serializer("DH", pk);
- err:
+err:
+ BN_free(p);
+ BN_free(q);
+ BN_free(g);
+ BN_free(j);
+ BN_free(pub);
+ BN_free(priv);
+ BN_free(pub_out);
+ BN_free(priv_out);
EVP_PKEY_free(pk);
- EVP_PKEY_free(copy_pk);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_CTX_free(key_ctx);
+ OSSL_PARAM_BLD_free_params(fromdata_params);
+ OSSL_PARAM_BLD_free(bld);
return ret;
}
+
#endif
+
+
#ifndef OPENSSL_NO_EC
/* Array indexes used in test_fromdata_ecx */
# define PRIV_KEY 0
@@ -677,7 +887,7 @@ static int test_fromdata_ec(void)
int ret = 0;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pk = NULL, *copy_pk = NULL;
- OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
+ OSSL_PARAM_BLD *bld = NULL;
BIGNUM *ec_priv_bn = NULL;
BIGNUM *bn_priv = NULL;
OSSL_PARAM *fromdata_params = NULL;
@@ -708,7 +918,7 @@ static int test_fromdata_ec(void)
size_t len;
- if (!TEST_ptr(bld))
+ if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()))
goto err;
if (!TEST_ptr(ec_priv_bn = BN_bin2bn(ec_priv_keydata,
sizeof(ec_priv_keydata), NULL)))
@@ -1015,7 +1225,8 @@ int setup_tests(void)
ADD_TEST(test_evp_pkey_get_bn_param_large);
ADD_TEST(test_fromdata_rsa);
#ifndef OPENSSL_NO_DH
- ADD_TEST(test_fromdata_dh);
+ ADD_TEST(test_fromdata_dh_fips186_4);
+ ADD_TEST(test_fromdata_dh_named_group);
#endif
#ifndef OPENSSL_NO_DSA
ADD_TEST(test_fromdata_dsa_fips186_4);
diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendh.t
similarity index 60%
copy from test/recipes/15-test_gendsa.t
copy to test/recipes/15-test_gendh.t
index 71d47254de..87ddac96f7 100644
--- a/test/recipes/15-test_gendsa.t
+++ b/test/recipes/15-test_gendh.t
@@ -14,64 +14,70 @@ use File::Spec;
use OpenSSL::Test qw/:DEFAULT srctop_file/;
use OpenSSL::Test::Utils;
-setup("test_gendsa");
+setup("test_gendh");
-plan skip_all => "This test is unsupported in a no-dsa build"
- if disabled("dsa");
+plan skip_all => "This test is unsupported in a no-dh build" if disabled("dh");
-plan tests => 8;
+plan tests => 9;
ok(run(app([ 'openssl', 'genpkey', '-genparam',
- '-algorithm', 'DSA',
+ '-algorithm', 'DH',
'-pkeyopt', 'gindex:1',
'-pkeyopt', 'type:fips186_4',
'-text'])),
- "genpkey DSA params fips186_4 with verifiable g");
+ "genpkey DH params fips186_4 with verifiable g");
ok(run(app([ 'openssl', 'genpkey', '-genparam',
- '-algorithm', 'DSA',
+ '-algorithm', 'DH',
'-pkeyopt', 'type:fips186_4',
'-text'])),
- "genpkey DSA params fips186_4 with unverifiable g");
+ "genpkey DH params fips186_4 with unverifiable g");
ok(run(app([ 'openssl', 'genpkey', '-genparam',
- '-algorithm', 'DSA',
+ '-algorithm', 'DH',
'-pkeyopt', 'type:fips186_2',
'-text'])),
- "genpkey DSA params fips186_2");
+ "genpkey DH params fips186_2");
-ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'DSA',
+ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'DH',
'-pkeyopt', 'type:group',
'-text'])),
- "genpkey DSA does not support groups");
+ "genpkey DH default group");
+
+ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'DH',
+ '-pkeyopt', 'type:group',
+ '-pkeyopt', 'group:ffdhe2048',
+ '-text'])),
+ "genpkey DH group ffdhe2048");
ok(run(app([ 'openssl', 'genpkey', '-genparam',
- '-algorithm', 'DSA',
+ '-algorithm', 'DH',
'-pkeyopt', 'gindex:1',
'-pkeyopt', 'type:fips186_4',
- '-out', 'dsagen.pem'])),
- "genpkey DSA params fips186_4 PEM");
+ '-out', 'dhgen.pem'])),
+ "genpkey DH params fips186_4 PEM");
ok(run(app([ 'openssl', 'genpkey', '-genparam',
- '-algorithm', 'DSA',
+ '-algorithm', 'DH',
'-pkeyopt', 'gindex:1',
'-pkeyopt', 'pbits:2048',
'-pkeyopt', 'qbits:256',
'-pkeyopt', 'type:fips186_4',
'-outform', 'DER',
- '-out', 'dsagen.der'])),
- "genpkey DSA params fips186_4 DER");
+ '-out', 'dhgen.der'])),
+ "genpkey DH params fips186_4 DER");
# The seed and counter should be the ones generated from the param generation
# Just put some dummy ones in to show it works.
ok(run(app([ 'openssl', 'genpkey',
- '-paramfile', 'dsagen.der',
+ '-paramfile', 'dhgen.der',
'-pkeyopt', 'gindex:1',
'-pkeyopt', 'hexseed:0102030405060708090A0B0C0D0E0F1011121314',
'-pkeyopt', 'pcounter:25',
'-text'])),
- "genpkey DSA fips186_4 with DER params");
+ "genpkey DH fips186_4 with DER params");
-ok(!run(app([ 'openssl', 'genpkey',
- '-algorithm', 'DSA'])),
- "genpkey DSA with no params should fail");
+ ok(!run(app([ 'openssl', 'genpkey',
+ '-algorithm', 'DH'])),
+ "genpkey DH with no params should fail");
+
\ No newline at end of file
diff --git a/test/recipes/30-test_evp_pkey_provided/DH.priv.der b/test/recipes/30-test_evp_pkey_provided/DH.priv.der
index 0063e62ecd..d77f50d8c6 100644
Binary files a/test/recipes/30-test_evp_pkey_provided/DH.priv.der and b/test/recipes/30-test_evp_pkey_provided/DH.priv.der differ
diff --git a/test/recipes/30-test_evp_pkey_provided/DH.priv.pem b/test/recipes/30-test_evp_pkey_provided/DH.priv.pem
index 73cc465041..2aa5f49dd4 100644
--- a/test/recipes/30-test_evp_pkey_provided/DH.priv.pem
+++ b/test/recipes/30-test_evp_pkey_provided/DH.priv.pem
@@ -1,3 +1,9 @@
-----BEGIN PRIVATE KEY-----
-MCQCAQAwFwYJKoZIhvcNAQMBMAoCBQCLtF9TAgECBAYCBGZsKwY=
+MIIBQwIBADCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv
+3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT
+3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId
+8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu
+Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD
+/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8C
+AQICAgDgBB8CHQCIheef7m3FfHivY104KtDtVktHISv6VfqH6Kl7
-----END PRIVATE KEY-----
diff --git a/test/recipes/30-test_evp_pkey_provided/DH.priv.txt b/test/recipes/30-test_evp_pkey_provided/DH.priv.txt
index cedef99629..0e6f9519b4 100644
--- a/test/recipes/30-test_evp_pkey_provided/DH.priv.txt
+++ b/test/recipes/30-test_evp_pkey_provided/DH.priv.txt
@@ -1,5 +1,24 @@
-DH Private-Key: (32 bit)
- private-key: 1718364934 (0x666c2b06)
- public-key: 1873206864 (0x6fa6de50)
- prime: 2343853907 (0x8bb45f53)
- generator: 2 (0x2)
+DH Private-Key: (2048 bit)
+private-key:
+ 00:88:85:e7:9f:ee:6d:c5:7c:78:af:63:5d:38:2a:
+ d0:ed:56:4b:47:21:2b:fa:55:fa:87:e8:a9:7b
+public-key:
+ 00:d6:2d:77:e0:d3:7d:f8:eb:98:50:a1:82:22:65:
+ d5:d9:fe:c9:3f:be:16:83:bd:33:e9:c6:93:cf:08:
+ af:83:fa:80:8a:6c:64:df:70:64:d5:0a:7c:5a:72:
+ da:66:e6:f9:f5:31:21:92:b0:60:1a:b5:d3:f0:a5:
+ fa:48:95:2e:38:d9:c5:e6:da:fb:6c:03:9d:4b:69:
+ b7:95:e4:5c:c0:93:4f:48:d9:7e:06:22:b2:de:f3:
+ 79:24:ed:e1:d1:4a:57:f1:40:86:70:42:25:c5:27:
+ 68:c9:fa:e5:8e:62:7e:ff:49:6c:5b:b5:ba:f9:ef:
+ 9a:1a:10:d4:81:53:cf:83:04:18:1c:e1:db:e1:65:
+ a9:7f:e1:33:eb:c3:4f:e3:b7:22:f7:1c:09:4f:ed:
+ c6:07:8e:78:05:8f:7c:96:d9:12:e0:81:74:1a:e9:
+ 13:c0:20:82:65:bb:42:3b:ed:08:6a:84:4f:ea:77:
+ 14:32:f9:ed:c2:12:d6:c5:c6:b3:e5:f2:6e:f6:16:
+ 7f:37:de:bc:09:c7:06:6b:12:bc:ad:2d:49:25:d5:
+ dc:f4:18:14:d2:f0:f1:1d:1f:3a:aa:15:55:bb:0d:
+ 7f:be:67:a1:a7:f0:aa:b3:fb:41:82:39:49:93:bc:
+ a8:ee:72:13:45:65:15:42:17:aa:d8:ab:cf:33:42:
+ 83:42
+GROUP: ffdhe2048
diff --git a/test/recipes/30-test_evp_pkey_provided/DH.pub.der b/test/recipes/30-test_evp_pkey_provided/DH.pub.der
index 95a30014fd..a2d3730503 100644
Binary files a/test/recipes/30-test_evp_pkey_provided/DH.pub.der and b/test/recipes/30-test_evp_pkey_provided/DH.pub.der differ
diff --git a/test/recipes/30-test_evp_pkey_provided/DH.pub.pem b/test/recipes/30-test_evp_pkey_provided/DH.pub.pem
index 709ac89864..b71c143f26 100644
--- a/test/recipes/30-test_evp_pkey_provided/DH.pub.pem
+++ b/test/recipes/30-test_evp_pkey_provided/DH.pub.pem
@@ -1,3 +1,14 @@
-----BEGIN PUBLIC KEY-----
-MCIwFwYJKoZIhvcNAQMBMAoCBQCLtF9TAgECAwcAAgRvpt5Q
+MIICKTCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv3FYg
+Jz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT3x7V
+1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId8Vih
+Nq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSuVu3n
+Y3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD/jsb
+TG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8CAQIC
+AgDgA4IBBgACggEBANYtd+DTffjrmFChgiJl1dn+yT++FoO9M+nGk88Ir4P6gIps
+ZN9wZNUKfFpy2mbm+fUxIZKwYBq10/Cl+kiVLjjZxeba+2wDnUtpt5XkXMCTT0jZ
+fgYist7zeSTt4dFKV/FAhnBCJcUnaMn65Y5ifv9JbFu1uvnvmhoQ1IFTz4MEGBzh
+2+FlqX/hM+vDT+O3IvccCU/txgeOeAWPfJbZEuCBdBrpE8AggmW7QjvtCGqET+p3
+FDL57cIS1sXGs+XybvYWfzfevAnHBmsSvK0tSSXV3PQYFNLw8R0fOqoVVbsNf75n
+oafwqrP7QYI5SZO8qO5yE0VlFUIXqtirzzNCg0I=
-----END PUBLIC KEY-----
diff --git a/test/recipes/30-test_evp_pkey_provided/DH.pub.txt b/test/recipes/30-test_evp_pkey_provided/DH.pub.txt
index b7b465f56a..325e160f36 100644
--- a/test/recipes/30-test_evp_pkey_provided/DH.pub.txt
+++ b/test/recipes/30-test_evp_pkey_provided/DH.pub.txt
@@ -1,4 +1,21 @@
-DH Public-Key: (32 bit)
- public-key: 1873206864 (0x6fa6de50)
- prime: 2343853907 (0x8bb45f53)
- generator: 2 (0x2)
+DH Public-Key: (2048 bit)
+public-key:
+ 00:d6:2d:77:e0:d3:7d:f8:eb:98:50:a1:82:22:65:
+ d5:d9:fe:c9:3f:be:16:83:bd:33:e9:c6:93:cf:08:
+ af:83:fa:80:8a:6c:64:df:70:64:d5:0a:7c:5a:72:
+ da:66:e6:f9:f5:31:21:92:b0:60:1a:b5:d3:f0:a5:
+ fa:48:95:2e:38:d9:c5:e6:da:fb:6c:03:9d:4b:69:
+ b7:95:e4:5c:c0:93:4f:48:d9:7e:06:22:b2:de:f3:
+ 79:24:ed:e1:d1:4a:57:f1:40:86:70:42:25:c5:27:
+ 68:c9:fa:e5:8e:62:7e:ff:49:6c:5b:b5:ba:f9:ef:
+ 9a:1a:10:d4:81:53:cf:83:04:18:1c:e1:db:e1:65:
+ a9:7f:e1:33:eb:c3:4f:e3:b7:22:f7:1c:09:4f:ed:
+ c6:07:8e:78:05:8f:7c:96:d9:12:e0:81:74:1a:e9:
+ 13:c0:20:82:65:bb:42:3b:ed:08:6a:84:4f:ea:77:
+ 14:32:f9:ed:c2:12:d6:c5:c6:b3:e5:f2:6e:f6:16:
+ 7f:37:de:bc:09:c7:06:6b:12:bc:ad:2d:49:25:d5:
+ dc:f4:18:14:d2:f0:f1:1d:1f:3a:aa:15:55:bb:0d:
+ 7f:be:67:a1:a7:f0:aa:b3:fb:41:82:39:49:93:bc:
+ a8:ee:72:13:45:65:15:42:17:aa:d8:ab:cf:33:42:
+ 83:42
+GROUP: ffdhe2048
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 032548097e..e14688c8ef 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5063,3 +5063,12 @@ EVP_PKEY_CTX_set_dsa_paramgen_gindex ? 3_0_0 EXIST::FUNCTION:DSA
EVP_PKEY_CTX_set_dsa_paramgen_type ? 3_0_0 EXIST::FUNCTION:DSA
EVP_PKEY_CTX_set_dsa_paramgen_seed ? 3_0_0 EXIST::FUNCTION:DSA
EVP_PKEY_CTX_set_dsa_paramgen_md ? 3_0_0 EXIST::FUNCTION:DSA
+EVP_PKEY_CTX_set_dh_paramgen_type ? 3_0_0 EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_paramgen_gindex ? 3_0_0 EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_paramgen_seed ? 3_0_0 EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_paramgen_prime_len ? 3_0_0 EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_paramgen_subprime_len ? 3_0_0 EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_paramgen_generator ? 3_0_0 EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_nid ? 3_0_0 EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dh_rfc5114 ? 3_0_0 EXIST::FUNCTION:DH
+EVP_PKEY_CTX_set_dhx_rfc5114 ? 3_0_0 EXIST::FUNCTION:DH
More information about the openssl-commits
mailing list