[EXTERNAL] RE: DH_compute_key () - replacement in 3.0

Sands, Daniel dnsands at sandia.gov
Tue Dec 15 23:30:27 UTC 2020 

We do have generated the key using EVP_PKEY_gen as suggested in earlier emails, but since this was a non-ephemeral and we wanted to store the key in "raw" octet bytes, so we did extracted the whole DH priv/pub key pair out from the key generated via  EVP_PKEY_gen  ( using as suggested… EVP_PKEY_get_raw_public_key (pkey, pub, &len)  )

Now, at a later stage in application we have to compute the Secret key using the stored key’s (in above step).
As of now,  these keys are in uchar format, but are converted to BIGNUM and given to DH_compute_key as below.

   BIGNUM      *bn_publicKey;
    dh->priv_key = BN_bin2bn(privateKey, octet_len, NULL);
    bn_publicKey = BN_bin2bn(publicKey, octet_len, NULL);
    rv = DH_compute_key(sharedSecret, bn_publicKey, dh);

So in order to keep the existing frame work in place and just replace the DH_compute_key, we should be using the  dh->priv_key/ bn_publicKey  to compute shared secret key.
So we require to convert the BIGNUM key types to EVP_KEY types to use in EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret
Please suggest…

Is it possible to change the format of your raw blob?  If so, you can use i2d_PrivateKey or friends to output the entire private key to your raw data blob, and use d2i_PrivateKey et al to read it back into a working EVP_PKEY in a single call.

Otherwise, one shortcut you can do to avoid all the params work is to create a static array since you should already know how many params you need.  But you need the public key, the private key, the generator (g), and the prime modulus (p).  The following (untested) code ought to work.

OSSL_PARAM params[5];

params[0] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, <prime modulus>, <prime modulus bytes size>);
params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_G, <generator>);
params[2] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PUB_KEY, <public key>, <public key bytes size>);
params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PRIV_KEY, <private key>, <private key bytes size>);
params[4] = OSSL_PARAM_construct_end();

my_key_ctx = EVP_PKEY_CTX_new_from_name(NULL, “DH”, NULL);
EVP_PKEY_derive_init(my_key_ctx);
EVP_PKEY_CTX_set_params(my_key_ctx, params);
…

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201215/9514837a/attachment-0001.html>

More information about the openssl-users mailing list