#ifdef MBEDTLS_ECDH_COMPUTE_SHARED_ALT /* * Compute shared secret (SEC1 3.3.1) * */ int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z, const mbedtls_ecp_point *Q, const mbedtls_mpi *d, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { LOG_INF("hello from mbedtls_ecdh_compute_shared"); int ret = 1; int headerLen = 0; uint8_t server_pub_key[256]; size_t server_pub_key_len = sizeof(server_pub_key); size_t keyBitLen = 0; sss_status_t status; sss_object_t server_key_object; sss_object_t shared_secret_object; sss_derive_key_t client_key_context; uint8_t shared_secret[200]; size_t shared_secret_len = sizeof(shared_secret); size_t shared_secret_bit_len = 0; sss_cipher_type_t server_pub_key_cipher_type = kSSS_CipherType_NONE; const uint8_t gecc_der_header_nist256[] = { 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00 }; size_t const der_ecc_nistp256_header_len = sizeof(gecc_der_header_nist256); if(get_header_and_bit_Length(grp->id, &headerLen, &keyBitLen)) { return 1; } ret = mbedtls_ecp_point_write_binary(grp, Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &server_pub_key_len, (server_pub_key + headerLen), sizeof(server_pub_key)); if(ret) { LOG_ERR("mbedtls_ecp_point_write_binary FAILED ret = %x \r\n",ret); return -1; }else{ LOG_INF("mbedtls_ecp_point_read_binary successful"); } memcpy(server_pub_key, gecc_der_header_nist256, der_ecc_nistp256_header_len); server_pub_key_len = server_pub_key_len + der_ecc_nistp256_header_len; server_pub_key_cipher_type = kSSS_CipherType_EC_NIST_P; status = sss_key_store_context_init(&sss_ecdh_key_store, &hook_session); if(status != kStatus_SSS_Success) { LOG_ERR("sss_key_store_context_init FAILED for keyStoreId 0x%x FAILED, 0x%x\n", SHARED_SECRET_KEY_SLOT, status); return -1; } status = sss_key_store_allocate(&sss_ecdh_key_store, SHARED_SECRET_KEY_SLOT); if(status != kStatus_SSS_Success) { LOG_ERR("sss_key_store_allocate FAILED for keyStoreId 0x%x FAILED, 0x%x\n", SHARED_SECRET_KEY_SLOT, status); return -1; } // SSCP Transient Object for the othe party public key init and allocate status = sss_key_object_init(&server_key_object, &sss_ecdh_key_store); if (status != kStatus_SSS_Success) { LOG_ERR( " sss_key_object_init for server_key_object failed, status = %x,", status); ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; }else{ LOG_INF("sss_key_object_init SUCCESSFUL"); } status = sss_key_object_allocate_handle(&server_key_object, ECDH_SERVER_KEY_SLOT, kSSS_KeyPart_Public, server_pub_key_cipher_type, (sizeof(server_pub_key)), kKeyObject_Mode_Transient); if (status != kStatus_SSS_Success) { LOG_ERR( " sss_key_object_allocate_handle for failed, status = %x,", status); ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; }else{ LOG_INF("sss_key_object_allocate_handle SUCCESSFUL"); } //init and allocate object for shared secret status = sss_key_object_init(&shared_secret_object, &sss_ecdh_key_store); if (status != kStatus_SSS_Success) { LOG_ERR( " sss_key_object_init for shared_secret_object failed, status = %x,", status); ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; }else{ LOG_INF("sss_key_object_init successful"); } status = sss_key_object_allocate_handle(&shared_secret_object, SHARED_SECRET_KEY_SLOT, kSSS_KeyPart_Default, kSSS_CipherType_AES, shared_secret_len, kKeyObject_Mode_Transient); if (status != kStatus_SSS_Success) { LOG_ERR( " sss_key_object_allocate_handle for shared_secret_object failed, status = %x,", status); ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; }else{ LOG_INF("sss_key_object_allocate_handle SUCCESSFUL"); } //setting the other party public key status = sss_key_store_set_key(&sss_ecdh_key_store, &server_key_object, server_pub_key, server_pub_key_len, keyBitLen, NULL, 0); if (status != kStatus_SSS_Success) { LOG_ERR(" sss_key_store_set_key for keyPair failed, status = %x,", status); ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; }else{ LOG_INF("sss_key_store_set_key SUCCESSFUL"); } status = sss_derive_key_context_init(&client_key_context, &hook_session, &sss_object_hook, kAlgorithm_SSS_ECDH, kMode_SSS_ComputeSharedSecret); if (status != kStatus_SSS_Success) { LOG_ERR(" sss_derive_key_context_init failed, status = %x,", status); ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; }else{ LOG_INF("sss_derive_key_context_init SUCCESSFUL"); } status = sss_derive_key_dh(&client_key_context, &server_key_object, &shared_secret_object); if (status != kStatus_SSS_Success) { LOG_ERR(" sss_derive_key_dh Failed failed, status = %x,", status); ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; }else{ LOG_INF("sss_derive_key_dh SUCCESSFUL"); } status = sss_key_store_get_key(&sss_ecdh_key_store, &shared_secret_object, shared_secret, &shared_secret_len, &shared_secret_bit_len); if (status != kStatus_SSS_Success) { LOG_ERR(" sss_key_store_get_key failed, status = %x,", status); ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; LOG_HEXDUMP_ERR(shared_secret, shared_secret_len, "key is:"); }else{ LOG_INF("sss_key_store_get_key SUCCESSFUL"); LOG_HEXDUMP_INF(shared_secret, shared_secret_len, "key is:"); } ret = mbedtls_mpi_read_binary(z, shared_secret, shared_secret_len); if(ret) { LOG_ERR("mbedtls_mpi_read_binary failed, ret = %x,", ret); return -1; }else{ LOG_INF("mbedtls_mpi_read_binary successful"); } sss_key_object_free(&server_key_object); sss_key_object_free(&server_key_object); return (ret); } #endif