ARMmbed

Using an Ephemeral Key as outlined in RFC 5753

I am trying to identify the functions needed to decrypt a provided CEK. I have my own private key and public key, the ephemeral key and 32 bytes of random UKM provided by the server. It isn’t clear exactly how to proceed with this information. Currently trying to load the private and public keys into a ecdh context. Then add the ephemeral key to the context as the other private key.

Next going to try mbedtls_ecdh_calc_secret using the ecdh context and pointing the random data to the UKM. This has not yet successes and I am thinking I have missed something.

Can someone tell me how far off I am?

Hi @rbchapin
Thank you for your question!

Acocrding to [RFC5753] (https://tools.ietf.org/html/rfc5753#section-3.1.1):

The KeyWrapAlgorithm is the algorithm identifier that indicates the symmetric encryption algorithm used to encrypt the content-encryption key (CEK) with the key- encryption key (KEK) and any associated parameters (see Section 7.1.5). Algorithm requirements are found in Section 8.

It also mentions:

The KeyWrapAlgorithm indicates the symmetric encryption algorithm used to encrypt the CEK with the KEK generated using the 1-Pass ECMQV algorithm and any associated parameters (see Section 7.1.5).

I believe the KeyWrapAlgorithm algorithm is defined in RFC 3394. THis is implemented in Mbed TLS’ nist_kw module.

In short, you will need to generate the KEK as described in RFC 5753, and and use it to wrap the CEK using NIST KW module.
Regards,
Mbed TLS Team member
Ron