From 14e3e00fe2c20a8594e3e20545d9f001fd7fa850 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 14 Oct 2019 10:10:58 +0200 Subject: DH: Add export of domain parameters to provider Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/10169) --- providers/implementations/keymgmt/dh_kmgmt.c | 61 +++++++++++++++++++++------- 1 file changed, 47 insertions(+), 14 deletions(-) (limited to 'providers') diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index e2999bde18..cb9502fc22 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -14,18 +14,46 @@ #include #include "prov/implementations.h" +static OSSL_OP_keymgmt_importdomparams_fn dh_importdomparams; static OSSL_OP_keymgmt_importkey_fn dh_importkey; -static int params_to_key(DH *dh, const OSSL_PARAM params[]) +static int params_to_domparams(DH *dh, const OSSL_PARAM params[]) { - const OSSL_PARAM *param_p, *param_g, *param_priv_key, *param_pub_key; - BIGNUM *p = NULL, *g = NULL, *priv_key = NULL, *pub_key = NULL; + const OSSL_PARAM *param_p, *param_g; + BIGNUM *p = NULL, *g = NULL; if (dh == NULL) return 0; param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P); param_g = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G); + + if ((param_p != NULL && !OSSL_PARAM_get_BN(param_p, &p)) + || (param_g != NULL && !OSSL_PARAM_get_BN(param_g, &g))) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + + return 1; + + err: + BN_free(p); + BN_free(g); + return 0; +} + +static int params_to_key(DH *dh, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *param_priv_key, *param_pub_key; + BIGNUM *priv_key = NULL, *pub_key = NULL; + + if (dh == NULL) + return 0; + + if (!params_to_domparams(dh, params)) + return 0; + param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_KEY); param_pub_key = @@ -40,31 +68,34 @@ static int params_to_key(DH *dh, const OSSL_PARAM params[]) if (param_pub_key == NULL) return 0; - if ((param_p != NULL && !OSSL_PARAM_get_BN(param_p, &p)) - || (param_g != NULL && !OSSL_PARAM_get_BN(param_g, &g)) - || (param_priv_key != NULL - && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) + if ((param_priv_key != NULL + && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) || !OSSL_PARAM_get_BN(param_pub_key, &pub_key)) goto err; - if (!DH_set0_pqg(dh, p, NULL, g)) - goto err; - p = g = NULL; - if (!DH_set0_key(dh, pub_key, priv_key)) goto err; - priv_key = pub_key = NULL; return 1; err: - BN_free(p); - BN_free(g); BN_free(priv_key); BN_free(pub_key); return 0; } +static void *dh_importdomparams(void *provctx, const OSSL_PARAM params[]) +{ + DH *dh; + + if ((dh = DH_new()) == NULL + || !params_to_domparams(dh, params)) { + DH_free(dh); + dh = NULL; + } + return dh; +} + static void *dh_importkey(void *provctx, const OSSL_PARAM params[]) { DH *dh; @@ -82,6 +113,8 @@ const OSSL_DISPATCH dh_keymgmt_functions[] = { * TODO(3.0) When implementing OSSL_FUNC_KEYMGMT_GENKEY, remember to also * implement OSSL_FUNC_KEYMGMT_EXPORTKEY. */ + { OSSL_FUNC_KEYMGMT_IMPORTDOMPARAMS, (void (*)(void))dh_importdomparams }, + { OSSL_FUNC_KEYMGMT_FREEDOMPARAMS, (void (*)(void))DH_free }, { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))dh_importkey }, { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))DH_free }, { 0, NULL } -- cgit v1.2.3