317a38ab65
Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985 (cherry picked from commit19261079b7) (cherry picked from commitf448c3ed4a) (cherry picked from commit1f290c707a) (cherry picked from commit0f9bafdfc3) (cherry picked from commitadb56e58e8) (cherry picked from commit576b58108c) (cherry picked from commit1c99af1ebe) (cherry picked from commit87152f3405) (cherry picked from commit172fa4aa75)
506 lines
15 KiB
C
506 lines
15 KiB
C
/* $OpenBSD: dh.c,v 1.74 2021/04/03 06:18:40 djm Exp $ */
|
|
/*
|
|
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
#ifdef WITH_OPENSSL
|
|
|
|
#include <errno.h>
|
|
#include <stdarg.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <limits.h>
|
|
|
|
#include <openssl/bn.h>
|
|
#include <openssl/dh.h>
|
|
|
|
#include "dh.h"
|
|
#include "pathnames.h"
|
|
#include "log.h"
|
|
#include "misc.h"
|
|
#include "ssherr.h"
|
|
|
|
#include "openbsd-compat/openssl-compat.h"
|
|
|
|
static const char *moduli_filename;
|
|
|
|
void dh_set_moduli_file(const char *filename)
|
|
{
|
|
moduli_filename = filename;
|
|
}
|
|
|
|
static const char * get_moduli_filename(void)
|
|
{
|
|
return moduli_filename ? moduli_filename : _PATH_DH_MODULI;
|
|
}
|
|
|
|
static int
|
|
parse_prime(int linenum, char *line, struct dhgroup *dhg)
|
|
{
|
|
char *cp, *arg;
|
|
char *strsize, *gen, *prime;
|
|
const char *errstr = NULL;
|
|
long long n;
|
|
|
|
dhg->p = dhg->g = NULL;
|
|
cp = line;
|
|
if ((arg = strdelim(&cp)) == NULL)
|
|
return 0;
|
|
/* Ignore leading whitespace */
|
|
if (*arg == '\0')
|
|
arg = strdelim(&cp);
|
|
if (!arg || !*arg || *arg == '#')
|
|
return 0;
|
|
|
|
/* time */
|
|
if (cp == NULL || *arg == '\0')
|
|
goto truncated;
|
|
arg = strsep(&cp, " "); /* type */
|
|
if (cp == NULL || *arg == '\0')
|
|
goto truncated;
|
|
/* Ensure this is a safe prime */
|
|
n = strtonum(arg, 0, 5, &errstr);
|
|
if (errstr != NULL || n != MODULI_TYPE_SAFE) {
|
|
error("moduli:%d: type is not %d", linenum, MODULI_TYPE_SAFE);
|
|
goto fail;
|
|
}
|
|
arg = strsep(&cp, " "); /* tests */
|
|
if (cp == NULL || *arg == '\0')
|
|
goto truncated;
|
|
/* Ensure prime has been tested and is not composite */
|
|
n = strtonum(arg, 0, 0x1f, &errstr);
|
|
if (errstr != NULL ||
|
|
(n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE)) {
|
|
error("moduli:%d: invalid moduli tests flag", linenum);
|
|
goto fail;
|
|
}
|
|
arg = strsep(&cp, " "); /* tries */
|
|
if (cp == NULL || *arg == '\0')
|
|
goto truncated;
|
|
n = strtonum(arg, 0, 1<<30, &errstr);
|
|
if (errstr != NULL || n == 0) {
|
|
error("moduli:%d: invalid primality trial count", linenum);
|
|
goto fail;
|
|
}
|
|
strsize = strsep(&cp, " "); /* size */
|
|
if (cp == NULL || *strsize == '\0' ||
|
|
(dhg->size = (int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
|
|
errstr) {
|
|
error("moduli:%d: invalid prime length", linenum);
|
|
goto fail;
|
|
}
|
|
/* The whole group is one bit larger */
|
|
dhg->size++;
|
|
gen = strsep(&cp, " "); /* gen */
|
|
if (cp == NULL || *gen == '\0')
|
|
goto truncated;
|
|
prime = strsep(&cp, " "); /* prime */
|
|
if (cp != NULL || *prime == '\0') {
|
|
truncated:
|
|
error("moduli:%d: truncated", linenum);
|
|
goto fail;
|
|
}
|
|
|
|
if ((dhg->g = BN_new()) == NULL ||
|
|
(dhg->p = BN_new()) == NULL) {
|
|
error("parse_prime: BN_new failed");
|
|
goto fail;
|
|
}
|
|
if (BN_hex2bn(&dhg->g, gen) == 0) {
|
|
error("moduli:%d: could not parse generator value", linenum);
|
|
goto fail;
|
|
}
|
|
if (BN_hex2bn(&dhg->p, prime) == 0) {
|
|
error("moduli:%d: could not parse prime value", linenum);
|
|
goto fail;
|
|
}
|
|
if (BN_num_bits(dhg->p) != dhg->size) {
|
|
error("moduli:%d: prime has wrong size: actual %d listed %d",
|
|
linenum, BN_num_bits(dhg->p), dhg->size - 1);
|
|
goto fail;
|
|
}
|
|
if (BN_cmp(dhg->g, BN_value_one()) <= 0) {
|
|
error("moduli:%d: generator is invalid", linenum);
|
|
goto fail;
|
|
}
|
|
return 1;
|
|
|
|
fail:
|
|
BN_clear_free(dhg->g);
|
|
BN_clear_free(dhg->p);
|
|
dhg->g = dhg->p = NULL;
|
|
return 0;
|
|
}
|
|
|
|
DH *
|
|
choose_dh(int min, int wantbits, int max)
|
|
{
|
|
FILE *f;
|
|
char *line = NULL;
|
|
size_t linesize = 0;
|
|
int best, bestcount, which, linenum;
|
|
struct dhgroup dhg;
|
|
|
|
if ((f = fopen(get_moduli_filename(), "r")) == NULL) {
|
|
logit("WARNING: could not open %s (%s), using fixed modulus",
|
|
get_moduli_filename(), strerror(errno));
|
|
return (dh_new_group_fallback(max));
|
|
}
|
|
|
|
linenum = 0;
|
|
best = bestcount = 0;
|
|
while (getline(&line, &linesize, f) != -1) {
|
|
linenum++;
|
|
if (!parse_prime(linenum, line, &dhg))
|
|
continue;
|
|
BN_clear_free(dhg.g);
|
|
BN_clear_free(dhg.p);
|
|
|
|
if (dhg.size > max || dhg.size < min)
|
|
continue;
|
|
|
|
if ((dhg.size > wantbits && dhg.size < best) ||
|
|
(dhg.size > best && best < wantbits)) {
|
|
best = dhg.size;
|
|
bestcount = 0;
|
|
}
|
|
if (dhg.size == best)
|
|
bestcount++;
|
|
}
|
|
free(line);
|
|
line = NULL;
|
|
linesize = 0;
|
|
rewind(f);
|
|
|
|
if (bestcount == 0) {
|
|
fclose(f);
|
|
logit("WARNING: no suitable primes in %s",
|
|
get_moduli_filename());
|
|
return (dh_new_group_fallback(max));
|
|
}
|
|
which = arc4random_uniform(bestcount);
|
|
|
|
linenum = 0;
|
|
bestcount = 0;
|
|
while (getline(&line, &linesize, f) != -1) {
|
|
linenum++;
|
|
if (!parse_prime(linenum, line, &dhg))
|
|
continue;
|
|
if ((dhg.size > max || dhg.size < min) ||
|
|
dhg.size != best ||
|
|
bestcount++ != which) {
|
|
BN_clear_free(dhg.g);
|
|
BN_clear_free(dhg.p);
|
|
continue;
|
|
}
|
|
break;
|
|
}
|
|
free(line);
|
|
line = NULL;
|
|
fclose(f);
|
|
if (bestcount != which + 1) {
|
|
logit("WARNING: selected prime disappeared in %s, giving up",
|
|
get_moduli_filename());
|
|
return (dh_new_group_fallback(max));
|
|
}
|
|
|
|
return (dh_new_group(dhg.g, dhg.p));
|
|
}
|
|
|
|
/* diffie-hellman-groupN-sha1 */
|
|
|
|
int
|
|
dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub)
|
|
{
|
|
int i;
|
|
int n = BN_num_bits(dh_pub);
|
|
int bits_set = 0;
|
|
BIGNUM *tmp;
|
|
const BIGNUM *dh_p;
|
|
|
|
DH_get0_pqg(dh, &dh_p, NULL, NULL);
|
|
|
|
if (BN_is_negative(dh_pub)) {
|
|
logit("invalid public DH value: negative");
|
|
return 0;
|
|
}
|
|
if (BN_cmp(dh_pub, BN_value_one()) != 1) { /* pub_exp <= 1 */
|
|
logit("invalid public DH value: <= 1");
|
|
return 0;
|
|
}
|
|
|
|
if ((tmp = BN_new()) == NULL) {
|
|
error_f("BN_new failed");
|
|
return 0;
|
|
}
|
|
if (!BN_sub(tmp, dh_p, BN_value_one()) ||
|
|
BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
|
|
BN_clear_free(tmp);
|
|
logit("invalid public DH value: >= p-1");
|
|
return 0;
|
|
}
|
|
BN_clear_free(tmp);
|
|
|
|
for (i = 0; i <= n; i++)
|
|
if (BN_is_bit_set(dh_pub, i))
|
|
bits_set++;
|
|
debug2("bits set: %d/%d", bits_set, BN_num_bits(dh_p));
|
|
|
|
/*
|
|
* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial
|
|
*/
|
|
if (bits_set < 4) {
|
|
logit("invalid public DH value (%d/%d)",
|
|
bits_set, BN_num_bits(dh_p));
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int
|
|
dh_gen_key(DH *dh, int need)
|
|
{
|
|
int pbits;
|
|
const BIGNUM *dh_p, *pub_key;
|
|
|
|
DH_get0_pqg(dh, &dh_p, NULL, NULL);
|
|
|
|
if (need < 0 || dh_p == NULL ||
|
|
(pbits = BN_num_bits(dh_p)) <= 0 ||
|
|
need > INT_MAX / 2 || 2 * need > pbits)
|
|
return SSH_ERR_INVALID_ARGUMENT;
|
|
if (need < 256)
|
|
need = 256;
|
|
/*
|
|
* Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
|
|
* so double requested need here.
|
|
*/
|
|
if (!DH_set_length(dh, MINIMUM(need * 2, pbits - 1)))
|
|
return SSH_ERR_LIBCRYPTO_ERROR;
|
|
|
|
if (DH_generate_key(dh) == 0)
|
|
return SSH_ERR_LIBCRYPTO_ERROR;
|
|
DH_get0_key(dh, &pub_key, NULL);
|
|
if (!dh_pub_is_valid(dh, pub_key))
|
|
return SSH_ERR_INVALID_FORMAT;
|
|
return 0;
|
|
}
|
|
|
|
DH *
|
|
dh_new_group_asc(const char *gen, const char *modulus)
|
|
{
|
|
DH *dh;
|
|
BIGNUM *dh_p = NULL, *dh_g = NULL;
|
|
|
|
if ((dh = DH_new()) == NULL)
|
|
return NULL;
|
|
if (BN_hex2bn(&dh_p, modulus) == 0 ||
|
|
BN_hex2bn(&dh_g, gen) == 0)
|
|
goto fail;
|
|
if (!DH_set0_pqg(dh, dh_p, NULL, dh_g))
|
|
goto fail;
|
|
return dh;
|
|
fail:
|
|
DH_free(dh);
|
|
BN_clear_free(dh_p);
|
|
BN_clear_free(dh_g);
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* This just returns the group, we still need to generate the exchange
|
|
* value.
|
|
*/
|
|
DH *
|
|
dh_new_group(BIGNUM *gen, BIGNUM *modulus)
|
|
{
|
|
DH *dh;
|
|
|
|
if ((dh = DH_new()) == NULL)
|
|
return NULL;
|
|
if (!DH_set0_pqg(dh, modulus, NULL, gen)) {
|
|
DH_free(dh);
|
|
return NULL;
|
|
}
|
|
|
|
return dh;
|
|
}
|
|
|
|
/* rfc2409 "Second Oakley Group" (1024 bits) */
|
|
DH *
|
|
dh_new_group1(void)
|
|
{
|
|
static char *gen = "2", *group1 =
|
|
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
|
|
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
|
|
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
|
|
"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
|
|
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
|
|
"FFFFFFFF" "FFFFFFFF";
|
|
|
|
return (dh_new_group_asc(gen, group1));
|
|
}
|
|
|
|
/* rfc3526 group 14 "2048-bit MODP Group" */
|
|
DH *
|
|
dh_new_group14(void)
|
|
{
|
|
static char *gen = "2", *group14 =
|
|
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
|
|
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
|
|
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
|
|
"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
|
|
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
|
|
"C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
|
|
"83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
|
|
"670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
|
|
"E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
|
|
"DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
|
|
"15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF";
|
|
|
|
return (dh_new_group_asc(gen, group14));
|
|
}
|
|
|
|
/* rfc3526 group 16 "4096-bit MODP Group" */
|
|
DH *
|
|
dh_new_group16(void)
|
|
{
|
|
static char *gen = "2", *group16 =
|
|
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
|
|
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
|
|
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
|
|
"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
|
|
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
|
|
"C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
|
|
"83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
|
|
"670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
|
|
"E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
|
|
"DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
|
|
"15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64"
|
|
"ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7"
|
|
"ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B"
|
|
"F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C"
|
|
"BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31"
|
|
"43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7"
|
|
"88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA"
|
|
"2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6"
|
|
"287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED"
|
|
"1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9"
|
|
"93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199"
|
|
"FFFFFFFF" "FFFFFFFF";
|
|
|
|
return (dh_new_group_asc(gen, group16));
|
|
}
|
|
|
|
/* rfc3526 group 18 "8192-bit MODP Group" */
|
|
DH *
|
|
dh_new_group18(void)
|
|
{
|
|
static char *gen = "2", *group18 =
|
|
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
|
|
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
|
|
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
|
|
"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
|
|
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
|
|
"C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
|
|
"83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
|
|
"670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
|
|
"E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
|
|
"DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
|
|
"15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64"
|
|
"ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7"
|
|
"ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B"
|
|
"F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C"
|
|
"BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31"
|
|
"43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7"
|
|
"88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA"
|
|
"2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6"
|
|
"287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED"
|
|
"1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9"
|
|
"93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34028492"
|
|
"36C3FAB4" "D27C7026" "C1D4DCB2" "602646DE" "C9751E76" "3DBA37BD"
|
|
"F8FF9406" "AD9E530E" "E5DB382F" "413001AE" "B06A53ED" "9027D831"
|
|
"179727B0" "865A8918" "DA3EDBEB" "CF9B14ED" "44CE6CBA" "CED4BB1B"
|
|
"DB7F1447" "E6CC254B" "33205151" "2BD7AF42" "6FB8F401" "378CD2BF"
|
|
"5983CA01" "C64B92EC" "F032EA15" "D1721D03" "F482D7CE" "6E74FEF6"
|
|
"D55E702F" "46980C82" "B5A84031" "900B1C9E" "59E7C97F" "BEC7E8F3"
|
|
"23A97A7E" "36CC88BE" "0F1D45B7" "FF585AC5" "4BD407B2" "2B4154AA"
|
|
"CC8F6D7E" "BF48E1D8" "14CC5ED2" "0F8037E0" "A79715EE" "F29BE328"
|
|
"06A1D58B" "B7C5DA76" "F550AA3D" "8A1FBFF0" "EB19CCB1" "A313D55C"
|
|
"DA56C9EC" "2EF29632" "387FE8D7" "6E3C0468" "043E8F66" "3F4860EE"
|
|
"12BF2D5B" "0B7474D6" "E694F91E" "6DBE1159" "74A3926F" "12FEE5E4"
|
|
"38777CB6" "A932DF8C" "D8BEC4D0" "73B931BA" "3BC832B6" "8D9DD300"
|
|
"741FA7BF" "8AFC47ED" "2576F693" "6BA42466" "3AAB639C" "5AE4F568"
|
|
"3423B474" "2BF1C978" "238F16CB" "E39D652D" "E3FDB8BE" "FC848AD9"
|
|
"22222E04" "A4037C07" "13EB57A8" "1A23F0C7" "3473FC64" "6CEA306B"
|
|
"4BCBC886" "2F8385DD" "FA9D4B7F" "A2C087E8" "79683303" "ED5BDD3A"
|
|
"062B3CF5" "B3A278A6" "6D2A13F8" "3F44F82D" "DF310EE0" "74AB6A36"
|
|
"4597E899" "A0255DC1" "64F31CC5" "0846851D" "F9AB4819" "5DED7EA1"
|
|
"B1D510BD" "7EE74D73" "FAF36BC3" "1ECFA268" "359046F4" "EB879F92"
|
|
"4009438B" "481C6CD7" "889A002E" "D5EE382B" "C9190DA6" "FC026E47"
|
|
"9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71"
|
|
"60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF";
|
|
|
|
return (dh_new_group_asc(gen, group18));
|
|
}
|
|
|
|
/* Select fallback group used by DH-GEX if moduli file cannot be read. */
|
|
DH *
|
|
dh_new_group_fallback(int max)
|
|
{
|
|
debug3_f("requested max size %d", max);
|
|
if (max < 3072) {
|
|
debug3("using 2k bit group 14");
|
|
return dh_new_group14();
|
|
} else if (max < 6144) {
|
|
debug3("using 4k bit group 16");
|
|
return dh_new_group16();
|
|
}
|
|
debug3("using 8k bit group 18");
|
|
return dh_new_group18();
|
|
}
|
|
|
|
/*
|
|
* Estimates the group order for a Diffie-Hellman group that has an
|
|
* attack complexity approximately the same as O(2**bits).
|
|
* Values from NIST Special Publication 800-57: Recommendation for Key
|
|
* Management Part 1 (rev 3) limited by the recommended maximum value
|
|
* from RFC4419 section 3.
|
|
*/
|
|
u_int
|
|
dh_estimate(int bits)
|
|
{
|
|
if (bits <= 112)
|
|
return 2048;
|
|
if (bits <= 128)
|
|
return 3072;
|
|
if (bits <= 192)
|
|
return 7680;
|
|
return 8192;
|
|
}
|
|
|
|
#endif /* WITH_OPENSSL */
|