[Pal/Linux-SGX] Update Diffie-Hellman parameters to use modp3072 group

Signed-off-by: Dmitrii Kuvaiskii <[email protected]>

Pal/src/host/Linux-SGX/enclave_framework.c

@@ -905,8 +905,8 @@ int init_enclave(void) {
 }
 
 int _DkStreamKeyExchange(PAL_HANDLE stream, PAL_SESSION_KEY* key) {
-    uint8_t pub[DH_SIZE]   __attribute__((aligned(DH_SIZE)));
-    uint8_t agree[DH_SIZE] __attribute__((aligned(DH_SIZE)));
+    uint8_t pub[DH_SIZE];
+    uint8_t agree[DH_SIZE];
     PAL_NUM pubsz, agreesz;
     LIB_DH_CONTEXT context;
     int64_t bytes;

common/include/crypto.h

@@ -16,7 +16,7 @@
 #include <unistd.h>
 
 #define SHA256_DIGEST_LEN 32
-#define DH_SIZE           256 /* DH_SIZE is tied to the choice of parameters in mbedtls_dh.c */
+#define DH_SIZE           384 /* DH_SIZE is tied to the choice of parameters in mbedtls_adapter.c */
 
 #ifdef CRYPTO_USE_MBEDTLS
 #define CRYPTO_PROVIDER_SPECIFIED

common/src/crypto/adapters/mbedtls_adapter.c

@@ -435,11 +435,11 @@ int lib_DhInit(LIB_DH_CONTEXT* context) {
     /* Configure parameters. Note that custom Diffie-Hellman parameters are considered more secure,
      * but require more data be exchanged between the two parties to establish the parameters, so we
      * haven't implemented that yet. */
-    ret = mbedtls_mpi_read_string(&context->P, 16 /* radix */, MBEDTLS_DHM_RFC3526_MODP_2048_P);
+    ret = mbedtls_mpi_read_string(&context->P, 16 /* radix */, MBEDTLS_DHM_RFC3526_MODP_3072_P);
     if (ret < 0)
         return mbedtls_to_pal_error(ret);
 
-    ret = mbedtls_mpi_read_string(&context->G, 16 /* radix */, MBEDTLS_DHM_RFC3526_MODP_2048_G);
+    ret = mbedtls_mpi_read_string(&context->G, 16 /* radix */, MBEDTLS_DHM_RFC3526_MODP_3072_G);
     if (ret < 0)
         return mbedtls_to_pal_error(ret);