Update dh_genprime program
- default size 2048 bits
- make size a command-line argument
- remove warning about using own params
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 6169e91..9021572 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -33,24 +33,6 @@
#define mbedtls_printf printf
#endif
-#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \
- defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \
- defined(MBEDTLS_GENPRIME)
-#include "mbedtls/bignum.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-/*
- * Note: G = 4 is always a quadratic residue mod P,
- * so it is a generator of order Q (with P = 2*Q+1).
- */
-#define DH_P_SIZE 1024
-#define GENERATOR "4"
-
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_GENPRIME)
@@ -62,7 +44,28 @@
return( 0 );
}
#else
-int main( void )
+
+#include "mbedtls/bignum.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#define USAGE \
+ "\n usage: dh_genprime param=<>...\n" \
+ "\n acceprable parameters:\n" \
+ " bits=%%d default: 2048\n"
+
+#define DFL_BITS 2048
+
+/*
+ * Note: G = 4 is always a quadratic residue mod P,
+ * so it is a generator of order Q (with P = 2*Q+1).
+ */
+#define GENERATOR "4"
+
+int main( int argc, char **argv )
{
int ret = 1;
mbedtls_mpi G, P, Q;
@@ -70,24 +73,44 @@
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "dh_genprime";
FILE *fout;
+ int nbits = DFL_BITS;
+ int i;
+ char *p, *q;
mbedtls_mpi_init( &G ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
+ if( argc == 0 )
+ {
+ usage:
+ mbedtls_printf( USAGE );
+ return( 1 );
+ }
+
+ for( i = 1; i < argc; i++ )
+ {
+ p = argv[i];
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ goto usage;
+ *q++ = '\0';
+
+ if( strcmp( p, "bits" ) == 0 )
+ {
+ nbits = atoi( q );
+ if( nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS )
+ goto usage;
+ }
+ else
+ goto usage;
+ }
+
if( ( ret = mbedtls_mpi_read_string( &G, 10, GENERATOR ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_string returned %d\n", ret );
goto exit;
}
- mbedtls_printf( "\nWARNING: You should not generate and use your own DHM primes\n" );
- mbedtls_printf( " unless you are very certain of what you are doing!\n" );
- mbedtls_printf( " Failing to follow this instruction may result in\n" );
- mbedtls_printf( " weak security for your connections! Use the\n" );
- mbedtls_printf( " predefined DHM parameters from dhm.h instead!\n\n" );
- mbedtls_printf( "============================================================\n\n" );
-
mbedtls_printf( " ! Generating large primes may take minutes!\n" );
mbedtls_printf( "\n . Seeding the random number generator..." );
@@ -107,7 +130,7 @@
/*
* This can take a long time...
*/
- if( ( ret = mbedtls_mpi_gen_prime( &P, DH_P_SIZE, 1,
+ if( ( ret = mbedtls_mpi_gen_prime( &P, nbits, 1,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret );