1

(2 replies, posted in wolfSSL)

Hello embhorn,

Thank you for replying that fast. This is a school project and i am making the ecqv protocol described in the document in this link https://www.secg.org/sec4-1.0.pdf.

Based on your example I made a more elaborate example with logging and error handling. It is currently set for wolfssl. To switch to openssl Makefile needs changes in lines 1 and 2 from wolfssl to openssl. And ecc.c file to remove wolfssl from imports and just use openssl. If you run the code with ./ecqv -l ecqv.log ca_key.pem you can see the log inside ecqv.log.

The goal of protocol is to have points p_Qa_prim and p_Qa to be the same. And thats the case with openssl. But wolfssl returns different result.

2

(2 replies, posted in wolfSSL)

Hello,

I am using brainpoolP256r1 curve and I am trying to perform some ECC arithmetic. I managed to have everything working fine using openssl but when i use wolfssl it doesnt give expected result.

I was using openssl to perform following calculations:

1.Used PEM_read_PrivateKey to read key and then used EC_KEY_get0_group and  EC_GROUP_get_order to get Elliptic curve parameters(group and order).
2. Generate an EC key pair (a , p_alphaG ) using the following:
a = BN_new()
BN_rand_range(a, order)
p_alphaG = EC_POINT_new(group);
EC_POINT_mul(group, p_alphaG, a,NULL, NULL, NULL) //this does a multiplied by generator according to openssl docs p_alphaG = a * G
3.  Generate an EC key pair (k, p_kG)
p_kG = EC_POINT_new(group)
k = BN_new()
BN_rand_range(k, order)
EC_POINT_mul(group, p_kG, k,NULL, NULL, NULL) //this does k multiplied by generator according to openssl docs p_kG = k * G
4. Compute the elliptic curve point PU = p_alphaG + p_kG
Pu = EC_POINT_new(group)
EC_POINT_add(group, Pu, p_alphaG, p_kG, NULL) //addition
5. Generate Random bignum
e = BN_new();
BN_rand_range(e, order); //random bignum up to order
6. Compute the integer r = ek + c (mod n)
BIGNUM *ek = BN_new()
BN_mul(ek, e, k, ctx)
c = EC_KEY_get0_private_key(ca_key) //ca_key is generated in first step by PEM_read_PrivateKey
BN_mod_add(r, ek, c, order, ctx)
7. Compute the private key dU = r + ea (mod n)
ealpha = BN_new()
p_Qa_prim = EC_POINT_new(group)
BN_mul(ealpha, e, a, ctx)
dU = BN_new()
BN_mod_add(dU, ealpha, r, order, ctx)
EC_POINT_mul(group, p_Qa_prim, dU, NULL, NULL, NULL)
//at this point i can compare
EC_POINT_cmp(group, p_Qa, p_Qa_prim, ctx) //this should return 1 because these the points should be the same

Using wolfssl these two points are completely different. Nothing fails here but result is not expected. I expected that wolfssl compiled with openssl-extra should provide reproducible results as openssl.

Is there any device you can give me on this? What can be the reason that wolfssl does not give same results as openssl?

Thank you

Btw, all these calculations come from this standard document(https://www.secg.org/sec4-1.0.pdf)