Associate

Solved

STM32H56 PKA Arithmetic operations not working

Forum|Forum|1 year ago
May 17, 2024
3 replies
2271 views

I am working with the NUCLEO-H563ZI, and I'm trying to write an application that verifies an ECDSA Certificate. I have already successfully done the verification using the HAL_PKA_ECDSAVerif() function provided with all the parameters. My problem is that the public key that I get is in the compact form (I only have the X part and a bit to indicate which Y part to choose) so I have to calculate the Y part separately before running the verification. To get the Y part I must use the ECC curve function y = modular square root of (x^3 + a.x + b). The parameters are 192 bits long so I can't just directly calculate everything so I tried using the PKA Arithmetic function but I cannot get them to work. The function just gets stuck until timeout. With the HAL_MAX_DELAY it just stays stuck forever. Here is the code below:

//Just a mockup of the actual code
uint32_t number1[6] = {0x12345678, 0x9ABCDEF0, 0x13579BDF, 0x2468ACE0, 0x02468ACE, 0x13579BDF};
uint32_t number2[6] = {0x98765432, 0xABCDEF09, 0x2468ACE0, 0x13579BDF, 0x02468ACE, 0x2468ACE0};
uint32_t result [7];

PKA_AddInTypeDef Addition_Struct;

int main(void)
{
	HAL_Init();
	SystemClock_Config();
	MX_RNG_Init();
	MX_PKA_Init();
	
	Addition_Struct.size = 6;
	Addition_Struct.pOp1 = number1;
	Addition_Struct.pOp2 = number2;
	
	HAL_StatusTypeDef status = HAL_PKA_Add (&hpka, &Addition_Struct, 1000);
	//It doesn't work even with HAL_MAX_DELAY

	// Check if addition was successful
	if (HAL_PKA_GetState (&hpka) == HAL_OK){
		printf("Operation Successful\n");
		HAL_PKA_Arithmetic_GetResult(&hpka, result);
	} else{
		// Addition failed
		printf("Error occurred during addition\n");
		uint32_t error = HAL_PKA_GetError (&hpka); //Error has value 12
	}

	while (1)
	{
	}
}

What could the problem be? And do you have any idea how can I calculate the y part of the public key in an efficient way ?

Cryptography

Best answer by Jocelyn RICARD

Hello @A_A_Phil ,

the NUCLEO-H563ZI does not support HW accelerated crypto.

You should use the STM32H573I-DK

Best regards

Jocelyn

Christian N

ST Employee

This post has been escalated to the ST Online Support Team for additional assistance. We'll contact you directly.

Jocelyn RICARDBest answer

ST Employee

Hello @A_A_Phil ,

the NUCLEO-H563ZI does not support HW accelerated crypto.

You should use the STM32H573I-DK

Best regards

Jocelyn

M

moe_fdi

Associate

Hello,

Have you ever successfully calculated the uncompressed public key from a compressed public key, using the PKA Arithmetics function?

BR

A

A_A_PhilAuthor

Associate

Hi,

No I haven't implemented this on an stm32 yet, but I did on another Microcontroller, should be similar though.

The compressed key is basically the x-coordinate of the curve-point and a sign byte or indicator. You use x to calculate y^2 and then you calculate the square root of that using the Tonelli-Shanks algorithm (a great video explaining how to to use it: Finding Mod-p Square Roots with the Tonelli-Shanks Algorithm).

So you calculate y^2 = x^3 + ax + b = n (all Modular arithmetic)
Then calculate y1 = n^((P+1)/4) : Division is just a right shift by 2, the addition is a normal one (not Modular addition) and the exponentiation is Modular.
y2 = -y1 (Modular inverse)
Determine if y1 or y2 using the indicator from the compressed key (either even or odd)

All of these operations can be executed with the use of the HAL functions for Modular exponentiation, Modular addition, Modular subtraction, Montgomery multiplication and Modular inversion.

I hope this helps

M

moe_fdi

Associate

Thank you for your reply.

I’ve implemented most of the calculations, but I’m currently stuck on the division by 4. Since there isn’t an arithmetic function for shifting, which function could I use instead? is it the inverse modular to calculate (P+1)/4 ?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded