/* * call-seq: * dh.public_key -> aDH * * Returns a new DH instance that carries just the public information, i.e. * the prime +p+ and the generator +g+, but no public/private key yet. Such * a pair may be generated using DH#generate_key!. The "public key" needed * for a key exchange with DH#compute_key is considered as per-session * information and may be retrieved with DH#pub_key once a key pair has * been generated. * If the current instance already contains private information (and thus a * valid public/private key pair), this information will no longer be present * in the new instance generated by DH#public_key. This feature is helpful for * publishing the Diffie-Hellman parameters without leaking any of the private * per-session information. * * === Example * dh = OpenSSL::PKey::DH.new(2048) # has public and private key set * public_key = dh.public_key # contains only prime and generator * parameters = public_key.to_der # it's safe to publish this */ static VALUE ossl_dh_to_public_key(VALUE self) { DH *orig_dh, *dh; VALUE obj; GetDH(self, orig_dh); dh = DHparams_dup(orig_dh); /* err check perfomed by dh_instance */ obj = dh_instance(CLASS_OF(self), dh); if (obj == Qfalse) { DH_free(dh); ossl_raise(eDHError, NULL); } return obj; }
/* * call-seq: * dh.public_key -> aDH * * Returns a new DH instance that carries just the public information, i.e. * the prime +p+ and the generator +g+, but no public/private key yet. Such * a pair may be generated using DH#generate_key!. The "public key" needed * for a key exchange with DH#compute_key is considered as per-session * information and may be retrieved with DH#pub_key once a key pair has * been generated. * If the current instance already contains private information (and thus a * valid public/private key pair), this information will no longer be present * in the new instance generated by DH#public_key. This feature is helpful for * publishing the Diffie-Hellman parameters without leaking any of the private * per-session information. * * === Example * dh = OpenSSL::PKey::DH.new(2048) # has public and private key set * public_key = dh.public_key # contains only prime and generator * parameters = public_key.to_der # it's safe to publish this */ static VALUE ossl_dh_to_public_key(VALUE self) { EVP_PKEY *pkey; DH *dh; VALUE obj; GetPKeyDH(self, pkey); dh = DHparams_dup(pkey->pkey.dh); /* err check perfomed by dh_instance */ obj = dh_instance(CLASS_OF(self), dh); if (obj == Qfalse) { DH_free(dh); ossl_raise(eDHError, NULL); } return obj; }
/* * call-seq: * DH.generate(size [, generator]) -> dh * * Creates a new DH instance from scratch by generating the private and public * components alike. * * === Parameters * * +size+ is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure. * * +generator+ is a small number > 1, typically 2 or 5. * */ static VALUE ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass) { DH *dh ; int g = 2; VALUE size, gen, obj; if (rb_scan_args(argc, argv, "11", &size, &gen) == 2) { g = NUM2INT(gen); } dh = dh_generate(NUM2INT(size), g); obj = dh_instance(klass, dh); if (obj == Qfalse) { DH_free(dh); ossl_raise(eDHError, NULL); } return obj; }
VALUE ossl_dh_new(EVP_PKEY *pkey) { VALUE obj; if (!pkey) { obj = dh_instance(cDH, DH_new()); } else { if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) { ossl_raise(rb_eTypeError, "Not a DH key!"); } WrapPKey(cDH, obj, pkey); } if (obj == Qfalse) { ossl_raise(eDHError, NULL); } return obj; }
VALUE ossl_dh_new(EVP_PKEY *pkey) { VALUE obj; if (!pkey) { obj = dh_instance(cDH, DH_new()); } else { obj = NewPKey(cDH); if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { ossl_raise(rb_eTypeError, "Not a DH key!"); } SetPKey(obj, pkey); } if (obj == Qfalse) { ossl_raise(eDHError, NULL); } return obj; }