Hi Richard,
You're absolutely right, Nb-1 is sent during the last message from Client B to A.
I have considered the options you specified regarding the generations of the random number based on the size which resulted in the following code:
unsigned char rnd[4];
RAND_pseudo_bytes(rnd,sizeof(rnd));
I have two questions now:
1) In the above segment, does rnd qualify as a nonce, or should I use it to seed the PRNG?
2) I'm having a hard time sending this data through a socket to the server, when I print its value from the client program I get : 1244532, and when I print the received value from the server program I get: 1244588 ! I suspect the problem is caused by type conversion, as the winsock functions Send(,,) and Recv(,,) buffers are of type char string[].
What shall I do?? the data must be identical for a correct run of the protocol.
Your help and guidance are highly appreciated,
Layla.
Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> wrote:
In message <[EMAIL PROTECTED]> on Sun, 19 Sep 2004 12:21:53 -0700 (PDT), Layla <[EMAIL PROTECTED]>said:
layla_a2002> Richard, Thanks for replying,
You're welcome!
layla_a2002> I'm supposed to implement Needham-Schroeder computer
layla_a2002> security protocol; I'm using OpenSSL to handle the
layla_a2002> cryptography part of the five messages being exchanged.
layla_a2002>
layla_a2002> In message one for example:
layla_a2002>
layla_a2002> Client A --> CA Server: A, B, Na
layla_a2002>
layla_a2002> Where Na is a random nonce generated by the client A,
layla_a2002> where it is generated especially for each run of the
layla_a2002> protocol, the nonce is used to ensure that the messages
layla_a2002> are timely. Now I believe that the nonce in this protocol
layla_a2002> in particular must be in a numerical form as the CA
layla_a2002> server must send (Na -1) back to Client A.
Actually, in that particular message, the server is supposed to send
back the same nonce, at least according to
http://www.webster-dictionary.org/definition/Needham-Schroeder .
However, in communication with B, A needs to calculate Nb+1.
Either way, you obviously need to do som calculation on an integer.
There are two ways to do this, depending on how large the nonce is.
If it's larger than the size of an int, you will need to do
calculations with BIGNUMs. Consider the following code:
/* This assumes that the nonce is in an array pointed at by
'unsigned char *nonce', and the length of the nonce in 'noncel'.
Note that the nonce must be considered big-endian, period!
*/
unsigned char *new_nonce;
int new_noncel;
BIGNUM *n = BN_bin2bn(nonce, noncel, NULL);
BN_add_word(n, 1);
ne w_noncel = BN_num_bytes(n);
new_nonce = malloc(new_noncel);
BN_bn2bin(n, new_nonce);
(note that I have done *no* error checking)
If the nonce is less or equal to the size of an int (which is often 32
bits), it's very easy to convert the array of bytes to an integer, add
one to the result and put it back into the array...
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte [EMAIL PROTECTED]
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
