Arm Mbed OS support forum

MbedTLS ECDH parameter exchange NOT curve 25519

Hi all,

I tried reviving an old thread on this topic, but turns out it’s dead, which was anticipated. I’m fairly new to all this, but this is what I am trying to do:

I have found several threads/replies on on the ECDH exchange process, and all of them are effectively:
the 25519 curve example, to which follow ups say "well, that’s not how we do it for every other curve, it’s “special”. and invariably, “for a better example, look at the tests”

Problem, the tests fail to show the key part, the actual key exchange. In the tests, the mbedtls_ecdh_context for both server and client are resident in the same code space, so some other mbedtls functions are used to “read” the peer public data.

How do I do this same processes, with say, one of the nist curves? say, MBEDTLS_ECP_DP_SECP192R1 or the like?

Just swapping out CURVE25519 for SECP192R1 as the curve ID from this example doesn’t work.

Is there any real example of doing the whole end to end process from two separate devices out there with a different curve, and that is not buried in the tests?

I’m ok if “both sides” are in the same example file, like the 25519 example, but that example independently creates both “sides” of the exchange, writes the public keys into buffers, skips the actual physical transfer, but it’s equivalent, reads the “peer” public key back in on both “sides”, and does the shared secrets generation for each side, and compares them. sorry, I have tried to figure this out, and I think this curve25519 has made it worse for me.

I appreciate any help in advance.

Jay

I forgot to add something. When I did just replace the curve25519 example code with the different nist curve, I was able to generate the server side, share the public key with a mobile app, and it did come up with a shared key. I am assuming they have failed to perform a check on that side, since when trying the public key myself MBEDTLS throws an error. Not sure if that helps.

Jay