[EXTERNAL] RE: DH_compute_key () - replacement in 3.0

[Sands, Daniel]

From: Narayana, Sunil Kumar <sanarayana at rbbn.com>
Sent: Thursday, December 17, 2020 8:17 AM
To: Sands, Daniel <dnsands at sandia.gov>; openssl-users at openssl.org
Subject: [EXTERNAL] RE: DH_compute_key () - replacement in 3.0

Hi,
                For the equivalent replacement of DH_compute_key in 3.0, we tried to perform the steps suggested in earlier mail below
Our steps are as follows, but we see EVP_PKEY_derive  fails to perform.  please suggest if any steps are wrong or missing here.

//input - BIGNUM - pubkey, privkey, p ,
//output - sharedsecret

Evp_compute_key(unsigned char* sharedSecret, unsigned int len, BIGNUM *pubkey, BIGNUM *privkey, BIGNUM* dh_p)
{
OSSL_PARAM params[5];
unsigned char*  p_str = BN_bn2dec (dh_p);
unsigned char* pub_str = BN_bn2dec (pubkey);
unsigned char* priv_str = BN_bn2dec (privkey);

params[0] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, p_str, strlen(p_str));
params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_G, &g);
params[2] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PUB_KEY, pub_str, strlen(pub_str));
params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PRIV_KEY, priv_str, strlen(priv_str));
params[4] = OSSL_PARAM_construct_end();

gctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
EVP_PKEY_derive_init(gctx)
EVP_PKEY_CTX_set_params(gctx, params)

/* Determine buffer length */
EVP_PKEY_derive(gctx, NULL, &skeylen)
EVP_PKEY_derive(gctx, sharedSecret, &skeylen)
}

Note - EVP_PKEY_derive -- call fails what is wrong in the steps can you please g




To derive a shared secret, you also need your peer’s public key.  It will also be presented as an EVP_PKEY structure.


________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201218/2d22d6e7/attachment.html>