[openssl-users] help on des_cblock
Jason Qian
jqian at tibco.com
Fri Mar 18 20:19:14 UTC 2016
I am new on openSSl and run into a issue need some help.
In our application, the client and server perform a Diffie Hellman Key
exchange and then encrypt the data The client is written in C++(using
openSSL), and server is in java.
Most of time, it is running correctly, but occasionally the server(java)
throw a "Given final block not properly padded" exception.
I added more log on the both side. When the exception happen, the keys are
offset by one(for the working case, they are the same)
Server -- java get from getEncoded()
DES Key size (8) (1,-83,-113,-74,-77,109,84,88)
Client -- openSSL get from des_cblock struct
DES Key size (8) (-83,-113,-74,-77,109,84,88,8)
Thanks
Jason
Here is the C++ code
void DiffieHellmanCipher::init(const std::string &Y){
if (Y.length() == 0) {
return;
}
if (m_DH == NULL) {
return;
}
// convert the Y to BIGNUM
BIGNUM *bnY = NULL;
// Memory for bnY is allocated in BN_dec2bn call.
if (!BN_dec2bn(&bnY, Y.c_str())) {
if (bnY)
BN_free(bnY);
printf("Could not convert Diffie-Hellman Y value to BIGNUM");
}
// compute the secret key
int dhSize = DH_size(m_DH);
unsigned char *secretKey = (unsigned char*) new char[dhSize + 1];
int secretKeyLen = DH_compute_key(secretKey, bnY, m_DH);
BN_free(bnY);
if (secretKeyLen < 8) {
delete [] secretKey;
printf("Error computing secret key: key length is too short");
}
// convert from raw form to odd parity DES key
des_cblock desKey;
memcpy(desKey, secretKey, 8);
delete [] secretKey;
DES_set_odd_parity(&desKey);
//just print out des_cblock
secretKeyString="(";
char ch[10]="\0";
for(int i=0;i<8;i++){
sprintf(ch,"%d",(char)desKey[i]);
secretKeyString+=ch;
if(i != 7){
secretKeyString+=",";
}
}
secretKeyString+=")";
int skRet;
if ((skRet = DES_set_key(&desKey, &m_DESKey)) != 0) {
delete [] secretKey;
printf("Error computing secret key: generated key is weak");
}
m_bInited = true;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160318/7df334f6/attachment.html>
More information about the openssl-users
mailing list