2
0

dh_ctrl.c 9.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346
  1. /*
  2. * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "internal/deprecated.h"
  10. #include <openssl/core_names.h>
  11. #include <openssl/params.h>
  12. #include <openssl/err.h>
  13. #include <openssl/dh.h>
  14. #include "crypto/dh.h"
  15. #include "crypto/evp.h"
  16. static int dh_paramgen_check(EVP_PKEY_CTX *ctx)
  17. {
  18. if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
  19. ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
  20. /* Uses the same return values as EVP_PKEY_CTX_ctrl */
  21. return -2;
  22. }
  23. /* If key type not DH return error */
  24. if (evp_pkey_ctx_is_legacy(ctx)
  25. && ctx->pmeth->pkey_id != EVP_PKEY_DH
  26. && ctx->pmeth->pkey_id != EVP_PKEY_DHX)
  27. return -1;
  28. return 1;
  29. }
  30. static int dh_param_derive_check(EVP_PKEY_CTX *ctx)
  31. {
  32. if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
  33. ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
  34. /* Uses the same return values as EVP_PKEY_CTX_ctrl */
  35. return -2;
  36. }
  37. /* If key type not DH return error */
  38. if (evp_pkey_ctx_is_legacy(ctx)
  39. && ctx->pmeth->pkey_id != EVP_PKEY_DH
  40. && ctx->pmeth->pkey_id != EVP_PKEY_DHX)
  41. return -1;
  42. return 1;
  43. }
  44. int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex)
  45. {
  46. int ret;
  47. OSSL_PARAM params[2], *p = params;
  48. if ((ret = dh_paramgen_check(ctx)) <= 0)
  49. return ret;
  50. *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex);
  51. *p = OSSL_PARAM_construct_end();
  52. return evp_pkey_ctx_set_params_strict(ctx, params);
  53. }
  54. int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx,
  55. const unsigned char *seed,
  56. size_t seedlen)
  57. {
  58. int ret;
  59. OSSL_PARAM params[2], *p = params;
  60. if ((ret = dh_paramgen_check(ctx)) <= 0)
  61. return ret;
  62. *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED,
  63. (void *)seed, seedlen);
  64. *p = OSSL_PARAM_construct_end();
  65. return evp_pkey_ctx_set_params_strict(ctx, params);
  66. }
  67. /*
  68. * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  69. * simply because that's easier.
  70. */
  71. int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ)
  72. {
  73. return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN,
  74. EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL);
  75. }
  76. int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits)
  77. {
  78. int ret;
  79. OSSL_PARAM params[2], *p = params;
  80. size_t bits = pbits;
  81. if ((ret = dh_paramgen_check(ctx)) <= 0)
  82. return ret;
  83. *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits);
  84. *p = OSSL_PARAM_construct_end();
  85. return evp_pkey_ctx_set_params_strict(ctx, params);
  86. }
  87. int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qbits)
  88. {
  89. int ret;
  90. OSSL_PARAM params[2], *p = params;
  91. size_t bits2 = qbits;
  92. if ((ret = dh_paramgen_check(ctx)) <= 0)
  93. return ret;
  94. *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2);
  95. *p = OSSL_PARAM_construct_end();
  96. return evp_pkey_ctx_set_params_strict(ctx, params);
  97. }
  98. int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen)
  99. {
  100. int ret;
  101. OSSL_PARAM params[2], *p = params;
  102. if ((ret = dh_paramgen_check(ctx)) <= 0)
  103. return ret;
  104. *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_DH_GENERATOR, &gen);
  105. *p = OSSL_PARAM_construct_end();
  106. return evp_pkey_ctx_set_params_strict(ctx, params);
  107. }
  108. /*
  109. * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  110. * simply because that's easier.
  111. */
  112. int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen)
  113. {
  114. return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN,
  115. EVP_PKEY_CTRL_DH_RFC5114, gen, NULL);
  116. }
  117. int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen)
  118. {
  119. return EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen);
  120. }
  121. /*
  122. * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  123. * simply because that's easier.
  124. */
  125. int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid)
  126. {
  127. return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
  128. EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
  129. EVP_PKEY_CTRL_DH_NID, nid, NULL);
  130. }
  131. int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad)
  132. {
  133. OSSL_PARAM dh_pad_params[2];
  134. unsigned int upad = pad;
  135. /* We use EVP_PKEY_CTX_ctrl return values */
  136. if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
  137. ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
  138. return -2;
  139. }
  140. dh_pad_params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD, &upad);
  141. dh_pad_params[1] = OSSL_PARAM_construct_end();
  142. return evp_pkey_ctx_set_params_strict(ctx, dh_pad_params);
  143. }
  144. /*
  145. * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  146. * simply because that's easier.
  147. */
  148. int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf)
  149. {
  150. return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
  151. EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL);
  152. }
  153. /*
  154. * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  155. * simply because that's easier.
  156. */
  157. int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx)
  158. {
  159. return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
  160. EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL);
  161. }
  162. /*
  163. * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  164. * simply because that's easier.
  165. */
  166. int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid)
  167. {
  168. return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
  169. EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid));
  170. }
  171. /*
  172. * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  173. * simply because that's easier.
  174. */
  175. int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid)
  176. {
  177. return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
  178. EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(oid));
  179. }
  180. /*
  181. * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  182. * simply because that's easier.
  183. */
  184. int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
  185. {
  186. return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
  187. EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md));
  188. }
  189. /*
  190. * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
  191. * simply because that's easier.
  192. */
  193. int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd)
  194. {
  195. return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
  196. EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd));
  197. }
  198. int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int outlen)
  199. {
  200. int ret;
  201. size_t len = outlen;
  202. OSSL_PARAM params[2], *p = params;
  203. ret = dh_param_derive_check(ctx);
  204. if (ret != 1)
  205. return ret;
  206. if (outlen <= 0) {
  207. /*
  208. * This would ideally be -1 or 0, but we have to retain compatibility
  209. * with legacy behaviour of EVP_PKEY_CTX_ctrl() which returned -2 if
  210. * inlen <= 0
  211. */
  212. return -2;
  213. }
  214. *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
  215. &len);
  216. *p = OSSL_PARAM_construct_end();
  217. ret = evp_pkey_ctx_set_params_strict(ctx, params);
  218. if (ret == -2)
  219. ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
  220. return ret;
  221. }
  222. int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *plen)
  223. {
  224. int ret;
  225. size_t len = UINT_MAX;
  226. OSSL_PARAM params[2], *p = params;
  227. ret = dh_param_derive_check(ctx);
  228. if (ret != 1)
  229. return ret;
  230. *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
  231. &len);
  232. *p = OSSL_PARAM_construct_end();
  233. ret = evp_pkey_ctx_get_params_strict(ctx, params);
  234. if (ret == -2)
  235. ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
  236. if (ret != 1 || len > INT_MAX)
  237. return -1;
  238. *plen = (int)len;
  239. return 1;
  240. }
  241. int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len)
  242. {
  243. int ret;
  244. OSSL_PARAM params[2], *p = params;
  245. if (len < 0)
  246. return -1;
  247. ret = dh_param_derive_check(ctx);
  248. if (ret != 1)
  249. return ret;
  250. *p++ = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM,
  251. /*
  252. * Cast away the const. This is read
  253. * only so should be safe
  254. */
  255. (void *)ukm,
  256. (size_t)len);
  257. *p = OSSL_PARAM_construct_end();
  258. ret = evp_pkey_ctx_set_params_strict(ctx, params);
  259. if (ret == -2)
  260. ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
  261. if (ret == 1)
  262. OPENSSL_free(ukm);
  263. return ret;
  264. }
  265. #ifndef OPENSSL_NO_DEPRECATED_3_0
  266. int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm)
  267. {
  268. int ret;
  269. size_t ukmlen;
  270. OSSL_PARAM params[2], *p = params;
  271. ret = dh_param_derive_check(ctx);
  272. if (ret != 1)
  273. return ret;
  274. *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_EXCHANGE_PARAM_KDF_UKM,
  275. (void **)pukm, 0);
  276. *p = OSSL_PARAM_construct_end();
  277. ret = evp_pkey_ctx_get_params_strict(ctx, params);
  278. if (ret == -2)
  279. ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
  280. if (ret != 1)
  281. return -1;
  282. ukmlen = params[0].return_size;
  283. if (ukmlen > INT_MAX)
  284. return -1;
  285. return (int)ukmlen;
  286. }
  287. #endif