Hi,
I am developing an ecdh-curve25519 crypto application which should be based on your HW accellerator on my dev board.
目前,我能够通过使用指南(da1468x_da15xxx_sdk_1.0.14.1081 / doc / html / group ___ e_c_d_h.html)生成[共享秘密]。
检查标志和资源缓冲区似乎都可以!
This "shared secret" should be shared with another generated with the same curve25519 on another external device (think about a linux-pc) using "libsodium library" (again, same ecdh-curve).
现在,此时发生了什么问题:两个共享秘密完全不同。
你有任何想法甚至经历过这样的问题吗?
您有没有测试与其他共享秘密发生器的兼容性算法?
Thank you in advance
[SDK-used]:: DA1468x_DA15xxx_SDK_1.0.14.1081
[PC-Linux] :: libsodium + Linux Ubuntu 18
设备:
嗨nhan.ngodinh,
让我检查你的问题,我会尽快回复你的答案。
Thanks, PM_Dialog
Hi,
in order to give some points for discussion today I tested your [SDK code] with "test vector" as from [https://tools.ietf.org/html/rfc7748#page-14].
The result is wrong respect to the expected [shared-secret].
Instead, making the same test on [linux-pc] with [ubuntu+libsodium] it is returning the correct [shared-secret].
Now, if I did not make any error I guess you probably do not comply with that (informal) standard RFC 7748.
thanks, nn
嗨nhan.ngodinh,
Could you please clarify the [SDK code] and which test vector are you using? You should not take different results, but I will try to replicate your issue. Also, any input/code snippet that you are using it would be very helpful.
Thanks, PM_Dialog
Hi,
正如我在我之前的注释中指定的那样,测试向量是从[https://tools.ietf.org/html/rfc7748#page-14]- > pag 13。
为简单起见,我将在键下面附加并产生共享秘密:
#Alice的私钥,答:
77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a
#Alice的公钥,X25519(A,9):
8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a
#BOB的公钥,X25519(B,9):
de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f
#Their shared secret, K:
4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
[SDK CODE]:
#参考SRC:
DA1468x_DA15xxx_SDK_1.0.14.1081/sdk/interfaces/crypto/src/crypto_ecdh.c
# CODE SNIPPET:
/* forcing to use only curve25519 into crypto_ecdh.h */
#define CRYPTO_ECDH_USE_ONLY_CURVE25519 (1)
/* initializing curve structure */
INITIALISED_PRIVILEGED_DATA crypto_ecdh_context_t c_ctx = CRYPTO_ECDH_INIT_CTX(CRYPTO_EC_PARAMS_CURVE25519);
/ *将Alice的私钥复制到“D”归档* /
memcpy(&(c_ctx.d[0]), Alice_priv, 32);
/* setting correspoding flag */
c_ctx.flags | = crypto_ecdh_ctx_d;
/* copying Alice's pub key into the "X coordinate" filed, the only one used for curve25519 */
memcpy(&(c_ctx.Ql[0][0]), Alice_pubk, 32);
/* setting correspoding flag */
c_ctx.flags |= CRYPTO_ECDH_CTX_Ql;
/* copying Bob's pub key into the "X coordinate" filed, the only one used for curve25519 */
memcpy(&(c_ctx.Qp[0][0]), Bob_pubk, 32);
/* setting correspoding flag */
c_ctx.flags | = crypto_ecdh_ctx_qp;
/ *调用crypto_ecdh_compute用于生成共享密钥(此时应该可以确定)* /
crypto_ecdh_compute(&c_ctx, c_ctx_timeout);
/* printing shared secret and flags (flags=15 as it should but shared secret wrong)*/
printf("SHARED SECRET [flags->%d]\n", c_ctx.flags);
for(Uint32_t i = 0; i <32; i ++)
printf("\"%x\",", c_ctx.s[i]);
let me know if you need something more.
thanks, nn
嗨nhan.ngodinh ,,
I will try to replicate your issue and I will get back to you with my feedback as soon as possible.
Thanks, PM_Dialog
Hi,
你有机会看看这个问题吗?
I need to understand whether or not to continue with your SDK "ECDH-curve25519" or move to another solution.
Please be understaing we got some pressure and the last post is dated "2019-03-01".
Thenk you very much for your support.
regards
nn.
嗨nhan.ngodinh,
为延迟表示歉意,但我在内部推动了问题,所以我会在团队中有任何更新时回复您。
Thanks, PM_Dialog
嗨nhan.ngodinh,
Could you please let me know in which project of SDK1.0.14.1081 are you working on? In a BLE or in a non-BLE project? If you are working on a non-BLE project, I would suggest you to move into a BLE project (for instance the ble_adv project) and follow the same procedure. Are you able to get the correct results in a BLE project?
Thanks, PM_Dialog
Hi,
"I would suggest you to move into a BLE project (for instance the ble_adv project) and follow the same procedure", are you kidding me?
Just to recap: you do not know what's the problem with that API? After one month...
We are talking about Cyber Security features, I would suggest to further investigate the problem in order to fix your problem letting us to use it as a common (and useful...) API, in any project...
Anyway I guess is better not to use it for the moment until you provide a valid alternative (or the expected fix).
Thank you very much for your support
regards
aa
嗨nhan.ngodinh,
I will get contact with you in the registered email address.
Thanks,PM_Dialog