help-gnutls
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] Dynamically building the PSK keys


From: Ram G
Subject: Re: [Help-gnutls] Dynamically building the PSK keys
Date: Tue, 14 Jul 2009 17:43:39 -0400

 
I tried out a couple of more ideas but no luck.
 
Setting the key on the server side as follows works:
 
key->data = "" (4);
key->data = "">
key->size = 4;
 
I also tried as follows:
 
char * somekey = "DEADBEEF"; //DEADBEEF is hardcoded for test but will be dynamically generated
int i,temp;
 
for (i = 0; somekey[i]; i += 2) {
 sscanf(&somekey[i], "%02x", &temp);
 key->data[i / 2] = temp;
}
This does not work either. I'm scratching my head how to take a string like "DEADBEEF" and convert it to "\xDE\xAD\xBE\xEF" and assign it to key->data.
 
If PSK key value on the client side is given as
 
const gnutls_datum_t key = { (char*) "DEADBEEF", 8 };
why doesn't it work if I assign it the same way on the server side? Why does it expect it as hexadecimal values ?
 
Any ideas highly appreciated.
 
-Ramg 

 
On Mon, Jul 13, 2009 at 4:36 PM, Ram G <address@hidden> wrote:
Hi Nikos,
 
Thanks for your response.
 
I tried your suggestion and that does not work either. However the sample program works fine when assigning two hexadecimal characters each to the 4 bytes.
 
It is a weird requirement but we cannot use certificates or previously known keys for the PSK authentication. Instead what I'm doing is establish an anonymous DH handshake between the client and the server. Now both the client and the server know the master secret. I would like to use this master secret as pre-shared keys between the client and the server.
 
Can you please let me know if this can weaken the cryptosystem ? I'll try out any alternate suggestion you might have.
 
Thanks and Regards
 
Ramg  

On Mon, Jul 13, 2009 at 4:10 PM, Nikos Mavrogiannopoulos <address@hidden> wrote:
Ram G wrote:
> Hi,
>
> I'm working on the sample programs provided in the source examples folder
> and I would like some help from you. I'm trying to do a DH key exchange with
> PSK authentication.
>
> The client sample (ex-client-psk.c) assigns the pre shared key as follows:
>
> const gnutls_datum_t key = { (char*) "DEADBEEF", 8 };
>
> The server sample (ex-serv-psk.c) does the key assignment in the callback
> function pskfunc as follows:
>
>   key->data = "" (4);
>   key->data[0] = 0xDE;
>   key->data[1] = 0xAD;
>   key->data[2] = 0xBE;
>   key->data[3] = 0xEF;
>   key->size = 4;

It is not the same as above. Above you use 8 bytes and here 4. Use instead:
  key->data[0] = 'D';
  key->data[1] = 'E';
  key->data[2] = 'A';
  key->data[3] = 'D';
  key->data[4] = 'B';
  key->data[5] = 'E';
  key->data[6] = 'E';
  key->data[7] = 'F';
  key->size = 8;

> I would like to assign the pre-shared key dynamically. If I assign the PSK
> in the server as follows, it does not work. I get the error "Decryption has
> failed".

Actually how the keys are going to be generated? You have to think about
that seriously and make sure that the key generation is not weakening
the cryptosystem. To be on the safe side, and especially if you are not
experienced in the field use the tools provided by gnutls for the key
generation.


regards,
Nikos




reply via email to

[Prev in Thread] Current Thread [Next in Thread]