ECC & EVP Interface Broken?

The code below works when I use the RSA key generation functions, but when I try
to generate an ECC key, and use it, it doesn't work. I am using 0.9.8 beta 6.

I'm not sure if this is a result of my lack of understanding about ECC, or the
implementation is broken, hence my post to `users` and not `dev`.

Does anyone know of a good tutorial for using OpenSSL to do ECC encryption? I
haven't found anything on Google.

On a side note, I understand that the session key is stored in `ek`, but what I
don't know is whether that session key is encrypted using the public ECC key. If
so, then it doesn't need to be protected, only the ECC private key needs to be
protected. Can someone confirm this for me?

Thanks,

L~

#include <stdio.h>
#include <ssl.h>
#include <string.h>
#include <rand.h>
#include <ecdsa.h>

int main() {
       
        char *string = "This is the string we are trying to encrypt.";
        printf("Unencoded string = {%s}\n", string);
       
        /*
        RSA *key = RSA_generate_key(1024, RSA_F4, NULL, NULL);
        EVP_PKEY *pkey = EVP_PKEY_new();
        EVP_PKEY_assign_RSA(pkey, key);
        */
       
       
        EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
        if (group == NULL) {
                printf("Could not get group.\n");
                return 0;
        }
        EC_KEY *key = EC_KEY_new();
        if (key == NULL) {
                printf("Could not generate an EC key structure.\n");
                return 0;
        }
        if (EC_KEY_set_group(key, group) == 0) {
                printf("EC Group association failed.\n");
                return 0;
        }
        if (EC_KEY_generate_key(key) == 0) {
                printf("EC Key Generation failed.\n");
                return 0;
        }
        EVP_PKEY *pkey = EVP_PKEY_new();
        if (EVP_PKEY_assign_EC_KEY(pkey, key) == 0) {
                printf("Could not associate the EC key with PKEY.\n");
                return 0;
        }
       
        char iv[EVP_MAX_IV_LENGTH];
        RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH);
       
        EVP_CIPHER_CTX ctx;
        int out_len = EVP_PKEY_size(pkey);
        int npubk = 1;
        unsigned char **ek = (unsigned char **)malloc(sizeof(unsigned char *) * npubk);
        ek[0] = (unsigned char *) malloc(EVP_PKEY_size(pkey));
        EVP_SealInit(&ctx, EVP_aes_256_cbc(), ek, &out_len, &iv[0], &pkey, npubk);
       
        int buf_len = 500;
        unsigned char buf[buf_len];
        EVP_SealUpdate(&ctx, &buf[0], &buf_len, string, strlen(string));
       
        int i;
        int tot_len = buf_len;
        printf("Encoded string = {");
        for (i = 0; i < buf_len; i++) {
                printf("%02x", buf[i]);
        }
       
        EVP_SealFinal(&ctx, &buf[buf_len], &buf_len);
        for (i = 0; i < buf_len; i++) {
                printf("%02x", buf[i + tot_len]);
        }
        printf("}\n");
       
        EVP_OpenInit(&ctx, EVP_aes_256_cbc(), *ek, out_len, &iv[0], pkey);
       
        char de_string[1000];
        int de_len = 1000;
        EVP_OpenUpdate(&ctx, de_string, &de_len, &buf[0], tot_len + buf_len);
        tot_len = de_len;
        EVP_OpenFinal(&ctx, &de_string[tot_len], &de_len);
        de_string[tot_len + de_len] = '\0';
       
       
        printf("Unencoded string = {%s}\n", de_string);
       
        return 0;
}


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

On Thu, Jul 07, 2005, Ladar Levison wrote:

That's your problem there. Key transport (which EVP_SealInit uses) can only be
done with RSA keys.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Dr. Stephen Henson wrote:
This might be a dumb question, but what is `key transport` and why doesn't ECC
support it?

Is this is a case where OpenSSL implementation of ECC doesn't support it, or
where ECC isn't a suitable algorithim to use for envelope encryption?

L~


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

On Thu, Jul 07, 2005, Ladar Levison wrote:

Key transport is where some secret data (for example an AES key) is encrypted
using a public key so that the intended recipient can recover it by decryption
with a private key.

The only algorithm that currently can do this in OpenSSL is RSA.

I think there are some ECC algorithms that can be used for key transport (El
Gamal?) but they aren't currently supported.

Key agreement, where two parties agree on the same secret key, is supported
using ECDH.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]