0

I'm integrating a custom engine into OpenSSL v1.1.0e and currently implementing the ECDH functions using Windows CNG (the BCrypt functions). I'm a little confused as to what design to follow. As far as I understand, I would need to implement the functions required by DH_meth_set_init, DH_meth_set_generate_key, DH_meth_set_compute_key and DH_meth_set_finish.

What I'm confused about is using the internal ossl DH struct. For e.g. in the generate keys function (param is DH* dh, used by DH_meth_set_generate_key), I'm using BCryptGenerateKeyPair and not sure how to convert the keys and store in DH struct's priv_key and pub_key variables.

themadking
  • 67
  • 1
  • 7
  • 1
    I can't help you with the Windows programming aspects - but I'd point out that in order to ECDH you should not be using the DH_meth_* functions at all. You need to use the EC_KEY_METHOD_* functions instead. – Matt Caswell Dec 05 '19 at 23:34
  • @MattCaswell would that be true even if I use an ECDH algorithm from CNG with the `DH_meth_*` functions? For e.g. to generate a key pair, I'm using the `BCRYPT_ECDH_P384_ALGORITHM` in `BCryptGenerateKeyPair` function. – themadking Dec 06 '19 at 01:21
  • 1
    DH_meth_* functions are designed for finite field Diffie-Hellman not EC. All the keys, are passed around as "BIGNUM" objects, and stored as such in the DH structure. EC_KEY_METHOD on the other hand expects public keys to be points on a curve and uses EC_POINT objects to pass them around. Attempting to do ECDH via the DH_meth_* interface would be a significant deviation from its intended use – Matt Caswell Dec 06 '19 at 09:19
  • Thanks for your comments. I realized that I should have been working with `EVP_PKEY_meth` instead of `DH_meth` in the first place. – themadking Dec 12 '19 at 22:16

0 Answers0