[gnutls-devel] GnuTLS | Export the DH functionality (#894)

[Development of GNU's TLS library]

Brendan Shanks commented:


I had requested this in a gnutls-help post last year, the Wine project currently uses GnuTLS to implement the Windows [bcrypt/CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/cng-portal) library and I'm looking to add support for DH.

The kind of bcrypt API usage I’m looking to support is similar to this Windows sample code: <https://github.com/microsoft/Windows-classic-samples/blob/master/Samples/Security/DhOakleyGroup1/cpp/DhOakleyGroup1.cpp#L192>. Generate a public/private key pair with provided DH parameters, then export the key, import a different public key, derive a secret key, etc.

Although `_gnutls_dh_generate_key()` will generate the key pair with provided DH parameters, I think it would be cleaner (and more similar to our key generation code for other algorithms) to allow this from `gnutls_privkey_generate()`. Maybe a `GNUTLS_KEYGEN_` flag could be added so `gnutls_privkey_generate2()` would use DH params from a passed-in `gnutls_keygen_data_st`?

I'm also not sure what functions would be used for the key derivation. For example, can PRF be used without a corresponding `gnutls_session_t`?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/894#note_376177203
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200709/5d635b00/attachment.html>