您好,我尝试通过基于answer的这段代码,使用修订p和g参数制作Diffie Hellman键:
#include <openssl/dh.h>
#include <openssl/bn.h>
int generateKeys(DH *encryptionInfo) {
int codes;
BIGNUM *two = BN_new(), *p=NULL;
puts("Select fixed p and g parameters\n");
if(two == NULL) {
return -1;
};
if(p=NULL){
BN_free(two);
return -1;
}
BN_set_word(two,2);
if( 1 != DH_set0_pqg (encryptionInfo, get_rfc3526_prime_2048(p), NULL, two)) return -1;
// if(1 != DH_generate_parameters_ex(encryptionInfo, 2048, DH_GENERATOR_2, NULL)) return -1;
puts("Checking for codes\n");
if(1 != DH_check(encryptionInfo, &codes)) return -1;
printf("Codes values %d\n", codes);
switch(codes){
case DH_CHECK_P_NOT_PRIME:
puts("DH_CHECK_P_NOT_PRIME\n");
break;
case DH_CHECK_P_NOT_SAFE_PRIME:
puts("DH_CHECK_P_NOT_SAFE_PRIME\n");
break;
case DH_UNABLE_TO_CHECK_GENERATOR:
puts("DH_UNABLE_TO_CHECK_GENERATOR\n");
break;
case DH_NOT_SUITABLE_GENERATOR:
puts("DH_NOT_SUITABLE_GENERATOR\n");
break;
case DH_CHECK_Q_NOT_PRIME:
puts("DH_CHECK_Q_NOT_PRIME\n");
break;
case DH_CHECK_INVALID_Q_VALUE:
puts("DH_CHECK_INVALID_Q_VALUE\n");
break;
case DH_CHECK_INVALID_J_VALUE:
puts("DH_CHECK_INVALID_J_VALUE\n");
break;
}
if(codes != 0) return -1;
puts("Generating Keys \n");
if(1 != DH_generate_key(encryptionInfo)) return -1;
BN_free(two);
BN_free(p);
return 0;
}
但是当我尝试运行这段代码时,出现以下错误:
代码值8
DH_NOT_SUITABLE_GENERATOR
通过省略DH_check检查似乎可以:
#include <openssl/dh.h>
#include <openssl/bn.h>
int generateKeys(DH *encryptionInfo) {
int codes;
BIGNUM *two = BN_new(), *p=NULL;
puts("Select fixed p and g parameters\n");
if(two == NULL) {
return -1;
};
if(p=NULL){
BN_free(two);
return -1;
}
BN_set_word(two,2);
if( 1 != DH_set0_pqg (encryptionInfo, get_rfc3526_prime_2048(p), NULL, two)) return -1;
// if(1 != DH_generate_parameters_ex(encryptionInfo, 2048, DH_GENERATOR_2, NULL)) return -1;
puts("Checking for codes\n");
puts("Generating Keys \n");
if(1 != DH_generate_key(encryptionInfo)) return -1;
BN_free(two);
BN_free(p);
return 0;
}
但是我不确定是否应该这样做,在我的情况下推荐的方法是什么?我需要做哪些检查?