• Registered: 2019-10-11
  • Posts: 2

Topic: Cryptocell RSA signing error

I am using wolfcrypt 4.1.0 with the Nordic NRF52840 cryptocell enabled.
Since enabling cryptocell I am no longer able to use wc_RsaSSL_Sign to sign with my RSA private key.
I have traced it to being unable to decode the private key from the RSA generated keypair.

The following code works successfully when cryptocell is not enabled, but with cryptocell enabled , wc_RsaPrivateKeyDecode return with error code -192 (Bad state operation )

   //Key generation
    RsaKey   RSAKey;
    long     exp = 65537l;
    WC_RNG   rng;
    int      keySize = 1024;
    uint8_t  *derKey = NULL;
    uint16_t derSz = 0;

    if( wc_InitRsaKey(&RSAKey, NULL) != 0 ) { // not using heap hint. No custom memory
        // error initializing rng
        printf("wc_InitRng Failed");
        goto end;
    }

    //initialize random number generator
    if( wc_InitRng(&rng) != 0 ) {
        // error initializing rng
        printf("wc_InitRng Failed");
        goto end;
    }

    if(wc_RsaSetRNG(&RSAKey, &rng) != EXIT_SUCCESS) {
        printf("wc_RsaSetRNG Failed\r\n");
        goto end; 
    }

    // generate keysize bit long private key
    if( wc_MakeRsaKey(&RSAKey, keySize, exp, &rng) != 0 ) {
        // error generating private key
        printf("wc_MakeRsaKey Failed\r\n");
        goto end; 
    }

    //free RNG object
    if (wc_FreeRng(&rng) != 0) {
      printf("wc_FreeRng Failed \r\n");
    }

    //Check RSA key
    int ret = wc_CheckRsaKey(&RSAKey);
    if (ret != 0) {
        printf("Key Error\r\n");
    }

    // Allocate memory for der
    derKey = pvPortMalloc(keySize);
    if (derKey == NULL) {
        NRF_LOG_ERROR("Could not allocate memory to create derKey");
        goto end;
    }

    derSz = 0;

    //Convert key to der
    derSz = wc_RsaKeyToDer(&RSAKey, derKey, keySize);
    printf("Der size = %d \r\n",derSz);
    if (derSz == 0) {
        printf("der Error\r\n");
    }

    RsaKey privateKey;
    word32 idx = 0;

    //decode new private key from DER
    ret = wc_RsaPrivateKeyDecode(derKey, &idx, &privateKey, derSz);
    if( ret != 0 ) {
        printf("Cannot decode private key. ret = %d \r\n",ret);
        printf("Failed here \r\n");
    }

Question: How can I extract the RSA private key to use to sign data using wc_RsaSSL_Sign- using cryptocell.

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: Cryptocell RSA signing error

Hi @roelof,

Thank you for using the wolfSSL forums. You'll note that in the case of not using crypto cell support the RNG and wc_GenerateSeed function are fully implemented. If you defined WOLFSSL_NRF5x the define NO_DEV_RANDOM is assumed in wolfssl-root/wolfssl/wolfcrypt/settings.h and it is expected that the user will either implement a device-specific version of generate seed to seed the wolfSSL hash DRBG. For reference please checkout the wc_GenerateSeed function in wolfssl-root/wolfcrypt/src/random.c when WOLFSSL_NRF51 is defined.

It is likely you would have seen some warnings in the build step if something was amiss. Can you tell us if the build was warning-free or were there any warnings generated?

Warm Regards,

K

Kaleb J. Himes's Website

Share

3 Reply by roelof (edited by roelof 2019-10-23 06:34:15)

  • Registered: 2019-10-11
  • Posts: 2

Re: Cryptocell RSA signing error

Hi @Kaleb,

I do not believe my problem lies in the wc_GenerateSeed function as my RSA keys are generated successfully - according to WolfCrypt. The problem is that only the public key parts are available and not the private key

When generating a RSA keypair - using cryptocell the following function is called (from wolfcrypt/src/rsa.c):

int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
{
#ifndef WC_NO_RNG
    mp_int p, q, tmp1, tmp2, tmp3;
    int err, i, failCount, primeSz, isPrime = 0;
    byte* buf = NULL;

    if (key == NULL || rng == NULL)
        return BAD_FUNC_ARG;

    if (!RsaSizeCheck(size))
        return BAD_FUNC_ARG;

    if (e < 3 || (e & 1) == 0)
        return BAD_FUNC_ARG;

#if defined(WOLFSSL_CRYPTOCELL)

    return cc310_RSA_GenerateKeyPair(key, size, e);

#endif /*WOLFSSL_CRYPTOCELL*/

The following cryptocell function is then called:

cc310_RSA_GenerateKeyPair (in wolfcrypt/src/rsa.c) then executes :

 ret = CRYS_RSA_KG_GenerateKeyPair(&wc_rndState,
                        wc_rndGenVectFunc,
                        (byte*)&e,
                        3*sizeof(uint8_t),
                        size,
                        &key->ctx.privKey,
                        &key->ctx.pubKey,
                        &KeyGenData,
                        &FipsCtx);

    if (ret != SA_SILIB_RET_OK){
        WOLFSSL_MSG("CRYS_RSA_KG_GenerateKeyPair failed");
        return ret;
    }

    ret = CRYS_RSA_Get_PubKey(&key->ctx.pubKey, ex, &eSz, n, &nSz);
    if (ret != SA_SILIB_RET_OK){
        WOLFSSL_MSG("CRYS_RSA_Get_PubKey failed");
        return ret;
    }
    ret = wc_RsaPublicKeyDecodeRaw(n, nSz, ex, eSz, key);

key->type = RSA_PRIVATE;

From this code section only the public key elements ( &key->ctx.pubKey) are decoded into the original "struct RsaKey" and not the &key->ctx.privKey.

This means if a key is generated using cryptocell - only the public key elements can be used in the rest of the wolfcrypt RSA API functions like wc_RsaKeyToDer and then subsequently wc_RsaPrivateKeyDecode.

Then for some reason the key->type is set to RSA_PRIVATE

How can I get the private key from &key->ctx.privKey into a compatible RSA struct to use in wc_RsaKeyToDer

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: Cryptocell RSA signing error

Hi @roelof,

I can confirm what you are seeing in the code, the key pair is being generated but the private key does not appear to be getting decoded into the same structure. I will check with the developer that worked on that porting effort and see why there is no call to wc_RsaPrivateKeyDecode following the call to decode the public key.

I'll let you know what I find out.

Warm Regards,

K

Kaleb J. Himes's Website

Share