Skip to main content
MBand.2
MBand.2
Visitor II
September 21, 2020
Question

x-cube-cryptolib Any example of signing data with with openssl and verifying with the stm32f746

  • September 21, 2020
  • 1 reply
  • 641 views

I'm working on a custom bootloader where the bootloader verifies the firmware with ecdsa before booting the firmware, but i cant seem to get it to verify my signature. Is there any examples with some external data is signed with ex openssl and then verified with the stm32f7xx. 

 EC_stt EC_st;
	EC_st.pmB = NULL;
	EC_st.mBsize = 0;
 
 
	EC_st.pmA = P_256_a;
	EC_st.pmB = P_256_b;
	EC_st.pmP = P_256_p;
	EC_st.pmN = P_256_n;
	EC_st.pmGx = P_256_Gx;
	EC_st.pmGy = P_256_Gy;
	EC_st.mAsize = sizeof(P_256_a);
	EC_st.mNsize = sizeof(P_256_n);
	EC_st.mPsize = sizeof(P_256_p);
 EC_st.mBsize = sizeof(P_256_b);
	EC_st.mGxsize = sizeof(P_256_Gx);
	EC_st.mGysize = sizeof(P_256_Gy);
 
	/* We prepare the memory buffer strucure */
	Crypto_Buffer.pmBuf = preallocated_buffer;
	Crypto_Buffer.mUsed = 0;
	Crypto_Buffer.mSize = sizeof(preallocated_buffer);
	int dd = 0;
	//ECCinitPrivKey
 
	BigNum_stt bR;
	BigNum_stt bS;
	W8_to_Big(Signature_r, sizeof(Signature_r), &bR);
	W8_to_Big(Signature_s, sizeof(Signature_s), &bS);
 
	uint32_t status;
	//ECCinitEC(&EC_st, &Crypto_Buffer );
	__disable_irq();//
	status = ECCinitEC(&EC_st, &Crypto_Buffer);
 
	if (status == ECC_SUCCESS) {
		status = ECCinitPoint(&PubKey, &EC_st, &Crypto_Buffer);									//
		if (status == ECC_SUCCESS) {
			ECCsetPointCoordinate(PubKey, E_ECC_POINT_COORDINATE_X, P_256_Gx,sizeof(P_256_Gx));	//
			ECCsetPointCoordinate(PubKey, E_ECC_POINT_COORDINATE_Y, P_256_Gy,sizeof(P_256_Gy));	//
			//ECCgetPointCoordinate(P_pECPnt, P_Coordinate, P_pCoordinateValue, P_pCoordinateSize)
			/* Try to validate the Public Key. */
			status = ECCvalidatePubKey(PubKey, &EC_st, &Crypto_Buffer);							//
			if (status == ECC_SUCCESS) {
 
				status = ECDSAinitSign(&sign, &EC_st, &Crypto_Buffer);							//
				if (status == ECC_SUCCESS) {
					ECDSAverifyCtx_stt verctx; /* Import the signature values */
 
					ECDSAsetSignature(sign, E_ECDSA_SIGNATURE_R_VALUE,
							Signature_r, sizeof(Signature_r));
					ECDSAsetSignature(sign, E_ECDSA_SIGNATURE_S_VALUE,
							Signature_s, sizeof(Signature_s));
 
					verctx.pmEC = &EC_st;
					verctx.pmPubKey = PubKey;
 
					stst = 0;
 
 
					status = ECDSAverify(cheksum, sizeof(cheksum), sign, &verctx,	&Crypto_Buffer);
 
					if (status == SIGNATURE_VALID) {
						stst = 1;
						return 1;
					} else {
						stst = 0;
					}
 
				}
 
			}
		}
	}

I have tried to generate a private/public key with openssl and then convert the parameters to the code but always it fails in the ECDSAverify.

If i run the st example where it genereates the private public keys and signs "abc" then it verifies and works.

Im pretty shure that the problem is somthing to do with the keys or signature i generate. Any help would be great!

Thanks!

This topic has been closed for replies.

1 reply

Jocelyn RICARD
Jocelyn RICARD
ST Employee
September 30, 2020

Hello,

one first think I would think is related to the CRC.

I can see you use a checksum instead of a hash (just because of the name of the variable).

To be able to use the cryptolib you need that CRC clock is activated and at its reset state.

So, if you use CRC for other purpose you need to reset it before using the cryptolib.

Best regards

Jocelyn

Terms & ConditionsAccessibility statement