aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2008-09-05 12:26:08 +0000
committerlloyd <[email protected]>2008-09-05 12:26:08 +0000
commit3799322443fcfebe2c3a2a14deb1f3f5d2089cb7 (patch)
treea2d562f702fbdbbca873b94a3e51d9436a011ffd /src
parent38ee41884f40e2b473eb23a7f3e6ac2a948e080e (diff)
Rewrite dl_work_factor using a lookup table with data from RFC 3526,
"More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)", which removes Botan's dependency on standard math library (which can be a big deal on embedded systems, and it seemed silly to have just a single function cause us to pull in potentially all of libm) Also this makes the values Botan will pick for exponent sizes more obvious; previously one would have to run through the computation or call the function and observe the output.
Diffstat (limited to 'src')
-rw-r--r--src/util.cpp34
1 files changed, 18 insertions, 16 deletions
diff --git a/src/util.cpp b/src/util.cpp
index e340ee7f4..dea0778a1 100644
--- a/src/util.cpp
+++ b/src/util.cpp
@@ -6,7 +6,6 @@
#include <botan/util.h>
#include <botan/bit_ops.h>
#include <algorithm>
-#include <cmath>
namespace Botan {
@@ -29,23 +28,26 @@ u32bit round_down(u32bit n, u32bit align_to)
}
/*************************************************
-* Return the work required for solving DL *
+* Choose the exponent size for a DL group
*************************************************/
-u32bit dl_work_factor(u32bit n_bits)
+u32bit dl_work_factor(u32bit bits)
{
- const u32bit MIN_ESTIMATE = 64;
-
- if(n_bits < 32)
- return 0;
-
- const double log_x = n_bits / 1.44;
-
- const double strength =
- 2.76 * std::pow(log_x, 1.0/3.0) * std::pow(std::log(log_x), 2.0/3.0);
-
- if(strength > MIN_ESTIMATE)
- return static_cast<u32bit>(strength);
- return MIN_ESTIMATE;
+ /*
+ These values were taken from RFC 3526
+ */
+ if(bits <= 1536)
+ return 90;
+ else if(bits <= 2048)
+ return 110;
+ else if(bits <= 3072)
+ return 130;
+ else if(bits <= 4096)
+ return 150;
+ else if(bits <= 6144)
+ return 170;
+ else if(bits <= 8192)
+ return 190;
+ return 256;
}
/*************************************************