Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
gnutls.27841
0003-Add-plumbing-to-handle-Q-parameter-in-DH-e...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch of Package gnutls.27841
From 12d98928e776ddc09f78d3e2c5b615872576c720 Mon Sep 17 00:00:00 2001 From: Simo Sorce <simo@redhat.com> Date: Fri, 17 May 2019 14:05:37 -0400 Subject: [PATCH 3/6] Add plumbing to handle Q parameter in DH exchanges Signed-off-by: Simo Sorce <simo@redhat.com> --- symbols.last | 6 + doc/Makefile.am | 2 + doc/manpages/Makefile.am | 1 + doc/scripts/getfuncs-map.pl | 5 + lib/dh-primes.c | 468 +++++++++++++++++++++++++++++- lib/dh.c | 74 ++++- lib/gnutls_int.h | 4 +- lib/includes/gnutls/gnutls.h.in | 9 + lib/libgnutls.map | 6 + lib/nettle/pk.c | 4 +- tests/dh-compute.c | 60 ++-- 12 files changed, 610 insertions(+), 47 deletions(-) Index: gnutls-3.6.7/symbols.last =================================================================== --- gnutls-3.6.7.orig/symbols.last 2020-09-03 15:20:32.799924448 +0200 +++ gnutls-3.6.7/symbols.last 2020-09-03 15:20:34.019932137 +0200 @@ -174,6 +174,7 @@ gnutls_dh_params_generate2@GNUTLS_3_4 gnutls_dh_params_import_dsa@GNUTLS_3_4 gnutls_dh_params_import_pkcs3@GNUTLS_3_4 gnutls_dh_params_import_raw2@GNUTLS_3_4 +gnutls_dh_params_import_raw3@GNUTLS_3_6_8 gnutls_dh_params_import_raw@GNUTLS_3_4 gnutls_dh_params_init@GNUTLS_3_4 gnutls_dh_set_prime_bits@GNUTLS_3_4 @@ -211,18 +212,23 @@ gnutls_ext_register@GNUTLS_3_4 gnutls_ext_set_data@GNUTLS_3_4 gnutls_ffdhe_2048_group_generator@GNUTLS_3_4 gnutls_ffdhe_2048_group_prime@GNUTLS_3_4 +gnutls_ffdhe_2048_group_q@GNUTLS_3_6_8 gnutls_ffdhe_2048_key_bits@GNUTLS_3_4 gnutls_ffdhe_3072_group_generator@GNUTLS_3_4 gnutls_ffdhe_3072_group_prime@GNUTLS_3_4 +gnutls_ffdhe_3072_group_q@GNUTLS_3_6_8 gnutls_ffdhe_3072_key_bits@GNUTLS_3_4 gnutls_ffdhe_4096_group_generator@GNUTLS_3_4 gnutls_ffdhe_4096_group_prime@GNUTLS_3_4 +gnutls_ffdhe_4096_group_q@GNUTLS_3_6_8 gnutls_ffdhe_4096_key_bits@GNUTLS_3_4 gnutls_ffdhe_6144_group_generator@GNUTLS_3_6_4 gnutls_ffdhe_6144_group_prime@GNUTLS_3_6_4 +gnutls_ffdhe_6144_group_q@GNUTLS_3_6_8 gnutls_ffdhe_6144_key_bits@GNUTLS_3_6_4 gnutls_ffdhe_8192_group_generator@GNUTLS_3_4 gnutls_ffdhe_8192_group_prime@GNUTLS_3_4 +gnutls_ffdhe_8192_group_q@GNUTLS_3_6_8 gnutls_ffdhe_8192_key_bits@GNUTLS_3_4 gnutls_fingerprint@GNUTLS_3_4 gnutls_fips140_mode_enabled@GNUTLS_3_4 Index: gnutls-3.6.7/doc/Makefile.am =================================================================== --- gnutls-3.6.7.orig/doc/Makefile.am 2020-09-03 15:20:32.803924472 +0200 +++ gnutls-3.6.7/doc/Makefile.am 2020-09-03 15:20:34.019932137 +0200 @@ -951,6 +951,8 @@ FUNCS += functions/gnutls_dh_params_impo FUNCS += functions/gnutls_dh_params_import_raw.short FUNCS += functions/gnutls_dh_params_import_raw2 FUNCS += functions/gnutls_dh_params_import_raw2.short +FUNCS += functions/gnutls_dh_params_import_raw3 +FUNCS += functions/gnutls_dh_params_import_raw3.short FUNCS += functions/gnutls_dh_params_init FUNCS += functions/gnutls_dh_params_init.short FUNCS += functions/gnutls_dh_set_prime_bits Index: gnutls-3.6.7/doc/manpages/Makefile.am =================================================================== --- gnutls-3.6.7.orig/doc/manpages/Makefile.am 2020-09-03 15:20:32.803924472 +0200 +++ gnutls-3.6.7/doc/manpages/Makefile.am 2020-09-03 15:20:34.019932137 +0200 @@ -277,6 +277,7 @@ APIMANS += gnutls_dh_params_import_dsa.3 APIMANS += gnutls_dh_params_import_pkcs3.3 APIMANS += gnutls_dh_params_import_raw.3 APIMANS += gnutls_dh_params_import_raw2.3 +APIMANS += gnutls_dh_params_import_raw3.3 APIMANS += gnutls_dh_params_init.3 APIMANS += gnutls_dh_set_prime_bits.3 APIMANS += gnutls_digest_get_id.3 Index: gnutls-3.6.7/doc/scripts/getfuncs-map.pl =================================================================== --- gnutls-3.6.7.orig/doc/scripts/getfuncs-map.pl 2020-09-03 15:20:32.803924472 +0200 +++ gnutls-3.6.7/doc/scripts/getfuncs-map.pl 2020-09-03 15:20:34.019932137 +0200 @@ -36,18 +36,23 @@ my %known_false_positives = ( 'gnutls_srp_8192_group_prime' => 1, 'gnutls_ffdhe_2048_group_generator' => 1, 'gnutls_ffdhe_2048_group_prime' => 1, + 'gnutls_ffdhe_2048_group_q' => 1, 'gnutls_ffdhe_2048_key_bits' => 1, 'gnutls_ffdhe_3072_group_generator' => 1, 'gnutls_ffdhe_3072_group_prime' => 1, + 'gnutls_ffdhe_3072_group_q' => 1, 'gnutls_ffdhe_3072_key_bits' => 1, 'gnutls_ffdhe_4096_group_generator' => 1, 'gnutls_ffdhe_4096_group_prime' => 1, + 'gnutls_ffdhe_4096_group_q' => 1, 'gnutls_ffdhe_4096_key_bits' => 1, 'gnutls_ffdhe_6144_group_generator' => 1, 'gnutls_ffdhe_6144_group_prime' => 1, + 'gnutls_ffdhe_6144_group_q' => 1, 'gnutls_ffdhe_6144_key_bits' => 1, 'gnutls_ffdhe_8192_group_generator' => 1, 'gnutls_ffdhe_8192_group_prime' => 1, + 'gnutls_ffdhe_8192_group_q' => 1, 'gnutls_ffdhe_8192_key_bits' => 1, 'gnutls_transport_set_int' => 1, 'gnutls_strdup' => 1, Index: gnutls-3.6.7/lib/dh-primes.c =================================================================== --- gnutls-3.6.7.orig/lib/dh-primes.c 2020-09-03 15:20:32.803924472 +0200 +++ gnutls-3.6.7/lib/dh-primes.c 2020-09-03 15:20:34.019932137 +0200 @@ -27,6 +27,8 @@ #include "dh.h" +static const unsigned char ffdhe_generator = 0x02; + static const unsigned char ffdhe_params_2048[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, @@ -67,12 +69,52 @@ static const unsigned char ffdhe_params_ 0xFF, 0xFF, 0xFF, 0xFF }; +static const unsigned char ffdhe_q_2048[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, + 0xA5, 0x4D, 0x57, 0xEE, 0x2B, 0x10, 0x13, + 0x9E, 0x9E, 0x78, 0xEC, 0x5C, 0xE2, 0xC1, + 0xE7, 0x16, 0x9B, 0x4A, 0xD4, 0xF0, 0x9B, + 0x20, 0x8A, 0x32, 0x19, 0xFD, 0xE6, 0x49, + 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 0xBE, + 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, + 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, + 0xBD, 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, + 0xB2, 0xB0, 0x92, 0x19, 0xFA, 0x8F, 0xAF, + 0x83, 0x37, 0x68, 0x42, 0xB1, 0xB2, 0xAA, + 0x9E, 0xF6, 0x8D, 0x79, 0xDA, 0xAB, 0x89, + 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 0xCC, 0x27, + 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 0xF1, + 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, + 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, + 0x9A, 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, + 0x3C, 0xBD, 0x5E, 0x05, 0x58, 0xC1, 0x59, + 0x92, 0x7D, 0xB0, 0xE8, 0x84, 0x54, 0xA5, + 0xD9, 0x64, 0x71, 0xFD, 0xDC, 0xB5, 0x6D, + 0x5B, 0xB0, 0x6B, 0xFA, 0x34, 0x0E, 0xA7, + 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 0x57, + 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, + 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, + 0xB8, 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, + 0xF1, 0x76, 0x60, 0x1A, 0x02, 0x66, 0x94, + 0x1A, 0x17, 0xB0, 0xC8, 0xB9, 0x7F, 0x4E, + 0x74, 0xC2, 0xC1, 0xFF, 0xC7, 0x27, 0x89, + 0x19, 0x77, 0x79, 0x40, 0xC1, 0xE1, 0xFF, + 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 0x9D, + 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, + 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, + 0xD9, 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, + 0x77, 0xFD, 0x44, 0x35, 0xA1, 0x1C, 0x30, + 0x94, 0x2E, 0x4B, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF +}; + const gnutls_datum_t gnutls_ffdhe_2048_group_prime = { (void *) ffdhe_params_2048, sizeof(ffdhe_params_2048) }; - -static const unsigned char ffdhe_generator = 0x02; - +const gnutls_datum_t gnutls_ffdhe_2048_group_q = { + (void *) ffdhe_q_2048, sizeof(ffdhe_q_2048) +}; const gnutls_datum_t gnutls_ffdhe_2048_group_generator = { (void *) &ffdhe_generator, sizeof(ffdhe_generator) }; @@ -136,13 +178,73 @@ static const unsigned char ffdhe_params_ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; -const gnutls_datum_t gnutls_ffdhe_3072_group_generator = { - (void *) &ffdhe_generator, sizeof(ffdhe_generator) +static const unsigned char ffdhe_q_3072[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, + 0xA5, 0x4D, 0x57, 0xEE, 0x2B, 0x10, 0x13, + 0x9E, 0x9E, 0x78, 0xEC, 0x5C, 0xE2, 0xC1, + 0xE7, 0x16, 0x9B, 0x4A, 0xD4, 0xF0, 0x9B, + 0x20, 0x8A, 0x32, 0x19, 0xFD, 0xE6, 0x49, + 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 0xBE, + 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, + 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, + 0xBD, 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, + 0xB2, 0xB0, 0x92, 0x19, 0xFA, 0x8F, 0xAF, + 0x83, 0x37, 0x68, 0x42, 0xB1, 0xB2, 0xAA, + 0x9E, 0xF6, 0x8D, 0x79, 0xDA, 0xAB, 0x89, + 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 0xCC, 0x27, + 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 0xF1, + 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, + 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, + 0x9A, 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, + 0x3C, 0xBD, 0x5E, 0x05, 0x58, 0xC1, 0x59, + 0x92, 0x7D, 0xB0, 0xE8, 0x84, 0x54, 0xA5, + 0xD9, 0x64, 0x71, 0xFD, 0xDC, 0xB5, 0x6D, + 0x5B, 0xB0, 0x6B, 0xFA, 0x34, 0x0E, 0xA7, + 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 0x57, + 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, + 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, + 0xB8, 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, + 0xF1, 0x76, 0x60, 0x1A, 0x02, 0x66, 0x94, + 0x1A, 0x17, 0xB0, 0xC8, 0xB9, 0x7F, 0x4E, + 0x74, 0xC2, 0xC1, 0xFF, 0xC7, 0x27, 0x89, + 0x19, 0x77, 0x79, 0x40, 0xC1, 0xE1, 0xFF, + 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 0x9D, + 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, + 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, + 0xD9, 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, + 0x77, 0xFD, 0x44, 0x35, 0xA1, 0x1C, 0x30, + 0x8F, 0xE7, 0xEE, 0x6F, 0x1A, 0xAD, 0x9D, + 0xB2, 0x8C, 0x81, 0xAD, 0xDE, 0x1A, 0x7A, + 0x6F, 0x7C, 0xCE, 0x01, 0x1C, 0x30, 0xDA, + 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, 0xBD, + 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7, + 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, + 0x8E, 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, + 0xC9, 0x38, 0x5A, 0x09, 0x86, 0x49, 0xDE, + 0x21, 0xBC, 0xA2, 0x7A, 0x7E, 0xA2, 0x29, + 0x71, 0x6B, 0xA6, 0xE9, 0xB2, 0x79, 0x71, + 0x0F, 0x38, 0xFA, 0xA5, 0xFF, 0xAE, 0x57, + 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, 0x74, + 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06, + 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, + 0x6D, 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, + 0x24, 0x27, 0x05, 0x5E, 0x68, 0x35, 0xFD, + 0x29, 0xEE, 0xF7, 0x9E, 0x0D, 0x90, 0x77, + 0x1F, 0xEA, 0xCE, 0xBE, 0x12, 0xF2, 0x0E, + 0x95, 0xB3, 0x63, 0x17, 0x1B, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; const gnutls_datum_t gnutls_ffdhe_3072_group_prime = { (void *) ffdhe_params_3072, sizeof(ffdhe_params_3072) }; +const gnutls_datum_t gnutls_ffdhe_3072_group_q = { + (void *) ffdhe_q_3072, sizeof(ffdhe_q_3072) +}; +const gnutls_datum_t gnutls_ffdhe_3072_group_generator = { + (void *) &ffdhe_generator, sizeof(ffdhe_generator) +}; const unsigned int gnutls_ffdhe_3072_key_bits = 276; static const unsigned char ffdhe_params_4096[] = { @@ -222,13 +324,92 @@ static const unsigned char ffdhe_params_ 0xFF }; -const gnutls_datum_t gnutls_ffdhe_4096_group_generator = { - (void *) &ffdhe_generator, sizeof(ffdhe_generator) +static const unsigned char ffdhe_q_4096[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, + 0xA5, 0x4D, 0x57, 0xEE, 0x2B, 0x10, 0x13, + 0x9E, 0x9E, 0x78, 0xEC, 0x5C, 0xE2, 0xC1, + 0xE7, 0x16, 0x9B, 0x4A, 0xD4, 0xF0, 0x9B, + 0x20, 0x8A, 0x32, 0x19, 0xFD, 0xE6, 0x49, + 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 0xBE, + 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, + 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, + 0xBD, 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, + 0xB2, 0xB0, 0x92, 0x19, 0xFA, 0x8F, 0xAF, + 0x83, 0x37, 0x68, 0x42, 0xB1, 0xB2, 0xAA, + 0x9E, 0xF6, 0x8D, 0x79, 0xDA, 0xAB, 0x89, + 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 0xCC, 0x27, + 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 0xF1, + 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, + 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, + 0x9A, 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, + 0x3C, 0xBD, 0x5E, 0x05, 0x58, 0xC1, 0x59, + 0x92, 0x7D, 0xB0, 0xE8, 0x84, 0x54, 0xA5, + 0xD9, 0x64, 0x71, 0xFD, 0xDC, 0xB5, 0x6D, + 0x5B, 0xB0, 0x6B, 0xFA, 0x34, 0x0E, 0xA7, + 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 0x57, + 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, + 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, + 0xB8, 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, + 0xF1, 0x76, 0x60, 0x1A, 0x02, 0x66, 0x94, + 0x1A, 0x17, 0xB0, 0xC8, 0xB9, 0x7F, 0x4E, + 0x74, 0xC2, 0xC1, 0xFF, 0xC7, 0x27, 0x89, + 0x19, 0x77, 0x79, 0x40, 0xC1, 0xE1, 0xFF, + 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 0x9D, + 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, + 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, + 0xD9, 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, + 0x77, 0xFD, 0x44, 0x35, 0xA1, 0x1C, 0x30, + 0x8F, 0xE7, 0xEE, 0x6F, 0x1A, 0xAD, 0x9D, + 0xB2, 0x8C, 0x81, 0xAD, 0xDE, 0x1A, 0x7A, + 0x6F, 0x7C, 0xCE, 0x01, 0x1C, 0x30, 0xDA, + 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, 0xBD, + 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7, + 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, + 0x8E, 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, + 0xC9, 0x38, 0x5A, 0x09, 0x86, 0x49, 0xDE, + 0x21, 0xBC, 0xA2, 0x7A, 0x7E, 0xA2, 0x29, + 0x71, 0x6B, 0xA6, 0xE9, 0xB2, 0x79, 0x71, + 0x0F, 0x38, 0xFA, 0xA5, 0xFF, 0xAE, 0x57, + 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, 0x74, + 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06, + 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, + 0x6D, 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, + 0x24, 0x27, 0x05, 0x5E, 0x68, 0x35, 0xFD, + 0x29, 0xEE, 0xF7, 0x9E, 0x0D, 0x90, 0x77, + 0x1F, 0xEA, 0xCE, 0xBE, 0x12, 0xF2, 0x0E, + 0x95, 0xB3, 0x4F, 0x0F, 0x78, 0xB7, 0x37, + 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D, 0xBC, + 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB, + 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, + 0x8C, 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, + 0xA0, 0x02, 0x43, 0xFA, 0xAD, 0xD2, 0xBF, + 0x18, 0xE6, 0x3D, 0x38, 0x9A, 0xE4, 0x43, + 0x77, 0xDA, 0x18, 0xC5, 0x76, 0xB5, 0x0F, + 0x00, 0x96, 0xCF, 0x34, 0x19, 0x54, 0x83, + 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62, 0x36, + 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C, + 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, + 0xBD, 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, + 0x00, 0x1E, 0x15, 0x27, 0x67, 0x54, 0xFC, + 0xC6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xE6, + 0xE7, 0x64, 0xBE, 0xE7, 0xC7, 0x64, 0xDA, + 0xAD, 0x3F, 0xC4, 0x52, 0x35, 0xA6, 0xDA, + 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70, 0xE3, + 0x45, 0x00, 0x3F, 0x2F, 0x32, 0xAF, 0xB5, + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF }; const gnutls_datum_t gnutls_ffdhe_4096_group_prime = { (void *) ffdhe_params_4096, sizeof(ffdhe_params_4096) }; +const gnutls_datum_t gnutls_ffdhe_4096_group_q = { + (void *) ffdhe_q_4096, sizeof(ffdhe_q_4096) +}; +const gnutls_datum_t gnutls_ffdhe_4096_group_generator = { + (void *) &ffdhe_generator, sizeof(ffdhe_generator) +}; const unsigned int gnutls_ffdhe_4096_key_bits = 336; static const unsigned char ffdhe_params_6144[] = { @@ -344,10 +525,125 @@ static const unsigned char ffdhe_params_ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; +static const unsigned char ffdhe_q_6144[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, + 0xA5, 0x4D, 0x57, 0xEE, 0x2B, 0x10, 0x13, + 0x9E, 0x9E, 0x78, 0xEC, 0x5C, 0xE2, 0xC1, + 0xE7, 0x16, 0x9B, 0x4A, 0xD4, 0xF0, 0x9B, + 0x20, 0x8A, 0x32, 0x19, 0xFD, 0xE6, 0x49, + 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 0xBE, + 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, + 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, + 0xBD, 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, + 0xB2, 0xB0, 0x92, 0x19, 0xFA, 0x8F, 0xAF, + 0x83, 0x37, 0x68, 0x42, 0xB1, 0xB2, 0xAA, + 0x9E, 0xF6, 0x8D, 0x79, 0xDA, 0xAB, 0x89, + 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 0xCC, 0x27, + 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 0xF1, + 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, + 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, + 0x9A, 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, + 0x3C, 0xBD, 0x5E, 0x05, 0x58, 0xC1, 0x59, + 0x92, 0x7D, 0xB0, 0xE8, 0x84, 0x54, 0xA5, + 0xD9, 0x64, 0x71, 0xFD, 0xDC, 0xB5, 0x6D, + 0x5B, 0xB0, 0x6B, 0xFA, 0x34, 0x0E, 0xA7, + 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 0x57, + 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, + 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, + 0xB8, 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, + 0xF1, 0x76, 0x60, 0x1A, 0x02, 0x66, 0x94, + 0x1A, 0x17, 0xB0, 0xC8, 0xB9, 0x7F, 0x4E, + 0x74, 0xC2, 0xC1, 0xFF, 0xC7, 0x27, 0x89, + 0x19, 0x77, 0x79, 0x40, 0xC1, 0xE1, 0xFF, + 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 0x9D, + 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, + 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, + 0xD9, 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, + 0x77, 0xFD, 0x44, 0x35, 0xA1, 0x1C, 0x30, + 0x8F, 0xE7, 0xEE, 0x6F, 0x1A, 0xAD, 0x9D, + 0xB2, 0x8C, 0x81, 0xAD, 0xDE, 0x1A, 0x7A, + 0x6F, 0x7C, 0xCE, 0x01, 0x1C, 0x30, 0xDA, + 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, 0xBD, + 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7, + 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, + 0x8E, 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, + 0xC9, 0x38, 0x5A, 0x09, 0x86, 0x49, 0xDE, + 0x21, 0xBC, 0xA2, 0x7A, 0x7E, 0xA2, 0x29, + 0x71, 0x6B, 0xA6, 0xE9, 0xB2, 0x79, 0x71, + 0x0F, 0x38, 0xFA, 0xA5, 0xFF, 0xAE, 0x57, + 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, 0x74, + 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06, + 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, + 0x6D, 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, + 0x24, 0x27, 0x05, 0x5E, 0x68, 0x35, 0xFD, + 0x29, 0xEE, 0xF7, 0x9E, 0x0D, 0x90, 0x77, + 0x1F, 0xEA, 0xCE, 0xBE, 0x12, 0xF2, 0x0E, + 0x95, 0xB3, 0x4F, 0x0F, 0x78, 0xB7, 0x37, + 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D, 0xBC, + 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB, + 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, + 0x8C, 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, + 0xA0, 0x02, 0x43, 0xFA, 0xAD, 0xD2, 0xBF, + 0x18, 0xE6, 0x3D, 0x38, 0x9A, 0xE4, 0x43, + 0x77, 0xDA, 0x18, 0xC5, 0x76, 0xB5, 0x0F, + 0x00, 0x96, 0xCF, 0x34, 0x19, 0x54, 0x83, + 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62, 0x36, + 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C, + 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, + 0xBD, 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, + 0x00, 0x1E, 0x15, 0x27, 0x67, 0x54, 0xFC, + 0xC6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xE6, + 0xE7, 0x64, 0xBE, 0xE7, 0xC7, 0x64, 0xDA, + 0xAD, 0x3F, 0xC4, 0x52, 0x35, 0xA6, 0xDA, + 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70, 0xE3, + 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81, + 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, + 0x3D, 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, + 0x95, 0x1D, 0x11, 0xDD, 0x22, 0x21, 0x65, + 0x7A, 0x9F, 0x53, 0x1D, 0xDA, 0x2A, 0x19, + 0x4D, 0xBB, 0x12, 0x64, 0x48, 0xBD, 0xEE, + 0xB2, 0x58, 0xE0, 0x7E, 0xA6, 0x59, 0xC7, + 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D, 0x66, + 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38, + 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, + 0x0F, 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, + 0xDA, 0x3B, 0xD2, 0x92, 0x38, 0xFB, 0xD4, + 0xD4, 0xB4, 0x88, 0x5C, 0x2A, 0x99, 0x17, + 0x6D, 0xB1, 0xA0, 0x6C, 0x50, 0x07, 0x78, + 0x49, 0x1A, 0x82, 0x88, 0xF1, 0x85, 0x5F, + 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37, 0x3F, + 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1, + 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, + 0xDA, 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, + 0x5D, 0xE0, 0xCA, 0x63, 0x32, 0x8F, 0x3B, + 0xE5, 0x7C, 0xC9, 0x77, 0x55, 0x60, 0x11, + 0x95, 0x14, 0x0D, 0xFB, 0x59, 0xD3, 0x9C, + 0xE0, 0x91, 0x30, 0x8B, 0x41, 0x05, 0x74, + 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F, 0x7C, + 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6, + 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, + 0xAF, 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, + 0x54, 0x23, 0x28, 0x2E, 0xE4, 0x16, 0xDC, + 0x2A, 0x19, 0xC5, 0x72, 0x4F, 0xA9, 0x1A, + 0xE4, 0xAD, 0xC8, 0x8B, 0xC6, 0x67, 0x96, + 0xEA, 0xE5, 0x67, 0x7A, 0x01, 0xF6, 0x4E, + 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82, 0x2D, + 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B, + 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, + 0x34, 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, + 0xB0, 0xE0, 0xD2, 0x0E, 0xAB, 0x86, 0xBC, + 0x9C, 0x6D, 0x6A, 0x52, 0x07, 0x19, 0x4E, + 0x68, 0x72, 0x07, 0x32, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; + const gnutls_datum_t gnutls_ffdhe_6144_group_prime = { (void *) ffdhe_params_6144, sizeof(ffdhe_params_6144) }; - +const gnutls_datum_t gnutls_ffdhe_6144_group_q = { + (void *) ffdhe_q_6144, sizeof(ffdhe_q_6144) +}; const gnutls_datum_t gnutls_ffdhe_6144_group_generator = { (void *) &ffdhe_generator, sizeof(ffdhe_generator) }; @@ -503,13 +799,165 @@ static const unsigned char ffdhe_params_ 0xFF, 0xFF }; -const gnutls_datum_t gnutls_ffdhe_8192_group_generator = { - (void *) &ffdhe_generator, sizeof(ffdhe_generator) +static const unsigned char ffdhe_q_8192[] = { + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xD6, 0xFC, 0x2A, 0x2C, 0x51, 0x5D, + 0xA5, 0x4D, 0x57, 0xEE, 0x2B, 0x10, 0x13, + 0x9E, 0x9E, 0x78, 0xEC, 0x5C, 0xE2, 0xC1, + 0xE7, 0x16, 0x9B, 0x4A, 0xD4, 0xF0, 0x9B, + 0x20, 0x8A, 0x32, 0x19, 0xFD, 0xE6, 0x49, + 0xCE, 0xE7, 0x12, 0x4D, 0x9F, 0x7C, 0xBE, + 0x97, 0xF1, 0xB1, 0xB1, 0x86, 0x3A, 0xEC, + 0x7B, 0x40, 0xD9, 0x01, 0x57, 0x62, 0x30, + 0xBD, 0x69, 0xEF, 0x8F, 0x6A, 0xEA, 0xFE, + 0xB2, 0xB0, 0x92, 0x19, 0xFA, 0x8F, 0xAF, + 0x83, 0x37, 0x68, 0x42, 0xB1, 0xB2, 0xAA, + 0x9E, 0xF6, 0x8D, 0x79, 0xDA, 0xAB, 0x89, + 0xAF, 0x3F, 0xAB, 0xE4, 0x9A, 0xCC, 0x27, + 0x86, 0x38, 0x70, 0x73, 0x45, 0xBB, 0xF1, + 0x53, 0x44, 0xED, 0x79, 0xF7, 0xF4, 0x39, + 0x0E, 0xF8, 0xAC, 0x50, 0x9B, 0x56, 0xF3, + 0x9A, 0x98, 0x56, 0x65, 0x27, 0xA4, 0x1D, + 0x3C, 0xBD, 0x5E, 0x05, 0x58, 0xC1, 0x59, + 0x92, 0x7D, 0xB0, 0xE8, 0x84, 0x54, 0xA5, + 0xD9, 0x64, 0x71, 0xFD, 0xDC, 0xB5, 0x6D, + 0x5B, 0xB0, 0x6B, 0xFA, 0x34, 0x0E, 0xA7, + 0xA1, 0x51, 0xEF, 0x1C, 0xA6, 0xFA, 0x57, + 0x2B, 0x76, 0xF3, 0xB1, 0xB9, 0x5D, 0x8C, + 0x85, 0x83, 0xD3, 0xE4, 0x77, 0x05, 0x36, + 0xB8, 0x4F, 0x01, 0x7E, 0x70, 0xE6, 0xFB, + 0xF1, 0x76, 0x60, 0x1A, 0x02, 0x66, 0x94, + 0x1A, 0x17, 0xB0, 0xC8, 0xB9, 0x7F, 0x4E, + 0x74, 0xC2, 0xC1, 0xFF, 0xC7, 0x27, 0x89, + 0x19, 0x77, 0x79, 0x40, 0xC1, 0xE1, 0xFF, + 0x1D, 0x8D, 0xA6, 0x37, 0xD6, 0xB9, 0x9D, + 0xDA, 0xFE, 0x5E, 0x17, 0x61, 0x10, 0x02, + 0xE2, 0xC7, 0x78, 0xC1, 0xBE, 0x8B, 0x41, + 0xD9, 0x63, 0x79, 0xA5, 0x13, 0x60, 0xD9, + 0x77, 0xFD, 0x44, 0x35, 0xA1, 0x1C, 0x30, + 0x8F, 0xE7, 0xEE, 0x6F, 0x1A, 0xAD, 0x9D, + 0xB2, 0x8C, 0x81, 0xAD, 0xDE, 0x1A, 0x7A, + 0x6F, 0x7C, 0xCE, 0x01, 0x1C, 0x30, 0xDA, + 0x37, 0xE4, 0xEB, 0x73, 0x64, 0x83, 0xBD, + 0x6C, 0x8E, 0x93, 0x48, 0xFB, 0xFB, 0xF7, + 0x2C, 0xC6, 0x58, 0x7D, 0x60, 0xC3, 0x6C, + 0x8E, 0x57, 0x7F, 0x09, 0x84, 0xC2, 0x89, + 0xC9, 0x38, 0x5A, 0x09, 0x86, 0x49, 0xDE, + 0x21, 0xBC, 0xA2, 0x7A, 0x7E, 0xA2, 0x29, + 0x71, 0x6B, 0xA6, 0xE9, 0xB2, 0x79, 0x71, + 0x0F, 0x38, 0xFA, 0xA5, 0xFF, 0xAE, 0x57, + 0x41, 0x55, 0xCE, 0x4E, 0xFB, 0x4F, 0x74, + 0x36, 0x95, 0xE2, 0x91, 0x1B, 0x1D, 0x06, + 0xD5, 0xE2, 0x90, 0xCB, 0xCD, 0x86, 0xF5, + 0x6D, 0x0E, 0xDF, 0xCD, 0x21, 0x6A, 0xE2, + 0x24, 0x27, 0x05, 0x5E, 0x68, 0x35, 0xFD, + 0x29, 0xEE, 0xF7, 0x9E, 0x0D, 0x90, 0x77, + 0x1F, 0xEA, 0xCE, 0xBE, 0x12, 0xF2, 0x0E, + 0x95, 0xB3, 0x4F, 0x0F, 0x78, 0xB7, 0x37, + 0xA9, 0x61, 0x8B, 0x26, 0xFA, 0x7D, 0xBC, + 0x98, 0x74, 0xF2, 0x72, 0xC4, 0x2B, 0xDB, + 0x56, 0x3E, 0xAF, 0xA1, 0x6B, 0x4F, 0xB6, + 0x8C, 0x3B, 0xB1, 0xE7, 0x8E, 0xAA, 0x81, + 0xA0, 0x02, 0x43, 0xFA, 0xAD, 0xD2, 0xBF, + 0x18, 0xE6, 0x3D, 0x38, 0x9A, 0xE4, 0x43, + 0x77, 0xDA, 0x18, 0xC5, 0x76, 0xB5, 0x0F, + 0x00, 0x96, 0xCF, 0x34, 0x19, 0x54, 0x83, + 0xB0, 0x05, 0x48, 0xC0, 0x98, 0x62, 0x36, + 0xE3, 0xBC, 0x7C, 0xB8, 0xD6, 0x80, 0x1C, + 0x04, 0x94, 0xCC, 0xD1, 0x99, 0xE5, 0xC5, + 0xBD, 0x0D, 0x0E, 0xDC, 0x9E, 0xB8, 0xA0, + 0x00, 0x1E, 0x15, 0x27, 0x67, 0x54, 0xFC, + 0xC6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xE6, + 0xE7, 0x64, 0xBE, 0xE7, 0xC7, 0x64, 0xDA, + 0xAD, 0x3F, 0xC4, 0x52, 0x35, 0xA6, 0xDA, + 0xD4, 0x28, 0xFA, 0x20, 0xC1, 0x70, 0xE3, + 0x45, 0x00, 0x3F, 0x2F, 0x06, 0xEC, 0x81, + 0x05, 0xFE, 0xB2, 0x5B, 0x22, 0x81, 0xB6, + 0x3D, 0x27, 0x33, 0xBE, 0x96, 0x1C, 0x29, + 0x95, 0x1D, 0x11, 0xDD, 0x22, 0x21, 0x65, + 0x7A, 0x9F, 0x53, 0x1D, 0xDA, 0x2A, 0x19, + 0x4D, 0xBB, 0x12, 0x64, 0x48, 0xBD, 0xEE, + 0xB2, 0x58, 0xE0, 0x7E, 0xA6, 0x59, 0xC7, + 0x46, 0x19, 0xA6, 0x38, 0x0E, 0x1D, 0x66, + 0xD6, 0x83, 0x2B, 0xFE, 0x67, 0xF6, 0x38, + 0xCD, 0x8F, 0xAE, 0x1F, 0x27, 0x23, 0x02, + 0x0F, 0x9C, 0x40, 0xA3, 0xFD, 0xA6, 0x7E, + 0xDA, 0x3B, 0xD2, 0x92, 0x38, 0xFB, 0xD4, + 0xD4, 0xB4, 0x88, 0x5C, 0x2A, 0x99, 0x17, + 0x6D, 0xB1, 0xA0, 0x6C, 0x50, 0x07, 0x78, + 0x49, 0x1A, 0x82, 0x88, 0xF1, 0x85, 0x5F, + 0x60, 0xFF, 0xFC, 0xF1, 0xD1, 0x37, 0x3F, + 0xD9, 0x4F, 0xC6, 0x0C, 0x18, 0x11, 0xE1, + 0xAC, 0x3F, 0x1C, 0x6D, 0x00, 0x3B, 0xEC, + 0xDA, 0x3B, 0x1F, 0x27, 0x25, 0xCA, 0x59, + 0x5D, 0xE0, 0xCA, 0x63, 0x32, 0x8F, 0x3B, + 0xE5, 0x7C, 0xC9, 0x77, 0x55, 0x60, 0x11, + 0x95, 0x14, 0x0D, 0xFB, 0x59, 0xD3, 0x9C, + 0xE0, 0x91, 0x30, 0x8B, 0x41, 0x05, 0x74, + 0x6D, 0xAC, 0x23, 0xD3, 0x3E, 0x5F, 0x7C, + 0xE4, 0x84, 0x8D, 0xA3, 0x16, 0xA9, 0xC6, + 0x6B, 0x95, 0x81, 0xBA, 0x35, 0x73, 0xBF, + 0xAF, 0x31, 0x14, 0x96, 0x18, 0x8A, 0xB1, + 0x54, 0x23, 0x28, 0x2E, 0xE4, 0x16, 0xDC, + 0x2A, 0x19, 0xC5, 0x72, 0x4F, 0xA9, 0x1A, + 0xE4, 0xAD, 0xC8, 0x8B, 0xC6, 0x67, 0x96, + 0xEA, 0xE5, 0x67, 0x7A, 0x01, 0xF6, 0x4E, + 0x8C, 0x08, 0x63, 0x13, 0x95, 0x82, 0x2D, + 0x9D, 0xB8, 0xFC, 0xEE, 0x35, 0xC0, 0x6B, + 0x1F, 0xEE, 0xA5, 0x47, 0x4D, 0x6D, 0x8F, + 0x34, 0xB1, 0x53, 0x4A, 0x93, 0x6A, 0x18, + 0xB0, 0xE0, 0xD2, 0x0E, 0xAB, 0x86, 0xBC, + 0x9C, 0x6D, 0x6A, 0x52, 0x07, 0x19, 0x4E, + 0x67, 0xFA, 0x35, 0x55, 0x1B, 0x56, 0x80, + 0x26, 0x7B, 0x00, 0x64, 0x1C, 0x0F, 0x21, + 0x2D, 0x18, 0xEC, 0xA8, 0xD7, 0x32, 0x7E, + 0xD9, 0x1F, 0xE7, 0x64, 0xA8, 0x4E, 0xA1, + 0xB4, 0x3F, 0xF5, 0xB4, 0xF6, 0xE8, 0xE6, + 0x2F, 0x05, 0xC6, 0x61, 0xDE, 0xFB, 0x25, + 0x88, 0x77, 0xC3, 0x5B, 0x18, 0xA1, 0x51, + 0xD5, 0xC4, 0x14, 0xAA, 0xAD, 0x97, 0xBA, + 0x3E, 0x49, 0x93, 0x32, 0xE5, 0x96, 0x07, + 0x8E, 0x60, 0x0D, 0xEB, 0x81, 0x14, 0x9C, + 0x44, 0x1C, 0xE9, 0x57, 0x82, 0xF2, 0x2A, + 0x28, 0x25, 0x63, 0xC5, 0xBA, 0xC1, 0x41, + 0x14, 0x23, 0x60, 0x5D, 0x1A, 0xE1, 0xAF, + 0xAE, 0x2C, 0x8B, 0x06, 0x60, 0x23, 0x7E, + 0xC1, 0x28, 0xAA, 0x0F, 0xE3, 0x46, 0x4E, + 0x43, 0x58, 0x11, 0x5D, 0xB8, 0x4C, 0xC3, + 0xB5, 0x23, 0x07, 0x3A, 0x28, 0xD4, 0x54, + 0x98, 0x84, 0xB8, 0x1F, 0xF7, 0x0E, 0x10, + 0xBF, 0x36, 0x1C, 0x13, 0x72, 0x96, 0x28, + 0xD5, 0x34, 0x8F, 0x07, 0x21, 0x1E, 0x7E, + 0x4C, 0xF4, 0xF1, 0x8B, 0x28, 0x60, 0x90, + 0xBD, 0xB1, 0x24, 0x0B, 0x66, 0xD6, 0xCD, + 0x4A, 0xFC, 0xEA, 0xDC, 0x00, 0xCA, 0x44, + 0x6C, 0xE0, 0x50, 0x50, 0xFF, 0x18, 0x3A, + 0xD2, 0xBB, 0xF1, 0x18, 0xC1, 0xFC, 0x0E, + 0xA5, 0x1F, 0x97, 0xD2, 0x2B, 0x8F, 0x7E, + 0x46, 0x70, 0x5D, 0x45, 0x27, 0xF4, 0x5B, + 0x42, 0xAE, 0xFF, 0x39, 0x58, 0x53, 0x37, + 0x6F, 0x69, 0x7D, 0xD5, 0xFD, 0xF2, 0xC5, + 0x18, 0x7D, 0x7D, 0x5F, 0x0E, 0x2E, 0xB8, + 0xD4, 0x3F, 0x17, 0xBA, 0x0F, 0x7C, 0x60, + 0xFF, 0x43, 0x7F, 0x53, 0x5D, 0xFE, 0xF2, + 0x98, 0x33, 0xBF, 0x86, 0xCB, 0xE8, 0x8E, + 0xA4, 0xFB, 0xD4, 0x22, 0x1E, 0x84, 0x11, + 0x72, 0x83, 0x54, 0xFA, 0x30, 0xA7, 0x00, + 0x8F, 0x15, 0x4A, 0x41, 0xC7, 0xFC, 0x46, + 0x6B, 0x46, 0x45, 0xDB, 0xE2, 0xE3, 0x21, + 0x26, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF }; const gnutls_datum_t gnutls_ffdhe_8192_group_prime = { (void *) ffdhe_params_8192, sizeof(ffdhe_params_8192) }; +const gnutls_datum_t gnutls_ffdhe_8192_group_q = { + (void *) ffdhe_q_8192, sizeof(ffdhe_q_8192) +}; +const gnutls_datum_t gnutls_ffdhe_8192_group_generator = { + (void *) &ffdhe_generator, sizeof(ffdhe_generator) +}; const unsigned int gnutls_ffdhe_8192_key_bits = 512; #endif Index: gnutls-3.6.7/lib/dh.c =================================================================== --- gnutls-3.6.7.orig/lib/dh.c 2020-09-03 15:20:32.803924472 +0200 +++ gnutls-3.6.7/lib/dh.c 2020-09-03 15:20:34.019932137 +0200 @@ -224,25 +224,14 @@ int gnutls_dh_params_import_dsa(gnutls_dh_params_t dh_params, gnutls_x509_privkey_t key) { gnutls_datum_t p, g, q; - bigint_t tmp_q; int ret; ret = gnutls_x509_privkey_export_dsa_raw(key, &p, &q, &g, NULL, NULL); if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_mpi_init_scan_nz(&tmp_q, q.data, q.size); - if (ret < 0) { - gnutls_assert(); - ret = GNUTLS_E_MPI_SCAN_FAILED; - goto cleanup; - } - - ret = gnutls_dh_params_import_raw2(dh_params, &p, &g, _gnutls_mpi_get_nbits(tmp_q)); + ret = gnutls_dh_params_import_raw3(dh_params, &p, &q, &g); - _gnutls_mpi_release(&tmp_q); - - cleanup: gnutls_free(p.data); gnutls_free(g.data); gnutls_free(q.data); @@ -296,6 +285,64 @@ gnutls_dh_params_import_raw2(gnutls_dh_p } /** + * gnutls_dh_params_import_raw3: + * @dh_params: The parameters + * @prime: holds the new prime + * @q: holds the subgroup if available, otherwise NULL + * @generator: holds the new generator + * + * This function will replace the pair of prime and generator for use + * in the Diffie-Hellman key exchange. The new parameters should be + * stored in the appropriate gnutls_datum. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, + * otherwise a negative error code is returned. + **/ +int +gnutls_dh_params_import_raw3(gnutls_dh_params_t dh_params, + const gnutls_datum_t * prime, + const gnutls_datum_t * q, + const gnutls_datum_t * generator) +{ + bigint_t tmp_p, tmp_g, tmp_q = NULL; + + if (_gnutls_mpi_init_scan_nz(&tmp_p, prime->data, prime->size)) { + gnutls_assert(); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + if (_gnutls_mpi_init_scan_nz(&tmp_g, generator->data, + generator->size)) { + _gnutls_mpi_release(&tmp_p); + gnutls_assert(); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + if (q) { + if (_gnutls_mpi_init_scan_nz(&tmp_q, q->data, q->size)) { + _gnutls_mpi_release(&tmp_p); + _gnutls_mpi_release(&tmp_g); + gnutls_assert(); + return GNUTLS_E_MPI_SCAN_FAILED; + } + } else if (_gnutls_fips_mode_enabled()) { + /* Mandatory in FIPS mode */ + gnutls_assert(); + return GNUTLS_E_DH_PRIME_UNACCEPTABLE; + } + + /* store the generated values + */ + dh_params->params[0] = tmp_p; + dh_params->params[1] = tmp_g; + dh_params->params[2] = tmp_q; + if (tmp_q) + dh_params->q_bits = _gnutls_mpi_get_nbits(tmp_q); + + return 0; +} + +/** * gnutls_dh_params_init: * @dh_params: The parameters * @@ -330,6 +377,7 @@ void gnutls_dh_params_deinit(gnutls_dh_p _gnutls_mpi_release(&dh_params->params[0]); _gnutls_mpi_release(&dh_params->params[1]); + _gnutls_mpi_release(&dh_params->params[2]); gnutls_free(dh_params); @@ -353,6 +401,8 @@ int gnutls_dh_params_cpy(gnutls_dh_param dst->params[0] = _gnutls_mpi_copy(src->params[0]); dst->params[1] = _gnutls_mpi_copy(src->params[1]); + if (src->params[2]) + dst->params[2] = _gnutls_mpi_copy(src->params[2]); dst->q_bits = src->q_bits; if (dst->params[0] == NULL || dst->params[1] == NULL) Index: gnutls-3.6.7/lib/gnutls_int.h =================================================================== --- gnutls-3.6.7.orig/lib/gnutls_int.h 2020-09-03 15:20:32.803924472 +0200 +++ gnutls-3.6.7/lib/gnutls_int.h 2020-09-03 15:20:34.019932137 +0200 @@ -997,9 +997,9 @@ struct gnutls_priority_st { /* DH and RSA parameters types. */ typedef struct gnutls_dh_params_int { - /* [0] is the prime, [1] is the generator. + /* [0] is the prime, [1] is the generator, [2] is Q if available. */ - bigint_t params[2]; + bigint_t params[3]; int q_bits; /* length of q in bits. If zero then length is unknown. */ } dh_params_st; Index: gnutls-3.6.7/lib/includes/gnutls/gnutls.h.in =================================================================== --- gnutls-3.6.7.orig/lib/includes/gnutls/gnutls.h.in 2020-09-03 15:20:32.803924472 +0200 +++ gnutls-3.6.7/lib/includes/gnutls/gnutls.h.in 2020-09-03 15:20:34.019932137 +0200 @@ -2234,6 +2234,10 @@ int gnutls_dh_params_import_raw2(gnutls_ const gnutls_datum_t * prime, const gnutls_datum_t * generator, unsigned key_bits); +int gnutls_dh_params_import_raw3(gnutls_dh_params_t dh_params, + const gnutls_datum_t * prime, + const gnutls_datum_t * q, + const gnutls_datum_t * generator); int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params, const gnutls_datum_t * pkcs3_params, gnutls_x509_crt_fmt_t format); @@ -2406,22 +2410,27 @@ extern _SYM_EXPORT const gnutls_datum_t */ extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_prime; +extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_q; extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_generator; extern _SYM_EXPORT const unsigned int gnutls_ffdhe_8192_key_bits; extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_6144_group_prime; +extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_6144_group_q; extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_6144_group_generator; extern _SYM_EXPORT const unsigned int gnutls_ffdhe_6144_key_bits; extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_prime; +extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_q; extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_generator; extern _SYM_EXPORT const unsigned int gnutls_ffdhe_4096_key_bits; extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_prime; +extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_q; extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_generator; extern _SYM_EXPORT const unsigned int gnutls_ffdhe_3072_key_bits; extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_prime; +extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_q; extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_generator; extern _SYM_EXPORT const unsigned int gnutls_ffdhe_2048_key_bits; Index: gnutls-3.6.7/lib/libgnutls.map =================================================================== --- gnutls-3.6.7.orig/lib/libgnutls.map 2020-09-03 15:20:34.019932137 +0200 +++ gnutls-3.6.7/lib/libgnutls.map 2020-09-03 15:21:44.356375627 +0200 @@ -1271,6 +1271,12 @@ GNUTLS_3_6_6 gnutls_certificate_set_rawpk_key_file; gnutls_pcert_import_rawpk; gnutls_pcert_import_rawpk_raw; + gnutls_dh_params_import_raw3; + gnutls_ffdhe_2048_group_q; + gnutls_ffdhe_3072_group_q; + gnutls_ffdhe_4096_group_q; + gnutls_ffdhe_6144_group_q; + gnutls_ffdhe_8192_group_q; } GNUTLS_3_6_5; GNUTLS_FIPS140_3_4 { Index: gnutls-3.6.7/lib/nettle/pk.c =================================================================== --- gnutls-3.6.7.orig/lib/nettle/pk.c 2020-09-03 15:20:32.847924749 +0200 +++ gnutls-3.6.7/lib/nettle/pk.c 2020-09-03 15:20:34.023932162 +0200 @@ -1533,6 +1533,8 @@ int _gnutls_dh_compute_key(gnutls_dh_par priv.params[DH_P] = _gnutls_mpi_copy(dh_params->params[0]); priv.params[DH_G] = _gnutls_mpi_copy(dh_params->params[1]); + if (dh_params->params[2]) + priv.params[DH_Q] = _gnutls_mpi_copy(dh_params->params[2]); if (_gnutls_mpi_init_scan_nz (&priv.params[DH_X], priv_key->data, @@ -1542,7 +1544,7 @@ int _gnutls_dh_compute_key(gnutls_dh_par goto cleanup; } - priv.params_nr = 3; /* include empty q */ + priv.params_nr = 3; /* include, possibly empty, q */ priv.algo = GNUTLS_PK_DH; Z->data = NULL; Index: gnutls-3.6.7/tests/dh-compute.c =================================================================== --- gnutls-3.6.7.orig/tests/dh-compute.c 2020-09-03 15:20:32.847924749 +0200 +++ gnutls-3.6.7/tests/dh-compute.c 2020-09-03 15:20:34.023932162 +0200 @@ -41,8 +41,8 @@ int _gnutls_dh_compute_key(gnutls_dh_par const gnutls_datum_t *pub_key, const gnutls_datum_t *peer_key, gnutls_datum_t *Z); -static void params(gnutls_dh_params_t *dh_params, unsigned int key_bits, - const gnutls_datum_t *p, const gnutls_datum_t *g) +static void params(gnutls_dh_params_t *dh_params, const gnutls_datum_t *p, + const gnutls_datum_t *q, const gnutls_datum_t *g) { int ret; @@ -50,7 +50,7 @@ static void params(gnutls_dh_params_t *d if (ret != 0) fail("error\n"); - ret = gnutls_dh_params_import_raw2(*dh_params, p, g, key_bits); + ret = gnutls_dh_params_import_raw3(*dh_params, p, q, g); if (ret != 0) fail("error\n"); } @@ -65,32 +65,33 @@ static void genkey(gnutls_dh_params_t *d fail("error\n"); } -static void compute_key(gnutls_dh_params_t *dh_params, +static void compute_key(const char *name, gnutls_dh_params_t *dh_params, gnutls_datum_t *priv_key, gnutls_datum_t *pub_key, const gnutls_datum_t *peer_key, int expect_error, gnutls_datum_t *result, bool expect_success) { - gnutls_datum_t Z; + gnutls_datum_t Z = { 0 }; bool success; int ret; ret = _gnutls_dh_compute_key(*dh_params, priv_key, pub_key, peer_key, &Z); if (expect_error != ret) - fail("error (%d)\n", ret); + fail("%s: error %d (expected %d)\n", name, ret, expect_error); if (result) { success = (Z.size != result->size && memcmp(Z.data, result->data, Z.size)); if (success != expect_success) - fail("error\n"); + fail("%s: failed to match result\n", name); } gnutls_free(Z.data); } struct dh_test_data { - const unsigned int key_size; + const char *name; const gnutls_datum_t prime; + const gnutls_datum_t q; const gnutls_datum_t generator; const gnutls_datum_t peer_key; int expected_error; @@ -100,45 +101,60 @@ void doit(void) { struct dh_test_data test_data[] = { { - /* y == 0 */ - gnutls_ffdhe_2048_key_bits, + "[y == 0]", gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, gnutls_ffdhe_2048_group_generator, { (void *)"\x00", 1 }, GNUTLS_E_MPI_SCAN_FAILED }, { - /* y < 2 */ - gnutls_ffdhe_2048_key_bits, + "[y < 2]", gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, gnutls_ffdhe_2048_group_generator, { (void *)"\x01", 1 }, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER }, { - /* y > p - 2 */ - gnutls_ffdhe_2048_key_bits, + "[y > p - 2]", gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, gnutls_ffdhe_2048_group_generator, gnutls_ffdhe_2048_group_prime, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER }, - { 0 } + { + "[y ^ q mod p == 1]", + gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, + gnutls_ffdhe_2048_group_generator, + gnutls_ffdhe_2048_group_q, + GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER + }, + { + "Legal Input", + gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, + gnutls_ffdhe_2048_group_generator, + { (void *)"\x02", 1 }, + 0 + }, + { NULL } }; - for (int i = 0; test_data[i].key_size != 0; i++) { + for (int i = 0; test_data[i].name != NULL; i++) { gnutls_datum_t priv_key, pub_key; gnutls_dh_params_t dh_params; - params(&dh_params, test_data[i].key_size, - &test_data[i].prime, &test_data[i].generator); + params(&dh_params, &test_data[i].prime, &test_data[i].q, + &test_data[i].generator); genkey(&dh_params, &priv_key, &pub_key); - compute_key(&dh_params, &priv_key, &pub_key, - &test_data[i].peer_key, - test_data[i].expected_error, - NULL, 0); + compute_key(test_data[i].name, &dh_params, &priv_key, + &pub_key, &test_data[i].peer_key, + test_data[i].expected_error, NULL, 0); gnutls_dh_params_deinit(dh_params); gnutls_free(priv_key.data);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor