src/prime.c

   1 /*
   2  * Copyright (C) 2004,2005,2007,2008,2009 Free Software Foundation
   3  * Copyright (C) 2001,2002,2003 Nikos Mavrogiannopoulos
   4  *
   5  * This file is part of GNUTLS.
   6  *
   7  * GNUTLS is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation, either version 3 of the License, or
  10  * (at your option) any later version.
  11  *
  12  * GNUTLS is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU General Public License
  18  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19  */
  20
  21 #include <config.h>
  22
  23 #ifdef ENABLE_PKI
  24
  25 #include <stdio.h>
  26 #include <string.h>
  27 #include <stdlib.h>
  28 #include <unistd.h>
  29 #include <gnutls/gnutls.h>
  30
  31 /* Generates Diffie-Hellman parameters (a prime and a generator
  32  * of the group). Exports them in PKCS #3 format. Used by certtool.
  33  */
  34
  35 extern FILE *outfile;
  36 extern FILE *infile;
  37 extern unsigned char buffer[];
  38 extern const int buffer_size;
  39
  40 static int cparams = 0;
  41
  42 int generate_prime (int bits, int how);
  43
  44 /* If how is zero then the included parameters are used.
  45  */
  46 int
  47 generate_prime (int bits, int how)
  48 {
  49   unsigned int i;
  50   int ret;
  51   gnutls_dh_params_t dh_params;
  52   gnutls_datum_t p, g;
  53
  54   gnutls_dh_params_init (&dh_params);
  55
  56   fprintf (stderr, "Generating DH parameters...");
  57
  58   if (how != 0)
  59     {
  60       ret = gnutls_dh_params_generate2 (dh_params, bits);
  61       if (ret < 0)
  62         {
  63           fprintf (stderr, "Error generating parameters: %s\n",
  64                    gnutls_strerror (ret));
  65           exit (1);
  66         }
  67
  68       ret = gnutls_dh_params_export_raw (dh_params, &p, &g, NULL);
  69       if (ret < 0)
  70         {
  71           fprintf (stderr, "Error exporting parameters: %s\n",
  72                    gnutls_strerror (ret));
  73           exit (1);
  74         }
  75     }
  76   else
  77     {
  78 #ifdef ENABLE_SRP
  79       if (bits <= 1024)
  80         {
  81           p = gnutls_srp_1024_group_prime;
  82           g = gnutls_srp_1024_group_generator;
  83         }
  84       else if (bits <= 1536)
  85         {
  86           p = gnutls_srp_1536_group_prime;
  87           g = gnutls_srp_1536_group_generator;
  88         }
  89       else
  90         {
  91           p = gnutls_srp_2048_group_prime;
  92           g = gnutls_srp_2048_group_generator;
  93         }
  94
  95       ret = gnutls_dh_params_import_raw (dh_params, &p, &g);
  96       if (ret < 0)
  97         {
  98           fprintf (stderr, "Error exporting parameters: %s\n",
  99                    gnutls_strerror (ret));
 100           exit (1);
 101         }
 102 #else
 103       fprintf (stderr, "Parameters unavailable as SRP disabled.\n");
 104 #endif
 105     }
 106
 107   if (cparams)
 108     {
 109
 110       fprintf (outfile, "/* generator */\n");
 111       fprintf (outfile, "\nconst uint8 g[%d] = { ", g.size);
 112
 113       for (i = 0; i < g.size; i++)
 114         {
 115           if (i % 7 == 0)
 116             fprintf (outfile, "\n\t");
 117           fprintf (outfile, "0x%.2x", g.data[i]);
 118           if (i != g.size - 1)
 119             fprintf (outfile, ", ");
 120         }
 121
 122       fprintf (outfile, "\n};\n\n");
 123     }
 124   else
 125     {
 126       fprintf (outfile, "\nGenerator: ");
 127
 128       for (i = 0; i < g.size; i++)
 129         {
 130           if (i != 0 && i % 12 == 0)
 131             fprintf (outfile, "\n\t");
 132           else if (i != 0 && i != g.size)
 133             fprintf (outfile, ":");
 134
 135           fprintf (outfile, "%.2x", g.data[i]);
 136         }
 137
 138       fprintf (outfile, "\n\n");
 139     }
 140
 141   /* print prime */
 142
 143   if (cparams)
 144     {
 145       fprintf (outfile, "/* prime - %d bits */\n", p.size * 8);
 146       fprintf (outfile, "\nconst uint8 prime[%d] = { ", p.size);
 147
 148       for (i = 0; i < p.size; i++)
 149         {
 150           if (i % 7 == 0)
 151             fprintf (outfile, "\n\t");
 152           fprintf (outfile, "0x%.2x", p.data[i]);
 153           if (i != p.size - 1)
 154             fprintf (outfile, ", ");
 155         }
 156
 157       fprintf (outfile, "\n};\n");
 158     }
 159   else
 160     {
 161       fprintf (outfile, "Prime: ");
 162
 163       for (i = 0; i < p.size; i++)
 164         {
 165           if (i != 0 && i % 12 == 0)
 166             fprintf (outfile, "\n\t");
 167           else if (i != 0 && i != p.size)
 168             fprintf (outfile, ":");
 169           fprintf (outfile, "%.2x", p.data[i]);
 170         }
 171
 172       fprintf (outfile, "\n\n");
 173
 174     }
 175
 176   if (!cparams)
 177     {                           /* generate a PKCS#3 structure */
 178
 179       size_t len = buffer_size;
 180
 181       ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
 182                                            buffer, &len);
 183
 184       if (ret == 0)
 185         {
 186           fprintf (outfile, "\n%s", buffer);
 187         }
 188       else
 189         {
 190           fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
 191         }
 192
 193     }
 194
 195   return 0;
 196 }
 197
 198 #endif