[gnome-keyring/dbus-api] [egg] Build in default DH parameters.

[Stefan Walter <stefw src gnome org>]

commit ffdafbcc51dd7b7d94bd7c82c1dc75af0ff3593b
Author: Stef Walter <stef memberwebs com>
Date:   Sun Oct 11 21:38:15 2009 +0000

    [egg] Build in default DH parameters.
    
    Since generating DH parameters is costly, we build in default
    parameters which can be loaded quickly.

 egg/egg-dh.c             |   23 +++++++++++++++++++++++
 egg/egg-dh.h             |    8 +++++---
 egg/tests/unit-test-dh.c |   23 +++++++++++++++++++++++
 3 files changed, 51 insertions(+), 3 deletions(-)
---
diff --git a/egg/egg-dh.c b/egg/egg-dh.c
index bc14f36..ba917b4 100644
--- a/egg/egg-dh.c
+++ b/egg/egg-dh.c
@@ -25,6 +25,29 @@
 #include "egg-dh.h"
 #include "egg-openssl.h"
 
+/* Generated with openssl dhparam, same as contents of dh-params.pem */
+#define DEFAULT_PRIME "00E9991CBC77057BEB3E8165025E8338722BDB00297A910EA441129EA84ED091AF9DA55681A192E7E7C283FF6FA9EC5A81E03A8C0999F66B19DF80BE867D0A79B1DB3E42AE7EC1FCA057889F3ED666E86C3C248AA47C8E699997183C7A8093242C0D741CE5D4E1BA99CB5ACE895C53B92D9B9FE6B0D8203B5A8286567B8E9C2A33"
+#define DEFAULT_BASE  "02"
+#define DEFAULT_BITS  1024
+
+gboolean
+egg_dh_default_params (gcry_mpi_t *prime, gcry_mpi_t *base)
+{
+	gcry_error_t gcry;
+
+	g_return_val_if_fail (prime, FALSE);
+	g_return_val_if_fail (base, FALSE);
+
+	gcry = gcry_mpi_scan (prime, GCRYMPI_FMT_HEX, DEFAULT_PRIME, 0, NULL);
+	g_return_val_if_fail (gcry == 0, FALSE);
+	g_return_val_if_fail (gcry_mpi_get_nbits (*prime) == DEFAULT_BITS, FALSE);
+
+	gcry = gcry_mpi_scan (base, GCRYMPI_FMT_HEX, DEFAULT_BASE, 0, NULL);
+	g_return_val_if_fail (gcry == 0, FALSE);
+
+	return TRUE;
+}
+
 gboolean
 egg_dh_gen_secret (gcry_mpi_t p, gcry_mpi_t g,
                    gcry_mpi_t *X, gcry_mpi_t *x)
diff --git a/egg/egg-dh.h b/egg/egg-dh.h
index aa92808..fd09bbc 100644
--- a/egg/egg-dh.h
+++ b/egg/egg-dh.h
@@ -26,10 +26,12 @@
 
 #include <gcrypt.h>
 
-gboolean   egg_dh_gen_secret    (gcry_mpi_t p, gcry_mpi_t g, gcry_mpi_t *X, gcry_mpi_t *x);
+gboolean   egg_dh_default_params   (gcry_mpi_t *prime, gcry_mpi_t *base);
 
-gboolean   egg_dh_gen_key       (gcry_mpi_t Y, gcry_mpi_t x, gcry_mpi_t p, gcry_mpi_t *k);
+gboolean   egg_dh_gen_secret       (gcry_mpi_t p, gcry_mpi_t g, gcry_mpi_t *X, gcry_mpi_t *x);
 
-gboolean   egg_dh_parse_pkcs3   (const guchar *data, gsize n_data, gcry_mpi_t *p, gcry_mpi_t *g);
+gboolean   egg_dh_gen_key          (gcry_mpi_t Y, gcry_mpi_t x, gcry_mpi_t p, gcry_mpi_t *k);
+
+gboolean   egg_dh_parse_pkcs3      (const guchar *data, gsize n_data, gcry_mpi_t *p, gcry_mpi_t *g);
 
 #endif /* EGG_DH_H_ */
diff --git a/egg/tests/unit-test-dh.c b/egg/tests/unit-test-dh.c
index a190da3..e400cbc 100644
--- a/egg/tests/unit-test-dh.c
+++ b/egg/tests/unit-test-dh.c
@@ -43,6 +43,15 @@ DEFINE_TEST(dh_parse_pkcs3)
 	g_assert (ret == TRUE);
 	g_assert (gcry_mpi_get_nbits (p) == 1024);
 
+#if 0
+	guchar *output;
+	gsize n_written;
+	gcry_mpi_aprint (GCRYMPI_FMT_HEX, &output, &n_written, p);
+	g_printerr ("\nprime: %s\n", output);
+	gcry_mpi_aprint (GCRYMPI_FMT_HEX, &output, &n_written, g);
+	g_printerr ("\nbase: %s\n", output);
+#endif
+
 	gcry_mpi_release (p);
 	gcry_mpi_release (g);
 	g_free (data);
@@ -87,3 +96,17 @@ DEFINE_TEST(dh_perform)
 	gcry_mpi_release (X2);
 	gcry_mpi_release (k2);
 }
+
+DEFINE_TEST(dh_defaults)
+{
+	gboolean ret;
+	gcry_mpi_t p, g;
+
+	ret = egg_dh_default_params (&p, &g);
+	g_assert (ret);
+	g_assert_cmpint (gcry_mpi_get_nbits (p), ==, 1024);
+	g_assert_cmpint (gcry_mpi_get_nbits (g), <, gcry_mpi_get_nbits (p));
+
+	gcry_mpi_release (p);
+	gcry_mpi_release (g);
+}