• State
  • Locked Locked
  • Replies 3 replies
  • Subscribers 51 subscribers
  • Views 693 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AES encryption & UBL

George Nikolaou
Prodigy 220 points

Other Parts Discussed in Thread: CC2540

Hi All,

I have being trying to encrypt my application with the UBL project (BLE stack v1.3.0) but i was unsuccessful in completing the task so far and i would like some assistance with the process.

I have created a "special" signing UBL which i use to upload the .bin file to the CC2540 and then i read back the encrypted .bin file.(For this build i used  both UBL_SECURE & UBL_SIGNER defines)

Afterwards, i upload  a "secure" bootloader to the CC2540 (only UBL_SECURE define was used for this build) and i can see that none of the unencrypted app's can be uploaded to the module and only the encrypted .bin passes thru and uploads.

Once the encrypted .bin file is uploaded to the CC2540, the UBL doesn't jump to the code and instead it remains as a MSD.

Any ideas why that happens?

Am i doing something wrong during the encryption process and i make the code unusable?

Best regards,

George

  • 0
    Prodigy 220 points

    Hi All,

    While spending some time on the AES encryption for the binary image, i realized that my application is encrypted fine when using the "UBL_SIGNER" define but there are some problems regarding the generation of the CBC - MAC tag.

    If i comment out the "return false" statement ( and essentially i do not compare the CBC-MAC tag) from the following piece of code (from the UBL project), i can see that my encrypted application downloads successfully to the CC2540 SoC and also the application works as expected.

    #if UBL_SIGNER
    signMode = TRUE; // Now the Signer should encrypt the read back.
    #else // A signer must always return FALSE so that usb_msd.c does not save the file name to flash.
    if (memcmp(ctrlBlk.signature, sigBuf, KEY_BLENGTH))
    #endif
    {
    //return FALSE;
    }
    #endif

    Can anyone give me a hint on what i might be doing wrong and the calculation of the authentication tags fails each time?

    Best regards,

    George

  • 0 in reply to George Nikolaou
    Prodigy 120 points

    one more observation 

    It seems there's a bug causing freeze in msd  while optimization set to high
    ( options -> c/C++ compiler -> optimizations -> level -> high ) 

    setting to medium will ease the problem of msd freeze when usb_secure is used 

    however, optimization set to medium will exceed the code allowed for UBL , 
    disabling MAC signature checking can reduced the code size to fit in the UBL limit 

    i do hope there's better work around of course

    in "ubl_exec.c" , under function ublAesAuth

    #if UBL_SIGNER
    HAL_AES_DELAY(); // Delay required for non-DMA AES as RDY bit only goes hi after read out below.

    // CBC-MAC generates output on the last block.
    for (uint8 cnt = 0; cnt < KEY_BLENGTH; cnt++)
    {
    sigBuf[cnt] = ENCDO;
    }

    if (ctrlBlk.allowSignCmd != 0) // If requested to sign this image.
    {
    ctrlBlk.allowSignCmd = 0;
    (void)memcpy(ctrlBlk.signature, sigBuf, KEY_BLENGTH);
    UBL_NVM_SET(UBL_ADDR_CTRL, &ctrlBlk, sizeof(aes_ctrl_blk_t));
    UBL_NVM_GET(UBL_ADDR_CTRL, &ctrlBlk, sizeof(aes_ctrl_blk_t));
    }

    signMode = TRUE; // Now the Signer should encrypt the read back.
    return FALSE;
    #else // A signer must always return FALSE so that usb_msd.c does not save the file name to flash.
    if (memcmp(ctrlBlk.signature, sigBuf, KEY_BLENGTH))
    #endif
    {
    // return FALSE;
    }
    #endif

  • 0 in reply to jeff jeff1
    Prodigy 120 points

    Just connected uart through USB to uart chipset , with connection of CTS and RTS , finally worked