void dh_info(FILE * infile, FILE * outfile, common_info_st * ci) { gnutls_datum_t params; size_t size; int ret; gnutls_dh_params_t dh_params; gnutls_datum_t p, g; unsigned int q_bits = 0; if (gnutls_dh_params_init(&dh_params) < 0) { fprintf(stderr, "Error in dh parameter initialization\n"); exit(1); } params.data = (void *) fread_file(infile, &size); params.size = size; ret = gnutls_dh_params_import_pkcs3(dh_params, ¶ms, ci->incert_format); if (ret < 0) { fprintf(stderr, "Error parsing dh params: %s\n", gnutls_strerror(ret)); exit(1); } ret = gnutls_dh_params_export_raw(dh_params, &p, &g, &q_bits); if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); exit(1); } if (ci->outcert_format == GNUTLS_X509_FMT_PEM) print_dh_info(outfile, &p, &g, q_bits, ci->cprint); if (!ci->cprint) { /* generate a PKCS#3 structure */ size_t len = buffer_size; ret = gnutls_dh_params_export_pkcs3(dh_params, ci->outcert_format, buffer, &len); if (ret == 0) { if (ci->outcert_format == GNUTLS_X509_FMT_PEM) { fprintf(outfile, "\n%s", buffer); } else { fwrite(buffer, 1, len, outfile); } } else { fprintf(stderr, "Error: %s\n", gnutls_strerror(ret)); } } gnutls_dh_params_deinit(dh_params); }
void doit(void) { gnutls_dh_params_t dh_params; gnutls_x509_privkey_t privkey; gnutls_datum_t p1, g1, p2, g2, q; unsigned bits = 0; int ret; /* import DH parameters from DSA key and verify they are the same */ gnutls_dh_params_init(&dh_params); gnutls_x509_privkey_init(&privkey); ret = gnutls_x509_privkey_import(privkey, &dsa_key, GNUTLS_X509_FMT_PEM); if (ret < 0) fail("error in %s: %d\n", __FILE__, __LINE__); ret = gnutls_dh_params_import_dsa(dh_params, privkey); if (ret < 0) fail("error in %s: %d\n", __FILE__, __LINE__); ret = gnutls_dh_params_export_raw(dh_params, &p1, &g1, &bits); if (ret < 0) fail("error in %s: %d\n", __FILE__, __LINE__); ret = gnutls_x509_privkey_export_dsa_raw(privkey, &p2, &q, &g2, NULL, NULL); if (ret < 0) fail("error in %s: %d\n", __FILE__, __LINE__); if (bits > q.size*8 || bits < q.size*8-8) fail("error in %s: %d\n", __FILE__, __LINE__); if (compare(&p1, &p2) != 0) fail("error in %s: %d\n", __FILE__, __LINE__); if (compare(&g1, &g2) != 0) fail("error in %s: %d\n", __FILE__, __LINE__); gnutls_free(p1.data); gnutls_free(g1.data); gnutls_free(p2.data); gnutls_free(g2.data); gnutls_free(q.data); gnutls_dh_params_deinit(dh_params); gnutls_x509_privkey_deinit(privkey); success("all ok\n"); }
/* If how is zero then the included parameters are used. */ int generate_prime(FILE * outfile, int how, common_info_st * info) { int ret; gnutls_dh_params_t dh_params; gnutls_datum_t p, g; int bits = get_bits(GNUTLS_PK_DH, info->bits, info->sec_param, 1); unsigned int q_bits = 0; gnutls_dh_params_init(&dh_params); if (how != 0) { fprintf(stderr, "Generating DH parameters (%d bits)...\n", bits); fprintf(stderr, "(might take long time)\n"); } else fprintf(stderr, "Retrieving DH parameters...\n"); if (how != 0) { ret = gnutls_dh_params_generate2(dh_params, bits); if (ret < 0) { fprintf(stderr, "Error generating parameters: %s\n", gnutls_strerror(ret)); exit(1); } ret = gnutls_dh_params_export_raw(dh_params, &p, &g, &q_bits); if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); exit(1); } } else { #ifdef ENABLE_SRP if (bits <= 1024) { p = gnutls_srp_1024_group_prime; g = gnutls_srp_1024_group_generator; bits = 1024; } else if (bits <= 1536) { p = gnutls_srp_1536_group_prime; g = gnutls_srp_1536_group_generator; bits = 1536; } else if (bits <= 2048) { p = gnutls_srp_2048_group_prime; g = gnutls_srp_2048_group_generator; bits = 2048; } else if (bits <= 3072) { p = gnutls_srp_3072_group_prime; g = gnutls_srp_3072_group_generator; bits = 3072; } else { p = gnutls_srp_4096_group_prime; g = gnutls_srp_4096_group_generator; bits = 4096; } ret = gnutls_dh_params_import_raw(dh_params, &p, &g); if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); exit(1); } #else fprintf(stderr, "Parameters unavailable as SRP is disabled.\n"); exit(1); #endif } print_dh_info(outfile, &p, &g, q_bits, info->cprint); if (!info->cprint) { /* generate a PKCS#3 structure */ size_t len = buffer_size; ret = gnutls_dh_params_export_pkcs3(dh_params, GNUTLS_X509_FMT_PEM, buffer, &len); if (ret == 0) { fprintf(outfile, "\n%s", buffer); } else { fprintf(stderr, "Error: %s\n", gnutls_strerror(ret)); } } gnutls_dh_params_deinit(dh_params); return 0; }
/* If how is zero then the included parameters are used. */ int generate_prime (int bits, int how) { unsigned int i; int ret; gnutls_dh_params dh_params; gnutls_datum p, g; gnutls_dh_params_init (&dh_params); fprintf (stderr, "Generating DH parameters..."); if (how != 0) { ret = gnutls_dh_params_generate2 (dh_params, bits); if (ret < 0) { fprintf (stderr, "Error generating parameters: %s\n", gnutls_strerror (ret)); exit (1); } ret = gnutls_dh_params_export_raw (dh_params, &p, &g, NULL); if (ret < 0) { fprintf (stderr, "Error exporting parameters: %s\n", gnutls_strerror (ret)); exit (1); } } else { #ifdef ENABLE_SRP if (bits <= 1024) { p = gnutls_srp_1024_group_prime; g = gnutls_srp_1024_group_generator; } else if (bits <= 1536) { p = gnutls_srp_1536_group_prime; g = gnutls_srp_1536_group_generator; } else { p = gnutls_srp_2048_group_prime; g = gnutls_srp_2048_group_generator; } ret = gnutls_dh_params_import_raw (dh_params, &p, &g); if (ret < 0) { fprintf (stderr, "Error exporting parameters: %s\n", gnutls_strerror (ret)); exit (1); } #else fprintf (stderr, "Parameters unavailable as SRP disabled.\n"); #endif } if (cparams) { fprintf (outfile, "/* generator */\n"); fprintf (outfile, "\nconst uint8 g[%d] = { ", g.size); for (i = 0; i < g.size; i++) { if (i % 7 == 0) fprintf (outfile, "\n\t"); fprintf (outfile, "0x%.2x", g.data[i]); if (i != g.size - 1) fprintf (outfile, ", "); } fprintf (outfile, "\n};\n\n"); } else { fprintf (outfile, "\nGenerator: "); for (i = 0; i < g.size; i++) { if (i != 0 && i % 12 == 0) fprintf (outfile, "\n\t"); else if (i != 0 && i != g.size) fprintf (outfile, ":"); fprintf (outfile, "%.2x", g.data[i]); } fprintf (outfile, "\n\n"); } /* print prime */ if (cparams) { fprintf (outfile, "/* prime - %d bits */\n", p.size * 8); fprintf (outfile, "\nconst uint8 prime[%d] = { ", p.size); for (i = 0; i < p.size; i++) { if (i % 7 == 0) fprintf (outfile, "\n\t"); fprintf (outfile, "0x%.2x", p.data[i]); if (i != p.size - 1) fprintf (outfile, ", "); } fprintf (outfile, "\n};\n"); } else { fprintf (outfile, "Prime: "); for (i = 0; i < p.size; i++) { if (i != 0 && i % 12 == 0) fprintf (outfile, "\n\t"); else if (i != 0 && i != p.size) fprintf (outfile, ":"); fprintf (outfile, "%.2x", p.data[i]); } fprintf (outfile, "\n\n"); } if (!cparams) { /* generate a PKCS#3 structure */ int ret; size_t len = buffer_size; ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM, buffer, &len); if (ret == 0) { fprintf (outfile, "\n%s", buffer); } else { fprintf (stderr, "Error: %s\n", gnutls_strerror (ret)); } } return 0; }
/* If how is zero then the included parameters are used. */ int generate_prime(FILE * outfile, int how, common_info_st * info) { int ret; gnutls_dh_params_t dh_params; gnutls_datum_t p, g; int bits = get_bits(GNUTLS_PK_DH, info->bits, info->sec_param, 1); unsigned int q_bits = 0, key_bits = 0; fix_lbuffer(0); gnutls_dh_params_init(&dh_params); if (how != 0) { fprintf(stderr, "Generating DH parameters (%d bits)...\n", bits); fprintf(stderr, "(might take long time)\n"); } else fprintf(stderr, "Retrieving DH parameters...\n"); if (how != 0) { if (info->provable != 0) { gnutls_x509_privkey_t pkey; unsigned save; ret = gnutls_x509_privkey_init(&pkey); if (ret < 0) { fprintf(stderr, "Error initializing key: %s\n", gnutls_strerror(ret)); exit(1); } if (info->seed_size > 0) { gnutls_keygen_data_st data; if (info->seed_size < 32) { fprintf(stderr, "For DH parameter generation a 32-byte seed value or larger is expected (have: %d); use -d 2 for more information.\n", (int)info->seed_size); exit(1); } data.type = GNUTLS_KEYGEN_SEED; data.data = (void*)info->seed; data.size = info->seed_size; ret = gnutls_x509_privkey_generate2(pkey, GNUTLS_PK_DSA, bits, GNUTLS_PRIVKEY_FLAG_PROVABLE, &data, 1); } else { ret = gnutls_x509_privkey_generate(pkey, GNUTLS_PK_DSA, bits, GNUTLS_PRIVKEY_FLAG_PROVABLE); } if (ret < 0) { fprintf(stderr, "Error generating DSA parameters: %s\n", gnutls_strerror(ret)); exit(1); } if (info->outcert_format == GNUTLS_X509_FMT_PEM) { save = info->no_compat; info->no_compat = 1; print_private_key(outfile, info, pkey); info->no_compat = save; } ret = gnutls_dh_params_import_dsa(dh_params, pkey); if (ret < 0) { fprintf(stderr, "Error importing DSA parameters: %s\n", gnutls_strerror(ret)); exit(1); } gnutls_x509_privkey_deinit(pkey); } else { ret = gnutls_dh_params_generate2(dh_params, bits); if (ret < 0) { fprintf(stderr, "Error generating parameters: %s\n", gnutls_strerror(ret)); exit(1); } } ret = gnutls_dh_params_export_raw(dh_params, &p, &g, &q_bits); if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); exit(1); } } else { if (info->provable != 0) { fprintf(stderr, "The DH parameters obtained via this option are not provable\n"); exit(1); } #if defined(ENABLE_DHE) || defined(ENABLE_ANON) if (bits <= 2048) { p = gnutls_ffdhe_2048_group_prime; g = gnutls_ffdhe_2048_group_generator; key_bits = gnutls_ffdhe_2048_key_bits; bits = 2048; } else if (bits <= 3072) { p = gnutls_ffdhe_3072_group_prime; g = gnutls_ffdhe_3072_group_generator; key_bits = gnutls_ffdhe_3072_key_bits; bits = 3072; } else if (bits <= 4096) { p = gnutls_ffdhe_4096_group_prime; g = gnutls_ffdhe_4096_group_generator; key_bits = gnutls_ffdhe_4096_key_bits; bits = 4096; } else { p = gnutls_ffdhe_8192_group_prime; g = gnutls_ffdhe_8192_group_generator; key_bits = gnutls_ffdhe_8192_key_bits; bits = 8192; } ret = gnutls_dh_params_import_raw2(dh_params, &p, &g, key_bits); if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); exit(1); } #elif defined(ENABLE_SRP) if (bits <= 1024) { p = gnutls_srp_1024_group_prime; g = gnutls_srp_1024_group_generator; bits = 1024; } else if (bits <= 1536) { p = gnutls_srp_1536_group_prime; g = gnutls_srp_1536_group_generator; bits = 1536; } else if (bits <= 2048) { p = gnutls_srp_2048_group_prime; g = gnutls_srp_2048_group_generator; bits = 2048; } else if (bits <= 3072) { p = gnutls_srp_3072_group_prime; g = gnutls_srp_3072_group_generator; bits = 3072; } else { p = gnutls_srp_4096_group_prime; g = gnutls_srp_4096_group_generator; bits = 4096; } ret = gnutls_dh_params_import_raw(dh_params, &p, &g); if (ret < 0) { fprintf(stderr, "Error exporting parameters: %s\n", gnutls_strerror(ret)); exit(1); } #else fprintf(stderr, "Parameters unavailable as SRP is disabled.\n"); exit(1); #endif } if (info->outcert_format == GNUTLS_X509_FMT_PEM) print_dh_info(outfile, &p, &g, q_bits, info->cprint); if (!info->cprint) { /* generate a PKCS#3 structure */ size_t len = lbuffer_size; ret = gnutls_dh_params_export_pkcs3(dh_params, info->outcert_format, lbuffer, &len); if (ret == 0) { if (info->outcert_format == GNUTLS_X509_FMT_PEM) fprintf(outfile, "\n%s", lbuffer); else fwrite(lbuffer, 1, len, outfile); } else { fprintf(stderr, "Error: %s\n", gnutls_strerror(ret)); } } if (how != 0) { gnutls_free(p.data); gnutls_free(g.data); } gnutls_dh_params_deinit(dh_params); return 0; }
void dh_params::export_raw (gnutls_datum_t & prime, gnutls_datum_t & generator) { RETWRAP (gnutls_dh_params_export_raw (params, &prime, &generator, NULL)); }