summaryrefslogtreecommitdiffstats
path: root/crypto/ffc
diff options
context:
space:
mode:
authorShane Lontis <shane.lontis@oracle.com>2020-04-15 13:02:52 +0200
committerShane Lontis <shane.lontis@oracle.com>2020-04-15 13:02:52 +0200
commitb03ec3b5d62ee26bf8437556b9040d4141d5bdd8 (patch)
tree1f27a892757c24efab70d2fb8f93110f71c0fbb3 /crypto/ffc
parentMake sure we always send an alert in libssl if we hit a fatal error (diff)
downloadopenssl-b03ec3b5d62ee26bf8437556b9040d4141d5bdd8.tar.xz
openssl-b03ec3b5d62ee26bf8437556b9040d4141d5bdd8.zip
Add DSA keygen to provider
Moved some shared FFC code into the FFC files. Added extra paramgen parameters for seed, gindex. Fixed bug in ossl_prov util to print bignums. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11303)
Diffstat (limited to 'crypto/ffc')
-rw-r--r--crypto/ffc/ffc_backend.c55
-rw-r--r--crypto/ffc/ffc_key_generate.c1
-rw-r--r--crypto/ffc/ffc_params.c85
-rw-r--r--crypto/ffc/ffc_params_generate.c2
4 files changed, 135 insertions, 8 deletions
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index cde9e43da3..1d076184bc 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -9,6 +9,7 @@
#include <openssl/core_names.h>
#include "internal/ffc.h"
+#include "internal/sizes.h"
/*
* The intention with the "backend" source file is to offer backend support
@@ -16,27 +17,75 @@
* implementations alike.
*/
-int ffc_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
+int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
{
+ const OSSL_PARAM *prm;
const OSSL_PARAM *param_p, *param_q, *param_g;
- BIGNUM *p = NULL, *q = NULL, *g = NULL;
+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
+#if 0
+ char group_name[OSSL_MAX_NAME_SIZE];
+ char *str = group_name;
+#endif
+ int i;
if (ffc == NULL)
return 0;
+/* TODO(3.0) Add for DH PR */
+#if 0
+ prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GROUP);
+ if (prm != NULL) {
+ if (!OSSL_PARAM_get_utf8_string(prm, &str, sizeof(group_name)))
+ goto err;
+ if (!ffc_set_group_pqg(ffc, group_name))
+ goto err;
+ }
+#endif
param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P);
- param_q = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q);
param_g = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G);
+ param_q = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q);
if ((param_p != NULL && !OSSL_PARAM_get_BN(param_p, &p))
|| (param_q != NULL && !OSSL_PARAM_get_BN(param_q, &q))
|| (param_g != NULL && !OSSL_PARAM_get_BN(param_g, &g)))
goto err;
+ prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX);
+ if (prm != NULL) {
+ if (!OSSL_PARAM_get_int(prm, &i))
+ goto err;
+ ffc->gindex = i;
+ }
+ prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER);
+ if (prm != NULL) {
+ if (!OSSL_PARAM_get_int(prm, &i))
+ goto err;
+ ffc->pcounter = i;
+ }
+ prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_COFACTOR);
+ if (prm != NULL) {
+ if (!OSSL_PARAM_get_BN(prm, &j))
+ goto err;
+ }
+ prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);
+ if (prm != NULL) {
+ if (!OSSL_PARAM_get_int(prm, &i))
+ goto err;
+ ffc->h = i;
+ }
+ prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED);
+ if (prm != NULL) {
+ if (prm->data_type != OSSL_PARAM_OCTET_STRING)
+ goto err;
+ if (!ffc_params_set_seed(ffc, prm->data, prm->data_size))
+ goto err;
+ }
ffc_params_set0_pqg(ffc, p, q, g);
+ ffc_params_set0_j(ffc, j);
return 1;
err:
+ BN_free(j);
BN_free(p);
BN_free(q);
BN_free(g);
diff --git a/crypto/ffc/ffc_key_generate.c b/crypto/ffc/ffc_key_generate.c
index 078e8d39a1..4e2f231d83 100644
--- a/crypto/ffc/ffc_key_generate.c
+++ b/crypto/ffc/ffc_key_generate.c
@@ -10,6 +10,7 @@
#include "internal/ffc.h"
/*
+ * For Fips mode:
* SP800-56Ar3 5.6.1.1.4 Key pair generation by testing candidates.
* Generates a private key in the interval [1, min(2 ^ N - 1, q - 1)].
*
diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
index cb8987b64d..5950847703 100644
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@@ -8,7 +8,10 @@
*/
#include <string.h> /* memset */
+#include <openssl/core_names.h>
#include "internal/ffc.h"
+#include "internal/param_build_set.h"
+
#ifndef FIPS_MODE
# include <openssl/asn1.h> /* ffc_params_print */
#endif
@@ -67,15 +70,17 @@ void ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j)
d->j = j;
}
-int ffc_params_set_validate_params(FFC_PARAMS *params,
- const unsigned char *seed, size_t seedlen,
- int counter)
+int ffc_params_set_seed(FFC_PARAMS *params,
+ const unsigned char *seed, size_t seedlen)
{
if (params == NULL)
return 0;
- if (params->seed != NULL)
+ if (params->seed != NULL) {
+ if (params->seed == seed)
+ return 1;
OPENSSL_free(params->seed);
+ }
if (seed != NULL && seedlen > 0) {
params->seed = OPENSSL_memdup(seed, seedlen);
@@ -86,6 +91,30 @@ int ffc_params_set_validate_params(FFC_PARAMS *params,
params->seed = NULL;
params->seedlen = 0;
}
+ return 1;
+}
+
+void ffc_params_set_gindex(FFC_PARAMS *params, int index)
+{
+ params->gindex = index;
+}
+
+void ffc_params_set_pcounter(FFC_PARAMS *params, int index)
+{
+ params->pcounter = index;
+}
+
+void ffc_params_set_h(FFC_PARAMS *params, int index)
+{
+ params->h = index;
+}
+
+int ffc_params_set_validate_params(FFC_PARAMS *params,
+ const unsigned char *seed, size_t seedlen,
+ int counter)
+{
+ if (!ffc_params_set_seed(params, seed, seedlen))
+ return 0;
params->pcounter = counter;
return 1;
}
@@ -139,7 +168,10 @@ int ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src)
} else {
dst->seed = NULL;
}
+ dst->nid = src->nid;
dst->pcounter = src->pcounter;
+ dst->h = src->h;
+ dst->gindex = src->gindex;
return 1;
}
@@ -150,7 +182,52 @@ int ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q)
&& (ignore_q || BN_cmp(a->q, b->q) == 0); /* Note: q may be NULL */
}
+int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
+ OSSL_PARAM params[])
+{
+ if (ffc == NULL)
+ return 0;
+
+ if (ffc->p != NULL
+ && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_P, ffc->p))
+ return 0;
+ if (ffc->q != NULL
+ && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_Q, ffc->q))
+ return 0;
+ if (ffc->g != NULL
+ && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_G, ffc->g))
+ return 0;
+ if (ffc->j != NULL
+ && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_COFACTOR,
+ ffc->j))
+ return 0;
+ if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_GINDEX,
+ ffc->gindex))
+ return 0;
+ if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_PCOUNTER,
+ ffc->pcounter))
+ return 0;
+ if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_H, ffc->h))
+ return 0;
+ if (ffc->seed != NULL
+ && !ossl_param_build_set_octet_string(bld, params,
+ OSSL_PKEY_PARAM_FFC_SEED,
+ ffc->seed, ffc->seedlen))
+ return 0;
+ if (ffc->nid != NID_undef) {
+ const char *name = ffc_named_group_from_nid(ffc->nid);
+
+ if (name == NULL
+ || !ossl_param_build_set_utf8_string(bld, params,
+ OSSL_PKEY_PARAM_FFC_GROUP,
+ name))
+ return 0;
+ }
+ return 1;
+}
+
#ifndef FIPS_MODE
+
int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent)
{
if (!ASN1_bn_print(bp, "prime P:", ffc->p, NULL, indent))
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index cb51bf0e76..6d9b924387 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -487,7 +487,7 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
BIGNUM *g = NULL, *q = NULL, *p = NULL;
BN_MONT_CTX *mont = NULL;
int n = 0, m = 0, qsize = N >> 3;
- int canonical_g = 0, hret = -1;
+ int canonical_g = 0, hret = 0;
BN_CTX *ctx = NULL;
EVP_MD_CTX *mctx = NULL;
int generate = (validate_flags == 0);