Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c
48292 views
1
/*

2
 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
/*

11
 * DH low level APIs are deprecated for public use, but still ok for

12
 * internal use.

13
 */

14
#include "internal/deprecated.h"

15
#include "internal/common.h"

16


17
#include <string.h> /* strcmp */

18
#include <openssl/core_dispatch.h>

19
#include <openssl/core_names.h>

20
#include <openssl/bn.h>

21
#include <openssl/err.h>

22
#include <openssl/self_test.h>

23
#include "prov/implementations.h"

24
#include "prov/providercommon.h"

25
#include "prov/provider_ctx.h"

26
#include "crypto/dh.h"

27
#include "internal/fips.h"

28
#include "internal/sizes.h"

29


30
static OSSL_FUNC_keymgmt_new_fn dh_newdata;

31
static OSSL_FUNC_keymgmt_free_fn dh_freedata;

32
static OSSL_FUNC_keymgmt_gen_init_fn dh_gen_init;

33
static OSSL_FUNC_keymgmt_gen_init_fn dhx_gen_init;

34
static OSSL_FUNC_keymgmt_gen_set_template_fn dh_gen_set_template;

35
static OSSL_FUNC_keymgmt_gen_set_params_fn dh_gen_set_params;

36
static OSSL_FUNC_keymgmt_gen_settable_params_fn dh_gen_settable_params;

37
static OSSL_FUNC_keymgmt_gen_fn dh_gen;

38
static OSSL_FUNC_keymgmt_gen_cleanup_fn dh_gen_cleanup;

39
static OSSL_FUNC_keymgmt_load_fn dh_load;

40
static OSSL_FUNC_keymgmt_get_params_fn dh_get_params;

41
static OSSL_FUNC_keymgmt_gettable_params_fn dh_gettable_params;

42
static OSSL_FUNC_keymgmt_set_params_fn dh_set_params;

43
static OSSL_FUNC_keymgmt_settable_params_fn dh_settable_params;

44
static OSSL_FUNC_keymgmt_has_fn dh_has;

45
static OSSL_FUNC_keymgmt_match_fn dh_match;

46
static OSSL_FUNC_keymgmt_validate_fn dh_validate;

47
static OSSL_FUNC_keymgmt_import_fn dh_import;

48
static OSSL_FUNC_keymgmt_import_types_fn dh_import_types;

49
static OSSL_FUNC_keymgmt_export_fn dh_export;

50
static OSSL_FUNC_keymgmt_export_types_fn dh_export_types;

51
static OSSL_FUNC_keymgmt_dup_fn dh_dup;

52


53
#define DH_POSSIBLE_SELECTIONS                                                 \

54
    (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)

55


56
struct dh_gen_ctx {

57
    OSSL_LIB_CTX *libctx;

58


59
    FFC_PARAMS *ffc_params;

60
    int selection;

61
    /* All these parameters are used for parameter generation only */

62
    /* If there is a group name then the remaining parameters are not needed */

63
    int group_nid;

64
    size_t pbits;

65
    size_t qbits;

66
    unsigned char *seed; /* optional FIPS186-4 param for testing */

67
    size_t seedlen;

68
    int gindex; /* optional  FIPS186-4 generator index (ignored if -1) */

69
    int gen_type; /* see dhtype2id */

70
    int generator; /* Used by DH_PARAMGEN_TYPE_GENERATOR in non fips mode only */

71
    int pcounter;

72
    int hindex;

73
    int priv_len;

74


75
    char *mdname;

76
    char *mdprops;

77
    OSSL_CALLBACK *cb;

78
    void *cbarg;

79
    int dh_type;

80
};

81


82
static int dh_gen_type_name2id_w_default(const char *name, int type)

83
{

84
    if (strcmp(name, "default") == 0) {

85
#ifdef FIPS_MODULE

86
        if (type == DH_FLAG_TYPE_DHX)

87
            return DH_PARAMGEN_TYPE_FIPS_186_4;

88


89
        return DH_PARAMGEN_TYPE_GROUP;

90
#else

91
        if (type == DH_FLAG_TYPE_DHX)

92
            return DH_PARAMGEN_TYPE_FIPS_186_2;

93


94
        return DH_PARAMGEN_TYPE_GENERATOR;

95
#endif

96
    }

97


98
    return ossl_dh_gen_type_name2id(name, type);

99
}

100


101
static void *dh_newdata(void *provctx)

102
{

103
    DH *dh = NULL;

104


105
    if (ossl_prov_is_running()) {

106
        dh = ossl_dh_new_ex(PROV_LIBCTX_OF(provctx));

107
        if (dh != NULL) {

108
            DH_clear_flags(dh, DH_FLAG_TYPE_MASK);

109
            DH_set_flags(dh, DH_FLAG_TYPE_DH);

110
        }

111
    }

112
    return dh;

113
}

114


115
static void *dhx_newdata(void *provctx)

116
{

117
    DH *dh = NULL;

118


119
    dh = ossl_dh_new_ex(PROV_LIBCTX_OF(provctx));

120
    if (dh != NULL) {

121
        DH_clear_flags(dh, DH_FLAG_TYPE_MASK);

122
        DH_set_flags(dh, DH_FLAG_TYPE_DHX);

123
    }

124
    return dh;

125
}

126


127
static void dh_freedata(void *keydata)

128
{

129
    DH_free(keydata);

130
}

131


132
static int dh_has(const void *keydata, int selection)

133
{

134
    const DH *dh = keydata;

135
    int ok = 1;

136


137
    if (!ossl_prov_is_running() || dh == NULL)

138
        return 0;

139
    if ((selection & DH_POSSIBLE_SELECTIONS) == 0)

140
        return 1; /* the selection is not missing */

141


142
    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)

143
        ok = ok && (DH_get0_pub_key(dh) != NULL);

144
    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)

145
        ok = ok && (DH_get0_priv_key(dh) != NULL);

146
    if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)

147
        ok = ok && (DH_get0_p(dh) != NULL && DH_get0_g(dh) != NULL);

148
    return ok;

149
}

150


151
static int dh_match(const void *keydata1, const void *keydata2, int selection)

152
{

153
    const DH *dh1 = keydata1;

154
    const DH *dh2 = keydata2;

155
    int ok = 1;

156


157
    if (!ossl_prov_is_running())

158
        return 0;

159


160
    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {

161
        int key_checked = 0;

162


163
        if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {

164
            const BIGNUM *pa = DH_get0_pub_key(dh1);

165
            const BIGNUM *pb = DH_get0_pub_key(dh2);

166


167
            if (pa != NULL && pb != NULL) {

168
                ok = ok && BN_cmp(pa, pb) == 0;

169
                key_checked = 1;

170
            }

171
        }

172
        if (!key_checked

173
            && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {

174
            const BIGNUM *pa = DH_get0_priv_key(dh1);

175
            const BIGNUM *pb = DH_get0_priv_key(dh2);

176


177
            if (pa != NULL && pb != NULL) {

178
                ok = ok && BN_cmp(pa, pb) == 0;

179
                key_checked = 1;

180
            }

181
        }

182
        ok = ok && key_checked;

183
    }

184
    if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {

185
        FFC_PARAMS *dhparams1 = ossl_dh_get0_params((DH *)dh1);

186
        FFC_PARAMS *dhparams2 = ossl_dh_get0_params((DH *)dh2);

187


188
        ok = ok && ossl_ffc_params_cmp(dhparams1, dhparams2, 1);

189
    }

190
    return ok;

191
}

192


193
static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])

194
{

195
    DH *dh = keydata;

196
    int ok = 1;

197


198
    if (!ossl_prov_is_running() || dh == NULL)

199
        return 0;

200


201
    if ((selection & DH_POSSIBLE_SELECTIONS) == 0)

202
        return 0;

203


204
    /* a key without parameters is meaningless */

205
    ok = ok && ossl_dh_params_fromdata(dh, params);

206


207
    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {

208
        int include_private =

209
            selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;

210


211
        ok = ok && ossl_dh_key_fromdata(dh, params, include_private);

212
    }

213


214
    return ok;

215
}

216


217
static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,

218
                     void *cbarg)

219
{

220
    DH *dh = keydata;

221
    OSSL_PARAM_BLD *tmpl = NULL;

222
    OSSL_PARAM *params = NULL;

223
    int ok = 1;

224


225
    if (!ossl_prov_is_running() || dh == NULL)

226
        return 0;

227


228
    if ((selection & DH_POSSIBLE_SELECTIONS) == 0)

229
        return 0;

230


231
    tmpl = OSSL_PARAM_BLD_new();

232
    if (tmpl == NULL)

233
        return 0;

234


235
    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)

236
        ok = ok && ossl_dh_params_todata(dh, tmpl, NULL);

237


238
    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {

239
        int include_private =

240
            selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;

241


242
        ok = ok && ossl_dh_key_todata(dh, tmpl, NULL, include_private);

243
    }

244


245
    if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {

246
        ok = 0;

247
        goto err;

248
    }

249


250
    ok = param_cb(params, cbarg);

251
    OSSL_PARAM_free(params);

252
err:

253
    OSSL_PARAM_BLD_free(tmpl);

254
    return ok;

255
}

256


257
/* IMEXPORT = IMPORT + EXPORT */

258


259
# define DH_IMEXPORTABLE_PARAMETERS                                            \

260
    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0),                             \

261
    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0),                             \

262
    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0),                             \

263
    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0),                      \

264
    OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL),                          \

265
    OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),                        \

266
    OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),                               \

267
    OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),                         \

268
    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0),                \

269
    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0)

270
# define DH_IMEXPORTABLE_PUBLIC_KEY                                            \

271
    OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)

272
# define DH_IMEXPORTABLE_PRIVATE_KEY                                           \

273
    OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)

274
static const OSSL_PARAM dh_all_types[] = {

275
    DH_IMEXPORTABLE_PARAMETERS,

276
    DH_IMEXPORTABLE_PUBLIC_KEY,

277
    DH_IMEXPORTABLE_PRIVATE_KEY,

278
    OSSL_PARAM_END

279
};

280
static const OSSL_PARAM dh_parameter_types[] = {

281
    DH_IMEXPORTABLE_PARAMETERS,

282
    OSSL_PARAM_END

283
};

284
static const OSSL_PARAM dh_key_types[] = {

285
    DH_IMEXPORTABLE_PUBLIC_KEY,

286
    DH_IMEXPORTABLE_PRIVATE_KEY,

287
    OSSL_PARAM_END

288
};

289
static const OSSL_PARAM *dh_types[] = {

290
    NULL,                        /* Index 0 = none of them */

291
    dh_parameter_types,          /* Index 1 = parameter types */

292
    dh_key_types,                /* Index 2 = key types */

293
    dh_all_types                 /* Index 3 = 1 + 2 */

294
};

295


296
static const OSSL_PARAM *dh_imexport_types(int selection)

297
{

298
    int type_select = 0;

299


300
    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)

301
        type_select += 1;

302
    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)

303
        type_select += 2;

304
    return dh_types[type_select];

305
}

306


307
static const OSSL_PARAM *dh_import_types(int selection)

308
{

309
    return dh_imexport_types(selection);

310
}

311


312
static const OSSL_PARAM *dh_export_types(int selection)

313
{

314
    return dh_imexport_types(selection);

315
}

316


317
static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])

318
{

319
    DH *dh = key;

320
    OSSL_PARAM *p;

321


322
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL

323
        && !OSSL_PARAM_set_int(p, DH_bits(dh)))

324
        return 0;

325
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL

326
        && !OSSL_PARAM_set_int(p, DH_security_bits(dh)))

327
        return 0;

328
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL

329
        && !OSSL_PARAM_set_int(p, DH_size(dh)))

330
        return 0;

331
    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) {

332
        if (p->data_type != OSSL_PARAM_OCTET_STRING)

333
            return 0;

334
        p->return_size = ossl_dh_key2buf(dh, (unsigned char **)&p->data,

335
                                         p->data_size, 0);

336
        if (p->return_size == 0)

337
            return 0;

338
    }

339


340
    return ossl_dh_params_todata(dh, NULL, params)

341
        && ossl_dh_key_todata(dh, NULL, params, 1);

342
}

343


344
static const OSSL_PARAM dh_params[] = {

345
    OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),

346
    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),

347
    OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),

348
    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),

349
    DH_IMEXPORTABLE_PARAMETERS,

350
    DH_IMEXPORTABLE_PUBLIC_KEY,

351
    DH_IMEXPORTABLE_PRIVATE_KEY,

352
    OSSL_PARAM_END

353
};

354


355
static const OSSL_PARAM *dh_gettable_params(void *provctx)

356
{

357
    return dh_params;

358
}

359


360
static const OSSL_PARAM dh_known_settable_params[] = {

361
    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),

362
    OSSL_PARAM_END

363
};

364


365
static const OSSL_PARAM *dh_settable_params(void *provctx)

366
{

367
    return dh_known_settable_params;

368
}

369


370
static int dh_set_params(void *key, const OSSL_PARAM params[])

371
{

372
    DH *dh = key;

373
    const OSSL_PARAM *p;

374


375
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);

376
    if (p != NULL

377
            && (p->data_type != OSSL_PARAM_OCTET_STRING

378
                || !ossl_dh_buf2key(dh, p->data, p->data_size)))

379
        return 0;

380


381
    return 1;

382
}

383


384
static int dh_validate_public(const DH *dh, int checktype)

385
{

386
    const BIGNUM *pub_key = NULL;

387
    int res = 0;

388


389
    DH_get0_key(dh, &pub_key, NULL);

390
    if (pub_key == NULL)

391
        return 0;

392


393
    /*

394
     * The partial test is only valid for named group's with q = (p - 1) / 2

395
     * but for that case it is also fully sufficient to check the key validity.

396
     */

397
    if (ossl_dh_is_named_safe_prime_group(dh))

398
        return ossl_dh_check_pub_key_partial(dh, pub_key, &res);

399


400
    return DH_check_pub_key_ex(dh, pub_key);

401
}

402


403
static int dh_validate_private(const DH *dh)

404
{

405
    int status = 0;

406
    const BIGNUM *priv_key = NULL;

407


408
    DH_get0_key(dh, NULL, &priv_key);

409
    if (priv_key == NULL)

410
        return 0;

411
    return ossl_dh_check_priv_key(dh, priv_key, &status);

412
}

413


414
static int dh_validate(const void *keydata, int selection, int checktype)

415
{

416
    const DH *dh = keydata;

417
    int ok = 1;

418


419
    if (!ossl_prov_is_running())

420
        return 0;

421


422
    if ((selection & DH_POSSIBLE_SELECTIONS) == 0)

423
        return 1; /* nothing to validate */

424


425
    if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {

426
        /*

427
         * Both of these functions check parameters. DH_check_params_ex()

428
         * performs a lightweight check (e.g. it does not check that p is a

429
         * safe prime)

430
         */

431
        if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)

432
            ok = ok && DH_check_params_ex(dh);

433
        else

434
            ok = ok && DH_check_ex(dh);

435
    }

436


437
    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)

438
        ok = ok && dh_validate_public(dh, checktype);

439


440
    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)

441
        ok = ok && dh_validate_private(dh);

442


443
    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)

444
            == OSSL_KEYMGMT_SELECT_KEYPAIR)

445
        ok = ok && ossl_dh_check_pairwise(dh, 0);

446
    return ok;

447
}

448


449
static void *dh_gen_init_base(void *provctx, int selection,

450
                              const OSSL_PARAM params[], int type)

451
{

452
    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);

453
    struct dh_gen_ctx *gctx = NULL;

454


455
    if (!ossl_prov_is_running())

456
        return NULL;

457


458
    if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR

459
                      | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)

460
        return NULL;

461


462
    if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {

463
        gctx->selection = selection;

464
        gctx->libctx = libctx;

465
        gctx->pbits = 2048;

466
        gctx->qbits = 224;

467
        gctx->mdname = NULL;

468
#ifdef FIPS_MODULE

469
        gctx->gen_type = (type == DH_FLAG_TYPE_DHX)

470
                         ? DH_PARAMGEN_TYPE_FIPS_186_4

471
                         : DH_PARAMGEN_TYPE_GROUP;

472
#else

473
        gctx->gen_type = (type == DH_FLAG_TYPE_DHX)

474
                         ? DH_PARAMGEN_TYPE_FIPS_186_2

475
                         : DH_PARAMGEN_TYPE_GENERATOR;

476
#endif

477
        gctx->gindex = -1;

478
        gctx->hindex = 0;

479
        gctx->pcounter = -1;

480
        gctx->generator = DH_GENERATOR_2;

481
        gctx->dh_type = type;

482
    }

483
    if (!dh_gen_set_params(gctx, params)) {

484
        OPENSSL_free(gctx);

485
        gctx = NULL;

486
    }

487
    return gctx;

488
}

489


490
static void *dh_gen_init(void *provctx, int selection,

491
                         const OSSL_PARAM params[])

492
{

493
    return dh_gen_init_base(provctx, selection, params, DH_FLAG_TYPE_DH);

494
}

495


496
static void *dhx_gen_init(void *provctx, int selection,

497
                          const OSSL_PARAM params[])

498
{

499
   return dh_gen_init_base(provctx, selection, params, DH_FLAG_TYPE_DHX);

500
}

501


502
static int dh_gen_set_template(void *genctx, void *templ)

503
{

504
    struct dh_gen_ctx *gctx = genctx;

505
    DH *dh = templ;

506


507
    if (!ossl_prov_is_running() || gctx == NULL || dh == NULL)

508
        return 0;

509
    gctx->ffc_params = ossl_dh_get0_params(dh);

510
    return 1;

511
}

512


513
static int dh_set_gen_seed(struct dh_gen_ctx *gctx, unsigned char *seed,

514
                           size_t seedlen)

515
{

516
    OPENSSL_clear_free(gctx->seed, gctx->seedlen);

517
    gctx->seed = NULL;

518
    gctx->seedlen = 0;

519
    if (seed != NULL && seedlen > 0) {

520
        gctx->seed = OPENSSL_memdup(seed, seedlen);

521
        if (gctx->seed == NULL)

522
            return 0;

523
        gctx->seedlen = seedlen;

524
    }

525
    return 1;

526
}

527


528
static int dh_gen_common_set_params(void *genctx, const OSSL_PARAM params[])

529
{

530
    struct dh_gen_ctx *gctx = genctx;

531
    const OSSL_PARAM *p;

532
    int gen_type = -1;

533


534
    if (gctx == NULL)

535
        return 0;

536
    if (ossl_param_is_empty(params))

537
        return 1;

538


539
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE);

540
    if (p != NULL) {

541
        if (p->data_type != OSSL_PARAM_UTF8_STRING

542
            || ((gen_type =

543
                 dh_gen_type_name2id_w_default(p->data, gctx->dh_type)) == -1)) {

544
            ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);

545
            return 0;

546
        }

547
        if (gen_type != -1)

548
            gctx->gen_type = gen_type;

549
    }

550
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);

551
    if (p != NULL) {

552
        const DH_NAMED_GROUP *group = NULL;

553


554
        if (p->data_type != OSSL_PARAM_UTF8_STRING

555
            || p->data == NULL

556
            || (group = ossl_ffc_name_to_dh_named_group(p->data)) == NULL

557
            || ((gctx->group_nid =

558
                 ossl_ffc_named_group_get_uid(group)) == NID_undef)) {

559
            ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);

560
            return 0;

561
        }

562
    }

563
    if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PBITS)) != NULL

564
        && !OSSL_PARAM_get_size_t(p, &gctx->pbits))

565
        return 0;

566
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);

567
    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->priv_len))

568
        return 0;

569
    return 1;

570
}

571


572
static const OSSL_PARAM *dh_gen_settable_params(ossl_unused void *genctx,

573
                                                ossl_unused void *provctx)

574
{

575
    static const OSSL_PARAM dh_gen_settable[] = {

576
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),

577
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),

578
        OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),

579
        OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),

580
        OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_GENERATOR, NULL),

581
        OSSL_PARAM_END

582
    };

583
    return dh_gen_settable;

584
}

585


586
static const OSSL_PARAM *dhx_gen_settable_params(ossl_unused void *genctx,

587
                                                 ossl_unused void *provctx)

588
{

589
    static const OSSL_PARAM dhx_gen_settable[] = {

590
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),

591
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),

592
        OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),

593
        OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),

594
        OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL),

595
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, NULL, 0),

596
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0),

597
        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL),

598
        OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0),

599
        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),

600
        OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),

601
        OSSL_PARAM_END

602
    };

603
    return dhx_gen_settable;

604
}

605


606
static int dhx_gen_set_params(void *genctx, const OSSL_PARAM params[])

607
{

608
    struct dh_gen_ctx *gctx = genctx;

609
    const OSSL_PARAM *p;

610


611
    if (!dh_gen_common_set_params(genctx, params))

612
        return 0;

613


614
    /* Parameters related to fips186-4 and fips186-2 */

615
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX);

616
    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->gindex))

617
        return 0;

618
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER);

619
    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->pcounter))

620
        return 0;

621
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);

622
    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->hindex))

623
        return 0;

624
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED);

625
    if (p != NULL

626
        && (p->data_type != OSSL_PARAM_OCTET_STRING

627
            || !dh_set_gen_seed(gctx, p->data, p->data_size)))

628
            return 0;

629
    if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_QBITS)) != NULL

630
        && !OSSL_PARAM_get_size_t(p, &gctx->qbits))

631
        return 0;

632
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST);

633
    if (p != NULL) {

634
        if (p->data_type != OSSL_PARAM_UTF8_STRING)

635
            return 0;

636
        OPENSSL_free(gctx->mdname);

637
        gctx->mdname = OPENSSL_strdup(p->data);

638
        if (gctx->mdname == NULL)

639
            return 0;

640
    }

641
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);

642
    if (p != NULL) {

643
        if (p->data_type != OSSL_PARAM_UTF8_STRING)

644
            return 0;

645
        OPENSSL_free(gctx->mdprops);

646
        gctx->mdprops = OPENSSL_strdup(p->data);

647
        if (gctx->mdprops == NULL)

648
            return 0;

649
    }

650


651
    /* Parameters that are not allowed for DHX */

652
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GENERATOR);

653
    if (p != NULL) {

654
        ERR_raise(ERR_LIB_PROV, ERR_R_UNSUPPORTED);

655
        return 0;

656
    }

657
    return 1;

658
}

659


660
static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])

661
{

662
    struct dh_gen_ctx *gctx = genctx;

663
    const OSSL_PARAM *p;

664


665
    if (!dh_gen_common_set_params(genctx, params))

666
        return 0;

667


668
    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GENERATOR);

669
    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->generator))

670
        return 0;

671


672
    /* Parameters that are not allowed for DH */

673
    if (OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX) != NULL

674
        || OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER) != NULL

675
        || OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H) != NULL

676
        || OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED) != NULL

677
        || OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_QBITS) != NULL

678
        || OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST) != NULL

679
        || OSSL_PARAM_locate_const(params,

680
                                   OSSL_PKEY_PARAM_FFC_DIGEST_PROPS) != NULL) {

681
        ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);

682
        return 0;

683
    }

684
    return 1;

685
}

686


687
static int dh_gencb(int p, int n, BN_GENCB *cb)

688
{

689
    struct dh_gen_ctx *gctx = BN_GENCB_get_arg(cb);

690
    OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };

691


692
    params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p);

693
    params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n);

694


695
    return gctx->cb(params, gctx->cbarg);

696
}

697


698
static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)

699
{

700
    int ret = 0;

701
    struct dh_gen_ctx *gctx = genctx;

702
    DH *dh = NULL;

703
    BN_GENCB *gencb = NULL;

704
    FFC_PARAMS *ffc;

705


706
    if (!ossl_prov_is_running() || gctx == NULL)

707
        return NULL;

708


709
    /*

710
     * If a group name is selected then the type is group regardless of what

711
     * the user selected. This overrides rather than errors for backwards

712
     * compatibility.

713
     */

714
    if (gctx->group_nid != NID_undef)

715
        gctx->gen_type = DH_PARAMGEN_TYPE_GROUP;

716


717
    /*

718
     * Do a bounds check on context gen_type. Must be in range:

719
     * DH_PARAMGEN_TYPE_GENERATOR <= gen_type <= DH_PARAMGEN_TYPE_GROUP

720
     * Noted here as this needs to be adjusted if a new group type is

721
     * added.

722
     */

723
    if (!ossl_assert((gctx->gen_type >= DH_PARAMGEN_TYPE_GENERATOR)

724
                    && (gctx->gen_type <= DH_PARAMGEN_TYPE_GROUP))) {

725
        ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR,

726
                       "gen_type set to unsupported value %d", gctx->gen_type);

727
        return NULL;

728
    }

729


730
    /* For parameter generation - If there is a group name just create it */

731
    if (gctx->gen_type == DH_PARAMGEN_TYPE_GROUP

732
            && gctx->ffc_params == NULL) {

733
        /* Select a named group if there is not one already */

734
        if (gctx->group_nid == NID_undef)

735
            gctx->group_nid = ossl_dh_get_named_group_uid_from_size(gctx->pbits);

736
        if (gctx->group_nid == NID_undef)

737
            return NULL;

738
        dh = ossl_dh_new_by_nid_ex(gctx->libctx, gctx->group_nid);

739
        if (dh == NULL)

740
            return NULL;

741
        ffc = ossl_dh_get0_params(dh);

742
    } else {

743
        dh = ossl_dh_new_ex(gctx->libctx);

744
        if (dh == NULL)

745
            return NULL;

746
        ffc = ossl_dh_get0_params(dh);

747


748
        /* Copy the template value if one was passed */

749
        if (gctx->ffc_params != NULL

750
            && !ossl_ffc_params_copy(ffc, gctx->ffc_params))

751
            goto end;

752


753
        if (!ossl_ffc_params_set_seed(ffc, gctx->seed, gctx->seedlen))

754
            goto end;

755
        if (gctx->gindex != -1) {

756
            ossl_ffc_params_set_gindex(ffc, gctx->gindex);

757
            if (gctx->pcounter != -1)

758
                ossl_ffc_params_set_pcounter(ffc, gctx->pcounter);

759
        } else if (gctx->hindex != 0) {

760
            ossl_ffc_params_set_h(ffc, gctx->hindex);

761
        }

762
        if (gctx->mdname != NULL)

763
            ossl_ffc_set_digest(ffc, gctx->mdname, gctx->mdprops);

764
        gctx->cb = osslcb;

765
        gctx->cbarg = cbarg;

766
        gencb = BN_GENCB_new();

767
        if (gencb != NULL)

768
            BN_GENCB_set(gencb, dh_gencb, genctx);

769


770
        if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {

771
            /*

772
             * NOTE: The old safe prime generator code is not used in fips mode,

773
             * (i.e internally it ignores the generator and chooses a named

774
             * group based on pbits.

775
             */

776
            if (gctx->gen_type == DH_PARAMGEN_TYPE_GENERATOR)

777
                ret = DH_generate_parameters_ex(dh, gctx->pbits,

778
                                                gctx->generator, gencb);

779
            else

780
                ret = ossl_dh_generate_ffc_parameters(dh, gctx->gen_type,

781
                                                      gctx->pbits, gctx->qbits,

782
                                                      gencb);

783
            if (ret <= 0)

784
                goto end;

785
        }

786
    }

787


788
    if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {

789
        if (ffc->p == NULL || ffc->g == NULL)

790
            goto end;

791
        if (gctx->priv_len > 0)

792
            DH_set_length(dh, (long)gctx->priv_len);

793
        ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY,

794
                                     gctx->gen_type == DH_PARAMGEN_TYPE_FIPS_186_2);

795
        if (DH_generate_key(dh) <= 0)

796
            goto end;

797
#ifdef FIPS_MODULE

798
        if (!ossl_fips_self_testing()) {

799
            ret = ossl_dh_check_pairwise(dh, 0);

800
            if (ret <= 0) {

801
                ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);

802
                goto end;

803
            }

804
        }

805
#endif /* FIPS_MODULE */

806
    }

807
    DH_clear_flags(dh, DH_FLAG_TYPE_MASK);

808
    DH_set_flags(dh, gctx->dh_type);

809


810
    ret = 1;

811
end:

812
    if (ret <= 0) {

813
        DH_free(dh);

814
        dh = NULL;

815
    }

816
    BN_GENCB_free(gencb);

817
    return dh;

818
}

819


820
static void dh_gen_cleanup(void *genctx)

821
{

822
    struct dh_gen_ctx *gctx = genctx;

823


824
    if (gctx == NULL)

825
        return;

826


827
    OPENSSL_free(gctx->mdname);

828
    OPENSSL_free(gctx->mdprops);

829
    OPENSSL_clear_free(gctx->seed, gctx->seedlen);

830
    OPENSSL_free(gctx);

831
}

832


833
static void *dh_load(const void *reference, size_t reference_sz)

834
{

835
    DH *dh = NULL;

836


837
    if (ossl_prov_is_running() && reference_sz == sizeof(dh)) {

838
        /* The contents of the reference is the address to our object */

839
        dh = *(DH **)reference;

840
        /* We grabbed, so we detach it */

841
        *(DH **)reference = NULL;

842
        return dh;

843
    }

844
    return NULL;

845
}

846


847
static void *dh_dup(const void *keydata_from, int selection)

848
{

849
    if (ossl_prov_is_running())

850
        return ossl_dh_dup(keydata_from, selection);

851
    return NULL;

852
}

853


854
const OSSL_DISPATCH ossl_dh_keymgmt_functions[] = {

855
    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dh_newdata },

856
    { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dh_gen_init },

857
    { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dh_gen_set_template },

858
    { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dh_gen_set_params },

859
    { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,

860
      (void (*)(void))dh_gen_settable_params },

861
    { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dh_gen },

862
    { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dh_gen_cleanup },

863
    { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))dh_load },

864
    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata },

865
    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params },

866
    { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params },

867
    { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))dh_set_params },

868
    { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))dh_settable_params },

869
    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has },

870
    { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dh_match },

871
    { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dh_validate },

872
    { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dh_import },

873
    { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dh_import_types },

874
    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export },

875
    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dh_export_types },

876
    { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))dh_dup },

877
    OSSL_DISPATCH_END

878
};

879


880
/* For any DH key, we use the "DH" algorithms regardless of sub-type. */

881
static const char *dhx_query_operation_name(int operation_id)

882
{

883
    return "DH";

884
}

885


886
const OSSL_DISPATCH ossl_dhx_keymgmt_functions[] = {

887
    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dhx_newdata },

888
    { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dhx_gen_init },

889
    { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dh_gen_set_template },

890
    { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dhx_gen_set_params },

891
    { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,

892
      (void (*)(void))dhx_gen_settable_params },

893
    { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dh_gen },

894
    { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dh_gen_cleanup },

895
    { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))dh_load },

896
    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata },

897
    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params },

898
    { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params },

899
    { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))dh_set_params },

900
    { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))dh_settable_params },

901
    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has },

902
    { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dh_match },

903
    { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dh_validate },

904
    { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dh_import },

905
    { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dh_import_types },

906
    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export },

907
    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dh_export_types },

908
    { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME,

909
      (void (*)(void))dhx_query_operation_name },

910
    { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))dh_dup },

911
    OSSL_DISPATCH_END

912
};

913


914