Finally I could complete the handshake using DHE-PSK. I followed the samples ex-client-psk.c and ex-serv-psk.c but instead of hardcoded keys, I dynamically assigned the keys as follows:
char * dynamickeys; //Could be any string with hex characters like DEADBEEF atohx(key->data,dynamickeys); Here is the atohx function I got from the following link: http://cboard.cprogramming.com/c-programming/77086-no-atoh-function-c-ascii-hex-well-lets-create-one.html char * atohx(char * dst, const char * src) { int lsb,msb; char * ret; ret = dst; for(lsb = 0, msb = 0; *src; src += 2) { msb = tolower(*src); lsb = tolower(*(src + 1)); msb -= isdigit(msb) ? 0x30 : 0x57; lsb -= isdigit(lsb) ? 0x30 : 0x57; if((msb < 0x0 || msb > 0xf) || (lsb < 0x0 || lsb > 0xf)) { *ret = 0; return NULL; } *dst++ = (char)(lsb | (msb << 4)); } *dst = 0; return ret; } Thanks to all for all your suggestions. Thanks Ramg On Wed, Jul 15, 2009 at 3:24 AM, David Marín Carreño <[email protected]>wrote: > I think you are keeping the same confusion in data formats. > A string with characters "ABCD" is saved in memory as characters 'A' (ascii > 0x41), 'B' (ascii 0x42), 'C' (ascii 0x43) and 'D' (ascii 0x44) in 4 bytes, > not as 2 bytes 0xAB and 0xCD. > > Greetings > -- > David Marín Carreño > > 2009/7/14 Ram G <[email protected]> > >> >> I tried out a couple of more ideas but no luck. >> >> Setting the key on the server side as follows works: >> >> key->data = gnutls_malloc (4); >> key->data = "\xDE\xAD\xBE\xEF"; >> key->size = 4; >> >> I also tried as follows: >> >> char * somekey = "DEADBEEF"; //DEADBEEF is hardcoded for test but will be >> dynamically generated >> int i,temp; >> >> for (i = 0; somekey[i]; i += 2) { >> sscanf(&somekey[i], "%02x", &temp); >> key->data[i / 2] = temp; >> } >> This does not work either. I'm scratching my head how to take a string >> like "DEADBEEF" and convert it to "\xDE\xAD\xBE\xEF" and assign it >> to key->data. >> >> If PSK key value on the client side is given as >> const gnutls_datum_t key = { (char*) "DEADBEEF", 8 }; >> why doesn't it work if I assign it the same way on the server side? Why >> does it expect it as hexadecimal values ? >> >> Any ideas highly appreciated. >> >> -Ramg >> >> >> On Mon, Jul 13, 2009 at 4:36 PM, Ram G <[email protected]> wrote: >> >>> Hi Nikos, >>> >>> Thanks for your response. >>> >>> I tried your suggestion and that does not work either. However the sample >>> program works fine when assigning two hexadecimal characters each to the 4 >>> bytes. >>> >>> It is a weird requirement but we cannot use certificates or previously >>> known keys for the PSK authentication. Instead what I'm doing is establish >>> an anonymous DH handshake between the client and the server. Now both the >>> client and the server know the master secret. I would like to use this >>> master secret as pre-shared keys between the client and the server. >>> >>> Can you please let me know if this can weaken the cryptosystem ? I'll try >>> out any alternate suggestion you might have. >>> >>> Thanks and Regards >>> >>> Ramg >>> >>> On Mon, Jul 13, 2009 at 4:10 PM, Nikos Mavrogiannopoulos < >>> [email protected]> wrote: >>> >>>> Ram G wrote: >>>> > Hi, >>>> > >>>> > I'm working on the sample programs provided in the source examples >>>> folder >>>> > and I would like some help from you. I'm trying to do a DH key >>>> exchange with >>>> > PSK authentication. >>>> > >>>> > The client sample (ex-client-psk.c) assigns the pre shared key as >>>> follows: >>>> > >>>> > const gnutls_datum_t key = { (char*) "DEADBEEF", 8 }; >>>> > >>>> > The server sample (ex-serv-psk.c) does the key assignment in the >>>> callback >>>> > function pskfunc as follows: >>>> > >>>> > key->data = gnutls_malloc (4); >>>> > key->data[0] = 0xDE; >>>> > key->data[1] = 0xAD; >>>> > key->data[2] = 0xBE; >>>> > key->data[3] = 0xEF; >>>> > key->size = 4; >>>> >>>> It is not the same as above. Above you use 8 bytes and here 4. Use >>>> instead: >>>> key->data[0] = 'D'; >>>> key->data[1] = 'E'; >>>> key->data[2] = 'A'; >>>> key->data[3] = 'D'; >>>> key->data[4] = 'B'; >>>> key->data[5] = 'E'; >>>> key->data[6] = 'E'; >>>> key->data[7] = 'F'; >>>> key->size = 8; >>>> >>>> > I would like to assign the pre-shared key dynamically. If I assign the >>>> PSK >>>> > in the server as follows, it does not work. I get the error >>>> "Decryption has >>>> > failed". >>>> >>>> Actually how the keys are going to be generated? You have to think about >>>> that seriously and make sure that the key generation is not weakening >>>> the cryptosystem. To be on the safe side, and especially if you are not >>>> experienced in the field use the tools provided by gnutls for the key >>>> generation. >>>> >>>> >>>> regards, >>>> Nikos >>>> >>>> >>> >> >> _______________________________________________ >> Help-gnutls mailing list >> [email protected] >> http://lists.gnu.org/mailman/listinfo/help-gnutls >> > >
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
