So basically, I am have created a key pair using the Identity key generation example and exported the public key using Identity key usage example. Now i need to create a certificate signing request, so I am trying to follow the PSA Crypto example to do the same. But it is not building as I facing the following error:
<command-line>: fatal error: user-tls-conf.h: No such file or directory
please help me with the same
Hi,
the PSA Crypto example
Which sample specifically?
Also, which SDK version are you using?
Regards,
Sigurd Hellesvik
https://docs.zephyrproject.org/latest/samples/tfm_integration/psa_crypto/README.html
Link to the sample I am following
and the SDK is 2.6,
Also, can identity key be used for asymmetric encryption?
While searching for solutions for my problem, I came across another ticket raised on nordic dev zone for the exact problem I am facing,
https://devzone.nordicsemi.com/f/nordic-q-a/106325/mbedtls---using-keys-handled-by-psa-crypto
but it is based on nrf Connect SDK 2.3.0 while I am working on v2.6.1.
1.The difference between the problems currently is that MBEDTLS_USE_PSA_CRYPTO was not defined in pk.h in the other case while it is defined in my case but when I build it still shows undefined function for mbedtls_pk_setup_opaque();.My guess is MBEDTLS_USE_PSA_CRYPTO is getting disabled somehow.
2.The folder nrf_security is missing in the v2.6.1 for me to make the relevant changes to define MBEDTLS_USE_PSA_CRYPTO in nrf-config.h please help me in finding the appropriate location to define the same.
3. I am attaching my files./cfs-file/__key/communityserver-discussions-components-files/4/csr-_2D00_-Copy.zip
4. There are some minor bugs that need to be fixed, sorry for the inconvenience
After looking further I have noticed that when build files are generated the nrf-config.h file does not have MBEDTLS_USE_PSA_CRYPTO defined. I have tried creating a custom header file for mbedtls but I keep getting the error that no file or directory found. I would request you to ignore the previous comment. I have defined the MBEDTLS_USE_PSA_CRYPTO in the custom header that I have created and i need help to add it to the include path. PFA the zip file
certificatesigningrequest.zip
I have been able to define MBEDTLS_USE_PSA_CRYPTO by editing legacy_crypto_config.h.template file in the directory but my question still exists on how to add custom header files to include path
Hi there,
Sigurd is currently out-of-office, but will return next week.
He will continue supporting you when he's back,
regards
Jared
Hi Utkarsh,
Sigurd Hellesvik said:os.mbed.com/.../using-psa-enabled-mbed-tls.htmlDid you see this guide?
How did it go?I am asking cause I just want to get the whole picture
Yes I followed this guide to write my code for generating CSR but it resulted in the following error: Implicit declaration of function : mbedtls_pk_setup_opaque. I further looked into it and found out that even after enabling CONFIG_MBEDTLS_USE_PSA_CRYPTO it was not defined in the nrf-config.h header file, so I defined it there. This led to the code building successfully but after flashing the code onto the board, the psa_generate_key() started failing with the error -134 which stands for PSA_ERROR_NOT_SUPPORTED.
I further looked into why was this happening, and I found out that this happens whenever CONFIG_MBEDTLS_LEGACY_CRYPTO_C is enabled. But without enabling this my code doesn't build.
My problem is very similar to this and I know that there is a solution as that question was solved. Please help me in this regard
Yes I followed this guide to write my code for generating CSR but it resulted in the following error: Implicit declaration of function : mbedtls_pk_setup_opaque. I further looked into it and found out that even after enabling CONFIG_MBEDTLS_USE_PSA_CRYPTO it was not defined in the nrf-config.h header file, so I defined it there. This led to the code building successfully but after flashing the code onto the board, the psa_generate_key() started failing with the error -134 which stands for PSA_ERROR_NOT_SUPPORTED.
I further looked into why was this happening, and I found out that this happens whenever CONFIG_MBEDTLS_LEGACY_CRYPTO_C is enabled. But without enabling this my code doesn't build.
My problem is very similar to this and I know that there is a solution as that question was solved. Please help me in this regard
How about this?
I will try to make a CSR sample myself.
Then you can use that as a reference to check your project.
It will take some time, but I got direct access to our crypto devs so I should be able to get all potential issues I have with this figured out pretty fast.
Im guessing I will be done with such a sample next week.
How does that sound to you?
That would be great !
This one looks like it works for the nRF5340DK, without TF-M.
https://github.com/hellesvik-nordic/samples_for_nrf_connect_sdk/tree/main/crypto/psa_csr
I did not check the output, so that would be for you.
Can you give the sample a roll and let me know how it goes?
EDIT: I was told that ECC would be a better idea than RSA here so I will change it relatively soon
Thank you very much!
Can the same be done using ECDSA? I have changed the code to accommodate the same but I get the following error:
FAILED: modules/nrf/subsys/nrf_security/src/CMakeFiles/mbedcrypto.dir/C_/ncs/v2.6.1/modules/crypto/mbedtls/library/pk_wrap.c.obj
C:\ncs\toolchains\cf2149caf2\opt\zephyr-sdk\arm-zephyr-eabi\bin\arm-zephyr-eabi-gcc.exe -DKERNEL -DMBEDTLS_CONFIG_FILE=\"nrf-config.h\" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=\"nrf-psa-crypto-want-config.h\" -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE=\"nrf-psa-crypto-config.h\" -DNRF5340_XXAA_APPLICATION -DNRF_SKIP_FICR_NS_COPY_TO_RAM -DPICOLIBC_LONG_LONG_PRINTF_SCANF -D_FORTIFY_SOURCE=1 -D_POSIX_C_SOURCE=200809 -D__LINUX_ERRNO_EXTENSIONS__ -D__PROGRAM_START -D__ZEPHYR__=1 -IC:/ncs/v2.6.1/zephyr/include -IC:/Users/Dell/Nordic_Projects/psa_csr_ecc/build_1/zephyr/include/generated -IC:/ncs/v2.6.1/zephyr/soc/arm/nordic_nrf/nrf53 -IC:/ncs/v2.6.1/zephyr/lib/libc/common/include -IC:/ncs/v2.6.1/zephyr/soc/common/nordic_nrf/. -IC:/ncs/v2.6.1/zephyr/soc/arm/nordic_nrf/common/. -IC:/ncs/v2.6.1/nrf/include -IC:/ncs/v2.6.1/nrf/tests/include -IC:/ncs/v2.6.1/modules/hal/cmsis/CMSIS/Core/Include -IC:/ncs/v2.6.1/zephyr/modules/cmsis/. -IC:/ncs/v2.6.1/modules/hal/nordic/nrfx -IC:/ncs/v2.6.1/modules/hal/nordic/nrfx/drivers/include -IC:/ncs/v2.6.1/modules/hal/nordic/nrfx/mdk -IC:/ncs/v2.6.1/zephyr/modules/hal_nordic/nrfx/. -IC:/Users/Dell/Nordic_Projects/psa_csr_ecc/build_1/modules/nrf/subsys/nrf_security/src/include/generated -IC:/ncs/v2.6.1/nrf/subsys/nrf_security/include -IC:/ncs/v2.6.1/nrf/ext/oberon/psa/core/include -IC:/ncs/v2.6.1/nrf/ext/oberon/psa/core/library -IC:/ncs/v2.6.1/modules/crypto/mbedtls/include -IC:/ncs/v2.6.1/modules/crypto/mbedtls/library -IC:/ncs/v2.6.1/nrf/ext/oberon/psa/drivers -isystem C:/ncs/v2.6.1/nrfxlib/crypto/nrf_cc312_platform/include -isystem C:/ncs/v2.6.1/nrfxlib/crypto/nrf_oberon/include -isystem C:/ncs/v2.6.1/nrfxlib/crypto/nrf_oberon/include/mbedtls -fno-strict-aliasing -Os -imacros C:/Users/Dell/Nordic_Projects/psa_csr_ecc/build_1/zephyr/include/generated/autoconf.h -fno-printf-return-value -fno-common -g -gdwarf-4 -fdiagnostics-color=always -mcpu=cortex-m33 -mthumb -mabi=aapcs -mfp16-format=ieee -mtp=soft --sysroot=C:/ncs/toolchains/cf2149caf2/opt/zephyr-sdk/arm-zephyr-eabi/arm-zephyr-eabi -imacros C:/ncs/v2.6.1/zephyr/include/zephyr/toolchain/zephyr_stdint.h -Wall -Wformat -Wformat-security -Wno-format-zero-length -Wno-pointer-sign -Wpointer-arith -Wexpansion-to-defined -Wno-unused-but-set-variable -Werror=implicit-int -fno-pic -fno-pie -fno-asynchronous-unwind-tables -ftls-model=local-exec -fno-reorder-functions --param=min-pagesize=0 -fno-defer-pop -fmacro-prefix-map=C:/Users/Dell/Nordic_Projects/psa_csr_ecc=CMAKE_SOURCE_DIR -fmacro-prefix-map=C:/ncs/v2.6.1/zephyr=ZEPHYR_BASE -fmacro-prefix-map=C:/ncs/v2.6.1=WEST_TOPDIR -ffunction-sections -fdata-sections --specs=picolibc.specs -std=c99 -Wno-unused-function -Wno-unused-variable -Wno-stringop-overflow -Wno-stringop-overread -Wno-strict-aliasing -Wno-uninitialized -Wno-maybe-uninitialized -MD -MT modules/nrf/subsys/nrf_security/src/CMakeFiles/mbedcrypto.dir/C_/ncs/v2.6.1/modules/crypto/mbedtls/library/pk_wrap.c.obj -MF modules\nrf\subsys\nrf_security\src\CMakeFiles\mbedcrypto.dir\C_\ncs\v2.6.1\modules\crypto\mbedtls\library\pk_wrap.c.obj.d -o modules/nrf/subsys/nrf_security/src/CMakeFiles/mbedcrypto.dir/C_/ncs/v2.6.1/modules/crypto/mbedtls/library/pk_wrap.c.obj -c C:/ncs/v2.6.1/modules/crypto/mbedtls/library/pk_wrap.c
In file included from C:/ncs/v2.6.1/modules/crypto/mbedtls/library/pk_internal.h:25,
from C:/ncs/v2.6.1/modules/crypto/mbedtls/library/pk_wrap.c:14:
C:/ncs/v2.6.1/modules/crypto/mbedtls/library/pk_wrap.c: In function 'rsa_opaque_sign_wrap':
C:/ncs/v2.6.1/modules/crypto/mbedtls/library/pk_internal.h:28:67: error: 'psa_to_pk_rsa_errors' undeclared (first use in this function); did you mean 'psa_to_pk_ecdsa_errors'?
28 | psa_to_pk_rsa_errors, \
| ^~~~~~~~~~~~~~~~~~~~
C:/ncs/v2.6.1/nrf/ext/oberon/psa/core/library/psa_util_internal.h:103:35: note: in definition of macro 'PSA_TO_MBEDTLS_ERR_LIST'
103 | psa_status_to_mbedtls(status, error_list, \
| ^~~~~~~~~~
C:/ncs/v2.6.1/modules/crypto/mbedtls/library/pk_wrap.c:1784:20: note: in expansion of macro 'PSA_PK_RSA_TO_MBEDTLS_ERR'
1784 | return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
C:/ncs/v2.6.1/modules/crypto/mbedtls/library/pk_internal.h:28:67: note: each undeclared identifier is reported only once for each function it appears in
28 | psa_to_pk_rsa_errors, \
| ^~~~~~~~~~~~~~~~~~~~
C:/ncs/v2.6.1/nrf/ext/oberon/psa/core/library/psa_util_internal.h:103:35: note: in definition of macro 'PSA_TO_MBEDTLS_ERR_LIST'
103 | psa_status_to_mbedtls(status, error_list, \
| ^~~~~~~~~~
C:/ncs/v2.6.1/modules/crypto/mbedtls/library/pk_wrap.c:1784:20: note: in expansion of macro 'PSA_PK_RSA_TO_MBEDTLS_ERR'
1784 | return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
[64/257] Building C object modules/nrf/subsys/nrf_security/src/CMakeFiles/mbedcrypto.dir/C_/ncs/v2.6.1/modules/crypto/mbedtls/library/ccm.c.obj
ninja: build stopped: subcommand failed.
FATAL ERROR: command exited with status 1: 'C:\ncs\toolchains\cf2149caf2\opt\bin\cmake.EXE' --build 'c:\Users\Dell\Nordic_Projects\psa_csr_ecc\build_1'