1 /*
2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h> /* memset */
11 #include <openssl/core_names.h>
12 #include "internal/ffc.h"
13 #include "internal/param_build_set.h"
14 #include "internal/nelem.h"
15
16 #ifndef FIPS_MODULE
17 #include <openssl/asn1.h> /* ossl_ffc_params_print */
18 #endif
19
ossl_ffc_params_init(FFC_PARAMS * params)20 void ossl_ffc_params_init(FFC_PARAMS *params)
21 {
22 memset(params, 0, sizeof(*params));
23 params->pcounter = -1;
24 params->gindex = FFC_UNVERIFIABLE_GINDEX;
25 params->flags = FFC_PARAM_FLAG_VALIDATE_PQG;
26 }
27
ossl_ffc_params_cleanup(FFC_PARAMS * params)28 void ossl_ffc_params_cleanup(FFC_PARAMS *params)
29 {
30 #ifdef OPENSSL_PEDANTIC_ZEROIZATION
31 BN_clear_free(params->p);
32 BN_clear_free(params->q);
33 BN_clear_free(params->g);
34 BN_clear_free(params->j);
35 OPENSSL_clear_free(params->seed, params->seedlen);
36 #else
37 BN_free(params->p);
38 BN_free(params->q);
39 BN_free(params->g);
40 BN_free(params->j);
41 OPENSSL_free(params->seed);
42 #endif
43 ossl_ffc_params_init(params);
44 }
45
ossl_ffc_params_set0_pqg(FFC_PARAMS * d,BIGNUM * p,BIGNUM * q,BIGNUM * g)46 void ossl_ffc_params_set0_pqg(FFC_PARAMS *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
47 {
48 if (p != NULL && p != d->p) {
49 BN_free(d->p);
50 d->p = p;
51 }
52 if (q != NULL && q != d->q) {
53 BN_free(d->q);
54 d->q = q;
55 }
56 if (g != NULL && g != d->g) {
57 BN_free(d->g);
58 d->g = g;
59 }
60 }
61
ossl_ffc_params_get0_pqg(const FFC_PARAMS * d,const BIGNUM ** p,const BIGNUM ** q,const BIGNUM ** g)62 void ossl_ffc_params_get0_pqg(const FFC_PARAMS *d, const BIGNUM **p,
63 const BIGNUM **q, const BIGNUM **g)
64 {
65 if (p != NULL)
66 *p = d->p;
67 if (q != NULL)
68 *q = d->q;
69 if (g != NULL)
70 *g = d->g;
71 }
72
73 /* j is the 'cofactor' that is optionally output for ASN1. */
ossl_ffc_params_set0_j(FFC_PARAMS * d,BIGNUM * j)74 void ossl_ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j)
75 {
76 BN_free(d->j);
77 d->j = NULL;
78 if (j != NULL)
79 d->j = j;
80 }
81
ossl_ffc_params_set_seed(FFC_PARAMS * params,const unsigned char * seed,size_t seedlen)82 int ossl_ffc_params_set_seed(FFC_PARAMS *params,
83 const unsigned char *seed, size_t seedlen)
84 {
85 if (params->seed != NULL) {
86 if (params->seed == seed)
87 return 1;
88 OPENSSL_free(params->seed);
89 }
90
91 if (seed != NULL && seedlen > 0) {
92 params->seed = OPENSSL_memdup(seed, seedlen);
93 if (params->seed == NULL)
94 return 0;
95 params->seedlen = seedlen;
96 } else {
97 params->seed = NULL;
98 params->seedlen = 0;
99 }
100 return 1;
101 }
102
ossl_ffc_params_set_gindex(FFC_PARAMS * params,int index)103 void ossl_ffc_params_set_gindex(FFC_PARAMS *params, int index)
104 {
105 params->gindex = index;
106 }
107
ossl_ffc_params_set_pcounter(FFC_PARAMS * params,int index)108 void ossl_ffc_params_set_pcounter(FFC_PARAMS *params, int index)
109 {
110 params->pcounter = index;
111 }
112
ossl_ffc_params_set_h(FFC_PARAMS * params,int index)113 void ossl_ffc_params_set_h(FFC_PARAMS *params, int index)
114 {
115 params->h = index;
116 }
117
ossl_ffc_params_set_flags(FFC_PARAMS * params,unsigned int flags)118 void ossl_ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags)
119 {
120 params->flags = flags;
121 }
122
ossl_ffc_params_enable_flags(FFC_PARAMS * params,unsigned int flags,int enable)123 void ossl_ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags,
124 int enable)
125 {
126 if (enable)
127 params->flags |= flags;
128 else
129 params->flags &= ~flags;
130 }
131
ossl_ffc_set_digest(FFC_PARAMS * params,const char * alg,const char * props)132 void ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props)
133 {
134 params->mdname = alg;
135 params->mdprops = props;
136 }
137
ossl_ffc_params_set_validate_params(FFC_PARAMS * params,const unsigned char * seed,size_t seedlen,int counter)138 int ossl_ffc_params_set_validate_params(FFC_PARAMS *params,
139 const unsigned char *seed,
140 size_t seedlen, int counter)
141 {
142 if (!ossl_ffc_params_set_seed(params, seed, seedlen))
143 return 0;
144 params->pcounter = counter;
145 return 1;
146 }
147
ossl_ffc_params_get_validate_params(const FFC_PARAMS * params,unsigned char ** seed,size_t * seedlen,int * pcounter)148 void ossl_ffc_params_get_validate_params(const FFC_PARAMS *params,
149 unsigned char **seed, size_t *seedlen,
150 int *pcounter)
151 {
152 if (seed != NULL)
153 *seed = params->seed;
154 if (seedlen != NULL)
155 *seedlen = params->seedlen;
156 if (pcounter != NULL)
157 *pcounter = params->pcounter;
158 }
159
ffc_bn_cpy(BIGNUM ** dst,const BIGNUM * src)160 static int ffc_bn_cpy(BIGNUM **dst, const BIGNUM *src)
161 {
162 BIGNUM *a;
163
164 /*
165 * If source is read only just copy the pointer, so
166 * we don't have to reallocate it.
167 */
168 if (src == NULL)
169 a = NULL;
170 else if (BN_get_flags(src, BN_FLG_STATIC_DATA)
171 && !BN_get_flags(src, BN_FLG_MALLOCED))
172 a = (BIGNUM *)src;
173 else if ((a = BN_dup(src)) == NULL)
174 return 0;
175 BN_clear_free(*dst);
176 *dst = a;
177 return 1;
178 }
179
ossl_ffc_params_copy(FFC_PARAMS * dst,const FFC_PARAMS * src)180 int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src)
181 {
182 if (!ffc_bn_cpy(&dst->p, src->p)
183 || !ffc_bn_cpy(&dst->g, src->g)
184 || !ffc_bn_cpy(&dst->q, src->q)
185 || !ffc_bn_cpy(&dst->j, src->j))
186 return 0;
187
188 dst->mdname = src->mdname;
189 dst->mdprops = src->mdprops;
190 OPENSSL_free(dst->seed);
191 dst->seedlen = src->seedlen;
192 if (src->seed != NULL) {
193 dst->seed = OPENSSL_memdup(src->seed, src->seedlen);
194 if (dst->seed == NULL)
195 return 0;
196 } else {
197 dst->seed = NULL;
198 }
199 dst->nid = src->nid;
200 dst->pcounter = src->pcounter;
201 dst->h = src->h;
202 dst->gindex = src->gindex;
203 dst->flags = src->flags;
204 dst->keylength = src->keylength;
205 return 1;
206 }
207
ossl_ffc_params_cmp(const FFC_PARAMS * a,const FFC_PARAMS * b,int ignore_q)208 int ossl_ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q)
209 {
210 return BN_cmp(a->p, b->p) == 0
211 && BN_cmp(a->g, b->g) == 0
212 && (ignore_q || BN_cmp(a->q, b->q) == 0); /* Note: q may be NULL */
213 }
214
ossl_ffc_params_todata(const FFC_PARAMS * ffc,OSSL_PARAM_BLD * bld,OSSL_PARAM params[])215 int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld,
216 OSSL_PARAM params[])
217 {
218 int test_flags;
219
220 if (ffc->p != NULL
221 && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_P, ffc->p))
222 return 0;
223 if (ffc->q != NULL
224 && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_Q, ffc->q))
225 return 0;
226 if (ffc->g != NULL
227 && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_G, ffc->g))
228 return 0;
229 if (ffc->j != NULL
230 && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_COFACTOR,
231 ffc->j))
232 return 0;
233 if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_GINDEX,
234 ffc->gindex))
235 return 0;
236 if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_PCOUNTER,
237 ffc->pcounter))
238 return 0;
239 if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_H, ffc->h))
240 return 0;
241 if (ffc->seed != NULL
242 && !ossl_param_build_set_octet_string(bld, params,
243 OSSL_PKEY_PARAM_FFC_SEED,
244 ffc->seed, ffc->seedlen))
245 return 0;
246 if (ffc->nid != NID_undef) {
247 const DH_NAMED_GROUP *group = ossl_ffc_uid_to_dh_named_group(ffc->nid);
248 const char *name = ossl_ffc_named_group_get_name(group);
249
250 if (name == NULL
251 || !ossl_param_build_set_utf8_string(bld, params,
252 OSSL_PKEY_PARAM_GROUP_NAME,
253 name))
254 return 0;
255 }
256 test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_PQ) != 0);
257 if (!ossl_param_build_set_int(bld, params,
258 OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, test_flags))
259 return 0;
260 test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_G) != 0);
261 if (!ossl_param_build_set_int(bld, params,
262 OSSL_PKEY_PARAM_FFC_VALIDATE_G, test_flags))
263 return 0;
264 test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY) != 0);
265 if (!ossl_param_build_set_int(bld, params,
266 OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY,
267 test_flags))
268 return 0;
269
270 if (ffc->mdname != NULL
271 && !ossl_param_build_set_utf8_string(bld, params,
272 OSSL_PKEY_PARAM_FFC_DIGEST,
273 ffc->mdname))
274 return 0;
275 if (ffc->mdprops != NULL
276 && !ossl_param_build_set_utf8_string(bld, params,
277 OSSL_PKEY_PARAM_FFC_DIGEST_PROPS,
278 ffc->mdprops))
279 return 0;
280 return 1;
281 }
282
283 #ifndef FIPS_MODULE
ossl_ffc_params_print(BIO * bp,const FFC_PARAMS * ffc,int indent)284 int ossl_ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent)
285 {
286 if (!ASN1_bn_print(bp, "prime P:", ffc->p, NULL, indent))
287 goto err;
288 if (!ASN1_bn_print(bp, "generator G:", ffc->g, NULL, indent))
289 goto err;
290 if (ffc->q != NULL
291 && !ASN1_bn_print(bp, "subgroup order Q:", ffc->q, NULL, indent))
292 goto err;
293 if (ffc->j != NULL
294 && !ASN1_bn_print(bp, "subgroup factor:", ffc->j, NULL, indent))
295 goto err;
296 if (ffc->seed != NULL) {
297 size_t i;
298
299 if (!BIO_indent(bp, indent, 128)
300 || BIO_puts(bp, "seed:") <= 0)
301 goto err;
302 for (i = 0; i < ffc->seedlen; i++) {
303 if ((i % 15) == 0) {
304 if (BIO_puts(bp, "\n") <= 0
305 || !BIO_indent(bp, indent + 4, 128))
306 goto err;
307 }
308 if (BIO_printf(bp, "%02x%s", ffc->seed[i],
309 ((i + 1) == ffc->seedlen) ? "" : ":")
310 <= 0)
311 goto err;
312 }
313 if (BIO_write(bp, "\n", 1) <= 0)
314 return 0;
315 }
316 if (ffc->pcounter != -1) {
317 if (!BIO_indent(bp, indent, 128)
318 || BIO_printf(bp, "counter: %d\n", ffc->pcounter) <= 0)
319 goto err;
320 }
321 return 1;
322 err:
323 return 0;
324 }
325 #endif /* FIPS_MODULE */
326