#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
+#include "crypto/dh.h"
#include "dh_local.h"
+#ifndef FIPS_MODE
static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_GENCB *cb);
+#endif /* FIPS_MODE */
+
+/*
+ * TODO(3.0): keygen should be able to use this method to do a FIPS186-4 style
+ * paramgen.
+ */
+int dh_generate_ffc_parameters(OPENSSL_CTX *libctx, DH *dh, int bits,
+ int qbits, int gindex, BN_GENCB *cb)
+{
+ int ret, res;
+
+ if (qbits <= 0) {
+ const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
+
+ qbits = EVP_MD_size(evpmd) * 8;
+ }
+ dh->params.gindex = gindex;
+ ret = ffc_params_FIPS186_4_generate(libctx, &dh->params, FFC_PARAM_TYPE_DH,
+ bits, qbits, NULL, &res, cb);
+ if (ret > 0)
+ dh->dirty_cnt++;
+ return ret;
+}
int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
BN_GENCB *cb)
{
+#ifdef FIPS_MODE
+ /*
+ * Just choose an approved safe prime group.
+ * The alternative to this is to generate FIPS186-4 domain parameters i.e.
+ * return dh_generate_ffc_parameters(ret, prime_len, -1, -1, cb);
+ * As the FIPS186-4 generated params are for backwards compatability,
+ * the safe prime group should be used as the default.
+ */
+ DH *dh = NULL;
+ int ok = 0, nid;
+
+ if (generator != 2)
+ return 0;
+
+ switch (prime_len) {
+ case 2048:
+ nid = NID_ffdhe2048;
+ break;
+ case 3072:
+ nid = NID_ffdhe3072;
+ break;
+ case 4096:
+ nid = NID_ffdhe4096;
+ break;
+ case 6144:
+ nid = NID_ffdhe6144;
+ break;
+ case 8192:
+ nid = NID_ffdhe8192;
+ break;
+ /* unsupported prime_len */
+ default:
+ return 0;
+ }
+ dh = DH_new_by_nid(nid);
+ if (dh != NULL && ffc_params_copy(&ret->params, &dh->params)) {
+ ok = 1;
+ ret->dirty_cnt++;
+ }
+ DH_free(dh);
+ return ok;
+#else
if (ret->meth->generate_params)
return ret->meth->generate_params(ret, prime_len, generator, cb);
return dh_builtin_genparams(ret, prime_len, generator, cb);
+#endif /* FIPS_MODE */
}
+#ifndef FIPS_MODE
/*-
* We generate DH parameters as follows
* find a prime p which is prime_len bits long,
BN_CTX_free(ctx);
return ok;
}
+#endif /* FIPS_MODE */