1 (edited by kingutoran98 2023-02-02 13:50:59)

Topic: wc_ecc_shared_secret - RNG required but not provided error

Hello,

I am implementing exchange compress ecc key with wc_ecc_shared_secret, but I received -236 error (RNG required).

I have checked the init and make key are working well. I also already initiate the rng. I export the public key using wc_ecc_x963_ex ( &private_key, public_key, &size, 1)  (size = 33), if I am understand it correctly, p256 will return 33 bytes public key. I then import the public key using wc_ecc_x963 (public_key, 33, &pk_receive) where pk_receive is an initiated ecc_key.

To test the exchange key, I call wc_ecc_shared_secret( &another_private_key, &pk_receive, sharedSecret, &shareSec_size) and then I get the -236 error.

Could you please let me know where I did it wrong or what am I missing to use the shared_secret function.

Thank you in advance.

Share

Re: wc_ecc_shared_secret - RNG required but not provided error

Hello kingutoran98,

We have an example that you might find useful:
https://github.com/wolfSSL/wolfssl-exam … ate_secret

Also this example is a good demonstration of using the x963 API:
https://github.com/wolfSSL/wolfssl-exam … glentest.c

What configuration settings are you building wolfSSL with?

Could you tell us about about your project?

Thanks,
Eric @ wolfSSL Support

Re: wc_ecc_shared_secret - RNG required but not provided error

Hi embhorn,

I build wolfssl on Ubuntu terminal on Window machine and using --enable-all when do the configure.

I am implementing ECDH and later applied encrypt/decrypt. But I have trouble in the key exchange step before I can start the encrypt/decrypt part.

Thank you in advance.

Share

Re: wc_ecc_shared_secret - RNG required but not provided error

The RNG is required for resistance to timing attacks. If you are only doing this as research, you can disable the timing attack resistance by undefining

ECC_TIMING_RESISTANT

Re: wc_ecc_shared_secret - RNG required but not provided error

HI embhorn,

Thank you very much for your reply. I got it work after disable the harden. However, is there any way I can still keep the harden and timing attack resistant while avoid that error. I am not sure, where to provide the RNG for that function, since the input only require private key, public key, buffer and its size.

Thank you in advance.

Share