RFC5114 parameters and X9.42 DH public and private keys.
(backport from HEAD)
Changes between 1.0.1 and 1.0.2 [xx XXX xxxx]
+ *) Initial experimental support for X9.42 DH parameter format: mainly
+ to support use of 'q' parameter for RFC5114 parameters.
+ [Steve Henson]
+
*) Add DH parameters from RFC5114 including test data to dhtest.
[Steve Henson]
extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
&eckey_asn1_meth,
#endif
&hmac_asn1_meth,
- &cmac_asn1_meth
+ &cmac_asn1_meth,
+#ifndef OPENSSL_NO_DH
+ &dhx_asn1_meth
+#endif
};
typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
DH * d2i_DHparams(DH **a,const unsigned char **pp, long length);
int i2d_DHparams(const DH *a,unsigned char **pp);
+DH * d2i_DHxparams(DH **a,const unsigned char **pp, long length);
+int i2d_DHxparams(const DH *a,unsigned char **pp);
#ifndef OPENSSL_NO_FP_API
int DHparams_print_fp(FILE *fp, const DH *x);
#endif
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
+#define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+#define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
+#define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3)
/* BEGIN ERROR CODES */
#include <openssl/bn.h>
#include "asn1_locl.h"
+extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
+
+/* i2d/d2i like DH parameter functions which use the appropriate routine
+ * for PKCS#3 DH or X9.42 DH.
+ */
+
+static DH * d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp, long length)
+ {
+ if (pkey->ameth == &dhx_asn1_meth)
+ return d2i_DHxparams(NULL, pp, length);
+ return d2i_DHparams(NULL, pp, length);
+ }
+
+static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp)
+ {
+ if (pkey->ameth == &dhx_asn1_meth)
+ return i2d_DHxparams(a, pp);
+ return i2d_DHparams(a, pp);
+ }
+
static void int_dh_free(EVP_PKEY *pkey)
{
DH_free(pkey->pkey.dh);
pm = pstr->data;
pmlen = pstr->length;
- if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
+ if (!(dh = d2i_dhp(pkey, &pm, pmlen)))
{
DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
goto err;
}
ASN1_INTEGER_free(public_key);
- EVP_PKEY_assign_DH(pkey, dh);
+ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
return 1;
err:
dh=pkey->pkey.dh;
str = ASN1_STRING_new();
- str->length = i2d_DHparams(dh, &str->data);
+ str->length = i2d_dhp(pkey, dh, &str->data);
if (str->length <= 0)
{
DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH),
+ if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
ptype, pval, penc, penclen))
return 1;
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
- if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
+ if (!(dh = d2i_dhp(pkey, &pm, pmlen)))
goto decerr;
/* We have parameters now set private key */
if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
if (!DH_generate_key(dh))
goto dherr;
- EVP_PKEY_assign_DH(pkey, dh);
+ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
ASN1_INTEGER_free(privkey);
goto err;
}
- params->length = i2d_DHparams(pkey->pkey.dh, ¶ms->data);
+ params->length = i2d_dhp(pkey, pkey->pkey.dh, ¶ms->data);
if (params->length <= 0)
{
DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
ASN1_INTEGER_free(prkey);
- if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
+ if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
V_ASN1_SEQUENCE, params, dp, dplen))
goto err;
const unsigned char **pder, int derlen)
{
DH *dh;
- if (!(dh = d2i_DHparams(NULL, pder, derlen)))
+ if (!(dh = d2i_dhp(pkey, pder, derlen)))
{
DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
return 0;
}
- EVP_PKEY_assign_DH(pkey, dh);
+ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
return 1;
}
static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
{
- return i2d_DHparams(pkey->pkey.dh, pder);
+ return i2d_dhp(pkey, pkey->pkey.dh, pder);
}
static int do_dh_print(BIO *bp, const DH *x, int indent,
update_buflen(priv_key, &buf_len);
if (ptype == 2)
- ktype = "PKCS#3 DH Private-Key";
+ ktype = "DH Private-Key";
else if (ptype == 1)
- ktype = "PKCS#3 DH Public-Key";
+ ktype = "DH Public-Key";
else
- ktype = "PKCS#3 DH Parameters";
+ ktype = "DH Parameters";
m= OPENSSL_malloc(buf_len+10);
if (m == NULL)
if ( BN_cmp(a->pkey.dh->p,b->pkey.dh->p) ||
BN_cmp(a->pkey.dh->g,b->pkey.dh->g))
return 0;
- else
- return 1;
+ else if (a->ameth == &dhx_asn1_meth)
+ {
+ if (BN_cmp(a->pkey.dh->q,b->pkey.dh->q))
+ return 0;
+ }
+ return 1;
}
static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
if (to->pkey.dh->g != NULL)
BN_free(to->pkey.dh->g);
to->pkey.dh->g=a;
+ if (from->ameth == &dhx_asn1_meth)
+ {
+ a = BN_dup(from->pkey.dh->q);
+ if (!a)
+ return 0;
+ if (to->pkey.dh->q)
+ BN_free(to->pkey.dh->q);
+ to->pkey.dh->q = a;
+ }
return 1;
}
0
};
+const EVP_PKEY_ASN1_METHOD dhx_asn1_meth =
+ {
+ EVP_PKEY_DHX,
+ EVP_PKEY_DHX,
+ 0,
+
+ "X9.42 DH",
+ "OpenSSL X9.42 DH method",
+
+ dh_pub_decode,
+ dh_pub_encode,
+ dh_pub_cmp,
+ dh_public_print,
+
+ dh_priv_decode,
+ dh_priv_encode,
+ dh_private_print,
+
+ int_dh_size,
+ dh_bits,
+
+ dh_param_decode,
+ dh_param_encode,
+ dh_missing_parameters,
+ dh_copy_parameters,
+ dh_cmp_parameters,
+ dh_param_print,
+ 0,
+
+ int_dh_free,
+ 0
+ };
+
{
return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
}
+
+/* Internal only structures for handling X9.42 DH: this gets translated
+ * to or from a DH structure straight away.
+ */
+
+typedef struct
+ {
+ ASN1_BIT_STRING *seed;
+ BIGNUM *counter;
+ } int_dhvparams;
+
+typedef struct
+ {
+ BIGNUM *p;
+ BIGNUM *q;
+ BIGNUM *g;
+ BIGNUM *j;
+ int_dhvparams *vparams;
+ } int_dhx942_dh;
+
+ASN1_SEQUENCE(DHvparams) = {
+ ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
+ ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
+} ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
+
+ASN1_SEQUENCE(DHxparams) = {
+ ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
+ ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
+ ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM),
+ ASN1_OPT(int_dhx942_dh, j, BIGNUM),
+ ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
+} ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
+
+int_dhx942_dh * d2i_int_dhx(int_dhx942_dh **a,
+ const unsigned char **pp, long length);
+int i2d_int_dhx(const int_dhx942_dh *a,unsigned char **pp);
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx)
+
+/* Application leve function: read in X9.42 DH parameters into DH structure */
+
+DH * d2i_DHxparams(DH **a,const unsigned char **pp, long length)
+ {
+ int_dhx942_dh *dhx = NULL;
+ DH *dh = NULL;
+ dh = DH_new();
+ if (!dh)
+ return NULL;
+ dhx = d2i_int_dhx(NULL, pp, length);
+ if (!dhx)
+ {
+ DH_free(dh);
+ return NULL;
+ }
+
+ if (a)
+ {
+ if (*a)
+ DH_free(*a);
+ *a = dh;
+ }
+
+ dh->p = dhx->p;
+ dh->q = dhx->q;
+ dh->g = dhx->g;
+ dh->j = dhx->j;
+
+ if (dhx->vparams)
+ {
+ dh->seed = dhx->vparams->seed->data;
+ dh->seedlen = dhx->vparams->seed->length;
+ dh->counter = dhx->vparams->counter;
+ dhx->vparams->seed->data = NULL;
+ ASN1_BIT_STRING_free(dhx->vparams->seed);
+ OPENSSL_free(dhx->vparams);
+ dhx->vparams = NULL;
+ }
+
+ OPENSSL_free(dhx);
+ return dh;
+ }
+
+int i2d_DHxparams(const DH *dh,unsigned char **pp)
+ {
+ int_dhx942_dh dhx;
+ int_dhvparams dhv;
+ ASN1_BIT_STRING bs;
+ dhx.p = dh->p;
+ dhx.g = dh->g;
+ dhx.q = dh->q;
+ dhx.j = dh->j;
+ if (dh->counter && dh->seed && dh->seedlen > 0)
+ {
+ bs.flags = ASN1_STRING_FLAG_BITS_LEFT;
+ bs.data = dh->seed;
+ bs.length = dh->seedlen;
+ dhv.seed = &bs;
+ dhv.counter = dh->counter;
+ dhx.vparams = &dhv;
+ }
+ else
+ dhx.vparams = NULL;
+
+ return i2d_int_dhx(&dhx, pp);
+ }
int prime_len;
int generator;
int use_dsa;
+ int rfc5114_param;
/* Keygen callback info */
int gentmp[2];
/* message digest */
dctx->prime_len = 1024;
dctx->generator = 2;
dctx->use_dsa = 0;
+ dctx->rfc5114_param = 0;
ctx->data = dctx;
ctx->keygen_info = dctx->gentmp;
dctx->prime_len = sctx->prime_len;
dctx->generator = sctx->generator;
dctx->use_dsa = sctx->use_dsa;
+ dctx->rfc5114_param = sctx->rfc5114_param;
return 1;
}
dctx->generator = p1;
return 1;
+ case EVP_PKEY_CTRL_DH_RFC5114:
+ if (p1 < 1 || p1 > 3)
+ return -2;
+ dctx->rfc5114_param = p1;
+ return 1;
+
case EVP_PKEY_CTRL_PEER_KEY:
/* Default behaviour is OK */
return 1;
len = atoi(value);
return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
}
+ if (!strcmp(type, "dh_rfc5114"))
+ {
+ DH_PKEY_CTX *dctx = ctx->data;
+ int len;
+ len = atoi(value);
+ if (len < 0 || len > 3)
+ return -2;
+ dctx->rfc5114_param = len;
+ return 1;
+ }
if (!strcmp(type, "dh_paramgen_generator"))
{
int len;
DH_PKEY_CTX *dctx = ctx->data;
BN_GENCB *pcb, cb;
int ret;
+ if (dctx->rfc5114_param)
+ {
+ switch (dctx->rfc5114_param)
+ {
+ case 1:
+ dh = DH_get_1024_160();
+ break;
+
+ case 2:
+ dh = DH_get_2048_224();
+ break;
+
+ case 3:
+ dh = DH_get_2048_256();
+ break;
+
+ default:
+ return -2;
+ }
+ EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
+ return 1;
+ }
+
if (ctx->pkey_gencb)
{
pcb = &cb;
dh = DH_new();
if (!dh)
return 0;
- EVP_PKEY_assign_DH(pkey, dh);
+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
/* Note: if error return, pkey is freed by parent routine */
if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
return 0;
pkey_dh_ctrl_str
};
+
+const EVP_PKEY_METHOD dhx_pkey_meth =
+ {
+ EVP_PKEY_DHX,
+ EVP_PKEY_FLAG_AUTOARGLEN,
+ pkey_dh_init,
+ pkey_dh_copy,
+ pkey_dh_cleanup,
+
+ 0,
+ pkey_dh_paramgen,
+
+ 0,
+ pkey_dh_keygen,
+
+ 0,
+ 0,
+
+ 0,
+ 0,
+
+ 0,0,
+
+ 0,0,0,0,
+
+ 0,0,
+
+ 0,0,
+
+ 0,
+ pkey_dh_derive,
+
+ pkey_dh_ctrl,
+ pkey_dh_ctrl_str
+
+ };
#define EVP_PKEY_DSA3 NID_dsaWithSHA1
#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2
#define EVP_PKEY_DH NID_dhKeyAgreement
+#define EVP_PKEY_DHX NID_dhpublicnumber
#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
#define EVP_PKEY_HMAC NID_hmac
#define EVP_PKEY_CMAC NID_cmac
extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
+extern const EVP_PKEY_METHOD dhx_pkey_meth;
static const EVP_PKEY_METHOD *standard_methods[] =
{
&ec_pkey_meth,
#endif
&hmac_pkey_meth,
- &cmac_pkey_meth
+ &cmac_pkey_meth,
+#ifndef OPENSSL_NO_DH
+ &dhx_pkey_meth
+#endif
};
DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
* [including the GNU Public Licence.]
*/
-#define NUM_NID 920
-#define NUM_SN 913
-#define NUM_LN 913
-#define NUM_OBJ 857
+#define NUM_NID 921
+#define NUM_SN 914
+#define NUM_LN 914
+#define NUM_OBJ 858
-static const unsigned char lvalues[5980]={
+static const unsigned char lvalues[5987]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5952] OBJ_mgf1 */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5961] OBJ_rsassaPss */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5970] OBJ_rsaesOaep */
+0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5979] OBJ_dhpublicnumber */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
{"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
NID_aes_256_cbc_hmac_sha1,0,NULL,0},
{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5970]),0},
+{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5979]),0},
};
static const unsigned int sn_objs[NUM_SN]={
107, /* "description" */
871, /* "destinationIndicator" */
28, /* "dhKeyAgreement" */
+920, /* "dhpublicnumber" */
382, /* "directory" */
887, /* "distinguishedName" */
892, /* "dmdName" */
85, /* "X509v3 Subject Alternative Name" */
769, /* "X509v3 Subject Directory Attributes" */
82, /* "X509v3 Subject Key Identifier" */
+920, /* "X9.42 DH" */
184, /* "X9.57" */
185, /* "X9.57 CM ?" */
478, /* "aRecord" */
416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */
791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */
792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */
+920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */
258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */
175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */
259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */
#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1"
#define NID_aes_256_cbc_hmac_sha1 918
+#define SN_dhpublicnumber "dhpublicnumber"
+#define LN_dhpublicnumber "X9.42 DH"
+#define NID_dhpublicnumber 920
+#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L
+
aes_192_cbc_hmac_sha1 917
aes_256_cbc_hmac_sha1 918
rsaesOaep 919
+dhpublicnumber 920
: AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1
: AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1
: AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1
+
+ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
#define PEM_STRING_PKCS8INF "PRIVATE KEY"
#define PEM_STRING_DHPARAMS "DH PARAMETERS"
+#define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS"
#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
#define PEM_STRING_DSAPARAMS "DSA PARAMETERS"
#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
#ifndef OPENSSL_NO_DH
DECLARE_PEM_rw_const(DHparams, DH)
+DECLARE_PEM_write_const(DHxparams, DH)
#endif
#ifndef OPENSSL_NO_DH
IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
+IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams)
#endif