ECDH Computation on STM32 platform - mbed-tls

28 Apr 2020


      Hello,
I am trying to do the ECDH shared secret computation using the mbedTLS library. I am referring to multiple examples such as ecdh_curve25519.chttps://github.com/ARMmbed/mbedtls/blob/development/programs/pkey/ecdh_curve25519.c and ecdh_main.chttps://github.com/SiliconLabs/peripheral_examples/blob/master/series2/se/se_ecdh/src/main.c.
In my case, in my application firmware, I already have a device _priv key and I receive a server_public key; both generated using a curve ECP_DP_SECP256R1 in the bootloader itself. So in the application firmware, I would like to do generate a shared secret from here on and preserve it for future use.
The following is the steps that I do:
1.  Create a new client context, entropy context, ctr_drbg context variables.
  2.  use mbedtls_"respective"_init() to initalize all the three variables
  3.  Seed a random number using mbedtls_ctr_drbg_seed() function.
  4.  load the P256 elliptic curve in client context using mbedtls_ecp_group_load()
  5.  Then use mbedtls_mpi_lset() to set Qp.Z =1
  6.  Then read the server pub key using mbedtls_mpi_read_binary(&ctx_cli.Qp.X, server_pub, 65);
  7.  Now the question is: Should I initialize the ctx_cli with my already generated device_priv key using
mbedtls_mpi_read_binary(&ctx_cli.d, device_priv_key, 50) ?
  8.  Then I use mbedtls_ecdh_compute_shared(&ctx_cli.grp, &ctx_cli.z, &ctx_cli.Qp, &ctx_cli.d, mbedtls_ctr_drbg_random, &ctr_drbg); to compute the shared secret in z.
Questions:
1. Do I need to generate a keypair for client context using mbedtls_ecdh_gen_public(&ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q, mbedtls_ctr_drbg_random, &ctrDrbg)? And then set pvtkey as device priv key and pub key as service pub key?
2. I see that ctx_cli.Q has two components, Q.x and Q.y. How do I extract these two values from a public key? Do I need to separately initialize them?
Please let me know if the flow is correct. In all the examples, they generate a key pair and just update the public key part (Qp.X) of the key. They do not touch the private key part (d) of the key. Please confirm if I can upload my private key directly in my case.
Also if my platform is a little endian, is there a recommended step before using mbedtls_mpi_read_binary_le functions?
Thanks so much for your help in advance!
Thanks,
Abhilash
From: Abhilash Iyer
Sent: Monday, April 27, 2020 11:25 AM
To: mbed-tls@lists.trustedfirmware.org
Subject:
Hello,
I am trying to do the ECDH shared secret computation using the mbedTLS library. I am referring to multiple examples such as ecdh_curve25519.chttps://github.com/ARMmbed/mbedtls/blob/development/programs/pkey/ecdh_curve25519.c and ecdh_main.chttps://github.com/SiliconLabs/peripheral_examples/blob/master/series2/se/se_ecdh/src/main.c.
In my case, in my application firmware, I already have a device _priv key and I receive a server_public key; both generated using a curve ECP_DP_SECP256R1 in the bootloader itself. So in the application firmware, I would like to do generate a shared secret from here on and preserve it for future use.
The following is the steps that I do:
1.  Create a new client context, entropy context, ctr_drbg context variables.
  2.  use mbedtls_"respective"_init() to initalize all the three variables
  3.  Seed a random number using mbedtls_ctr_drbg_seed() function.
  4.  load the P256 elliptic curve in client context using mbedtls_ecp_group_load()
  5.  Then use mbedtls_mpi_lset() to set Qp.Z =1
  6.  Then read the server pub key using mbedtls_mpi_read_binary(&ctx_cli.Qp.X, server_pub, 65);
  7.  Now the question is: Should I initialize the ctx_cli with my already generated device_priv key using
mbedtls_mpi_read_binary(&ctx_cli.d, device_priv_key, 50) ?
  8.  Then I use mbedtls_ecdh_compute_shared(&ctx_cli.grp, &ctx_cli.z, &ctx_cli.Qp, &ctx_cli.d, mbedtls_ctr_drbg_random, &ctr_drbg); to compute the shared secret in z.
Questions:
1. Do I need to generate a keypair for client context using mbedtls_ecdh_gen_public(&ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q, mbedtls_ctr_drbg_random, &ctrDrbg)? And then set pvtkey as device priv key and pub key as service pub key?
2. I see that ctx_cli.Q has two components, Q.x and Q.y. How do I extract these two values from a public key? Do I need to separately initialize them?
Please let me know if the flow is correct. In all the examples, they generate a key pair and just update the public key part (Qp.X) of the key. They do not touch the private key part (d) of the key. Please confirm if I can upload my private key directly in my case.
Also if my platform is a little endian, is there a recommended step before using mbedtls_mpi_read_binary_le functions?
Thanks so much for your help in advance!
Thanks,
Abhilash
Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10