[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_8-54-g5596801
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_8-54-g5596801 |
|
Date: |
Mon, 12 Dec 2011 16:54:21 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=55968012dcefc50590925b4ddcf556f8ca67a8b5
The branch, master has been updated
via 55968012dcefc50590925b4ddcf556f8ca67a8b5 (commit)
via 4b0c8268003bc16a374f7ab567bea29d93e2d081 (commit)
from bd617810e4338294aa0c6b74da81274bae045f10 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 55968012dcefc50590925b4ddcf556f8ca67a8b5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Dec 12 17:46:00 2011 +0100
Diffie Hellman PKCS #3 parameters now contain the recommended private key
size.
By using the recommended key size the calculations for the server side are
reduced, giving a 50% increase in DH calculations.
commit 4b0c8268003bc16a374f7ab567bea29d93e2d081
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Dec 12 17:29:57 2011 +0100
small cleanups.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 +++
lib/auth/anon.c | 2 +-
lib/auth/dh_common.c | 18 +++++++++---------
lib/auth/dh_common.h | 3 ++-
lib/auth/dhe.c | 2 +-
lib/auth/dhe_psk.c | 2 +-
lib/crypto-backend.h | 1 +
lib/gnutls_dh.c | 13 ++++++++-----
lib/gnutls_dh.h | 3 ++-
lib/gnutls_dh_primes.c | 35 ++++++++++++++++++++++++++---------
lib/gnutls_int.h | 2 ++
lib/nettle/mpi.c | 36 ++++++++++++++++++++----------------
src/benchmark-tls.c | 23 +++++++++++++----------
src/benchmark.c | 4 ++--
src/prime.c | 8 +++++---
15 files changed, 96 insertions(+), 59 deletions(-)
diff --git a/NEWS b/NEWS
index 9138d78..cf95e50 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,9 @@ See the end for copying conditions.
it will only list the ciphersuites that are enabled by the given
priority string.
+** libgnutls: Optimizations in Diffie-Hellman parameters generation
+and key exchange.
+
** libgnutls: When session tickets are negotiated and used in a
session, a server will not store that session data into its cache.
diff --git a/lib/auth/anon.c b/lib/auth/anon.c
index 926bab6..49efb49 100644
--- a/lib/auth/anon.c
+++ b/lib/auth/anon.c
@@ -99,7 +99,7 @@ gen_anon_server_kx (gnutls_session_t session,
gnutls_buffer_st* data)
_gnutls_dh_set_group (session, g, p);
- ret = _gnutls_dh_common_print_server_kx (session, g, p, data);
+ ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits,
data);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index 484fe4f..7a93d83 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -129,7 +129,7 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t
session, gnutls_buffer_st*
int ret;
X = gnutls_calc_dh_secret (&x, session->key->client_g,
- session->key->client_p);
+ session->key->client_p, 0);
if (X == NULL || x == NULL)
{
gnutls_assert ();
@@ -283,17 +283,17 @@ _gnutls_proc_dh_common_server_kx (gnutls_session_t
session,
return ret;
}
-/* If the psk flag is set, then an empty psk_identity_hint will
- * be inserted */
int
_gnutls_dh_common_print_server_kx (gnutls_session_t session,
- bigint_t g, bigint_t p, gnutls_buffer_st*
data)
+ bigint_t g, bigint_t p, unsigned int q_bits,
+ gnutls_buffer_st* data)
{
- bigint_t x, X;
+ bigint_t x, Y;
int ret;
- X = gnutls_calc_dh_secret (&x, g, p);
- if (X == NULL || x == NULL)
+ /* Y=g^x mod p */
+ Y = gnutls_calc_dh_secret (&x, g, p, q_bits);
+ if (Y == NULL || x == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
@@ -316,7 +316,7 @@ _gnutls_dh_common_print_server_kx (gnutls_session_t session,
goto cleanup;
}
- ret = _gnutls_buffer_append_mpi(data, 16, X, 0);
+ ret = _gnutls_buffer_append_mpi(data, 16, Y, 0);
if (ret < 0)
{
ret = gnutls_assert_val(ret);
@@ -324,7 +324,7 @@ _gnutls_dh_common_print_server_kx (gnutls_session_t session,
}
cleanup:
- _gnutls_mpi_release (&X);
+ _gnutls_mpi_release (&Y);
return data->length;
}
diff --git a/lib/auth/dh_common.h b/lib/auth/dh_common.h
index 20fc698..2ff976a 100644
--- a/lib/auth/dh_common.h
+++ b/lib/auth/dh_common.h
@@ -42,7 +42,8 @@ int _gnutls_proc_dh_common_client_kx (gnutls_session_t
session,
bigint_t p, bigint_t g,
gnutls_datum_t* psk_key);
int _gnutls_dh_common_print_server_kx (gnutls_session_t, bigint_t g,
- bigint_t p, gnutls_buffer_st* data);
+ bigint_t p, unsigned int q_bits,
+ gnutls_buffer_st* data);
int _gnutls_proc_dh_common_server_kx (gnutls_session_t session, opaque * data,
size_t _data_size);
diff --git a/lib/auth/dhe.c b/lib/auth/dhe.c
index 5e9d5e0..87496af 100644
--- a/lib/auth/dhe.c
+++ b/lib/auth/dhe.c
@@ -168,7 +168,7 @@ gen_dhe_server_kx (gnutls_session_t session,
gnutls_buffer_st* data)
_gnutls_dh_set_group (session, g, p);
- ret = _gnutls_dh_common_print_server_kx (session, g, p, data);
+ ret = _gnutls_dh_common_print_server_kx (session, g, p,
dh_params->q_bits, data);
}
else
{
diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c
index d1417e3..7170c0b 100644
--- a/lib/auth/dhe_psk.c
+++ b/lib/auth/dhe_psk.c
@@ -177,7 +177,7 @@ gen_psk_server_kx (gnutls_session_t session,
gnutls_buffer_st* data)
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_dh_common_print_server_kx (session, g, p, data);
+ ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits,
data);
if (ret < 0)
gnutls_assert ();
diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
index ed89deb..a49b488 100644
--- a/lib/crypto-backend.h
+++ b/lib/crypto-backend.h
@@ -78,6 +78,7 @@
{
bigint_t g; /* group generator */
bigint_t p; /* prime */
+ int q_bits; /* the number of bits of q */
} gnutls_group_st;
/**
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c
index bd46e54..d38856b 100644
--- a/lib/gnutls_dh.c
+++ b/lib/gnutls_dh.c
@@ -47,13 +47,16 @@
/* returns the public value (X), and the secret (ret_x).
*/
bigint_t
-gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t prime)
+gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t prime,
+ unsigned int q_bits)
{
bigint_t e, x = NULL;
- int x_size = _gnutls_mpi_get_nbits (prime) - 1;
- /* The size of the secret key is less than
- * prime/2
- */
+ int x_size;
+
+ if (q_bits == 0)
+ x_size = _gnutls_mpi_get_nbits (prime) - 1;
+ else
+ x_size = q_bits;
if (x_size > MAX_BITS || x_size <= 0)
{
diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h
index 990294e..5b05370 100644
--- a/lib/gnutls_dh.h
+++ b/lib/gnutls_dh.h
@@ -24,7 +24,8 @@
#define GNUTLS_DH_H
const bigint_t *_gnutls_dh_params_to_mpi (gnutls_dh_params_t);
-bigint_t gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t prime);
+bigint_t gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t prime,
+ unsigned int q_bits);
bigint_t gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t prime);
gnutls_dh_params_t
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index c4ea423..f4fac9f 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -197,6 +197,7 @@ gnutls_dh_params_generate2 (gnutls_dh_params_t params,
unsigned int bits)
params->params[0] = group.p;
params->params[1] = group.g;
+ params->q_bits = group.q_bits;
return 0;
}
@@ -223,6 +224,7 @@ gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
{
ASN1_TYPE c2;
int result, need_free = 0;
+ unsigned int q_bits;
gnutls_datum_t _params;
if (format == GNUTLS_X509_FMT_PEM)
@@ -284,6 +286,16 @@ gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
return _gnutls_asn2err (result);
}
+ /* Read q length */
+ result = _gnutls_x509_read_uint (c2, "privateValueLength", &q_bits);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ params->q_bits = 0;
+ }
+ else
+ params->q_bits = q_bits;
+
/* Read PRIME
*/
result = _gnutls_x509_read_int (c2, "prime", ¶ms->params[0]);
@@ -380,6 +392,18 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
return _gnutls_asn2err (result);
}
+ if (params->q_bits > 0)
+ result = _gnutls_x509_write_uint32 (c2, "privateValueLength",
params->q_bits);
+ else
+ result = asn1_write_value (c2, "privateValueLength", NULL, 0);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
/* Write the GENERATOR
*/
if ((result = asn1_write_value (c2, "base",
@@ -393,13 +417,6 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
gnutls_free (all_data);
- if ((result = asn1_write_value (c2, "privateValueLength",
- NULL, 0)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
if (format == GNUTLS_X509_FMT_DER)
{
@@ -492,7 +509,7 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
* @params: Holds the DH parameters
* @prime: will hold the new prime
* @generator: will hold the new generator
- * @bits: if non null will hold is the prime's number of bits
+ * @bits: if non null will hold the secret key's number of bits
*
* This function will export the pair of prime and generator for use
* in the Diffie-Hellman key exchange. The new parameters will be
@@ -531,7 +548,7 @@ gnutls_dh_params_export_raw (gnutls_dh_params_t params,
}
if (bits)
- *bits = _gnutls_mpi_get_nbits (params->params[0]);
+ *bits = params->q_bits;
return 0;
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index d4644d9..5ffbb01 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -586,6 +586,8 @@ typedef struct gnutls_dh_params_int
/* [0] is the prime, [1] is the generator.
*/
bigint_t params[2];
+ int q_bits; /* length of q in bits. If zero then length is unknown.
+ */
} dh_params_st;
typedef struct
diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c
index 292af1d..0ebdcf4 100644
--- a/lib/nettle/mpi.c
+++ b/lib/nettle/mpi.c
@@ -413,9 +413,9 @@ wrap_nettle_prime_check (bigint_t pp)
*
*/
inline static int
-gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits)
+gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits, unsigned int
*q_bits)
{
- mpz_t q, w;
+ mpz_t q, w, r;
unsigned int p_bytes = nbits / 8;
opaque *buffer = NULL;
unsigned int q_bytes, w_bytes, r_bytes, w_bits;
@@ -458,6 +458,7 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int
nbits)
mpz_init (*generator);
mpz_init (q);
mpz_init (w);
+ mpz_init (r);
/* search for a prime. We are not that unlucky so search
* forever.
@@ -519,8 +520,9 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int
nbits)
}
}
+ *q_bits = wrap_nettle_mpi_get_nbits (&q);
_gnutls_debug_log ("Found prime q of %u bits. Looking for generator...\n",
- wrap_nettle_mpi_get_nbits (&q));
+ *q_bits);
/* finally a prime! Let calculate generator
*/
@@ -535,7 +537,7 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int
nbits)
mpz_mul_ui (w, w, 2); /* w = w*2 */
mpz_fdiv_r (w, w, *prime);
-
+
for (;;)
{
ret = _gnutls_rnd (GNUTLS_RND_NONCE, buffer, r_bytes);
@@ -545,11 +547,11 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int
nbits)
return ret;
}
- nettle_mpz_set_str_256_u (q, r_bytes, buffer);
- mpz_fdiv_r (q, q, *prime);
+ nettle_mpz_set_str_256_u (r, r_bytes, buffer);
+ mpz_fdiv_r (r, r, *prime);
/* check if r^w mod n != 1 mod n */
- mpz_powm (*generator, q, w, *prime);
+ mpz_powm (*generator, r, w, *prime);
if (mpz_cmp_ui (*generator, 1) == 0)
continue;
@@ -559,20 +561,20 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int
nbits)
_gnutls_debug_log ("Found generator g of %u bits\n",
wrap_nettle_mpi_get_nbits (generator));
- _gnutls_debug_log ("Prime n is of %u bits\n",
+ _gnutls_debug_log ("Prime n is %u bits\n",
wrap_nettle_mpi_get_nbits (prime));
- mpz_clear (q);
- mpz_clear (w);
- gnutls_free (buffer);
-
- return 0;
+ ret = 0;
+ goto exit;
fail:
- mpz_clear (q);
- mpz_clear (w);
mpz_clear (*prime);
mpz_clear (*generator);
+
+exit:
+ mpz_clear (q);
+ mpz_clear (w);
+ mpz_clear (r);
gnutls_free (buffer);
return ret;
@@ -584,6 +586,7 @@ wrap_nettle_generate_group (gnutls_group_st * group,
unsigned int bits)
int ret;
bigint_t p = wrap_nettle_mpi_new (bits);
bigint_t g;
+ unsigned int q_bits;
if (p == NULL)
{
@@ -599,7 +602,7 @@ wrap_nettle_generate_group (gnutls_group_st * group,
unsigned int bits)
return GNUTLS_E_MEMORY_ERROR;
}
- ret = gen_group (p, g, bits);
+ ret = gen_group (p, g, bits, &q_bits);
if (ret < 0)
{
_gnutls_mpi_release (&g);
@@ -610,6 +613,7 @@ wrap_nettle_generate_group (gnutls_group_st * group,
unsigned int bits)
group->p = p;
group->g = g;
+ group->q_bits = q_bits;
return 0;
}
diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c
index fcb7e56..d2a742d 100644
--- a/src/benchmark-tls.c
+++ b/src/benchmark-tls.c
@@ -55,9 +55,12 @@
#ifdef PARAMS_1024
const char *pkcs3 =
"-----BEGIN DH PARAMETERS-----\n"
- "MIGHAoGBAO6vCrmts43WnDP4CvqPxehgcmGHdf88C56iMUycJWV21nTfdJbqgdM4\n"
- "O0gT1pLG4ODV2OJQuYvkjklcHWCJ2tFdx9e0YVTWts6O9K1psV1JglWbKXvPGIXF\n"
- "KfVmZg5X7GjtvDwFcmzAL9TL9Jduqpr9UTj+g3ZDW5/GHS/A6wbjAgEC\n"
+ "MIIBCwKBgQCsIrA9BK23OUVIwrC4c65YJ2t8bqoGpJpuISjO07lAbWHWa47Kf9/t\n"
+ "F9ckO2AF6Yj1Y7xS+FSCDeoIZsp0LCq3nAP9Ls25fgHrKSMPQBJt2vd5mUdm90Wr\n"
+ "wCK2YjogQ7YVQlovVHsnJWC6Kf0P+OQ4hrihoBCGSj9sGK3wH57m+wKBgH5xlPNR\n"
+ "pI8E2WBNqB6y4sV3eMGRvygScbbFUFFO1ccmNJl5Y5L/O+fP0ZXtmUJVsSvlY0fp\n"
+ "Kcl6k5WCWMY8h6iHlJ9teHmC4s2jifXtaV759kJXdqrGEjRPEku50y3ANzDLzklW\n"
+ "8R7HcSO397vIdouaUt38FbQESnIWOIZqDtq6AgIAnw==\n"
"-----END DH PARAMETERS-----\n";
/* RSA key of 1024 bits */
@@ -98,13 +101,13 @@ static unsigned char server_key_pem[] =
*/
const char *pkcs3 =
"-----BEGIN DH PARAMETERS-----\n"
- "MIIBPgKBnBw2c5yglfuVfHxYAmWQmLfO1K2sEqTY4panDGgf/aF4HGuGcTfy511c\n"
- "d3+/C7SJuMEM9RwKt503qb9pLEHVbZsXLECGVFcX3c5UAkPKKB/zhcmz6facSLn7\n"
- "o8hLC30DQM9IQ26N7BaOGcEgeya+NGGUk7yC+v+tRiCG2OU/0mQTAx4g7OCVBRAn\n"
- "piJ6yW5kNzNJkKKGOnLXzcXbzwKBnA/aNsM6bmYOx5N2iybHQ0/Dltp8s/2Sw9YY\n"
- "oWBZNLJRCHyB1Q+MH1n3GJ7oEqG0/D9i+byA41I/KNvaaZVK+Oai8pvcdDwdrSxW\n"
- "AMbtukYTxc4eGedtDuwHP55+AlRS+daRZQXbq43aFauPgGiwpm0I+EnMhg25owV2\n"
- "jgL3Ag174DhfvwcMsgC1EO1G0gsxjCc4BD5NKdqvJDNaxw==\n"
+ "MIIBQwKBnQDgLx3SqWyHOfGn/03r1tRwf3pByo3C4V1YIjjDQUoIzn82tRMPEKsL\n"
+ "vos7WXjKgF1+S+T5Y9A7XqivGv1XJ1ZmDvewXVRByxjGRZbkoqCPw4Zv0Uyl9pjV\n"
+ "WaR/Y/emZrN51K0zkdFJCzCt3lPlO3UprnYYHkySRpxTJ4ab5iXRFXETA5rJ5WH0\n"
+ "itGpoR5xb2fR1Gmg5kXCNutkZ9cCgZwqJUZwqKIHJ9cYtzvZXFpjZNgF+mRWyiFr\n"
+ "AQooJbFbVX3o2seJZl3mMqaetaLHF+L8anZFQipNgxenzQgEWEv8FubHXStaOnX1\n"
+ "cwjwwxmCUK4lpfCQZtJ1K3os2JCcNaTBUyxAfiXFIYJmO/os0hFhR6a4EjIlkcq0\n"
+ "yDDLN1weTNOpBPstp1WGHZCsKdJZzgfVvYL6er4zVBtBS0cCAgCg\n"
"-----END DH PARAMETERS-----\n";
static unsigned char server_cert_pem[] =
diff --git a/src/benchmark.c b/src/benchmark.c
index 42f821c..a5dabc4 100644
--- a/src/benchmark.c
+++ b/src/benchmark.c
@@ -102,14 +102,14 @@ void start_benchmark(struct benchmark_st * st)
fprintf (stderr, "error: CreateThread %u\n", GetLastError ());
exit(1);
}
- st->alarm_timeout.QuadPart = (5) * 10000000;
+ st->alarm_timeout.QuadPart = (2) * 10000000;
if (SetWaitableTimer (st->wtimer, &st->alarm_timeout, 0, NULL, NULL, FALSE)
== 0)
{
fprintf (stderr, "error: SetWaitableTimer %u\n", GetLastError ());
exit(1);
}
#else
- alarm (5);
+ alarm (2);
#endif
}
diff --git a/src/prime.c b/src/prime.c
index 1113375..0855a8f 100644
--- a/src/prime.c
+++ b/src/prime.c
@@ -48,6 +48,7 @@ generate_prime (int how, common_info_st * info)
gnutls_dh_params_t dh_params;
gnutls_datum_t p, g;
int bits = get_bits (GNUTLS_PK_DH, info->bits, info->sec_param);
+ unsigned int q_bits = 0;
gnutls_dh_params_init (&dh_params);
@@ -69,7 +70,7 @@ generate_prime (int how, common_info_st * info)
exit (1);
}
- ret = gnutls_dh_params_export_raw (dh_params, &p, &g, NULL);
+ ret = gnutls_dh_params_export_raw (dh_params, &p, &g, &q_bits);
if (ret < 0)
{
fprintf (stderr, "Error exporting parameters: %s\n",
@@ -189,8 +190,9 @@ generate_prime (int how, common_info_st * info)
fprintf (outfile, "%.2x", p.data[i]);
}
- fprintf (outfile, "\n\n");
-
+ if (q_bits > 0)
+ fprintf (outfile, "\n\nRecommended key length: %d bits\n", q_bits);
+ fprintf (outfile, "\n");
}
if (!cparams)
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_8-54-g5596801,
Nikos Mavrogiannopoulos <=