NRF9160 CC310 Crypto Lib Run RSA

Hi,

Can you upload your completed project (e.g. everything within <NCS>\nrf\samples\nrf9160\secure_services or similar) so that I can get a better understanding of what you have done and test the exact same on my side?

Hi. 

I tried also this  example:  https://github.com/ARMmbed/mbedtls/blob/development/programs/pkey/rsa_decrypt.c

This is official example from mbedTLS developers. Also you will need set "Reserved SPM Flash size" to 0x20000 then my code will be copiled without partitions errors.

For print debug info from secure_service.c mbedtls_printf which use Segger RTT. 

platform.c 

static int platform_printf_uninit( const char *format, ... )
{


  char buffer[128];  
  va_list args;  
  va_start (args, format);  
  int n = vsnprintf(buffer, sizeof(buffer), format, args);  
  SEGGER_RTT_Write(0, buffer, n);  
  va_end(args);  
  return n;
}

int RSA_Test(unsigned char * in_buf, unsigned char * out_buf)
{
    int ret = 1;
    int exit_code = -1;
    mbedtls_rsa_context rsa;
    mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctr_drbg;
    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
    const char *pers = "rsa_genkey";

    mbedtls_ctr_drbg_init( &ctr_drbg );
    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
    mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
    mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
 
    mbedtls_printf( "\n  . Seeding the random number generator..." );

    mbedtls_entropy_init( &entropy );
    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
                               (const unsigned char *) pers,
                               strlen( pers ) ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
        goto exit;
    }

    mbedtls_printf( " ok\n  . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
//    fflush( stdout );

    if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
                                     EXPONENT ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_rsa_gen_key returned %d\n\n", ret );
        goto exit;
    }

    mbedtls_printf( " ok\n  . Exporting the public  key in rsa_pub.txt...." );
//    fflush( stdout );

    if( ( ret = mbedtls_rsa_export    ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
        ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) )      != 0 )
    {
        mbedtls_printf( " failed\n  ! could not export RSA parameters\n\n" );
        goto exit;
    }

    if( ( ret = mbedtls_rsa_export    ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
        ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) )      != 0 )
    {
        mbedtls_printf( " failed\n  ! could not export RSA parameters\n\n" );
        goto exit;
    }


exit:

    mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
    mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
    mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
    mbedtls_rsa_free( &rsa );
    mbedtls_ctr_drbg_free( &ctr_drbg );
    mbedtls_entropy_free( &entropy );
    
    return ret;

}

I got follow error:

All files which you will need I attached. There is files with paths. 

Thanks in advance.

ncs.zip

Hi. 

I tried also this  example:  https://github.com/ARMmbed/mbedtls/blob/development/programs/pkey/rsa_decrypt.c

This is official example from mbedTLS developers. Also you will need set "Reserved SPM Flash size" to 0x20000 then my code will be copiled without partitions errors.

For print debug info from secure_service.c mbedtls_printf which use Segger RTT. 

platform.c 

static int platform_printf_uninit( const char *format, ... )
{


  char buffer[128];  
  va_list args;  
  va_start (args, format);  
  int n = vsnprintf(buffer, sizeof(buffer), format, args);  
  SEGGER_RTT_Write(0, buffer, n);  
  va_end(args);  
  return n;
}

int RSA_Test(unsigned char * in_buf, unsigned char * out_buf)
{
    int ret = 1;
    int exit_code = -1;
    mbedtls_rsa_context rsa;
    mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctr_drbg;
    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
    const char *pers = "rsa_genkey";

    mbedtls_ctr_drbg_init( &ctr_drbg );
    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
    mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
    mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
 
    mbedtls_printf( "\n  . Seeding the random number generator..." );

    mbedtls_entropy_init( &entropy );
    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
                               (const unsigned char *) pers,
                               strlen( pers ) ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
        goto exit;
    }

    mbedtls_printf( " ok\n  . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
//    fflush( stdout );

    if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
                                     EXPONENT ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_rsa_gen_key returned %d\n\n", ret );
        goto exit;
    }

    mbedtls_printf( " ok\n  . Exporting the public  key in rsa_pub.txt...." );
//    fflush( stdout );

    if( ( ret = mbedtls_rsa_export    ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
        ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) )      != 0 )
    {
        mbedtls_printf( " failed\n  ! could not export RSA parameters\n\n" );
        goto exit;
    }

    if( ( ret = mbedtls_rsa_export    ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
        ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) )      != 0 )
    {
        mbedtls_printf( " failed\n  ! could not export RSA parameters\n\n" );
        goto exit;
    }


exit:

    mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
    mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
    mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
    mbedtls_rsa_free( &rsa );
    mbedtls_ctr_drbg_free( &ctr_drbg );
    mbedtls_entropy_free( &entropy );
    
    return ret;

}

I got follow error:

All files which you will need I attached. There is files with paths. 

Thanks in advance.

ncs.zip

Hi,

I see the same on my side as well when I test your code (mbedtls_ctr_drbg_seed() returns -32, which is MBEDTLS_ERR_AES_INVALID_KEY_LENGTH).  I have not been able to track down the root cause, so I have to look into it and get back to you (hopefully soon).

Note that RSA will not work yet, as mentionned in another thread since there is a known RSA issue in nrf_cc310_mbedcrypto that will be fixed in the next release. (This specific bug does not affect the RNG though, so I would have expected that to work).

Hi Einar,

Do you have any news? Maybe you can say how we can solve this problem?

We need this on current week.

Hi,

Unfortunately, the pull request with this fix has not yet made it in, but you can see it here (and use it).  I have not been able to test myself today, but we expect it should fix the issue. The relevant changes are:

• MBEDTLS_ENTROPY_MAX_GATHER is set to 144
• MBEDTLS_ENTROPY_FORCE_SH256 must be set (is on by default)
• MBEDTLs_CTR_DRBG_USE_128_BIT_KEY must be set (also on by default)

This is due to limitations in the CC310 HW.

Br,

Einar