Re: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length
Yup, using the correct function helps :-) Thanks! - Reply message - From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org Subject: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length Date: Wed, Aug 29, 2012 1:37 am On Tue, Aug 28, 2012, la...@angry-red-pla.net wrote: Hi all I created a shared key based on a DH exchange and want to use that key with a symmetric encryption algorithm. This key has a length of 16 Bytes (128 bit). Here is what I do to initialize AES: char *key,*iv; // DH exchange which ends with a 16B value in key RAND_pseudo_bytes(iv,16); EVP_EncryptInit(enc_ctx,EVP_aes_128_cbc(),NULL,NULL); EVP_CIPHER_CTX_set_key_length(enc_ctx,16); EVP_EncryptInit(enc_ctx,NULL,skey,iv); None of the functions seems to generate an error. I checked that by calling ERR_print_errors_fp. However when I check the key length printf(key len: %d\n,EVP_CIPHER_key_length(enc_ctx)); It returns 1. Shouldn't it return 16? I guess I make a mistake when setting the key, but where? The cipher EVP_aes_128_cbc() has a fixed key length so there is no need to set it, though it is harmless to do so. The function EVP_CIPHER_key_length works on an EVP_CIPHER structure not an EVP_CIPHER_CTX. You need to call EVP_CIPHER_CTX_key_length instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DH exchange socket BIOs
Yeah size is the same on both sides :( - Reply message - From: Michel msa...@paybox.com To: openssl-users@openssl.org Subject: DH exchange socket BIOs Date: Fri, Aug 24, 2012 5:47 pm Hi Carolin, It is just about half the length of the ... [very] Quick response : Hex value is twice the lengh of binary data : Have you checked the value of 'size' arg ? Not sure this helps ... Le 24/08/2012 16:38, Carolin Latze a écrit : (sorry if this mail arrives twice. I send it first without being subscribed to this list by accident) Hi all I try to implement a DH exchange using socket BIOs. Here is what I do: On the server - I initialize a DH structure with DH_new - I generate the parameters using DH_generate_parameters(prime_len,g,NULL,NULL) with prime_len=512 - I generate the keys using DH_generate_key(dh) Now I need to send p,g, and the server's public key to the client. In order to do that I convert each of those three values to hex. This is the example for p: int size = DH_size(dh); char* prime = (char*) malloc(size*sizeof(char)); memset(prime,0,size*sizeof(char)); prime = BN_bn2hex(dh-p); afterwards I open a socket BIO that allows a client to connect: bio = BIO_new_accept(port); Now, when a client connects, I write those three values to the BIO. Example for p: BIO_do_accept(bio); cbio = BIO_pop(bio); BIO_write(cbio,prime,size); Ok, lets move the client. The client connects successfully to the server and reads the three values from the BIO: prime = (char*)malloc(size*sizeof(char)); memset(prime,0,size*sizeof(char)); BIO_read(bio,prime,size); If I print out prime on the client using printf I see that this is exactly the stream of bytes that have been sent by the server. But if I write this value back into a DH structure it changes: DH *dh = DH_new(); BN_hex2bn((dh-p),prime); If I check the value now with BN_print, it is a shorter value! It is just about half the length of the original p and I have no idea why. What is it that I miss here? Any hints would be appreciated Regards Carolin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DH exchange socket BIOs
Uh maybe this is the point: how do you init the size of a dh struct correctly? I just set it like size=64 - Reply message - From: Michel msa...@paybox.com To: openssl-users@openssl.org Subject: DH exchange socket BIOs Date: Fri, Aug 24, 2012 5:47 pm Hi Carolin, It is just about half the length of the ... [very] Quick response : Hex value is twice the lengh of binary data : Have you checked the value of 'size' arg ? Not sure this helps ... Le 24/08/2012 16:38, Carolin Latze a écrit : (sorry if this mail arrives twice. I send it first without being subscribed to this list by accident) Hi all I try to implement a DH exchange using socket BIOs. Here is what I do: On the server - I initialize a DH structure with DH_new - I generate the parameters using DH_generate_parameters(prime_len,g,NULL,NULL) with prime_len=512 - I generate the keys using DH_generate_key(dh) Now I need to send p,g, and the server's public key to the client. In order to do that I convert each of those three values to hex. This is the example for p: int size = DH_size(dh); char* prime = (char*) malloc(size*sizeof(char)); memset(prime,0,size*sizeof(char)); prime = BN_bn2hex(dh-p); afterwards I open a socket BIO that allows a client to connect: bio = BIO_new_accept(port); Now, when a client connects, I write those three values to the BIO. Example for p: BIO_do_accept(bio); cbio = BIO_pop(bio); BIO_write(cbio,prime,size); Ok, lets move the client. The client connects successfully to the server and reads the three values from the BIO: prime = (char*)malloc(size*sizeof(char)); memset(prime,0,size*sizeof(char)); BIO_read(bio,prime,size); If I print out prime on the client using printf I see that this is exactly the stream of bytes that have been sent by the server. But if I write this value back into a DH structure it changes: DH *dh = DH_new(); BN_hex2bn((dh-p),prime); If I check the value now with BN_print, it is a shorter value! It is just about half the length of the original p and I have no idea why. What is it that I miss here? Any hints would be appreciated Regards Carolin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
