ECDSA signature verification with Crypto driver

IAussman · ‎06-01-2023

Dear NXP community,

I'm currently trying to verify a signature with ECDSA (ECC public key P256) as part of the UDS security service.

After sending the request (signature_verify), the HSE firmware responds with CRYPTO_E_INVALID_PARAM.

This response is not very clear about which parameter is wrong.

I've joinded below the structures I've used for the Crypto job configuration.

Any suggestion would be welcome. Thank you.

Best regards,

Std_ReturnType SEC_VerifySignatureSecurityAccess(uint32_t u32KeyId, /*KeyId*/

uint8_t * pData, /* Seed*/

uint32_t u32DataSz, /* Seed Size */

uint8_t * pTag, /*signature */

uint32_t u32TagLength, /* signature size */

Crypto_VerifyResultType * pVerifyResult)

{

Std_ReturnType retVal = E_NOT_OK;

/** Crypto job-structures for UDS Security Access signature verification */

Crypto_PrimitiveInfoType App_SignatureVerifyPrimitiveInfo = {

u32TagLength, /* resultLength */

CRYPTO_SIGNATUREVERIFY, /* service*/

{CRYPTO_ALGOFAM_ECCNIST, CRYPTO_ALGOFAM_SHA2_256, (ECC_PUB_KEY_SZ), CRYPTO_ALGOMODE_NOT_SET}

};

Crypto_JobPrimitiveInfoType App_JobSignaturePrimitiveInfo = {0U, /* callbackId */

&App_SignatureVerifyPrimitiveInfo, /* primitiveInfo */

0U, /* cryIfKeyId*/

CRYPTO_PROCESSING_SYNC, /* Crypto_ProcessingType*/

FALSE /* callbackUpdateNotification*/};

/** Job SignatureVerify ID and priority*/

const Crypto_JobInfoType App_JobSignatureVerifyInfo = {JOB_SIGNATURE_VERIFY_ID, JOB_SIGNATURE_VERIFY_PRIORITY};

/** Structure of the job to be passed to Crypto driver, requesting Signature Verify */

Crypto_JobType App_JobSignatureVerify = {

JOB_SIGNATURE_VERIFY_ID, /* jobId - Identifier for the job structure */

CRYPTO_JOBSTATE_IDLE, /* jobState - Determines the current job state */

{

pData, /* inputPtr - Pointer to the input data. */

u32DataSz, /* inputLength - Contains the input length in bytes. */

pTag, /* secondaryInputPtr - Pointer to the secondary input data (for MacVerify, SignatureVerify). */

u32TagLength, /* secondaryInputLength - Contains the secondary input length in bytes. */

NULL_PTR, /* tertiaryInputPtr - Pointer to the tertiary input data (for MacVerify, SignatureVerify). */

0U, /* tertiaryInputLength - Contains the tertiary input length in bytes. */

NULL_PTR, /* outputPtr - Pointer to the output data. */

NULL_PTR, /* outputLengthPtr - Holds a pointer to a memory location containing the output length in bytes. */

NULL_PTR, /* secondaryOutputPtr - Pointer to the secondary output data. */

NULL_PTR, /* secondaryOutputLengthPtr - Holds a pointer to a memory location containing the secondary output length in bytes. */

0U, /* input64 - Versatile input parameter */

pVerifyResult, /* verifyPtr - Output pointer to a memory location holding a Crypto_VerifyResultType */

NULL_PTR, /* output64Ptr - Output pointer to a memory location holding an uint64. */

CRYPTO_OPERATIONMODE_SINGLECALL, /* mode - Indicator of the mode(s)/operation(s) to be performed */

0U, /* cryIfKeyId - Holds the CryIf key id for key operation services. */

0U, /* targetCryIfKeyId - Holds the target CryIf key id for key operation services. */

},

&App_JobSignaturePrimitiveInfo, /* jobPrimitiveInfo - Pointer to a structure containing further information, which depends on the job and the

crypto primitive */

&App_JobSignatureVerifyInfo, /* jobInfo - Pointer to a structure containing further information, which depends on the job and the

crypto primitive */

NULL_PTR, /* jobRedirectionInfoRef - Pointer to a structure containing further information on the usage of keys as input and output for jobs. */

u32KeyId /* cryptoKeyId - Identifier of the Crypto Driver key. The identifier shall be written by the Crypto Interface */

};

retVal = Crypto_ProcessJob(CryptoConf_CryptoDriverObject_CryptoDriverObject_0, &App_JobSignatureVerify);

return retVal;

}

nxf78987 · ‎07-12-2023

Hello @IAussman,

Sorry because my response was late.

what are the data of parameters you passed into SEC_VerifySignatureSecurityAccess() function?

Please show me the detail.

Best regards,

Dan

IAussman · ‎07-12-2023

Hi @nxf78987 ,

I just sent you an email with further details about the call of SEC_VerifySignatureSecurityAccess().

BR,

nxf78987 · ‎06-15-2023

Hello @IAussman,

Could you send me your project? (you can send it to my email: dan.nguyenduy@nxp.com)

What is the S32K3 package's name and HSE FW you are using?

Best regards

Dan

IAussman · ‎06-19-2023

Hi @nxf78987 ,

I've sent you an email with all the related information.

Thank you.

Best regards,

nxf78987 · ‎07-03-2023

Hi @IAussman,

Could you send me the configuration file?

Best regards,

Dan

IAussman · ‎07-04-2023

Hi @nxf78987 ,

I just sent them to you via email.

Thank you.

Best regards,

nxf78987 · ‎07-04-2023

Hello @IAussman,

Could you send me the Crypto.xdm file?

And S32K3 RTD driver was tested on the IAR ANSI C/C++ Compiler v.8.50.10 (safety version) and you need to use the correct IAR version.

Best regards,

Dan

IAussman · ‎07-04-2023

Hi @nxf78987 ,

I just send it to you.

Best regards,

nxf78987 · ‎07-20-2023

Hello @IAussman,

Sorry for my late response,

I tried some ways to check your issue from my site, but I can't test successful because I don't have private key and signature value correctly.

So, Could you send your private key and signature value for me? I'm going to test from my side.

Besides, Did you check your private key and signature value are correctly?

Best regards,

Dan

IAussman · ‎07-21-2023

Hi @nxf78987 ,

I have just sent it to you on the related case.

Best regards,