From 7c0772007a65c699222a594c95b37fab1e001b57 Mon Sep 17 00:00:00 2001 From: Mike Belopuhov Date: Wed, 4 Jan 2017 12:31:02 +0000 Subject: Remove modular exponential groups specified in RFC5114 Brought up by doug@, ok reyk, djm, doug --- sbin/iked/dh.c | 64 +-------------------------------------------------- sbin/iked/iked.conf.5 | 7 ++---- sbin/iked/ikev2.h | 5 +--- sbin/iked/parse.y | 9 +------- sbin/isakmpd/dh.c | 64 +-------------------------------------------------- 5 files changed, 6 insertions(+), 143 deletions(-) diff --git a/sbin/iked/dh.c b/sbin/iked/dh.c index a3c462ff292..b9268fb2ddb 100644 --- a/sbin/iked/dh.c +++ b/sbin/iked/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.17 2015/08/21 11:59:27 reyk Exp $ */ +/* $OpenBSD: dh.c,v 1.18 2017/01/04 12:31:01 mikeb Exp $ */ /* * Copyright (c) 2010-2014 Reyk Floeter @@ -235,68 +235,6 @@ struct group_id ike_groups[] = { { GROUP_ECP, 19, 256, NULL, NULL, NID_X9_62_prime256v1 }, { GROUP_ECP, 20, 384, NULL, NULL, NID_secp384r1 }, { GROUP_ECP, 21, 521, NULL, NULL, NID_secp521r1 }, - { GROUP_MODP, 22, 1024, - "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6" - "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0" - "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70" - "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0" - "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" - "DF1FB2BC2E4A4371", - "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F" - "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213" - "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1" - "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A" - "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" - "855E6EEB22B3B2E5" - }, - { GROUP_MODP, 23, 2048, - "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" - "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" - "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" - "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" - "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" - "B3BF8A317091883681286130BC8985DB1602E714415D9330" - "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" - "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" - "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" - "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" - "CF9DE5384E71B81C0AC4DFFE0C10E64F", - "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" - "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" - "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" - "C17669101999024AF4D027275AC1348BB8A762D0521BC98A" - "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" - "F180EB34118E98D119529A45D6F834566E3025E316A330EF" - "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" - "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" - "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" - "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" - "81BC087F2A7065B384B890D3191F2BFA" - }, - { GROUP_MODP, 24, 2048, - "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2" - "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30" - "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD" - "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B" - "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C" - "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E" - "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9" - "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026" - "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3" - "75F26375D7014103A4B54330C198AF126116D2276E11715F" - "693877FAD7EF09CADB094AE91E1A1597", - "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054" - "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555" - "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18" - "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B" - "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83" - "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55" - "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14" - "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915" - "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6" - "184B523D1DB246C32F63078490F00EF8D647D148D4795451" - "5E2327CFEF98C582664B4C0F6CC41659" - }, { GROUP_ECP, 25, 192, NULL, NULL, NID_X9_62_prime192v1 }, { GROUP_ECP, 26, 224, NULL, NULL, NID_secp224r1 }, { GROUP_ECP, 27, 224, NULL, NULL, NID_brainpoolP224r1 }, diff --git a/sbin/iked/iked.conf.5 b/sbin/iked/iked.conf.5 index c957355b1a3..81c2b595f50 100644 --- a/sbin/iked/iked.conf.5 +++ b/sbin/iked/iked.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: iked.conf.5,v 1.45 2016/11/28 16:27:32 mikeb Exp $ +.\" $OpenBSD: iked.conf.5,v 1.46 2017/01/04 12:31:01 mikeb Exp $ .\" .\" Copyright (c) 2010 - 2014 Reyk Floeter .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 28 2016 $ +.Dd $Mdocdate: January 4 2017 $ .Dt IKED.CONF 5 .Os .Sh NAME @@ -815,9 +815,6 @@ keyword: .It Li ecp256 Ta grp19 Ta 256 Ta "ECP" .It Li ecp384 Ta grp20 Ta 384 Ta "ECP" .It Li ecp521 Ta grp21 Ta 521 Ta "ECP" -.It Li modp1024-160 Ta grp22 Ta 2048 Ta "MODP, 160 bit Prime Order Subgroup" -.It Li modp2048-224 Ta grp23 Ta 2048 Ta "MODP, 224 bit Prime Order Subgroup" -.It Li modp2048-256 Ta grp24 Ta 2048 Ta "MODP, 256 bit Prime Order Subgroup" .It Li ecp192 Ta grp25 Ta 192 Ta "ECP" .It Li ecp224 Ta grp26 Ta 224 Ta "ECP" .It Li brainpool224 Ta grp27 Ta 224 Ta "ECP, brainpoolP224r1" diff --git a/sbin/iked/ikev2.h b/sbin/iked/ikev2.h index e2b182cd428..4b997bf8749 100644 --- a/sbin/iked/ikev2.h +++ b/sbin/iked/ikev2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.h,v 1.23 2015/10/31 19:28:19 naddy Exp $ */ +/* $OpenBSD: ikev2.h,v 1.24 2017/01/04 12:31:01 mikeb Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -234,9 +234,6 @@ extern struct iked_constmap ikev2_xformauth_map[]; #define IKEV2_XFORMDH_ECP_256 19 /* DH Group 19 */ #define IKEV2_XFORMDH_ECP_384 20 /* DH Group 20 */ #define IKEV2_XFORMDH_ECP_521 21 /* DH Group 21 */ -#define IKEV2_XFORMDH_MODP_1024_160 22 /* DH Group 22 */ -#define IKEV2_XFORMDH_MODP_2048_224 23 /* DH Group 23 */ -#define IKEV2_XFORMDH_MODP_2048_256 24 /* DH Group 24 */ #define IKEV2_XFORMDH_ECP_192 25 /* DH Group 25 */ #define IKEV2_XFORMDH_ECP_224 26 /* DH Group 26 */ #define IKEV2_XFORMDH_BRAINPOOL_P224R1 27 /* DH Group 27 */ diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y index bbf63e0353d..99880c3f58b 100644 --- a/sbin/iked/parse.y +++ b/sbin/iked/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.58 2016/09/03 09:20:07 vgross Exp $ */ +/* $OpenBSD: parse.y,v 1.59 2017/01/04 12:31:01 mikeb Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -125,7 +125,6 @@ struct iked_transform ikev2_default_ike_transforms[] = { { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_SHA1 }, { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 }, { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 }, - { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_2048_256 }, { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_2048 }, { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_1536 }, { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_MODP_1024 }, @@ -226,12 +225,6 @@ const struct ipsec_xf groupxfs[] = { { "grp20", IKEV2_XFORMDH_ECP_384 }, { "ecp521", IKEV2_XFORMDH_ECP_521 }, { "grp21", IKEV2_XFORMDH_ECP_521 }, - { "modp1024-160", IKEV2_XFORMDH_MODP_1024_160 }, - { "grp22", IKEV2_XFORMDH_MODP_1024_160 }, - { "modp2048-224", IKEV2_XFORMDH_MODP_2048_224 }, - { "grp23", IKEV2_XFORMDH_MODP_2048_224 }, - { "modp2048-256", IKEV2_XFORMDH_MODP_2048_256 }, - { "grp24", IKEV2_XFORMDH_MODP_2048_256 }, { "ecp192", IKEV2_XFORMDH_ECP_192 }, { "grp25", IKEV2_XFORMDH_ECP_192 }, { "ecp224", IKEV2_XFORMDH_ECP_224 }, diff --git a/sbin/isakmpd/dh.c b/sbin/isakmpd/dh.c index aeb355a6695..a0da694b5fb 100644 --- a/sbin/isakmpd/dh.c +++ b/sbin/isakmpd/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.19 2015/01/16 06:39:58 deraadt Exp $ */ +/* $OpenBSD: dh.c,v 1.20 2017/01/04 12:31:01 mikeb Exp $ */ /* * Copyright (c) 2010-2014 Reyk Floeter @@ -215,68 +215,6 @@ struct group_id ike_groups[] = { { GROUP_ECP, 19, 256, NULL, NULL, NID_X9_62_prime256v1 }, { GROUP_ECP, 20, 384, NULL, NULL, NID_secp384r1 }, { GROUP_ECP, 21, 521, NULL, NULL, NID_secp521r1 }, - { GROUP_MODP, 22, 1024, - "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6" - "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0" - "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70" - "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0" - "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" - "DF1FB2BC2E4A4371", - "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F" - "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213" - "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1" - "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A" - "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" - "855E6EEB22B3B2E5" - }, - { GROUP_MODP, 23, 2048, - "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" - "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" - "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" - "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" - "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" - "B3BF8A317091883681286130BC8985DB1602E714415D9330" - "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" - "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" - "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" - "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" - "CF9DE5384E71B81C0AC4DFFE0C10E64F", - "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" - "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" - "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" - "C17669101999024AF4D027275AC1348BB8A762D0521BC98A" - "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" - "F180EB34118E98D119529A45D6F834566E3025E316A330EF" - "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" - "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" - "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" - "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" - "81BC087F2A7065B384B890D3191F2BFA" - }, - { GROUP_MODP, 24, 2048, - "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2" - "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30" - "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD" - "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B" - "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C" - "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E" - "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9" - "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026" - "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3" - "75F26375D7014103A4B54330C198AF126116D2276E11715F" - "693877FAD7EF09CADB094AE91E1A1597", - "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054" - "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555" - "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18" - "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B" - "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83" - "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55" - "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14" - "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915" - "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6" - "184B523D1DB246C32F63078490F00EF8D647D148D4795451" - "5E2327CFEF98C582664B4C0F6CC41659" - }, { GROUP_ECP, 25, 192, NULL, NULL, NID_X9_62_prime192v1 }, { GROUP_ECP, 26, 224, NULL, NULL, NID_secp224r1 }, { GROUP_ECP, 27, 224, NULL, NULL, NID_brainpoolP224r1 }, -- cgit v1.2.3