updated
[gnutls.git] / src / dh.c
blob88845bf2317d99f6e199308e27f1236c966eec1e
1 /*
2 * Copyright (C) 2001-2012 Free Software Foundation, Inc.
4 * This file is part of GnuTLS.
6 * GnuTLS is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuTLS is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see
18 * <http://www.gnu.org/licenses/>.
21 #include <config.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <gnutls/gnutls.h>
28 #include <read-file.h>
29 #include <certtool-common.h>
31 /* Generates Diffie-Hellman parameters (a prime and a generator
32 * of the group). Exports them in PKCS #3 format. Used by certtool.
35 extern FILE *outfile;
36 extern FILE *infile;
38 static void
39 print_dh_info (gnutls_datum_t * p, gnutls_datum_t * g, unsigned int q_bits)
41 unsigned int i;
43 fprintf (outfile, "\nGenerator (%d bits): ", g->size*8);
45 for (i = 0; i < g->size; i++)
47 if (i != 0 && i % 12 == 0)
48 fprintf (outfile, "\n\t");
49 else if (i != 0 && i != g->size)
50 fprintf (outfile, ":");
52 fprintf (outfile, "%.2x", g->data[i]);
55 fprintf (outfile, "\n\n");
57 /* print prime */
59 fprintf (outfile, "Prime (%d bits):", p->size*8);
61 for (i = 0; i < p->size; i++)
63 if (i % 12 == 0)
64 fprintf (outfile, "\n\t");
65 else if (i != 0 && i != p->size)
66 fprintf (outfile, ":");
67 fprintf (outfile, "%.2x", p->data[i]);
70 if (q_bits > 0)
71 fprintf (outfile, "\n\nRecommended key length: %d bits\n", q_bits);
72 fprintf (outfile, "\n");
76 void dh_info (common_info_st * ci)
78 gnutls_datum_t params;
79 size_t size;
80 int ret;
81 gnutls_dh_params_t dh_params;
82 gnutls_datum_t p, g;
83 unsigned int q_bits = 0;
85 if (gnutls_dh_params_init (&dh_params) < 0)
87 fprintf (stderr, "Error in dh parameter initialization\n");
88 exit (1);
91 params.data = (void*)fread_file (infile, &size);
92 params.size = size;
94 ret =
95 gnutls_dh_params_import_pkcs3 (dh_params, &params, GNUTLS_X509_FMT_PEM);
96 if (ret < 0)
98 fprintf (stderr, "Error parsing dh params: %s\n", gnutls_strerror (ret));
99 exit (1);
102 ret = gnutls_dh_params_export_raw (dh_params, &p, &g, &q_bits);
103 if (ret < 0)
105 fprintf (stderr, "Error exporting parameters: %s\n",
106 gnutls_strerror (ret));
107 exit (1);
110 print_dh_info (&p, &g, q_bits);
112 { /* generate a PKCS#3 structure */
113 size_t len = buffer_size;
115 ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
116 buffer, &len);
118 if (ret == 0)
120 fprintf (outfile, "\n%s", buffer);
122 else
124 fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
129 gnutls_dh_params_deinit(dh_params);
132 /* If how is zero then the included parameters are used.
135 generate_prime (int how, common_info_st * info)
137 int ret;
138 gnutls_dh_params_t dh_params;
139 gnutls_datum_t p, g;
140 int bits = get_bits (GNUTLS_PK_DH, info->bits, info->sec_param);
141 unsigned int q_bits = 0;
143 gnutls_dh_params_init (&dh_params);
145 if (how != 0)
147 fprintf (stderr, "Generating DH parameters (%d bits)...\n", bits);
148 fprintf (stderr, "(might take long time)\n");
150 else
151 fprintf (stderr, "Retrieving DH parameters...\n");
153 if (how != 0)
155 ret = gnutls_dh_params_generate2 (dh_params, bits);
156 if (ret < 0)
158 fprintf (stderr, "Error generating parameters: %s\n",
159 gnutls_strerror (ret));
160 exit (1);
163 ret = gnutls_dh_params_export_raw (dh_params, &p, &g, &q_bits);
164 if (ret < 0)
166 fprintf (stderr, "Error exporting parameters: %s\n",
167 gnutls_strerror (ret));
168 exit (1);
171 else
173 #ifdef ENABLE_SRP
174 if (bits <= 1024)
176 p = gnutls_srp_1024_group_prime;
177 g = gnutls_srp_1024_group_generator;
178 bits = 1024;
180 else if (bits <= 1536)
182 p = gnutls_srp_1536_group_prime;
183 g = gnutls_srp_1536_group_generator;
184 bits = 1536;
186 else if (bits <= 2048)
188 p = gnutls_srp_2048_group_prime;
189 g = gnutls_srp_2048_group_generator;
190 bits = 2048;
192 else if (bits <= 3072)
194 p = gnutls_srp_3072_group_prime;
195 g = gnutls_srp_3072_group_generator;
196 bits = 3072;
198 else
200 p = gnutls_srp_4096_group_prime;
201 g = gnutls_srp_4096_group_generator;
202 bits = 4096;
205 ret = gnutls_dh_params_import_raw (dh_params, &p, &g);
206 if (ret < 0)
208 fprintf (stderr, "Error exporting parameters: %s\n",
209 gnutls_strerror (ret));
210 exit (1);
212 #else
213 fprintf (stderr, "Parameters unavailable as SRP is disabled.\n");
214 exit (1);
215 #endif
218 print_dh_info (&p, &g, q_bits);
220 { /* generate a PKCS#3 structure */
221 size_t len = buffer_size;
223 ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
224 buffer, &len);
226 if (ret == 0)
228 fprintf (outfile, "\n%s", buffer);
230 else
232 fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
237 gnutls_dh_params_deinit(dh_params);
239 return 0;