static SCLError sTestECC(int keySize)
{
#define PTsize 32
SCLError err = kSCLError_NoErr;
int i;
uint8_t PT[PTsize];
uint8_t CT[256];
size_t CTlen = 0;
uint8_t DT[PTsize];
size_t DTlen = 0;
uint8_t pubKey[256];
size_t pubKeyLen = 0;
uint8_t privKey[256];
size_t privKeyLen = 0;
bool isPrivate = false;
size_t importKeySize = 0;
bool isANSIx963 = false;
// uint8_t tempBuf[256];
// unsigned long tempLen;
OPTESTLogInfo("\tECC-%d \n", keySize);
ECC_ContextRef ecc = kInvalidECC_ContextRef;
ECC_ContextRef eccPub = kInvalidECC_ContextRef;
// fill PT
for(i = 0; i< PTsize; i++) PT[i]= i;
err = ECC_Init(&ecc);
OPTESTLogVerbose("\t\tGenerate Pub Key (%ld bytes)\n", pubKeyLen);
err = ECC_Generate(ecc, keySize); CKERR;
err = ECC_Export_ANSI_X963( ecc, pubKey, sizeof(pubKey), &pubKeyLen);CKERR;
OPTESTLogVerbose("\t\tExport Public Key (%ld bytes)\n", pubKeyLen);
dumpHex(IF_LOG_DEBUG, pubKey, (int)pubKeyLen, 0);
err = ECC_Import_Info( pubKey, pubKeyLen, &isPrivate, &isANSIx963, &importKeySize );CKERR;
OPTESTLogVerbose("\t\t\t%d bit %s%s key\n", (int)importKeySize , isANSIx963 ?"ANSI x9.63 ":"", isPrivate ?"private":"public");
err = ECC_Export(ecc, true, privKey, sizeof(privKey), &privKeyLen);CKERR;
OPTESTLogVerbose("\t\tExport Private Key (%ld bytes)\n", privKeyLen);
dumpHex(IF_LOG_DEBUG, privKey, (int)privKeyLen, 0);
err = ECC_Import_Info( privKey, privKeyLen, &isPrivate, &isANSIx963, &importKeySize );CKERR;
OPTESTLogVerbose("\t\t\t%d bit %s%s key\n", (int)importKeySize , isANSIx963 ?"ANSI x9.63 ":"", isPrivate ?"private":"public");
// delete keys
if(ECC_ContextRefIsValid(ecc) ) ECC_Free(ecc );
ecc = kInvalidECC_ContextRef;
err = ECC_Init(&eccPub);
err = ECC_Import_ANSI_X963( eccPub, pubKey, pubKeyLen);CKERR;
importKeySize = 0;
err = ECC_KeySize(eccPub, &importKeySize);
OPTESTLogVerbose("\t\tImported %d bit public key\n", (int)importKeySize );
err = ECC_Encrypt(eccPub, PT, sizeof(PT), CT, sizeof(CT), &CTlen);CKERR;
OPTESTLogVerbose("\t\tEncrypt message: (%ld bytes)\n", CTlen);
dumpHex(IF_LOG_DEBUG, CT, (int)CTlen, 0);
err = ECC_Init(&ecc);
err = ECC_Import(ecc, privKey, privKeyLen);CKERR;
err = ECC_KeySize(ecc, &importKeySize);
OPTESTLogVerbose("\t\tImported %d bit private key\n", (int)importKeySize );
err = ECC_Decrypt(ecc, CT, CTlen, DT, sizeof(DT), &DTlen); CKERR;
/* check against know-answer */
err= compareResults( DT, PT, PTsize , kResultFormat_Byte, "ECC Decrypt"); CKERR;
OPTESTLogVerbose("\t\tDecrypted OK\n");
dumpHex(IF_LOG_DEBUG, DT, (int)DTlen, 0);
err = ECC_Sign(ecc, PT, sizeof(PT), CT, sizeof(CT), &CTlen);CKERR;
OPTESTLogVerbose("\t\tSigned message (%ld bytes)\n", CTlen);
dumpHex(IF_LOG_DEBUG, CT, (int)CTlen, 0);
err = ECC_Verify(ecc, CT, CTlen, PT, sizeof(PT));
OPTESTLogVerbose("\t\tVerify = %s\n", IsSCLError(err)?"fail":"pass");
PT[3]= 9;
err = ECC_Verify(ecc, CT, CTlen, PT, sizeof(PT));
OPTESTLogVerbose("\t\tVerify bad packet = %s\n", IsSCLError(err)?"fail":"pass");
if(err == kSCLError_BadIntegrity) err = kSCLError_NoErr;
OPTESTLogVerbose("\n");
done:
if(ECC_ContextRefIsValid(ecc) ) ECC_Free(ecc );
if(ECC_ContextRefIsValid(eccPub)) ECC_Free(eccPub);
return err;
}
SCLError sTestECC_DH(int keySize)
{
SCLError err = kSCLError_NoErr;
uint8_t pubKey1[256];
size_t pubKeyLen1 = 0;
uint8_t privKey1[256];
size_t privKeyLen1 = 0;
uint8_t pubKey2[256];
size_t pubKeyLen2 = 0;
uint8_t privKey2[256];
size_t privKeyLen2 = 0;
ECC_ContextRef eccPriv = kInvalidECC_ContextRef;
ECC_ContextRef eccPub = kInvalidECC_ContextRef;
uint8_t Z1 [256];
size_t Zlen1;
uint8_t Z2 [256];
size_t Zlen2;
OPTESTLogInfo("\tTesting ECC-DH (%d)\n", keySize);
/* create keys */
OPTESTLogDebug("\t\tGenerate Key 1\n");
err = ECC_Init(&eccPriv); CKERR;
err = ECC_Generate(eccPriv, keySize ); CKERR;
err = ECC_Export_ANSI_X963( eccPriv, pubKey1, sizeof(pubKey1), &pubKeyLen1);CKERR;
err = ECC_Export(eccPriv, true, privKey1, sizeof(privKey1), &privKeyLen1);CKERR;
OPTESTLogDebug("\t\tKey 1 Pub/Priv (%ld,%ld) bytes\n", pubKeyLen1, privKeyLen1);
OPTESTLogDebug("\t\tPublic\n");
dumpHex(IF_LOG_DEBUG, pubKey1, (int)pubKeyLen1, 0);
OPTESTLogDebug("\t\tPrivate\n");
dumpHex(IF_LOG_DEBUG, privKey1, (int)privKeyLen1, 0);
OPTESTLogDebug("\n");
if(ECC_ContextRefIsValid(eccPriv) ) ECC_Free(eccPriv );
eccPriv = kInvalidECC_ContextRef;
OPTESTLogDebug("\t\tGenerate Key 2\n");
err = ECC_Init(&eccPriv); CKERR;
err = ECC_Generate(eccPriv, keySize ); CKERR;
err = ECC_Export_ANSI_X963( eccPriv, pubKey2, sizeof(pubKey2), &pubKeyLen2);CKERR;
err = ECC_Export(eccPriv, true, privKey2, sizeof(privKey2), &privKeyLen2);CKERR;
OPTESTLogDebug("\t\tKey 2 Pub/Priv (%ld,%ld) bytes\n", pubKeyLen2, privKeyLen2);
OPTESTLogDebug("\t\tPublic\n");
dumpHex(IF_LOG_DEBUG, pubKey2, (int)pubKeyLen2, 0);
OPTESTLogDebug("\t\tPrivate\n");
dumpHex(IF_LOG_DEBUG, privKey2, (int)privKeyLen2, 0);
OPTESTLogDebug("\n");
// delete keys
if(ECC_ContextRefIsValid(eccPriv) ) ECC_Free(eccPriv );
eccPriv = kInvalidECC_ContextRef;
OPTESTLogDebug("\t\tCalculate Secret for Key1 -> Key2\n");
err = ECC_Init(&eccPriv);
err = ECC_Import(eccPriv, privKey1, privKeyLen1);CKERR;
err = ECC_Init(&eccPub);
err = ECC_Import_ANSI_X963( eccPub, pubKey2, pubKeyLen2);CKERR;
/* Kdk = MAC(Htotal,Z) where Z is the DH of Pki and PKr */
Zlen1 = sizeof(Z1);
err = ECC_SharedSecret(eccPriv, eccPub, Z1, sizeof(Z1), &Zlen1);CKERR;
OPTESTLogVerbose("\t\tECC Shared Secret (Z1): (%ld bytes)\n",Zlen1);
dumpHex(IF_LOG_DEBUG, Z1, (int)Zlen1 , 0);
OPTESTLogDebug("\n");
// delete keys
if(ECC_ContextRefIsValid(eccPriv) ) ECC_Free(eccPriv );
eccPriv = kInvalidECC_ContextRef;
// delete keys
if(ECC_ContextRefIsValid(eccPub) ) ECC_Free(eccPub );
eccPub = kInvalidECC_ContextRef;
OPTESTLogDebug("\t\tCalculate Secret for Key2 -> Key1\n");
err = ECC_Init(&eccPriv);
err = ECC_Import(eccPriv, privKey2, privKeyLen2);CKERR;
err = ECC_Init(&eccPub);
err = ECC_Import_ANSI_X963( eccPub, pubKey1, pubKeyLen1);CKERR;
/* Kdk = MAC(Htotal,Z) where Z is the DH of Pki and PKr */
Zlen2 = sizeof(Z2);
err = ECC_SharedSecret(eccPriv, eccPub, Z2, sizeof(Z2), &Zlen2);CKERR;
OPTESTLogVerbose("\t\tECC Shared Secret (Z2): (%ld bytes)\n",Zlen2);
dumpHex(IF_LOG_DEBUG, Z2, (int)Zlen2 , 0);
OPTESTLogDebug("\n");
OPTESTLogVerbose("\t\tCompare Secrets\n");
err = compare2Results(Z1, Zlen1, Z2, Zlen2, kResultFormat_Byte, "ECC Shared Secret");CKERR;
done:
if(eccPriv)
{
ECC_Free(eccPriv);
eccPriv = kInvalidECC_ContextRef;
}
if(eccPub)
{
ECC_Free(eccPub);
eccPub = kInvalidECC_ContextRef;
}
return err;
}
static SCLError sSCKeyTest2(SCKeySuite keySuite, SCKeySuite lockingKeySuite)
{
SCLError err = kSCLError_NoErr;
SCKeyContextRef sKey = kInvalidSCKeyContextRef;
SCKeyContextRef key1 = kInvalidSCKeyContextRef;
SCKeyContextRef key2 = kInvalidSCKeyContextRef;
SCKeyContextRef signKey = kInvalidSCKeyContextRef;
ECC_ContextRef ecc = kInvalidECC_ContextRef;
SCKeySuite keyType;
SCKeySuite keyType1;
SCKeyPropertyType propType;
Cipher_Algorithm algorithm = kCipher_Algorithm_Invalid;
size_t symKeyLen = 0;
uint8_t* keyData = NULL;
size_t keyDataLen = 0;
uint8_t* keyData1 = NULL;
size_t keyDataLen1 = 0;
size_t ecckeysize = 0;
uint8_t symKey[32];
uint8_t IV[32];
char* user1 = "*****@*****.**";
char* user2 = "*****@*****.**";
char comment[256] = {0};
char* nonce = "some stupid nonce data";
time_t startDate = time(NULL) ;
time_t expireDate = startDate + (3600 * 24);
time_t date1;
char* commentProperty = "comment";
bool isLocked = true;
sprintf(comment,"Optest %s ECC Key", sckey_suite_table(keySuite));
OPTESTLogInfo("\tTesting %s Key Save/Restore using %s\n",
sckey_suite_table(keySuite),sckey_suite_table(lockingKeySuite));
switch (keySuite) {
case kSCKeySuite_ECC384:
ecckeysize = 384;
break;
case kSCKeySuite_ECC414:
ecckeysize = 414;
break;
default:
RETERR(kSCLError_BadParams);
break;
}
// fixed SYM key test
for(int i = 0; i< sizeof(symKey); i++) symKey[i] = i;
for(int i = 0; i< sizeof(IV); i++) IV[i] = i;
// create a SCKey with sym data
err = SCKeyImport_Symmetric(lockingKeySuite, symKey, (uint8_t*)nonce, strlen(nonce), &sKey); CKERR;
err = SCKeyCipherForKeySuite(lockingKeySuite, &algorithm, &symKeyLen); CKERR;
err = SCKeySetProperty (sKey, kSCKeyProp_IV, SCKeyPropertyType_Binary, IV, symKeyLen ); CKERR;
OPTESTLogVerbose("\t\tGenerate %d bit ECC key \n", ecckeysize);
err = ECC_Init(&ecc);
err = ECC_Generate(ecc, ecckeysize); CKERR;
OPTESTLogVerbose("\t\tImport %d bit ECC key to SCKEy \n", ecckeysize);
err = SCKeyImport_ECC( ecc, (uint8_t*)nonce, strlen(nonce), &key1); CKERR;
ECC_Free(ecc );
ecc = kInvalidECC_ContextRef;
err = SCKeySetProperty (key1, commentProperty, SCKeyPropertyType_UTF8String, comment, strlen(comment) ); CKERR;
err = SCKeySetProperty(key1, kSCKeyProp_StartDate, SCKeyPropertyType_Time , &startDate, sizeof(time_t)); CKERR;
err = SCKeySetProperty(key1, kSCKeyProp_ExpireDate, SCKeyPropertyType_Time , &expireDate, sizeof(time_t)); CKERR;
err = SCKeySetProperty (key1, kSCKeyProp_Owner, SCKeyPropertyType_UTF8String, user1, strlen(user1) ); CKERR;
// create a signing key to sign test wkey with
err = SCKeyNew(keySuite, (uint8_t*)nonce, strlen(nonce), &signKey); CKERR;
err = SCKeySetProperty (signKey, kSCKeyProp_Owner, SCKeyPropertyType_UTF8String, user2 , strlen(user2) ); CKERR;
err = SCKeySignKey( signKey, key1,NULL); CKERR;
// serialize it
err = SCKeySerialize(key1, &keyData, &keyDataLen); CKERR;
OPTESTLogDebug("\t\tPublic Key Packet: (%ld bytes)\n%s\n",keyDataLen, (char*)keyData);
XFREE(keyData); keyData = NULL;
err = SCKeySerializePrivateWithSCKey(key1, sKey, &keyData, &keyDataLen); CKERR;
OPTESTLogDebug("\t\tPrivate Key Packet: (%ld bytes)\n%s\n",keyDataLen, (char*)keyData);
OPTESTLogVerbose("\t\tImport Private Key Packet \n" );
err = SCKeyDeserialize(keyData, keyDataLen, &key2);CKERR;
XFREE(keyData); keyData = NULL;
OPTESTLogVerbose("\t\tUnlock Private Key Packet \n" );
err = SCKeyIsLocked(key2,&isLocked); CKERR;
// the freshly iported key should be locked
ASSERTERR(!isLocked, kSCLError_SelfTestFailed);
err = SCKeyUnlockWithSCKey(key2, sKey); CKERR;
// check reimport
OPTESTLogVerbose("\t\tCompare Deserialized Key \n" );
err = SCKeyGetProperty(key2, kSCKeyProp_SCKeySuite, NULL, &keyType1, sizeof(SCKeySuite), NULL); CKERR;
err = compareResults(&keyType, &keyType, sizeof(SCKeySuite), kResultFormat_Byte, "keySuite");CKERR;
err = SCKeyGetAllocatedProperty(key1, kSCKeyProp_Locator,NULL, (void*)&keyData , &keyDataLen); CKERR;
err = SCKeyGetAllocatedProperty(key2, kSCKeyProp_Locator,&propType, (void*)&keyData1 , &keyDataLen1); CKERR;
ASSERTERR(propType != SCKeyPropertyType_Binary, kSCLError_SelfTestFailed);
err = compareResults(keyData, keyData1, keyDataLen, kResultFormat_Byte, "locator");CKERR;
XFREE(keyData); keyData = NULL;
XFREE(keyData1); keyData1 = NULL;
err = SCKeyGetProperty(key2, kSCKeyProp_StartDate, &propType, &date1, sizeof(time_t), &keyDataLen); CKERR;
ASSERTERR(propType != SCKeyPropertyType_Time, kSCLError_SelfTestFailed);
err = compareResults(&startDate, &date1, sizeof(time_t), kResultFormat_Byte, "startDate");CKERR;
err = SCKeyGetProperty(key2, kSCKeyProp_ExpireDate, &propType, &date1, sizeof(time_t), &keyDataLen); CKERR;
ASSERTERR(propType != SCKeyPropertyType_Time, kSCLError_SelfTestFailed);
err = compareResults(&expireDate, &date1, sizeof(time_t), kResultFormat_Byte, "expireDate");CKERR;
// TODO: we need to add code in SCKeys to xport the key signatures and verify them
OPTESTLogVerbose(" \n" );
done:
if(ECC_ContextRefIsValid(ecc) )
ECC_Free(ecc );
if(SCKeyContextRefIsValid(key1))
SCKeyFree(key1);
if(SCKeyContextRefIsValid(key2))
SCKeyFree(key2);
if(keyData)
XFREE(keyData);
if(keyData1)
XFREE(keyData1);
return err;
};
static SCLError scSaveRestoreKeyTest(SCKeySuite storageKeySuite, SCKeySuite eccKeySuite )
{
SCLError err = kSCLError_NoErr;
SCKeyContextRef sKey = kInvalidSCKeyContextRef; // storage key
SCKeyContextRef signKey = kInvalidSCKeyContextRef;
SCKeyContextRef pKey = kInvalidSCKeyContextRef; // pbdkf2 encrypted storage key
Cipher_Algorithm algorithm = kCipher_Algorithm_Invalid;
size_t symKeyLen = 0;
time_t startDate = time(NULL) ;
time_t expireDate = startDate + (3600 * 24);
char* user1 = "*****@*****.**";
uint8_t* keyData = NULL;
size_t keyDataLen = 0;
uint8_t* sKeyData = NULL;
size_t sKeyDataLen = 0;
bool isLocked = true;
char* passPhrase = "Pedicabo ego vos et irrumabo";
// used for comparison test
ECC_ContextRef ecc = kInvalidECC_ContextRef;
ECC_ContextRef ecc1 = kInvalidECC_ContextRef;
OPTESTLogInfo("\tTesting SCKeys %s Save/Restore using %s\n", sckey_suite_table(eccKeySuite), sckey_suite_table(storageKeySuite));
// setup a storage key for the private SCC key */
// we do this code just one time and export the encrypted passphrase for later use.
char* nonce = "some stupid nonce data";
uint8_t IV[32];
err = SCKeyCipherForKeySuite(storageKeySuite, &algorithm, &symKeyLen); CKERR;
err = RNG_GetBytes(IV,symKeyLen); CKERR;
err = SCKeyNew(storageKeySuite, (uint8_t*)nonce, strlen(nonce), &sKey); CKERR;
err = SCKeySetProperty (sKey, kSCKeyProp_IV, SCKeyPropertyType_Binary, IV , symKeyLen ); CKERR;
err = SCKeyEncryptToPassPhrase(sKey, (const uint8_t*)passPhrase, strlen(passPhrase), &pKey); CKERR;
err = SCKeySerialize(pKey, &sKeyData, &sKeyDataLen); CKERR;
OPTESTLogVerbose("\t\tExport storage key (%d bytes)\n", (int)sKeyDataLen );
OPTESTLogDebug("\t\tEncrypted Storage Key Packet: (%ld bytes)\n%s\n",sKeyDataLen, (char*)sKeyData);
SCKeyFree(pKey); pKey = NULL;
/* create a signing key for things like voicemail, etc */
err = SCKeyNew(eccKeySuite, (uint8_t*)nonce, strlen(nonce), &signKey); CKERR;
err = SCKeySetProperty (signKey, kSCKeyProp_Owner, SCKeyPropertyType_UTF8String, user1 , strlen(user1) ); CKERR;
err = SCKeySetProperty(signKey, kSCKeyProp_StartDate, SCKeyPropertyType_Time , &startDate, sizeof(time_t)); CKERR;
err = SCKeySetProperty(signKey, kSCKeyProp_ExpireDate, SCKeyPropertyType_Time , &expireDate, sizeof(time_t)); CKERR;
// used for testing
err = SCKeyExport_ECC(signKey, &ecc); CKERR;
/* save the private ecc key */
err = SCKeySerializePrivateWithSCKey(signKey, sKey, &keyData, &keyDataLen); CKERR;
OPTESTLogVerbose("\t\tExport ECC key (%d bytes)\n", (int)keyDataLen );
OPTESTLogDebug("\t\tPrivate Key Packet: (%ld bytes)\n%s\n",keyDataLen, (char*)keyData);
SCKeyFree(sKey); sKey = NULL;
SCKeyFree(signKey); signKey = NULL;
// pretend we readin keyData and sKeyData from some device..
OPTESTLogVerbose("\t\tReconstitute the storage key \n" );
// reconstitute the storage key
err = SCKeyDeserialize(sKeyData, strlen((char*) sKeyData) , &pKey); CKERR;
err = SCKeyDecryptFromPassPhrase(pKey, (const uint8_t*)passPhrase, strlen(passPhrase), &sKey); CKERR;
// resconstitute the ECC key
OPTESTLogVerbose("\t\tReconstitute the ECC key \n" );
err = SCKeyDeserialize(keyData, strlen((char*) keyData) , &signKey); CKERR;
OPTESTLogVerbose("\t\tUnlock Private Key Packet \n" );
err = SCKeyUnlockWithSCKey(signKey, sKey); CKERR;
err = SCKeyIsLocked(signKey,&isLocked); CKERR;
ASSERTERR(isLocked, kSCLError_SelfTestFailed);
OPTESTLogVerbose("\t\tConsistency check of reimported key \n" );
{
uint8_t pk[128];
size_t pkLen = sizeof (pk);
uint8_t pk1[128];
size_t pk1Len = sizeof (pk1);
uint8_t privKey[256];
size_t privKeyLen = sizeof (privKey);
uint8_t privKey1[256];
size_t privKey1Len = sizeof (privKey1);
err = SCKeyExport_ECC(signKey, &ecc1); CKERR;
err = ECC_Export_ANSI_X963(ecc , pk, pkLen, &pkLen);
err = ECC_Export_ANSI_X963(ecc1 , pk1, pk1Len, &pk1Len);
err = compare2Results(pk, pkLen, pk1, pk1Len, kResultFormat_Byte, "ECC public Key");
err = ECC_Export(ecc, true, privKey, sizeof(privKey), &privKeyLen);CKERR;
err = ECC_Export(ecc1, true, privKey1, sizeof(privKey1), &privKey1Len);CKERR;
err = compare2Results(privKey, privKeyLen, privKey1, privKey1Len, kResultFormat_Byte, "ECC private Key");
}
done:
OPTESTLogDebug("\n" );
if(ECC_ContextRefIsValid(ecc))
ECC_Free(ecc);
if(ECC_ContextRefIsValid(ecc1))
ECC_Free(ecc1);
if(SCKeyContextRefIsValid(pKey))
SCKeyFree(pKey);
if(SCKeyContextRefIsValid(pKey))
SCKeyFree(pKey);
if(SCKeyContextRefIsValid(signKey))
SCKeyFree(signKey);
if(SCKeyContextRefIsValid(sKey))
SCKeyFree(sKey);
return err;
}
int TestECC_DH()
{
int err = CRYPT_OK;
ECC_ContextRef key1 = NULL;
ECC_ContextRef key2 = NULL;
uint8_t keyBuf[512];
unsigned long keyLen = 0;
uint8_t Z [256];
unsigned long x;
int i;
#define ECC_KEY_SIZE 384
printf("\nTesting ECC-DH (%d)\n\n", ECC_KEY_SIZE);
for(i = 0; i <1; i++)
{
printf("----------Key Set %d ----------\n\n", i);
/* create keys */
err = ECC_Init(&key1); CKERR;
err = ECC_Generate(key1, ECC_KEY_SIZE ); CKERR;
err = ECC_Init(&key2); CKERR;
err = ECC_Generate(key2, ECC_KEY_SIZE ); CKERR;
printf("Key1 \n");
err = ECC_Export(key1, false, keyBuf, sizeof(keyBuf), &keyLen); CKERR;
printf("\tPub Key (%ld bytes)\n", keyLen);
dumpHex(keyBuf, keyLen,0);
err = ECC_Export(key1, true, keyBuf, sizeof(keyBuf), &keyLen); CKERR;
printf("\n\tPriv Key (%ld bytes)\n", keyLen);
dumpHex(keyBuf, keyLen,0);
printf("\nKey2 \n");
err = ECC_Export(key2, false, keyBuf, sizeof(keyBuf), &keyLen); CKERR;
printf("\tPub Key (%ld bytes)\n", keyLen);
dumpHex(keyBuf, keyLen,0);
/* Kdk = MAC(Htotal,Z) where Z is the DH of Pki and PKr */
x = sizeof(Z);
err = ECC_SharedSecret(key1, key2, Z, sizeof(Z), &x);
/* at this point we dont need the ECC keys anymore. Clear them */
printf("\nECC Shared Secret (Z): (%ld bytes)\n",x);
dumpHex(Z, x , 0);
printf("\n");
if(key1)
{
ECC_Free(key1);
key1 = kInvalidECC_ContextRef;
}
if(key2)
{
ECC_Free(key2);
key2 = kInvalidECC_ContextRef;
}
}
done:
if(key1)
{
ECC_Free(key1);
key1 = kInvalidECC_ContextRef;
}
if(key2)
{
ECC_Free(key2);
key2 = kInvalidECC_ContextRef;
}
return err;
}