Re: Diffie algorithm in openssl: and Java

[azhar jodatti]

On Tue, Mar 19, 2013 at 8:13 PM, Matt Caswell <fr...@baggins.org> wrote:

> On 19 March 2013 14:18, azhar jodatti <azhar...@gmail.com> wrote:
> > On Tue, Mar 19, 2013 at 6:24 PM, Matt Caswell <fr...@baggins.org> wrote:
> >> On 19 March 2013 12:22, azhar jodatti <azhar...@gmail.com> wrote:
> >> >        PEM_write_bio_DHparams(out, temp);//this prints public key in
> >> > base64
> >> > (this is what i think :) )
> >>
> >> This is NOT a base64 representation of the public key. This is
> >> printing out the parameters only (which does not include the public
> >> key)
> >>
> >>
> >> >           X509EncodedKeySpec x509KeySpec = new
> >> > X509EncodedKeySpec(clientPubKeyEnc);
> >> >           PublicKey alicePubKey =
> bobKeyFac.generatePublic(x509KeySpec);
> >> > //
> >> > this throws invalidKeySpecException : invalid key specification
> >> >
> >>
> > What is the reason behind this? Why it won't work with
> X509EncodedKeySpec?
> >
> Because, as noted above the data you are trying to use is not what you
> think it is. X509EncodedKeySpec expects an ASN.1 type of
> "SubjectPublicKeyInfo", whereas you are providing an ASN.1 type of
> DHparams.
>
> >>
> >> Instead of above, try something like this:
> >>
> >> BigInteger y = new
> >>
> >>
> BigInteger("4373485839237796166699589228729451887524557806298817546317652313209684941935291316056752499275686842785989445002203537603465313281932431907074220666705812428468899520395399424699433568818334649395647035588736697462362131440308900155995886437558059484184376957451229991382889256903754886307405909744230582829");
> >> BigInteger p = new
> >>
> >>
> BigInteger("106824077746282794452228647025839229808074839339760371103063155402464842614962676228255294325459053774613506891207056818441720848774298482866918174271328357364028843638451324415691330056638482781344307395975948664971732094293996189467599104442989563027727348339786810653279203313302815966250977426622843204103");
> >> BigInteger g = new BigInteger("5");
> >> DHPublicKeySpec dhKeySpec = new DHPublicKeySpec(y, p, g);
> >> PublicKey alicPubKey = bobKeyFac.generatePublic(dhKeySpec);
> >>
> >> Yes, I tried this as well. It won't throw any exception. It silently
> >> generate the public and secret key at server. but when I use server's
> public
> >> key at client to generate clients secret key, it ends up with having
> >> different secret key at both the end. The client secret key won't match
> with
> >> server's secret key.
> >
> It's not throwing an exception because it is a correctly formatted
> public key as opposed to an incorrectly formatted one!
>
> If you're not getting the same shared secret then we have to keep
> looking for the next problem! Please can you show me the public key
> that is generated from the Java, and how you are getting that into the
> C.
> ​
>
​​


> Public key :
> 51093028659631095152127547561210256954397603098232059666027122615973227382429027689439366800901894865255894412959274262339973658755087875326652519316408641291147210116350724179445600062190440655247730764834818870113073675659597350146096013520359779813721130161289129623836149432660886911252479058706300096609627440489763066216701057451976966454286830289446177423364030417328352835706375072921374017823594671329956408841840266423002727166432797742483425435318160265353606929428888687407883845458106878990927218108399715490559887862345042269910918508836619472642535350414785745034292564778165044378612630468960194913792482268072428278422412284738960598286710094132345557605518602478981231098046892613531283123151​
>
> ​   Secret key : ​

121277045462377180924388960664136553887763629105491725197403931101683470015335768230267747273675733333930957394257354070595978655048643912250308681026844585744709027576900402249670187203160151084771397152790055765927595015924125212527820968758168922306979142896670732847778567823870168933256602812482617195330
​
These are the public and secret key generated at JAVA server.  I am passing
public key to C.
below is the C code snippet which takes this key and generates secret key.

        printf("Enter server public key \n");
        unsigned char serverpublickey[1024];
        scanf("%s",serverpublickey);// reads the server public key
        BIGNUM *spubkey=BN_new();
        BIGNUM **ppubkey =&spubkey;
        BN_dec2bn(ppubkey,serverpublickey);//convert decimal key to BIGNUM
        printf("\nserver public key= \n");
        BN_print(out,*ppubkey);
        clientout=DH_compute_key(clientbuf,*ppubkey,client);


above DH_compute_key function returns -1 values and the error message it
prints is "error:05066066:Diffie-Hellman routines:COMPUTE_KEY:invalid
public key"

I am using below code to get this error
                unsigned long errorcode = ERR_get_error();
                ERR_error_string_n(errorcode, errbuf,sizeof errbuf);





Matt
>