[EXTERNAL] RE: DH_compute_key () - replacement in 3.0
Sands, Daniel
dnsands at sandia.gov
Fri Dec 18 06:04:32 UTC 2020
From: Narayana, Sunil Kumar <sanarayana at rbbn.com>
Sent: Thursday, December 17, 2020 8:17 AM
To: Sands, Daniel <dnsands at sandia.gov>; openssl-users at openssl.org
Subject: [EXTERNAL] RE: DH_compute_key () - replacement in 3.0
Hi,
For the equivalent replacement of DH_compute_key in 3.0, we tried to perform the steps suggested in earlier mail below
Our steps are as follows, but we see EVP_PKEY_derive fails to perform. please suggest if any steps are wrong or missing here.
//input - BIGNUM - pubkey, privkey, p ,
//output - sharedsecret
Evp_compute_key(unsigned char* sharedSecret, unsigned int len, BIGNUM *pubkey, BIGNUM *privkey, BIGNUM* dh_p)
{
OSSL_PARAM params[5];
unsigned char* p_str = BN_bn2dec (dh_p);
unsigned char* pub_str = BN_bn2dec (pubkey);
unsigned char* priv_str = BN_bn2dec (privkey);
params[0] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, p_str, strlen(p_str));
params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_G, &g);
params[2] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PUB_KEY, pub_str, strlen(pub_str));
params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PRIV_KEY, priv_str, strlen(priv_str));
params[4] = OSSL_PARAM_construct_end();
gctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
EVP_PKEY_derive_init(gctx)
EVP_PKEY_CTX_set_params(gctx, params)
/* Determine buffer length */
EVP_PKEY_derive(gctx, NULL, &skeylen)
EVP_PKEY_derive(gctx, sharedSecret, &skeylen)
}
Note - EVP_PKEY_derive -- call fails what is wrong in the steps can you please g
To derive a shared secret, you also need your peer’s public key. It will also be presented as an EVP_PKEY structure.
________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201218/2d22d6e7/attachment.html>
More information about the openssl-users
mailing list