• State
  • Replies 1 reply
  • Subscribers 55 subscribers
  • Views 120 views
  • Users 0 members are here
Support feedback
Options
Options
Related

CC2745R10-Q1: PSA Crypto Sign and Verify [CC2745R10-Q1]

Nafeesath Thwayyiba M P
Prodigy 10 points
Part Number: CC2745R10-Q1
Other Parts Discussed in Thread: SYSCONFIG

Tool/software:

Hello,

 

We are currently testing PSA Crypto Sign and Verify operations using the Keystore, but we encounter failure/exception during execution.

Could you please review our setup and let us know if we are missing any required steps or configurations. Test code attached.

 

Apologies for the lengthy mail.

 

Please find the details below:

Environment:

  • Evaluation Board: (LP-XDS-110): LP_EM_CC2745R10_Q1.
  • SDK: simplelink_lowpower_f3_sdk_9_10_00_83
  • IDE: CCS Version: 20.1.1.8__1.7.1
  • HSM Firmware: simplelink_lowpower_f3_sdk_9_10_00_83\bin\hsm\cc27xxx10_hsm_fw_v3.0.0.bin
  • SysCfg: PSA+Keystore is enabled.
  • Initialization: psa_crypto_init is called and it succeeds.

 

APIs Tested:

  1. psa_generate_random -> Works as expected.
  2. ECDSA Sign and Verify (Direct driver APIs are called : drivers\ecdsa\ECDSALPF3HSM.c) -> Works correctly with ECDSA enabled in syscfg.
  3. ECDSA Sign and Verify using PSA wrapper APIs: Fails/throws exception. Note: ECDSA is not enabled in syscfg for this test
  4. PSA Wrapper API failures:
  1. psa_sign_message.

 

  1. PSA_KEY_LIFETIME_VOLATILE
  2. PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_HSM_ASSET_STORE, PSA_KEY_LOCATION_HSM_ASSET_STORE)

                  

 

  1. PSA_KEY_LIFETIME_PERSISTENT
  1. psa_generate_key fails with -135 error if psa_set_key_id is not called.
  2. Throws exception in psa_generate_key if psa_set_key_id is done.

 

  1. Two step signing: psa_hash_compute + psa_sign_hash

 

  1. PSA_KEY_LIFETIME_VOLATILE

 

 

  1. PSA_KEY_LIFETIME_PERSISTENT
  1. psa_generate_key fails with -135 error if psa_set_key_id is not called.
  2. Throws exception in psa_generate_key if psa_set_key_id is done.

 

Questions:

  1. Is the ECC curve PSA_ECC_FAMILY_SECP_R1 fully supported and enabled. (It appears to be enabled as per the documentation)
  2. Are there any additional SysConfig settings required to properly enable ECC when using Keystore with persistent keys
  3. For testing with volatile keys, is it recommended to disable Keystore in SysConfig.
  4. Is there any example code available that demonstrates Keystore based asymmetric key operations (ex. ECDSA Sign/Verify) using PSA wrapper APIs.

 

Thank you

 

Mit freundlichen Grüßen / Best regards

Thwayyiba

  • 0
    TI__Prodigy 450 points

    1. Yes, the full PSA library is supported, including PSA_ECC_FAMILY_SECP_R1

    2. No, I believe the ones you mentioned above are all you need.

    3. For volatile keys, those must be separately selected via SysConfig tool in addition to enabling KeyStore. By default, there is no space for volatile keys so that is why you have to separately add them in SysConfig.

    4. No, the only examples we have for PSA are the AEADEncrypt and RawKeyAgreement

    Thanks,

    Eshaan