/*
* call-seq:
* dh.public_key -> aDH
*
* Returns a new DH instance that carries just the public information, i.e.
* the prime +p+ and the generator +g+, but no public/private key yet. Such
* a pair may be generated using DH#generate_key!. The "public key" needed
* for a key exchange with DH#compute_key is considered as per-session
* information and may be retrieved with DH#pub_key once a key pair has
* been generated.
* If the current instance already contains private information (and thus a
* valid public/private key pair), this information will no longer be present
* in the new instance generated by DH#public_key. This feature is helpful for
* publishing the Diffie-Hellman parameters without leaking any of the private
* per-session information.
*
* === Example
* dh = OpenSSL::PKey::DH.new(2048) # has public and private key set
* public_key = dh.public_key # contains only prime and generator
* parameters = public_key.to_der # it's safe to publish this
*/
static VALUE
ossl_dh_to_public_key(VALUE self)
{
DH *orig_dh, *dh;
VALUE obj;
GetDH(self, orig_dh);
dh = DHparams_dup(orig_dh); /* err check perfomed by dh_instance */
obj = dh_instance(CLASS_OF(self), dh);
if (obj == Qfalse) {
DH_free(dh);
ossl_raise(eDHError, NULL);
}
return obj;
}
/*
* call-seq:
* dh.public_key -> aDH
*
* Returns a new DH instance that carries just the public information, i.e.
* the prime +p+ and the generator +g+, but no public/private key yet. Such
* a pair may be generated using DH#generate_key!. The "public key" needed
* for a key exchange with DH#compute_key is considered as per-session
* information and may be retrieved with DH#pub_key once a key pair has
* been generated.
* If the current instance already contains private information (and thus a
* valid public/private key pair), this information will no longer be present
* in the new instance generated by DH#public_key. This feature is helpful for
* publishing the Diffie-Hellman parameters without leaking any of the private
* per-session information.
*
* === Example
* dh = OpenSSL::PKey::DH.new(2048) # has public and private key set
* public_key = dh.public_key # contains only prime and generator
* parameters = public_key.to_der # it's safe to publish this
*/
static VALUE
ossl_dh_to_public_key(VALUE self)
{
EVP_PKEY *pkey;
DH *dh;
VALUE obj;
GetPKeyDH(self, pkey);
dh = DHparams_dup(pkey->pkey.dh); /* err check perfomed by dh_instance */
obj = dh_instance(CLASS_OF(self), dh);
if (obj == Qfalse) {
DH_free(dh);
ossl_raise(eDHError, NULL);
}
return obj;
}
/*
* call-seq:
* DH.generate(size [, generator]) -> dh
*
* Creates a new DH instance from scratch by generating the private and public
* components alike.
*
* === Parameters
* * +size+ is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure.
* * +generator+ is a small number > 1, typically 2 or 5.
*
*/
static VALUE
ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass)
{
DH *dh ;
int g = 2;
VALUE size, gen, obj;
if (rb_scan_args(argc, argv, "11", &size, &gen) == 2) {
g = NUM2INT(gen);
}
dh = dh_generate(NUM2INT(size), g);
obj = dh_instance(klass, dh);
if (obj == Qfalse) {
DH_free(dh);
ossl_raise(eDHError, NULL);
}
return obj;
}
VALUE
ossl_dh_new(EVP_PKEY *pkey)
{
VALUE obj;
if (!pkey) {
obj = dh_instance(cDH, DH_new());
} else {
if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) {
ossl_raise(rb_eTypeError, "Not a DH key!");
}
WrapPKey(cDH, obj, pkey);
}
if (obj == Qfalse) {
ossl_raise(eDHError, NULL);
}
return obj;
}
VALUE
ossl_dh_new(EVP_PKEY *pkey)
{
VALUE obj;
if (!pkey) {
obj = dh_instance(cDH, DH_new());
} else {
obj = NewPKey(cDH);
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) {
ossl_raise(rb_eTypeError, "Not a DH key!");
}
SetPKey(obj, pkey);
}
if (obj == Qfalse) {
ossl_raise(eDHError, NULL);
}
return obj;
}
