Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[tinydtls-dev] Not Just Cookies: Also dtls_ecdsa_generate_key()

Hello,

The issue with dtls_prng() is indeed very serious, as the current implementation will generate very weak ECDSA keys. Effective Entropy of the ECDSA key is in the order of 32 bit keyspace, if I am not mistaken. The reason is simple: rand() has only 2^32 possible states and that translates into 2^32 possible key sequences from default dtls_prng(). The rand() state can be found simply by iterating the state space and checking against some known ECDSA key.

 

Oh, it is even worse, because only a subset of the dtls_prng() sequences are valid ECDSA keys…

 

So, if tinydtls is used in your project not just as a marketing tool, make sure dtls_prng() has a cryptographically strong implementation.

 

Please correct me if I am wrong, but that is how it looks like to me.

 

Kind regards

 

Frank Gerlach

 

 

 

void

dtls_ecdsa_generate_key(unsigned char *priv_key,

                                                unsigned char *pub_key_x,

                                                unsigned char *pub_key_y,

                                                size_t key_size) {

  uint32_t priv[8];

  uint32_t pub_x[8];

  uint32_t pub_y[8];

 

  do {

    dtls_prng((unsigned char *)priv, key_size);

  } while (!ecc_is_valid_key(priv));

 

  ecc_gen_pub_key(priv, pub_x, pub_y);

 

  dtls_ec_key_from_uint32(priv, key_size, priv_key);

  dtls_ec_key_from_uint32(pub_x, key_size, pub_key_x);

  dtls_ec_key_from_uint32(pub_y, key_size, pub_key_y);

}

 

 

 

Frank Gerlach

Senior Software Engineer

 

Office: +375 17 389 0100 x 23178   Cell: +375 29 877 4976    Email: frank_gerlach@xxxxxxxx

Minsk, Belarus (GMT+3)   epam.com

 

CONFIDENTIALITY CAUTION AND DISCLAIMER
This message is intended only for the use of the individual(s) or entity(ies) to which it is addressed and contains information that is legally privileged and confidential. If you are not the intended recipient, or the person responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. All unintended recipients are obliged to delete this message and destroy any printed copies.

 


Back to the top