[Help-gnutls] Dynamically building the PSK keys

Ram G mydevforums at gmail.com
Tue Jul 14 23:43:39 CEST 2009


I tried out a couple of more ideas but no luck.

Setting the key on the server side as follows works:

key->data = gnutls_malloc (4);
key->data = "\xDE\xAD\xBE\xEF";
key->size = 4;

I also tried as follows:

char * somekey = "DEADBEEF"; //DEADBEEF is hardcoded for test but will be
dynamically generated
int i,temp;

for (i = 0; somekey[i]; i += 2) {
 sscanf(&somekey[i], "%02x", &temp);
 key->data[i / 2] = temp;
}
This does not work either. I'm scratching my head how to take a string like
"DEADBEEF" and convert it to "\xDE\xAD\xBE\xEF" and assign it to key->data.

If PSK key value on the client side is given as
const gnutls_datum_t key = { (char*) "DEADBEEF", 8 };
why doesn't it work if I assign it the same way on the server side? Why does
it expect it as hexadecimal values ?

Any ideas highly appreciated.

-Ramg


On Mon, Jul 13, 2009 at 4:36 PM, Ram G <mydevforums at gmail.com> wrote:

> Hi Nikos,
>
> Thanks for your response.
>
> I tried your suggestion and that does not work either. However the sample
> program works fine when assigning two hexadecimal characters each to the 4
> bytes.
>
> It is a weird requirement but we cannot use certificates or previously
> known keys for the PSK authentication. Instead what I'm doing is establish
> an anonymous DH handshake between the client and the server. Now both the
> client and the server know the master secret. I would like to use this
> master secret as pre-shared keys between the client and the server.
>
> Can you please let me know if this can weaken the cryptosystem ? I'll try
> out any alternate suggestion you might have.
>
> Thanks and Regards
>
> Ramg
>
>   On Mon, Jul 13, 2009 at 4:10 PM, Nikos Mavrogiannopoulos <
> nmav at gnutls.org> wrote:
>
>> Ram G wrote:
>> > Hi,
>> >
>> > I'm working on the sample programs provided in the source examples
>> folder
>> > and I would like some help from you. I'm trying to do a DH key exchange
>> with
>> > PSK authentication.
>> >
>> > The client sample (ex-client-psk.c) assigns the pre shared key as
>> follows:
>> >
>> > const gnutls_datum_t key = { (char*) "DEADBEEF", 8 };
>> >
>> > The server sample (ex-serv-psk.c) does the key assignment in the
>> callback
>> > function pskfunc as follows:
>> >
>> >   key->data = gnutls_malloc (4);
>> >   key->data[0] = 0xDE;
>> >   key->data[1] = 0xAD;
>> >   key->data[2] = 0xBE;
>> >   key->data[3] = 0xEF;
>> >   key->size = 4;
>>
>> It is not the same as above. Above you use 8 bytes and here 4. Use
>> instead:
>>   key->data[0] = 'D';
>>   key->data[1] = 'E';
>>   key->data[2] = 'A';
>>   key->data[3] = 'D';
>>   key->data[4] = 'B';
>>   key->data[5] = 'E';
>>   key->data[6] = 'E';
>>   key->data[7] = 'F';
>>   key->size = 8;
>>
>> > I would like to assign the pre-shared key dynamically. If I assign the
>> PSK
>> > in the server as follows, it does not work. I get the error "Decryption
>> has
>> > failed".
>>
>> Actually how the keys are going to be generated? You have to think about
>> that seriously and make sure that the key generation is not weakening
>> the cryptosystem. To be on the safe side, and especially if you are not
>> experienced in the field use the tools provided by gnutls for the key
>> generation.
>>
>>
>> regards,
>> Nikos
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090714/16b74493/attachment.htm>


More information about the Gnutls-help mailing list