Hi,
I am developing an ecdh-curve25519 crypto application which should be based on your HW accellerator on my dev board.
At the moment I am able to generate a [Shared Secret] by using as from your guide (DA1468x_DA15xxx_SDK_1.0.14.1081/doc/html/group___e_c_d_h.html).
Checking flags and resources buffer it seems all OK!
This "shared secret" should be shared with another generated with the same curve25519 on another external device (think about a linux-pc) using "libsodium library" (again, same ecdh-curve).
Now, at this point something wrong happens: the two shared secret are completely different.
Did you have any idea or even experienced such a problem?
Did you ever tested the algorithm for compatibility with other shared secret generators?
Thank you in advance
[SDK-used]:: DA1468x_DA15xxx_SDK_1.0.14.1081
[PC-linux]:: libsodium+linux ubuntu 18
Hi nhan.ngodinh,
Let me check your issue and I will get back to you as soon as I have an answer for you.
Thanks, PM_Dialog
Hi,
in order to give some points for discussion today I tested your [SDK code] with "test vector" as from [https://tools.ietf.org/html/rfc7748#page-14].
The result is wrong respect to the expected [shared-secret].
Instead, making the same test on [linux-pc] with [ubuntu+libsodium] it is returning the correct [shared-secret].
Now, if I did not make any error I guess you probably do not comply with that (informal) standard RFC 7748.
thanks, nn
Hi nhan.ngodinh,
Could you please clarify the [SDK code] and which test vector are you using? You should not take different results, but I will try to replicate your issue. Also, any input/code snippet that you are using it would be very helpful.
Thanks, PM_Dialog
Hi,
as I specified in my previous comment, test vectors are taken as from [https://tools.ietf.org/html/rfc7748#page-14]-> pag 13.
For simplicity I'm attaching below the keys and resulting shared secret:
# Alice's private key, a:
77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a
# Alice's public key, X25519(a, 9):
8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a
# Bob's public key, X25519(b, 9):
de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f
#Their shared secret, K:
4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742
[SDK CODE]:
#参考SRC:
DA1468x_DA15xxx_SDK_1.0.14.1081/sdk/interfaces/crypto/src/crypto_ecdh.c
# CODE SNIPPET:
/* forcing to use only curve25519 into crypto_ecdh.h */
#define CRYPTO_ECDH_USE_ONLY_CURVE25519 (1)
/* initializing curve structure */
INITIALISED_PRIVILEGED_DATA crypto_ecdh_context_t c_ctx = CRYPTO_ECDH_INIT_CTX(CRYPTO_EC_PARAMS_CURVE25519);
/* copying Alice's private key into the "d" filed */
memcpy(&(c_ctx.d[0]), Alice_priv, 32);
/* setting correspoding flag */
c_ctx.flags |= CRYPTO_ECDH_CTX_d;
/* copying Alice's pub key into the "X coordinate" filed, the only one used for curve25519 */
memcpy(&(c_ctx.Ql[0][0]), Alice_pubk, 32);
/* setting correspoding flag */
c_ctx.flags |= CRYPTO_ECDH_CTX_Ql;
/* copying Bob's pub key into the "X coordinate" filed, the only one used for curve25519 */
memcpy(&(c_ctx.Qp[0][0]), Bob_pubk, 32);
/* setting correspoding flag */
c_ctx.flags |= CRYPTO_ECDH_CTX_Qp;
/* calling crypto_ecdh_compute for generating shared key (flags should be ok at this point) */
crypto_ecdh_compute (&c_ctx c_ctx_timeout);
/* printing shared secret and flags (flags=15 as it should but shared secret wrong)*/
printf("SHARED SECRET [flags->%d]\n", c_ctx.flags);
for(uint32_t i = 0; i < 32; i++)
printf("\"%x\",", c_ctx.s[i]);
let me know if you need something more.
thanks, nn
Hi nhan.ngodinh,,
I will try to replicate your issue and I will get back to you with my feedback as soon as possible.
Thanks, PM_Dialog
Hi,
did you get the chance to have a look at the problem?
I need to understand whether or not to continue with your SDK "ECDH-curve25519" or move to another solution.
Please be understaing we got some pressure and the last post is dated "2019-03-01".
Thenk you very much for your support.
regards
nn
Hi nhan.ngodinh,
Apologies for the delay, but I have driven your issue internally, so i will get back to you when I have any update from the Team.
Thanks, PM_Dialog
Hi nhan.ngodinh,
Could you please let me know in which project of SDK1.0.14.1081 are you working on? In a BLE or in a non-BLE project? If you are working on a non-BLE project, I would suggest you to move into a BLE project (for instance the ble_adv project) and follow the same procedure. Are you able to get the correct results in a BLE project?
Thanks, PM_Dialog
Hi,
"I would suggest you to move into a BLE project (for instance the ble_adv project) and follow the same procedure", are you kidding me?
Just to recap: you do not know what's the problem with that API? After one month...
We are talking about Cyber Security features, I would suggest to further investigate the problem in order to fix your problem letting us to use it as a common (and useful...) API, in any project...
Anyway I guess is better not to use it for the moment until you provide a valid alternative (or the expected fix).
Thank you very much for your support
regards
aa
Hi nhan.ngodinh,
I will get contact with you in the registered email address.
Thanks,PM_Dialog