use 512 bits of entropy for secret DH exponents
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 26 Oct 2008 23:53:52 +0000 (23:53 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 26 Oct 2008 23:53:52 +0000 (23:53 -0000)
src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
src/libstrongswan/utils.h
src/pluto/constants.h

index 4c5ffc6..4d978f9 100644 (file)
@@ -282,6 +282,8 @@ static u_int8_t group18_modulus[] = {
        0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
 };
 
+#define DH_EXPONENT_ENTROPY            64      /* bytes = 512 bits */
+
 typedef struct modulus_entry_t modulus_entry_t;
 
 /** 
@@ -567,7 +569,7 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
                destroy(this);
                return NULL;
        }
-       rng->allocate_bytes(rng, this->p_len, &random);
+       rng->allocate_bytes(rng, DH_EXPONENT_ENTROPY_SIZE / BITS_PER_BYTE, &random);
        rng->destroy(rng);
        mpz_import(this->xa, random.len, 1, 1, 1, 0, random.ptr);
        chunk_free(&random);
index d3e5491..217b1aa 100644 (file)
@@ -217,6 +217,7 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t g
                free(this);
                return NULL;
        }
+       this->dh->length = DH_EXPONENT_ENTROPY_SIZE;
        
        this->group = group;
        this->computed = FALSE;
index 4d05ce5..3260476 100644 (file)
 #define BUF_LEN 512
 
 /**
+ * Entropy in bits of secret Diffie-Hellman exponents
+ */
+#define DH_EXPONENT_ENTROPY_SIZE       512
+
+/**
  * Macro compares two strings for equality
  */
 #define streq(x,y) (strcmp(x, y) == 0)
index 989faee..9505d34 100644 (file)
@@ -279,7 +279,7 @@ extern const char sparse_end[];
        "4009438B 481C6CD7 889A002E D5EE382B C9190DA6 FC026E47" \
        "9558E447 5677E9AA 9E3050E2 765694DF C81F56E8 80B96E71" \
        "60C980DD 98EDD3DF FFFFFFFF FFFFFFFF"
-#define LOCALSECRETSIZE                (256 / BITS_PER_BYTE)
+#define LOCALSECRETSIZE                (512 / BITS_PER_BYTE)
 
 /* limits on nonce sizes.  See RFC2409 "The internet key exchange (IKE)" 5 */
 #define MINIMUM_NONCE_SIZE     8       /* bytes */