[Help-gnutls] Dynamically building the PSK keys

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jul 13 22:10:09 CEST 2009


Ram G wrote:
> Hi,
> 
> I'm working on the sample programs provided in the source examples folder
> and I would like some help from you. I'm trying to do a DH key exchange with
> PSK authentication.
> 
> The client sample (ex-client-psk.c) assigns the pre shared key as follows:
> 
> const gnutls_datum_t key = { (char*) "DEADBEEF", 8 };
> 
> The server sample (ex-serv-psk.c) does the key assignment in the callback
> function pskfunc as follows:
> 
>   key->data = gnutls_malloc (4);
>   key->data[0] = 0xDE;
>   key->data[1] = 0xAD;
>   key->data[2] = 0xBE;
>   key->data[3] = 0xEF;
>   key->size = 4;

It is not the same as above. Above you use 8 bytes and here 4. Use instead:
   key->data[0] = 'D';
   key->data[1] = 'E';
   key->data[2] = 'A';
   key->data[3] = 'D';
   key->data[4] = 'B';
   key->data[5] = 'E';
   key->data[6] = 'E';
   key->data[7] = 'F';
   key->size = 8;

> I would like to assign the pre-shared key dynamically. If I assign the PSK
> in the server as follows, it does not work. I get the error "Decryption has
> failed".

Actually how the keys are going to be generated? You have to think about
that seriously and make sure that the key generation is not weakening
the cryptosystem. To be on the safe side, and especially if you are not
experienced in the field use the tools provided by gnutls for the key
generation.


regards,
Nikos






More information about the Gnutls-help mailing list