aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/lib/pubkey/dl_algo/dl_algo.cpp5
-rw-r--r--src/lib/pubkey/dl_group/dl_group.cpp11
-rw-r--r--src/lib/pubkey/dl_group/dl_group.h8
-rw-r--r--src/tests/test_dl_group.cpp5
4 files changed, 25 insertions, 4 deletions
diff --git a/src/lib/pubkey/dl_algo/dl_algo.cpp b/src/lib/pubkey/dl_algo/dl_algo.cpp
index d31f927d7..f9d6178b0 100644
--- a/src/lib/pubkey/dl_algo/dl_algo.cpp
+++ b/src/lib/pubkey/dl_algo/dl_algo.cpp
@@ -7,7 +7,6 @@
#include <botan/dl_algo.h>
#include <botan/numthry.h>
-#include <botan/workfactor.h>
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
@@ -15,12 +14,12 @@ namespace Botan {
size_t DL_Scheme_PublicKey::key_length() const
{
- return m_group.get_p().bits();
+ return m_group.p_bits();
}
size_t DL_Scheme_PublicKey::estimated_strength() const
{
- return dl_work_factor(key_length());
+ return m_group.estimated_strength();
}
AlgorithmIdentifier DL_Scheme_PublicKey::algorithm_identifier() const
diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp
index 7d2ad15e9..a1003f508 100644
--- a/src/lib/pubkey/dl_group/dl_group.cpp
+++ b/src/lib/pubkey/dl_group/dl_group.cpp
@@ -23,7 +23,8 @@ class DL_Group_Data final
m_p(p), m_q(q), m_g(g),
m_mod_p(p),
m_monty(monty_precompute(m_g, m_p, m_mod_p, /*window bits=*/4)),
- m_p_bits(p.bits())
+ m_p_bits(p.bits()),
+ m_estimated_strength(dl_work_factor(m_p_bits))
{}
~DL_Group_Data() = default;
@@ -45,6 +46,8 @@ class DL_Group_Data final
size_t p_bits() const { return m_p_bits; }
size_t p_bytes() const { return (m_p_bits + 7) / 8; }
+ size_t estimated_strength() const { return m_estimated_strength; }
+
BigInt power_g_p(const BigInt& k) const { return monty_execute(*m_monty, k); }
private:
@@ -54,6 +57,7 @@ class DL_Group_Data final
Modular_Reducer m_mod_p;
std::shared_ptr<const Montgomery_Exponentation_State> m_monty;
size_t m_p_bits;
+ size_t m_estimated_strength;
};
//static
@@ -394,6 +398,11 @@ size_t DL_Group::p_bytes() const
return data().p_bytes();
}
+size_t DL_Group::estimated_strength() const
+ {
+ return data().estimated_strength();
+ }
+
BigInt DL_Group::inverse_mod_p(const BigInt& x) const
{
// precompute??
diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h
index b9a7bb992..a3dcfbdf0 100644
--- a/src/lib/pubkey/dl_group/dl_group.h
+++ b/src/lib/pubkey/dl_group/dl_group.h
@@ -199,6 +199,14 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final
size_t p_bytes() const;
/**
+ * Return an estimate of the strength of this group against
+ * discrete logarithm attacks (eg NFS). Warning: since this only
+ * takes into account known attacks it is by necessity an
+ * overestimate of the actual strength.
+ */
+ size_t estimated_strength() const;
+
+ /**
* Decode a DER/BER encoded group into this instance.
* @param ber a vector containing the DER/BER encoded group
* @param format the format of the encoded group
diff --git a/src/tests/test_dl_group.cpp b/src/tests/test_dl_group.cpp
index 36ae02531..c513bcd55 100644
--- a/src/tests/test_dl_group.cpp
+++ b/src/tests/test_dl_group.cpp
@@ -195,6 +195,11 @@ class DL_Group_Tests final : public Test
result.test_ne("DL_Group p is set", group.get_p(), 0);
result.test_ne("DL_Group g is set", group.get_g(), 0);
+ const size_t strength = group.estimated_strength();
+
+ // 8192 bit ~~ 2**202 strength
+ result.confirm("Plausible strength", strength >= 80 && strength < 210);
+
if(name.find("modp/srp/") == std::string::npos)
{
result.test_ne("DL_Group q is set", group.get_q(), 0);