Skip to content
Snippets Groups Projects
Commit 85e800d8 authored by Martin Nilsson's avatar Martin Nilsson
Browse files

Select DH group based on symmetric key strength.

parent 47456b46
No related branches found
No related tags found
No related merge requests found
...@@ -711,8 +711,33 @@ class KeyExchangeDHE ...@@ -711,8 +711,33 @@ class KeyExchangeDHE
anonymous = 1; anonymous = 1;
struct = ADT.struct(); struct = ADT.struct();
// Default to using MODP Group 24 (2048/256 bits). // NIST SP800-57 5.6.1
dh_state = .Cipher.DHKeyExchange(Crypto.DH.MODPGroup24); // { symmetric key length, p limit, q limit }
constant nist_strength = ({
({ 80, 1024, 160 }),
({ 112, 2048, 224 }),
({ 128, 3072, 256 }),
({ 192, 7680, 384 }),
({ 256, 15360, 511 }),
});
int key_strength = CIPHER_effective_keylengths
[ CIPHER_SUITES[ session->cipher_suite ][1] ];
int target_p, target_q;
foreach(nist_strength, [int key, target_p, target_q])
if( key_strength <= key ) break;
Crypto.DH.Parameters p;
foreach( context->dh_groups, Crypto.DH.Parameters o )
{
if( !p || o->p->size()>p->p->size() ||
(o->p->size()==p->p->size() && o->q->size()>p->q->size()) )
p = o;
if( p->p->size() >= target_p && p->q->size() >= target_q )
break;
}
if(!p) error("No suitable DH group in Context.\n");
dh_state = DHKeyExchange(p);
dh_state->new_secret(context->random); dh_state->new_secret(context->random);
struct->put_bignum(dh_state->parameters->p); struct->put_bignum(dh_state->parameters->p);
......
...@@ -164,6 +164,14 @@ array(int) preferred_suites; ...@@ -164,6 +164,14 @@ array(int) preferred_suites;
//! Supported elliptical curve cipher curves in order of preference. //! Supported elliptical curve cipher curves in order of preference.
array(int) ecc_curves = reverse(sort(indices(ECC_CURVES))); array(int) ecc_curves = reverse(sort(indices(ECC_CURVES)));
//! Supported DH groups for DHE key exchanges, in order of preference.
//! Defaults to MODP Group 24 (2048/256 bits) from RFC 5114 section
//! 2.3.
array(Crypto.DH.Parameters) dh_groups = ({
Crypto.DH.MODPGroup24, // MODP Group 24 (2048/256 bits).
});
//! The set of <hash, signature> combinations to use by us. //! The set of <hash, signature> combinations to use by us.
//! //!
//! Only used with TLS 1.2 and later. //! Only used with TLS 1.2 and later.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment