2 * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* DH parameters from RFC7919 and RFC3526 */
13 * DH low level APIs are deprecated for public use, but still ok for
16 #include "internal/deprecated.h"
19 #include "internal/cryptlib.h"
21 #include <openssl/bn.h>
22 #include <openssl/objects.h>
23 #include "crypto/bn_dh.h"
24 #include "crypto/dh.h"
27 static DH
*dh_new_by_nid_with_ctx(OPENSSL_CTX
*libctx
, int nid
);
29 static DH
*dh_param_init(OPENSSL_CTX
*libctx
, int nid
, const BIGNUM
*p
,
33 DH
*dh
= dh_new_with_ctx(libctx
);
39 /* Set q = (p - 1) / 2 (p is known to be odd so just shift right ) */
40 if (q
== NULL
|| !BN_rshift1(q
, q
)) {
46 dh
->params
.p
= (BIGNUM
*)p
;
47 dh
->params
.q
= (BIGNUM
*)q
;
48 dh
->params
.g
= (BIGNUM
*)&_bignum_const_2
;
49 /* Private key length = 2 * max_target_security_strength */
55 static DH
*dh_new_by_nid_with_ctx(OPENSSL_CTX
*libctx
, int nid
)
58 * The last parameter specified in these fields is
59 * 2 * max_target_security_strength.
60 * See SP800-56Ar3 Table(s) 25 & 26.
64 return dh_param_init(libctx
, nid
, &_bignum_ffdhe2048_p
, 225);
66 return dh_param_init(libctx
, nid
, &_bignum_ffdhe3072_p
, 275);
68 return dh_param_init(libctx
, nid
, &_bignum_ffdhe4096_p
, 325);
70 return dh_param_init(libctx
, nid
, &_bignum_ffdhe6144_p
, 375);
72 return dh_param_init(libctx
, nid
, &_bignum_ffdhe8192_p
, 400);
75 return dh_param_init(libctx
, nid
, &_bignum_modp_1536_p
, 190);
78 return dh_param_init(libctx
, nid
, &_bignum_modp_2048_p
, 225);
80 return dh_param_init(libctx
, nid
, &_bignum_modp_3072_p
, 275);
82 return dh_param_init(libctx
, nid
, &_bignum_modp_4096_p
, 325);
84 return dh_param_init(libctx
, nid
, &_bignum_modp_6144_p
, 375);
86 return dh_param_init(libctx
, nid
, &_bignum_modp_8192_p
, 400);
88 DHerr(0, DH_R_INVALID_PARAMETER_NID
);
93 DH
*DH_new_by_nid(int nid
)
95 return dh_new_by_nid_with_ctx(NULL
, nid
);
99 int DH_get_nid(DH
*dh
)
101 int nid
= dh
->params
.nid
;
103 if (nid
!= NID_undef
)
106 if (BN_get_word(dh
->params
.g
) != 2)
108 if (!BN_cmp(dh
->params
.p
, &_bignum_ffdhe2048_p
))
110 else if (!BN_cmp(dh
->params
.p
, &_bignum_ffdhe3072_p
))
112 else if (!BN_cmp(dh
->params
.p
, &_bignum_ffdhe4096_p
))
114 else if (!BN_cmp(dh
->params
.p
, &_bignum_ffdhe6144_p
))
116 else if (!BN_cmp(dh
->params
.p
, &_bignum_ffdhe8192_p
))
119 else if (!BN_cmp(dh
->params
.p
, &_bignum_modp_1536_p
))
122 else if (!BN_cmp(dh
->params
.p
, &_bignum_modp_2048_p
))
124 else if (!BN_cmp(dh
->params
.p
, &_bignum_modp_3072_p
))
126 else if (!BN_cmp(dh
->params
.p
, &_bignum_modp_4096_p
))
128 else if (!BN_cmp(dh
->params
.p
, &_bignum_modp_6144_p
))
130 else if (!BN_cmp(dh
->params
.p
, &_bignum_modp_8192_p
))
135 /* Verify q is correct if it exists - reset the nid if it is not correct */
136 if (dh
->params
.q
!= NULL
) {
137 BIGNUM
*q
= BN_dup(dh
->params
.p
);
139 /* Check q = p * 2 + 1 we already know q is odd, so just shift right */
140 if (q
== NULL
|| !BN_rshift1(q
, q
) || (BN_cmp(dh
->params
.q
, q
) != 0))
144 dh
->params
.nid
= nid
; /* cache the nid */