nRF9160 RSA crypto changes from v2.3.0 to v2.4.0 SHA-1 signing

RE: nRF9160 RSA crypto changes from v2.3.0 to v2.4.0 SHA-1 signing

Håkon Alseth — Tue, 15 Aug 2023 10:49:46 GMT

Hi,

We strongly recommend that you do use a larger key size, unless this is a special scenario for supporting legacy device(s).

oberon supports 1024/2048 bit RSA keys, as described here:

https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.4.1/nrfxlib/crypto/doc/nrf_oberon.html

nrf_oberon has never supported 384 bit keys, so there is a fallback to mbedtls builtin implementation. This fallback requires an additional kconfig with NCS v2.4.0

Please note that RSA 384 bit is not recommended and we will not actively support it.

Kind regards,

Håkon

RE: nRF9160 RSA crypto changes from v2.3.0 to v2.4.0 SHA-1 signing

aldras — Mon, 14 Aug 2023 14:18:03 GMT

Hi Håkon,

Thank you for the timely reply.

I tried with the above configuration and it now works as expected while signing data with a 384-bit SHA-1 RSA key.

There is one side effect, I have a *lot* of warnings for the following... however the project builds without error and the RSA singing features are now working again as expected, thank you very much for the workaround suggestion.

In file included from secure_fw/partitions/crypto/mbedcrypto/nrf_security_src/include/generated/nrf-config.h:12:
secure_fw/partitions/crypto/mbedcrypto/nrf_security_src/include/generated/nrf-config-user.h:147: note: this is the location of the previous definition
  147 | #define MBEDTLS_PSA_BUILTIN_ALG_SHA_1

I noticed there seemed to be an overhaul of the Oberon driver from v2.3.x to x2.4.x. Have there been changes to the Oberon library that removed support for 384-bit SHA-1 keys? I *believe* I was using the Oberon driver in 2.3.x as it was able to perform the RSA signing at the time. Is this possibly the case here?

Also, I did not look carefully, but I noticed that the Oberon library is provided precompiled into a binary form. From a development standpoint was it easier to precompile the binary rather than have it build from source with the project?

I ask this because I was trying to trace the issues that I was having with the Oberon library only to find that a large chunk was being linked to a precompiled library. Perhaps the source is present, but requires me to setup the proper build environment to run the Makefile for it.

Thank you for looking into the Oberon library support issues with the sample project /opt/nordic/ncs/v2.4.1/nrf/samples/crypto/rsa . I look forward to the results. I may move up to a 1024-bit key in the future, but will require change to code on other systems to support the change... at that time I may be able to use the hardware crypto cell.

I will leave this ticket open until we hear a result from the developers concerning the Oberon library issues (in the sample project).

RE: nRF9160 RSA crypto changes from v2.3.0 to v2.4.0 SHA-1 signing

Håkon Alseth — Mon, 14 Aug 2023 12:32:48 GMT

Hi,

SHA-1 384 is not supported by oberon, and need mbedtls to work as expected.

Can you try to add this to your configuration?

CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=n
CONFIG_PSA_CORE_BUILTIN=y

Kind regards,

Håkon

RE: nRF9160 RSA crypto changes from v2.3.0 to v2.4.0 SHA-1 signing

Håkon Alseth — Mon, 14 Aug 2023 10:36:57 GMT

Hi Allan,

Thank you for reporting and making us aware of this.

I am able to reproduce the issue that you're seeing in NCS v2.4.x, and I have reported this back to our developers. This is currently being looked into.

Kind regards,

Håkon

RE: nRF9160 RSA crypto changes from v2.3.0 to v2.4.0 SHA-1 signing

aldras — Fri, 11 Aug 2023 06:45:36 GMT

I have done some testing with the sample project at

/opt/nordic/ncs/v2.4.1/nrf/samples/crypto/rsa

If I add the following the prj.conf file (and remove those settings from the boards files) then this results in a runtime error -134.

CONFIG_PSA_CRYPTO_DRIVER_OBERON=y
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=n

Has something broken with the OBERON library?