upstream commit

add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@ Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
author: djm@openbsd.org <djm@openbsd.org> 2016-05-02 10:26:04 +0000
committer: Damien Miller <djm@mindrot.org> 2016-05-02 20:39:32 +1000
commit: 0e8eeec8e75f6d0eaf33317376f773160018a9c7 (patch)
tree: 1fe3e4d977c9df10597c2a5dec1b6b0a8ab8afbe /dh.c
parent: 57464e3934ba53ad8590ee3ccd840f693407fc1e (diff)
1 files changed, 72 insertions, 11 deletions
diff --git a/dh.c b/dh.c
index 20f819131..167d3714e 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.59 2016/03/31 05:24:06 dtucker Exp $ */
+/* $OpenBSD: dh.c,v 1.60 2016/05/02 10:26:04 djm Exp $ */
 /*
 * Copyright (c) 2000 Niels Provos.  All rights reserved.
 *
@@ -314,6 +314,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus)
        return (dh);
 }
+/* rfc2409 "Second Oakley Group" (1024 bits) */
 DH *
 dh_new_group1(void)
 {
@@ -328,6 +329,7 @@ dh_new_group1(void)
        return (dh_new_group_asc(gen, group1));
 }
+/* rfc3526 group 14 "2048-bit MODP Group" */
 DH *
 dh_new_group14(void)
 {
@@ -347,12 +349,9 @@ dh_new_group14(void)
        return (dh_new_group_asc(gen, group14));
 }
-/*
+/* rfc3526 group 16 "4096-bit MODP Group" */
- * 4k bit fallback group used by DH-GEX if moduli file cannot be read.
- * Source: MODP group 16 from RFC3526.
- */
 DH *
-dh_new_group_fallback(int max)
+dh_new_group16(void)
 {
        static char *gen = "2", *group16 =
            "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
@@ -378,12 +377,75 @@ dh_new_group_fallback(int max)
            "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199"
            "FFFFFFFF" "FFFFFFFF";
-        if (max < 4096) {
+        return (dh_new_group_asc(gen, group16));
-                debug3("requested max size %d, using 2k bit group 14", max);
+}
+/* rfc3526 group 18 "8192-bit MODP Group" */
+DH *
+dh_new_group18(void)
+{
+        static char *gen = "2", *group16 =
+            "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
+            "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
+            "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
+            "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
+            "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
+            "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
+            "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
+            "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
+            "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
+            "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
+            "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64"
+            "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7"
+            "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B"
+            "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C"
+            "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31"
+            "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7"
+            "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA"
+            "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6"
+            "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED"
+            "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9"
+            "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34028492"
+            "36C3FAB4" "D27C7026" "C1D4DCB2" "602646DE" "C9751E76" "3DBA37BD"
+            "F8FF9406" "AD9E530E" "E5DB382F" "413001AE" "B06A53ED" "9027D831"
+            "179727B0" "865A8918" "DA3EDBEB" "CF9B14ED" "44CE6CBA" "CED4BB1B"
+            "DB7F1447" "E6CC254B" "33205151" "2BD7AF42" "6FB8F401" "378CD2BF"
+            "5983CA01" "C64B92EC" "F032EA15" "D1721D03" "F482D7CE" "6E74FEF6"
+            "D55E702F" "46980C82" "B5A84031" "900B1C9E" "59E7C97F" "BEC7E8F3"
+            "23A97A7E" "36CC88BE" "0F1D45B7" "FF585AC5" "4BD407B2" "2B4154AA"
+            "CC8F6D7E" "BF48E1D8" "14CC5ED2" "0F8037E0" "A79715EE" "F29BE328"
+            "06A1D58B" "B7C5DA76" "F550AA3D" "8A1FBFF0" "EB19CCB1" "A313D55C"
+            "DA56C9EC" "2EF29632" "387FE8D7" "6E3C0468" "043E8F66" "3F4860EE"
+            "12BF2D5B" "0B7474D6" "E694F91E" "6DBE1159" "74A3926F" "12FEE5E4"
+            "38777CB6" "A932DF8C" "D8BEC4D0" "73B931BA" "3BC832B6" "8D9DD300"
+            "741FA7BF" "8AFC47ED" "2576F693" "6BA42466" "3AAB639C" "5AE4F568"
+            "3423B474" "2BF1C978" "238F16CB" "E39D652D" "E3FDB8BE" "FC848AD9"
+            "22222E04" "A4037C07" "13EB57A8" "1A23F0C7" "3473FC64" "6CEA306B"
+            "4BCBC886" "2F8385DD" "FA9D4B7F" "A2C087E8" "79683303" "ED5BDD3A"
+            "062B3CF5" "B3A278A6" "6D2A13F8" "3F44F82D" "DF310EE0" "74AB6A36"
+            "4597E899" "A0255DC1" "64F31CC5" "0846851D" "F9AB4819" "5DED7EA1"
+            "B1D510BD" "7EE74D73" "FAF36BC3" "1ECFA268" "359046F4" "EB879F92"
+            "4009438B" "481C6CD7" "889A002E" "D5EE382B" "C9190DA6" "FC026E47"
+            "9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71"
+            "60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF";
+        return (dh_new_group_asc(gen, group16));
+}
+/* Select fallback group used by DH-GEX if moduli file cannot be read. */
+DH *
+dh_new_group_fallback(int max)
+{
+        debug3("%s: requested max size %d", __func__, max);
+        if (max < 3072) {
+                debug3("using 2k bit group 14");
                return dh_new_group14();
+        } else if (max < 6144) {
+                debug3("using 4k bit group 16");
+                return dh_new_group16();
        }
-        debug3("using 4k bit group 16");
+        debug3("using 8k bit group 18");
-        return (dh_new_group_asc(gen, group16));
+        return dh_new_group18();
 }
 /*
@@ -393,7 +455,6 @@ dh_new_group_fallback(int max)
 * Management Part 1 (rev 3) limited by the recommended maximum value
 * from RFC4419 section 3.
 */
 u_int
 dh_estimate(int bits)
 {
author	djm@openbsd.org <djm@openbsd.org>	2016-05-02 10:26:04 +0000
committer	Damien Miller <djm@mindrot.org>	2016-05-02 20:39:32 +1000
commit	0e8eeec8e75f6d0eaf33317376f773160018a9c7 (patch)
tree	1fe3e4d977c9df10597c2a5dec1b6b0a8ab8afbe /dh.c
parent	57464e3934ba53ad8590ee3ccd840f693407fc1e (diff)

diff --git a/dh.c b/dh.c index 20f819131..167d3714e 100644 --- a/dh.c +++ b/dh.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh.c,v 1.59 2016/03/31 05:24:06 dtucker Exp $ */	1	/* $OpenBSD: dh.c,v 1.60 2016/05/02 10:26:04 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Niels Provos. All rights reserved.	3	* Copyright (c) 2000 Niels Provos. All rights reserved.
4	*	4	*
@@ -314,6 +314,7 @@ dh_new_group(BIGNUM gen, BIGNUM modulus)
314	return (dh);	314	return (dh);
315	}	315	}
316		316
		317	/* rfc2409 "Second Oakley Group" (1024 bits) */
317	DH *	318	DH *
318	dh_new_group1(void)	319	dh_new_group1(void)
319	{	320	{
@@ -328,6 +329,7 @@ dh_new_group1(void)
328	return (dh_new_group_asc(gen, group1));	329	return (dh_new_group_asc(gen, group1));
329	}	330	}
330		331
		332	/* rfc3526 group 14 "2048-bit MODP Group" */
331	DH *	333	DH *
332	dh_new_group14(void)	334	dh_new_group14(void)
333	{	335	{
@@ -347,12 +349,9 @@ dh_new_group14(void)
347	return (dh_new_group_asc(gen, group14));	349	return (dh_new_group_asc(gen, group14));
348	}	350	}
349		351
350	/*	352	/* rfc3526 group 16 "4096-bit MODP Group" */
351	* 4k bit fallback group used by DH-GEX if moduli file cannot be read.
352	* Source: MODP group 16 from RFC3526.
353	*/
354	DH *	353	DH *
355	dh_new_group_fallback(int max)	354	dh_new_group16(void)
356	{	355	{
357	static char gen = "2", group16 =	356	static char gen = "2", group16 =
358	"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"	357	"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
@@ -378,12 +377,75 @@ dh_new_group_fallback(int max)
378	"93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199"	377	"93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199"
379	"FFFFFFFF" "FFFFFFFF";	378	"FFFFFFFF" "FFFFFFFF";
380		379
381	if (max < 4096) {	380	return (dh_new_group_asc(gen, group16));
382	debug3("requested max size %d, using 2k bit group 14", max);	381	}
		382
		383	/* rfc3526 group 18 "8192-bit MODP Group" */
		384	DH *
		385	dh_new_group18(void)
		386	{
		387	static char gen = "2", group16 =
		388	"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
		389	"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
		390	"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
		391	"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
		392	"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
		393	"C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
		394	"83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
		395	"670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
		396	"E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
		397	"DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
		398	"15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64"
		399	"ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7"
		400	"ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B"
		401	"F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C"
		402	"BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31"
		403	"43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7"
		404	"88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA"
		405	"2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6"
		406	"287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED"
		407	"1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9"
		408	"93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34028492"
		409	"36C3FAB4" "D27C7026" "C1D4DCB2" "602646DE" "C9751E76" "3DBA37BD"
		410	"F8FF9406" "AD9E530E" "E5DB382F" "413001AE" "B06A53ED" "9027D831"
		411	"179727B0" "865A8918" "DA3EDBEB" "CF9B14ED" "44CE6CBA" "CED4BB1B"
		412	"DB7F1447" "E6CC254B" "33205151" "2BD7AF42" "6FB8F401" "378CD2BF"
		413	"5983CA01" "C64B92EC" "F032EA15" "D1721D03" "F482D7CE" "6E74FEF6"
		414	"D55E702F" "46980C82" "B5A84031" "900B1C9E" "59E7C97F" "BEC7E8F3"
		415	"23A97A7E" "36CC88BE" "0F1D45B7" "FF585AC5" "4BD407B2" "2B4154AA"
		416	"CC8F6D7E" "BF48E1D8" "14CC5ED2" "0F8037E0" "A79715EE" "F29BE328"
		417	"06A1D58B" "B7C5DA76" "F550AA3D" "8A1FBFF0" "EB19CCB1" "A313D55C"
		418	"DA56C9EC" "2EF29632" "387FE8D7" "6E3C0468" "043E8F66" "3F4860EE"
		419	"12BF2D5B" "0B7474D6" "E694F91E" "6DBE1159" "74A3926F" "12FEE5E4"
		420	"38777CB6" "A932DF8C" "D8BEC4D0" "73B931BA" "3BC832B6" "8D9DD300"
		421	"741FA7BF" "8AFC47ED" "2576F693" "6BA42466" "3AAB639C" "5AE4F568"
		422	"3423B474" "2BF1C978" "238F16CB" "E39D652D" "E3FDB8BE" "FC848AD9"
		423	"22222E04" "A4037C07" "13EB57A8" "1A23F0C7" "3473FC64" "6CEA306B"
		424	"4BCBC886" "2F8385DD" "FA9D4B7F" "A2C087E8" "79683303" "ED5BDD3A"
		425	"062B3CF5" "B3A278A6" "6D2A13F8" "3F44F82D" "DF310EE0" "74AB6A36"
		426	"4597E899" "A0255DC1" "64F31CC5" "0846851D" "F9AB4819" "5DED7EA1"
		427	"B1D510BD" "7EE74D73" "FAF36BC3" "1ECFA268" "359046F4" "EB879F92"
		428	"4009438B" "481C6CD7" "889A002E" "D5EE382B" "C9190DA6" "FC026E47"
		429	"9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71"
		430	"60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF";
		431
		432	return (dh_new_group_asc(gen, group16));
		433	}
		434
		435	/* Select fallback group used by DH-GEX if moduli file cannot be read. */
		436	DH *
		437	dh_new_group_fallback(int max)
		438	{
		439	debug3("%s: requested max size %d", __func__, max);
		440	if (max < 3072) {
		441	debug3("using 2k bit group 14");
383	return dh_new_group14();	442	return dh_new_group14();
		443	} else if (max < 6144) {
		444	debug3("using 4k bit group 16");
		445	return dh_new_group16();
384	}	446	}
385	debug3("using 4k bit group 16");	447	debug3("using 8k bit group 18");
386	return (dh_new_group_asc(gen, group16));	448	return dh_new_group18();
387	}	449	}
388		450
389	/*	451	/*
@@ -393,7 +455,6 @@ dh_new_group_fallback(int max)
393	* Management Part 1 (rev 3) limited by the recommended maximum value	455	* Management Part 1 (rev 3) limited by the recommended maximum value
394	* from RFC4419 section 3.	456	* from RFC4419 section 3.
395	*/	457	*/
396
397	u_int	458	u_int
398	dh_estimate(int bits)	459	dh_estimate(int bits)
399	{	460	{