Re: Diffie-Hellman exchange over a network.
James Vanns
following two functions helpful for converting Integer objects to
std::string objects and vice versa suitable for network transmission:
string encode_integer (const Integer &i) {
string h, s;
i.DEREncode (StringSink (s).Ref ());
StringSource (s, true, new HexEncoder (new StringSink (h)));
return h;
}
Integer decode_integer (const string &h) const {
string s;
Integer i;
StringSource (h, true, new HexDecoder (new StringSink (s)));
i.BERDecode (StringStore (s).Ref ());
return i;
}
If anyone knows of a better way to do this please let me[us] know!
Regards
Jim
On Thu, 2004-03-11 at 13:07, Mike Marshall wrote:
> I think I've seen that answered on the list before.
> They are initialized to two different values so that
> if agreement fails then a comparison of the two memory
> buffers would fail as well. (as opposed to both being
> initialized to zero and passing a memcpy test even if
> the agreement failed).
>
> Mike
> --- James Vanns <ji...@canterbury.ac.uk> wrote:
> > Ah now that makes sense, if I remember the algorithm
> > correctly they do
> > need to agree on p and g first, g being primitive to
> > mod p. Then they
> > choose their own random integer, i, and sends pow
> > (g, i) % p. Or
> > something like that.
> >
> > Cheers, I'll have another go. However, I'd still
> > like to know why these
> > specific values in the validat2 test file (as
> > mentioned eariler):
> >
> > memset(val1.begin(), 0x10, val1.size());
> > memset(val2.begin(), 0x11, val2.size());
> >
> > Are they important? Anyone!?
> >
> > Jim
> >
> > On Wed, 2004-03-10 at 23:10, Mike Marshall wrote:
> > > It took me a while to figure out how to do this
> > too.
> > > The key is that both DH objects need to be
> > initialized
> > > with the same Generator and Modulus, here is some
> > > sample code, which you should be able to
> > extrapolate
> > > to a two machine scenario:
> > >
> > > AutoSeededRandomPool asrp;
> > >
> > > DH dh(dynamic_cast<RandomNumberGenerator&>(asrp),
> > > 128);
> > >
> > > Integer iPrime, iGenerator;
> > > if (dh.AccessGroupParameters().GetValue("Modulus",
> > > iPrime))
> > > {
> > > if
> > >
> >
> (dh.AccessGroupParameters().GetValue("SubgroupGenerator",
> > > iGenerator))
> > > {
> > >
> > > // important line is here
> > > DH dhB(iPrime, iGenerator);
> > >
> > > SecByteBlock privA(dh.PrivateKeyLength());
> > > SecByteBlock pubA(dh.PublicKeyLength());
> > > SecByteBlock privB(dhB.PrivateKeyLength());
> > > SecByteBlock pubB(dhB.PublicKeyLength());
> > > SecByteBlock val1(dh.AgreedValueLength());
> > > SecByteBlock val2(dhB.AgreedValueLength());
> > >
> > > dh.GenerateKeyPair(rndPoolA, privA, pubA);
> > > dhB.GenerateKeyPair(rndPoolB, privB, pubB);
> > >
> > > if (!dh.Agree(val1, privA, pubB))
> > > {
> > > cout << "First agreement failed" << endl;
> > > return 0;
> > > }
> > >
> > > if (!dhB.Agree(val2, privB, pubA))
> > > {
> > > cout << "Second agreement failed" << endl;
> > > return 0;
> > > }
> > >
> > >
> > > }
> > > --- James Vanns <ji...@canterbury.ac.uk> wrote:
> > > > I am having trouble getting to processes
> > (running on
> > > > different machines)
> > > > to agree on a value using their Diffie-Hellman
> > keys.
> > > >
> > > > Do the different DH objects need the same
> > > > RandomNumber objects? I send
> > > > their public keys over the network and try to
> > > > Agree() them with the
> > > > opposite private key (as in the crypto++
> > example).
> > > > However, this always
> > > > fails. The only thing I can see that's different
> > is
> > > > that I am using a
> > > > different PRNG object (obviously, as they're on
> > > > different machines!).
> > > >
> > > > Also can you explain what this does (well, I
> > know
> > > > what memset does), and
> > > > more importantly why the specific values:
> > > >
> > > > Line 198 in validat2.cpp
> > > >
> > > > memset(val1.begin(), 0x10, val1.size());
> > > > memset(val2.begin(), 0x11, val2.size());
> > > >
> > > > The code I'm using (or a snippet of as I don't
> > want
> > > > to swamp the list)
> > > > is:
> > > >
> > > > string data;
> > > > // Setup the pseudo random number generator
> > > > AutoSeededRandomPool *arng = new
> > > > AutoSeededRandomPool;
> > > > RandomNumberGenerator &rng =
> > > > *dynamic_cast<RandomNumberGenerator *>
> > > > (arng);
> > > >
> > > > // declare a diffie-hellman object
> > > > DH dh (rng, 128);
> > > >
> > > > // declare the local validation and
> > public-private
> > > > key pair
> > > > SecByteBlock local_validate
> > (dh.AgreedValueLength
> > > > ());
> > > > SecByteBlock local_public_key
> > (dh.PublicKeyLength
> > > > ());
> > > > SecByteBlock local_private_key
> > (dh.PrivateKeyLength
> > > > ());
> > > >
> > > > // clear the validation object
> > > > fill (local_validate.begin (),
> > local_validate.end
> > > > (), 0x11);
> > > >
> > > > // generate the public-private key pair
> > > > dh.GenerateKeyPair (rng, local_private_key,
> > > > local_public_key);
> > > >
> > > > delete arng;
> > > >
> > > > // encode the local public key to a hexed-string
> > > > StringSource (local_public_key, true, new
> > HexEncoder
> > > > (new StringSink
> > > > (data)));
> > > > cout << "Local public key: " << data << endl;
> > > >
> > > > // connect to the server
> > > > JClientSocket c ("eeyore", 50000);
> > > >
> > > > // send the local public key
> > > > c << data;
> > > > // clear the string
> > > > data.clear ();
> > > > // receive the server's public key
> > > > c >> data;
> > > >
> > > > cout << "Foreign public key: " << data << endl;
> > > >
> > > > // decode the hexed-string to the foreign public
> > key
> > > > SecByteBlock foreign_public_key
> > (dh.PublicKeyLength
> > > > ());
> > > > StringSource (foreign_public_key, true, new
> > > > HexDecoder (new StringSink
> > > > (data)));
> > > >
> > > > // clear the string
> > > > data.clear ();
> > > >
> > > > // agreement method with the local private and
> > the
> > > > foreign public key
> > > > if (!dh.Agree (local_validate,
> > local_private_key,
> > > > foreign_public_key)) {
> > > > cout << "Key agreement failed." << endl;
> > > > return 1;
> > > > }
> > > >
> > > > The server has similar code (this is the client)
> > > >
> > > > Regards
> > > >
> > > > Jim
> > > >
> > > > --
> > > > James Vanns BSc (Hons) MCP
> > > > Linux Systems Administrator
> > > > Senior Software Engineer (Linux / C & C++)
> > > > Canterbury Christ Church University College
> > > > Public Key:
> > > >
> > >
> >
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x24045370
> > > >
> > --
> > James Vanns BSc (Hons) MCP
> >
> === message truncated ===
--
James Vanns BSc (Hons) MCP
Linux Systems Administrator
Senior Software Engineer (Linux / C & C++)
Canterbury Christ Church University College
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x24045370
James Vanns
Mike Marshall
James Vanns
need to agree on p and g first, g being primitive to mod p. Then they
choose their own random integer, i, and sends pow (g, i) % p. Or
something like that.
Cheers, I'll have another go. However, I'd still like to know why these
specific values in the validat2 test file (as mentioned eariler):
memset(val1.begin(), 0x10, val1.size());
memset(val2.begin(), 0x11, val2.size());
Are they important? Anyone!?
Jim
On Wed, 2004-03-10 at 23:10, Mike Marshall wrote:
Mike Marshall
They are initialized to two different values so that
if agreement fails then a comparison of the two memory
buffers would fail as well. (as opposed to both being
initialized to zero and passing a memcpy test even if
the agreement failed).
Mike
=== message truncated ===