Chapter 7 Public-Key Operations 259
Performing Diffie-Hellman Key Agreement
parties might only need eight bytes for a session key. If that is the case, it is the
application’s responsibility to specify which bytes of the agreed-upon secret value
will be used. This function does not return immediately, so a surrender context is
useful:
Step 6: Destroy
Remember to destroy all objects and free up any allocated memory:
Saving the Object State
Refer to “Saving State” on page 120 for information on how to receive a buffer that
contains all of the data necessary to reconstruct the object, using the call
B_SetAlgorithmState, to the state it was in at the time of calling the Get routine. You
may call
B_GetAlgorithmState after calling B_KeyAgreePhase1. When the application
is ready to resume the key agreement operation, create an algorithm object and
restore the state using
B_SetAlgorithmState. See the dhagrsv.c sample for details.
/* The other party should send their public value and its length. */
unsigned char *otherPublicValue;
unsigned int otherPublicValueLen;
unsigned char *agreedUponSecretValue = NULL_PTR;
unsigned int agreedUponSecretValueLen;
agreedUponSecretValue = T_malloc (getParams->prime.len);
if ((status = (agreedUponSecretValue == NULL_PTR)) != 0)
break;
/* generalFlag is for the surrender function.*/
generalFlag = 0;
if ((status = B_KeyAgreePhase2
(dhKeyAgreeAlg, agreedUponSecretValue,
&agreedUponSecretValueLen, getParams->prime.len,
otherPublicValue, otherPublicValueLen,
&generalSurrenderContext)) != 0)
break;
B_DestroyAlgorithmObject (&dhKeyAgreeAlg);
B_DestroyAlgorithmObject (&randomAlgorithm);
T_free (myPublicValue);
T_free (agreedUponSecretValue);
