Skip to main content
NYulz.1
NYulz.1
Associate
November 12, 2020
Question

Signature generated by stm crypto lib different from a signature generated by python for the same key

  • November 12, 2020
  • 4 replies
  • 1493 views

I am trying to create a mechanism of verification where I sign a file on the PC save it to a disk on a key device and then verify it by the MCU after saving it to internal flash.

The PC is doing the signing process and the MCU should only do the verification process.

On the PC side I sign the image with the pkcs1_15.sign() function from the pycryptodome library.

On the MCU is the public key is saved as modulus and exponent in the following format:

unsigned char RSAKeyModulus[] = {
	// Offset 0x00000000 to 0x00000158
	0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
	0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81,
	0x89, 0x02, 0x81, 0x81, 0x00, 0xD6, 0x35, 0x43, 0x7C, 0xC9, 0x22, 0x18,
	0x16, 0xF5, 0xE9, 0xB9, 0x29, 0x51, 0x80, 0x3F, 0x1D, 0xC0, 0x94, 0xCF,
	0x91, 0x0D, 0x38, 0x6E, 0x83, 0x51, 0x22, 0x52, 0xC0, 0x8D, 0xBD, 0xD3,
	0x21, 0x68, 0x52, 0x50, 0x39, 0x79, 0xC6, 0x6D, 0x19, 0x9B, 0xFE, 0x61,
	0xDF, 0xFA, 0xB3, 0x7E, 0xE1, 0x71, 0xA9, 0xE2, 0x3C, 0x72, 0xDA, 0x78,
	0x79, 0xCF, 0xAC, 0x3C, 0x76, 0xC1, 0xFF, 0xCC, 0x3D, 0xBF, 0xBD, 0xE4,
	0x71, 0x34, 0xA4, 0x9D, 0xD3, 0x3B, 0xD8, 0x3B, 0x11, 0x18, 0x6B, 0x82,
	0x6F, 0x65, 0xAB, 0xCC, 0x2A, 0x6A, 0xC6, 0x10, 0x43, 0x15, 0xE5, 0xC4,
	0x52, 0x67, 0x56, 0x45, 0xD6, 0x31, 0x7D, 0x29, 0x33, 0x27, 0x5D, 0xB6,
	0xF5, 0xBB, 0x83, 0xAC, 0x49, 0xCB, 0xD2, 0xF8, 0xF3, 0x39, 0x0B, 0x92,
	0x3A, 0xBD, 0x5C, 0x0B, 0xB8, 0x13, 0x87, 0xFD, 0xA2, 0xCF, 0x3F, 0x5E,
	0xB5, 0x02, 0x03
};
 
unsigned char RSAPublicExponent[] = {
 0x01, 0x00, 0x01
};

That was generated from the same private key used to sign the image.

I'm downloading the file to the MCU and calculating the hash(sha-256) value and receive the same hash value as calculated on the PC side by python.

But the verification function(RSA_PKCS1v15_Verify) called with the has value and the expected signature returns SIGNATURE_INVALID.

To try and solve the problem I added the private key to the code and calculated the signature on the MCU. The sign function(RSA_PKCS1v15_Sign) generated a different key from the one generated with python on the PC. and calling the verify function for this signature returned SIGNATURE_VALID.

I'm guessing there is some difference in the RSA parameters between the python function and ST function.

I will be glad for any suggestions about what can solve the problem.

This topic has been closed for replies.

4 replies

Jocelyn RICARD
Jocelyn RICARD
ST Employee
November 12, 2020

Hello,

There is no difference in the signing algorithm because it follows the standard.

Just one thing to check, did you activate CRC on the STM32?

This is necessary to get good results with the cryptolib

Best regards

Jocelyn

Pavel A.
Pavel A.
Super User
November 12, 2020

Your public key modulus is 159 bytes = 1272 bits. Strange, no? Normally the modulus length is 1024 or 2048 bits.

Also, don't forget to provide the "memory buffer" struct to RSA_PKCS1v15_Sign.

The buffer size, from my tests, should be at least 2000 bytes.

It is hard to guess how much memory it needs. Not enough memory and it fails.

-- pa

NYulz.1
NYulz.1Author
Associate
November 15, 2020

You are right. The length of the modulus should be 80 bytes and 81 the 0x00 at the beginning of the key was the problem. It didn't change the value but changed the length of the key

Dams
Dams
Associate III
December 4, 2020

Hello,

I have the same problem by using the lib "STM32CubeExpansion_Crypto_V3.1.0" with a STM32L476.

I'm using the exemple on the folder "Enc_Dec" and I got a problem:

 I use CRC calculation for another calculation and I didn't find the way to properly DeInit the CRC. If I call the function MX_CRC_Init(); generated by CubeMX, I can't use RSA encryption, the output message is wrong. I try several way to reset the CRC by nothing works.

0693W000006EbC1QAK.png 

How can I use CRC properly ?

Thanks in advance for help.

Dams

Jocelyn RICARD
Jocelyn RICARD
ST Employee
January 11, 2021

Hello Dams,

I'm sorry for this late answer.

The default CRC configuration after reset is working fine.

So, I would advise just resetting the CRC IP.

Best regards

Jocelyn

Terms & ConditionsAccessibility statement