to exactly replace this we are generating “pubparam_key/priparam_key”  using   
bn_publicKey/dh->priv_key  as below

OSSL_PARAM_BLD *pubparamsbld = NULL, priparamsbld = NULL;
OSSL_PARAM *pubparams = NULL, priparams = NULL;
EVP_PKEY *pubparam_key = NULL, *priparam_key = NULL;
EVP_PKEY_CTX *pubctx = NULL, *prictx = NULL;


pubparamsbld = OSSL_PARAM_BLD_new()
priparamsbld = OSSL_PARAM_BLD_new()

OSSL_PARAM_BLD_push_BN(pubparamsbld, OSSL_PKEY_PARAM_PUB_KEY, bn_publicKey)
OSSL_PARAM_BLD_push_BN(priparamsbld, OSSL_PKEY_PARAM_PRIV_KEY,bn_privateKey)

//build context
pubctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
prictx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);

EVP_PKEY_key_fromdata_init(pubctx)
EVP_PKEY_key_fromdata_init(prictx)

pubparams = OSSL_PARAM_BLD_to_param(pubparamsbld);
EVP_PKEY_fromdata(pubctx, &pubparam_key, pubparams))

priparams = OSSL_PARAM_BLD_to_param(priparamsbld);
EVP_PKEY_fromdata(prictx, &priparam_key, priparams))

From there, we are planning to use EVP_PKEY_derive_init, 
EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret




Didn’t you generate the private keys using the EVP_PKEY_gen as was suggested to 
your previous email inquiry?  If so, you shouldn’t have to rebuild it in such a 
way, since you already have a usable PKEY that has the generated keypair.  If 
you created a private keypair called privkey, the public key data can be sent 
to your peer with i2d_PUBKEY_bio(peer_bio, privkey) and received on the peer’s 
side with d2i_PUBKEY_bio(peer_bio, &peerkey);

Now you just need to build a new context around your private EVP_PKEY using 
derive_ctx = EVP_PKEY_CTX_new(privkey, NULL); and then do the EVP_PKEY_derive 
series of calls.

Your example code does not seem to set the P or G parameters of your keypair, 
so if you must do it that way, you will need to add them too.

Reply via email to