Thanks Matt and Rick.
Rick's version of the program is working properly!
I don`t know if this is the correct place to make this conceptual question
but here it goes:
In DH you must exchange the parameters in order to generate the keys for
the algorithm to work properly. (Am I wrong?)
But in ECDH (accordingly to the code above) I only needed to exchange the
public keys without
exchanging any parameters for key's generation.
Is this particular for ECDH or are the parameter exchange being hidden for
the library?
Thanks,
On Tue, May 15, 2012 at 1:07 PM, Rick Lopes de Souza
<dragonde...@gmail.com>wrote:
> Hi Fabio!
> I've been looking for some example and i adapted to your program.
> This code works...
> It seems that it's simpler than you thought.
>
> #include <openssl/ssl.h>
> #include <openssl/ecdh.h>
> #include <openssl/sha.h>
> #include <openssl/crypto.h>
>
> #define ECDH_SIZE 67
>
> static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t
> *outlen)
> {
> #ifndef OPENSSL_NO_SHA
> if (*outlen < SHA_DIGEST_LENGTH)
> return NULL;
> else
> *outlen = SHA_DIGEST_LENGTH;
> return SHA1(in, inlen, out);
> #else
> return NULL;
> #endif
> }
>
> int main() {
>
> int alen = 0;
> int blen = 0;
> int aout = 0;
> int bout = 0;
> static const int KDF1_SHA1_len = 20;
> unsigned char *abuf = NULL;
> unsigned char *bbuf = NULL;
>
> OpenSSL_add_all_ciphers();
> OpenSSL_add_all_algorithms();
>
> EC_KEY *ecdh = NULL;
> EC_KEY *ecdh2 = NULL;
>
>
> //Generate Public
> ecdh = EC_KEY_new_by_curve_name(NID_secp521r1);
> ecdh2 = EC_KEY_new_by_curve_name(NID_secp521r1);
>
> EC_KEY_generate_key(ecdh);
> EC_KEY_generate_key(ecdh2);
>
> alen = KDF1_SHA1_len;
> abuf = (unsigned char *) OPENSSL_malloc (alen);
> aout = ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(ecdh2),
> ecdh, KDF1_SHA1);
>
> blen = KDF1_SHA1_len;
> bbuf = (unsigned char *)OPENSSL_malloc(blen);
> bout = ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(ecdh),
> ecdh2, KDF1_SHA1);
>
> if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
> {
> printf("Error! The keys are different! \n");
> }
>
> if(abuf)
> free(abuf);
> if(bbuf)
> free(bbuf);
>
> EC_KEY_free(ecdh);
> EC_KEY_free(ecdh2);
>
>
> printf("To the end");
>
> return 0;
> }
>
> On Tue, May 15, 2012 at 12:09 PM, Matt Caswell (fr...@baggins.org) <
> fr...@baggins.org> wrote:
>
>> On 15 May 2012 15:22, Fábio Resner <fabiu...@gmail.com> wrote:
>> > Hi,
>> >
>> > I'm trying to write an app to generate public/private/shared key for
>> ECDH.
>> > Here is what I was able to build based on examples:
>> >
>> > #include <openssl/ssl.h>
>> >
>> > #define ECDH_SIZE 67
>> >
>> > int main() {
>> > EC_KEY *ecdh = EC_KEY_new();
>> > const EC_POINT *point = NULL;
>> >
>> > EC_POINT *point2;
>> > const EC_GROUP *group;
>> >
>> > // const void *pubkey = NULL;
>> > unsigned char *pubkey = NULL;
>> > void *shared = NULL;
>> >
>> > //Generate Public
>> > ecdh = EC_KEY_new_by_curve_name(NID_secp521r1);
>> > EC_KEY_generate_key(ecdh);
>> >
>> > point = EC_KEY_get0_public_key(ecdh);
>> > EC_POINT_point2oct(EC_KEY_get0_group(ecdh), point,
>> > POINT_CONVERSION_COMPRESSED, pubkey, ECDH_SIZE, NULL);
>> >
>> I am not familiar with the ECDH functions....but I am familiar with
>> the EC functions and this line does not look right.
>>
>> If you pass a null pointer for a buffer to point2oct then the function
>> will return the size of the buffer that you require. You need to check
>> the return value, malloc a buffer of the required size and then
>> re-call point2oct.
>>
>>
>> > //ComputeKey
>> > group = EC_KEY_get0_group((ecdh));
>> > point2 = EC_POINT_new(group);
>> >
>> > EC_POINT_oct2point(group, point2, pubkey, ECDH_SIZE, NULL);
>> >
>> > ECDH_compute_key(shared, ECDH_SIZE, point2, ecdh, NULL);
>>
>> As I said I'm not familiar with the ECDH functions...but this looks
>> like you are trying to generate a shared key using only one
>> public/private key pair??
>>
>>
>> > EC_POINT_free(point2);
>> > EC_KEY_free(ecdh);
>> > ecdh = NULL;
>> >
>> > printf("To the end");
>> >
>> > return 0;
>> > }
>> >
>> > But it just broke on EC_POINT_oct2point(group, point2, pubkey,
>> ECDH_SIZE,
>> > NULL);
>> > And pubkey is exiting EC_POINT_point2oct(EC_KEY_get0_group(ecdh), point,
>> > POINT_CONVERSION_COMPRESSED, pubkey, ECDH_SIZE, NULL); with a NULL
>> value.
>> > The program exists and gives no segFAULT or any erros messages.
>> >
>> > Any suggestions?
>> >
>> > Thanks,
>> >
>> > --
>> > Fabio Resner.
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-users@openssl.org
>> Automated List Manager majord...@openssl.org
>>
>
>
>
> --
> Rick Lopes de Souza
>
>
--
Fabio Resner.
