I am generating a ECP key in following way. And now how do I get the private key?
TEE_Result gen_ec_keys(mbedtls_pk_context* pk, mbedtls_entropy_f_source_ptr f_source, __maybe_unused TEE_Param params[TEE_NUM_PARAMS]) { int ret = 1; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char* pers = "gen_key"; TEE_Result res = TEE_SUCCESS;
unsigned char output_buf[16000]; memset(output_buf, 0, 16000);
mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg);
if ((ret = mbedtls_entropy_add_source(&entropy, f_source, NULL, 48, MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) { params[2].value.a = 1; goto exit; }
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, f_entropy, &entropy, (const unsigned char*)pers, strlen(pers))) != 0) { mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int)-ret); params[2].value.a = 2; goto exit; }
if ((ret = mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))) != 0) { EMSG(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int)-ret); params[2].value.a = 3; goto exit; }
if ((ret = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP384R1, mbedtls_pk_ec(*pk), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { EMSG(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int)-ret); params[2].value.a = 4; goto exit; }
exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); return res; }
Hi Arun,
You can write it into a buffer with the `mbedtls_pk_write_key_der()` function.
Regards, Janos
From: Arun Lal K M via mbed-tls mbed-tls@lists.trustedfirmware.org Date: Friday, 7 June 2024 at 10:04 To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] How to read ecp private key I am generating a ECP key in following way. And now how do I get the private key?
TEE_Result gen_ec_keys(mbedtls_pk_context* pk, mbedtls_entropy_f_source_ptr f_source, __maybe_unused TEE_Param params[TEE_NUM_PARAMS]) { int ret = 1; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char* pers = "gen_key"; TEE_Result res = TEE_SUCCESS;
unsigned char output_buf[16000]; memset(output_buf, 0, 16000);
mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg);
if ((ret = mbedtls_entropy_add_source(&entropy, f_source, NULL, 48, MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) { params[2].value.a = 1; goto exit; }
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, f_entropy, &entropy, (const unsigned char*)pers, strlen(pers))) != 0) { mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int)-ret); params[2].value.a = 2; goto exit; }
if ((ret = mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))) != 0) { EMSG(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int)-ret); params[2].value.a = 3; goto exit; }
if ((ret = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP384R1, mbedtls_pk_ec(*pk), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { EMSG(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int)-ret); params[2].value.a = 4; goto exit; }
exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); return res; } -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org
Hi Janos,
I added the following code.
unsigned char output_buf[16000]; memset(output_buf, 0, 16000); ret = mbedtls_pk_write_key_der(pk, output_buf, 16000); if(ret < 0) { goto exit; } else { ret = 0; }
But it returned failure. Any idea if I am missing something here?
Regards, Arun Lal K M
From: Janos Follath Janos.Follath@arm.com Sent: Friday, June 7, 2024 3:41 PM To: Lal, Arun arun.lal@intel.com; mbed-tls@lists.trustedfirmware.org Subject: Re: [mbed-tls] How to read ecp private key
Hi Arun,
You can write it into a buffer with the `mbedtls_pk_write_key_der()` function.
Regards, Janos
From: Arun Lal K M via mbed-tls <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Date: Friday, 7 June 2024 at 10:04 To: mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: [mbed-tls] How to read ecp private key I am generating a ECP key in following way. And now how do I get the private key?
TEE_Result gen_ec_keys(mbedtls_pk_context* pk, mbedtls_entropy_f_source_ptr f_source, __maybe_unused TEE_Param params[TEE_NUM_PARAMS]) { int ret = 1; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char* pers = "gen_key"; TEE_Result res = TEE_SUCCESS;
unsigned char output_buf[16000]; memset(output_buf, 0, 16000);
mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg);
if ((ret = mbedtls_entropy_add_source(&entropy, f_source, NULL, 48, MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) { params[2].value.a = 1; goto exit; }
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, f_entropy, &entropy, (const unsigned char*)pers, strlen(pers))) != 0) { mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int)-ret); params[2].value.a = 2; goto exit; }
if ((ret = mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))) != 0) { EMSG(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int)-ret); params[2].value.a = 3; goto exit; }
if ((ret = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP384R1, mbedtls_pk_ec(*pk), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { EMSG(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int)-ret); params[2].value.a = 4; goto exit; }
exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); return res; } -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.orgmailto:mbed-tls-leave@lists.trustedfirmware.org
What error code are you getting?
Note that you need to capture the returned value (not just set it to 0), as the output is written to the end of the buffer, and the return value gives the number of bytes of data written.
________________________________ From: Lal, Arun via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: 07 June 2024 12:49 To: Janos Follath Janos.Follath@arm.com; mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] Re: How to read ecp private key
Hi Janos,
I added the following code.
unsigned char output_buf[16000];
memset(output_buf, 0, 16000);
ret = mbedtls_pk_write_key_der(pk, output_buf, 16000);
if(ret < 0)
{
goto exit;
}
else
{
ret = 0;
}
But it returned failure.
Any idea if I am missing something here?
Regards,
Arun Lal K M
From: Janos Follath Janos.Follath@arm.com Sent: Friday, June 7, 2024 3:41 PM To: Lal, Arun arun.lal@intel.com; mbed-tls@lists.trustedfirmware.org Subject: Re: [mbed-tls] How to read ecp private key
Hi Arun,
You can write it into a buffer with the `mbedtls_pk_write_key_der()` function.
Regards,
Janos
From: Arun Lal K M via mbed-tls <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Date: Friday, 7 June 2024 at 10:04 To: mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: [mbed-tls] How to read ecp private key
I am generating a ECP key in following way. And now how do I get the private key?
TEE_Result gen_ec_keys(mbedtls_pk_context* pk, mbedtls_entropy_f_source_ptr f_source, __maybe_unused TEE_Param params[TEE_NUM_PARAMS]) { int ret = 1; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char* pers = "gen_key"; TEE_Result res = TEE_SUCCESS;
unsigned char output_buf[16000]; memset(output_buf, 0, 16000);
mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg);
if ((ret = mbedtls_entropy_add_source(&entropy, f_source, NULL, 48, MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) { params[2].value.a = 1; goto exit; }
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, f_entropy, &entropy, (const unsigned char*)pers, strlen(pers))) != 0) { mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int)-ret); params[2].value.a = 2; goto exit; }
if ((ret = mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))) != 0) { EMSG(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int)-ret); params[2].value.a = 3; goto exit; }
if ((ret = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP384R1, mbedtls_pk_ec(*pk), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { EMSG(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int)-ret); params[2].value.a = 4; goto exit; }
exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); return res; } -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.orgmailto:mbed-tls-leave@lists.trustedfirmware.org
Hi Janos,
ret = -53212 is what I am getting. When ret is treated as integer.
Regards, Arun Lal K M
From: Tom Cosgrove Tom.Cosgrove@arm.com Sent: Friday, June 7, 2024 5:30 PM To: Janos Follath Janos.Follath@arm.com; mbed-tls@lists.trustedfirmware.org; Lal, Arun arun.lal@intel.com Subject: Re: [mbed-tls] Re: How to read ecp private key
What error code are you getting?
Note that you need to capture the returned value (not just set it to 0), as the output is written to the end of the buffer, and the return value gives the number of bytes of data written.
________________________________ From: Lal, Arun via mbed-tls <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Sent: 07 June 2024 12:49 To: Janos Follath <Janos.Follath@arm.commailto:Janos.Follath@arm.com>; mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: [mbed-tls] Re: How to read ecp private key
Hi Janos,
I added the following code.
unsigned char output_buf[16000];
memset(output_buf, 0, 16000);
ret = mbedtls_pk_write_key_der(pk, output_buf, 16000);
if(ret < 0)
{
goto exit;
}
else
{
ret = 0;
}
But it returned failure.
Any idea if I am missing something here?
Regards,
Arun Lal K M
From: Janos Follath <Janos.Follath@arm.commailto:Janos.Follath@arm.com> Sent: Friday, June 7, 2024 3:41 PM To: Lal, Arun <arun.lal@intel.commailto:arun.lal@intel.com>; mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org Subject: Re: [mbed-tls] How to read ecp private key
Hi Arun,
You can write it into a buffer with the `mbedtls_pk_write_key_der()` function.
Regards,
Janos
From: Arun Lal K M via mbed-tls <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Date: Friday, 7 June 2024 at 10:04 To: mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: [mbed-tls] How to read ecp private key
I am generating a ECP key in following way. And now how do I get the private key?
TEE_Result gen_ec_keys(mbedtls_pk_context* pk, mbedtls_entropy_f_source_ptr f_source, __maybe_unused TEE_Param params[TEE_NUM_PARAMS]) { int ret = 1; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char* pers = "gen_key"; TEE_Result res = TEE_SUCCESS;
unsigned char output_buf[16000]; memset(output_buf, 0, 16000);
mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg);
if ((ret = mbedtls_entropy_add_source(&entropy, f_source, NULL, 48, MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) { params[2].value.a = 1; goto exit; }
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, f_entropy, &entropy, (const unsigned char*)pers, strlen(pers))) != 0) { mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int)-ret); params[2].value.a = 2; goto exit; }
if ((ret = mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))) != 0) { EMSG(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int)-ret); params[2].value.a = 3; goto exit; }
if ((ret = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP384R1, mbedtls_pk_ec(*pk), mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { EMSG(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int)-ret); params[2].value.a = 4; goto exit; }
exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); return res; } -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.orgmailto:mbed-tls-leave@lists.trustedfirmware.org
mbed-tls@lists.trustedfirmware.org