Adding STSAFE with mbedTLS client for IoT work

KBhon.1 · ‎2023-01-03

Hello all,

I am working on creating a secure IoT device. The device is configured as MQTT client which will be sending sensors data to the sever over MQTT. I have implemented encryption using mbed-TLS where I confirm server's authenticity with server CA certificate.

Now I wish to implement 2 way authentication where I need to send client certificate to the server for verifying client authenticity by server.

I see it is possible with the help of mbed-TLS but we need to provide private key of the client to mbedTLS which is not possible since we cannot extract private key out of STSAFE.

I have been searching on this from almost a month and I have not been able to find a direct example on implementing this.

Also, the STSAFE examples are not clear about implementing this with mbedTLS.

I am in search of something that links stsfae with mbedTLS for client authentication.

Can anyone please guide me how to implement this?

Benjamin BARATTE · ‎2023-03-06

Hi @Community member ,

I'm a bit surprised by your mbedTLS config file as the SHA384 is not activated and only the MBEDTLS_ECP_DP_SECP192R1_ENABLED is defined.

Regarding the issue you have raised, normally the g_se_handle is initialized when you call STSAFE_GetMbedPK_ECDSAInfo/_1 or STSAFE_GetMbedPK_ECKEYInfo/_1.

Normally, you shall call this function to setup the ssl key with STSAFE-A and therefore before the TLS handshake.

Alternatively, in my testing, I have this statement :

  /* make sure the global handle is set */
  g_se_handle = &stsafe_handle;

I can see with your config that you are using FreeRTOS, therefore, could you check the validity of your STSAFE-A handle pointer ?

For the GenerateCSRFromPublicKey, did you make a StSafeA_GenerateKeyPair() in private key 1 before or make sure that the public key you are using is the correct public key related to the private key slot 1 ?

Thanks,

Best Regards,

Benjamin

KBhon.1 · ‎2023-03-08

@Benjamin BARATTE

Very sorry, I uploaded wrong mbedTLS config file from my other git repo. I have attached the correct file for reference.

Regarding CSR generation for slot1 key while using function GenerateCSRFromPublicKey(), I found out that it was working good when I was running using debugger. I found out that there is a delay of STSAFEA_MS_WAIT_TIME_CMD_GENERATE_SIGNATURE (defined as 80ms) in file stsafe_core.c in function StSafeA_GenerateSignature(). I increased this delay to 100ms and it is working good now.

(FYI, I have passed HAL_Delay to StSafeA_HW_Probe())

However, this would not be good practice to make change in the library itself, so could you please suggest what can be the reason for this and should I stick to this workaround?

Regarding handshake using client authentication, it finally worked 😀. Thank you very much for all your help during this time.

The problem I mentioned in my last reply was that

"IS_STSAFEA_HANDLER_VALID_PTR(pStSafeA)" within StSafeA_GenerateKeyPair() was failing. I found out in debug that pointer had correct memory address, but InOutBuffer.LV.Data was having NULL pointer. To solve this issue, I defined StSafeA_Handle_t stsafe_handle as global, and it solved the issue and my handshake was successful.

I really appreciate your help and patiently understanding my issues throughout this time to help me get the output. Thank You again.

Apart from this, I have few questions

With the CSR generated using slot1, if I get signed it with some CA, do I have to upload the newly obtained client certificate to the STSAFE and how that can be done?

Benjamin BARATTE · ‎2023-03-08

Hi @Community member ,

From my experience if you have an issue with the delay, this means that the delay function does not work properly (generally too fast).

I have see that you are using FreeRTOS therefore, I'm not sure that the HAL_Delay function is working properly as the FreeRTOS is using timer.

In that case, I would recommend to use the FreeRTOS delay function with eventually a small adaptation function to translate the delay in ms from the STSAFE-A wrapper to the correct value in the FreeRTOS delay function.

Let me know if this solve your issue.

For your information, the STSAFE-A has a polling mechanism that shall last maximum 3s, if you have time out on a signature generation faster than 3s, this means that the delay function are not working properly

Best Regards,

Benjamin

KBhon.1 · ‎2023-03-08

Hi @Benjamin BARATTE ,

I tried using osDelay from FreeRTOS, but I am still getting the same issue when 80ms is defined. It worked with 100ms even with RTOS osDelay.

Also, perhaps you missed my other question in my last reply, please answer following as well.

With the CSR generated using slot1, if I get it signed with other CA, do I have to upload the newly obtained client certificate to the STSAFE and how that can be done?

Thanks!

Benjamin BARATTE · ‎2023-03-09

Hi @Community member ,

Well, the next step is to check on I2C the wait timing and the polling timing to check that the osDelay is well calibrated. This depends on your FreeRTOS configuration.

Regarding your second question, yes I've missed it.

When you are receiving the new certificate, it's up to your application to define how to store it.

You can store it in STSAFE-A memory to avoid having a in app flash programming to store the new certificate in your flash memory.

At the end, you need to be able to provide the certificate to your MbedTLS context so you can load it from flash memory or STSAFE-A memory.

if you have a use case of factory software that do the enrolment of the STSAFE-A and then you flash the applicative software that will use the new certificate, in that case using STSAFE-A memory will simplify your process.

Best Regards,

Benjamin

KBhon.1 · ‎2023-03-22

Hello @Benjamin BARATTE ,

Good Day!

Thank You for your continued support!

Now I am trying to use slot1 for generating my keys and then CSR which I get signed by my CA.

With your provided example, the keys and generated CSR for slot1 are always changing and I am unable to use slot1 for client authentication.

Is it possible to save the slot1 generated key into slot1 itself? Also can you please share how to upload signed certificate for slot1 to stsfae?

Can you please share an example code for both of these?

Thank You.

Benjamin BARATTE · ‎2023-03-22

Hi @Community member,

The code example presents a one time operation which is key generation and CSR generation.

The private key is store in the slot1 and the public key is used to generate the CSR.

You don't need to run the code at every boot for sure.

Once you have the Certificate from your PKI, you can store it in STSAFE-A memory region (for instance region 1) using StSafeA_Update function or in MCU flash memory.

For your TLS handshake, you need to modify the pk.pk_info with STSAFE_GetMbedPK_ECDSAInfo_1 function.

Best Regards,

Benjamin

KBhon.1 · ‎2023-03-22

Hi @Benjamin BARATTE

Thank you for the immediate response.

I tried your suggested method and didn't generate key pair and CSR for slot1.

I hardcoded certificate in the flash.

Passed STSAFE_GetMbedPK_ECDSAInfo_1 to pk.pk_info.

The handshake went ahead and gave error when StSafeA_GenerateSignature was called from stsafe_sign_wrap_1().

I have attached the debug session image for the reference.

The highlighted line 1382 returns "STSAFEA_INVALID_RESP_LENGTH", upon more inspection into that function, I see the pDestLVBuffer->Length = 48 but ExpectedLen = 0;

Please suggest.

Thank You.

@Benjamin BARATTE

Edit: I figured out g_key_1_size was initialized to 0 which should have been 48 as I generated SECP384 key. Now the handshake worked.

Going to try out saving the certificate into the STSAFE flash and will update you soon.

Thank You.🙏

Benjamin BARATTE · ‎2023-03-22

Hi @Community member,

Effectively, the g_key_1_size shall be kept by the application in order to get the correct key size of the private slot 1.

As the key is generated by the application, the application is best place to reset the global variable at each start up without regenerating a key.

Best Regards,

Benjamin

KBhon.1 · ‎2023-09-19

Hi @Benjamin BARATTE ,

With your help we had been successful in implementing STSAFE authentication in our project. Thank you very much for your help so far.

Now we are facing a new issue in this, we generated CSR from key pair of STSAFE. Got it signed with our own CA. Now we want to confirm that the signed certificate actually belongs to the STSAFE key. We wanted to check if the certificate with the controller has the same public key on it that belongs to its private key. We could do that successfully for keys generated with mbedTLS, but saw it failing with STSAFE keys. We tried using function "mbedtls_pk_check_pair".

We checked on mbedTLS git page and found following issue:
https://github.com/Mbed-TLS/mbedtls/issues/3903
They say, this may not be possible for secure elements.

Could you please suggest why this would be failing and how to solve this?
Thank You.