• State Not Answered
  • Replies 7 replies
  • Subscribers 91 subscribers
  • Views 377 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 360169
Options

Public and Private key generation for TLS communication using PSA Crypto calls.

AR Jadhav

Hello, 

Overview:

Currently we are using nRF9160 we are using mbedtls library for generating EC key based certificates (self-signed and CSR). Our code is built with TFM and application is non-secure. I need to understand following.
1. What is the role of TFM if application itself is in non-secure mode.

2. I want to remove mbedtls library and use PSA-crypto engine for certificate generation, parsing and signing how that can be possible.

Attaching the .config file after build for your reference. The aim to reduce the heap consumption done by mbedtls and optimize the code.

version used: nrf sdk version 2.7.0

3823.configFile.txt

Thanks,
Akshay

  • 0

    Hi,

    Thanks for the question. 

    Role of TM-F

    So when you build your nRF9160 application for the non-secure board target, the firmware is split into two environments, Secure Processing Environment (SPE) and Non-Secure Processing Environment (NSPE). TF-M runs in SPE it handles all security critical functionality like cryptographic operations, key storage and secure boot. It is also isolated from your application code. Whereas our main application runs in NSPE and this cannot directly access the secure side. The key benefit is that our application never has direct access to cryptographic keys or sensitive data. Instead, it communicates with TF-M through the PSA API.

    Replacing mbed TLS with PSA-crypto for certificates

    - For key generation and signing, you can replace mbed TLS calls with PSA APIs directly. A typical flow using PSA Crypto could be checked from Crypto: EdDSA sample

    - However for CSR generation, the full PSA CSR support (without Mbed TLS) may require patching in NCS. As the PSA Crypto API does not natively handle X.509 certificate parsing or formatting. That layer is still typically handled by mbed TLS's X.509 library. However there is a PSA CSR sample which can help you on it.

    Mainly you wanted to bring down mbed TLS heap use, which in your config that pool is about 28 KB, that mostly reflects how much of mbed TLS is switched on (TLS, X.509, RSA/EC), not PSA itself. So moving keys and signing to PSA is still worth doing, but you’ll still need a small mbed TLS X.509 part for CSR and certificates, so the realistic thing can be to trim what you don’t need, turn on CONFIG_MBEDTLS_USE_PSA_CRYPTO, and only lower CONFIG_MBEDTLS_HEAP_SIZE after you’ve measured again.

    Best Regards,
    Syed Maysum

  • 0 in reply to Syed Maysum Abbas Zaidi

    Hello  

    I tried the examples provided by you to see if I can generate the private keys using psa_crypto, but I am not able to. I can see code gets compiled, but when it comes to run time execution I get below error.


    Error is: 

    PSA_ERROR_NOT_SUPPORTED (-9)

    I am again attaching .config file for your reference. Along with source code snippet.


    psa_key_attributes_t attrs = PSA_KEY_ATTRIBUTES_INIT;
        psa_key_id_t keyId = MBEDTLS_SVC_KEY_ID_INIT;
        uint8_t keyBuf[PSA_BITS_TO_BYTES(256)] = {0};
        size_t keyBufLen = 0;
        psa_status_t psa_status;

        psa_set_key_usage_flags(&attrs, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
        psa_set_key_algorithm(&attrs, PSA_ALG_ECDH);
        psa_set_key_lifetime(&attrs, PSA_KEY_LIFETIME_VOLATILE);
        psa_set_key_type(&attrs, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
        psa_set_key_bits(&attrs, 256);

        LOG_DBG("PSA key attributes set: type=ECC_SECP_R1, bits=256, alg=ECDH, source=generate\n");

        psa_status = psa_generate_key(&attrs, &keyId);
        if (psa_status != PSA_SUCCESS)
        {
            LOG_ERR("PSA key generation failed: status=0x%x (PSA-only mode)\n", psa_status);
            status = false;
        }
        else
        {
            LOG_DBG("PSA key generation success\n");
        }
    7457.kconfig.txt

    Thanks,
    Akshay


  • 0 in reply to AR Jadhav

    Hello Syed Maysum Abbas Zaidi 

    I have one more question, what will happen if I want to remove TFM completely from my build strategy. What is the impact while communicating with modem core.

    Thanks,

    Akshay

  • 0

    Hi,

    Thanks for the detailed information and sorry this has been a pain, especially after our first reply pointed you the wrong way on the sample. We mentioned EdDSA sample before but ECDSA sample is what you want.

    Your build is fine and the runtime failure PSA_ERROR_NOT_SUPPORTED means the key type or flags requested aren't supported in your current setup. The main issue is that the code is creating an ECDH key, but certs and CSRs need ECDSA (signing), not ECDH (key agreement). Secondly, with TF-M, PSA_KEY_USAGE_EXPORT on a private key is often rejected because private keys are meant to stay in the secure partition so use psa_export_public_key() for the public key instead. Also make sure to call psa_crypto_init() once at startup before psa_generate_key().

    The recommended path is to flash the unmodified ECDSA sample on your DK first. If that works, switch your code to ECDSA + PSA_KEY_USAGE_SIGN_HASH. For CSR/cert formatting you still need a small mbed TLS X.509 layer.

    Regarding removing TF-M:

    • Modem should not be affected, as the modem core is a separate processor with its own firmware and TLS stack.
    • Private keys would sit in normal application RAM instead of being hardware isolated in a secure partition.
    • PSA Certified security levels may require TFM as mentioned here.

    Let us know how the ECDSA sample goes on your board and we can help from there.

    Best Regards,
    Syed Maysum

  • 0 in reply to Syed Maysum Abbas Zaidi

    Thanks, Syed, for the explanation. I will try and go through the example you mentioned and report back. 

    I still have a confusion on TFM, few more questions and need some insights related to nRF9160_ns and nRF9160 builds.
    From the nordic's documentation I got to know that when we build the code with _ns configuration TFM comes by default, and we are using the same config for our Project. 
    I just wanted to see if I can get rid of TFM by building my code without _ns configuration and build failed because I am using below configs

Related
Terms of service