subject:"DH horsepower using InlineC and CryptoAPI"

Re: DH horsepower using InlineC and CryptoAPI

2004-11-01 Thread Sisyphus

mark pryor wrote:
Hello,
Using Perl 5.8 build 807 (UWinnepeg)
Win2k sp4, P4 2.0 Ghz, 512 RAM
I looked around CPAN-Google for a quick perl method of
generating Prime/Generator pairs for use with
Crypt::DH.
Crypt::Primes was OK, but didn't hook into
libgmp-3.dll.
It seems that no one except Sysiphus has worked on
this problem. I looked for his modules for generating
primes, but they weren't there at 
  http://www.kalinabears.com.au/w32perl/math_gmp.html

For primes of the size you're seeking, you could use the nextprime() or 
probable_prime_p() function from the GMP module that ships with the GMP 
source (in the demos/perl folder). I did mention to the author of the 
GMP module that he should put it on cpan, but so far he has declined. 
(Win32 binaries of the GMP module are available at the above url you 
visited. All of the GMP binaries I provide have now been built against a 
static build of the GMP library - so libgmp-3.dll is no longer needed.)

So ... you can use the GMP module to quickly verify/create prime numbers 
but there are a couple of other considerations for which GMP provides no 
immediate assistance.

Firstly, you also need a generator. Or can Crypt::DH quickly provide you 
with a generator for any given prime ?

Secondly, you need good randomness - which is presumably provided by 
Crypt::Primes - though you probably should check that. On *nix, I think 
/dev/random or /dev/urandom gets used, which seems to be acceptable to 
cryptographers, but I don't know how the random values get generated by 
Crypt::Primes on Windows.

Here's an unexpected way to generate DH parameters,
specific to windows:
[snip]
Interesting  and I expect it should be good enough, though do we 
really know what's happening behind the scenes ? Are the random values 
being generated by a cryptographically secure means ? Or are they using 
some poorly designed mechanism that is about to be broken (or already 
has been) ?

Cheers,
Rob
___
Perl-Win32-Users mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

Re: DH horsepower using InlineC and CryptoAPI

2004-11-01 Thread Willem Hengeveld

On Sun, Oct 31, 2004 at 06:52:01PM -0800, mark pryor wrote:
 Hello,
 
 Using Perl 5.8 build 807 (UWinnepeg)
 Win2k sp4, P4 2.0 Ghz, 512 RAM
 
 I looked around CPAN-Google for a quick perl method of
 generating Prime/Generator pairs for use with
 Crypt::DH.

a note about using diffiehellman, there is no need to generate new
primes. it works just fine with fixed published primes.

http://www.faqs.org/rfcs/rfc3526.html

for instance provides primes of various sizes.
these primes are all proven to be primes, and strong primes.


willem

___
Perl-Win32-Users mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

DH horsepower using InlineC and CryptoAPI

2004-10-31 Thread mark pryor

Hello,

Using Perl 5.8 build 807 (UWinnepeg)
Win2k sp4, P4 2.0 Ghz, 512 RAM

I looked around CPAN-Google for a quick perl method of
generating Prime/Generator pairs for use with
Crypt::DH.

Crypt::Primes was OK, but didn't hook into
libgmp-3.dll.
It seems that no one except Sysiphus has worked on
this problem. I looked for his modules for generating
primes, but they weren't there at 
  http://www.kalinabears.com.au/w32perl/math_gmp.html

Here's an unexpected way to generate DH parameters,
specific to windows:

#!/usr/bin/perl -w
#
# Author:  [EMAIL PROTECTED]
# script:   PrimeGen.pl 
# Description: use the CryptoAPI to generate 
#   Diffie Hellman Prime/Gen pairs for Perl
# keywords:  prime cryptoapi crypt diffie
# Date:   10/31/04  

use Inline C = DATA =
   LIBS = '-luser32 -lcrypt32 ';

my $tStart = Win32::GetTickCount();
my $lret;
my ($prime, $gen);

# generate the Prime/Gen pairs at the desired modulus
length
for my $i (0 .. 4) {
$lret = main($prime, $gen, 768);
print prime=,unpack( H*, $prime), \n; 
print gen  =,unpack( H*, $gen), \n\n;
}

# /*  Win32 only way to get the elapsed time */  
print elapsed=, (Win32::GetTickCount() - $tStart) /
1000,  seconds\n;
#
__END__
__C__
/* test  */
#define _WIN32_WINNT 0x0500
#include stdio.h
#include windows.h
#include wincrypt.h
#define MY_ENCODING_TYPE  (PKCS_7_ASN_ENCODING |
X509_ASN_ENCODING) 

int main( SV* prime, SV* gen, int modulen)
{ 
 
 /* cryptoapi defs   */ 
 HCRYPTPROV prov1; 
 HCRYPTKEY hKey1; 
 CRYPT_DATA_BLOB  blob;

/* standard C defs  */ 
 BYTE  DataPom[1024];  
 unsigned long Velikost2 = 1024,Velikost = 12;
 DWORD dwNJ=0;  

/* delete the container if there  */
CryptAcquireContext(prov1, PrimeGen, 
MS_ENH_DSS_DH_PROV, PROV_DSS_DH, 
CRYPT_DELETEKEYSET);

/*  get context using no private keys */
 if (!CryptAcquireContext(prov1, PrimeGen, 
MS_ENH_DSS_DH_PROV, PROV_DSS_DH,
CRYPT_VERIFYCONTEXT))
 {
 //printf(container is not defined \n);
 printf(\n);
  if (!CryptAcquireContext(prov1, PrimeGen, 
MS_ENH_DSS_DH_PROV, PROV_DSS_DH, 
CRYPT_NEWKEYSET))
  {
   printf(Error 1: %x(%d)\n, GetLastError(),
GetLastError()); 
   exit(1);
  }
  else
  { 
/* generate the epemeral key pair and DH parameters
 */
  //printf(trying to generate new key \n);
if (!CryptGenKey(prov1, CALG_DH_EPHEM, 
( modulen  16 )  , hKey1))
 {
  printf(Error 3: %x(%d)\n, GetLastError(),
GetLastError());
 }
  }
 }

Velikost2 = 0; 

/*  get a pointer to the Gen length */
if (!CryptGetKeyParam(hKey1, KP_G, 0,  Velikost2, 0))
{
printf(Error 9: %x(%d)\n, GetLastError(),
GetLastError());
}
 //printf(BufSize=%d \n, Velikost2); 
 
/*  zero out the buffer */ 
for (dwNJ=0;dwNJVelikost2;dwNJ++){
 (BYTE) DataPom[dwNJ] = 0x0;
}

/*  now get the Gen value into DataPom */
 if (!CryptGetKeyParam(hKey1, KP_G, DataPom,
Velikost2, 0))
 {
  printf(Error 9: %x(%d)\n, GetLastError(),
GetLastError());
 }
 
 /* what voodoo! put the byte pointer into our perl
scalar value  */   
 sv_setpvn( gen,  DataPom, Velikost2);

/*  same as above except for the prime */
Velikost2 = 0;
if (!CryptGetKeyParam(hKey1, KP_P, 0, Velikost2, 0))
 {
  printf(Error 11: %x(%d)\n, GetLastError(),
GetLastError());
 }

 if (!CryptGetKeyParam(hKey1, KP_P, DataPom,
Velikost2, 0))
 {
  printf(Error 11: %x(%d)\n, GetLastError(),
GetLastError());
 }  
 
 /*use for debugging
 printf(Prime=);
 for (dwNJ=0;dwNJVelikost2;dwNJ++){
printf( %02x, (BYTE) DataPom[dwNJ]);
}
 printf(\n); 
 */
 
 sv_setpvn( prime,  DataPom, Velikost2);

 //free(DataPom);
if (CryptDestroyKey(hKey1))
{
// it worked
} 
 
 if (!CryptReleaseContext(prov1, 0))
  printf(Error 2: %x(%d)\n, GetLastError(),
GetLastError());

 return dwNJ;
}

512, 768 - takes less than 1 sec a piece
1024 - less than 4 sec each
1536 -  less than 6 sec each 

Maybe there is a better way.
regards,
tlviewer
Long Beach, CA






__
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 
___
Perl-Win32-Users mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

Re: DH horsepower using InlineC and CryptoAPI

Re: DH horsepower using InlineC and CryptoAPI

DH horsepower using InlineC and CryptoAPI

3 matches

Site Navigation

Mail list logo

Footer information