From f0dd045bbe42a85e15582d16d271fbceeef16b96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 3 Jul 2015 17:14:06 +0200 Subject: [PATCH] Backport dh_genprime update from 2.0 --- programs/pkey/dh_genprime.c | 77 ++++++++++++++++++++++++------------- 1 file changed, 50 insertions(+), 27 deletions(-) diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index b5f901847..0340f147d 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -33,24 +33,6 @@ #define polarssl_printf printf #endif -#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \ - defined(POLARSSL_FS_IO) && defined(POLARSSL_CTR_DRBG_C) && \ - defined(POLARSSL_GENPRIME) -#include "polarssl/bignum.h" -#include "polarssl/entropy.h" -#include "polarssl/ctr_drbg.h" - -#include -#include -#endif - -/* - * Note: G = 4 is always a quadratic residue mod P, - * so it is a generator of order Q (with P = 2*Q+1). - */ -#define DH_P_SIZE 1024 -#define GENERATOR "4" - #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C) || \ !defined(POLARSSL_GENPRIME) @@ -62,7 +44,28 @@ int main( void ) return( 0 ); } #else -int main( void ) + +#include "polarssl/bignum.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" + +#include +#include + +#define USAGE \ + "\n usage: dh_genprime param=<>...\n" \ + "\n acceprable parameters:\n" \ + " bits=%%d default: 2048\n" + +#define DFL_BITS 2048 + +/* + * Note: G = 4 is always a quadratic residue mod P, + * so it is a generator of order Q (with P = 2*Q+1). + */ +#define GENERATOR "4" + +int main( int argc, char **argv ) { int ret = 1; mpi G, P, Q; @@ -70,23 +73,43 @@ int main( void ) ctr_drbg_context ctr_drbg; const char *pers = "dh_genprime"; FILE *fout; + int nbits = DFL_BITS; + int i; + char *p, *q; mpi_init( &G ); mpi_init( &P ); mpi_init( &Q ); entropy_init( &entropy ); + if( argc == 0 ) + { + usage: + polarssl_printf( USAGE ); + return( 1 ); + } + + for( i = 1; i < argc; i++ ) + { + p = argv[i]; + if( ( q = strchr( p, '=' ) ) == NULL ) + goto usage; + *q++ = '\0'; + + if( strcmp( p, "bits" ) == 0 ) + { + nbits = atoi( q ); + if( nbits < 0 || nbits > POLARSSL_MPI_MAX_BITS ) + goto usage; + } + else + goto usage; + } + if( ( ret = mpi_read_string( &G, 10, GENERATOR ) ) != 0 ) { polarssl_printf( " failed\n ! mpi_read_string returned %d\n", ret ); goto exit; } - polarssl_printf( "\nWARNING: You should not generate and use your own DHM primes\n" ); - polarssl_printf( " unless you are very certain of what you are doing!\n" ); - polarssl_printf( " Failing to follow this instruction may result in\n" ); - polarssl_printf( " weak security for your connections! Use the\n" ); - polarssl_printf( " predefined DHM parameters from dhm.h instead!\n\n" ); - polarssl_printf( "============================================================\n\n" ); - polarssl_printf( " ! Generating large primes may take minutes!\n" ); polarssl_printf( "\n . Seeding the random number generator..." ); @@ -106,7 +129,7 @@ int main( void ) /* * This can take a long time... */ - if( ( ret = mpi_gen_prime( &P, DH_P_SIZE, 1, + if( ( ret = mpi_gen_prime( &P, nbits, 1, ctr_drbg_random, &ctr_drbg ) ) != 0 ) { polarssl_printf( " failed\n ! mpi_gen_prime returned %d\n\n", ret );