#include "dh_local.h"
#include "crypto/bn.h"
#include "crypto/dh.h"
+#include "crypto/security_bits.h"
+
+#ifdef FIPS_MODE
+# define MIN_STRENGTH 112
+#else
+# define MIN_STRENGTH 80
+#endif
static int generate_key(DH *dh);
static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
if (generate_new_key) {
/* Is it an approved safe prime ?*/
if (DH_get_nid(dh) != NID_undef) {
- /*
- * The safe prime group code sets N = 2*s
- * (where s = max security strength supported).
- * N = dh->length (N = maximum bit length of private key)
- */
- if (dh->length == 0
- || dh->params.q == NULL
+ int max_strength =
+ ifc_ffc_compute_security_bits(BN_num_bits(dh->params.p));
+
+ if (dh->params.q == NULL
|| dh->length > BN_num_bits(dh->params.q))
goto err;
+ /* dh->length = maximum bit length of generated private key */
if (!ffc_generate_private_key(ctx, &dh->params, dh->length,
- dh->length / 2, priv_key))
+ max_strength, priv_key))
goto err;
} else {
#ifdef FIPS_MODE
* Max Private key size N = len(q)
*/
if (!ffc_generate_private_key(ctx, &dh->params,
- BN_num_bits(dh->params.q), 112,
+ BN_num_bits(dh->params.q),
+ MIN_STRENGTH,
priv_key))
goto err;
}