Re: DH exchange & socket BIOs

Sun, 26 Aug 2012 07:50:55 -0700

ok took me a while, but now I got it. You were right. I missed your point "twice the length of binary data". Yup, If I take that into account, it works. 

thanks a lot!

On 08/24/2012 05:47 PM, Michel wrote:

Hi Carolin,

"It is just about half the length of the ..."

[very] Quick response : Hex value is twice the lengh of binary data :
Have you checked the value of 'size' arg ?

Not sure this helps ...

Le 24/08/2012 16:38, Carolin Latze a écrit :
(sorry if this mail arrives twice. I send it first without being subscribed to this list by accident) 

Hi all

I try to implement a DH exchange using socket BIOs. Here is what I do:

On the server
- I initialize a DH structure with DH_new
- I generate the parameters using DH_generate_parameters(prime_len,g,NULL,NULL) with prime_len=512 
- I generate the keys using DH_generate_key(dh)
Now I need to send p,g, and the server's public key to the client. In order to do that I convert each of those three values to hex. This is the example for p: 

int size = DH_size(dh);
char* prime = (char*) malloc(size*sizeof(char));
memset(prime,0,size*sizeof(char));
prime = BN_bn2hex(dh->p);

afterwards I open a socket BIO that allows a client to connect:

bio = BIO_new_accept(port);
Now, when a client connects, I write those three values to the BIO. Example for p: 

BIO_do_accept(bio);
cbio = BIO_pop(bio);
BIO_write(cbio,prime,size);
Ok, lets move the client. The client connects successfully to the server and reads the three values from the BIO: 

prime = (char*)malloc(size*sizeof(char));
memset(prime,0,size*sizeof(char));
BIO_read(bio,prime,size);
If I print out "prime" on the client using printf I see that this is exactly the stream of bytes that have been sent by the server. But if I write this value back into a DH structure it changes: 

DH *dh = DH_new();
BN_hex2bn(&(dh->p),prime);
If I check the value now with BN_print, it is a shorter value! It is just about half the length of the original p and I have no idea why. What is it that I miss here? 

Any hints would be appreciated

Regards
Carolin



______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to