gsk_generate_secret()

Generates the Diffie-Hellman shared secret.

Format

   #include <gskcms.h>

   gsk_status gsk_generate_secret (
                                   gsk_buffer *         key_params,  
                                   gsk_buffer *         public_value,
                                   gsk_buffer *         private_value
                                   gsk_buffer *         secret_value)

Parameters

key_params: Specifies the Diffie-Hellman key parameters as an ASN.1-encoded sequence.
public_value: Specifies the public value for the partner application as a binary byte string.
private_value: Specifies the private value for the local application as a binary byte string.
secret_value: Returns the secret value as a binary byte string. The application should call the gsk_free_buffer() routine to release the secret value when it is no longer needed.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:

[CMSERR_BAD_DH_PARAMS]: The Diffie-Hellman group parameters are not valid.
[CMSERR_BAD_KEY_SIZE]: The key size is not valid.
[CMSERR_NO_MEMORY]: Insufficient storage is available.

Usage

The gsk_generate_secret() routine will generate the Diffie-Hellman shared secret value as defined in PKCS #3 (Diffie-Hellman Key Agreement Standard) and RFC 2631: Diffie-Hellman Key Agreement Method. The required key parameters P and G, and, in non-FIPS mode, the optional key parameters Q and J are supplied as an ASN.1-encoded sequence as defined in either PKCS #3 or RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. The return value will be the binary value for Z. The key size is determined by the size of the modulus P, and must be between 512 and 2048 bits if not executing in FIPS mode, or it must be 2048 bits if in FIPS mode.