diff --git a/ChangeLog b/ChangeLog index 2df4c8631..a4a2172ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,7 @@ Features * Added blowfish algorithm (Generic and cipher layer) * Added PKCS#5 PBKDF2 key derivation function * Added Secure Renegotiation (RFC 5746) + * Added predefined DHM groups from RFC 5114 Changes * Removed redundant POLARSSL_DEBUG_MSG define diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h index 0c8dd55ed..726273d01 100644 --- a/include/polarssl/dhm.h +++ b/include/polarssl/dhm.h @@ -39,6 +39,56 @@ #define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Making of the public value failed. */ #define POLARSSL_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Calculation of the DHM secret failed. */ +/** + * RFC 5114 defines a number of standardized Diffie-Hellman groups + * that can be used. Some are included here for convenience. + * + * Included are: + * 2.1. 1024-bit MODP Group with 160-bit Prime Order Subgroup + * 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup + */ +#define POLARSSL_DHM_RFC5114_MODP_1024_P \ + "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6" \ + "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0" \ + "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70" \ + "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0" \ + "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" \ + "DF1FB2BC2E4A4371"; + +#define POLARSSL_DHM_RFC5114_MODP_1024_G \ + "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F" \ + "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213" \ + "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1" \ + "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A" \ + "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" \ + "855E6EEB22B3B2E5"; + +#define POLARSSL_DHM_RFC5114_MODP_2048_P \ + "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \ + "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \ + "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \ + "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \ + "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \ + "B3BF8A317091883681286130BC8985DB1602E714415D9330" \ + "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \ + "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \ + "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \ + "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \ + "CF9DE5384E71B81C0AC4DFFE0C10E64F"; + +#define POLARSSL_DHM_RFC5114_MODP_2048_G \ + "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\ + "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\ + "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\ + "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\ + "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\ + "F180EB34118E98D119529A45D6F834566E3025E316A330EF"\ + "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\ + "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\ + "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\ + "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\ + "81BC087F2A7065B384B890D3191F2BFA"; + /** * \brief DHM context structure */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 3d5008b6b..570785fdf 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -991,7 +991,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) ssl->out_msg[5] = (unsigned char)( n ); i = 6; - ret = dhm_make_public( &ssl->handshake->dhm_ctx, 256, + ret = dhm_make_public( &ssl->handshake->dhm_ctx, + mpi_size( &ssl->handshake->dhm_ctx.P ), &ssl->out_msg[i], n, ssl->f_rng, ssl->p_rng ); if( ret != 0 ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 209e5bdd6..c28716c11 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -676,7 +676,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) return( ret ); } - if( ( ret = dhm_make_params( &ssl->handshake->dhm_ctx, 256, ssl->out_msg + 4, + if( ( ret = dhm_make_params( &ssl->handshake->dhm_ctx, + mpi_size( &ssl->handshake->dhm_ctx.P ), + ssl->out_msg + 4, &n, ssl->f_rng, ssl->p_rng ) ) != 0 ) { SSL_DEBUG_RET( 1, "dhm_make_params", ret ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index ca1477ebd..a8855b8c2 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -51,21 +51,12 @@ "

Successful connection using: %s

\r\n" /* - * Computing a "safe" DH-1024 prime can take a very - * long time, so a precomputed value is provided below. - * You may run dh_genprime to generate a new value. + * Computing a "safe" DH prime can take a very + * long time. RFC 5114 provides precomputed and standardized + * values. */ -char *my_dhm_P = - "E4004C1F94182000103D883A448B3F80" \ - "2CE4B44A83301270002C20D0321CFD00" \ - "11CCEF784C26A400F43DFB901BCA7538" \ - "F2C6B176001CF5A0FD16D2C48B1D0C1C" \ - "F6AC8E1DA6BCC3B4E1F96B0564965300" \ - "FFA1D0B601EB2800F489AA512C4B248C" \ - "01F76949A60BB7F00A40B1EAB64BDD48" \ - "E8A700D60B7F1200FA8E77B0A979DABF"; - -char *my_dhm_G = "4"; +char *my_dhm_P = POLARSSL_DHM_RFC5114_MODP_1024_P; +char *my_dhm_G = POLARSSL_DHM_RFC5114_MODP_1024_G; /* * Sorted by order of preference diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 4e85f72bf..bc5402f8d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -62,21 +62,12 @@ "

Successful connection using: %s

\r\n" /* - * Computing a "safe" DH-1024 prime can take a very - * long time, so a precomputed value is provided below. - * You may run dh_genprime to generate a new value. + * Computing a "safe" DH prime can take a very + * long time. RFC 5114 provides precomputed and standardized + * values. */ -char *my_dhm_P = - "E4004C1F94182000103D883A448B3F80" \ - "2CE4B44A83301270002C20D0321CFD00" \ - "11CCEF784C26A400F43DFB901BCA7538" \ - "F2C6B176001CF5A0FD16D2C48B1D0C1C" \ - "F6AC8E1DA6BCC3B4E1F96B0564965300" \ - "FFA1D0B601EB2800F489AA512C4B248C" \ - "01F76949A60BB7F00A40B1EAB64BDD48" \ - "E8A700D60B7F1200FA8E77B0A979DABF"; - -char *my_dhm_G = "4"; +char *my_dhm_P = POLARSSL_DHM_RFC5114_MODP_2048_P; +char *my_dhm_G = POLARSSL_DHM_RFC5114_MODP_2048_G; /* * global options