src/prime.c

   1 /*
   2  * Copyright (C) 2004,2005 Free Software Foundation
   3  * Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
   4  *
   5  * This file is part of GNUTLS.
   6  *
   7  * GNUTLS is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation; either version 2 of the License, or
  10  * (at your option) any later version.
  11  *
  12  * GNUTLS is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU General Public License
  18  * along with this program; if not, write to the Free Software
  19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  20  */
  21
  22 #include <config.h>
  23
  24 #ifdef ENABLE_PKI
  25
  26 #include <stdio.h>
  27 #include <string.h>
  28 #include <stdlib.h>
  29 #include <unistd.h>
  30 #include <gnutls/gnutls.h>
  31
  32 /* Generates Diffie Hellman parameters (a prime and a generator
  33  * of the group). Exports them in PKCS #3 format. Used by certtool.
  34  */
  35
  36 extern FILE *outfile;
  37 extern FILE *infile;
  38 extern unsigned char buffer[];
  39 extern const int buffer_size;
  40
  41 static int cparams = 0;
  42
  43 /* If how is zero then the included parameters are used.
  44  */
  45 int
  46 generate_prime (int bits, int how)
  47 {
  48   unsigned int i;
  49   int ret;
  50   gnutls_dh_params dh_params;
  51   gnutls_datum p, g;
  52
  53   gnutls_dh_params_init (&dh_params);
  54
  55   fprintf (stderr, "Generating DH parameters...");
  56
  57   if (how != 0)
  58     {
  59       ret = gnutls_dh_params_generate2 (dh_params, bits);
  60       if (ret < 0)
  61         {
  62           fprintf (stderr, "Error generating parameters: %s\n",
  63                    gnutls_strerror (ret));
  64           exit (1);
  65         }
  66
  67       ret = gnutls_dh_params_export_raw (dh_params, &p, &g, NULL);
  68       if (ret < 0)
  69         {
  70           fprintf (stderr, "Error exporting parameters: %s\n",
  71                    gnutls_strerror (ret));
  72           exit (1);
  73         }
  74     }
  75   else
  76     {
  77 #ifdef ENABLE_SRP
  78       if (bits <= 1024)
  79         {
  80           p = gnutls_srp_1024_group_prime;
  81           g = gnutls_srp_1024_group_generator;
  82         }
  83       else if (bits <= 1536)
  84         {
  85           p = gnutls_srp_1536_group_prime;
  86           g = gnutls_srp_1536_group_generator;
  87         }
  88       else
  89         {
  90           p = gnutls_srp_2048_group_prime;
  91           g = gnutls_srp_2048_group_generator;
  92         }
  93
  94       ret = gnutls_dh_params_import_raw (dh_params, &p, &g);
  95       if (ret < 0)
  96         {
  97           fprintf (stderr, "Error exporting parameters: %s\n",
  98                    gnutls_strerror (ret));
  99           exit (1);
 100         }
 101 #else
 102       fprintf (stderr, "Parameters unavailable as SRP disabled.\n");
 103 #endif
 104     }
 105
 106   if (cparams)
 107     {
 108
 109       fprintf (outfile, "/* generator */\n");
 110       fprintf (outfile, "\nconst uint8 g[%d] = { ", g.size);
 111
 112       for (i = 0; i < g.size; i++)
 113         {
 114           if (i % 7 == 0)
 115             fprintf (outfile, "\n\t");
 116           fprintf (outfile, "0x%.2x", g.data[i]);
 117           if (i != g.size - 1)
 118             fprintf (outfile, ", ");
 119         }
 120
 121       fprintf (outfile, "\n};\n\n");
 122     }
 123   else
 124     {
 125       fprintf (outfile, "\nGenerator: ");
 126
 127       for (i = 0; i < g.size; i++)
 128         {
 129           if (i != 0 && i % 12 == 0)
 130             fprintf (outfile, "\n\t");
 131           else if (i != 0 && i != g.size)
 132             fprintf (outfile, ":");
 133
 134           fprintf (outfile, "%.2x", g.data[i]);
 135         }
 136
 137       fprintf (outfile, "\n\n");
 138     }
 139
 140   /* print prime */
 141
 142   if (cparams)
 143     {
 144       fprintf (outfile, "/* prime - %d bits */\n", p.size * 8);
 145       fprintf (outfile, "\nconst uint8 prime[%d] = { ", p.size);
 146
 147       for (i = 0; i < p.size; i++)
 148         {
 149           if (i % 7 == 0)
 150             fprintf (outfile, "\n\t");
 151           fprintf (outfile, "0x%.2x", p.data[i]);
 152           if (i != p.size - 1)
 153             fprintf (outfile, ", ");
 154         }
 155
 156       fprintf (outfile, "\n};\n");
 157     }
 158   else
 159     {
 160       fprintf (outfile, "Prime: ");
 161
 162       for (i = 0; i < p.size; i++)
 163         {
 164           if (i != 0 && i % 12 == 0)
 165             fprintf (outfile, "\n\t");
 166           else if (i != 0 && i != p.size)
 167             fprintf (outfile, ":");
 168           fprintf (outfile, "%.2x", p.data[i]);
 169         }
 170
 171       fprintf (outfile, "\n\n");
 172
 173     }
 174
 175   if (!cparams)
 176     {                           /* generate a PKCS#3 structure */
 177
 178       int ret;
 179       size_t len = buffer_size;
 180
 181       ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
 182                                            buffer, &len);
 183
 184       if (ret == 0)
 185         {
 186           fprintf (outfile, "\n%s", buffer);
 187         }
 188       else
 189         {
 190           fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
 191         }
 192
 193     }
 194
 195   return 0;
 196 }
 197
 198 #endif