ED25519 signing through SSS

bboozzoo · ‎04-14-2023

I'm trying to use SE050C1 to sign data with ED25519 key generated on the chip. I'm using MW 04.03.00. Interstingly, initial attempts to call sss_asymmetric_sign_digest() did not work. Then I noticed that the python code calls sss_se05x_asymmetric_sign() instead of the sss_asymmetric_sign_digest(). The obvious issue is that will try send all of the input data to the chip. This triggers an error inside the sss library:

2023/04/14 12:36:14 sss: 1: Not enough buffer

It would generally be ok if I was able to submit the SHA512 of the input data myself and call sss_asymmetric_sign_digest(), but the implementation which is here https://github.com/NXP/plug-and-trust/blob/cc00ff155507f38b241aa8c8f700b8f2da9682f2/sss/src/se05x/fs... does not have a case for CipherType_EC_TWISTED_ED, so the API is returning an error.

Any advice on how to proceed?

Kan_Li · ‎04-16-2023

Hi @bboozzoo ,

For EdDSASign operation with a Twisted Edwards curve in SE05x, only pure data input is required, and that is why the python code calls sss_se05x_asymmetric_sign() instead of sss_asymmetric_sign_digest(), Please kindly refer the following for more details.

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

Kan_Li · ‎04-16-2023

Hi @bboozzoo ,

For EdDSASign operation with a Twisted Edwards curve in SE05x, only pure data input is required, and that is why the python code calls sss_se05x_asymmetric_sign() instead of sss_asymmetric_sign_digest(), Please kindly refer the following for more details.

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

bboozzoo · ‎05-08-2023

Just a followup question. I have AN12413, Rev. 2.12 — 24 March 2021, and the text in my copy is:

• TBD bytes for use in the default session, an AESKey or an ECKey session.
• TBD bytes for use in a UserID session.

am I using an old version of the document?

Kan_Li · ‎05-08-2023

Hi @bboozzoo ,

Yes, there is already an updated version for this AN, please kindly refer to https://www.nxp.com/webapp/Download?colCode=AN12543 for details.

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------