rsa_varification using mbedtls libs

slimSHA · ‎01-04-2022

I was trying to verify a signature of a binary file using mbedtls library (v2.26.0)

I took the reference code from https://github.com/ARMmbed/mbedtls/blob/v2.26.0/programs/pkey/rsa_verify.c

In the reference code, they are using the mbedtls_md_file() function to calculate the hash of the file.
But I'm using the FATFS library to access the files. so I had to modify the reference code as follows.

/**
 * Function to get hash of a file of path.
 * the hash will be stored in output buffer.
 * return 0 on success and error code on failure.
 */
int rsa_get_hash_of_file(const mbedtls_md_info_t *md_info, char *path,unsigned char *output)
{
	int ret = -1;
    FIL f;
    mbedtls_md_context_t ctx;
    FRESULT error;
    int br=0;
    unsigned char buf[1024];
    if( md_info == NULL )
    {
    	PRINTF("bad input data\r\n");
    	blogd("bad input data\r\n");
    	return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
    }
    error=f_open(&f, path, FA_READ);
    if( error != FR_OK )
    {
    	PRINTF("Unable to open update file for security check\r\n");
    	blogd("Unable to open update file for security check\r\n");
    	return( MBEDTLS_ERR_MD_FILE_IO_ERROR );
    }
    mbedtls_md_init( &ctx );

    if( ( ret = mbedtls_md_init_ctx(&ctx, md_info4) ) != 0 )
        goto cleanup;
    if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 )
        goto cleanup;

    while( (f_read(&f, buf, sizeof(buf), &br) == FR_OK ) && br > 0)
        {
   	if( ( ret = mbedtls_md_update( &ctx, buf, br ) ) != 0 )
            goto cleanup;
        }
    if( f_error( &f ) != 0 )
        ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
    else
        ret = mbedtls_md_finish( &ctx, output );
cleanup:
	memset(buf, 0, sizeof(buf));
	f_close( &f );
	mbedtls_md_free( &ctx );
	return( ret );
}

the problem is im getting no values in the output buffer and no error code is returning from mbedtls functions.
is there any macro or to be enabled to get this work ?
any help are appreciated .

thanks

slimSHA · ‎01-06-2022

Thanks for the reply,

the problem was I did not call CRYPTO_InitHardware() initially,

now I'm able to generate sha256 hashes of inputs properly.

BUT

my calles to mbedtls_rsa_pkcs1_verify( &g_rsa,NULL,NULL,MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1,20, hash, buf ) is failed. the error code returned is -0x4290 but i couldn't find this error code from rsa.h file, but the closest one is

#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */

am i missing any other initialization here ?

元の投稿で解決策を見る

FelipeGarcia · ‎01-05-2022

Hi,

As this is a library from ARM I would recommend to open an issue in GitHub directly. If you would like to get more information on how to implement file system, I recommend you to check our FatFS examples in our MCUXpresso SDK.

Have a great day,

Felipe

-------------------------------------------------------------------------------

Note:

- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored. Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

------------------------------------------------------------------------------

slimSHA · ‎01-06-2022

Thanks for the reply,

the problem was I did not call CRYPTO_InitHardware() initially,

now I'm able to generate sha256 hashes of inputs properly.

BUT

my calles to mbedtls_rsa_pkcs1_verify( &g_rsa,NULL,NULL,MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1,20, hash, buf ) is failed. the error code returned is -0x4290 but i couldn't find this error code from rsa.h file, but the closest one is

#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */

am i missing any other initialization here ?

slimSHA · ‎01-08-2022

I increased the heap to 0x8000 and the problem resolved

rsa_varification using mbedtls libs

rsa_varification using mbedtls libs

i.MXRT 105x