nRF5340 CC312 RSA 2048 psa_asymmetric_encrypt PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) Error Issue

RE: nRF5340 CC312 RSA 2048 psa_asymmetric_encrypt PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) Error Issue

Einar Thorsrud — Tue, 18 Mar 2025 11:56:39 GMT

Hi,

It looks like you need a larger RTT buffer. I get the whole log via RTT if I add these configs:

CONFIG_LOG_BACKEND_RTT=y
CONFIG_USE_SEGGER_RTT=y
CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=8192

RE: nRF5340 CC312 RSA 2048 psa_asymmetric_encrypt PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) Error Issue

giun.kim — Sun, 16 Mar 2025 23:27:08 GMT

I'm testing it, and I think I might succeed.

However, I encountered an issue during the debugging process and need your help to check it.

It seems that the log is being truncated when printing the encrypted hex value via RTT.

What would be the best way to resolve this issue?

Below are the applied configuration settings and the captured output screen.

#
# Copyright (c) 2024 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
CONFIG_MAIN_STACK_SIZE=20480
CONFIG_HEAP_MEM_POOL_SIZE=20480

 # Enable logging
CONFIG_CONSOLE=y
CONFIG_LOG=y
CONFIG_LOG_MODE_IMMEDIATE=y
CONFIG_USE_SEGGER_RTT=y

# 로깅 Config 시작
# CONFIG_LOG=y
# CONFIG_USE_SEGGER_RTT=y
# CONFIG_LOG_BACKEND_RTT=y
# CONFIG_LOG_BACKEND_UART=n
# CONFIG_LOG_BUFFER_SIZE=8192
# CONFIG_LOG_PRINTK=n
# CONFIG_LOG_MODE_DEFERRED=y

# CONFIG_LOG_MODE_IMMEDIATE=y
# CONFIG_LOG_PROCESS_THREAD=y
# CONFIG_LOG_PROCESS_THREAD_STACK_SIZE=4096
# CONFIG_LOG_BACKEND_RTT_MODE_BLOCK=y
# CONFIG_LOG_STRDUP_MAX_STRING=512
# 로깅 Config 종료

# Enable nordic security backend and PSA APIs
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_SIGN=y
CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT=y
CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT=y
CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE=y
CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE=y
CONFIG_PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY=y
CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_CRYPT=y

CONFIG_PSA_WANT_ALG_RSA_OAEP=y
CONFIG_PSA_WANT_ALG_SHA_256=y

# This samples source code explicitly uses an RSA key size of 4096
CONFIG_PSA_WANT_RSA_KEY_SIZE_2048=y
# CONFIG_PSA_WANT_RSA_KEY_SIZE_4096=y

# Config Clock Control 시작
CONFIG_SOC_ENABLE_LFXO=n

CONFIG_CLOCK_CONTROL_NRF_K32SRC_RC=y

CONFIG_CLOCK_CONTROL_NRF_K32SRC_RC_CALIBRATION=y

CONFIG_CLOCK_CONTROL_NRF_K32SRC_500PPM=y
# Config Clock Control 종료

RE: nRF5340 CC312 RSA 2048 psa_asymmetric_encrypt PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) Error Issue

Einar Thorsrud — Fri, 14 Mar 2025 09:01:12 GMT

Hi,

I origninally reproduced this issue by adding your code to the RSA sample, and that failes as you described. However, the reason is that the public key used in the sample is of the wrong size. with an updated 2048 bit public key (public_key_der) in nrf/samples/crypto/rsa/src/key.h, encyrption is successfull.

This is all the changes from the RSA sample in 2.9.1 (your changes except the fixed key size and UART instead of RTT logging):

devzone.nordicsemi.com/.../rsa_5F00_sample_5F00_2.9.1.diff

And the resulting output, so this works as expected:

*** Booting nRF Connect SDK v2.9.0-7787b2649840 ***
*** Using Zephyr OS v3.7.99-1f8f3dc29142 ***
[00:00:00.010,833] <inf> rsa: Starting the RSA example...
[00:00:00.016,693] <inf> rsa: Public key length = 270
[00:00:00.022,247] <inf> rsa: RSA Key Size (bytes): 256
[00:00:00.027,832] <inf> rsa: Encryption Buffer Size: 256
[00:00:00.033,691] <inf> rsa: Key Algorithm After Import: 0x7000309
[00:00:00.040,496] <inf> rsa: Max Plaintext Size: 190, Provided Plaintext Size: 16
[00:00:00.048,614] <inf> rsa: Key Type: 0x4001
[00:00:00.053,558] <inf> rsa: Key Algorithm: 0x7000309
[00:00:00.059,204] <inf> rsa: Key Usage Flags: 0x901
[00:00:00.064,666] <inf> rsa: Key Bits: 2048
[00:00:00.084,442] <inf> rsa: Encryption successful! Output Length: 256
[00:00:00.091,522] <inf> rsa: ---- Encrypted Data (len: 256): ----
[00:00:00.098,236] <inf> rsa: Content:
                              7d 51 9e 06 22 e6 11 28  92 c1 f8 d6 5e 39 13 03 |}Q.."..( ....^9..
                              38 3b 5b 7a fe 14 c9 5c  d0 33 3b 52 1b a6 73 f4 |8;[z...\ .3;R..s.
                              32 8a 96 d8 56 0f 03 43  98 d8 5e 71 22 19 d5 f5 |2...V..C ..^q"...
                              6f 06 55 98 96 0d 49 ed  82 73 0d db 32 8f b0 75 |o.U...I. .s..2..u
                              0f 55 24 91 29 5e a6 40  8b 7a 4d 41 78 43 05 64 |.U$.)^.@ .zMAxC.d
                              9e 0f 3c 7c 6d 34 b2 f2  6f bb c6 e9 2f 48 0e 7d |..<|m4.. o.../H.}
                              38 e2 0c 76 1f 40 50 d2  b1 0a 46 18 ee 42 9d ef |8..v.@P. ..F..B..
                              5b be 3c 82 3f 4b bf e4  e3 57 b0 0d 1f ff 7c 10 |[.<.?K.. .W....|.
                              97 d7 3c 92 4a 49 33 03  71 90 d6 69 f6 cb 06 fe |..<.JI3. q..i....
                              18 f2 11 3c aa 1f e4 08  3f ab cd 7c 89 f1 e5 77 |...<.... ?..|...w
                              47 fc a0 8a 09 1a 91 6d  cd 12 7d 5a 4c 2a a0 4a |G......m ..}ZL*.J
                              3a 89 e7 fb 57 f1 df 65  ec 9a 8c 9b e1 28 ec 9a |:...W..e .....(..
                              61 dd 3e d7 a8 82 49 5d  c3 87 c8 9b d2 0a cc 54 |a.>...I] .......T
                              f6 2e 26 51 c7 0d 7b 55  a1 7d 82 55 43 ec e5 95 |..&Q..{U .}.UC...
                              ca 15 96 2c c3 6e 6c da  0f e5 d7 00 c2 aa 8b bb |...,.nl. ........
                              27 bc 50 9c 33 8f 66 01  e6 02 fc 99 23 9c 95 24 |'.P.3.f. ....#..$
[00:00:00.242,279] <inf> rsa: ---- Encrypted Data end  ----
[00:00:00.248,352] <inf> rsa: Encryption failed: 0

(You print an error message here when rsaEncrypt returns 0, but this is incorrect)

RE: nRF5340 CC312 RSA 2048 psa_asymmetric_encrypt PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) Error Issue

giun.kim — Thu, 13 Mar 2025 15:14:51 GMT

I initially suspected that my custom board had an issue, but even when I ran the RSA example with a 2.8V supply on the nRF5340 DK board, setting the board target to cpuapp, the same issue occurred. Even when building with _ns, key import works, but encryption does not proceed.

My ultimate goal is to use the CC312 accelerator for RSA-2048 OAEP encryption and AES-CTR. I also suspect that cpuapp and cpuapp_ns are related to RSA encryption behavior.

I have already spent two days on this issue and would appreciate a quick resolution.

RE: nRF5340 CC312 RSA 2048 psa_asymmetric_encrypt PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) Error Issue

Einar Thorsrud — Thu, 13 Mar 2025 14:52:39 GMT

Hi,

Thanks. I see the same on my end. According to the documentation, RSA OAEP should be supported with CryptoCell as well, and I am checking internally to understand more about this.

RE: nRF5340 CC312 RSA 2048 psa_asymmetric_encrypt PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) Error Issue

giun.kim — Wed, 12 Mar 2025 23:29:40 GMT

devzone.nordicsemi.com/.../64627.main.c

The version in use is 2.8, and the executed main.c file has been uploaded.

RE: nRF5340 CC312 RSA 2048 psa_asymmetric_encrypt PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) Error Issue

Einar Thorsrud — Wed, 12 Mar 2025 14:44:07 GMT

Hi,

Which SDK version are you using? Can you share more of your crypto related code (like key generation or key import) so that I can attempt to reproduce the same on my end?