Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- STMicroelectronics Community
- STM32 MCUs
- STM32 MCUs Security
- Re: Crypto library RSA Signature errors
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Crypto library RSA Signature errors
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2022-10-06 07:52 AM
Hi,
I am trying to use the STM32Cryptography library to verify the signature of a flash segment, using RSA Encryption and 3072 bit length keys.
The signature is generated by a python script and appended to the hex file. The signature has a length of 384 bytes, just like the modulus that is fed to the script and the STM application.
When calling the verify function (cmox_rsa_pkcs1v22_verify) the return value indicates the modulus is too short (retval = 0x50007). How can the library determine that the modulus is too short when the input variables show a length of 384 bytes for the signature and the modulus? I was under the impression that the signature was just an integer, is there some format that the signature has to adhere to?
In the following excerpt you can see the code, that I use to reproduce the error. The first verification against the computed value is successful as it should be. However the second verification against the python_signature returns 0x50007. Although the passed sizeof() of computed_signature and python_signature are identical. As are the sizes of the modulus.
hretval = cmox_hash_compute(CMOX_SHA256_ALGO,
data, DATA_SIZE,
Computed_Hash,
CMOX_SHA256_SIZE,
&computed_size);
cmox_rsa_construct(&Rsa_Ctx, CMOX_RSA_MATH_FUNCS, CMOX_MODEXP_PRIVATE, Working_Buffer, sizeof(Working_Buffer));
/* Fill in RSA key structure using the regular private key representation */
retval = cmox_rsa_setKey(&Rsa_Key,
Modulus, sizeof(Modulus),
Private_Exponent, sizeof(Private_Exponent));
/* Compute directly the signature passing all the needed parameters */
retval = cmox_rsa_pkcs1v22_sign(&Rsa_Ctx,
&Rsa_Key,
Computed_Hash,
CMOX_RSA_PKCS1V22_HASH_SHA256,
Salt, sizeof(Salt),
Computed_Signature, &computed_size);
cmox_rsa_construct(&Rsa_Ctx, CMOX_RSA_MATH_FUNCS, CMOX_MODEXP_PUBLIC, Working_Buffer, sizeof(Working_Buffer));
/* Fill in RSA key structure using the public key representation */
retval = cmox_rsa_setKey(&Rsa_Key,
Modulus, sizeof(Modulus),
Public_Exponent, sizeof(Public_Exponent));
/* Compute directly the signature passing all the needed parameters */
retval = cmox_rsa_pkcs1v22_verify(&Rsa_Ctx,
&Rsa_Key,
Computed_Hash,
CMOX_RSA_PKCS1V22_HASH_SHA256,
sizeof(Salt),
Computed_Signature, sizeof(Computed_Signature),
&fault_check);
retval = cmox_rsa_pkcs1v22_verify(&Rsa_Ctx,
&Rsa_Key,
Computed_Hash,
CMOX_RSA_PKCS1V22_HASH_SHA256,
sizeof(Salt),
python_signature, sizeof(python_signature), /* Signature to verify */
&fault_check);
Labels:
- Labels:
-
Cryptography
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2022-12-21 05:41 AM
Hi @gfxfloro,
the length in bytes may be identical, but the length in bits may not be. The RSA requires the MSB of the integer to be higher than certain value. Because if there are leading zeroes, it's no longer 3072 bit key, but 3069 bit or whatever the leading zeroes may result it.
There are functions for key generation and it's not recommended to simply take a random number and use it directly. These functions will, among other things, check that the leading zeroes are not a problem for either the modulus or the exponent.
BR,
J
To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
Related Content
- stm32duino STM32SD library append in STM32 MCUs Embedded software
- STM32CubeMX 6.11.0 and STM32CubeIDE 1.15.1: bug in generated MX_ADC1_Init() function in STM32CubeMX (MCUs)
- how to use the P-NUCLEO-USB002 with STM32F072RB MCU for Power Delivery in STM32 MCUs Other solutions
- Problem with SPI Communication - Nucleo U575ZI-Q/STEVAL-MKI168V1 in STM32 MCUs Boards and hardware tools
- For STM32_USB_Device_Library please provide a version symbol in STM32 MCUs Embedded software