• State Resolved
  • Locked Locked
  • Replies 11 replies
  • Subscribers 56 subscribers
  • Views 1492 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Signing and encrypting .bin file for OAD

sarang kalbande
Intellectual 270 points

Hi all,

currently I am trying Encrypted OAD between my IOS application

and keyfob but I am not sure about signing and encrypting the image for OAD

without using SMARTRF board.

I wanted to know is there way round to sign and encrypt .bin image 

with some sort of utility directly.

kindly reply

Regards,

Sarang

  • 0
    Expert 2500 points

    Hi,

    You can install openssl library on your PC and encrypt file using openssl. 

    Use this command: 

    openssl enc -aes-128-ecb -K your_key_in_hex  -iv iv_in_hex -in SensorTag.bin -out encrypted.bin -nopad

    Example :

    openssl enc -aes-128-ecb -K 123456789...F -iv 0000000000000000 -in SensorTag.bin -out encrypted.bin -nopad

    EDIT:

    After this procedure, you need to copy first 16 byte (header) from original .bin file and overwrite first 16 bytes in encrypted .bin. Thus you need to keep header intact otherwise application will not recognize image correctly.

    ------------------------------------------------------------------------------

    Press "Verify" if your question is answered.

  • 0 in reply to Maulik Vaghela
    Intellectual 270 points

    Hi,

    Thank you for the details.

    I will give it a try.

    Thank you

    Regards,

    Sarang

  • 0 in reply to Maulik Vaghela
    Expert 1360 points

    I think this is incorrect, I tried it and the TiOADExample app incorrectly identified a ImgB as an ImgA

    I believe this is because the header shouldn't be encrypted?

  • 0 in reply to Tim Redfern
    Expert 2500 points

    Hi,

    sorry, forgot to mention that.

    Yes, you need to manually replace first 16 bytes from original bin to encrypted bin.

    Keep first 16 bytes as it is, encrypt rest of the file.

  • 0 in reply to Maulik Vaghela
    Expert 1360 points

    I pasted the first 16 bytes of the unencrypted file back onto the encrypted one, should this work? Or should I split the file before encryption?

    I compared the file prepared this way with the one that was created with the SBL tool, they are not the same.

    Both of them "brick" the device when uploaded so I don't know where the problem lies.

  • 0 in reply to Tim Redfern
    Expert 2500 points

    Hi,

    This will work because openssl's aes-128-ecb method encrypt file by taking 16 bytes chunks.So replacing first 16 bytes won't change encryption for whole file. 

    For SBL demotool, you need to remove header first and then encrypt the file. Once file is encrypted put 16 byte at the starting of file.

    Are you using same key and iv in openssl, BEM and image A?

    Can you try by keeping iv = 0 in BEM and image A? 

  • 0 in reply to Maulik Vaghela
    Expert 1360 points

    Thanks,

    I'm using the same key in sbl_exec.c, bem_main.c and in the command line for SSL.

    iv I left at the default-  In bem_main.c:

    static uint8 ivNonce[KEY_BLENGTH] = { 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 };

    in the command line for openssl: 

    -iv 1000000000000001

  • 0 in reply to Tim Redfern
    Expert 1360 points

    I took the same unencrypted .bin file and tried to encypt it this way, and via SBL. They came out different, according to diff.

    I attempted an update via TiOADExample with both encrypted images.

    the openssl uploaded but didn't update

    the SBL one "bricked"

  • 0 in reply to Tim Redfern
    Expert 1360 points

    I got to the bottom of the problem with the SBL method. it works fine, just have to careful managing a huge number of dialogue pages of options in multiple project targets in IAR. Oh for a proper Makefile based build.

    The openssl method of encrypting the image doesn't work for me. It doesn't come up with the same data, and the image fails to execute. I tried changing the iv to 0

  • 0 in reply to Tim Redfern
    Intellectual 535 points

    Hi

    Can anyone confirm if the openssl way is a working method as I've tried it and get the same problem as a lot of people on the forum that it just reverts back to Image A after saying uploaded successful? 

    I am using the cbc command for openssl and replacing the first 16 bytes with the BBBB header.

    I don't have the smartrf board which TI uses in the tutorial to encrypt the image.  I will probably end up trying to use a usb-to-uart chip to get the EBL going.

    I've tried to make sure I lock the pages for BEM in flash programmer but it only allows page 0 and page 126 it complains if you tell it 0, 126, 127.

    Regards

  • 0 in reply to Francois Butler
    Prodigy 120 points

    Hi Guys,

    Can anyone share the working method for generation of encrypted image with openssl ?

    Thanks in advance...