LTKCPP-- LLRP Toolkit C Plus Plus Library
dh.h
1 /* crypto/dh/dh.h */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to. The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  * notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  * notice, this list of conditions and the following disclaimer in the
30  * documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  * must display the following acknowledgement:
33  * "This product includes cryptographic software written by
34  * Eric Young (eay@cryptsoft.com)"
35  * The word 'cryptographic' can be left out if the rouines from the library
36  * being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  * the apps directory (application code) you must include an acknowledgement:
39  * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed. i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #ifndef HEADER_DH_H
60 # define HEADER_DH_H
61 
62 # include <openssl/e_os2.h>
63 
64 # ifdef OPENSSL_NO_DH
65 # error DH is disabled.
66 # endif
67 
68 # ifndef OPENSSL_NO_BIO
69 # include <openssl/bio.h>
70 # endif
71 # include <openssl/ossl_typ.h>
72 # ifndef OPENSSL_NO_DEPRECATED
73 # include <openssl/bn.h>
74 # endif
75 
76 # ifndef OPENSSL_DH_MAX_MODULUS_BITS
77 # define OPENSSL_DH_MAX_MODULUS_BITS 10000
78 # endif
79 
80 # define DH_FLAG_CACHE_MONT_P 0x01
81 
82 /*
83  * new with 0.9.7h; the built-in DH
84  * implementation now uses constant time
85  * modular exponentiation for secret exponents
86  * by default. This flag causes the
87  * faster variable sliding window method to
88  * be used for all exponents.
89  */
90 # define DH_FLAG_NO_EXP_CONSTTIME 0x02
91 
92 /*
93  * If this flag is set the DH method is FIPS compliant and can be used in
94  * FIPS mode. This is set in the validated module method. If an application
95  * sets this flag in its own methods it is its reposibility to ensure the
96  * result is compliant.
97  */
98 
99 # define DH_FLAG_FIPS_METHOD 0x0400
100 
101 /*
102  * If this flag is set the operations normally disabled in FIPS mode are
103  * permitted it is then the applications responsibility to ensure that the
104  * usage is compliant.
105  */
106 
107 # define DH_FLAG_NON_FIPS_ALLOW 0x0400
108 
109 #ifdef __cplusplus
110 extern "C" {
111 #endif
112 
113 /* Already defined in ossl_typ.h */
114 /* typedef struct dh_st DH; */
115 /* typedef struct dh_method DH_METHOD; */
116 
117 struct dh_method {
118  const char *name;
119  /* Methods here */
120  int (*generate_key) (DH *dh);
121  int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh);
122  /* Can be null */
123  int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
124  const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
125  BN_MONT_CTX *m_ctx);
126  int (*init) (DH *dh);
127  int (*finish) (DH *dh);
128  int flags;
129  char *app_data;
130  /* If this is non-NULL, it will be used to generate parameters */
131  int (*generate_params) (DH *dh, int prime_len, int generator,
132  BN_GENCB *cb);
133 };
134 
135 struct dh_st {
136  /*
137  * This first argument is used to pick up errors when a DH is passed
138  * instead of a EVP_PKEY
139  */
140  int pad;
141  int version;
142  BIGNUM *p;
143  BIGNUM *g;
144  long length; /* optional */
145  BIGNUM *pub_key; /* g^x */
146  BIGNUM *priv_key; /* x */
147  int flags;
148  BN_MONT_CTX *method_mont_p;
149  /* Place holders if we want to do X9.42 DH */
150  BIGNUM *q;
151  BIGNUM *j;
152  unsigned char *seed;
153  int seedlen;
154  BIGNUM *counter;
155  int references;
156  CRYPTO_EX_DATA ex_data;
157  const DH_METHOD *meth;
158  ENGINE *engine;
159 };
160 
161 # define DH_GENERATOR_2 2
162 /* #define DH_GENERATOR_3 3 */
163 # define DH_GENERATOR_5 5
164 
165 /* DH_check error codes */
166 # define DH_CHECK_P_NOT_PRIME 0x01
167 # define DH_CHECK_P_NOT_SAFE_PRIME 0x02
168 # define DH_UNABLE_TO_CHECK_GENERATOR 0x04
169 # define DH_NOT_SUITABLE_GENERATOR 0x08
170 # define DH_CHECK_Q_NOT_PRIME 0x10
171 # define DH_CHECK_INVALID_Q_VALUE 0x20
172 # define DH_CHECK_INVALID_J_VALUE 0x40
173 
174 /* DH_check_pub_key error codes */
175 # define DH_CHECK_PUBKEY_TOO_SMALL 0x01
176 # define DH_CHECK_PUBKEY_TOO_LARGE 0x02
177 
178 /*
179  * primes p where (p-1)/2 is prime too are called "safe"; we define this for
180  * backward compatibility:
181  */
182 # define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
183 
184 # define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
185  (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
186 # define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
187  (unsigned char *)(x))
188 # define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
189 # define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
190 
191 DH *DHparams_dup(DH *);
192 
193 const DH_METHOD *DH_OpenSSL(void);
194 
195 void DH_set_default_method(const DH_METHOD *meth);
196 const DH_METHOD *DH_get_default_method(void);
197 int DH_set_method(DH *dh, const DH_METHOD *meth);
198 DH *DH_new_method(ENGINE *engine);
199 
200 DH *DH_new(void);
201 void DH_free(DH *dh);
202 int DH_up_ref(DH *dh);
203 int DH_size(const DH *dh);
204 int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
205  CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
206 int DH_set_ex_data(DH *d, int idx, void *arg);
207 void *DH_get_ex_data(DH *d, int idx);
208 
209 /* Deprecated version */
210 # ifndef OPENSSL_NO_DEPRECATED
211 DH *DH_generate_parameters(int prime_len, int generator,
212  void (*callback) (int, int, void *), void *cb_arg);
213 # endif /* !defined(OPENSSL_NO_DEPRECATED) */
214 
215 /* New version */
216 int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
217  BN_GENCB *cb);
218 
219 int DH_check(const DH *dh, int *codes);
220 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
221 int DH_generate_key(DH *dh);
222 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
223 int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
224 DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
225 int i2d_DHparams(const DH *a, unsigned char **pp);
226 DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length);
227 int i2d_DHxparams(const DH *a, unsigned char **pp);
228 # ifndef OPENSSL_NO_FP_API
229 int DHparams_print_fp(FILE *fp, const DH *x);
230 # endif
231 # ifndef OPENSSL_NO_BIO
232 int DHparams_print(BIO *bp, const DH *x);
233 # else
234 int DHparams_print(char *bp, const DH *x);
235 # endif
236 
237 /* RFC 5114 parameters */
238 DH *DH_get_1024_160(void);
239 DH *DH_get_2048_224(void);
240 DH *DH_get_2048_256(void);
241 
242 /* RFC2631 KDF */
243 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
244  const unsigned char *Z, size_t Zlen,
245  ASN1_OBJECT *key_oid,
246  const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
247 
248 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
249  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
250  EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
251 
252 # define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
253  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
254  EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
255 
256 # define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
257  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
258  EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
259 
260 # define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
261  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
262  EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
263 
264 # define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
265  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
266  EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
267 
268 # define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
269  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
270  EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
271 
272 # define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
273  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
274  EVP_PKEY_OP_DERIVE, \
275  EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
276 
277 # define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
278  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
279  EVP_PKEY_OP_DERIVE, \
280  EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
281 
282 # define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
283  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
284  EVP_PKEY_OP_DERIVE, \
285  EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid)
286 
287 # define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
288  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
289  EVP_PKEY_OP_DERIVE, \
290  EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid)
291 
292 # define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
293  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
294  EVP_PKEY_OP_DERIVE, \
295  EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md)
296 
297 # define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
298  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
299  EVP_PKEY_OP_DERIVE, \
300  EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd)
301 
302 # define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
303  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
304  EVP_PKEY_OP_DERIVE, \
305  EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
306 
307 # define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
308  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
309  EVP_PKEY_OP_DERIVE, \
310  EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen)
311 
312 # define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
313  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
314  EVP_PKEY_OP_DERIVE, \
315  EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p)
316 
317 # define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
318  EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
319  EVP_PKEY_OP_DERIVE, \
320  EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p)
321 
322 # define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
323 # define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
324 # define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3)
325 # define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4)
326 # define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5)
327 # define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6)
328 # define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7)
329 # define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8)
330 # define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9)
331 # define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10)
332 # define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11)
333 # define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12)
334 # define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13)
335 # define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14)
336 
337 /* KDF types */
338 # define EVP_PKEY_DH_KDF_NONE 1
339 # define EVP_PKEY_DH_KDF_X9_42 2
340 
341 /* BEGIN ERROR CODES */
342 /*
343  * The following lines are auto generated by the script mkerr.pl. Any changes
344  * made after this point may be overwritten when the script is next run.
345  */
346 void ERR_load_DH_strings(void);
347 
348 /* Error codes for the DH functions. */
349 
350 /* Function codes. */
351 # define DH_F_COMPUTE_KEY 102
352 # define DH_F_DHPARAMS_PRINT_FP 101
353 # define DH_F_DH_BUILTIN_GENPARAMS 106
354 # define DH_F_DH_CMS_DECRYPT 117
355 # define DH_F_DH_CMS_SET_PEERKEY 118
356 # define DH_F_DH_CMS_SET_SHARED_INFO 119
357 # define DH_F_DH_COMPUTE_KEY 114
358 # define DH_F_DH_GENERATE_KEY 115
359 # define DH_F_DH_GENERATE_PARAMETERS_EX 116
360 # define DH_F_DH_NEW_METHOD 105
361 # define DH_F_DH_PARAM_DECODE 107
362 # define DH_F_DH_PRIV_DECODE 110
363 # define DH_F_DH_PRIV_ENCODE 111
364 # define DH_F_DH_PUB_DECODE 108
365 # define DH_F_DH_PUB_ENCODE 109
366 # define DH_F_DO_DH_PRINT 100
367 # define DH_F_GENERATE_KEY 103
368 # define DH_F_GENERATE_PARAMETERS 104
369 # define DH_F_PKEY_DH_DERIVE 112
370 # define DH_F_PKEY_DH_KEYGEN 113
371 
372 /* Reason codes. */
373 # define DH_R_BAD_GENERATOR 101
374 # define DH_R_BN_DECODE_ERROR 109
375 # define DH_R_BN_ERROR 106
376 # define DH_R_DECODE_ERROR 104
377 # define DH_R_INVALID_PUBKEY 102
378 # define DH_R_KDF_PARAMETER_ERROR 112
379 # define DH_R_KEYS_NOT_SET 108
380 # define DH_R_KEY_SIZE_TOO_SMALL 110
381 # define DH_R_MODULUS_TOO_LARGE 103
382 # define DH_R_NON_FIPS_METHOD 111
383 # define DH_R_NO_PARAMETERS_SET 107
384 # define DH_R_NO_PRIVATE_VALUE 100
385 # define DH_R_PARAMETER_ENCODING_ERROR 105
386 # define DH_R_PEER_KEY_ERROR 113
387 # define DH_R_SHARED_INFO_ERROR 114
388 
389 #ifdef __cplusplus
390 }
391 #endif
392 #endif