Migration from previous Cryptographic Library version

Revision as of 16:28, 30 April 2021 by Registered User
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

This page explains the differences between the previous Cryptographic Library version 'V3.x.x and the current one V4.x.x.

1. What's new in the V4.0.0 version

Cryptographic Library V4.0.0 brings more simplicity and more performances (speed &size)

1.1. Simplicity

V3.x.x V4.0.0 
int32_t rv;
EC_stt EC_st;
membuf_stt Crypto_Buffer;
ECpoint_stt *PubKey = NULL;
ECDSAsignature_stt *sign = NULL;
uint8_t membuf[MAX_MEMBUF_SIZE];
ECDSAverifyCtx_stt verctx;

uint8_t pub_x[] = {…}, pub_y[] = {…};
uint8_t sign_r[] = {…}, sign_s[] = {…}, digest[] = {…};

Crypto_Buf.pmBuf = membuf;
Crypto_Buf.mUsed = 0;
Crypto_Buf.mSize = sizeof(membuf);

// ToDo: manually fill EC_st with curve parameters!!!

/* Init the EC main struct */
rv = ECCinitEC(&EC_st, &Crypto_Buf);

/* Init the public key */
ECCinitPoint(&PubKey, &EC_st, &Crypto_Buf);
ECCsetPointCoordinate(PubKey,
                      E_ECC_POINT_COORDINATE_X,
                      pub_x,
                      sizeof(pub_x));
ECCsetPointCoordinate(PubKey,
                      E_ECC_POINT_COORDINATE_Y,
                      pub_y,
                      sizeof(pub_y));

/* Init the signature */
ECDSAinitSign(&sign, &EC_st, &Crypto_Buf);
ECDSAsetSignature(sign,
                  E_ECDSA_SIGNATURE_R_VALUE,
                  sign_r, sizeof(sign_r));
ECDSAsetSignature(sign,
                  E_ECDSA_SIGNATURE_S_VALUE,
                  sign_s, sizeof(sign_s));

/* Verification */
verif_ctx.pmEC = &EC_st;
verif_ctx.pmPubKey = PubKey;
rv = ECDSAverify(digest, sizeof(digest),
                 sign, &verif_ctx, &Crypto_Buf);
 
cmox_ecc_retval_t rv;
cmox_ecc_handle_t Ecc_Ctx;
uint8_t membuf[MAX_MEMBUF_SIZE];
uint32_t fault_check = CMOX_ECC_AUTH_FAIL;

uint8_t pubkey[] = {…}, digest[] = {…}, signature[] = {…};

/* Construct a ECC context */
cmox_ecc_construct(&Ecc_Ctx,
                  CMOX_ECC256_MATH_FUNCS,
                  membuf, sizeof(membuf));

/* Verify directly the signature passing
   all the needed parameters */
rv = cmox_ecdsa_verify(&Ecc_Ctx,
                       CMOX_ECC_CURVE_SECP256R1,
                       pubkey, pubkey(Public_Key),
                       digest, sizeof(digest),
                       signature, sizeof(signature),
                       &fault_check);


2. Deprecated algorithms

Some algorithms available in the V3.x.x are no more supported, cause they have been deprecated for security reason.

Algorithm Comment
MD5 More details on MD5 vulnerabilities are available here rfc6151
ARC4 More details on RC4/ARC4 vulnerabilities are available here rfc7465
DES Withdrawn by NIST on May 19, 2005:FIPS46-3
T-DES Withdrawn by NIST on September 26, 2018:NIST-SP800-20
Info white.png Information
NOTE: SHA1 algorithm, even if it is also considered as deprecated, is still available in the Cryptographic Library cause it comes with other SHA implementations.

3. V3.x.x to V4.0.0 migration information and links

Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:Migration_from_previous_Cryptographic_Library_version&oldid=11025"