I am using RF5340, ncs 2.3.
psa_key_attributes_t is used the same as sample \nrf\samples\crypto\ecdh.
Calling psa_generate_key() fails with error -134 (PSA_ERROR_NOT_SUPPORTED).
My prj.conf is below.
# BOOTLOADER CONFIG_SECURE_BOOT=y CONFIG_BUILD_S1_VARIANT=y CONFIG_SB_SIGNING_KEY_FILE="eopatch_nrf5340_ecdsa_p256.pem" CONFIG_SB_NUM_VER_COUNTER_SLOTS=120 CONFIG_BOOTLOADER_MCUBOOT=y CONFIG_MCUBOOT_IMAGE_VERSION="1.0.0+0" CONFIG_UPDATEABLE_IMAGE_NUMBER=1 CONFIG_IMG_MANAGER=y CONFIG_MCUBOOT_IMG_MANAGER=y CONFIG_IMG_ERASE_PROGRESSIVELY=y # MEM CONFIG_MAIN_STACK_SIZE=4096 CONFIG_HEAP_MEM_POOL_SIZE=4096 CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096 # PERIPHERAL CONFIG_GPIO=y # DEVICE CONFIG_BT=y CONFIG_BT_PERIPHERAL=y CONFIG_BT_DEVICE_NAME="EOPatch_nRF5340" CONFIG_BT_DEVICE_APPEARANCE=3396 CONFIG_BT_MAX_CONN=1 CONFIG_BT_MAX_PAIRED=1 # LESC CONFIG_BT_SMP=y CONFIG_BT_SMP_SC_ONLY=y CONFIG_BT_TINYCRYPT_ECC=y # BONDING CONFIG_BT_SETTINGS=y CONFIG_FLASH=y CONFIG_FLASH_PAGE_LAYOUT=y CONFIG_FLASH_MAP=y CONFIG_NVS=y CONFIG_SETTINGS=y # WHITELIST CONFIG_BT_FILTER_ACCEPT_LIST=y # MTU CONFIG_BT_BUF_ACL_RX_SIZE=502 CONFIG_BT_ATT_PREPARE_COUNT=2 CONFIG_BT_L2CAP_TX_BUF_COUNT=10 CONFIG_BT_L2CAP_TX_MTU=498 CONFIG_BT_L2CAP_DYNAMIC_CHANNEL=y CONFIG_BT_CONN_TX_MAX=10 CONFIG_BT_BUF_ACL_TX_COUNT=10 CONFIG_BT_BUF_ACL_TX_SIZE=502 # DFU CONFIG_MCUMGR=y CONFIG_MCUMGR_CMD_IMG_MGMT=y CONFIG_MCUMGR_CMD_OS_MGMT=y CONFIG_MCUMGR_SMP_BT=y CONFIG_MCUMGR_SMP_BT_AUTHEN=n CONFIG_MCUMGR_SMP_BT_CONN_PARAM_CONTROL=y CONFIG_MCUMGR_SMP_REASSEMBLY_BT=y CONFIG_MCUMGR_BUF_SIZE=2475 CONFIG_OS_MGMT_MCUMGR_PARAMS=y CONFIG_MCUMGR_SMP_WORKQUEUE_STACK_SIZE=4608 CONFIG_MCUMGR_GRP_ZEPHYR_BASIC=y CONFIG_MCUMGR_GRP_BASIC_CMD_STORAGE_ERASE=y # CRYPTO CONFIG_NRF_SECURITY=y CONFIG_MBEDTLS_PSA_CRYPTO_C=y CONFIG_MBEDTLS_ENABLE_HEAP=y CONFIG_MBEDTLS_HEAP_SIZE=8192 CONFIG_PSA_CRYPTO_DRIVER_OBERON=n CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y CONFIG_BUILD_WITH_TFM=y CONFIG_TFM_PROFILE_TYPE_NOT_SET=y # LOG CONFIG_LOG=y CONFIG_LOG_BUFFER_SIZE=8192 CONFIG_LOG_MODE_MINIMAL=n CONFIG_LOG_DEFAULT_LEVEL=3 CONFIG_USE_SEGGER_RTT=y CONFIG_LOG_BACKEND_RTT=y CONFIG_LOG_BACKEND_UART=n CONFIG_LOG_BACKEND_SHOW_COLOR=n # math.h CONFIG_NEWLIB_LIBC=y
My code is below.
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
/* Initialize PSA Crypto */
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
return RETURN_ERROR;
}
/* Crypto settings for ECDH using the SHA256 hashing algorithm, the secp256r1 curve */
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(&key_attributes, 256);
/* Generate a key pair */
status = psa_generate_key(&key_attributes, &m_key_handle);
if (status != PSA_SUCCESS) {
LOG_INFO("psa_generate_key failed! (Error: %d)", status);
return RETURN_ERROR;
}Are there any additional configurations required?
