TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #225 from libtom/pr/fix-114-dh-primes

Browse Source 
Better DH primes
This commit is contained in:
karel-m 2017-06-12 17:12:33 +02:00 committed by GitHub
commit 4a6d107227
5 changed files with 350 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
demos/timing.c
View File

@ -133,7 +133,7 @@ static void init_timer(void)
fprintf(stderr, "Clock Skew: %lu\n", (unsigned long)skew); fprintf(stderr, "Clock Skew: %lu\n", (unsigned long)skew);
} }
static int time_keysched(void) static void time_keysched(void)
{ {
unsigned long x, y1; unsigned long x, y1;
ulong64 t1, c1; ulong64 t1, c1;
@ -165,12 +165,10 @@ static int time_keysched(void)
#undef DO1 #undef DO1
} }
tally_results(0); tally_results(0);
return 0;
} }
#ifdef LTC_ECB_MODE #ifdef LTC_ECB_MODE
static int time_cipher_ecb(void) static void time_cipher_ecb(void)
{ {
unsigned long x, y1; unsigned long x, y1;
ulong64 t1, t2, c1, c2, a1, a2; ulong64 t1, t2, c1, c2, a1, a2;
@ -237,15 +235,13 @@ static int time_cipher_ecb(void)
#undef DO1 #undef DO1
} }
tally_results(1); tally_results(1);
return 0;
} }
#else #else
static int time_cipher_ecb(void) { fprintf(stderr, "NO ECB\n"); return 0; } static void time_cipher_ecb(void) { fprintf(stderr, "NO ECB\n"); return 0; }
#endif #endif
#ifdef LTC_CBC_MODE #ifdef LTC_CBC_MODE
static int time_cipher_cbc(void) static void time_cipher_cbc(void)
{ {
unsigned long x, y1; unsigned long x, y1;
ulong64 t1, t2, c1, c2, a1, a2; ulong64 t1, t2, c1, c2, a1, a2;
@ -312,15 +308,13 @@ static int time_cipher_cbc(void)
#undef DO1 #undef DO1
} }
tally_results(1); tally_results(1);
return 0;
} }
#else #else
static int time_cipher_cbc(void) { fprintf(stderr, "NO CBC\n"); return 0; } static void time_cipher_cbc(void) { fprintf(stderr, "NO CBC\n"); return 0; }
#endif #endif
#ifdef LTC_CTR_MODE #ifdef LTC_CTR_MODE
static int time_cipher_ctr(void) static void time_cipher_ctr(void)
{ {
unsigned long x, y1; unsigned long x, y1;
ulong64 t1, t2, c1, c2, a1, a2; ulong64 t1, t2, c1, c2, a1, a2;
@ -387,15 +381,13 @@ static int time_cipher_ctr(void)
#undef DO1 #undef DO1
} }
tally_results(1); tally_results(1);
return 0;
} }
#else #else
static int time_cipher_ctr(void) { fprintf(stderr, "NO CTR\n"); return 0; } static void time_cipher_ctr(void) { fprintf(stderr, "NO CTR\n"); return 0; }
#endif #endif
#ifdef LTC_LRW_MODE #ifdef LTC_LRW_MODE
static int time_cipher_lrw(void) static void time_cipher_lrw(void)
{ {
unsigned long x, y1; unsigned long x, y1;
ulong64 t1, t2, c1, c2, a1, a2; ulong64 t1, t2, c1, c2, a1, a2;
@ -464,15 +456,13 @@ static int time_cipher_lrw(void)
#undef DO1 #undef DO1
} }
tally_results(1); tally_results(1);
return 0;
} }
#else #else
static int time_cipher_lrw(void) { fprintf(stderr, "NO LRW\n"); return 0; } static void time_cipher_lrw(void) { fprintf(stderr, "NO LRW\n"); return 0; }
#endif #endif
static int time_hash(void) static void time_hash(void)
{ {
unsigned long x, y1, len; unsigned long x, y1, len;
ulong64 t1, t2, c1, c2; ulong64 t1, t2, c1, c2;
@ -519,8 +509,6 @@ static int time_hash(void)
#undef DO1 #undef DO1
} }
tally_results(2); tally_results(2);
return 0;
} }
/*#warning you need an mp_rand!!!*/ /*#warning you need an mp_rand!!!*/
@ -888,6 +876,58 @@ static void time_katja(void)
static void time_katja(void) { fprintf(stderr, "NO Katja\n"); } static void time_katja(void) { fprintf(stderr, "NO Katja\n"); }
#endif #endif
#ifdef LTC_MDH
/* time various DH operations */
static void time_dh(void)
{
dh_key key;
ulong64 t1, t2;
unsigned char buf[2][4096];
unsigned long i, x, y, z;
int err;
static unsigned long sizes[] = {768/8, 1024/8, 1536/8, 2048/8, 3072/8, 4096/8, 6144/8, 8192/8, 100000};
for (x = sizes[i=0]; x < 100000; x = sizes[++i]) {
t2 = 0;
for (y = 0; y < 16; y++) {
t_start();
t1 = t_read();
if ((err = dh_make_key(&yarrow_prng, find_prng("yarrow"), x, &key)) != CRYPT_OK) {
fprintf(stderr, "\n\ndh_make_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK));
exit(EXIT_FAILURE);
}
t1 = t_read() - t1;
t2 += t1;
if (y < 15) {
dh_free(&key);
}
}
t2 >>= 4;
fprintf(stderr, "DH-%4lu make_key took %15llu cycles\n", x*8, t2);
t2 = 0;
for (y = 0; y < 16; y++) {
t_start();
t1 = t_read();
z = sizeof(buf[1]);
if ((err = dh_encrypt_key(buf[0], 20, buf[1], &z, &yarrow_prng, find_prng("yarrow"), find_hash("sha1"),
&key)) != CRYPT_OK) {
fprintf(stderr, "\n\ndh_encrypt_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK));
exit(EXIT_FAILURE);
}
t1 = t_read() - t1;
t2 += t1;
}
t2 >>= 4;
fprintf(stderr, "DH-%4lu encrypt_key took %15llu cycles\n", x*8, t2);
dh_free(&key);
}
}
#else
static void time_dh(void) { fprintf(stderr, "NO DH\n"); }
#endif
#ifdef LTC_MECC #ifdef LTC_MECC
/* time various ECC operations */ /* time various ECC operations */
static void time_ecc(void) static void time_ecc(void)
@ -1347,9 +1387,36 @@ static void time_encmacs(void)
time_encmacs_(32); time_encmacs_(32);
} }
int main(void) #define LTC_TEST_FN(f) { f, #f }
int main(int argc, char **argv)
{ {
int err; int err;
const struct
{
void (*fn)(void);
const char* name;
} test_functions[] = {
LTC_TEST_FN(time_keysched),
LTC_TEST_FN(time_cipher_ecb),
LTC_TEST_FN(time_cipher_cbc),
LTC_TEST_FN(time_cipher_ctr),
LTC_TEST_FN(time_cipher_lrw),
LTC_TEST_FN(time_hash),
LTC_TEST_FN(time_macs),
LTC_TEST_FN(time_encmacs),
LTC_TEST_FN(time_prng),
LTC_TEST_FN(time_mult),
LTC_TEST_FN(time_sqr),
LTC_TEST_FN(time_rsa),
LTC_TEST_FN(time_dsa),
LTC_TEST_FN(time_ecc),
LTC_TEST_FN(time_dh),
LTC_TEST_FN(time_katja)
};
char *single_test = NULL;
unsigned int i;
init_timer(); init_timer();
register_all_ciphers(); register_all_ciphers();
register_all_hashes(); register_all_hashes();
@ -1371,21 +1438,16 @@ if ((err = rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL)) != CRYPT
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
time_keysched(); /* single test name from commandline */
time_cipher_ecb(); if (argc > 1) single_test = argv[1];
time_cipher_cbc();
time_cipher_ctr(); for (i = 0; i < sizeof(test_functions)/sizeof(test_functions[0]); ++i) {
time_cipher_lrw(); if (single_test && strstr(test_functions[i].name, single_test) == NULL) {
time_hash(); continue;
time_macs(); }
time_encmacs(); test_functions[i].fn();
time_prng(); }
time_mult();
time_sqr();
time_rsa();
time_dsa();
time_ecc();
time_katja();
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }

5
src/headers/tomcrypt_custom.h
View File

@ -364,16 +364,15 @@
/* Supported Key Sizes */ /* Supported Key Sizes */
#define LTC_DH768 #define LTC_DH768
#define LTC_DH1024 #define LTC_DH1024
#define LTC_DH1280
#define LTC_DH1536 #define LTC_DH1536
#define LTC_DH1792
#define LTC_DH2048 #define LTC_DH2048
#ifndef TFM_DESC #ifndef TFM_DESC
/* tfm has a problem in fp_isprime for larger key sizes */ /* tfm has a problem in fp_isprime for larger key sizes */
#define LTC_DH2560
#define LTC_DH3072 #define LTC_DH3072
#define LTC_DH4096 #define LTC_DH4096
#define LTC_DH6144
#define LTC_DH8192
#endif #endif
/* Include Katja (a Rabin variant like RSA) */ /* Include Katja (a Rabin variant like RSA) */

127
src/pk/dh/dh.c
View File

@ -35,8 +35,8 @@ int dh_compat_test(void)
#if 0 #if 0
printf("dh_test():testing size %d-bits\n", sets[x].size * 8); printf("dh_test():testing size %d-bits\n", sets[x].size * 8);
#endif #endif
if ((err = mp_read_radix(g,(char *)sets[x].base, 64)) != CRYPT_OK) { goto error; } if ((err = mp_read_radix(g,(char *)sets[x].base, 16)) != CRYPT_OK) { goto error; }
if ((err = mp_read_radix(p,(char *)sets[x].prime, 64)) != CRYPT_OK) { goto error; } if ((err = mp_read_radix(p,(char *)sets[x].prime, 16)) != CRYPT_OK) { goto error; }
/* ensure p is prime */ /* ensure p is prime */
if ((err = mp_prime_is_prime(p, 8, &primality)) != CRYPT_OK) { goto done; } if ((err = mp_prime_is_prime(p, 8, &primality)) != CRYPT_OK) { goto done; }
@ -104,37 +104,58 @@ int dh_get_size(dh_key *key)
/** /**
Make a DH key [private key pair] Make a DH key [private key pair]
@param prng An active PRNG state @param prng An active PRNG state
@param wprng The index for the PRNG you desire to use @param wprng The index for the PRNG you desire to use
@param keysize The key size (octets) desired @param groupsize The size (octets) of used DH group
@param key [out] Where the newly created DH key will be stored @param key [out] Where the newly created DH key will be stored
@return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically.
*/ */
int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key) int dh_make_key(prng_state *prng, int wprng, int groupsize, dh_key *key)
{ {
unsigned char *buf; unsigned char *buf;
unsigned long x; unsigned long idx, keysize;
void *p, *g; void *p, *g, *p_minus1;
int err; int err;
LTC_ARGCHK(key != NULL); LTC_ARGCHK(key != NULL);
LTC_ARGCHK(prng != NULL);
/* good prng? */ /* good prng? */
if ((err = prng_is_valid(wprng)) != CRYPT_OK) { if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err; return err;
} }
/* find key size */ /* find group size */
for (x = 0; (keysize > sets[x].size) && (sets[x].size != 0); x++); for (idx = 0; (groupsize > sets[idx].size) && (sets[idx].size != 0); idx++);
#ifdef FAST_PK if (sets[idx].size == 0) {
keysize = MIN(sets[x].size, 32); return CRYPT_INVALID_KEYSIZE;
#else }
keysize = sets[x].size; groupsize = sets[idx].size;
#endif
if (sets[x].size == 0) { /* The strength estimates from https://tools.ietf.org/html/rfc3526#section-8
* We use "Estimate 2" to get an appropriate private key (exponent) size.
*/
if (groupsize <= 192) {
keysize = 30; /* 1536-bit => key size 240-bit */
}
else if (groupsize <= 256) {
keysize = 40; /* 2048-bit => key size 320-bit */
}
else if (groupsize <= 384) {
keysize = 52; /* 3072-bit => key size 416-bit */
}
else if (groupsize <= 512) {
keysize = 60; /* 4096-bit => key size 480-bit */
}
else if (groupsize <= 768) {
keysize = 67; /* 6144-bit => key size 536-bit */
}
else if (groupsize <= 1024) {
keysize = 77; /* 8192-bit => key size 616-bit */
}
else {
return CRYPT_INVALID_KEYSIZE; return CRYPT_INVALID_KEYSIZE;
} }
key->idx = x;
/* allocate buffer */ /* allocate buffer */
buf = XMALLOC(keysize); buf = XMALLOC(keysize);
@ -142,41 +163,40 @@ int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key)
return CRYPT_MEM; return CRYPT_MEM;
} }
/* make up random string */ /* init big numbers */
if ( rng_make_prng( keysize, wprng, prng, NULL) != CRYPT_OK) { if ((err = mp_init_multi(&g, &p, &p_minus1, &key->x, &key->y, NULL)) != CRYPT_OK) {
err = CRYPT_ERROR_READPRNG; goto freebuf;
goto error2;
} }
if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) { if ((err = mp_read_radix(g, sets[idx].base, 16)) != CRYPT_OK) { goto error; }
err = CRYPT_ERROR_READPRNG; if ((err = mp_read_radix(p, sets[idx].prime, 16)) != CRYPT_OK) { goto error; }
goto error2; if ((err = mp_sub_d(p, 1, p_minus1)) != CRYPT_OK) { goto error; }
}
/* init parameters */ do {
if ((err = mp_init_multi(&g, &p, &key->x, &key->y, NULL)) != CRYPT_OK) { /* make up random buf */
goto error; if (prng_descriptor[wprng].read(buf, keysize, prng) != keysize) {
} err = CRYPT_ERROR_READPRNG;
goto error;
}
/* load the x value - private key */
if ((err = mp_read_unsigned_bin(key->x, buf, keysize)) != CRYPT_OK) { goto error; }
/* compute the y value - public key */
if ((err = mp_exptmod(g, key->x, p, key->y)) != CRYPT_OK) { goto error; }
/* avoid: y <= 1 OR y >= p-1 */
} while (mp_cmp(key->y, p_minus1) != LTC_MP_LT || mp_cmp_d(key->y, 1) != LTC_MP_GT);
if ((err = mp_read_radix(g, sets[key->idx].base, 64)) != CRYPT_OK) { goto error; } /* success */
if ((err = mp_read_radix(p, sets[key->idx].prime, 64)) != CRYPT_OK) { goto error; } key->idx = idx;
/* load the x value */
if ((err = mp_read_unsigned_bin(key->x, buf, keysize)) != CRYPT_OK) { goto error; }
if ((err = mp_exptmod(g, key->x, p, key->y)) != CRYPT_OK) { goto error; }
key->type = PK_PRIVATE; key->type = PK_PRIVATE;
/* free up ram */
err = CRYPT_OK; err = CRYPT_OK;
goto done; goto done;
error: error:
mp_clear_multi(key->x, key->y, NULL); mp_clear_multi(key->x, key->y, NULL);
done: done:
mp_clear_multi(p, g, NULL); mp_clear_multi(g, p, p_minus1, NULL);
error2: freebuf:
#ifdef LTC_CLEAN_STACK
zeromem(buf, keysize); zeromem(buf, keysize);
#endif
XFREE(buf); XFREE(buf);
return err; return err;
} }
@ -335,7 +355,7 @@ error:
int dh_shared_secret(dh_key *private_key, dh_key *public_key, int dh_shared_secret(dh_key *private_key, dh_key *public_key,
unsigned char *out, unsigned long *outlen) unsigned char *out, unsigned long *outlen)
{ {
void *tmp, *p; void *tmp, *p, *p_minus1;
unsigned long x; unsigned long x;
int err; int err;
@ -355,26 +375,31 @@ int dh_shared_secret(dh_key *private_key, dh_key *public_key,
} }
/* compute y^x mod p */ /* compute y^x mod p */
if ((err = mp_init_multi(&tmp, &p, NULL)) != CRYPT_OK) { if ((err = mp_init_multi(&tmp, &p, &p_minus1, NULL)) != CRYPT_OK) {
return err; return err;
} }
if ((err = mp_read_radix(p, (char *)sets[private_key->idx].prime, 64)) != CRYPT_OK) { goto error; } if ((err = mp_read_radix(p, sets[private_key->idx].prime, 16)) != CRYPT_OK) { goto error; }
if ((err = mp_exptmod(public_key->y, private_key->x, p, tmp)) != CRYPT_OK) { goto error; } if ((err = mp_sub_d(p, 1, p_minus1)) != CRYPT_OK) { goto error; }
if (mp_cmp(public_key->y, p_minus1) != LTC_MP_LT || mp_cmp_d(public_key->y, 1) != LTC_MP_GT) {
/* reject public key with: y <= 1 OR y >= p-1 */
err = CRYPT_INVALID_ARG;
goto error;
}
if ((err = mp_exptmod(public_key->y, private_key->x, p, tmp)) != CRYPT_OK) { goto error; }
/* enough space for output? */ /* enough space for output? */
x = (unsigned long)mp_unsigned_bin_size(tmp); x = (unsigned long)mp_unsigned_bin_size(tmp);
if (*outlen < x) { if (*outlen < x) {
err = CRYPT_BUFFER_OVERFLOW; err = CRYPT_BUFFER_OVERFLOW;
goto done; goto error;
} }
if ((err = mp_to_unsigned_bin(tmp, out)) != CRYPT_OK) { goto error; } if ((err = mp_to_unsigned_bin(tmp, out)) != CRYPT_OK) { goto error; }
*outlen = x; *outlen = x;
err = CRYPT_OK; err = CRYPT_OK;
goto done;
error: error:
done: mp_clear_multi(p_minus1, p, tmp, NULL);
mp_clear_multi(p, tmp, NULL);
return err; return err;
} }

256
src/pk/dh/dh_static.c
View File

@ -23,121 +23,201 @@
/* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */ /* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */
const dh_set sets[] = { const dh_set sets[] = {
#ifdef LTC_DH768 #ifdef LTC_DH768
{ { /* 768-bit MODP Group 1 - https://tools.ietf.org/html/rfc7296#appendix-B.1 */
96, 96,
"DH-768", "DH-768",
"4", "2",
"F///////////////////////////////////////////////////////////" "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
"////////////////////////////////////////////////////////////" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
"//////m3wvV" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
"E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF"
}, },
#endif #endif
#ifdef LTC_DH1024 #ifdef LTC_DH1024
{ { /* 1024-bit MODP Group 2 - https://tools.ietf.org/html/rfc7296#appendix-B.2 */
128, 128,
"DH-1024", "DH-1024",
"4", "2",
"F///////////////////////////////////////////////////////////" "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
"////////////////////////////////////////////////////////////" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
"////////////////////////////////////////////////m3C47" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
}, "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
#endif "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381"
#ifdef LTC_DH1280 "FFFFFFFFFFFFFFFF"
{
160,
"DH-1280",
"4",
"F///////////////////////////////////////////////////////////"
"////////////////////////////////////////////////////////////"
"////////////////////////////////////////////////////////////"
"//////////////////////////////m4kSN"
}, },
#endif #endif
#ifdef LTC_DH1536 #ifdef LTC_DH1536
{ { /* 1536-bit MODP Group 5 - https://tools.ietf.org/html/rfc3526#section-2 */
192, 192,
"DH-1536", "DH-1536",
"4", "2",
"F///////////////////////////////////////////////////////////" "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
"////////////////////////////////////////////////////////////" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
"////////////////////////////////////////////////////////////" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
"////////////////////////////////////////////////////////////" "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
"////////////m5uqd" "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
}, "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
#endif "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
#ifdef LTC_DH1792 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF"
{
224,
"DH-1792",
"4",
"F///////////////////////////////////////////////////////////"
"////////////////////////////////////////////////////////////"
"////////////////////////////////////////////////////////////"
"////////////////////////////////////////////////////////////"
"//////////////////////////////////////////////////////mT/sd"
}, },
#endif #endif
#ifdef LTC_DH2048 #ifdef LTC_DH2048
{ { /* 2048-bit MODP Group 14 - https://tools.ietf.org/html/rfc3526#section-3 */
256, 256,
"DH-2048", "DH-2048",
"4", "2",
"3///////////////////////////////////////////////////////////" "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
"////////////////////////////////////////////////////////////" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
"////////////////////////////////////////////////////////////" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
"////////////////////////////////////////////////////////////" "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
"////////////////////////////////////////////////////////////" "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
"/////////////////////////////////////////m8MPh" "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
}, "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
#endif "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
#ifdef LTC_DH2560 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
{ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
320, "15728E5A8AACAA68FFFFFFFFFFFFFFFF"
"DH-2560",
"4",
"3///////////////////////////////////////////////////////////"
"////////////////////////////////////////////////////////////"
"////////////////////////////////////////////////////////////"
"////////////////////////////////////////////////////////////"
"////////////////////////////////////////////////////////////"
"////////////////////////////////////////////////////////////"
"////////////////////////////////////////////////////////////"
"/////mKFpF"
}, },
#endif #endif
#ifdef LTC_DH3072 #ifdef LTC_DH3072
{ { /* 3072-bit MODP Group 15 - https://tools.ietf.org/html/rfc3526#section-4 */
384, 384,
"DH-3072", "DH-3072",
"4", "2",
"3///////////////////////////////////////////////////////////" "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
"////////////////////////////////////////////////////////////" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
"////////////////////////////////////////////////////////////" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
"////////////////////////////////////////////////////////////" "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
"////////////////////////////////////////////////////////////" "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
"////////////////////////////////////////////////////////////" "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
"////////////////////////////////////////////////////////////" "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
"////////////////////////////////////////////////////////////" "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
"/////////////////////////////m32nN" "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
}, },
#endif #endif
#ifdef LTC_DH4096 #ifdef LTC_DH4096
{ { /* 4096-bit MODP Group 16 - https://tools.ietf.org/html/rfc3526#section-5 */
512, 512,
"DH-4096", "DH-4096",
"4", "2",
"////////////////////////////////////////////////////////////" "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
"////////////////////////////////////////////////////////////" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
"////////////////////////////////////////////////////////////" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
"////////////////////////////////////////////////////////////" "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
"////////////////////////////////////////////////////////////" "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
"////////////////////////////////////////////////////////////" "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
"////////////////////////////////////////////////////////////" "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
"////////////////////////////////////////////////////////////" "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
"////////////////////////////////////////////////////////////" "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
"////////////////////////////////////////////////////////////" "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
"////////////////////////////////////////////////////////////" "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
"/////////////////////m8pOF" "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199"
"FFFFFFFFFFFFFFFF"
},
#endif
#ifdef LTC_DH6144
{ /* 6144-bit MODP Group 17 - https://tools.ietf.org/html/rfc3526#section-6 */
786,
"DH-6144",
"2",
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
"83655D23DCA3AD961C62F356208552BB9ED529077096966D"
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
"36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
"F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
"179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
"DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
"5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
"D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
"23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
"CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
"06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
"DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
"12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF"
},
#endif
#ifdef LTC_DH8192
{ /* 8192-bit MODP Group 18 - https://tools.ietf.org/html/rfc3526#section-7 */
1024,
"DH-8192",
"2",
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
"83655D23DCA3AD961C62F356208552BB9ED529077096966D"
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
"36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
"F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
"179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
"DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
"5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
"D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
"23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
"CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
"06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
"DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
"12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
"38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
"741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
"3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
"22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
"4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
"062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
"4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
"B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
"4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
"9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
"60C980DD98EDD3DFFFFFFFFFFFFFFFFF"
}, },
#endif #endif
{ {

8
src/pk/dh/dh_sys.c
View File

@ -354,8 +354,8 @@ int dh_sign_hash(const unsigned char *in, unsigned long inlen,
if ((err = mp_read_unsigned_bin(k, buf, sets[key->idx].size)) != CRYPT_OK) { goto LBL_ERR; } if ((err = mp_read_unsigned_bin(k, buf, sets[key->idx].size)) != CRYPT_OK) { goto LBL_ERR; }
/* load g, p and p1 */ /* load g, p and p1 */
if ((err = mp_read_radix(g, sets[key->idx].base, 64)) != CRYPT_OK) { goto LBL_ERR; } if ((err = mp_read_radix(g, sets[key->idx].base, 16)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_read_radix(p, sets[key->idx].prime, 64)) != CRYPT_OK) { goto LBL_ERR; } if ((err = mp_read_radix(p, sets[key->idx].prime, 16)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_sub_d(p, 1, p1)) != CRYPT_OK) { goto LBL_ERR; } if ((err = mp_sub_d(p, 1, p1)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_div_2(p1, p1)) != CRYPT_OK) { goto LBL_ERR; } /* p1 = (p-1)/2 */ if ((err = mp_div_2(p1, p1)) != CRYPT_OK) { goto LBL_ERR; } /* p1 = (p-1)/2 */
@ -458,8 +458,8 @@ int dh_verify_hash(const unsigned char *sig, unsigned long siglen,
INPUT_BIGNUM(b, sig, x, y, siglen); INPUT_BIGNUM(b, sig, x, y, siglen);
/* load p and g */ /* load p and g */
if ((err = mp_read_radix(p, sets[key->idx].prime, 64)) != CRYPT_OK) { goto error1; } if ((err = mp_read_radix(p, sets[key->idx].prime, 16)) != CRYPT_OK) { goto error1; }
if ((err = mp_read_radix(g, sets[key->idx].base, 64)) != CRYPT_OK) { goto error1; } if ((err = mp_read_radix(g, sets[key->idx].base, 16)) != CRYPT_OK) { goto error1; }
/* load m */ /* load m */
if ((err = mp_read_unsigned_bin(m, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error1; } if ((err = mp_read_unsigned_bin(m, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error1; }