FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

x-cube-cryptolib Any example of signing data with with openssl and verifying with the stm32f746

MBand.2
Associate

‎2020-09-21 05:32 AM

I'm working on a custom bootloader where the bootloader verifies the firmware with ecdsa before booting the firmware, but i cant seem to get it to verify my signature. Is there any examples with some external data is signed with ex openssl and then verified with the stm32f7xx. 

        EC_stt EC_st;
	EC_st.pmB = NULL;
	EC_st.mBsize = 0;
 
 
	EC_st.pmA = P_256_a;
	EC_st.pmB = P_256_b;
	EC_st.pmP = P_256_p;
	EC_st.pmN = P_256_n;
	EC_st.pmGx = P_256_Gx;
	EC_st.pmGy = P_256_Gy;
	EC_st.mAsize = sizeof(P_256_a);
	EC_st.mNsize = sizeof(P_256_n);
	EC_st.mPsize = sizeof(P_256_p);
        EC_st.mBsize = sizeof(P_256_b);
	EC_st.mGxsize = sizeof(P_256_Gx);
	EC_st.mGysize = sizeof(P_256_Gy);
 
	/* We prepare the memory buffer strucure */
	Crypto_Buffer.pmBuf = preallocated_buffer;
	Crypto_Buffer.mUsed = 0;
	Crypto_Buffer.mSize = sizeof(preallocated_buffer);
	int dd = 0;
	//ECCinitPrivKey
 
	BigNum_stt bR;
	BigNum_stt bS;
	W8_to_Big(Signature_r, sizeof(Signature_r), &bR);
	W8_to_Big(Signature_s, sizeof(Signature_s), &bS);
 
	uint32_t status;
	//ECCinitEC(&EC_st, &Crypto_Buffer );
	__disable_irq();//
	status = ECCinitEC(&EC_st, &Crypto_Buffer);
 
	if (status == ECC_SUCCESS) {
		status = ECCinitPoint(&PubKey, &EC_st, &Crypto_Buffer);									//
		if (status == ECC_SUCCESS) {
			ECCsetPointCoordinate(PubKey, E_ECC_POINT_COORDINATE_X, P_256_Gx,sizeof(P_256_Gx));	//
			ECCsetPointCoordinate(PubKey, E_ECC_POINT_COORDINATE_Y, P_256_Gy,sizeof(P_256_Gy));	//
			//ECCgetPointCoordinate(P_pECPnt, P_Coordinate, P_pCoordinateValue, P_pCoordinateSize)
			/* Try to validate the Public Key. */
			status = ECCvalidatePubKey(PubKey, &EC_st, &Crypto_Buffer);							//
			if (status == ECC_SUCCESS) {
 
				status = ECDSAinitSign(&sign, &EC_st, &Crypto_Buffer);							//
				if (status == ECC_SUCCESS) {
					ECDSAverifyCtx_stt verctx; /* Import the signature values */
 
					ECDSAsetSignature(sign, E_ECDSA_SIGNATURE_R_VALUE,
							Signature_r, sizeof(Signature_r));
					ECDSAsetSignature(sign, E_ECDSA_SIGNATURE_S_VALUE,
							Signature_s, sizeof(Signature_s));
 
					verctx.pmEC = &EC_st;
					verctx.pmPubKey = PubKey;
 
					stst = 0;
 
 
					status = ECDSAverify(cheksum, sizeof(cheksum), sign, &verctx,	&Crypto_Buffer);
 
					if (status == SIGNATURE_VALID) {
						stst = 1;
						return 1;
					} else {
						stst = 0;
					}
 
				}
 
			}
		}
	}

I have tried to generate a private/public key with openssl and then convert the parameters to the code but always it fails in the ECDSAverify.

If i run the st example where it genereates the private public keys and signs "abc" then it verifies and works.

Im pretty shure that the problem is somthing to do with the keys or signature i generate. Any help would be great!

Thanks!

Labels:
0 Kudos
1 REPLY 1
Jocelyn RICARD
ST Employee

‎2020-09-30 01:36 AM

Hello,

one first think I would think is related to the CRC.

I can see you use a checksum instead of a hash (just because of the name of the variable).

To be able to use the cryptolib you need that CRC clock is activated and at its reset state.

So, if you use CRC for other purpose you need to reset it before using the cryptolib.

Best regards

Jocelyn

0 Kudos
Top