Hello all,

I want to use mbedtls-functions for "Shared Secret" according ECDH with C448.
First I want to check the test vectors mentioned in RFC7748 (chapter 6.2).

But it fails in function mbedtls_ecdh_compute_shared(...) with return value -0x4C80 MBEDTLS_ERR_ECP_INVALID_KEY  (please see code below)

But up to now I can't find the root cause.
Is there a similar example available?


Regards,
Tom

// Alice's private key
static const unsigned char alice_private_key[] = {
    0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d,    0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45,    0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,    0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a
};

// Bob's private key
static const unsigned char bob_private_key[] = {
    0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b,    0x79, 0xe1, 0x7f, 0x8b, 0x83, 0x80, 0x0e, 0xe6,    0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18, 0xb6, 0xfd,    0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb
};

int main() {
    mbedtls_ecdh_context ecdh;
    unsigned char shared_secret[32];
    size_t olen;
    int ret;

    mbedtls_ecdh_init(&ecdh);

    // Load Bob's private key
    ret = mbedtls_ecp_group_load(&ecdh.grp, MBEDTLS_ECP_DP_CURVE25519);
    if (ret != 0) {
        printf("Failed to load group\n");
        return 1;
    }

    ret = mbedtls_mpi_read_binary(&ecdh.d, bob_private_key, sizeof(bob_private_key));
    if (ret != 0) {
        printf("Failed to read private key\n");
        return 1;
    }

    // Compute the shared secret
    ret = mbedtls_ecdh_compute_shared(&ecdh.grp, &ecdh.z, &ecdh.Qp, &ecdh.d,
                                      mbedtls_ctr_drbg_random, NULL);
    if (ret != 0) {
        printf("Failed to compute shared secret\n");
        return 1;
    }
...

Test vector:

   Alice's private key, a:
     9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28d
     d9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b
   Alice's public key, X448(a, 5):
     9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c
     22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0
   Bob's private key, b:
     1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d
     6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d
   Bob's public key, X448(b, 5):
     3eb7a829b0cd20f5bcfc0b599b6feccf6da4627107bdb0d4f345b430
     27d8b972fc3e34fb4232a13ca706dcb57aec3dae07bdc1c67bf33609
   Their shared secret, K:
     07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282b
     b60c0b56fd2464c335543936521c24403085d59a449a5037514a879d