• Registered: 2022-09-24
  • Posts: 12

Topic: Confusion on wc_ecc_encrypt and wc_ecc_decrypt

Hello,

The documentation of wc_ecc_decrypt states it requires the following parameter:

pubKey    pointer to the ecc_key object containing the public key of the peer with whom one wishes to communicate

I am providing this key however it seems its never used. Looking into the code of wc_ecc_decrypt I can see the public key is actually getting extracted from the message to decrypt itself:

    if (ret == 0) {
        ret = wc_ecc_init_ex(pubKey, privKey->heap, INVALID_DEVID);
    }
    if (ret == 0) {
        ret = wc_ecc_import_x963_ex(msg, pubKeySz, pubKey, privKey->dp->id);
    }

And within the wc_ecc_encrypt I can see the public key of the provided private key is actually prepended to the encrypted message.

So why are we even providing the peer's public key when its never used? The ecies sample seems also to use the peer's public key but as said according to the wc_ecc_encrypt / wc_ecc_decrypt code its never in use?

thanks for clarifications on this topic,
Alex

Share

  • Registered: 2022-09-24
  • Posts: 12

Re: Confusion on wc_ecc_encrypt and wc_ecc_decrypt

So I tried providing a fresh empty new key as public key to the wc_ecc_decrypt function and it still works perfectly well.

I am confused now as all the samples and the doc says it should be the peer's public key but as said it seems to extract another public key from the message itself.

Why is it done this way and how to change it as it also doubles the encrypted message size for me as the whole public key is appended too?

thanks
Alex

Share

  • Registered: 2022-09-24
  • Posts: 12

Re: Confusion on wc_ecc_encrypt and wc_ecc_decrypt

Obviously its not changeable could someone shed some light on this?

I am curious why we are then even exchanging the peer's public key at all as it seems for decrypt its not required at all only for encrypting?

Alex

Share

  • Registered: 2015-10-07
  • Posts: 430

Re: Confusion on wc_ecc_encrypt and wc_ecc_decrypt

Hi Alex,

Have you reviewed the BTLS example that uses ECIES here?
https://github.com/wolfSSL/wolfssl-exam … btle/ecies

The public key provided there is X.963 format, which is a small ASN.1 header and public X/Y (same format TLS uses). The public key is used to derive the shared secret used for encryption. It should be the public key provided by the peer.

Note: We have several ECIES modes. Perhaps you might consider one of these?
* yes = SEC1 standard (default)
* geniv = Generate IV (WOLFSSL_ECIES_GEN_IV)
* iso18033 = ISO 18033 standard (WOLFSSL_ECIES_ISO18033)
* old = original wolfSSL algorithm (WOLFSSL_ECIES_OLD)

Thanks,
David Garske, wolfSSL

Share

  • Registered: 2018-08-27
  • Posts: 14

Re: Confusion on wc_ecc_encrypt and wc_ecc_decrypt

Hi Alex,

As my colleague David explained, there are multiple versions of ECIES supported through the wc_ecc_decrypt API.

The original ECIES algorithm required the public key created during encrypt to be sent to the peer OOBs.

Recently, support was added for common standards.
These standards have the public key included in the message.
There is no need to pass the public key in for these implementations.
If an ecc_key object is passed in then it will have the public key decoded into it though.

Sean Parkinson, wolfSSL

Share