From: Narayana, Sunil Kumar <sanaray...@rbbn.com>
Sent: Thursday, December 17, 2020 8:17 AM
To: Sands, Daniel <dnsa...@sandia.gov>; openssl-users@openssl.org
Subject: [EXTERNAL] RE: DH_compute_key () - replacement in 3.0
Hi,
For the equivalent replacement of DH_compute_key in 3.0, we
tried to perform the steps suggested in earlier mail below
Our steps are as follows, but we see EVP_PKEY_derive fails to perform. please
suggest if any steps are wrong or missing here.
//input - BIGNUM - pubkey, privkey, p ,
//output - sharedsecret
Evp_compute_key(unsigned char* sharedSecret, unsigned int len, BIGNUM *pubkey,
BIGNUM *privkey, BIGNUM* dh_p)
{
OSSL_PARAM params[5];
unsigned char* p_str = BN_bn2dec (dh_p);
unsigned char* pub_str = BN_bn2dec (pubkey);
unsigned char* priv_str = BN_bn2dec (privkey);
params[0] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, p_str,
strlen(p_str));
params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_G, &g);
params[2] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PUB_KEY, pub_str,
strlen(pub_str));
params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PRIV_KEY, priv_str,
strlen(priv_str));
params[4] = OSSL_PARAM_construct_end();
gctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
EVP_PKEY_derive_init(gctx)
EVP_PKEY_CTX_set_params(gctx, params)
/* Determine buffer length */
EVP_PKEY_derive(gctx, NULL, &skeylen)
EVP_PKEY_derive(gctx, sharedSecret, &skeylen)
}
Note - EVP_PKEY_derive -- call fails what is wrong in the steps can you please g
To derive a shared secret, you also need your peer’s public key. It will also
be presented as an EVP_PKEY structure.
________________________________
