2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "internal/ffc.h"
11 #include "internal/nelem.h"
12 #include "crypto/bn_dh.h"
13 #include "e_os.h" /* strcasecmp */
17 # define FFDHE(sz) { \
18 SN_ffdhe##sz, NID_ffdhe##sz, \
20 &_bignum_ffdhe##sz##_p, &_bignum_ffdhe##sz##_q, &_bignum_const_2, \
24 SN_modp_##sz, NID_modp_##sz, \
26 &_bignum_modp_##sz##_p, &_bignum_modp_##sz##_q, &_bignum_const_2 \
29 # define RFC5114(name, uid, sz, tag) { \
32 &_bignum_dh##tag##_p, &_bignum_dh##tag##_q, &_bignum_dh##tag##_g \
37 # define FFDHE(sz) { SN_ffdhe##sz, NID_ffdhe##sz }
38 # define MODP(sz) { SN_modp_##sz, NID_modp_##sz }
39 # define RFC5114(name, uid, sz, tag) { name, uid }
43 struct dh_named_group_st
{
54 static const DH_NAMED_GROUP dh_named_groups
[] = {
69 * Additional dh named groups from RFC 5114 that have a different g.
70 * The uid can be any unique identifier.
73 RFC5114("dh_1024_160", 1, 1024, 1024_160
),
74 RFC5114("dh_2048_224", 2, 2048, 2048_224
),
75 RFC5114("dh_2048_256", 3, 2048, 2048_256
),
79 const DH_NAMED_GROUP
*ossl_ffc_name_to_dh_named_group(const char *name
)
83 for (i
= 0; i
< OSSL_NELEM(dh_named_groups
); ++i
) {
84 if (strcasecmp(dh_named_groups
[i
].name
, name
) == 0)
85 return &dh_named_groups
[i
];
90 const DH_NAMED_GROUP
*ossl_ffc_uid_to_dh_named_group(int uid
)
94 for (i
= 0; i
< OSSL_NELEM(dh_named_groups
); ++i
) {
95 if (dh_named_groups
[i
].uid
== uid
)
96 return &dh_named_groups
[i
];
101 #ifndef OPENSSL_NO_DH
102 const DH_NAMED_GROUP
*ossl_ffc_numbers_to_dh_named_group(const BIGNUM
*p
,
108 for (i
= 0; i
< OSSL_NELEM(dh_named_groups
); ++i
) {
109 /* Keep searching until a matching p and g is found */
110 if (BN_cmp(p
, dh_named_groups
[i
].p
) == 0
111 && BN_cmp(g
, dh_named_groups
[i
].g
) == 0
112 /* Verify q is correct if it exists */
113 && ((q
!= NULL
&& BN_cmp(q
, dh_named_groups
[i
].q
) == 0)
114 /* Do not match RFC 5114 groups without q */
115 || (q
== NULL
&& dh_named_groups
[i
].uid
> 3)))
116 return &dh_named_groups
[i
];
122 int ossl_ffc_named_group_get_uid(const DH_NAMED_GROUP
*group
)
129 const char *ossl_ffc_named_group_get_name(const DH_NAMED_GROUP
*group
)
136 #ifndef OPENSSL_NO_DH
137 const BIGNUM
*ossl_ffc_named_group_get_q(const DH_NAMED_GROUP
*group
)
144 int ossl_ffc_named_group_set_pqg(FFC_PARAMS
*ffc
, const DH_NAMED_GROUP
*group
)
146 if (ffc
== NULL
|| group
== NULL
)
149 ossl_ffc_params_set0_pqg(ffc
, (BIGNUM
*)group
->p
, (BIGNUM
*)group
->q
,
152 /* flush the cached nid, The DH layer is responsible for caching */
153 ffc
->nid
= NID_undef
;