How can I generate RSA key pairs in nrf52840?

Hello~

I am developing nrf52840 with zephyr ncs tool chain v2.7.0 and SDK v2.6.1.

What we need is to generate RSA key pairs and send public key to App to encrypt data and send back.

The first step, we need to generate RSA key pairs.

I found and example code in Nordic Q&A:

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#include <zephyr/kernel.h>
#include <zephyr/sys/printk.h>
#include <zephyr/logging/log.h>
#include <stdio.h>
#include <stdlib.h>
#include <psa/crypto.h>
#include <psa/crypto_extra.h>
#ifdef CONFIG_BUILD_WITH_TFM
#include <tfm_ns_interface.h>
#endif
#define SAMPLE_PERS_KEY_ID PSA_KEY_ID_USER_MIN
int testRSAvsECCstored(int isRSA){
psa_status_t status;
printk("Destroy old key stored key on %d before test isRSA=%d\n",SAMPLE_PERS_KEY_ID,isRSA);
status = psa_destroy_key(SAMPLE_PERS_KEY_ID);
printk("psa_destroy_key returns %d\n",status);
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

and prj.conf is:

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
CONFIG_MAIN_STACK_SIZE=16384
CONFIG_HEAP_MEM_POOL_SIZE=16384
# Enable logging
CONFIG_CONSOLE=y
CONFIG_LOG=y
# Enable nordic security backend and PSA APIs
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
# Mbedtls configuration
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=16384
CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_SIGN=y
CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR=y
CONFIG_PSA_WANT_ALG_SHA_256=y
# This samples source code explicitly uses an RSA key size of 4096
CONFIG_PSA_WANT_RSA_KEY_SIZE_4096=y
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

but when I run this code in nrf52840 development board, I gets error messages:

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
*** Booting nRF Connect SDK 3758bcbfa5cd ***
NOT with TFM
crypto_init returns: 0
--------------- RSA TEST ---------------
Destroy old key stored key on 1 before test isRSA=1
psa_destroy_key returns -136
psa_generate_key failed! isRSA=1 (Error: -134)
--------------- ECC TEST ---------------
Destroy old key stored key on 1 before test isRSA=0
psa_destroy_key returns -136
psa_generate_key failed! isRSA=0 (Error: -134)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

And, in prj.conf, there are yellow wave line under this line:

CONFIG_NRF_SECURITY=y
It says : CONFIG_NRF_SECURITY was assigned the value y, but got the value n. Missing dependencies:
SOC_FAMILY_NRF

But I do select Nordic Soc when create Build configuration ... why missing SOC_FAMILY_NRF ?

Would you please show me the correct code and correct settings ?