Hi Greg,
Both client and server DH_compute_key return '8' (the correct secret
size), but the server (which happens to compute the shared key after
the client) still calculates a shared key different from the client.
Are there any common pitfalls I should be looking at? I've checked my
ntohs and htons...
thanks again, josh.
On Thu, 22 Feb 2001 12:10:16 -0500 Greg Stark <[EMAIL PROTECTED]>
wrote:
> I don't think you need to allocate memory for server_key; BN_new() should do
> that for you and the rest of the BN_*() routines will allocate memory as
> needed to accomodate the number.
>
> In the code below, it looks like you forgot the DH_generate_key() function
> call. Your comment suggests you already generated it, so perhaps that is the
> case. In any event, check the return value from DH_compute_key(). If it
> is -1, then you have an error.
>
> _____________________________________
> Greg Stark
> Ethentica, Inc.
> [EMAIL PROTECTED]
> _____________________________________
>
>
>
> ----- Original Message -----
> From: "Josh Howlett" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, February 22, 2001 7:03 AM
> Subject: Re: DH_generate_parameters and primes
>
>
> > Greg,
> >
> > Thanks for your help. It no longer crashes at DH_compute_key. However,
> > DH_return_key now returns the same shared secret value regardless of
> > the server's public key. This is the client's code (the server seems
> > to work fine and uses similar code):
> >
> > BIGNUM *server_key;
> > unsigned char *data; /* returned server's pub_key */
> > unsigned char *sessionKey;
> > DH *keys; /* client's previously generated keys */
> >
> > server_key=BN_new();
> > BN_set_word(server_key, (unsigned long) data);
> > sessionKey=malloc(DH_size(keys));
> > DH_compute_key(sessionKey, server_key, keys);
> >
> > sessionKey always returns the same value regardless of server_key.
> > server_key and keys are valid.
> >
> > I read somewhere that I may need to allocate the memory for server_key
> > before BN_set_word is called - is that right?
> >
> > thanks again, josh.
> >
> >
> > On Wed, 21 Feb 2001 11:59:07 -0500 Greg Stark <[EMAIL PROTECTED]>
> > wrote:
> >
> > > Josh,
> > >
> > > Sorry for assuming you meant to use bigger primes.
> > >
> > > There are a couple of possibilities for what you are seeing. My guess is
> > > that you aren't allocating memory for the answer from DH_compute_key(),
> but
> > > it could be other things. Here is a short example that I think comes
> close
> > > to your example. Hope it helps.
> > >
> > >
> > > int do_DH_toy()
> > > {
> > > DH *dh_struct;
> > > int dh_error;
> > > unsigned char *dh_secret;
> > > BIGNUM *client_key;
> > >
> > > client_key = BN_new();
> > > BN_set_word ( client_key, 0X84F5A8 );
> > >
> > > dh_struct = DH_generate_parameters ( 64, 5, NULL, NULL );
> > > DH_check ( dh_struct, &dh_error );
> > > DH_generate_key ( dh_struct );
> > > dh_secret = malloc ( DH_size( dh_struct ) );
> > > DH_compute_key ( dh_secret, client_key, dh_struct );
> > >
> > >
> > > free ( dh_secret );
> > > BN_free ( client_key );
> > > DH_free ( dh_struct );
> > > return (0);
> > > }
> > >
> > > _____________________________________
> > > Greg Stark
> > > Ethentica, Inc.
> > > [EMAIL PROTECTED]
> > > _____________________________________
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Josh Howlett" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Wednesday, February 21, 2001 7:54 AM
> > > Subject: Re: DH_generate_parameters and primes
> > >
> > >
> > > > > The first param to DH_generate_parameters() is supposed to be the
> > > > number of
> > > > > *bits* in the prime, not bytes (see
> > > > > http://www.openssl.org/docs/crypto/DH_generate_parameters.html#). My
> > > guess
> > > > > is you really want 64*8 for that parameter.
> > > >
> > > > I was using a small prime to keep things speedy. Presumably, a small
> > > > prime doesn't adversly affect key generation? I've tried it with
> > > > larger primes, but the same problem occurs (just more slowly).
> > > >
> > > > > Also, DH_generate_parameters() creates the DH structure for you.
> Your
> > > first
> > > > > call to DH_new() doesn't do anything except create a memory leak.
> > > DH_check()
> > > > > returns its answer in the integer *pointed* to by the second
> parameter.
> > > So,
> > > > > if dh_error is an int then you need to pass &dh_error to DH_check().
> > > >
> > > > Ok, I've fixed these, but DH_compute_key is still failing. DH_check
> > > > doesn't report any errors. Should I test that the public key from the
> > > > client is valid...could this be tripping it up? If so, how can I go
> > > > about testing the validity of the key?
> > > >
> > > > Here's an example exchange:
> > > >
> > > > 1) Client:
> > > > public_key = 0X84F5A8
> > > >
> > > > 2) Server:
> > > > shared secret = 0XFFFDFA0
> > > > p = 0X8053198
> > > > public_key = 0X8052168
> > > >
> > > > 3) Client:
> > > > crashes!
> > > >
> > > > Thanks,
> > > >
> > > > josh.
> > > >
> > > > > ----- Original Message -----
> > > > > From: "Josh Howlett" <[EMAIL PROTECTED]>
> > > > > To: <[EMAIL PROTECTED]>
> > > > > Sent: Monday, February 19, 2001 1:17 PM
> > > > > Subject: DH_generate_parameters and primes
> > > > >
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > When I call DH_compute_key(), I get a core dump. If I run
> DH_check
> > > > > > over the parameters passed to DH_compute_key() I get bit 1 set,
> which
> > > > > > according to dh.h means that number generated is not prime;
> > > presumably,
> > > > > > this is causing DH_compute_key() to croak.
> > > > > >
> > > > > > This is a short excerpt:
> > > > > >
> > > > > > unsigned char *client_key;
> > > > > > BIGNUM client_key;
> > > > > > DH *dh_struct;
> > > > > >
> > > > > > dh_struct= DH_new();
> > > > > > dh_struct= DH_generate_parameters(64, 5, NULL, NULL);
> > > > > > DH_check(dh_struct, dh_error);
> > > > > > DH_generate_key(dh_struct);
> > > > > > DH_compute_key(dh_secret, &client_key, dh_struct);
> > > > > >
> > > > > > I do this to generate the keys once for the server, and once for
> the
> > > > > > client; it works fine on the client, but not on the server (the
> code
> > > is
> > > > > > essentially the same for both of them).
> > > > > >
> > > > > > Am I passing the correct parameters to DH_generate_parameters?
> Any
> > > > > > ideas?
> > > > > >
> > > > > > josh.
> > > > > >
> > > > > > -------------------
> > > > > > Josh Howlett, Network Supervisor,
> > > > > > Networking and Digital Communications,
> > > > > > Information Services.
> > > > > > [EMAIL PROTECTED] | 0117 9546895
> > > > > >
> > > > > >
> > >
> > >
> > > ______________________________________________________________________
> > > OpenSSL Project http://www.openssl.org
> > > User Support Mailing List [EMAIL PROTECTED]
> > > Automated List Manager [EMAIL PROTECTED]
> > >
> >
> > -------------------
> > Josh Howlett, Network Supervisor,
> > Networking and Digital Communications,
> > Information Services.
> > [EMAIL PROTECTED] | 0117 9546895
> >
> >
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
**NOTE CHANGE OF EMAIL ADDRESS**
-------------------
Josh Howlett, Network Supervisor,
Networking and Digital Communications,
University of Bristol Information Services,
[EMAIL PROTECTED] | 0117 9546895
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
