OPTIGA™ Trust Forum Discussions
There is a "fatal error: DAVE.h: No such file or directory" at the time of compilation when adding optiga-trust-m library to empty-app example.
Steps followed:
1. Choose Board Support Package: CYSBSYSKIT-DEV-01
2. Select Application Template: Empty App
3. Selected optiga-trust-m = 3.1.4 release from library manager
4. Compilation error: mtb_shared/optiga-trust-m/release-v3.1.4/examples/optiga_shell.c:38:10: fatal error: DAVE.h: No such file or directory
Show Less
Summary
On average 1 in every 256 ECDSA signatures on the NIST P256 curve produced by the CalcSign command in OPTIGA Trust M V3 has an invalid DER encoding. The invalid signatures violate the encoding rules for integers specified in Rec. ITU-T X.690, section 8.3.2, which state that the bits of the first octet and bit 8 of the second octet shall not all be zero.
Clients have to reencode the invalid signatures, otherwise the signatures will be rejected by applications. However, this bug is not documented in the OPTIGA Trust M Solution reference manual. It came as a very unpleasant surprise for us, discovered in production.
Details
It appears that in case of ECDSA signatures on the NIST P256 curve OPTIGA Trust M always makes the contents octets of the integers at least 32 octets long. So, for example, it will produce this invalid DER encoding of an integer:
02 20 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
which should be correctly encoded as
02 1f 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
The likelihood of the bits of the 32nd least significant octet and bit 8 of the 31st least significant octet being zero by chance is approximately 1 in 512. The probability of this happening in at least one of the two integers that make up a signature is approximately 1 in 256.
I have not tested other curves, but there is no reason not to assume that the bug is present for other curves as well, although the probability of occurring may differ for some of them.
Show LessHi,
I am trying to port optiga-trust-m library for STM32 (freeRTOS). Are there any ready samples available within the community or by infineon.
Show LessHi,
I am trying to communicate with the Optiga Trust X over i2c. I read the documentation and the power up cycle, however I get NACKs from the device. I have the ability to toggle the reset signal.
I have done repeated reads from the device because it goes in lower power mode but no luck with getting an acknowledgment.
Here is the waveform:
More information can be provided.
Thanks for your help.
Show Less
Hello, I want to use an OPTIGA Trust M (SLS 32AIA010ML) for CBC encryption, following the example provided by Infineon, I found that the process is divided into three phases (basic chaining) and surprisingly, each block is encrypted/decrypted on its own, also, no XOR of previous cipher text to the next plain text, which, from what I know, contradicts with the logic of CBC encryption. Does anyone have an idea why the provided example is like that, or if possible share a more "correct" CBC example? Thanks,
PS: this is the example from Infineon:
/**
* The below example demonstrates the symmetric encryption and decryption for CBC mode using OPTIGA.
*
* Example for
* #optiga_crypt_symmetric_encrypt_start,
* #optiga_crypt_symmetric_encrypt_continue and
* #optiga_crypt_symmetric_encrypt_final for symmetric encryption.
* #optiga_crypt_symmetric_decrypt_start,
* #optiga_crypt_symmetric_decrypt_continue and
* #optiga_crypt_symmetric_decrypt_final for symmetric decryption.
*/
void example_optiga_crypt_symmetric_encrypt_decrypt_cbc(void)
{
const uint8_t plain_data_buffer_start[] = {0x6b, 0xc1, 0xbe, 0xe2,
0x2e, 0x40, 0x9f, 0x96,
0xe9, 0x3d, 0x7e, 0x11,
0x73, 0x93, 0x17, 0x2a};
const uint8_t plain_data_buffer_continue[] = {0x7c,0xd2,0xcf,0xf3,
0x3f,0x51,0xa0,0xa7,
0xf0,0x4e,0x8f,0x22,
0x84,0xa4,0x28,0x3b};
const uint8_t plain_data_buffer_final[] = {0x5a,0xb0,0xad,0xd1,
0x1d,0x3f,0x8e,0x85,
0xd8,0x2c,0x6d,0xf1,
0x62,0x82,0x06,0x19};
uint8_t encrypted_data_buffer_start[32] = {0};
uint32_t encrypted_data_length_start = sizeof(encrypted_data_buffer_start);
uint8_t encrypted_data_buffer_continue[32] = {0};
uint32_t encrypted_data_length_continue = sizeof(encrypted_data_buffer_continue);
uint8_t encrypted_data_buffer_final[32] = {0};
uint32_t encrypted_data_length_final = sizeof(encrypted_data_buffer_final);
uint8_t decrypted_data_buffer_start[32] = {0};
uint32_t decrypted_data_length_start = sizeof(decrypted_data_buffer_start);
uint8_t decrypted_data_buffer_continue[32] = {0};
uint32_t decrypted_data_length_continue = sizeof(decrypted_data_buffer_continue);
uint8_t decrypted_data_buffer_final[32] = {0};
uint32_t decrypted_data_length_final = sizeof(decrypted_data_buffer_final);
optiga_crypt_t * me = NULL;
uint32_t time_taken = 0;
optiga_lib_status_t return_status = !OPTIGA_LIB_SUCCESS;
do
{
#ifndef OPTIGA_INIT_DEINIT_DONE_EXCLUSIVELY
/**
* Open the application on OPTIGA which is a precondition to perform any other operations
* using optiga_util_open_application
*/
example_optiga_init();
#endif //OPTIGA_INIT_DEINIT_DONE_EXCLUSIVELY
OPTIGA_EXAMPLE_LOG_MESSAGE(__FUNCTION__);
/**
* 1. Create OPTIGA Crypt Instance
*
*/
me = optiga_crypt_create(0, optiga_util_crypt_callback, NULL);
if (NULL == me)
{
break;
}
/**
* 2. Update AES 128 symmetric key using secure key update
*
*/
OPTIGA_EXAMPLE_LOG_MESSAGE("Symmetric key generation");
return_status = generate_symmetric_key();
if(OPTIGA_LIB_SUCCESS != return_status)
{
break;
}
/**
* 3. Start encryption sequence and encrypt the plain data
*/
optiga_lib_status = OPTIGA_LIB_BUSY;
START_PERFORMANCE_MEASUREMENT(time_taken);
return_status = optiga_crypt_symmetric_encrypt_start(me,
OPTIGA_SYMMETRIC_CBC,
OPTIGA_KEY_ID_SECRET_BASED,
plain_data_buffer_start,
sizeof(plain_data_buffer_start),
NULL,
0,
NULL,
0,
0,
encrypted_data_buffer_start,
&encrypted_data_length_start);
WAIT_AND_CHECK_STATUS(return_status, optiga_lib_status);
if (encrypted_data_length_start != sizeof(plain_data_buffer_start))
{
//Encrypted data length is incorrect
return_status = !OPTIGA_LIB_SUCCESS;
break;
}
/**
* 4. Continue encrypting the plain data
*/
optiga_lib_status = OPTIGA_LIB_BUSY;
return_status = optiga_crypt_symmetric_encrypt_continue(me,
plain_data_buffer_continue,
sizeof(plain_data_buffer_continue),
encrypted_data_buffer_continue,
&encrypted_data_length_continue);
WAIT_AND_CHECK_STATUS(return_status, optiga_lib_status);
if (encrypted_data_length_continue != sizeof(plain_data_buffer_continue))
{
//Encrypted data length is incorrect
return_status = !OPTIGA_LIB_SUCCESS;
break;
}
/**
* 5. End encryption sequence and encrypt plain data
*/
optiga_lib_status = OPTIGA_LIB_BUSY;
return_status = optiga_crypt_symmetric_encrypt_final(me,
plain_data_buffer_final,
sizeof(plain_data_buffer_final),
encrypted_data_buffer_final,
&encrypted_data_length_final);
WAIT_AND_CHECK_STATUS(return_status, optiga_lib_status);
if (encrypted_data_length_final != sizeof(plain_data_buffer_final))
{
//Encrypted data length is incorrect
return_status = !OPTIGA_LIB_SUCCESS;
break;
}
/**
* 6. Start decryption sequence and decrypt the encrypted data from step 3
*/
optiga_lib_status = OPTIGA_LIB_BUSY;
return_status = optiga_crypt_symmetric_decrypt_start(me,
OPTIGA_SYMMETRIC_CBC,
OPTIGA_KEY_ID_SECRET_BASED,
encrypted_data_buffer_start,
encrypted_data_length_start,
NULL,
0,
NULL,
0,
0,
decrypted_data_buffer_start,
&decrypted_data_length_start);
WAIT_AND_CHECK_STATUS(return_status, optiga_lib_status);
// Compare the decrypted data with plain data
if( OPTIGA_LIB_SUCCESS != memcmp(plain_data_buffer_start, decrypted_data_buffer_start, decrypted_data_length_start))
{
return_status = !OPTIGA_LIB_SUCCESS;
break;
}
if (decrypted_data_length_start != sizeof(plain_data_buffer_start))
{
//Decrypted data length is incorrect
return_status = !OPTIGA_LIB_SUCCESS;
break;
}
/**
* 7. Continue to decrypt the encrypted data from step 4
*/
optiga_lib_status = OPTIGA_LIB_BUSY;
return_status = optiga_crypt_symmetric_decrypt_continue(me,
encrypted_data_buffer_continue,
encrypted_data_length_continue,
decrypted_data_buffer_continue,
&decrypted_data_length_continue);
WAIT_AND_CHECK_STATUS(return_status, optiga_lib_status);
// Compare the decrypted data with plain data
if( OPTIGA_LIB_SUCCESS != memcmp(plain_data_buffer_continue, decrypted_data_buffer_continue, decrypted_data_length_continue))
{
return_status = !OPTIGA_LIB_SUCCESS;
break;
}
if (sizeof(plain_data_buffer_continue) != decrypted_data_length_continue)
{
//Decrypted data length is incorrect
return_status = !OPTIGA_LIB_SUCCESS;
break;
}
/**
* 8. End decryption sequence and decrypt encrypted data from step 5
*/
optiga_lib_status = OPTIGA_LIB_BUSY;
return_status = optiga_crypt_symmetric_decrypt_final(me,
encrypted_data_buffer_final,
encrypted_data_length_final,
decrypted_data_buffer_final,
&decrypted_data_length_final);
WAIT_AND_CHECK_STATUS(return_status, optiga_lib_status);
READ_PERFORMANCE_MEASUREMENT(time_taken);
// Compare the decrypted data with plain data
if( OPTIGA_LIB_SUCCESS != memcmp(plain_data_buffer_final, decrypted_data_buffer_final, decrypted_data_length_final))
{
return_status = !OPTIGA_LIB_SUCCESS;
break;
}
if (sizeof(plain_data_buffer_final) != decrypted_data_length_final)
{
//Decrypted data length is incorrect
return_status = !OPTIGA_LIB_SUCCESS;
break;
}
return_status = OPTIGA_LIB_SUCCESS;
} while (FALSE);
OPTIGA_EXAMPLE_LOG_STATUS(return_status);
#ifndef OPTIGA_INIT_DEINIT_DONE_EXCLUSIVELY
/**
* Close the application on OPTIGA after all the operations are executed
* using optiga_util_close_application
*/
example_optiga_deinit();
#endif //OPTIGA_INIT_DEINIT_DONE_EXCLUSIVELY
OPTIGA_EXAMPLE_LOG_PERFORMANCE_VALUE(time_taken, return_status);
if (me)
{
//Destroy the instance after the completion of usecase if not required.
return_status = optiga_crypt_destroy(me);
if(OPTIGA_LIB_SUCCESS != return_status)
{
//lint --e{774} suppress This is a generic macro
OPTIGA_EXAMPLE_LOG_STATUS(return_status);
}
}
}
Show Less
We received a batch of chips, the part number is SLE95250-0025, its label has the Infineon logo, but the marking is ST logo. Is it normal?
Where can I buy "Shield2Go Adapter for Raspberry Pi". I want to prototype and test TRUST M and trust X with Raspberry PI. Although I see a link to the page, there isnt a link to purchase the product.
Dear Teams,
Do you have ESD data for SLS32AIA010MK?
Our customer need ESD HBM, ESD CDM and HF information.
Please help us to get these data.
Thank you.
Boris Su
Show LessHello, when I was reading the public key certificate of 0XE0E0, I found that the reading result had an extra header start with 0xc0. In the ref manual, it can be seen that the header is "TLS identity", but the specific length is not cleared. From the Linux example code, it can be seen that the length is fixed at 9 bytes. My question is as follows:
1. In what scenario is this information typically used
2. Is its length fixed at 9 bytes?