FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA / AES Key generation

BSunw.1
Associate III

‎2022-12-29 12:14 PM

Hello,

I am working with the STM32U585 and am looking for a HAL function to generate RSA key pairs? And AES keys if possible? I see that wolfssl has these functions available but they do not support the STM32U575 / 585 yet. I've seen other posts suggesting to use OpenSSL but I'm worried about how large the library is.

I would like to generate a new set of keys upon every power on to ensure better security as apposed to just using OpenSSL to external generate keys and then input them into the system. Is there any build it functions using the AES or PKA that can generate keys?

Thanks

Labels:
4 REPLIES 4
Tesla DeLorean
Guru

‎2022-12-29 01:34 PM

STM32Cube_FW_U5_V1.1.1\Projects\B-U585I-IOT02A\Applications\SBSFU\SBSFU_Boot\Src\rsa_alt.c

#if defined(MBEDTLS_GENPRIME)
 
/*
 * Generate an RSA key pair
 *
 * This generation method follows the RSA key pair generation procedure of
 * FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072.
 */
int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
                 int (*f_rng)(void *, unsigned char *, size_t),
                 void *p_rng,
                 unsigned int nbits, int exponent )
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    mbedtls_mpi H, G, L;
    int prime_quality = 0;
...

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
0 Kudos
BSunw.1
Associate III
In response to Tesla DeLorean

‎2022-12-29 04:06 PM

Thanks for the reply! Do you know if there are any tutorials on how to set up mbedtls with STM32CubeIDE? It seems like the F4 devices have this package already added in the .ioc view under Middleware but the U585 does not.

I tried adding an external software package "ARM.mbedTLS.3.1.0.pack" downloaded from https://www.keil.com/dd2/pack/#!#eula-container but there are missing dependencies. Not sure if there is a better way do add the mbedtls package?

0 Kudos
Tesla DeLorean
Guru
In response to BSunw.1

‎2022-12-29 05:02 PM

That's a bit outside the scope of what I'm doing, using SECP192R1 in directly coded projects.

I'm not sure they are using any of the PKA native functionality of the U5, but there are other things that do. You could at least built the MBEDTLS examples that ST provides to get a feeling for the overall weight of the library. And there's related code on the interwebs using it to better understand the mechanics

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Rajan Soma
Associate II

‎2023-05-08 04:11 AM

have you got the answer from ST commiunity?

0 Kudos
Top