• State Verified Answer
  • Replies 4 replies
  • Subscribers 88 subscribers
  • Views 238 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 357780
Options

Clarification Needed: secp192r1 Support for NRF54L15

mouss

Hello,

We’re starting to implement our solution in an nRF SDK project (version 3.2.2) targeting the nRF54L15 component.
From a cryptography standpoint, we will need to use MbedTLS to verify X.509 certificates signed with ECDSA (secp192r1 curves).

secp256r1 works with the ECDSA sample (https://github.com/nrfconnect/sdk-nrf/blob/main//samples/crypto/ecdsa/README.rst), but we’re running into issues with the secp192r1 curve.

In the nRF Connect SDK documentation, it’s stated that secp192r1 is supported by the Cracen driver but not by the Oberon driver:
https://docs.nordicsemi.com/bundle/ncs-3.0.2/page/nrf/libraries/security/nrf_security/doc/driver_config.html#ecc_curve_support

If I modify the ECDSA sample code to enable CONFIG_PSA_WANT_ECC_SECP_R1_192, I get the following build error:

In file included from C:/my_project/ncs/nrf/samples/crypto/ecdsa/build/ecdsa/generated/library_nrf_security_psa/nrf-psa-crypto-user-config.h:508,
                 from C:/my_project/ncs/modules/crypto/oberon-psa-crypto/include/mbedtls/build_info.h:141,
                 from C:/my_project/ncs/modules/crypto/mbedtls/include/library/common.h:14,
                 from C:/my_project/ncs/modules/crypto/mbedtls/library/oid.c:10:
C:/my_project/ncs/modules/crypto/oberon-psa-crypto/oberon/drivers/oberon_check_unsupported.h:130:10: error: #error "No crypto implementation for secp-r1-192 public key"
  130 |         #error "No crypto implementation for secp-r1-192 public key"
      |          ^~~~~
C:/my_project/ncs/modules/crypto/oberon-psa-crypto/oberon/drivers/oberon_check_unsupported.h:133:10: error: #error "No crypto implementation for secp-r1-192 key pair import"
  133 |         #error "No crypto implementation for secp-r1-192 key pair import"
      |          ^~~~~
C:/my_project/ncs/modules/crypto/oberon-psa-crypto/oberon/drivers/oberon_check_unsupported.h:136:10: error: #error "No crypto implementation for secp-r1-192 key pair export"
  136 |         #error "No crypto implementation for secp-r1-192 key pair export"
      |          ^~~~~
C:/my_project/ncs/modules/crypto/oberon-psa-crypto/oberon/drivers/oberon_check_unsupported.h:140:10: error: #error "No crypto implementation for secp-r1-192 key pair generate"
  140 |         #error "No crypto implementation for secp-r1-192 key pair generate"
      |          ^~~~~
ninja: build stopped: subcommand failed.
FATAL ERROR: command exited with status 1: 'C:\ncs\toolchains\c717907b94\opt\bin\cmake.EXE' --build C:/my_project/ncs/nrf/samples/crypto/ecdsa/build/ecdsa

If I remove the option and, in the sample code, replace:

psa_set_key_bits(&key_attributes, 256);

with:

psa_set_key_bits(&key_attributes, 192);

the build succeeds, but I then get a runtime error in the Cracen driver at this point:
https://github.com/nrfconnect/sdk-nrf/blob/main/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/internal/ecc/cracen_ecc_helpers.c#L88

Is the secp192r1 curve actually supported by the Cracen driver and by the nRF54L15 component? Which options need to be enabled to use it?

Thanks
Parents Reply Children
Related
Terms of service