Hello,

I am trying to do the ECDH shared secret computation using the mbedTLS library. I am referring to multiple examples such as ecdh_curve25519.c and ecdh_main.c.

In my case, in my application firmware, I already have a device _priv key and I receive a server_public key; both generated using a curve ECP_DP_SECP256R1 in the bootloader itself. So in the application firmware, I would like to do generate a shared secret from here on and preserve it for future use.

The following is the steps that I do:

  1. Create a new client context, entropy context, ctr_drbg context variables.
  2. use mbedtls_“respective”_init() to initalize all the three variables
  3. Seed a random number using mbedtls_ctr_drbg_seed() function.
  4. load the P256 elliptic curve in client context using mbedtls_ecp_group_load()
  5. Then use mbedtls_mpi_lset() to set Qp.Z =1
  6. Then read the server pub key using mbedtls_mpi_read_binary(&ctx_cli.Qp.X, server_pub, 65);
  7. Now the question is: Should I initialize the ctx_cli with my already generated device_priv key using
    mbedtls_mpi_read_binary(&ctx_cli.d, device_priv_key, 50) ?
  8. Then I use mbedtls_ecdh_compute_shared(&ctx_cli.grp, &ctx_cli.z, &ctx_cli.Qp, &ctx_cli.d, mbedtls_ctr_drbg_random, &ctr_drbg); to compute the shared secret in z.

Questions:
1. Do I need to generate a keypair for client context using mbedtls_ecdh_gen_public(&ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q, mbedtls_ctr_drbg_random, &ctrDrbg)? And then set pvtkey as device priv key and pub key as service pub key?

2. I see that ctx_cli.Q has two components, Q.x and Q.y. How do I extract these two values from a public key? Do I need to separately initialize them?

Please let me know if the flow is correct. In all the examples, they generate a key pair and just update the public key part (Qp.X) of the key. They do not touch the private key part (d) of the key. Please confirm if I can upload my private key directly in my case.

Also if my platform is a little endian, is there a recommended step before using mbedtls_mpi_read_binary_le functions?

Thanks so much for your help in advance!

Thanks,
Abhilash

 

 

From: Abhilash Iyer
Sent: Monday, April 27, 2020 11:25 AM
To: mbed-tls@lists.trustedfirmware.org
Subject:

 

Hello,

I am trying to do the ECDH shared secret computation using the mbedTLS library. I am referring to multiple examples such as ecdh_curve25519.c and ecdh_main.c.

In my case, in my application firmware, I already have a device _priv key and I receive a server_public key; both generated using a curve ECP_DP_SECP256R1 in the bootloader itself. So in the application firmware, I would like to do generate a shared secret from here on and preserve it for future use.

The following is the steps that I do:

  1. Create a new client context, entropy context, ctr_drbg context variables.
  2. use mbedtls_“respective”_init() to initalize all the three variables
  3. Seed a random number using mbedtls_ctr_drbg_seed() function.
  4. load the P256 elliptic curve in client context using mbedtls_ecp_group_load()
  5. Then use mbedtls_mpi_lset() to set Qp.Z =1
  6. Then read the server pub key using mbedtls_mpi_read_binary(&ctx_cli.Qp.X, server_pub, 65);
  7. Now the question is: Should I initialize the ctx_cli with my already generated device_priv key using
    mbedtls_mpi_read_binary(&ctx_cli.d, device_priv_key, 50) ?
  8. Then I use mbedtls_ecdh_compute_shared(&ctx_cli.grp, &ctx_cli.z, &ctx_cli.Qp, &ctx_cli.d, mbedtls_ctr_drbg_random, &ctr_drbg); to compute the shared secret in z.

Questions:
1. Do I need to generate a keypair for client context using mbedtls_ecdh_gen_public(&ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q, mbedtls_ctr_drbg_random, &ctrDrbg)? And then set pvtkey as device priv key and pub key as service pub key?

2. I see that ctx_cli.Q has two components, Q.x and Q.y. How do I extract these two values from a public key? Do I need to separately initialize them?

Please let me know if the flow is correct. In all the examples, they generate a key pair and just update the public key part (Qp.X) of the key. They do not touch the private key part (d) of the key. Please confirm if I can upload my private key directly in my case.

Also if my platform is a little endian, is there a recommended step before using mbedtls_mpi_read_binary_le functions?

Thanks so much for your help in advance!

Thanks,
Abhilash

 

 

Sent from Mail for Windows 10