Skip to content
Permalink
Browse files

Merge PR #3183: FFDHE: add new class for accessing RFC 7919 Diffie-He…

…llman parameters.
  • Loading branch information...
mkrautz committed Jul 28, 2017
2 parents 5aaf1ed + d993b83 commit 36cb96062f387d6e12e0452863a42b66e079a684
Showing with 825 additions and 3 deletions.
  1. +584 −0 scripts/generate-ffdhe.py
  2. +27 −0 src/FFDHE.cpp
  3. +22 −0 src/FFDHE.h
  4. +91 −0 src/FFDHETable.h
  5. +2 −2 src/mumble.pri
  6. +77 −0 src/tests/TestFFDHE/TestFFDHE.cpp
  7. +20 −0 src/tests/TestFFDHE/TestFFDHE.pro
  8. +2 −1 src/tests/tests.pro

Large diffs are not rendered by default.

@@ -0,0 +1,27 @@
// Copyright 2005-2017 The Mumble Developers. All rights reserved.
// Use of this source code is governed by a BSD-style license
// that can be found in the LICENSE file at the root of the
// Mumble source tree or at <https://www.mumble.info/LICENSE>.

#include "murmur_pch.h"

#include "FFDHE.h"
#include "FFDHETable.h"

QByteArray FFDHE::PEMForNamedGroup(QString name) {
name = name.toLower();

if (name == QLatin1String("ffdhe2048")) {
return QByteArray::fromRawData(ffdhe2048_pem, sizeof(ffdhe2048_pem));
} else if (name == QLatin1String("ffdhe3072")) {
return QByteArray::fromRawData(ffdhe3072_pem, sizeof(ffdhe3072_pem));
} else if (name == QLatin1String("ffdhe4096")) {
return QByteArray::fromRawData(ffdhe4096_pem, sizeof(ffdhe4096_pem));
} else if (name == QLatin1String("ffdhe6144")) {
return QByteArray::fromRawData(ffdhe6144_pem, sizeof(ffdhe6144_pem));
} else if (name == QLatin1String("ffdhe8192")) {
return QByteArray::fromRawData(ffdhe8192_pem, sizeof(ffdhe8192_pem));
}

return QByteArray();
}
@@ -0,0 +1,22 @@
// Copyright 2005-2017 The Mumble Developers. All rights reserved.
// Use of this source code is governed by a BSD-style license
// that can be found in the LICENSE file at the root of the
// Mumble source tree or at <https://www.mumble.info/LICENSE>.

#ifndef MUMBLE_FFDHE_H_
#define MUMBLE_FFDHE_H_

/// FFDHE provides access to the Diffie-Hellman parameters from RFC 7919.
class FFDHE {
public:
/// PEMForNamedGroup returns the PEM-encoded
/// Diffie-Hellman parameters for the RFC 7919
/// group with the given name, such as "ffdhe2048",
/// "ffdhe4096", etc.
///
/// Returns an empty byte array if the request
/// could not be fulfilled.
static QByteArray PEMForNamedGroup(QString name);
};

#endif
@@ -0,0 +1,91 @@
// Copyright 2005-2017 The Mumble Developers. All rights reserved.
// Use of this source code is governed by a BSD-style license
// that can be found in the LICENSE file at the root of the
// Mumble source tree or at <https://www.mumble.info/LICENSE>.

// Automatically generated by "generate-ffdhe.py". DO NOT EDIT BY HAND.

static const char ffdhe2048_pem[] = \
"-----BEGIN DH PARAMETERS-----\n"
"MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
"ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==\n"
"-----END DH PARAMETERS-----\n";

static const char ffdhe3072_pem[] = \
"-----BEGIN DH PARAMETERS-----\n"
"MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n"
"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n"
"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu\n"
"N///////////AgEC\n"
"-----END DH PARAMETERS-----\n";

static const char ffdhe4096_pem[] = \
"-----BEGIN DH PARAMETERS-----\n"
"MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n"
"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n"
"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n"
"8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n"
"iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n"
"zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=\n"
"-----END DH PARAMETERS-----\n";

static const char ffdhe6144_pem[] = \
"-----BEGIN DH PARAMETERS-----\n"
"MIIDCAKCAwEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n"
"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n"
"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n"
"8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n"
"iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n"
"zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq\n"
"OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE\n"
"HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj\n"
"w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8\n"
"vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70\n"
"A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKc0OQO\n"
"Zf//////////AgEC\n"
"-----END DH PARAMETERS-----\n";

static const char ffdhe8192_pem[] = \
"-----BEGIN DH PARAMETERS-----\n"
"MIIECAKCBAEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n"
"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n"
"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n"
"8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n"
"iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n"
"zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq\n"
"OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE\n"
"HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj\n"
"w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8\n"
"vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70\n"
"A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKcz/Rq\n"
"qjatAEz2AMg4HkJaMdlRrmT9sj/OyVCdQ2h/62nt0cxeC4zDvfZLEO+GtjFCo6uI\n"
"KVVbL3R8kyZlyywPHMAb1wIpOIg50q8F5FRQSseLdYKCKEbAujXDX1xZFgzARv2C\n"
"UVQfxoychrAiu3CZh2pGDnRRqKkxCXA/7hwhfmw4JuUsUappHg5CPPyZ6eMWUMEh\n"
"e2JIFs2tmpX51bgBlIjZwKCh/jB1pXfiMYP4HUo/L6RXHvyM4LqKT+i2hV3+crCm\n"
"bt7S+6v75Yow+vq+HF1xqH4vdB74wf6G/qa7/eUwZ38Nl9EdSfeoRD0IIuUGqfRh\n"
"TgEeKpSDj/iM1oyLt8XGQkz//////////wIBAg==\n"
"-----END DH PARAMETERS-----\n";
@@ -14,8 +14,8 @@ CONFIG += qt thread debug_and_release warn_on
DEFINES *= MUMBLE_VERSION_STRING=$$VERSION
INCLUDEPATH += $$PWD . ../mumble_proto
VPATH += $$PWD
HEADERS *= ACL.h Channel.h CryptState.h Connection.h Group.h HTMLFilter.h User.h Net.h OSInfo.h Timer.h SSL.h Version.h SSLCipherInfo.h SSLCipherInfoTable.h licenses.h License.h LogEmitter.h CryptographicHash.h CryptographicRandom.h PasswordGenerator.h ByteSwap.h HostAddress.cpp Ban.h EnvUtils.h UnresolvedServerAddress.h ServerAddress.h ServerResolver.h ServerResolverRecord.h SelfSignedCertificate.h SSLLocks.h
SOURCES *= ACL.cpp Group.cpp Channel.cpp Connection.cpp HTMLFilter.cpp User.cpp Timer.cpp CryptState.cpp OSInfo.cpp SSL.cpp Version.cpp SSLCipherInfo.cpp License.cpp LogEmitter.cpp CryptographicHash.cpp CryptographicRandom.cpp PasswordGenerator.cpp HostAddress.cpp Ban.cpp EnvUtils.cpp UnresolvedServerAddress.cpp ServerAddress.cpp ServerResolver_qt5.cpp ServerResolverRecord.cpp SelfSignedCertificate.cpp SSLLocks.cpp
HEADERS *= ACL.h Channel.h CryptState.h Connection.h Group.h HTMLFilter.h User.h Net.h OSInfo.h Timer.h SSL.h Version.h SSLCipherInfo.h SSLCipherInfoTable.h licenses.h License.h LogEmitter.h CryptographicHash.h CryptographicRandom.h PasswordGenerator.h ByteSwap.h HostAddress.cpp Ban.h EnvUtils.h UnresolvedServerAddress.h ServerAddress.h ServerResolver.h ServerResolverRecord.h SelfSignedCertificate.h SSLLocks.h FFDHETable.h FFDHE.h
SOURCES *= ACL.cpp Group.cpp Channel.cpp Connection.cpp HTMLFilter.cpp User.cpp Timer.cpp CryptState.cpp OSInfo.cpp SSL.cpp Version.cpp SSLCipherInfo.cpp License.cpp LogEmitter.cpp CryptographicHash.cpp CryptographicRandom.cpp PasswordGenerator.cpp HostAddress.cpp Ban.cpp EnvUtils.cpp UnresolvedServerAddress.cpp ServerAddress.cpp ServerResolver_qt5.cpp ServerResolverRecord.cpp SelfSignedCertificate.cpp SSLLocks.cpp FFDHE.cpp
LIBS *= -lmumble_proto

equals(QT_MAJOR_VERSION, 4) {
@@ -0,0 +1,77 @@
// Copyright 2005-2017 The Mumble Developers. All rights reserved.
// Use of this source code is governed by a BSD-style license
// that can be found in the LICENSE file at the root of the
// Mumble source tree or at <https://www.mumble.info/LICENSE>.

#include <QtCore>
#include <QtTest>

#if defined(USE_QSSLDIFFIEHELLMANPARAMETERS)
# include <QtNetwork/QSslDiffieHellmanParameters>
#endif

#include "SSL.h"
#include "FFDHE.h"

class TestFFDHE : public QObject {
Q_OBJECT
private slots:
void initTestCase();
void cleanupTestCase();

#if defined(USE_QSSLDIFFIEHELLMANPARAMETERS)
void exercise_data();
void exercise();
#endif
};

void TestFFDHE::initTestCase() {
MumbleSSL::initialize();
}

void TestFFDHE::cleanupTestCase() {
MumbleSSL::destroy();
}

#if defined(USE_QSSLDIFFIEHELLMANPARAMETERS)
void TestFFDHE::exercise_data() {
QTest::addColumn<QString>("name");
QTest::addColumn<bool>("expectedToWork");

QTest::newRow("ffdhe2048") << QString(QLatin1String("ffdhe2048")) << true;
QTest::newRow("ffdhe3072") << QString(QLatin1String("ffdhe3072")) << true;
QTest::newRow("ffdhe4096") << QString(QLatin1String("ffdhe4096")) << true;
QTest::newRow("ffdhe6144") << QString(QLatin1String("ffdhe6144")) << true;
QTest::newRow("ffdhe8192") << QString(QLatin1String("ffdhe8192")) << true;

QTest::newRow("ffdhe2048_upper") << QString(QLatin1String("FFDHE2048")) << true;
QTest::newRow("ffdhe2048_random") << QString(QLatin1String("fFdHe2048")) << true;
QTest::newRow("noname") << QString(QLatin1String("")) << false;
QTest::newRow("typo") << QString(QLatin1String("ffdhe2047")) << false;
QTest::newRow("trailingspace") << QString(QLatin1String("ffdhe2048 ")) << false;
}

void TestFFDHE::exercise() {
QFETCH(QString, name);
QFETCH(bool, expectedToWork);

bool ok = true;

QByteArray pem = FFDHE::PEMForNamedGroup(name);
if (pem.isEmpty() || pem.isNull()) {
ok = false;
}
if (ok) {
QSslDiffieHellmanParameters dh = QSslDiffieHellmanParameters::fromEncoded(pem, QSsl::Pem);
ok = dh.isValid();
if (!ok) {
qWarning("QSslDiffieHellman error: %s", qPrintable(dh.errorString()));
}
}

QCOMPARE(ok, expectedToWork);
}
#endif

QTEST_MAIN(TestFFDHE)
#include "TestFFDHE.moc"
@@ -0,0 +1,20 @@
# Copyright 2005-2017 The Mumble Developers. All rights reserved.
# Use of this source code is governed by a BSD-style license
# that can be found in the LICENSE file at the root of the
# Mumble source tree or at <https://www.mumble.info/LICENSE>.

include(../test.pri)

QT += network

# Check for QSslDiffieHellmanParameters availability, and define
# USE_QSSLDIFFIEHELLMANPARAMETERS preprocessor if available.
#
# Can be disabled with no-qssldiffiehellmanparameters.
!CONFIG(no-qssldiffiehellmanparameters):exists($$[QT_INSTALL_HEADERS]/QtNetwork/QSslDiffieHellmanParameters) {
DEFINES += USE_QSSLDIFFIEHELLMANPARAMETERS
}

TARGET = TestFFDHE
SOURCES = SSL.cpp SSLLocks.cpp FFDHE.cpp TestFFDHE.cpp
HEADERS = SSL.h SSLLocks.h FFDHE.h FFDHETable.h
@@ -17,4 +17,5 @@ SUBDIRS += \
TestServerAddress \
TestServerResolver \
TestSelfSignedCertificate \
TestSSLLocks
TestSSLLocks \
TestFFDHE

0 comments on commit 36cb960

Please sign in to comment.
You can’t perform that action at this time.