Data alignment when using mbedtls with i.MX RT1170

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Data alignment when using mbedtls with i.MX RT1170

ソリューションへジャンプ
1,301件の閲覧回数
Freddy_
Contributor I

Hi,

I’m currently working on cryptography topic and I have 2 questions related to the use of the mbedtls (SDK 2.13.1) along with the CAAM of i.MX RT1170.

Q1: Basically, I noticed that all CAAM accesses from mbedtls need to be performed from 32 bytes aligned data. This is not performed in SDK 2.13.1 mbedtls so I had to implement some fixes to make things work. Did I miss something ?

Q2: During RSA encryption using PKCS 1.5 padding, mbedtls calls the CAAM random number generation function every time a single random byte needs to be generated. However this process is very long because the CAAM requires 125ms to generate random bytes, no matter the number of bytes to be generated. I could update mbedtls in order to generate directly the number of bytes I need but I would prefer not to change NXP SDK in order to ease further maintainability. Perhaps I missed something there as well ?

Thanks for your help,

Freddy

0 件の賞賛
返信
1 解決策
1,218件の閲覧回数
nxf77486
NXP TechSupport
NXP TechSupport

Hello,

 

Thank you for clarifying this information, so after reviewing the information. The changes you perform ed seem to be fine.

元の投稿で解決策を見る

0 件の賞賛
返信
6 返答(返信)
1,271件の閲覧回数
Freddy_
Contributor I

Hello,

 

Thank you for your reply.

Regarding Q1, indeed I needed to perform some changes in function 'mbedtls_rsa_rsaes_oaep_encrypt()'. When 'mbedtls_md( md_info, label, label_len, p )' is called, I needed to make sure 'p' is 32 bytes aligned. I did that using an intermediate static variable and '__ALIGNED(32)' tag. I wonder if this doesn't have something to see with DMA or data cache.

I didn't find any SDK example execising 'mbedtls_rsa_pkcs1_encrypt()' function.

Regarding Q2, ok with your answer.

0 件の賞賛
返信
1,225件の閲覧回数
nxf77486
NXP TechSupport
NXP TechSupport

Hello,

It is correct we unfortunately do not have an example where we access the

mbedtls_rsa_pkcs1_encrypt()', but before continue I think I did not formulated my question properly for query 1.

So none of the SDK example available for mbedtls are working on the SDK, or is just that this example changes you are performing are exclusively for our software design?

0 件の賞賛
返信
1,222件の閲覧回数
Freddy_
Contributor I

Hi,

Yes, the changes I made are exclusively related to our software design.

Freddy

0 件の賞賛
返信
1,219件の閲覧回数
nxf77486
NXP TechSupport
NXP TechSupport

Hello,

 

Thank you for clarifying this information, so after reviewing the information. The changes you perform ed seem to be fine.

0 件の賞賛
返信
941件の閲覧回数
Freddy_
Contributor I

Hello,

Unfortunately, I'm struggling again using mbedtls with i.MX RT1170. This time, when I sign data with 'security_rsa_pkcs1_sign' and verify the generated signature with 'security_rsa_pkcs1_verify', I get the error MBEDTLS_ERR_RSA_VERIFY_FAILED.

I did the signing and the verification steps in a continuous sequence, so I'm sure to use exactly the same RSA key. An interesting thing is that my signing/verification test works when mbedtls is configured to use PKCS#1 v1.5 but it does not work when mbedtls is configured to use PKCS#1 v2.1. This lets me think the issue related to the use of mbedtls with i.MX RT1170.

 

0 件の賞賛
返信
1,281件の閲覧回数
nxf77486
NXP TechSupport
NXP TechSupport

Hello,

 

Thank you for contacting NXP support.

Regarding your first Q1 you mean you needed to perform changes in order to make work an SDK example?

On question 2 from my point of view I do not think you missed something.

I will only add that we have a latest version of the SDK 2.14.0.

Please let me know if there is anything else where I can help you.

0 件の賞賛
返信