/src/openssl/include/internal/ffc.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #ifndef OSSL_INTERNAL_FFC_H |
11 | | # define OSSL_INTERNAL_FFC_H |
12 | | |
13 | | # include <openssl/bn.h> |
14 | | # include <openssl/evp.h> |
15 | | # include <openssl/dh.h> /* Uses Error codes from DH */ |
16 | | |
17 | | /* Default value for gindex when canonical generation of g is not used */ |
18 | 4.17k | # define FFC_UNVERIFIABLE_GINDEX -1 |
19 | | |
20 | | /* The different types of FFC keys */ |
21 | 0 | # define FFC_PARAM_TYPE_DSA 0 |
22 | 0 | # define FFC_PARAM_TYPE_DH 1 |
23 | | |
24 | | /* Return codes for generation and validation of FFC parameters */ |
25 | 0 | #define FFC_PARAMS_RET_STATUS_FAILED 0 |
26 | 0 | #define FFC_PARAMS_RET_STATUS_SUCCESS 1 |
27 | | /* Returned if validating and g is only partially verifiable */ |
28 | 0 | #define FFC_PARAMS_RET_STATUS_UNVERIFIABLE_G 2 |
29 | | |
30 | | /* Validation flags */ |
31 | | # define FFC_PARAMS_GENERATE 0x00 |
32 | 0 | # define FFC_PARAMS_VALIDATE_PQ 0x01 |
33 | 0 | # define FFC_PARAMS_VALIDATE_G 0x02 |
34 | 0 | # define FFC_PARAMS_VALIDATE_ALL (FFC_PARAMS_VALIDATE_PQ | FFC_PARAMS_VALIDATE_G) |
35 | | |
36 | | /* |
37 | | * NB: These values must align with the equivalently named macros in |
38 | | * openssl/dh.h. We cannot use those macros here in case DH has been disabled. |
39 | | */ |
40 | 0 | # define FFC_CHECK_P_NOT_PRIME 0x00001 |
41 | | # define FFC_CHECK_P_NOT_SAFE_PRIME 0x00002 |
42 | | # define FFC_CHECK_UNKNOWN_GENERATOR 0x00004 |
43 | | # define FFC_CHECK_NOT_SUITABLE_GENERATOR 0x00008 |
44 | 0 | # define FFC_CHECK_Q_NOT_PRIME 0x00010 |
45 | 0 | # define FFC_CHECK_INVALID_Q_VALUE 0x00020 |
46 | | # define FFC_CHECK_INVALID_J_VALUE 0x00040 |
47 | | |
48 | 0 | # define FFC_CHECK_BAD_LN_PAIR 0x00080 |
49 | 0 | # define FFC_CHECK_INVALID_SEED_SIZE 0x00100 |
50 | 0 | # define FFC_CHECK_MISSING_SEED_OR_COUNTER 0x00200 |
51 | 0 | # define FFC_CHECK_INVALID_G 0x00400 |
52 | 0 | # define FFC_CHECK_INVALID_PQ 0x00800 |
53 | 0 | # define FFC_CHECK_INVALID_COUNTER 0x01000 |
54 | 0 | # define FFC_CHECK_P_MISMATCH 0x02000 |
55 | 0 | # define FFC_CHECK_Q_MISMATCH 0x04000 |
56 | 0 | # define FFC_CHECK_G_MISMATCH 0x08000 |
57 | 0 | # define FFC_CHECK_COUNTER_MISMATCH 0x10000 |
58 | | |
59 | | /* |
60 | | * Finite field cryptography (FFC) domain parameters are used by DH and DSA. |
61 | | * Refer to FIPS186_4 Appendix A & B. |
62 | | */ |
63 | | typedef struct ffc_params_st { |
64 | | /* Primes */ |
65 | | BIGNUM *p; |
66 | | BIGNUM *q; |
67 | | /* Generator */ |
68 | | BIGNUM *g; |
69 | | /* DH X9.42 Optional Subgroup factor j >= 2 where p = j * q + 1 */ |
70 | | BIGNUM *j; |
71 | | |
72 | | /* Required for FIPS186_4 validation of p, q and optionally canonical g */ |
73 | | unsigned char *seed; |
74 | | /* If this value is zero the hash size is used as the seed length */ |
75 | | size_t seedlen; |
76 | | /* Required for FIPS186_4 validation of p and q */ |
77 | | int pcounter; |
78 | | int nid; /* The identity of a named group */ |
79 | | |
80 | | /* |
81 | | * Required for FIPS186_4 generation & validation of canonical g. |
82 | | * It uses unverifiable g if this value is -1. |
83 | | */ |
84 | | int gindex; |
85 | | int h; /* loop counter for unverifiable g */ |
86 | | } FFC_PARAMS; |
87 | | |
88 | | void ffc_params_init(FFC_PARAMS *params); |
89 | | void ffc_params_cleanup(FFC_PARAMS *params); |
90 | | void ffc_params_set0_pqg(FFC_PARAMS *params, BIGNUM *p, BIGNUM *q, BIGNUM *g); |
91 | | void ffc_params_get0_pqg(const FFC_PARAMS *params, const BIGNUM **p, |
92 | | const BIGNUM **q, const BIGNUM **g); |
93 | | void ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j); |
94 | | int ffc_params_set_validate_params(FFC_PARAMS *params, |
95 | | const unsigned char *seed, size_t seedlen, |
96 | | int counter); |
97 | | void ffc_params_get_validate_params(const FFC_PARAMS *params, |
98 | | unsigned char **seed, size_t *seedlen, |
99 | | int *pcounter); |
100 | | |
101 | | int ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src); |
102 | | int ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q); |
103 | | |
104 | | #ifndef FIPS_MODE |
105 | | int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent); |
106 | | #endif /* FIPS_MODE */ |
107 | | |
108 | | |
109 | | int ffc_params_FIPS186_4_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params, |
110 | | int type, size_t L, size_t N, |
111 | | const EVP_MD *evpmd, int *res, BN_GENCB *cb); |
112 | | int ffc_params_FIPS186_2_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params, |
113 | | int type, size_t L, size_t N, |
114 | | const EVP_MD *evpmd, int *res, BN_GENCB *cb); |
115 | | |
116 | | int ffc_param_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, |
117 | | int type, size_t L, size_t N, |
118 | | const EVP_MD *evpmd, int validate_flags, |
119 | | int *res, BN_GENCB *cb); |
120 | | int ffc_param_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, |
121 | | int type, size_t L, size_t N, |
122 | | const EVP_MD *evpmd, int validate_flags, |
123 | | int *res, BN_GENCB *cb); |
124 | | |
125 | | int ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, |
126 | | int N, int s, BIGNUM *priv); |
127 | | |
128 | | int ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, |
129 | | const BIGNUM *p, const BIGNUM *q, |
130 | | const BIGNUM *g, BIGNUM *tmp, int *ret); |
131 | | |
132 | | #endif /* OSSL_INTERNAL_FFC_H */ |