• State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 89 subscribers
  • Views 978 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 279084
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using nrf_oberon with NCS

OliverB

Hi,

I already read all similar ticktes but none of them does solve my problem.

i'm using nRF Connect SDK (NCS) with a custom board equipped with nRF52833. To implement an ECDH key exchange I have to receive a crompressed PK and to generate/derive a secret. As starting point I used the sample in nrf/samples/crypto/ecdh. But I do not find any function that is able to process a compressed PK. So I decided to check the nrf_oberon library. I included 

CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_NRF_OBERON=y
CONFIG_OBERON_BACKEND=y

in prj.conf but I'm not able to include (or find?) the neccessary header files, eg ocrypto_ecdh_p256.h.

What do I have to do to use this library? In case I missed to provide more essential informations please let me know.

Regards,
Oliver

Parents
  • 0

    Hi Oliver,

    There are not many examples using nrf_oberon direclty, but you can refer to nrf/subsys/bootloader/bl_crypto/bl_crypto_oberon_hash.c. That is not ECDH though, but it demonstrates how the library can be configured and used. With the correct configurations the include path will be in place, so you can include ocrypto_ecdh_p256.h (which is located at nrfxlib/crypto/nrf_oberon/include/ocrypto_ecdh_p256.h).

    Einar

  • +1 in reply to Einar Thorsrud

    Hi Einar,

    thanks for your support. I looked at theses sources and tried to understand how to configure my project. I'm experimenting with different CONFIG_xxx

    CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_NRF_OBERON=y
CONFIG_OBERON_BACKEND=y

CONFIG_CHOICE_OBERON_MBEDTLS_ECP_C=y
CONFIG_CHOICE_CC3XX_MBEDTLS_ECP_C=y

CONFIG_MBEDTLS_ECP_C=y
CONFIG_MBEDTLS_AES_C=y
CONFIG_MBEDTLS_ECDH_C=y

CONFIG_MBEDTLS_LIBRARY_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192

    and I added 

    zephyr_library_link_libraries(nrfxlib_crypto)
zephyr_link_libraries(nrfxlib_crypto)

    to my CMakeList.txt, but to no avail. The #include <ocrypto_ecdh_p256.h> always gives "No such file or directory 17 | #include <ocrypto_ecdh_p256.h>"

    Or do you have an other idea how to convert the compressed PK to uncompressed so I can use the psa-crypto-API? Beside doing the math by myself, of course Wink

    Regards,
    Oliver

  • +1 in reply to OliverB

    Hi Oliver,

    I did not get this working today either, unfortunately.

    OliverB said:
    Or do you have an other idea how to convert the compressed PK to uncompressed so I can use the psa-crypto-API?

    I think this is probably a better approach. There is no code for decompressing keys in the nRF Connect SDK. However, you could include them micro-ecc library which has support for this using the uECC_decompress() function.Then use it only to decompress, and use this key going forward.

  • 0 in reply to Einar Thorsrud

    Hi Einar,

    Einar Thorsrud said:
    However, you could include them micro-ecc library

    good one, I'll give it a try. 

Reply Children
No Data
Related
Terms of service