diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-12-12 17:46:00 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-12-12 17:55:44 +0100 |
commit | 55968012dcefc50590925b4ddcf556f8ca67a8b5 (patch) | |
tree | f00cabefcf030c9703f8fa0c4f20b04836b0c3a2 /lib/auth | |
parent | 4b0c8268003bc16a374f7ab567bea29d93e2d081 (diff) | |
download | gnutls-55968012dcefc50590925b4ddcf556f8ca67a8b5.tar.gz |
Diffie Hellman PKCS #3 parameters now contain the recommended private key size.
By using the recommended key size the calculations for the server side are
reduced, giving a 50% increase in DH calculations.
Diffstat (limited to 'lib/auth')
-rw-r--r-- | lib/auth/anon.c | 2 | ||||
-rw-r--r-- | lib/auth/dh_common.c | 18 | ||||
-rw-r--r-- | lib/auth/dh_common.h | 3 | ||||
-rw-r--r-- | lib/auth/dhe.c | 2 | ||||
-rw-r--r-- | lib/auth/dhe_psk.c | 2 |
5 files changed, 14 insertions, 13 deletions
diff --git a/lib/auth/anon.c b/lib/auth/anon.c index 926bab650a..49efb497c6 100644 --- a/lib/auth/anon.c +++ b/lib/auth/anon.c @@ -99,7 +99,7 @@ gen_anon_server_kx (gnutls_session_t session, gnutls_buffer_st* data) _gnutls_dh_set_group (session, g, p); - ret = _gnutls_dh_common_print_server_kx (session, g, p, data); + ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits, data); if (ret < 0) { gnutls_assert (); diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index 484fe4fceb..7a93d83789 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -129,7 +129,7 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, gnutls_buffer_st* int ret; X = gnutls_calc_dh_secret (&x, session->key->client_g, - session->key->client_p); + session->key->client_p, 0); if (X == NULL || x == NULL) { gnutls_assert (); @@ -283,17 +283,17 @@ _gnutls_proc_dh_common_server_kx (gnutls_session_t session, return ret; } -/* If the psk flag is set, then an empty psk_identity_hint will - * be inserted */ int _gnutls_dh_common_print_server_kx (gnutls_session_t session, - bigint_t g, bigint_t p, gnutls_buffer_st* data) + bigint_t g, bigint_t p, unsigned int q_bits, + gnutls_buffer_st* data) { - bigint_t x, X; + bigint_t x, Y; int ret; - X = gnutls_calc_dh_secret (&x, g, p); - if (X == NULL || x == NULL) + /* Y=g^x mod p */ + Y = gnutls_calc_dh_secret (&x, g, p, q_bits); + if (Y == NULL || x == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; @@ -316,7 +316,7 @@ _gnutls_dh_common_print_server_kx (gnutls_session_t session, goto cleanup; } - ret = _gnutls_buffer_append_mpi(data, 16, X, 0); + ret = _gnutls_buffer_append_mpi(data, 16, Y, 0); if (ret < 0) { ret = gnutls_assert_val(ret); @@ -324,7 +324,7 @@ _gnutls_dh_common_print_server_kx (gnutls_session_t session, } cleanup: - _gnutls_mpi_release (&X); + _gnutls_mpi_release (&Y); return data->length; } diff --git a/lib/auth/dh_common.h b/lib/auth/dh_common.h index 20fc6983db..2ff976a9a4 100644 --- a/lib/auth/dh_common.h +++ b/lib/auth/dh_common.h @@ -42,7 +42,8 @@ int _gnutls_proc_dh_common_client_kx (gnutls_session_t session, bigint_t p, bigint_t g, gnutls_datum_t* psk_key); int _gnutls_dh_common_print_server_kx (gnutls_session_t, bigint_t g, - bigint_t p, gnutls_buffer_st* data); + bigint_t p, unsigned int q_bits, + gnutls_buffer_st* data); int _gnutls_proc_dh_common_server_kx (gnutls_session_t session, opaque * data, size_t _data_size); diff --git a/lib/auth/dhe.c b/lib/auth/dhe.c index 5e9d5e0a17..87496af17d 100644 --- a/lib/auth/dhe.c +++ b/lib/auth/dhe.c @@ -168,7 +168,7 @@ gen_dhe_server_kx (gnutls_session_t session, gnutls_buffer_st* data) _gnutls_dh_set_group (session, g, p); - ret = _gnutls_dh_common_print_server_kx (session, g, p, data); + ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits, data); } else { diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c index d1417e34de..7170c0b11c 100644 --- a/lib/auth/dhe_psk.c +++ b/lib/auth/dhe_psk.c @@ -177,7 +177,7 @@ gen_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data) if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_dh_common_print_server_kx (session, g, p, data); + ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits, data); if (ret < 0) gnutls_assert (); |