|
From: Narayana, Sunil Kumar <sanarayana@xxxxxxxx> Hi, For the equivalent replacement of DH_compute_key in 3.0, we tried to perform the steps suggested in earlier mail below Our steps are as follows, but we see EVP_PKEY_derive fails to perform. please suggest if any steps are wrong or missing here. //input - BIGNUM - pubkey, privkey, p , //output - sharedsecret Evp_compute_key(unsigned char* sharedSecret, unsigned int len, BIGNUM *pubkey, BIGNUM *privkey, BIGNUM* dh_p) { OSSL_PARAM params[5]; unsigned char* p_str = BN_bn2dec (dh_p); unsigned char* pub_str = BN_bn2dec (pubkey); unsigned char* priv_str = BN_bn2dec (privkey); params[0] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, p_str, strlen(p_str)); params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_G, &g); params[2] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PUB_KEY, pub_str, strlen(pub_str)); params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PRIV_KEY, priv_str, strlen(priv_str)); params[4] = OSSL_PARAM_construct_end(); gctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); EVP_PKEY_derive_init(gctx) EVP_PKEY_CTX_set_params(gctx, params) /* Determine buffer length */ EVP_PKEY_derive(gctx, NULL, &skeylen) EVP_PKEY_derive(gctx, sharedSecret, &skeylen) } Note - EVP_PKEY_derive -- call fails what is wrong in the steps can you please g To derive a shared secret, you also need your peer’s public key. It will also be presented as an EVP_PKEY structure. |
