Data alignment when using mbedtls with i.MX RT1170

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Data alignment when using mbedtls with i.MX RT1170

Jump to solution
1,274 Views
Freddy_
Contributor I

Hi,

I’m currently working on cryptography topic and I have 2 questions related to the use of the mbedtls (SDK 2.13.1) along with the CAAM of i.MX RT1170.

Q1: Basically, I noticed that all CAAM accesses from mbedtls need to be performed from 32 bytes aligned data. This is not performed in SDK 2.13.1 mbedtls so I had to implement some fixes to make things work. Did I miss something ?

Q2: During RSA encryption using PKCS 1.5 padding, mbedtls calls the CAAM random number generation function every time a single random byte needs to be generated. However this process is very long because the CAAM requires 125ms to generate random bytes, no matter the number of bytes to be generated. I could update mbedtls in order to generate directly the number of bytes I need but I would prefer not to change NXP SDK in order to ease further maintainability. Perhaps I missed something there as well ?

Thanks for your help,

Freddy

0 Kudos
Reply
1 Solution
1,191 Views
nxf77486
NXP TechSupport
NXP TechSupport

Hello,

 

Thank you for clarifying this information, so after reviewing the information. The changes you perform ed seem to be fine.

View solution in original post

0 Kudos
Reply
6 Replies
1,244 Views
Freddy_
Contributor I

Hello,

 

Thank you for your reply.

Regarding Q1, indeed I needed to perform some changes in function 'mbedtls_rsa_rsaes_oaep_encrypt()'. When 'mbedtls_md( md_info, label, label_len, p )' is called, I needed to make sure 'p' is 32 bytes aligned. I did that using an intermediate static variable and '__ALIGNED(32)' tag. I wonder if this doesn't have something to see with DMA or data cache.

I didn't find any SDK example execising 'mbedtls_rsa_pkcs1_encrypt()' function.

Regarding Q2, ok with your answer.

0 Kudos
Reply
1,198 Views
nxf77486
NXP TechSupport
NXP TechSupport

Hello,

It is correct we unfortunately do not have an example where we access the

mbedtls_rsa_pkcs1_encrypt()', but before continue I think I did not formulated my question properly for query 1.

So none of the SDK example available for mbedtls are working on the SDK, or is just that this example changes you are performing are exclusively for our software design?

0 Kudos
Reply
1,195 Views
Freddy_
Contributor I

Hi,

Yes, the changes I made are exclusively related to our software design.

Freddy

0 Kudos
Reply
1,192 Views
nxf77486
NXP TechSupport
NXP TechSupport

Hello,

 

Thank you for clarifying this information, so after reviewing the information. The changes you perform ed seem to be fine.

0 Kudos
Reply
914 Views
Freddy_
Contributor I

Hello,

Unfortunately, I'm struggling again using mbedtls with i.MX RT1170. This time, when I sign data with 'security_rsa_pkcs1_sign' and verify the generated signature with 'security_rsa_pkcs1_verify', I get the error MBEDTLS_ERR_RSA_VERIFY_FAILED.

I did the signing and the verification steps in a continuous sequence, so I'm sure to use exactly the same RSA key. An interesting thing is that my signing/verification test works when mbedtls is configured to use PKCS#1 v1.5 but it does not work when mbedtls is configured to use PKCS#1 v2.1. This lets me think the issue related to the use of mbedtls with i.MX RT1170.

 

0 Kudos
Reply
1,254 Views
nxf77486
NXP TechSupport
NXP TechSupport

Hello,

 

Thank you for contacting NXP support.

Regarding your first Q1 you mean you needed to perform changes in order to make work an SDK example?

On question 2 from my point of view I do not think you missed something.

I will only add that we have a latest version of the SDK 2.14.0.

Please let me know if there is anything else where I can help you.

0 Kudos
Reply