├── .gitignore ├── README.md ├── c ├── c_array_to_hexstring.sh └── search_for_array.sh ├── socat_dh1024_p ├── socat_dh2048_p ├── test_DHparams └── test_DHparams.go /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Test Diffie-Hellman Parameters 2 | 3 | In need of testing a Diffie-Hellman implementation? Not sure the parameters are correct? 4 | 5 | ![test diffie hellman parameters](https://www.cryptologie.net/upload/Screen_Shot_2016-02-22_at_10.28_.42_PM_.png) 6 | 7 | ## This test will check for 8 | 9 | * decent bitsize of the modulus (>=2048bits) 10 | 11 | * safe primes (modulus has to be of the form `2q + 1` with `q` prime) 12 | 13 | ## How to run it? 14 | 15 | ### Using OSX? 16 | 17 | If you are on OSX you can use directly `test_DHparams`: 18 | 19 | * `cat socat_dh1024_p | ./test_DHparams` 20 | 21 | ### Else? 22 | 23 | 1. get [golang](https://golang.org/) 24 | 25 | 2. get dependencies: 26 | 27 | * `go get github.com/fatih/color` 28 | 29 | 3. examples: 30 | 31 | * `echo "52104230423" | go run ./test_DHparams.go` 32 | 33 | * `cat socat_dh1024_p | go run ./test_DHparams.go` 34 | 35 | ## My input is not a hexstring nor a int 36 | 37 | ### C array 38 | 39 | In this case, example the socat one: 40 | 41 | ```c 42 | static unsigned char dh1024_p[] = { 43 | 0xCC,0x17,0xF2,0xDC,0x96,0xDF,0x59,0xA4,0x46,0xC5,0x3E,0x0E, 44 | 0xB8,0x26,0x55,0x0C,0xE3,0x88,0xC1,0xCE,0xA7,0xBC,0xB3,0xBF, 45 | 0x16,0x94,0xD8,0xA9,0x45,0xA2,0xCE,0xA9,0x5B,0x22,0x25,0x5F, 46 | 0x92,0x59,0x94,0x1C,0x22,0xBF,0xCB,0xC8,0xC8,0x57,0xCB,0xBF, 47 | 0xBC,0x0E,0xE8,0x40,0xF9,0x87,0x03,0xBF,0x60,0x9B,0x08,0xC6, 48 | 0x8E,0x99,0xC6,0x05,0xFC,0x00,0xD6,0x6D,0x90,0xA8,0xF5,0xF8, 49 | 0xD3,0x8D,0x43,0xC8,0x8F,0x7A,0xBD,0xBB,0x28,0xAC,0x04,0x69, 50 | 0x4A,0x0B,0x86,0x73,0x37,0xF0,0x6D,0x4F,0x04,0xF6,0xF5,0xAF, 51 | 0xBF,0xAB,0x8E,0xCE,0x75,0x53,0x4D,0x7F,0x7D,0x17,0x78,0x0E, 52 | 0x12,0x46,0x4A,0xAF,0x95,0x99,0xEF,0xBC,0xA6,0xC5,0x41,0x77, 53 | 0x43,0x7A,0xB9,0xEC,0x8E,0x07,0x3C,0x6D 54 | ``` 55 | 56 | just use the script `c/search_for_array.sh file` to get a clean input, then pipe it to `c/c_array_to_hexstring.sh` to get a hexstring that you can pipe to `test_DHparams` 57 | -------------------------------------------------------------------------------- /c/c_array_to_hexstring.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # use as "./search_for_array.sh your_file 3 | sed $* -e 's/0x//g' -e 's/,//g' | xargs echo -n | sed 's/ //g' 4 | -------------------------------------------------------------------------------- /c/search_for_array.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # use as "./search_for_array.sh your_file 3 | grep -E "(0x[a-zA-Z0-9]{1,2},{0,1}){2,}" $* 4 | -------------------------------------------------------------------------------- /socat_dh1024_p: -------------------------------------------------------------------------------- 1 | 143319364394905942617148968085785991039146683740268996579566827015580969124702493833109074343879894586653465192222251909074832038151585448034731101690454685781999248641772509287801359980318348021809541131200479989220793925941518568143721972993251823166164933334796625008174851430377966394594186901123322297453 -------------------------------------------------------------------------------- /socat_dh2048_p: -------------------------------------------------------------------------------- 1 | 27788893276069724796504555675597658900595616769773727063231875314156885361379100133264804184710789407128574011804155595735704837674243828066040543912171576627544718762752948158991754559261759162739343094515270757451837630913502740443023902769553802723685440839891240497710460941757089246131322686180648463540974702859210630184042730717698427486397505787974799692901205514386555272667298045803284972074823213104807295638814082142694729938965663710648170010420323923305528998108799706139846097432481556448740855888110797022123731105964852194684036975049177742094726795060211226322344210328442014189175085444396370522979 -------------------------------------------------------------------------------- /test_DHparams: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mimoo/test_DHparams/0476b9d8196b1bf7716e4b13b873d0544b37e2b9/test_DHparams -------------------------------------------------------------------------------- /test_DHparams.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import( 4 | "fmt" 5 | "math/big" 6 | "regexp" 7 | "encoding/hex" 8 | "os" 9 | "github.com/fatih/color" 10 | ) 11 | 12 | func test_bitLength(modulus_int *big.Int) (int) { 13 | return modulus_int.BitLen() 14 | } 15 | 16 | func test_safePrime(modulus_int *big.Int) (bool) { 17 | // q2 = p - 1 18 | b1 := new(big.Int) 19 | fmt.Sscan("1", b1) 20 | 21 | var q2 = new(big.Int) 22 | 23 | q2.Sub(modulus_int, b1) 24 | 25 | //fmt.Println("p-1", q2.String()) 26 | 27 | // q2 % b2 == 0? 28 | b2 := new(big.Int) 29 | fmt.Sscan("2", b2) 30 | b0 := new(big.Int) 31 | fmt.Sscan("0", b0) 32 | mod := new(big.Int) 33 | 34 | if b0.Cmp(mod.Mod(q2, b2)) != 0 { 35 | return false 36 | } 37 | 38 | // q2 / 2 prime? 39 | q2.Div(q2, b2) 40 | 41 | if q2.ProbablyPrime(500) { 42 | return true 43 | } else { 44 | return false 45 | } 46 | 47 | } 48 | 49 | func main(){ 50 | // something to read in stdin? 51 | stat, _ := os.Stdin.Stat() 52 | if (stat.Mode() & os.ModeCharDevice) != 0 { 53 | fmt.Println("You need to pass a DH modulus in stdin") 54 | return 55 | } 56 | 57 | // read input 58 | var modulus_str string 59 | _, err := fmt.Scan(&modulus_str) 60 | if err != nil { 61 | fmt.Println("You need to pass a DH modulus in hex/int format in stdin") 62 | return 63 | } 64 | 65 | // convert int|hex -> big 66 | var modulus_int = new(big.Int) 67 | 68 | var int_regex = regexp.MustCompile(`^[0-9]+$`) 69 | var hex_regex = regexp.MustCompile(`^[a-zA-Z0-9]+$`) 70 | 71 | if int_regex.MatchString(modulus_str) { 72 | // int -> big 73 | _, err = fmt.Sscan(modulus_str, modulus_int) 74 | } else if hex_regex.MatchString(modulus_str) { 75 | // hex -> big 76 | input_bytes, err := hex.DecodeString(modulus_str) 77 | if err != nil { 78 | fmt.Println("Hexstring can't be parsed") 79 | return 80 | } 81 | modulus_int.SetBytes(input_bytes) 82 | } else { 83 | // ? 84 | fmt.Println("input number should be either decimal or hexstring") 85 | return 86 | } 87 | 88 | // test for error 89 | if err != nil { 90 | fmt.Println("Couldn't understand the input number") 91 | return 92 | } 93 | 94 | // 95 | fmt.Println("Taken input:", modulus_int.String()) 96 | 97 | // test for Bitlength 98 | if bitlen := test_bitLength(modulus_int); bitlen >= 2048 { 99 | color.Green("Good modulus bitlength!") 100 | fmt.Println("(Modulus is", bitlen, "bits)") 101 | } else { 102 | color.Red("Bad modulus bitlength! Should be at least 2048 bits") 103 | fmt.Println("(Modulus is", bitlen, "bits)") 104 | } 105 | 106 | // test for safe prime 107 | if test_safePrime(modulus_int) { 108 | color.Green("The modulus is a safe prime!") 109 | } else { 110 | color.Red("The modulus is NOT a safe prime!") 111 | } 112 | 113 | } 114 | --------------------------------------------------------------------------------