cancel
Showing results for 
Search instead for 
Did you mean: 

is the Asymmetric Cryptography supports ECC NIST256p keys only ..?? Because i tried to generate ECC private key with help of "secp256k1" and got compilation error as NOT SUPPORTED,

SPati.7
Associate III

Self Generation script is like this :

def generate():

       return ECDSA256P1(SigningKey.generate(curve=NIST256p))

KEY EXTRACTION

key = SigningKey.from_pem(pem)

       if key.curve.name == 'NIST256p':

           return ECDSA256P1(key)

       else:

           raise Exception("Unsupported")

is this mean, only NIST256p generated keys ..??

Second question is about Firmware encryption support on STM32H753:

  • As mentioned in example, default crypto scheme SECBOOT_ECCDSA_WITH_AES128_CBC_SHA256, is supported on STM32H753 ..??
  • But as i see SECBOOT_ECCDSA_WITH_AES128_CTR_SHA256 scheme is applicable on STM32H7 series with OTFDEC support feature only right ??

So can you please tell us on STM32H753VIT6 MCU, what kind of CRYPTO schemes are supported ??

9 REPLIES 9
SPati.7
Associate III

@Jocelyn RICARD​  Can you please help with the above queries ..??

Jocelyn RICARD
ST Employee

Hello @SPati.7​ ,

First, please tag your post with SBSFU. Other supporters following SBSFU may be able to answer as well.

Answer is yes, only one curve is supported in current implementation.

Now, as you have the code you can replace the NIST 256p by the one you want.

You will also have to adapt the python scripts in Middlewares\ST\STM32_Secure_Engine\Utilities\KeysAndImages\ to deal with your specific curve.

Regarding crypto schemes supported you can find them in

Projects\NUCLEO-H753ZI\Applications\2_Images\2_Images_SECoreBin\Inc\se_crypto_config.h:

#define SECBOOT_ECCDSA_WITHOUT_ENCRYPT_SHA256    (1U) /*!< asymmetric crypto, no FW encryption      */

#define SECBOOT_ECCDSA_WITH_AES128_CBC_SHA256    (2U) /*!< asymmetric crypto with encrypted Firmware   */

#define SECBOOT_AES128_GCM_AES128_GCM_AES128_GCM   (3U) /*!< symmetric crypto               */

This information can be found in UM2262

Best regards

Jocelyn

Mortals can't create new tags, SBSFU doesn't exist as a current tag, I've edited to select existing tag "X-cube-sbsfu"

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..

Thank you @Community member​  I should have been more precise!

@Jocelyn RICARD​  is X-CUBE-SBSFU(STM32H7) support RSA (2048/4096) cryptographic scheme to sign Firmware ..??

For me it looks like only ECC256 is supported.

0693W00000LwlwqQAB.pngI didn't find this information from UM2262.

Can you confirm on that please ..??

Hello @SPati.7​ ,

yes I confirm that X-CUBE-SBSFU does not provide any support for RSA for firmware signature.

Best regards

Jocelyn

@Jocelyn RICARD​ & @Fred​ 

is X-CUBE-SBSFU supports SHA384 algorithm ??

I see in general SHA256, sha384 and sha512 algorithms mentioned in AN5156.

If it supported, how can we enable this in existing SBSFU source ?

The crypto schemes supported "natively" by X-CUBE-SBSFU can be found in:

\Applications\2_Images\2_Images_SECoreBin\Inc\se_crypto_config.h

As far as I know, we do not provide SHA384 and SHA512 support natively.

To do so, you need to:

  1. create a new scheme
  2. update the embedded code to use this HASH algorithm
  3. update the python tooling to use this HASH algorithm

Also, you will need to update the data structure to store a SHA384/512 digest instead of a SHA256.

Thanks & Regards,

Fred

Thanks @Fred​