#include <stdio.h>
#include "cryptlib.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
-/* Check that p is a strong prime and
+/* Check that p is a safe prime and
* if g is 2, 3 or 5, check that is is a suitable generator
* where
* for 2, p mod 24 == 11
* should hold.
*/
-int DH_check(DH *dh, int *ret)
+int DH_check(const DH *dh, int *ret)
{
int ok=0;
BN_CTX *ctx=NULL;
l=BN_mod_word(dh->p,24);
if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
}
-/* else if (BN_is_word(dh->g,DH_GENERATOR_3))
+#if 0
+ else if (BN_is_word(dh->g,DH_GENERATOR_3))
{
l=BN_mod_word(dh->p,12);
if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
- }*/
+ }
+#endif
else if (BN_is_word(dh->g,DH_GENERATOR_5))
{
l=BN_mod_word(dh->p,10);
else
*ret|=DH_UNABLE_TO_CHECK_GENERATOR;
- if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
+ if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
*ret|=DH_CHECK_P_NOT_PRIME;
else
{
if (!BN_rshift1(q,dh->p)) goto err;
- if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
- *ret|=DH_CHECK_P_NOT_STRONG_PRIME;
+ if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
+ *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
}
ok=1;
err:
if (q != NULL) BN_free(q);
return(ok);
}
+
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+ {
+ int ok=0;
+ BIGNUM *q=NULL;
+
+ *ret=0;
+ q=BN_new();
+ if (q == NULL) goto err;
+ BN_set_word(q,1);
+ if (BN_cmp(pub_key,q)<=0)
+ *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
+ BN_copy(q,dh->p);
+ BN_sub_word(q,1);
+ if (BN_cmp(pub_key,q)>=0)
+ *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+
+ ok = 1;
+err:
+ if (q != NULL) BN_free(q);
+ return(ok);
+ }