1. 技术文章
  2. What checks should I perform when I create a Diffie Hellman Key agreement keys from fixed p and g values using OpenSSL1.1.0g?

What checks should I perform when I create a Diffie Hellman Key agreement keys from fixed p and g values using OpenSSL1.1.0g?

痞子三分冷 提交于 2019-12-10 11:34:48

问题


Hello I attempt to make a Diffie Hellman Keys using fixes p and g parameters via this piece of code base upon this answer:

#include <openssl/dh.h>
#include <openssl/bn.h>

int generateKeys(DH *encryptionInfo) {
 int codes;
 BIGNUM *two = BN_new(), *p=NULL;

 puts("Select fixed p and g parameters\n");

 if(two == NULL) {
   return -1;
 };

 if(p=NULL){
    BN_free(two);
    return -1;
 }

 BN_set_word(two,2);
 if( 1 != DH_set0_pqg (encryptionInfo, get_rfc3526_prime_2048(p), NULL, two)) return -1;

//  if(1 != DH_generate_parameters_ex(encryptionInfo, 2048, DH_GENERATOR_2, NULL)) return -1;
 puts("Checking for codes\n");
 if(1 != DH_check(encryptionInfo, &codes)) return -1;
 printf("Codes values %d\n", codes);
 switch(codes){
    case DH_CHECK_P_NOT_PRIME:
      puts("DH_CHECK_P_NOT_PRIME\n");
      break;
    case DH_CHECK_P_NOT_SAFE_PRIME:
      puts("DH_CHECK_P_NOT_SAFE_PRIME\n");
      break;
    case DH_UNABLE_TO_CHECK_GENERATOR:
      puts("DH_UNABLE_TO_CHECK_GENERATOR\n");
      break;
    case DH_NOT_SUITABLE_GENERATOR:
      puts("DH_NOT_SUITABLE_GENERATOR\n");
      break;
    case DH_CHECK_Q_NOT_PRIME:
      puts("DH_CHECK_Q_NOT_PRIME\n");
      break;
    case DH_CHECK_INVALID_Q_VALUE:
      puts("DH_CHECK_INVALID_Q_VALUE\n");
      break;
    case DH_CHECK_INVALID_J_VALUE:
      puts("DH_CHECK_INVALID_J_VALUE\n");
      break;
 }
 if(codes != 0) return -1;
 puts("Generating Keys \n");
 if(1 != DH_generate_key(encryptionInfo)) return -1;

 BN_free(two);
 BN_free(p);
 return 0;
}

But when I try to run this piece of code I get the following error:

Codes values 8

DH_NOT_SUITABLE_GENERATOR

By omitting the DH_check check seems to work: 

#include <openssl/dh.h>
#include <openssl/bn.h>

int generateKeys(DH *encryptionInfo) {
 int codes;
 BIGNUM *two = BN_new(), *p=NULL;

 puts("Select fixed p and g parameters\n");

 if(two == NULL) {
   return -1;
 };

 if(p=NULL){
    BN_free(two);
    return -1;
 }

 BN_set_word(two,2);
 if( 1 != DH_set0_pqg (encryptionInfo, get_rfc3526_prime_2048(p), NULL, two)) return -1;

//  if(1 != DH_generate_parameters_ex(encryptionInfo, 2048, DH_GENERATOR_2, NULL)) return -1;
 puts("Checking for codes\n");
 puts("Generating Keys \n");
 if(1 != DH_generate_key(encryptionInfo)) return -1;

 BN_free(two);
 BN_free(p);
 return 0;
}

But I am not sure whether I should do that, what is the recommended way in my case? What checks are required in my case?

来源:https://stackoverflow.com/questions/54559829/what-checks-should-i-perform-when-i-create-a-diffie-hellman-key-agreement-keys-f

标签
c
OpenSSL
diffie-hellman
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!