Mbedtls - Using keys handled by PSA Crypto

RE: Mbedtls - Using keys handled by PSA Crypto

Darko — Fri, 09 Feb 2024 14:10:16 GMT

Hello Sigurd,

Thanks for those details.

Regards.

RE: Mbedtls - Using keys handled by PSA Crypto

Sigurd Hellesvik — Thu, 01 Feb 2024 14:32:50 GMT

They say:

Hey. It was commented out as it is not needed in TF-M build. Previously there was a false dependency on TLS/DTLS and X.509 libraries inside TF-M. But when we started optimizing we finally removed that dependency (TF-M just tried to consume Mbed TLS as a whole thing, while they really only needed the crypto toolbox functionality)

The easiest thing to do is to just add it into the template files, but I would guard it with #if !defined(MBEDTLS_PSA_CRYPTO_SPM) to ensure that it isn't enabled inside the TF-M image.

Likely the user-configurable header file was easier to get to work when we were using the builtin Mbed TLS. We have gravitated away from that with PSA core from Oberon. We have no way of converting header file into CMake, so we won't pull in the right files in the compilation... (or set up the right linking rules) We need to remove this chapter from the documentation (of which we appologize).

RE: Mbedtls - Using keys handled by PSA Crypto

Sigurd Hellesvik — Thu, 01 Feb 2024 14:18:58 GMT

I see that the X509 options is commented out for the PSA crypto config: nrf/subsys/nrf_security/cmake/psa_crypto_config.cmake.

I will ask our crypto developers what the reason for this is.

RE: Mbedtls - Using keys handled by PSA Crypto

Darko — Wed, 31 Jan 2024 13:11:50 GMT

Hello Sigurd,

Is there a way to enable MBEDTLS_X509_CREATE_C and MBEDTS_X509_CSR_WRITE_C by avoiding changing the file from SDK?

It would be good practice to distribute all the specifics of my project through the project itself.
Otherwise, it will be necessary for me to require anyone who wants to build the project to change the SDK on his side as an additional requirement.

It looks like it should be achievable through from User-provided Mbed TLS configuration header.
However, following such a guide I got an error:
custom_name_nrf_config.h: No such file or directory

even though the path to the file is added to target_include_directories.

I'm not sure whether this can be applied to the NCS v2.3.0?

Regards,
Darko

RE: Mbedtls - Using keys handled by PSA Crypto

Darko — Wed, 27 Dec 2023 14:18:53 GMT

Hello Sigurd,

Just to confirm I'm now able to generate CSR using a key loaded through mbedtls_pk_setup_opaque function.

Thank you for your help.

RE: Mbedtls - Using keys handled by PSA Crypto

Darko — Thu, 21 Dec 2023 08:49:56 GMT

Hello Sigurd,

Thank you for that information. I was not aware of the fact that it is necessary to adjust the file nrf-config.h in the sdk.
I'm trying currently to solve the issue on my side by using the details you mentioned above.

RE: Mbedtls - Using keys handled by PSA Crypto

Sigurd Hellesvik — Tue, 19 Dec 2023 15:10:24 GMT

Here are what I got:

There are multiple issues here, one of them being the lack of ability to convert CSR related configs in 2.3 Ask them to remove MBEDTLS_LEGACY_CRYPTO_C in their prj.conf and add MBEDTLS_X509_CREATE_C and MBEDTS_X509_CSR_WRITE_C here: https://github.com/nrfconnect/sdk-nrfxlib/blob/6d0f58448fae164cfa4d28c494d6bddf5d0d0224/nrf_security/configs/nrf-config.h#L396

This file gets copied during build when the system is using PSA crypto APIs

Additionally they are using legacy crypto APIs for RNG for the CSR. I've removed quite a bit (entropy and ctr_drbg).

And here is an example for some pointers:

I hope this can be useful for you to dig into this issue.

RE: Mbedtls - Using keys handled by PSA Crypto

Sigurd Hellesvik — Thu, 14 Dec 2023 14:36:38 GMT

Status update: I have not been able to get any further on this yet, so I asked our crypto developers for clues.

RE: Mbedtls - Using keys handled by PSA Crypto

Darko — Thu, 14 Dec 2023 07:19:56 GMT

Meanwhile, I got firewall permission to upload the whole test project here:

devzone.nordicsemi.com/.../persistent_5F00_key_5F00_usage_5F00_csr.zip

RE: Mbedtls - Using keys handled by PSA Crypto

Darko — Wed, 13 Dec 2023 11:59:18 GMT

For such a phase of testing, I just edited nrf-config-user.h generated on build with nrf-config.h (located on build\modules\nrfxlib\nrfxlib\nrf_security\src\include\).
In the build configuration, I used the nrf5340dk_nrf5340_cpuapp board.

RE: Mbedtls - Using keys handled by PSA Crypto

Sigurd Hellesvik — Wed, 13 Dec 2023 11:38:47 GMT

Sure, I can reproduce as you explain.
To do so, I need to know where nrf-config-user.h is located, and which baord you built for (with TF-M or not).

RE: Mbedtls - Using keys handled by PSA Crypto

Darko — Tue, 12 Dec 2023 16:37:33 GMT

Hello Sigurd,

I completely agree it would be best to package the whole example and upload it.
Unfortunately, our firewall does not allow us to upload such content here (regardless of whether is related to the demonstration of common/basic functionalities from sdk).

I was hoping you could easily reproduce the problem by simply updating the main.c and .prj.conf files from the nrf_230\v2.3.0\nrf\samples\crypto\persistent_key_usage\ demo. These are the only changes I made to the persistent_key_usage demo in order to reproduce the problems from the project I'm working on.

In any case, thank you for your help, I will consult with my colleagues here on how to proceed with this.

RE: Mbedtls - Using keys handled by PSA Crypto

Sigurd Hellesvik — Tue, 12 Dec 2023 13:21:18 GMT

[quote user="Darko Jolic"]nrf-config-user.h:[/quote]

Can you explain where this file is located and how you include it in the project?

[quote user="Darko Jolic"]

Currently, there is the following problem with the mbedtls_x509write_csr_der function, that I haven't solved yet:

Such function returns the value PSA_ERROR_NOT_SUPPORTED (from the inside call psa_driver_wrapper_export_public_key).

Can you help me find what is missing in the configuration?

[/quote]

Maybe try to set CONFIG_MBEDTLS_KEY_EXCHANGE_ALL_ENABLED?

Also, have a look at your build log. Sometimes CONFIGs will be ignored from the prj.conf, which appears as warnings in the log. Maybe some of the configurations you thought you had set are ignored?

I can copy the code you posted, and I did, but it is hard to know if I missed any changes. Could you zip the test you have and upload it? Then I can test the exact same project as you run and see if I can find anything.

RE: Mbedtls - Using keys handled by PSA Crypto

Darko — Fri, 08 Dec 2023 18:15:58 GMT

Hello,

I upgraded the existing persistent_key_usage example with mbedtls functionality, in order to additionally describe the problem.

In the code below, I tried to generate a CSR using a key generated with the "PSA_KEY_LIFETIME_PERSISTENT" attribute (in the posts above I mentioned the ECDSA signature, but for the simplicity of this example I chose to present the problem through generating a CSR).

Here is the original code from the demo with added generate_csr function:

/*
 * Copyright (c) 2021 Nordic Semiconductor ASA
 *
 * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 */

#include <zephyr/kernel.h>
#include <zephyr/sys/printk.h>
#include <zephyr/logging/log.h>
#include <stdio.h>
#include <psa/crypto.h>
#include <psa/crypto_extra.h>
#include <pk.h>
#include <mbedtls/x509_csr.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/entropy.h>

#ifdef CONFIG_BUILD_WITH_TFM
#include <tfm_ns_interface.h>
#endif

#define APP_SUCCESS		(0)
#define APP_ERROR		(-1)
#define APP_SUCCESS_MESSAGE "Example finished successfully!"
#define APP_ERROR_MESSAGE "Example exited with error!"

#define PRINT_HEX(p_label, p_text, len)\
	({\
		LOG_INF("---- %s (len: %u): ----", p_label, len);\
		LOG_HEXDUMP_INF(p_text, len, "Content:");\
		LOG_INF("---- %s end  ----", p_label);\
	})

LOG_MODULE_REGISTER(persistent_key_usage, LOG_LEVEL_DBG);

#define SEC_LIB_CSR_SUBJECT_NAME        "C=US,O=Test,OU=Test,CN=Test"
uint8_t m_csr_buffer[4096];
static 	mbedtls_pk_context m_private_key_context;
static 	psa_key_handle_t key_handle;

/* ====================================================================== */
/*			Global variables/defines for the persistent key  example	  */

/* The key id for the persistent key. The macros PSA_KEY_ID_USER_MIN and
 * PSA_KEY_ID_USER_MAX define the range of freely available key ids.
 */
#define SAMPLE_PERS_KEY_ID PSA_KEY_ID_USER_MIN



/* ====================================================================== */

int crypto_init(void)
{
	psa_status_t status;

	/* Initialize PSA Crypto */
	status = psa_crypto_init();
	if (status != PSA_SUCCESS)
		return APP_ERROR;

	return APP_SUCCESS;
}

int crypto_finish(void)
{
	psa_status_t status;
	
	/* Destroy the key handle */
	status = psa_destroy_key(key_handle);
	if (status != PSA_SUCCESS) {
		LOG_INF("psa_destroy_key failed! (Error: %d)", status);
		return APP_ERROR;
	}

	return APP_SUCCESS;
}

int generate_prersistent_key(void)
{
	psa_status_t status;

	LOG_INF("Generating random persistent AES key...");

	/* Configure the key attributes */
	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;

	psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DERIVE);
    psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
    psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
    psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
    psa_set_key_bits(&key_attributes, 256);

    /* Persistent key specific settings */
	psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_PERSISTENT);
	psa_set_key_id(&key_attributes, SAMPLE_PERS_KEY_ID);

	// Try to destroy key (in case it previously created).
	psa_destroy_key(SAMPLE_PERS_KEY_ID);

	/* Generate a random AES key with persistent lifetime. The key can be used for
	 * encryption/decryption using the key_handle.
	 */
	status = psa_generate_key(&key_attributes, &key_handle);
	if (status != PSA_SUCCESS) {
		LOG_INF("psa_generate_key failed! (Error: %d)", status);
		return APP_ERROR;
	}
	
	/* After the key handle is acquired the attributes are not needed */
	psa_reset_key_attributes(&key_attributes);

	LOG_INF("Persistent key generated successfully!");

	return APP_SUCCESS;
}

int generate_csr(void)
{
	int status;
	int16_t lenght_of_csr;
	
	mbedtls_x509write_csr csr_ctx;
	mbedtls_entropy_context     m_entropy_ctx;
	mbedtls_ctr_drbg_context    m_ctr_drbg_ctx;

	// Initialize mbedtls_pk_context and "load" previously created key into it.
	mbedtls_pk_init(&m_private_key_context); 
	mbedtls_pk_setup_opaque(&m_private_key_context, key_handle);

	// Initialize drbg context.
	mbedtls_entropy_init(&m_entropy_ctx);
    mbedtls_ctr_drbg_init(&m_ctr_drbg_ctx);
    status = mbedtls_ctr_drbg_seed(&m_ctr_drbg_ctx, mbedtls_entropy_func, &m_entropy_ctx, NULL, 0);
    if(status != 0)
    {
        return APP_ERROR;
    }

	// Prepare CSR context.
	mbedtls_x509write_csr_init(&csr_ctx);
    mbedtls_x509write_csr_set_key_usage(&csr_ctx, MBEDTLS_X509_KU_DIGITAL_SIGNATURE);
    mbedtls_x509write_csr_set_subject_name(&csr_ctx, SEC_LIB_CSR_SUBJECT_NAME);
    mbedtls_x509write_csr_set_md_alg(&csr_ctx, MBEDTLS_MD_SHA256);
    mbedtls_x509write_csr_set_key(&csr_ctx, &m_private_key_context);

	// Create CSR.
    lenght_of_csr = mbedtls_x509write_csr_der(&csr_ctx, m_csr_buffer, sizeof(m_csr_buffer), mbedtls_ctr_drbg_random, &m_ctr_drbg_ctx);
	if(lenght_of_csr < 0)
	{
		return APP_ERROR;
	}

	return APP_SUCCESS;
}

int main(void)
{
	int status;

	LOG_INF("Starting persistent key example...");

	status = crypto_init();
	if (status != APP_SUCCESS) {
		LOG_INF(APP_ERROR_MESSAGE);
		return APP_ERROR;
	}

	status = generate_prersistent_key();
	if (status != APP_SUCCESS) {
		LOG_INF(APP_ERROR_MESSAGE);
		return APP_ERROR;
	}

	status = generate_csr();
	if (status != APP_SUCCESS) {
		LOG_INF(APP_ERROR_MESSAGE);
		return APP_ERROR;
	}

	status = crypto_finish();
	if (status != APP_SUCCESS) {
		LOG_INF(APP_ERROR_MESSAGE);
		return APP_ERROR;
	}

	LOG_INF(APP_SUCCESS_MESSAGE);

	return APP_SUCCESS;
}

# The Zephyr CMSIS emulation assumes that ticks are ms, currently
CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000

CONFIG_MAIN_STACK_SIZE=4096
CONFIG_HEAP_MEM_POOL_SIZE=4096

# Enable loging using RTT and UART
CONFIG_CONSOLE=y
CONFIG_LOG=y
CONFIG_USE_SEGGER_RTT=y
CONFIG_LOG_BACKEND_RTT=y
CONFIG_LOG_BACKEND_UART=y
CONFIG_LOG_BUFFER_SIZE=15360
CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=15360

# Enable nordic security backend and PSA APIs
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

# Enable persistent storage APIs
CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C=y
CONFIG_PSA_NATIVE_ITS=y

CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y


CONFIG_NRF_SECURITY=y

CONFIG_MBEDTLS_LIBRARY_NRF_SECURITY=y
CONFIG_MBEDTLS_USE_PSA_CRYPTO=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C=y

CONFIG_MBEDTLS_PK_C=y
CONFIG_MBEDTLS_RSA_C=y
CONFIG_MBEDTLS_PKCS1_V15=y
CONFIG_MBEDTLS_SHA256_C=y
CONFIG_MBEDTLS_ECP_C=y
CONFIG_MBEDTLS_ECDSA_C=y
CONFIG_MBEDTLS_ECDH_C=y
CONFIG_MBEDTLS_CTR_DRBG_C=y
CONFIG_MBEDTLS_ENTROPY_C=y
CONFIG_MBEDTLS_PK_PARSE_C=y

CONFIG_MBEDTLS_TLS_LIBRARY=y
CONFIG_MBEDTLS_X509_LIBRARY=y
CONFIG_MBEDTLS_PK_WRITE_C=y
CONFIG_MBEDTLS_X509_CREATE_C=y
CONFIG_MBEDTLS_X509_CSR_WRITE_C=y
CONFIG_MBEDTLS_LEGACY_CRYPTO_C=y
CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG=n

With the configuration from the prj file mentioned in the first post I got the following errors:
- "undefined reference to `mbedtls_pk_setup_opaque" - MBEDTLS_USE_PSA_CRYPTO was not defined in pk.h, although it was enabled with CONFIG_MBEDTLS_USE_PSA_CRYPTO=y.
- The key generation (psa_generate_key) failing because in psa_validate_key_persistence MBEDTLS_PSA_CRYPTO_STORAGE_C was not defined (also enabled with the CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C=y)

I solved both problems only when I included in nrf-config-user.h:

#define MBEDTLS_PSA_CRYPTO_STORAGE_C 1
#define MBEDTLS_USE_PSA_CRYPTO 1

[quote userid="106736" url="~/f/nordic-q-a/106325/mbedtls---using-keys-handled-by-psa-crypto/459011"]If I build the nrf/samples/crypto/ecdsa sample with your above configs except for EXTERNAL_RNG (it makes the build fail), I get MBEDTLS_USE_PSA_CRYPTO=y[/quote]

If I understood you correctly, you didn't have to additionally include MBEDTLS_USE_PSA_CRYPTO through the nrf-config-user.h file?

Currently, there is the following problem with the mbedtls_x509write_csr_der function, that I haven't solved yet:

Such function returns the value PSA_ERROR_NOT_SUPPORTED (from the inside call psa_driver_wrapper_export_public_key).

Can you help me find what is missing in the configuration?

Thanks.

RE: Mbedtls - Using keys handled by PSA Crypto

Darko — Tue, 05 Dec 2023 15:47:45 GMT

Hello,

Thanks for answering.

[quote userid="106736" url="~/f/nordic-q-a/106325/mbedtls---using-keys-handled-by-psa-crypto/459011"]If you want to rule out an XY Problem, you can tell me what the use-case is. If not I will help you as best I can with what you ask for.[/quote]

I will try to rephrase the question.

I implemented an initial solution for calculating ECDSA signature, using the mbedtls library, that works fine.
Such implementation loads the private key in DER format (stored in Flash memory) into mbedtls_pk_context using mbedtls_pk_parse_key, and further calculates signature providing such mbedtls_pk_context to the mbedtls_ecdsa_write_signature function.

Now I want to stop using the key preloaded in Flash and generate it within the code.

My approach is to generate key with psa_generate_key function, and load such key to mbedtls_pk_context using mbedtls_pk_setup_opaque (practically for replacing the call of mbedtls_pk_parse_key with the call of mbedtls_pk_setup_opaque).

The bottom problem is that I'm not able to compile code using mbedtls_pk_setup_opaque call.

[quote userid="106736" url="~/f/nordic-q-a/106325/mbedtls---using-keys-handled-by-psa-crypto/459011"]I suggest that you use the VS Code Kconfig tool or "menuconfig" (west build -t menuconfig) to check which dependencies unset CONFIG_MBEDTLS_USE_PSA_CRYPTO.[/quote]

I will check that.

Best regards,
Darko

RE: Mbedtls - Using keys handled by PSA Crypto

Sigurd Hellesvik — Tue, 05 Dec 2023 14:27:22 GMT

Hi,

[quote user=""]I need to implement the code that calculates the ECDSA signature, using the mbedtls library.[/quote]

If you want to rule out an XY Problem, you can tell me what the use-case is. If not I will help you as best I can with what you ask for.

[quote user=""] it looks like MBEDTLS_USE_PSA_CRYPTO is not defined.[/quote]

I suggest that you use the VS Code Kconfig tool or "menuconfig" (west build -t menuconfig) to check which dependencies unset CONFIG_MBEDTLS_USE_PSA_CRYPTO.

If I build the nrf/samples/crypto/ecdsa sample with your above configs except for EXTERNAL_RNG (it makes the build fail), I get MBEDTLS_USE_PSA_CRYPTO=y

Does this help you?

Regards,
Sigurd Hellesvik