• State Verified Answer
  • Replies 16 replies
  • Subscribers 75 subscribers
  • Views 1956 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 322144
Options

RSA crypto sample in SDK 2.5.0 fails on nRF5340 Development Kit board

Mathi

Hi,

The RSA crypto sample from the 2.5.0 SDK fails at psa_generate_key() returning -134. The sample is by default configured to use 2048-bit keys. 
Note that, It fails with the same error code also when changing the sample code and configuration to use say for example - changing it to CONFIG_PSA_WANT_RSA_KEY_SIZE_1536=y or configuring CONFIG_PSA_WANT_RSA_KEY_SIZE_1024=y.

Please note, the AES samples and the ECDH samples from the 2.5.0 SDK works very well on this board. I don't understand why the RSA sample application fails with the UNSUPPORTED error code.

(1) When can the basic/default RSA sample application in SDK 2.5.0 fail on the nRF5340 Development Kit?
(2) We intend to use PSA API for RSA OAEP with key size CONFIG_PSA_WANT_RSA_KEY_SIZE_3072. Is this supported in SDK 2.5.0?

Thanks,

Mathi.

#PSA #Crypto #RSA #SDK 2.5.0 #SAMPLE#nRF5340 DK #keyformat#keygeneration #openssl-versus-PSA

Parents
  • 0

    Hi, 

    It fails with the same error code when changing the sample code and configuration to use CONFIG_PSA_WANT_RSA_KEY_SIZE_1536=y or configuring CONFIG_PSA_WANT_RSA_KEY_SIZE_1024=y.

    If you check the .config under build/zephyr, you can find CONFIG_PSA_WANT_RSA_KEY_SIZE_1024=y is set by default.

    How do you modify the code? Could you elaborate on what you modified?

    (1) When can the basic/default RSA sample application in SDK 2.5.0 fail on the nRF5340 Development Kit?

    The error would give some clues. 

    (2) We intend to use PSA API for RSA OAEP with key size CONFIG_PSA_WANT_RSA_KEY_SIZE_3072. Is this supported in SDK 2.5.0?

    The default setting already has CONFIG_PSA_WANT_RSA_KEY_SIZE_3072.  You check the .config under build/zephyr. 

    Regards,
    Amanda H.

     

  • 0 in reply to Amanda Hsieh

    Hi Amanda,

    Thanks for the reply.
    Meanwhile, I just randomly increased the memory sizes from 16K to 20K and the default sample for key size 2048 bits, worked.
    (i.e. basically for experimentation, i just set CONFIG_MAIN_STACK_SIZE, CONFIG_HEAP_MEM_POOL_SIZE, CONFIG_MBEDTLS_HEAP_SIZE, all to 20 K) and it worked.
    I did not expect an PSA_ERR_NOT_SUPPORTED error code for memory reasons though.
    Also, I also noticed that the key_generation takes a longer time, with different key sizes.
    Will update you further.

    Mathi.




  • 0 in reply to Mathi

    Another update -
    Case 1) I manually saved (in hex) the public key exported from PSA (using psa_generate_key()). And imported it in a different standalone application, encryption(RSA-OAEP-3072) worked.
    The length of the public key (with exponent) was 398 bytes 

    Case 2) Imported the public key from from openssl, encryption fails with (-147).
    The length of the public key (with exponent) was 388 bytes.

    Are there any special bytes to be included to the public key format when using PSA APIs
    Thanks,

    Mathi.

  • 0 in reply to Mathi
    // Public key exported from PSA
    //const uint8_t ext_pub_key[] = {0x30,0x82,0x01,0x8A,0x02,0x82,0x01,0x81,0x00,0x87,0x0D,0xC9,0x5C,0xB8,0x9B,0xD1,0x28,0x09,0x62,0x34,0x27,0xAE,0x76,0x8A,0xAA,0x3A,0x88,0xA6,0xF8,0xE5,0x96,0x28,0x9D,0x7A,0x79,0xE2,0x62,0x98,0xD2,0x56,0x06,0xA0,0x2D,0x53,0xE9,0xB3,0xE8,0x08,0x08,0x13,0x90,0x53,0xA8,0xD4,0xF2,0x68,0x15,0x70,0x4F,0x0F,0x9F,0xF2,0xD5,0x41,0x4B,0x9E,0x07,0x72,0xC7,0xC7,0xD9,0x22,0x6E,0x1E,0xE7,0x9C,0x72,0x6F,0x76,0xBD,0x59,0x84,0x1B,0xBC,0x01,0xCF,0xCC,0x20,0x8D,0xEA,0x4A,0xF5,0x1B,0x20,0x62,0xBB,0xCD,0xA5,0x3D,0xDF,0xD5,0xF4,0xB9,0xF2,0xE3,0x97,0x84,0x94,0x2A,0x8D,0x94,0x83,0x87,0xA1,0x5A,0xB0,0xFD,0x0C,0xC3,0x9A,0xB6,0xA9,0x29,0x1F,0x9F,0x64,0x68,0x85,0x08,0xE0,0x8F,0xCF,0x9B,0x01,0x4B,0xFC,0xCB,0x31,0x17,0xA6,0xE9,0xFE,0x38,0x46,0x20,0x6C,0xB5,0x6A,0x99,0xFC,0x27,0xAF,0xE8,0x9A,0x37,0xF4,0xD1,0xFB,0xD0,0x34,0xEA,0x87,0x5F,0x3A,0xF3,0x2F,0xA0,0x64,0xA1,0x0B,0xA1,0x70,0xCB,0x80,0x3C,0x83,0x6F,0xC2,0xA2,0xCC,0xB1,0xB1,0x14,0xAA,0xA9,0x52,0x96,0x23,0x85,0x2B,0xEA,0x27,0x6B,0xC8,0x4E,0xF5,0x2E,0x67,0x1A,0x92,0x49,0x07,0xED,0x01,0x84,0x78,0x0D,0x87,0x14,0xDF,0x67,0x45,0x86,0x05,0x7B,0x81,0x42,0x20,0xC2,0x1C,0x4B,0x5D,0x8E,0x6A,0xC5,0x73,0x1C,0x30,0x6B,0x57,0xED,0x14,0x16,0xE1,0x5D,0x1F,0x76,0x9C,0x06,0x6F,0xFE,0xA5,0xD2,0xF2,0x61,0x3C,0x1E,0xED,0x52,0xC3,0x19,0x41,0x6C,0xFD,0x5F,0x3A,0x0E,0x50,0x18,0xE9,0x0D,0x27,0x71,0xFE,0x7C,0x52,0xB3,0x1D,0x9F,0xA3,0xB6,0xE2,0x89,0x01,0xC1,0x65,0x10,0xF3,0x26,0x06,0xB3,0x37,0x1C,0x82,0x2D,0xAB,0x53,0xBD,0xFB,0x6E,0x4A,0x15,0x94,0x1C,0xCC,0xB9,0x5C,0x7F,0x5D,0x9E,0x34,0x1C,0x9D,0xFF,0x52,0x59,0x4B,0x5C,0x82,0xB6,0x06,0x87,0xB1,0x92,0xB2,0x80,0x08,0x83,0xB3,0x9B,0xA2,0x5A,0xF4,0xAA,0x13,0x80,0x9F,0xEE,0xA4,0x3D,0xEE,0x85,0xD0,0xA8,0xE6,0x2E,0x45,0x29,0xCC,0x9C,0xEF,0x98,0x33,0xA3,0x62,0xD2,0x59,0x78,0xFB,0x6E,0x6F,0xF1,0x27,0x9B,0x34,0xE6,0x8C,0x33,0xBC,0xDA,0x3A,0x5B,0x66,0xE5,0x76,0x3F,0xB7,0xCD,0x86,0x2B,0x58,0xF8,0x41,0x87,0xFC,0x51,0x40,0x2B,0x1D,0x2F,0x99,0xCF,0x0C,0x51,0xC3,0xAA,0x28,0x89,0x07,0x3A,0x3E,0xE5,0x27,0x02,0x03,0x01,0x00,0x01};

    // Public key exported from openssl
    const uint8_t ext_pub_key[] = {0x00,0xb5,0x97,0x11,0x7a,0x3f,0x80,0xdb,0x2f,0x24,0x7c,0x74,0x1e,0x7b,0xc7,0x50,0x9c,0xf1,0xfb,0x80,0x8d,0x80,0x52,0x97,0xf3,0xd7,0xb6,0x3f,0x02,0x30,0x77,0xa9,0xd1,0x8f,0x93,0xf9,0xa3,0x74,0x97,0xb9,0xd2,0x2c,0x3a,0x75,0x51,0x0d,0xfc,0x94,0x8b,0x29,0x33,0xea,0x84,0xc8,0xc6,0x49,0x99,0x91,0x73,0x2f,0x17,0x52,0x92,0x58,0xeb,0x99,0xdd,0x9c,0x89,0x6a,0x6a,0xb1,0x6c,0x85,0xc0,0xec,0x07,0xfa,0xcf,0x4f,0xe1,0xc7,0xbf,0x0c,0x61,0x87,0xb6,0xbc,0xc6,0x5f,0x64,0xd7,0x34,0x8c,0x0b,0x71,0xfc,0x4f,0xf9,0x3a,0x93,0xf1,0xa2,0x36,0x5f,0xcd,0x03,0xd9,0xaf,0xcd,0x45,0x56,0x4f,0xe4,0x8d,0x8d,0x9b,0xa9,0xb2,0x48,0xa1,0x09,0x84,0xd8,0xb4,0x6b,0x20,0xab,0x13,0x6c,0x82,0x35,0x49,0x8f,0xa7,0x81,0xb9,0xea,0xbb,0x2d,0xb9,0x5b,0x7a,0x51,0x44,0x02,0xf7,0x60,0x9d,0xf1,0xa5,0xa7,0xe5,0x1c,0x49,0x9d,0xb9,0x49,0x32,0xc8,0x39,0x71,0xed,0xe6,0x6a,0xce,0xc3,0x95,0x9c,0x85,0xa7,0x63,0x44,0x3f,0xb5,0xdf,0x12,0x73,0x4b,0x53,0x54,0x3d,0x76,0xc3,0x74,0xf9,0x0c,0x1c,0x4f,0xbf,0x9d,0x21,0x8d,0x91,0xd2,0x46,0x73,0x89,0x58,0x00,0x46,0xcf,0xbe,0xe5,0x21,0x1d,0x00,0xd7,0x0b,0x90,0xe4,0x9c,0xfd,0x1b,0x99,0x7f,0xaa,0xc9,0xd9,0xd6,0x65,0xf7,0xf3,0xd5,0x38,0xb2,0xe3,0x73,0x54,0xab,0xeb,0x03,0x96,0x10,0xc1,0x8d,0xa3,0x22,0xe1,0xf8,0xb7,0xe7,0xc3,0xa8,0xb5,0x2e,0xe3,0x36,0x13,0x92,0x4c,0xa0,0x16,0xa6,0xa6,0xa0,0xb7,0xa8,0xa7,0x08,0xd1,0xa2,0x51,0xd8,0x7a,0xd9,0x7b,0xbf,0x50,0x45,0xd6,0xbf,0xa8,0xfd,0xd5,0x59,0xba,0x46,0x9f,0x80,0x21,0xfd,0xb1,0x70,0x86,0x41,0xed,0xd2,0xfb,0x72,0x58,0x62,0xf0,0xe3,0x07,0x76,0x5d,0xf4,0x19,0x9f,0x9b,0x60,0x6a,0xbd,0x6e,0x7d,0x53,0xfb,0x16,0x8e,0xfc,0xcc,0x50,0xfa,0xc2,0xe9,0xfa,0xd9,0x82,0x29,0x2f,0xd0,0x88,0xc0,0xa6,0x43,0xe0,0x6c,0x7a,0xca,0x76,0xe3,0x39,0x2a,0x47,0x95,0x78,0x10,0x4d,0x4f,0xdf,0x38,0xc8,0x10,0xdb,0xfe,0x1f,0x19,0xc8,0xa9,0xcd,0x7a,0x15,0x2d,0x61,0x87,0x66,0xcf,0x03,0x18,0x7e,0x0a,0xb7,0x16,0xb3,0x39,0xb0,0xb5,0xc1,0x06,0x77,0xb1,0xb1,0xc0,0x4c,0x21,0x5d,0xa8,0x6d,0x34,0x27,0x28,0x92,0x9d,0x19,0x01,0x00,0x01};

  • 0 in reply to Mathi

    (updated)

    From the team:

    The key-length of 1536 is not recommended for anything than legacy implementations according to NIST recommendations (and others):   

    RSA key size of 2048 and larger is recommended as usable until 2030, with SHA-2 (224 or larger). The reasoning is that the security strength of the operation is so low that it is difficult to give guarantees that it won't be broken. https://www.keylength.com/en/4/

    --

    Hi,

    Not know how you exported it, but the key looks wrong. The key must be in DER-form (the first byte of the array should be 0x30). This is documented in the psa spec https://arm-software.github.io/psa-api/crypto/1.1/api/keys/management.html#key-formats (hardware error is the wrong return code, don't know where that comes from)

    Command to export DER-formatted keys:

    openssl rsa -in private_key.der -inform DER -pubout -outform DER -out public_key.der

    -Amanda H.

  • 0 in reply to Amanda Hsieh

    Okay, Just as an update, wanted to share what i found as the difference in the key formats generated by openssl versus what is accepted by PSA.

    Basically, when i use openssl commands, the public key in DER format is 422 bytes long, i.e.

    openssl rsa -in mathi_pvt_key.der -inform DER -pubout -outform DER -out mathi_public_key.der
openssl pkey -pubin -in mathi_public_key.der -outform DER | xxd -g 1  -i -c 422

The public key output by openssl in DER format is 422 bytes long:
308201a2300d06092a864886f70d01010105000382018f003082018a0282018100bf8b1f325b3063daee3cf3f06a92d4ac1941f6c9d3d6e70094965001d815edca90e8f00c3e646d3a4219c77fcbdeca8be1acbe13d5c2ec78750d938be881d3165321ea7237b921ee0f4da295da3778f39247d076f80790cfd80a72ae3ed3dd06aede4962c50870a499c97dc8b87cf1a76d903f44bdaf6e9f3269bcda351039608f523320014d57c7a22f70f9f6a4856ad5269c9d4c9b0d84fdc59304599c6e08e81d041d347f32190f6273a4fadee498f2422aa1a700f727f1df6838a3ae0b492845d86d477e27a7b4921448afeab01ffdb48bee6e8de75f714b74a2605fda845378de2fd89549158f123472744a991e1cd42e4e4308713caaba7b7fae1fd805e79a6ba1ba3949e9dfad825ea4cc0d7866e9bed8559e66ccb4392ebd52ba19b74befb13135e428ecad2d2b277dfa03df35df8c6b1e2a2b161bb21bd4a215dcee05f4c31f4921f2475ce65c4aa33d79180966f90276f97f2508b338ed515a8b5802016d91bb071f47616ebd00828b0431d533c9d686065f563bb862d7ec6a9b9b0203010001
In other words, when converting the above bytes to ASN.1 format, it looks like this:
SEQUENCE {
   SEQUENCE {
      OBJECTIDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
      NULL 
   }
   BITSTRING 0x3082018a0282018100bf8b1f325b3063daee3cf3f06a92d4ac1941f6c9d3d6e70094965001d815edca90e8f00c3e646d3a4219c77fcbdeca8be1acbe13d5c2ec78750d938be881d3165321ea7237b921ee0f4da295da3778f39247d076f80790cfd80a72ae3ed3dd06aede4962c50870a499c97dc8b87cf1a76d903f44bdaf6e9f3269bcda351039608f523320014d57c7a22f70f9f6a4856ad5269c9d4c9b0d84fdc59304599c6e08e81d041d347f32190f6273a4fadee498f2422aa1a700f727f1df6838a3ae0b492845d86d477e27a7b4921448afeab01ffdb48bee6e8de75f714b74a2605fda845378de2fd89549158f123472744a991e1cd42e4e4308713caaba7b7fae1fd805e79a6ba1ba3949e9dfad825ea4cc0d7866e9bed8559e66ccb4392ebd52ba19b74befb13135e428ecad2d2b277dfa03df35df8c6b1e2a2b161bb21bd4a215dcee05f4c31f4921f2475ce65c4aa33d79180966f90276f97f2508b338ed515a8b5802016d91bb071f47616ebd00828b0431d533c9d686065f563bb862d7ec6a9b9b0203010001 : 0 unused bit(s)
}

  • +1 in reply to Mathi

    But, instead when i chop the first 24 bytes from the above output and instead pass the remaining 398 bytes to the PSA API, then everything works.
    i.e. on other words, the chopped off version of public key(398 bytes) long in the below ASN.1 format is being accepted by PSA:

    398 bytes
SEQUENCE {
   INTEGER 0x00bf8b1f325b3063daee3cf3f06a92d4ac1941f6c9d3d6e70094965001d815edca90e8f00c3e646d3a4219c77fcbdeca8be1acbe13d5c2ec78750d938be881d3165321ea7237b921ee0f4da295da3778f39247d076f80790cfd80a72ae3ed3dd06aede4962c50870a499c97dc8b87cf1a76d903f44bdaf6e9f3269bcda351039608f523320014d57c7a22f70f9f6a4856ad5269c9d4c9b0d84fdc59304599c6e08e81d041d347f32190f6273a4fadee498f2422aa1a700f727f1df6838a3ae0b492845d86d477e27a7b4921448afeab01ffdb48bee6e8de75f714b74a2605fda845378de2fd89549158f123472744a991e1cd42e4e4308713caaba7b7fae1fd805e79a6ba1ba3949e9dfad825ea4cc0d7866e9bed8559e66ccb4392ebd52ba19b74befb13135e428ecad2d2b277dfa03df35df8c6b1e2a2b161bb21bd4a215dcee05f4c31f4921f2475ce65c4aa33d79180966f90276f97f2508b338ed515a8b5802016d91bb071f47616ebd00828b0431d533c9d686065f563bb862d7ec6a9b9b
   INTEGER 0x010001 (65537 decimal)
}


Reply
  • +1 in reply to Mathi

    But, instead when i chop the first 24 bytes from the above output and instead pass the remaining 398 bytes to the PSA API, then everything works.
    i.e. on other words, the chopped off version of public key(398 bytes) long in the below ASN.1 format is being accepted by PSA:

    398 bytes
SEQUENCE {
   INTEGER 0x00bf8b1f325b3063daee3cf3f06a92d4ac1941f6c9d3d6e70094965001d815edca90e8f00c3e646d3a4219c77fcbdeca8be1acbe13d5c2ec78750d938be881d3165321ea7237b921ee0f4da295da3778f39247d076f80790cfd80a72ae3ed3dd06aede4962c50870a499c97dc8b87cf1a76d903f44bdaf6e9f3269bcda351039608f523320014d57c7a22f70f9f6a4856ad5269c9d4c9b0d84fdc59304599c6e08e81d041d347f32190f6273a4fadee498f2422aa1a700f727f1df6838a3ae0b492845d86d477e27a7b4921448afeab01ffdb48bee6e8de75f714b74a2605fda845378de2fd89549158f123472744a991e1cd42e4e4308713caaba7b7fae1fd805e79a6ba1ba3949e9dfad825ea4cc0d7866e9bed8559e66ccb4392ebd52ba19b74befb13135e428ecad2d2b277dfa03df35df8c6b1e2a2b161bb21bd4a215dcee05f4c31f4921f2475ce65c4aa33d79180966f90276f97f2508b338ed515a8b5802016d91bb071f47616ebd00828b0431d533c9d686065f563bb862d7ec6a9b9b
   INTEGER 0x010001 (65537 decimal)
}


Children
Related
Terms of service