• State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 73 subscribers
  • Views 484 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 270865
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ECDSA verify with Optiga Trust X

ezamp

Hello,

I'm using the Infineon Optiga Trust X chip for ECDSA signature verification but I'm having trouble saving the public key.

Currently the public key is generated by a remote server and is received by the device via bluetooth but in the code below I entered it hard-coded. 

The code to save the public key is:

    //Only for test
    uint8_t  pk[] = {
      0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 
      0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x30, 0x2f, 0xc2, 0xa7, 0xdf, 0xc9, 0xff, 0x8c, 0x59, 0x8c, 0x70, 
      0x99, 0x25, 0xf3, 0x86, 0x3c, 0xbd, 0x43, 0x91, 0x20, 0x86, 0xee, 0x6b, 0xa0, 0xbe, 0x65, 0xf6, 0x96, 0xff, 0x89, 
      0x35, 0x83, 0x2b, 0x29, 0x50, 0xe0, 0x25, 0x47, 0x1f, 0xc2, 0x98, 0x4e, 0xee, 0x64, 0x84, 0x95, 0x26, 0x86, 0xb5, 
      0xdd, 0x70, 0x23, 0x0f, 0xe2, 0xc3, 0xbc, 0x6f, 0xec, 0x03, 0x9d, 0x2e, 0xaf, 0xc5, 0x7e
    };
    

    optiga_lib_status = optiga_util_write_data(eDEVICE_PUBKEY_CERT_PRJSPC_1, OPTIGA_UTIL_ERASE_AND_WRITE, 0, pk, 76);
    DEMO_OPTIGA_ERROR_CHECK(optiga_lib_status);

...at the end optiga_lib_status is equal to 0x00.

This is the verify:

    //Only for test
    size_t sig_len = NRF_CRYPTO_ECDSA_SECP256R1_SIGNATURE_SIZE;
    uint8_t sig[] = {
     0x30, 0x45, 0x02, 0x20, 0x0a, 0xb2, 0x1f, 0x85, 0x9a, 0x27, 0x32, 0x5f, 0x0e, 0xe5, 0xf6, 0xa2, 0x37, 0xe1, 
     0x69, 0x7c, 0x65, 0xc3, 0x87, 0xaa, 0x42, 0x5b, 0x07, 0xee, 0x32, 0xbc, 0x62, 0x9c, 0xd2, 0x73, 0xe0, 0x0a, 
     0x02, 0x21, 0x00, 0xd8, 0xa5, 0xb2, 0x09, 0x78, 0x52, 0x65, 0xe3, 0x88, 0xc1, 0x9e, 0x1b, 0x48, 0x02, 0x9b, 
     0xd6, 0xdd, 0x05, 0xd1, 0xe9, 0x83, 0xf4, 0xf0, 0x0e, 0x18, 0x61, 0x1c, 0x52, 0xd3, 0xcd, 0xe7, 0x50
    };

    const uint8_t test2_hash[] = {
      0x63, 0x69, 0x61, 0x6f, 0x63, 0x69, 0x61, 0x6f, 0x63, 0x69, 0x61, 0x6f, 0x63, 0x69, 0x61, 0x6f, 0x63, 0x69,
      0x61, 0x6f, 0x63, 0x69, 0x61, 0x6f, 0x63, 0x69, 0x61, 0x6f, 0x63, 0x69, 0x61, 0x6f
    };

    const size_t test2_hash_len = 32;
    
    
nrf_crypto_ecc_public_key_t pub_key =
        NRF_CRYPTO_INFINEON_SECP256R1_PUBLIC_KEY_FROM_OID(eDEVICE_PUBKEY_CERT_PRJSPC_1);

err_code = nrf_crypto_ecdsa_verify(NULL, &pub_key, test2_hash, test2_hash_len, sig, sig_len);

DEMO_ERROR_CHECK(err_code);

during verification I get the NRF_ERROR_CRYPTO_ECC_KEY_NOT_INITIALIZED (0x00008542) error.

Anyone already have experience with this chip?

Thanks!!!

  • +1

    I am not familiar with this, but I assume it fails in nrf_crypto_ecc_public_key_calculate() where:

        // Check and prepare parameters
    result = nrf_crypto_internal_ecc_key_input_check(
        p_private_key_header,
        NRF_CRYPTO_INTERNAL_ECC_PRIVATE_KEY_INIT_VALUE);

    The actual check in nrf_crypto_internal_ecc_key_input_check() is:

        // Check init value
    VERIFY_TRUE(p_key_header->init_value == init_value, NRF_ERROR_CRYPTO_ECC_KEY_NOT_INITIALIZED);

    It should be possible to breakpoint here and find the difference, e.g. NRF_CRYPTO_INTERNAL_ECC_PRIVATE_KEY_INIT_VALUE is not set.

    Kenneth

Related
Terms of service