nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

mglettig — Mon, 31 May 2021 08:04:39 GMT

I try to achieve the same thing. Thanks for posting a step by step guide. I will try this out. I guess the workaround (part 1 above) is no longer needed with the current release (v1.5.1) of NRF Connect. Correct? What about part 4. Were there any changes in NRF Connect regarding generating the entropy?

Kind regards,

Michael

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

PopradiArpad — Thu, 06 Aug 2020 13:34:14 GMT

Hi Einar,

your workaround works like a charm :)

Here is step by step how to generate EC 256 key pair. (X509 certificate is not needed by Google Cloud IoT)

For nRF Connect SDK v1.3.0

1. Apply the needed pieces of workaround :

secure_services.h
-----------------
// https://devzone.nordicsemi.com/f/nordic-q-a/63576/nrf91-how-is-it-possible-to-generate-ec-256-key-pair-and-a-self-signed-x-509-certificate https://github.com/nrfconnect/sdk-nrf/pull/2519/files
#include <zephyr.h>
..
// https://devzone.nordicsemi.com/f/nordic-q-a/63576/nrf91-how-is-it-possible-to-generate-ec-256-key-pair-and-a-self-signed-x-509-certificate https://github.com/nrfconnect/sdk-nrf/pull/2519/files
//int spm_request_random_number(u8_t *output, size_t len, size_t *olen);
static inline int spm_request_random_number(u8_t *output, size_t len, size_t *olen);
int spm_request_random_number_nsc(u8_t *output, size_t len, size_t *olen);
static inline int spm_request_random_number(u8_t *output, size_t len, size_t *olen)
{
	k_sched_lock();
	int err = spm_request_random_number_nsc(output, len, olen);

	k_sched_unlock();
	return err;
}

secure_services.c
-----------------
// https://devzone.nordicsemi.com/f/nordic-q-a/63576/nrf91-how-is-it-possible-to-generate-ec-256-key-pair-and-a-self-signed-x-509-certificate https://github.com/nrfconnect/sdk-nrf/pull/2519/files
//int spm_request_random_number(u8_t *output, size_t len, size_t *olen)
int spm_request_random_number_nsc(u8_t *output, size_t len, size_t *olen)
{
	int err;

	if (len != MBEDTLS_ENTROPY_MAX_GATHER) {
		return -EINVAL;
	}

	err = mbedtls_hardware_poll(NULL, output, len, olen);
	return err;
}

2. Add mbedTLS support in prj.conf:

# Generate credentials
# Based on
#   ncs/zephyr/samples/net/cloud/google_iot_mqtt/prj.conf
#   ncs/iluminate-hub-nrf9160/build_nrf9160dk_nrf9160ns/mcuboot/zephyr/.config
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_BUILTIN=y
#   Configure mbedTLS directly with its configuration file instead through Zephyr config symbols
#     Relative from ncs/modules/crypto/mbedtls/configs/config-tls-generic.h
CONFIG_MBEDTLS_CFG_FILE="../../../../iluminate-hub-nrf9160/config-mbedtls.h"

3. Configure mbedTLS by an own mbedTLS config file based on ncs/modules/crypto/mbedtls/configs/config-tls-generic.h and positioned in the project directory.

I named it config-mbedtls.h.

//Changes relative to ncs/modules/crypto/mbedtls/configs/config-tls-generic.h
//----------------------------------------------------------------------------------
  // general settings
#define MBEDTLS_ERROR_C
  // for printing mbedTLS keys and certificates
#define MBEDTLS_PEM_WRITE_C
#define MBEDTLS_PK_WRITE_C
#define MBEDTLS_BASE64_C
  // for key generation
#define MBEDTLS_PK_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_OID_C
#define MBEDTLS_ASN1_WRITE_C

4. The C code

#include "secure_services.h"
#include "mbedtls/ecdsa.h"
#include "mbedtls/pk.h"
#include "mbedtls/error.h"

#include <logging/log.h>
LOG_MODULE_REGISTER(credentials, CONFIG_ASSET_TRACKER_LOG_LEVEL);


// The generated random number has fix 144 length. See doc of spm_request_random_number
#define GENERATED_RANDOM_NUMBER_LENGTH 144

// See mbedtls_entropy_func as example
static int gen_true_random_number(void *unused, unsigned char *output, size_t len )
{
  // spm_request_random_number uses uint8_t and not unsigned char
  __ASSERT(sizeof(unsigned char) == sizeof(uint8_t), "Adapt type!");

  if( len > GENERATED_RANDOM_NUMBER_LENGTH )
  {
    LOG_ERR( "Max generatable real random number length exceeded");
    return -1;
  }

  static uint8_t rnd_number[GENERATED_RANDOM_NUMBER_LENGTH];
  memset( rnd_number, 0, GENERATED_RANDOM_NUMBER_LENGTH);
  size_t rnd_number_length = 0;
  int err = spm_request_random_number(rnd_number, GENERATED_RANDOM_NUMBER_LENGTH, &rnd_number_length);
  if( err != 0 )
  {
    LOG_ERR( "Can't get real random number: %d", err);
    return -1;
  }

  if( rnd_number_length < len )
  {
    LOG_ERR( "Generated real random number is too short");
    return -1;
  }

  memcpy( output, rnd_number, len );

  return 0;
}

static void log_key(mbedtls_pk_context * key, int (f_writer)( mbedtls_pk_context *, unsigned char *, size_t), char* err_buf, size_t err_buf_length)
{
  unsigned char buf[1024];
  int err = f_writer(key, buf, sizeof(buf));
  if (err != 0)
  {
    mbedtls_strerror(err, err_buf, err_buf_length);
    LOG_ERR("Can not write -0x%04x - %s\n\n", (unsigned int) -err, err_buf);
    return;
  }
  LOG_INF("\n%s",buf);
}

static inline void log_private_key(mbedtls_pk_context * key, char* err_buf, size_t err_buf_length)
{
  log_key(key, mbedtls_pk_write_key_pem, err_buf, err_buf_length);
}

static inline void log_public_key(mbedtls_pk_context * key, char* err_buf, size_t err_buf_length)
{
  log_key(key, mbedtls_pk_write_pubkey_pem, err_buf, err_buf_length);
}

static void log_keys(mbedtls_pk_context * key, char* err_buf, size_t err_buf_length)
{
  log_private_key(key, err_buf, err_buf_length);
  log_public_key(key, err_buf, err_buf_length);
}


static int generate_key(mbedtls_pk_context * key, char* err_buf, size_t err_buf_length)
{
  int err;

  LOG_INF("Generating key pairs, it takes ~3 sec.");
  mbedtls_pk_init(key);
  if ((err = mbedtls_pk_setup(key, mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY))) != 0)
  {
    mbedtls_strerror(err, err_buf, err_buf_length);
    LOG_ERR("Can't setup key context -0x%04x - %s\n\n", (unsigned int) -err, err_buf);
    return err;
  }

  err = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP256R1, /*ec_curve,*/
                            mbedtls_pk_ec(*key),
                            gen_true_random_number, NULL );
  if (err != 0)
  {
    mbedtls_strerror(err, err_buf, err_buf_length);
    LOG_ERR("Can not generate key -0x%04x - %s\n\n", (unsigned int) -err, err_buf);
    return err;
  }
  LOG_INF( "Key pair generated.");

  return 0;
}

// https://tls.mbed.org/kb/how-to/generate-a-self-signed-certificate
// https://github.com/ARMmbed/mbedtls/blob/development/programs/pkey/gen_key.c
/*
  Check whether the generated key pair are right:
  1. log_keys(&key)
  2. Copy the content into private_key.pem, public_key.pem
  3. Verify them with a sign and verify process
    cat blablabla > bla.txt
    openssl dgst -sha1 -sign private_key.pem bla.txt > signature.bin
    openssl dgst -sha1 -verify public_key.pem -signature signature.bin bla.txt
*/
void main(void)
{
  char err_buf[512];

  mbedtls_pk_context key;
 
  if (generate_key(&key, err_buf, sizeof(err_buf)) != 0)
    return;

  log_keys(&key, err_buf, sizeof(err_buf));

  mbedtls_pk_free(&key);
}

That's it.

The x509 certificate creation needs more setup and code but because it's not needed I don't post it.

Best regards,

Árpád

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

PopradiArpad — Tue, 04 Aug 2020 16:19:43 GMT

Hi Einar,

thank you for your answer!

to mbedTLS configuration:

It's really much easier to configure mbedTLS directly by an mbedTLS config file then through the predefined Zephyr config symbols. The only tricky part was having that file within my project.

But this prj.conf snippets does it:

# Generate credentials
CONFIG_MBEDTLS=y
# Configure mbedTLS directly with its configuration file instead through Zephyr config symbols
# Relative from ncs/modules/crypto/mbedtls/configs/config-tls-generic.h
CONFIG_MBEDTLS_CFG_FILE="../../../../MY-PROJECT/config-tls.h"

Writing the config file is easy: all the missing mbedTLS config definitions are checked by mbedTLS itself

during compilation or in case of a link error it's easy to find by the guard macro name.

to the secure service causing crash:

later.

Best regards,

Árpád

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

Einar Thorsrud — Tue, 04 Aug 2020 07:55:30 GMT

Hi Árpád,

[quote user="PopradiArpad"]thanks for the hint. By trying to follow it, I get trapped by secure service causing a crash. [/quote]

I see. Have you applied the workaround?

[quote user="PopradiArpad"]How can I create and use such a config file without messing up Nordic's mbedtls configuration?[/quote]

I have not had a chance to test this myself, but I would not expect setting MBEDTLS_PK_WRITE_C in the mbedTLS config header file would mess up anything? In what way does it cause problems?

Einar

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

PopradiArpad — Mon, 03 Aug 2020 14:49:25 GMT

Hi Einar,

thanks for the hint. By trying to follow it, I get trapped by secure service causing a crash.

And I have other problem too: I want to print out the created keys to the console with

mbedtls_pk_write_pubkey_pem and mbedtls_pk_write_key_pem but they need

MBEDTLS_PK_WRITE_C to be defined, which needs a specialized mbedtls config file.

(At least I have not found a Zephyr Kconfig macro to accomplish this.)

How can I create and use such a config file without messing up Nordic's mbedtls configuration?

Best regards,

Árpád

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

Einar Thorsrud — Thu, 30 Jul 2020 10:54:42 GMT

Hi Árpád,

I cannot comment on when new features will be available, unfortunately. However, I see I was a bit too pessimistic in my previous reply. You can in fact make your own solution, and use the RNG support in the CC310 via the Secure Partition Manager, which has the spm_request_random_number() function. See Secure services. This just gives you entropy, and then you can use a pure SW library of your preference for the rest.

Einar

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

PopradiArpad — Wed, 29 Jul 2020 14:01:20 GMT

Hi Einar,

thank you for your fast answer. I understand ongoing work :)

Approximately when do you have a proper solution?

Best regards,

Árpád

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

Einar Thorsrud — Wed, 29 Jul 2020 13:28:18 GMT

Hi Árpád,

This is not straightforward.

[quote user="PopradiArpad"][/quote]

Why does the mbedTLS depends on CONFIG_NORDIC_SECURITY_BACKEND?

mbedTLS is a standalone lib, why is this dependency?

You need an entropy source in order to generate random numbers, and the only entropy source available to the application on the nRF9160 is the TRNG within the CC310 peripheral. The API for the CC310 in the nRF Connect SDK is mbed TLS, via the nordic security backend. This is still ongoing work, though. We do not have a proper solution ready at the moment.

It might be better to find some other way to generate the X509 certificate in pure SW, but in that case, it would only be for experimentation, as you will not have a usable secure solution without a proper entropy source.

Einar

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

PopradiArpad — Wed, 29 Jul 2020 13:07:37 GMT

Hi Einar,

thank you for your reply. Unfortunately

CONFIG_MBEDTLS_X509_LIBRARY=y

depends on

CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_MBEDTLS_CFG_FILE="config-tls-generic.h"

and the compilation results in:

get_target_property() called with non-existent target "platform_cc310".

I build for nrf9160dk_nrf9160ns.

How can I setup prj.conf to get the mbedTLS X509 module?

Why does the mbedTLS depends on CONFIG_NORDIC_SECURITY_BACKEND?

mbedTLS is a standalone lib, why is this dependency?

Here are my mbed config settings:

# Generate keys
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED=y
CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
CONFIG_MBEDTLS_ENTROPY_ENABLED=y
# Create certificate
CONFIG_MBEDTLS_CFG_FILE="config-tls-generic.h"
CONFIG_NORDIC_SECURITY_BACKEND=y
# Why this depends on CONFIG_NORDIC_SECURITY_BACKEND??
CONFIG_MBEDTLS_X509_LIBRARY=y

Best regards,

Árpád

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

Einar Thorsrud — Tue, 28 Jul 2020 15:01:15 GMT

Hi Árpád,

I would assume that you could do this using the X.509 module in mbed TLS. It has support for building X509 certificates. I have not tested this myself though, and cannot provide any more details.

Einar

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

PopradiArpad — Fri, 24 Jul 2020 09:33:18 GMT

Hi Simon,

that is partially answer to my question. Thank you.

The rest of the question is:

is it possible -and if yes how- to generate elliptic curve keys and an x509 certificate needed by Google Cloud IoT on the nRF9160?

The generation with openssl on a desktop machine is described here:

https://cloud.google.com/iot/docs/how-tos/credentials/keys#generating_an_elliptic_curve_keys

https://cloud.google.com/iot/docs/how-tos/credentials/keys#generating_an_es256_key_with_a_self-signed_x509_certificate

I want to know whether it's possible to do the same - of course not with openssl- on the device itself.

Probably with the nrf_oberon crypto library?

For example I found ocrypto_ecdsa_p256_public_key in the nrf_oberon lib, but how to make an X509 certificate?

With kind regards,

Árpád

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

Simon — Thu, 23 Jul 2020 20:54:42 GMT

I got an answer on how to go about this:

"DER is just a binary encoded PEM. they can use base64_decode(), passing in the base64 text from the PEM (data between the BEGIN/END lines).

verify using openssl:

openssl x509 -outform der -in pem_in.pem -out der_out.crt"

Best regards,
Simon

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

Simon — Wed, 22 Jul 2020 20:00:14 GMT

I'm sorry for the delay, somehow I left this ticket behind and forgot to do further investigation. I have asked some developers internally and currently waiting for an answer.

Best regards,

Simon

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

PopradiArpad — Mon, 13 Jul 2020 10:17:24 GMT

Hi Simon,

thank your for your reply, but my question is how to generate all of this ON the nRF9160. Because if that would be possible

than the private key should not leave the device ensuring a higher security level compared to generating these keys outside of the device and transmitting over some channel.

Could you please ask for that? It would be good, if the key generation could happen on the device.

With kind regards,

Árpád

RE: nRF91 How is it possible to generate EC 256 key pair and a self-signed X.509 certificate?

Simon — Sun, 12 Jul 2020 21:40:55 GMT

I this link useful? I don't know too much about this, but I can do some more investigation and ask internally if the link didn't help.

Best regards,

Simon