21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

This function has the following arguments:<br />

ret<br />

An allocated BIGNUM object, which will also be returned on success. If it is specified<br />

as NULL, a new BIGNUM object will be dynamically allocated and returned<br />

instead. The prime number that is generated will be stored in this object.<br />

num<br />

Number of bits that should be in the generated prime number.<br />

safe<br />

Boolean value that indicates whether a safe prime should be generated. A safe<br />

prime is a prime number for which the prime minus 1 divided by 2 is also a<br />

prime number. For Diffie-Hellman key exchange, a safe prime is required; otherwise,<br />

it usually isn’t necessary.<br />

add<br />

If this argument is specified as non-NULL, the remainder must be the value of the<br />

rem argument when the generated prime number is divided by this number. The<br />

use of this argument is important for Diffie-Hellman key exchange.<br />

rem<br />

If the add argument is specified as non-NULL, this value should be the remainder<br />

when the generated prime number is divided by the value of the add argument. If<br />

this argument is specified as NULL, a value of 1 is used.<br />

callback<br />

Pointer to a callback function to be called during prime generation to report<br />

progress. It may be specified as NULL, in which case no progress information is<br />

reported.<br />

cb_arg<br />

If a callback function to monitor progress is specified, this argument is passed<br />

directly to the callback function.<br />

Note that, depending on your hardware, it can take several seconds to generate a<br />

prime number, even if you have sufficient entropy available. The callback functionality<br />

allows you to monitor the progress of prime generation. Unfortunately, there’s no<br />

way to determine how much time finding a prime will actually take, so it’s not feasible<br />

to use this callback to implement a progress meter. We do not discuss the callback<br />

mechanism any further in this book. However, callbacks are discussed in the<br />

book Network Security with OpenSSL by John Viega, Matt Messier, and Pravir Chandra<br />

(O’Reilly & Associates) as well as in the online OpenSSL documentation.<br />

It’s much simpler to get a BIGNUM object with a random value:<br />

int BN_rand_range(BIGNUM *result, BIGNUM *range);<br />

This function requires you to pass in a pointer to an initialized BIGNUM object that<br />

receives the random value. The possible values for the random number are zero<br />

through one less than the specified range.<br />

318 | Chapter 7: Public Key Cryptography<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!