I am trying to identify the functions needed to decrypt a provided CEK. I have my own private key and public key, the ephemeral key and 32 bytes of random UKM provided by the server. It isn’t clear exactly how to proceed with this information. Currently trying to load the private and public keys into a ecdh context. Then add the ephemeral key to the context as the other private key.

Next going to try mbedtls_ecdh_calc_secret using the ecdh context and pointing the random data to the UKM. This has not yet successes and I am thinking I have missed something.

Can someone tell me how far off I am?