mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-24 10:20:59 +00:00
- Added predefined DHM groups from RFC 5114
This commit is contained in:
parent
b60b95fd7f
commit
29b64761fd
|
@ -25,6 +25,7 @@ Features
|
||||||
* Added blowfish algorithm (Generic and cipher layer)
|
* Added blowfish algorithm (Generic and cipher layer)
|
||||||
* Added PKCS#5 PBKDF2 key derivation function
|
* Added PKCS#5 PBKDF2 key derivation function
|
||||||
* Added Secure Renegotiation (RFC 5746)
|
* Added Secure Renegotiation (RFC 5746)
|
||||||
|
* Added predefined DHM groups from RFC 5114
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Removed redundant POLARSSL_DEBUG_MSG define
|
* Removed redundant POLARSSL_DEBUG_MSG define
|
||||||
|
|
|
@ -39,6 +39,56 @@
|
||||||
#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Making of the public value failed. */
|
#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Making of the public value failed. */
|
||||||
#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Calculation of the DHM secret failed. */
|
#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Calculation of the DHM secret failed. */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* RFC 5114 defines a number of standardized Diffie-Hellman groups
|
||||||
|
* that can be used. Some are included here for convenience.
|
||||||
|
*
|
||||||
|
* Included are:
|
||||||
|
* 2.1. 1024-bit MODP Group with 160-bit Prime Order Subgroup
|
||||||
|
* 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup
|
||||||
|
*/
|
||||||
|
#define POLARSSL_DHM_RFC5114_MODP_1024_P \
|
||||||
|
"B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6" \
|
||||||
|
"9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0" \
|
||||||
|
"13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70" \
|
||||||
|
"98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0" \
|
||||||
|
"A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" \
|
||||||
|
"DF1FB2BC2E4A4371";
|
||||||
|
|
||||||
|
#define POLARSSL_DHM_RFC5114_MODP_1024_G \
|
||||||
|
"A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F" \
|
||||||
|
"D6406CFF14266D31266FEA1E5C41564B777E690F5504F213" \
|
||||||
|
"160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1" \
|
||||||
|
"909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A" \
|
||||||
|
"D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" \
|
||||||
|
"855E6EEB22B3B2E5";
|
||||||
|
|
||||||
|
#define POLARSSL_DHM_RFC5114_MODP_2048_P \
|
||||||
|
"AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
|
||||||
|
"B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
|
||||||
|
"EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
|
||||||
|
"9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
|
||||||
|
"C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
|
||||||
|
"B3BF8A317091883681286130BC8985DB1602E714415D9330" \
|
||||||
|
"278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
|
||||||
|
"CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
|
||||||
|
"BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
|
||||||
|
"C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
|
||||||
|
"CF9DE5384E71B81C0AC4DFFE0C10E64F";
|
||||||
|
|
||||||
|
#define POLARSSL_DHM_RFC5114_MODP_2048_G \
|
||||||
|
"AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\
|
||||||
|
"74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\
|
||||||
|
"AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\
|
||||||
|
"C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\
|
||||||
|
"E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\
|
||||||
|
"F180EB34118E98D119529A45D6F834566E3025E316A330EF"\
|
||||||
|
"BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\
|
||||||
|
"10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\
|
||||||
|
"B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\
|
||||||
|
"EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\
|
||||||
|
"81BC087F2A7065B384B890D3191F2BFA";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief DHM context structure
|
* \brief DHM context structure
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -991,7 +991,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
||||||
ssl->out_msg[5] = (unsigned char)( n );
|
ssl->out_msg[5] = (unsigned char)( n );
|
||||||
i = 6;
|
i = 6;
|
||||||
|
|
||||||
ret = dhm_make_public( &ssl->handshake->dhm_ctx, 256,
|
ret = dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||||
|
mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||||
&ssl->out_msg[i], n,
|
&ssl->out_msg[i], n,
|
||||||
ssl->f_rng, ssl->p_rng );
|
ssl->f_rng, ssl->p_rng );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
|
|
|
@ -676,7 +676,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = dhm_make_params( &ssl->handshake->dhm_ctx, 256, ssl->out_msg + 4,
|
if( ( ret = dhm_make_params( &ssl->handshake->dhm_ctx,
|
||||||
|
mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||||
|
ssl->out_msg + 4,
|
||||||
&n, ssl->f_rng, ssl->p_rng ) ) != 0 )
|
&n, ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "dhm_make_params", ret );
|
SSL_DEBUG_RET( 1, "dhm_make_params", ret );
|
||||||
|
|
|
@ -51,21 +51,12 @@
|
||||||
"<p>Successful connection using: %s</p>\r\n"
|
"<p>Successful connection using: %s</p>\r\n"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Computing a "safe" DH-1024 prime can take a very
|
* Computing a "safe" DH prime can take a very
|
||||||
* long time, so a precomputed value is provided below.
|
* long time. RFC 5114 provides precomputed and standardized
|
||||||
* You may run dh_genprime to generate a new value.
|
* values.
|
||||||
*/
|
*/
|
||||||
char *my_dhm_P =
|
char *my_dhm_P = POLARSSL_DHM_RFC5114_MODP_1024_P;
|
||||||
"E4004C1F94182000103D883A448B3F80" \
|
char *my_dhm_G = POLARSSL_DHM_RFC5114_MODP_1024_G;
|
||||||
"2CE4B44A83301270002C20D0321CFD00" \
|
|
||||||
"11CCEF784C26A400F43DFB901BCA7538" \
|
|
||||||
"F2C6B176001CF5A0FD16D2C48B1D0C1C" \
|
|
||||||
"F6AC8E1DA6BCC3B4E1F96B0564965300" \
|
|
||||||
"FFA1D0B601EB2800F489AA512C4B248C" \
|
|
||||||
"01F76949A60BB7F00A40B1EAB64BDD48" \
|
|
||||||
"E8A700D60B7F1200FA8E77B0A979DABF";
|
|
||||||
|
|
||||||
char *my_dhm_G = "4";
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Sorted by order of preference
|
* Sorted by order of preference
|
||||||
|
|
|
@ -62,21 +62,12 @@
|
||||||
"<p>Successful connection using: %s</p>\r\n"
|
"<p>Successful connection using: %s</p>\r\n"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Computing a "safe" DH-1024 prime can take a very
|
* Computing a "safe" DH prime can take a very
|
||||||
* long time, so a precomputed value is provided below.
|
* long time. RFC 5114 provides precomputed and standardized
|
||||||
* You may run dh_genprime to generate a new value.
|
* values.
|
||||||
*/
|
*/
|
||||||
char *my_dhm_P =
|
char *my_dhm_P = POLARSSL_DHM_RFC5114_MODP_2048_P;
|
||||||
"E4004C1F94182000103D883A448B3F80" \
|
char *my_dhm_G = POLARSSL_DHM_RFC5114_MODP_2048_G;
|
||||||
"2CE4B44A83301270002C20D0321CFD00" \
|
|
||||||
"11CCEF784C26A400F43DFB901BCA7538" \
|
|
||||||
"F2C6B176001CF5A0FD16D2C48B1D0C1C" \
|
|
||||||
"F6AC8E1DA6BCC3B4E1F96B0564965300" \
|
|
||||||
"FFA1D0B601EB2800F489AA512C4B248C" \
|
|
||||||
"01F76949A60BB7F00A40B1EAB64BDD48" \
|
|
||||||
"E8A700D60B7F1200FA8E77B0A979DABF";
|
|
||||||
|
|
||||||
char *my_dhm_G = "4";
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* global options
|
* global options
|
||||||
|
|
Loading…
Reference in a new issue