src: refactor DH groups to delete crypto_groups.h

Rewrite FindDiffieHellmanGroup() using OpenSSL helper functions to obtain the required constants directly, instead of loading them from our own crypto_groups.h and converting them to BIGNUMs. This also removes the need for the struct modp_group, so we can delete crypto_groups.h altogether. PR-URL: #43896 Reviewed-By: Filip Skokan <panva.ip@gmail.com>
nodejs · Jul 26, 2022 · bf8f2e23ff231b4c77f6187eb6ef3b6297898394 · bf8f2e2
1 parent 8a2a6e1
commit bf8f2e23ff231b4c77f6187eb6ef3b6297898394
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 432 deletions.
diff --git a/src/crypto/crypto_dh.cc b/src/crypto/crypto_dh.cc
@@ -1,7 +1,6 @@
 #include "crypto/crypto_dh.h"
 #include "async_wrap-inl.h"
 #include "base_object-inl.h"
-#include "crypto/crypto_groups.h"
 #include "crypto/crypto_keys.h"
 #include "env-inl.h"
 #include "memory_tracker-inl.h"
@@ -138,6 +137,15 @@ void DiffieHellman::MemoryInfo(MemoryTracker* tracker) const {
   tracker->TrackFieldWithSize("dh", dh_ ? kSizeOf_DH : 0);
 }
 
+bool DiffieHellman::Init(BignumPointer&& bn_p, int g) {
+  dh_.reset(DH_new());
+  CHECK_GE(g, 2);
+  BignumPointer bn_g(BN_new());
+  return bn_g && BN_set_word(bn_g.get(), g) &&
+         DH_set0_pqg(dh_.get(), bn_p.release(), nullptr, bn_g.release()) &&
+         VerifyContext();
+}
+
 bool DiffieHellman::Init(const char* p, int p_len, int g) {
   dh_.reset(DH_new());
   if (p_len <= 0) {
@@ -192,11 +200,29 @@ bool DiffieHellman::Init(const char* p, int p_len, const char* g, int g_len) {
   return VerifyContext();
 }
 
-inline const modp_group* FindDiffieHellmanGroup(const char* name) {
-  for (const modp_group& group : modp_groups) {
-    if (StringEqualNoCase(name, group.name))
-      return &group;
-  }
+constexpr int kStandardizedGenerator = 2;
+
+template <BIGNUM* (*p)(BIGNUM*)>
+BignumPointer InstantiateStandardizedGroup() {
+  return BignumPointer(p(nullptr));
+}
+
+typedef BignumPointer (*StandardizedGroupInstantiator)();
+
+// Returns a function that can be used to create an instance of a standardized
+// Diffie-Hellman group. The generator is always kStandardizedGenerator.
+inline StandardizedGroupInstantiator FindDiffieHellmanGroup(const char* name) {
+#define V(n, p)                                                                \
+  if (StringEqualNoCase(name, n)) return InstantiateStandardizedGroup<p>
+  V("modp1", BN_get_rfc2409_prime_768);
+  V("modp2", BN_get_rfc2409_prime_1024);
+  V("modp5", BN_get_rfc3526_prime_1536);
+  V("modp14", BN_get_rfc3526_prime_2048);
+  V("modp15", BN_get_rfc3526_prime_3072);
+  V("modp16", BN_get_rfc3526_prime_4096);
+  V("modp17", BN_get_rfc3526_prime_6144);
+  V("modp18", BN_get_rfc3526_prime_8192);
+#undef V
   return nullptr;
 }
 
@@ -211,13 +237,11 @@ void DiffieHellman::DiffieHellmanGroup(
   bool initialized = false;
 
   const node::Utf8Value group_name(env->isolate(), args[0]);
-  const modp_group* group = FindDiffieHellmanGroup(*group_name);
+  auto group = FindDiffieHellmanGroup(*group_name);
   if (group == nullptr)
     return THROW_ERR_CRYPTO_UNKNOWN_DH_GROUP(env);
 
-  initialized = diffieHellman->Init(group->prime,
-                                    group->prime_size,
-                                    group->gen);
+  initialized = diffieHellman->Init(group(), kStandardizedGenerator);
   if (!initialized)
     THROW_ERR_CRYPTO_INITIALIZATION_FAILED(env);
 }
@@ -480,16 +504,14 @@ Maybe<bool> DhKeyGenTraits::AdditionalConfig(
 
   if (args[*offset]->IsString()) {
     Utf8Value group_name(env->isolate(), args[*offset]);
-    const modp_group* group = FindDiffieHellmanGroup(*group_name);
+    auto group = FindDiffieHellmanGroup(*group_name);
     if (group == nullptr) {
       THROW_ERR_CRYPTO_UNKNOWN_DH_GROUP(env);
       return Nothing<bool>();
     }
 
-    params->params.prime = BignumPointer(
-        BN_bin2bn(reinterpret_cast<const unsigned char*>(group->prime),
-                  group->prime_size, nullptr));
-    params->params.generator = group->gen;
+    params->params.prime = group();
+    params->params.generator = kStandardizedGenerator;
     *offset += 1;
   } else {
     if (args[*offset]->IsInt32()) {

diff --git a/src/crypto/crypto_dh.h b/src/crypto/crypto_dh.h
@@ -20,6 +20,7 @@ class DiffieHellman : public BaseObject {
   static void RegisterExternalReferences(ExternalReferenceRegistry* registry);
 
   bool Init(int primeLength, int g);
+  bool Init(BignumPointer&& bn_p, int g);
   bool Init(const char* p, int p_len, int g);
   bool Init(const char* p, int p_len, const char* g, int g_len);