1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
2 /* SPDX-License-Identifier: Unlicense */
3 
4 #include "tomcrypt_private.h"
5 
6 #ifdef LTC_MDH
7 
s_dh_groupsize_to_keysize(int groupsize)8 static int s_dh_groupsize_to_keysize(int groupsize)
9 {
10    /* The strength estimates from https://tools.ietf.org/html/rfc3526#section-8
11     * We use "Estimate 2" to get an appropriate private key (exponent) size.
12     */
13    if (groupsize <= 0) {
14       return 0;
15    }
16    if (groupsize <= 192) {
17       return 30;     /* 1536-bit => key size 240-bit */
18    }
19    if (groupsize <= 256) {
20       return 40;     /* 2048-bit => key size 320-bit */
21    }
22    if (groupsize <= 384) {
23       return 52;     /* 3072-bit => key size 416-bit */
24    }
25    if (groupsize <= 512) {
26       return 60;     /* 4096-bit => key size 480-bit */
27    }
28    if (groupsize <= 768) {
29       return 67;     /* 6144-bit => key size 536-bit */
30    }
31    if (groupsize <= 1024) {
32       return 77;     /* 8192-bit => key size 616-bit */
33    }
34    return 0;
35 }
36 
dh_generate_key(prng_state * prng,int wprng,dh_key * key)37 int dh_generate_key(prng_state *prng, int wprng, dh_key *key)
38 {
39    unsigned char *buf;
40    unsigned long keysize;
41    int err, max_iterations = LTC_PK_MAX_RETRIES;
42 
43    LTC_ARGCHK(key         != NULL);
44    LTC_ARGCHK(ltc_mp.name != NULL);
45 
46    /* good prng? */
47    if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
48       return err;
49    }
50 
51    keysize = s_dh_groupsize_to_keysize(mp_unsigned_bin_size(key->prime));
52    if (keysize == 0) {
53       err = CRYPT_INVALID_KEYSIZE;
54       goto freemp;
55    }
56 
57    /* allocate buffer */
58    buf = XMALLOC(keysize);
59    if (buf == NULL) {
60       err = CRYPT_MEM;
61       goto freemp;
62    }
63 
64    key->type = PK_PRIVATE;
65    do {
66       /* make up random buf */
67       if (prng_descriptor[wprng]->read(buf, keysize, prng) != keysize) {
68          err = CRYPT_ERROR_READPRNG;
69          goto freebuf;
70       }
71       /* load the x value - private key */
72       if ((err = mp_read_unsigned_bin(key->x, buf, keysize)) != CRYPT_OK) {
73          goto freebuf;
74       }
75       /* compute the y value - public key */
76       if ((err = mp_exptmod(key->base, key->x, key->prime, key->y)) != CRYPT_OK) {
77          goto freebuf;
78       }
79       err = dh_check_pubkey(key);
80    } while (err != CRYPT_OK && max_iterations-- > 0);
81 
82 freebuf:
83    zeromem(buf, keysize);
84    XFREE(buf);
85 freemp:
86    if (err != CRYPT_OK) dh_free(key);
87    return err;
88 }
89 
90 #endif /* LTC_MDH */
91