mbedTLS ECJ-PAKE

ip1 · June 7, 2021, 12:53pm

Hi,
I am trying to implement the j-pake algorithm on nordic 52832 and using nordic SDK and mbed tls library. The crypto libraries are enabled and the code compiles without any error.

But the ecj-pake read round returns error -16. I tried running the ecj-pake selftest also and it also returns error -16. Below is the code snippet. The client and server are simulated on same board and simply feed the message buffer from write_round_1 to the read_round_1 function. The error comes from function mbedtls_mpi_grow()
if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL )
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
I checked the nblimbs value and it is 8.

static const unsigned char ecjpake_secret = { 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x6a, 0x70, 0x61, 0x6b, 0x65, 0x74, 0x65, 0x73, 0x74 };
mbedtls_ecjpake_context ecjpake_client;
mbedtls_ecjpake_context ecjpake_server;

int main (){

int ret;
ret_code_t err_code = NRF_SUCCESS;
unsigned char msg_client [512], pms[32];
size_t msg_client_len,pmslen;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;

err_code = nrf_mem_init();
err_code = nrf_crypto_init();

mbedtls_ecjpake_init(&ecjpake_client);
mbedtls_ecjpake_init( &ecjpake_server );
mbedtls_ecjpake_setup( &ecjpake_client, MBEDTLS_ECJPAKE_CLIENT, MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
ecjpake_secret, sizeof( ecjpake_secret ));
mbedtls_ecjpake_setup( &ecjpake_server, MBEDTLS_ECJPAKE_SERVER, MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, ecjpake_secret, sizeof( ecjpake_secret ));

ret = mbedtls_ecjpake_write_round_one( &ecjpake_client, msg_client, sizeof(msg_client ), &msg_client_len,
nrf_crypto_backend_mbedtls_ecc_mbedtls_rng, &ctr_drbg ) ;
ret = mbedtls_ecjpake_read_round_one( &ecjpake_server, msg_client, msg_client_len );
ret = mbedtls_ecjpake_write_round_one( &ecjpake_server, msg_client, sizeof( msg_client ), &msg_client_len,
nrf_crypto_backend_mbedtls_ecc_mbedtls_rng, &ctr_drbg);
ret = mbedtls_ecjpake_read_round_one( &ecjpake_client, msg_client, msg_client_len );

}

Can you help me to understand why this error coming. Are the steps followed correct or am I doing something wrong.

Thanks

Topic		Replies	Views
Got an alert message 70 in parse new session ticket Mbed TLS mbed_client	0	629	December 28, 2020
Mbedtls_pk_decrypt returned -0x4080 - Can't find error code on pk.h (please help) Crypto and SSL questions mbed_tls , ble	0	594	June 24, 2021
ECDSA-secp521 test fail Crypto and SSL questions	6	1087	September 13, 2018
Bignum.c in mbedTLS 2.16.1 and later not working Mbed TLS mbed_tls	1	564	December 22, 2019
Mbedtls_pk_verify giving ECP - The signature is not valid as error Crypto and SSL questions mbed_tls	0	682	March 22, 2021

mbedTLS ECJ-PAKE

Related Topics