Thanks a lot.
For those interested I've published here my sample:
http://www.josuegomes.com/dhsample.php<http://www.josuegomes.com/dhsample.php>
On Fri, Aug 28, 2009 at 10:09 AM, Ram G <mydevfor...@gmail.com> wrote:
> Also include the following call to read the DH files (samples included in
> source like dh1024.pem) in function load_dh_params().
>
> ////////if ((bio=BIO_new_file(file,"r")) == NULL)
> ////////printf("Couldn't open DH file\n");
>
>
> On Fri, Aug 28, 2009 at 9:04 AM, Ram G <mydevfor...@gmail.com> wrote:
>
>> Here is the sample program I have so far to test the concept of anonymous
>> DH:
>>
>> 1) Start with the samples included in the source. For e.g :
>> demos/ssl/serv.cpp and cli.cpp
>>
>> 2) Server & Client: Remove all the calls related to certificates -
>>
>> SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM)
>> SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM)
>> SSL_CTX_check_private_key(ctx))
>> SSL_get_peer_certificate()
>>
>> etc.
>>
>> 3) Write a function to either load the DH params from a file or generate
>> it:
>>
>> void load_dh_params(ctx)
>> SSL_CTX *ctx;
>> {
>> DH *dh=NULL;
>> RAND_seed(rnd_seed, sizeof rnd_seed);
>> if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, 128, 5,
>> NULL))
>> printf("Couldn't generate DH \n");
>> //Make calls to DH_check() to make sure generated params are ok
>> ....
>>
>> if (!DH_generate_key(dh))
>> printf("Couldn't generate DH key\n");
>> //If you want to read from a file, use following, comment out generation
>> calls above
>> ////////BIO *out;
>> ////////out=BIO_new(BIO_s_file());
>> ////////BIO_set_fp(out,stdout,BIO_NOCLOSE);
>> ////////dh = PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
>> ////////BIO_free(bio);
>> if(SSL_CTX_set_tmp_dh(ctx,dh)<0)
>> printf("Couldn't set DH parameters\n");
>> }
>>
>> 4) Server : Call the DH generation function
>>
>> ....
>> ctx = SSL_CTX_new (meth);
>> load_dh_params(ctx);
>>
>> 5) Server & client: Set the cipher
>>
>> SSL_CTX_set_cipher_list(ctx,"ADH-AES256-SHA");
>>
>> This should be enough for a very basic anonymous DH client/server program
>>
>> Regards
>>
>> Ramg
>>
>>
>>
>> On Fri, Aug 28, 2009 at 7:42 AM, Josue Andrade Gomes <
>> josue.gomes.honey...@gmail.com> wrote:
>>
>>> I'm also interested in such sample program. Anyone?
>>>
>>>
>>>
>>> On Thu, Aug 27, 2009 at 4:39 PM, Ram G <mydevfor...@gmail.com> wrote:
>>>
>>>> Things are getting clearer as I dig deeper. The book "Network Security
>>>> with OpenSSL" by John Viega et al has some explanation of how the DH key
>>>> exchange takes place.
>>>>
>>>> With that knowledge, I went through the source code and found that
>>>> DH_Compute_Key() is being called in s3_clnt.c and s3_srvr.c. So there is no
>>>> need to call it in client applications.
>>>>
>>>> BRs
>>>>
>>>> Ramg
>>>> On Thu, Aug 27, 2009 at 12:23 PM, Ram G <mydevfor...@gmail.com> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> Going through various posts, I have come across references to Bodo
>>>>> Moeller's example code showing SSL communication without certificates and
>>>>> using anonymous DH key exchange. If anybody has that sample, can you
>>>>> please
>>>>> forward it ?
>>>>>
>>>>> I have written a client and server taking help from the sample
>>>>> programs. I'm generating the DH params in the server and setting it in the
>>>>> SSL context. I'm setting the cipher as ADH-AES256-SHA in both server and
>>>>> client. The client and server are communicating.
>>>>>
>>>>> To generate the DH parameters P & G, I have done this:
>>>>>
>>>>> 1) Calling DH_generate_parameters() in the server will generate the
>>>>> Prime P
>>>>> 2) Calling DH_generate_key() performs the first step of a
>>>>> Diffie-Hellman key exchange by generating private and public DH values.
>>>>>
>>>>> Documentation also talks about this call to generate the shared key:
>>>>>
>>>>> 3) Calling DH_compute_key(), these are combined with the client's
>>>>> public value to compute the shared key. (My program is working even
>>>>> without
>>>>> the DH_compute_key() call in the server - which is strange I think)
>>>>>
>>>>> What I'm not sure is :
>>>>>
>>>>> What is the call I need to make in the client to pass the client's
>>>>> public key ( G (power X) mod P ) to the server ?
>>>>>
>>>>> I'm working on a prototype and beginning to get my hands dirty with
>>>>> OpenSSL. Your help is greatly appreciated.
>>>>>
>>>>> -Ramg
>>>>>
>>>>
>>>>
>>>
>>
>
