Commit | Line | Data |
---|---|---|
a799883d PP |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
5 | /* Copyright (c) Phil Pennock 2012 | |
6 | * But almost everything here is fixed published constants from RFCs, so also: | |
7 | * Copyright (C) The Internet Society (2003) | |
8 | * Copyright (C) The IETF Trust (2008) | |
9 | * Most of the text in RFC referencing comments is copy/paste from RFC, | |
10 | * as is undoubtedly the intention. | |
11 | * The constants are generated from that text using util/gen_pkcs3.c invoked | |
12 | * with the -C option. | |
13 | */ | |
14 | ||
15 | /* See the file NOTICE for conditions of use and distribution. */ | |
16 | ||
17 | #include "exim.h" | |
18 | ||
19 | #ifndef SUPPORT_TLS | |
20 | static void dummy(int x) { dummy(x-1); } | |
21 | #else | |
22 | ||
23 | /* The IETF defines standard primes as "Modular Exponential (MODP) Groups" for | |
24 | use in IKE in RFC 2409 and 3526, and then some more, "for Use with IETF | |
25 | Standards" in RFC 5114. These have been thoroughly reviewed as meeting | |
26 | certain eligibility criteria, which is more than can be said for primes | |
27 | generated quickly on no particular criteria. | |
28 | ||
29 | Any prime used in TLS is disclosed publicly, and if the security of your | |
30 | session depends upon the prime being secret, then one of three situations | |
31 | holds: | |
32 | (1) the prime is too small | |
33 | (2) the prime is flawed, use one of these instead | |
34 | (3) you know of fundamental cryptanalytic breaks not currently publicly known | |
35 | to the cryptographic community. | |
36 | */ | |
37 | ||
38 | /* RFC 2409 MODP IKE_id=1 generator=2 bits=768 | |
39 | The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 } | |
40 | Its hexadecimal value is | |
41 | FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 | |
42 | 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD | |
43 | EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 | |
44 | E485B576 625E7EC6 F44C42E9 A63A3620 FFFFFFFF FFFFFFFF | |
45 | */ | |
46 | static const char dh_ike_1_pem[] = | |
47 | "-----BEGIN DH PARAMETERS-----\n" | |
48 | "MGYCYQD//////////8kP2qIhaMI0xMZii4DcHNEpAk4IimfMdAILvqY7E5siUUoI\n" | |
49 | "eY40BN3vlRmzzTpDGzArCm3yXxQ3T+E1bW1RwkXkhbV2Yl5+xvRMQummOjYg////\n" | |
50 | "//////8CAQI=\n" | |
51 | "-----END DH PARAMETERS-----\n"; | |
52 | ||
53 | /* RFC 2409 MODP IKE_id=2 generator=2 bits=1024 | |
54 | The prime is 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }. | |
55 | Its hexadecimal value is | |
56 | ||
57 | FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 | |
58 | 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD | |
59 | EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 | |
60 | E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED | |
61 | EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 | |
62 | FFFFFFFF FFFFFFFF | |
63 | */ | |
64 | static const char dh_ike_2_pem[] = | |
65 | "-----BEGIN DH PARAMETERS-----\n" | |
66 | "MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR\n" | |
67 | "Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL\n" | |
68 | "/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC\n" | |
69 | "-----END DH PARAMETERS-----\n"; | |
70 | ||
71 | /* RFC 2409; id=3 and id=4 are EC2N, not yet supported here */ | |
72 | ||
73 | /* RFC 3526 MODP IKE_id=5 generator=2 bits=1536 | |
74 | The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } | |
75 | Its hexadecimal value is: | |
76 | ||
77 | FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 | |
78 | 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD | |
79 | EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 | |
80 | E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED | |
81 | EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D | |
82 | C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F | |
83 | 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D | |
84 | 670C354E 4ABC9804 F1746C08 CA237327 FFFFFFFF FFFFFFFF | |
85 | */ | |
86 | static const char dh_ike_5_pem[] = | |
87 | "-----BEGIN DH PARAMETERS-----\n" | |
88 | "MIHHAoHBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR\n" | |
89 | "Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL\n" | |
90 | "/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7ORbPcIAfLihY78FmNpINhxV05pp\n" | |
91 | "Fj+o/STPX4NlXSPco62WHGLzViCFUrue1SkHcJaWbWcMNU5KvJgE8XRsCMojcyf/\n" | |
92 | "/////////wIBAg==\n" | |
93 | "-----END DH PARAMETERS-----\n"; | |
94 | ||
95 | /* RFC 3526 MODP IKE_id=14 generator=2 bits=2048 | |
96 | This prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } | |
97 | Its hexadecimal value is: | |
98 | ||
99 | FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 | |
100 | 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD | |
101 | EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 | |
102 | E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED | |
103 | EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D | |
104 | C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F | |
105 | 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D | |
106 | 670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B | |
107 | E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 | |
108 | DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 | |
109 | 15728E5A 8AACAA68 FFFFFFFF FFFFFFFF | |
110 | */ | |
111 | static const char dh_ike_14_pem[] = | |
112 | "-----BEGIN DH PARAMETERS-----\n" | |
113 | "MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n" | |
114 | "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n" | |
115 | "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n" | |
116 | "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n" | |
117 | "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n" | |
118 | "5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==\n" | |
119 | "-----END DH PARAMETERS-----\n"; | |
120 | ||
121 | /* RFC 3526 MODP IKE_id=15 generator=2 bits=3072 | |
122 | This prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } | |
123 | Its hexadecimal value is: | |
124 | ||
125 | FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 | |
126 | 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD | |
127 | EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 | |
128 | E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED | |
129 | EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D | |
130 | C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F | |
131 | 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D | |
132 | 670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B | |
133 | E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 | |
134 | DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 | |
135 | 15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64 | |
136 | ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7 | |
137 | ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B | |
138 | F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C | |
139 | BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 | |
140 | 43DB5BFC E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF | |
141 | */ | |
142 | static const char dh_ike_15_pem[] = | |
143 | "-----BEGIN DH PARAMETERS-----\n" | |
144 | "MIIBiAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n" | |
145 | "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n" | |
146 | "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n" | |
147 | "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n" | |
148 | "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n" | |
149 | "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM\n" | |
150 | "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq\n" | |
151 | "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqTrS\n" | |
152 | "yv//////////AgEC\n" | |
153 | "-----END DH PARAMETERS-----\n"; | |
154 | ||
155 | /* RFC 3526 MODP IKE_id=16 generator=2 bits=4096 | |
156 | This prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } | |
157 | Its hexadecimal value is: | |
158 | ||
159 | FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 | |
160 | 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD | |
161 | EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 | |
162 | E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED | |
163 | EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D | |
164 | C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F | |
165 | 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D | |
166 | 670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B | |
167 | E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 | |
168 | DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 | |
169 | 15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64 | |
170 | ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7 | |
171 | ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B | |
172 | F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C | |
173 | BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 | |
174 | 43DB5BFC E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7 | |
175 | 88719A10 BDBA5B26 99C32718 6AF4E23C 1A946834 B6150BDA | |
176 | 2583E9CA 2AD44CE8 DBBBC2DB 04DE8EF9 2E8EFC14 1FBECAA6 | |
177 | 287C5947 4E6BC05D 99B2964F A090C3A2 233BA186 515BE7ED | |
178 | 1F612970 CEE2D7AF B81BDD76 2170481C D0069127 D5B05AA9 | |
179 | 93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34063199 | |
180 | FFFFFFFF FFFFFFFF | |
181 | */ | |
182 | static const char dh_ike_16_pem[] = | |
183 | "-----BEGIN DH PARAMETERS-----\n" | |
184 | "MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n" | |
185 | "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n" | |
186 | "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n" | |
187 | "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n" | |
188 | "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n" | |
189 | "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM\n" | |
190 | "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq\n" | |
191 | "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI\n" | |
192 | "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O\n" | |
193 | "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI\n" | |
194 | "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=\n" | |
195 | "-----END DH PARAMETERS-----\n"; | |
196 | ||
197 | /* RFC 3526 MODP IKE_id=17 generator=2 bits=6144 | |
198 | This prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } | |
199 | Its hexadecimal value is: | |
200 | ||
201 | FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08 | |
202 | 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B | |
203 | 302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9 | |
204 | A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 | |
205 | 49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 | |
206 | FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D | |
207 | 670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C | |
208 | 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718 | |
209 | 3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D | |
210 | 04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D | |
211 | B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 | |
212 | 1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C | |
213 | BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC | |
214 | E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7 88719A10 BDBA5B26 | |
215 | 99C32718 6AF4E23C 1A946834 B6150BDA 2583E9CA 2AD44CE8 DBBBC2DB | |
216 | 04DE8EF9 2E8EFC14 1FBECAA6 287C5947 4E6BC05D 99B2964F A090C3A2 | |
217 | 233BA186 515BE7ED 1F612970 CEE2D7AF B81BDD76 2170481C D0069127 | |
218 | D5B05AA9 93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34028492 | |
219 | 36C3FAB4 D27C7026 C1D4DCB2 602646DE C9751E76 3DBA37BD F8FF9406 | |
220 | AD9E530E E5DB382F 413001AE B06A53ED 9027D831 179727B0 865A8918 | |
221 | DA3EDBEB CF9B14ED 44CE6CBA CED4BB1B DB7F1447 E6CC254B 33205151 | |
222 | 2BD7AF42 6FB8F401 378CD2BF 5983CA01 C64B92EC F032EA15 D1721D03 | |
223 | F482D7CE 6E74FEF6 D55E702F 46980C82 B5A84031 900B1C9E 59E7C97F | |
224 | BEC7E8F3 23A97A7E 36CC88BE 0F1D45B7 FF585AC5 4BD407B2 2B4154AA | |
225 | CC8F6D7E BF48E1D8 14CC5ED2 0F8037E0 A79715EE F29BE328 06A1D58B | |
226 | B7C5DA76 F550AA3D 8A1FBFF0 EB19CCB1 A313D55C DA56C9EC 2EF29632 | |
227 | 387FE8D7 6E3C0468 043E8F66 3F4860EE 12BF2D5B 0B7474D6 E694F91E | |
228 | 6DCC4024 FFFFFFFF FFFFFFFF | |
229 | */ | |
230 | static const char dh_ike_17_pem[] = | |
231 | "-----BEGIN DH PARAMETERS-----\n" | |
232 | "MIIDCAKCAwEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n" | |
233 | "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n" | |
234 | "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n" | |
235 | "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n" | |
236 | "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n" | |
237 | "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM\n" | |
238 | "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq\n" | |
239 | "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI\n" | |
240 | "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O\n" | |
241 | "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI\n" | |
242 | "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG\n" | |
243 | "3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU\n" | |
244 | "7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId\n" | |
245 | "A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha\n" | |
246 | "xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/\n" | |
247 | "8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebcxA\n" | |
248 | "JP//////////AgEC\n" | |
249 | "-----END DH PARAMETERS-----\n"; | |
250 | ||
251 | /* RFC 3526 MODP IKE_id=18 generator=2 bits=8192 | |
252 | This prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } | |
253 | Its hexadecimal value is: | |
254 | ||
255 | FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 | |
256 | 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD | |
257 | EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 | |
258 | E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED | |
259 | EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D | |
260 | C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F | |
261 | 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D | |
262 | 670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B | |
263 | E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 | |
264 | DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 | |
265 | 15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64 | |
266 | ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7 | |
267 | ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B | |
268 | F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C | |
269 | BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 | |
270 | 43DB5BFC E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7 | |
271 | 88719A10 BDBA5B26 99C32718 6AF4E23C 1A946834 B6150BDA | |
272 | 2583E9CA 2AD44CE8 DBBBC2DB 04DE8EF9 2E8EFC14 1FBECAA6 | |
273 | 287C5947 4E6BC05D 99B2964F A090C3A2 233BA186 515BE7ED | |
274 | 1F612970 CEE2D7AF B81BDD76 2170481C D0069127 D5B05AA9 | |
275 | 93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34028492 | |
276 | 36C3FAB4 D27C7026 C1D4DCB2 602646DE C9751E76 3DBA37BD | |
277 | F8FF9406 AD9E530E E5DB382F 413001AE B06A53ED 9027D831 | |
278 | 179727B0 865A8918 DA3EDBEB CF9B14ED 44CE6CBA CED4BB1B | |
279 | DB7F1447 E6CC254B 33205151 2BD7AF42 6FB8F401 378CD2BF | |
280 | 5983CA01 C64B92EC F032EA15 D1721D03 F482D7CE 6E74FEF6 | |
281 | D55E702F 46980C82 B5A84031 900B1C9E 59E7C97F BEC7E8F3 | |
282 | 23A97A7E 36CC88BE 0F1D45B7 FF585AC5 4BD407B2 2B4154AA | |
283 | CC8F6D7E BF48E1D8 14CC5ED2 0F8037E0 A79715EE F29BE328 | |
284 | 06A1D58B B7C5DA76 F550AA3D 8A1FBFF0 EB19CCB1 A313D55C | |
285 | DA56C9EC 2EF29632 387FE8D7 6E3C0468 043E8F66 3F4860EE | |
286 | 12BF2D5B 0B7474D6 E694F91E 6DBE1159 74A3926F 12FEE5E4 | |
287 | 38777CB6 A932DF8C D8BEC4D0 73B931BA 3BC832B6 8D9DD300 | |
288 | 741FA7BF 8AFC47ED 2576F693 6BA42466 3AAB639C 5AE4F568 | |
289 | 3423B474 2BF1C978 238F16CB E39D652D E3FDB8BE FC848AD9 | |
290 | 22222E04 A4037C07 13EB57A8 1A23F0C7 3473FC64 6CEA306B | |
291 | 4BCBC886 2F8385DD FA9D4B7F A2C087E8 79683303 ED5BDD3A | |
292 | 062B3CF5 B3A278A6 6D2A13F8 3F44F82D DF310EE0 74AB6A36 | |
293 | 4597E899 A0255DC1 64F31CC5 0846851D F9AB4819 5DED7EA1 | |
294 | B1D510BD 7EE74D73 FAF36BC3 1ECFA268 359046F4 EB879F92 | |
295 | 4009438B 481C6CD7 889A002E D5EE382B C9190DA6 FC026E47 | |
296 | 9558E447 5677E9AA 9E3050E2 765694DF C81F56E8 80B96E71 | |
297 | 60C980DD 98EDD3DF FFFFFFFF FFFFFFFF | |
298 | */ | |
299 | static const char dh_ike_18_pem[] = | |
300 | "-----BEGIN DH PARAMETERS-----\n" | |
301 | "MIIECAKCBAEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n" | |
302 | "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n" | |
303 | "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n" | |
304 | "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n" | |
305 | "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n" | |
306 | "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM\n" | |
307 | "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq\n" | |
308 | "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI\n" | |
309 | "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O\n" | |
310 | "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI\n" | |
311 | "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0AoSSNsP6tNJ8cCbB1NyyYCZG\n" | |
312 | "3sl1HnY9uje9+P+UBq2eUw7l2zgvQTABrrBqU+2QJ9gxF5cnsIZaiRjaPtvrz5sU\n" | |
313 | "7UTObLrO1Lsb238UR+bMJUszIFFRK9evQm+49AE3jNK/WYPKAcZLkuzwMuoV0XId\n" | |
314 | "A/SC185udP721V5wL0aYDIK1qEAxkAscnlnnyX++x+jzI6l6fjbMiL4PHUW3/1ha\n" | |
315 | "xUvUB7IrQVSqzI9tfr9I4dgUzF7SD4A34KeXFe7ym+MoBqHVi7fF2nb1UKo9ih+/\n" | |
316 | "8OsZzLGjE9Vc2lbJ7C7yljI4f+jXbjwEaAQ+j2Y/SGDuEr8tWwt0dNbmlPkebb4R\n" | |
317 | "WXSjkm8S/uXkOHd8tqky34zYvsTQc7kxujvIMraNndMAdB+nv4r8R+0ldvaTa6Qk\n" | |
318 | "ZjqrY5xa5PVoNCO0dCvxyXgjjxbL451lLeP9uL78hIrZIiIuBKQDfAcT61eoGiPw\n" | |
319 | "xzRz/GRs6jBrS8vIhi+Dhd36nUt/osCH6HloMwPtW906Bis89bOieKZtKhP4P0T4\n" | |
320 | "Ld8xDuB0q2o2RZfomaAlXcFk8xzFCEaFHfmrSBld7X6hsdUQvX7nTXP682vDHs+i\n" | |
321 | "aDWQRvTrh5+SQAlDi0gcbNeImgAu1e44K8kZDab8Am5HlVjkR1Z36aqeMFDidlaU\n" | |
322 | "38gfVuiAuW5xYMmA3Zjt09///////////wIBAg==\n" | |
323 | "-----END DH PARAMETERS-----\n"; | |
324 | ||
325 | /* RFC 5114 IKE_id=22 | |
326 | 2.1. 1024-bit MODP Group with 160-bit Prime Order Subgroup | |
327 | ||
328 | The hexadecimal value of the prime is: | |
329 | ||
330 | p = B10B8F96 A080E01D DE92DE5E AE5D54EC 52C99FBC FB06A3C6 | |
331 | 9A6A9DCA 52D23B61 6073E286 75A23D18 9838EF1E 2EE652C0 | |
332 | 13ECB4AE A9061123 24975C3C D49B83BF ACCBDD7D 90C4BD70 | |
333 | 98488E9C 219A7372 4EFFD6FA E5644738 FAA31A4F F55BCCC0 | |
334 | A151AF5F 0DC8B4BD 45BF37DF 365C1A65 E68CFDA7 6D4DA708 | |
335 | DF1FB2BC 2E4A4371 | |
336 | ||
337 | The hexadecimal value of the generator is: | |
338 | ||
339 | g = A4D1CBD5 C3FD3412 6765A442 EFB99905 F8104DD2 58AC507F | |
340 | D6406CFF 14266D31 266FEA1E 5C41564B 777E690F 5504F213 | |
341 | 160217B4 B01B886A 5E91547F 9E2749F4 D7FBD7D3 B9A92EE1 | |
342 | 909D0D22 63F80A76 A6A24C08 7A091F53 1DBF0A01 69B6A28A | |
343 | D662A4D1 8E73AFA3 2D779D59 18D08BC8 858F4DCE F97C2A24 | |
344 | 855E6EEB 22B3B2E5 | |
345 | ||
346 | The generator generates a prime-order subgroup of size: | |
347 | ||
348 | q = F518AA87 81A8DF27 8ABA4E7D 64B7CB9D 49462353 | |
349 | */ | |
350 | static const char dh_ike_22_pem[] = | |
351 | "-----BEGIN DH PARAMETERS-----\n" | |
352 | "MIIBCAKBgQCxC4+WoIDgHd6S3l6uXVTsUsmfvPsGo8aaap3KUtI7YWBz4oZ1oj0Y\n" | |
353 | "mDjvHi7mUsAT7LSuqQYRIySXXDzUm4O/rMvdfZDEvXCYSI6cIZpzck7/1vrlZEc4\n" | |
354 | "+qMaT/VbzMChUa9fDci0vUW/N982XBpl5oz9p21NpwjfH7K8LkpDcQKBgQCk0cvV\n" | |
355 | "w/00EmdlpELvuZkF+BBN0lisUH/WQGz/FCZtMSZv6h5cQVZLd35pD1UE8hMWAhe0\n" | |
356 | "sBuIal6RVH+eJ0n01/vX07mpLuGQnQ0iY/gKdqaiTAh6CR9THb8KAWm2oorWYqTR\n" | |
357 | "jnOvoy13nVkY0IvIhY9Nzvl8KiSFXm7rIrOy5Q==\n" | |
358 | "-----END DH PARAMETERS-----\n"; | |
359 | ||
360 | /* RFC 5114 IKE_id=23 | |
361 | 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup | |
362 | ||
363 | The hexadecimal value of the prime is: | |
364 | ||
365 | p = AD107E1E 9123A9D0 D660FAA7 9559C51F A20D64E5 683B9FD1 | |
366 | B54B1597 B61D0A75 E6FA141D F95A56DB AF9A3C40 7BA1DF15 | |
367 | EB3D688A 309C180E 1DE6B85A 1274A0A6 6D3F8152 AD6AC212 | |
368 | 9037C9ED EFDA4DF8 D91E8FEF 55B7394B 7AD5B7D0 B6C12207 | |
369 | C9F98D11 ED34DBF6 C6BA0B2C 8BBC27BE 6A00E0A0 B9C49708 | |
370 | B3BF8A31 70918836 81286130 BC8985DB 1602E714 415D9330 | |
371 | 278273C7 DE31EFDC 7310F712 1FD5A074 15987D9A DC0A486D | |
372 | CDF93ACC 44328387 315D75E1 98C641A4 80CD86A1 B9E587E8 | |
373 | BE60E69C C928B2B9 C52172E4 13042E9B 23F10B0E 16E79763 | |
374 | C9B53DCF 4BA80A29 E3FB73C1 6B8E75B9 7EF363E2 FFA31F71 | |
375 | CF9DE538 4E71B81C 0AC4DFFE 0C10E64F | |
376 | ||
377 | The hexadecimal value of the generator is: | |
378 | ||
379 | g = AC4032EF 4F2D9AE3 9DF30B5C 8FFDAC50 6CDEBE7B 89998CAF | |
380 | 74866A08 CFE4FFE3 A6824A4E 10B9A6F0 DD921F01 A70C4AFA | |
381 | AB739D77 00C29F52 C57DB17C 620A8652 BE5E9001 A8D66AD7 | |
382 | C1766910 1999024A F4D02727 5AC1348B B8A762D0 521BC98A | |
383 | E2471504 22EA1ED4 09939D54 DA7460CD B5F6C6B2 50717CBE | |
384 | F180EB34 118E98D1 19529A45 D6F83456 6E3025E3 16A330EF | |
385 | BB77A86F 0C1AB15B 051AE3D4 28C8F8AC B70A8137 150B8EEB | |
386 | 10E183ED D19963DD D9E263E4 770589EF 6AA21E7F 5F2FF381 | |
387 | B539CCE3 409D13CD 566AFBB4 8D6C0191 81E1BCFE 94B30269 | |
388 | EDFE72FE 9B6AA4BD 7B5A0F1C 71CFFF4C 19C418E1 F6EC0179 | |
389 | 81BC087F 2A7065B3 84B890D3 191F2BFA | |
390 | ||
391 | The generator generates a prime-order subgroup of size: | |
392 | ||
393 | q = 801C0D34 C58D93FE 99717710 1F80535A 4738CEBC BF389A99 | |
394 | B36371EB | |
395 | */ | |
396 | static const char dh_ike_23_pem[] = | |
397 | "-----BEGIN DH PARAMETERS-----\n" | |
398 | "MIICCgKCAQEArRB+HpEjqdDWYPqnlVnFH6INZOVoO5/RtUsVl7YdCnXm+hQd+VpW\n" | |
399 | "26+aPEB7od8V6z1oijCcGA4d5rhaEnSgpm0/gVKtasISkDfJ7e/aTfjZHo/vVbc5\n" | |
400 | "S3rVt9C2wSIHyfmNEe002/bGugssi7wnvmoA4KC5xJcIs7+KMXCRiDaBKGEwvImF\n" | |
401 | "2xYC5xRBXZMwJ4Jzx94x79xzEPcSH9WgdBWYfZrcCkhtzfk6zEQyg4cxXXXhmMZB\n" | |
402 | "pIDNhqG55YfovmDmnMkosrnFIXLkEwQumyPxCw4W55djybU9z0uoCinj+3PBa451\n" | |
403 | "uX7zY+L/ox9xz53lOE5xuBwKxN/+DBDmTwKCAQEArEAy708tmuOd8wtcj/2sUGze\n" | |
404 | "vnuJmYyvdIZqCM/k/+OmgkpOELmm8N2SHwGnDEr6q3OddwDCn1LFfbF8YgqGUr5e\n" | |
405 | "kAGo1mrXwXZpEBmZAkr00CcnWsE0i7inYtBSG8mK4kcVBCLqHtQJk51U2nRgzbX2\n" | |
406 | "xrJQcXy+8YDrNBGOmNEZUppF1vg0Vm4wJeMWozDvu3eobwwasVsFGuPUKMj4rLcK\n" | |
407 | "gTcVC47rEOGD7dGZY93Z4mPkdwWJ72qiHn9fL/OBtTnM40CdE81Wavu0jWwBkYHh\n" | |
408 | "vP6UswJp7f5y/ptqpL17Wg8ccc//TBnEGOH27AF5gbwIfypwZbOEuJDTGR8r+g==\n" | |
409 | "-----END DH PARAMETERS-----\n"; | |
410 | ||
411 | /* RFC 5114 IKE_id=24 | |
412 | 2.3. 2048-bit MODP Group with 256-bit Prime Order Subgroup | |
413 | ||
414 | The hexadecimal value of the prime is: | |
415 | ||
416 | p = 87A8E61D B4B6663C FFBBD19C 65195999 8CEEF608 660DD0F2 | |
417 | 5D2CEED4 435E3B00 E00DF8F1 D61957D4 FAF7DF45 61B2AA30 | |
418 | 16C3D911 34096FAA 3BF4296D 830E9A7C 209E0C64 97517ABD | |
419 | 5A8A9D30 6BCF67ED 91F9E672 5B4758C0 22E0B1EF 4275BF7B | |
420 | 6C5BFC11 D45F9088 B941F54E B1E59BB8 BC39A0BF 12307F5C | |
421 | 4FDB70C5 81B23F76 B63ACAE1 CAA6B790 2D525267 35488A0E | |
422 | F13C6D9A 51BFA4AB 3AD83477 96524D8E F6A167B5 A41825D9 | |
423 | 67E144E5 14056425 1CCACB83 E6B486F6 B3CA3F79 71506026 | |
424 | C0B857F6 89962856 DED4010A BD0BE621 C3A3960A 54E710C3 | |
425 | 75F26375 D7014103 A4B54330 C198AF12 6116D227 6E11715F | |
426 | 693877FA D7EF09CA DB094AE9 1E1A1597 | |
427 | ||
428 | The hexadecimal value of the generator is: | |
429 | ||
430 | g = 3FB32C9B 73134D0B 2E775066 60EDBD48 4CA7B18F 21EF2054 | |
431 | 07F4793A 1A0BA125 10DBC150 77BE463F FF4FED4A AC0BB555 | |
432 | BE3A6C1B 0C6B47B1 BC3773BF 7E8C6F62 901228F8 C28CBB18 | |
433 | A55AE313 41000A65 0196F931 C77A57F2 DDF463E5 E9EC144B | |
434 | 777DE62A AAB8A862 8AC376D2 82D6ED38 64E67982 428EBC83 | |
435 | 1D14348F 6F2F9193 B5045AF2 767164E1 DFC967C1 FB3F2E55 | |
436 | A4BD1BFF E83B9C80 D052B985 D182EA0A DB2A3B73 13D3FE14 | |
437 | C8484B1E 052588B9 B7D2BBD2 DF016199 ECD06E15 57CD0915 | |
438 | B3353BBB 64E0EC37 7FD02837 0DF92B52 C7891428 CDC67EB6 | |
439 | 184B523D 1DB246C3 2F630784 90F00EF8 D647D148 D4795451 | |
440 | 5E2327CF EF98C582 664B4C0F 6CC41659 | |
441 | ||
442 | The generator generates a prime-order subgroup of size: | |
443 | ||
444 | q = 8CF83642 A709A097 B4479976 40129DA2 99B1A47D 1EB3750B | |
445 | A308B0FE 64F5FBD3 | |
446 | */ | |
447 | static const char dh_ike_24_pem[] = | |
448 | "-----BEGIN DH PARAMETERS-----\n" | |
449 | "MIICCQKCAQEAh6jmHbS2Zjz/u9GcZRlZmYzu9ghmDdDyXSzu1ENeOwDgDfjx1hlX\n" | |
450 | "1Pr330VhsqowFsPZETQJb6o79Cltgw6afCCeDGSXUXq9WoqdMGvPZ+2R+eZyW0dY\n" | |
451 | "wCLgse9Cdb97bFv8EdRfkIi5QfVOseWbuLw5oL8SMH9cT9twxYGyP3a2Osrhyqa3\n" | |
452 | "kC1SUmc1SIoO8TxtmlG/pKs62DR3llJNjvahZ7WkGCXZZ+FE5RQFZCUcysuD5rSG\n" | |
453 | "9rPKP3lxUGAmwLhX9omWKFbe1AEKvQvmIcOjlgpU5xDDdfJjddcBQQOktUMwwZiv\n" | |
454 | "EmEW0iduEXFfaTh3+tfvCcrbCUrpHhoVlwKCAQA/syybcxNNCy53UGZg7b1ITKex\n" | |
455 | "jyHvIFQH9Hk6GguhJRDbwVB3vkY//0/tSqwLtVW+OmwbDGtHsbw3c79+jG9ikBIo\n" | |
456 | "+MKMuxilWuMTQQAKZQGW+THHelfy3fRj5ensFEt3feYqqrioYorDdtKC1u04ZOZ5\n" | |
457 | "gkKOvIMdFDSPby+Rk7UEWvJ2cWTh38lnwfs/LlWkvRv/6DucgNBSuYXRguoK2yo7\n" | |
458 | "cxPT/hTISEseBSWIubfSu9LfAWGZ7NBuFVfNCRWzNTu7ZODsN3/QKDcN+StSx4kU\n" | |
459 | "KM3GfrYYS1I9HbJGwy9jB4SQ8A741kfRSNR5VFFeIyfP75jFgmZLTA9sxBZZ\n" | |
460 | "-----END DH PARAMETERS-----\n"; | |
461 | ||
462 | ||
463 | /* ========================================================================= */ | |
464 | ||
465 | struct dh_constant { | |
466 | const char *label; | |
467 | const char *pem; | |
468 | }; | |
469 | ||
470 | /* KEEP SORTED ALPHABETICALLY; | |
471 | * duplicate PEM are okay, if we want aliases, but names must be alphabetical */ | |
472 | static struct dh_constant dh_constants[] = { | |
473 | { "default", dh_ike_23_pem }, | |
474 | { "ike1", dh_ike_1_pem }, | |
475 | { "ike14", dh_ike_14_pem }, | |
476 | { "ike15", dh_ike_15_pem }, | |
477 | { "ike16", dh_ike_16_pem }, | |
478 | { "ike17", dh_ike_17_pem }, | |
479 | { "ike18", dh_ike_18_pem }, | |
480 | { "ike2", dh_ike_2_pem }, | |
481 | { "ike22", dh_ike_22_pem }, | |
482 | { "ike23", dh_ike_23_pem }, | |
483 | { "ike24", dh_ike_24_pem }, | |
484 | { "ike5", dh_ike_5_pem }, | |
485 | }; | |
486 | static const int dh_constants_count = | |
487 | sizeof(dh_constants) / sizeof(struct dh_constant); | |
488 | ||
489 | ||
490 | /* A policy decision; in absence of any other data, use a 2048 bit prime, | |
491 | * pick the first one from the latest RFC providing such. */ | |
492 | const char * | |
493 | std_dh_prime_default(void) | |
494 | { | |
495 | return dh_ike_23_pem; | |
496 | } | |
497 | ||
498 | ||
499 | const char * | |
500 | std_dh_prime_named(const uschar *name) | |
501 | { | |
502 | int first, last; | |
503 | char *search_name = CS string_copylc(US name); | |
504 | ||
505 | first = 0; | |
506 | last = dh_constants_count; | |
507 | while (last > first) { | |
508 | int middle = (first + last)/2; | |
509 | int c = strcmp(search_name, dh_constants[middle].label); | |
510 | if (c == 0) | |
511 | return dh_constants[middle].pem; | |
512 | else if (c > 0) | |
513 | first = middle + 1; | |
514 | else | |
515 | last = middle; | |
516 | } | |
517 | return NULL; | |
518 | } | |
519 | ||
520 | #endif /* SUPPORT_TLS */ | |
521 | /* EOF */ |