Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
EVP_KEYEXCH-DH(7)		    OpenSSL		     EVP_KEYEXCH-DH(7)

NAME
       EVP_KEYEXCH-DH -	DH Key Exchange	algorithm support

DESCRIPTION
       Key exchange support for	the DH key type.

   DH key exchange parameters
       "pad" (OSSL_EXCHANGE_PARAM_PAD) <unsigned integer>
	   See "Common Key Exchange parameters"	in provider-keyexch(7).

EXAMPLES
       The examples assume a host and peer both	generate keys using the	same
       named group (or domain parameters). See "Examples" in EVP_PKEY-DH(7).
       Both the	host and peer transfer their public key	to each	other.

       To convert the peer's generated key pair	to a public key	in DER format
       in order	to transfer to the host:

	   EVP_PKEY *peer_key; /* It is	assumed	this contains the peers	generated key */
	   unsigned char *peer_pub_der = NULL;
	   int peer_pub_der_len;

	   peer_pub_der_len = i2d_PUBKEY(peer_key, &peer_pub_der);
	   ...
	   OPENSSL_free(peer_pub_der);

       To convert the received peer's public key from DER format on the	host:

	   const unsigned char *pd = peer_pub_der;
	   EVP_PKEY *peer_pub_key = d2i_PUBKEY(NULL, &pd, peer_pub_der_len);
	   ...
	   EVP_PKEY_free(peer_pub_key);

       To derive a shared secret on the	host using the host's key and the
       peer's public key:
	   /* It is assumed that the host_key and peer_pub_key are set up */
	   void	derive_secret(EVP_KEY *host_key, EVP_PKEY *peer_pub_key)
	   {
	       unsigned	int pad	= 1;
	       OSSL_PARAM params[2];
	       unsigned	char *secret = NULL;
	       size_t secret_len = 0;
	       EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_new_from_pkey(NULL, host_key,
       NULL);

	       EVP_PKEY_derive_init(dctx);

	       /* Optionally set the padding */
	       params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD, &pad);
	       params[1] = OSSL_PARAM_construct_end();
	       EVP_PKEY_CTX_set_params(dctx, params);

	       EVP_PKEY_derive_set_peer(dctx, peer_pub_key);

	       /* Get the size by passing NULL as the buffer */
	       EVP_PKEY_derive(dctx, NULL, &secret_len);
	       secret =	OPENSSL_zalloc(secret_len);

	       EVP_PKEY_derive(dctx, secret, &secret_len);
	       ...
	       OPENSSL_clear_free(secret, secret_len);
	       EVP_PKEY_CTX_free(dctx);
	   }

       Very similar code can be	used by	the peer to derive the same shared
       secret using the	host's public key and the peer's generated key pair.

SEE ALSO
       EVP_PKEY-DH(7), EVP_PKEY-FFC(7),	EVP_PKEY(3), provider-keyexch(7),
       provider-keymgmt(7), OSSL_PROVIDER-default(7), OSSL_PROVIDER-FIPS(7),

COPYRIGHT
       Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

       Licensed	under the Apache License 2.0 (the "License").  You may not use
       this file except	in compliance with the License.	 You can obtain	a copy
       in the file LICENSE in the source distribution or at
       <https://www.openssl.org/source/license.html>.

3.0.0-alpha12			  2021-02-18		     EVP_KEYEXCH-DH(7)

NAME | DESCRIPTION | EXAMPLES | SEE ALSO | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=EVP_KEYEXCH-DH&sektion=7&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help