Extend DH parameter generation support.

[oweals/openssl.git] / crypto / dh / dh.h
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h

index b6d367bb6a56ce1a0a7ffb26afc8b524931726e5..5e356f618b8a14508d4298a2fbb1c309094d1f4e 100644 (file)
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -163,6 +163,9 @@ struct dh_st
  #define DH_CHECK_P_NOT_SAFE_PRIME      0x02
  #define DH_UNABLE_TO_CHECK_GENERATOR   0x04
  #define DH_NOT_SUITABLE_GENERATOR      0x08
+#define DH_CHECK_Q_NOT_PRIME           0x10
+#define DH_CHECK_INVALID_Q_VALUE       0x20
+#define DH_CHECK_INVALID_J_VALUE       0x40
  
  /* DH_check_pub_key error codes */
  #define DH_CHECK_PUBKEY_TOO_SMALL      0x01
@@ -210,8 +213,11 @@ int        DH_check(const DH *dh,int *codes);
  int    DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
  int    DH_generate_key(DH *dh);
  int    DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+int    DH_compute_key_padded(unsigned char *key,const BIGNUM *pub_key,DH *dh);
  DH *   d2i_DHparams(DH **a,const unsigned char **pp, long length);
  int    i2d_DHparams(const DH *a,unsigned char **pp);
+DH *   d2i_DHxparams(DH **a,const unsigned char **pp, long length);
+int    i2d_DHxparams(const DH *a,unsigned char **pp);
  #ifndef OPENSSL_NO_FP_API
  int    DHparams_print_fp(FILE *fp, const DH *x);
  #endif
@@ -221,17 +227,40 @@ int       DHparams_print(BIO *bp, const DH *x);
  int    DHparams_print(char *bp, const DH *x);
  #endif
  
+/* RFC 5114 parameters */
+DH *DH_get_1024_160(void);
+DH *DH_get_2048_224(void);
+DH *DH_get_2048_256(void);
+
  #define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
                         EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
  
+#define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
+       EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                       EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
+
+#define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
+       EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                       EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
+
  #define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
                         EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
  
+#define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
+       EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+                       EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+#define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
+       EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+                       EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
  #define        EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN     (EVP_PKEY_ALG_CTRL + 1)
  #define        EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR     (EVP_PKEY_ALG_CTRL + 2)
-               
+#define        EVP_PKEY_CTRL_DH_RFC5114                (EVP_PKEY_ALG_CTRL + 3)
+#define        EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN  (EVP_PKEY_ALG_CTRL + 4)
+#define        EVP_PKEY_CTRL_DH_PARAMGEN_TYPE          (EVP_PKEY_ALG_CTRL + 5)
  
  /* BEGIN ERROR CODES */
  /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -247,6 +276,7 @@ void ERR_load_DH_strings(void);
  #define DH_F_DH_BUILTIN_GENPARAMS                       106
  #define DH_F_DH_COMPUTE_KEY                             114
  #define DH_F_DH_GENERATE_KEY                            115
+#define DH_F_DH_GENERATE_PARAMETERS_EX                  116
  #define DH_F_DH_NEW_METHOD                              105
  #define DH_F_DH_PARAM_DECODE                            107
  #define DH_F_DH_PRIV_DECODE                             110