• State Resolved
  • Locked Locked
  • Replies 1 reply
  • Subscribers 51 subscribers
  • Views 88 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2745R10-Q1: Please confirm the use of KeyStore_PSA_importKey.

youkyou ryu
Prodigy 80 points
Part Number: CC2745R10-Q1


Tool/software:

I want to use KeyStore_PSA_importKey, so we implemented it according to the sample code and checked its operation.
I found that the code entered an infinite loop of Exception_handlerSpin.

I suspect that psa_import_key() is used internally for KeyStore_PSA_importKey.
To check the operation of psa_import_key(),
I created the following code ① and checked its operation with the same parameters as the sample code.
Then, we received the error "PSA_ERROR_INVALID_ARGUMENT".
I also created and ran code ②, but it returned "PSA_ERROR_INSUFFICIENT_MEMORY".

Could you please explain why these error codes are reported by psa_import_key()?
Also, when using KeyStore_PSA_importKey(), it goes into an infinite Exception_handlerSpin loop. Is there a way to resolve this?

--

simplelink_lowpower_f3_sdk_9_10_00_83\source\ti\drivers\ECDSA.h
When I run the following source code, imitating the sample code, the status value is -135 (The (The parameters passed to the function are invalid.)
* When using KeyStore_PSA_importKey, the Exception_handlerSpin function goes into an infinite loop.

static uint8_t theirPublicKeyingMaterial[65] =  {0x04,
                                          // X
                                          0xB7,0xE0,0x8A,0xFD,0xFE,0x94,0xBA,0xD3,
                                          0xF1,0xDC,0x8C,0x73,0x47,0x98,0xBA,0x1C,
                                          0x62,0xB3,0xA0,0xAD,0x1E,0x9E,0xA2,0xA3,
                                          0x82,0x01,0xCD,0x08,0x89,0xBC,0x7A,0x19,
                                          //Y
                                          0x36,0x03,0xF7,0x47,0x95,0x9D,0xBF,0x7A,
                                          0x4B,0xB2,0x26,0xE4,0x19,0x28,0x72,0x90,
                                          0x63,0xAD,0xC7,0xAE,0x43,0x52,0x9E,0x61,
                                          0xB5,0x63,0xBB,0xC6,0x06,0xCC,0x5E,0x09};

static void vos_keystore_test( void )
{
    CryptoKey theirPublicKey;
    KeyStore_PSA_KeyFileId publicKeyID;
    KeyStore_PSA_KeyAttributes pubKeyAttributes = KEYSTORE_PSA_KEY_ATTRIBUTES_INIT;
    KeyStore_PSA_KeyType keyType = KEYSTORE_PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE;
    int_fast16_t status = KEYSTORE_PSA_STATUS_GENERIC_ERROR;
    // Public key
    KeyStore_PSA_setKeyAlgorithm(&pubKeyAttributes, KEYSTORE_PSA_ALG_ECDSA);
    KeyStore_PSA_setKeyUsageFlags(&pubKeyAttributes, KEYSTORE_PSA_KEY_USAGE_VERIFY_HASH);
    // Set key ID for persistent keys
    GET_KEY_ID(publicKeyID, KEYSTORE_PSA_KEY_ID_USER_MIN);
    KeyStore_PSA_setKeyLifetime(&pubKeyAttributes, KEYSTORE_PSA_KEY_LIFETIME_PERSISTENT);
    // In this example, we assume public key to be stored is for NIST-P256
    KeyStore_PSA_setKeyType(&pubKeyAttributes, keyType | KEYSTORE_PSA_ECC_CURVE_SECP256R1);
#if 0
    status = KeyStore_PSA_importKey(&pubKeyAttributes,
                                theirPublicKeyingMaterial,
                                sizeof(theirPublicKeyingMaterial),
                                &publicKeyID);
#else
    status = psa_import_key(&pubKeyAttributes,
                                theirPublicKeyingMaterial,
                                sizeof(theirPublicKeyingMaterial),
                                &publicKeyID);
#endif
    if (status != KEYSTORE_PSA_STATUS_SUCCESS)
    {
        while(1); // handle error
    }
    KeyStore_PSA_initKey(&theirPublicKey, publicKeyID, sizeof(theirPublicKeyingMaterial), NULL);
}


simplelink_lowpower_f3_sdk_9_10_00_83\source\ti\drivers\cryptoutils\cryptokey\CryptoKeyKeyStore_PSA.h
When I run the following source code, imitating the sample code, the status value will be -141 (There is not enough runtime memory.)
* When using KeyStore_PSA_importKey, the Exception_handlerSpin function goes into an infinite loop.

static uint8_t keyingMaterial[16] = {0x1f, 0x8e, 0x49, 0x73, 0x95, 0x3f, 0x3f, 0xb0,
                                      0xbd, 0x6b, 0x16, 0x66, 0x2e, 0x9a, 0x3c, 0x17};

static void vos_keystore_test( void )
{
    CryptoKey cryptoKey;
    KeyStore_PSA_KeyFileId keyID;
    int_fast16_t status;
    KeyStore_PSA_KeyAttributes attributes = KEYSTORE_PSA_KEY_ATTRIBUTES_INIT;
    // Assign key attributes
    KeyStore_PSA_setKeyUsageFlags(&attributes, (KEYSTORE_PSA_KEY_USAGE_DECRYPT | KEYSTORE_PSA_KEY_USAGE_ENCRYPT));
    KeyStore_PSA_setKeyAlgorithm(&attributes, KEYSTORE_PSA_ALG_CCM);
    KeyStore_PSA_setKeyType(&attributes, KEYSTORE_PSA_KEY_TYPE_AES);
    KeyStore_PSA_setKeyLifetime(&attributes, KEYSTORE_PSA_KEY_LIFETIME_PERSISTENT);
    // Set key ID
    GET_KEY_ID(keyID, KEYSTORE_PSA_KEY_ID_USER_MIN);
    KeyStore_PSA_setKeyId(&attributes, keyID);
    // Import the keyingMaterial
    
#if 0
    status = KeyStore_PSA_importKey(&attributes, 
                                    keyingMaterial, 
                                    sizeof(keyingMaterial), 
                                    &keyID);

#else    
    status = psa_import_key(&attributes, 
                            keyingMaterial, 
                            sizeof(keyingMaterial), 
                            &keyID);
#endif
    
    if (status != KEYSTORE_PSA_STATUS_SUCCESS)
    {
        while(1); // handle error
    }
    KeyStore_PSA_initKey(&cryptoKey, keyID, sizeof(keyingMaterial), NULL);
}

---

  • +1
    TI__Genius 15575 points

    Hello,

    PSA and KeyStore APIs shouldn't be used together. For transparency, the KeyStore APIs shouldn't be used at all, and all KeyStore operations should occur via the PSA API. In the code you've attached I see a mixture of these APIs, so I would rewrite the code to use the PSA APIs. You can find some example projects in the <SDK Root>/examples/rtos/LP_EM_CC2745R10_Q1/drivers folder. psaAeadEncrypt is a good example to use.

    Additionally, you can find an example below for AES-CBC but can be extrapolated for other algorithms:

    /* For usleep() */
#include <unistd.h>
#include <stdint.h>
#include <stddef.h>

/* Driver Header files */
#include <ti/drivers/GPIO.h>
#include <third_party/psa_crypto/include/psa/crypto.h>
#include <ti/drivers/cryptoutils/hsm/HSMLPF3.h>
KEYSTORE_PSA_KEY_LIFETIME_PERSISTENT

/* Driver configuration */
#include "ti_drivers_config.h"

#define KEY_LIFETIME PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_LOCAL_STORAGE)

uint8_t keyingMaterial[16] = { 0x1f, 0x8e, 0x49, 0x73, 0x95, 0x3f, 0x3f, 0xb0,
                               0xbd, 0x6b, 0x16, 0x66, 0x2e, 0x9a, 0x3c, 0x17
                             };
uint8_t iv[16] =                {0x2f, 0xe2, 0xb3, 0x33, 0xce, 0xda, 0x8f, 0x98,
                                 0xf4, 0xa9, 0x9b, 0x40, 0xd2, 0xcd, 0x34, 0xa8};

uint8_t plaintext[16] =         {0x45, 0xcf, 0x12, 0x96, 0x4f, 0xc8, 0x24, 0xab,
                                 0x76, 0x61, 0x6a, 0xe2, 0xf4, 0xbf, 0x08, 0x22};

uint8_t ciphertext[sizeof(plaintext)];

/*
 *  ======== mainThread ========
 */
void *mainThread(void *arg0)
{
    psa_status_t status;
    psa_key_id_t key_id;
    int_fast16_t ret;

    status = psa_crypto_init();
    if (status != PSA_SUCCESS)
    {
        while(1);
    }

    ret = HSMLPF3_provisionHUK();
    if (ret != HSMLPF3_STATUS_SUCCESS)
    {
        while(1);
    }


    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;

    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
    psa_set_key_algorithm(&attributes, PSA_ALG_CBC_NO_PADDING);
    psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);

    psa_set_key_lifetime(&attributes, KEY_LIFETIME);
    psa_set_key_bits(&attributes, 128);

    key_id = PSA_KEY_ID_USER_MIN;
    psa_set_key_id(&attributes, key_id);

    status = psa_import_key(&attributes, keyingMaterial, sizeof(keyingMaterial), &key_id);
    if (status != PSA_SUCCESS)
    {
        while(1);
    }

    psa_cipher_operation_t op = PSA_CIPHER_OPERATION_INIT;
    status = psa_cipher_encrypt_setup(&op, key_id, PSA_ALG_CBC_NO_PADDING);
    if (status != PSA_SUCCESS)
    {
        while(1);
    }

    status = psa_cipher_set_iv(&op, iv, sizeof(iv));
    if (status != PSA_SUCCESS)
    {
        while(1);
    }

    size_t cipher_length = 0;

    status = psa_cipher_update(&op,
                               plaintext,
                               sizeof(plaintext),
                               ciphertext,
                               sizeof(plaintext),
                               &cipher_length);

    if (status != PSA_SUCCESS)
    {
        while(1);
    }

    status = psa_cipher_finish(&op,
                               ciphertext,
                               sizeof(plaintext),
                               &cipher_length);
    if (status != PSA_SUCCESS)
    {
        while(1);
    }

    while(1);
}

    I would run this code in an empty project. Additionally, ensure that the HSM firmware has been loaded.

    Best,

    Nima Behmanesh