topic Re: AES and ECDH key exchange in Secure Authentication

AES and ECDH key exchange

WorkerEmbedded — Tue, 17 Oct 2023 15:36:09 GMT

Hi! i'm tryna to modify a demo of se050 devboard running on LPC55S69 that make ECDH simulation with the integration of AES generation key, the added code is:

uint8_t aesKey[16] = {0};

size_t aesKeyLen = sizeof(aesKey);

size_t aesKeyBitLen = sizeof(aesKey) * 8;

sss_object_t keySingle = {0};

status = sss_key_object_init(&keySingle, &pCtx->ks);

ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);

status = sss_key_object_allocate_handle(&keySingle,

MAKE_TEST_ID(__LINE__),

kSSS_KeyPart_Default,

kSSS_CipherType_NONE,

16,

kKeyObject_Mode_Persistent);

ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);

status = sss_key_store_generate_key(&pCtx->ks, &keySingle, AES_KEY_BIT_LENGTH, 0);

ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);

status = sss_key_store_get_key(&pCtx->ks, &keySingle, aesKey, &aesKeyLen, &aesKeyBitLen);

ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);

LOG_MAU8_I("AES Key", aesKey, aesKeyLen);

I recived this error:

sss :WARN :nxEnsure:'keyObject->objectType == kSSS_KeyPart_Pair' failed. At Line:3493 Function:sss_se05x_key_store_generate_key
App :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:93 Function:ex_sss_entry
App :ERROR:ex_sss_ecdh Example Failed !!!...
App :INFO :ex_sss Finished
App :ERROR:ex_sss_entry Failed
App :ERROR:!ERROR! ret != 0.

Somebody can help me?

Re: AES and ECDH key exchange

WorkerEmbedded — Tue, 17 Oct 2023 15:37:22 GMT

i've already modify kSSS_CipherType_NONE in kSSS_CipherType_AES but nothing...

Re: AES and ECDH key exchange

Kan_Li — Thu, 19 Oct 2023 03:25:42 GMT

Hi @WorkerEmbedded ,

For symmetric key types such as AES key, it is not possible to use the generation functions, as the symmetric keys are not allowed to be read out when they are stored in the SE05x, so if they are generated inside, the host would never know what they are. You have to generate the AES key value from host, and then use set function to write the AES key into the SE.

Please refer to the demo of ex_sss_symmetric for more details.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Re: AES and ECDH key exchange

WorkerEmbedded — Thu, 19 Oct 2023 12:45:49 GMT

Thanks, i've another question... i'm trying to generate an ECC KeyPair with the sss_key_store_generate_key() functions.

I've see on the MW documentation that this function allow the return of the only PK,

what i'm supposed to recive is a 65 bytes but i noticed that are 91... I think that is a DER rapresentation of it an that i've to extract the pk

is correct?

Re: AES and ECDH key exchange

Kan_Li — Mon, 23 Oct 2023 02:02:33 GMT

Hi @WorkerEmbedded ,

I am sorry, but are you referring to sss_key_store_get_key instead? Is it possible to have your code for a review?

Best Regards,

Kan