• State
  • Locked Locked
  • Replies 2 replies
  • Subscribers 98 subscribers
  • Views 606 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Security Accelerator

Alberto Oliva
Prodigy 20 points


Dear Sirs, we are developing on EVMC6472 for a solution that will use 5 of these EVM. We are now interested in EVMC6878 to evaluate the characteristics of Security Accelerator. We read the pdf but not made clear some of the features or aspects of encryption. To use IPSec ESP with AES-CTR or CCM, where do we specify the AES key length (128, 192 or 256) and the block size for AES in CTR mode?. We also no found registers that the private key is stored before the expansion. It would be helpful if you could send detailed information and an example. Also on the use and configuration of public key (Diffie-Hellman).

Sorry for my English.

Regards. ENG. Ricardo Leber. Development Manager

  • 0
    TI__Intellectual 1880 points

    Ricardo,

    The register interface for the security accelerator is very basic, and does allow configuration of the SA security channels. This is why you could not find registers for setting up encryption. Instead, the security channels are setup through the SA LLD software driver. The SA LLD will also automatically take care of whatever limited amount of register configuration is required, so it is not necessary to program the SA registers directly.

    The security related is setup through the SA LLD channel interface. A security channel gets created through several calls to the SA LLD (see section 2.16 in the SA User Guide:  SA LLD Channel Initialization and Configuration), which creates a corresponding "security context" in device (e.g. DDR3) memory that can be accessed by the SA. Each of the SA LLD APIs are used to configure a specific portion of the security channel, and store the information in the security context.

    Following procedure 2-6 in section 2.16, if you wanted to setup a channel for IPsec ESP encryption with an AES-CTR cipher, then:

    In step 1, you can configure the the Sa_ChanConfig_t structure to specify that you want to crate an IPsec ESP encryption channel.

    Steps 2-4 are for preparing memory to be used by the SA LLD for this channel. This is not the security context memory.

    In Step 5, you can specify what type of encryption mode (e.g. AES-CTR or CCM) and authentication mode to use for the channel. In this step, you also setup the encryption key size and  block size. This is done in the Sa_IpsecConfigParams_t data structure

    In Step 6, you setup the encryption key information for the channel

    In Steps 7, the transmit (encryption) security context is generated and step 8 generates the receive (decryption) security context. 

     

    SA LLD information specific to IPsec ESP can be found in section 2.4.4 of the SA user guide.

    An example of using the SA LLD to configure an IPsec ESP channel can be found with the SA LLD under packages\ti\drv\sa\example\SaBasicExample\src\tests\test1.c.

    The code to configure the channels are found in the packages\ti\drv\sa\example\SaBasicExample\src\salldsim\ directory, in the salldsim.c and salldcfg.c files.

    Regards,

    Derek

  • 0 in reply to Derek Brown
    Prodigy 20 points

    Derek,

    Thank you very much for your detailed answer. I'm not familiar with this EVM and I appreciate very much all the information.

    Now I download the  SA LLD user guide and examples which you advised me.

    Thank you very much again

    Regards,

    Ricardo