[thirdparty/openssl.git] / crypto / dh / dh_ameth.c

/*
 * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * DH low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <stdio.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include <openssl/bn.h>
#include <openssl/core_names.h>
#include <openssl/param_build.h>
#include "internal/ffc.h"
#include "internal/cryptlib.h"
#include "crypto/asn1.h"
#include "crypto/dh.h"
#include "crypto/evp.h"
#include "dh_local.h"

/*
 * i2d/d2i like DH parameter functions which use the appropriate routine for
 * PKCS#3 DH or X9.42 DH.
 */

static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp,
                   long length)
{
    DH *dh = NULL;
    int is_dhx = (pkey->ameth == &dhx_asn1_meth);

    if (is_dhx)
        dh = d2i_DHxparams(NULL, pp, length);
    else
        dh = d2i_DHparams(NULL, pp, length);

    return dh;
}

static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp)
{
    if (pkey->ameth == &dhx_asn1_meth)
        return i2d_DHxparams(a, pp);
    return i2d_DHparams(a, pp);
}

static void int_dh_free(EVP_PKEY *pkey)
{
    DH_free(pkey->pkey.dh);
}

static int dh_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
{
    const unsigned char *p, *pm;
    int pklen, pmlen;
    int ptype;
    const void *pval;
    const ASN1_STRING *pstr;
    X509_ALGOR *palg;
    ASN1_INTEGER *public_key = NULL;

    DH *dh = NULL;

    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
        return 0;
    X509_ALGOR_get0(NULL, &ptype, &pval, palg);

    if (ptype != V_ASN1_SEQUENCE) {
        DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
        goto err;
    }

    pstr = pval;
    pm = pstr->data;
    pmlen = pstr->length;

    if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) {
        DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
        goto err;
    }

    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
        DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
        goto err;
    }

    /* We have parameters now set public key */
    if ((dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
        DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
        goto err;
    }

    ASN1_INTEGER_free(public_key);
    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
    return 1;

 err:
    ASN1_INTEGER_free(public_key);
    DH_free(dh);
    return 0;
}

static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{
    DH *dh;
    int ptype;
    unsigned char *penc = NULL;
    int penclen;
    ASN1_STRING *str;
    ASN1_INTEGER *pub_key = NULL;

    dh = pkey->pkey.dh;

    str = ASN1_STRING_new();
    if (str == NULL) {
        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    str->length = i2d_dhp(pkey, dh, &str->data);
    if (str->length <= 0) {
        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    ptype = V_ASN1_SEQUENCE;

    pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
    if (pub_key == NULL)
        goto err;

    penclen = i2d_ASN1_INTEGER(pub_key, &penc);

    ASN1_INTEGER_free(pub_key);

    if (penclen <= 0) {
        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
                               ptype, str, penc, penclen))
        return 1;

 err:
    OPENSSL_free(penc);
    ASN1_STRING_free(str);

    return 0;
}

/*
 * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that
 * the AlgorithmIdentifier contains the parameters, the private key is
 * explicitly included and the pubkey must be recalculated.
 */

static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
{
    const unsigned char *p, *pm;
    int pklen, pmlen;
    int ptype;
    const void *pval;
    const ASN1_STRING *pstr;
    const X509_ALGOR *palg;
    ASN1_INTEGER *privkey = NULL;
    DH *dh = NULL;

    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
        return 0;

    X509_ALGOR_get0(NULL, &ptype, &pval, palg);

    if (ptype != V_ASN1_SEQUENCE)
        goto decerr;
    if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
        goto decerr;

    pstr = pval;
    pm = pstr->data;
    pmlen = pstr->length;
    if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL)
        goto decerr;

    /* We have parameters now set private key */
    if ((dh->priv_key = BN_secure_new()) == NULL
        || !ASN1_INTEGER_to_BN(privkey, dh->priv_key)) {
        DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
        goto dherr;
    }
    /* Calculate public key, increments dirty_cnt */
    if (!DH_generate_key(dh))
        goto dherr;

    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);

    ASN1_STRING_clear_free(privkey);

    return 1;

 decerr:
    DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
 dherr:
    DH_free(dh);
    ASN1_STRING_clear_free(privkey);
    return 0;
}

static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
    ASN1_STRING *params = NULL;
    ASN1_INTEGER *prkey = NULL;
    unsigned char *dp = NULL;
    int dplen;

    params = ASN1_STRING_new();

    if (params == NULL) {
        DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    params->length = i2d_dhp(pkey, pkey->pkey.dh, &params->data);
    if (params->length <= 0) {
        DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    params->type = V_ASN1_SEQUENCE;

    /* Get private key into integer */
    prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);

    if (prkey == NULL) {
        DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR);
        goto err;
    }

    dplen = i2d_ASN1_INTEGER(prkey, &dp);

    ASN1_STRING_clear_free(prkey);
    prkey = NULL;

    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
                         V_ASN1_SEQUENCE, params, dp, dplen))
        goto err;

    return 1;

 err:
    OPENSSL_free(dp);
    ASN1_STRING_free(params);
    ASN1_STRING_clear_free(prkey);
    return 0;
}

static int dh_param_decode(EVP_PKEY *pkey,
                           const unsigned char **pder, int derlen)
{
    DH *dh;

    if ((dh = d2i_dhp(pkey, pder, derlen)) == NULL)
        return 0;
    dh->dirty_cnt++;
    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
    return 1;
}

static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
{
    return i2d_dhp(pkey, pkey->pkey.dh, pder);
}

static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
{
    int reason = ERR_R_BUF_LIB;
    const char *ktype = NULL;
    BIGNUM *priv_key, *pub_key;

    if (ptype == 2)
        priv_key = x->priv_key;
    else
        priv_key = NULL;

    if (ptype > 0)
        pub_key = x->pub_key;
    else
        pub_key = NULL;

    if (x->params.p == NULL || (ptype == 2 && priv_key == NULL)
            || (ptype > 0 && pub_key == NULL)) {
        reason = ERR_R_PASSED_NULL_PARAMETER;
        goto err;
    }

    if (ptype == 2)
        ktype = "DH Private-Key";
    else if (ptype == 1)
        ktype = "DH Public-Key";
    else
        ktype = "DH Parameters";

    if (!BIO_indent(bp, indent, 128)
            || BIO_printf(bp, "%s: (%d bit)\n", ktype, DH_bits(x)) <= 0)
        goto err;
    indent += 4;

    if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent))
        goto err;
    if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent))
        goto err;

    if (!ossl_ffc_params_print(bp, &x->params, indent))
        goto err;

    if (x->length != 0) {
        if (!BIO_indent(bp, indent, 128)
                || BIO_printf(bp, "recommended-private-length: %d bits\n",
                              (int)x->length) <= 0)
            goto err;
    }

    return 1;

 err:
    DHerr(DH_F_DO_DH_PRINT, reason);
    return 0;
}

static int int_dh_size(const EVP_PKEY *pkey)
{
    return DH_size(pkey->pkey.dh);
}

static int dh_bits(const EVP_PKEY *pkey)
{
    return DH_bits(pkey->pkey.dh);
}

static int dh_security_bits(const EVP_PKEY *pkey)
{
    return DH_security_bits(pkey->pkey.dh);
}

static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
{
    return ossl_ffc_params_cmp(&a->pkey.dh->params, &a->pkey.dh->params,
                               a->ameth != &dhx_asn1_meth);
}

static int int_dh_param_copy(DH *to, const DH *from, int is_x942)
{
    if (is_x942 == -1)
        is_x942 = (from->params.q != NULL);
    if (!ossl_ffc_params_copy(&to->params, &from->params))
        return 0;
    if (!is_x942)
        to->length = from->length;
    to->dirty_cnt++;
    return 1;
}

DH *DHparams_dup(const DH *dh)
{
    DH *ret;
    ret = DH_new();
    if (ret == NULL)
        return NULL;
    if (!int_dh_param_copy(ret, dh, -1)) {
        DH_free(ret);
        return NULL;
    }
    return ret;
}

static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
{
    if (to->pkey.dh == NULL) {
        to->pkey.dh = DH_new();
        if (to->pkey.dh == NULL)
            return 0;
    }
    return int_dh_param_copy(to->pkey.dh, from->pkey.dh,
                             from->ameth == &dhx_asn1_meth);
}

static int dh_missing_parameters(const EVP_PKEY *a)
{
    return a->pkey.dh == NULL
        || a->pkey.dh->params.p == NULL
        || a->pkey.dh->params.g == NULL;
}

static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
    if (dh_cmp_parameters(a, b) == 0)
        return 0;
    if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
        return 0;
    else
        return 1;
}

static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
                          ASN1_PCTX *ctx)
{
    return do_dh_print(bp, pkey->pkey.dh, indent, 0);
}

static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
                           ASN1_PCTX *ctx)
{
    return do_dh_print(bp, pkey->pkey.dh, indent, 1);
}

static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
                            ASN1_PCTX *ctx)
{
    return do_dh_print(bp, pkey->pkey.dh, indent, 2);
}

int DHparams_print(BIO *bp, const DH *x)
{
    return do_dh_print(bp, x, 4, 0);
}

static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
    switch (op) {
    case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
        return dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1);
    case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
        return dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1);
    default:
        return -2;
    }
}

static int dhx_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
    switch (op) {
    default:
        return -2;
    }

}

static int dh_pkey_public_check(const EVP_PKEY *pkey)
{
    DH *dh = pkey->pkey.dh;

    if (dh->pub_key == NULL) {
        DHerr(DH_F_DH_PKEY_PUBLIC_CHECK, DH_R_MISSING_PUBKEY);
        return 0;
    }

    return DH_check_pub_key_ex(dh, dh->pub_key);
}

static int dh_pkey_param_check(const EVP_PKEY *pkey)
{
    DH *dh = pkey->pkey.dh;

    return DH_check_ex(dh);
}

static size_t dh_pkey_dirty_cnt(const EVP_PKEY *pkey)
{
    return pkey->pkey.dh->dirty_cnt;
}

static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
                             EVP_KEYMGMT *to_keymgmt, OSSL_LIB_CTX *libctx,
                             const char *propq)
{
    DH *dh = from->pkey.dh;
    OSSL_PARAM_BLD *tmpl;
    const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh);
    long l = DH_get_length(dh);
    const BIGNUM *pub_key = DH_get0_pub_key(dh);
    const BIGNUM *priv_key = DH_get0_priv_key(dh);
    OSSL_PARAM *params = NULL;
    int selection = 0;
    int rv = 0;

    /*
     * If the DH method is foreign, then we can't be sure of anything, and
     * can therefore not export or pretend to export.
     */
    if (dh_get_method(dh) != DH_OpenSSL())
        return 0;

    if (p == NULL || g == NULL)
        return 0;

    tmpl = OSSL_PARAM_BLD_new();
    if (tmpl == NULL)
        return 0;
    if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
        || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g))
        goto err;
    if (q != NULL) {
        if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, q))
            goto err;
    }
    selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
    if (l > 0) {
        if (!OSSL_PARAM_BLD_push_long(tmpl, OSSL_PKEY_PARAM_DH_PRIV_LEN, l))
            goto err;
        selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;
    }
    if (pub_key != NULL) {
        if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
            goto err;
        selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
    }
    if (priv_key != NULL) {
        if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
                                    priv_key))
            goto err;
        selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
    }

    if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
        goto err;

    /* We export, the provider imports */
    rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);

    OSSL_PARAM_BLD_free_params(params);
err:
    OSSL_PARAM_BLD_free(tmpl);
    return rv;
}

static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx,
                                    int type)
{
    EVP_PKEY_CTX *pctx = vpctx;
    EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
    DH *dh = dh_new_ex(pctx->libctx);

    if (dh == NULL) {
        ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
    DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX);

    if (!dh_params_fromdata(dh, params)
        || !dh_key_fromdata(dh, params)
        || !EVP_PKEY_assign(pkey, type, dh)) {
        DH_free(dh);
        return 0;
    }
    return 1;
}

static int dh_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
{
    return dh_pkey_import_from_type(params, vpctx, EVP_PKEY_DH);
}

static int dhx_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
{
    return dh_pkey_import_from_type(params, vpctx, EVP_PKEY_DHX);
}

const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
    EVP_PKEY_DH,
    EVP_PKEY_DH,
    0,

    "DH",
    "OpenSSL PKCS#3 DH method",

    dh_pub_decode,
    dh_pub_encode,
    dh_pub_cmp,
    dh_public_print,

    dh_priv_decode,
    dh_priv_encode,
    dh_private_print,

    int_dh_size,
    dh_bits,
    dh_security_bits,

    dh_param_decode,
    dh_param_encode,
    dh_missing_parameters,
    dh_copy_parameters,
    dh_cmp_parameters,
    dh_param_print,
    0,

    int_dh_free,
    dh_pkey_ctrl,

    0, 0, 0, 0, 0,

    0,
    dh_pkey_public_check,
    dh_pkey_param_check,

    0, 0, 0, 0,

    dh_pkey_dirty_cnt,
    dh_pkey_export_to,
    dh_pkey_import_from,
};

const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
    EVP_PKEY_DHX,
    EVP_PKEY_DHX,
    0,

    "X9.42 DH",
    "OpenSSL X9.42 DH method",

    dh_pub_decode,
    dh_pub_encode,
    dh_pub_cmp,
    dh_public_print,

    dh_priv_decode,
    dh_priv_encode,
    dh_private_print,

    int_dh_size,
    dh_bits,
    dh_security_bits,

    dh_param_decode,
    dh_param_encode,
    dh_missing_parameters,
    dh_copy_parameters,
    dh_cmp_parameters,
    dh_param_print,
    0,

    int_dh_free,
    dhx_pkey_ctrl,

    0, 0, 0, 0, 0,

    0,
    dh_pkey_public_check,
    dh_pkey_param_check,
    0, 0, 0, 0,
    dh_pkey_dirty_cnt,
    dh_pkey_export_to,
    dhx_pkey_import_from,
};
Commit	Line	Data
0f113f3e	1	/*
33388b44	2	* Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
adbc603d	3	*
e38873f5	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
aa6bb135 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
adbc603d DSH	8	*/
adbc603d DSH	9
ada66e78 P	10	/*
	11	* DH low level APIs are deprecated for public use, but still ok for
	12	* internal use.
	13	*/
	14	#include "internal/deprecated.h"
	15
adbc603d	16	#include <stdio.h>
adbc603d DSH	17	#include <openssl/x509.h>
adbc603d DSH	18	#include <openssl/asn1.h>
1e26a8ba	19	#include <openssl/bn.h>
8b84b075	20	#include <openssl/core_names.h>
b03ec3b5	21	#include <openssl/param_build.h>
0abae163	22	#include "internal/ffc.h"
0b3a4ef2 MC	23	#include "internal/cryptlib.h"
	24	#include "crypto/asn1.h"
	25	#include "crypto/dh.h"
	26	#include "crypto/evp.h"
	27	#include "dh_local.h"
adbc603d	28
0f113f3e MC	29	/*
	30	* i2d/d2i like DH parameter functions which use the appropriate routine for
	31	* PKCS#3 DH or X9.42 DH.
afb14cda DSH	32	*/
afb14cda DSH	33
0f113f3e MC	34	static DH d2i_dhp(const EVP_PKEY pkey, const unsigned char **pp,
	35	long length)
	36	{
31d2daec SL	37	DH *dh = NULL;
	38	int is_dhx = (pkey->ameth == &dhx_asn1_meth);
	39
	40	if (is_dhx)
	41	dh = d2i_DHxparams(NULL, pp, length);
	42	else
	43	dh = d2i_DHparams(NULL, pp, length);
	44
31d2daec	45	return dh;
0f113f3e	46	}
afb14cda DSH	47
afb14cda DSH	48	static int i2d_dhp(const EVP_PKEY pkey, const DH a, unsigned char **pp)
0f113f3e MC	49	{
	50	if (pkey->ameth == &dhx_asn1_meth)
	51	return i2d_DHxparams(a, pp);
	52	return i2d_DHparams(a, pp);
	53	}
afb14cda	54
adbc603d	55	static void int_dh_free(EVP_PKEY *pkey)
0f113f3e MC	56	{
	57	DH_free(pkey->pkey.dh);
	58	}
adbc603d	59
7674e923	60	static int dh_pub_decode(EVP_PKEY pkey, const X509_PUBKEY pubkey)
0f113f3e MC	61	{
	62	const unsigned char p, pm;
	63	int pklen, pmlen;
	64	int ptype;
ac4e2577 DSH	65	const void *pval;
ac4e2577 DSH	66	const ASN1_STRING *pstr;
0f113f3e MC	67	X509_ALGOR *palg;
	68	ASN1_INTEGER *public_key = NULL;
	69
	70	DH *dh = NULL;
	71
	72	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
	73	return 0;
	74	X509_ALGOR_get0(NULL, &ptype, &pval, palg);
	75
	76	if (ptype != V_ASN1_SEQUENCE) {
	77	DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
	78	goto err;
	79	}
	80
	81	pstr = pval;
	82	pm = pstr->data;
	83	pmlen = pstr->length;
	84
75ebbd9a	85	if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) {
0f113f3e MC	86	DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
	87	goto err;
	88	}
	89
75ebbd9a	90	if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
0f113f3e MC	91	DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
	92	goto err;
	93	}
	94
	95	/* We have parameters now set public key */
75ebbd9a	96	if ((dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
0f113f3e MC	97	DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
	98	goto err;
	99	}
	100
	101	ASN1_INTEGER_free(public_key);
	102	EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
	103	return 1;
	104
	105	err:
2ace7450	106	ASN1_INTEGER_free(public_key);
d6407083	107	DH_free(dh);
0f113f3e	108	return 0;
0f113f3e	109	}
4c97a04e	110
0f113f3e MC	111	static int dh_pub_encode(X509_PUBKEY pk, const EVP_PKEY pkey)
	112	{
	113	DH *dh;
0f113f3e MC	114	int ptype;
	115	unsigned char *penc = NULL;
	116	int penclen;
	117	ASN1_STRING *str;
	118	ASN1_INTEGER *pub_key = NULL;
	119
	120	dh = pkey->pkey.dh;
	121
	122	str = ASN1_STRING_new();
90945fa3	123	if (str == NULL) {
6aa8dab2 MC	124	DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
	125	goto err;
	126	}
0f113f3e MC	127	str->length = i2d_dhp(pkey, dh, &str->data);
	128	if (str->length <= 0) {
	129	DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
	130	goto err;
	131	}
0f113f3e MC	132	ptype = V_ASN1_SEQUENCE;
	133
	134	pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
12a765a5	135	if (pub_key == NULL)
0f113f3e MC	136	goto err;
	137
	138	penclen = i2d_ASN1_INTEGER(pub_key, &penc);
	139
	140	ASN1_INTEGER_free(pub_key);
	141
	142	if (penclen <= 0) {
	143	DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
	144	goto err;
	145	}
	146
	147	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
6aa8dab2	148	ptype, str, penc, penclen))
0f113f3e MC	149	return 1;
	150
	151	err:
b548a1f1	152	OPENSSL_free(penc);
0dfb9398	153	ASN1_STRING_free(str);
0f113f3e MC	154
	155	return 0;
	156	}
4c97a04e	157
0f113f3e MC	158	/*
	159	* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that
	160	* the AlgorithmIdentifier contains the parameters, the private key is
0d4fb843	161	* explicitly included and the pubkey must be recalculated.
0f113f3e	162	*/
4c97a04e	163
245c6bc3	164	static int dh_priv_decode(EVP_PKEY pkey, const PKCS8_PRIV_KEY_INFO p8)
0f113f3e MC	165	{
	166	const unsigned char p, pm;
	167	int pklen, pmlen;
	168	int ptype;
ac4e2577 DSH	169	const void *pval;
ac4e2577 DSH	170	const ASN1_STRING *pstr;
245c6bc3	171	const X509_ALGOR *palg;
0f113f3e	172	ASN1_INTEGER *privkey = NULL;
0f113f3e MC	173	DH *dh = NULL;
	174
	175	if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
	176	return 0;
	177
	178	X509_ALGOR_get0(NULL, &ptype, &pval, palg);
	179
	180	if (ptype != V_ASN1_SEQUENCE)
	181	goto decerr;
75ebbd9a	182	if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
0f113f3e MC	183	goto decerr;
	184
	185	pstr = pval;
	186	pm = pstr->data;
	187	pmlen = pstr->length;
75ebbd9a	188	if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL)
0f113f3e	189	goto decerr;
75ebbd9a	190
0f113f3e	191	/* We have parameters now set private key */
74924dcb RS	192	if ((dh->priv_key = BN_secure_new()) == NULL
74924dcb RS	193	\|\| !ASN1_INTEGER_to_BN(privkey, dh->priv_key)) {
0f113f3e MC	194	DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
	195	goto dherr;
	196	}
8b84b075	197	/* Calculate public key, increments dirty_cnt */
0f113f3e MC	198	if (!DH_generate_key(dh))
	199	goto dherr;
	200
	201	EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
	202
a8ae0891	203	ASN1_STRING_clear_free(privkey);
0f113f3e MC	204
	205	return 1;
	206
	207	decerr:
	208	DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
	209	dherr:
	210	DH_free(dh);
a8ae0891	211	ASN1_STRING_clear_free(privkey);
0f113f3e MC	212	return 0;
0f113f3e MC	213	}
4c97a04e DSH	214
	215	static int dh_priv_encode(PKCS8_PRIV_KEY_INFO p8, const EVP_PKEY pkey)
	216	{
0f113f3e MC	217	ASN1_STRING *params = NULL;
	218	ASN1_INTEGER *prkey = NULL;
	219	unsigned char *dp = NULL;
	220	int dplen;
	221
	222	params = ASN1_STRING_new();
	223
90945fa3	224	if (params == NULL) {
0f113f3e MC	225	DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
	226	goto err;
	227	}
	228
	229	params->length = i2d_dhp(pkey, pkey->pkey.dh, &params->data);
	230	if (params->length <= 0) {
	231	DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
	232	goto err;
	233	}
	234	params->type = V_ASN1_SEQUENCE;
	235
	236	/* Get private key into integer */
	237	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
	238
12a765a5	239	if (prkey == NULL) {
0f113f3e MC	240	DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR);
	241	goto err;
	242	}
	243
	244	dplen = i2d_ASN1_INTEGER(prkey, &dp);
	245
a8ae0891	246	ASN1_STRING_clear_free(prkey);
1549a265	247	prkey = NULL;
0f113f3e MC	248
	249	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
	250	V_ASN1_SEQUENCE, params, dp, dplen))
	251	goto err;
	252
	253	return 1;
	254
	255	err:
b548a1f1	256	OPENSSL_free(dp);
0dfb9398	257	ASN1_STRING_free(params);
2ace7450	258	ASN1_STRING_clear_free(prkey);
0f113f3e	259	return 0;
4c97a04e DSH	260	}
4c97a04e DSH	261
3e4585c8	262	static int dh_param_decode(EVP_PKEY *pkey,
0f113f3e MC	263	const unsigned char **pder, int derlen)
	264	{
	265	DH *dh;
75ebbd9a	266
29844ea5	267	if ((dh = d2i_dhp(pkey, pder, derlen)) == NULL)
0f113f3e	268	return 0;
8b84b075	269	dh->dirty_cnt++;
0f113f3e MC	270	EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
	271	return 1;
	272	}
3e4585c8 DSH	273
3e4585c8 DSH	274	static int dh_param_encode(const EVP_PKEY pkey, unsigned char *pder)
0f113f3e MC	275	{
	276	return i2d_dhp(pkey, pkey->pkey.dh, pder);
	277	}
3e4585c8	278
a773b52a	279	static int do_dh_print(BIO bp, const DH x, int indent, int ptype)
0f113f3e	280	{
66696478	281	int reason = ERR_R_BUF_LIB;
0f113f3e	282	const char *ktype = NULL;
0f113f3e MC	283	BIGNUM priv_key, pub_key;
	284
	285	if (ptype == 2)
	286	priv_key = x->priv_key;
	287	else
	288	priv_key = NULL;
	289
	290	if (ptype > 0)
	291	pub_key = x->pub_key;
	292	else
	293	pub_key = NULL;
	294
dc8de3e6	295	if (x->params.p == NULL \|\| (ptype == 2 && priv_key == NULL)
1d54ef34	296	\|\| (ptype > 0 && pub_key == NULL)) {
0f113f3e MC	297	reason = ERR_R_PASSED_NULL_PARAMETER;
	298	goto err;
	299	}
	300
0f113f3e MC	301	if (ptype == 2)
	302	ktype = "DH Private-Key";
	303	else if (ptype == 1)
	304	ktype = "DH Public-Key";
	305	else
	306	ktype = "DH Parameters";
	307
756f5c6c	308	if (!BIO_indent(bp, indent, 128)
dc8de3e6	309	\|\| BIO_printf(bp, "%s: (%d bit)\n", ktype, DH_bits(x)) <= 0)
0f113f3e MC	310	goto err;
	311	indent += 4;
	312
a773b52a	313	if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent))
0f113f3e	314	goto err;
a773b52a	315	if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent))
0f113f3e MC	316	goto err;
0f113f3e MC	317
5357c106	318	if (!ossl_ffc_params_print(bp, &x->params, indent))
0f113f3e	319	goto err;
756f5c6c	320
0f113f3e	321	if (x->length != 0) {
756f5c6c P	322	if (!BIO_indent(bp, indent, 128)
	323	\|\| BIO_printf(bp, "recommended-private-length: %d bits\n",
	324	(int)x->length) <= 0)
0f113f3e MC	325	goto err;
	326	}
	327
66696478 RS	328	return 1;
66696478 RS	329
0f113f3e	330	err:
66696478	331	DHerr(DH_F_DO_DH_PRINT, reason);
66696478	332	return 0;
0f113f3e	333	}
3e4585c8	334
ceb46789	335	static int int_dh_size(const EVP_PKEY *pkey)
0f113f3e	336	{
26a7d938	337	return DH_size(pkey->pkey.dh);
0f113f3e	338	}
ceb46789 DSH	339
ceb46789 DSH	340	static int dh_bits(const EVP_PKEY *pkey)
0f113f3e	341	{
dc8de3e6	342	return DH_bits(pkey->pkey.dh);
0f113f3e	343	}
ceb46789	344
2514fa79	345	static int dh_security_bits(const EVP_PKEY *pkey)
0f113f3e MC	346	{
	347	return DH_security_bits(pkey->pkey.dh);
	348	}
2514fa79	349
ffb1ac67	350	static int dh_cmp_parameters(const EVP_PKEY a, const EVP_PKEY b)
0f113f3e	351	{
5357c106 P	352	return ossl_ffc_params_cmp(&a->pkey.dh->params, &a->pkey.dh->params,
5357c106 P	353	a->ameth != &dhx_asn1_meth);
0f113f3e	354	}
ceb46789	355
d3cc91ee	356	static int int_dh_param_copy(DH to, const DH from, int is_x942)
0f113f3e MC	357	{
0f113f3e MC	358	if (is_x942 == -1)
dc8de3e6	359	is_x942 = (from->params.q != NULL);
5357c106	360	if (!ossl_ffc_params_copy(&to->params, &from->params))
0f113f3e	361	return 0;
dc8de3e6	362	if (!is_x942)
0f113f3e	363	to->length = from->length;
8b84b075	364	to->dirty_cnt++;
0f113f3e MC	365	return 1;
0f113f3e MC	366	}
d3cc91ee	367
9fdcc21f	368	DH DHparams_dup(const DH dh)
0f113f3e MC	369	{
	370	DH *ret;
	371	ret = DH_new();
90945fa3	372	if (ret == NULL)
0f113f3e MC	373	return NULL;
	374	if (!int_dh_param_copy(ret, dh, -1)) {
	375	DH_free(ret);
	376	return NULL;
	377	}
	378	return ret;
	379	}
d3cc91ee DSH	380
d3cc91ee DSH	381	static int dh_copy_parameters(EVP_PKEY to, const EVP_PKEY from)
0f113f3e	382	{
2986ecdc DSH	383	if (to->pkey.dh == NULL) {
	384	to->pkey.dh = DH_new();
	385	if (to->pkey.dh == NULL)
	386	return 0;
	387	}
0f113f3e MC	388	return int_dh_param_copy(to->pkey.dh, from->pkey.dh,
	389	from->ameth == &dhx_asn1_meth);
	390	}
d3cc91ee	391
ffb1ac67	392	static int dh_missing_parameters(const EVP_PKEY *a)
0f113f3e	393	{
dc8de3e6 SL	394	return a->pkey.dh == NULL
	395	\|\| a->pkey.dh->params.p == NULL
	396	\|\| a->pkey.dh->params.g == NULL;
0f113f3e	397	}
ceb46789 DSH	398
ceb46789 DSH	399	static int dh_pub_cmp(const EVP_PKEY a, const EVP_PKEY b)
0f113f3e MC	400	{
	401	if (dh_cmp_parameters(a, b) == 0)
	402	return 0;
	403	if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
	404	return 0;
	405	else
	406	return 1;
	407	}
ceb46789	408
3e4585c8	409	static int dh_param_print(BIO bp, const EVP_PKEY pkey, int indent,
0f113f3e MC	410	ASN1_PCTX *ctx)
0f113f3e MC	411	{
a773b52a	412	return do_dh_print(bp, pkey->pkey.dh, indent, 0);
0f113f3e	413	}
ceb46789 DSH	414
ceb46789 DSH	415	static int dh_public_print(BIO bp, const EVP_PKEY pkey, int indent,
0f113f3e MC	416	ASN1_PCTX *ctx)
0f113f3e MC	417	{
a773b52a	418	return do_dh_print(bp, pkey->pkey.dh, indent, 1);
0f113f3e	419	}
ceb46789 DSH	420
ceb46789 DSH	421	static int dh_private_print(BIO bp, const EVP_PKEY pkey, int indent,
0f113f3e MC	422	ASN1_PCTX *ctx)
0f113f3e MC	423	{
a773b52a	424	return do_dh_print(bp, pkey->pkey.dh, indent, 2);
0f113f3e	425	}
3e4585c8 DSH	426
3e4585c8 DSH	427	int DHparams_print(BIO bp, const DH x)
0f113f3e	428	{
a773b52a	429	return do_dh_print(bp, x, 4, 0);
0f113f3e	430	}
3e4585c8	431
bd59f2b9	432	static int dh_pkey_ctrl(EVP_PKEY pkey, int op, long arg1, void arg2)
9aaecbfc	433	{
	434	switch (op) {
	435	case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
	436	return dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1);
	437	case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
6a9bd929	438	return dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1);
9aaecbfc	439	default:
	440	return -2;
	441	}
	442	}
	443
	444	static int dhx_pkey_ctrl(EVP_PKEY pkey, int op, long arg1, void arg2)
0f113f3e MC	445	{
0f113f3e MC	446	switch (op) {
0f113f3e MC	447	default:
	448	return -2;
	449	}
	450
	451	}
	452
b0004708 PY	453	static int dh_pkey_public_check(const EVP_PKEY *pkey)
	454	{
	455	DH *dh = pkey->pkey.dh;
	456
	457	if (dh->pub_key == NULL) {
	458	DHerr(DH_F_DH_PKEY_PUBLIC_CHECK, DH_R_MISSING_PUBKEY);
	459	return 0;
	460	}
	461
	462	return DH_check_pub_key_ex(dh, dh->pub_key);
	463	}
	464
	465	static int dh_pkey_param_check(const EVP_PKEY *pkey)
	466	{
	467	DH *dh = pkey->pkey.dh;
	468
	469	return DH_check_ex(dh);
	470	}
	471
8b84b075 RL	472	static size_t dh_pkey_dirty_cnt(const EVP_PKEY *pkey)
	473	{
	474	return pkey->pkey.dh->dirty_cnt;
	475	}
	476
b305452f	477	static int dh_pkey_export_to(const EVP_PKEY from, void to_keydata,
b4250010	478	EVP_KEYMGMT to_keymgmt, OSSL_LIB_CTX libctx,
76e23fc5	479	const char *propq)
8b84b075	480	{
b305452f	481	DH *dh = from->pkey.dh;
6d4e6009	482	OSSL_PARAM_BLD *tmpl;
8b84b075	483	const BIGNUM p = DH_get0_p(dh), g = DH_get0_g(dh), *q = DH_get0_q(dh);
0ba71d6a	484	long l = DH_get_length(dh);
8b84b075 RL	485	const BIGNUM *pub_key = DH_get0_pub_key(dh);
8b84b075 RL	486	const BIGNUM *priv_key = DH_get0_priv_key(dh);
6d4e6009	487	OSSL_PARAM *params = NULL;
0996cff9	488	int selection = 0;
6d4e6009	489	int rv = 0;
8b84b075	490
df13defd RL	491	/*
	492	* If the DH method is foreign, then we can't be sure of anything, and
	493	* can therefore not export or pretend to export.
	494	*/
	495	if (dh_get_method(dh) != DH_OpenSSL())
	496	return 0;
	497
21fb7067	498	if (p == NULL \|\| g == NULL)
b305452f	499	return 0;
8b84b075	500
6d4e6009 P	501	tmpl = OSSL_PARAM_BLD_new();
6d4e6009 P	502	if (tmpl == NULL)
b305452f	503	return 0;
6d4e6009 P	504	if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
	505	\|\| !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g))
	506	goto err;
8b84b075	507	if (q != NULL) {
6d4e6009 P	508	if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, q))
6d4e6009 P	509	goto err;
8b84b075	510	}
0996cff9	511	selection \|= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
0ba71d6a RL	512	if (l > 0) {
	513	if (!OSSL_PARAM_BLD_push_long(tmpl, OSSL_PKEY_PARAM_DH_PRIV_LEN, l))
	514	goto err;
	515	selection \|= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;
	516	}
0996cff9	517	if (pub_key != NULL) {
6d4e6009 P	518	if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
6d4e6009 P	519	goto err;
0996cff9 RL	520	selection \|= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
0996cff9 RL	521	}
b305452f	522	if (priv_key != NULL) {
6d4e6009	523	if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
b305452f	524	priv_key))
6d4e6009	525	goto err;
0996cff9	526	selection \|= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
8b84b075 RL	527	}
8b84b075 RL	528
6d4e6009 P	529	if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
6d4e6009 P	530	goto err;
8b84b075 RL	531
8b84b075 RL	532	/* We export, the provider imports */
0996cff9	533	rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
8b84b075	534
6d4e6009 P	535	OSSL_PARAM_BLD_free_params(params);
	536	err:
	537	OSSL_PARAM_BLD_free(tmpl);
b305452f	538	return rv;
8b84b075 RL	539	}
8b84b075 RL	540
31d2daec SL	541	static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx,
31d2daec SL	542	int type)
0abae163	543	{
629c72db MC	544	EVP_PKEY_CTX *pctx = vpctx;
629c72db MC	545	EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
d8652be0	546	DH *dh = dh_new_ex(pctx->libctx);
0abae163 RL	547
	548	if (dh == NULL) {
	549	ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
	550	return 0;
	551	}
d135774e SL	552	DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
d135774e SL	553	DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX);
0abae163	554
0ba71d6a	555	if (!dh_params_fromdata(dh, params)
0abae163	556	\|\| !dh_key_fromdata(dh, params)
31d2daec	557	\|\| !EVP_PKEY_assign(pkey, type, dh)) {
0abae163 RL	558	DH_free(dh);
	559	return 0;
	560	}
	561	return 1;
	562	}
	563
31d2daec SL	564	static int dh_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
	565	{
	566	return dh_pkey_import_from_type(params, vpctx, EVP_PKEY_DH);
	567	}
	568
	569	static int dhx_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
	570	{
	571	return dh_pkey_import_from_type(params, vpctx, EVP_PKEY_DHX);
	572	}
	573
0f113f3e MC	574	const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
	575	EVP_PKEY_DH,
	576	EVP_PKEY_DH,
	577	0,
	578
	579	"DH",
	580	"OpenSSL PKCS#3 DH method",
	581
	582	dh_pub_decode,
	583	dh_pub_encode,
	584	dh_pub_cmp,
	585	dh_public_print,
	586
	587	dh_priv_decode,
	588	dh_priv_encode,
	589	dh_private_print,
	590
	591	int_dh_size,
	592	dh_bits,
	593	dh_security_bits,
	594
	595	dh_param_decode,
	596	dh_param_encode,
	597	dh_missing_parameters,
	598	dh_copy_parameters,
	599	dh_cmp_parameters,
	600	dh_param_print,
	601	0,
	602
	603	int_dh_free,
9aaecbfc	604	dh_pkey_ctrl,
b0004708 PY	605
	606	0, 0, 0, 0, 0,
	607
	608	0,
	609	dh_pkey_public_check,
8b84b075 RL	610	dh_pkey_param_check,
	611
	612	0, 0, 0, 0,
	613
	614	dh_pkey_dirty_cnt,
	615	dh_pkey_export_to,
0abae163	616	dh_pkey_import_from,
0f113f3e MC	617	};
	618
	619	const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
	620	EVP_PKEY_DHX,
	621	EVP_PKEY_DHX,
	622	0,
	623
	624	"X9.42 DH",
	625	"OpenSSL X9.42 DH method",
	626
	627	dh_pub_decode,
	628	dh_pub_encode,
	629	dh_pub_cmp,
	630	dh_public_print,
	631
	632	dh_priv_decode,
	633	dh_priv_encode,
	634	dh_private_print,
	635
	636	int_dh_size,
	637	dh_bits,
	638	dh_security_bits,
	639
	640	dh_param_decode,
	641	dh_param_encode,
	642	dh_missing_parameters,
	643	dh_copy_parameters,
	644	dh_cmp_parameters,
	645	dh_param_print,
	646	0,
	647
	648	int_dh_free,
9aaecbfc	649	dhx_pkey_ctrl,
b0004708 PY	650
	651	0, 0, 0, 0, 0,
	652
	653	0,
	654	dh_pkey_public_check,
31d2daec SL	655	dh_pkey_param_check,
	656	0, 0, 0, 0,
	657	dh_pkey_dirty_cnt,
	658	dh_pkey_export_to,
	659	dhx_pkey_import_from,
0f113f3e	660	};