How to use cryptocell so sign data without a hash

RE: How to use cryptocell so sign data without a hash

Roelof — Tue, 14 Jan 2020 09:43:34 GMT

This is a mechanism from PKCS#11 CKM_RSA_PKCS. Currently it is an OpenSSL command that I am sending to the device.

"The PKCS #1 v1.5 RSA mechanism, denoted CKM_RSA_PKCS, is a multi-purpose mechanism based on the RSA public-key cryptosystem and the block formats initially defined in PKCS #1 v1.5. It supports single-part encryption and decryption; single-part signatures and verification with and without message recovery; key wrapping; and key unwrapping. This mechanism corresponds only to the part of PKCS #1 v1.5 that involves RSA; it does not compute a message digest or a DigestInfo encoding as specified for the md2withRSAEncryption and md5withRSAEncryption algorithms in PKCS #1 v1.5 .

This mechanism does not have a parameter.

This mechanism can wrap and unwrap any secret key of appropriate length. Of course, a particular token may not be able to wrap/unwrap every appropriate-length secret key that it supports. For wrapping, the “input” to the encryption operation is the value of the CKA_VALUE attribute of the key that is wrapped; similarly for unwrapping. The mechanism does not wrap the key type or any other information about the key, except the key length; the application must convey these separately. In particular, the mechanism contributes only the CKA_CLASS and CKA_VALUE (and CKA_VALUE_LEN, if the key has it) attributes to the recovered key during unwrapping; other attributes must be specified in the template."

RE: How to use cryptocell so sign data without a hash

Einar Thorsrud — Mon, 13 Jan 2020 14:13:47 GMT

Hi,

The API does not allow not hashing. However, you can try using CRYS_RSA_HASH_NO_HASH_mode or CRYS_RSA_After_HASH_NOT_KNOWN_mode. That is just intended for testing, though. See supported modes here (excluding MD5):

/*! Defines the enum for the HASH operation mode. */
typedef enum
{
	CRYS_RSA_HASH_MD5_mode  = 0,	/*!< For PKCS1 v1.5 only. The input data will be hashed with MD5 */
	CRYS_RSA_HASH_SHA1_mode = 1,	/*!< The input data will be hashed with SHA1. */
	CRYS_RSA_HASH_SHA224_mode = 2,  /*!< The input data will be hashed with SHA224. */
	CRYS_RSA_HASH_SHA256_mode = 3,  /*!< The input data will be hashed with SHA256. */
	CRYS_RSA_HASH_SHA384_mode = 4,  /*!< The input data will be hashed with SHA384. */
	CRYS_RSA_HASH_SHA512_mode = 5,	/*!< The input data will be hashed with SHA512. */
	CRYS_RSA_After_MD5_mode = 6,		/*!< For PKCS1 v1.5 only. The input data is a digest of MD5 and will not be hashed. */
	CRYS_RSA_After_SHA1_mode = 7,	/*!< The input data is a digest of SHA1 and will not be hashed. */
	CRYS_RSA_After_SHA224_mode = 8,	/*!< The input data is a digest of SHA224 and will not be hashed. */
	CRYS_RSA_After_SHA256_mode = 9,	/*!< The input data is a digest of SHA256 and will not be hashed. */
	CRYS_RSA_After_SHA384_mode = 10,	/*!< The input data is a digest of SHA384 and will not be hashed. */
	CRYS_RSA_After_SHA512_mode = 11,	/*!< The input data is a digest of SHA512 and will not be hashed. */
	CRYS_RSA_After_HASH_NOT_KNOWN_mode = 12,    /*!< \internal used only for PKCS#1 Ver 1.5 - possible to perform verify operation without hash mode input, 
						the hash mode is derived from the signature.*/
	CRYS_RSA_HASH_NO_HASH_mode = 13,	/*!< Used for PKCS1 v1.5 Encrypt and Decrypt.*/
	CRYS_RSA_HASH_NumOfModes,		/*!< Maximal number of hash operations modes. */
	
	CRYS_RSA_HASH_OpModeLast  = 0x7FFFFFFF, /*! Reserved.*/

}CRYS_RSA_HASH_OpMode_t;

By the way, since I have not seen this request before. Which part of PKCS requires raw data?

RE: How to use cryptocell so sign data without a hash

Roelof — Mon, 13 Jan 2020 14:03:38 GMT

As stated previously:

[quote userid="81508" url="~/f/nordic-q-a/55458/how-to-use-cryptocell-so-sign-data-without-a-hash/228708"]Main issue: How can I sign (RSA) data of variable length without using a Hash before or after the signature?[/quote]

I don't want to compute a hash of the data, before or after. I just want to sign the raw data of variable length. My data is an asn.1 structure that should not be hashed. Is this possible?

RE: How to use cryptocell so sign data without a hash

Einar Thorsrud — Mon, 13 Jan 2020 13:57:27 GMT

Hi,

From the last post, it seems clear you want to sign the data, not encrypt it (it was initially unclear). In that case, the function you are looking for is probably CRYS_RSA_PSS_SHA1_Sign(). You can refer to <SDK>\examples\crypto\nrf_cc310\rsa\main.c to see how it is done.

Update: remove the statement about hashing, since it is optional whether to provide a hash digest as input or just the data and let hashing be handled internally.

RE: How to use cryptocell so sign data without a hash

Roelof — Mon, 13 Jan 2020 13:36:08 GMT

Both Functions mentioned requires the UserPubKey_ptr key as input. I want to sign with the Private key (Basically encrypt with the private key). Will CRYS_RSA_PKCS1v15_Encrypt allow a private key as input?

RE: How to use cryptocell so sign data without a hash

Kenneth — Mon, 13 Jan 2020 13:28:27 GMT

Maybe you are looking at the wrong api?

There are two encypryption api's in CC310 for RSA:
RSA: CRYS_RSA_OAEP_Encrypt() and CRYS_RSA_PKCS1v15_Encrypt()

Which to use depends on the variant you want to do, in general look at examples here:
examples\crypto\nrf_cc310\rsa\main.c

RE: How to use cryptocell so sign data without a hash

Roelof — Mon, 13 Jan 2020 05:55:54 GMT

Is there any updates on this issue.

Main issue: How can I sign (RSA) data of variable length without using a Hash before or after the signature?

I want to use the mode CRYS_RSA_HASH_NO_HASH_mode - for signing, but this is not allowed for Signing

RE: How to use cryptocell so sign data without a hash

Roelof — Thu, 12 Dec 2019 09:19:42 GMT

Good day. Thank you for the response.

Unfortunately these do not work. The standard RSA-PKCS does not do a hash function before or after the signing.

The functions you are referring to require the input data to already be the length of the specific hash output and already be in hash format. Variable lengths of data can be expected as input for RSA-PKCS and not in the case of the functions "CRYS_RSA_After_xxx_mode

RE: How to use cryptocell so sign data without a hash

Kenneth — Thu, 12 Dec 2019 09:15:02 GMT

Instead of using:

CRYS_RSA_HASH_SHA1_mode = 1, /*!< The input data will be hashed with SHA1. */

CRYS_RSA_HASH_SHA224_mode = 2, /*!< The input data will be hashed with SHA224. */

CRYS_RSA_HASH_SHA256_mode = 3, /*!< The input data will be hashed with SHA256. */

CRYS_RSA_HASH_SHA384_mode = 4, /*!< The input data will be hashed with SHA384. */

CRYS_RSA_HASH_SHA512_mode = 5, /*!< The input data will be hashed with SHA512. */

Try to use:

CRYS_RSA_After_SHA1_mode = 7, /*!< The input data is a digest of SHA1 and will not be hashed. */

CRYS_RSA_After_SHA224_mode = 8, /*!< The input data is a digest of SHA224 and will not be hashed. */

CRYS_RSA_After_SHA256_mode = 9, /*!< The input data is a digest of SHA256 and will not be hashed. */

CRYS_RSA_After_SHA384_mode = 10, /*!< The input data is a digest of SHA384 and will not be hashed. */

CRYS_RSA_After_SHA512_mode = 11, /*!< The input data is a digest of SHA512 and will not be hashed. *