src/prime.c

   1 /*
   2  * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
   3  * 2010  Free Software Foundation, Inc.
   4  *
   5  * This file is part of GNUTLS.
   6  *
   7  * GNUTLS is free software: you can redistribute it and/or modify it
   8  * under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation, either version 3 of the License, or
  10  * (at your option) any later version.
  11  *
  12  * GNUTLS is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15  * General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU General Public License
  18  * along with this program.  If not, see
  19  * <http://www.gnu.org/licenses/>.
  20  */
  21
  22 #include <config.h>
  23
  24 #ifdef ENABLE_PKI
  25
  26 #include <stdio.h>
  27 #include <string.h>
  28 #include <stdlib.h>
  29 #include <unistd.h>
  30 #include <gnutls/gnutls.h>
  31
  32 /* Generates Diffie-Hellman parameters (a prime and a generator
  33  * of the group). Exports them in PKCS #3 format. Used by certtool.
  34  */
  35
  36 extern FILE *outfile;
  37 extern FILE *infile;
  38 extern unsigned char buffer[];
  39 extern const int buffer_size;
  40
  41 static int cparams = 0;
  42
  43 int generate_prime (int bits, int how);
  44
  45 /* If how is zero then the included parameters are used.
  46  */
  47 int
  48 generate_prime (int bits, int how)
  49 {
  50   unsigned int i;
  51   int ret;
  52   gnutls_dh_params_t dh_params;
  53   gnutls_datum_t p, g;
  54
  55   gnutls_dh_params_init (&dh_params);
  56
  57   fprintf (stderr, "Generating DH parameters...");
  58
  59   if (how != 0)
  60     {
  61       ret = gnutls_dh_params_generate2 (dh_params, bits);
  62       if (ret < 0)
  63         {
  64           fprintf (stderr, "Error generating parameters: %s\n",
  65                    gnutls_strerror (ret));
  66           exit (1);
  67         }
  68
  69       ret = gnutls_dh_params_export_raw (dh_params, &p, &g, NULL);
  70       if (ret < 0)
  71         {
  72           fprintf (stderr, "Error exporting parameters: %s\n",
  73                    gnutls_strerror (ret));
  74           exit (1);
  75         }
  76     }
  77   else
  78     {
  79 #ifdef ENABLE_SRP
  80       if (bits <= 1024)
  81         {
  82           p = gnutls_srp_1024_group_prime;
  83           g = gnutls_srp_1024_group_generator;
  84         }
  85       else if (bits <= 1536)
  86         {
  87           p = gnutls_srp_1536_group_prime;
  88           g = gnutls_srp_1536_group_generator;
  89         }
  90       else
  91         {
  92           p = gnutls_srp_2048_group_prime;
  93           g = gnutls_srp_2048_group_generator;
  94         }
  95
  96       ret = gnutls_dh_params_import_raw (dh_params, &p, &g);
  97       if (ret < 0)
  98         {
  99           fprintf (stderr, "Error exporting parameters: %s\n",
 100                    gnutls_strerror (ret));
 101           exit (1);
 102         }
 103 #else
 104       fprintf (stderr, "Parameters unavailable as SRP disabled.\n");
 105 #endif
 106     }
 107
 108   if (cparams)
 109     {
 110
 111       fprintf (outfile, "/* generator */\n");
 112       fprintf (outfile, "\nconst uint8 g[%d] = { ", g.size);
 113
 114       for (i = 0; i < g.size; i++)
 115         {
 116           if (i % 7 == 0)
 117             fprintf (outfile, "\n\t");
 118           fprintf (outfile, "0x%.2x", g.data[i]);
 119           if (i != g.size - 1)
 120             fprintf (outfile, ", ");
 121         }
 122
 123       fprintf (outfile, "\n};\n\n");
 124     }
 125   else
 126     {
 127       fprintf (outfile, "\nGenerator: ");
 128
 129       for (i = 0; i < g.size; i++)
 130         {
 131           if (i != 0 && i % 12 == 0)
 132             fprintf (outfile, "\n\t");
 133           else if (i != 0 && i != g.size)
 134             fprintf (outfile, ":");
 135
 136           fprintf (outfile, "%.2x", g.data[i]);
 137         }
 138
 139       fprintf (outfile, "\n\n");
 140     }
 141
 142   /* print prime */
 143
 144   if (cparams)
 145     {
 146       fprintf (outfile, "/* prime - %d bits */\n", p.size * 8);
 147       fprintf (outfile, "\nconst uint8 prime[%d] = { ", p.size);
 148
 149       for (i = 0; i < p.size; i++)
 150         {
 151           if (i % 7 == 0)
 152             fprintf (outfile, "\n\t");
 153           fprintf (outfile, "0x%.2x", p.data[i]);
 154           if (i != p.size - 1)
 155             fprintf (outfile, ", ");
 156         }
 157
 158       fprintf (outfile, "\n};\n");
 159     }
 160   else
 161     {
 162       fprintf (outfile, "Prime: ");
 163
 164       for (i = 0; i < p.size; i++)
 165         {
 166           if (i != 0 && i % 12 == 0)
 167             fprintf (outfile, "\n\t");
 168           else if (i != 0 && i != p.size)
 169             fprintf (outfile, ":");
 170           fprintf (outfile, "%.2x", p.data[i]);
 171         }
 172
 173       fprintf (outfile, "\n\n");
 174
 175     }
 176
 177   if (!cparams)
 178     {                           /* generate a PKCS#3 structure */
 179
 180       size_t len = buffer_size;
 181
 182       ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
 183                                            buffer, &len);
 184
 185       if (ret == 0)
 186         {
 187           fprintf (outfile, "\n%s", buffer);
 188         }
 189       else
 190         {
 191           fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
 192         }
 193
 194     }
 195
 196   return 0;
 197 }
 198
 199 #endif