FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

X-CUBE-CRYPTOLIB cmox_eddsa_verify memory fail

AKole.3
Associate

‎2022-05-30 04:54 AM

Hi everyone!

In our project for stm32f446, we are trying to use X-CUBE-CRYPTOLIB to verify the firmware signature on the device using ED25519. Unfortunately, when trying to call the cmox_eddsa_verify method, we get the CMOX_ECC_ERR_MEMORY_FAIL error. The error occurs when memory is allocated. Tell me how to overcome this, or perhaps we are doing something wrong.

Below is the code

bool FirmwareCrypt::verify(const uint8_t* data, size_t size, const uint8_t* sign, size_t sign_size)
{
    if (!data || !size) 
        return false;
    
    cmox_ecc_handle_t handle;
    uint8_t ecc_buf[ECC_BUF_SIZE// 2048];
    uint32_t fault_check = 0;
    memset((void*)&handle, 0, sizeof(cmox_ecc_handle_t));
    cmox_ecc_construct(&handle, CMOX_ECC256_MATH_FUNCS, ecc_buf, ECC_BUF_SIZE);
    
    cmox_ecc_retval_t ret = cmox_eddsa_verify(&handle, CMOX_ECC_CURVE_ED25519, 
        public_key, PUBLIC_KEY_SIZE, data, size/*~100Kb*/, sign, sign_size, NULL/*&fault_check*/);
    
    if (/*(static_cast<uint32_t>(ret) != fault_check) && */(ret != CMOX_ECC_SUCCESS)) {
        return false;
    }
    
    return true;
}

Labels:
0 Kudos
6 REPLIES 6
Jocelyn RICARD
ST Employee

‎2022-06-29 05:36 AM

Hello @AKole.3​ ,

in the example provided here STM32CubeExpansion_Crypto_V4.0.1\Projects\NUCLEO-G474RE\Applications\ECC\EDDSA_SignVerify\ I can see:

uint8_t Working_Buffer[2200];

So, maybe setting your buffer size with same value will solve your issue

Best regards

Jocelyn

0 Kudos
HMcKi
Associate III
In response to Jocelyn RICARD

‎2024-10-15 03:00 PM

G'day,

Is there any documentation on how to set this buffer to be the appropriate size? This answer leads me to more questions:

  • Is 2200 always safe?
  • If you set it for one curve / memory implementation will it always work if it works once? 
  • I presume it depends on the ECC curve and the lowmem vs highmem option?

Cheers,

Hamish.

 

0 Kudos
Jocelyn RICARD
ST Employee
In response to HMcKi

‎2024-10-16 09:42 AM

Hello @HMcKi ,

if you look at the wiki here you will see the usage of the buffer depending on option used.

So, 2200 looks like a really safe value.

Best regards

Jocelyn

 

0 Kudos
HMcKi
Associate III
In response to Jocelyn RICARD

‎2024-10-22 09:39 PM

Thank you.
0 Kudos
xlongfeng
Associate
In response to Jocelyn RICARD

‎2024-12-08 10:18 PM - edited ‎2024-12-08 11:05 PM

Hi Jocelyn, 

Is there any limitation between the length of message and working_buffer, if I provide a message exceeded 4096 bytes, cmox_eddsa_verify always returns CMOX_ECC_ERR_MEMORY_FAIL. In our project, we need to verify the frimware with a length nearly of 256KB.

Do we need to split the firmware to small chunks (like 1023 bytes), and sign them separately, then transfer the chunks and signatues to cmox_eddsa_verify one by one?

BR.

xlongfeng

0 Kudos
Jocelyn RICARD
ST Employee
In response to xlongfeng

‎2024-12-09 01:34 AM

Hello @xlongfeng ,

The verification of a signature is always done on the hash of the data you want to check.

So, first compute the digest of your firmware using a hash algorithm such as SHA-256.

Then use this digest as input to your verification algorithm

Best regards

Jocelyn

Top