diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-01-24 14:09:33 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-01-24 14:09:33 +1000 |
commit | dc8de3e6f1eed18617dc42d41dec6c6566c2ac0c (patch) | |
tree | 5cf78a6ef780836f16831f2776c0dc155047d742 /include | |
parent | 21d08b9ee9c0f7fabcad27b5d0b0c8c16f7dd1e9 (diff) |
Modify DSA and DH keys to use a shared FFC_PARAMS struct
This is required in order to share code for FIPS related parameter generation and validation routinues.
Note the 'counter' field is now stored as a integer (as that is the form required for generation/validation functions).
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10860)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/dh.h | 2 | ||||
-rw-r--r-- | include/internal/ffc.h | 57 |
2 files changed, 59 insertions, 0 deletions
diff --git a/include/crypto/dh.h b/include/crypto/dh.h index 4032bdc10e..b1f37c6018 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -8,8 +8,10 @@ */ #include <openssl/dh.h> +#include "internal/ffc.h" int dh_compute_key(OPENSSL_CTX *ctx, unsigned char *key, const BIGNUM *pub_key, DH *dh); int dh_compute_key_padded(OPENSSL_CTX *ctx, unsigned char *key, const BIGNUM *pub_key, DH *dh); +FFC_PARAMS *dh_get0_params(DH *dh); diff --git a/include/internal/ffc.h b/include/internal/ffc.h new file mode 100644 index 0000000000..56703fb2e8 --- /dev/null +++ b/include/internal/ffc.h @@ -0,0 +1,57 @@ +/* + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_FFC_H +# define OSSL_INTERNAL_FFC_H + +# include <openssl/bn.h> + +/* + * Finite field cryptography (FFC) domain parameters are used by DH and DSA. + * Refer to FIPS186_4 Appendix A & B. + */ +typedef struct ffc_params_st { + /* Primes */ + BIGNUM *p; + BIGNUM *q; + /* Generator */ + BIGNUM *g; + /* DH X9.42 Optional Subgroup factor j >= 2 where p = j * q + 1 */ + BIGNUM *j; + + /* Required for FIPS186_4 validation of p, q and optionally canonical g */ + unsigned char *seed; + /* If this value is zero the hash size is used as the seed length */ + size_t seedlen; + /* Required for FIPS186_4 validation of p and q */ + int pcounter; + +} FFC_PARAMS; + +void ffc_params_init(FFC_PARAMS *params); +void ffc_params_cleanup(FFC_PARAMS *params); +void ffc_params_set0_pqg(FFC_PARAMS *params, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void ffc_params_get0_pqg(const FFC_PARAMS *params, const BIGNUM **p, + const BIGNUM **q, const BIGNUM **g); +void ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j); +int ffc_params_set_validate_params(FFC_PARAMS *params, + const unsigned char *seed, size_t seedlen, + int counter); +void ffc_params_get_validate_params(const FFC_PARAMS *params, + unsigned char **seed, size_t *seedlen, + int *pcounter); + +int ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src); +int ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q); + +#ifndef FIPS_MODE +int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent); +#endif /* FIPS_MODE */ + +#endif /* OSSL_INTERNAL_FFC_H */ |