21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

This function has the following arguments:<br />

ret<br />

An allocated BIGNUM object, which will also be returned on success. If it is specified<br />

as NULL, a new BIGNUM object will be dynamically allocated and returned<br />

instead. The prime number that is generated will be stored in this object.<br />

num<br />

Number of bits that should be in the generated prime number.<br />

safe<br />

Boolean value that indicates whether a safe prime should be generated. A safe<br />

prime is a prime number for which the prime minus 1 divided by 2 is also a<br />

prime number. For Diffie-Hellman key exchange, a safe prime is required; otherwise,<br />

it usually isn’t necessary.<br />

add<br />

If this argument is specified as non-NULL, the remainder must be the value of the<br />

rem argument when the generated prime number is divided by this number. The<br />

use of this argument is important for Diffie-Hellman key exchange.<br />

rem<br />

If the add argument is specified as non-NULL, this value should be the remainder<br />

when the generated prime number is divided by the value of the add argument. If<br />

this argument is specified as NULL, a value of 1 is used.<br />

callback<br />

Pointer to a callback function to be called during prime generation to report<br />

progress. It may be specified as NULL, in which case no progress information is<br />

reported.<br />

cb_arg<br />

If a callback function to monitor progress is specified, this argument is passed<br />

directly to the callback function.<br />

Note that, depending on your hardware, it can take several seconds to generate a<br />

prime number, even if you have sufficient entropy available. The callback functionality<br />

allows you to monitor the progress of prime generation. Unfortunately, there’s no<br />

way to determine how much time finding a prime will actually take, so it’s not feasible<br />

to use this callback to implement a progress meter. We do not discuss the callback<br />

mechanism any further in this book. However, callbacks are discussed in the<br />

book Network Security with OpenSSL by John Viega, Matt Messier, and Pravir Chandra<br />

(O’Reilly & Associates) as well as in the online OpenSSL documentation.<br />

It’s much simpler to get a BIGNUM object with a random value:<br />

int BN_rand_range(BIGNUM *result, BIGNUM *range);<br />

This function requires you to pass in a pointer to an initialized BIGNUM object that<br />

receives the random value. The possible values for the random number are zero<br />

through one less than the specified range.<br />

318 | Chapter 7: Public Key Cryptography<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!