/src/boringssl/crypto/dh/params.cc
Line | Count | Source |
1 | | // Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // https://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #include <openssl/dh.h> |
16 | | |
17 | | #include <openssl/bn.h> |
18 | | #include <openssl/err.h> |
19 | | #include <openssl/mem.h> |
20 | | #include <openssl/span.h> |
21 | | |
22 | | #include "../fipsmodule/bn/internal.h" |
23 | | #include "../fipsmodule/dh/internal.h" |
24 | | |
25 | | |
26 | | using namespace bssl; |
27 | | |
28 | 0 | static BIGNUM *get_params(BIGNUM *ret, Span<const BN_ULONG> words) { |
29 | 0 | BIGNUM *alloc = nullptr; |
30 | 0 | if (ret == nullptr) { |
31 | 0 | alloc = BN_new(); |
32 | 0 | if (alloc == nullptr) { |
33 | 0 | return nullptr; |
34 | 0 | } |
35 | 0 | ret = alloc; |
36 | 0 | } |
37 | | |
38 | 0 | if (!bn_set_words(ret, words.data(), words.size())) { |
39 | 0 | BN_free(alloc); |
40 | 0 | return nullptr; |
41 | 0 | } |
42 | | |
43 | 0 | return ret; |
44 | 0 | } |
45 | | |
46 | 0 | BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *ret) { |
47 | 0 | static const BN_ULONG kWords[] = { |
48 | 0 | TOBN(0xffffffff, 0xffffffff), TOBN(0xf1746c08, 0xca237327), |
49 | 0 | TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d), |
50 | 0 | TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96), |
51 | 0 | TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a), |
52 | 0 | TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d), |
53 | 0 | TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5), |
54 | 0 | TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b), |
55 | 0 | TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245), |
56 | 0 | TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b), |
57 | 0 | TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22), |
58 | 0 | TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1), |
59 | 0 | TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff), |
60 | 0 | }; |
61 | 0 | return get_params(ret, kWords); |
62 | 0 | } |
63 | | |
64 | 0 | BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *ret) { |
65 | 0 | static const BN_ULONG kWords[] = { |
66 | 0 | TOBN(0xffffffff, 0xffffffff), TOBN(0x15728e5a, 0x8aacaa68), |
67 | 0 | TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5), |
68 | 0 | TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9), |
69 | 0 | TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603), |
70 | 0 | TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c), |
71 | 0 | TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d), |
72 | 0 | TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96), |
73 | 0 | TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a), |
74 | 0 | TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d), |
75 | 0 | TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5), |
76 | 0 | TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b), |
77 | 0 | TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245), |
78 | 0 | TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b), |
79 | 0 | TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22), |
80 | 0 | TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1), |
81 | 0 | TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff), |
82 | 0 | }; |
83 | 0 | return get_params(ret, kWords); |
84 | 0 | } |
85 | | |
86 | 0 | BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *ret) { |
87 | 0 | static const BN_ULONG kWords[] = { |
88 | 0 | TOBN(0xffffffff, 0xffffffff), TOBN(0x4b82d120, 0xa93ad2ca), |
89 | 0 | TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31), |
90 | 0 | TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c), |
91 | 0 | TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64), |
92 | 0 | TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b), |
93 | 0 | TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7), |
94 | 0 | TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d), |
95 | 0 | TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64), |
96 | 0 | TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d), |
97 | 0 | TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5), |
98 | 0 | TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9), |
99 | 0 | TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603), |
100 | 0 | TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c), |
101 | 0 | TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d), |
102 | 0 | TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96), |
103 | 0 | TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a), |
104 | 0 | TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d), |
105 | 0 | TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5), |
106 | 0 | TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b), |
107 | 0 | TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245), |
108 | 0 | TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b), |
109 | 0 | TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22), |
110 | 0 | TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1), |
111 | 0 | TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff), |
112 | 0 | }; |
113 | 0 | return get_params(ret, kWords); |
114 | 0 | } |
115 | | |
116 | 0 | BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *ret) { |
117 | 0 | static const BN_ULONG kWords[] = { |
118 | 0 | TOBN(0xffffffff, 0xffffffff), TOBN(0x4df435c9, 0x34063199), |
119 | 0 | TOBN(0x86ffb7dc, 0x90a6c08f), TOBN(0x93b4ea98, 0x8d8fddc1), |
120 | 0 | TOBN(0xd0069127, 0xd5b05aa9), TOBN(0xb81bdd76, 0x2170481c), |
121 | 0 | TOBN(0x1f612970, 0xcee2d7af), TOBN(0x233ba186, 0x515be7ed), |
122 | 0 | TOBN(0x99b2964f, 0xa090c3a2), TOBN(0x287c5947, 0x4e6bc05d), |
123 | 0 | TOBN(0x2e8efc14, 0x1fbecaa6), TOBN(0xdbbbc2db, 0x04de8ef9), |
124 | 0 | TOBN(0x2583e9ca, 0x2ad44ce8), TOBN(0x1a946834, 0xb6150bda), |
125 | 0 | TOBN(0x99c32718, 0x6af4e23c), TOBN(0x88719a10, 0xbdba5b26), |
126 | 0 | TOBN(0x1a723c12, 0xa787e6d7), TOBN(0x4b82d120, 0xa9210801), |
127 | 0 | TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31), |
128 | 0 | TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c), |
129 | 0 | TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64), |
130 | 0 | TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b), |
131 | 0 | TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7), |
132 | 0 | TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d), |
133 | 0 | TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64), |
134 | 0 | TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d), |
135 | 0 | TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5), |
136 | 0 | TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9), |
137 | 0 | TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603), |
138 | 0 | TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c), |
139 | 0 | TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d), |
140 | 0 | TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96), |
141 | 0 | TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a), |
142 | 0 | TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d), |
143 | 0 | TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5), |
144 | 0 | TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b), |
145 | 0 | TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245), |
146 | 0 | TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b), |
147 | 0 | TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22), |
148 | 0 | TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1), |
149 | 0 | TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff), |
150 | 0 | }; |
151 | 0 | return get_params(ret, kWords); |
152 | 0 | } |
153 | | |
154 | 0 | BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *ret) { |
155 | 0 | static const BN_ULONG kWords[] = { |
156 | 0 | TOBN(0xffffffff, 0xffffffff), TOBN(0xe694f91e, 0x6dcc4024), |
157 | 0 | TOBN(0x12bf2d5b, 0x0b7474d6), TOBN(0x043e8f66, 0x3f4860ee), |
158 | 0 | TOBN(0x387fe8d7, 0x6e3c0468), TOBN(0xda56c9ec, 0x2ef29632), |
159 | 0 | TOBN(0xeb19ccb1, 0xa313d55c), TOBN(0xf550aa3d, 0x8a1fbff0), |
160 | 0 | TOBN(0x06a1d58b, 0xb7c5da76), TOBN(0xa79715ee, 0xf29be328), |
161 | 0 | TOBN(0x14cc5ed2, 0x0f8037e0), TOBN(0xcc8f6d7e, 0xbf48e1d8), |
162 | 0 | TOBN(0x4bd407b2, 0x2b4154aa), TOBN(0x0f1d45b7, 0xff585ac5), |
163 | 0 | TOBN(0x23a97a7e, 0x36cc88be), TOBN(0x59e7c97f, 0xbec7e8f3), |
164 | 0 | TOBN(0xb5a84031, 0x900b1c9e), TOBN(0xd55e702f, 0x46980c82), |
165 | 0 | TOBN(0xf482d7ce, 0x6e74fef6), TOBN(0xf032ea15, 0xd1721d03), |
166 | 0 | TOBN(0x5983ca01, 0xc64b92ec), TOBN(0x6fb8f401, 0x378cd2bf), |
167 | 0 | TOBN(0x33205151, 0x2bd7af42), TOBN(0xdb7f1447, 0xe6cc254b), |
168 | 0 | TOBN(0x44ce6cba, 0xced4bb1b), TOBN(0xda3edbeb, 0xcf9b14ed), |
169 | 0 | TOBN(0x179727b0, 0x865a8918), TOBN(0xb06a53ed, 0x9027d831), |
170 | 0 | TOBN(0xe5db382f, 0x413001ae), TOBN(0xf8ff9406, 0xad9e530e), |
171 | 0 | TOBN(0xc9751e76, 0x3dba37bd), TOBN(0xc1d4dcb2, 0x602646de), |
172 | 0 | TOBN(0x36c3fab4, 0xd27c7026), TOBN(0x4df435c9, 0x34028492), |
173 | 0 | TOBN(0x86ffb7dc, 0x90a6c08f), TOBN(0x93b4ea98, 0x8d8fddc1), |
174 | 0 | TOBN(0xd0069127, 0xd5b05aa9), TOBN(0xb81bdd76, 0x2170481c), |
175 | 0 | TOBN(0x1f612970, 0xcee2d7af), TOBN(0x233ba186, 0x515be7ed), |
176 | 0 | TOBN(0x99b2964f, 0xa090c3a2), TOBN(0x287c5947, 0x4e6bc05d), |
177 | 0 | TOBN(0x2e8efc14, 0x1fbecaa6), TOBN(0xdbbbc2db, 0x04de8ef9), |
178 | 0 | TOBN(0x2583e9ca, 0x2ad44ce8), TOBN(0x1a946834, 0xb6150bda), |
179 | 0 | TOBN(0x99c32718, 0x6af4e23c), TOBN(0x88719a10, 0xbdba5b26), |
180 | 0 | TOBN(0x1a723c12, 0xa787e6d7), TOBN(0x4b82d120, 0xa9210801), |
181 | 0 | TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31), |
182 | 0 | TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c), |
183 | 0 | TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64), |
184 | 0 | TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b), |
185 | 0 | TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7), |
186 | 0 | TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d), |
187 | 0 | TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64), |
188 | 0 | TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d), |
189 | 0 | TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5), |
190 | 0 | TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9), |
191 | 0 | TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603), |
192 | 0 | TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c), |
193 | 0 | TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d), |
194 | 0 | TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96), |
195 | 0 | TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a), |
196 | 0 | TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d), |
197 | 0 | TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5), |
198 | 0 | TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b), |
199 | 0 | TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245), |
200 | 0 | TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b), |
201 | 0 | TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22), |
202 | 0 | TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1), |
203 | 0 | TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff), |
204 | 0 | }; |
205 | 0 | return get_params(ret, kWords); |
206 | 0 | } |
207 | | |
208 | 0 | BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *ret) { |
209 | 0 | static const BN_ULONG kWords[] = { |
210 | 0 | TOBN(0xffffffff, 0xffffffff), TOBN(0x60c980dd, 0x98edd3df), |
211 | 0 | TOBN(0xc81f56e8, 0x80b96e71), TOBN(0x9e3050e2, 0x765694df), |
212 | 0 | TOBN(0x9558e447, 0x5677e9aa), TOBN(0xc9190da6, 0xfc026e47), |
213 | 0 | TOBN(0x889a002e, 0xd5ee382b), TOBN(0x4009438b, 0x481c6cd7), |
214 | 0 | TOBN(0x359046f4, 0xeb879f92), TOBN(0xfaf36bc3, 0x1ecfa268), |
215 | 0 | TOBN(0xb1d510bd, 0x7ee74d73), TOBN(0xf9ab4819, 0x5ded7ea1), |
216 | 0 | TOBN(0x64f31cc5, 0x0846851d), TOBN(0x4597e899, 0xa0255dc1), |
217 | 0 | TOBN(0xdf310ee0, 0x74ab6a36), TOBN(0x6d2a13f8, 0x3f44f82d), |
218 | 0 | TOBN(0x062b3cf5, 0xb3a278a6), TOBN(0x79683303, 0xed5bdd3a), |
219 | 0 | TOBN(0xfa9d4b7f, 0xa2c087e8), TOBN(0x4bcbc886, 0x2f8385dd), |
220 | 0 | TOBN(0x3473fc64, 0x6cea306b), TOBN(0x13eb57a8, 0x1a23f0c7), |
221 | 0 | TOBN(0x22222e04, 0xa4037c07), TOBN(0xe3fdb8be, 0xfc848ad9), |
222 | 0 | TOBN(0x238f16cb, 0xe39d652d), TOBN(0x3423b474, 0x2bf1c978), |
223 | 0 | TOBN(0x3aab639c, 0x5ae4f568), TOBN(0x2576f693, 0x6ba42466), |
224 | 0 | TOBN(0x741fa7bf, 0x8afc47ed), TOBN(0x3bc832b6, 0x8d9dd300), |
225 | 0 | TOBN(0xd8bec4d0, 0x73b931ba), TOBN(0x38777cb6, 0xa932df8c), |
226 | 0 | TOBN(0x74a3926f, 0x12fee5e4), TOBN(0xe694f91e, 0x6dbe1159), |
227 | 0 | TOBN(0x12bf2d5b, 0x0b7474d6), TOBN(0x043e8f66, 0x3f4860ee), |
228 | 0 | TOBN(0x387fe8d7, 0x6e3c0468), TOBN(0xda56c9ec, 0x2ef29632), |
229 | 0 | TOBN(0xeb19ccb1, 0xa313d55c), TOBN(0xf550aa3d, 0x8a1fbff0), |
230 | 0 | TOBN(0x06a1d58b, 0xb7c5da76), TOBN(0xa79715ee, 0xf29be328), |
231 | 0 | TOBN(0x14cc5ed2, 0x0f8037e0), TOBN(0xcc8f6d7e, 0xbf48e1d8), |
232 | 0 | TOBN(0x4bd407b2, 0x2b4154aa), TOBN(0x0f1d45b7, 0xff585ac5), |
233 | 0 | TOBN(0x23a97a7e, 0x36cc88be), TOBN(0x59e7c97f, 0xbec7e8f3), |
234 | 0 | TOBN(0xb5a84031, 0x900b1c9e), TOBN(0xd55e702f, 0x46980c82), |
235 | 0 | TOBN(0xf482d7ce, 0x6e74fef6), TOBN(0xf032ea15, 0xd1721d03), |
236 | 0 | TOBN(0x5983ca01, 0xc64b92ec), TOBN(0x6fb8f401, 0x378cd2bf), |
237 | 0 | TOBN(0x33205151, 0x2bd7af42), TOBN(0xdb7f1447, 0xe6cc254b), |
238 | 0 | TOBN(0x44ce6cba, 0xced4bb1b), TOBN(0xda3edbeb, 0xcf9b14ed), |
239 | 0 | TOBN(0x179727b0, 0x865a8918), TOBN(0xb06a53ed, 0x9027d831), |
240 | 0 | TOBN(0xe5db382f, 0x413001ae), TOBN(0xf8ff9406, 0xad9e530e), |
241 | 0 | TOBN(0xc9751e76, 0x3dba37bd), TOBN(0xc1d4dcb2, 0x602646de), |
242 | 0 | TOBN(0x36c3fab4, 0xd27c7026), TOBN(0x4df435c9, 0x34028492), |
243 | 0 | TOBN(0x86ffb7dc, 0x90a6c08f), TOBN(0x93b4ea98, 0x8d8fddc1), |
244 | 0 | TOBN(0xd0069127, 0xd5b05aa9), TOBN(0xb81bdd76, 0x2170481c), |
245 | 0 | TOBN(0x1f612970, 0xcee2d7af), TOBN(0x233ba186, 0x515be7ed), |
246 | 0 | TOBN(0x99b2964f, 0xa090c3a2), TOBN(0x287c5947, 0x4e6bc05d), |
247 | 0 | TOBN(0x2e8efc14, 0x1fbecaa6), TOBN(0xdbbbc2db, 0x04de8ef9), |
248 | 0 | TOBN(0x2583e9ca, 0x2ad44ce8), TOBN(0x1a946834, 0xb6150bda), |
249 | 0 | TOBN(0x99c32718, 0x6af4e23c), TOBN(0x88719a10, 0xbdba5b26), |
250 | 0 | TOBN(0x1a723c12, 0xa787e6d7), TOBN(0x4b82d120, 0xa9210801), |
251 | 0 | TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31), |
252 | 0 | TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c), |
253 | 0 | TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64), |
254 | 0 | TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b), |
255 | 0 | TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7), |
256 | 0 | TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d), |
257 | 0 | TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64), |
258 | 0 | TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d), |
259 | 0 | TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5), |
260 | 0 | TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9), |
261 | 0 | TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603), |
262 | 0 | TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c), |
263 | 0 | TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d), |
264 | 0 | TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96), |
265 | 0 | TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a), |
266 | 0 | TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d), |
267 | 0 | TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5), |
268 | 0 | TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b), |
269 | 0 | TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245), |
270 | 0 | TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b), |
271 | 0 | TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22), |
272 | 0 | TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1), |
273 | 0 | TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff), |
274 | 0 | }; |
275 | 0 | return get_params(ret, kWords); |
276 | 0 | } |
277 | | |
278 | | int DH_generate_parameters_ex(DH *dh, int prime_bits, int generator, |
279 | 0 | BN_GENCB *cb) { |
280 | | // We generate DH parameters as follows |
281 | | // find a prime q which is prime_bits/2 bits long. |
282 | | // p=(2*q)+1 or (p-1)/2 = q |
283 | | // For this case, g is a generator if |
284 | | // g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1. |
285 | | // Since the factors of p-1 are q and 2, we just need to check |
286 | | // g^2 mod p != 1 and g^q mod p != 1. |
287 | | // |
288 | | // Having said all that, |
289 | | // there is another special case method for the generators 2, 3 and 5. |
290 | | // for 2, p mod 24 == 11 |
291 | | // for 3, p mod 12 == 5 <<<<< does not work for safe primes. |
292 | | // for 5, p mod 10 == 3 or 7 |
293 | | // |
294 | | // Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the |
295 | | // special generators and for answering some of my questions. |
296 | | // |
297 | | // I've implemented the second simple method :-). |
298 | | // Since DH should be using a safe prime (both p and q are prime), |
299 | | // this generator function can take a very very long time to run. |
300 | | |
301 | | // Actually there is no reason to insist that 'generator' be a generator. |
302 | | // It's just as OK (and in some sense better) to use a generator of the |
303 | | // order-q subgroup. |
304 | |
|
305 | 0 | if (prime_bits <= 0 || prime_bits > OPENSSL_DH_MAX_MODULUS_BITS) { |
306 | 0 | OPENSSL_PUT_ERROR(DH, DH_R_MODULUS_TOO_LARGE); |
307 | 0 | return 0; |
308 | 0 | } |
309 | | |
310 | | // Make sure `dh` has the necessary elements |
311 | 0 | auto *impl = FromOpaque(dh); |
312 | 0 | if (impl->p == nullptr) { |
313 | 0 | impl->p.reset(BN_new()); |
314 | 0 | if (impl->p == nullptr) { |
315 | 0 | OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB); |
316 | 0 | return 0; |
317 | 0 | } |
318 | 0 | } |
319 | 0 | if (impl->g == nullptr) { |
320 | 0 | impl->g.reset(BN_new()); |
321 | 0 | if (impl->g == nullptr) { |
322 | 0 | OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB); |
323 | 0 | return 0; |
324 | 0 | } |
325 | 0 | } |
326 | | |
327 | 0 | BN_ULONG t1, t2, g; |
328 | 0 | if (generator <= 1) { |
329 | 0 | OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR); |
330 | 0 | return 0; |
331 | 0 | } |
332 | 0 | if (generator == DH_GENERATOR_2) { |
333 | 0 | t1 = 24; |
334 | 0 | t2 = 11; |
335 | 0 | g = 2; |
336 | 0 | } else if (generator == DH_GENERATOR_5) { |
337 | 0 | t1 = 10; |
338 | 0 | t2 = 3; |
339 | 0 | g = 5; |
340 | 0 | } else { |
341 | | // In the general case, don't worry if 'generator' is a generator or not: |
342 | | // since we are using safe primes, it will generate either an order-q or an |
343 | | // order-2q group, which both is OK. |
344 | 0 | t1 = 2; |
345 | 0 | t2 = 1; |
346 | 0 | g = generator; |
347 | 0 | } |
348 | |
|
349 | 0 | UniquePtr<BIGNUM> t1_bn(BN_new()), t2_bn(BN_new()); |
350 | 0 | if (t1_bn == nullptr || t2_bn == nullptr || |
351 | 0 | !BN_set_word(t1_bn.get(), t1) || // |
352 | 0 | !BN_set_word(t2_bn.get(), t2) || // |
353 | 0 | !BN_generate_prime_ex(impl->p.get(), prime_bits, 1, t1_bn.get(), |
354 | 0 | t2_bn.get(), cb) || |
355 | 0 | !BN_GENCB_call(cb, 3, 0) || // |
356 | 0 | !BN_set_word(impl->g.get(), g)) { |
357 | 0 | OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB); |
358 | 0 | return 0; |
359 | 0 | } |
360 | | |
361 | 0 | return 1; |
362 | 0 | } |
363 | | |
364 | 0 | static bool copy_bn(UniquePtr<BIGNUM> *dst, const BIGNUM *src) { |
365 | 0 | UniquePtr<BIGNUM> copy; |
366 | 0 | if (src) { |
367 | 0 | copy.reset(BN_dup(src)); |
368 | 0 | if (!copy) { |
369 | 0 | return false; |
370 | 0 | } |
371 | 0 | } |
372 | 0 | *dst = std::move(copy); |
373 | 0 | return true; |
374 | 0 | } |
375 | | |
376 | 0 | static int int_dh_param_copy(DH *to, const DH *from, int is_x942) { |
377 | 0 | auto *to_impl = FromOpaque(to); |
378 | 0 | const auto *from_impl = FromOpaque(from); |
379 | |
|
380 | 0 | if (is_x942 == -1) { |
381 | 0 | is_x942 = !!from_impl->q; |
382 | 0 | } |
383 | 0 | if (!copy_bn(&to_impl->p, from_impl->p.get()) || |
384 | 0 | !copy_bn(&to_impl->g, from_impl->g.get())) { |
385 | 0 | return 0; |
386 | 0 | } |
387 | | |
388 | 0 | if (!is_x942) { |
389 | 0 | return 1; |
390 | 0 | } |
391 | | |
392 | 0 | if (!copy_bn(&to_impl->q, from_impl->q.get())) { |
393 | 0 | return 0; |
394 | 0 | } |
395 | | |
396 | 0 | return 1; |
397 | 0 | } |
398 | | |
399 | 0 | DH *DHparams_dup(const DH *dh) { |
400 | 0 | DH *ret = DH_new(); |
401 | 0 | if (!ret) { |
402 | 0 | return nullptr; |
403 | 0 | } |
404 | | |
405 | 0 | if (!int_dh_param_copy(ret, dh, -1)) { |
406 | 0 | DH_free(ret); |
407 | 0 | return nullptr; |
408 | 0 | } |
409 | | |
410 | 0 | return ret; |
411 | 0 | } |