isecpartners / nano-ecc Goto Github PK

How to use nanoECC functions in my own dtls implementation such that it will works with openssl.

I am using secp384r1 curve, but openssl generates error below:
15754888:error:1006706B:elliptic curve routines:ec_GFp_simple_oct2point:point is not on curve:ecp_oct.c:421:

Any suggestion, thanks.

README says that there was intentions to optimize this code for 8051 asm. Is this still on the roadmap, or has this repo been abandoned?

I noticed a small difference with the repos micro-ecc and easy-ecc. I had to modify myself this line of code (line 1338) in order to make the verify function work fine:

/* Calculate u1 and u2. */
vli_modInv(z, s, curve_n); /* Z = s^-1 */
ecc_bytes2native(u1, p_hash); //modification taken from easy-ecc
vli_modMult(u1, u1, z, curve_n); /* u1 = e/s */
vli_modMult(u2, r, z, curve_n); /* u2 = r/s */

I am not sure if the modification was left out on purpose but I leave it here in case anyone faces the same problem.

This patch addresses some corner cases in vli_add and vli_sub. I have not tested it for correctness.

From ba453211161ed86b945ad7df44160959ee40a28f Mon Sep 17 00:00:00 2001
From: Ildar Muslukhov <ildar@redacted>
Date: Sat, 12 Apr 2014 11:37:23 -0700
Subject: [PATCH] Fixed a bug in the vli_add/vli_sub functions (handleding of a
 corner case, when p_right[i] == 0xff)

---
 ecc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ecc.c b/ecc.c
index bc2ee39..00976f2 100644
--- a/ecc.c
+++ b/ecc.c
@@ -220,7 +220,7 @@ static uint8_t vli_add(uint8_t *p_result, uint8_t *p_left, uint8_t *p_right)
         uint8_t l_sum = p_left[i] + p_right[i] + l_carry;
         if(l_sum != p_left[i])
         {
-            l_carry = (l_sum < p_left[i]);
+            l_carry = (l_sum < p_left[i]) | ((l_sum == p_left[i]) && (l_carry));
         }
         p_result[i] = l_sum;
     }
@@ -237,7 +237,7 @@ static uint8_t vli_sub(uint8_t *p_result, uint8_t *p_left, uint8_t *p_right)
         uint8_t l_diff = p_left[i] - p_right[i] - l_borrow;
         if(l_diff != p_left[i])
         {
-            l_borrow = (l_diff > p_left[i]);
+            l_borrow = (l_diff > p_left[i]) | ((l_diff == p_left[i]) && (l_borrow));
         }
         p_result[i] = l_diff;
     }
-- 
1.8.5.2 (Apple Git-48)

Hi, i'm looking at the source and wondering the opinion of the authors on adding the secp256k1 algorithm. I've not implemented an ecc algorithm, but would be interested to know what it will take to implement it and if there are any pointers to what I would need to change. For example, does it require changing scalar values from one of the existing algos, or is it more involved? Also, I was looking for a reference such as http://www.nsa.gov/ia/_files/nist-routines.pdf, but wasn't able to access it, do you know of any references for the secp256k1 algorithm?

Update: I was able to find other implementations, e.g. https://github.com/kmackay/micro-ecc

Hello!

It seems that nano-ecc is a implementaion of ecsda and ecdh, how to use it to do ecc encryption?

Thanks!

in these lines the random is been subtracted, in order to be smaller than the modulus.
But this conditional step could lead to some side channel attacks, because of the timing differences and because the chosen random and the used curve could affect the statistical distribution of the real k used...

ecdsa_verify will be stuck in this function

if the same random number is used for both key generation and message signing

the nonce generation here is biased and could lead to potential key recovery attacks. looks like micro-ecc has already fixed these issues, so this old repo might need a warning that its out of date. https://github.com/kmackay/micro-ecc