From 2ed81733a647880f147f6887fd9a1863ddd3ee1b Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 3 Apr 2015 13:09:24 -0400 Subject: [PATCH 1/3] accept PKCS#3 DH parameters with privateValueLength included library/dhm.c: accept (and ignore) optional privateValueLength for PKCS#3 DH parameters. PKCS#3 defines the ASN.1 encoding of a DH parameter set like this: ---------------- DHParameter ::= SEQUENCE { prime INTEGER, -- p base INTEGER, -- g privateValueLength INTEGER OPTIONAL } The fields of type DHParameter have the following meanings: o prime is the prime p. o base is the base g. o privateValueLength is the optional private-value length l. ---------------- See: ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc This optional parameter was added in PKCS#3 version 1.4, released November 1, 1993. dhm.c currently doesn't cope well with PKCS#3 files that have this optional final parameter included. i see errors like: ------------ dhm_parse_dhmfile returned -0x33E6 Last error was: -0x33E6 - DHM - The ASN.1 data is not formatted correctly : ASN1 - Actual length differs from expected lengt ------------ You can generate PKCS#3 files with this final parameter with recent versions of certtool from GnuTLS: certtool --generate-dh-params > dh.pem --- library/dhm.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/library/dhm.c b/library/dhm.c index 9fb7a218b..0a4f82028 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -444,8 +444,9 @@ int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin, /* * DHParams ::= SEQUENCE { - * prime INTEGER, -- P - * generator INTEGER, -- g + * prime INTEGER, -- P + * generator INTEGER, -- g + * privateValueLength INTEGER OPTIONAL * } */ if( ( ret = asn1_get_tag( &p, end, &len, @@ -466,9 +467,23 @@ int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin, if( p != end ) { - ret = POLARSSL_ERR_DHM_INVALID_FORMAT + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH; - goto exit; + /* this might be the optional privateValueLength; If so, we + can cleanly discard it; */ + mpi rec; + mpi_init( &rec ); + ret = asn1_get_mpi( &p, end, &rec ); + mpi_free( &rec ); + if ( ret != 0 ) + { + ret = POLARSSL_ERR_DHM_INVALID_FORMAT + ret; + goto exit; + } + if ( p != end ) + { + ret = POLARSSL_ERR_DHM_INVALID_FORMAT + + POLARSSL_ERR_ASN1_LENGTH_MISMATCH; + goto exit; + } } ret = 0; From 5119df202273d8efc280215bd78a913d5c89d5e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 15 Apr 2015 13:50:29 +0200 Subject: [PATCH 2/3] Add test case for dh params with privateValueLength --- tests/data_files/dh.optlen.pem | 58 ++++++++++++++++++++++++++++++++ tests/suites/test_suite_dhm.data | 3 ++ 2 files changed, 61 insertions(+) create mode 100644 tests/data_files/dh.optlen.pem diff --git a/tests/data_files/dh.optlen.pem b/tests/data_files/dh.optlen.pem new file mode 100644 index 000000000..ee1e29bac --- /dev/null +++ b/tests/data_files/dh.optlen.pem @@ -0,0 +1,58 @@ + +Recommended key length: 256 bits + +generator: + 80:0a:bf:e7:dc:66:7a:a1:7b:cd:7c:04:61:4b:c2: + 21:a6:54:82:cc:c0:4b:60:46:02:b0:e1:31:90:8a: + 93:8e:a1:1b:48:dc:51:5d:ab:7a:bc:bb:1e:0c:7f: + d6:65:11:ed:c0:d8:65:51:b7:63:24:96:e0:3d:f9: + 43:57:e1:c4:ea:07:a7:ce:1e:38:1a:2f:ca:fd:ff: + 5f:5b:f0:0d:f8:28:80:60:20:e8:75:c0:09:26:e4: + d0:11:f8:84:77:a1:b0:19:27:d7:38:13:ca:d4:84: + 7c:63:96:b9:24:46:21:be:2b:00:b6:3c:65:92:53: + 31:84:13:44:3c:d2:44:21:5c:d7:fd:4c:be:79:6e: + 82:c6:cf:70:f8:9c:c0:c5:28:fb:8e:34:48:09:b3: + 18:76:e7:ef:73:9d:51:60:d0:95:c9:68:41:88:b0: + c8:75:5c:7a:46:8d:47:f5:6d:6d:b9:ea:01:29:24: + ec:b0:55:6f:b7:13:12:a8:d7:c9:3b:b2:89:8e:a0: + 8e:e5:4e:eb:59:45:48:28:5f:06:a9:73:cb:be:2a: + 0c:b0:2e:90:f3:23:fe:04:55:21:f3:4c:68:35:4a: + 6d:3e:95:db:ff:f1:eb:64:69:2e:dc:0a:44:f3:d3: + e4:08:d0:e4:79:a5:41:e7:79:a6:05:42:59:e2:d8: + 54: + +prime: + b3:12:6a:ea:f4:71:53:c7:d6:7f:40:30:30:b2:92: + b5:bd:5a:6c:9e:ae:1c:13:7a:f3:40:87:fc:e2:a3: + 6a:57:8d:70:c5:c5:60:ad:2b:db:92:4c:4a:4d:be: + e2:0a:16:71:be:71:03:ce:87:de:fa:76:90:89:36: + 80:3d:be:ca:60:c3:3e:12:89:c1:a0:3a:c2:c6:c4: + e4:94:05:e5:90:2f:a0:59:6a:1c:ba:a8:95:cc:40: + 2d:52:13:ed:4a:5f:1f:5b:a8:b5:e1:ed:3d:a9:51: + a4:c4:75:af:eb:0c:a6:60:b7:36:8c:38:c8:e8:09: + f3:82:d9:6a:e1:9e:60:dc:98:4e:61:cb:42:b5:df: + d7:23:32:2a:cf:32:7f:9e:41:3c:da:64:00:c1:5c: + 5b:2e:a1:fa:34:40:5d:83:98:2f:ba:40:e6:d8:52: + da:3d:91:01:9b:f2:35:11:31:42:54:dc:21:1a:90: + 83:3e:5b:17:98:ee:52:a7:81:98:c5:55:64:47:29: + ad:92:f0:60:36:7c:74:de:d3:77:04:ad:fc:27:3a: + 4a:33:fe:c8:21:bd:2e:bd:3b:c0:51:73:0e:97:a4: + dd:14:d2:b7:66:06:25:92:f5:ee:c0:9d:16:bb:50: + ef:eb:f2:cc:00:dd:3e:0e:34:18:e6:0e:c8:48:70: + f7: + + +-----BEGIN DH PARAMETERS----- +MIICDgKCAQEAsxJq6vRxU8fWf0AwMLKStb1abJ6uHBN680CH/OKjaleNcMXFYK0r +25JMSk2+4goWcb5xA86H3vp2kIk2gD2+ymDDPhKJwaA6wsbE5JQF5ZAvoFlqHLqo +lcxALVIT7UpfH1uoteHtPalRpMR1r+sMpmC3Now4yOgJ84LZauGeYNyYTmHLQrXf +1yMyKs8yf55BPNpkAMFcWy6h+jRAXYOYL7pA5thS2j2RAZvyNRExQlTcIRqQgz5b +F5juUqeBmMVVZEcprZLwYDZ8dN7TdwSt/Cc6SjP+yCG9Lr07wFFzDpek3RTSt2YG +JZL17sCdFrtQ7+vyzADdPg40GOYOyEhw9wKCAQEAgAq/59xmeqF7zXwEYUvCIaZU +gszAS2BGArDhMZCKk46hG0jcUV2rery7Hgx/1mUR7cDYZVG3YySW4D35Q1fhxOoH +p84eOBovyv3/X1vwDfgogGAg6HXACSbk0BH4hHehsBkn1zgTytSEfGOWuSRGIb4r +ALY8ZZJTMYQTRDzSRCFc1/1MvnlugsbPcPicwMUo+440SAmzGHbn73OdUWDQlclo +QYiwyHVcekaNR/VtbbnqASkk7LBVb7cTEqjXyTuyiY6gjuVO61lFSChfBqlzy74q +DLAukPMj/gRVIfNMaDVKbT6V2//x62RpLtwKRPPT5AjQ5HmlQed5pgVCWeLYVAIC +AQA= +-----END DH PARAMETERS----- diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data index 57db3dbc9..f2cdeffa5 100644 --- a/tests/suites/test_suite_dhm.data +++ b/tests/suites/test_suite_dhm.data @@ -10,5 +10,8 @@ dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712 Diffie-Hallman load parameters from file dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128 +Diffie-Hallman load parameters from file +dhm_file:"data_files/dh.optlen.pem":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256 + Diffie-Hellman selftest dhm_selftest: From 95f00892d2c6b06357ae9b9179c09146544ff08f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 15 Apr 2015 14:12:05 +0200 Subject: [PATCH 3/3] Update Changelog for DH params --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 2fb793fc3..2ea49af2a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ mbed TLS ChangeLog (Sorted per branch, date) Security Features + * Add support for reading DH parameters with privateValueLength included + (contributed by Daniel Khan Gillmor). * Add support for bit strings in X.509 names (request by Fredrik Axelsson). * Add support for id-at-uniqueIdentifier in X.509 names. * Add support for overriding snprintf() (except on Windows) and exit() in