DH_compute_key () - replacement in 3.0

Sands, Daniel dnsands at sandia.gov
Mon Dec 14 23:45:43 UTC 2020


to exactly replace this we are generating “pubparam_key/priparam_key”  using   bn_publicKey/dh->priv_key  as below

OSSL_PARAM_BLD *pubparamsbld = NULL, priparamsbld = NULL;
OSSL_PARAM *pubparams = NULL, priparams = NULL;
EVP_PKEY *pubparam_key = NULL, *priparam_key = NULL;
EVP_PKEY_CTX *pubctx = NULL, *prictx = NULL;


pubparamsbld = OSSL_PARAM_BLD_new()
priparamsbld = OSSL_PARAM_BLD_new()

OSSL_PARAM_BLD_push_BN(pubparamsbld, OSSL_PKEY_PARAM_PUB_KEY, bn_publicKey)
OSSL_PARAM_BLD_push_BN(priparamsbld, OSSL_PKEY_PARAM_PRIV_KEY,bn_privateKey)

//build context
pubctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
prictx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);

EVP_PKEY_key_fromdata_init(pubctx)
EVP_PKEY_key_fromdata_init(prictx)

pubparams = OSSL_PARAM_BLD_to_param(pubparamsbld);
EVP_PKEY_fromdata(pubctx, &pubparam_key, pubparams))

priparams = OSSL_PARAM_BLD_to_param(priparamsbld);
EVP_PKEY_fromdata(prictx, &priparam_key, priparams))

From there, we are planning to use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret




Didn’t you generate the private keys using the EVP_PKEY_gen as was suggested to your previous email inquiry?  If so, you shouldn’t have to rebuild it in such a way, since you already have a usable PKEY that has the generated keypair.  If you created a private keypair called privkey, the public key data can be sent to your peer with i2d_PUBKEY_bio(peer_bio, privkey) and received on the peer’s side with d2i_PUBKEY_bio(peer_bio, &peerkey);

Now you just need to build a new context around your private EVP_PKEY using derive_ctx = EVP_PKEY_CTX_new(privkey, NULL); and then do the EVP_PKEY_derive series of calls.

Your example code does not seem to set the P or G parameters of your keypair, so if you must do it that way, you will need to add them too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201214/d35877b4/attachment.html>


More information about the openssl-users mailing list