diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-06 01:09:20 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-03-06 01:09:20 +0000 |
commit | 4c4f05e09647ec68becba9664b6b84e643fc0578 (patch) | |
tree | b80be6bceb955898948ef10527b43fc4cf005d8e /kex.c | |
parent | c78a187b1776cb45c07a4a138946f8370ed6e71d (diff) |
- markus@cvs.openbsd.org 2001/03/05 17:17:21
[kex.c kex.h sshconnect2.c sshd.c]
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
Diffstat (limited to 'kex.c')
-rw-r--r-- | kex.c | 26 |
1 files changed, 22 insertions, 4 deletions
@@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.21 2001/02/11 12:59:24 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.22 2001/03/05 17:17:20 markus Exp $"); #include <openssl/crypto.h> #include <openssl/bio.h> @@ -138,15 +138,33 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) } void -dh_gen_key(DH *dh) +dh_gen_key(DH *dh, int need) { - int tries = 0; + int i, bits_set = 0, tries = 0; + if (dh->p == NULL) + fatal("dh_gen_key: dh->p == NULL"); + if (2*need >= BN_num_bits(dh->p)) + fatal("dh_gen_key: group too small: %d (2*need %d)", + BN_num_bits(dh->p), 2*need); do { + if (dh->priv_key != NULL) + BN_free(dh->priv_key); + dh->priv_key = BN_new(); + if (dh->priv_key == NULL) + fatal("dh_gen_key: BN_new failed"); + /* generate a 2*need bits random private exponent */ + if (!BN_rand(dh->priv_key, 2*need, 0, 0)) + fatal("dh_gen_key: BN_rand failed"); if (DH_generate_key(dh) == 0) fatal("DH_generate_key"); + for (i = 0; i <= BN_num_bits(dh->priv_key); i++) + if (BN_is_bit_set(dh->priv_key, i)) + bits_set++; + debug("dh_gen_key: priv key bits set: %d/%d", + bits_set, BN_num_bits(dh->priv_key)); if (tries++ > 10) - fatal("dh_new_group1: too many bad keys: giving up"); + fatal("dh_gen_key: too many bad keys: giving up"); } while (!dh_pub_is_valid(dh, dh->pub_key)); } |