(HW) ECDH (curve25519) from SDK vs. (external) libsodium: shared secret problem

⚠️
Hi there.. thanks for coming to the forums. Exciting news! we’re now in the process of moving to our new forum platform that will offer better functionality and is contained within the main Dialog website. All posts and accounts have been migrated. We’re now accepting traffic on the new forum only - please POST any new threads at//www.xmece.com/support. We’ll be fixing bugs / optimising the searching and tagging over the coming days.
11 posts / 0 new
Last post
nhan.ngodinh
Offline
Last seen:1 year 4 months ago
加入:2017-03-21 20
(HW) ECDH (curve25519) from SDK vs. (external) libsodium: shared secret problem

Hi,
I am developing an ecdh-curve25519 crypto application which should be based on your HW accellerator on my dev board.
At the moment I am able to generate a [Shared Secret] by using as from your guide (DA1468x_DA15xxx_SDK_1.0.14.1081/doc/html/group___e_c_d_h.html).
Checking flags and resources buffer it seems all OK!

This "shared secret" should be shared with another generated with the same curve25519 on another external device (think about a linux-pc) using "libsodium library" (again, same ecdh-curve).

Now, at this point something wrong happens: the two shared secret are completely different.

Did you have any idea or even experienced such a problem?
Did you ever tested the algorithm for compatibility with other shared secret generators?

Thank you in advance

[SDK-used]:: DA1468x_DA15xxx_SDK_1.0.14.1081
[PC-linux]:: libsodium+linux ubuntu 18

Device:
PM_Dialog
Online
Last seen:10 min 46 sec ago
工作人员
加入:2018-02-08 11:03
Hi nhan.ngodinh,

Hi nhan.ngodinh,

Let me check your issue and I will get back to you as soon as I have an answer for you.

Thanks, PM_Dialog

nhan.ngodinh
Offline
Last seen:1 year 4 months ago
加入:2017-03-21 20
Hi,

Hi,
in order to give some points for discussion today I tested your [SDK code] with "test vector" as from [https://tools.ietf.org/html/rfc7748#page-14].
The result is wrong respect to the expected [shared-secret].
Instead, making the same test on [linux-pc] with [ubuntu+libsodium] it is returning the correct [shared-secret].

Now, if I did not make any error I guess you probably do not comply with that (informal) standard RFC 7748.

thanks, nn

PM_Dialog
Online
Last seen:10 min 46 sec ago
工作人员
加入:2018-02-08 11:03
Hi nhan.ngodinh,

Hi nhan.ngodinh,

Could you please clarify the [SDK code] and which test vector are you using? You should not take different results, but I will try to replicate your issue. Also, any input/code snippet that you are using it would be very helpful.

Thanks, PM_Dialog

nhan.ngodinh
Offline
Last seen:1 year 4 months ago
加入:2017-03-21 20
Hi,

Hi,
as I specified in my previous comment, test vectors are taken as from [https://tools.ietf.org/html/rfc7748#page-14]-> pag 13.
For simplicity I'm attaching below the keys and resulting shared secret:

# Alice's private key, a:
77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a

# Alice's public key, X25519(a, 9):
8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a

# Bob's public key, X25519(b, 9):
de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f

#Their shared secret, K:
4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742

[SDK CODE]:
#参考SRC:
DA1468x_DA15xxx_SDK_1.0.14.1081/sdk/interfaces/crypto/src/crypto_ecdh.c

# CODE SNIPPET:
/* forcing to use only curve25519 into crypto_ecdh.h */
#define CRYPTO_ECDH_USE_ONLY_CURVE25519 (1)

/* initializing curve structure */
INITIALISED_PRIVILEGED_DATA crypto_ecdh_context_t c_ctx = CRYPTO_ECDH_INIT_CTX(CRYPTO_EC_PARAMS_CURVE25519);

/* copying Alice's private key into the "d" filed */
memcpy(&(c_ctx.d[0]), Alice_priv, 32);
/* setting correspoding flag */
c_ctx.flags |= CRYPTO_ECDH_CTX_d;
/* copying Alice's pub key into the "X coordinate" filed, the only one used for curve25519 */
memcpy(&(c_ctx.Ql[0][0]), Alice_pubk, 32);
/* setting correspoding flag */
c_ctx.flags |= CRYPTO_ECDH_CTX_Ql;
/* copying Bob's pub key into the "X coordinate" filed, the only one used for curve25519 */
memcpy(&(c_ctx.Qp[0][0]), Bob_pubk, 32);
/* setting correspoding flag */
c_ctx.flags |= CRYPTO_ECDH_CTX_Qp;

/* calling crypto_ecdh_compute for generating shared key (flags should be ok at this point) */
crypto_ecdh_compute(&c_ctx, c_ctx_timeout);
/* printing shared secret and flags (flags=15 as it should but shared secret wrong)*/
printf("SHARED SECRET [flags->%d]\n", c_ctx.flags);
for(uint32_t i = 0; i < 32; i++)
printf("\"%x\",", c_ctx.s[i]);

let me know if you need something more.

thanks, nn

PM_Dialog
Online
Last seen:10 min 46 sec ago
工作人员
加入:2018-02-08 11:03
Hi nhan.ngodinh,,

Hi nhan.ngodinh,,

I will try to replicate your issue and I will get back to you with my feedback as soon as possible.

Thanks, PM_Dialog

nhan.ngodinh
Offline
Last seen:1 year 4 months ago
加入:2017-03-21 20
Hi,

Hi,

did you get the chance to have a look at the problem?

I need to understand whether or not to continue with your SDK "ECDH-curve25519" or move to another solution.

Please be understaing we got some pressure and the last post is dated "2019-03-01".

Thenk you very much for your support.

regards

nn

PM_Dialog
Online
Last seen:10 min 46 sec ago
工作人员
加入:2018-02-08 11:03
Hi nhan.ngodinh,

Hi nhan.ngodinh,

延迟道歉,但我推你sue internally, so i will get back to you when I have any update from the Team.

Thanks, PM_Dialog

PM_Dialog
Online
Last seen:10 min 46 sec ago
工作人员
加入:2018-02-08 11:03
Hi nhan.ngodinh,

Hi nhan.ngodinh,

Could you please let me know in which project of SDK1.0.14.1081 are you working on? In a BLE or in a non-BLE project? If you are working on a non-BLE project, I would suggest you to move into a BLE project (for instance the ble_adv project) and follow the same procedure. Are you able to get the correct results in a BLE project?

Thanks, PM_Dialog

nhan.ngodinh
Offline
Last seen:1 year 4 months ago
加入:2017-03-21 20
Hi,

Hi,

"I would suggest you to move into a BLE project (for instance the ble_adv project) and follow the same procedure", are you kidding me?

Just to recap: you do not know what's the problem with that API? After one month...

We are talking about Cyber Security features, I would suggest to further investigate the problem in order to fix your problem letting us to use it as a common (and useful...) API, in any project...

Anyway I guess is better not to use it for the moment until you provide a valid alternative (or the expected fix).

Thank you very much for your support

regards

aa

PM_Dialog
Online
Last seen:10 min 46 sec ago
工作人员
加入:2018-02-08 11:03
Hi nhan.ngodinh,

Hi nhan.ngodinh,

I will get contact with you in the registered email address.

Thanks,PM_Dialog