|

»

Dynamically building the PSK keys

View: New views

6 Messages — Rating Filter: Alert me

	Dynamically building the PSK keys by Ram G :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I'm working on the sample programs provided in the source examples folder and I would like some help from you. I'm trying to do a DH key exchange with PSK authentication. The client sample (ex-client-psk.c) assigns the pre shared key as follows: const gnutls_datum_t key = { (char) "DEADBEEF", 8 }; The server sample (ex-serv-psk.c) does the key assignment in the callback function pskfunc as follows: key->data = gnutls_malloc (4); key->data[0] = 0xDE; key->data[1] = 0xAD; key->data[2] = 0xBE; key->data[3] = 0xEF; key->size = 4; I would like to assign the pre-shared key dynamically. If I assign the PSK in the server as follows, it does not work. I get the error "Decryption has failed". char somekey = "DEADBEEF"; key -> data = somekey; My question is : since data in the struct gnutls_datum_t has been defined as unsigned char, why doesn't this assignment work ? Can you please help me how I can make the PSK keys to be dynamic and make the authentication to succeed ? I'll really appreciate your help. Ram G _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: Dynamically building the PSK keys by Nikos Mavrogiannopoulos :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Ram G wrote: > Hi, > > I'm working on the sample programs provided in the source examples folder > and I would like some help from you. I'm trying to do a DH key exchange with > PSK authentication. > > The client sample (ex-client-psk.c) assigns the pre shared key as follows: > > const gnutls_datum_t key = { (char*) "DEADBEEF", 8 }; > > The server sample (ex-serv-psk.c) does the key assignment in the callback > function pskfunc as follows: > > key->data = gnutls_malloc (4); > key->data[0] = 0xDE; > key->data[1] = 0xAD; > key->data[2] = 0xBE; > key->data[3] = 0xEF; > key->size = 4; It is not the same as above. Above you use 8 bytes and here 4. Use instead: key->data[0] = 'D'; key->data[1] = 'E'; key->data[2] = 'A'; key->data[3] = 'D'; key->data[4] = 'B'; key->data[5] = 'E'; key->data[6] = 'E'; key->data[7] = 'F'; key->size = 8; > I would like to assign the pre-shared key dynamically. If I assign the PSK > in the server as follows, it does not work. I get the error "Decryption has > failed". Actually how the keys are going to be generated? You have to think about that seriously and make sure that the key generation is not weakening the cryptosystem. To be on the safe side, and especially if you are not experienced in the field use the tools provided by gnutls for the key generation. regards, Nikos _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: Dynamically building the PSK keys by Ram G :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I tried out a couple of more ideas but no luck. Setting the key on the server side as follows works: key->data = gnutls_malloc (4); key->data = "\xDE\xAD\xBE\xEF"; key->size = 4; I also tried as follows: char * somekey = "DEADBEEF"; //DEADBEEF is hardcoded for test but will be dynamically generated int i,temp; for (i = 0; somekey[i]; i += 2) { sscanf(&somekey[i], "%02x", &temp); key->data[i / 2] = temp; } This does not work either. I'm scratching my head how to take a string like "DEADBEEF" and convert it to "\xDE\xAD\xBE\xEF" and assign it to key->data. If PSK key value on the client side is given as const gnutls_datum_t key = { (char) "DEADBEEF", 8 }; why doesn't it work if I assign it the same way on the server side? Why does it expect it as hexadecimal values ? Any ideas highly appreciated. -Ramg On Mon, Jul 13, 2009 at 4:36 PM, Ram G <mydevforums@...> wrote: Hi Nikos, Thanks for your response. I tried your suggestion and that does not work either. However the sample program works fine when assigning two hexadecimal characters each to the 4 bytes. It is a weird requirement but we cannot use certificates or previously known keys for the PSK authentication. Instead what I'm doing is establish an anonymous DH handshake between the client and the server. Now both the client and the server know the master secret. I would like to use this master secret as pre-shared keys between the client and the server. Can you please let me know if this can weaken the cryptosystem ? I'll try out any alternate suggestion you might have. Thanks and Regards Ramg On Mon, Jul 13, 2009 at 4:10 PM, Nikos Mavrogiannopoulos <nmav@...> wrote: Ram G wrote: > Hi, > > I'm working on the sample programs provided in the source examples folder > and I would like some help from you. I'm trying to do a DH key exchange with > PSK authentication. > > The client sample (ex-client-psk.c) assigns the pre shared key as follows: > > const gnutls_datum_t key = { (char) "DEADBEEF", 8 }; > > The server sample (ex-serv-psk.c) does the key assignment in the callback > function pskfunc as follows: > > key->data = gnutls_malloc (4); > key->data[0] = 0xDE; > key->data[1] = 0xAD; > key->data[2] = 0xBE; > key->data[3] = 0xEF; > key->size = 4; It is not the same as above. Above you use 8 bytes and here 4. Use instead: key->data[0] = 'D'; key->data[1] = 'E'; key->data[2] = 'A'; key->data[3] = 'D'; key->data[4] = 'B'; key->data[5] = 'E'; key->data[6] = 'E'; key->data[7] = 'F'; key->size = 8; > I would like to assign the pre-shared key dynamically. If I assign the PSK > in the server as follows, it does not work. I get the error "Decryption has > failed". Actually how the keys are going to be generated? You have to think about that seriously and make sure that the key generation is not weakening the cryptosystem. To be on the safe side, and especially if you are not experienced in the field use the tools provided by gnutls for the key generation. regards, Nikos _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: Dynamically building the PSK keys by David Marín Carreño :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I think you are keeping the same confusion in data formats. A string with characters "ABCD" is saved in memory as characters 'A' (ascii 0x41), 'B' (ascii 0x42), 'C' (ascii 0x43) and 'D' (ascii 0x44) in 4 bytes, not as 2 bytes 0xAB and 0xCD. Greetings -- David Marín Carreño 2009/7/14 Ram G <mydevforums@...> I tried out a couple of more ideas but no luck. Setting the key on the server side as follows works: key->data = gnutls_malloc (4); key->data = "\xDE\xAD\xBE\xEF"; key->size = 4; I also tried as follows: char * somekey = "DEADBEEF"; //DEADBEEF is hardcoded for test but will be dynamically generated int i,temp; for (i = 0; somekey[i]; i += 2) { sscanf(&somekey[i], "%02x", &temp); key->data[i / 2] = temp; } This does not work either. I'm scratching my head how to take a string like "DEADBEEF" and convert it to "\xDE\xAD\xBE\xEF" and assign it to key->data. If PSK key value on the client side is given as const gnutls_datum_t key = { (char) "DEADBEEF", 8 }; why doesn't it work if I assign it the same way on the server side? Why does it expect it as hexadecimal values ? Any ideas highly appreciated. -Ramg On Mon, Jul 13, 2009 at 4:36 PM, Ram G <mydevforums@...> wrote: Hi Nikos, Thanks for your response. I tried your suggestion and that does not work either. However the sample program works fine when assigning two hexadecimal characters each to the 4 bytes. It is a weird requirement but we cannot use certificates or previously known keys for the PSK authentication. Instead what I'm doing is establish an anonymous DH handshake between the client and the server. Now both the client and the server know the master secret. I would like to use this master secret as pre-shared keys between the client and the server. Can you please let me know if this can weaken the cryptosystem ? I'll try out any alternate suggestion you might have. Thanks and Regards Ramg On Mon, Jul 13, 2009 at 4:10 PM, Nikos Mavrogiannopoulos <nmav@...> wrote: Ram G wrote: > Hi, > > I'm working on the sample programs provided in the source examples folder > and I would like some help from you. I'm trying to do a DH key exchange with > PSK authentication. > > The client sample (ex-client-psk.c) assigns the pre shared key as follows: > > const gnutls_datum_t key = { (char) "DEADBEEF", 8 }; > > The server sample (ex-serv-psk.c) does the key assignment in the callback > function pskfunc as follows: > > key->data = gnutls_malloc (4); > key->data[0] = 0xDE; > key->data[1] = 0xAD; > key->data[2] = 0xBE; > key->data[3] = 0xEF; > key->size = 4; It is not the same as above. Above you use 8 bytes and here 4. Use instead: key->data[0] = 'D'; key->data[1] = 'E'; key->data[2] = 'A'; key->data[3] = 'D'; key->data[4] = 'B'; key->data[5] = 'E'; key->data[6] = 'E'; key->data[7] = 'F'; key->size = 8; > I would like to assign the pre-shared key dynamically. If I assign the PSK > in the server as follows, it does not work. I get the error "Decryption has > failed". Actually how the keys are going to be generated? You have to think about that seriously and make sure that the key generation is not weakening the cryptosystem. To be on the safe side, and especially if you are not experienced in the field use the tools provided by gnutls for the key generation. regards, Nikos _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: Dynamically building the PSK keys by Ram G :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Finally I could complete the handshake using DHE-PSK. I followed the samples ex-client-psk.c and ex-serv-psk.c but instead of hardcoded keys, I dynamically assigned the keys as follows: char * dynamickeys; //Could be any string with hex characters like DEADBEEF atohx(key->data,dynamickeys); Here is the atohx function I got from the following link: http://cboard.cprogramming.com/c-programming/77086-no-atoh-function-c-ascii-hex-well-lets-create-one.html char * atohx(char * dst, const char * src) { int lsb,msb; char * ret; ret = dst; for(lsb = 0, msb = 0; src; src += 2) { msb = tolower(src); lsb = tolower((src + 1)); msb -= isdigit(msb) ? 0x30 : 0x57; lsb -= isdigit(lsb) ? 0x30 : 0x57; if((msb < 0x0 \|\| msb > 0xf) \|\| (lsb < 0x0 \|\| lsb > 0xf)) { ret = 0; return NULL; } dst++ = (char)(lsb \| (msb << 4)); } dst = 0; return ret; } Thanks to all for all your suggestions. Thanks Ramg On Wed, Jul 15, 2009 at 3:24 AM, David Marín Carreño <davefx@...> wrote: I think you are keeping the same confusion in data formats. A string with characters "ABCD" is saved in memory as characters 'A' (ascii 0x41), 'B' (ascii 0x42), 'C' (ascii 0x43) and 'D' (ascii 0x44) in 4 bytes, not as 2 bytes 0xAB and 0xCD. Greetings -- David Marín Carreño 2009/7/14 Ram G <mydevforums@...> I tried out a couple of more ideas but no luck. Setting the key on the server side as follows works: key->data = gnutls_malloc (4); key->data = "\xDE\xAD\xBE\xEF"; key->size = 4; I also tried as follows: char * somekey = "DEADBEEF"; //DEADBEEF is hardcoded for test but will be dynamically generated int i,temp; for (i = 0; somekey[i]; i += 2) { sscanf(&somekey[i], "%02x", &temp); key->data[i / 2] = temp; } This does not work either. I'm scratching my head how to take a string like "DEADBEEF" and convert it to "\xDE\xAD\xBE\xEF" and assign it to key->data. If PSK key value on the client side is given as const gnutls_datum_t key = { (char) "DEADBEEF", 8 }; why doesn't it work if I assign it the same way on the server side? Why does it expect it as hexadecimal values ? Any ideas highly appreciated. -Ramg On Mon, Jul 13, 2009 at 4:36 PM, Ram G <mydevforums@...> wrote: Hi Nikos, Thanks for your response. I tried your suggestion and that does not work either. However the sample program works fine when assigning two hexadecimal characters each to the 4 bytes. It is a weird requirement but we cannot use certificates or previously known keys for the PSK authentication. Instead what I'm doing is establish an anonymous DH handshake between the client and the server. Now both the client and the server know the master secret. I would like to use this master secret as pre-shared keys between the client and the server. Can you please let me know if this can weaken the cryptosystem ? I'll try out any alternate suggestion you might have. Thanks and Regards Ramg On Mon, Jul 13, 2009 at 4:10 PM, Nikos Mavrogiannopoulos <nmav@...> wrote: Ram G wrote: > Hi, > > I'm working on the sample programs provided in the source examples folder > and I would like some help from you. I'm trying to do a DH key exchange with > PSK authentication. > > The client sample (ex-client-psk.c) assigns the pre shared key as follows: > > const gnutls_datum_t key = { (char) "DEADBEEF", 8 }; > > The server sample (ex-serv-psk.c) does the key assignment in the callback > function pskfunc as follows: > > key->data = gnutls_malloc (4); > key->data[0] = 0xDE; > key->data[1] = 0xAD; > key->data[2] = 0xBE; > key->data[3] = 0xEF; > key->size = 4; It is not the same as above. Above you use 8 bytes and here 4. Use instead: key->data[0] = 'D'; key->data[1] = 'E'; key->data[2] = 'A'; key->data[3] = 'D'; key->data[4] = 'B'; key->data[5] = 'E'; key->data[6] = 'E'; key->data[7] = 'F'; key->size = 8; > I would like to assign the pre-shared key dynamically. If I assign the PSK > in the server as follows, it does not work. I get the error "Decryption has > failed". Actually how the keys are going to be generated? You have to think about that seriously and make sure that the key generation is not weakening the cryptosystem. To be on the safe side, and especially if you are not experienced in the field use the tools provided by gnutls for the key generation. regards, Nikos _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls
	Re: Dynamically building the PSK keys by Nikos Mavrogiannopoulos :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Ram G wrote: > Finally I could complete the handshake using DHE-PSK. I followed the samples > ex-client-psk.c and ex-serv-psk.c but instead of hardcoded keys, I > dynamically assigned the keys as follows: > > char * dynamickeys; //Could be any string with hex characters like DEADBEEF > atohx(key->data,dynamickeys); If you want to use passwords for psk please use gnutls_psk_netconf_derive_key(). If you just want to convert hex to binary data you can just use gnutls_hex_encode and decode. PSK works with keys (not passwords) that are usually derived from a device such as /dev/(u)random. regards, Nikos _______________________________________________ Help-gnutls mailing list Help-gnutls@... http://lists.gnu.org/mailman/listinfo/help-gnutls