The code below works when I use the RSA key generation functions, but when I try
to generate an ECC key, and use it, it doesn't work. I am using 0.9.8 beta 6.
I'm not sure if this is a result of my lack of understanding about ECC, or the
implementation is broken, hence my post to `users` and not `dev`.
Does anyone know of a good tutorial for using OpenSSL to do ECC encryption? I
haven't found anything on Google.
On a side note, I understand that the session key is stored in `ek`, but what I
don't know is whether that session key is encrypted using the public ECC key. If
so, then it doesn't need to be protected, only the ECC private key needs to be
protected. Can someone confirm this for me?
Thanks,
L~
#include <stdio.h>
#include <ssl.h>
#include <string.h>
#include <rand.h>
#include <ecdsa.h>
int main() {
char *string = "This is the string we are trying to encrypt.";
printf("Unencoded string = {%s}\n", string);
/*
RSA *key = RSA_generate_key(1024, RSA_F4, NULL, NULL);
EVP_PKEY *pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, key);
*/
EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
if (group == NULL) {
printf("Could not get group.\n");
return 0;
}
EC_KEY *key = EC_KEY_new();
if (key == NULL) {
printf("Could not generate an EC key structure.\n");
return 0;
}
if (EC_KEY_set_group(key, group) == 0) {
printf("EC Group association failed.\n");
return 0;
}
if (EC_KEY_generate_key(key) == 0) {
printf("EC Key Generation failed.\n");
return 0;
}
EVP_PKEY *pkey = EVP_PKEY_new();
if (EVP_PKEY_assign_EC_KEY(pkey, key) == 0) {
printf("Could not associate the EC key with PKEY.\n");
return 0;
}
char iv[EVP_MAX_IV_LENGTH];
RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH);
EVP_CIPHER_CTX ctx;
int out_len = EVP_PKEY_size(pkey);
int npubk = 1;
unsigned char **ek = (unsigned char **)malloc(sizeof(unsigned char *) *
npubk);
ek[0] = (unsigned char *) malloc(EVP_PKEY_size(pkey));
EVP_SealInit(&ctx, EVP_aes_256_cbc(), ek, &out_len, &iv[0], &pkey,
npubk);
int buf_len = 500;
unsigned char buf[buf_len];
EVP_SealUpdate(&ctx, &buf[0], &buf_len, string, strlen(string));
int i;
int tot_len = buf_len;
printf("Encoded string = {");
for (i = 0; i < buf_len; i++) {
printf("%02x", buf[i]);
}
EVP_SealFinal(&ctx, &buf[buf_len], &buf_len);
for (i = 0; i < buf_len; i++) {
printf("%02x", buf[i + tot_len]);
}
printf("}\n");
EVP_OpenInit(&ctx, EVP_aes_256_cbc(), *ek, out_len, &iv[0], pkey);
char de_string[1000];
int de_len = 1000;
EVP_OpenUpdate(&ctx, de_string, &de_len, &buf[0], tot_len + buf_len);
tot_len = de_len;
EVP_OpenFinal(&ctx, &de_string[tot_len], &de_len);
de_string[tot_len + de_len] = '\0';
printf("Unencoded string = {%s}\n", de_string);
return 0;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
