Posted in Research

Help Implementing ECDSA using PSA crypto API of mbedTLS – Nordic Q&A – Nordic DevZone

 May 13, 2022

I have implemented as this. Looks good ?

//Verify The Digital Signature received from GATT Client (Mobile)

//ECC curve used NIST (P-256 R1), HASH Algorithm used : SHA256

static psa_status_t CRYPTO_VerifyMessage(const uint8_t * input, size_t input_length,

                                 const uint8_t * signature, size_t signature_length,

                                 const uint8_t * public_key, size_t public_key_length )

{

    psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;

    static psa_key_handle_t pub_key_handle;

    psa_status_t status;

    status = psa_crypto_init();

    if (status != PSA_SUCCESS)

    {

        //LOG_INF(“psa_crypto_init failed! (Error: %d)”, status);

        printk(“psa_crypto_init failed!\n);

        return status;

    }

    /* Configure the key attributes */

    psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_VERIFY_MESSAGE);

    psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);

    psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));

    psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));

    psa_set_key_bits(&key_attributes, 256);

    /* Acquire the key handle */

    status = psa_import_key(&key_attributes, public_key, public_key_length, &pub_key_handle);

    if (status != PSA_SUCCESS)

    {

        //LOG_INF(“psa_import_key failed! (Error: %d)”, status);

        //printk(“psa_import_key failed!\n”);

        printk(“psa_import_key failed! (Error: %d)”, status);

        return status;

    }

    /* After the key handle is acquired the attributes are not needed */

    psa_reset_key_attributes(&key_attributes);

    status =

    psa_verify_message(pub_key_handle, PSA_ALG_ECDSA(PSA_ALG_SHA_256), input, input_length, signature, signature_length);

    if (status != PSA_SUCCESS)

    {

        //LOG_INF(“psa_verify_message failed! (Error: %d)”, status);

        printk(“psa_verify_message failed!\n);

        return status;

    }

    /* Destroy the key handle */

    status = psa_destroy_key(pub_key_handle);

    if (status != PSA_SUCCESS)

    {

        //LOG_INF(“psa_destroy_key failed! (Error: %d)”, status);

        printk(“psa_destroy_key failed!\n);

        return status;

    }

    return PSA_SUCCESS;

}

On free running application, i am getting PSA Status error as -141, which means no memory available while calling the psa_import_key()

How do i increase run time memory in code to fix this issue ?

Is there a Kconfig that i shall use ? How to figure out what value to use ?

Read more here: Source link