[gnome-keyring/dbus-api] [egg] Add IETF DH groups.

From: Stefan Walter <stefw src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [gnome-keyring/dbus-api] [egg] Add IETF DH groups.
Date: Thu, 12 Nov 2009 06:38:28 +0000 (UTC)
commit 92238de677f938652dbfb39e976fbf8e5e43a585
Author: Stef Walter <stef memberwebs com>
Date:   Thu Nov 12 06:36:55 2009 +0000

    [egg] Add IETF DH groups.
    
    These are the standard DH groups specified in RFC2409
    and RFC3526

 daemon/prompt/gkd-prompt.c |    2 +-
 egg/egg-dh.c               |  173 ++++++++++++++++++++++++++++++++++++++++++--
 egg/egg-dh.h               |    2 +-
 egg/tests/unit-test-dh.c   |   52 +++++++++++++-
 4 files changed, 216 insertions(+), 13 deletions(-)
---
diff --git a/daemon/prompt/gkd-prompt.c b/daemon/prompt/gkd-prompt.c
index 3a4c437..8f735e7 100644
--- a/daemon/prompt/gkd-prompt.c
+++ b/daemon/prompt/gkd-prompt.c
@@ -285,7 +285,7 @@ prepare_transport_crypto (GkdPrompt *self)
 	g_assert (!self->pv->secret);
 
 	/* Figure out our prime, base, public and secret bits */
-	if (!egg_dh_default_params (&self->pv->prime, &base) ||
+	if (!egg_dh_default_params ("ietf-ike-grp-modp-1536", &self->pv->prime, &base) ||
 	    !egg_dh_gen_secret (self->pv->prime, base, &pub, &self->pv->secret))
 		g_return_if_reached ();
 
diff --git a/egg/egg-dh.c b/egg/egg-dh.c
index ccb2243..e68cb7b 100644
--- a/egg/egg-dh.c
+++ b/egg/egg-dh.c
@@ -30,22 +30,179 @@
 #define DEFAULT_BASE  "02"
 #define DEFAULT_BITS  1024
 
+typedef struct _DHGroup {
+	const gchar *name;
+	guint bits;
+	const gchar *prime;
+	const gchar *base;
+} DHGroup;
+
+static const DHGroup dh_groups[] = {
+	{
+		"ietf-ike-grp-modp-768", 768,
+		"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+		"29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+		"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+		"E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF",
+		"02"
+	},
+	{
+		"ietf-ike-grp-modp-1024", 1024,
+		"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+		"29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+		"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+		"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+		"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381"
+		"FFFFFFFFFFFFFFFF",
+		"02"
+	},
+	{
+		"ietf-ike-grp-modp-1536", 1536,
+		"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+		"29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+		"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+		"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+		"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+		"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+		"83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+		"670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF",
+		"02"
+	},
+	{
+		"ietf-ike-grp-modp-2048", 2048,
+		"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+		"29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+		"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+		"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+		"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+		"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+		"83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+		"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+		"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+		"DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+		"15728E5A8AACAA68FFFFFFFFFFFFFFFF",
+		"02"
+	},
+	{
+		"ietf-ike-grp-modp-3072", 3072,
+		"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+		"29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+		"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+		"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+		"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+		"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+		"83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+		"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+		"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+		"DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+		"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+		"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
+		"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+		"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+		"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+		"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
+		"02"
+	},
+	{
+		"ietf-ike-grp-modp-4096", 4096,
+		"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+		"29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+		"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+		"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+		"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+		"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+		"83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+		"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+		"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+		"DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+		"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+		"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
+		"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+		"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+		"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+		"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
+		"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
+		"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
+		"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
+		"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
+		"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199"
+		"FFFFFFFFFFFFFFFF",
+		"02"
+	},
+	{
+		"ietf-ike-grp-modp-8192", 8192,
+		"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+		"29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+		"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+		"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+		"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+		"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+		"83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+		"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+		"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+		"DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+		"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+		"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
+		"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+		"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+		"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+		"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
+		"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
+		"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
+		"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
+		"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
+		"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
+		"36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
+		"F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
+		"179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
+		"DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
+		"5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
+		"D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
+		"23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
+		"CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
+		"06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
+		"DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
+		"12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
+		"38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
+		"741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
+		"3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
+		"22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
+		"4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
+		"062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
+		"4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
+		"B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
+		"4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
+		"9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
+		"60C980DD98EDD3DFFFFFFFFFFFFFFFFF",
+		"02"
+	},
+	{
+		NULL
+	}
+};
+
 gboolean
-egg_dh_default_params (gcry_mpi_t *prime, gcry_mpi_t *base)
+egg_dh_default_params (const gchar *name, gcry_mpi_t *prime, gcry_mpi_t *base)
 {
+	const DHGroup *group;
 	gcry_error_t gcry;
 
+	g_return_val_if_fail (name, FALSE);
 	g_return_val_if_fail (prime, FALSE);
 	g_return_val_if_fail (base, FALSE);
 
-	gcry = gcry_mpi_scan (prime, GCRYMPI_FMT_HEX, DEFAULT_PRIME, 0, NULL);
-	g_return_val_if_fail (gcry == 0, FALSE);
-	g_return_val_if_fail (gcry_mpi_get_nbits (*prime) == DEFAULT_BITS, FALSE);
-
-	gcry = gcry_mpi_scan (base, GCRYMPI_FMT_HEX, DEFAULT_BASE, 0, NULL);
-	g_return_val_if_fail (gcry == 0, FALSE);
-
-	return TRUE;
+	for (group = dh_groups; group->name; ++group) {
+		if (g_str_equal (group->name, name)) {
+			gcry = gcry_mpi_scan (prime, GCRYMPI_FMT_HEX, group->prime, 0, NULL);
+			g_return_val_if_fail (gcry == 0, FALSE);
+			g_return_val_if_fail (gcry_mpi_get_nbits (*prime) == group->bits, FALSE);
+			gcry = gcry_mpi_scan (base, GCRYMPI_FMT_HEX, group->base, 0, NULL);
+			g_return_val_if_fail (gcry == 0, FALSE);
+			return TRUE;
+		}
+	}
+
+	return FALSE;
 }
 
 gboolean
diff --git a/egg/egg-dh.h b/egg/egg-dh.h
index eb7959d..bee18c1 100644
--- a/egg/egg-dh.h
+++ b/egg/egg-dh.h
@@ -26,7 +26,7 @@
 
 #include <gcrypt.h>
 
-gboolean   egg_dh_default_params   (gcry_mpi_t *prime, gcry_mpi_t *base);
+gboolean   egg_dh_default_params   (const gchar *name, gcry_mpi_t *prime, gcry_mpi_t *base);
 
 gboolean   egg_dh_gen_secret       (gcry_mpi_t p, gcry_mpi_t g, gcry_mpi_t *X, gcry_mpi_t *x);
 
diff --git a/egg/tests/unit-test-dh.c b/egg/tests/unit-test-dh.c
index 7166760..17b11f3 100644
--- a/egg/tests/unit-test-dh.c
+++ b/egg/tests/unit-test-dh.c
@@ -97,16 +97,62 @@ DEFINE_TEST(dh_perform)
 	gcry_mpi_release (k2);
 }
 
-DEFINE_TEST(dh_defaults)
+static void
+test_dh_default (const gchar *name, guint bits)
 {
 	gboolean ret;
 	gcry_mpi_t p, g;
 
-	ret = egg_dh_default_params (&p, &g);
+	ret = egg_dh_default_params (name, &p, &g);
 	g_assert (ret);
-	g_assert_cmpint (gcry_mpi_get_nbits (p), ==, 1024);
+	g_assert_cmpint (gcry_mpi_get_nbits (p), ==, bits);
 	g_assert_cmpint (gcry_mpi_get_nbits (g), <, gcry_mpi_get_nbits (p));
 
 	gcry_mpi_release (p);
 	gcry_mpi_release (g);
 }
+
+DEFINE_TEST(dh_default_768)
+{
+	test_dh_default ("ietf-ike-grp-modp-768", 768);
+}
+
+DEFINE_TEST(dh_default_1024)
+{
+	test_dh_default ("ietf-ike-grp-modp-1024", 1024);
+}
+
+DEFINE_TEST(dh_default_1536)
+{
+	test_dh_default ("ietf-ike-grp-modp-1536", 1536);
+}
+
+
+DEFINE_TEST(dh_default_2048)
+{
+	test_dh_default ("ietf-ike-grp-modp-2048", 2048);
+}
+
+DEFINE_TEST(dh_default_3072)
+{
+	test_dh_default ("ietf-ike-grp-modp-3072", 3072);
+}
+
+DEFINE_TEST(dh_default_4096)
+{
+	test_dh_default ("ietf-ike-grp-modp-4096", 4096);
+}
+
+DEFINE_TEST(dh_default_8192)
+{
+	test_dh_default ("ietf-ike-grp-modp-8192", 8192);
+}
+
+DEFINE_TEST(dh_default_bad)
+{
+	gboolean ret;
+	gcry_mpi_t p, g;
+
+	ret = egg_dh_default_params ("bad-name", &p, &g);
+	g_assert (!ret);
+}
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]