Bug 596692 and bug 636802: Increase max RSA and DH key sizes to 16K bits.

Adjust DH secret key size to group size. r=rrelyea. Modified Files: blapit.h dh.c git-svn-id: svn://10.0.0.236/trunk@263945 18797224-902f-48f8-a5cc-f745e15eee43
2012-06-14 18:55:10 +00:00 · 2012-06-14 18:55:10 +00:00 · 080cf669c8
commit 080cf669c8
parent 96a98d75c5
2 changed files with 26 additions and 6 deletions
--- a/mozilla/security/nss/lib/freebl/blapit.h
+++ b/mozilla/security/nss/lib/freebl/blapit.h
@ -4,7 +4,7 @@
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: blapit.h,v 1.28 2012-06-12 16:39:00 rrelyea%redhat.com Exp $ */
+/* $Id: blapit.h,v 1.29 2012-06-14 18:55:10 wtc%google.com Exp $ */

 #ifndef _BLAPIT_H_
 #define _BLAPIT_H_
@ -129,10 +129,10 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
 * module. They may be arbitrarily adjusted to any value freebl supports.
 */
 #define RSA_MIN_MODULUS_BITS   128
-#define RSA_MAX_MODULUS_BITS  8192
+#define RSA_MAX_MODULUS_BITS 16384
 #define RSA_MAX_EXPONENT_BITS   64
 #define DH_MIN_P_BITS	       128
-#define DH_MAX_P_BITS         3072
+#define DH_MAX_P_BITS        16384

 /*
 * The FIPS 186-1 algorithm for generating primes P and Q allows only 9
--- a/mozilla/security/nss/lib/freebl/dh.c
+++ b/mozilla/security/nss/lib/freebl/dh.c
@ -6,7 +6,7 @@
 * Diffie-Hellman parameter generation, key generation, and secret derivation.
 * KEA secret generation and verification.
 *
- * $Id: dh.c,v 1.11 2012-04-25 14:49:43 gerv%gerv.net Exp $
+ * $Id: dh.c,v 1.12 2012-06-14 18:55:10 wtc%google.com Exp $
 */
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
@ -21,9 +21,28 @@
 #include "mpprime.h"
 #include "secmpi.h"

-#define DH_SECRET_KEY_LEN      20
 #define KEA_DERIVED_SECRET_LEN 128

+/* Lengths are in bytes. */
+static unsigned int
+dh_GetSecretKeyLen(unsigned int primeLen)
+{
+    /* Based on Table 2 in NIST SP 800-57. */
+    if (primeLen >= 1920) { /* 15360 bits */
+        return 64;  /* 512 bits */
+    }
+    if (primeLen >= 960) { /* 7680 bits */
+        return 48;  /* 384 bits */
+    }
+    if (primeLen >= 384) { /* 3072 bits */
+        return 32;  /* 256 bits */
+    }
+    if (primeLen >= 256) { /* 2048 bits */
+        return 28;  /* 224 bits */
+    }
+    return 20;  /* 160 bits */
+}
+
 SECStatus 
 DH_GenParam(int primeLen, DHParams **params)
 {
@ -154,7 +173,8 @@ DH_NewKey(DHParams *params, DHPrivateKey **privKey)
    CHECK_SEC_OK( SECITEM_CopyItem(arena, &key->base, &params->base) );
    SECITEM_TO_MPINT(key->base, &g);
    /* Generate private key xa */
-    SECITEM_AllocItem(arena, &key->privateValue, DH_SECRET_KEY_LEN);
+    SECITEM_AllocItem(arena, &key->privateValue,
+                      dh_GetSecretKeyLen(params->prime.len));
    RNG_GenerateGlobalRandomBytes(key->privateValue.data, 
                                  key->privateValue.len);
    SECITEM_TO_MPINT( key->privateValue, &xa );