Hi Janos,

I added the following code.

unsigned char output_buf[16000]; memset(output_buf, 0, 16000); ret = mbedtls_pk_write_key_der(pk, output_buf, 16000); if(ret < 0) { goto exit; } else { ret = 0; }

But it returned failure. Any idea if I am missing something here?

Regards, Arun Lal K M

From: Janos Follath Janos.Follath@arm.com Sent: Friday, June 7, 2024 3:41 PM To: Lal, Arun arun.lal@intel.com; mbed-tls@lists.trustedfirmware.org Subject: Re: [mbed-tls] How to read ecp private key

Hi Arun,

You can write it into a buffer with the `mbedtls_pk_write_key_der()` function.

Regards, Janos

From: Arun Lal K M via mbed-tls <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Date: Friday, 7 June 2024 at 10:04 To: mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: [mbed-tls] How to read ecp private key I am generating a ECP key in following way. And now how do I get the private key?

TEE_Result gen_ec_keys(mbedtls_pk_context* pk, mbedtls_entropy_f_source_ptr f_source, __maybe_unused TEE_Param params[TEE_NUM_PARAMS]) { int ret = 1; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char* pers = "gen_key"; TEE_Result res = TEE_SUCCESS;

unsigned char output_buf[16000]; memset(output_buf, 0, 16000);

mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg);

if ((ret = mbedtls_entropy_add_source(&entropy, f_source, NULL, 48, MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) { params[2].value.a = 1; goto exit; }

if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, f_entropy, &entropy, (const unsigned char*)pers, strlen(pers))) != 0) { mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int)-ret); params[2].value.a = 2; goto exit; }

if ((ret = mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))) != 0) { EMSG(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int)-ret); params[2].value.a = 3; goto exit; }

if ((ret = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP384R1, mbedtls_pk_ec(*pk), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { EMSG(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int)-ret); params[2].value.a = 4; goto exit; }

exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); return res; } -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.orgmailto:mbed-tls-leave@lists.trustedfirmware.org

Hi Janos,

ret = -53212 is what I am getting. When ret is treated as integer.

Regards, Arun Lal K M

From: Tom Cosgrove Tom.Cosgrove@arm.com Sent: Friday, June 7, 2024 5:30 PM To: Janos Follath Janos.Follath@arm.com; mbed-tls@lists.trustedfirmware.org; Lal, Arun arun.lal@intel.com Subject: Re: [mbed-tls] Re: How to read ecp private key

What error code are you getting?

Note that you need to capture the returned value (not just set it to 0), as the output is written to the end of the buffer, and the return value gives the number of bytes of data written.

________________________________ From: Lal, Arun via mbed-tls <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Sent: 07 June 2024 12:49 To: Janos Follath <Janos.Follath@arm.commailto:Janos.Follath@arm.com>; mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: [mbed-tls] Re: How to read ecp private key

Hi Janos,

I added the following code.

unsigned char output_buf[16000];

memset(output_buf, 0, 16000);

ret = mbedtls_pk_write_key_der(pk, output_buf, 16000);

if(ret < 0)

{

goto exit;

}

else

{

ret = 0;

}

But it returned failure.

Any idea if I am missing something here?

Regards,

Arun Lal K M

From: Janos Follath <Janos.Follath@arm.commailto:Janos.Follath@arm.com> Sent: Friday, June 7, 2024 3:41 PM To: Lal, Arun <arun.lal@intel.commailto:arun.lal@intel.com>; mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org Subject: Re: [mbed-tls] How to read ecp private key

Hi Arun,

You can write it into a buffer with the `mbedtls_pk_write_key_der()` function.

Regards,

Janos

From: Arun Lal K M via mbed-tls <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Date: Friday, 7 June 2024 at 10:04 To: mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: [mbed-tls] How to read ecp private key

I am generating a ECP key in following way. And now how do I get the private key?

TEE_Result gen_ec_keys(mbedtls_pk_context* pk, mbedtls_entropy_f_source_ptr f_source, __maybe_unused TEE_Param params[TEE_NUM_PARAMS]) { int ret = 1; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char* pers = "gen_key"; TEE_Result res = TEE_SUCCESS;

unsigned char output_buf[16000]; memset(output_buf, 0, 16000);

mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg);

if ((ret = mbedtls_entropy_add_source(&entropy, f_source, NULL, 48, MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) { params[2].value.a = 1; goto exit; }

if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, f_entropy, &entropy, (const unsigned char*)pers, strlen(pers))) != 0) { mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int)-ret); params[2].value.a = 2; goto exit; }

if ((ret = mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))) != 0) { EMSG(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int)-ret); params[2].value.a = 3; goto exit; }

if ((ret = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP384R1, mbedtls_pk_ec(*pk), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { EMSG(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int)-ret); params[2].value.a = 4; goto exit; }

exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); return res; } -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.orgmailto:mbed-tls-leave@lists.trustedfirmware.org