Re: How to implement DH algorithm using openSSL library?
Thanks prashant!! This helped alot!! On Thu, Dec 20, 2012 at 10:09 PM, Prashant Batra prashant0...@gmail.comwrote: I have this fucntion which I use to generate public-private key pair. - prime : depends on the dh group, you can find these values in DH rfc - http://www.ietf.org/rfc/rfc3526.txt int32_t DHInterface::GeneratePublicPrivateKeyPair(uint8_t * pub_key, uint32_t * pub_key_length) { char *errbuf; dh = DH_new(); if ((dh-p = BN_bin2bn((unsigned char *)prime-v, prime-l, NULL)) == NULL) return -1; if ((dh-g = BN_new()) == NULL) return -1; if (!BN_set_word(dh-g, 2)) return -1; /* Now generate public and private key */ if (!DH_generate_key(dh)) { errbuf = ERR_error_string(ERR_get_error(), NULL); printf(Error : %s, errbuf); return -1; } /* Covert keys from BN into bytes */ *pub_key_length = BN_bn2bin(dh-pub_key, (unsigned char *)(pub_key)); return 0; } DH_Generate_key would generate a private key, and then a corresponding public key value. You need to send this public key value to your peer and then expect a public key value from the peer. Once you get peer's public key use the same dh object to calculate the secret value, which I do in this way- peer_pub_key = BN_bin2bn((unsigned char *)peer_public_key, key_length, NULL); if ((secret_key_length = DH_compute_key((unsigned char *)temp, peer_pub_key, dh)) 0) { errbuf = ERR_error_string(ERR_get_error(), NULL); printf(Error : %s, errbuf); return -1; } *secret_length = DH_size(dh); I feel the variables would be self explainatory. On Fri, Dec 21, 2012 at 10:19 AM, Hemayamini Kurra hemayaminiku...@email.arizona.edu wrote: Hello!! I am trying to implement Diffe-Hellman Key exchange protocol between Client and server. I am using openSSL dh.h library for that. The problem is how to send the publickey generated by DH_generate_key() function to client/server. My idea is to get the shared secret which I can use for further encryption of communication between client and server. I have followed the following steps 1. Generate the parameters uysing DH_generate_parameters() 2. DH_check() for checking the parameters generated. 3. Then to use DH_compute_key() I should be able to get the peer's public key. How can I get this? What is the private value DH_generate_key uses for generating public key? I dint find any sample programs for this problem. It would be great if anyone suggest some sample programs related to my above mentioned task!! Thanks and Regards, Yamini. -- Prashant Batra
Re: How to implement DH algorithm using openSSL library?
I also have a problem in sending the pub_key to peer. As I am using DH_generate_parameters to generate prime and generator and DH_generator_key for generating the public key , I have to send the prime, g and pub_key to the peer. Is there any function to do this?? Thanks in advance. Yamini. On Fri, Dec 21, 2012 at 9:23 AM, Hemayamini Kurra hemayaminiku...@email.arizona.edu wrote: Thanks prashant!! This helped alot!! On Thu, Dec 20, 2012 at 10:09 PM, Prashant Batra prashant0...@gmail.comwrote: I have this fucntion which I use to generate public-private key pair. - prime : depends on the dh group, you can find these values in DH rfc - http://www.ietf.org/rfc/rfc3526.txt int32_t DHInterface::GeneratePublicPrivateKeyPair(uint8_t * pub_key, uint32_t * pub_key_length) { char *errbuf; dh = DH_new(); if ((dh-p = BN_bin2bn((unsigned char *)prime-v, prime-l, NULL)) == NULL) return -1; if ((dh-g = BN_new()) == NULL) return -1; if (!BN_set_word(dh-g, 2)) return -1; /* Now generate public and private key */ if (!DH_generate_key(dh)) { errbuf = ERR_error_string(ERR_get_error(), NULL); printf(Error : %s, errbuf); return -1; } /* Covert keys from BN into bytes */ *pub_key_length = BN_bn2bin(dh-pub_key, (unsigned char *)(pub_key)); return 0; } DH_Generate_key would generate a private key, and then a corresponding public key value. You need to send this public key value to your peer and then expect a public key value from the peer. Once you get peer's public key use the same dh object to calculate the secret value, which I do in this way- peer_pub_key = BN_bin2bn((unsigned char *)peer_public_key, key_length, NULL); if ((secret_key_length = DH_compute_key((unsigned char *)temp, peer_pub_key, dh)) 0) { errbuf = ERR_error_string(ERR_get_error(), NULL); printf(Error : %s, errbuf); return -1; } *secret_length = DH_size(dh); I feel the variables would be self explainatory. On Fri, Dec 21, 2012 at 10:19 AM, Hemayamini Kurra hemayaminiku...@email.arizona.edu wrote: Hello!! I am trying to implement Diffe-Hellman Key exchange protocol between Client and server. I am using openSSL dh.h library for that. The problem is how to send the publickey generated by DH_generate_key() function to client/server. My idea is to get the shared secret which I can use for further encryption of communication between client and server. I have followed the following steps 1. Generate the parameters uysing DH_generate_parameters() 2. DH_check() for checking the parameters generated. 3. Then to use DH_compute_key() I should be able to get the peer's public key. How can I get this? What is the private value DH_generate_key uses for generating public key? I dint find any sample programs for this problem. It would be great if anyone suggest some sample programs related to my above mentioned task!! Thanks and Regards, Yamini. -- Prashant Batra
How to implement DH algorithm using openSSL library?
Hello!! I am trying to implement Diffe-Hellman Key exchange protocol between Client and server. I am using openSSL dh.h library for that. The problem is how to send the publickey generated by DH_generate_key() function to client/server. My idea is to get the shared secret which I can use for further encryption of communication between client and server. I have followed the following steps 1. Generate the parameters uysing DH_generate_parameters() 2. DH_check() for checking the parameters generated. 3. Then to use DH_compute_key() I should be able to get the peer's public key. How can I get this? What is the private value DH_generate_key uses for generating public key? I dint find any sample programs for this problem. It would be great if anyone suggest some sample programs related to my above mentioned task!! Thanks and Regards, Yamini.
Re: How to implement DH algorithm using openSSL library?
I have this fucntion which I use to generate public-private key pair. - prime : depends on the dh group, you can find these values in DH rfc - http://www.ietf.org/rfc/rfc3526.txt int32_t DHInterface::GeneratePublicPrivateKeyPair(uint8_t * pub_key, uint32_t * pub_key_length) { char *errbuf; dh = DH_new(); if ((dh-p = BN_bin2bn((unsigned char *)prime-v, prime-l, NULL)) == NULL) return -1; if ((dh-g = BN_new()) == NULL) return -1; if (!BN_set_word(dh-g, 2)) return -1; /* Now generate public and private key */ if (!DH_generate_key(dh)) { errbuf = ERR_error_string(ERR_get_error(), NULL); printf(Error : %s, errbuf); return -1; } /* Covert keys from BN into bytes */ *pub_key_length = BN_bn2bin(dh-pub_key, (unsigned char *)(pub_key)); return 0; } DH_Generate_key would generate a private key, and then a corresponding public key value. You need to send this public key value to your peer and then expect a public key value from the peer. Once you get peer's public key use the same dh object to calculate the secret value, which I do in this way- peer_pub_key = BN_bin2bn((unsigned char *)peer_public_key, key_length, NULL); if ((secret_key_length = DH_compute_key((unsigned char *)temp, peer_pub_key, dh)) 0) { errbuf = ERR_error_string(ERR_get_error(), NULL); printf(Error : %s, errbuf); return -1; } *secret_length = DH_size(dh); I feel the variables would be self explainatory. On Fri, Dec 21, 2012 at 10:19 AM, Hemayamini Kurra hemayaminiku...@email.arizona.edu wrote: Hello!! I am trying to implement Diffe-Hellman Key exchange protocol between Client and server. I am using openSSL dh.h library for that. The problem is how to send the publickey generated by DH_generate_key() function to client/server. My idea is to get the shared secret which I can use for further encryption of communication between client and server. I have followed the following steps 1. Generate the parameters uysing DH_generate_parameters() 2. DH_check() for checking the parameters generated. 3. Then to use DH_compute_key() I should be able to get the peer's public key. How can I get this? What is the private value DH_generate_key uses for generating public key? I dint find any sample programs for this problem. It would be great if anyone suggest some sample programs related to my above mentioned task!! Thanks and Regards, Yamini. -- Prashant Batra