Hi,
I have a question about running a secure service that does RSA encryption and decryption in SPM using mbedTLS.
I am using SEGGER Embedded Studio for ARM (Nordic Edition) V5.6, nRF Connect SDK v1.7.0 on Windows. The board is nRF9160-DK.
As as a first step, I tried taking the examples, rsa_encrypt.c and rsa_decypt.c, from mbedTLS source and modified them to read the public and private keys from a buffer. The combined example ran fine on a Linux PC. Then I created an nRF9160 app with SPM and and made the encryption and decryption functions as secure services. When the program runs, the call to mbedtls_pk_encrypt() always returns 0xffffbd70, which is -0x4290. I think -0x4200 means MBEDTLS_ERR_RSA_KEY_CHECK_FAILED, not sure about the 0x90 part. I am guessing my mbedlTLS configuration is not quite right, but not sure how to fix it. I tried adding CONFIG_NRF_SECURITY_ADVANCED=y and CONFIG_MBEDTLS_TLS_LIBRARY=y and prj.conf and led to build errors. I have attached the encryption function, the full test code and the relevant config files below. I will appreciate any help. Thanks a lot.
__TZ_NONSECURE_ENTRY_FUNC
int spm_encrypt_key_nse(int keyPurpose, char *output, int outputLen)
{
int olen = -1;
char data[] = "603DEB1015CA71BE2B73AEF0857D7781";
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
int ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char*) pers, strlen(pers));
if (ret != 0) {
goto exit;
}
if (mbedtls_pk_parse_public_key(&pk, ENC_PUB_KEY,
strlen((const char *)ENC_PUB_KEY) + 1) != 0) {
goto exit;
}
ret = mbedtls_pk_encrypt(&pk,
(const unsigned char *)data, sizeof(data),
(unsigned char *)output, &olen, outputLen,
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
olen = -1;
goto exit;
}
exit:
mbedtls_pk_free(&pk);
return olen;
}
