RE: Doubt about the use and initialization of DH struct
> Thank you for your reply!!! > I have another question about this topic. I need to generate a shared > secret which size 16 byte, using a DH_compute_key() function. How can > i manage that size Produce a much larger shared secret and then reduce it securely to 16 bytes. > Should I use a 16 byte dh->p Absolutely not! DH requires a much larger key size to provide equivalent security. If you get DH to produce a 16 byte shared secret directly, it will provide much less than the 16 bytes of security you expect in the shared secret. DS PS: You're jogging in a minefield. You shouldn't be working at this low a level unless you already have a solid understanding of DH and how it relates to whatever you're going to do with the shared secret. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Doubt about the use and initialization of DH struct
I'll explain you the situation.I'm developping a module of SRTP and I'm using the openssl library inside my C code. I need to generate a shared secret which sizes 16 byte. I exchange public DH parameters with the client using the DH function. I don't know how to set DH parameters into a defined size about the final secret, gained using DH_compute_key() function. Thank you for your help, Hector Agustin Cozzetti Subject: RE: Doubt about the use and initialization of DH structDate: Sat, 15 Dec 2007 13:13:09 -0700From: [EMAIL PROTECTED]: openssl-users@openssl.org I would suggest that you examine RFC 2631 (section 2.1.1) or Secure Programming Cookbook by Viega & Messier (Section 8.17) for information on this topic. Typically with DH, two parties (A and B) wish to compute a shared secret. Each computes a private & public key pair, exchange public keys and then use their private key with the others public key to compute a shared secret. So, if xa and xb are the private keys of A and B, and ya and yb are the public keys of A and B, then SS = (yb ^ xa) mod p = (ya ^ xb) mod p Usually the value SS is combined with other information as input to a Key Derivation Function to generate as many bits as are required for the application. Another reference is NIST Special Publication 800-56A (chapter 6) http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf Bill From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Agustin CozzettiSent: December 15, 2007 12:15 PMTo: [EMAIL PROTECTED]: RE: Doubt about the use and initialization of DH struct Thank you for your reply!!!I have another question about this topic. I need to generate a shared secret which size 16 byte, using a DH_compute_key() function. How can i manage that size Should I use a 16 byte dh->p Thank you for your help, Hector Agustin Cozzetti _ Ti piace giocare con le lettere? Prova ABCLive! http://messengergiochi.it.msn.com/
RE: Doubt about the use and initialization of DH struct
I would suggest that you examine RFC 2631 (section 2.1.1) or Secure Programming Cookbook by Viega & Messier (Section 8.17) for information on this topic. Typically with DH, two parties (A and B) wish to compute a shared secret. Each computes a private & public key pair, exchange public keys and then use their private key with the others public key to compute a shared secret. So, if xa and xb are the private keys of A and B, and ya and yb are the public keys of A and B, then SS = (yb ^ xa) mod p = (ya ^ xb) mod p Usually the value SS is combined with other information as input to a Key Derivation Function to generate as many bits as are required for the application. Another reference is NIST Special Publication 800-56A (chapter 6) http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_M ar08-2007.pdf Bill From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Agustin Cozzetti Sent: December 15, 2007 12:15 PM To: openssl-users@openssl.org Subject: RE: Doubt about the use and initialization of DH struct Thank you for your reply!!! I have another question about this topic. I need to generate a shared secret which size 16 byte, using a DH_compute_key() function. How can i manage that size Should I use a 16 byte dh->p Thank you for your help, Hector Agustin Cozzetti
RE: Doubt about the use and initialization of DH struct
Thank you for your reply!!!
I have another question about this topic. I need to generate a shared secret
which size 16 byte, using a DH_compute_key() function. How can i manage that
size Should I use a 16 byte dh->p
Thank you for your help,
Hector Agustin Cozzetti
Subject: RE: Doubt about the use and initialization of DH structDate: Fri, 14
Dec 2007 08:09:29 -0700From: [EMAIL PROTECTED]: openssl-users@openssl.org
First, if you pasted your original code into the email, then you have several
typos.
Second, two of the lines generate warnings on compilation about incompatible
pointer types – these are significant. The lines are:
num_byte = BN_dec2bn(dh_struct->p,str_p);
num_byte = BN_dec2bn(dh_struct->g,str_g); //Note this was a line with a typo
Try it with these lines as follows:
num_byte = BN_dec2bn(&(dh_struct->p),str_p);
num_byte = BN_dec2bn(&(dh_struct->g),str_g);
When I did (plus fixing the other typo) and printed the results, I got:
Num Bytes for p=5
Num Bytes for g=1
Return code from generate key=1
Bill
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Agustin
CozzettiSent: December 14, 2007 5:30 AMTo: [EMAIL PROTECTED]: Doubt about the
use and initialization of DH struct
From: [EMAIL PROTECTED]: [EMAIL PROTECTED]: Doubt about the use and
initialization of DH structDate: Fri, 14 Dec 2007 10:23:19 +Hello,I have a
problem with DH struct in my source code C.
Here a small list of my code:
#include
#include
#include
#include
#include
DH *dh_struct;
int main()
{
unsigned char str_p[] = "57503";unsigned char str_g[] = "5";
unsigned char *string;
int num_byte,size,i;
dh_struct = DH_new();
dh_struct->p = BN_new();
dh_struct->g = BN_new();
dh_struct->priv_key = BN_new();
dh_struct->pub_key = BN_new();
num_byte = BN_dec2bn(dh_struct->p,str_p); // Here it seems that not execute
anything about structure "dh_struct->p"why???
num_byte = BN_dec2bn(dh_struct->p,str_g);
size = BN_num_bytes(dh_struct->p); // Here,the result is zero...why???
string = BN_bn2dec(dh_struct->p); // TEST,but string is NULL...why???
i=DH_generate_ket(dh_struct); // return 0,operation failed.
}
I can not understand where I mistake in the code!
Thank you for your help,
Hector Agustin Cozzetti
Per questo Natale fai i tuoi auguri con Messenger! Windows Live Messenger
_
Scarica GRATIS la versione personalizzata MSN di Internet Explorer 7!
http://optimizedie7.msn.com/default.aspx?mkt=it-it
RE: Doubt about the use and initialization of DH struct
First, if you pasted your original code into the email, then you have
several typos.
Second, two of the lines generate warnings on compilation about
incompatible pointer types - these are significant. The lines are:
num_byte = BN_dec2bn(dh_struct->p,str_p);
num_byte = BN_dec2bn(dh_struct->g,str_g); //Note this was a line with
a typo
Try it with these lines as follows:
num_byte = BN_dec2bn(&(dh_struct->p),str_p);
num_byte = BN_dec2bn(&(dh_struct->g),str_g);
When I did (plus fixing the other typo) and printed the results, I got:
Num Bytes for p=5
Num Bytes for g=1
Return code from generate key=1
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Agustin Cozzetti
Sent: December 14, 2007 5:30 AM
To: openssl-users@openssl.org
Subject: Doubt about the use and initialization of DH struct
From: [EMAIL PROTECTED]
To: openssl-users@openssl.org
Subject: Doubt about the use and initialization of DH struct
Date: Fri, 14 Dec 2007 10:23:19 +
Hello,
I have a problem with DH struct in my source code C.
Here a small list of my code:
#include
#include
#include
#include
#include
DH *dh_struct;
int main()
{
unsigned char str_p[] = "57503";
unsigned char str_g[] = "5";
unsigned char *string;
int num_byte,size,i;
dh_struct = DH_new();
dh_struct->p = BN_new();
dh_struct->g = BN_new();
dh_struct->priv_key = BN_new();
dh_struct->pub_key = BN_new();
num_byte = BN_dec2bn(dh_struct->p,str_p); // Here it seems that
not execute anything about structure "dh_struct->p"why???
num_byte = BN_dec2bn(dh_struct->p,str_g);
size = BN_num_bytes(dh_struct->p); // Here,the result is
zero...why???
string = BN_bn2dec(dh_struct->p); // TEST,but string is
NULL...why???
i=DH_generate_ket(dh_struct); // return 0,operation failed.
}
I can not understand where I mistake in the code!
Thank you for your help,
Hector Agustin Cozzetti
Per questo Natale fai i tuoi auguri con Messenger! Windows Live
Messenger
RE: Doubt about the use and initialization of DH struct
> dh_struct = DH_new(); > dh_struct->p = BN_new(); > dh_struct->g = BN_new(); > dh_struct->priv_key = BN_new(); > dh_struct->pub_key = BN_new(); > num_byte = BN_dec2bn(dh_struct->p,str_p); // Here it seems that not execute anything about Something is very wrong in your code. BN_new returns a 'BIGNUM *', so dh_struct->p contains a 'BIGNUM *'. But then you pass dh_struct->p as the first parameter to BN_dec2bn, which takes a 'BIGNUM **'. int BN_dec2bn(BIGNUM **a, const char *str); BIGNUM *BN_new(void); dh_struct->p can't be both a 'BIGNUM *' and a 'BIGNUM **'. In fact, it's a 'BIGNUM *'. So at a minimum, the BN_dec2bn call must be: num_byte = BN_dec2bn(&dh_struct->p, str_p); There could be other mistakes too. This was the most obvious. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
