"ECP_256",
"ECP_384",
"ECP_521");
-ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_224_BIT, ECP_521_BIT,
+ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, CURVE_448, ECP_521_BIT,
"MODP_1024_160",
"MODP_2048_224",
"MODP_2048_256",
"ECP_192",
- "ECP_224");
-ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_224_BIT,
- "MODP_NULL",
+ "ECP_224",
+ "ECP_224_BP",
+ "ECP_256_BP",
+ "ECP_384_BP",
+ "ECP_512_BP",
+ "CURVE_25519",
+ "CURVE_448");
+ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, CURVE_448,
+ "MODP_NULL");
+ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
+ "NTRU_112",
+ "NTRU_128",
+ "NTRU_192",
+ "NTRU_256");
+ENUM_NEXT(diffie_hellman_group_names, NH_128_BIT, NH_128_BIT, NTRU_256_BIT,
+ "NEWHOPE_128");
+ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT,
"MODP_CUSTOM");
ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
} dh_params[] = {
{
.group = MODP_768_BIT, .opt_exp = 32, .public = {
+ .exp_len = 32,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_1024_BIT, .opt_exp = 32, .public = {
+ .exp_len = 32,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_1536_BIT, .opt_exp = 32, .public = {
+ .exp_len = 32,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_2048_BIT, .opt_exp = 48, .public = {
+ .exp_len = 48,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_3072_BIT, .opt_exp = 48, .public = {
+ .exp_len = 48,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_4096_BIT, .opt_exp = 64, .public = {
+ .exp_len = 64,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_6144_BIT, .opt_exp = 64, .public = {
+ .exp_len = 64,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_8192_BIT, .opt_exp = 64, .public = {
+ .exp_len = 64,
.generator = chunk_from_chars(0x02),
.prime = chunk_from_chars(
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,
0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
- .exp_len = 0,
},
},{
.group = MODP_1024_160, .opt_exp = 20, .public = {
+ .exp_len = 20,
.subgroup = chunk_from_chars(
0xF5,0x18,0xAA,0x87,0x81,0xA8,0xDF,0x27,0x8A,0xBA,0x4E,0x7D,0x64,0xB7,0xCB,0x9D,
0x49,0x46,0x23,0x53),
},
}, {
.group = MODP_2048_224, .opt_exp = 28, .public = {
+ .exp_len = 28,
.subgroup = chunk_from_chars(
0x80,0x1C,0x0D,0x34,0xC5,0x8D,0x93,0xFE,0x99,0x71,0x77,0x10,0x1F,0x80,0x53,0x5A,
0x47,0x38,0xCE,0xBC,0xBF,0x38,0x9A,0x99,0xB3,0x63,0x71,0xEB),
},
},{
.group = MODP_2048_256, .opt_exp = 32, .public = {
+ .exp_len = 32,
.subgroup = chunk_from_chars(
0x8C,0xF8,0x36,0x42,0xA7,0x09,0xA0,0x97,0xB4,0x47,0x99,0x76,0x40,0x12,0x9D,0xA2,
0x99,0xB1,0xA4,0x7D,0x1E,0xB3,0x75,0x0B,0xA3,0x08,0xB0,0xFE,0x64,0xF5,0xFB,0xD3),
},
};
+/**
+ * See header.
+ */
+void diffie_hellman_init()
+{
+ int i;
+
+ if (lib->settings->get_bool(lib->settings,
+ "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns))
+ {
+ for (i = 0; i < countof(dh_params); i++)
+ {
+ /* according to RFC 5114 the size of the exponent for these DH
+ * groups should equal the size of their prime order subgroup */
+ if (dh_params[i].public.subgroup.len)
+ {
+ continue;
+ }
+ dh_params[i].public.exp_len = dh_params[i].public.prime.len;
+ }
+ }
+}
+
/**
* Described in header.
*/
if (!dh_params[i].public.exp_len)
{
if (!dh_params[i].public.subgroup.len &&
- lib->settings->get_int(lib->settings,
- "libstrongswan.dh_exponent_ansi_x9_42", TRUE))
+ lib->settings->get_bool(lib->settings,
+ "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns))
{
dh_params[i].public.exp_len = dh_params[i].public.prime.len;
}
case ECP_521_BIT:
case ECP_192_BIT:
case ECP_224_BIT:
+ case ECP_224_BP:
+ case ECP_256_BP:
+ case ECP_384_BP:
+ case ECP_512_BP:
return TRUE;
default:
return FALSE;
}
}
+
+/**
+ * See header.
+ */
+bool diffie_hellman_verify_value(diffie_hellman_group_t group, chunk_t value)
+{
+ diffie_hellman_params_t *params;
+ bool valid = FALSE;
+
+ switch (group)
+ {
+ case MODP_768_BIT:
+ case MODP_1024_BIT:
+ case MODP_1536_BIT:
+ case MODP_2048_BIT:
+ case MODP_3072_BIT:
+ case MODP_4096_BIT:
+ case MODP_6144_BIT:
+ case MODP_8192_BIT:
+ case MODP_1024_160:
+ case MODP_2048_224:
+ case MODP_2048_256:
+ params = diffie_hellman_get_params(group);
+ if (params)
+ {
+ valid = value.len == params->prime.len;
+ }
+ break;
+ case ECP_192_BIT:
+ valid = value.len == 48;
+ break;
+ case ECP_224_BIT:
+ case ECP_224_BP:
+ valid = value.len == 56;
+ break;
+ case ECP_256_BIT:
+ case ECP_256_BP:
+ valid = value.len == 64;
+ break;
+ case ECP_384_BIT:
+ case ECP_384_BP:
+ valid = value.len == 96;
+ break;
+ case ECP_512_BP:
+ valid = value.len == 128;
+ break;
+ case ECP_521_BIT:
+ valid = value.len == 132;
+ break;
+ case CURVE_25519:
+ valid = value.len == 32;
+ break;
+ case CURVE_448:
+ valid = value.len == 56;
+ break;
+ case NTRU_112_BIT:
+ case NTRU_128_BIT:
+ case NTRU_192_BIT:
+ case NTRU_256_BIT:
+ case NH_128_BIT:
+ /* verification currently not supported, do in plugin */
+ valid = FALSE;
+ break;
+ case MODP_NULL:
+ case MODP_CUSTOM:
+ valid = TRUE;
+ break;
+ case MODP_NONE:
+ /* fail */
+ break;
+ /* compile-warn unhandled groups, fail verification */
+ }
+ if (!valid)
+ {
+ DBG1(DBG_ENC, "invalid DH public value size (%zu bytes) for %N",
+ value.len, diffie_hellman_group_names, group);
+ }
+ return valid;
+}