Hardware: nRF52832
Software: NCS(v2.5.2)
Hi i want to generate public key using for ESDSA .
I am trying to run this example (samples\crypto\ecdsa\src ) for nrf52832 board but not able to generate public key.
getting this error
Hi,
This sample does not run out of the box on the nRF5232 as there is no configuration for the entropy source. You can add this to prj.conf:
CONFIG_ENTROPY_GENERATOR=y CONFIG_ENTROPY_NRF5_RNG=y
I have added this configuration in prj.conf file as below,
# The Zephyr CMSIS emulation assumes that ticks are ms, currently CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000 CONFIG_MAIN_STACK_SIZE=8192 CONFIG_HEAP_MEM_POOL_SIZE=8192 # Enable logging CONFIG_CONSOLE=y CONFIG_LOG=y # Enable nordic security backend and PSA APIs CONFIG_NRF_SECURITY=y CONFIG_MBEDTLS_PSA_CRYPTO_C=y CONFIG_MBEDTLS_ENABLE_HEAP=y CONFIG_MBEDTLS_HEAP_SIZE=8192 CONFIG_PSA_WANT_ALG_ECDSA=y CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR=y CONFIG_PSA_WANT_ECC_SECP_R1_256=y CONFIG_PSA_WANT_ALG_SHA_256=y # For key generation CONFIG_PSA_WANT_GENERATE_RANDOM=y CONFIG_ENTROPY_GENERATOR=y CONFIG_ENTROPY_NRF5_RNG=y
00> *** Booting nRF Connect SDK v2.5.1 *** 00> [00:00:00.500,030] <inf> ecdsa: Starting ECDSA example... 00> [00:00:00.500,305] <inf> ecdsa: Example exited with error! 00> *** Booting nRF Connect SDK v2.5.1 *** 00> [00:00:00.503,936] <inf> ecdsa: Starting ECDSA example... 00> [00:00:00.504,241] <inf> ecdsa: Example exited with error!
Hi,
You are right, what I suggested only works on NCS 2.6.0 and not 2.5.2. PSA crypto support is still quite new, so I recomend you go with 2.6.0.
Okay, i will check it,
But i have a little confusion.
when i was trying some configuration i am able to generate key but i don't know how it works,
I have tried with following configuration,
# The Zephyr CMSIS emulation assumes that ticks are ms, currently CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000 CONFIG_MAIN_STACK_SIZE=8192 CONFIG_HEAP_MEM_POOL_SIZE=8192 # Enable logging CONFIG_CONSOLE=y CONFIG_LOG=y # Enable nordic security backend and PSA APIs CONFIG_NRF_SECURITY=y CONFIG_MBEDTLS_PSA_CRYPTO_C=y CONFIG_MBEDTLS_ENABLE_HEAP=y CONFIG_MBEDTLS_HEAP_SIZE=8192 CONFIG_PSA_WANT_ALG_ECDSA=y CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR=y CONFIG_PSA_WANT_ECC_SECP_R1_256=y CONFIG_PSA_WANT_ALG_SHA_256=y # For key generation CONFIG_PSA_WANT_GENERATE_RANDOM=y CONFIG_ENTROPY_GENERATOR=y CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y CONFIG_ENTROPY_NRF5_RNG=y CONFIG_PSA_WANT_KEY_TYPE_AES=y CONFIG_PSA_WANT_ALG_CTR=y
logs.
00> *** Booting nRF Connect SDK v2.5.1 ***
00> [00:00:00.253,906] <inf> ecdsa: Starting ECDSA example...
00> [00:00:00.255,615] <inf> ecdsa: Generating random ECDSA keypair...
00> [00:00:00.280,426] <inf> ecdsa: Signing a message using ECDSA...
00> [00:00:00.310,668] <inf> ecdsa: Signing the message successful!
00> [00:00:00.310,699] <inf> ecdsa: ---- Plaintext (len: 100): ----
00> [00:00:00.310,729] <inf> ecdsa: Content:
00> 45 78 61 6d 70 6c 65 20 73 74 72 69 6e 67 20 74 |Example string t
00> 6f 20 64 65 6d 6f 6e 73 74 72 61 74 65 20 62 61 |o demons trate ba
00> 73 69 63 20 75 73 61 67 65 20 6f 66 20 45 43 44 |sic usag e of ECD
00> 53 41 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 |SA...... ........
00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |........ ........
00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |........ ........
00> 00 00 00 00 |....
00> [00:00:00.310,760] <inf> ecdsa: ---- Plaintext end ----
00> [00:00:00.310,791] <inf> ecdsa: ---- SHA256 hash (len: 32): ----
00> [00:00:00.310,821] <inf> ecdsa: Content:
00> 6d bf 34 71 f1 7f cd 8d 99 13 10 e7 95 48 84 60 |m.4q.... .....H.`
00> d3 35 65 8a 82 b6 76 07 5c 3b 79 3b be d7 6e 4f |.5e...v. \;y;..nO
00> [00:00:00.310,821] <inf> ecdsa: ---- SHA256 hash end ----
00> [00:00:00.310,852] <inf> ecdsa: ---- Signature (len: 64): ----
00> [00:00:00.310,882] <inf> ecdsa: Content:
00> 89 de 0d 84 88 52 55 94 d1 3e 3f f4 ac b8 f7 96 |.....RU. .>?.....
00> a2 4f 92 d3 01 b7 b1 7b c7 d6 10 09 fd 74 15 8a |.O.....{ .....t..
00> 45 db f2 73 98 cf c1 2d 80 16 ce 78 05 ff 50 d1 |E..s...- ...x..P.
00> 6b 3e e8 1e 0d 20 e7 c8 b0 8b a0 86 99 46 f2 3f |k>... .. .....F.?
00> [00:00:00.310,913] <inf> ecdsa: ---- Signature end ----
00> [00:00:00.310,913] <inf> ecdsa: Verifying ECDSA signature...
00> [00:00:00.366,241] <inf> ecdsa: Signature verification was successful!
00> [00:00:00.366,302] <inf> ecdsa: Example finished successfully!
can you explain this behavior ?
Hi Mehul,
Good, you found the additional missing configs for 2.5.2. These configs enable AES, and that is used for the CTR-DRBG algorithm (the nRF RNG acts as a TRNG is the entropy source, and that is feed into CTR DRBG algorithm to provide random data to the application.