• State Not Answered
  • Replies 5 replies
  • Subscribers 67 subscribers
  • Views 1897 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 233327
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

NRF9160 CC310 Crypto Lib Run RSA

DenisAks

Hi everyone,

I few days I tried run on my NRF9160 DK CC310 hardware RSA crypto functions.

When I started it at first I ran security_service demo where board run random number generation.

After it I added similar code only for RSA tests. I take RSA example and added to secure_services.c folowing code:

__TZ_NONSECURE_ENTRY_FUNC
int RSA_Test(unsigned char * in_buf, unsigned char * out_buf)
{
    int keysize;
    int ret = 0;
       
    mbedtls_rsa_context rsa;
    mbedtls_ctr_drbg_context ctr_drbg;
    keysize = 2048;
    //mbedtls_snprintf( title, sizeof( title ), "RSA-%d", keysize );
    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
    
    mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, NULL, keysize, 65537 );
    
    if((ret = mbedtls_rsa_public( &rsa, in_buf, out_buf )) != 0)
    {
      return ret ;          
    };
    return ret;
 
}

After fucntion RSA_Test(buf_in, buf_out) call, in output buffer I always have all zeros and function return  random error value.

Parents
  • 0

    Hi,

    Can you upload your completed project (e.g. everything within <NCS>\nrf\samples\nrf9160\secure_services or similar) so that I can get a better understanding of what you have done and test the exact same on my side?

  • 0 in reply to Einar Thorsrud

    Hi. 

    I tried also this  example:  https://github.com/ARMmbed/mbedtls/blob/development/programs/pkey/rsa_decrypt.c

    This is official example from mbedTLS developers. Also you will need set "Reserved SPM Flash size" to 0x20000 then my code will be copiled without partitions errors.

    For print debug info from secure_service.c mbedtls_printf which use Segger RTT. 

    platform.c 

static int platform_printf_uninit( const char *format, ... )
{


  char buffer[128];  
  va_list args;  
  va_start (args, format);  
  int n = vsnprintf(buffer, sizeof(buffer), format, args);  
  SEGGER_RTT_Write(0, buffer, n);  
  va_end(args);  
  return n;
}

    int RSA_Test(unsigned char * in_buf, unsigned char * out_buf)
{
    int ret = 1;
    int exit_code = -1;
    mbedtls_rsa_context rsa;
    mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctr_drbg;
    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
    const char *pers = "rsa_genkey";

    mbedtls_ctr_drbg_init( &ctr_drbg );
    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
    mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
    mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
 
    mbedtls_printf( "\n  . Seeding the random number generator..." );

    mbedtls_entropy_init( &entropy );
    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
                               (const unsigned char *) pers,
                               strlen( pers ) ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
        goto exit;
    }

    mbedtls_printf( " ok\n  . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
//    fflush( stdout );

    if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
                                     EXPONENT ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_rsa_gen_key returned %d\n\n", ret );
        goto exit;
    }

    mbedtls_printf( " ok\n  . Exporting the public  key in rsa_pub.txt...." );
//    fflush( stdout );

    if( ( ret = mbedtls_rsa_export    ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
        ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) )      != 0 )
    {
        mbedtls_printf( " failed\n  ! could not export RSA parameters\n\n" );
        goto exit;
    }

    if( ( ret = mbedtls_rsa_export    ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
        ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) )      != 0 )
    {
        mbedtls_printf( " failed\n  ! could not export RSA parameters\n\n" );
        goto exit;
    }


exit:

    mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
    mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
    mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
    mbedtls_rsa_free( &rsa );
    mbedtls_ctr_drbg_free( &ctr_drbg );
    mbedtls_entropy_free( &entropy );
    
    return ret;

}

    I got follow error:

    All files which you will need I attached. There is files with paths. 

    Thanks in advance.

    ncs.zip

  • 0 in reply to DenisAks

    Hi,

    I see the same on my side as well when I test your code (mbedtls_ctr_drbg_seed() returns -32, which is MBEDTLS_ERR_AES_INVALID_KEY_LENGTH).  I have not been able to track down the root cause, so I have to look into it and get back to you (hopefully soon).

    Note that RSA will not work yet, as mentionned in another thread since there is a known RSA issue in nrf_cc310_mbedcrypto that will be fixed in the next release. (This specific bug does not affect the RNG though, so I would have expected that to work).

  • 0 in reply to Einar Thorsrud

    Hi ,

    Do you have any news? Maybe you can say how we can solve this problem?

    We need this on current week.

  • 0 in reply to DenisAks

    Hi,

    Unfortunately, the pull request with this fix has not yet made it in, but you can see it here (and use it).  I have not been able to test myself today, but we expect it should fix the issue. The relevant changes are:

    • MBEDTLS_ENTROPY_MAX_GATHER is set to 144
    • MBEDTLS_ENTROPY_FORCE_SH256 must be set (is on by default)
    • MBEDTLs_CTR_DRBG_USE_128_BIT_KEY must be set (also on by default)

    This is due to limitations in the CC310 HW.

    Br,

    Einar

Reply
  • 0 in reply to DenisAks

    Hi,

    Unfortunately, the pull request with this fix has not yet made it in, but you can see it here (and use it).  I have not been able to test myself today, but we expect it should fix the issue. The relevant changes are:

    • MBEDTLS_ENTROPY_MAX_GATHER is set to 144
    • MBEDTLS_ENTROPY_FORCE_SH256 must be set (is on by default)
    • MBEDTLs_CTR_DRBG_USE_128_BIT_KEY must be set (also on by default)

    This is due to limitations in the CC310 HW.

    Br,

    Einar

Children
No Data
Related