• State Resolved
  • Locked Locked
  • Replies 3 replies
  • Subscribers 51 subscribers
  • Views 264 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2745R10-Q1: HSM

Ram Mon
Prodigy 90 points
Part Number: CC2745R10-Q1

Tool/software:

Hello; 

We are trying to explore the HSM module in the CC2745, the problem is the example introduced on the SDK only gives you how to manipulate the result for example for the AESCBC after debug we choose only 1 or 2 we don't have the ability to enter the plaintext.

The question here, is there a structured example on how to use the HSM, its main application crypto, key store...Or more information of how to exploit it.

Thank you;

Best regards

  • 0
    TI__Genius 14705 points

    Hello,

    What example project are you referring to?

    Best,

    Nima Behmanesh

  • 0 in reply to Nima
    Prodigy 90 points

    Hello; 

    The AESCBC example on "C:\ti\simplelink_lowpower_f3_sdk_8_40_00_61\examples\nortos\LP_EM_CC2745R10_Q1\drivers\aescbc".

    But the question is where to find an explanation of how to include the hsm on the project, or there are a guided instruction explanation.

    THank you;

    Best regards;

  • +1 in reply to Ram Mon
    TI__Genius 14705 points

    Hello,

    For TI drivers, the HSM usage is based on the encoding of the crypto key. See the code below:

    #include <ti/drivers/AESCCM.h>
    #include <ti/drivers/cryptoutils/cryptokey/CryptoKeyPlaintext.h>

    #define USE_HSM 

    AESCCM_Params params;
    AESCCM_Handle handle;
    CryptoKey cryptoKey;
    int_fast16_t encryptionResult;
    uint8_t nonce[] = "Thisisanonce";
    uint8_t aad[] = "This string will be authenticated but not encrypted.";
    uint8_t plaintext[] = "This string will be encrypted and authenticated.";
    uint8_t mac[16];
    uint8_t ciphertext[sizeof(plaintext)];
    uint8_t keyingMaterial[32] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
                                  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
                                  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
                                  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
    AESCCM_Params_init(&params)
    params.returnBehavior = AESCCM_RETURN_BEHAVIOR_POLLING;
    handle = AESCCM_open(0, &params);
    if (handle == NULL) {
        /* If the handle is returned as NULL, this indicates that the HSM 
         * firmware has not been flashed.
         */
        // handle error
    }

    #ifdef USE_HSM
    /* This is the API uses the HSM. */
    CryptoKeyPlaintextHSM_initKey(&cryptoKey, keyingMaterial, sizeof(keyingMaterial));
    #else
    /* This uses the LAES engine. */
    CryptoKeyPlaintext_initKey(&cryptoKey, keyingMaterial, sizeof(keyingMaterial));
    #endif

    AESCCM_OneStepOperation operation;
    AESCCM_OneStepOperation_init(&operation);
    operation.key           = &cryptoKey;
    operation.aad           = aad;
    operation.aadLength     = sizeof(aad);
    operation.input         = plaintext;
    operation.output        = ciphertext;
    operation.inputLength   = sizeof(plaintext);
    operation.nonce         = nonce;
    operation.nonceLength   = sizeof(nonce);
    operation.mac           = mac;
    operation.macLength     = sizeof(mac);
    encryptionResult = AESCCM_oneStepEncrypt(handle, &operation);
    if (encryptionResult != AESCCM_STATUS_SUCCESS) {
        // handle error
    }
    AESCCM_close(handle);


    By defining USE_HSM in the example code above, you can see that the way the key material is encoded uses a different API.

        #ifdef USE_HSM
    /* This is the API uses the HSM. */
    CryptoKeyPlaintextHSM_initKey(&cryptoKey, keyingMaterial, sizeof(keyingMaterial));
    #else
    /* This uses the LAES engine. */
    CryptoKeyPlaintext_initKey(&cryptoKey, keyingMaterial, sizeof(keyingMaterial));
    #endif

    If a key is initialized using CryptoKeyPlaintextHSM_initKey is used, then the HSM is used for operations involving that key.

    In contrast, if the key is initialized using CryptoKeyPlaintext_initKey, then the LAES engine is used.

    Instructions for other crypto drivers are in the driver documentation. For instance, for AES-CBC, you can find it here: AESCBC.h File Reference. You'll see a code snippet with the title (I would link to it directly, but there's no way to do that):

    The following code snippet is for CC27XX devices only and leverages the HSM which is a seperate Hardware Accelerator

    As for KeyStore, you will need to use the PSA API (1 Introduction — PSA Certified Crypto API 1.3). 

    HSM, KeyStore, and PSA documentation will be released soon that will formalize this information.

    Best,

    Nima Behmanesh