mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix DH_get_nid() so that it does not cache values.

Browse Source 
DH_set0_pqg() is now responsible for caching the nid, q and length.

DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1)
when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation.

The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be
in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p.

Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names).
The BIGNUMS were code generated.

Fix error in documented return value for DH_get_nid

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11562)
This commit is contained in:
Shane Lontis 2020-04-20 11:07:38 +10:00
parent 9e537cd2ad
commit 738ee1819e
19 changed files with 573 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

468
crypto/bn/bn_dh.c
View File

@ -45,9 +45,23 @@ static const BN_ULONG modp_1536_p[] = {
BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
};
/* q = (p - 1) / 2 */
static const BN_ULONG modp_1536_q[] = {
BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x6511B993, 0x78BA3604),
BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483),
BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91),
BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B),
BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328),
BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD),
BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174),
BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6),
BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9),
BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53),
BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF)
};
# endif /* FIPS_MODE */
/*-
* "2048-bit MODP Group" from RFC3526, Section 3.
*
@ -73,6 +87,25 @@ static const BN_ULONG modp_2048_p[] = {
BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
};
/* q = (p - 1) / 2 */
static const BN_ULONG modp_2048_q[] = {
BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x45565534, 0x0AB9472D),
BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE),
BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8),
BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96),
BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604),
BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483),
BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91),
BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B),
BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328),
BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD),
BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174),
BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6),
BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9),
BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53),
BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
};
/*-
* "3072-bit MODP Group" from RFC3526, Section 4.
@ -107,7 +140,33 @@ static const BN_ULONG modp_3072_p[] = {
BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
};
/* q = (p - 1) / 2 */
static const BN_ULONG modp_3072_q[] = {
BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x549D6965, 0x25C16890),
BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0),
BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB),
BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139),
BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913),
BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746),
BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB),
BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5),
BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D),
BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE),
BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8),
BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96),
BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604),
BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483),
BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91),
BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B),
BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328),
BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD),
BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174),
BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6),
BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9),
BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53),
BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
};
/*-
* "4096-bit MODP Group" from RFC3526, Section 5.
@ -150,6 +209,41 @@ static const BN_ULONG modp_4096_p[] = {
BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
};
/* q = (p - 1) / 2 */
static const BN_ULONG modp_4096_q[] = {
BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x9A0318CC, 0xA6FA1AE4),
BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C),
BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB),
BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3),
BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3),
BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D),
BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A),
BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08),
BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890),
BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0),
BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB),
BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139),
BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913),
BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746),
BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB),
BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5),
BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D),
BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE),
BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8),
BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96),
BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604),
BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483),
BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91),
BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B),
BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328),
BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD),
BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174),
BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6),
BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9),
BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53),
BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
};
/*-
* "6144-bit MODP Group" from RFC3526, Section 6.
@ -208,6 +302,57 @@ static const BN_ULONG modp_6144_p[] = {
BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
};
/* q = (p - 1) / 2 */
static const BN_ULONG modp_6144_q[] = {
BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x36E62012, 0x734A7C8F),
BN_DEF(0x85BA3A6B, 0x095F96AD), BN_DEF(0x1FA43077, 0x021F47B3),
BN_DEF(0xB71E0234, 0x1C3FF46B), BN_DEF(0x17794B19, 0x6D2B64F6),
BN_DEF(0xD189EAAE, 0x758CE658), BN_DEF(0xC50FDFF8, 0x7AA8551E),
BN_DEF(0xDBE2ED3B, 0x0350EAC5), BN_DEF(0x794DF194, 0x53CB8AF7),
BN_DEF(0x07C01BF0, 0x0A662F69), BN_DEF(0x5FA470EC, 0x6647B6BF),
BN_DEF(0x15A0AA55, 0xA5EA03D9), BN_DEF(0xFFAC2D62, 0x078EA2DB),
BN_DEF(0x1B66445F, 0x91D4BD3F), BN_DEF(0xDF63F479, 0x2CF3E4BF),
BN_DEF(0xC8058E4F, 0x5AD42018), BN_DEF(0xA34C0641, 0x6AAF3817),
BN_DEF(0x373A7F7B, 0xFA416BE7), BN_DEF(0xE8B90E81, 0x7819750A),
BN_DEF(0xE325C976, 0xACC1E500), BN_DEF(0x9BC6695F, 0x37DC7A00),
BN_DEF(0x95EBD7A1, 0x999028A8), BN_DEF(0xF36612A5, 0xEDBF8A23),
BN_DEF(0x676A5D8D, 0xA267365D), BN_DEF(0xE7CD8A76, 0x6D1F6DF5),
BN_DEF(0x432D448C, 0x8BCB93D8), BN_DEF(0xC813EC18, 0x583529F6),
BN_DEF(0xA09800D7, 0x72ED9C17), BN_DEF(0x56CF2987, 0xFC7FCA03),
BN_DEF(0x1EDD1BDE, 0x64BA8F3B), BN_DEF(0x3013236F, 0x60EA6E59),
BN_DEF(0x693E3813, 0x1B61FD5A), BN_DEF(0x9A014249, 0xA6FA1AE4),
BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C),
BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB),
BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3),
BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3),
BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D),
BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A),
BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08),
BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890),
BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0),
BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB),
BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139),
BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913),
BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746),
BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB),
BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5),
BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D),
BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE),
BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8),
BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96),
BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604),
BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483),
BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91),
BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B),
BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328),
BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD),
BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174),
BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6),
BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9),
BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53),
BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
};
/*
* "8192-bit MODP Group" from RFC3526, Section 7.
@ -282,6 +427,73 @@ static const BN_ULONG modp_8192_p[] = {
BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
};
/* q = (p - 1) / 2 */
static const BN_ULONG modp_8192_q[] = {
BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xCC76E9EF, 0xB064C06E),
BN_DEF(0x405CB738, 0xE40FAB74), BN_DEF(0x3B2B4A6F, 0x4F182871),
BN_DEF(0xAB3BF4D5, 0xCAAC7223), BN_DEF(0x7E013723, 0xE48C86D3),
BN_DEF(0x6AF71C15, 0xC44D0017), BN_DEF(0xA40E366B, 0x2004A1C5),
BN_DEF(0x75C3CFC9, 0x1AC8237A), BN_DEF(0x8F67D134, 0xFD79B5E1),
BN_DEF(0xBF73A6B9, 0xD8EA885E), BN_DEF(0xAEF6BF50, 0xFCD5A40C),
BN_DEF(0x8423428E, 0xB2798E62), BN_DEF(0xD012AEE0, 0x22CBF44C),
BN_DEF(0x3A55B51B, 0xEF988770), BN_DEF(0x1FA27C16, 0x369509FC),
BN_DEF(0xD9D13C53, 0x03159E7A), BN_DEF(0xF6ADEE9D, 0x3CB41981),
BN_DEF(0xD16043F4, 0xFD4EA5BF), BN_DEF(0x17C1C2EE, 0xA5E5E443),
BN_DEF(0x36751835, 0x9A39FE32), BN_DEF(0x0D11F863, 0x89F5ABD4),
BN_DEF(0x5201BE03, 0x91111702), BN_DEF(0x7E42456C, 0xF1FEDC5F),
BN_DEF(0xF1CEB296, 0x11C78B65), BN_DEF(0x15F8E4BC, 0x1A11DA3A),
BN_DEF(0x2D727AB4, 0x1D55B1CE), BN_DEF(0xB5D21233, 0x92BB7B49),
BN_DEF(0xC57E23F6, 0x3A0FD3DF), BN_DEF(0x46CEE980, 0x1DE4195B),
BN_DEF(0x39DC98DD, 0x6C5F6268), BN_DEF(0x54996FC6, 0x1C3BBE5B),
BN_DEF(0x897F72F2, 0xBA51C937), BN_DEF(0x36DF08AC, 0x734A7C8F),
BN_DEF(0x85BA3A6B, 0x095F96AD), BN_DEF(0x1FA43077, 0x021F47B3),
BN_DEF(0xB71E0234, 0x1C3FF46B), BN_DEF(0x17794B19, 0x6D2B64F6),
BN_DEF(0xD189EAAE, 0x758CE658), BN_DEF(0xC50FDFF8, 0x7AA8551E),
BN_DEF(0xDBE2ED3B, 0x0350EAC5), BN_DEF(0x794DF194, 0x53CB8AF7),
BN_DEF(0x07C01BF0, 0x0A662F69), BN_DEF(0x5FA470EC, 0x6647B6BF),
BN_DEF(0x15A0AA55, 0xA5EA03D9), BN_DEF(0xFFAC2D62, 0x078EA2DB),
BN_DEF(0x1B66445F, 0x91D4BD3F), BN_DEF(0xDF63F479, 0x2CF3E4BF),
BN_DEF(0xC8058E4F, 0x5AD42018), BN_DEF(0xA34C0641, 0x6AAF3817),
BN_DEF(0x373A7F7B, 0xFA416BE7), BN_DEF(0xE8B90E81, 0x7819750A),
BN_DEF(0xE325C976, 0xACC1E500), BN_DEF(0x9BC6695F, 0x37DC7A00),
BN_DEF(0x95EBD7A1, 0x999028A8), BN_DEF(0xF36612A5, 0xEDBF8A23),
BN_DEF(0x676A5D8D, 0xA267365D), BN_DEF(0xE7CD8A76, 0x6D1F6DF5),
BN_DEF(0x432D448C, 0x8BCB93D8), BN_DEF(0xC813EC18, 0x583529F6),
BN_DEF(0xA09800D7, 0x72ED9C17), BN_DEF(0x56CF2987, 0xFC7FCA03),
BN_DEF(0x1EDD1BDE, 0x64BA8F3B), BN_DEF(0x3013236F, 0x60EA6E59),
BN_DEF(0x693E3813, 0x1B61FD5A), BN_DEF(0x9A014249, 0xA6FA1AE4),
BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C),
BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB),
BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3),
BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3),
BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D),
BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A),
BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08),
BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890),
BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0),
BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB),
BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139),
BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913),
BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746),
BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB),
BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5),
BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D),
BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE),
BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8),
BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96),
BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604),
BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483),
BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91),
BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B),
BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328),
BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD),
BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174),
BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6),
BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9),
BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53),
BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
};
/* DH parameters from RFC5114 */
static const BN_ULONG dh1024_160_p[] = {
@ -294,7 +506,10 @@ static const BN_ULONG dh1024_160_p[] = {
BN_DEF(0x52D23B61, 0x9A6A9DCA), BN_DEF(0xFB06A3C6, 0x52C99FBC),
BN_DEF(0xAE5D54EC, 0xDE92DE5E), BN_DEF(0xA080E01D, 0xB10B8F96)
};
static const BN_ULONG dh1024_160_q[] = {
BN_DEF(0x49462353, 0x64B7CB9D), BN_DEF(0x8ABA4E7D, 0x81A8DF27),
(BN_ULONG)0xF518AA87
};
static const BN_ULONG dh1024_160_g[] = {
BN_DEF(0x22B3B2E5, 0x855E6EEB), BN_DEF(0xF97C2A24, 0x858F4DCE),
BN_DEF(0x18D08BC8, 0x2D779D59), BN_DEF(0x8E73AFA3, 0xD662A4D1),
@ -306,11 +521,6 @@ static const BN_ULONG dh1024_160_g[] = {
BN_DEF(0xEFB99905, 0x6765A442), BN_DEF(0xC3FD3412, 0xA4D1CBD5)
};
static const BN_ULONG dh1024_160_q[] = {
BN_DEF(0x49462353, 0x64B7CB9D), BN_DEF(0x8ABA4E7D, 0x81A8DF27),
(BN_ULONG)0xF518AA87
};
static const BN_ULONG dh2048_224_p[] = {
BN_DEF(0x0C10E64F, 0x0AC4DFFE), BN_DEF(0x4E71B81C, 0xCF9DE538),
BN_DEF(0xFFA31F71, 0x7EF363E2), BN_DEF(0x6B8E75B9, 0xE3FB73C1),
@ -329,7 +539,10 @@ static const BN_ULONG dh2048_224_p[] = {
BN_DEF(0xB61D0A75, 0xB54B1597), BN_DEF(0x683B9FD1, 0xA20D64E5),
BN_DEF(0x9559C51F, 0xD660FAA7), BN_DEF(0x9123A9D0, 0xAD107E1E)
};
static const BN_ULONG dh2048_224_q[] = {
BN_DEF(0xB36371EB, 0xBF389A99), BN_DEF(0x4738CEBC, 0x1F80535A),
BN_DEF(0x99717710, 0xC58D93FE), (BN_ULONG)0x801C0D34
};
static const BN_ULONG dh2048_224_g[] = {
BN_DEF(0x191F2BFA, 0x84B890D3), BN_DEF(0x2A7065B3, 0x81BC087F),
BN_DEF(0xF6EC0179, 0x19C418E1), BN_DEF(0x71CFFF4C, 0x7B5A0F1C),
@ -349,11 +562,6 @@ static const BN_ULONG dh2048_224_g[] = {
BN_DEF(0x8FFDAC50, 0x9DF30B5C), BN_DEF(0x4F2D9AE3, 0xAC4032EF)
};
static const BN_ULONG dh2048_224_q[] = {
BN_DEF(0xB36371EB, 0xBF389A99), BN_DEF(0x4738CEBC, 0x1F80535A),
BN_DEF(0x99717710, 0xC58D93FE), (BN_ULONG)0x801C0D34
};
static const BN_ULONG dh2048_256_p[] = {
BN_DEF(0x1E1A1597, 0xDB094AE9), BN_DEF(0xD7EF09CA, 0x693877FA),
BN_DEF(0x6E11715F, 0x6116D227), BN_DEF(0xC198AF12, 0xA4B54330),
@ -372,7 +580,10 @@ static const BN_ULONG dh2048_256_p[] = {
BN_DEF(0x435E3B00, 0x5D2CEED4), BN_DEF(0x660DD0F2, 0x8CEEF608),
BN_DEF(0x65195999, 0xFFBBD19C), BN_DEF(0xB4B6663C, 0x87A8E61D)
};
static const BN_ULONG dh2048_256_q[] = {
BN_DEF(0x64F5FBD3, 0xA308B0FE), BN_DEF(0x1EB3750B, 0x99B1A47D),
BN_DEF(0x40129DA2, 0xB4479976), BN_DEF(0xA709A097, 0x8CF83642)
};
static const BN_ULONG dh2048_256_g[] = {
BN_DEF(0x6CC41659, 0x664B4C0F), BN_DEF(0xEF98C582, 0x5E2327CF),
BN_DEF(0xD4795451, 0xD647D148), BN_DEF(0x90F00EF8, 0x2F630784),
@ -392,12 +603,6 @@ static const BN_ULONG dh2048_256_g[] = {
BN_DEF(0x60EDBD48, 0x2E775066), BN_DEF(0x73134D0B, 0x3FB32C9B)
};
static const BN_ULONG dh2048_256_q[] = {
BN_DEF(0x64F5FBD3, 0xA308B0FE), BN_DEF(0x1EB3750B, 0x99B1A47D),
BN_DEF(0x40129DA2, 0xB4479976), BN_DEF(0xA709A097, 0x8CF83642)
};
/* Primes from RFC 7919 */
static const BN_ULONG ffdhe2048_p[] = {
BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x61285C97, 0x886B4238),
@ -417,6 +622,25 @@ static const BN_ULONG ffdhe2048_p[] = {
BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620),
BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
};
/* q = (p - 1) / 2 */
static const BN_ULONG ffdhe2048_q[] = {
BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x30942E4B, 0x4435A11C),
BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1),
BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D),
BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E),
BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70),
BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3),
BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B),
BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1),
BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50),
BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638),
BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA),
BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A),
BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1),
BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20),
BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10),
BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
};
static const BN_ULONG ffdhe3072_p[] = {
BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x66C62E37, 0x25E41D2B),
@ -444,6 +668,33 @@ static const BN_ULONG ffdhe3072_p[] = {
BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620),
BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
};
/* q = (p - 1) / 2 */
static const BN_ULONG ffdhe3072_q[] = {
BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xB363171B, 0x12F20E95),
BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835),
BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB),
BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155),
BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229),
BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984),
BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93),
BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F),
BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C),
BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1),
BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D),
BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E),
BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70),
BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3),
BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B),
BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1),
BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50),
BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638),
BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA),
BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A),
BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1),
BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20),
BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10),
BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
};
static const BN_ULONG ffdhe4096_p[] = {
BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x5E655F6A, 0xC68A007E),
@ -479,6 +730,41 @@ static const BN_ULONG ffdhe4096_p[] = {
BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620),
BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
};
/* q = (p - 1) / 2 */
static const BN_ULONG ffdhe4096_q[] = {
BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x2F32AFB5, 0xE345003F),
BN_DEF(0xFA20C170, 0xA6DAD428), BN_DEF(0x3FC45235, 0xC764DAAD),
BN_DEF(0xE764BEE7, 0x054148E6), BN_DEF(0xFCC68566, 0x15276754),
BN_DEF(0xB8A0001E, 0x0D0EDC9E), BN_DEF(0x99E5C5BD, 0x0494CCD1),
BN_DEF(0xB8D6801C, 0x36E3BC7C), BN_DEF(0x48C09862, 0x5483B005),
BN_DEF(0x96CF3419, 0x76B50F00), BN_DEF(0x77DA18C5, 0x389AE443),
BN_DEF(0xBF18E63D, 0x43FAADD2), BN_DEF(0xAA81A002, 0x3BB1E78E),
BN_DEF(0x6B4FB68C, 0x563EAFA1), BN_DEF(0x72C42BDB, 0xBC9874F2),
BN_DEF(0x8B26FA7D, 0xB737A961), BN_DEF(0xB34F0F78, 0x12F20E95),
BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835),
BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB),
BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155),
BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229),
BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984),
BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93),
BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F),
BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C),
BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1),
BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D),
BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E),
BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70),
BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3),
BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B),
BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1),
BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50),
BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638),
BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA),
BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A),
BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1),
BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20),
BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10),
BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
};
static const BN_ULONG ffdhe6144_p[] = {
BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xD0E40E65, 0xA40E329C),
@ -530,6 +816,57 @@ static const BN_ULONG ffdhe6144_p[] = {
BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620),
BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
};
/* q = (p - 1) / 2 */
static const BN_ULONG ffdhe6144_q[] = {
BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x68720732, 0x5207194E),
BN_DEF(0xBC9C6D6A, 0xD20EAB86), BN_DEF(0x6A18B0E0, 0xB1534A93),
BN_DEF(0x4D6D8F34, 0x1FEEA547), BN_DEF(0xEE35C06B, 0x2D9DB8FC),
BN_DEF(0x63139582, 0xF64E8C08), BN_DEF(0xE5677A01, 0xC66796EA),
BN_DEF(0xE4ADC88B, 0x724FA91A), BN_DEF(0xDC2A19C5, 0x282EE416),
BN_DEF(0x8AB15423, 0x31149618), BN_DEF(0x3573BFAF, 0x6B9581BA),
BN_DEF(0xA316A9C6, 0x7CE4848D), BN_DEF(0x23D33E5F, 0x05746DAC),
BN_DEF(0x91308B41, 0x59D39CE0), BN_DEF(0x95140DFB, 0x77556011),
BN_DEF(0x3BE57CC9, 0xCA63328F), BN_DEF(0xCA595DE0, 0x3B1F2725),
BN_DEF(0x003BECDA, 0xAC3F1C6D), BN_DEF(0x0C1811E1, 0x3FD94FC6),
BN_DEF(0xFCF1D137, 0x855F60FF), BN_DEF(0x1A8288F1, 0x50077849),
BN_DEF(0x6DB1A06C, 0x5C2A9917), BN_DEF(0xD4D4B488, 0xD29238FB),
BN_DEF(0xA67EDA3B, 0x9C40A3FD), BN_DEF(0x2723020F, 0xCD8FAE1F),
BN_DEF(0xFE67F638, 0x66D6832B), BN_DEF(0xA6380E1D, 0x59C74619),
BN_DEF(0x58E07EA6, 0x48BDEEB2), BN_DEF(0x4DBB1264, 0x1DDA2A19),
BN_DEF(0x657A9F53, 0x11DD2221), BN_DEF(0x1C29951D, 0x2733BE96),
BN_DEF(0x2281B63D, 0x05FEB25B), BN_DEF(0x2F06EC81, 0xE345003F),
BN_DEF(0xFA20C170, 0xA6DAD428), BN_DEF(0x3FC45235, 0xC764DAAD),
BN_DEF(0xE764BEE7, 0x054148E6), BN_DEF(0xFCC68566, 0x15276754),
BN_DEF(0xB8A0001E, 0x0D0EDC9E), BN_DEF(0x99E5C5BD, 0x0494CCD1),
BN_DEF(0xB8D6801C, 0x36E3BC7C), BN_DEF(0x48C09862, 0x5483B005),
BN_DEF(0x96CF3419, 0x76B50F00), BN_DEF(0x77DA18C5, 0x389AE443),
BN_DEF(0xBF18E63D, 0x43FAADD2), BN_DEF(0xAA81A002, 0x3BB1E78E),
BN_DEF(0x6B4FB68C, 0x563EAFA1), BN_DEF(0x72C42BDB, 0xBC9874F2),
BN_DEF(0x8B26FA7D, 0xB737A961), BN_DEF(0xB34F0F78, 0x12F20E95),
BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835),
BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB),
BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155),
BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229),
BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984),
BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93),
BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F),
BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C),
BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1),
BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D),
BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E),
BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70),
BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3),
BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B),
BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1),
BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50),
BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638),
BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA),
BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A),
BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1),
BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20),
BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10),
BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
};
static const BN_ULONG ffdhe8192_p[] = {
BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xC5C6424C, 0xD68C8BB7),
@ -597,6 +934,73 @@ static const BN_ULONG ffdhe8192_p[] = {
BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620),
BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
};
/* q = (p - 1) / 2 */
static const BN_ULONG ffdhe8192_q[] = {
BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0xE2E32126, 0x6B4645DB),
BN_DEF(0x41C7FC46, 0x008F154A), BN_DEF(0x54FA30A7, 0x84117283),
BN_DEF(0xFBD4221E, 0xCBE88EA4), BN_DEF(0x9833BF86, 0x535DFEF2),
BN_DEF(0x60FF437F, 0x17BA0F7C), BN_DEF(0x2EB8D43F, 0x7D7D5F0E),
BN_DEF(0xFDF2C518, 0x6F697DD5), BN_DEF(0x39585337, 0x5B42AEFF),
BN_DEF(0x5D4527F4, 0x8F7E4670), BN_DEF(0x1F97D22B, 0xC1FC0EA5),
BN_DEF(0xD2BBF118, 0x50FF183A), BN_DEF(0x446CE050, 0xEADC00CA),
BN_DEF(0xD6CD4AFC, 0xB1240B66), BN_DEF(0x286090BD, 0x4CF4F18B),
BN_DEF(0x07211E7E, 0x28D5348F), BN_DEF(0x1C137296, 0x0E10BF36),
BN_DEF(0x84B81FF7, 0x28D45498), BN_DEF(0xB523073A, 0x5DB84CC3),
BN_DEF(0x4E435811, 0xAA0FE346), BN_DEF(0x237EC128, 0x2C8B0660),
BN_DEF(0x1AE1AFAE, 0x1423605D), BN_DEF(0xC5BAC141, 0x2A282563),
BN_DEF(0xE95782F2, 0x149C441C), BN_DEF(0x600DEB81, 0xE596078E),
BN_DEF(0x3E499332, 0xAAAD97BA), BN_DEF(0x51D5C414, 0xC35B18A1),
BN_DEF(0xFB258877, 0x05C661DE), BN_DEF(0xF6E8E62F, 0xB43FF5B4),
BN_DEF(0x64A84EA1, 0x7ED91FE7), BN_DEF(0xECA8D732, 0x0F212D18),
BN_DEF(0x7B00641C, 0x1B568026), BN_DEF(0x67FA3555, 0x5207194E),
BN_DEF(0xBC9C6D6A, 0xD20EAB86), BN_DEF(0x6A18B0E0, 0xB1534A93),
BN_DEF(0x4D6D8F34, 0x1FEEA547), BN_DEF(0xEE35C06B, 0x2D9DB8FC),
BN_DEF(0x63139582, 0xF64E8C08), BN_DEF(0xE5677A01, 0xC66796EA),
BN_DEF(0xE4ADC88B, 0x724FA91A), BN_DEF(0xDC2A19C5, 0x282EE416),
BN_DEF(0x8AB15423, 0x31149618), BN_DEF(0x3573BFAF, 0x6B9581BA),
BN_DEF(0xA316A9C6, 0x7CE4848D), BN_DEF(0x23D33E5F, 0x05746DAC),
BN_DEF(0x91308B41, 0x59D39CE0), BN_DEF(0x95140DFB, 0x77556011),
BN_DEF(0x3BE57CC9, 0xCA63328F), BN_DEF(0xCA595DE0, 0x3B1F2725),
BN_DEF(0x003BECDA, 0xAC3F1C6D), BN_DEF(0x0C1811E1, 0x3FD94FC6),
BN_DEF(0xFCF1D137, 0x855F60FF), BN_DEF(0x1A8288F1, 0x50077849),
BN_DEF(0x6DB1A06C, 0x5C2A9917), BN_DEF(0xD4D4B488, 0xD29238FB),
BN_DEF(0xA67EDA3B, 0x9C40A3FD), BN_DEF(0x2723020F, 0xCD8FAE1F),
BN_DEF(0xFE67F638, 0x66D6832B), BN_DEF(0xA6380E1D, 0x59C74619),
BN_DEF(0x58E07EA6, 0x48BDEEB2), BN_DEF(0x4DBB1264, 0x1DDA2A19),
BN_DEF(0x657A9F53, 0x11DD2221), BN_DEF(0x1C29951D, 0x2733BE96),
BN_DEF(0x2281B63D, 0x05FEB25B), BN_DEF(0x2F06EC81, 0xE345003F),
BN_DEF(0xFA20C170, 0xA6DAD428), BN_DEF(0x3FC45235, 0xC764DAAD),
BN_DEF(0xE764BEE7, 0x054148E6), BN_DEF(0xFCC68566, 0x15276754),
BN_DEF(0xB8A0001E, 0x0D0EDC9E), BN_DEF(0x99E5C5BD, 0x0494CCD1),
BN_DEF(0xB8D6801C, 0x36E3BC7C), BN_DEF(0x48C09862, 0x5483B005),
BN_DEF(0x96CF3419, 0x76B50F00), BN_DEF(0x77DA18C5, 0x389AE443),
BN_DEF(0xBF18E63D, 0x43FAADD2), BN_DEF(0xAA81A002, 0x3BB1E78E),
BN_DEF(0x6B4FB68C, 0x563EAFA1), BN_DEF(0x72C42BDB, 0xBC9874F2),
BN_DEF(0x8B26FA7D, 0xB737A961), BN_DEF(0xB34F0F78, 0x12F20E95),
BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835),
BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB),
BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155),
BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229),
BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984),
BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93),
BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F),
BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C),
BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1),
BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D),
BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E),
BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70),
BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3),
BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B),
BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1),
BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50),
BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638),
BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA),
BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A),
BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1),
BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20),
BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10),
BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
};
/* Macro to make a BIGNUM from static data */
@ -608,32 +1012,44 @@ static const BN_ULONG ffdhe8192_p[] = {
static const BN_ULONG value_2 = 2;
const BIGNUM _bignum_const_2 =
{ (BN_ULONG *)&value_2, 1, 1, 0, BN_FLG_STATIC_DATA };
const BIGNUM _bignum_const_2 = {
(BN_ULONG *)&value_2, 1, 1, 0, BN_FLG_STATIC_DATA
};
make_dh_bn(dh1024_160_p)
make_dh_bn(dh1024_160_g)
make_dh_bn(dh1024_160_q)
make_dh_bn(dh1024_160_g)
make_dh_bn(dh2048_224_p)
make_dh_bn(dh2048_224_g)
make_dh_bn(dh2048_224_q)
make_dh_bn(dh2048_224_g)
make_dh_bn(dh2048_256_p)
make_dh_bn(dh2048_256_g)
make_dh_bn(dh2048_256_q)
make_dh_bn(dh2048_256_g)
make_dh_bn(ffdhe2048_p)
make_dh_bn(ffdhe2048_q)
make_dh_bn(ffdhe3072_p)
make_dh_bn(ffdhe3072_q)
make_dh_bn(ffdhe4096_p)
make_dh_bn(ffdhe4096_q)
make_dh_bn(ffdhe6144_p)
make_dh_bn(ffdhe6144_q)
make_dh_bn(ffdhe8192_p)
make_dh_bn(ffdhe8192_q)
# ifndef FIPS_MODE
make_dh_bn(modp_1536_p)
make_dh_bn(modp_1536_q)
# endif
make_dh_bn(modp_2048_p)
make_dh_bn(modp_2048_q)
make_dh_bn(modp_3072_p)
make_dh_bn(modp_3072_q)
make_dh_bn(modp_4096_p)
make_dh_bn(modp_4096_q)
make_dh_bn(modp_6144_p)
make_dh_bn(modp_6144_q)
make_dh_bn(modp_8192_p)
make_dh_bn(modp_8192_q)
#endif /* OPENSSL_NO_DH */

2
crypto/dh/dh_ameth.c
View File

@ -559,7 +559,7 @@ static int dh_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
return 0;
}
if (!ffc_params_fromdata(dh_get0_params(dh), params)
if (!dh_ffc_params_fromdata(dh, params)
|| !dh_key_fromdata(dh, params)
|| !EVP_PKEY_assign_DH(pkey, dh)) {
DH_free(dh);

143
crypto/dh/dh_group_params.c
View File

@ -23,19 +23,18 @@
#include <openssl/objects.h>
#include "crypto/bn_dh.h"
#include "crypto/dh.h"
#include "crypto/security_bits.h"
#include "e_os.h" /* strcasecmp */
#define FFDHE(sz) { \
SN_ffdhe##sz, NID_ffdhe##sz, \
sz, \
&_bignum_ffdhe##sz##_p, NULL, &_bignum_const_2 \
&_bignum_ffdhe##sz##_p, &_bignum_ffdhe##sz##_q, &_bignum_const_2 \
}
#define MODP(sz) { \
SN_modp_##sz, NID_modp_##sz, \
sz, \
&_bignum_modp_##sz##_p, NULL, &_bignum_const_2 \
&_bignum_modp_##sz##_p, &_bignum_modp_##sz##_q, &_bignum_const_2 \
}
#define RFC5114(name, uid, sz, tag) { \
@ -102,30 +101,18 @@ const char *ffc_named_group_from_uid(int uid)
}
static DH *dh_param_init(OPENSSL_CTX *libctx, int uid, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *g,
int32_t nbits)
const BIGNUM *q, const BIGNUM *g)
{
BIGNUM *qtmp = NULL;
DH *dh = dh_new_with_libctx(libctx);
if (dh == NULL)
return NULL;
if (q == NULL) {
qtmp = BN_dup(p);
/* Set q = (p - 1) / 2 (p is known to be odd so just shift right ) */
if (qtmp == NULL || !BN_rshift1(qtmp, qtmp)) {
BN_free(qtmp);
DH_free(dh);
return NULL;
}
}
dh->params.nid = uid;
dh->params.p = (BIGNUM *)p;
dh->params.q = (q != NULL ? (BIGNUM *)q : qtmp);
dh->params.q = (BIGNUM *)q;
dh->params.g = (BIGNUM *)g;
/* Private key length = 2 * max_target_security_strength */
dh->length = nbits;
dh->length = BN_num_bits(q);
dh->dirty_cnt++;
return dh;
}
@ -139,19 +126,10 @@ static DH *dh_new_by_group_name(OPENSSL_CTX *libctx, const char *name)
for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
if (strcasecmp(dh_named_groups[i].name, name) == 0) {
int max_target_security_strength =
ifc_ffc_compute_security_bits(dh_named_groups[i].nbits);
/*
* The last parameter specified here is
* 2 * max_target_security_strength.
* See SP800-56Ar3 Table(s) 25 & 26.
*/
return dh_param_init(libctx, dh_named_groups[i].uid,
dh_named_groups[i].p,
dh_named_groups[i].q,
dh_named_groups[i].g,
2 * max_target_security_strength);
dh_named_groups[i].g);
}
}
DHerr(0, DH_R_INVALID_PARAMETER_NID);
@ -180,23 +158,10 @@ int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name)
for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
if (strcasecmp(dh_named_groups[i].name, group_name) == 0) {
if (dh_named_groups[i].q != NULL) {
/* For groups with a q */
ffc_params_set0_pqg(ffc,
(BIGNUM *)dh_named_groups[i].p,
(BIGNUM *)dh_named_groups[i].q,
(BIGNUM *)dh_named_groups[i].g);
} else {
/* For SAFE PRIME GROUPS */
/* Set q = (p - 1) / 2 (p is known to be odd so just shift right) */
q = BN_dup(dh_named_groups[i].p);
if (q == NULL || !BN_rshift1(q, q))
break; /* exit with failure */
ffc_params_set0_pqg(ffc,
(BIGNUM *)dh_named_groups[i].p, q,
(BIGNUM *)dh_named_groups[i].g);
}
ffc_params_set0_pqg(ffc,
(BIGNUM *)dh_named_groups[i].p,
(BIGNUM *)dh_named_groups[i].q,
(BIGNUM *)dh_named_groups[i].g);
/* flush the cached nid, The DH layer is responsible for caching */
ffc->nid = NID_undef;
return 1;
@ -207,63 +172,43 @@ int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name)
return 0;
}
int DH_get_nid(DH *dh)
void dh_cache_named_group(DH *dh)
{
BIGNUM *q = NULL;
int i, nid;
int i;
if (dh == NULL)
return;
dh->params.nid = NID_undef; /* flush cached value */
/* Exit if p or g is not set */
if (dh->params.p == NULL
|| dh->params.g == NULL)
return;
for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
/* Keep searching until a matching p and g is found */
if (BN_cmp(dh->params.p, dh_named_groups[i].p) == 0
&& BN_cmp(dh->params.g, dh_named_groups[i].g) == 0) {
/* Verify q is correct if it exists */
if (dh->params.q != NULL) {
if (BN_cmp(dh->params.q, dh_named_groups[i].q) != 0)
continue; /* ignore if q does not match */
} else {
dh->params.q = (BIGNUM *)dh_named_groups[i].q;
}
dh->params.nid = dh_named_groups[i].uid; /* cache the nid */
dh->length = BN_num_bits(dh->params.q);
dh->dirty_cnt++;
break;
}
}
}
int DH_get_nid(const DH *dh)
{
if (dh == NULL)
return NID_undef;
nid = dh->params.nid;
/* Just return if it is already cached */
if (nid != NID_undef)
return nid;
for (i = 0; i < (int)OSSL_NELEM(dh_named_groups); ++i) {
/* Keep searching until a matching p is found */
if (BN_cmp(dh->params.p, dh_named_groups[i].p) != 0)
continue;
/* Return an error if g is not matching */
if (BN_cmp(dh->params.g, dh_named_groups[i].g) != 0)
break;
if (dh_named_groups[i].q != NULL) {
/* RFC5114 NAMED GROUPS have q defined */
/* Verify q is correct if it exists */
if (dh->params.q != NULL) {
if (BN_cmp(dh->params.q, dh_named_groups[i].q) != 0)
break; /* returns nid = NID_undef if q does not match */
} else {
dh->params.q = (BIGNUM *)dh_named_groups[i].q;
}
} else {
/* For SAFE PRIME GROUPS */
/* Set q = (p - 1) / 2 (p is known to be odd so just shift right) */
q = BN_dup(dh->params.p);
if (q == NULL || !BN_rshift1(q, q))
break; /* returns nid = NID_undef on failure */
/* Verify q is correct if it exists */
if (dh->params.q != NULL) {
if (BN_cmp(dh->params.q, q) != 0)
break; /* returns nid = NID_undef if q does not match */
} else {
/* assign the calculated q */
dh->params.q = q;
q = NULL; /* set to NULL so it is not freed */
}
}
nid = dh->params.nid = dh_named_groups[i].uid; /* cache the nid */
dh->length =
2 * ifc_ffc_compute_security_bits(dh_named_groups[i].nbits);
dh->dirty_cnt++;
/* A matching p was found so break out of the loop */
break;
}
BN_free(q);
return nid;
return dh->params.nid;
}

12
crypto/dh/dh_key.c
View File

@ -18,6 +18,7 @@
#include "dh_local.h"
#include "crypto/bn.h"
#include "crypto/dh.h"
#include "crypto/security_bits.h"
#ifdef FIPS_MODE
# define MIN_STRENGTH 112
@ -252,16 +253,15 @@ static int generate_key(DH *dh)
if (generate_new_key) {
/* Is it an approved safe prime ?*/
if (DH_get_nid(dh) != NID_undef) {
/*
* The safe prime group code sets N = 2*s
* (where s = max security strength supported).
* N = dh->length (N = maximum bit length of private key)
*/
int max_strength =
ifc_ffc_compute_security_bits(BN_num_bits(dh->params.p));
if (dh->params.q == NULL
|| dh->length > BN_num_bits(dh->params.q))
goto err;
/* dh->length = maximum bit length of generated private key */
if (!ffc_generate_private_key(ctx, &dh->params, dh->length,
dh->length / 2, priv_key))
max_strength, priv_key))
goto err;
} else {
#ifdef FIPS_MODE

10
crypto/dh/dh_lib.c
View File

@ -209,7 +209,8 @@ void DH_get0_pqg(const DH *dh,
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
{
/* If the fields p and g in d are NULL, the corresponding input
/*
* If the fields p and g in d are NULL, the corresponding input
* parameters MUST be non-NULL. q may remain NULL.
*/
if ((dh->params.p == NULL && p == NULL)
@ -217,7 +218,9 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
return 0;
ffc_params_set0_pqg(&dh->params, p, q, g);
dh->params.nid = NID_undef;
dh_cache_named_group(dh);
if (q != NULL)
dh->length = BN_num_bits(q);
/*
* Check if this is a named group. If it finds a named group then the
* 'q' and 'length' value are either already set or are set by the
@ -260,6 +263,7 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
if (priv_key != NULL) {
BN_clear_free(dh->priv_key);
dh->priv_key = priv_key;
dh->length = BN_num_bits(priv_key);
}
dh->dirty_cnt++;
@ -335,7 +339,7 @@ int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[])
ret = ffc_params_fromdata(ffc, params);
if (ret) {
DH_get_nid(dh);
dh_cache_named_group(dh);
dh->dirty_cnt++;
}
return ret;

3
crypto/dh/dh_local.h
View File

@ -21,7 +21,8 @@ struct dh_st {
int pad;
int version;
FFC_PARAMS params;
int32_t length; /* optional value of N (if there is no q) */
/* max generated private key length (can be less than len(q)) */
int32_t length;
BIGNUM *pub_key; /* g^x % p */
BIGNUM *priv_key; /* x */
int flags;

5
crypto/dsa/dsa_key.c
View File

@ -74,6 +74,11 @@ static int dsa_keygen(DSA *dsa, int pairwise_test)
priv_key = dsa->priv_key;
}
/*
* For FFC FIPS 186-4 keygen
* security strength s = 112,
* Max Private key size N = len(q)
*/
if (!ffc_generate_private_key(ctx, &dsa->params, BN_num_bits(dsa->params.q),
MIN_STRENGTH, priv_key))
goto err;

27
crypto/ffc/ffc_key_generate.c
View File

@ -10,7 +10,6 @@
#include "internal/ffc.h"
/*
* For Fips mode:
* SP800-56Ar3 5.6.1.1.4 Key pair generation by testing candidates.
* Generates a private key in the interval [1, min(2 ^ N - 1, q - 1)].
*
@ -22,34 +21,20 @@
*/
int ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params,
int N, int s, BIGNUM *priv)
{
#ifdef FIPS_MODE
return ffc_generate_private_key_fips(ctx, params, N, s, priv);
#else
do {
if (!BN_priv_rand_range_ex(priv, params->q, ctx))
return 0;
} while (BN_is_zero(priv) || BN_is_one(priv));
return 1;
#endif /* FIPS_MODE */
}
int ffc_generate_private_key_fips(BN_CTX *ctx, const FFC_PARAMS *params,
int N, int s, BIGNUM *priv)
{
int ret = 0, qbits = BN_num_bits(params->q);
BIGNUM *m, *two_powN = NULL;
/* Deal with the edge case where the value of N is not set */
if (N == 0)
N = qbits;
if (s == 0)
s = N / 2;
/* Step (2) : check range of N */
if (N < 2 * s || N > qbits)
return 0;
/* Deal with the edge case where the value of N is not set */
if (N == 0) {
N = qbits;
s = N / 2;
}
two_powN = BN_new();
/* 2^N */
if (two_powN == NULL || !BN_lshift(two_powN, BN_value_one(), N))

13
doc/man3/DH_get0_pqg.pod
View File

@ -57,11 +57,9 @@ and therefore the values that have been passed in should not be freed directly
after this function has been called. The I<q> parameter may be NULL.
DH_set0_pqg() also checks if the parameters associated with I<p> and I<g> and
optionally I<q> are associated with known safe prime groups. If it is a safe
prime group then the value of I<q> will be set to q = (p - 1) / 2 if I<q> is NULL.
For safe prime groups the optional length parameter I<length> is set to twice
the value of the maximum_target_security_strength(BN_num_bits(I<p>)) as listed in
SP800-56Ar3 Table(s) 25 & 26. If it is not a safe prime group then the optional
length parameter will be set if I<q> is not NULL to BN_num_bits(I<q>).
prime group then the value of I<q> will be set to q = (p - 1) / 2 if I<q> is
NULL. The optional length parameter will be set to BN_num_bits(I<q>) if I<q>
is not NULL.
To get the public and private key values use the DH_get0_key() function. A
pointer to the public key will be stored in I<*pub_key>, and a pointer to the
@ -96,7 +94,10 @@ object, or NULL if no such ENGINE has been set. This function is deprecated.
The DH_get_length() and DH_set_length() functions get and set the optional
length parameter associated with this DH object. If the length is nonzero then
it is used, otherwise it is ignored. The I<length> parameter indicates the
length of the secret exponent (private key) in bits.
length of the secret exponent (private key) in bits. These functions are
deprecated. For safe prime groups the optional length parameter I<length> can be
set to a value greater or equal to 2 * maximum_target_security_strength(BN_num_bits(I<p>))
as listed in SP800-56Ar3 Table(s) 25 & 26.
=head1 NOTES

10
doc/man3/DH_new_by_nid.pod
View File

@ -2,7 +2,7 @@
=head1 NAME
DH_new_by_nid, DH_get_nid - get or find DH named parameters
DH_new_by_nid, DH_get_nid - create or get DH named parameters
=head1 SYNOPSIS
@ -13,7 +13,7 @@ Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int *DH_get_nid(DH *dh);
int DH_get_nid(const DH *dh);
=head1 DESCRIPTION
@ -26,12 +26,6 @@ B<NID_modp_4096>, B<NID_modp_6144> or B<NID_modp_8192>.
DH_get_nid() determines if the parameters contained in B<dh> match
any named safe prime group. It returns the NID corresponding to the matching
parameters or B<NID_undef> if there is no match.
Internally it caches the nid, so that any subsequent calls can fetch the
cached value.
If a matching p and g are not found and the value of parameter q is not set,
then it is set to q = (p - 1) / 2.
If parameter q is already set then it must also match the expected q otherwise
no match will be found.
This function is deprecated.
=head1 RETURN VALUES

13
include/crypto/bn_dh.h
View File

@ -9,8 +9,8 @@
#define declare_dh_bn(x) \
extern const BIGNUM _bignum_dh##x##_p; \
extern const BIGNUM _bignum_dh##x##_q; \
extern const BIGNUM _bignum_dh##x##_g; \
extern const BIGNUM _bignum_dh##x##_q;
declare_dh_bn(1024_160)
declare_dh_bn(2048_224)
@ -23,6 +23,11 @@ extern const BIGNUM _bignum_ffdhe3072_p;
extern const BIGNUM _bignum_ffdhe4096_p;
extern const BIGNUM _bignum_ffdhe6144_p;
extern const BIGNUM _bignum_ffdhe8192_p;
extern const BIGNUM _bignum_ffdhe2048_q;
extern const BIGNUM _bignum_ffdhe3072_q;
extern const BIGNUM _bignum_ffdhe4096_q;
extern const BIGNUM _bignum_ffdhe6144_q;
extern const BIGNUM _bignum_ffdhe8192_q;
extern const BIGNUM _bignum_modp_1536_p;
extern const BIGNUM _bignum_modp_2048_p;
@ -30,3 +35,9 @@ extern const BIGNUM _bignum_modp_3072_p;
extern const BIGNUM _bignum_modp_4096_p;
extern const BIGNUM _bignum_modp_6144_p;
extern const BIGNUM _bignum_modp_8192_p;
extern const BIGNUM _bignum_modp_1536_q;
extern const BIGNUM _bignum_modp_2048_q;
extern const BIGNUM _bignum_modp_3072_q;
extern const BIGNUM _bignum_modp_4096_q;
extern const BIGNUM _bignum_modp_6144_q;
extern const BIGNUM _bignum_modp_8192_q;

1
include/crypto/dh.h
View File

@ -20,6 +20,7 @@ int dh_generate_public_key(BN_CTX *ctx, DH *dh, const BIGNUM *priv_key,
BIGNUM *pub_key);
int dh_get_named_group_uid_from_size(int pbits);
const char *dh_gen_type_id2name(int id);
void dh_cache_named_group(DH *dh);
FFC_PARAMS *dh_get0_params(DH *dh);
int dh_get0_nid(const DH *dh);

2
include/internal/ffc.h
View File

@ -149,8 +149,6 @@ int ffc_params_FIPS186_2_validate(const FFC_PARAMS *params, int type,
int ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params,
int N, int s, BIGNUM *priv);
int ffc_generate_private_key_fips(BN_CTX *ctx, const FFC_PARAMS *params,
int N, int s, BIGNUM *priv);
int ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont,
const BIGNUM *p, const BIGNUM *q,

1
include/openssl/core_names.h
View File

@ -207,6 +207,7 @@ extern "C" {
/* Diffie-Hellman params */
#define OSSL_PKEY_PARAM_FFC_GROUP "group"
#define OSSL_PKEY_PARAM_FFC_GENERATOR "safeprime-generator"
#define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len"
/* Elliptic Curve Domain Parameters */
#define OSSL_PKEY_PARAM_EC_NAME "curve-name"

2
include/openssl/dh.h
View File

@ -196,7 +196,7 @@ DH *DH_get_2048_256(void);
/* Named parameters, currently RFC7919 and RFC3526 */
/* TODO(3.0): deprecate DH_new_by_nid() after converting ssl/s3_lib.c */
DH *DH_new_by_nid(int nid);
DEPRECATEDIN_3_0(int DH_get_nid(DH *dh))
DEPRECATEDIN_3_0(int DH_get_nid(const DH *dh))
# ifndef OPENSSL_NO_CMS
/* RFC2631 KDF */

19
providers/implementations/keymgmt/dh_kmgmt.c
View File

@ -65,6 +65,7 @@ struct dh_gen_ctx {
int generator; /* Used by DH_PARAMGEN_TYPE_GENERATOR in non fips mode only */
int pcounter;
int hindex;
int priv_len;
OSSL_CALLBACK *cb;
void *cbarg;
@ -432,20 +433,16 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
gctx->gen_type = DH_PARAMGEN_TYPE_GROUP;
}
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GENERATOR);
if (p != NULL
&& !OSSL_PARAM_get_int(p, &gctx->generator))
if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->generator))
return 0;
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX);
if (p != NULL
&& !OSSL_PARAM_get_int(p, &gctx->gindex))
if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->gindex))
return 0;
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER);
if (p != NULL
&& !OSSL_PARAM_get_int(p, &gctx->pcounter))
if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->pcounter))
return 0;
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);
if (p != NULL
&& !OSSL_PARAM_get_int(p, &gctx->hindex))
if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->hindex))
return 0;
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED);
if (p != NULL
@ -476,6 +473,9 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
if (gctx->md == NULL)
return 0;
}
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->priv_len))
return 0;
return 1;
}
@ -493,6 +493,7 @@ static const OSSL_PARAM *dh_gen_settable_params(void *provctx)
OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GENERATOR, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),
OSSL_PARAM_END
};
return settable;
@ -577,6 +578,8 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
if (ffc->p == NULL || ffc->g == NULL)
goto end;
if (gctx->priv_len > 0)
DH_set_length(dh, (long)gctx->priv_len);
if (DH_generate_key(dh) <= 0)
goto end;
}

6
test/evp_pkey_provided_test.c
View File

@ -408,7 +408,8 @@ static int test_fromdata_dh_named_group(void)
/*
* DH key data was generated using the following:
* openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048 -text
* openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048
* -pkeyopt priv_len:224 -text
*/
static const unsigned char priv_data[] = {
0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
@ -547,7 +548,8 @@ static int test_fromdata_dh_fips186_4(void)
/*
* DH key data was generated using the following:
* openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048 -text
* openssl genpkey -algorithm DH
* -pkeyopt group:ffdhe2048 -pkeyopt priv_len:224 -text
*/
static const unsigned char priv_data[] = {
0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,

8
test/ffc_internal_test.c
View File

@ -600,19 +600,19 @@ static int ffc_private_gen_test(int index)
N = BN_num_bits(params->q);
/* Fail since N < 2*s - where s = 112*/
if (!TEST_false(ffc_generate_private_key_fips(ctx, params, 220, 112, priv)))
if (!TEST_false(ffc_generate_private_key(ctx, params, 220, 112, priv)))
goto err;
/* fail since N > len(q) */
if (!TEST_false(ffc_generate_private_key_fips(ctx, params, N + 1, 112, priv)))
if (!TEST_false(ffc_generate_private_key(ctx, params, N + 1, 112, priv)))
goto err;
/* pass since 2s <= N <= len(q) */
if (!TEST_true(ffc_generate_private_key_fips(ctx, params, N, 112, priv)))
if (!TEST_true(ffc_generate_private_key(ctx, params, N, 112, priv)))
goto err;
/* pass since N = len(q) */
if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
goto err;
/* pass since 2s <= N < len(q) */
if (!TEST_true(ffc_generate_private_key_fips(ctx, params, N / 2, 112, priv)))
if (!TEST_true(ffc_generate_private_key(ctx, params, N / 2, 112, priv)))
goto err;
if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
goto err;

19
test/recipes/15-test_gendh.t
View File

@ -18,7 +18,7 @@ setup("test_gendh");
plan skip_all => "This test is unsupported in a no-dh build" if disabled("dh");
plan tests => 9;
plan tests => 13;
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'DH',
@ -80,4 +80,19 @@ ok(run(app([ 'openssl', 'genpkey',
ok(!run(app([ 'openssl', 'genpkey',
'-algorithm', 'DH'])),
"genpkey DH with no params should fail");
ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'DH', '-pkeyopt',
'group:ffdhe3072', '-pkeyopt', 'priv_len:255', '-text'])),
'genpkey DH with a small private len should fail');
ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'DH', '-pkeyopt',
'group:ffdhe3072', '-pkeyopt', 'priv_len:3072', '-text'])),
'genpkey DH with a large private len should fail');
ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'DH', '-pkeyopt',
'group:ffdhe3072', '-pkeyopt', 'priv_len:256', '-text'])),
'genpkey DH with a minimum strength private len');
ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'DH', '-pkeyopt',
'group:ffdhe2048', '-pkeyopt', 'priv_len:224', '-text'])),
'genpkey 2048 DH with a minimum strength private len');