search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
doc update
[gnutls.git] / src / dh.c
blob88845bf2317d99f6e199308e27f1236c966eec1e
1 /*
2 * Copyright (C) 2001-2012 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuTLS.
5 *
6 * GnuTLS is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuTLS is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see
18 * <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22
23 #include <stdio.h>
24 #include <string.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <gnutls/gnutls.h>
28 #include <read-file.h>
29 #include <certtool-common.h>
30
31 /* Generates Diffie-Hellman parameters (a prime and a generator
32 * of the group). Exports them in PKCS #3 format. Used by certtool.
33 */
34
35 extern FILE *outfile;
36 extern FILE *infile;
37
38 static void
39 print_dh_info (gnutls_datum_t * p, gnutls_datum_t * g, unsigned int q_bits)
40 {
41 unsigned int i;
42
43 fprintf (outfile, "\nGenerator (%d bits): ", g->size*8);
44
45 for (i = 0; i < g->size; i++)
46 {
47 if (i != 0 && i % 12 == 0)
48 fprintf (outfile, "\n\t");
49 else if (i != 0 && i != g->size)
50 fprintf (outfile, ":");
51
52 fprintf (outfile, "%.2x", g->data[i]);
53 }
54
55 fprintf (outfile, "\n\n");
56
57 /* print prime */
58
59 fprintf (outfile, "Prime (%d bits):", p->size*8);
60
61 for (i = 0; i < p->size; i++)
62 {
63 if (i % 12 == 0)
64 fprintf (outfile, "\n\t");
65 else if (i != 0 && i != p->size)
66 fprintf (outfile, ":");
67 fprintf (outfile, "%.2x", p->data[i]);
68 }
69
70 if (q_bits > 0)
71 fprintf (outfile, "\n\nRecommended key length: %d bits\n", q_bits);
72 fprintf (outfile, "\n");
73
74 }
75
76 void dh_info (common_info_st * ci)
77 {
78 gnutls_datum_t params;
79 size_t size;
80 int ret;
81 gnutls_dh_params_t dh_params;
82 gnutls_datum_t p, g;
83 unsigned int q_bits = 0;
84
85 if (gnutls_dh_params_init (&dh_params) < 0)
86 {
87 fprintf (stderr, "Error in dh parameter initialization\n");
88 exit (1);
89 }
90
91 params.data = (void*)fread_file (infile, &size);
92 params.size = size;
93
94 ret =
95 gnutls_dh_params_import_pkcs3 (dh_params, &params, GNUTLS_X509_FMT_PEM);
96 if (ret < 0)
97 {
98 fprintf (stderr, "Error parsing dh params: %s\n", gnutls_strerror (ret));
99 exit (1);
100 }
101
102 ret = gnutls_dh_params_export_raw (dh_params, &p, &g, &q_bits);
103 if (ret < 0)
104 {
105 fprintf (stderr, "Error exporting parameters: %s\n",
106 gnutls_strerror (ret));
107 exit (1);
108 }
109
110 print_dh_info (&p, &g, q_bits);
111
112 { /* generate a PKCS#3 structure */
113 size_t len = buffer_size;
114
115 ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
116 buffer, &len);
117
118 if (ret == 0)
119 {
120 fprintf (outfile, "\n%s", buffer);
121 }
122 else
123 {
124 fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
125 }
126
127 }
128
129 gnutls_dh_params_deinit(dh_params);
130 }
131
132 /* If how is zero then the included parameters are used.
133 */
134 int
135 generate_prime (int how, common_info_st * info)
136 {
137 int ret;
138 gnutls_dh_params_t dh_params;
139 gnutls_datum_t p, g;
140 int bits = get_bits (GNUTLS_PK_DH, info->bits, info->sec_param);
141 unsigned int q_bits = 0;
142
143 gnutls_dh_params_init (&dh_params);
144
145 if (how != 0)
146 {
147 fprintf (stderr, "Generating DH parameters (%d bits)...\n", bits);
148 fprintf (stderr, "(might take long time)\n");
149 }
150 else
151 fprintf (stderr, "Retrieving DH parameters...\n");
152
153 if (how != 0)
154 {
155 ret = gnutls_dh_params_generate2 (dh_params, bits);
156 if (ret < 0)
157 {
158 fprintf (stderr, "Error generating parameters: %s\n",
159 gnutls_strerror (ret));
160 exit (1);
161 }
162
163 ret = gnutls_dh_params_export_raw (dh_params, &p, &g, &q_bits);
164 if (ret < 0)
165 {
166 fprintf (stderr, "Error exporting parameters: %s\n",
167 gnutls_strerror (ret));
168 exit (1);
169 }
170 }
171 else
172 {
173 #ifdef ENABLE_SRP
174 if (bits <= 1024)
175 {
176 p = gnutls_srp_1024_group_prime;
177 g = gnutls_srp_1024_group_generator;
178 bits = 1024;
179 }
180 else if (bits <= 1536)
181 {
182 p = gnutls_srp_1536_group_prime;
183 g = gnutls_srp_1536_group_generator;
184 bits = 1536;
185 }
186 else if (bits <= 2048)
187 {
188 p = gnutls_srp_2048_group_prime;
189 g = gnutls_srp_2048_group_generator;
190 bits = 2048;
191 }
192 else if (bits <= 3072)
193 {
194 p = gnutls_srp_3072_group_prime;
195 g = gnutls_srp_3072_group_generator;
196 bits = 3072;
197 }
198 else
199 {
200 p = gnutls_srp_4096_group_prime;
201 g = gnutls_srp_4096_group_generator;
202 bits = 4096;
203 }
204
205 ret = gnutls_dh_params_import_raw (dh_params, &p, &g);
206 if (ret < 0)
207 {
208 fprintf (stderr, "Error exporting parameters: %s\n",
209 gnutls_strerror (ret));
210 exit (1);
211 }
212 #else
213 fprintf (stderr, "Parameters unavailable as SRP is disabled.\n");
214 exit (1);
215 #endif
216 }
217
218 print_dh_info (&p, &g, q_bits);
219
220 { /* generate a PKCS#3 structure */
221 size_t len = buffer_size;
222
223 ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
224 buffer, &len);
225
226 if (ret == 0)
227 {
228 fprintf (outfile, "\n%s", buffer);
229 }
230 else
231 {
232 fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
233 }
234
235 }
236
237 gnutls_dh_params_deinit(dh_params);
238
239 return 0;
240 }
241
Implementation of the SSL/TLS protocol