summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2009-10-11 21:38:15 +0000
committerStef Walter <stef@memberwebs.com>2009-10-11 21:38:15 +0000
commitffdafbcc51dd7b7d94bd7c82c1dc75af0ff3593b (patch)
tree9f10f42ecb19019a6b4d24702146f7c9bd5d784c
parent7efb2a3d9d07c31087925143975173e97d3ed8bc (diff)
[egg] Build in default DH parameters.
Since generating DH parameters is costly, we build in default parameters which can be loaded quickly.
-rw-r--r--egg/egg-dh.c23
-rw-r--r--egg/egg-dh.h8
-rw-r--r--egg/tests/unit-test-dh.c23
3 files changed, 51 insertions, 3 deletions
diff --git a/egg/egg-dh.c b/egg/egg-dh.c
index bc14f361..ba917b49 100644
--- a/egg/egg-dh.c
+++ b/egg/egg-dh.c
@@ -25,6 +25,29 @@
#include "egg-dh.h"
#include "egg-openssl.h"
+/* Generated with openssl dhparam, same as contents of dh-params.pem */
+#define DEFAULT_PRIME "00E9991CBC77057BEB3E8165025E8338722BDB00297A910EA441129EA84ED091AF9DA55681A192E7E7C283FF6FA9EC5A81E03A8C0999F66B19DF80BE867D0A79B1DB3E42AE7EC1FCA057889F3ED666E86C3C248AA47C8E699997183C7A8093242C0D741CE5D4E1BA99CB5ACE895C53B92D9B9FE6B0D8203B5A8286567B8E9C2A33"
+#define DEFAULT_BASE "02"
+#define DEFAULT_BITS 1024
+
+gboolean
+egg_dh_default_params (gcry_mpi_t *prime, gcry_mpi_t *base)
+{
+ gcry_error_t gcry;
+
+ g_return_val_if_fail (prime, FALSE);
+ g_return_val_if_fail (base, FALSE);
+
+ gcry = gcry_mpi_scan (prime, GCRYMPI_FMT_HEX, DEFAULT_PRIME, 0, NULL);
+ g_return_val_if_fail (gcry == 0, FALSE);
+ g_return_val_if_fail (gcry_mpi_get_nbits (*prime) == DEFAULT_BITS, FALSE);
+
+ gcry = gcry_mpi_scan (base, GCRYMPI_FMT_HEX, DEFAULT_BASE, 0, NULL);
+ g_return_val_if_fail (gcry == 0, FALSE);
+
+ return TRUE;
+}
+
gboolean
egg_dh_gen_secret (gcry_mpi_t p, gcry_mpi_t g,
gcry_mpi_t *X, gcry_mpi_t *x)
diff --git a/egg/egg-dh.h b/egg/egg-dh.h
index aa928081..fd09bbce 100644
--- a/egg/egg-dh.h
+++ b/egg/egg-dh.h
@@ -26,10 +26,12 @@
#include <gcrypt.h>
-gboolean egg_dh_gen_secret (gcry_mpi_t p, gcry_mpi_t g, gcry_mpi_t *X, gcry_mpi_t *x);
+gboolean egg_dh_default_params (gcry_mpi_t *prime, gcry_mpi_t *base);
-gboolean egg_dh_gen_key (gcry_mpi_t Y, gcry_mpi_t x, gcry_mpi_t p, gcry_mpi_t *k);
+gboolean egg_dh_gen_secret (gcry_mpi_t p, gcry_mpi_t g, gcry_mpi_t *X, gcry_mpi_t *x);
-gboolean egg_dh_parse_pkcs3 (const guchar *data, gsize n_data, gcry_mpi_t *p, gcry_mpi_t *g);
+gboolean egg_dh_gen_key (gcry_mpi_t Y, gcry_mpi_t x, gcry_mpi_t p, gcry_mpi_t *k);
+
+gboolean egg_dh_parse_pkcs3 (const guchar *data, gsize n_data, gcry_mpi_t *p, gcry_mpi_t *g);
#endif /* EGG_DH_H_ */
diff --git a/egg/tests/unit-test-dh.c b/egg/tests/unit-test-dh.c
index a190da35..e400cbc2 100644
--- a/egg/tests/unit-test-dh.c
+++ b/egg/tests/unit-test-dh.c
@@ -43,6 +43,15 @@ DEFINE_TEST(dh_parse_pkcs3)
g_assert (ret == TRUE);
g_assert (gcry_mpi_get_nbits (p) == 1024);
+#if 0
+ guchar *output;
+ gsize n_written;
+ gcry_mpi_aprint (GCRYMPI_FMT_HEX, &output, &n_written, p);
+ g_printerr ("\nprime: %s\n", output);
+ gcry_mpi_aprint (GCRYMPI_FMT_HEX, &output, &n_written, g);
+ g_printerr ("\nbase: %s\n", output);
+#endif
+
gcry_mpi_release (p);
gcry_mpi_release (g);
g_free (data);
@@ -87,3 +96,17 @@ DEFINE_TEST(dh_perform)
gcry_mpi_release (X2);
gcry_mpi_release (k2);
}
+
+DEFINE_TEST(dh_defaults)
+{
+ gboolean ret;
+ gcry_mpi_t p, g;
+
+ ret = egg_dh_default_params (&p, &g);
+ g_assert (ret);
+ g_assert_cmpint (gcry_mpi_get_nbits (p), ==, 1024);
+ g_assert_cmpint (gcry_mpi_get_nbits (g), <, gcry_mpi_get_nbits (p));
+
+ gcry_mpi_release (p);
+ gcry_mpi_release (g);
+}