-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kernel Panic with ECDSA P256: Signing Works, Not Verification #1378
Comments
Hi Carlton, The message "Panic 0xffff0006" indicates that the Trusted Application was killed by the TEE, due to bad parameters (somewhere). So I see two possibilities:
|
We are closing this issue/question, why?
If you however feel that you have additional questions or still thinks this is an issue, then please feel free to re-open the issue again. When closing issues we will only show this entire message once. // OP-TEE admins |
can we write code in C++ for application for compile which toolchain we need |
@akbarsaleemt , please see #1708 and https://github.com/OP-TEE/optee_website/tree/master/faq#can-i-use-c-libraries-in-op-tee regarding C++ support in OP-TEE (which is the source for the official optee.org page. |
Hello, I created a simple function that generates a new key pair, signs a fixed message and attempts to verify it, whereas the kernel keeps panicking. Here's the code snippet: static TEE_Result gen_key(uint32_t param_types, TEE_Param params[4])
{
(void)¶ms;
const uint32_t exp_param_types =
TEE_PARAM_TYPES(TEE_PARAM_TYPE_NONE,
TEE_PARAM_TYPE_NONE,
TEE_PARAM_TYPE_NONE,
TEE_PARAM_TYPE_NONE);
TEE_ObjectHandle object;
TEE_Result res;
if (param_types != exp_param_types)
return TEE_ERROR_BAD_PARAMETERS;
printf("Checking if private key exists\n");
res = TEE_OpenPersistentObject(TEE_STORAGE_PRIVATE,
"privkey", 7,
TEE_DATA_FLAG_ACCESS_READ |
TEE_DATA_FLAG_SHARE_READ,
&object);
if (res != TEE_SUCCESS)
{
printf("Creating key\n");
TEE_ObjectHandle ecdsa_keypair = (TEE_ObjectHandle)NULL;
TEE_Attribute ecdsa_attrs[1];
uint32_t curve = TEE_ECC_CURVE_NIST_P256;
uint32_t keysize = 256;
printf("Setting parameters\n");
ecdsa_attrs[0].attributeID = TEE_ATTR_ECC_CURVE;
ecdsa_attrs[0].content.value.a = curve;
ecdsa_attrs[0].content.value.b = 0;
printf("Allocating object memory\n");
res = TEE_AllocateTransientObject(TEE_TYPE_ECDSA_KEYPAIR, keysize, &ecdsa_keypair);
if (res != TEE_SUCCESS)
{
EMSG("Failed to alloc transient object handle : 0x%x", res);
TEE_FreeTransientObject(ecdsa_keypair);
return res;
}
printf("Generating keys\n");
res = TEE_GenerateKey(ecdsa_keypair, keysize, ecdsa_attrs, 1);
if (res != TEE_SUCCESS)
{
EMSG("Generate key failure : 0x%x", res);
TEE_FreeTransientObject(ecdsa_keypair);
return res;
}
printf("Keys generated, attempting to create a signature\n");
TEE_OperationHandle operation = NULL;
const char *msg = "2CF24DBA5FB0A30E26E83B2AC5B9E29E1B161E5C1FA7425E73043362938B9824";
uint32_t msg_len = 32;
char result[64] = {0};
uint32_t result_len = 64;
printf("Allocating signing operation\n");
res = TEE_AllocateOperation(&operation, TEE_ALG_ECDSA_P256,
TEE_MODE_SIGN, keysize);
if (res != TEE_SUCCESS)
{
EMSG("TEE_AllocateOperation failed! res: 0x%x", res);
return res;
}
printf("Setting key for signing\n");
res = TEE_SetOperationKey(operation, ecdsa_keypair);
if (res != TEE_SUCCESS)
{
EMSG("Failed setting operation key");
return res;
}
printf("Signing..\n");
res = TEE_AsymmetricSignDigest(operation, NULL, 0,
msg, msg_len,
result, &result_len);
if (res != TEE_SUCCESS)
{
EMSG("Failed signing operation");
return res;
}
TEE_FreeOperation(operation);
printf("Allocating verification operation\n");
res = TEE_AllocateOperation(&operation, TEE_ALG_ECDSA_P256,
TEE_MODE_VERIFY, keysize);
if (res != TEE_SUCCESS)
{
EMSG("TEE_AllocateOperation failed! res: 0x%x", res);
return res;
}
printf("Setting key for verification\n");
res = TEE_SetOperationKey(operation, ecdsa_keypair);
if (res != TEE_SUCCESS)
{
EMSG("Failed setting operation key");
return res;
}
printf("Verifying..\n");
res = TEE_AsymmetricVerifyDigest(operation, NULL, 0,
msg, msg_len,
result, result_len);
if (res != TEE_SUCCESS)
{
EMSG("Failed verification operation");
return res;
}
TEE_FreeTransientObject(ecdsa_keypair);
TEE_FreeOperation(operation);
}
return TEE_SUCCESS;
} I am not sure what I might be missing, any help would be greatly appreciated. |
@Parradox27 please post the panic message. Use |
@jforissier The panic message is: E/TC:? 0 |
No call stack? |
Except for my printf messages, this is everything I get. EDIT: Maybe it is good to mention that I am using an STM32MP1 that has op-tee in its distribution package, if it makes any difference. |
OK, what is the OP-TEE version? |
The distribution package recipe for optee states version 3.9.0.r1. |
@jforissier If the API does not work, is it possible to use a 3rd party library as an alternative? I would like to use OpenSSL within the TA, but I am unsure how to build the library and link it during compilation. I already have some code ready and working on the Linux side, but I would like to transfer it to the secure environment and do the signing there, if that is possible. EDIT: I extracted the X and Y coordinates from the key using function |
I tried you code with QEMU (pasted in
OP-TEE master branch (at commit 1d205e2). Same thing with QEMUv8 (64 bits). |
Seems like there was some error on my side, now it finally works, thanks for your help. Regarding my last question though, is it possible to use OpenSSL standard C library in the OP-TEE? |
OK. |
One more thing: TA can use MBedTLS too, it is contained in the SDK. |
Thanks for your help, the procedure is now implemented via API. However, it is a shame that OP-TEE is capable of generating only a single signature per second, whereas on Linux side with OpenSSL I am getting around 500 per second depending on data size, and OP-TEE does not even need to hash. Is this performance expected or is there something wrong? |
With OP-TEE there is some overhead as Normal World invokes Secure World (EL0 - EL1 - (EL3) - SEL1 - SEL0 and back), but a 500x performance hit doesn't seem right at all. |
Is there anything to do about it, to check whether it could be improved, if there is a problem that slows it down? |
Does OpenSSL benefit from hardware acceleration on your platform perhaps? |
Yes, OpenSSL does benefit from hardware acceleration of hashing starting from a certain size of message size, but hashing is done on the client side of the application anyway. Signing itself is on Linux side done in software and the performance depends purely on the hashing speed, whereas hashing does not affect OP-TEE as it signs a hash that is already created, yet it manages only a single signature per second. Thank you for your help anyway @jforissier, it is hugely appreciated. |
I'm having issues with verifying signatures using ECDSA and the P256 algorithm. Signing works fine, yielding a digest/message of length 32 bytes (signature of length 64), but verifying the same digest and signature throws this kernel panic:
The offending function can be found below. Is this an OP-TEE issue or one of mine?
Thanks,
Carlton
EDIT: I'm using the Hikey downstream.
The text was updated successfully, but these errors were encountered: