From 1898837a5e57d08644faa34b15a9e2e2bec0f99e Mon Sep 17 00:00:00 2001 From: Brian Wellington Date: Wed, 12 Dec 2001 17:18:52 +0000 Subject: [PATCH] Add the well-known 1536 bit prime from draft-ietf-dnsext-rfc2539bis-dhk-01.txt --- lib/dns/sec/dst/openssldh_link.c | 48 ++++++++++++++++++++++++++------ 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/lib/dns/sec/dst/openssldh_link.c b/lib/dns/sec/dst/openssldh_link.c index 55c4af75f5..81b2be0863 100644 --- a/lib/dns/sec/dst/openssldh_link.c +++ b/lib/dns/sec/dst/openssldh_link.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssldh_link.c,v 1.45 2001/12/12 17:09:37 bwelling Exp $ + * $Id: openssldh_link.c,v 1.46 2001/12/12 17:18:52 bwelling Exp $ */ #ifdef OPENSSL @@ -48,9 +48,19 @@ "5F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406" \ "B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF" +#define PRIME1536 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \ + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \ + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \ + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ + "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF" + + static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data); -static BIGNUM bn2, bn768, bn1024; +static BIGNUM bn2, bn768, bn1024, bn1536; static isc_result_t openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv, @@ -133,14 +143,19 @@ openssldh_generate(dst_key_t *key, int generator) { DH *dh = NULL; if (generator == 0) { - if (key->key_size == 768 || key->key_size == 1024) { + if (key->key_size == 768 || + key->key_size == 1024 || + key->key_size == 1536) + { dh = DH_new(); if (dh == NULL) return (ISC_R_NOMEMORY); if (key->key_size == 768) dh->p = &bn768; - else + else if (key->key_size == 1024) dh->p = &bn1024; + else + dh->p = &bn1536; dh->g = &bn2; } else @@ -178,7 +193,7 @@ openssldh_destroy(dst_key_t *key) { if (dh == NULL) return; - if (dh->p == &bn768 || dh->p == &bn1024) + if (dh->p == &bn768 || dh->p == &bn1024 || dh->p == &bn1536) dh->p = NULL; if (dh->g == &bn2) dh->g = NULL; @@ -216,7 +231,8 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) { isc_buffer_availableregion(data, &r); - if (dh->g == &bn2 && (dh->p == &bn768 || dh->p == &bn1024)) { + if (dh->g == &bn2 && + (dh->p == &bn768 || dh->p == &bn1024 || dh->p == &bn1536)) { plen = 1; glen = 0; } @@ -233,8 +249,10 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) { if (plen == 1) { if (dh->p == &bn768) *r.base = 1; - else + else if (dh->p == &bn1024) *r.base = 2; + else + *r.base = 3; } else BN_bn2bin(dh->p, r.base); @@ -299,6 +317,9 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) { case 2: dh->p = &bn1024; break; + case 3: + dh->p = &bn1536; + break; default: DH_free(dh); return (DST_R_INVALIDPUBLICKEY); @@ -475,7 +496,9 @@ openssldh_fromfile(dst_key_t *key, const char *filename) { key->key_size = BN_num_bits(dh->p); - if ((key->key_size == 768 || key->key_size == 1024) && + if ((key->key_size == 768 || + key->key_size == 1024 || + key->key_size == 1536) && BN_cmp(dh->g, &bn2) == 0) { if (key->key_size == 768 && BN_cmp(dh->p, &bn768) == 0) { @@ -489,6 +512,12 @@ openssldh_fromfile(dst_key_t *key, const char *filename) { BN_free(dh->g); dh->p = &bn1024; dh->g = &bn2; + } else if (key->key_size == 1536 && + BN_cmp(dh->p, &bn1536) == 0) { + BN_free(dh->p); + BN_free(dh->g); + dh->p = &bn1536; + dh->g = &bn2; } } @@ -532,6 +561,7 @@ openssldh_cleanup(void) { BN_free(&bn2); BN_free(&bn768); BN_free(&bn1024); + BN_free(&bn1536); } static dst_func_t openssldh_functions = { @@ -560,9 +590,11 @@ dst__openssldh_init(dst_func_t **funcp) { BN_init(&bn2); BN_init(&bn768); BN_init(&bn1024); + BN_init(&bn1536); BN_set_word(&bn2, 2); BN_fromhex(&bn768, PRIME768); BN_fromhex(&bn1024, PRIME1024); + BN_fromhex(&bn1536, PRIME1536); *funcp = &openssldh_functions; } return (ISC_R_SUCCESS);