Computing ECDH shared secret on STM32L562 using HAL_PKA_ECCMul

Dick Mincher · ‎2020-08-06

Is it possible to compute the ECDH shared secret (pubkey * privkey) by using HAL_PKA_ECCMul, replacing the generator X and Y with the public key X and Y and specifying the private key as the scalar value?

Thank you.

Doug Barnes · ‎2021-11-30

I understand ECC and RSA (and other) public key crypto (independent of STM32 H/W), so I can answer the question with a caveat: I'm actually here on the forum to ask a question about HAL_PKA_ECCMul, because it doesn't seem to be working for me.

In theory, each party has its own secret key (just a big scalar), and each party's public key is the Base Point (normally labeled "G") multiplied by its private key -- in other words, a new point on the curve. This should be what HAL_PKA_ECCMul does from what I've read. Then A receives B's public key (and vice versa), and each party multiplies that public key point by their private key. They will end up at the same point (in math, not necessarily on STM32 H/W). I say that because I am getting strange results (STM32U585 PKA) and I'm not sure why.

Not sure if that helps, I hope so.

Tesla DeLorean · ‎2023-07-08

Near identical report here https://community.st.com/t5/security-mcu/computing-ecdh-shared-secret-on-stm32u585-using-hal-pka-eccmul/td-p/572440

Perhaps we can get some eyes on this? @Jocelyn RICARD @Frantz LEFRERE @Imen.D @STOne-32

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..