search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*** empty log message ***
[gnutls.git] / lib / gnutls_dh_primes.c
blobe1e051b05d85c0f6b2ac630319cf0f1291824de4
1 /*
2 * Copyright (C) 2000,2001 Nikos Mavroyanopoulos
3 *
4 * This file is part of GNUTLS.
5 *
6 * The GNUTLS library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include <gnutls_int.h>
23 #include <gnutls_errors.h>
24 #include <gnutls_datum.h>
25 #include "debug.h"
26
27 static uint8 DH_G_1024[] = { 0x05 };
28 static uint8 DH_G_4096[] = { 0x05 };
29 static uint8 DH_G_2048[] = { 0x05 };
30 static uint8 DH_G_3072[] = { 0x0D };
31
32 static uint8 diffie_hellman_prime_1024[128] = {
33 0xe3, 0x79, 0xb5, 0xa7, 0x47, 0x4c, 0xfd,
34 0x9c, 0x78, 0xfe, 0x17, 0x87, 0x44, 0xc4,
35 0x86, 0x2b, 0x92, 0x13, 0x43, 0xf5, 0xac,
36 0x72, 0xd2, 0xf1, 0x2a, 0xf5, 0x39, 0xa2,
37 0x79, 0x01, 0xdd, 0x4c, 0x7e, 0x5b, 0xa0,
38 0x19, 0x11, 0xd4, 0x2f, 0x0a, 0x92, 0x8d,
39 0xfd, 0xde, 0x85, 0x93, 0x99, 0xad, 0xe0,
40 0xd4, 0x0b, 0x62, 0xaa, 0x86, 0xa7, 0xd7,
41 0x63, 0x2e, 0x35, 0x96, 0x88, 0xbe, 0x52,
42 0x2e, 0x8c, 0x27, 0xf0, 0xe0, 0xa1, 0x0e,
43 0xb7, 0xb9, 0xc8, 0xbd, 0x5d, 0xe8, 0xdb,
44 0x63, 0xd8, 0xb4, 0xe7, 0x0d, 0xff, 0x0f,
45 0x55, 0xe7, 0x27, 0x0d, 0xb7, 0x57, 0x33,
46 0x30, 0xd6, 0xeb, 0x51, 0x99, 0x86, 0x17,
47 0x5b, 0x48, 0xb3, 0x0c, 0xae, 0xbd, 0xa1,
48 0x83, 0x6b, 0xbd, 0x9f, 0x83, 0x83, 0x2b,
49 0x46, 0x3e, 0x18, 0xa4, 0x4d, 0x82, 0x95,
50 0xa4, 0x08, 0xdd, 0x28, 0x0c, 0x4f, 0x93,
51 0xfd, 0xd7
52 };
53
54 /* prime - 4096 bits */
55 static uint8 diffie_hellman_prime_4096[] = { 0x00,
56 0x98, 0xb7, 0x3d, 0x66, 0xf1, 0x18, 0x61,
57 0xa9, 0x36, 0xd9, 0xf1, 0xbf, 0x65, 0xbb,
58 0x7c, 0x06, 0x10, 0x15, 0xe5, 0x24, 0x47,
59 0xb5, 0x45, 0x7e, 0xbb, 0xdf, 0x59, 0xf4,
60 0xf2, 0x59, 0x7d, 0xea, 0xe0, 0x0f, 0x06,
61 0x42, 0xd8, 0xb1, 0x9b, 0x62, 0xf9, 0x81,
62 0x05, 0xd7, 0xd5, 0x74, 0x7c, 0x39, 0x3b,
63 0x6d, 0x57, 0xb7, 0xe9, 0x51, 0x0d, 0xb6,
64 0xe5, 0x03, 0xf7, 0xf3, 0xac, 0x1b, 0x66,
65 0x96, 0xb3, 0xf8, 0xa1, 0xe1, 0xc7, 0x9c,
66 0xc7, 0x52, 0x19, 0x2a, 0x90, 0xe6, 0x1d,
67 0xba, 0xf5, 0x15, 0xcb, 0x8b, 0x52, 0x88,
68 0xcd, 0xf5, 0x50, 0x33, 0x04, 0xb8, 0x2f,
69 0x2c, 0x01, 0x57, 0x82, 0x7c, 0x8a, 0xf0,
70 0xa3, 0x73, 0x7e, 0x0c, 0x2d, 0x69, 0xd4,
71 0x17, 0xf6, 0xd0, 0x6a, 0x32, 0x95, 0x6a,
72 0x69, 0x40, 0xb0, 0x55, 0x4f, 0xf0, 0x1d,
73 0xae, 0x3d, 0x5f, 0x01, 0x92, 0x14, 0x3a,
74 0x73, 0x69, 0x5a, 0x8e, 0xea, 0x22, 0x52,
75 0x44, 0xc2, 0xb8, 0x66, 0x1e, 0x26, 0x1a,
76 0x5d, 0x8f, 0x46, 0x6b, 0x8d, 0x3c, 0x71,
77 0xcf, 0x1d, 0x72, 0x8d, 0x2f, 0x03, 0x54,
78 0xdb, 0xe9, 0x82, 0x60, 0xe5, 0xf6, 0x40,
79 0x4b, 0x6b, 0xae, 0x0a, 0xb2, 0x30, 0xba,
80 0x1c, 0x45, 0x7e, 0x3f, 0xfd, 0xf7, 0xdc,
81 0xa6, 0xbb, 0x98, 0xc4, 0xca, 0xfc, 0x66,
82 0xf3, 0x48, 0x47, 0xbf, 0xdb, 0xd7, 0xdc,
83 0xff, 0x1d, 0xeb, 0xa0, 0x4e, 0xb6, 0xff,
84 0x75, 0xdc, 0x0c, 0x1d, 0x93, 0x9e, 0xd5,
85 0xb3, 0x68, 0xe7, 0x07, 0x29, 0x91, 0xf1,
86 0xae, 0xfc, 0x7e, 0x3a, 0xea, 0xec, 0x40,
87 0xfc, 0x70, 0x7f, 0xf3, 0x36, 0x81, 0xec,
88 0x97, 0xa7, 0x0d, 0x71, 0x2c, 0x5c, 0x4f,
89 0xd9, 0x00, 0xcf, 0x62, 0x56, 0xfb, 0x09,
90 0x2d, 0x1b, 0x04, 0x3c, 0x00, 0xc8, 0x17,
91 0xd7, 0x7d, 0x16, 0x20, 0x1e, 0x62, 0x9b,
92 0xf4, 0x4f, 0xee, 0xa4, 0xbf, 0x0b, 0xde,
93 0x51, 0x7c, 0x01, 0x76, 0x79, 0x73, 0x7d,
94 0x7b, 0xec, 0xee, 0x14, 0xec, 0x83, 0xc3,
95 0xb4, 0x42, 0x66, 0x19, 0x52, 0x19, 0x04,
96 0x02, 0x71, 0x61, 0x5c, 0x78, 0xee, 0x5f,
97 0x58, 0x1e, 0x5b, 0x2d, 0xf3, 0x0c, 0x6e,
98 0x00, 0x0f, 0xd8, 0xf0, 0x86, 0xa1, 0x11,
99 0xfd, 0x04, 0x07, 0xa6, 0xf7, 0x31, 0xb9,
100 0xf6, 0x76, 0xfc, 0xea, 0xf0, 0x16, 0x98,
101 0x37, 0x48, 0x1b, 0x0c, 0x32, 0x3f, 0x7e,
102 0xfa, 0x02, 0x04, 0x2a, 0x48, 0x70, 0xb4,
103 0xe3, 0xe0, 0xc1, 0x7f, 0x65, 0x70, 0xd0,
104 0x71, 0x74, 0x86, 0xb7, 0x5d, 0xd4, 0x84,
105 0xd5, 0x9d, 0x77, 0xf6, 0x72, 0x82, 0x4b,
106 0x98, 0x8b, 0x49, 0x3a, 0x0b, 0x1e, 0x94,
107 0x42, 0xf7, 0x0b, 0x3f, 0xec, 0xc2, 0x2b,
108 0x7f, 0x55, 0xe2, 0x94, 0x48, 0xac, 0x04,
109 0xb9, 0xb2, 0xb6, 0xca, 0xb4, 0x09, 0xe3,
110 0xba, 0x6a, 0x55, 0x28, 0xf7, 0x8a, 0x73,
111 0x4d, 0x21, 0xe1, 0xf4, 0xcd, 0x22, 0x15,
112 0x9c, 0xe6, 0xcc, 0x1d, 0x9f, 0x81, 0x88,
113 0x4c, 0x5a, 0x17, 0x9f, 0xe5, 0x8c, 0x85,
114 0xf1, 0xa3, 0xcf, 0x6c, 0xa1, 0xbf, 0x5e,
115 0x02, 0x61, 0xa8, 0x67, 0x6f, 0xb8, 0x20,
116 0x1a, 0x4e, 0xf2, 0x05, 0xd7, 0xb4, 0x4b,
117 0x3e, 0xca, 0x87, 0x49, 0x10, 0x16, 0xcc,
118 0xc9, 0xe0, 0x1c, 0xc1, 0x83, 0xc7, 0xa0,
119 0x54, 0x3d, 0x36, 0x17, 0x84, 0xc3, 0x84,
120 0x2e, 0x5a, 0xe0, 0x75, 0x45, 0x01, 0xe6,
121 0xf0, 0x3d, 0xf9, 0x33, 0x0a, 0xd9, 0x1e,
122 0x66, 0x99, 0xb4, 0x21, 0xed, 0x6e, 0xda,
123 0x6f, 0x37, 0x33, 0xdd, 0x8f, 0x25, 0x35,
124 0x5e, 0x6c, 0x1e, 0x33, 0xc2, 0x41, 0x3f,
125 0x58, 0x40, 0xbb, 0xe7, 0x2b, 0x54, 0xdb,
126 0xd8, 0xcf, 0x3a, 0xba, 0x0c, 0xf1, 0x19,
127 0xec, 0x9d, 0x50, 0xf6, 0x63, 0x22, 0x55,
128 0x5e, 0x79, 0xd1, 0x3f, 0x46, 0x0f, 0xf3,
129 0x7f
130 };
131
132 /* prime - 3072 bits */
133 static uint8 diffie_hellman_prime_3072[] = { 0x00,
134 0xd5, 0x6e, 0xc8, 0x1f, 0xe9, 0x80, 0x9e,
135 0x56, 0x35, 0x6d, 0x6d, 0xdb, 0xfa, 0x47,
136 0x75, 0xcd, 0xfa, 0x32, 0x52, 0x1a, 0xc8,
137 0xad, 0xee, 0xb0, 0xdb, 0xb7, 0x07, 0x58,
138 0xa6, 0x42, 0xfe, 0x59, 0xfb, 0xce, 0xe8,
139 0x12, 0x63, 0x09, 0x9f, 0x5d, 0x15, 0x25,
140 0x49, 0xf2, 0x61, 0x83, 0xd8, 0x5c, 0x81,
141 0xdd, 0x4c, 0x26, 0xe6, 0x24, 0xce, 0x6a,
142 0xa5, 0x07, 0x80, 0x1c, 0x3d, 0x94, 0xd1,
143 0x5d, 0x73, 0xbd, 0x26, 0x48, 0x22, 0x25,
144 0xdd, 0x2f, 0x64, 0xe5, 0xed, 0xb3, 0xa9,
145 0x94, 0xb3, 0x96, 0x88, 0x5d, 0x06, 0x41,
146 0x80, 0xf8, 0xe1, 0x3c, 0x8f, 0xa9, 0x5b,
147 0x44, 0x7e, 0x32, 0xbd, 0x62, 0x37, 0xe1,
148 0xde, 0x18, 0xe8, 0x12, 0x7d, 0x28, 0x7d,
149 0x5c, 0xcf, 0xa9, 0x16, 0x0f, 0xdc, 0xc1,
150 0x92, 0xe0, 0x43, 0xac, 0xd0, 0x25, 0x37,
151 0x8e, 0x5d, 0x4d, 0x26, 0x46, 0xbc, 0xc5,
152 0x22, 0x05, 0x29, 0x41, 0x53, 0x2f, 0x7a,
153 0x95, 0xa8, 0x36, 0xed, 0x85, 0xac, 0xf3,
154 0xde, 0x0c, 0xbe, 0xa9, 0xfa, 0xc4, 0xa6,
155 0x0b, 0x23, 0xfc, 0x7c, 0x77, 0xdc, 0x7c,
156 0x94, 0x9b, 0x7c, 0xe0, 0x3b, 0xa1, 0x66,
157 0x78, 0x85, 0x99, 0x5a, 0xba, 0x26, 0xa3,
158 0xac, 0x97, 0xd4, 0x3a, 0x33, 0xee, 0xa3,
159 0x96, 0xe0, 0x16, 0xdf, 0x61, 0xe7, 0x1f,
160 0x35, 0xa5, 0x47, 0x54, 0x51, 0xce, 0x93,
161 0x40, 0x6f, 0x40, 0x86, 0x3b, 0x17, 0x12,
162 0xd3, 0x4d, 0x2e, 0xb3, 0x04, 0xf8, 0x8b,
163 0x30, 0xb1, 0x27, 0xd7, 0xeb, 0xde, 0xd7,
164 0xa9, 0x06, 0xfe, 0x6b, 0x59, 0x8c, 0x5d,
165 0x9f, 0x93, 0x1f, 0x12, 0x65, 0xe6, 0xa6,
166 0xeb, 0x5d, 0x4b, 0x9a, 0x16, 0x85, 0xce,
167 0x18, 0x16, 0x5a, 0x5c, 0x3c, 0xeb, 0xc0,
168 0xe1, 0x58, 0x64, 0x06, 0x38, 0x1c, 0x66,
169 0x90, 0x4a, 0x30, 0xbe, 0x82, 0xe9, 0x9b,
170 0x40, 0x2e, 0x6a, 0x91, 0x4f, 0x48, 0xc2,
171 0x82, 0x40, 0xe9, 0xcd, 0x87, 0x77, 0x24,
172 0xa7, 0xdc, 0x26, 0x05, 0x18, 0x9c, 0x8b,
173 0x0e, 0x84, 0x29, 0x57, 0x76, 0x66, 0x7d,
174 0x1e, 0x39, 0xc2, 0xf6, 0x2f, 0xbb, 0xeb,
175 0x6e, 0x58, 0x3b, 0x11, 0x70, 0x75, 0xdb,
176 0xe9, 0xf8, 0xcb, 0xd4, 0x4c, 0x84, 0xb3,
177 0xcb, 0x66, 0x81, 0x4e, 0x93, 0xd9, 0x2f,
178 0xc5, 0x60, 0x53, 0x69, 0x6e, 0xf3, 0x8e,
179 0xa5, 0x6a, 0xa0, 0x96, 0xae, 0x31, 0xb6,
180 0x12, 0x91, 0x0e, 0xc4, 0xc9, 0xd0, 0x50,
181 0xf7, 0xbc, 0xe7, 0x78, 0xc9, 0x97, 0x02,
182 0x26, 0x6a, 0xe3, 0x9a, 0x16, 0x63, 0xa2,
183 0x5e, 0x1d, 0x4e, 0x71, 0x52, 0xb4, 0x73,
184 0x31, 0x27, 0x6c, 0x46, 0xe4, 0x67, 0x02,
185 0xde, 0x34, 0x7e, 0x24, 0x3b, 0xb9, 0xfe,
186 0x08, 0x7e, 0xe9, 0x0a, 0xdc, 0xe7, 0xc2,
187 0xa6, 0xa6, 0xb3, 0x7d, 0xe0, 0xa2, 0xe7,
188 0x6d, 0x2e, 0x33, 0xed, 0x47, 0xf7
189 };
190
191 /* prime - 2048 bits */
192 static uint8 diffie_hellman_prime_2048[] = { 0x00,
193 0xf0, 0x49, 0x65, 0x6d, 0x24, 0x61, 0xe6,
194 0x86, 0x8e, 0x57, 0x2b, 0x9b, 0x1c, 0x53,
195 0x2e, 0xef, 0xd2, 0x6e, 0xe5, 0x6c, 0xc4,
196 0x0c, 0x77, 0x1d, 0xce, 0xc7, 0xe0, 0x92,
197 0x78, 0x8b, 0x2b, 0x80, 0x9f, 0xc4, 0x59,
198 0xb5, 0x2e, 0xeb, 0x81, 0x8b, 0xfa, 0x08,
199 0x9f, 0x02, 0x5e, 0x94, 0x85, 0xab, 0xab,
200 0x08, 0x8a, 0x71, 0xb5, 0x0c, 0x26, 0x63,
201 0x2f, 0x34, 0x10, 0xdf, 0x32, 0x9a, 0xa1,
202 0xd5, 0xb5, 0xd7, 0xa1, 0x46, 0x24, 0x9a,
203 0xe3, 0x2a, 0xf1, 0x3a, 0x52, 0xc4, 0xa4,
204 0xe6, 0xa2, 0x29, 0x5e, 0x49, 0x0e, 0x2a,
205 0x4d, 0xad, 0xcd, 0x92, 0xb6, 0xa5, 0x25,
206 0xe5, 0x09, 0xae, 0x76, 0xe4, 0x19, 0xec,
207 0x29, 0x9b, 0x9b, 0xdb, 0x0c, 0xc8, 0x28,
208 0x1c, 0x49, 0x11, 0x45, 0x30, 0x51, 0x73,
209 0x31, 0x18, 0x9e, 0xa5, 0x89, 0x7d, 0x17,
210 0x22, 0xd5, 0x49, 0xaf, 0xf6, 0xe5, 0x00,
211 0x55, 0x7f, 0x2b, 0x33, 0x2d, 0x2f, 0x89,
212 0x73, 0x0b, 0x4d, 0x44, 0x72, 0xb1, 0x2e,
213 0xa3, 0x68, 0xbe, 0x52, 0x4e, 0x5a, 0x66,
214 0x36, 0xf9, 0x2c, 0xe7, 0xce, 0x92, 0x4d,
215 0x0c, 0xa3, 0xc7, 0x85, 0x7e, 0xe6, 0x97,
216 0x02, 0x8b, 0x0c, 0xcb, 0xf3, 0x6f, 0x2e,
217 0x04, 0xed, 0x6e, 0x75, 0xcf, 0xd1, 0xd4,
218 0x9f, 0xd3, 0x44, 0x3e, 0x5f, 0x81, 0xaa,
219 0xc1, 0xb8, 0xe2, 0xab, 0xed, 0x3b, 0xfc,
220 0xeb, 0x47, 0x48, 0xee, 0xe5, 0xfd, 0xc2,
221 0x79, 0x7a, 0x01, 0xe9, 0xab, 0xc6, 0x34,
222 0x65, 0x6a, 0x0a, 0x6c, 0xe8, 0x89, 0xa6,
223 0x96, 0xd2, 0x1e, 0xe5, 0xbe, 0x58, 0xf2,
224 0xcf, 0x17, 0xb8, 0x75, 0x43, 0xec, 0x0b,
225 0xb2, 0x91, 0x50, 0x93, 0x4c, 0xd2, 0xa3,
226 0xa4, 0x8a, 0x67, 0x23, 0x7f, 0x86, 0xac,
227 0xe3, 0x56, 0x9b, 0x18, 0x03, 0x03, 0x70,
228 0x50, 0x7b, 0x1a, 0x02, 0x22, 0x0b, 0x93,
229 0xc8, 0x9b, 0xa8, 0x8f
230 };
231
232 /* Holds the prime to be used in DH authentication.
233 * Initialy the GNUTLS_MPIs are not calculated (must call global_init, or _gnutls_dh_calc_mpis()).
234 */
235 _GNUTLS_DH_PARAMS _gnutls_dh_default_params[] = {
236 {768, NULL, NULL, {DH_G_1024, sizeof(DH_G_1024)}
237 , {diffie_hellman_prime_1024, sizeof diffie_hellman_prime_1024}
238 , 0}
239 ,
240 {1024, NULL, NULL, {DH_G_1024, sizeof(DH_G_1024)}
241 , {diffie_hellman_prime_1024, sizeof diffie_hellman_prime_1024}
242 , 0}
243 ,
244 {2048, NULL, NULL, {DH_G_2048, sizeof(DH_G_2048)}
245 , {diffie_hellman_prime_2048, sizeof diffie_hellman_prime_2048}
246 , 0}
247 ,
248 {3072, NULL, NULL, {DH_G_3072, sizeof(DH_G_3072)}
249 , {diffie_hellman_prime_3072, sizeof diffie_hellman_prime_3072}
250 , 0}
251 ,
252 {4096, NULL, NULL, {DH_G_4096, sizeof(DH_G_4096)}
253 , {diffie_hellman_prime_4096, sizeof diffie_hellman_prime_4096}
254 , 0}
255 ,
256 {0, NULL, NULL, {NULL, 0}
257 , {NULL, 0}
258 , 0}
259 };
260
261 const
262 static _GNUTLS_DH_PARAMS _gnutls_dh_copy_params[] = {
263 {768, NULL, NULL, {DH_G_1024, sizeof(DH_G_1024)}
264 , {diffie_hellman_prime_1024, sizeof diffie_hellman_prime_1024}
265 , 0}
266 ,
267 {1024, NULL, NULL, {DH_G_1024, sizeof(DH_G_1024)}
268 , {diffie_hellman_prime_1024, sizeof diffie_hellman_prime_1024}
269 , 0}
270 ,
271 {2048, NULL, NULL, {DH_G_2048, sizeof(DH_G_2048)}
272 , {diffie_hellman_prime_2048, sizeof diffie_hellman_prime_2048}
273 , 0}
274 ,
275 {3072, NULL, NULL, {DH_G_3072, sizeof(DH_G_3072)}
276 , {diffie_hellman_prime_3072, sizeof diffie_hellman_prime_3072}
277 , 0}
278 ,
279 {4096, NULL, NULL, {DH_G_4096, sizeof(DH_G_4096)}
280 , {diffie_hellman_prime_4096, sizeof diffie_hellman_prime_4096}
281 , 0}
282 ,
283 {0, NULL, NULL, {NULL, 0}
284 , {NULL, 0}
285 , 0}
286 };
287
288 /* This function takes a number of bits and returns a supported
289 * number of bits. Ie a number of bits that we have a prime in the
290 * dh_primes structure.
291 */
292 static int supported_bits[] = { 768, 1024, 2048, 3072, 4096, 0 };
293 static int normalize_bits(int bits)
294 {
295 if (bits >= 4096)
296 bits = 4096;
297 else if (bits <= 768)
298 bits = 768;
299 else if (bits <= 1024)
300 bits = 1024;
301 else if (bits <= 2048)
302 bits = 2048;
303 else if (bits <= 3072)
304 bits = 3072;
305 else if (bits <= 4096)
306 bits = 4096;
307
308 return bits;
309 }
310
311 /* Clears allocated GNUTLS_MPIs and data. Only to be called at exit.
312 */
313 void _gnutls_dh_clear_mpis(void)
314 {
315 int i;
316
317 if (_gnutls_dh_default_params == NULL)
318 return;
319
320 i = 0;
321 do {
322 _gnutls_mpi_release(&_gnutls_dh_default_params[i]._prime);
323 _gnutls_mpi_release(&_gnutls_dh_default_params[i].
324 _generator);
325 if (_gnutls_dh_default_params[i].local != 0) {
326 gnutls_free(_gnutls_dh_default_params[i].prime.
327 data);
328 gnutls_free(_gnutls_dh_default_params[i].generator.
329 data);
330 }
331 i++;
332 } while (_gnutls_dh_default_params[i].bits != 0);
333
334 }
335
336 /* Generates GNUTLS_MPIs from opaque integer data. Initializes the dh_primes to
337 * be used.
338 */
339 int _gnutls_dh_calc_mpis(void)
340 {
341 int i;
342 size_t n;
343
344 if (_gnutls_dh_default_params == NULL) {
345 gnutls_assert();
346 return GNUTLS_E_INVALID_REQUEST;
347 }
348
349 i = 0;
350 do {
351 n = _gnutls_dh_default_params[i].prime.size;
352 _gnutls_mpi_release(&_gnutls_dh_default_params[i]._prime);
353
354 if (_gnutls_mpi_scan
355 (&_gnutls_dh_default_params[i]._prime,
356 _gnutls_dh_default_params[i].prime.data, &n)
357 || _gnutls_dh_default_params[i]._prime == NULL) {
358 gnutls_assert();
359 return GNUTLS_E_MPI_SCAN_FAILED;
360 }
361
362
363 n = _gnutls_dh_default_params[i].generator.size;
364 _gnutls_mpi_release(&_gnutls_dh_default_params[i].
365 _generator);
366
367 if (_gnutls_mpi_scan
368 (&_gnutls_dh_default_params[i]._generator,
369 _gnutls_dh_default_params[i].generator.data, &n)
370 || _gnutls_dh_default_params[i]._generator == NULL) {
371 gnutls_assert();
372 return GNUTLS_E_MPI_SCAN_FAILED;
373 }
374
375 i++;
376 } while (_gnutls_dh_default_params[i].bits != 0);
377
378 return 0;
379 }
380
381 /* returns g and p, depends on the requested bits.
382 * We only support limited key sizes.
383 */
384 GNUTLS_MPI gnutls_get_dh_params(GNUTLS_DH_PARAMS dh_primes,
385 GNUTLS_MPI * ret_p, int bits)
386 {
387 GNUTLS_MPI g = NULL, prime = NULL;
388 int i;
389
390 if (dh_primes == NULL) {
391 gnutls_assert();
392 return NULL;
393 }
394
395 bits = normalize_bits(bits);
396
397 i = 0;
398 do {
399 if (dh_primes[i].bits == bits) {
400 prime = _gnutls_mpi_copy(dh_primes[i]._prime);
401 g = _gnutls_mpi_copy(dh_primes[i]._generator);
402 break;
403 }
404 i++;
405 } while (dh_primes[i].bits != 0);
406
407 if (prime == NULL || g == NULL) { /* if not prime was found */
408 gnutls_assert();
409 _gnutls_mpi_release(&g);
410 _gnutls_mpi_release(&prime);
411 *ret_p = NULL;
412 return NULL;
413 }
414
415 if (ret_p)
416 *ret_p = prime;
417 return g;
418 }
419
420 /* returns g and p, depends on the requested bits.
421 * We only support limited key sizes.
422 */
423 GNUTLS_MPI _gnutls_get_rnd_srp_params(GNUTLS_MPI * ret_p, int bits)
424 {
425 GNUTLS_MPI g = NULL, prime = NULL;
426 int i;
427
428 if (_gnutls_dh_default_params == NULL) {
429 gnutls_assert();
430 return NULL;
431 }
432
433 bits = normalize_bits(bits);
434
435 i = 0;
436 do {
437 if (_gnutls_dh_default_params[i].bits == bits) {
438 prime =
439 _gnutls_mpi_copy(_gnutls_dh_default_params[i].
440 _prime);
441 g = _gnutls_mpi_copy(_gnutls_dh_default_params[i].
442 _generator);
443 break;
444 }
445 i++;
446 } while (_gnutls_dh_default_params[i].bits != 0);
447
448 if (prime == NULL || g == NULL) { /* if not prime was found */
449 gnutls_assert();
450 _gnutls_mpi_release(&g);
451 _gnutls_mpi_release(&prime);
452 *ret_p = NULL;
453 return NULL;
454 }
455
456 if (ret_p)
457 *ret_p = prime;
458 return g;
459 }
460
461 /* These should be added in gcrypt.h */
462 GNUTLS_MPI _gcry_generate_elg_prime(int mode, unsigned pbits,
463 unsigned qbits, GNUTLS_MPI g,
464 GNUTLS_MPI ** ret_factors);
465
466 int _gnutls_dh_generate_prime(GNUTLS_MPI * ret_g, GNUTLS_MPI * ret_n,
467 int bits)
468 {
469
470 GNUTLS_MPI g, prime;
471 int qbits;
472
473 g = mpi_new(16); /* this should be ok */
474 if (g == NULL) {
475 gnutls_assert();
476 return GNUTLS_E_MEMORY_ERROR;
477 }
478
479 /* generate a random prime */
480 /* this is an emulation of Michael Wiener's table
481 * bad emulation.
482 */
483 qbits = 120 + (((bits / 256) - 1) * 20);
484 if (qbits & 1) /* better have a even one */
485 qbits++;
486
487 prime = _gcry_generate_elg_prime(0, bits, qbits, g, NULL);
488 if (prime == NULL || g == NULL) {
489 _gnutls_mpi_release(&g);
490 _gnutls_mpi_release(&prime);
491 gnutls_assert();
492 return GNUTLS_E_MEMORY_ERROR;
493 }
494
495 if (ret_g)
496 *ret_g = g;
497 if (ret_n)
498 *ret_n = prime;
499
500 return 0;
501
502 }
503
504 /* returns a negative value if the bits is not supported
505 */
506 static int check_bits(int bits)
507 {
508 int i = 0;
509 do {
510 if (supported_bits[i] == bits)
511 return 0;
512 i++;
513 } while (supported_bits[i] != 0);
514
515 gnutls_assert();
516 return GNUTLS_E_INVALID_PARAMETERS;
517 }
518
519 /* Replaces the prime in the static DH parameters, with a randomly
520 * generated one.
521 */
522 /**
523 * gnutls_dh_params_set - This function will replace the old DH parameters
524 * @dh_params: Is a structure will hold the prime numbers
525 * @prime: holds the new prime
526 * @generator: holds the new generator
527 * @bits: is the prime's number of bits
528 *
529 * This function will replace the pair of prime and generator for use in
530 * the Diffie-Hellman key exchange. The new parameters should be stored in the
531 * appropriate gnutls_datum.
532 *
533 * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096.
534 *
535 **/
536 int gnutls_dh_params_set(GNUTLS_DH_PARAMS dh_params, gnutls_datum prime,
537 gnutls_datum generator, int bits)
538 {
539 GNUTLS_MPI tmp_prime, tmp_g;
540 int i = 0;
541 GNUTLS_DH_PARAMS sprime=NULL;
542 size_t siz = 0;
543
544 if (check_bits(bits) < 0) {
545 gnutls_assert();
546 return GNUTLS_E_INVALID_PARAMETERS;
547 }
548
549 i = 0;
550 do {
551 if (dh_params[i].bits == bits) {
552 sprime = &dh_params[i];
553 break;
554 }
555 } while (dh_params[++i].bits != 0);
556 /* sprime is not null, because of the check_bits()
557 * above.
558 */
559
560 siz = prime.size;
561 if (_gnutls_mpi_scan(&tmp_prime, prime.data, &siz)) {
562 gnutls_assert();
563 return GNUTLS_E_MPI_SCAN_FAILED;
564 }
565
566 siz = generator.size;
567 if (_gnutls_mpi_scan(&tmp_g, generator.data, &siz)) {
568 _gnutls_mpi_release(&tmp_prime);
569 gnutls_assert();
570 return GNUTLS_E_MPI_SCAN_FAILED;
571 }
572
573 /* copy the generated values to the structure
574 */
575 if (sprime->local != 0) {
576 gnutls_free(sprime->prime.data);
577 _gnutls_mpi_release(&sprime->_prime);
578 gnutls_free(sprime->generator.data);
579 _gnutls_mpi_release(&sprime->_generator);
580 }
581 sprime->local = 1;
582 sprime->_prime = tmp_prime;
583 sprime->_generator = tmp_g;
584
585 /* sprime->_prime = _gnutls_mpi_copy(tmp_prime);
586 sprime->_generator = _gnutls_mpi_copy(tmp_g);
587 */
588 if (gnutls_set_datum(&sprime->prime, prime.data, prime.size) < 0) {
589 gnutls_assert();
590 return GNUTLS_E_MEMORY_ERROR;
591 }
592 if (gnutls_set_datum
593 (&sprime->prime, generator.data, generator.size) < 0) {
594 gnutls_assert();
595 return GNUTLS_E_MEMORY_ERROR;
596 }
597
598 return 0;
599
600 }
601
602 /**
603 * gnutls_dh_params_init - This function will initialize the DH parameters
604 * @dh_params: Is a structure that will hold the prime numbers
605 *
606 * This function will initialize the DH parameters structure.
607 *
608 **/
609 int gnutls_dh_params_init(GNUTLS_DH_PARAMS * dh_params)
610 {
611
612 (*dh_params) = gnutls_calloc(1, sizeof(_gnutls_dh_copy_params));
613 if (*dh_params == NULL) {
614 gnutls_assert();
615 return GNUTLS_E_MEMORY_ERROR;
616 }
617
618 memcpy((*dh_params), _gnutls_dh_copy_params,
619 sizeof(_gnutls_dh_copy_params));
620
621 return 0;
622
623 }
624
625 /**
626 * gnutls_dh_params_deinit - This function will initialize the DH parameters
627 * @dh_params: Is a structure that will hold the prime numbers
628 *
629 * This function will initialize the DH parameters structure.
630 *
631 **/
632 void gnutls_dh_params_deinit(GNUTLS_DH_PARAMS dh_params)
633 {
634 int i;
635 if (dh_params == NULL)
636 return;
637
638 i = 0;
639 do {
640 _gnutls_mpi_release(&dh_params[i]._prime);
641 _gnutls_mpi_release(&dh_params[i]._generator);
642 if (dh_params[i].local != 0) {
643 gnutls_free(dh_params[i].prime.data);
644 gnutls_free(dh_params[i].generator.data);
645 }
646 i++;
647 } while (dh_params[i].bits != 0);
648
649 gnutls_free(dh_params);
650
651 }
652
653 /* Generates a prime number and a generator, and returns 2 gnutls_datums that contain these
654 * numbers.
655 */
656 /**
657 * gnutls_dh_params_generate - This function will generate new DH parameters
658 * @prime: will hold the new prime
659 * @generator: will hold the new generator
660 * @bits: is the prime's number of bits
661 *
662 * This function will generate a new pair of prime and generator for use in
663 * the Diffie-Hellman key exchange. The new parameters will be allocated using
664 * malloc and will be stored in the appropriate datum.
665 * This function is normally very slow. An other function
666 * (gnutls_dh_replace_params()) should be called in order to replace the
667 * included DH primes in the gnutls library.
668 *
669 * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096.
670 * Also note that the generation of new DH parameters is only usefull
671 * to servers. Clients use the parameters sent by the server, thus it's
672 * no use calling this in client side.
673 *
674 **/
675 int gnutls_dh_params_generate(gnutls_datum * prime,
676 gnutls_datum * generator, int bits)
677 {
678
679 GNUTLS_MPI tmp_prime, tmp_g;
680 size_t siz;
681
682 if (check_bits(bits) < 0) {
683 gnutls_assert();
684 return GNUTLS_E_INVALID_PARAMETERS;
685 }
686
687 if (_gnutls_dh_generate_prime(&tmp_g, &tmp_prime, bits) < 0) {
688 gnutls_assert();
689 return GNUTLS_E_MEMORY_ERROR;
690 }
691
692 siz = 0;
693 _gnutls_mpi_print(NULL, &siz, tmp_g);
694
695 generator->data = malloc(siz);
696 if (generator->data == NULL) {
697 _gnutls_mpi_release(&tmp_g);
698 _gnutls_mpi_release(&tmp_prime);
699 return GNUTLS_E_MEMORY_ERROR;
700 }
701
702 generator->size = siz;
703 _gnutls_mpi_print(generator->data, &siz, tmp_g);
704
705
706 siz = 0;
707 _gnutls_mpi_print(NULL, &siz, tmp_prime);
708
709 prime->data = malloc(siz);
710 if (prime->data == NULL) {
711 gnutls_free(generator->data);
712 _gnutls_mpi_release(&tmp_g);
713 _gnutls_mpi_release(&tmp_prime);
714 return GNUTLS_E_MEMORY_ERROR;
715 }
716 prime->size = siz;
717 _gnutls_mpi_print(prime->data, &siz, tmp_prime);
718
719 _gnutls_log("Generated %d bits prime %s, generator %s.\n",
720 bits, _gnutls_bin2hex(prime->data, prime->size),
721 _gnutls_bin2hex(generator->data, generator->size));
722
723 return 0;
724
725 }
Implementation of the SSL/TLS protocol