1 /* ====================================================================
2 * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * [email protected].
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * ([email protected]). This product includes software written by Tim
51 * Hudson ([email protected]). */
52
53 #include <openssl/dh.h>
54
55 #include <openssl/bn.h>
56 #include <openssl/err.h>
57 #include <openssl/mem.h>
58
59 #include "../fipsmodule/bn/internal.h"
60 #include "../fipsmodule/dh/internal.h"
61
62
get_params(BIGNUM * ret,const BN_ULONG * words,size_t num_words)63 static BIGNUM *get_params(BIGNUM *ret, const BN_ULONG *words, size_t num_words) {
64 BIGNUM *alloc = NULL;
65 if (ret == NULL) {
66 alloc = BN_new();
67 if (alloc == NULL) {
68 return NULL;
69 }
70 ret = alloc;
71 }
72
73 if (!bn_set_words(ret, words, num_words)) {
74 BN_free(alloc);
75 return NULL;
76 }
77
78 return ret;
79 }
80
BN_get_rfc3526_prime_1536(BIGNUM * ret)81 BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *ret) {
82 static const BN_ULONG kWords[] = {
83 TOBN(0xffffffff, 0xffffffff), TOBN(0xf1746c08, 0xca237327),
84 TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
85 TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
86 TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
87 TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
88 TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
89 TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
90 TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
91 TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
92 TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
93 TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
94 TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
95 };
96 return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
97 }
98
BN_get_rfc3526_prime_2048(BIGNUM * ret)99 BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *ret) {
100 static const BN_ULONG kWords[] = {
101 TOBN(0xffffffff, 0xffffffff), TOBN(0x15728e5a, 0x8aacaa68),
102 TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
103 TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
104 TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
105 TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
106 TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
107 TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
108 TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
109 TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
110 TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
111 TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
112 TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
113 TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
114 TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
115 TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
116 TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
117 };
118 return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
119 }
120
BN_get_rfc3526_prime_3072(BIGNUM * ret)121 BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *ret) {
122 static const BN_ULONG kWords[] = {
123 TOBN(0xffffffff, 0xffffffff), TOBN(0x4b82d120, 0xa93ad2ca),
124 TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31),
125 TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c),
126 TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64),
127 TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b),
128 TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7),
129 TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d),
130 TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64),
131 TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d),
132 TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
133 TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
134 TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
135 TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
136 TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
137 TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
138 TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
139 TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
140 TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
141 TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
142 TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
143 TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
144 TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
145 TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
146 TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
147 };
148 return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
149 }
150
BN_get_rfc3526_prime_4096(BIGNUM * ret)151 BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *ret) {
152 static const BN_ULONG kWords[] = {
153 TOBN(0xffffffff, 0xffffffff), TOBN(0x4df435c9, 0x34063199),
154 TOBN(0x86ffb7dc, 0x90a6c08f), TOBN(0x93b4ea98, 0x8d8fddc1),
155 TOBN(0xd0069127, 0xd5b05aa9), TOBN(0xb81bdd76, 0x2170481c),
156 TOBN(0x1f612970, 0xcee2d7af), TOBN(0x233ba186, 0x515be7ed),
157 TOBN(0x99b2964f, 0xa090c3a2), TOBN(0x287c5947, 0x4e6bc05d),
158 TOBN(0x2e8efc14, 0x1fbecaa6), TOBN(0xdbbbc2db, 0x04de8ef9),
159 TOBN(0x2583e9ca, 0x2ad44ce8), TOBN(0x1a946834, 0xb6150bda),
160 TOBN(0x99c32718, 0x6af4e23c), TOBN(0x88719a10, 0xbdba5b26),
161 TOBN(0x1a723c12, 0xa787e6d7), TOBN(0x4b82d120, 0xa9210801),
162 TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31),
163 TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c),
164 TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64),
165 TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b),
166 TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7),
167 TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d),
168 TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64),
169 TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d),
170 TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
171 TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
172 TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
173 TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
174 TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
175 TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
176 TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
177 TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
178 TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
179 TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
180 TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
181 TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
182 TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
183 TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
184 TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
185 };
186 return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
187 }
188
BN_get_rfc3526_prime_6144(BIGNUM * ret)189 BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *ret) {
190 static const BN_ULONG kWords[] = {
191 TOBN(0xffffffff, 0xffffffff), TOBN(0xe694f91e, 0x6dcc4024),
192 TOBN(0x12bf2d5b, 0x0b7474d6), TOBN(0x043e8f66, 0x3f4860ee),
193 TOBN(0x387fe8d7, 0x6e3c0468), TOBN(0xda56c9ec, 0x2ef29632),
194 TOBN(0xeb19ccb1, 0xa313d55c), TOBN(0xf550aa3d, 0x8a1fbff0),
195 TOBN(0x06a1d58b, 0xb7c5da76), TOBN(0xa79715ee, 0xf29be328),
196 TOBN(0x14cc5ed2, 0x0f8037e0), TOBN(0xcc8f6d7e, 0xbf48e1d8),
197 TOBN(0x4bd407b2, 0x2b4154aa), TOBN(0x0f1d45b7, 0xff585ac5),
198 TOBN(0x23a97a7e, 0x36cc88be), TOBN(0x59e7c97f, 0xbec7e8f3),
199 TOBN(0xb5a84031, 0x900b1c9e), TOBN(0xd55e702f, 0x46980c82),
200 TOBN(0xf482d7ce, 0x6e74fef6), TOBN(0xf032ea15, 0xd1721d03),
201 TOBN(0x5983ca01, 0xc64b92ec), TOBN(0x6fb8f401, 0x378cd2bf),
202 TOBN(0x33205151, 0x2bd7af42), TOBN(0xdb7f1447, 0xe6cc254b),
203 TOBN(0x44ce6cba, 0xced4bb1b), TOBN(0xda3edbeb, 0xcf9b14ed),
204 TOBN(0x179727b0, 0x865a8918), TOBN(0xb06a53ed, 0x9027d831),
205 TOBN(0xe5db382f, 0x413001ae), TOBN(0xf8ff9406, 0xad9e530e),
206 TOBN(0xc9751e76, 0x3dba37bd), TOBN(0xc1d4dcb2, 0x602646de),
207 TOBN(0x36c3fab4, 0xd27c7026), TOBN(0x4df435c9, 0x34028492),
208 TOBN(0x86ffb7dc, 0x90a6c08f), TOBN(0x93b4ea98, 0x8d8fddc1),
209 TOBN(0xd0069127, 0xd5b05aa9), TOBN(0xb81bdd76, 0x2170481c),
210 TOBN(0x1f612970, 0xcee2d7af), TOBN(0x233ba186, 0x515be7ed),
211 TOBN(0x99b2964f, 0xa090c3a2), TOBN(0x287c5947, 0x4e6bc05d),
212 TOBN(0x2e8efc14, 0x1fbecaa6), TOBN(0xdbbbc2db, 0x04de8ef9),
213 TOBN(0x2583e9ca, 0x2ad44ce8), TOBN(0x1a946834, 0xb6150bda),
214 TOBN(0x99c32718, 0x6af4e23c), TOBN(0x88719a10, 0xbdba5b26),
215 TOBN(0x1a723c12, 0xa787e6d7), TOBN(0x4b82d120, 0xa9210801),
216 TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31),
217 TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c),
218 TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64),
219 TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b),
220 TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7),
221 TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d),
222 TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64),
223 TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d),
224 TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
225 TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
226 TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
227 TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
228 TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
229 TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
230 TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
231 TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
232 TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
233 TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
234 TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
235 TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
236 TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
237 TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
238 TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
239 };
240 return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
241 }
242
BN_get_rfc3526_prime_8192(BIGNUM * ret)243 BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *ret) {
244 static const BN_ULONG kWords[] = {
245 TOBN(0xffffffff, 0xffffffff), TOBN(0x60c980dd, 0x98edd3df),
246 TOBN(0xc81f56e8, 0x80b96e71), TOBN(0x9e3050e2, 0x765694df),
247 TOBN(0x9558e447, 0x5677e9aa), TOBN(0xc9190da6, 0xfc026e47),
248 TOBN(0x889a002e, 0xd5ee382b), TOBN(0x4009438b, 0x481c6cd7),
249 TOBN(0x359046f4, 0xeb879f92), TOBN(0xfaf36bc3, 0x1ecfa268),
250 TOBN(0xb1d510bd, 0x7ee74d73), TOBN(0xf9ab4819, 0x5ded7ea1),
251 TOBN(0x64f31cc5, 0x0846851d), TOBN(0x4597e899, 0xa0255dc1),
252 TOBN(0xdf310ee0, 0x74ab6a36), TOBN(0x6d2a13f8, 0x3f44f82d),
253 TOBN(0x062b3cf5, 0xb3a278a6), TOBN(0x79683303, 0xed5bdd3a),
254 TOBN(0xfa9d4b7f, 0xa2c087e8), TOBN(0x4bcbc886, 0x2f8385dd),
255 TOBN(0x3473fc64, 0x6cea306b), TOBN(0x13eb57a8, 0x1a23f0c7),
256 TOBN(0x22222e04, 0xa4037c07), TOBN(0xe3fdb8be, 0xfc848ad9),
257 TOBN(0x238f16cb, 0xe39d652d), TOBN(0x3423b474, 0x2bf1c978),
258 TOBN(0x3aab639c, 0x5ae4f568), TOBN(0x2576f693, 0x6ba42466),
259 TOBN(0x741fa7bf, 0x8afc47ed), TOBN(0x3bc832b6, 0x8d9dd300),
260 TOBN(0xd8bec4d0, 0x73b931ba), TOBN(0x38777cb6, 0xa932df8c),
261 TOBN(0x74a3926f, 0x12fee5e4), TOBN(0xe694f91e, 0x6dbe1159),
262 TOBN(0x12bf2d5b, 0x0b7474d6), TOBN(0x043e8f66, 0x3f4860ee),
263 TOBN(0x387fe8d7, 0x6e3c0468), TOBN(0xda56c9ec, 0x2ef29632),
264 TOBN(0xeb19ccb1, 0xa313d55c), TOBN(0xf550aa3d, 0x8a1fbff0),
265 TOBN(0x06a1d58b, 0xb7c5da76), TOBN(0xa79715ee, 0xf29be328),
266 TOBN(0x14cc5ed2, 0x0f8037e0), TOBN(0xcc8f6d7e, 0xbf48e1d8),
267 TOBN(0x4bd407b2, 0x2b4154aa), TOBN(0x0f1d45b7, 0xff585ac5),
268 TOBN(0x23a97a7e, 0x36cc88be), TOBN(0x59e7c97f, 0xbec7e8f3),
269 TOBN(0xb5a84031, 0x900b1c9e), TOBN(0xd55e702f, 0x46980c82),
270 TOBN(0xf482d7ce, 0x6e74fef6), TOBN(0xf032ea15, 0xd1721d03),
271 TOBN(0x5983ca01, 0xc64b92ec), TOBN(0x6fb8f401, 0x378cd2bf),
272 TOBN(0x33205151, 0x2bd7af42), TOBN(0xdb7f1447, 0xe6cc254b),
273 TOBN(0x44ce6cba, 0xced4bb1b), TOBN(0xda3edbeb, 0xcf9b14ed),
274 TOBN(0x179727b0, 0x865a8918), TOBN(0xb06a53ed, 0x9027d831),
275 TOBN(0xe5db382f, 0x413001ae), TOBN(0xf8ff9406, 0xad9e530e),
276 TOBN(0xc9751e76, 0x3dba37bd), TOBN(0xc1d4dcb2, 0x602646de),
277 TOBN(0x36c3fab4, 0xd27c7026), TOBN(0x4df435c9, 0x34028492),
278 TOBN(0x86ffb7dc, 0x90a6c08f), TOBN(0x93b4ea98, 0x8d8fddc1),
279 TOBN(0xd0069127, 0xd5b05aa9), TOBN(0xb81bdd76, 0x2170481c),
280 TOBN(0x1f612970, 0xcee2d7af), TOBN(0x233ba186, 0x515be7ed),
281 TOBN(0x99b2964f, 0xa090c3a2), TOBN(0x287c5947, 0x4e6bc05d),
282 TOBN(0x2e8efc14, 0x1fbecaa6), TOBN(0xdbbbc2db, 0x04de8ef9),
283 TOBN(0x2583e9ca, 0x2ad44ce8), TOBN(0x1a946834, 0xb6150bda),
284 TOBN(0x99c32718, 0x6af4e23c), TOBN(0x88719a10, 0xbdba5b26),
285 TOBN(0x1a723c12, 0xa787e6d7), TOBN(0x4b82d120, 0xa9210801),
286 TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31),
287 TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c),
288 TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64),
289 TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b),
290 TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7),
291 TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d),
292 TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64),
293 TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d),
294 TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
295 TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
296 TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
297 TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
298 TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
299 TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
300 TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
301 TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
302 TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
303 TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
304 TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
305 TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
306 TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
307 TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
308 TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
309 };
310 return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
311 }
312
DH_generate_parameters_ex(DH * dh,int prime_bits,int generator,BN_GENCB * cb)313 int DH_generate_parameters_ex(DH *dh, int prime_bits, int generator,
314 BN_GENCB *cb) {
315 // We generate DH parameters as follows
316 // find a prime q which is prime_bits/2 bits long.
317 // p=(2*q)+1 or (p-1)/2 = q
318 // For this case, g is a generator if
319 // g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
320 // Since the factors of p-1 are q and 2, we just need to check
321 // g^2 mod p != 1 and g^q mod p != 1.
322 //
323 // Having said all that,
324 // there is another special case method for the generators 2, 3 and 5.
325 // for 2, p mod 24 == 11
326 // for 3, p mod 12 == 5 <<<<< does not work for safe primes.
327 // for 5, p mod 10 == 3 or 7
328 //
329 // Thanks to Phil Karn <[email protected]> for the pointers about the
330 // special generators and for answering some of my questions.
331 //
332 // I've implemented the second simple method :-).
333 // Since DH should be using a safe prime (both p and q are prime),
334 // this generator function can take a very very long time to run.
335
336 // Actually there is no reason to insist that 'generator' be a generator.
337 // It's just as OK (and in some sense better) to use a generator of the
338 // order-q subgroup.
339
340 if (prime_bits <= 0 || prime_bits > OPENSSL_DH_MAX_MODULUS_BITS) {
341 OPENSSL_PUT_ERROR(DH, DH_R_MODULUS_TOO_LARGE);
342 return 0;
343 }
344
345 BIGNUM *t1, *t2;
346 int g, ok = 0;
347 BN_CTX *ctx = NULL;
348
349 ctx = BN_CTX_new();
350 if (ctx == NULL) {
351 goto err;
352 }
353 BN_CTX_start(ctx);
354 t1 = BN_CTX_get(ctx);
355 t2 = BN_CTX_get(ctx);
356 if (t1 == NULL || t2 == NULL) {
357 goto err;
358 }
359
360 // Make sure |dh| has the necessary elements
361 if (dh->p == NULL) {
362 dh->p = BN_new();
363 if (dh->p == NULL) {
364 goto err;
365 }
366 }
367 if (dh->g == NULL) {
368 dh->g = BN_new();
369 if (dh->g == NULL) {
370 goto err;
371 }
372 }
373
374 if (generator <= 1) {
375 OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
376 goto err;
377 }
378 if (generator == DH_GENERATOR_2) {
379 if (!BN_set_word(t1, 24)) {
380 goto err;
381 }
382 if (!BN_set_word(t2, 11)) {
383 goto err;
384 }
385 g = 2;
386 } else if (generator == DH_GENERATOR_5) {
387 if (!BN_set_word(t1, 10)) {
388 goto err;
389 }
390 if (!BN_set_word(t2, 3)) {
391 goto err;
392 }
393 // BN_set_word(t3,7); just have to miss
394 // out on these ones :-(
395 g = 5;
396 } else {
397 // in the general case, don't worry if 'generator' is a
398 // generator or not: since we are using safe primes,
399 // it will generate either an order-q or an order-2q group,
400 // which both is OK
401 if (!BN_set_word(t1, 2)) {
402 goto err;
403 }
404 if (!BN_set_word(t2, 1)) {
405 goto err;
406 }
407 g = generator;
408 }
409
410 if (!BN_generate_prime_ex(dh->p, prime_bits, 1, t1, t2, cb)) {
411 goto err;
412 }
413 if (!BN_GENCB_call(cb, 3, 0)) {
414 goto err;
415 }
416 if (!BN_set_word(dh->g, g)) {
417 goto err;
418 }
419 ok = 1;
420
421 err:
422 if (!ok) {
423 OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
424 }
425
426 if (ctx != NULL) {
427 BN_CTX_end(ctx);
428 BN_CTX_free(ctx);
429 }
430 return ok;
431 }
432
int_dh_bn_cpy(BIGNUM ** dst,const BIGNUM * src)433 static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src) {
434 BIGNUM *a = NULL;
435
436 if (src) {
437 a = BN_dup(src);
438 if (!a) {
439 return 0;
440 }
441 }
442
443 BN_free(*dst);
444 *dst = a;
445 return 1;
446 }
447
int_dh_param_copy(DH * to,const DH * from,int is_x942)448 static int int_dh_param_copy(DH *to, const DH *from, int is_x942) {
449 if (is_x942 == -1) {
450 is_x942 = !!from->q;
451 }
452 if (!int_dh_bn_cpy(&to->p, from->p) ||
453 !int_dh_bn_cpy(&to->g, from->g)) {
454 return 0;
455 }
456
457 if (!is_x942) {
458 return 1;
459 }
460
461 if (!int_dh_bn_cpy(&to->q, from->q)) {
462 return 0;
463 }
464
465 return 1;
466 }
467
DHparams_dup(const DH * dh)468 DH *DHparams_dup(const DH *dh) {
469 DH *ret = DH_new();
470 if (!ret) {
471 return NULL;
472 }
473
474 if (!int_dh_param_copy(ret, dh, -1)) {
475 DH_free(ret);
476 return NULL;
477 }
478
479 return ret;
480 }
481