1*40d67ee7Sschwarze.\" $OpenBSD: DH_generate_parameters.3,v 1.14 2022/07/13 13:47:59 schwarze Exp $ 2*40d67ee7Sschwarze.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 3*40d67ee7Sschwarze.\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 4cde9f20fSschwarze.\" 5*40d67ee7Sschwarze.\" This file is a derived work. 6*40d67ee7Sschwarze.\" The changes are covered by the following Copyright and license: 7*40d67ee7Sschwarze.\" 8*40d67ee7Sschwarze.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org> 9*40d67ee7Sschwarze.\" 10*40d67ee7Sschwarze.\" Permission to use, copy, modify, and distribute this software for any 11*40d67ee7Sschwarze.\" purpose with or without fee is hereby granted, provided that the above 12*40d67ee7Sschwarze.\" copyright notice and this permission notice appear in all copies. 13*40d67ee7Sschwarze.\" 14*40d67ee7Sschwarze.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 15*40d67ee7Sschwarze.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 16*40d67ee7Sschwarze.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 17*40d67ee7Sschwarze.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 18*40d67ee7Sschwarze.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19*40d67ee7Sschwarze.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20*40d67ee7Sschwarze.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21*40d67ee7Sschwarze.\" 22*40d67ee7Sschwarze.\" The original file was written by Ulf Moeller <ulf@openssl.org> 23*40d67ee7Sschwarze.\" and Matt Caswell <matt@openssl.org>. 24cde9f20fSschwarze.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. 25cde9f20fSschwarze.\" 26cde9f20fSschwarze.\" Redistribution and use in source and binary forms, with or without 27cde9f20fSschwarze.\" modification, are permitted provided that the following conditions 28cde9f20fSschwarze.\" are met: 29cde9f20fSschwarze.\" 30cde9f20fSschwarze.\" 1. Redistributions of source code must retain the above copyright 31cde9f20fSschwarze.\" notice, this list of conditions and the following disclaimer. 32cde9f20fSschwarze.\" 33cde9f20fSschwarze.\" 2. Redistributions in binary form must reproduce the above copyright 34cde9f20fSschwarze.\" notice, this list of conditions and the following disclaimer in 35cde9f20fSschwarze.\" the documentation and/or other materials provided with the 36cde9f20fSschwarze.\" distribution. 37cde9f20fSschwarze.\" 38cde9f20fSschwarze.\" 3. All advertising materials mentioning features or use of this 39cde9f20fSschwarze.\" software must display the following acknowledgment: 40cde9f20fSschwarze.\" "This product includes software developed by the OpenSSL Project 41cde9f20fSschwarze.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 42cde9f20fSschwarze.\" 43cde9f20fSschwarze.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 44cde9f20fSschwarze.\" endorse or promote products derived from this software without 45cde9f20fSschwarze.\" prior written permission. For written permission, please contact 46cde9f20fSschwarze.\" openssl-core@openssl.org. 47cde9f20fSschwarze.\" 48cde9f20fSschwarze.\" 5. Products derived from this software may not be called "OpenSSL" 49cde9f20fSschwarze.\" nor may "OpenSSL" appear in their names without prior written 50cde9f20fSschwarze.\" permission of the OpenSSL Project. 51cde9f20fSschwarze.\" 52cde9f20fSschwarze.\" 6. Redistributions of any form whatsoever must retain the following 53cde9f20fSschwarze.\" acknowledgment: 54cde9f20fSschwarze.\" "This product includes software developed by the OpenSSL Project 55cde9f20fSschwarze.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 56cde9f20fSschwarze.\" 57cde9f20fSschwarze.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 58cde9f20fSschwarze.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 59cde9f20fSschwarze.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 60cde9f20fSschwarze.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 61cde9f20fSschwarze.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 62cde9f20fSschwarze.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 63cde9f20fSschwarze.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 64cde9f20fSschwarze.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 65cde9f20fSschwarze.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 66cde9f20fSschwarze.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 67cde9f20fSschwarze.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 68cde9f20fSschwarze.\" OF THE POSSIBILITY OF SUCH DAMAGE. 698974101aSjmc.\" 70*40d67ee7Sschwarze.Dd $Mdocdate: July 13 2022 $ 71526c24c9Sschwarze.Dt DH_GENERATE_PARAMETERS 3 72526c24c9Sschwarze.Os 73526c24c9Sschwarze.Sh NAME 74526c24c9Sschwarze.Nm DH_generate_parameters_ex , 75d06d0309Sjmc.Nm DH_check , 76*40d67ee7Sschwarze.Nm DH_check_pub_key , 77d06d0309Sjmc.Nm DH_generate_parameters 78526c24c9Sschwarze.Nd generate and check Diffie-Hellman parameters 79526c24c9Sschwarze.Sh SYNOPSIS 80526c24c9Sschwarze.In openssl/dh.h 81526c24c9Sschwarze.Ft int 82526c24c9Sschwarze.Fo DH_generate_parameters_ex 83526c24c9Sschwarze.Fa "DH *dh" 84526c24c9Sschwarze.Fa "int prime_len" 85526c24c9Sschwarze.Fa "int generator" 86526c24c9Sschwarze.Fa "BN_GENCB *cb" 87526c24c9Sschwarze.Fc 88526c24c9Sschwarze.Ft int 89526c24c9Sschwarze.Fo DH_check 90526c24c9Sschwarze.Fa "DH *dh" 91526c24c9Sschwarze.Fa "int *codes" 92526c24c9Sschwarze.Fc 93*40d67ee7Sschwarze.Ft int 94*40d67ee7Sschwarze.Fo DH_check_pub_key 95*40d67ee7Sschwarze.Fa "const DH *dh" 96*40d67ee7Sschwarze.Fa "const BIGNUM *pub_key" 97*40d67ee7Sschwarze.Fa "int *codes" 98*40d67ee7Sschwarze.Fc 99526c24c9Sschwarze.Pp 100526c24c9SschwarzeDeprecated: 101526c24c9Sschwarze.Pp 102526c24c9Sschwarze.Ft DH * 103526c24c9Sschwarze.Fo DH_generate_parameters 104526c24c9Sschwarze.Fa "int prime_len" 105526c24c9Sschwarze.Fa "int generator" 106e32e8344Sschwarze.Fa "void (*callback)(int, int, void *)" 107526c24c9Sschwarze.Fa "void *cb_arg" 108526c24c9Sschwarze.Fc 109526c24c9Sschwarze.Sh DESCRIPTION 110526c24c9Sschwarze.Fn DH_generate_parameters_ex 111526c24c9Sschwarzegenerates Diffie-Hellman parameters that can be shared among a group of 112526c24c9Sschwarzeusers, and stores them in the provided 113526c24c9Sschwarze.Vt DH 114526c24c9Sschwarzestructure. 115526c24c9Sschwarze.Pp 116526c24c9Sschwarze.Fa prime_len 117526c24c9Sschwarzeis the length in bits of the safe prime to be generated. 118526c24c9Sschwarze.Fa generator 119526c24c9Sschwarzeis a small number > 1, typically 2 or 5. 120526c24c9Sschwarze.Pp 121526c24c9SschwarzeA callback function may be used to provide feedback about the progress 122526c24c9Sschwarzeof the key generation. 123526c24c9SschwarzeIf 124526c24c9Sschwarze.Fa cb 125526c24c9Sschwarzeis not 126526c24c9Sschwarze.Dv NULL , 127526c24c9Sschwarzeit will be called as described in 128526c24c9Sschwarze.Xr BN_generate_prime 3 129526c24c9Sschwarzewhile a random prime number is generated, and when a prime has been 130526c24c9Sschwarzefound, 131526c24c9Sschwarze.Fn BN_GENCB_call cb 3 0 132526c24c9Sschwarzeis called; see 133526c24c9Sschwarze.Xr BN_GENCB_call 3 . 134526c24c9Sschwarze.Pp 135526c24c9Sschwarze.Fn DH_check 136526c24c9Sschwarzevalidates Diffie-Hellman parameters. 137cde9f20fSschwarzeIf no problems are found, 138cde9f20fSschwarze.Pf * Ar codes 139cde9f20fSschwarzeis set to zero. 140cde9f20fSschwarzeOtherwise, one or more of the following bits are set: 141cde9f20fSschwarze.Bl -tag -width Ds 142cde9f20fSschwarze.It Dv DH_CHECK_P_NOT_PRIME 143cde9f20fSschwarzeThe parameter 144526c24c9Sschwarze.Fa dh->p 145cde9f20fSschwarzeis not prime. 146cde9f20fSschwarze.It Dv DH_CHECK_P_NOT_SAFE_PRIME 147cde9f20fSschwarzeThe parameter 148cde9f20fSschwarze.Fa dh->p 149cde9f20fSschwarzeis not a safe prime. 150cde9f20fSschwarze.It Dv DH_UNABLE_TO_CHECK_GENERATOR 151cde9f20fSschwarzeThe generator 152526c24c9Sschwarze.Fa dh->g 153cde9f20fSschwarzecannot be checked for suitability: it is neither 2 nor 5. 154cde9f20fSschwarze.It Dv DH_NOT_SUITABLE_GENERATOR 155cde9f20fSschwarzeThe generator 156cde9f20fSschwarze.Fa dh->g 157cde9f20fSschwarzeis not suitable. 158cde9f20fSschwarze.El 159*40d67ee7Sschwarze.Pp 160*40d67ee7Sschwarze.Fn DH_check_pub_key 161*40d67ee7Sschwarzechecks whether 162*40d67ee7Sschwarze.Fa pub_key 163*40d67ee7Sschwarzeis a valid public key when using the domain parameters contained in 164*40d67ee7Sschwarze.Fa dh . 165*40d67ee7SschwarzeIf no problems are found, 166*40d67ee7Sschwarze.Pf * Ar codes 167*40d67ee7Sschwarzeis set to zero. 168*40d67ee7SschwarzeOtherwise, one or more of the following bits are set: 169*40d67ee7Sschwarze.Bl -tag -width Ds 170*40d67ee7Sschwarze.It Dv DH_CHECK_PUBKEY_TOO_SMALL 171*40d67ee7Sschwarze.Fa pub_key 172*40d67ee7Sschwarzeis less than or equal to 1. 173*40d67ee7Sschwarze.It Dv DH_CHECK_PUBKEY_TOO_LARGE 174*40d67ee7Sschwarze.Fa pub_key 175*40d67ee7Sschwarzeis greater than or equal to 176*40d67ee7Sschwarze.Fa dh->p No \- 1 . 177*40d67ee7Sschwarze.It DH_CHECK_PUBKEY_INVALID 178*40d67ee7Sschwarze.Fa dh->q 179*40d67ee7Sschwarzeis set but 180*40d67ee7Sschwarze.Fa pub_key 181*40d67ee7Sschwarzeto the power of 182*40d67ee7Sschwarze.Fa dh->q 183*40d67ee7Sschwarzeis not 1 modulo 184*40d67ee7Sschwarze.Fa dh->p . 185*40d67ee7Sschwarze.El 186526c24c9Sschwarze.Sh RETURN VALUES 187*40d67ee7Sschwarze.Fn DH_generate_parameters_ex , 188*40d67ee7Sschwarze.Fn DH_check , 189526c24c9Sschwarzeand 190*40d67ee7Sschwarze.Fn DH_check_pub_key 191*40d67ee7Sschwarzereturn 1 if the check could be performed or 0 otherwise. 192526c24c9Sschwarze.Pp 193526c24c9Sschwarze.Fn DH_generate_parameters 194526c24c9Sschwarze(deprecated) returns a pointer to the 195526c24c9Sschwarze.Vt DH 196526c24c9Sschwarzestructure, or 197526c24c9Sschwarze.Dv NULL 198526c24c9Sschwarzeif the parameter generation fails. 199526c24c9Sschwarze.Pp 200526c24c9SschwarzeThe error codes can be obtained by 201526c24c9Sschwarze.Xr ERR_get_error 3 . 202526c24c9Sschwarze.Sh SEE ALSO 2036f64bd5eSschwarze.Xr DH_get0_pqg 3 , 204ab3cf6dbSschwarze.Xr DH_new 3 205526c24c9Sschwarze.Sh HISTORY 206526c24c9Sschwarze.Fn DH_check 2075eb75acbSschwarzeand 2085eb75acbSschwarze.Fn DH_generate_parameters 20910e00d17Sschwarzefirst appeared in SSLeay 0.5.1 and have been available since 2105eb75acbSschwarze.Ox 2.4 . 2115eb75acbSschwarze.Pp 212526c24c9SschwarzeThe 213526c24c9Sschwarze.Fa cb_arg 214526c24c9Sschwarzeargument to 215526c24c9Sschwarze.Fn DH_generate_parameters 216526c24c9Sschwarzewas added in SSLeay 0.9.0. 217526c24c9Sschwarze.Pp 218*40d67ee7Sschwarze.Fn DH_check_pub_key 219*40d67ee7Sschwarzefirst appeared in OpenSSL 0.9.8a and has been available since 220*40d67ee7Sschwarze.Ox 4.0 . 2214b12da35Sschwarze.Pp 2224b12da35Sschwarze.Fn DH_generate_parameters_ex 2234b12da35Sschwarzefirst appeared in OpenSSL 0.9.8 and has been available since 2244b12da35Sschwarze.Ox 4.5 . 225526c24c9Sschwarze.Sh CAVEATS 226526c24c9Sschwarze.Fn DH_generate_parameters_ex 227526c24c9Sschwarzeand 228526c24c9Sschwarze.Fn DH_generate_parameters 229526c24c9Sschwarzemay run for several hours before finding a suitable prime. 230526c24c9Sschwarze.Pp 231526c24c9SschwarzeThe parameters generated by 232526c24c9Sschwarze.Fn DH_generate_parameters_ex 233526c24c9Sschwarzeand 234526c24c9Sschwarze.Fn DH_generate_parameters 235526c24c9Sschwarzeare not to be used in signature schemes. 236526c24c9Sschwarze.Sh BUGS 237526c24c9SschwarzeIf 238526c24c9Sschwarze.Fa generator 239526c24c9Sschwarzeis not 2 or 5, 240526c24c9Sschwarze.Fa dh->g Ns = Ns Fa generator 241526c24c9Sschwarzeis not a usable generator. 242