Incompatible Object error from EC_POINT_mul

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Incompatible Object error from EC_POINT_mul

John Hughes-2
I'm trying to generate a public key from a private key generated on a HSM
(and obtained by calling PKCS#11). Everything works fine until I call
EC_POINT_mul - at which point I get the error message:

       error:100BB065:elliptic curve routines:ec_wNAF_mul:incompatible
objects

I have checked the BIGNUM conversion - and that seems to be fine. The key
pair on the HSM is also generated using brainpoolP256r1.

The basis of the code can be found at the end of the email. I'm basically
trying to follow the example provided in:
        https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography.

I'm using openssl 1.10h

Any pointers or help would be appreciated.


John

---------------------------------------------------------------


        BN_CTX *ctx;
        ctx = BN_CTX_new();
        if(!ctx) {
                outputInfo("unable to create openssl BN_CTX");
                return;
        }

        EC_GROUP *curve;

        outputInfo("about to create EC_GROUP_new_by_curve_name");
        if(NULL == (curve =
EC_GROUP_new_by_curve_name(NID_brainpoolP256r1))) {
                outputERRORmess("unable to setup curve");
        }

        outputInfo("about to create EC_KEY_new_by_curve_name");
        EC_KEY *key;
        if(NULL == (key = EC_KEY_new_by_curve_name(NID_brainpoolP256r1))) {
                outputERRORmess("unable to setup EC_KEY");
        }

        // now get the private key contained in CKA_VALUE via PKCS#111 and
place in *attrPrivate.pValue

                .......... (handle error)

        EC_POINT *pub;


        BIGNUM *prv = BN_bin2bn((unsigned char*)attrPrivate.pValue,
attrPrivate.ulValueLen, NULL);
        if (prv == NULL) {

        ...... (handle error)
        }

        if (1 != EC_KEY_set_private_key(key, prv)) {

                ........ (handle error)
        }

        if (1 != EC_POINT_mul(curve, pub, prv, NULL, NULL, ctx)) {
                outputInfo("unable to calculate the public key from the
HSM's private key using EC_POINT_mul");
                (handle error)

        }







--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Incompatible Object error from EC_POINT_mul

Nicola
Hi,

I did not run this in the debugger, but one issue is that you are not initializing `pub` before calling EC_POINT_mul : try adding

pub = EC_POINT_new(curve);
(and check for errors making sure pub is not null afterwards). 

Hope this helps! 


Best regards, 

Nicola


On Mon, Oct 8, 2018, 00:31 John Hughes <[hidden email]> wrote:
I'm trying to generate a public key from a private key generated on a HSM
(and obtained by calling PKCS#11). Everything works fine until I call
EC_POINT_mul - at which point I get the error message:

       error:100BB065:elliptic curve routines:ec_wNAF_mul:incompatible
objects

I have checked the BIGNUM conversion - and that seems to be fine. The key
pair on the HSM is also generated using brainpoolP256r1.

The basis of the code can be found at the end of the email. I'm basically
trying to follow the example provided in:
        https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography.

I'm using openssl 1.10h

Any pointers or help would be appreciated.


John

---------------------------------------------------------------


        BN_CTX *ctx;
        ctx = BN_CTX_new();
        if(!ctx) {
                outputInfo("unable to create openssl BN_CTX");
                return;
        }

        EC_GROUP *curve;

        outputInfo("about to create EC_GROUP_new_by_curve_name");
        if(NULL == (curve =
EC_GROUP_new_by_curve_name(NID_brainpoolP256r1))) {
                outputERRORmess("unable to setup curve");
        }

        outputInfo("about to create EC_KEY_new_by_curve_name");
        EC_KEY *key;
        if(NULL == (key = EC_KEY_new_by_curve_name(NID_brainpoolP256r1))) {
                outputERRORmess("unable to setup EC_KEY");
        }

        // now get the private key contained in CKA_VALUE via PKCS#111 and
place in *attrPrivate.pValue

                .......... (handle error)

        EC_POINT *pub;


        BIGNUM *prv = BN_bin2bn((unsigned char*)attrPrivate.pValue,
attrPrivate.ulValueLen, NULL);
        if (prv == NULL) {

        ...... (handle error)
        }

        if (1 != EC_KEY_set_private_key(key, prv)) {

                ........ (handle error)
        }

        if (1 != EC_POINT_mul(curve, pub, prv, NULL, NULL, ctx)) {
                outputInfo("unable to calculate the public key from the
HSM's private key using EC_POINT_mul");
                (handle error)

        }







--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users