cancel
Showing results for 
Search instead for 
Did you mean: 

Signature generated by stm crypto lib different from a signature generated by python for the same key

NYulz.1
Associate II

I am trying to create a mechanism of verification where I sign a file on the PC save it to a disk on a key device and then verify it by the MCU after saving it to internal flash.

The PC is doing the signing process and the MCU should only do the verification process.

On the PC side I sign the image with the pkcs1_15.sign() function from the pycryptodome library.

On the MCU is the public key is saved as modulus and exponent in the following format:

unsigned char RSAKeyModulus[] = {
	// Offset 0x00000000 to 0x00000158
	0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
	0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81,
	0x89, 0x02, 0x81, 0x81, 0x00, 0xD6, 0x35, 0x43, 0x7C, 0xC9, 0x22, 0x18,
	0x16, 0xF5, 0xE9, 0xB9, 0x29, 0x51, 0x80, 0x3F, 0x1D, 0xC0, 0x94, 0xCF,
	0x91, 0x0D, 0x38, 0x6E, 0x83, 0x51, 0x22, 0x52, 0xC0, 0x8D, 0xBD, 0xD3,
	0x21, 0x68, 0x52, 0x50, 0x39, 0x79, 0xC6, 0x6D, 0x19, 0x9B, 0xFE, 0x61,
	0xDF, 0xFA, 0xB3, 0x7E, 0xE1, 0x71, 0xA9, 0xE2, 0x3C, 0x72, 0xDA, 0x78,
	0x79, 0xCF, 0xAC, 0x3C, 0x76, 0xC1, 0xFF, 0xCC, 0x3D, 0xBF, 0xBD, 0xE4,
	0x71, 0x34, 0xA4, 0x9D, 0xD3, 0x3B, 0xD8, 0x3B, 0x11, 0x18, 0x6B, 0x82,
	0x6F, 0x65, 0xAB, 0xCC, 0x2A, 0x6A, 0xC6, 0x10, 0x43, 0x15, 0xE5, 0xC4,
	0x52, 0x67, 0x56, 0x45, 0xD6, 0x31, 0x7D, 0x29, 0x33, 0x27, 0x5D, 0xB6,
	0xF5, 0xBB, 0x83, 0xAC, 0x49, 0xCB, 0xD2, 0xF8, 0xF3, 0x39, 0x0B, 0x92,
	0x3A, 0xBD, 0x5C, 0x0B, 0xB8, 0x13, 0x87, 0xFD, 0xA2, 0xCF, 0x3F, 0x5E,
	0xB5, 0x02, 0x03
};
 
unsigned char RSAPublicExponent[] = {
    0x01, 0x00, 0x01
};

That was generated from the same private key used to sign the image.

I'm downloading the file to the MCU and calculating the hash(sha-256) value and receive the same hash value as calculated on the PC side by python.

But the verification function(RSA_PKCS1v15_Verify) called with the has value and the expected signature returns SIGNATURE_INVALID.

To try and solve the problem I added the private key to the code and calculated the signature on the MCU. The sign function(RSA_PKCS1v15_Sign) generated a different key from the one generated with python on the PC. and calling the verify function for this signature returned SIGNATURE_VALID.

I'm guessing there is some difference in the RSA parameters between the python function and ST function.

I will be glad for any suggestions about what can solve the problem.

5 REPLIES 5
Jocelyn RICARD
ST Employee

Hello,

There is no difference in the signing algorithm because it follows the standard.

Just one thing to check, did you activate CRC on the STM32?

This is necessary to get good results with the cryptolib

Best regards

Jocelyn

Pavel A.
Evangelist III

Your public key modulus is 159 bytes = 1272 bits. Strange, no? Normally the modulus length is 1024 or 2048 bits.

Also, don't forget to provide the "memory buffer" struct to RSA_PKCS1v15_Sign.

The buffer size, from my tests, should be at least 2000 bytes.

It is hard to guess how much memory it needs. Not enough memory and it fails.

-- pa

You are right. The length of the modulus should be 80 bytes and 81 the 0x00 at the beginning of the key was the problem. It didn't change the value but changed the length of the key

Dams
Associate II

Hello,

I have the same problem by using the lib "STM32CubeExpansion_Crypto_V3.1.0" with a STM32L476.

I'm using the exemple on the folder "Enc_Dec" and I got a problem:

 I use CRC calculation for another calculation and I didn't find the way to properly DeInit the CRC. If I call the function MX_CRC_Init(); generated by CubeMX, I can't use RSA encryption, the output message is wrong. I try several way to reset the CRC by nothing works.

0693W000006EbC1QAK.png 

How can I use CRC properly ?

Thanks in advance for help.

Dams

Jocelyn RICARD
ST Employee

Hello Dams,

I'm sorry for this late answer.

The default CRC configuration after reset is working fine.

So, I would advise just resetting the CRC IP.

Best regards

Jocelyn