Use just 256 bits of secret exponent (recomended value in RFC 5054).

Much faster, especially when using 8192 bit groups as OpenSSL does by default. Use BOTAN_DLL symbol visibility macros.
author: lloyd <[email protected]> 2012-04-06 15:54:22 +0000
committer: lloyd <[email protected]> 2012-04-06 15:54:22 +0000
commit: 757bf5016ad880961ee3a42f99b7bf2e99ec692a (patch)
tree: c957d9dfb836e00e5c60bf479679fa9eea21eff9 /src
parent: cdde9a171e3fcb164e7946c198ba4d8f9ef486fb (diff)
4 files changed, 22 insertions, 21 deletions
diff --git a/src/constructs/srp6/srp6.cpp b/src/constructs/srp6/srp6.cpp
index cb9bf27bc..0dfe2104b 100644
--- a/src/constructs/srp6/srp6.cpp
+++ b/src/constructs/srp6/srp6.cpp
@@ -1,6 +1,6 @@
 /*
-* SRP-6a
-* (C) 2011 Jack Lloyd
+* SRP-6a (RFC 5054 compatatible)
+* (C) 2011,2012 Jack Lloyd
 *
 * Distributed under the terms of the Botan license
 */
@@ -112,7 +112,7 @@ srp6_client_agree(const std::string& identifier,
 
    BigInt k = hash_seq(hash_id, p_bytes, p, g);
 
-   BigInt a(rng, p.bits() - 1);
+   BigInt a(rng, 256);
 
    BigInt A = power_mod(g, a, p);
 
@@ -152,7 +152,7 @@ BigInt SRP6_Server_Session::step1(const BigInt& v,
 
    BigInt k = hash_seq(hash_id, p_bytes, p, g);
 
-   BigInt b(rng, p.bits() - 1);
+   BigInt b(rng, 256);
 
    B = (v*k + power_mod(g, b, p)) % p;
 
diff --git a/src/constructs/srp6/srp6.h b/src/constructs/srp6/srp6.h
index bf5cb4863..4fd127c70 100644
--- a/src/constructs/srp6/srp6.h
+++ b/src/constructs/srp6/srp6.h
@@ -1,6 +1,6 @@
 /*
 * SRP-6a (RFC 5054 compatatible)
-* (C) 2011 Jack Lloyd
+* (C) 2011,2012 Jack Lloyd
 *
 * Distributed under the terms of the Botan license
 */
@@ -28,13 +28,14 @@ namespace Botan {
 *
 * @return (A,K) the client public key and the shared secret key
 */
-std::pair<BigInt,SymmetricKey> srp6_client_agree(const std::string& username,
-                                                 const std::string& password,
-                                                 const std::string& group_id,
-                                                 const std::string& hash_id,
-                                                 const MemoryRegion<byte>& salt,
-                                                 const BigInt& B,
-                                                 RandomNumberGenerator& rng);
+std::pair<BigInt,SymmetricKey>
+BOTAN_DLL srp6_client_agree(const std::string& username,
+                            const std::string& password,
+                            const std::string& group_id,
+                            const std::string& hash_id,
+                            const MemoryRegion<byte>& salt,
+                            const BigInt& B,
+                            RandomNumberGenerator& rng);
 
 /**
 * Generate a new SRP-6 verifier
@@ -42,17 +43,17 @@ std::pair<BigInt,SymmetricKey> srp6_client_agree(const std::string& username,
 * @param password the secret used to authenticate user
 * @param salt a randomly chosen value, at least 128 bits long
 */
-BigInt generate_srp6_verifier(const std::string& identifier,
-                              const std::string& password,
-                              const MemoryRegion<byte>& salt,
-                              const std::string& group_id,
-                              const std::string& hash_id);
+BigInt BOTAN_DLL generate_srp6_verifier(const std::string& identifier,
+                                        const std::string& password,
+                                        const MemoryRegion<byte>& salt,
+                                        const std::string& group_id,
+                                        const std::string& hash_id);
 
 /**
 * Return the group id for this SRP param set, or else thrown an
 * exception
 */
-std::string srp6_group_identifier(const BigInt& N, const BigInt& g);
+std::string BOTAN_DLL srp6_group_identifier(const BigInt& N, const BigInt& g);
 
 /**
 * Represents a SRP-6a server session
diff --git a/src/constructs/srp6/srp6_files.cpp b/src/constructs/srp6/srp6_files.cpp
index 2d685614f..bc321745f 100644
--- a/src/constructs/srp6/srp6_files.cpp
+++ b/src/constructs/srp6/srp6_files.cpp
@@ -51,7 +51,7 @@ SRP6_Authenticator_File::SRP6_Authenticator_File(const std::string& filename)
 
 bool SRP6_Authenticator_File::lookup_user(const std::string& username,
                                           BigInt& v,
-                                          MemoryVector<byte>& salt,
+                                          MemoryRegion<byte>& salt,
                                           std::string& group_id) const
    {
    std::map<std::string, SRP6_Data>::const_iterator i = entries.find(username);
diff --git a/src/constructs/srp6/srp6_files.h b/src/constructs/srp6/srp6_files.h
index 1def0fd51..4e3293423 100644
--- a/src/constructs/srp6/srp6_files.h
+++ b/src/constructs/srp6/srp6_files.h
@@ -17,7 +17,7 @@ namespace Botan {
 /**
 * A GnuTLS compatible SRP6 authenticator file
 */
-class SRP6_Authenticator_File
+class BOTAN_DLL SRP6_Authenticator_File
    {
    public:
       /**
@@ -28,7 +28,7 @@ class SRP6_Authenticator_File
 
       bool lookup_user(const std::string& username,
                        BigInt& v,
-                       MemoryVector<byte>& salt,
+                       MemoryRegion<byte>& salt,
                        std::string& group_id) const;
    private:
       struct SRP6_Data
author	lloyd <[email protected]>	2012-04-06 15:54:22 +0000
committer	lloyd <[email protected]>	2012-04-06 15:54:22 +0000
commit	757bf5016ad880961ee3a42f99b7bf2e99ec692a (patch)
tree	c957d9dfb836e00e5c60bf479679fa9eea21eff9 /src
parent	cdde9a171e3fcb164e7946c198ba4d8f9ef486fb (diff)