rsa_varification using mbedtls libs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

rsa_varification using mbedtls libs

Jump to solution
3,237 Views
slimSHA
Contributor III

I was trying to verify a signature of a binary file using mbedtls library (v2.26.0)

I took the reference code from https://github.com/ARMmbed/mbedtls/blob/v2.26.0/programs/pkey/rsa_verify.c 

In the reference code, they are using the mbedtls_md_file() function to calculate the hash of the file.
But I'm using the FATFS library to access the files. so I had to modify the reference code as follows.

 

/**
 * Function to get hash of a file of path.
 * the hash will be stored in output buffer.
 * return 0 on success and error code on failure.
 */
int rsa_get_hash_of_file(const mbedtls_md_info_t *md_info, char *path,unsigned char *output)
{
	int ret = -1;
    FIL f;
    mbedtls_md_context_t ctx;
    FRESULT error;
    int br=0;
    unsigned char buf[1024];
    if( md_info == NULL )
    {
    	PRINTF("bad input data\r\n");
    	blogd("bad input data\r\n");
    	return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
    }
    error=f_open(&f, path, FA_READ);
    if( error != FR_OK )
    {
    	PRINTF("Unable to open update file for security check\r\n");
    	blogd("Unable to open update file for security check\r\n");
    	return( MBEDTLS_ERR_MD_FILE_IO_ERROR );
    }
    mbedtls_md_init( &ctx );

    if( ( ret = mbedtls_md_init_ctx(&ctx, md_info4) ) != 0 )
        goto cleanup;
    if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 )
        goto cleanup;

    while( (f_read(&f, buf, sizeof(buf), &br) == FR_OK ) && br > 0)
        {
   	if( ( ret = mbedtls_md_update( &ctx, buf, br ) ) != 0 )
            goto cleanup;
        }
    if( f_error( &f ) != 0 )
        ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
    else
        ret = mbedtls_md_finish( &ctx, output );
cleanup:
	memset(buf, 0, sizeof(buf));
	f_close( &f );
	mbedtls_md_free( &ctx );
	return( ret );
}

 

the problem is im getting no values in the output buffer and no error code is returning from mbedtls functions.
is there any macro or to be enabled to get this work ? 
any help are appreciated .

thanks

Labels (1)
0 Kudos
Reply
1 Solution
3,213 Views
slimSHA
Contributor III

Thanks for the reply,

the problem was I did not call CRYPTO_InitHardware()  initially, 

now I'm able to generate sha256 hashes of inputs properly.

BUT 

my calles to mbedtls_rsa_pkcs1_verify( &g_rsa,NULL,NULL,MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1,20, hash, buf ) is failed. the error code returned is -0x4290 but i couldn't find this error code from rsa.h file, but the closest one is 

#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */

am i missing any other initialization here ?

 

 

View solution in original post

0 Kudos
Reply
3 Replies
3,219 Views
FelipeGarcia
NXP Employee
NXP Employee

Hi,

As this is a library from ARM I would recommend to open an issue in GitHub directly. If you would like to get more information on how to implement file system, I recommend you to check our FatFS examples in our MCUXpresso SDK.

Have a great day,

Felipe

-------------------------------------------------------------------------------

Note:

- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored. Please open a new thread and refer to the closed one, if you have a related question at a later point in time. 

------------------------------------------------------------------------------ 

0 Kudos
Reply
3,214 Views
slimSHA
Contributor III

Thanks for the reply,

the problem was I did not call CRYPTO_InitHardware()  initially, 

now I'm able to generate sha256 hashes of inputs properly.

BUT 

my calles to mbedtls_rsa_pkcs1_verify( &g_rsa,NULL,NULL,MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1,20, hash, buf ) is failed. the error code returned is -0x4290 but i couldn't find this error code from rsa.h file, but the closest one is 

#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */

am i missing any other initialization here ?

 

 

0 Kudos
Reply
3,198 Views
slimSHA
Contributor III

I increased the heap to 0x8000  and the problem resolved

0 Kudos
Reply