size_t modulus_len;
/*
+ * Optimum length of exponent in bytes.
+ */
+ size_t opt_exponent_len;
+
+ /*
* Generator value.
*/
u_int16_t generator;
};
/**
- * All supported modulus values.
+ * All supported modulus values - optimum exponent size according to RFC 3526.
*/
static modulus_entry_t modulus_entries[] = {
- {MODP_768_BIT, group1_modulus, sizeof(group1_modulus), 2},
- {MODP_1024_BIT, group2_modulus, sizeof(group2_modulus), 2},
- {MODP_1536_BIT, group5_modulus, sizeof(group5_modulus), 2},
- {MODP_2048_BIT, group14_modulus, sizeof(group14_modulus), 2},
- {MODP_3072_BIT, group15_modulus, sizeof(group15_modulus), 2},
- {MODP_4096_BIT, group16_modulus, sizeof(group16_modulus), 2},
- {MODP_6144_BIT, group17_modulus, sizeof(group17_modulus), 2},
- {MODP_8192_BIT, group18_modulus, sizeof(group18_modulus), 2},
+ {MODP_768_BIT, group1_modulus, sizeof(group1_modulus), 32, 2},
+ {MODP_1024_BIT, group2_modulus, sizeof(group2_modulus), 32, 2},
+ {MODP_1536_BIT, group5_modulus, sizeof(group5_modulus), 32, 2},
+ {MODP_2048_BIT, group14_modulus, sizeof(group14_modulus), 48, 2},
+ {MODP_3072_BIT, group15_modulus, sizeof(group15_modulus), 48, 2},
+ {MODP_4096_BIT, group16_modulus, sizeof(group16_modulus), 64, 2},
+ {MODP_6144_BIT, group17_modulus, sizeof(group17_modulus), 64, 2},
+ {MODP_8192_BIT, group18_modulus, sizeof(group18_modulus), 64, 2},
};
typedef struct private_gmp_diffie_hellman_t private_gmp_diffie_hellman_t;
size_t p_len;
/**
+ * Optimal exponent length.
+ */
+ size_t opt_exponent_len;
+
+ /**
* True if shared secret is computed and stored in my_public_value.
*/
bool computed;
chunk.len = modulus_entries[i].modulus_len;
mpz_import(this->p, chunk.len, 1, 1, 1, 0, chunk.ptr);
this->p_len = chunk.len;
+ this->opt_exponent_len = modulus_entries[i].opt_exponent_len;
mpz_set_ui(this->g, modulus_entries[i].generator);
status = SUCCESS;
break;
private_gmp_diffie_hellman_t *this = malloc_thing(private_gmp_diffie_hellman_t);
rng_t *rng;
chunk_t random;
+ bool ansi_x9_42;
+ size_t exponent_len;
/* public functions */
this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
destroy(this);
return NULL;
}
- rng->allocate_bytes(rng, DH_EXPONENT_ENTROPY_SIZE / BITS_PER_BYTE, &random);
+
+ ansi_x9_42 = lib->settings->get_int(lib->settings,
+ "charon.dh_exponent_ansi_x9_42", TRUE);
+ exponent_len = (ansi_x9_42) ? this->p_len : this->opt_exponent_len;
+ rng->allocate_bytes(rng, exponent_len, &random);
rng->destroy(rng);
+
+ if (ansi_x9_42)
+ {
+ /* achieve bitsof(p)-1 by setting MSB to 0 */
+ *random.ptr &= 0x7F;
+ }
mpz_import(this->xa, random.len, 1, 1, 1, 0, random.ptr);
chunk_free(&random);
-
+ DBG2("size of DH secret exponent: %u bits", mpz_sizeinbase(this->xa, 2));
+
mpz_powm(this->ya, this->g, this->xa, this->p);
return &this->public;
BIGNUM *(*get_prime)(BIGNUM *bn);
/*
+ * Optimum length of exponent in bits.
+ */
+ long opt_exponent_len;
+
+ /*
* Generator value.
*/
u_int16_t generator;
};
/**
- * All supported modulus values.
+ * All supported modulus values - optimum exponent size according to RFC 3526.
*/
static modulus_entry_t modulus_entries[] = {
- {MODP_768_BIT, get_rfc2409_prime_768, 2},
- {MODP_1024_BIT, get_rfc2409_prime_1024, 2},
- {MODP_1536_BIT, get_rfc3526_prime_1536, 2},
- {MODP_2048_BIT, get_rfc3526_prime_2048, 2},
- {MODP_3072_BIT, get_rfc3526_prime_3072, 2},
- {MODP_4096_BIT, get_rfc3526_prime_4096, 2},
- {MODP_6144_BIT, get_rfc3526_prime_6144, 2},
- {MODP_8192_BIT, get_rfc3526_prime_8192, 2},
+ {MODP_768_BIT, get_rfc2409_prime_768, 256, 2},
+ {MODP_1024_BIT, get_rfc2409_prime_1024, 256, 2},
+ {MODP_1536_BIT, get_rfc3526_prime_1536, 256, 2},
+ {MODP_2048_BIT, get_rfc3526_prime_2048, 384, 2},
+ {MODP_3072_BIT, get_rfc3526_prime_3072, 384, 2},
+ {MODP_4096_BIT, get_rfc3526_prime_4096, 512, 2},
+ {MODP_6144_BIT, get_rfc3526_prime_6144, 512, 2},
+ {MODP_8192_BIT, get_rfc3526_prime_8192, 512, 2},
};
typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
*/
BIGNUM *pub_key;
+ /*
+ * Optimum length of exponent in bits.
+ */
+ long opt_exponent_len;
+
/**
* Shared secret
*/
this->dh->p = modulus_entries[i].get_prime(NULL);
this->dh->g = BN_new();
BN_set_word(this->dh->g, modulus_entries[i].generator);
+ this->opt_exponent_len = modulus_entries[i].opt_exponent_len;
return SUCCESS;
}
}
*/
openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group)
{
+ bool ansi_x9_42;
private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t);
this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
free(this);
return NULL;
}
- this->dh->length = DH_EXPONENT_ENTROPY_SIZE;
-
+
this->group = group;
this->computed = FALSE;
return NULL;
}
+ ansi_x9_42 = lib->settings->get_bool(lib->settings,
+ "charon.dh_exponent_ansi_x9_42", TRUE);
+ this->dh->length = (ansi_x9_42) ? 0 : this->opt_exponent_len;
+
/* generate my public and private values */
if (!DH_generate_key(this->dh))
{
destroy(this);
return NULL;
}
+ DBG2("size of DH secret exponent: %d bits", BN_num_bits(this->dh->priv_key));
return &this->public;
}
projects / strongswan.git / commitdiff