• State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Subscribers 64 subscribers
  • Views 2522 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 280491
Options
Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

nrf8240 Signature validation failed during testing

R_S

Hi , 

i am using nrf52840 dk board. and using 17.1 sdk for examples code.

i am trying to customize open bootloader code and trying to validate the signature of a input data by using nrf_dfu_validation_signature_check() API.

Note: - i am having my own public and signature data, which i fed to this function.

But i am getting "NRF_DFU_RES_CODE_INVALID_OBJECT" in return from the above API.

Below i attcahed the calling function with input parameters.

static uint8_t m_message[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
const size_t m_message_len = 36; // Skipping null termination

Regards

  • 0

    Hi,

    nrf_dfu_validation_signature_check() returns NRF_DFU_RES_CODE_INVALID_OBJECT on any failure of the verify operation itself, so it could be good to debug to see which error is actually returned from the call to nrf_crypto_ecdsa_verify(). If it is NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE, then there simply is a signature verification failure due to the input not being a valid signature with the provided public key.

    Typical reasons for getting problems with signature verifications is:

    • Perhaps you used the wrong key
    • Corrupt data (signature)
    • Endianness problems

    Regarding the latter note that for historical reasons the secure DFU bootloader use little-endian format (as does Bluetooth), and therefor endianness of the signature is converted by a call to nrf_crypto_internal_double_swap_endian_in_place() within nrf_dfu_validation_signature_check().

  • 0 in reply to Einar Thorsrud

    Thanks for reply Einar.

    Error is  "NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE" only.

    And want to know regarding endianness of the data... like Signature and public key should be in little endian or big endian format before nrf_crypto_internal_double_swap_endian_in_place() this function call...?

  • 0 in reply to R_S

    The crypto library operates on big-endian data. However, the signature in the DFU protocol use little endian, so it needs to be converted. If you allready have big endian data (I am not sure about the exact use in your case) then you can either modify the nrf_dfu_validation_signature_check() function to not swap endian in that case, or swap twice (though that means doing unnecessary calculations).

  • 0 in reply to Einar Thorsrud

    Yes my Signature data is already in big endian format but my public key is in little endian format.

    So according to you in my case Signature i no need to swap , but for public key i need that swap function right..?

    Please correct me if my understanding is not ok..?

  • 0

    And above this can i c ross check my created signature whether it is ok or not.

    is there any way to do that....?

    https://infocenter.nordicsemi.com/pdf/nrfutil_v1.3.pdf

    i am following this user guide to generate private key. but what about the signature data, how can i generate that so that i can cross check whether there is an issue with my signature or not.

    Thanks

Related