diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-04-15 13:02:52 +0200 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-04-15 13:02:52 +0200 |
commit | b03ec3b5d62ee26bf8437556b9040d4141d5bdd8 (patch) | |
tree | 1f27a892757c24efab70d2fb8f93110f71c0fbb3 /crypto/ffc | |
parent | Make sure we always send an alert in libssl if we hit a fatal error (diff) | |
download | openssl-b03ec3b5d62ee26bf8437556b9040d4141d5bdd8.tar.xz openssl-b03ec3b5d62ee26bf8437556b9040d4141d5bdd8.zip |
Add DSA keygen to provider
Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11303)
Diffstat (limited to 'crypto/ffc')
-rw-r--r-- | crypto/ffc/ffc_backend.c | 55 | ||||
-rw-r--r-- | crypto/ffc/ffc_key_generate.c | 1 | ||||
-rw-r--r-- | crypto/ffc/ffc_params.c | 85 | ||||
-rw-r--r-- | crypto/ffc/ffc_params_generate.c | 2 |
4 files changed, 135 insertions, 8 deletions
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c index cde9e43da3..1d076184bc 100644 --- a/crypto/ffc/ffc_backend.c +++ b/crypto/ffc/ffc_backend.c @@ -9,6 +9,7 @@ #include <openssl/core_names.h> #include "internal/ffc.h" +#include "internal/sizes.h" /* * The intention with the "backend" source file is to offer backend support @@ -16,27 +17,75 @@ * implementations alike. */ -int ffc_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) +int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) { + const OSSL_PARAM *prm; const OSSL_PARAM *param_p, *param_q, *param_g; - BIGNUM *p = NULL, *q = NULL, *g = NULL; + BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL; +#if 0 + char group_name[OSSL_MAX_NAME_SIZE]; + char *str = group_name; +#endif + int i; if (ffc == NULL) return 0; +/* TODO(3.0) Add for DH PR */ +#if 0 + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GROUP); + if (prm != NULL) { + if (!OSSL_PARAM_get_utf8_string(prm, &str, sizeof(group_name))) + goto err; + if (!ffc_set_group_pqg(ffc, group_name)) + goto err; + } +#endif param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P); - param_q = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q); param_g = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G); + param_q = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q); if ((param_p != NULL && !OSSL_PARAM_get_BN(param_p, &p)) || (param_q != NULL && !OSSL_PARAM_get_BN(param_q, &q)) || (param_g != NULL && !OSSL_PARAM_get_BN(param_g, &g))) goto err; + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX); + if (prm != NULL) { + if (!OSSL_PARAM_get_int(prm, &i)) + goto err; + ffc->gindex = i; + } + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER); + if (prm != NULL) { + if (!OSSL_PARAM_get_int(prm, &i)) + goto err; + ffc->pcounter = i; + } + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_COFACTOR); + if (prm != NULL) { + if (!OSSL_PARAM_get_BN(prm, &j)) + goto err; + } + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H); + if (prm != NULL) { + if (!OSSL_PARAM_get_int(prm, &i)) + goto err; + ffc->h = i; + } + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED); + if (prm != NULL) { + if (prm->data_type != OSSL_PARAM_OCTET_STRING) + goto err; + if (!ffc_params_set_seed(ffc, prm->data, prm->data_size)) + goto err; + } ffc_params_set0_pqg(ffc, p, q, g); + ffc_params_set0_j(ffc, j); return 1; err: + BN_free(j); BN_free(p); BN_free(q); BN_free(g); diff --git a/crypto/ffc/ffc_key_generate.c b/crypto/ffc/ffc_key_generate.c index 078e8d39a1..4e2f231d83 100644 --- a/crypto/ffc/ffc_key_generate.c +++ b/crypto/ffc/ffc_key_generate.c @@ -10,6 +10,7 @@ #include "internal/ffc.h" /* + * For Fips mode: * SP800-56Ar3 5.6.1.1.4 Key pair generation by testing candidates. * Generates a private key in the interval [1, min(2 ^ N - 1, q - 1)]. * diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c index cb8987b64d..5950847703 100644 --- a/crypto/ffc/ffc_params.c +++ b/crypto/ffc/ffc_params.c @@ -8,7 +8,10 @@ */ #include <string.h> /* memset */ +#include <openssl/core_names.h> #include "internal/ffc.h" +#include "internal/param_build_set.h" + #ifndef FIPS_MODE # include <openssl/asn1.h> /* ffc_params_print */ #endif @@ -67,15 +70,17 @@ void ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j) d->j = j; } -int ffc_params_set_validate_params(FFC_PARAMS *params, - const unsigned char *seed, size_t seedlen, - int counter) +int ffc_params_set_seed(FFC_PARAMS *params, + const unsigned char *seed, size_t seedlen) { if (params == NULL) return 0; - if (params->seed != NULL) + if (params->seed != NULL) { + if (params->seed == seed) + return 1; OPENSSL_free(params->seed); + } if (seed != NULL && seedlen > 0) { params->seed = OPENSSL_memdup(seed, seedlen); @@ -86,6 +91,30 @@ int ffc_params_set_validate_params(FFC_PARAMS *params, params->seed = NULL; params->seedlen = 0; } + return 1; +} + +void ffc_params_set_gindex(FFC_PARAMS *params, int index) +{ + params->gindex = index; +} + +void ffc_params_set_pcounter(FFC_PARAMS *params, int index) +{ + params->pcounter = index; +} + +void ffc_params_set_h(FFC_PARAMS *params, int index) +{ + params->h = index; +} + +int ffc_params_set_validate_params(FFC_PARAMS *params, + const unsigned char *seed, size_t seedlen, + int counter) +{ + if (!ffc_params_set_seed(params, seed, seedlen)) + return 0; params->pcounter = counter; return 1; } @@ -139,7 +168,10 @@ int ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src) } else { dst->seed = NULL; } + dst->nid = src->nid; dst->pcounter = src->pcounter; + dst->h = src->h; + dst->gindex = src->gindex; return 1; } @@ -150,7 +182,52 @@ int ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q) && (ignore_q || BN_cmp(a->q, b->q) == 0); /* Note: q may be NULL */ } +int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, + OSSL_PARAM params[]) +{ + if (ffc == NULL) + return 0; + + if (ffc->p != NULL + && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_P, ffc->p)) + return 0; + if (ffc->q != NULL + && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_Q, ffc->q)) + return 0; + if (ffc->g != NULL + && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_G, ffc->g)) + return 0; + if (ffc->j != NULL + && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_COFACTOR, + ffc->j)) + return 0; + if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_GINDEX, + ffc->gindex)) + return 0; + if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_PCOUNTER, + ffc->pcounter)) + return 0; + if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_H, ffc->h)) + return 0; + if (ffc->seed != NULL + && !ossl_param_build_set_octet_string(bld, params, + OSSL_PKEY_PARAM_FFC_SEED, + ffc->seed, ffc->seedlen)) + return 0; + if (ffc->nid != NID_undef) { + const char *name = ffc_named_group_from_nid(ffc->nid); + + if (name == NULL + || !ossl_param_build_set_utf8_string(bld, params, + OSSL_PKEY_PARAM_FFC_GROUP, + name)) + return 0; + } + return 1; +} + #ifndef FIPS_MODE + int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent) { if (!ASN1_bn_print(bp, "prime P:", ffc->p, NULL, indent)) diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index cb51bf0e76..6d9b924387 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -487,7 +487,7 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, BIGNUM *g = NULL, *q = NULL, *p = NULL; BN_MONT_CTX *mont = NULL; int n = 0, m = 0, qsize = N >> 3; - int canonical_g = 0, hret = -1; + int canonical_g = 0, hret = 0; BN_CTX *ctx = NULL; EVP_MD_CTX *mctx = NULL; int generate = (validate_flags == 0); |