1 (edited by ravi.kumar 2016-10-21 08:19:50)

Topic: Problem with ECC point multiplication

Hi,

I am verifying ECC functionality with wolfssl library v3.3.0.
I am Facing issue while testing point multiplication operation.

I am taking input vectors from Bluetooth SIG certification standard to verify curve P-256 point multiplication .
I have attached screenshot for the input vectors.
I have taken vectors from P-256 Data set 1(Please check the attachment).
P-256 ECC multiplication :
DH Key = Private A * (Public B(x), Public B(y), Bz)
Where Bz = 00000000000000000000000000000001
Please note that values from left to right is LSB to MSB.

Modulus values used as below:
const uint8 p256_modulus[32] = {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};

I am using following wolfssl function for computing point multiplication.
static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, int map)

Wolfssl library is expecting inputs in mp_int format. So I have converted standard inputs into mp_int format and then given to ecc_mulmod() function.
But result is not coming as expected.(Results should match as per the standard)
input conversion:
Private A value is converted to mp_int format and provided as 'k' to ecc_mulmod()
Public Bx, Public By, Bz values are converted into mp_int formats and converted as ecc_point then provided as 'G' to ecc_mulmod()
p256_modulus is converted as mp_int format and given as 'modulus' to ecc_mulmod()
'map' value is given as '0'

Function is not returning any error but final result is not matching with the expected result
(Please check DH key value in the attachment for the expected result)

Could you please check why result is not matching with these vectors ?
Thanks in advance.

Post's attachments

Screenshot from 2016-10-20 21:56:37.png
Screenshot from 2016-10-20 21:56:37.png 233.86 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

2 (edited by Kaleb J. Himes 2016-10-20 12:57:28)

Re: Problem with ECC point multiplication

Hi ravi.kumar,

Is there a reason you are working with such an outdated version of our library? v3.3.0 is very old at this point (Dec 5, 2014 nearly two years old). We have had two major and several minor updates to the ECC math libraries since then, one major update was to fix an issue when ECC_SHAMIR was not defined (got unexpected results as you describe) and another to defeat a side-channel cache attack (see more on this in our blog https://wolfssl.com/wolfSSL/Blog/Blog.html or in README.md). I can not guarantee but suspect you have encountered one of the issues that has since been fixed.

Please run your test against v3.9.10 and let us know if you observe the same behavior: https://wolfssl.com/wolfSSL/download/downloadForm.php

OR development branch here:
https://github.com/wolfSSL/wolfssl


Kind Regards,

Kaleb

Re: Problem with ECC point multiplication

Hi ravi.kumar,

One of my colleagues also wanted to ensure the mp_int is being correctly populated:


mp_int a;

mp_init(&a);

mp_read_unsigned_bin(&a, p256_modulus, sizeof(p256_modulus));



This will populate the mp_int correctly from his byte array.

- David Garske


Kind Regards,

- Kaleb

Re: Problem with ECC point multiplication

Hi Kaleb,

Thanks for the reply.

Now I have moved to new cyassl code(3.9.10).
But still issue is coming.
I have debugged the issue and concluded that multiplication operation is failing because of improper creation of ecc point from array values.

Please check the below code which I am using to create ecc_point from array values.

unsigned char gx[32] = {0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96};
unsigned char gy[32] = {0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5};
unsigned char gz[32] = { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

    ecc_point *G1 = NULL;
    G1 = wc_ecc_new_point();

    if(G1 == NULL)
    {
      printf("Allocation failed\n");
      return;
    }

    memset(G1, 0, sizeof(ecc_point));

    mp_read_unsigned_bin(G1->x, gx, sizeof(gx));
    mp_read_unsigned_bin(G1->y, gy, sizeof(gy));
    mp_read_unsigned_bin(G1->z, gz, sizeof(gz));

I am sure issue is in this code only. Please correct the above code.

Thanks and regards,
Ravi Kumar

Share

5 (edited by Kaleb J. Himes 2016-11-14 14:50:45)

Re: Problem with ECC point multiplication

Hi Ravi,

It's not completely clear what the end goal is here.

I have run your code as is and there is not an issue with the code other than the calls to mp_read_unsigned_bin which are internal to wolfSSL only and not designed to be used in this way. (called externally).

Please explain your desired use-case.
If there is an API that exists and does what you are attempting we will recommend use of that API. If the API does not exist for your desired use-case we'll add it to our feature request list.

Kind Regards,

Kaleb

Re: Problem with ECC point multiplication

Hi Kaleb,

Thank you for your  support. Now its working. It was our mistake.

Thanks,
Ravi.

Share