diff options
-rw-r--r-- | news.rst | 27 | ||||
-rw-r--r-- | src/cli/pubkey.cpp | 2 | ||||
-rw-r--r-- | src/lib/pubkey/dl_group/dl_group.h | 4 | ||||
-rw-r--r-- | src/lib/pubkey/dl_group/dl_named.cpp | 8 | ||||
-rw-r--r-- | src/tests/test_dl_group.cpp | 146 |
5 files changed, 169 insertions, 18 deletions
@@ -6,25 +6,30 @@ Version 1.11.35, Not Yet Released * Fix a longstanding bug in modular exponentiation which caused most exponentiations modulo an even number to have an incorrect result; such moduli - occur only rarely in cryptographic contexts. GH #754 + occur only rarely in cryptographic contexts. (GH #754) * Fix a bug in BigInt multiply operation, introduced in 1.11.30, which could cause incorrect results. Found by OSS-Fuzz fuzzing the ressol function, where the bug manifested as an incorrect modular exponentiation. OSS-Fuzz bug #287 -* Changes all Public_Key derived class ctors to take a - std::vector instead of a secure_vector for the DER encoded - public key bits. (GH #768) +* Fix a bug that meant the "ietf/modp/6144" and "ietf/modp/8192" discrete log + groups used an incorrect value for the generator, specifically the value + (p-1)/2 was used instead of the correct value of 2. -* Allow use of custom extensions when creating X.509 certificates - (GH #744) +* The DL_Group enum value X942_DH_PARAMETERS has been renamed + ANSI_X9_42_DH_PARAMETERS to avoid a conflict with Windows headers (GH #482) -* Add ISO 9796-2 signature padding schemes DS2 and DS3. These schemes provide message recovery - (part or all of the plaintext message can be recovered from the signature alone) and are - used by some industry protocols. (GH #759) +* Changes all Public_Key derived class ctors to take a std::vector instead of a + secure_vector for the DER encoded public key bits. (GH #768) -* Rewrite all the code that handles parsing CBC padding bytes to run - without conditional jumps or loads. (GH #765 #728) +* Allow use of custom extensions when creating X.509 certificates (GH #744) + +* Add ISO 9796-2 signature padding schemes DS2 and DS3. These schemes provide + message recovery (part or all of the plaintext message can be recovered from + the signature alone) and are used by some industry protocols. (GH #759) + +* Rewrite all the code that handles parsing CBC padding bytes to run without + conditional jumps or loads. (GH #765 #728) * Fix deref of invalid memory location in TLS client when the server chooses a ciphersuite value larger than the largest TLS ciphersuite ID compiled into the diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index 3a4ce7717..aac493a0e 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -192,7 +192,7 @@ class DL_Group_Info final : public Command if(flag_set("pem")) { - output() << group.PEM_encode(Botan::DL_Group::X942_DH_PARAMETERS); + output() << group.PEM_encode(Botan::DL_Group::ANSI_X9_42_DH_PARAMETERS); } else { diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h index 39ad9b954..98a49649c 100644 --- a/src/lib/pubkey/dl_group/dl_group.h +++ b/src/lib/pubkey/dl_group/dl_group.h @@ -49,7 +49,7 @@ class BOTAN_DLL DL_Group DSA_PARAMETERS = ANSI_X9_57, DH_PARAMETERS = ANSI_X9_42, - X942_DH_PARAMETERS = ANSI_X9_42, + ANSI_X9_42_DH_PARAMETERS = ANSI_X9_42, PKCS3_DH_PARAMETERS = PKCS_3 }; @@ -106,7 +106,7 @@ class BOTAN_DLL DL_Group * @param name the name that is configured in the global configuration * for the desired group. If no configuration file is specified, * the default values from the file policy.cpp will be used. For instance, - * use "modp/ietf/768" as name. + * use "modp/ietf/3072". */ DL_Group(const std::string& name); diff --git a/src/lib/pubkey/dl_group/dl_named.cpp b/src/lib/pubkey/dl_group/dl_named.cpp index 9c084c80b..56871657e 100644 --- a/src/lib/pubkey/dl_group/dl_named.cpp +++ b/src/lib/pubkey/dl_group/dl_named.cpp @@ -170,7 +170,7 @@ const char* DL_Group::PEM_for_named_group(const std::string& name) if(name == "modp/ietf/6144") return - "-----BEGIN X942 DH PARAMETERS-----" + "-----BEGIN DSA PARAMETERS-----" "MIIGDAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" @@ -204,7 +204,7 @@ const char* DL_Group::PEM_for_named_group(const std::string& name) "2/+sLWKl6gPZFaCqVWZHtr9fpHDsCmYvaQfAG/BTy4r3eU3xlANQ6sXb4u07eqhV" "HsUP3/h1jOZY0Ynqrm0rZPYXeUsZHD/0a7ceAjQCH0ezH6Qwdwlflq2Fujprc0p8" "jzbmIBJ//////////wIBAg==" - "-----END X942 DH PARAMETERS-----"; + "-----END DSA PARAMETERS-----"; if(name == "modp/srp/6144") return @@ -230,7 +230,7 @@ const char* DL_Group::PEM_for_named_group(const std::string& name) if(name == "modp/ietf/8192") return - "-----BEGIN X942 DH PARAMETERS-----" + "-----BEGIN DSA PARAMETERS-----" "MIIIDAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft" "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT" @@ -274,7 +274,7 @@ const char* DL_Group::PEM_for_named_group(const std::string& name) "gfat7p0DFZ562dE8UzaVCfwfonwW75iHcDpVtRsiy/RM0BKu4LJ5jmKEI0KO/NWk" "DK72v1DY6ohev3Omuf15teGPZ9E0GsgjenXDz8kgBKHFpA42a8RNABdq9xwV5IyG" "034BNyPKrHIjqzv01U8YKHE7K0pv5A+rdEBctziwZMBuzHbp7///////////AgEC" - "-----END X942 DH PARAMETERS-----"; + "-----END DSA PARAMETERS-----"; if(name == "modp/srp/8192") return diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp new file mode 100644 index 000000000..60ffff251 --- /dev/null +++ b/src/tests/test_dl_group.cpp @@ -0,0 +1,146 @@ +/* +* (C) 2016 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "tests.h" + +#if defined(BOTAN_HAS_DL_GROUP) + #include <botan/dl_group.h> +#endif + +namespace Botan_Tests { + +namespace { + +class DL_Group_Tests : public Test + { + public: + std::vector<Test::Result> run() override + { + std::vector<Test::Result> results; + + Botan::RandomNumberGenerator& rng = Test::rng(); + + results.push_back(test_dl_encoding()); + results.push_back(test_dl_named(rng)); + //results.push_back(test_dl_generate(rng)); + + return results; + } + + private: + Test::Result test_dl_encoding() + { + Test::Result result("DL_Group encoding"); + + const Botan::DL_Group orig("modp/ietf/1024"); + + const std::string pem1 = orig.PEM_encode(Botan::DL_Group::ANSI_X9_42); + const std::string pem2 = orig.PEM_encode(Botan::DL_Group::ANSI_X9_57); + const std::string pem3 = orig.PEM_encode(Botan::DL_Group::PKCS_3); + + Botan::DL_Group group; + + group.PEM_decode(pem1); + + result.test_eq("Same p in X9.42 decoding", group.get_p(), orig.get_p()); + result.test_eq("Same q in X9.42 decoding", group.get_q(), orig.get_q()); + result.test_eq("Same g in X9.42 decoding", group.get_g(), orig.get_g()); + + group.PEM_decode(pem2); + + result.test_eq("Same p in X9.57 decoding", group.get_p(), orig.get_p()); + result.test_eq("Same q in X9.57 decoding", group.get_q(), orig.get_q()); + result.test_eq("Same g in X9.57 decoding", group.get_g(), orig.get_g()); + + group.PEM_decode(pem3); + + result.test_eq("Same p in X9.57 decoding", group.get_p(), orig.get_p()); + // no q in PKCS #3 format + result.test_eq("Same g in X9.57 decoding", group.get_g(), orig.get_g()); + + return result; + } + + Test::Result test_dl_generate(Botan::RandomNumberGenerator& rng) + { + Test::Result result("DL_Group generate"); + + Botan::DL_Group dsa1024(rng, Botan::DL_Group::DSA_Kosherizer, 1024); + + result.test_eq("DSA p size", dsa1024.get_p().bits(), 1024); + result.test_eq("DSA q size", dsa1024.get_q().bits(), 160); + result.test_eq("DSA g size", dsa1024.get_g().bits(), 1024); + result.test_eq("DSA group verifies", dsa1024.verify_group(rng, true), true); + + Botan::DL_Group dh1050(rng, Botan::DL_Group::Prime_Subgroup, 1050, 175); + result.test_eq("DH p size", dh1050.get_p().bits(), 1050); + result.test_eq("DH q size", dh1050.get_q().bits(), 175); + result.test_eq("DH g size", dh1050.get_g().bits(), 2); + result.test_eq("DH group verifies", dh1050.verify_group(rng, true), true); + + return result; + } + + Test::Result test_dl_named(Botan::RandomNumberGenerator& rng) + { + const std::vector<std::string> dl_named = { + "modp/ietf/1024", + "modp/ietf/1536", + "modp/ietf/2048", + "modp/ietf/3072", + "modp/ietf/4096", + "modp/ietf/6144", + "modp/ietf/8192", + + "modp/srp/1024", + "modp/srp/1536", + "modp/srp/2048", + "modp/srp/3072", + "modp/srp/4096", + "modp/srp/6144", + "modp/srp/8192", + + "dsa/jce/1024", + "dsa/botan/2048", + "dsa/botan/3072", + }; + + Test::Result result("DL_Group named"); + result.start_timer(); + + for(std::string name : dl_named) + { + Botan::DL_Group group(name); + + // These two groups fail verification because pow(g,q,p) != 1 + if(name != "modp/srp/1024" && name != "modp/srp/1536") + { + result.test_eq(name + " verifies", group.verify_group(rng, false), true); + } + + if(name.find("/srp/") == std::string::npos) + { + try + { + group.get_q(); // confirm all our non-SRP groups have q + } + catch(Botan::Invalid_State&) + { + result.test_failure("Group " + name + " has no q"); + } + } + } + result.end_timer(); + + return result; + } + }; + +BOTAN_REGISTER_TEST("dl_group", DL_Group_Tests); + +} + +} |