crypto/dh/dh_group_params.c

   1 /*
   2  * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 /* DH parameters from RFC7919 and RFC3526 */
  11
  12 /*
  13  * DH low level APIs are deprecated for public use, but still ok for
  14  * internal use.
  15  */
  16 #include "internal/deprecated.h"
  17
  18 #include <stdio.h>
  19 #include "internal/cryptlib.h"
  20 #include "dh_local.h"
  21 #include <openssl/bn.h>
  22 #include <openssl/objects.h>
  23 #include "crypto/bn_dh.h"
  24 #include "crypto/dh.h"
  25
  26 #ifndef FIPS_MODE
  27 static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid);
  28
  29 static DH *dh_param_init(OPENSSL_CTX *libctx, int nid, const BIGNUM *p,
  30                          int32_t nbits)
  31 {
  32     BIGNUM *q = NULL;
  33     DH *dh = dh_new_with_ctx(libctx);
  34
  35     if (dh == NULL)
  36         return NULL;
  37
  38     q = BN_dup(p);
  39     /* Set q = (p - 1) / 2 (p is known to be odd so just shift right ) */
  40     if (q == NULL || !BN_rshift1(q, q)) {
  41         BN_free(q);
  42         DH_free(dh);
  43         return NULL;
  44     }
  45     dh->params.nid = nid;
  46     dh->params.p = (BIGNUM *)p;
  47     dh->params.q = (BIGNUM *)q;
  48     dh->params.g = (BIGNUM *)&_bignum_const_2;
  49     /* Private key length = 2 * max_target_security_strength */
  50     dh->length = nbits;
  51     dh->dirty_cnt++;
  52     return dh;
  53 }
  54
  55 static DH *dh_new_by_nid_with_ctx(OPENSSL_CTX *libctx, int nid)
  56 {
  57     /*
  58      * The last parameter specified in these fields is
  59      * 2 * max_target_security_strength.
  60      * See SP800-56Ar3 Table(s) 25 & 26.
  61      */
  62     switch (nid) {
  63     case NID_ffdhe2048:
  64         return dh_param_init(libctx, nid, &_bignum_ffdhe2048_p, 225);
  65     case NID_ffdhe3072:
  66         return dh_param_init(libctx, nid, &_bignum_ffdhe3072_p, 275);
  67     case NID_ffdhe4096:
  68         return dh_param_init(libctx, nid, &_bignum_ffdhe4096_p, 325);
  69     case NID_ffdhe6144:
  70         return dh_param_init(libctx, nid, &_bignum_ffdhe6144_p, 375);
  71     case NID_ffdhe8192:
  72         return dh_param_init(libctx, nid, &_bignum_ffdhe8192_p, 400);
  73 #ifndef FIPS_MODE
  74     case NID_modp_1536:
  75         return dh_param_init(libctx, nid, &_bignum_modp_1536_p, 190);
  76 #endif
  77     case NID_modp_2048:
  78         return dh_param_init(libctx, nid, &_bignum_modp_2048_p, 225);
  79     case NID_modp_3072:
  80         return dh_param_init(libctx, nid, &_bignum_modp_3072_p, 275);
  81     case NID_modp_4096:
  82         return dh_param_init(libctx, nid, &_bignum_modp_4096_p, 325);
  83     case NID_modp_6144:
  84         return dh_param_init(libctx, nid, &_bignum_modp_6144_p, 375);
  85     case NID_modp_8192:
  86         return dh_param_init(libctx, nid, &_bignum_modp_8192_p, 400);
  87     default:
  88         DHerr(0, DH_R_INVALID_PARAMETER_NID);
  89         return NULL;
  90     }
  91 }
  92
  93 DH *DH_new_by_nid(int nid)
  94 {
  95     return dh_new_by_nid_with_ctx(NULL, nid);
  96 }
  97 #endif
  98
  99 int DH_get_nid(DH *dh)
 100 {
 101     int nid = dh->params.nid;
 102
 103     if (nid != NID_undef)
 104         return nid;
 105
 106     if (BN_get_word(dh->params.g) != 2)
 107         return NID_undef;
 108     if (!BN_cmp(dh->params.p, &_bignum_ffdhe2048_p))
 109         nid = NID_ffdhe2048;
 110     else if (!BN_cmp(dh->params.p, &_bignum_ffdhe3072_p))
 111         nid = NID_ffdhe3072;
 112     else if (!BN_cmp(dh->params.p, &_bignum_ffdhe4096_p))
 113         nid = NID_ffdhe4096;
 114     else if (!BN_cmp(dh->params.p, &_bignum_ffdhe6144_p))
 115         nid = NID_ffdhe6144;
 116     else if (!BN_cmp(dh->params.p, &_bignum_ffdhe8192_p))
 117         nid = NID_ffdhe8192;
 118 #ifndef FIPS_MODE
 119     else if (!BN_cmp(dh->params.p, &_bignum_modp_1536_p))
 120         nid = NID_modp_1536;
 121 #endif
 122     else if (!BN_cmp(dh->params.p, &_bignum_modp_2048_p))
 123         nid = NID_modp_2048;
 124     else if (!BN_cmp(dh->params.p, &_bignum_modp_3072_p))
 125         nid = NID_modp_3072;
 126     else if (!BN_cmp(dh->params.p, &_bignum_modp_4096_p))
 127         nid = NID_modp_4096;
 128     else if (!BN_cmp(dh->params.p, &_bignum_modp_6144_p))
 129         nid = NID_modp_6144;
 130     else if (!BN_cmp(dh->params.p, &_bignum_modp_8192_p))
 131         nid = NID_modp_8192;
 132     else
 133         return NID_undef;
 134
 135     /* Verify q is correct if it exists - reset the nid if it is not correct */
 136     if (dh->params.q != NULL) {
 137         BIGNUM *q = BN_dup(dh->params.p);
 138
 139         /* Check q = p * 2 + 1 we already know q is odd, so just shift right */
 140         if (q == NULL || !BN_rshift1(q, q) || (BN_cmp(dh->params.q, q) != 0))
 141             nid = NID_undef;
 142         BN_free(q);
 143     }
 144     dh->params.nid = nid; /* cache the nid */
 145     return nid;
 146 }