[thirdparty/openssl.git] / include / internal / ffc.h

/*
 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#ifndef OSSL_INTERNAL_FFC_H
# define OSSL_INTERNAL_FFC_H
# pragma once

# include <openssl/core.h>
# include <openssl/bn.h>
# include <openssl/evp.h>
# include <openssl/dh.h> /* Uses Error codes from DH */
# include <openssl/params.h>
# include <openssl/param_build.h>
# include "internal/sizes.h"

/* Default value for gindex when canonical generation of g is not used */
# define FFC_UNVERIFIABLE_GINDEX -1

/* The different types of FFC keys */
# define FFC_PARAM_TYPE_DSA  0
# define FFC_PARAM_TYPE_DH   1

/*
 * The mode used by functions that share code for both generation and
 * verification. See ossl_ffc_params_FIPS186_4_gen_verify().
 */
#define FFC_PARAM_MODE_VERIFY   0
#define FFC_PARAM_MODE_GENERATE 1

/* Return codes for generation and validation of FFC parameters */
#define FFC_PARAM_RET_STATUS_FAILED         0
#define FFC_PARAM_RET_STATUS_SUCCESS        1
/* Returned if validating and g is only partially verifiable */
#define FFC_PARAM_RET_STATUS_UNVERIFIABLE_G 2

/* Validation flags */
# define FFC_PARAM_FLAG_VALIDATE_PQ    0x01
# define FFC_PARAM_FLAG_VALIDATE_G     0x02
# define FFC_PARAM_FLAG_VALIDATE_ALL                                           \
    (FFC_PARAM_FLAG_VALIDATE_PQ | FFC_PARAM_FLAG_VALIDATE_G)
#define FFC_PARAM_FLAG_VALIDATE_LEGACY 0x04

/*
 * NB: These values must align with the equivalently named macros in
 * openssl/dh.h. We cannot use those macros here in case DH has been disabled.
 */
# define FFC_CHECK_P_NOT_PRIME                0x00001
# define FFC_CHECK_P_NOT_SAFE_PRIME           0x00002
# define FFC_CHECK_UNKNOWN_GENERATOR          0x00004
# define FFC_CHECK_NOT_SUITABLE_GENERATOR     0x00008
# define FFC_CHECK_Q_NOT_PRIME                0x00010
# define FFC_CHECK_INVALID_Q_VALUE            0x00020
# define FFC_CHECK_INVALID_J_VALUE            0x00040

# define FFC_CHECK_BAD_LN_PAIR                0x00080
# define FFC_CHECK_INVALID_SEED_SIZE          0x00100
# define FFC_CHECK_MISSING_SEED_OR_COUNTER    0x00200
# define FFC_CHECK_INVALID_G                  0x00400
# define FFC_CHECK_INVALID_PQ                 0x00800
# define FFC_CHECK_INVALID_COUNTER            0x01000
# define FFC_CHECK_P_MISMATCH                 0x02000
# define FFC_CHECK_Q_MISMATCH                 0x04000
# define FFC_CHECK_G_MISMATCH                 0x08000
# define FFC_CHECK_COUNTER_MISMATCH           0x10000

/* Validation Return codes */
# define FFC_ERROR_PUBKEY_TOO_SMALL       0x01
# define FFC_ERROR_PUBKEY_TOO_LARGE       0x02
# define FFC_ERROR_PUBKEY_INVALID         0x04
# define FFC_ERROR_NOT_SUITABLE_GENERATOR 0x08
# define FFC_ERROR_PRIVKEY_TOO_SMALL      0x10
# define FFC_ERROR_PRIVKEY_TOO_LARGE      0x20

/*
 * Finite field cryptography (FFC) domain parameters are used by DH and DSA.
 * Refer to FIPS186_4 Appendix A & B.
 */
typedef struct ffc_params_st {
    /* Primes */
    BIGNUM *p;
    BIGNUM *q;
    /* Generator */
    BIGNUM *g;
    /* DH X9.42 Optional Subgroup factor j >= 2 where p = j * q + 1 */
    BIGNUM *j;

    /* Required for FIPS186_4 validation of p, q and optionally canonical g */
    unsigned char *seed;
    /* If this value is zero the hash size is used as the seed length */
    size_t seedlen;
    /* Required for FIPS186_4 validation of p and q */
    int pcounter;
    int nid; /* The identity of a named group */

    /*
     * Required for FIPS186_4 generation & validation of canonical g.
     * It uses unverifiable g if this value is -1.
     */
    int gindex;
    int h; /* loop counter for unverifiable g */

    unsigned int flags; /* See FFC_PARAM_FLAG_VALIDATE_ALL */
    /*
     * The digest to use for generation or validation. If this value is NULL,
     * then the digest is chosen using the value of N.
     */
    const char *mdname;
    const char *mdprops;
} FFC_PARAMS;

void ossl_ffc_params_init(FFC_PARAMS *params);
void ossl_ffc_params_cleanup(FFC_PARAMS *params);
void ossl_ffc_params_set0_pqg(FFC_PARAMS *params, BIGNUM *p, BIGNUM *q,
                              BIGNUM *g);
void ossl_ffc_params_get0_pqg(const FFC_PARAMS *params, const BIGNUM **p,
                              const BIGNUM **q, const BIGNUM **g);
void ossl_ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j);
int ossl_ffc_params_set_seed(FFC_PARAMS *params,
                             const unsigned char *seed, size_t seedlen);
void ossl_ffc_params_set_gindex(FFC_PARAMS *params, int index);
void ossl_ffc_params_set_pcounter(FFC_PARAMS *params, int index);
void ossl_ffc_params_set_h(FFC_PARAMS *params, int index);
void ossl_ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags);
void ossl_ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags,
                                  int enable);
int ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props);

int ossl_ffc_params_set_validate_params(FFC_PARAMS *params,
                                        const unsigned char *seed,
                                        size_t seedlen, int counter);
void ossl_ffc_params_get_validate_params(const FFC_PARAMS *params,
                                         unsigned char **seed, size_t *seedlen,
                                         int *pcounter);

int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src);
int ossl_ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q);

#ifndef FIPS_MODULE
int ossl_ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent);
#endif /* FIPS_MODULE */


int ossl_ffc_params_FIPS186_4_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params,
                                       int type, size_t L, size_t N,
                                       int *res, BN_GENCB *cb);
int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params,
                                       int type, size_t L, size_t N,
                                       int *res, BN_GENCB *cb);

int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx,
                                         FFC_PARAMS *params, int mode, int type,
                                         size_t L, size_t N, int *res,
                                         BN_GENCB *cb);
int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx,
                                         FFC_PARAMS *params, int mode, int type,
                                         size_t L, size_t N, int *res,
                                         BN_GENCB *cb);

int ossl_ffc_params_simple_validate(OSSL_LIB_CTX *libctx,
                                    const FFC_PARAMS *params,
                                    int paramstype, int *res);
int ossl_ffc_params_full_validate(OSSL_LIB_CTX *libctx,
                                  const FFC_PARAMS *params,
                                  int paramstype, int *res);
int ossl_ffc_params_FIPS186_4_validate(OSSL_LIB_CTX *libctx,
                                       const FFC_PARAMS *params,
                                       int type, int *res, BN_GENCB *cb);
int ossl_ffc_params_FIPS186_2_validate(OSSL_LIB_CTX *libctx,
                                       const FFC_PARAMS *params,
                                       int type, int *res, BN_GENCB *cb);

int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params,
                                  int N, int s, BIGNUM *priv);

int ossl_ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont,
                                            const BIGNUM *p, const BIGNUM *q,
                                            const BIGNUM *g, BIGNUM *tmp,
                                            int *ret);

int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
                                 const BIGNUM *pub_key, int *ret);
int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
                                         const BIGNUM *pub_key, int *ret);
int ossl_ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv_key,
                                 int *ret);

int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *tmpl,
                           OSSL_PARAM params[]);
int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]);

typedef struct dh_named_group_st DH_NAMED_GROUP;
const DH_NAMED_GROUP *ossl_ffc_name_to_dh_named_group(const char *name);
const DH_NAMED_GROUP *ossl_ffc_uid_to_dh_named_group(int uid);
#ifndef OPENSSL_NO_DH
const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p,
                                                         const BIGNUM *q,
                                                         const BIGNUM *g);
#endif
int ossl_ffc_named_group_get_uid(const DH_NAMED_GROUP *group);
const char *ossl_ffc_named_group_get_name(const DH_NAMED_GROUP *);
#ifndef OPENSSL_NO_DH
const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group);
int ossl_ffc_named_group_set_pqg(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group);
#endif

const char *ossl_ffc_params_flags_to_name(int flags);
int ossl_ffc_params_flags_from_name(const char *name);

#endif /* OSSL_INTERNAL_FFC_H */
Commit	Line	Data
dc8de3e6	1	/*
a28d06f3	2	* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
dc8de3e6 SL	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#ifndef OSSL_INTERNAL_FFC_H
	11	# define OSSL_INTERNAL_FFC_H
3a111aad	12	# pragma once
dc8de3e6	13
0abae163	14	# include <openssl/core.h>
dc8de3e6	15	# include <openssl/bn.h>
f11f86f6 SL	16	# include <openssl/evp.h>
f11f86f6 SL	17	# include <openssl/dh.h> /* Uses Error codes from DH */
b03ec3b5 SL	18	# include <openssl/params.h>
b03ec3b5 SL	19	# include <openssl/param_build.h>
4f2271d5	20	# include "internal/sizes.h"
f11f86f6 SL	21
	22	/* Default value for gindex when canonical generation of g is not used */
	23	# define FFC_UNVERIFIABLE_GINDEX -1
	24
	25	/* The different types of FFC keys */
	26	# define FFC_PARAM_TYPE_DSA 0
	27	# define FFC_PARAM_TYPE_DH 1
	28
4f2271d5 SL	29	/*
4f2271d5 SL	30	* The mode used by functions that share code for both generation and
5357c106	31	* verification. See ossl_ffc_params_FIPS186_4_gen_verify().
4f2271d5 SL	32	*/
	33	#define FFC_PARAM_MODE_VERIFY 0
	34	#define FFC_PARAM_MODE_GENERATE 1
	35
f11f86f6	36	/* Return codes for generation and validation of FFC parameters */
4f2271d5 SL	37	#define FFC_PARAM_RET_STATUS_FAILED 0
4f2271d5 SL	38	#define FFC_PARAM_RET_STATUS_SUCCESS 1
f11f86f6	39	/* Returned if validating and g is only partially verifiable */
4f2271d5	40	#define FFC_PARAM_RET_STATUS_UNVERIFIABLE_G 2
f11f86f6 SL	41
f11f86f6 SL	42	/* Validation flags */
38145fba SL	43	# define FFC_PARAM_FLAG_VALIDATE_PQ 0x01
38145fba SL	44	# define FFC_PARAM_FLAG_VALIDATE_G 0x02
4f2271d5 SL	45	# define FFC_PARAM_FLAG_VALIDATE_ALL \
4f2271d5 SL	46	(FFC_PARAM_FLAG_VALIDATE_PQ \| FFC_PARAM_FLAG_VALIDATE_G)
38145fba	47	#define FFC_PARAM_FLAG_VALIDATE_LEGACY 0x04
f11f86f6	48
92dcfb79 MC	49	/*
	50	* NB: These values must align with the equivalently named macros in
	51	* openssl/dh.h. We cannot use those macros here in case DH has been disabled.
	52	*/
	53	# define FFC_CHECK_P_NOT_PRIME 0x00001
	54	# define FFC_CHECK_P_NOT_SAFE_PRIME 0x00002
	55	# define FFC_CHECK_UNKNOWN_GENERATOR 0x00004
	56	# define FFC_CHECK_NOT_SUITABLE_GENERATOR 0x00008
	57	# define FFC_CHECK_Q_NOT_PRIME 0x00010
	58	# define FFC_CHECK_INVALID_Q_VALUE 0x00020
	59	# define FFC_CHECK_INVALID_J_VALUE 0x00040
	60
f11f86f6 SL	61	# define FFC_CHECK_BAD_LN_PAIR 0x00080
	62	# define FFC_CHECK_INVALID_SEED_SIZE 0x00100
	63	# define FFC_CHECK_MISSING_SEED_OR_COUNTER 0x00200
	64	# define FFC_CHECK_INVALID_G 0x00400
	65	# define FFC_CHECK_INVALID_PQ 0x00800
	66	# define FFC_CHECK_INVALID_COUNTER 0x01000
	67	# define FFC_CHECK_P_MISMATCH 0x02000
	68	# define FFC_CHECK_Q_MISMATCH 0x04000
	69	# define FFC_CHECK_G_MISMATCH 0x08000
	70	# define FFC_CHECK_COUNTER_MISMATCH 0x10000
dc8de3e6	71
8083fd3a SL	72	/* Validation Return codes */
	73	# define FFC_ERROR_PUBKEY_TOO_SMALL 0x01
	74	# define FFC_ERROR_PUBKEY_TOO_LARGE 0x02
	75	# define FFC_ERROR_PUBKEY_INVALID 0x04
	76	# define FFC_ERROR_NOT_SUITABLE_GENERATOR 0x08
	77	# define FFC_ERROR_PRIVKEY_TOO_SMALL 0x10
	78	# define FFC_ERROR_PRIVKEY_TOO_LARGE 0x20
	79
dc8de3e6 SL	80	/*
	81	* Finite field cryptography (FFC) domain parameters are used by DH and DSA.
	82	* Refer to FIPS186_4 Appendix A & B.
	83	*/
	84	typedef struct ffc_params_st {
	85	/* Primes */
	86	BIGNUM *p;
	87	BIGNUM *q;
	88	/* Generator */
	89	BIGNUM *g;
	90	/* DH X9.42 Optional Subgroup factor j >= 2 where p = j * q + 1 */
	91	BIGNUM *j;
	92
	93	/* Required for FIPS186_4 validation of p, q and optionally canonical g */
	94	unsigned char *seed;
	95	/* If this value is zero the hash size is used as the seed length */
	96	size_t seedlen;
	97	/* Required for FIPS186_4 validation of p and q */
	98	int pcounter;
ca2bf555	99	int nid; /* The identity of a named group */
dc8de3e6	100
f11f86f6 SL	101	/*
	102	* Required for FIPS186_4 generation & validation of canonical g.
	103	* It uses unverifiable g if this value is -1.
	104	*/
	105	int gindex;
	106	int h; /* loop counter for unverifiable g */
4f2271d5 SL	107
	108	unsigned int flags; /* See FFC_PARAM_FLAG_VALIDATE_ALL */
	109	/*
	110	* The digest to use for generation or validation. If this value is NULL,
	111	* then the digest is chosen using the value of N.
	112	*/
	113	const char *mdname;
	114	const char *mdprops;
dc8de3e6 SL	115	} FFC_PARAMS;
dc8de3e6 SL	116
5357c106 P	117	void ossl_ffc_params_init(FFC_PARAMS *params);
	118	void ossl_ffc_params_cleanup(FFC_PARAMS *params);
	119	void ossl_ffc_params_set0_pqg(FFC_PARAMS params, BIGNUM p, BIGNUM *q,
	120	BIGNUM *g);
	121	void ossl_ffc_params_get0_pqg(const FFC_PARAMS params, const BIGNUM *p,
	122	const BIGNUM q, const BIGNUM g);
	123	void ossl_ffc_params_set0_j(FFC_PARAMS d, BIGNUM j);
	124	int ossl_ffc_params_set_seed(FFC_PARAMS *params,
	125	const unsigned char *seed, size_t seedlen);
	126	void ossl_ffc_params_set_gindex(FFC_PARAMS *params, int index);
	127	void ossl_ffc_params_set_pcounter(FFC_PARAMS *params, int index);
	128	void ossl_ffc_params_set_h(FFC_PARAMS *params, int index);
	129	void ossl_ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags);
	130	void ossl_ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags,
	131	int enable);
	132	int ossl_ffc_set_digest(FFC_PARAMS params, const char alg, const char *props);
	133
	134	int ossl_ffc_params_set_validate_params(FFC_PARAMS *params,
	135	const unsigned char *seed,
	136	size_t seedlen, int counter);
	137	void ossl_ffc_params_get_validate_params(const FFC_PARAMS *params,
	138	unsigned char *seed, size_t seedlen,
	139	int *pcounter);
	140
	141	int ossl_ffc_params_copy(FFC_PARAMS dst, const FFC_PARAMS src);
	142	int ossl_ffc_params_cmp(const FFC_PARAMS a, const FFC_PARAMS b, int ignore_q);
dc8de3e6	143
f844f9eb	144	#ifndef FIPS_MODULE
5357c106	145	int ossl_ffc_params_print(BIO bp, const FFC_PARAMS ffc, int indent);
f844f9eb	146	#endif /* FIPS_MODULE */
dc8de3e6	147
f11f86f6	148
b4250010	149	int ossl_ffc_params_FIPS186_4_generate(OSSL_LIB_CTX libctx, FFC_PARAMS params,
5357c106 P	150	int type, size_t L, size_t N,
5357c106 P	151	int res, BN_GENCB cb);
b4250010	152	int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX libctx, FFC_PARAMS params,
5357c106 P	153	int type, size_t L, size_t N,
	154	int res, BN_GENCB cb);
	155
b4250010	156	int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx,
5357c106 P	157	FFC_PARAMS *params, int mode, int type,
	158	size_t L, size_t N, int *res,
	159	BN_GENCB *cb);
b4250010	160	int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx,
5357c106 P	161	FFC_PARAMS *params, int mode, int type,
	162	size_t L, size_t N, int *res,
	163	BN_GENCB *cb);
	164
ba37b820 TM	165	int ossl_ffc_params_simple_validate(OSSL_LIB_CTX *libctx,
	166	const FFC_PARAMS *params,
	167	int paramstype, int *res);
	168	int ossl_ffc_params_full_validate(OSSL_LIB_CTX *libctx,
	169	const FFC_PARAMS *params,
	170	int paramstype, int *res);
b4250010	171	int ossl_ffc_params_FIPS186_4_validate(OSSL_LIB_CTX *libctx,
5357c106 P	172	const FFC_PARAMS *params,
5357c106 P	173	int type, int res, BN_GENCB cb);
b4250010	174	int ossl_ffc_params_FIPS186_2_validate(OSSL_LIB_CTX *libctx,
5357c106 P	175	const FFC_PARAMS *params,
	176	int type, int res, BN_GENCB cb);
	177
	178	int ossl_ffc_generate_private_key(BN_CTX ctx, const FFC_PARAMS params,
	179	int N, int s, BIGNUM *priv);
	180
	181	int ossl_ffc_params_validate_unverifiable_g(BN_CTX ctx, BN_MONT_CTX mont,
	182	const BIGNUM p, const BIGNUM q,
	183	const BIGNUM g, BIGNUM tmp,
	184	int *ret);
	185
	186	int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
	187	const BIGNUM pub_key, int ret);
	188	int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
	189	const BIGNUM pub_key, int ret);
	190	int ossl_ffc_validate_private_key(const BIGNUM upper, const BIGNUM priv_key,
	191	int *ret);
	192
	193	int ossl_ffc_params_todata(const FFC_PARAMS ffc, OSSL_PARAM_BLD tmpl,
	194	OSSL_PARAM params[]);
	195	int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]);
c829c23b RL	196
	197	typedef struct dh_named_group_st DH_NAMED_GROUP;
	198	const DH_NAMED_GROUP ossl_ffc_name_to_dh_named_group(const char name);
	199	const DH_NAMED_GROUP *ossl_ffc_uid_to_dh_named_group(int uid);
	200	#ifndef OPENSSL_NO_DH
	201	const DH_NAMED_GROUP ossl_ffc_numbers_to_dh_named_group(const BIGNUM p,
	202	const BIGNUM *q,
	203	const BIGNUM *g);
	204	#endif
	205	int ossl_ffc_named_group_get_uid(const DH_NAMED_GROUP *group);
	206	const char ossl_ffc_named_group_get_name(const DH_NAMED_GROUP );
	207	#ifndef OPENSSL_NO_DH
	208	const BIGNUM ossl_ffc_named_group_get_q(const DH_NAMED_GROUP group);
	209	int ossl_ffc_named_group_set_pqg(FFC_PARAMS ffc, const DH_NAMED_GROUP group);
	210	#endif
	211
5357c106 P	212	const char *ossl_ffc_params_flags_to_name(int flags);
5357c106 P	213	int ossl_ffc_params_flags_from_name(const char *name);
0abae163	214
dc8de3e6	215	#endif /* OSSL_INTERNAL_FFC_H */