Connectivity AND security with limited RAM

RE: Connectivity AND security with limited RAM

Manuel — Wed, 05 Jan 2022 14:14:31 GMT

Thank you very much, the manually added entry in CMakeLists.txt did the trick!

Now it's working with the following added terms:

prj.conf

CONFIG_NRF_OBERON=y

CMakeLists.txt

zephyr_link_libraries(nrfxlib_crypto)

C-code:

#include <ocrypto_sha256.h>

Best regards
Manuel

RE: Connectivity AND security with limited RAM

Sigurd Hellesvik — Wed, 05 Jan 2022 13:35:21 GMT

Try to add the following to CMakeLists.txt:

zephyr_link_libraries(nrfxlib_crypto)

Although, I think this should be done by the configuration somewhere.
I will ask our developers about this and return if I find a better solution. (EDIT: They agree that this is a sufficient way to include the ocrypto files at the moment)

After some reading into this I suggest that you do not CONFIG_NORDIC_SECURITY_BACKEND or CONFIG_OBERON_BACKEND(Which just chooses the backend for Nordic Security backend) , as these will select mbedtls, which makes your application take more space:

CONFIG_NRF_OBERON should be enough I think.

Regards,
Sigurd Hellesvik

RE: Connectivity AND security with limited RAM

Manuel — Wed, 05 Jan 2022 11:07:02 GMT

Hello Sigurd

Thank you for your reply.
I made the following configurations in prj.conf which are related to oberon:

CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_OBERON_BACKEND=y
CONFIG_NRF_OBERON=y

The include as stated below does still not work:

#include <ocrypto_sha256.h>

RE: Connectivity AND security with limited RAM

Sigurd Hellesvik — Wed, 05 Jan 2022 10:24:09 GMT

Hi Manuel,

I will continue handle your case.

My first guess is that you are missing some Kconfig configurations.
Have you configured CONFIG_OBERON_BACKEND?
Could you post the contents of your prj.conf file?

Regards,
Sigurd Hellesvik

RE: Connectivity AND security with limited RAM

Manuel — Wed, 05 Jan 2022 07:20:26 GMT

I now managed to implement the required cryptographical operations using the oberon library and it seems to work with a high enough stack size.

However, I was not able to use relative paths to the library files, since they were not found within the project / environment. Instead I had to use absolute include paths e.g.:

#include "C:\work\tools\ncs\v1.7.0\nrfxlib\crypto\nrf_oberon\include\ocrypto_ecdsa_p256.h"

Am I missing something?
How must I configure the toolchain, the project or its CMakeLists.txt to have these include paths available?
Any other ideas, what the reason for this could be?

Thank you

RE: Connectivity AND security with limited RAM

Manuel — Wed, 15 Dec 2021 13:20:27 GMT

Thank you for your reply!

Yes it is indeed not very ressource friendly. One main reason to go with mbedTLS as a first try is that it's already integrated into Zephyr and thus easy to embed into the project. However, I think this does not match with our device choice.
Oberon has already been in scope but requires to make some compromises regarding our intended security concept and thus was not the first choice so far. I will check if this could actually be a viable alternative.

RE: Connectivity AND security with limited RAM

Kenneth — Wed, 15 Dec 2021 11:42:16 GMT

From my understanding the mbedtls is the largest crypto library, maybe you can look into using the oberon or tinycrypt instead?
https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/crypto/tinycrypt.html
https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrfxlib/crypto/doc/nrf_oberon.html