1 /* ====================================================================
2 * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * licensing@OpenSSL.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com). */
52
53 #include <openssl/dh.h>
54
55 #include <openssl/bn.h>
56 #include <openssl/err.h>
57 #include <openssl/mem.h>
58
59 #include "../fipsmodule/bn/internal.h"
60 #include "../fipsmodule/dh/internal.h"
61
62
get_params(BIGNUM * ret,const BN_ULONG * words,size_t num_words)63 static BIGNUM *get_params(BIGNUM *ret, const BN_ULONG *words, size_t num_words) {
64 BIGNUM *alloc = NULL;
65 if (ret == NULL) {
66 alloc = BN_new();
67 if (alloc == NULL) {
68 return NULL;
69 }
70 ret = alloc;
71 }
72
73 if (!bn_set_words(ret, words, num_words)) {
74 BN_free(alloc);
75 return NULL;
76 }
77
78 return ret;
79 }
80
BN_get_rfc3526_prime_1536(BIGNUM * ret)81 BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *ret) {
82 static const BN_ULONG kWords[] = {
83 TOBN(0xffffffff, 0xffffffff), TOBN(0xf1746c08, 0xca237327),
84 TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
85 TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
86 TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
87 TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
88 TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
89 TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
90 TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
91 TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
92 TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
93 TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
94 TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
95 };
96 return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
97 }
98
BN_get_rfc3526_prime_2048(BIGNUM * ret)99 BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *ret) {
100 static const BN_ULONG kWords[] = {
101 TOBN(0xffffffff, 0xffffffff), TOBN(0x15728e5a, 0x8aacaa68),
102 TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
103 TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
104 TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
105 TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
106 TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
107 TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
108 TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
109 TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
110 TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
111 TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
112 TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
113 TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
114 TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
115 TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
116 TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
117 };
118 return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
119 }
120
BN_get_rfc3526_prime_3072(BIGNUM * ret)121 BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *ret) {
122 static const BN_ULONG kWords[] = {
123 TOBN(0xffffffff, 0xffffffff), TOBN(0x4b82d120, 0xa93ad2ca),
124 TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31),
125 TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c),
126 TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64),
127 TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b),
128 TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7),
129 TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d),
130 TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64),
131 TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d),
132 TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
133 TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
134 TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
135 TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
136 TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
137 TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
138 TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
139 TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
140 TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
141 TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
142 TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
143 TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
144 TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
145 TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
146 TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
147 };
148 return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
149 }
150
BN_get_rfc3526_prime_4096(BIGNUM * ret)151 BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *ret) {
152 static const BN_ULONG kWords[] = {
153 TOBN(0xffffffff, 0xffffffff), TOBN(0x4df435c9, 0x34063199),
154 TOBN(0x86ffb7dc, 0x90a6c08f), TOBN(0x93b4ea98, 0x8d8fddc1),
155 TOBN(0xd0069127, 0xd5b05aa9), TOBN(0xb81bdd76, 0x2170481c),
156 TOBN(0x1f612970, 0xcee2d7af), TOBN(0x233ba186, 0x515be7ed),
157 TOBN(0x99b2964f, 0xa090c3a2), TOBN(0x287c5947, 0x4e6bc05d),
158 TOBN(0x2e8efc14, 0x1fbecaa6), TOBN(0xdbbbc2db, 0x04de8ef9),
159 TOBN(0x2583e9ca, 0x2ad44ce8), TOBN(0x1a946834, 0xb6150bda),
160 TOBN(0x99c32718, 0x6af4e23c), TOBN(0x88719a10, 0xbdba5b26),
161 TOBN(0x1a723c12, 0xa787e6d7), TOBN(0x4b82d120, 0xa9210801),
162 TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31),
163 TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c),
164 TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64),
165 TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b),
166 TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7),
167 TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d),
168 TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64),
169 TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d),
170 TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
171 TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
172 TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
173 TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
174 TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
175 TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
176 TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
177 TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
178 TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
179 TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
180 TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
181 TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
182 TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
183 TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
184 TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
185 };
186 return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
187 }
188
BN_get_rfc3526_prime_6144(BIGNUM * ret)189 BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *ret) {
190 static const BN_ULONG kWords[] = {
191 TOBN(0xffffffff, 0xffffffff), TOBN(0xe694f91e, 0x6dcc4024),
192 TOBN(0x12bf2d5b, 0x0b7474d6), TOBN(0x043e8f66, 0x3f4860ee),
193 TOBN(0x387fe8d7, 0x6e3c0468), TOBN(0xda56c9ec, 0x2ef29632),
194 TOBN(0xeb19ccb1, 0xa313d55c), TOBN(0xf550aa3d, 0x8a1fbff0),
195 TOBN(0x06a1d58b, 0xb7c5da76), TOBN(0xa79715ee, 0xf29be328),
196 TOBN(0x14cc5ed2, 0x0f8037e0), TOBN(0xcc8f6d7e, 0xbf48e1d8),
197 TOBN(0x4bd407b2, 0x2b4154aa), TOBN(0x0f1d45b7, 0xff585ac5),
198 TOBN(0x23a97a7e, 0x36cc88be), TOBN(0x59e7c97f, 0xbec7e8f3),
199 TOBN(0xb5a84031, 0x900b1c9e), TOBN(0xd55e702f, 0x46980c82),
200 TOBN(0xf482d7ce, 0x6e74fef6), TOBN(0xf032ea15, 0xd1721d03),
201 TOBN(0x5983ca01, 0xc64b92ec), TOBN(0x6fb8f401, 0x378cd2bf),
202 TOBN(0x33205151, 0x2bd7af42), TOBN(0xdb7f1447, 0xe6cc254b),
203 TOBN(0x44ce6cba, 0xced4bb1b), TOBN(0xda3edbeb, 0xcf9b14ed),
204 TOBN(0x179727b0, 0x865a8918), TOBN(0xb06a53ed, 0x9027d831),
205 TOBN(0xe5db382f, 0x413001ae), TOBN(0xf8ff9406, 0xad9e530e),
206 TOBN(0xc9751e76, 0x3dba37bd), TOBN(0xc1d4dcb2, 0x602646de),
207 TOBN(0x36c3fab4, 0xd27c7026), TOBN(0x4df435c9, 0x34028492),
208 TOBN(0x86ffb7dc, 0x90a6c08f), TOBN(0x93b4ea98, 0x8d8fddc1),
209 TOBN(0xd0069127, 0xd5b05aa9), TOBN(0xb81bdd76, 0x2170481c),
210 TOBN(0x1f612970, 0xcee2d7af), TOBN(0x233ba186, 0x515be7ed),
211 TOBN(0x99b2964f, 0xa090c3a2), TOBN(0x287c5947, 0x4e6bc05d),
212 TOBN(0x2e8efc14, 0x1fbecaa6), TOBN(0xdbbbc2db, 0x04de8ef9),
213 TOBN(0x2583e9ca, 0x2ad44ce8), TOBN(0x1a946834, 0xb6150bda),
214 TOBN(0x99c32718, 0x6af4e23c), TOBN(0x88719a10, 0xbdba5b26),
215 TOBN(0x1a723c12, 0xa787e6d7), TOBN(0x4b82d120, 0xa9210801),
216 TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31),
217 TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c),
218 TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64),
219 TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b),
220 TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7),
221 TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d),
222 TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64),
223 TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d),
224 TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
225 TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
226 TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
227 TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
228 TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
229 TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
230 TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
231 TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
232 TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
233 TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
234 TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
235 TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
236 TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
237 TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
238 TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
239 };
240 return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
241 }
242
BN_get_rfc3526_prime_8192(BIGNUM * ret)243 BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *ret) {
244 static const BN_ULONG kWords[] = {
245 TOBN(0xffffffff, 0xffffffff), TOBN(0x60c980dd, 0x98edd3df),
246 TOBN(0xc81f56e8, 0x80b96e71), TOBN(0x9e3050e2, 0x765694df),
247 TOBN(0x9558e447, 0x5677e9aa), TOBN(0xc9190da6, 0xfc026e47),
248 TOBN(0x889a002e, 0xd5ee382b), TOBN(0x4009438b, 0x481c6cd7),
249 TOBN(0x359046f4, 0xeb879f92), TOBN(0xfaf36bc3, 0x1ecfa268),
250 TOBN(0xb1d510bd, 0x7ee74d73), TOBN(0xf9ab4819, 0x5ded7ea1),
251 TOBN(0x64f31cc5, 0x0846851d), TOBN(0x4597e899, 0xa0255dc1),
252 TOBN(0xdf310ee0, 0x74ab6a36), TOBN(0x6d2a13f8, 0x3f44f82d),
253 TOBN(0x062b3cf5, 0xb3a278a6), TOBN(0x79683303, 0xed5bdd3a),
254 TOBN(0xfa9d4b7f, 0xa2c087e8), TOBN(0x4bcbc886, 0x2f8385dd),
255 TOBN(0x3473fc64, 0x6cea306b), TOBN(0x13eb57a8, 0x1a23f0c7),
256 TOBN(0x22222e04, 0xa4037c07), TOBN(0xe3fdb8be, 0xfc848ad9),
257 TOBN(0x238f16cb, 0xe39d652d), TOBN(0x3423b474, 0x2bf1c978),
258 TOBN(0x3aab639c, 0x5ae4f568), TOBN(0x2576f693, 0x6ba42466),
259 TOBN(0x741fa7bf, 0x8afc47ed), TOBN(0x3bc832b6, 0x8d9dd300),
260 TOBN(0xd8bec4d0, 0x73b931ba), TOBN(0x38777cb6, 0xa932df8c),
261 TOBN(0x74a3926f, 0x12fee5e4), TOBN(0xe694f91e, 0x6dbe1159),
262 TOBN(0x12bf2d5b, 0x0b7474d6), TOBN(0x043e8f66, 0x3f4860ee),
263 TOBN(0x387fe8d7, 0x6e3c0468), TOBN(0xda56c9ec, 0x2ef29632),
264 TOBN(0xeb19ccb1, 0xa313d55c), TOBN(0xf550aa3d, 0x8a1fbff0),
265 TOBN(0x06a1d58b, 0xb7c5da76), TOBN(0xa79715ee, 0xf29be328),
266 TOBN(0x14cc5ed2, 0x0f8037e0), TOBN(0xcc8f6d7e, 0xbf48e1d8),
267 TOBN(0x4bd407b2, 0x2b4154aa), TOBN(0x0f1d45b7, 0xff585ac5),
268 TOBN(0x23a97a7e, 0x36cc88be), TOBN(0x59e7c97f, 0xbec7e8f3),
269 TOBN(0xb5a84031, 0x900b1c9e), TOBN(0xd55e702f, 0x46980c82),
270 TOBN(0xf482d7ce, 0x6e74fef6), TOBN(0xf032ea15, 0xd1721d03),
271 TOBN(0x5983ca01, 0xc64b92ec), TOBN(0x6fb8f401, 0x378cd2bf),
272 TOBN(0x33205151, 0x2bd7af42), TOBN(0xdb7f1447, 0xe6cc254b),
273 TOBN(0x44ce6cba, 0xced4bb1b), TOBN(0xda3edbeb, 0xcf9b14ed),
274 TOBN(0x179727b0, 0x865a8918), TOBN(0xb06a53ed, 0x9027d831),
275 TOBN(0xe5db382f, 0x413001ae), TOBN(0xf8ff9406, 0xad9e530e),
276 TOBN(0xc9751e76, 0x3dba37bd), TOBN(0xc1d4dcb2, 0x602646de),
277 TOBN(0x36c3fab4, 0xd27c7026), TOBN(0x4df435c9, 0x34028492),
278 TOBN(0x86ffb7dc, 0x90a6c08f), TOBN(0x93b4ea98, 0x8d8fddc1),
279 TOBN(0xd0069127, 0xd5b05aa9), TOBN(0xb81bdd76, 0x2170481c),
280 TOBN(0x1f612970, 0xcee2d7af), TOBN(0x233ba186, 0x515be7ed),
281 TOBN(0x99b2964f, 0xa090c3a2), TOBN(0x287c5947, 0x4e6bc05d),
282 TOBN(0x2e8efc14, 0x1fbecaa6), TOBN(0xdbbbc2db, 0x04de8ef9),
283 TOBN(0x2583e9ca, 0x2ad44ce8), TOBN(0x1a946834, 0xb6150bda),
284 TOBN(0x99c32718, 0x6af4e23c), TOBN(0x88719a10, 0xbdba5b26),
285 TOBN(0x1a723c12, 0xa787e6d7), TOBN(0x4b82d120, 0xa9210801),
286 TOBN(0x43db5bfc, 0xe0fd108e), TOBN(0x08e24fa0, 0x74e5ab31),
287 TOBN(0x770988c0, 0xbad946e2), TOBN(0xbbe11757, 0x7a615d6c),
288 TOBN(0x521f2b18, 0x177b200c), TOBN(0xd8760273, 0x3ec86a64),
289 TOBN(0xf12ffa06, 0xd98a0864), TOBN(0xcee3d226, 0x1ad2ee6b),
290 TOBN(0x1e8c94e0, 0x4a25619d), TOBN(0xabf5ae8c, 0xdb0933d7),
291 TOBN(0xb3970f85, 0xa6e1e4c7), TOBN(0x8aea7157, 0x5d060c7d),
292 TOBN(0xecfb8504, 0x58dbef0a), TOBN(0xa85521ab, 0xdf1cba64),
293 TOBN(0xad33170d, 0x04507a33), TOBN(0x15728e5a, 0x8aaac42d),
294 TOBN(0x15d22618, 0x98fa0510), TOBN(0x3995497c, 0xea956ae5),
295 TOBN(0xde2bcbf6, 0x95581718), TOBN(0xb5c55df0, 0x6f4c52c9),
296 TOBN(0x9b2783a2, 0xec07a28f), TOBN(0xe39e772c, 0x180e8603),
297 TOBN(0x32905e46, 0x2e36ce3b), TOBN(0xf1746c08, 0xca18217c),
298 TOBN(0x670c354e, 0x4abc9804), TOBN(0x9ed52907, 0x7096966d),
299 TOBN(0x1c62f356, 0x208552bb), TOBN(0x83655d23, 0xdca3ad96),
300 TOBN(0x69163fa8, 0xfd24cf5f), TOBN(0x98da4836, 0x1c55d39a),
301 TOBN(0xc2007cb8, 0xa163bf05), TOBN(0x49286651, 0xece45b3d),
302 TOBN(0xae9f2411, 0x7c4b1fe6), TOBN(0xee386bfb, 0x5a899fa5),
303 TOBN(0x0bff5cb6, 0xf406b7ed), TOBN(0xf44c42e9, 0xa637ed6b),
304 TOBN(0xe485b576, 0x625e7ec6), TOBN(0x4fe1356d, 0x6d51c245),
305 TOBN(0x302b0a6d, 0xf25f1437), TOBN(0xef9519b3, 0xcd3a431b),
306 TOBN(0x514a0879, 0x8e3404dd), TOBN(0x020bbea6, 0x3b139b22),
307 TOBN(0x29024e08, 0x8a67cc74), TOBN(0xc4c6628b, 0x80dc1cd1),
308 TOBN(0xc90fdaa2, 0x2168c234), TOBN(0xffffffff, 0xffffffff),
309 };
310 return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
311 }
312
DH_generate_parameters_ex(DH * dh,int prime_bits,int generator,BN_GENCB * cb)313 int DH_generate_parameters_ex(DH *dh, int prime_bits, int generator,
314 BN_GENCB *cb) {
315 // We generate DH parameters as follows
316 // find a prime q which is prime_bits/2 bits long.
317 // p=(2*q)+1 or (p-1)/2 = q
318 // For this case, g is a generator if
319 // g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
320 // Since the factors of p-1 are q and 2, we just need to check
321 // g^2 mod p != 1 and g^q mod p != 1.
322 //
323 // Having said all that,
324 // there is another special case method for the generators 2, 3 and 5.
325 // for 2, p mod 24 == 11
326 // for 3, p mod 12 == 5 <<<<< does not work for safe primes.
327 // for 5, p mod 10 == 3 or 7
328 //
329 // Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
330 // special generators and for answering some of my questions.
331 //
332 // I've implemented the second simple method :-).
333 // Since DH should be using a safe prime (both p and q are prime),
334 // this generator function can take a very very long time to run.
335
336 // Actually there is no reason to insist that 'generator' be a generator.
337 // It's just as OK (and in some sense better) to use a generator of the
338 // order-q subgroup.
339
340 BIGNUM *t1, *t2;
341 int g, ok = 0;
342 BN_CTX *ctx = NULL;
343
344 ctx = BN_CTX_new();
345 if (ctx == NULL) {
346 goto err;
347 }
348 BN_CTX_start(ctx);
349 t1 = BN_CTX_get(ctx);
350 t2 = BN_CTX_get(ctx);
351 if (t1 == NULL || t2 == NULL) {
352 goto err;
353 }
354
355 // Make sure |dh| has the necessary elements
356 if (dh->p == NULL) {
357 dh->p = BN_new();
358 if (dh->p == NULL) {
359 goto err;
360 }
361 }
362 if (dh->g == NULL) {
363 dh->g = BN_new();
364 if (dh->g == NULL) {
365 goto err;
366 }
367 }
368
369 if (generator <= 1) {
370 OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
371 goto err;
372 }
373 if (generator == DH_GENERATOR_2) {
374 if (!BN_set_word(t1, 24)) {
375 goto err;
376 }
377 if (!BN_set_word(t2, 11)) {
378 goto err;
379 }
380 g = 2;
381 } else if (generator == DH_GENERATOR_5) {
382 if (!BN_set_word(t1, 10)) {
383 goto err;
384 }
385 if (!BN_set_word(t2, 3)) {
386 goto err;
387 }
388 // BN_set_word(t3,7); just have to miss
389 // out on these ones :-(
390 g = 5;
391 } else {
392 // in the general case, don't worry if 'generator' is a
393 // generator or not: since we are using safe primes,
394 // it will generate either an order-q or an order-2q group,
395 // which both is OK
396 if (!BN_set_word(t1, 2)) {
397 goto err;
398 }
399 if (!BN_set_word(t2, 1)) {
400 goto err;
401 }
402 g = generator;
403 }
404
405 if (!BN_generate_prime_ex(dh->p, prime_bits, 1, t1, t2, cb)) {
406 goto err;
407 }
408 if (!BN_GENCB_call(cb, 3, 0)) {
409 goto err;
410 }
411 if (!BN_set_word(dh->g, g)) {
412 goto err;
413 }
414 ok = 1;
415
416 err:
417 if (!ok) {
418 OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
419 }
420
421 if (ctx != NULL) {
422 BN_CTX_end(ctx);
423 BN_CTX_free(ctx);
424 }
425 return ok;
426 }
427
int_dh_bn_cpy(BIGNUM ** dst,const BIGNUM * src)428 static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src) {
429 BIGNUM *a = NULL;
430
431 if (src) {
432 a = BN_dup(src);
433 if (!a) {
434 return 0;
435 }
436 }
437
438 BN_free(*dst);
439 *dst = a;
440 return 1;
441 }
442
int_dh_param_copy(DH * to,const DH * from,int is_x942)443 static int int_dh_param_copy(DH *to, const DH *from, int is_x942) {
444 if (is_x942 == -1) {
445 is_x942 = !!from->q;
446 }
447 if (!int_dh_bn_cpy(&to->p, from->p) ||
448 !int_dh_bn_cpy(&to->g, from->g)) {
449 return 0;
450 }
451
452 if (!is_x942) {
453 return 1;
454 }
455
456 if (!int_dh_bn_cpy(&to->q, from->q)) {
457 return 0;
458 }
459
460 return 1;
461 }
462
DHparams_dup(const DH * dh)463 DH *DHparams_dup(const DH *dh) {
464 DH *ret = DH_new();
465 if (!ret) {
466 return NULL;
467 }
468
469 if (!int_dh_param_copy(ret, dh, -1)) {
470 DH_free(ret);
471 return NULL;
472 }
473
474 return ret;
475 }
476