Hi, Now I'm trying to make a tiny client & server program which communicate
with each other using DH key enc/decryption method on TCP/IP socket.
According to DH algorithm, it must do the task as follows:
1. server generates p & g value.
2. client receive p & g from server.
3. client & server generates a private & public key each.
4. client & server send their public key to each other.
5. client & server generates the same symmetric key x, and
the blowfish key x', using p, g, their private key, and
received the other's public key.
6. client encrypts any message y using x' into z, then sends z
to server
7. server receives z, then decrypts it to the original message y
using x'.
It seems trivial, however, my C codes have failed to achieve it.
Besides socket communication, it doesn't work at all on the same
machine. What's wrong with my code? Here is it:
/* sample.c */
/* encryption/decryption test on the same program */
.......... /* some include preprocessors */
int main ( void )
{
DH *dh_svr, *dh_cli;
char *pk_svr, *pk_cli;
char key_svr[1024], key_cli[1024];
BF_KEY bf_key_svr, bf_key_cli;
/* server generates p, g */
dh_svr = DH_generate_parameters(1024, DHGRP, NULL, NULL);
/* client get p, g from server */
dh_cli = DH_new();
dh_cli->p = BN_dup(dh_svr->p);
dh_cli->g = DH_dup(dh_svr->g);
/* client & server generate private/public keys */
DH_generate_key(dh_svr);
pk_svr = (char*)malloc(DH_size(dh2));
DH_generate_key(dh_cli);
pk_cli = (char*)malloc(DH_size(dh_cli));
/* client a server exchange public keys, then computes
symmetric key using them */
DH_compute_key(pk_svr, dh_cli->pub_key, dh_svr);
DH_compute_key(pk_cli, dh_svr->pub_key, dh_cli);
/* client & server generate a blowfish key */
MDC(pk_svr, 1024, key_svr);
BF_set_key(&bf_key_svr, MDC2_DIGEST_LENGTH, key_svr);
MDC(pk_cli, 1024, key_cli);
BF_set_key(&bf_key_cli, MDC2_DIGEST_LENGTH, key_cli);
/* Now, both client & server have the same symmetric &
blowfish key to enc/decrypt message */
/* the test */
{
char in[8] = "1234567";
char buf[1024];
char out[8];
/* client encrypts in[] to buf[] */
BF_ecb_encrypt(in, buf, &bf_key_cli, BF_ENCRYPT);
/* server decrypts buf[] to out[] */
BF_ecb_encrypt(in, buf, &bf_key_svr, BF_DECRYPT);
printf("%s -> %s\n", in, out);
}
exit(0);
}
I think there is no trap to fall in to the false result, but
it NEVER works. What's wrong with it? Can anyone help me?
Thanks.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
