Re: How to implement DH algorithm using openSSL library?

Thu, 20 Dec 2012 22:15:47 -0800 

I have this fucntion which I use to generate public-private key pair.

- prime : depends on the dh group, you can find these values in DH rfc -
http://www.ietf.org/rfc/rfc3526.txt

int32_t DHInterface::GeneratePublicPrivateKeyPair(uint8_t * pub_key,
uint32_t * pub_key_length)
{
  char *errbuf;

  dh = DH_new();

  if ((dh->p = BN_bin2bn((unsigned char *)prime->v, prime->l, NULL)) ==
NULL)
    return -1;

  if ((dh->g = BN_new()) == NULL)
    return -1;
  if (!BN_set_word(dh->g, 2))
    return -1;


  /* Now generate public and private key */

  if (!DH_generate_key(dh))
  {
    errbuf = ERR_error_string(ERR_get_error(), NULL);
    printf("Error : %s", errbuf);
    return -1;
  }

  /* Covert keys from BN into bytes */

  *pub_key_length = BN_bn2bin(dh->pub_key, (unsigned char *)(pub_key));

  return 0;
}

DH_Generate_key would generate a private key, and then a corresponding
public key value. You need to send this public key value to your peer and
then expect a public key value from the peer.
Once you get peer's public key use the same "dh" object to calculate the
secret value, which I do in this way-
peer_pub_key = BN_bin2bn((unsigned char *)peer_public_key, key_length,
NULL);

  if ((secret_key_length = DH_compute_key((unsigned char *)temp,
peer_pub_key, dh)) < 0)
  {
      errbuf = ERR_error_string(ERR_get_error(), NULL);
      printf("Error : %s", errbuf);
      return -1;
  }
  *secret_length = DH_size(dh);


I feel the variables would be self explainatory.


On Fri, Dec 21, 2012 at 10:19 AM, Hemayamini Kurra <
hemayaminiku...@email.arizona.edu> wrote:

> Hello!!
>
>
> I am trying to implement Diffe-Hellman Key exchange protocol between
> Client and server. I am using openSSL dh.h library for that. The problem is
> how to send the publickey generated by DH_generate_key() function to
> client/server.
>
> My idea is to get the shared secret which I can use for further encryption
> of communication between client and server. I have followed the following
> steps
>
> 1. Generate the parameters uysing DH_generate_parameters()
> 2. DH_check() for checking the parameters generated.
> 3. Then to use DH_compute_key() I should be able to get the peer's public
> key. How can I get this?
>
> What is the private value DH_generate_key uses for generating public key?
>
> I dint find any sample programs for this problem. It would be great if
> anyone suggest some sample programs related to my above mentioned task!!
>
>
> Thanks and Regards,
> Yamini.
>



-- 
Prashant Batra

Reply via email to