questions about optiga_crypt_ecdsa_sign()

JBP · ‎Apr 27, 2022

Hello,

I have some questions on Infineon OPTIGA™ Trust M SLS 32AIA010MH and especially optiga_crypt_ecdsa_sign().

Question 1

Are there some limitations on the length of the provided digest in the optiga_crypt_ecdsa_sign() API-call? I have an application where I want to sign a digest of ~300 bytes (i.e. I do not want to apply the signature on a hash of the data), but providing such digest to the optiga_crypt_ecdsa_sign() method gives me an error code of 0x8005. Why is that? This error code does not seem to be defined anywhere either, so I am not able to figure out what it means.

By inspecting the source code, it looks like it should give me an OPTIGA_CMD_ERROR_INVALID_INPUT (0x0203) error instead if any.

Question 2
Are there some timing constraints in the https://infineon.github.io/optiga-trust-m/ library we need to be aware of?

I have used the procedure outlined in this example: https://github.com/Infineon/optiga-trust-m/blob/develop/examples/optiga/example_optiga_crypt_ecdsa_s..., but if I remove the log statements and the performance measurement, it looks like it causes some issues.

Ressources: https://infineon.github.io/optiga-trust-m/

Best regards

Sharath_V · ‎Apr 27, 2022

Hi @JBP ,

Question 1:

Signature algorithms work on max size of input to be signed. E.g. ECDSA-256 expects an input of 256 bits of data. For this reason we hash the message (of arbitrary length) to compress it into fixed size length (in this case SHA-256 hash can be used). Trust M expects hash of 256 bits (or 32 bytes) as input and signs this input. Please try hashing the message you'd like to sign and pass the hash as input to sign function. If your message also happens to be 256 bits (32 byte), then sign generate will still work.

0x80xx error code indicates an error returned by Trust M (as opposed to error returned by Host library). For the list of xx values, please refer Solutions Reference Manual Table 42 Error Codes. In your case the error is "Invalid parameter in data field , xx = 0x05".

Question 2:

Please provide more info on what specific issues you get while testing.

View solution in original post

Sharath_V · ‎Apr 27, 2022

Hi @JBP ,

Question 1:

Signature algorithms work on max size of input to be signed. E.g. ECDSA-256 expects an input of 256 bits of data. For this reason we hash the message (of arbitrary length) to compress it into fixed size length (in this case SHA-256 hash can be used). Trust M expects hash of 256 bits (or 32 bytes) as input and signs this input. Please try hashing the message you'd like to sign and pass the hash as input to sign function. If your message also happens to be 256 bits (32 byte), then sign generate will still work.

0x80xx error code indicates an error returned by Trust M (as opposed to error returned by Host library). For the list of xx values, please refer Solutions Reference Manual Table 42 Error Codes. In your case the error is "Invalid parameter in data field , xx = 0x05".

Question 2:

Please provide more info on what specific issues you get while testing.

questions about optiga_crypt_ecdsa_sign()

Re: questions about optiga_crypt_ecdsa_sign()

Re: questions about optiga_crypt_ecdsa_sign()