Arm Mbed and Pelion Device Management support forum

How to write a Curve448/25519 key using PEM/DER?

Hi,
I am trying to write ECDSA keys into a buffer using PEM and / or DER.
I have the following code:
mbedtls_pk_context pkContext;
mbedtls_ecdsa_context ecdsaContext;
mbedtls_ecdsa_init(&ecdsaContext);
int ret = mbedtls_ecdsa_genkey(&ecdsaContext, ecpGroupId, mbedtls_ctr_drbg_random, ctrDrbgContext);
ret = mbedtls_pk_setup(&pkContext, mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA));
ret = mbedtls_mpi_copy(&mbedtls_pk_ec(pkContext)->d, &ecdsaContext.d);
ret = mbedtls_ecp_copy(&mbedtls_pk_ec(pkContext)->Q, &ecdsaContext.Q);
ret = mbedtls_ecp_group_copy(&mbedtls_pk_ec(pkContext)->grp, &ecdsaContext.grp);
ret = mbedtls_pk_write_pubkey_pem(&pkContext, pubBuffer, FMC_PUB_KEY_EXPORT_SIZE);
ret = mbedtls_pk_write_key_pem(&pkContext, privBuffer, FMC_PRIV_KEY_EXPORT_SIZE);

I then get the error “MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE” inside the mbedtls_pk_write_pubkey() function in pkwrite.c. If i instead change the type in the setup call to MBEDTLS_PK_ECKEY (like suggested here https://tls.mbed.org/discussions/generic/how-to-store-a-ecdsa-context ), i get MBEDTLS_ERR_OID_NOT_FOUND at line 134 of the oid.c file because these two curves are not part of the oid_ecp_grp list.

What am i doing wrong? Thank you!

Hi @dlorych
Thank you for your question.
Yes, you should be using MBEDTLS_PK_ECKEY

The reason you get this failure, is because as you said, the Montgomery( e.g. 448, 25529 ) curves are not part of oid_ecp_grp list. This is because the Montgomery curves are not fully supported, including support for writing the keys ( or parsing for that attribute)

Regards
Mbed TLS Support
Ron