Migration from micro_ecc to oberon backend for ECDSA. Signature verification failure.

Question

Hi,
I'm using code based on sdk/components/libraries/bootloader/dfu/ for ECDSA verification of the signature. But switched to Oberon crypto backend. The signature was successfully verified with micro ecc but fails with Oberon.
I suspect next can be the root cause:

// <q> NRF_CRYPTO_BACKEND_MICRO_ECC_LITTLE_ENDIAN_ENABLED - Enable non-standard little endian byte order.

// <i> This affects parameters for all ECC API (raw keys, signature, digest, shared secret). Only for use in nRF SDK DFU!

#ifndef NRF_CRYPTO_BACKEND_MICRO_ECC_LITTLE_ENDIAN_ENABLED
#define NRF_CRYPTO_BACKEND_MICRO_ECC_LITTLE_ENDIAN_ENABLED 0
#endif

Please suggest the possible solution?

Vidar Berg · Accepted Answer

Hi, 
 Thanks for confirming. I found this listed under known issues in the releases notes for SDK 15.0.0: 
 Changing the backend for nrf_crypto in sdk_config.h alone is not sufficient because the relevant files are not included in the build and include paths. See the Migration Guide for a walkthrough of changing from the µECC to the Oberon backend. 
 And here is the section of the migration document that it's referring to: Porting from µECC to nrf_oberon. 
 Please make sure you have followed the migration steps outlined in the documentation I linked to above, particularly step 6 which reverses the endianness.

Migration from micro_ecc to oberon backend for ECDSA. Signature verification failure.

Top Replies