ARMmbed

TLS 1.2 with Public Key pinning

Working on TLS Connectivity with Mutual Authentication. The TLS server has a certificate signed by our Private PKI CA, and client has public/private key pair(Not signed by CA).

The normal one way authentication is working fine - and it uses TLS1.2. I heard about public key pinning. To enable Mutual Authentication, I am trying to copy the client’s public key to server. But stuck and don’t know how to proceed. Any example for PublicKey pinning for TLS.

Currently, our infrastructure cannot support to get <isolated from CA; only server has access to CA> Client’s public key certified.

Note, the client & server would be same party for over a period of time, say few years. But might reboot often and might do re-Handshake. Could we optimize anything?

Thanks

Hi @gopi219 Thank you for your question!

If I am not mistaking, Public Key Pinning (HPKP) is part of the HTTP protocol, as defined in RFC 7469, therefore, we don’t have an example in Mbed TLS for such a feature.
Where are you stuck? Does the server have the Public key?

As for your second question, have you considered using session resumption? After you reboot, you may consider resume a previous saved session, if available.
Regards,
Mbed TLS Team member
Ron

I am having pubKey of EcKey given by client device. It looks like

-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBJ/jgITulqv0tZ+Ag3OfJPQL5bqYG
1Qsd09HyoP01sJUlkf5GtFDZyA7kjy6cl5IYxoQ9LrIfRAJkuBgT60RgaKMAPDGj
Bs6GpURtnbBVo85PyiIe4mcnyDaQEVtWC8lGxRnT2AvZMql9KJhwYesaIfjrhMQj
BtZZP+kiAlu4vTLGonQ=
-----END PUBLIC KEY-----

On Server, I saved it to, /opt/app/peerk.pem and macro PEER_KEY_FILE defines full path

mbedtls_pk_parse_public_keyfile( ctx, PEER_KEY_FILE );

returns -0x3e80, I tried adding new line at EOF, give a+r permission. This key was generated by a program that uses ./gen_ken in backend and sends pubkey to server in another non-tls channel.
Public key extracted using fn:
mbedtls_pk_write_pubkey_pem

Thanks,

Hi gopi219,

There seems to be something wrong with this public key. It has the right format, but the content is mathematically invalid. That’s why Mbed TLS refuses to import it. With a debugger I can see that it fails in ecp_check_pubkey_sw, meaning that the coordinates in the file are not on the curve. OpenSSL makes the same complaint: 139679113352856:error:1006706B:elliptic curve routines:ec_GFp_simple_oct2point:point is not on curve:ecp_oct.c:417:

So there must be something wrong with the key generation, but I don’t know what it could be. I tried programs/pkey/gen_key in Mbed TLS and it produced a correct key.

Regards,
Gilles Peskine — Mbed TLS team member

Is it possible?

Instead of doing handshake with certificate and cachain verification process. Like to perform TLS only with public keys. As they are micro-client and micro-server devices running on low power, X.509 and PKI would be cumbersome. Does mbedtls has anything to offer?

Hi @gopi219
If you control both client and server, have you considered using a PSK ciphersuite ?(Pre Shared Key)
If you can’t use such ciphersuite, then you will need a certificate based ciphersuite, and there isn’t a way to authenticate with public keys only.
Regards,
Ron