Mutual Authentication after ECDH Exchange with pre-shared secrets
I´m currently building a protocol, in which two parties establish a connection via ECDH Key Establishment. The shared secret after ECDH is used to derivate Keys (with HKDF) for symmetric encryption. In this stage, the protocol is still vulnerable to a MITM attack. The two parties don't authenticate the public keys.
There's no possible way to include PKI to authenticate the public keys.
I'm planning on using pre-shared secrets (eg. Pin-Code) for the authentication.
What would be the best way to do this?
Would it be sufficient that both parties have to include an HMAC-Value computed with the pre-shared secret as the key and the public Key as data?
For example:
A --> B: PublicKey_A + HMAC(secret, PublicKeyA)
A <-- B: PublicKey_B + HMAC(secret, PublicKeyB)