Hi Janos,

ret = -53212 is what I am getting. When ret is treated as integer.

Regards,

Arun Lal K M

From: Tom Cosgrove <Tom.Cosgrove@arm.com>
Sent: Friday, June 7, 2024 5:30 PM
To: Janos Follath <Janos.Follath@arm.com>; mbed-tls@lists.trustedfirmware.org; Lal, Arun <arun.lal@intel.com>
Subject: Re: [mbed-tls] Re: How to read ecp private key

What error code are you getting?

Note that you need to capture the returned value (not just set it to 0), as the output is written to the end of the buffer, and the
return value gives the number of bytes of data written.

From: Lal, Arun via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Sent: 07 June 2024 12:49
To: Janos Follath <Janos.Follath@arm.com>; mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] Re: How to read ecp private key

Hi Janos,

I added the following code.

unsigned char output_buf[16000];

memset(output_buf, 0, 16000);

ret = mbedtls_pk_write_key_der(pk, output_buf, 16000);

if(ret < 0)

{

goto exit;

}

else

{

ret = 0;

}

But it returned failure.

Any idea if I am missing something here?

Regards,

Arun Lal K M

From: Janos Follath <Janos.Follath@arm.com>
Sent: Friday, June 7, 2024 3:41 PM
To: Lal, Arun <arun.lal@intel.com>; mbed-tls@lists.trustedfirmware.org
Subject: Re: [mbed-tls] How to read ecp private key

Hi Arun,

You can write it into a buffer with the `mbedtls_pk_write_key_der()` function.

Regards,

Janos

From: Arun Lal K M via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Date: Friday, 7 June 2024 at 10:04
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] How to read ecp private key

I am generating a ECP key in following way. And now how do I get the private key?

TEE_Result gen_ec_keys(mbedtls_pk_context* pk, mbedtls_entropy_f_source_ptr f_source,
    __maybe_unused TEE_Param params[TEE_NUM_PARAMS])
{
    int ret = 1;
    mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctr_drbg;
    const char* pers = "gen_key";
    TEE_Result res = TEE_SUCCESS;

    unsigned char output_buf[16000];
    memset(output_buf, 0, 16000);

    mbedtls_entropy_init(&entropy);
    mbedtls_ctr_drbg_init(&ctr_drbg);

    if ((ret = mbedtls_entropy_add_source(&entropy, f_source,
        NULL, 48,
        MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) {
        params[2].value.a = 1;
        goto exit;
    }

    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, f_entropy, &entropy,
        (const unsigned char*)pers,
        strlen(pers))) != 0) {
        mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
            (unsigned int)-ret);
        params[2].value.a = 2;
        goto exit;
    }

    if ((ret = mbedtls_pk_setup(pk,
        mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))) != 0) {
        EMSG(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int)-ret);
        params[2].value.a = 3;
        goto exit;
    }

    if ((ret = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP384R1, mbedtls_pk_ec(*pk),
        mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
        EMSG(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x",
            (unsigned int)-ret);
        params[2].value.a = 4;
        goto exit;
    }

exit:
    mbedtls_ctr_drbg_free(&ctr_drbg);
    mbedtls_entropy_free(&entropy);
    return res;
}
--
mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org
To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org