I am using the NRF52840 and SDK15.3. My goal is to sign a payload using RSA and then verify on the NRF side of things.
The signing scheme is done with openssl on my computer:
1. SHA-256 hash over entire payload --> fingerprint
2. Sign fingerprint using RSA algo + private key --> signature
3. Concatenate signature to front of payload and send that over BLE
On the nRF side I'm using the CC310 backend and trying to:
1. Verify signature using RSA and public key --> extracted payload fingerprint
2. SHA-256 hash on payload --> calculated fingerprint
3. If payload fingerprint == calculated fingerprint, then the payload is said to be from a valid source
On the nRF side of things, I have #2 working -- I can calculate the hash using nrf_crypto_hash_init/update/finalize functions and verify that it is identical to the fingerprint I calculated using openssl on my computer -- so all good there. The piece I'm missing is the RSA verification using the public key.
I am trying to use the CryptoCell API directly as shown in examples/crypto/nrf_cc310/rsa/ (code summary shown below). I get an error code 0xF00C25 when calling CRYS_RndInit(), which from what I can tell is CRYS_RND_MODULE_ERROR_BASE + POLY_ERROR_IDX but after searching through the InfoCenter, couldn't glean very much about what that actually means. Does anyone have insight into what might be happening here? FYI, besides the hashing I am using the nrf_crypto libraries to enable LESC -- could there be a conflict there of some kind?
extern CRYS_RND_State_t* rndState_ptr;
extern CRYS_RND_WorkBuff_t* rndWorkBuff_ptr;
{
...
NVIC_EnableIRQ(CRYPTOCELL_IRQn);
NRF_CRYPTOCELL->ENABLE = 1;
err_code = SaSi_LibInit();
if (err_code != SA_SILIB_RET_OK)
{
NRF_LOG_ERROR("Failed SaSi_LibInit - err = 0x%x\n", err_code);
return false;
}
err_code = CRYS_RndInit(rndState_ptr, rndWorkBuff_ptr);
if (err_code != SA_SILIB_RET_OK)
{
NRF_LOG_ERROR("Failed CRYS_RndInit - err = 0x%x\n", err_code);
return false;
}
...
}
