aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--news.rst27
-rw-r--r--src/cli/pubkey.cpp2
-rw-r--r--src/lib/pubkey/dl_group/dl_group.h4
-rw-r--r--src/lib/pubkey/dl_group/dl_named.cpp8
-rw-r--r--src/tests/test_dl_group.cpp146
5 files changed, 169 insertions, 18 deletions
diff --git a/news.rst b/news.rst
index 23729c92c..87235ba9a 100644
--- a/news.rst
+++ b/news.rst
@@ -6,25 +6,30 @@ Version 1.11.35, Not Yet Released
* Fix a longstanding bug in modular exponentiation which caused most
exponentiations modulo an even number to have an incorrect result; such moduli
- occur only rarely in cryptographic contexts. GH #754
+ occur only rarely in cryptographic contexts. (GH #754)
* Fix a bug in BigInt multiply operation, introduced in 1.11.30, which could
cause incorrect results. Found by OSS-Fuzz fuzzing the ressol function, where
the bug manifested as an incorrect modular exponentiation. OSS-Fuzz bug #287
-* Changes all Public_Key derived class ctors to take a
- std::vector instead of a secure_vector for the DER encoded
- public key bits. (GH #768)
+* Fix a bug that meant the "ietf/modp/6144" and "ietf/modp/8192" discrete log
+ groups used an incorrect value for the generator, specifically the value
+ (p-1)/2 was used instead of the correct value of 2.
-* Allow use of custom extensions when creating X.509 certificates
- (GH #744)
+* The DL_Group enum value X942_DH_PARAMETERS has been renamed
+ ANSI_X9_42_DH_PARAMETERS to avoid a conflict with Windows headers (GH #482)
-* Add ISO 9796-2 signature padding schemes DS2 and DS3. These schemes provide message recovery
- (part or all of the plaintext message can be recovered from the signature alone) and are
- used by some industry protocols. (GH #759)
+* Changes all Public_Key derived class ctors to take a std::vector instead of a
+ secure_vector for the DER encoded public key bits. (GH #768)
-* Rewrite all the code that handles parsing CBC padding bytes to run
- without conditional jumps or loads. (GH #765 #728)
+* Allow use of custom extensions when creating X.509 certificates (GH #744)
+
+* Add ISO 9796-2 signature padding schemes DS2 and DS3. These schemes provide
+ message recovery (part or all of the plaintext message can be recovered from
+ the signature alone) and are used by some industry protocols. (GH #759)
+
+* Rewrite all the code that handles parsing CBC padding bytes to run without
+ conditional jumps or loads. (GH #765 #728)
* Fix deref of invalid memory location in TLS client when the server chooses a
ciphersuite value larger than the largest TLS ciphersuite ID compiled into the
diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp
index 3a4ce7717..aac493a0e 100644
--- a/src/cli/pubkey.cpp
+++ b/src/cli/pubkey.cpp
@@ -192,7 +192,7 @@ class DL_Group_Info final : public Command
if(flag_set("pem"))
{
- output() << group.PEM_encode(Botan::DL_Group::X942_DH_PARAMETERS);
+ output() << group.PEM_encode(Botan::DL_Group::ANSI_X9_42_DH_PARAMETERS);
}
else
{
diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h
index 39ad9b954..98a49649c 100644
--- a/src/lib/pubkey/dl_group/dl_group.h
+++ b/src/lib/pubkey/dl_group/dl_group.h
@@ -49,7 +49,7 @@ class BOTAN_DLL DL_Group
DSA_PARAMETERS = ANSI_X9_57,
DH_PARAMETERS = ANSI_X9_42,
- X942_DH_PARAMETERS = ANSI_X9_42,
+ ANSI_X9_42_DH_PARAMETERS = ANSI_X9_42,
PKCS3_DH_PARAMETERS = PKCS_3
};
@@ -106,7 +106,7 @@ class BOTAN_DLL DL_Group
* @param name the name that is configured in the global configuration
* for the desired group. If no configuration file is specified,
* the default values from the file policy.cpp will be used. For instance,
- * use "modp/ietf/768" as name.
+ * use "modp/ietf/3072".
*/
DL_Group(const std::string& name);
diff --git a/src/lib/pubkey/dl_group/dl_named.cpp b/src/lib/pubkey/dl_group/dl_named.cpp
index 9c084c80b..56871657e 100644
--- a/src/lib/pubkey/dl_group/dl_named.cpp
+++ b/src/lib/pubkey/dl_group/dl_named.cpp
@@ -170,7 +170,7 @@ const char* DL_Group::PEM_for_named_group(const std::string& name)
if(name == "modp/ietf/6144")
return
- "-----BEGIN X942 DH PARAMETERS-----"
+ "-----BEGIN DSA PARAMETERS-----"
"MIIGDAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb"
"IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft"
"awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT"
@@ -204,7 +204,7 @@ const char* DL_Group::PEM_for_named_group(const std::string& name)
"2/+sLWKl6gPZFaCqVWZHtr9fpHDsCmYvaQfAG/BTy4r3eU3xlANQ6sXb4u07eqhV"
"HsUP3/h1jOZY0Ynqrm0rZPYXeUsZHD/0a7ceAjQCH0ezH6Qwdwlflq2Fujprc0p8"
"jzbmIBJ//////////wIBAg=="
- "-----END X942 DH PARAMETERS-----";
+ "-----END DSA PARAMETERS-----";
if(name == "modp/srp/6144")
return
@@ -230,7 +230,7 @@ const char* DL_Group::PEM_for_named_group(const std::string& name)
if(name == "modp/ietf/8192")
return
- "-----BEGIN X942 DH PARAMETERS-----"
+ "-----BEGIN DSA PARAMETERS-----"
"MIIIDAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb"
"IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft"
"awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT"
@@ -274,7 +274,7 @@ const char* DL_Group::PEM_for_named_group(const std::string& name)
"gfat7p0DFZ562dE8UzaVCfwfonwW75iHcDpVtRsiy/RM0BKu4LJ5jmKEI0KO/NWk"
"DK72v1DY6ohev3Omuf15teGPZ9E0GsgjenXDz8kgBKHFpA42a8RNABdq9xwV5IyG"
"034BNyPKrHIjqzv01U8YKHE7K0pv5A+rdEBctziwZMBuzHbp7///////////AgEC"
- "-----END X942 DH PARAMETERS-----";
+ "-----END DSA PARAMETERS-----";
if(name == "modp/srp/8192")
return
diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp
new file mode 100644
index 000000000..60ffff251
--- /dev/null
+++ b/src/tests/test_dl_group.cpp
@@ -0,0 +1,146 @@
+/*
+* (C) 2016 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "tests.h"
+
+#if defined(BOTAN_HAS_DL_GROUP)
+ #include <botan/dl_group.h>
+#endif
+
+namespace Botan_Tests {
+
+namespace {
+
+class DL_Group_Tests : public Test
+ {
+ public:
+ std::vector<Test::Result> run() override
+ {
+ std::vector<Test::Result> results;
+
+ Botan::RandomNumberGenerator& rng = Test::rng();
+
+ results.push_back(test_dl_encoding());
+ results.push_back(test_dl_named(rng));
+ //results.push_back(test_dl_generate(rng));
+
+ return results;
+ }
+
+ private:
+ Test::Result test_dl_encoding()
+ {
+ Test::Result result("DL_Group encoding");
+
+ const Botan::DL_Group orig("modp/ietf/1024");
+
+ const std::string pem1 = orig.PEM_encode(Botan::DL_Group::ANSI_X9_42);
+ const std::string pem2 = orig.PEM_encode(Botan::DL_Group::ANSI_X9_57);
+ const std::string pem3 = orig.PEM_encode(Botan::DL_Group::PKCS_3);
+
+ Botan::DL_Group group;
+
+ group.PEM_decode(pem1);
+
+ result.test_eq("Same p in X9.42 decoding", group.get_p(), orig.get_p());
+ result.test_eq("Same q in X9.42 decoding", group.get_q(), orig.get_q());
+ result.test_eq("Same g in X9.42 decoding", group.get_g(), orig.get_g());
+
+ group.PEM_decode(pem2);
+
+ result.test_eq("Same p in X9.57 decoding", group.get_p(), orig.get_p());
+ result.test_eq("Same q in X9.57 decoding", group.get_q(), orig.get_q());
+ result.test_eq("Same g in X9.57 decoding", group.get_g(), orig.get_g());
+
+ group.PEM_decode(pem3);
+
+ result.test_eq("Same p in X9.57 decoding", group.get_p(), orig.get_p());
+ // no q in PKCS #3 format
+ result.test_eq("Same g in X9.57 decoding", group.get_g(), orig.get_g());
+
+ return result;
+ }
+
+ Test::Result test_dl_generate(Botan::RandomNumberGenerator& rng)
+ {
+ Test::Result result("DL_Group generate");
+
+ Botan::DL_Group dsa1024(rng, Botan::DL_Group::DSA_Kosherizer, 1024);
+
+ result.test_eq("DSA p size", dsa1024.get_p().bits(), 1024);
+ result.test_eq("DSA q size", dsa1024.get_q().bits(), 160);
+ result.test_eq("DSA g size", dsa1024.get_g().bits(), 1024);
+ result.test_eq("DSA group verifies", dsa1024.verify_group(rng, true), true);
+
+ Botan::DL_Group dh1050(rng, Botan::DL_Group::Prime_Subgroup, 1050, 175);
+ result.test_eq("DH p size", dh1050.get_p().bits(), 1050);
+ result.test_eq("DH q size", dh1050.get_q().bits(), 175);
+ result.test_eq("DH g size", dh1050.get_g().bits(), 2);
+ result.test_eq("DH group verifies", dh1050.verify_group(rng, true), true);
+
+ return result;
+ }
+
+ Test::Result test_dl_named(Botan::RandomNumberGenerator& rng)
+ {
+ const std::vector<std::string> dl_named = {
+ "modp/ietf/1024",
+ "modp/ietf/1536",
+ "modp/ietf/2048",
+ "modp/ietf/3072",
+ "modp/ietf/4096",
+ "modp/ietf/6144",
+ "modp/ietf/8192",
+
+ "modp/srp/1024",
+ "modp/srp/1536",
+ "modp/srp/2048",
+ "modp/srp/3072",
+ "modp/srp/4096",
+ "modp/srp/6144",
+ "modp/srp/8192",
+
+ "dsa/jce/1024",
+ "dsa/botan/2048",
+ "dsa/botan/3072",
+ };
+
+ Test::Result result("DL_Group named");
+ result.start_timer();
+
+ for(std::string name : dl_named)
+ {
+ Botan::DL_Group group(name);
+
+ // These two groups fail verification because pow(g,q,p) != 1
+ if(name != "modp/srp/1024" && name != "modp/srp/1536")
+ {
+ result.test_eq(name + " verifies", group.verify_group(rng, false), true);
+ }
+
+ if(name.find("/srp/") == std::string::npos)
+ {
+ try
+ {
+ group.get_q(); // confirm all our non-SRP groups have q
+ }
+ catch(Botan::Invalid_State&)
+ {
+ result.test_failure("Group " + name + " has no q");
+ }
+ }
+ }
+ result.end_timer();
+
+ return result;
+ }
+ };
+
+BOTAN_REGISTER_TEST("dl_group", DL_Group_Tests);
+
+}
+
+}