Add pk_workfactor CLI and refactor workfactor estimator functions

No reason to duplicate the NFS workfactor estimator twice

2 files changed, 53 insertions, 12 deletions

diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp
index 5a8cfcf44..3af91b722 100644
--- a/src/cli/pubkey.cpp
+++ b/src/cli/pubkey.cpp
@@ -17,6 +17,7 @@
 #include <botan/pk_algs.h>
 #include <botan/pkcs8.h>
 #include <botan/pubkey.h>
+#include <botan/workfactor.h>
 
 #if defined(BOTAN_HAS_DL_GROUP)
    #include <botan/dl_group.h>
@@ -392,6 +393,39 @@ class DL_Group_Info final : public Command
 
 BOTAN_REGISTER_COMMAND("dl_group_info", DL_Group_Info);
 
+class PK_Workfactor final : public Command
+   {
+   public:
+      PK_Workfactor() : Command("pk_workfactor --type=rsa bits") {}
+
+      std::string group() const override
+         {
+         return "pubkey";
+         }
+
+      std::string description() const override
+         {
+         return "Provide estimate of strength of public key based on size";
+         }
+
+      void go() override
+         {
+         const size_t bits = get_arg_sz("bits");
+         const std::string type = get_arg("type");
+
+         if(type == "rsa")
+            output() << Botan::if_work_factor(bits) << "\n";
+         else if(type == "dl")
+            output() << Botan::dl_work_factor(bits) << "\n";
+         else if(type == "dl_exp")
+            output() << Botan::dl_exponent_size(bits) << "\n";
+         else
+            throw CLI_Usage_Error("Unknown type for pk_workfactor");
+         }
+   };
+
+BOTAN_REGISTER_COMMAND("pk_workfactor", PK_Workfactor);
+
 class Gen_DL_Group final : public Command
    {
    public:
diff --git a/src/lib/pubkey/workfactor.cpp b/src/lib/pubkey/workfactor.cpp
index 8be64bef3..71604c06b 100644
--- a/src/lib/pubkey/workfactor.cpp
+++ b/src/lib/pubkey/workfactor.cpp
@@ -16,21 +16,32 @@ size_t ecp_work_factor(size_t bits)
    return bits / 2;
    }
 
-size_t if_work_factor(size_t bits)
-   {
-   // RFC 3766: k * e^((1.92 + o(1)) * cubrt(ln(n) * (ln(ln(n)))^2))
-   // It estimates k at .02 and o(1) to be effectively zero for sizes of interest
-   const double k = .02;
+namespace {
 
-   // approximates natural logarithm of p
+size_t nfs_workfactor(size_t bits, double k)
+   {
+   // approximates natural logarithm of integer of given bitsize
    const double log2_e = std::log2(std::exp(1));
    const double log_p = bits / log2_e;
 
-   const double est = 1.92 * std::pow(log_p * std::log(log_p) * std::log(log_p), 1.0/3.0);
+   const double log_log_p = std::log(log_p);
 
+   // RFC 3766: k * e^((1.92 + o(1)) * cubrt(ln(n) * (ln(ln(n)))^2))
+   const double est = 1.92 * std::pow(log_p * log_log_p * log_log_p, 1.0/3.0);
+
+   // return log2 of the workfactor
    return static_cast<size_t>(std::log2(k) + log2_e * est);
    }
 
+}
+
+size_t if_work_factor(size_t bits)
+   {
+   // RFC 3766 estimates k at .02 and o(1) to be effectively zero for sizes of interest
+
+   return nfs_workfactor(bits, .02);
+   }
+
 size_t dl_work_factor(size_t bits)
    {
    // Lacking better estimates...
@@ -46,12 +57,8 @@ size_t dl_exponent_size(size_t bits)
    (this only matters for very small primes).
    */
    const size_t MIN_WORKFACTOR = 64;
-   const double log2_e = std::log2(std::exp(1));
-   const double log_p = bits / log2_e;
-
-   const double strength = 1.92 * std::pow(log_p, 1.0/3.0) * std::pow(std::log(log_p), 2.0/3.0);
 
-   return 2 * std::max<size_t>(MIN_WORKFACTOR, static_cast<size_t>(log2_e * strength));
+   return 2 * std::max<size_t>(MIN_WORKFACTOR, nfs_workfactor(bits, 1));
    }
 
 }