diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-04-15 21:02:52 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-04-15 21:02:52 +1000 |
commit | b03ec3b5d62ee26bf8437556b9040d4141d5bdd8 (patch) | |
tree | 1f27a892757c24efab70d2fb8f93110f71c0fbb3 /include | |
parent | 09b3654096ed344edd78cf156cb3ddcdbced6f9a (diff) |
Add DSA keygen to provider
Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11303)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/dsa.h | 6 | ||||
-rw-r--r-- | include/internal/ffc.h | 15 | ||||
-rw-r--r-- | include/openssl/core_names.h | 13 | ||||
-rw-r--r-- | include/openssl/dsa.h | 20 |
4 files changed, 41 insertions, 13 deletions
diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h index 0afec99ae6..1a278fecf2 100644 --- a/include/crypto/dsa.h +++ b/include/crypto/dsa.h @@ -11,20 +11,20 @@ #include <openssl/dsa.h> #include "internal/ffc.h" +#define DSA_PARAMGEN_TYPE_FIPS_186_4 0 /* Use FIPS186-4 standard */ #define DSA_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */ -#define DSA_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */ DSA *dsa_new_with_ctx(OPENSSL_CTX *libctx); int dsa_generate_ffc_parameters(DSA *dsa, int type, - int pbits, int qbits, int gindex, - BN_GENCB *cb); + int pbits, int qbits, EVP_MD *md, BN_GENCB *cb); int dsa_sign_int(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa); const unsigned char *dsa_algorithmidentifier_encoding(int md_nid, size_t *len); FFC_PARAMS *dsa_get0_params(DSA *dsa); +int dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]); int dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]); int dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, const BIGNUM *priv_key, diff --git a/include/internal/ffc.h b/include/internal/ffc.h index fd1007631e..c8b2cb8c3c 100644 --- a/include/internal/ffc.h +++ b/include/internal/ffc.h @@ -14,6 +14,8 @@ # include <openssl/bn.h> # include <openssl/evp.h> # include <openssl/dh.h> /* Uses Error codes from DH */ +# include <openssl/params.h> +# include <openssl/param_build.h> /* Default value for gindex when canonical generation of g is not used */ # define FFC_UNVERIFIABLE_GINDEX -1 @@ -100,6 +102,12 @@ void ffc_params_set0_pqg(FFC_PARAMS *params, BIGNUM *p, BIGNUM *q, BIGNUM *g); void ffc_params_get0_pqg(const FFC_PARAMS *params, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); void ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j); +int ffc_params_set_seed(FFC_PARAMS *params, + const unsigned char *seed, size_t seedlen); +void ffc_params_set_gindex(FFC_PARAMS *params, int index); +void ffc_params_set_pcounter(FFC_PARAMS *params, int index); +void ffc_params_set_h(FFC_PARAMS *params, int index); + int ffc_params_set_validate_params(FFC_PARAMS *params, const unsigned char *seed, size_t seedlen, int counter); @@ -155,6 +163,11 @@ int ffc_validate_public_key_partial(const FFC_PARAMS *params, int ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv_key, int *ret); -int ffc_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]); +int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *tmpl, + OSSL_PARAM params[]); +int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]); +int ffc_named_group_to_nid(const char *name); +const char *ffc_named_group_from_nid(int nid); +int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name); #endif /* OSSL_INTERNAL_FFC_H */ diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index c8a88285d8..18f835231c 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -191,6 +191,12 @@ extern "C" { #define OSSL_PKEY_PARAM_FFC_P "p" #define OSSL_PKEY_PARAM_FFC_G "g" #define OSSL_PKEY_PARAM_FFC_Q "q" +#define OSSL_PKEY_PARAM_FFC_GINDEX "gindex" +#define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter" +#define OSSL_PKEY_PARAM_FFC_SEED "seed" +#define OSSL_PKEY_PARAM_FFC_COFACTOR "j" +#define OSSL_PKEY_PARAM_FFC_H "hindex" +#define OSSL_PKEY_PARAM_FFC_GROUP "group" /* Elliptic Curve Domain Parameters */ #define OSSL_PKEY_PARAM_EC_NAME "curve-name" @@ -255,6 +261,13 @@ extern "C" { #define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS #define OSSL_PKEY_PARAM_RSA_PRIMES "primes" +/* Key generation parameters */ +#define OSSL_PKEY_PARAM_FFC_TYPE "type" +#define OSSL_PKEY_PARAM_FFC_PBITS "pbits" +#define OSSL_PKEY_PARAM_FFC_QBITS "qbits" +#define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST +#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES + /* Key Exchange parameters */ #define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index c704d5d5c9..fce6e94d66 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -182,15 +182,17 @@ DEPRECATEDIN_3_0(int DSA_print_fp(FILE *bp, const DSA *x, int off)) DEPRECATEDIN_3_0(DH *DSA_dup_DH(const DSA *r)) # endif -# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) -# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL) -# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)) +int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); +int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits); +int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx, + const char *md_name, + const char *md_properties); +int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex); +int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name); +int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx, + const unsigned char *seed, + size_t seedlen); +int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); # define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) # define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) |