Read Ec Key Unable to Load Key
Elliptic Curve Diffie Hellman (ECDH) is an Elliptic Curve variant of the standard Diffie Hellman algorithm. See Elliptic Curve Cryptography for an overview of the basic concepts behind Elliptic Curve algorithms.
ECDH is used for the purposes of key agreement. Suppose 2 people, Alice and Bob, wish to substitution a undercover central with each other. Alice will generate a individual key dA and a public primal QA=dAThousand (where G is the generator for the curve). Similarly Bob has his individual key dB and a public key QB=dBThousand. If Bob sends his public central to Alice so she can summate dAQB=dAdBG. Similarly if Alice sends her public key to Bob, and so he tin can calculate dbQA=dAdBG. The shared secret is the x co-ordinate of the calculated point dAdBGrand. Any eavesdropper would only know QA and QB, and would be unable to summate the shared secret.
Using ECDH in OpenSSL [edit]
In order for two peers to exchange a shared secret they need to start agree on the parameters to be used. In Elliptic Curve Cryptography this is typically washed through the apply of named curves. A named curve is but a well defined and well known ready of parameters that define an elliptic curve. OpenSSL has support for a wide variety of different well known named curves. In the example below the ANSI X9.62 Prime 256v1 curve is used.
The case beneath shows how to set up the parameters based on the use of a named curve, how to generate a public/private key pair for those parameters and subsequently how to derive a shared hush-hush. The details of how to obtain the other party'southward key (the peer cardinal) are omitted, as this is specific to your particular state of affairs. Note that you do non necessarily demand to generate a new individual/public key pair for every exchange (although you lot may cull to exercise then). Also note that the derived shared secret is not suitable for use straight as a shared central. Typically the shared secret is passed through some hash function first in club to generate a key.
Meet below for the instance code.
#include <openssl/evp.h> #include <openssl/ec.h> unsigned char *ecdh(size_t *secret_len) { EVP_PKEY_CTX *pctx, *kctx; EVP_PKEY_CTX *ctx; unsigned char *secret; EVP_PKEY *pkey = NULL, *peerkey, *params = Nil; /* NB: assumes pkey, peerkey accept been already set up */ /* Create the context for parameter generation */ if(Nil == (pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, Nix))) handleErrors(); /* Initialise the parameter generation */ if(1 != EVP_PKEY_paramgen_init(pctx)) handleErrors(); /* We're going to utilize the ANSI X9.62 Prime number 256v1 curve */ if(ane != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_X9_62_prime256v1)) handleErrors(); /* Create the parameter object params */ if (!EVP_PKEY_paramgen(pctx, ¶ms)) handleErrors(); /* Create the context for the primal generation */ if(Nil == (kctx = EVP_PKEY_CTX_new(params, Goose egg))) handleErrors(); /* Generate the key */ if(ane != EVP_PKEY_keygen_init(kctx)) handleErrors(); if (1 != EVP_PKEY_keygen(kctx, &pkey)) handleErrors(); /* Go the peer's public key, and provide the peer with our public primal - * how this is done will be specific to your circumstances */ peerkey = get_peerkey(pkey); /* Create the context for the shared clandestine derivation */ if(NULL == (ctx = EVP_PKEY_CTX_new(pkey, NULL))) handleErrors(); /* Initialise */ if(1 != EVP_PKEY_derive_init(ctx)) handleErrors(); /* Provide the peer public key */ if(1 != EVP_PKEY_derive_set_peer(ctx, peerkey)) handleErrors(); /* Make up one's mind buffer length for shared secret */ if(1 != EVP_PKEY_derive(ctx, Nix, secret_len)) handleErrors(); /* Create the buffer */ if(Zero == (secret = OPENSSL_malloc(*secret_len))) handleErrors(); /* Derive the shared secret */ if(1 != (EVP_PKEY_derive(ctx, underground, secret_len))) handleErrors(); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(peerkey); EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(kctx); EVP_PKEY_free(params); EVP_PKEY_CTX_free(pctx); /* Never apply a derived secret directly. Typically it is passed * through some hash function to produce a primal */ render secret; }
You should besides refer to the EVP Cardinal Agreement folio for full general information on the key agreement API in OpenSSL.
Using the Low Level APIs [edit]
Users of the OpenSSL library are expected to normally use the EVP method for working with Elliptic Bend Diffie Hellman as described above and on the EVP Cardinal Agreement folio. The EVP API is implemented by a lower level ECDH API. In some circumstances, good users may need to apply the low level API. This is not recommended for most users. Nevertheless, if you need to utilize this then an instance of employ is shown below.
unsigned char *ecdh_low(size_t *secret_len) { EC_KEY *primal, *peerkey; int field_size; unsigned char *secret; /* Create an Elliptic Curve Primal object and set it up to use the ANSI X9.62 Prime 256v1 bend */ if(Nix == (primal = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1))) handleErrors(); /* Generate the private and public cardinal */ if(1 != EC_KEY_generate_key(fundamental)) handleErrors(); /* Become the peer's public fundamental, and provide the peer with our public fundamental - * how this is done will be specific to your circumstances */ peerkey = get_peerkey_low(central); /* Calculate the size of the buffer for the shared secret */ field_size = EC_GROUP_get_degree(EC_KEY_get0_group(cardinal)); *secret_len = (field_size+7)/8; /* Classify the memory for the shared secret */ if(NULL == (secret = OPENSSL_malloc(*secret_len))) handleErrors(); /* Derive the shared secret */ *secret_len = ECDH_compute_key(hugger-mugger, *secret_len, EC_KEY_get0_public_key(peerkey), key, NULL); /* Clean up */ EC_KEY_free(key); EC_KEY_free(peerkey); if(*secret_len <= 0) { OPENSSL_free(underground); return NULL; } return secret; }
Every bit noted in the loftier level EVP department of this page, yous should never apply a shared secret directly. It must be passed through some form of key derivation part (KDF) first. The last argument to ECDH_compute_key
can optionally laissez passer a part pointer for such a KDF. The shared secret will then be passed through this function and the value returned in the output buffer will be suitable for directly use as a central.
The function below is taken from apps/speed.c
in the OpenSSL codebase, and shows an case of a KDF based on the hash part SHA1.
static const int KDF1_SHA1_len = twenty; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; else *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL;
0 Response to "Read Ec Key Unable to Load Key"
Post a Comment