diff options
author | Jack Lloyd <[email protected]> | 2017-01-06 15:14:01 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-01-06 15:14:01 -0500 |
commit | c89a4a70fddb8d623b11dcbcb17daca772c27f91 (patch) | |
tree | 6b54f7f93e4e9222f6dd22d12e3efb5b1df3fa0c | |
parent | b553d67bcfcac8020bdb720a9bd0680584ddaf77 (diff) |
Fix how DL_Group chooses generator for strong prime groups.
Previously it fixed g=2 but this is not always correct. GH #784
Change default PEM header for X9.42 groups to match OpenSSL. We
accept either on decoding. GH #784
Change {DL_Group,EC_Group}::PEM_for_named_curve to return std::string
instead of a const char*. That makes a future refactoring I have in
mind possible without breaking API.
-rw-r--r-- | src/lib/pubkey/dl_group/dl_group.cpp | 23 | ||||
-rw-r--r-- | src/lib/pubkey/dl_group/dl_group.h | 2 | ||||
-rw-r--r-- | src/lib/pubkey/dl_group/dl_named.cpp | 4 | ||||
-rw-r--r-- | src/lib/pubkey/ec_group/ec_group.cpp | 4 | ||||
-rw-r--r-- | src/lib/pubkey/ec_group/ec_group.h | 2 | ||||
-rw-r--r-- | src/lib/pubkey/ec_group/ec_named.cpp | 5 |
6 files changed, 28 insertions, 12 deletions
diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index adf207b43..6d7f0b107 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -29,9 +29,9 @@ DL_Group::DL_Group() */ DL_Group::DL_Group(const std::string& name) { - const char* pem = PEM_for_named_group(name); + const std::string pem = PEM_for_named_group(name); - if(!pem) + if(pem == "") throw Invalid_Argument("DL_Group: Unknown group " + name); PEM_decode(pem); @@ -52,6 +52,21 @@ DL_Group::DL_Group(RandomNumberGenerator& rng, m_p = random_safe_prime(rng, pbits); m_q = (m_p - 1) / 2; m_g = 2; + + /* + Always choose a generator that is quadratic reside mod p, + this forces g to be a generator of the subgroup of size q. + */ + if(jacobi(m_g, m_p) != 1) + { + // prime table does not contain 2 + for(size_t i = 0; i < PRIME_TABLE_SIZE; ++i) + { + m_g = PRIMES[i]; + if(jacobi(m_g, m_p) == 1) + break; + } + } } else if(type == Prime_Subgroup) { @@ -259,7 +274,7 @@ std::string DL_Group::PEM_encode(Format format) const else if(format == ANSI_X9_57) return PEM_Code::encode(encoding, "DSA PARAMETERS"); else if(format == ANSI_X9_42) - return PEM_Code::encode(encoding, "X942 DH PARAMETERS"); + return PEM_Code::encode(encoding, "X9.42 DH PARAMETERS"); else throw Invalid_Argument("Unknown DL_Group encoding " + std::to_string(format)); } @@ -314,7 +329,7 @@ void DL_Group::PEM_decode(const std::string& pem) BER_decode(ber, PKCS_3); else if(label == "DSA PARAMETERS") BER_decode(ber, ANSI_X9_57); - else if(label == "X942 DH PARAMETERS") + else if(label == "X942 DH PARAMETERS" || label == "X9.42 DH PARAMETERS") BER_decode(ber, ANSI_X9_42); else throw Decoding_Error("DL_Group: Invalid PEM label " + label); diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h index 98a49649c..7cbf81c20 100644 --- a/src/lib/pubkey/dl_group/dl_group.h +++ b/src/lib/pubkey/dl_group/dl_group.h @@ -155,7 +155,7 @@ class BOTAN_DLL DL_Group /** * Return PEM representation of named DL group */ - static const char* PEM_for_named_group(const std::string& name); + static std::string PEM_for_named_group(const std::string& name); private: static BigInt make_dsa_generator(const BigInt&, const BigInt&); diff --git a/src/lib/pubkey/dl_group/dl_named.cpp b/src/lib/pubkey/dl_group/dl_named.cpp index 56871657e..4df9732be 100644 --- a/src/lib/pubkey/dl_group/dl_named.cpp +++ b/src/lib/pubkey/dl_group/dl_named.cpp @@ -9,7 +9,7 @@ namespace Botan { -const char* DL_Group::PEM_for_named_group(const std::string& name) +std::string DL_Group::PEM_for_named_group(const std::string& name) { if(name == "modp/ietf/1024") return @@ -354,7 +354,7 @@ const char* DL_Group::PEM_for_named_group(const std::string& name) "eMFVkc39EVZP+I/zi3IdQjkv2kcyEtz9jS2IqXagCv/m//tDCjWeZMorNRyiQSOU" "-----END DSA PARAMETERS-----"; - return nullptr; + return ""; } } diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index a5262fd5e..cbc628195 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -17,9 +17,9 @@ namespace Botan { EC_Group::EC_Group(const OID& domain_oid) { - const char* pem = PEM_for_named_group(OIDS::lookup(domain_oid)); + const std::string pem = PEM_for_named_group(OIDS::lookup(domain_oid)); - if(!pem) + if(pem == "") throw Lookup_Error("No ECC domain data for " + domain_oid.as_string()); *this = EC_Group(pem); diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index b623a876d..15c09a54d 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -125,7 +125,7 @@ class BOTAN_DLL EC_Group /** * Return PEM representation of named EC group */ - static const char* PEM_for_named_group(const std::string& name); + static std::string PEM_for_named_group(const std::string& name); private: CurveGFp m_curve; diff --git a/src/lib/pubkey/ec_group/ec_named.cpp b/src/lib/pubkey/ec_group/ec_named.cpp index c19b8ed37..2aef0ad31 100644 --- a/src/lib/pubkey/ec_group/ec_named.cpp +++ b/src/lib/pubkey/ec_group/ec_named.cpp @@ -9,7 +9,8 @@ namespace Botan { -const char* EC_Group::PEM_for_named_group(const std::string& name) +//static +std::string EC_Group::PEM_for_named_group(const std::string& name) { if(name == "secp160k1") return @@ -270,7 +271,7 @@ const char* EC_Group::PEM_for_named_group(const std::string& name) return BOTAN_HOUSE_ECC_CURVE_PEM; #endif - return nullptr; + return ""; } } |