DH_compute_key () - replacement in 3.0
Sands, Daniel
dnsands at sandia.gov
Mon Dec 14 23:45:43 UTC 2020
to exactly replace this we are generating “pubparam_key/priparam_key” using bn_publicKey/dh->priv_key as below
OSSL_PARAM_BLD *pubparamsbld = NULL, priparamsbld = NULL;
OSSL_PARAM *pubparams = NULL, priparams = NULL;
EVP_PKEY *pubparam_key = NULL, *priparam_key = NULL;
EVP_PKEY_CTX *pubctx = NULL, *prictx = NULL;
pubparamsbld = OSSL_PARAM_BLD_new()
priparamsbld = OSSL_PARAM_BLD_new()
OSSL_PARAM_BLD_push_BN(pubparamsbld, OSSL_PKEY_PARAM_PUB_KEY, bn_publicKey)
OSSL_PARAM_BLD_push_BN(priparamsbld, OSSL_PKEY_PARAM_PRIV_KEY,bn_privateKey)
//build context
pubctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
prictx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
EVP_PKEY_key_fromdata_init(pubctx)
EVP_PKEY_key_fromdata_init(prictx)
pubparams = OSSL_PARAM_BLD_to_param(pubparamsbld);
EVP_PKEY_fromdata(pubctx, &pubparam_key, pubparams))
priparams = OSSL_PARAM_BLD_to_param(priparamsbld);
EVP_PKEY_fromdata(prictx, &priparam_key, priparams))
From there, we are planning to use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret
Didn’t you generate the private keys using the EVP_PKEY_gen as was suggested to your previous email inquiry? If so, you shouldn’t have to rebuild it in such a way, since you already have a usable PKEY that has the generated keypair. If you created a private keypair called privkey, the public key data can be sent to your peer with i2d_PUBKEY_bio(peer_bio, privkey) and received on the peer’s side with d2i_PUBKEY_bio(peer_bio, &peerkey);
Now you just need to build a new context around your private EVP_PKEY using derive_ctx = EVP_PKEY_CTX_new(privkey, NULL); and then do the EVP_PKEY_derive series of calls.
Your example code does not seem to set the P or G parameters of your keypair, so if you must do it that way, you will need to add them too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201214/d35877b4/attachment.html>
More information about the openssl-users
mailing list