From cb50b81a3d7098a864b99832354f9e2cdbbca965 Mon Sep 17 00:00:00 2001 From: Never Date: Mon, 19 Dec 2016 13:32:01 +0100 Subject: Improved DL_Group verification. The group is invalid, if g^q mod p !=1 and increased number of Miller-Rabin iterations, if strong is set (we pass 128 as prob in make_prm.cpp). --- src/lib/pubkey/dl_group/dl_group.cpp | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) (limited to 'src/lib/pubkey/dl_group/dl_group.cpp') diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp index 40660e62a..5ca07eae2 100644 --- a/src/lib/pubkey/dl_group/dl_group.cpp +++ b/src/lib/pubkey/dl_group/dl_group.cpp @@ -12,6 +12,7 @@ #include #include #include +#include namespace Botan { @@ -149,15 +150,28 @@ bool DL_Group::verify_group(RandomNumberGenerator& rng, if(m_g < 2 || m_p < 3 || m_q < 0) return false; - if((m_q != 0) && ((m_p - 1) % m_q != 0)) - return false; - const size_t prob = (strong) ? 56 : 10; + const size_t prob = (strong) ? 128 : 10; + if(m_q != 0) + { + if((m_p - 1) % m_q != 0) + { + return false; + } + if(power_mod(m_g, m_q, m_p) != 1) + { + return false; + } + if(!is_prime(m_q, rng, prob)) + { + return false; + } + } if(!is_prime(m_p, rng, prob)) + { return false; - if((m_q > 0) && !is_prime(m_q, rng, prob)) - return false; + } return true; } -- cgit v1.2.3