refining changeset 4483 by introducing charon.dh_exponent_ansi_x9_42 key
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 28 Oct 2008 01:59:01 +0000 (01:59 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 28 Oct 2008 01:59:01 +0000 (01:59 -0000)
src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
src/libstrongswan/utils.h

index b811026..0f90314 100644 (file)
@@ -304,23 +304,28 @@ struct modulus_entry_t {
        size_t modulus_len;
        
        /* 
        size_t modulus_len;
        
        /* 
+        * Optimum length of exponent in bytes.
+        */     
+       size_t opt_exponent_len;
+
+       /* 
         * Generator value.
         */     
        u_int16_t generator;
 };
 
 /**
         * Generator value.
         */     
        u_int16_t generator;
 };
 
 /**
- * All supported modulus values.
+ * All supported modulus values - optimum exponent size according to RFC 3526.
  */
 static modulus_entry_t modulus_entries[] = {
  */
 static modulus_entry_t modulus_entries[] = {
-       {MODP_768_BIT, group1_modulus, sizeof(group1_modulus), 2},
-       {MODP_1024_BIT, group2_modulus, sizeof(group2_modulus), 2},
-       {MODP_1536_BIT, group5_modulus, sizeof(group5_modulus), 2},
-       {MODP_2048_BIT, group14_modulus, sizeof(group14_modulus), 2},
-       {MODP_3072_BIT, group15_modulus, sizeof(group15_modulus), 2},
-       {MODP_4096_BIT, group16_modulus, sizeof(group16_modulus), 2},
-       {MODP_6144_BIT, group17_modulus, sizeof(group17_modulus), 2},
-       {MODP_8192_BIT, group18_modulus, sizeof(group18_modulus), 2},
+       {MODP_768_BIT,  group1_modulus,  sizeof(group1_modulus),  32, 2},
+       {MODP_1024_BIT, group2_modulus,  sizeof(group2_modulus),  32, 2},
+       {MODP_1536_BIT, group5_modulus,  sizeof(group5_modulus),  32, 2},
+       {MODP_2048_BIT, group14_modulus, sizeof(group14_modulus), 48, 2},
+       {MODP_3072_BIT, group15_modulus, sizeof(group15_modulus), 48, 2},
+       {MODP_4096_BIT, group16_modulus, sizeof(group16_modulus), 64, 2},
+       {MODP_6144_BIT, group17_modulus, sizeof(group17_modulus), 64, 2},
+       {MODP_8192_BIT, group18_modulus, sizeof(group18_modulus), 64, 2},
 };
 
 typedef struct private_gmp_diffie_hellman_t private_gmp_diffie_hellman_t;
 };
 
 typedef struct private_gmp_diffie_hellman_t private_gmp_diffie_hellman_t;
@@ -375,6 +380,11 @@ struct private_gmp_diffie_hellman_t {
        size_t p_len;
        
        /**
        size_t p_len;
        
        /**
+        * Optimal exponent length.
+        */
+       size_t opt_exponent_len;
+
+       /**
         * True if shared secret is computed and stored in my_public_value.
         */
        bool computed;
         * True if shared secret is computed and stored in my_public_value.
         */
        bool computed;
@@ -504,6 +514,7 @@ static status_t set_modulus(private_gmp_diffie_hellman_t *this)
                        chunk.len = modulus_entries[i].modulus_len;
                        mpz_import(this->p, chunk.len, 1, 1, 1, 0, chunk.ptr);
                        this->p_len = chunk.len;
                        chunk.len = modulus_entries[i].modulus_len;
                        mpz_import(this->p, chunk.len, 1, 1, 1, 0, chunk.ptr);
                        this->p_len = chunk.len;
+                       this->opt_exponent_len = modulus_entries[i].opt_exponent_len;
                        mpz_set_ui(this->g, modulus_entries[i].generator);
                        status = SUCCESS;
                        break;
                        mpz_set_ui(this->g, modulus_entries[i].generator);
                        status = SUCCESS;
                        break;
@@ -534,6 +545,8 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
        private_gmp_diffie_hellman_t *this = malloc_thing(private_gmp_diffie_hellman_t);
        rng_t *rng;
        chunk_t random;
        private_gmp_diffie_hellman_t *this = malloc_thing(private_gmp_diffie_hellman_t);
        rng_t *rng;
        chunk_t random;
+       bool ansi_x9_42;
+       size_t exponent_len;
 
        /* public functions */
        this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
 
        /* public functions */
        this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
@@ -567,11 +580,22 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
                destroy(this);
                return NULL;
        }
                destroy(this);
                return NULL;
        }
-       rng->allocate_bytes(rng, DH_EXPONENT_ENTROPY_SIZE / BITS_PER_BYTE, &random);
+
+       ansi_x9_42 = lib->settings->get_int(lib->settings,
+                                        "charon.dh_exponent_ansi_x9_42", TRUE);
+       exponent_len = (ansi_x9_42) ? this->p_len : this->opt_exponent_len;     
+       rng->allocate_bytes(rng, exponent_len, &random);
        rng->destroy(rng);
        rng->destroy(rng);
+
+       if (ansi_x9_42)
+       {
+               /* achieve bitsof(p)-1 by setting MSB to 0 */
+               *random.ptr &= 0x7F;
+       }
        mpz_import(this->xa, random.len, 1, 1, 1, 0, random.ptr);
        chunk_free(&random);
        mpz_import(this->xa, random.len, 1, 1, 1, 0, random.ptr);
        chunk_free(&random);
-       
+       DBG2("size of DH secret exponent: %u bits", mpz_sizeinbase(this->xa, 2));
+
        mpz_powm(this->ya, this->g, this->xa, this->p);
        
        return &this->public;
        mpz_powm(this->ya, this->g, this->xa, this->p);
        
        return &this->public;
index 217b1aa..f309236 100644 (file)
@@ -38,23 +38,28 @@ struct modulus_entry_t {
        BIGNUM *(*get_prime)(BIGNUM *bn);
        
        /* 
        BIGNUM *(*get_prime)(BIGNUM *bn);
        
        /* 
+        * Optimum length of exponent in bits.
+        */     
+       long opt_exponent_len;
+
+       /* 
         * Generator value.
         */     
        u_int16_t generator;
 };
 
 /**
         * Generator value.
         */     
        u_int16_t generator;
 };
 
 /**
- * All supported modulus values.
+ * All supported modulus values - optimum exponent size according to RFC 3526.
  */
 static modulus_entry_t modulus_entries[] = {
  */
 static modulus_entry_t modulus_entries[] = {
-       {MODP_768_BIT,  get_rfc2409_prime_768,  2},
-       {MODP_1024_BIT, get_rfc2409_prime_1024, 2},
-       {MODP_1536_BIT, get_rfc3526_prime_1536, 2},
-       {MODP_2048_BIT, get_rfc3526_prime_2048, 2},
-       {MODP_3072_BIT, get_rfc3526_prime_3072, 2},
-       {MODP_4096_BIT, get_rfc3526_prime_4096, 2},
-       {MODP_6144_BIT, get_rfc3526_prime_6144, 2},
-       {MODP_8192_BIT, get_rfc3526_prime_8192, 2},
+       {MODP_768_BIT,  get_rfc2409_prime_768,  256, 2},
+       {MODP_1024_BIT, get_rfc2409_prime_1024, 256, 2},
+       {MODP_1536_BIT, get_rfc3526_prime_1536, 256, 2},
+       {MODP_2048_BIT, get_rfc3526_prime_2048, 384, 2},
+       {MODP_3072_BIT, get_rfc3526_prime_3072, 384, 2},
+       {MODP_4096_BIT, get_rfc3526_prime_4096, 512, 2},
+       {MODP_6144_BIT, get_rfc3526_prime_6144, 512, 2},
+       {MODP_8192_BIT, get_rfc3526_prime_8192, 512, 2},
 };
 
 typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
 };
 
 typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
@@ -83,6 +88,11 @@ struct private_openssl_diffie_hellman_t {
         */
        BIGNUM *pub_key;
        
         */
        BIGNUM *pub_key;
        
+       /* 
+        * Optimum length of exponent in bits.
+        */     
+       long opt_exponent_len;
+
        /**
         * Shared secret
         */
        /**
         * Shared secret
         */
@@ -180,6 +190,7 @@ static status_t set_modulus(private_openssl_diffie_hellman_t *this)
                        this->dh->p = modulus_entries[i].get_prime(NULL);
                        this->dh->g = BN_new();
                        BN_set_word(this->dh->g, modulus_entries[i].generator);
                        this->dh->p = modulus_entries[i].get_prime(NULL);
                        this->dh->g = BN_new();
                        BN_set_word(this->dh->g, modulus_entries[i].generator);
+                       this->opt_exponent_len = modulus_entries[i].opt_exponent_len;
                        return SUCCESS;
                }
        }
                        return SUCCESS;
                }
        }
@@ -202,6 +213,7 @@ static void destroy(private_openssl_diffie_hellman_t *this)
  */
 openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group)
 {
  */
 openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group)
 {
+       bool ansi_x9_42;
        private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t);
        
        this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
        private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t);
        
        this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
@@ -217,8 +229,7 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t g
                free(this);
                return NULL;
        }
                free(this);
                return NULL;
        }
-       this->dh->length = DH_EXPONENT_ENTROPY_SIZE;
-       
+
        this->group = group;
        this->computed = FALSE;
        
        this->group = group;
        this->computed = FALSE;
        
@@ -232,12 +243,17 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t g
                return NULL;
        }
        
                return NULL;
        }
        
+       ansi_x9_42 = lib->settings->get_bool(lib->settings,
+                                        "charon.dh_exponent_ansi_x9_42", TRUE);
+       this->dh->length = (ansi_x9_42) ? 0 : this->opt_exponent_len;
+
        /* generate my public and private values */
        if (!DH_generate_key(this->dh))
        {
                destroy(this);
                return NULL;
        }
        /* generate my public and private values */
        if (!DH_generate_key(this->dh))
        {
                destroy(this);
                return NULL;
        }
+       DBG2("size of DH secret exponent: %d bits", BN_num_bits(this->dh->priv_key));
        
        return &this->public;
 }
        
        return &this->public;
 }
index 3260476..4d05ce5 100644 (file)
 #define BUF_LEN 512
 
 /**
 #define BUF_LEN 512
 
 /**
- * Entropy in bits of secret Diffie-Hellman exponents
- */
-#define DH_EXPONENT_ENTROPY_SIZE       512
-
-/**
  * Macro compares two strings for equality
  */
 #define streq(x,y) (strcmp(x, y) == 0)
  * Macro compares two strings for equality
  */
 #define streq(x,y) (strcmp(x, y) == 0)