diff options
author | Damien Miller <djm@mindrot.org> | 2008-06-29 22:47:04 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2008-06-29 22:47:04 +1000 |
commit | 2e9cf4906926fba123d415fdac8465b94bcd38b3 (patch) | |
tree | d0c86565f3f340c972ad1479251b9ee31add20ae /moduli.c | |
parent | 9e720284fe63aa8e59983b880447ed4ae768387c (diff) |
- djm@cvs.openbsd.org 2008/06/26 09:19:40
[dh.c dh.h moduli.c]
when loading moduli from /etc/moduli in sshd(8), check that they
are of the expected "safe prime" structure and have had
appropriate primality tests performed;
feedback and ok dtucker@
Diffstat (limited to 'moduli.c')
-rw-r--r-- | moduli.c | 49 |
1 files changed, 16 insertions, 33 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: moduli.c,v 1.20 2007/02/24 03:30:11 ray Exp $ */ | 1 | /* $OpenBSD: moduli.c,v 1.21 2008/06/26 09:19:40 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> | 3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> |
4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> | 4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> |
@@ -42,6 +42,7 @@ | |||
42 | #include <sys/types.h> | 42 | #include <sys/types.h> |
43 | 43 | ||
44 | #include <openssl/bn.h> | 44 | #include <openssl/bn.h> |
45 | #include <openssl/dh.h> | ||
45 | 46 | ||
46 | #include <stdio.h> | 47 | #include <stdio.h> |
47 | #include <stdlib.h> | 48 | #include <stdlib.h> |
@@ -50,6 +51,7 @@ | |||
50 | #include <time.h> | 51 | #include <time.h> |
51 | 52 | ||
52 | #include "xmalloc.h" | 53 | #include "xmalloc.h" |
54 | #include "dh.h" | ||
53 | #include "log.h" | 55 | #include "log.h" |
54 | 56 | ||
55 | /* | 57 | /* |
@@ -59,27 +61,6 @@ | |||
59 | /* need line long enough for largest moduli plus headers */ | 61 | /* need line long enough for largest moduli plus headers */ |
60 | #define QLINESIZE (100+8192) | 62 | #define QLINESIZE (100+8192) |
61 | 63 | ||
62 | /* Type: decimal. | ||
63 | * Specifies the internal structure of the prime modulus. | ||
64 | */ | ||
65 | #define QTYPE_UNKNOWN (0) | ||
66 | #define QTYPE_UNSTRUCTURED (1) | ||
67 | #define QTYPE_SAFE (2) | ||
68 | #define QTYPE_SCHNORR (3) | ||
69 | #define QTYPE_SOPHIE_GERMAIN (4) | ||
70 | #define QTYPE_STRONG (5) | ||
71 | |||
72 | /* Tests: decimal (bit field). | ||
73 | * Specifies the methods used in checking for primality. | ||
74 | * Usually, more than one test is used. | ||
75 | */ | ||
76 | #define QTEST_UNTESTED (0x00) | ||
77 | #define QTEST_COMPOSITE (0x01) | ||
78 | #define QTEST_SIEVE (0x02) | ||
79 | #define QTEST_MILLER_RABIN (0x04) | ||
80 | #define QTEST_JACOBI (0x08) | ||
81 | #define QTEST_ELLIPTIC (0x10) | ||
82 | |||
83 | /* | 64 | /* |
84 | * Size: decimal. | 65 | * Size: decimal. |
85 | * Specifies the number of the most significant bit (0 to M). | 66 | * Specifies the number of the most significant bit (0 to M). |
@@ -434,8 +415,9 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) | |||
434 | fatal("BN_set_word failed"); | 415 | fatal("BN_set_word failed"); |
435 | if (BN_add(q, q, largebase) == 0) | 416 | if (BN_add(q, q, largebase) == 0) |
436 | fatal("BN_add failed"); | 417 | fatal("BN_add failed"); |
437 | if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE, | 418 | if (qfileout(out, MODULI_TYPE_SOPHIE_GERMAIN, |
438 | largetries, (power - 1) /* MSB */, (0), q) == -1) { | 419 | MODULI_TESTS_SIEVE, largetries, |
420 | (power - 1) /* MSB */, (0), q) == -1) { | ||
439 | ret = -1; | 421 | ret = -1; |
440 | break; | 422 | break; |
441 | } | 423 | } |
@@ -507,7 +489,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) | |||
507 | /* tests */ | 489 | /* tests */ |
508 | in_tests = strtoul(cp, &cp, 10); | 490 | in_tests = strtoul(cp, &cp, 10); |
509 | 491 | ||
510 | if (in_tests & QTEST_COMPOSITE) { | 492 | if (in_tests & MODULI_TESTS_COMPOSITE) { |
511 | debug2("%10u: known composite", count_in); | 493 | debug2("%10u: known composite", count_in); |
512 | continue; | 494 | continue; |
513 | } | 495 | } |
@@ -526,7 +508,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) | |||
526 | 508 | ||
527 | /* modulus (hex) */ | 509 | /* modulus (hex) */ |
528 | switch (in_type) { | 510 | switch (in_type) { |
529 | case QTYPE_SOPHIE_GERMAIN: | 511 | case MODULI_TYPE_SOPHIE_GERMAIN: |
530 | debug2("%10u: (%u) Sophie-Germain", count_in, in_type); | 512 | debug2("%10u: (%u) Sophie-Germain", count_in, in_type); |
531 | a = q; | 513 | a = q; |
532 | if (BN_hex2bn(&a, cp) == 0) | 514 | if (BN_hex2bn(&a, cp) == 0) |
@@ -539,11 +521,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) | |||
539 | in_size += 1; | 521 | in_size += 1; |
540 | generator_known = 0; | 522 | generator_known = 0; |
541 | break; | 523 | break; |
542 | case QTYPE_UNSTRUCTURED: | 524 | case MODULI_TYPE_UNSTRUCTURED: |
543 | case QTYPE_SAFE: | 525 | case MODULI_TYPE_SAFE: |
544 | case QTYPE_SCHNORR: | 526 | case MODULI_TYPE_SCHNORR: |
545 | case QTYPE_STRONG: | 527 | case MODULI_TYPE_STRONG: |
546 | case QTYPE_UNKNOWN: | 528 | case MODULI_TYPE_UNKNOWN: |
547 | debug2("%10u: (%u)", count_in, in_type); | 529 | debug2("%10u: (%u)", count_in, in_type); |
548 | a = p; | 530 | a = p; |
549 | if (BN_hex2bn(&a, cp) == 0) | 531 | if (BN_hex2bn(&a, cp) == 0) |
@@ -570,7 +552,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) | |||
570 | continue; | 552 | continue; |
571 | } | 553 | } |
572 | 554 | ||
573 | if (in_tests & QTEST_MILLER_RABIN) | 555 | if (in_tests & MODULI_TESTS_MILLER_RABIN) |
574 | in_tries += trials; | 556 | in_tries += trials; |
575 | else | 557 | else |
576 | in_tries = trials; | 558 | in_tries = trials; |
@@ -644,7 +626,8 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) | |||
644 | } | 626 | } |
645 | debug("%10u: q is almost certainly prime", count_in); | 627 | debug("%10u: q is almost certainly prime", count_in); |
646 | 628 | ||
647 | if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN), | 629 | if (qfileout(out, MODULI_TYPE_SAFE, |
630 | in_tests | MODULI_TESTS_MILLER_RABIN, | ||
648 | in_tries, in_size, generator_known, p)) { | 631 | in_tries, in_size, generator_known, p)) { |
649 | res = -1; | 632 | res = -1; |
650 | break; | 633 | break; |