]>
Commit | Line | Data |
---|---|---|
dc8de3e6 | 1 | /* |
a28d06f3 | 2 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. |
dc8de3e6 SL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #ifndef OSSL_INTERNAL_FFC_H | |
11 | # define OSSL_INTERNAL_FFC_H | |
3a111aad | 12 | # pragma once |
dc8de3e6 | 13 | |
0abae163 | 14 | # include <openssl/core.h> |
dc8de3e6 | 15 | # include <openssl/bn.h> |
f11f86f6 SL |
16 | # include <openssl/evp.h> |
17 | # include <openssl/dh.h> /* Uses Error codes from DH */ | |
b03ec3b5 SL |
18 | # include <openssl/params.h> |
19 | # include <openssl/param_build.h> | |
4f2271d5 | 20 | # include "internal/sizes.h" |
f11f86f6 SL |
21 | |
22 | /* Default value for gindex when canonical generation of g is not used */ | |
23 | # define FFC_UNVERIFIABLE_GINDEX -1 | |
24 | ||
25 | /* The different types of FFC keys */ | |
26 | # define FFC_PARAM_TYPE_DSA 0 | |
27 | # define FFC_PARAM_TYPE_DH 1 | |
28 | ||
4f2271d5 SL |
29 | /* |
30 | * The mode used by functions that share code for both generation and | |
5357c106 | 31 | * verification. See ossl_ffc_params_FIPS186_4_gen_verify(). |
4f2271d5 SL |
32 | */ |
33 | #define FFC_PARAM_MODE_VERIFY 0 | |
34 | #define FFC_PARAM_MODE_GENERATE 1 | |
35 | ||
f11f86f6 | 36 | /* Return codes for generation and validation of FFC parameters */ |
4f2271d5 SL |
37 | #define FFC_PARAM_RET_STATUS_FAILED 0 |
38 | #define FFC_PARAM_RET_STATUS_SUCCESS 1 | |
f11f86f6 | 39 | /* Returned if validating and g is only partially verifiable */ |
4f2271d5 | 40 | #define FFC_PARAM_RET_STATUS_UNVERIFIABLE_G 2 |
f11f86f6 SL |
41 | |
42 | /* Validation flags */ | |
38145fba SL |
43 | # define FFC_PARAM_FLAG_VALIDATE_PQ 0x01 |
44 | # define FFC_PARAM_FLAG_VALIDATE_G 0x02 | |
4f2271d5 SL |
45 | # define FFC_PARAM_FLAG_VALIDATE_ALL \ |
46 | (FFC_PARAM_FLAG_VALIDATE_PQ | FFC_PARAM_FLAG_VALIDATE_G) | |
38145fba | 47 | #define FFC_PARAM_FLAG_VALIDATE_LEGACY 0x04 |
f11f86f6 | 48 | |
92dcfb79 MC |
49 | /* |
50 | * NB: These values must align with the equivalently named macros in | |
51 | * openssl/dh.h. We cannot use those macros here in case DH has been disabled. | |
52 | */ | |
53 | # define FFC_CHECK_P_NOT_PRIME 0x00001 | |
54 | # define FFC_CHECK_P_NOT_SAFE_PRIME 0x00002 | |
55 | # define FFC_CHECK_UNKNOWN_GENERATOR 0x00004 | |
56 | # define FFC_CHECK_NOT_SUITABLE_GENERATOR 0x00008 | |
57 | # define FFC_CHECK_Q_NOT_PRIME 0x00010 | |
58 | # define FFC_CHECK_INVALID_Q_VALUE 0x00020 | |
59 | # define FFC_CHECK_INVALID_J_VALUE 0x00040 | |
60 | ||
f11f86f6 SL |
61 | # define FFC_CHECK_BAD_LN_PAIR 0x00080 |
62 | # define FFC_CHECK_INVALID_SEED_SIZE 0x00100 | |
63 | # define FFC_CHECK_MISSING_SEED_OR_COUNTER 0x00200 | |
64 | # define FFC_CHECK_INVALID_G 0x00400 | |
65 | # define FFC_CHECK_INVALID_PQ 0x00800 | |
66 | # define FFC_CHECK_INVALID_COUNTER 0x01000 | |
67 | # define FFC_CHECK_P_MISMATCH 0x02000 | |
68 | # define FFC_CHECK_Q_MISMATCH 0x04000 | |
69 | # define FFC_CHECK_G_MISMATCH 0x08000 | |
70 | # define FFC_CHECK_COUNTER_MISMATCH 0x10000 | |
dc8de3e6 | 71 | |
8083fd3a SL |
72 | /* Validation Return codes */ |
73 | # define FFC_ERROR_PUBKEY_TOO_SMALL 0x01 | |
74 | # define FFC_ERROR_PUBKEY_TOO_LARGE 0x02 | |
75 | # define FFC_ERROR_PUBKEY_INVALID 0x04 | |
76 | # define FFC_ERROR_NOT_SUITABLE_GENERATOR 0x08 | |
77 | # define FFC_ERROR_PRIVKEY_TOO_SMALL 0x10 | |
78 | # define FFC_ERROR_PRIVKEY_TOO_LARGE 0x20 | |
79 | ||
dc8de3e6 SL |
80 | /* |
81 | * Finite field cryptography (FFC) domain parameters are used by DH and DSA. | |
82 | * Refer to FIPS186_4 Appendix A & B. | |
83 | */ | |
84 | typedef struct ffc_params_st { | |
85 | /* Primes */ | |
86 | BIGNUM *p; | |
87 | BIGNUM *q; | |
88 | /* Generator */ | |
89 | BIGNUM *g; | |
90 | /* DH X9.42 Optional Subgroup factor j >= 2 where p = j * q + 1 */ | |
91 | BIGNUM *j; | |
92 | ||
93 | /* Required for FIPS186_4 validation of p, q and optionally canonical g */ | |
94 | unsigned char *seed; | |
95 | /* If this value is zero the hash size is used as the seed length */ | |
96 | size_t seedlen; | |
97 | /* Required for FIPS186_4 validation of p and q */ | |
98 | int pcounter; | |
ca2bf555 | 99 | int nid; /* The identity of a named group */ |
dc8de3e6 | 100 | |
f11f86f6 SL |
101 | /* |
102 | * Required for FIPS186_4 generation & validation of canonical g. | |
103 | * It uses unverifiable g if this value is -1. | |
104 | */ | |
105 | int gindex; | |
106 | int h; /* loop counter for unverifiable g */ | |
4f2271d5 SL |
107 | |
108 | unsigned int flags; /* See FFC_PARAM_FLAG_VALIDATE_ALL */ | |
109 | /* | |
110 | * The digest to use for generation or validation. If this value is NULL, | |
111 | * then the digest is chosen using the value of N. | |
112 | */ | |
113 | const char *mdname; | |
114 | const char *mdprops; | |
dc8de3e6 SL |
115 | } FFC_PARAMS; |
116 | ||
5357c106 P |
117 | void ossl_ffc_params_init(FFC_PARAMS *params); |
118 | void ossl_ffc_params_cleanup(FFC_PARAMS *params); | |
119 | void ossl_ffc_params_set0_pqg(FFC_PARAMS *params, BIGNUM *p, BIGNUM *q, | |
120 | BIGNUM *g); | |
121 | void ossl_ffc_params_get0_pqg(const FFC_PARAMS *params, const BIGNUM **p, | |
122 | const BIGNUM **q, const BIGNUM **g); | |
123 | void ossl_ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j); | |
124 | int ossl_ffc_params_set_seed(FFC_PARAMS *params, | |
125 | const unsigned char *seed, size_t seedlen); | |
126 | void ossl_ffc_params_set_gindex(FFC_PARAMS *params, int index); | |
127 | void ossl_ffc_params_set_pcounter(FFC_PARAMS *params, int index); | |
128 | void ossl_ffc_params_set_h(FFC_PARAMS *params, int index); | |
129 | void ossl_ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags); | |
130 | void ossl_ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags, | |
131 | int enable); | |
132 | int ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props); | |
133 | ||
134 | int ossl_ffc_params_set_validate_params(FFC_PARAMS *params, | |
135 | const unsigned char *seed, | |
136 | size_t seedlen, int counter); | |
137 | void ossl_ffc_params_get_validate_params(const FFC_PARAMS *params, | |
138 | unsigned char **seed, size_t *seedlen, | |
139 | int *pcounter); | |
140 | ||
141 | int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src); | |
142 | int ossl_ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q); | |
dc8de3e6 | 143 | |
f844f9eb | 144 | #ifndef FIPS_MODULE |
5357c106 | 145 | int ossl_ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent); |
f844f9eb | 146 | #endif /* FIPS_MODULE */ |
dc8de3e6 | 147 | |
f11f86f6 | 148 | |
b4250010 | 149 | int ossl_ffc_params_FIPS186_4_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, |
5357c106 P |
150 | int type, size_t L, size_t N, |
151 | int *res, BN_GENCB *cb); | |
b4250010 | 152 | int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, |
5357c106 P |
153 | int type, size_t L, size_t N, |
154 | int *res, BN_GENCB *cb); | |
155 | ||
b4250010 | 156 | int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx, |
5357c106 P |
157 | FFC_PARAMS *params, int mode, int type, |
158 | size_t L, size_t N, int *res, | |
159 | BN_GENCB *cb); | |
b4250010 | 160 | int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, |
5357c106 P |
161 | FFC_PARAMS *params, int mode, int type, |
162 | size_t L, size_t N, int *res, | |
163 | BN_GENCB *cb); | |
164 | ||
ba37b820 TM |
165 | int ossl_ffc_params_simple_validate(OSSL_LIB_CTX *libctx, |
166 | const FFC_PARAMS *params, | |
167 | int paramstype, int *res); | |
168 | int ossl_ffc_params_full_validate(OSSL_LIB_CTX *libctx, | |
169 | const FFC_PARAMS *params, | |
170 | int paramstype, int *res); | |
b4250010 | 171 | int ossl_ffc_params_FIPS186_4_validate(OSSL_LIB_CTX *libctx, |
5357c106 P |
172 | const FFC_PARAMS *params, |
173 | int type, int *res, BN_GENCB *cb); | |
b4250010 | 174 | int ossl_ffc_params_FIPS186_2_validate(OSSL_LIB_CTX *libctx, |
5357c106 P |
175 | const FFC_PARAMS *params, |
176 | int type, int *res, BN_GENCB *cb); | |
177 | ||
178 | int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, | |
179 | int N, int s, BIGNUM *priv); | |
180 | ||
181 | int ossl_ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, | |
182 | const BIGNUM *p, const BIGNUM *q, | |
183 | const BIGNUM *g, BIGNUM *tmp, | |
184 | int *ret); | |
185 | ||
186 | int ossl_ffc_validate_public_key(const FFC_PARAMS *params, | |
187 | const BIGNUM *pub_key, int *ret); | |
188 | int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, | |
189 | const BIGNUM *pub_key, int *ret); | |
190 | int ossl_ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv_key, | |
191 | int *ret); | |
192 | ||
193 | int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *tmpl, | |
194 | OSSL_PARAM params[]); | |
195 | int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]); | |
c829c23b RL |
196 | |
197 | typedef struct dh_named_group_st DH_NAMED_GROUP; | |
198 | const DH_NAMED_GROUP *ossl_ffc_name_to_dh_named_group(const char *name); | |
199 | const DH_NAMED_GROUP *ossl_ffc_uid_to_dh_named_group(int uid); | |
200 | #ifndef OPENSSL_NO_DH | |
201 | const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p, | |
202 | const BIGNUM *q, | |
203 | const BIGNUM *g); | |
204 | #endif | |
205 | int ossl_ffc_named_group_get_uid(const DH_NAMED_GROUP *group); | |
206 | const char *ossl_ffc_named_group_get_name(const DH_NAMED_GROUP *); | |
207 | #ifndef OPENSSL_NO_DH | |
208 | const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group); | |
209 | int ossl_ffc_named_group_set_pqg(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group); | |
210 | #endif | |
211 | ||
5357c106 P |
212 | const char *ossl_ffc_params_flags_to_name(int flags); |
213 | int ossl_ffc_params_flags_from_name(const char *name); | |
0abae163 | 214 | |
dc8de3e6 | 215 | #endif /* OSSL_INTERNAL_FFC_H */ |