{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 迷人小祖宗 的问题《Generate EC Diffie-Hellman public and private key》','https://www.manongdao.com/q-665992.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I need to generate an EC Diffie Hellman key pair. I am using the secp256r1 named curve, and OpenSSL. This is what I have with me so far:
unsigned char *ecdh(size_t *secret_len)
{
EVP_PKEY_CTX *pctx, *kctx;
EVP_PKEY_CTX *ctx;
unsigned char *secret;
EVP_PKEY *pkey = NULL, *peerkey, *params = NULL;
/* NB: assumes pkey, peerkey have been already set up */
/* Create the context for parameter generation */
if(NULL == (pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)))
printf("Error in EC key generation\n");
/* Initialise the parameter generation */
if(1 != EVP_PKEY_paramgen_init(pctx))
printf("Error in EC key generation\n");
/* We're going to use the ANSI X9.62 Prime 256v1 curve */
if(1 != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_X9_62_prime256v1))
printf("Error in EC key generation\n");
/* Create the parameter object params */
if (!EVP_PKEY_paramgen(pctx, ¶ms))
printf("Error in EC key generation\n");
/* Create the context for the key generation */
if(NULL == (kctx = EVP_PKEY_CTX_new(params, NULL)))
printf("Error in EC key generation\n");
/* Generate the key */
if(1 != EVP_PKEY_keygen_init(kctx))
printf("Error in EC key generation\n");
if (1 != EVP_PKEY_keygen(kctx, &pkey))
printf("Error in EC key generation\n");
/* Get the peer's public key, and provide the peer with our public key -
* how this is done will be specific to your circumstances */
peerkey = get_peerkey(pkey);
/* Create the context for the shared secret derivation */
if(NULL == (ctx = EVP_PKEY_CTX_new(pkey, NULL)))
printf("Error in EC key generation\n");
/* Initialise */
if(1 != EVP_PKEY_derive_init(ctx))
printf("Error in EC key generation\n");
/* Provide the peer public key */
if(1 != EVP_PKEY_derive_set_peer(ctx, peerkey))
printf("Error in EC key generation\n");
/* Determine buffer length for shared secret */
if(1 != EVP_PKEY_derive(ctx, NULL, secret_len))
printf("Error in EC key generation\n");
/* Create the buffer */
if(NULL == (secret = OPENSSL_malloc(*secret_len)))
printf("Error in EC key generation\n");
/* Derive the shared secret */
if(1 != (EVP_PKEY_derive(ctx, secret, secret_len)))
printf("Error in EC key generation\n");
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(peerkey);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(kctx);
EVP_PKEY_free(params);
EVP_PKEY_CTX_free(pctx);
/* Never use a derived secret directly. Typically it is passed
* through some hash function to produce a key */
return secret;
}
I figured out that for this function to work, i need a EVP_KEY object with the second party's public key. I have this public key in a byte array, and also its length. How do I convert it to the required type? And also I could not find the secp256r1 curve in OpenSSL, but I used the one in the code after doing some research. Is it correct?
Thanks !
The peer's public key is a point on the curve. From
crypto\ec\ec_lcl.h:I believe you need to call
EC_POINT_new(c_lcl.his a private header, so you won't have access to the structure).Luckily, there's a lot of functions to manipulate them. From the
EC_POINT_new(3)docs:Also see
EC_POINT_set_affine_coordinates_GFp,EC_POINT_set_affine_coordinates_GF2mandEC_KEY_set_public_key:You can see an example of how to set the point on the OpenSSL wiki at Elliptic Curve Cryptography.