[Help-gnutls] Dynamically building the PSK keys

Ram G mydevforums at gmail.com
Thu Jul 16 16:43:26 CEST 2009


Finally I could complete the handshake using DHE-PSK. I followed the samples
ex-client-psk.c and ex-serv-psk.c but instead of hardcoded keys, I
dynamically assigned the keys as follows:

char * dynamickeys; //Could be any string with hex characters like DEADBEEF
atohx(key->data,dynamickeys);

Here is the atohx function I got from the following link:

http://cboard.cprogramming.com/c-programming/77086-no-atoh-function-c-ascii-hex-well-lets-create-one.html

char * atohx(char * dst, const char * src)
{
 int lsb,msb;
 char * ret;
 ret = dst;
 for(lsb = 0, msb = 0; *src; src += 2)
 {
  msb = tolower(*src);
  lsb = tolower(*(src + 1));
  msb -= isdigit(msb) ? 0x30 : 0x57;
  lsb -= isdigit(lsb) ? 0x30 : 0x57;
  if((msb < 0x0 || msb > 0xf) || (lsb < 0x0 || lsb > 0xf))
  {
   *ret = 0;
   return NULL;
  }
  *dst++ = (char)(lsb | (msb << 4));
 }
 *dst = 0;
 return ret;
}

Thanks to all for all your suggestions.

Thanks

Ramg

On Wed, Jul 15, 2009 at 3:24 AM, David Marín Carreño <davefx at gmail.com>wrote:

> I think you are keeping the same confusion in data formats.
> A string with characters "ABCD" is saved in memory as characters 'A' (ascii
> 0x41), 'B' (ascii 0x42), 'C' (ascii 0x43) and 'D' (ascii 0x44) in 4 bytes,
> not as 2 bytes 0xAB and 0xCD.
>
> Greetings
> --
> David Marín Carreño
>
> 2009/7/14 Ram G <mydevforums at gmail.com>
>
>>
>> I tried out a couple of more ideas but no luck.
>>
>> Setting the key on the server side as follows works:
>>
>>  key->data = gnutls_malloc (4);
>> key->data = "\xDE\xAD\xBE\xEF";
>> key->size = 4;
>>
>> I also tried as follows:
>>
>> char * somekey = "DEADBEEF"; //DEADBEEF is hardcoded for test but will be
>> dynamically generated
>> int i,temp;
>>
>> for (i = 0; somekey[i]; i += 2) {
>>  sscanf(&somekey[i], "%02x", &temp);
>>  key->data[i / 2] = temp;
>> }
>> This does not work either. I'm scratching my head how to take a string
>> like "DEADBEEF" and convert it to "\xDE\xAD\xBE\xEF" and assign it
>> to key->data.
>>
>> If PSK key value on the client side is given as
>> const gnutls_datum_t key = { (char*) "DEADBEEF", 8 };
>> why doesn't it work if I assign it the same way on the server side? Why
>> does it expect it as hexadecimal values ?
>>
>> Any ideas highly appreciated.
>>
>> -Ramg
>>
>>
>> On Mon, Jul 13, 2009 at 4:36 PM, Ram G <mydevforums at gmail.com> wrote:
>>
>>> Hi Nikos,
>>>
>>> Thanks for your response.
>>>
>>> I tried your suggestion and that does not work either. However the sample
>>> program works fine when assigning two hexadecimal characters each to the 4
>>> bytes.
>>>
>>> It is a weird requirement but we cannot use certificates or previously
>>> known keys for the PSK authentication. Instead what I'm doing is establish
>>> an anonymous DH handshake between the client and the server. Now both the
>>> client and the server know the master secret. I would like to use this
>>> master secret as pre-shared keys between the client and the server.
>>>
>>> Can you please let me know if this can weaken the cryptosystem ? I'll try
>>> out any alternate suggestion you might have.
>>>
>>> Thanks and Regards
>>>
>>> Ramg
>>>
>>>    On Mon, Jul 13, 2009 at 4:10 PM, Nikos Mavrogiannopoulos <
>>> nmav at gnutls.org> wrote:
>>>
>>>> Ram G wrote:
>>>> > Hi,
>>>> >
>>>> > I'm working on the sample programs provided in the source examples
>>>> folder
>>>> > and I would like some help from you. I'm trying to do a DH key
>>>> exchange with
>>>> > PSK authentication.
>>>> >
>>>> > The client sample (ex-client-psk.c) assigns the pre shared key as
>>>> follows:
>>>> >
>>>> > const gnutls_datum_t key = { (char*) "DEADBEEF", 8 };
>>>> >
>>>> > The server sample (ex-serv-psk.c) does the key assignment in the
>>>> callback
>>>> > function pskfunc as follows:
>>>> >
>>>> >   key->data = gnutls_malloc (4);
>>>> >   key->data[0] = 0xDE;
>>>> >   key->data[1] = 0xAD;
>>>> >   key->data[2] = 0xBE;
>>>> >   key->data[3] = 0xEF;
>>>> >   key->size = 4;
>>>>
>>>> It is not the same as above. Above you use 8 bytes and here 4. Use
>>>> instead:
>>>>   key->data[0] = 'D';
>>>>   key->data[1] = 'E';
>>>>   key->data[2] = 'A';
>>>>   key->data[3] = 'D';
>>>>   key->data[4] = 'B';
>>>>   key->data[5] = 'E';
>>>>   key->data[6] = 'E';
>>>>   key->data[7] = 'F';
>>>>   key->size = 8;
>>>>
>>>> > I would like to assign the pre-shared key dynamically. If I assign the
>>>> PSK
>>>> > in the server as follows, it does not work. I get the error
>>>> "Decryption has
>>>> > failed".
>>>>
>>>> Actually how the keys are going to be generated? You have to think about
>>>> that seriously and make sure that the key generation is not weakening
>>>> the cryptosystem. To be on the safe side, and especially if you are not
>>>> experienced in the field use the tools provided by gnutls for the key
>>>> generation.
>>>>
>>>>
>>>> regards,
>>>> Nikos
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> Help-gnutls mailing list
>> Help-gnutls at gnu.org
>> http://lists.gnu.org/mailman/listinfo/help-gnutls
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090716/3f02a3f9/attachment.htm>


More information about the Gnutls-help mailing list