nRF52840 crypto functionalities on Boron?

boron
Tags: #<Tag:0x00007f1ca2d9c180>

#1

Hi all,

How can I use cryptographic functionalities of nRF52840 from Particle deviceOS?

Nordic Semiconductor provides a SDK with a lot of interesting libraries. How can I access to them from Boron?

https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v15.3.0/lib_crypto.html

Thank you,

Manuel Montenegro


#2

I’m hopeful for the same thing. I’ve seen a number of people looking to embed other crypto libraries like mbed TLS in their application, but that uses a lot of space and doesn’t use the hardware crypto.

From some topics I’ve read a lot of the libraries might currently be pruned out of the firmware during compile currently though. I’ve opened Feature Request: DTLS support because it seems this support should be easily included as it’s being used.

I haven’t tried it yet, but I hear if you compile a monolithic firmware you should be able to access everything.


#3

I have been trying to get some results.

I’m developing over deviceOS 1.2.0-beta.1 and compiling with debug option from Workbench IDE in order to get a monolithic binary file.

My goal is to use Elliptic Curve in order to generate a key pair using nRF52840 and sign/verify a JSON. This will help in the implementation of JWT (JSON Web Token).

Anyway, I saw this code on deviceOS ecp_alt_cc310.c.

CC310_OPERATION(CRYS_ECPKI_GenKeyPair( pRndState, RYS_RND_GenerateVector, domain,UserPrivKey, UserPublKey, TempECCKGBuff, FipsBuff ), error);

So, I think I can use CC310 libraries present on nRF52840 SDK. This is, CryptoCell API.

I have developed the following code:

#include "ssi_pal_types.h"
#include "ssi_pal_mem.h"
#include "sns_silib.h"
#include "crys_ecpki_build.h"
#include "crys_ecpki_ecdsa.h"
#include "crys_ecpki_dh.h"
#include "crys_ecpki_kg.h"
#include "crys_ecpki_domain.h"

void setup() {

  CRYS_RND_State_t*        rndState_ptr;
  CRYS_RND_WorkBuff_t*  rndWorkBuff_ptr;

  CRYS_RndInit(rndState_ptr, rndWorkBuff_ptr);

  SaSiRndGenerateVectWorkFunc_t 	rndGenerateVectFunc = CRYS_RND_GenerateVector;

  const CRYS_ECPKI_Domain_t       *pDomain;
  CRYS_ECPKI_DomainID_t domainId = CRYS_ECPKI_DomainID_secp256k1;
  pDomain = CRYS_ECPKI_GetEcDomain(domainId);

  CRYS_ECPKI_UserPrivKey_t        UserPrivKey1;
  CRYS_ECPKI_UserPublKey_t        UserPublKey1;

  CRYS_ECPKI_KG_TempData_t        *TempECCKGBuffptr;
  CRYS_ECPKI_KG_TempData_t        TempECCKGBuff;
  TempECCKGBuffptr = (CRYS_ECPKI_KG_TempData_t*)&TempECCKGBuff;

  CRYS_ECPKI_KG_FipsContext_t   	FipsBuff;

  int ret = CRYS_ECPKI_GenKeyPair
  ( 
    rndState_ptr,
    rndGenerateVectFunc,
    pDomain,
    &UserPrivKey1,
    &UserPublKey1,
    TempECCKGBuffptr,
    &FipsBuff
  );

  if (ret != CRYS_OK)
  {
    Serial.println(ret,HEX);
  } else {
    Serial.println("SUCCESS");
  }
}


void loop() {}

But the function returns the error “F00891”.

How can I generate a key pair using CryptoCell? This seems like deviceOS allows the use of CC310 using mbedtls.

Any idea?

Thank you,

Manuel