mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

Add the well-known 1536 bit prime from draft-ietf-dnsext-rfc2539bis-dhk-01.txt

Browse Source
This commit is contained in:
Brian Wellington
2001-12-12 17:18:52 +00:00
parent 9af8851b85
commit 1898837a5e
1 changed files with 40 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
lib/dns/sec/dst/openssldh_link.c
View File

@@ -19,7 +19,7 @@
/* /*
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
* $Id: openssldh_link.c,v 1.45 2001/12/12 17:09:37 bwelling Exp $ * $Id: openssldh_link.c,v 1.46 2001/12/12 17:18:52 bwelling Exp $
*/ */
#ifdef OPENSSL #ifdef OPENSSL
@@ -48,9 +48,19 @@
"5F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406" \ "5F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406" \
"B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF" "B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF"
#define PRIME1536 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF"
static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data); static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data);
static BIGNUM bn2, bn768, bn1024; static BIGNUM bn2, bn768, bn1024, bn1536;
static isc_result_t static isc_result_t
openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv, openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
@@ -133,14 +143,19 @@ openssldh_generate(dst_key_t *key, int generator) {
DH *dh = NULL; DH *dh = NULL;
if (generator == 0) { if (generator == 0) {
if (key->key_size == 768 || key->key_size == 1024) { if (key->key_size == 768 ||
key->key_size == 1024 ||
key->key_size == 1536)
{
dh = DH_new(); dh = DH_new();
if (dh == NULL) if (dh == NULL)
return (ISC_R_NOMEMORY); return (ISC_R_NOMEMORY);
if (key->key_size == 768) if (key->key_size == 768)
dh->p = &bn768; dh->p = &bn768;
else else if (key->key_size == 1024)
dh->p = &bn1024; dh->p = &bn1024;
else
dh->p = &bn1536;
dh->g = &bn2; dh->g = &bn2;
} }
else else
@@ -178,7 +193,7 @@ openssldh_destroy(dst_key_t *key) {
if (dh == NULL) if (dh == NULL)
return; return;
if (dh->p == &bn768 || dh->p == &bn1024) if (dh->p == &bn768 || dh->p == &bn1024 || dh->p == &bn1536)
dh->p = NULL; dh->p = NULL;
if (dh->g == &bn2) if (dh->g == &bn2)
dh->g = NULL; dh->g = NULL;
@@ -216,7 +231,8 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_buffer_availableregion(data, &r); isc_buffer_availableregion(data, &r);
if (dh->g == &bn2 && (dh->p == &bn768 || dh->p == &bn1024)) { if (dh->g == &bn2 &&
(dh->p == &bn768 || dh->p == &bn1024 || dh->p == &bn1536)) {
plen = 1; plen = 1;
glen = 0; glen = 0;
} }
@@ -233,8 +249,10 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
if (plen == 1) { if (plen == 1) {
if (dh->p == &bn768) if (dh->p == &bn768)
*r.base = 1; *r.base = 1;
else else if (dh->p == &bn1024)
*r.base = 2; *r.base = 2;
else
*r.base = 3;
} }
else else
BN_bn2bin(dh->p, r.base); BN_bn2bin(dh->p, r.base);
@@ -299,6 +317,9 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
case 2: case 2:
dh->p = &bn1024; dh->p = &bn1024;
break; break;
case 3:
dh->p = &bn1536;
break;
default: default:
DH_free(dh); DH_free(dh);
return (DST_R_INVALIDPUBLICKEY); return (DST_R_INVALIDPUBLICKEY);
@@ -475,7 +496,9 @@ openssldh_fromfile(dst_key_t *key, const char *filename) {
key->key_size = BN_num_bits(dh->p); key->key_size = BN_num_bits(dh->p);
if ((key->key_size == 768 || key->key_size == 1024) && if ((key->key_size == 768 ||
key->key_size == 1024 ||
key->key_size == 1536) &&
BN_cmp(dh->g, &bn2) == 0) BN_cmp(dh->g, &bn2) == 0)
{ {
if (key->key_size == 768 && BN_cmp(dh->p, &bn768) == 0) { if (key->key_size == 768 && BN_cmp(dh->p, &bn768) == 0) {
@@ -489,6 +512,12 @@ openssldh_fromfile(dst_key_t *key, const char *filename) {
BN_free(dh->g); BN_free(dh->g);
dh->p = &bn1024; dh->p = &bn1024;
dh->g = &bn2; dh->g = &bn2;
} else if (key->key_size == 1536 &&
BN_cmp(dh->p, &bn1536) == 0) {
BN_free(dh->p);
BN_free(dh->g);
dh->p = &bn1536;
dh->g = &bn2;
} }
} }
@@ -532,6 +561,7 @@ openssldh_cleanup(void) {
BN_free(&bn2); BN_free(&bn2);
BN_free(&bn768); BN_free(&bn768);
BN_free(&bn1024); BN_free(&bn1024);
BN_free(&bn1536);
} }
static dst_func_t openssldh_functions = { static dst_func_t openssldh_functions = {
@@ -560,9 +590,11 @@ dst__openssldh_init(dst_func_t **funcp) {
BN_init(&bn2); BN_init(&bn2);
BN_init(&bn768); BN_init(&bn768);
BN_init(&bn1024); BN_init(&bn1024);
BN_init(&bn1536);
BN_set_word(&bn2, 2); BN_set_word(&bn2, 2);
BN_fromhex(&bn768, PRIME768); BN_fromhex(&bn768, PRIME768);
BN_fromhex(&bn1024, PRIME1024); BN_fromhex(&bn1024, PRIME1024);
BN_fromhex(&bn1536, PRIME1536);
*funcp = &openssldh_functions; *funcp = &openssldh_functions;
} }
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);