Skip to main content
S
skana.1
Visitor II
January 17, 2023
Solved

requirement of secure firmware upgrade and secure boot using stsafe a110 crypto chip. Is there any limitation for signature verification about the message length and the type of the private key that need to be used for the signature creation.

  • January 17, 2023
  • 4 replies
  • 2019 views

I have STSafe a110 crypto chip in my hardware. I have created the private and public key pairs and signed the firmware image. During the firmware upgrade, on host side, the signature needs to be verified using the stsafe a110 chip. I have used ECDSA_do_verify(&Hash[0], 64, sig, eckey_pub); but i got "OpenSSL error 218570907 error:0D07209B:asn1 encoding routines:ASN1_get_object:too long" error. After that i have changed the message size to ECDSA_do_verify(&Hash[0], 32, sig, eckey_pub); But now it is failing with StSafeA_VerifyMessageSignature called, StatusCode:0 SignatureValidity=0 error.

What could be the reason for it? is there a limitation of 32byte message size? are there any other limitations because of which signature verification is failing?

    This topic has been closed for replies.
    Best answer by Benjamin BARATTE

    Hi @skana.1​,

    you have to be carefull, when you are using openssl dgst -sha256 -sign privatekey.pem -out firmware.sig firmware.hash command, Openssl will hash with SHA256 the file firmware.hash and then sign it.

    same with the verify, therefore, you need to pass the FW file to generate the signature with OpenSSL.

    Regarding your issue with verifying with STSAFE-A, could please clarify which software you are using ?

    Thanks,

    Best Regards,

    Benjamin

    4 replies

    B
    Benjamin BARATTE
    ST Employee
    January 20, 2023

    Hi @skana.1​ 

    Thanks for you interest for ST product.

    If I understand well, you have have generated a signature of your firmware with OpenSSL ?

    I see you have to change the Hash size from 64 to 32, does that means you have use SHA512 to generate your hash ?

    Which curve do you use for your EC key ?

    STSAFE-A110 supports 4 EC curves (OpenSSL name : prime256v1, secp384r1, brainpoolP256r1, brainpoolP384r1).

    Regarding the hash handling, the recommendation is to use the same hash size than your curve size.

    So if you use prime256v1, this is 256bits size key, you need to use the SHA256 algorithm.

    If you have use a longer hash than your key size, then you need to truncate the hash and keep the left most significant bytes of the hash.

    If you have a smaller hash size than your key size, then you need to left pad your hash with 0.

    I have shared a mbedtls implementation with STSAFE-A, in the stsafea_sign_wrap() function you have the hash realignment logic for signature generation, this is the same principle for signature verification.

    Let me know if this helps on your issue.

    Best Regards,

    Benjamin

    S
    skana.1Author
    Visitor II
    January 20, 2023

    Hi Benjamin,

    Thank you for the response.

    Please find the further details regarding the issue.

    I have used openssl to sign the firmware using the following command.

    openssl dgst -sha256 -sign privatekey.pem -out firmware.sig firmware.hash. firmware.hash file size is 32 bytes.

    I am getting signature verified success if i use the following command using openssl.

    openssl dgst -sha256 -verify publickey.pem -signature firmware.sig firmware.hash

    I was trying to get firmware signature(firmware.sig) verified using stsafe chip.

    d2i_ECDSA_SIG(&sig, &p, siglen), ECDSA_do_verify(&Hash[0], 32, sig, eckey_pub) apis are used.

    I have copied firmware.hash to Hash[32], and firmware.sig to sigbuff[256] and passing this to ECDSA_do_verify(&Hash[0], 32, sig, eckey_pub);

    But ECDSA_do_verify failing everytime.

    Getting "OpenSSL error 218570907 error:0D07209B:asn1 encoding routines:ASN1_get_object:too long" error for d2i_ECDSA_SIG(&sig, &p, siglen). when copied firmware.sig to sigbuff that was created for firmware.hash file size is more than 32 bytes.

    const unsigned char *p = (const unsigned char *)&sigbuf;

    Details of the key that was used to creating the signature:

    openssl ecparam -in privatekey.pem -text -noout

    ASN1 OID: prime256v1

    NIST CURVE: P-256

    temp.pem is the private key used to sign the digest/message.

    B
    Benjamin BARATTEAnswer
    ST Employee
    January 20, 2023

    Hi @skana.1​,

    you have to be carefull, when you are using openssl dgst -sha256 -sign privatekey.pem -out firmware.sig firmware.hash command, Openssl will hash with SHA256 the file firmware.hash and then sign it.

    same with the verify, therefore, you need to pass the FW file to generate the signature with OpenSSL.

    Regarding your issue with verifying with STSAFE-A, could please clarify which software you are using ?

    Thanks,

    Best Regards,

    Benjamin

    S
    skana.1Author
    Visitor II
    January 23, 2023

    Hi Benjamin,

    Thanks for your response. The signature verification failure was because of the wrong openssl command that was used to sign the input/firmware file. The command is corrected. Signature verification using STSAFEA110 is successful now.

    Thank you.

    Terms & ConditionsAccessibility statement