• State TI Thinks Resolved
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 311 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

LAUNCHXL-CC26X2R1: LAUNCHXL-CC26X2R1

Cetin Gulec
Prodigy 40 points
Part Number: LAUNCHXL-CC26X2R1
Other Parts Discussed in Thread: CC2652R

Tool/software:

Hello,

I want to add keys to secure area. I am using "12.9.1 Crypto Registers" to complete this task. Then I looked reference manuals document up and I write a code thanks to "12.7.4.2.1 Load Keys From External Memory". However, I got an error. I use some registers that are readable and writable type, however I can not read these registers. Because these registers are crypto registers and I can only see "?" in the address via memory browser during debug.
My board is cc26x2

12.7.4.2.1 Load Keys From External Memory
The following software example in pseudocode describes the actions that are typically executed by the host software to load one or more keys into the key-store module.
// configure master control module
write ALGSEL 0x0000_0001 // enable DMA path to the key store module
write IRQCLR 0x0000_0001 // clear any outstanding events
// configure key store module (area, size)
write KEYSIZE 0x0000_0001 // 128-bit key size
write KEYWRITEAREA 0x0000_0001 // enable keys to write (e.g. Key 0)
// configure DMAC
write DMACH0CTL 0x0000_00001 // enable DMA channel 0
write DMACH0EXTADDR // base address of the key in ext. memory
write DMACH0LEN // total key length in bytes (e.g. 16 for 1 x 128-bit key)
// wait for completion
wait IRQSTAT[0]==’1’ // wait for operation completed
check IRQSTAT[31:30] == ‘00’ // check for absence of errors in DMA and key store
write IRQCLR 0x0000_0001 // acknowledge the interrupt
write ALGSEL 0x0000_0000 // disable master control/DMA clock
// check status
check KEYWRITTENAREA 0x0000_00001 // check that Key 0 was written
// end of algorithm

In this pseudocode I want to always check the value in the register whether is correct value or not. Also, I got an error in the while and if (wait and check) blocks. Because I can not read the value in the address. Is there any possible way to read the value in the crypto registers? You can see my code in the below.


void loadKeys(uint32_t keyIndex, uint32_t *extMemoryAddr, uint32_t keyLength) {
ALGSEL = 0x00000001;  // Enable DMA to key store module
IRQCLR = 0x00000001;  // Clear any outstanding events
KEYSIZE = 0x00000001;  // 128-bit key size
KEYWRITEAREA = (1 << keyIndex);  // Select the key slot (e.g., key 0)
DMACH0CTL = 0x00000001;  // Enable DMA channel 0
DMACH0EXTADDR = (uint32_t)extMemoryAddr;  // Set external memory address (where the key is stored)
DMACH0LEN = keyLength;  // Set key length (e.g., 16 bytes for 128-bit key)
while ((IRQSTAT & 0x01) == 0);  // Wait until the operation is completed (IRQSTAT[0] is set)
// Check if the operation was successful (no errors in DMA or key store)
if ((IRQSTAT & 0xC0000000) == 0) {
// Operation completed successfully
IRQCLR = 0x00000001; // Clear interrupt flag
} else {
// Handle errors (DMA or key store write error)
}
// Verify that the key was written to the correct area
if (KEYWRITTENAREA & (1 << keyIndex)) {
// Key was successfully written to the key store
} else {
// Handle failure (key not written)
}
// Disable DMA path to the key store module
ALGSEL = 0x00000000; // Disable DMA path
}

Thanks

  • 0
    TI__Guru**** 217507 points

    Hello Cetin,

    Here are the TRM, Crypto Registers, and TI Driver APIs for further reading.

    The module has to be enabled for you to read from its registers.  If the Crypto engine and DMA are not properly configured then it will not be possible to read the registers. 

    Would you consider using the TI Crypto Drivers in order to generate your key without using register-level access?  Here is an aesKeyAgreement example you can reference.

    Regards,
    Ryan

  • 0 in reply to Ryan Brown1
    Prodigy 40 points

    Hello Ryan,

    As far as I know I configured DMA and Crypto Engine with the code block that is in the below. Also, I did not understand using TI Crypto Drivers clearly, I reviewed the aesKeyAgreement, however I have not any clear idea about this. Is there any function to configure the Crypto Engine and DMA or to read Crypto Registers instead of using register-level access?

    ALGSEL = 0x00000001;  // Enable DMA to key store module
    IRQCLR = 0x00000001;  // Clear any outstanding events
    KEYSIZE = 0x00000001;  // 128-bit key size
    KEYWRITEAREA = (1 << keyIndex);  // Select the key slot (e.g., key 0)
    DMACH0CTL = 0x00000001;  // Enable DMA channel 0
    DMACH0EXTADDR = (uint32_t)extMemoryAddr;  // Set external memory address (where the key is stored)
    DMACH0LEN = keyLength;  // Set key length (e.g., 16 bytes for 128-bit key)

  • 0 in reply to Cetin Gulec
    TI__Guru**** 217507 points

    I apologize for the confusion thus far.  At the moment, let's assume that Crypto Registers are not made available to the main core during debugging.  From the datasheet:  

    The CC2652R device comes with a wide set of modern cryptography-related hardware accelerators, drastically reducing code footprint and execution time for cryptographic operations. It also has the benefit of being lower power and improves availability and responsiveness of the system because the cryptography operations runs in a background hardware thread.

    Can you further explain what you are trying to achieve?  You mentioned that "I want to add keys to secure area" but the TRM is discussing key storage in the crypto hardware accelerator module which you should not be needing to access after providing the keying material.  The TI Drivers provide AES modules so that the encryption/decryption process is simplified for users.  So what do you need to accomplish ultimately?

    Regards,
    Ryan

  • 0 in reply to Ryan Brown1
    Prodigy 40 points

    I also apologise for not explaining clearly. I try to achieve writing and storing key in the secure area that is mentioned in TRM document 12.5.6. Key Area Registers. I just tried to read in the debug mode. It is not my main purpose. My main purpose is writing and storing the keys in the secure area that is probably 1 kB memory as I understand and after using them to AES and ECDSA crypto operations. Here is a short explanation about this from TRM.

    "The local-key storage module is directly connected to 1 kB of memory. The module can store up to eight AES keys and has eight 128-bit entries. The key size is programmed in the key-store module. The key material in the key store is not accessible through read operations through the AHB master and slave interfaces. Keys can only be written to the key store through DMA. Once a DMA operation for a key read is started, all received data is written to the key-store module. Keys that are stored in the key store memory can be transferred only to the AES key registers and are not accessible for any other purpose."

    In this situation I need a help to how I can achieve this.

    Kind regards,
    Cetin




  • 0 in reply to Cetin Gulec
    TI__Guru**** 217507 points

    The AES variant (ex. AESCBC.h) and ECDSA.h TI Driver APIs, with detailed examples included in documentation, should fulfill this requirement automatically and without further intervention required by the user.  Can you please clarify what is missing from these that would require more investigation from your end?

    Regards,
    Ryan

  • 0 in reply to Ryan Brown1
    Prodigy 40 points

    I am sincerely sorry for the late reply. I was trying the complete my task with these library (AESCBC.h and ECDSA.h) and I success it. However, at this point I am not sure the security. Because I want to add these keys to secure area and I also want anyone to not access it except me. These libraries can offer me this feature? I can read the keys from the area and it feels like it is not secure. What is the difference between this method and directly writing to flash?

    Regards,
    Cetin

  • 0 in reply to Cetin Gulec
    TI__Guru**** 217507 points

    How would someone else be able to access the key on your device?

    Regards,
    Ryan