Help Implementing ECDSA using PSA crypto API of mbedTLS

Hello,

I am developing FW for a BLE Peripheral on NRF52840_DK using nRF Connect SDK v1.9.1 on VScode.

So far, Peripheral and Client are able to connect and exchange data.

When Client is sending data: with a digital signature (raw 65 bytes) and its public key (raw, 65 bytes), In the Peripheral Code,

I need help in implementing digital signature using PSA library using psa_verify_message() function.

So far, i have used these functions successfully :

psa_crypto_init()

psa_generate_random()

psa_hash_compute()

I have the raw 65 byte public key in BE format (04 zz yy xx .. .. .. aa), needed for verification

but dont understand how shall i use it as the first argument of psa_verify_message().

I am using standard curve NIST Sec P256R1

status = psa_verify_message(psa_key_id_t key, PSA_ALG_ECDSA(PSA_ALG_SHA_256), msg, sizeof(msg), signature, sizeof(signature));

Please explain me the steps needed to use this function

Thanks.

Parents

0 Deep Patel over 1 year ago

Hello Thanks.

These are all the Kconfig settings i am using. . .

Can you suggest if what settings can be added / disabled / modified to fix this ?

# Enable BLE Stack

CONFIG_BT=y

CONFIG_BT_PERIPHERAL=y

CONFIG_BT_DEVICE_NAME="xyz"

#CONFIG_BT_SECURITY_ENABLED=n

# Set MTU

#CONFIG_BT_USER_DATA_LEN_UPDATE=y

CONFIG_BT_L2CAP_TX_MTU=250

CONFIG_BT_BUF_ACL_RX_SIZE=254

CONFIG_BT_BUF_ACL_TX_SIZE=254

#CONFIG_BT_CTLR_DATA_LENGTH_MAX=251

#######################################

#CONFIG_ZEPHYR_MBEDTLS_MODULE=y

#CONFIG_MBEDTLS_BUILTIN=y

#CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048

CONFIG_DEBUG_THREAD_INFO=y

CONFIG_DEBUG_OPTIMIZATIONS=y

# The Zephyr CMSIS emulation assumes that ticks are ms, currently

CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000

CONFIG_MAIN_STACK_SIZE=4096

#CONFIG_MAIN_STACK_SIZE=8192

CONFIG_HEAP_MEM_POOL_SIZE=4096

#CONFIG_HEAP_MEM_POOL_SIZE=8192

# Enable loging using RTT and UART

CONFIG_CONSOLE=y

CONFIG_LOG=y

CONFIG_USE_SEGGER_RTT=y

#CONFIG_LOG_BACKEND_RTT=y

#CONFIG_LOG_BACKEND_UART=y

#CONFIG_LOG_BUFFER_SIZE=15360

#CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=15360

# Enable nordic security backend and PSA APIs

CONFIG_NRF_SECURITY=y

CONFIG_MBEDTLS_PSA_CRYPTO_C=y

#CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C=y

#CONFIG_MBEDTLS_ENABLE_HEAP=y

CONFIG_MBEDTLS_HEAP_SIZE=8192

CONFIG_PSA_CRYPTO_DRIVER_OBERON=n

CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

Also, i read some suggestion elsewhere like this
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Deep Patel over 1 year ago

Hello Thanks.

These are all the Kconfig settings i am using. . .

Can you suggest if what settings can be added / disabled / modified to fix this ?

# Enable BLE Stack

CONFIG_BT=y

CONFIG_BT_PERIPHERAL=y

CONFIG_BT_DEVICE_NAME="xyz"

#CONFIG_BT_SECURITY_ENABLED=n

# Set MTU

#CONFIG_BT_USER_DATA_LEN_UPDATE=y

CONFIG_BT_L2CAP_TX_MTU=250

CONFIG_BT_BUF_ACL_RX_SIZE=254

CONFIG_BT_BUF_ACL_TX_SIZE=254

#CONFIG_BT_CTLR_DATA_LENGTH_MAX=251

#######################################

#CONFIG_ZEPHYR_MBEDTLS_MODULE=y

#CONFIG_MBEDTLS_BUILTIN=y

#CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048

CONFIG_DEBUG_THREAD_INFO=y

CONFIG_DEBUG_OPTIMIZATIONS=y

# The Zephyr CMSIS emulation assumes that ticks are ms, currently

CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000

CONFIG_MAIN_STACK_SIZE=4096

#CONFIG_MAIN_STACK_SIZE=8192

CONFIG_HEAP_MEM_POOL_SIZE=4096

#CONFIG_HEAP_MEM_POOL_SIZE=8192

# Enable loging using RTT and UART

CONFIG_CONSOLE=y

CONFIG_LOG=y

CONFIG_USE_SEGGER_RTT=y

#CONFIG_LOG_BACKEND_RTT=y

#CONFIG_LOG_BACKEND_UART=y

#CONFIG_LOG_BUFFER_SIZE=15360

#CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=15360

# Enable nordic security backend and PSA APIs

CONFIG_NRF_SECURITY=y

CONFIG_MBEDTLS_PSA_CRYPTO_C=y

#CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C=y

#CONFIG_MBEDTLS_ENABLE_HEAP=y

CONFIG_MBEDTLS_HEAP_SIZE=8192

CONFIG_PSA_CRYPTO_DRIVER_OBERON=n

CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

Also, i read some suggestion elsewhere like this
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data