cancel
Showing results for 
Search instead for 
Did you mean: 

ECC key decompression in X-CUBE-CRYPTOLIB

ncat1
Associate

I am using the X-CUBE-CRYPTOLIB (V4.2.0) in a project for STM32F207.

I am successfully able to generate ECC key pair using cmox_ecdsa_keyGen() and generate ECDSA signature using cmox_ecdsa_sign() but I am now needing to generate a shared secret using cmox_ecdh() function. 

The problem I have is that the cmox_ecdh() function expects the public key in raw data format (64 bytes) but I only have the public key available in compressed format (33 bytes) where 32 bytes is the x component and the other byte indicates if the y component is odd or even. The y component can be derived from this information but I could not find a function within the  X-CUBE-CRYPTOLIB that does this which means I am unable to generate the shared secret.

Is there a way of achieving this with the  X-CUBE-CRYPTOLIB?

1 ACCEPTED SOLUTION

Accepted Solutions
STea
ST Employee

Hello @ncat1 ,

This compressed format is not supported for the NIST curves. so, you will need to decompress the key manually to make it suitable for use by cmox_ecdh() function.
see example in en.STM32CubeExpansion_Crypto\STM32CubeExpansion_Crypto_V4.1.0\Projects\NUCLEO-L552ZE-Q\Applications\ECC\ECDH_SharedSecretGeneration available in the Xcube_cryprolib as a reference.

the decompression can be done following this formula :

To decompress a point, we can calculate its two possible y coordinates by the formula

y1 = mod_sqrt(x3 + ax + b, p)

y2 = p - mod_sqrt(x3 + ax + b, p)

then using the odd even bit we can choose the correct one. this can be done using a python script python (see this link)
Regards

 

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

View solution in original post

1 REPLY 1
STea
ST Employee

Hello @ncat1 ,

This compressed format is not supported for the NIST curves. so, you will need to decompress the key manually to make it suitable for use by cmox_ecdh() function.
see example in en.STM32CubeExpansion_Crypto\STM32CubeExpansion_Crypto_V4.1.0\Projects\NUCLEO-L552ZE-Q\Applications\ECC\ECDH_SharedSecretGeneration available in the Xcube_cryprolib as a reference.

the decompression can be done following this formula :

To decompress a point, we can calculate its two possible y coordinates by the formula

y1 = mod_sqrt(x3 + ax + b, p)

y2 = p - mod_sqrt(x3 + ax + b, p)

then using the odd even bit we can choose the correct one. this can be done using a python script python (see this link)
Regards

 

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.