diff options
author | lloyd <[email protected]> | 2008-09-05 12:26:08 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2008-09-05 12:26:08 +0000 |
commit | 3799322443fcfebe2c3a2a14deb1f3f5d2089cb7 (patch) | |
tree | a2d562f702fbdbbca873b94a3e51d9436a011ffd /src | |
parent | 38ee41884f40e2b473eb23a7f3e6ac2a948e080e (diff) |
Rewrite dl_work_factor using a lookup table with data from RFC 3526,
"More Modular Exponential (MODP) Diffie-Hellman groups for Internet
Key Exchange (IKE)", which removes Botan's dependency on standard math
library (which can be a big deal on embedded systems, and it seemed
silly to have just a single function cause us to pull in potentially
all of libm)
Also this makes the values Botan will pick for exponent sizes more
obvious; previously one would have to run through the computation or
call the function and observe the output.
Diffstat (limited to 'src')
-rw-r--r-- | src/util.cpp | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/src/util.cpp b/src/util.cpp index e340ee7f4..dea0778a1 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -6,7 +6,6 @@ #include <botan/util.h> #include <botan/bit_ops.h> #include <algorithm> -#include <cmath> namespace Botan { @@ -29,23 +28,26 @@ u32bit round_down(u32bit n, u32bit align_to) } /************************************************* -* Return the work required for solving DL * +* Choose the exponent size for a DL group *************************************************/ -u32bit dl_work_factor(u32bit n_bits) +u32bit dl_work_factor(u32bit bits) { - const u32bit MIN_ESTIMATE = 64; - - if(n_bits < 32) - return 0; - - const double log_x = n_bits / 1.44; - - const double strength = - 2.76 * std::pow(log_x, 1.0/3.0) * std::pow(std::log(log_x), 2.0/3.0); - - if(strength > MIN_ESTIMATE) - return static_cast<u32bit>(strength); - return MIN_ESTIMATE; + /* + These values were taken from RFC 3526 + */ + if(bits <= 1536) + return 90; + else if(bits <= 2048) + return 110; + else if(bits <= 3072) + return 130; + else if(bits <= 4096) + return 150; + else if(bits <= 6144) + return 170; + else if(bits <= 8192) + return 190; + return 256; } /************************************************* |