summaryrefslogtreecommitdiff
path: root/moduli.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2008-06-29 22:47:04 +1000
committerDamien Miller <djm@mindrot.org>2008-06-29 22:47:04 +1000
commit2e9cf4906926fba123d415fdac8465b94bcd38b3 (patch)
treed0c86565f3f340c972ad1479251b9ee31add20ae /moduli.c
parent9e720284fe63aa8e59983b880447ed4ae768387c (diff)
- djm@cvs.openbsd.org 2008/06/26 09:19:40
[dh.c dh.h moduli.c] when loading moduli from /etc/moduli in sshd(8), check that they are of the expected "safe prime" structure and have had appropriate primality tests performed; feedback and ok dtucker@
Diffstat (limited to 'moduli.c')
-rw-r--r--moduli.c49
1 files changed, 16 insertions, 33 deletions
diff --git a/moduli.c b/moduli.c
index 8fa545daf..f737cb3f5 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: moduli.c,v 1.20 2007/02/24 03:30:11 ray Exp $ */ 1/* $OpenBSD: moduli.c,v 1.21 2008/06/26 09:19:40 djm Exp $ */
2/* 2/*
3 * Copyright 1994 Phil Karn <karn@qualcomm.com> 3 * Copyright 1994 Phil Karn <karn@qualcomm.com>
4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> 4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -42,6 +42,7 @@
42#include <sys/types.h> 42#include <sys/types.h>
43 43
44#include <openssl/bn.h> 44#include <openssl/bn.h>
45#include <openssl/dh.h>
45 46
46#include <stdio.h> 47#include <stdio.h>
47#include <stdlib.h> 48#include <stdlib.h>
@@ -50,6 +51,7 @@
50#include <time.h> 51#include <time.h>
51 52
52#include "xmalloc.h" 53#include "xmalloc.h"
54#include "dh.h"
53#include "log.h" 55#include "log.h"
54 56
55/* 57/*
@@ -59,27 +61,6 @@
59/* need line long enough for largest moduli plus headers */ 61/* need line long enough for largest moduli plus headers */
60#define QLINESIZE (100+8192) 62#define QLINESIZE (100+8192)
61 63
62/* Type: decimal.
63 * Specifies the internal structure of the prime modulus.
64 */
65#define QTYPE_UNKNOWN (0)
66#define QTYPE_UNSTRUCTURED (1)
67#define QTYPE_SAFE (2)
68#define QTYPE_SCHNORR (3)
69#define QTYPE_SOPHIE_GERMAIN (4)
70#define QTYPE_STRONG (5)
71
72/* Tests: decimal (bit field).
73 * Specifies the methods used in checking for primality.
74 * Usually, more than one test is used.
75 */
76#define QTEST_UNTESTED (0x00)
77#define QTEST_COMPOSITE (0x01)
78#define QTEST_SIEVE (0x02)
79#define QTEST_MILLER_RABIN (0x04)
80#define QTEST_JACOBI (0x08)
81#define QTEST_ELLIPTIC (0x10)
82
83/* 64/*
84 * Size: decimal. 65 * Size: decimal.
85 * Specifies the number of the most significant bit (0 to M). 66 * Specifies the number of the most significant bit (0 to M).
@@ -434,8 +415,9 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
434 fatal("BN_set_word failed"); 415 fatal("BN_set_word failed");
435 if (BN_add(q, q, largebase) == 0) 416 if (BN_add(q, q, largebase) == 0)
436 fatal("BN_add failed"); 417 fatal("BN_add failed");
437 if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE, 418 if (qfileout(out, MODULI_TYPE_SOPHIE_GERMAIN,
438 largetries, (power - 1) /* MSB */, (0), q) == -1) { 419 MODULI_TESTS_SIEVE, largetries,
420 (power - 1) /* MSB */, (0), q) == -1) {
439 ret = -1; 421 ret = -1;
440 break; 422 break;
441 } 423 }
@@ -507,7 +489,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
507 /* tests */ 489 /* tests */
508 in_tests = strtoul(cp, &cp, 10); 490 in_tests = strtoul(cp, &cp, 10);
509 491
510 if (in_tests & QTEST_COMPOSITE) { 492 if (in_tests & MODULI_TESTS_COMPOSITE) {
511 debug2("%10u: known composite", count_in); 493 debug2("%10u: known composite", count_in);
512 continue; 494 continue;
513 } 495 }
@@ -526,7 +508,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
526 508
527 /* modulus (hex) */ 509 /* modulus (hex) */
528 switch (in_type) { 510 switch (in_type) {
529 case QTYPE_SOPHIE_GERMAIN: 511 case MODULI_TYPE_SOPHIE_GERMAIN:
530 debug2("%10u: (%u) Sophie-Germain", count_in, in_type); 512 debug2("%10u: (%u) Sophie-Germain", count_in, in_type);
531 a = q; 513 a = q;
532 if (BN_hex2bn(&a, cp) == 0) 514 if (BN_hex2bn(&a, cp) == 0)
@@ -539,11 +521,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
539 in_size += 1; 521 in_size += 1;
540 generator_known = 0; 522 generator_known = 0;
541 break; 523 break;
542 case QTYPE_UNSTRUCTURED: 524 case MODULI_TYPE_UNSTRUCTURED:
543 case QTYPE_SAFE: 525 case MODULI_TYPE_SAFE:
544 case QTYPE_SCHNORR: 526 case MODULI_TYPE_SCHNORR:
545 case QTYPE_STRONG: 527 case MODULI_TYPE_STRONG:
546 case QTYPE_UNKNOWN: 528 case MODULI_TYPE_UNKNOWN:
547 debug2("%10u: (%u)", count_in, in_type); 529 debug2("%10u: (%u)", count_in, in_type);
548 a = p; 530 a = p;
549 if (BN_hex2bn(&a, cp) == 0) 531 if (BN_hex2bn(&a, cp) == 0)
@@ -570,7 +552,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
570 continue; 552 continue;
571 } 553 }
572 554
573 if (in_tests & QTEST_MILLER_RABIN) 555 if (in_tests & MODULI_TESTS_MILLER_RABIN)
574 in_tries += trials; 556 in_tries += trials;
575 else 557 else
576 in_tries = trials; 558 in_tries = trials;
@@ -644,7 +626,8 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
644 } 626 }
645 debug("%10u: q is almost certainly prime", count_in); 627 debug("%10u: q is almost certainly prime", count_in);
646 628
647 if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN), 629 if (qfileout(out, MODULI_TYPE_SAFE,
630 in_tests | MODULI_TESTS_MILLER_RABIN,
648 in_tries, in_size, generator_known, p)) { 631 in_tries, in_size, generator_known, p)) {
649 res = -1; 632 res = -1;
650 break; 633 break;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 14:09:07 +0000