|
to exactly replace this we are generating “pubparam_key/priparam_key” using bn_publicKey/dh->priv_key
as below OSSL_PARAM_BLD *pubparamsbld = NULL, priparamsbld = NULL; OSSL_PARAM *pubparams = NULL, priparams = NULL; EVP_PKEY *pubparam_key = NULL, *priparam_key = NULL; EVP_PKEY_CTX *pubctx = NULL, *prictx = NULL; pubparamsbld = OSSL_PARAM_BLD_new() priparamsbld = OSSL_PARAM_BLD_new() OSSL_PARAM_BLD_push_BN(pubparamsbld, OSSL_PKEY_PARAM_PUB_KEY, bn_publicKey) OSSL_PARAM_BLD_push_BN(priparamsbld, OSSL_PKEY_PARAM_PRIV_KEY,bn_privateKey) //build context pubctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); prictx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); EVP_PKEY_key_fromdata_init(pubctx) EVP_PKEY_key_fromdata_init(prictx) pubparams = OSSL_PARAM_BLD_to_param(pubparamsbld); EVP_PKEY_fromdata(pubctx, &pubparam_key, pubparams)) priparams = OSSL_PARAM_BLD_to_param(priparamsbld); EVP_PKEY_fromdata(prictx, &priparam_key, priparams)) From there, we are planning to use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret
Didn’t you generate the private keys using the EVP_PKEY_gen as was suggested to your previous email inquiry? If so, you shouldn’t have to rebuild it in such a way, since you already have a usable PKEY that has the generated
keypair. If you created a private keypair called privkey, the public key data can be sent to your peer with i2d_PUBKEY_bio(peer_bio, privkey) and received on the peer’s side with d2i_PUBKEY_bio(peer_bio, &peerkey); Your example code does not seem to set the P or G parameters of your keypair, so if you must do it that way, you will need to add them too. |
