1
/*
2
 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9

10
/*
11
 * DH low level APIs are deprecated for public use, but still ok for
12
 * internal use.
13
 */
14
#include "internal/deprecated.h"
15
#include "internal/common.h"
16

17
#include <string.h> /* strcmp */
18
#include <openssl/core_dispatch.h>
19
#include <openssl/core_names.h>
20
#include <openssl/bn.h>
21
#include <openssl/err.h>
22
#include <openssl/self_test.h>
23
#include "prov/implementations.h"
24
#include "prov/providercommon.h"
25
#include "prov/provider_ctx.h"
26
#include "crypto/dh.h"
27
#include "internal/fips.h"
28
#include "internal/sizes.h"
29

30
static OSSL_FUNC_keymgmt_new_fn dh_newdata;
31
static OSSL_FUNC_keymgmt_free_fn dh_freedata;
32
static OSSL_FUNC_keymgmt_gen_init_fn dh_gen_init;
33
static OSSL_FUNC_keymgmt_gen_init_fn dhx_gen_init;
34
static OSSL_FUNC_keymgmt_gen_set_template_fn dh_gen_set_template;
35
static OSSL_FUNC_keymgmt_gen_set_params_fn dh_gen_set_params;
36
static OSSL_FUNC_keymgmt_gen_settable_params_fn dh_gen_settable_params;
37
static OSSL_FUNC_keymgmt_gen_fn dh_gen;
38
static OSSL_FUNC_keymgmt_gen_cleanup_fn dh_gen_cleanup;
39
static OSSL_FUNC_keymgmt_load_fn dh_load;
40
static OSSL_FUNC_keymgmt_get_params_fn dh_get_params;
41
static OSSL_FUNC_keymgmt_gettable_params_fn dh_gettable_params;
42
static OSSL_FUNC_keymgmt_set_params_fn dh_set_params;
43
static OSSL_FUNC_keymgmt_settable_params_fn dh_settable_params;
44
static OSSL_FUNC_keymgmt_has_fn dh_has;
45
static OSSL_FUNC_keymgmt_match_fn dh_match;
46
static OSSL_FUNC_keymgmt_validate_fn dh_validate;
47
static OSSL_FUNC_keymgmt_import_fn dh_import;
48
static OSSL_FUNC_keymgmt_import_types_fn dh_import_types;
49
static OSSL_FUNC_keymgmt_export_fn dh_export;
50
static OSSL_FUNC_keymgmt_export_types_fn dh_export_types;
51
static OSSL_FUNC_keymgmt_dup_fn dh_dup;
52

53
#define DH_POSSIBLE_SELECTIONS \
54
    (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)
55

56
struct dh_gen_ctx {
57
    OSSL_LIB_CTX *libctx;
58

59
    FFC_PARAMS *ffc_params;
60
    int selection;
61
    /* All these parameters are used for parameter generation only */
62
    /* If there is a group name then the remaining parameters are not needed */
63
    int group_nid;
64
    size_t pbits;
65
    size_t qbits;
66
    unsigned char *seed; /* optional FIPS186-4 param for testing */
67
    size_t seedlen;
68
    int gindex; /* optional  FIPS186-4 generator index (ignored if -1) */
69
    int gen_type; /* see dhtype2id */
70
    int generator; /* Used by DH_PARAMGEN_TYPE_GENERATOR in non fips mode only */
71
    int pcounter;
72
    int hindex;
73
    int priv_len;
74

75
    char *mdname;
76
    char *mdprops;
77
    OSSL_CALLBACK *cb;
78
    void *cbarg;
79
    int dh_type;
80
};
81

82
static int dh_gen_type_name2id_w_default(const char *name, int type)
83
{
84
    if (strcmp(name, "default") == 0) {
85
#ifdef FIPS_MODULE
86
        if (type == DH_FLAG_TYPE_DHX)
87
            return DH_PARAMGEN_TYPE_FIPS_186_4;
88

89
        return DH_PARAMGEN_TYPE_GROUP;
90
#else
91
        if (type == DH_FLAG_TYPE_DHX)
92
            return DH_PARAMGEN_TYPE_FIPS_186_2;
93

94
        return DH_PARAMGEN_TYPE_GENERATOR;
95
#endif
96
    }
97

98
    return ossl_dh_gen_type_name2id(name, type);
99
}
100

101
static void *dh_newdata(void *provctx)
102
{
103
    DH *dh = NULL;
104

105
    if (ossl_prov_is_running()) {
106
        dh = ossl_dh_new_ex(PROV_LIBCTX_OF(provctx));
107
        if (dh != NULL) {
108
            DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
109
            DH_set_flags(dh, DH_FLAG_TYPE_DH);
110
        }
111
    }
112
    return dh;
113
}
114

115
static void *dhx_newdata(void *provctx)
116
{
117
    DH *dh = NULL;
118

119
    dh = ossl_dh_new_ex(PROV_LIBCTX_OF(provctx));
120
    if (dh != NULL) {
121
        DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
122
        DH_set_flags(dh, DH_FLAG_TYPE_DHX);
123
    }
124
    return dh;
125
}
126

127
static void dh_freedata(void *keydata)
128
{
129
    DH_free(keydata);
130
}
131

132
static int dh_has(const void *keydata, int selection)
133
{
134
    const DH *dh = keydata;
135
    int ok = 1;
136

137
    if (!ossl_prov_is_running() || dh == NULL)
138
        return 0;
139
    if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
140
        return 1; /* the selection is not missing */
141

142
    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
143
        ok = ok && (DH_get0_pub_key(dh) != NULL);
144
    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
145
        ok = ok && (DH_get0_priv_key(dh) != NULL);
146
    if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
147
        ok = ok && (DH_get0_p(dh) != NULL && DH_get0_g(dh) != NULL);
148
    return ok;
149
}
150

151
static int dh_match(const void *keydata1, const void *keydata2, int selection)
152
{
153
    const DH *dh1 = keydata1;
154
    const DH *dh2 = keydata2;
155
    int ok = 1;
156

157
    if (!ossl_prov_is_running())
158
        return 0;
159

160
    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
161
        int key_checked = 0;
162

163
        if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
164
            const BIGNUM *pa = DH_get0_pub_key(dh1);
165
            const BIGNUM *pb = DH_get0_pub_key(dh2);
166

167
            if (pa != NULL && pb != NULL) {
168
                ok = ok && BN_cmp(pa, pb) == 0;
169
                key_checked = 1;
170
            }
171
        }
172
        if (!key_checked
173
            && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
174
            const BIGNUM *pa = DH_get0_priv_key(dh1);
175
            const BIGNUM *pb = DH_get0_priv_key(dh2);
176

177
            if (pa != NULL && pb != NULL) {
178
                ok = ok && BN_cmp(pa, pb) == 0;
179
                key_checked = 1;
180
            }
181
        }
182
        ok = ok && key_checked;
183
    }
184
    if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
185
        FFC_PARAMS *dhparams1 = ossl_dh_get0_params((DH *)dh1);
186
        FFC_PARAMS *dhparams2 = ossl_dh_get0_params((DH *)dh2);
187

188
        ok = ok && ossl_ffc_params_cmp(dhparams1, dhparams2, 1);
189
    }
190
    return ok;
191
}
192

193
static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
194
{
195
    DH *dh = keydata;
196
    int ok = 1;
197

198
    if (!ossl_prov_is_running() || dh == NULL)
199
        return 0;
200

201
    if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
202
        return 0;
203

204
    /* a key without parameters is meaningless */
205
    ok = ok && ossl_dh_params_fromdata(dh, params);
206

207
    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
208
        int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
209

210
        ok = ok && ossl_dh_key_fromdata(dh, params, include_private);
211
    }
212

213
    return ok;
214
}
215

216
static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
217
    void *cbarg)
218
{
219
    DH *dh = keydata;
220
    OSSL_PARAM_BLD *tmpl = NULL;
221
    OSSL_PARAM *params = NULL;
222
    int ok = 1;
223

224
    if (!ossl_prov_is_running() || dh == NULL)
225
        return 0;
226

227
    if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
228
        return 0;
229

230
    tmpl = OSSL_PARAM_BLD_new();
231
    if (tmpl == NULL)
232
        return 0;
233

234
    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
235
        ok = ok && ossl_dh_params_todata(dh, tmpl, NULL);
236

237
    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
238
        int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
239

240
        ok = ok && ossl_dh_key_todata(dh, tmpl, NULL, include_private);
241
    }
242

243
    if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
244
        ok = 0;
245
        goto err;
246
    }
247

248
    ok = param_cb(params, cbarg);
249
    OSSL_PARAM_free(params);
250
err:
251
    OSSL_PARAM_BLD_free(tmpl);
252
    return ok;
253
}
254

255
/* IMEXPORT = IMPORT + EXPORT */
256

257
#define DH_IMEXPORTABLE_PARAMETERS                                  \
258
    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0),                  \
259
        OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0),              \
260
        OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0),              \
261
        OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0),       \
262
        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL),           \
263
        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),         \
264
        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),                \
265
        OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),          \
266
        OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0), \
267
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0)
268
#define DH_IMEXPORTABLE_PUBLIC_KEY \
269
    OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
270
#define DH_IMEXPORTABLE_PRIVATE_KEY \
271
    OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
272
static const OSSL_PARAM dh_all_types[] = {
273
    DH_IMEXPORTABLE_PARAMETERS,
274
    DH_IMEXPORTABLE_PUBLIC_KEY,
275
    DH_IMEXPORTABLE_PRIVATE_KEY,
276
    OSSL_PARAM_END
277
};
278
static const OSSL_PARAM dh_parameter_types[] = {
279
    DH_IMEXPORTABLE_PARAMETERS,
280
    OSSL_PARAM_END
281
};
282
static const OSSL_PARAM dh_key_types[] = {
283
    DH_IMEXPORTABLE_PUBLIC_KEY,
284
    DH_IMEXPORTABLE_PRIVATE_KEY,
285
    OSSL_PARAM_END
286
};
287
static const OSSL_PARAM *dh_types[] = {
288
    NULL, /* Index 0 = none of them */
289
    dh_parameter_types, /* Index 1 = parameter types */
290
    dh_key_types, /* Index 2 = key types */
291
    dh_all_types /* Index 3 = 1 + 2 */
292
};
293

294
static const OSSL_PARAM *dh_imexport_types(int selection)
295
{
296
    int type_select = 0;
297

298
    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
299
        type_select += 1;
300
    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
301
        type_select += 2;
302
    return dh_types[type_select];
303
}
304

305
static const OSSL_PARAM *dh_import_types(int selection)
306
{
307
    return dh_imexport_types(selection);
308
}
309

310
static const OSSL_PARAM *dh_export_types(int selection)
311
{
312
    return dh_imexport_types(selection);
313
}
314

315
static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])
316
{
317
    DH *dh = key;
318
    OSSL_PARAM *p;
319

320
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
321
        && !OSSL_PARAM_set_int(p, DH_bits(dh)))
322
        return 0;
323
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
324
        && !OSSL_PARAM_set_int(p, DH_security_bits(dh)))
325
        return 0;
326
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
327
        && !OSSL_PARAM_set_int(p, DH_size(dh)))
328
        return 0;
329
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) {
330
        if (p->data_type != OSSL_PARAM_OCTET_STRING)
331
            return 0;
332
        p->return_size = ossl_dh_key2buf(dh, (unsigned char **)&p->data,
333
            p->data_size, 0);
334
        if (p->return_size == 0)
335
            return 0;
336
    }
337

338
    return ossl_dh_params_todata(dh, NULL, params)
339
        && ossl_dh_key_todata(dh, NULL, params, 1);
340
}
341

342
static const OSSL_PARAM dh_params[] = {
343
    OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
344
    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
345
    OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
346
    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
347
    DH_IMEXPORTABLE_PARAMETERS,
348
    DH_IMEXPORTABLE_PUBLIC_KEY,
349
    DH_IMEXPORTABLE_PRIVATE_KEY,
350
    OSSL_PARAM_END
351
};
352

353
static const OSSL_PARAM *dh_gettable_params(void *provctx)
354
{
355
    return dh_params;
356
}
357

358
static const OSSL_PARAM dh_known_settable_params[] = {
359
    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
360
    OSSL_PARAM_END
361
};
362

363
static const OSSL_PARAM *dh_settable_params(void *provctx)
364
{
365
    return dh_known_settable_params;
366
}
367

368
static int dh_set_params(void *key, const OSSL_PARAM params[])
369
{
370
    DH *dh = key;
371
    const OSSL_PARAM *p;
372

373
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
374
    if (p != NULL
375
        && (p->data_type != OSSL_PARAM_OCTET_STRING
376
            || !ossl_dh_buf2key(dh, p->data, p->data_size)))
377
        return 0;
378

379
    return 1;
380
}
381

382
static int dh_validate_public(const DH *dh, int checktype)
383
{
384
    const BIGNUM *pub_key = NULL;
385
    int res = 0;
386

387
    DH_get0_key(dh, &pub_key, NULL);
388
    if (pub_key == NULL)
389
        return 0;
390

391
    /*
392
     * The partial test is only valid for named group's with q = (p - 1) / 2
393
     * but for that case it is also fully sufficient to check the key validity.
394
     */
395
    if (ossl_dh_is_named_safe_prime_group(dh))
396
        return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
397

398
    return DH_check_pub_key_ex(dh, pub_key);
399
}
400

401
static int dh_validate_private(const DH *dh)
402
{
403
    int status = 0;
404
    const BIGNUM *priv_key = NULL;
405

406
    DH_get0_key(dh, NULL, &priv_key);
407
    if (priv_key == NULL)
408
        return 0;
409
    return ossl_dh_check_priv_key(dh, priv_key, &status);
410
}
411

412
static int dh_validate(const void *keydata, int selection, int checktype)
413
{
414
    const DH *dh = keydata;
415
    int ok = 1;
416

417
    if (!ossl_prov_is_running())
418
        return 0;
419

420
    if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
421
        return 1; /* nothing to validate */
422

423
    if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
424
        /*
425
         * Both of these functions check parameters. DH_check_params_ex()
426
         * performs a lightweight check (e.g. it does not check that p is a
427
         * safe prime)
428
         */
429
        if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
430
            ok = ok && DH_check_params_ex(dh);
431
        else
432
            ok = ok && DH_check_ex(dh);
433
    }
434

435
    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
436
        ok = ok && dh_validate_public(dh, checktype);
437

438
    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
439
        ok = ok && dh_validate_private(dh);
440

441
    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
442
        == OSSL_KEYMGMT_SELECT_KEYPAIR)
443
        ok = ok && ossl_dh_check_pairwise(dh, 0);
444
    return ok;
445
}
446

447
static void *dh_gen_init_base(void *provctx, int selection,
448
    const OSSL_PARAM params[], int type)
449
{
450
    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);
451
    struct dh_gen_ctx *gctx = NULL;
452

453
    if (!ossl_prov_is_running())
454
        return NULL;
455

456
    if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
457
        return NULL;
458

459
    if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
460
        gctx->selection = selection;
461
        gctx->libctx = libctx;
462
        gctx->pbits = 2048;
463
        gctx->qbits = 224;
464
        gctx->mdname = NULL;
465
#ifdef FIPS_MODULE
466
        gctx->gen_type = (type == DH_FLAG_TYPE_DHX)
467
            ? DH_PARAMGEN_TYPE_FIPS_186_4
468
            : DH_PARAMGEN_TYPE_GROUP;
469
#else
470
        gctx->gen_type = (type == DH_FLAG_TYPE_DHX)
471
            ? DH_PARAMGEN_TYPE_FIPS_186_2
472
            : DH_PARAMGEN_TYPE_GENERATOR;
473
#endif
474
        gctx->gindex = -1;
475
        gctx->hindex = 0;
476
        gctx->pcounter = -1;
477
        gctx->generator = DH_GENERATOR_2;
478
        gctx->dh_type = type;
479
    }
480
    if (!dh_gen_set_params(gctx, params)) {
481
        OPENSSL_free(gctx);
482
        gctx = NULL;
483
    }
484
    return gctx;
485
}
486

487
static void *dh_gen_init(void *provctx, int selection,
488
    const OSSL_PARAM params[])
489
{
490
    return dh_gen_init_base(provctx, selection, params, DH_FLAG_TYPE_DH);
491
}
492

493
static void *dhx_gen_init(void *provctx, int selection,
494
    const OSSL_PARAM params[])
495
{
496
    return dh_gen_init_base(provctx, selection, params, DH_FLAG_TYPE_DHX);
497
}
498

499
static int dh_gen_set_template(void *genctx, void *templ)
500
{
501
    struct dh_gen_ctx *gctx = genctx;
502
    DH *dh = templ;
503

504
    if (!ossl_prov_is_running() || gctx == NULL || dh == NULL)
505
        return 0;
506
    gctx->ffc_params = ossl_dh_get0_params(dh);
507
    return 1;
508
}
509

510
static int dh_set_gen_seed(struct dh_gen_ctx *gctx, unsigned char *seed,
511
    size_t seedlen)
512
{
513
    OPENSSL_clear_free(gctx->seed, gctx->seedlen);
514
    gctx->seed = NULL;
515
    gctx->seedlen = 0;
516
    if (seed != NULL && seedlen > 0) {
517
        gctx->seed = OPENSSL_memdup(seed, seedlen);
518
        if (gctx->seed == NULL)
519
            return 0;
520
        gctx->seedlen = seedlen;
521
    }
522
    return 1;
523
}
524

525
static int dh_gen_common_set_params(void *genctx, const OSSL_PARAM params[])
526
{
527
    struct dh_gen_ctx *gctx = genctx;
528
    const OSSL_PARAM *p;
529
    int gen_type = -1;
530

531
    if (gctx == NULL)
532
        return 0;
533
    if (ossl_param_is_empty(params))
534
        return 1;
535

536
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE);
537
    if (p != NULL) {
538
        if (p->data_type != OSSL_PARAM_UTF8_STRING
539
            || ((gen_type = dh_gen_type_name2id_w_default(p->data, gctx->dh_type)) == -1)) {
540
            ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
541
            return 0;
542
        }
543
        if (gen_type != -1)
544
            gctx->gen_type = gen_type;
545
    }
546
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
547
    if (p != NULL) {
548
        const DH_NAMED_GROUP *group = NULL;
549

550
        if (p->data_type != OSSL_PARAM_UTF8_STRING
551
            || p->data == NULL
552
            || (group = ossl_ffc_name_to_dh_named_group(p->data)) == NULL
553
            || ((gctx->group_nid = ossl_ffc_named_group_get_uid(group)) == NID_undef)) {
554
            ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
555
            return 0;
556
        }
557
    }
558
    if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PBITS)) != NULL
559
        && !OSSL_PARAM_get_size_t(p, &gctx->pbits))
560
        return 0;
561
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
562
    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->priv_len))
563
        return 0;
564
    return 1;
565
}
566

567
static const OSSL_PARAM *dh_gen_settable_params(ossl_unused void *genctx,
568
    ossl_unused void *provctx)
569
{
570
    static const OSSL_PARAM dh_gen_settable[] = {
571
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
572
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
573
        OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),
574
        OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),
575
        OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_GENERATOR, NULL),
576
        OSSL_PARAM_END
577
    };
578
    return dh_gen_settable;
579
}
580

581
static const OSSL_PARAM *dhx_gen_settable_params(ossl_unused void *genctx,
582
    ossl_unused void *provctx)
583
{
584
    static const OSSL_PARAM dhx_gen_settable[] = {
585
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
586
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
587
        OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),
588
        OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),
589
        OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL),
590
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, NULL, 0),
591
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0),
592
        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL),
593
        OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0),
594
        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),
595
        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),
596
        OSSL_PARAM_END
597
    };
598
    return dhx_gen_settable;
599
}
600

601
static int dhx_gen_set_params(void *genctx, const OSSL_PARAM params[])
602
{
603
    struct dh_gen_ctx *gctx = genctx;
604
    const OSSL_PARAM *p;
605

606
    if (!dh_gen_common_set_params(genctx, params))
607
        return 0;
608

609
    /* Parameters related to fips186-4 and fips186-2 */
610
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX);
611
    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->gindex))
612
        return 0;
613
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER);
614
    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->pcounter))
615
        return 0;
616
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);
617
    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->hindex))
618
        return 0;
619
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED);
620
    if (p != NULL
621
        && (p->data_type != OSSL_PARAM_OCTET_STRING
622
            || !dh_set_gen_seed(gctx, p->data, p->data_size)))
623
        return 0;
624
    if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_QBITS)) != NULL
625
        && !OSSL_PARAM_get_size_t(p, &gctx->qbits))
626
        return 0;
627
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST);
628
    if (p != NULL) {
629
        if (p->data_type != OSSL_PARAM_UTF8_STRING)
630
            return 0;
631
        OPENSSL_free(gctx->mdname);
632
        gctx->mdname = OPENSSL_strdup(p->data);
633
        if (gctx->mdname == NULL)
634
            return 0;
635
    }
636
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);
637
    if (p != NULL) {
638
        if (p->data_type != OSSL_PARAM_UTF8_STRING)
639
            return 0;
640
        OPENSSL_free(gctx->mdprops);
641
        gctx->mdprops = OPENSSL_strdup(p->data);
642
        if (gctx->mdprops == NULL)
643
            return 0;
644
    }
645

646
    /* Parameters that are not allowed for DHX */
647
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GENERATOR);
648
    if (p != NULL) {
649
        ERR_raise(ERR_LIB_PROV, ERR_R_UNSUPPORTED);
650
        return 0;
651
    }
652
    return 1;
653
}
654

655
static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
656
{
657
    struct dh_gen_ctx *gctx = genctx;
658
    const OSSL_PARAM *p;
659

660
    if (!dh_gen_common_set_params(genctx, params))
661
        return 0;
662

663
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GENERATOR);
664
    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->generator))
665
        return 0;
666

667
    /* Parameters that are not allowed for DH */
668
    if (OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX) != NULL
669
        || OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER) != NULL
670
        || OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H) != NULL
671
        || OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED) != NULL
672
        || OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_QBITS) != NULL
673
        || OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST) != NULL
674
        || OSSL_PARAM_locate_const(params,
675
               OSSL_PKEY_PARAM_FFC_DIGEST_PROPS)
676
            != NULL) {
677
        ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
678
        return 0;
679
    }
680
    return 1;
681
}
682

683
static int dh_gencb(int p, int n, BN_GENCB *cb)
684
{
685
    struct dh_gen_ctx *gctx = BN_GENCB_get_arg(cb);
686
    OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
687

688
    params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p);
689
    params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n);
690

691
    return gctx->cb(params, gctx->cbarg);
692
}
693

694
static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
695
{
696
    int ret = 0;
697
    struct dh_gen_ctx *gctx = genctx;
698
    DH *dh = NULL;
699
    BN_GENCB *gencb = NULL;
700
    FFC_PARAMS *ffc;
701

702
    if (!ossl_prov_is_running() || gctx == NULL)
703
        return NULL;
704

705
    /*
706
     * If a group name is selected then the type is group regardless of what
707
     * the user selected. This overrides rather than errors for backwards
708
     * compatibility.
709
     */
710
    if (gctx->group_nid != NID_undef)
711
        gctx->gen_type = DH_PARAMGEN_TYPE_GROUP;
712

713
    /*
714
     * Do a bounds check on context gen_type. Must be in range:
715
     * DH_PARAMGEN_TYPE_GENERATOR <= gen_type <= DH_PARAMGEN_TYPE_GROUP
716
     * Noted here as this needs to be adjusted if a new group type is
717
     * added.
718
     */
719
    if (!ossl_assert((gctx->gen_type >= DH_PARAMGEN_TYPE_GENERATOR)
720
            && (gctx->gen_type <= DH_PARAMGEN_TYPE_GROUP))) {
721
        ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR,
722
            "gen_type set to unsupported value %d", gctx->gen_type);
723
        return NULL;
724
    }
725

726
    /* For parameter generation - If there is a group name just create it */
727
    if (gctx->gen_type == DH_PARAMGEN_TYPE_GROUP
728
        && gctx->ffc_params == NULL) {
729
        /* Select a named group if there is not one already */
730
        if (gctx->group_nid == NID_undef)
731
            gctx->group_nid = ossl_dh_get_named_group_uid_from_size(gctx->pbits);
732
        if (gctx->group_nid == NID_undef)
733
            return NULL;
734
        dh = ossl_dh_new_by_nid_ex(gctx->libctx, gctx->group_nid);
735
        if (dh == NULL)
736
            return NULL;
737
        ffc = ossl_dh_get0_params(dh);
738
    } else {
739
        dh = ossl_dh_new_ex(gctx->libctx);
740
        if (dh == NULL)
741
            return NULL;
742
        ffc = ossl_dh_get0_params(dh);
743

744
        /* Copy the template value if one was passed */
745
        if (gctx->ffc_params != NULL
746
            && !ossl_ffc_params_copy(ffc, gctx->ffc_params))
747
            goto end;
748

749
        if (!ossl_ffc_params_set_seed(ffc, gctx->seed, gctx->seedlen))
750
            goto end;
751
        if (gctx->gindex != -1) {
752
            ossl_ffc_params_set_gindex(ffc, gctx->gindex);
753
            if (gctx->pcounter != -1)
754
                ossl_ffc_params_set_pcounter(ffc, gctx->pcounter);
755
        } else if (gctx->hindex != 0) {
756
            ossl_ffc_params_set_h(ffc, gctx->hindex);
757
        }
758
        if (gctx->mdname != NULL)
759
            ossl_ffc_set_digest(ffc, gctx->mdname, gctx->mdprops);
760
        gctx->cb = osslcb;
761
        gctx->cbarg = cbarg;
762
        gencb = BN_GENCB_new();
763
        if (gencb != NULL)
764
            BN_GENCB_set(gencb, dh_gencb, genctx);
765

766
        if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
767
            /*
768
             * NOTE: The old safe prime generator code is not used in fips mode,
769
             * (i.e internally it ignores the generator and chooses a named
770
             * group based on pbits.
771
             */
772
            if (gctx->gen_type == DH_PARAMGEN_TYPE_GENERATOR)
773
                ret = DH_generate_parameters_ex(dh, gctx->pbits,
774
                    gctx->generator, gencb);
775
            else
776
                ret = ossl_dh_generate_ffc_parameters(dh, gctx->gen_type,
777
                    gctx->pbits, gctx->qbits,
778
                    gencb);
779
            if (ret <= 0)
780
                goto end;
781
        }
782
    }
783

784
    if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
785
        if (ffc->p == NULL || ffc->g == NULL)
786
            goto end;
787
        if (gctx->priv_len > 0)
788
            DH_set_length(dh, (long)gctx->priv_len);
789
        ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY,
790
            gctx->gen_type == DH_PARAMGEN_TYPE_FIPS_186_2);
791
        if (DH_generate_key(dh) <= 0)
792
            goto end;
793
#ifdef FIPS_MODULE
794
        if (!ossl_fips_self_testing()) {
795
            ret = ossl_dh_check_pairwise(dh, 0);
796
            if (ret <= 0) {
797
                ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
798
                goto end;
799
            }
800
        }
801
#endif /* FIPS_MODULE */
802
    }
803
    DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
804
    DH_set_flags(dh, gctx->dh_type);
805

806
    ret = 1;
807
end:
808
    if (ret <= 0) {
809
        DH_free(dh);
810
        dh = NULL;
811
    }
812
    BN_GENCB_free(gencb);
813
    return dh;
814
}
815

816
static void dh_gen_cleanup(void *genctx)
817
{
818
    struct dh_gen_ctx *gctx = genctx;
819

820
    if (gctx == NULL)
821
        return;
822

823
    OPENSSL_free(gctx->mdname);
824
    OPENSSL_free(gctx->mdprops);
825
    OPENSSL_clear_free(gctx->seed, gctx->seedlen);
826
    OPENSSL_free(gctx);
827
}
828

829
static void *dh_load(const void *reference, size_t reference_sz)
830
{
831
    DH *dh = NULL;
832

833
    if (ossl_prov_is_running() && reference_sz == sizeof(dh)) {
834
        /* The contents of the reference is the address to our object */
835
        dh = *(DH **)reference;
836
        /* We grabbed, so we detach it */
837
        *(DH **)reference = NULL;
838
        return dh;
839
    }
840
    return NULL;
841
}
842

843
static void *dh_dup(const void *keydata_from, int selection)
844
{
845
    if (ossl_prov_is_running())
846
        return ossl_dh_dup(keydata_from, selection);
847
    return NULL;
848
}
849

850
const OSSL_DISPATCH ossl_dh_keymgmt_functions[] = {
851
    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dh_newdata },
852
    { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dh_gen_init },
853
    { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dh_gen_set_template },
854
    { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dh_gen_set_params },
855
    { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
856
        (void (*)(void))dh_gen_settable_params },
857
    { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dh_gen },
858
    { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dh_gen_cleanup },
859
    { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))dh_load },
860
    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata },
861
    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))dh_get_params },
862
    { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))dh_gettable_params },
863
    { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))dh_set_params },
864
    { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))dh_settable_params },
865
    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has },
866
    { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dh_match },
867
    { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dh_validate },
868
    { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dh_import },
869
    { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dh_import_types },
870
    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export },
871
    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dh_export_types },
872
    { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))dh_dup },
873
    OSSL_DISPATCH_END
874
};
875

876
/* For any DH key, we use the "DH" algorithms regardless of sub-type. */
877
static const char *dhx_query_operation_name(int operation_id)
878
{
879
    return "DH";
880
}
881

882
const OSSL_DISPATCH ossl_dhx_keymgmt_functions[] = {
883
    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dhx_newdata },
884
    { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dhx_gen_init },
885
    { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dh_gen_set_template },
886
    { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dhx_gen_set_params },
887
    { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
888
        (void (*)(void))dhx_gen_settable_params },
889
    { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dh_gen },
890
    { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dh_gen_cleanup },
891
    { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))dh_load },
892
    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata },
893
    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))dh_get_params },
894
    { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))dh_gettable_params },
895
    { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))dh_set_params },
896
    { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))dh_settable_params },
897
    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has },
898
    { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dh_match },
899
    { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dh_validate },
900
    { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dh_import },
901
    { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dh_import_types },
902
    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export },
903
    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dh_export_types },
904
    { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME,
905
        (void (*)(void))dhx_query_operation_name },
906
    { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))dh_dup },
907
    OSSL_DISPATCH_END
908
};
909

910