DH_generate_parameters 3 2003-07-24 0.9.9-dev OpenSSL

NAME

DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters

LIBRARY

libcrypto, -lcrypto

SYNOPSIS


 #include 


 DH *DH_generate_parameters(int prime_len, int generator,
     void (*callback)(int, int, void *), void *cb_arg);


 int DH_check(DH *dh, int *codes);

DESCRIPTION

_D_H___g_e_n_e_r_a_t_e___p_a_r_a_m_e_t_e_r_s_(_) generates Diffie-Hellman parameters that can be shared among a group of users, and returns them in a newly allocated DDHH structure. The pseudo-random number generator must be seeded prior to calling _D_H___g_e_n_e_r_a_t_e___p_a_r_a_m_e_t_e_r_s_(_).

pprriimmee__lleenn is the length in bits of the safe prime to be generated. ggeenneerraattoorr is a small number > 1, typically 2 or 5.

A callback function may be used to provide feedback about the progress of the key generation. If ccaallllbbaacckk is not NNUULLLL, it will be called as described in _B_N___g_e_n_e_r_a_t_e___p_r_i_m_e(3) while a random prime number is generated, and when a prime has been found, ccaallllbbaacckk((33,, 00,, ccbb__aarrgg)) is called.

_D_H___c_h_e_c_k_(_) validates Diffie-Hellman parameters. It checks that pp is a safe prime, and that gg is a suitable generator. In the case of an error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or DH_NOT_SUITABLE_GENERATOR are set in **ccooddeess. DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be checked, i.e. it does not equal 2 or 5.

RETURN VALUES

_D_H___g_e_n_e_r_a_t_e___p_a_r_a_m_e_t_e_r_s_(_) returns a pointer to the DH structure, or NULL if the parameter generation fails. The error codes can be obtained by _E_R_R___g_e_t___e_r_r_o_r(3).

_D_H___c_h_e_c_k_(_) returns 1 if the check could be performed, 0 otherwise.

NOTES

_D_H___g_e_n_e_r_a_t_e___p_a_r_a_m_e_t_e_r_s_(_) may run for several hours before finding a suitable prime.

The parameters generated by _D_H___g_e_n_e_r_a_t_e___p_a_r_a_m_e_t_e_r_s_(_) are not to be used in signature schemes.

BUGS

If ggeenneerraattoorr is not 2 or 5, ddhh-->>gg=ggeenneerraattoorr is not a usable generator.

SEE ALSO

_o_p_e_n_s_s_l___d_h(3), _E_R_R___g_e_t___e_r_r_o_r(3), _o_p_e_n_s_s_l___r_a_n_d(3), _D_H___f_r_e_e(3)

HISTORY

_D_H___c_h_e_c_k_(_) is available in all versions of SSLeay and OpenSSL. The ccbb__aarrgg argument to _D_H___g_e_n_e_r_a_t_e___p_a_r_a_m_e_t_e_r_s_(_) was added in SSLeay 0.9.0.

In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used instead of DH_CHECK_P_NOT_SAFE_PRIME.