Hello,
I have this problem when I try to generate the key: Key generation failed: -134
Here is the prj.conf file:
CONFIG_BUILD_WITH_TFM=y
# CONFIG_TFM_PROFILE_TYPE_MINIMAL=y
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
CONFIG_TFM_IPC=y
CONFIG_TFM_PARTITION_CRYPTO=y
CONFIG_TFM_PARTITION_PLATFORM=y
CONFIG_NRF_SECURITY=y
CONFIG_TFM_PARTITION_CRYPTO=y
CONFIG_TFM_PARTITION_PLATFORM=y
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y
CONFIG_LOG=y
CONFIG_LOG_MODE_MINIMAL=n
CONFIG_LOG_BACKEND_RTT=y
CONFIG_LOG_BACKEND_UART=y
CONFIG_SERIAL=y
CONFIG_CONSOLE=y
CONFIG_UART_CONSOLE=y
CONFIG_USE_SEGGER_RTT=y
here is the file main.c :
#include <zephyr/kernel.h>
#include <psa/crypto.h>
#include <zephyr/sys/printk.h>
static psa_key_handle_t key_handle;
static psa_status_t generate_key(void)
{
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT);
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(&key_attributes, 256);
status = psa_generate_key(&key_attributes, &key_handle);
if (status != PSA_SUCCESS)
{
printk("Key generation failed: %d\n", status);
return status;
}
printk("Key generated successfully. Handle: %u\n", (unsigned int)key_handle);
return status;
}
static psa_status_t export_and_print_public_key(void)
{
psa_status_t status;
uint8_t public_key[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)];
size_t public_key_length;
status = psa_export_public_key(key_handle, public_key, sizeof(public_key), &public_key_length);
if (status != PSA_SUCCESS) {
printk("Failed to export public key: %d\n", status);
return status;
}
printk("Public key exported successfully. Length: %zu\n", public_key_length);
printk("Public Key: ");
for (size_t i = 0; i < public_key_length; i++) {
printk("%02x", public_key[i]);
}
printk("\n");
return status;
}
static psa_status_t sign_message(const uint8_t *message, size_t message_size,
uint8_t *signature, size_t signature_buf_size,
size_t *signature_length)
{
psa_status_t status;
status = psa_sign_message(key_handle, PSA_ALG_ECDSA(PSA_ALG_SHA_256),
message, message_size,
signature, signature_buf_size, signature_length);
if (status != PSA_SUCCESS)
{
printk("Signature failed: %d\n", status);
return status;
}
printk("Signature successful. Length: %zu\n", *signature_length);
printk("Signature: ");
for (size_t i = 0; i < *signature_length; i++)
{
printk("%02x", signature[i]);
}
printk("\n");
return status;
}
static void verify_signature(const uint8_t *message, size_t message_size,
const uint8_t *signature, size_t signature_length)
{
psa_status_t status;
status = psa_verify_message(key_handle, PSA_ALG_ECDSA(PSA_ALG_SHA_256),
message, message_size,
signature, signature_length);
if (status == PSA_SUCCESS) {
printk("Signature verification successful.\n");
} else {
printk("Signature verification failed: %d\n", status);
}
}
int main(void)
{
printk("hello\n");
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS)
{
printk("Failed to initialize PSA crypto: %d\n", status);
return 0;
}
status = generate_key();
if (status != PSA_SUCCESS)
{
return 0;
}
status = export_and_print_public_key();
if (status != PSA_SUCCESS) {
psa_destroy_key(key_handle);
return 0;
}
const uint8_t message_to_sign[] = "Ceci est un message de test.";
uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
size_t signature_length;
status = sign_message(message_to_sign, sizeof(message_to_sign) - 1,
signature, sizeof(signature), &signature_length);
if (status != PSA_SUCCESS) {
psa_destroy_key(key_handle);
return 0;
}
verify_signature(message_to_sign, sizeof(message_to_sign) - 1,
signature, signature_length);
status = psa_destroy_key(key_handle);
if (status != PSA_SUCCESS)
{
printk("Failed to destroy key: %d\n", status);
}
return 0;
}
