• State Not Answered
  • Replies 5 replies
  • Subscribers 74 subscribers
  • Views 2560 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 259560
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Support for Public/Private key pair Generation as part of ECC

Srinivas V

Hi Team,

We need the support for ECC Public/Private key pair generation mechanism as part of the digital signature verification. In example project they have given hard coded keys and we are using the same keys for signing and verification.

How to generate the keys and how to use for ECC Oberon Library for digital signature verification.

Regards,

Srinivas.V

Parents
  • 0

    Hi,

    Are you using the nRF5 SDK? If so, you can use the nrf_crypto library to generate key pair using nrf_crypto_ecc_key_pair_generate(). The oberon library itself cannot generate keys all by itself as you need an RNG. If you use nrf_crypto (together with Oberon or other backend), then sticking with the nrf_crypto API is the way to go. If not, then you can refer to the implementation of for instance nrf_crypto_backend_secp256r1_key_pair_generate() in <nRF5 SDK>/components/libraries/crypto/backend/oberon/oberon_backend_ecc.c to see how you can do this by first generating a private key using the RNG, then generating a public key from that using ocrypto_ecdh_p256_public_key().

  • 0 in reply to Einar Thorsrud

    Hi Einar,

    Thanks for your reply. Actually we are using the curve secp256r1 curve, but inside the key generation function we are calling the 

        1. nrf_crypto_backend_oberon_ecc_secp256r1_rng() for private key generation 

        2. ocrypto_ecdh_p256_public_key() for public key generation. why ecdh_p256 used for public key instead of            ecc_secp256r1

    And one more thing is we need the key generation mechanism support for RSA2898 with PBKDF2 (P, S, c, dkLen).Is there any support in oberon library for this.

    Regards,

    Srinivas.V

  • +1 in reply to Srinivas V

    Hi Srinivas,

    Srinivas V said:

    Actually we are using the curve secp256r1 curve, but inside the key generation function we are calling the 

        1. nrf_crypto_backend_oberon_ecc_secp256r1_rng() for private key generation 

    That is the same as the nrf_crypto implementation I referred to, then. For reference:

    ret_code_t nrf_crypto_backend_oberon_ecc_secp256r1_rng(uint8_t data[32])
{
#if NRF_MODULE_ENABLED(NRF_CRYPTO_RNG)

    static const uint8_t min_value[32] =
    {
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
    };
    static const uint8_t max_value[32] =
    {
        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
        0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x50,
    };
    return nrf_crypto_rng_vector_generate_in_range(data, min_value, max_value, 32);

#else
    return NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE;
#endif
}


ret_code_t nrf_crypto_backend_secp256r1_key_pair_generate(
    void * p_context,
    void * p_private_key,
    void * p_public_key)
{
    int result;

    nrf_crypto_backend_secp256r1_private_key_t * p_prv =
        (nrf_crypto_backend_secp256r1_private_key_t *)p_private_key;

    nrf_crypto_backend_secp256r1_public_key_t * p_pub =
        (nrf_crypto_backend_secp256r1_public_key_t *)p_public_key;

    result = nrf_crypto_backend_oberon_ecc_secp256r1_rng(p_prv->key);

    if (result != NRF_SUCCESS)
    {
        return result;
    }

    result = ocrypto_ecdh_p256_public_key(p_pub->key, p_prv->key);

    if (result != 0)
    {
        return NRF_ERROR_CRYPTO_INTERNAL;
    }
    return NRF_SUCCESS;
}

    Srinivas V said:
        2. ocrypto_ecdh_p256_public_key() for public key generation. why ecdh_p256 used for public key instead of            ecc_secp256r1

    The ocrypto_ecdh_p256_public_key() function is used for the NIST secp256r1 curve. I cannot say why "r1" is not part of the function name, but probably that is because it is the only P256 variant that is supported. You can see that the file documentation for <SDK>\external\nrf_oberon\include\ocrypto_ecdh_p256.h states the following: APIs to do Elliptic Curve Diffie-Hellman using the NIST secp256r1 curve.

    Srinivas V said:
    And one more thing is we need the key generation mechanism support for RSA2898 with PBKDF2 (P, S, c, dkLen).Is there any support in oberon library for this.

    No, the oberon library does not support generating RSA keys, so you would have to implement code for that yourself. (It does support importing RSA keys and doing crypto operations with them, though.)

    If you use the nRF52840 then another option could be to use the CC310 peripheral and CRYS_RSA_KG_GenerateKeyPair() to generate the key. That is the only code we provide in the SDK for RSA key generation.

    Einar

  • 0 in reply to Einar Thorsrud

    HI Einar,

    Thanks for your reply. Is there any function equivalent to "RFC2898Derive()" function in cc310 library. which is used for to generate key based on password , iterations and Salt as inputs and generate key as a output.

    DerivedKey = RFC2898Derive(Password, Iterations, Salt)

    Regards,

    Srinivas.V

  • 0 in reply to Srinivas V

    Hi Srinivas,

    The SDK includes mbed TLS, which includes functionality for that (see pkcs5.h). None of the RFC 2898 (PBKDF2) functionality is used in the SDK though, nor do I have any experience with it. I suggest you refer to mbed TLS documentation for details on that.

    Einar

Reply Children
No Data
Related
Terms of service