• State Resolved
  • Locked Locked
  • Replies 1 reply
  • Subscribers 30 subscribers
  • Views 108 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

LAUNCHXL-CC26X2R1: Encripting Keys that are in the Key Store

Cetin Gulec
Prodigy 40 points
Part Number: LAUNCHXL-CC26X2R1

Tool/software:

Hello,

I added Keys to key store memory using some functions that are visible in the below. Also you can see my main functionin the below . Now I want to encrypt these Keys, however I can not use usual encryption functions because keys are in the Key Store and they are not accessible. Is there any specific functions or any specific way to encrypt these Keys?

I am looking forward to your respond.

/*FUNCTIONS*/
uint32_t AESWriteToKeyStore(const uint8_t *aesKey, uint32_t aesKeyLength, uint32_t keyStoreArea);
uint32_t AESReadFromKeyStore(uint32_t keyStoreArea);

/*MY MAIN FUNCTION*/
uint32_t writeStatus = AESWriteToKeyStore(aesKey, AES_KEY_SIZE, AES_KEY_AREA);
if (writeStatus == AES_SUCCESS) {
        uint32_t readStatus = AESReadFromKeyStore(AES_KEY_AREA);
        if (readStatus == AES_SUCCESS) {
                //THIS PART I WANT TO ENCRYPT THE KEYS THAT ARE IN THE KEY STORE
        }
}

Regards,
Cetin

  • +1
    TI__Guru**** 216717 points

    Hello Cetin,

    From the driverlib documentation

    "The key store is a section of crypto memory that is only accessible to the crypto module and may be written to by the application via the crypto DMA. It is not possible to read from the key store to main memory. Thereby, it is not possible to compromise the key should the application be hacked if the original key in main memory was overwritten already.

    The crypto core does not have retention and all configuration settings and keys in the keystore are lost when going into standby or shutdown. The typical security advantages a key store offers are not available in these low power modes as the key must be saved in regular memory to reload it after going into standby or shutdown. Consequently, the keystore primarily serves as an interface to the AES accelerator."

    A note about key storage from the encryption TI Drivers:

    "The CC26XX crypto module contains a key store. The only way to load a key into the AES accelerator is to first load it into the key store. To guarantee availability of open key locations in the key store for AES operations, the last two key locations (6 and 7) are reserved for ad-hoc operations. The key is loaded into the key store, the AES operation is carried out, and the key is deleted from the key store. Since the key store does not have retention and the keys can not survive going into standby, the key store is only used to load keys into the AES accelerator rather than store keys. Support for pre-loading keys into the key store and using them in an AES operation is not supported in this driver."

    I would also recommend that you review section 12.5.6 Key Area Registers of the TRM.  Hopefully this will provide further context as to the intentions, purpose, operation, and limitations of the key store area.

    Regards,
    Ryan