Question about Hashcrypt in LPC55S69

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Question about Hashcrypt in LPC55S69

ソリューションへジャンプ
1,699件の閲覧回数
mat1024
Contributor III

Hi,

 

I am trying to use 'an elliptic curve' for signing and verifying in Trustzone,

but it seems that there is no example of it.

There is a benchmark using mbedTLS, so I've been trying to port it into my trustzone project,

but whenever I debugged, the board always was stuck in 'hashcrypt_sha_finalize', more specifically, 

/* poll wait for final digest */
    while (0U == (base->STATUS & HASHCRYPT_STATUS_DIGEST_MASK))
    {
    }

I searched what this status means, but I couldn't find meaningful results.

Any comments would be greatly appreciated.

 

Let me specify what I have done in the program.

  1. Copy and paste 'lpcxpresso55s69_mbedtls_benchmark' project into my project
  2. Due to the size limitation of secure flash memory, increase the flash size in build setting and adjust secure flash memory and non-secure flash memory in TZ setting
  3. Call functions from the example, in order,
    1. CRYPTO_InitHardware()
    2. mbedtls_ecdsa_init( &ecdsa )
    3. mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL )
    4. mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size, tmp, &sig_len, myrand, NULL )

Everything goes fine except for the last one, mbedtls_ecdsa_write_signature().

During calling the function, it's stuck at the sha function as I mentioned above.

 

Thank you so much for reading!

ラベル(1)
タグ(1)
0 件の賞賛
返信
1 解決策
1,610件の閲覧回数
mat1024
Contributor III
0 件の賞賛
返信
6 返答(返信)
1,611件の閲覧回数
mat1024
Contributor III
0 件の賞賛
返信
1,668件の閲覧回数
CarlosGarabito
NXP TechSupport
NXP TechSupport

hi @mat1024 

My apologies, but this example is from mbed, so you need to check it with the community correspondent https://os.mbed.com/forum/

0 件の賞賛
返信
1,663件の閲覧回数
mat1024
Contributor III

Also, the reason why I asked the question about "hashcrypt_sha_finalize()" is that it would be greatly helpful to me to guess what I missed if I get a hint for that part.

There is no information I found about the status bit of Hashcrypt, so any comments about this also very useful to me.

Thanks!!

0 件の賞賛
返信
1,664件の閲覧回数
mat1024
Contributor III

Hi @CarlosGarabito ,

Thanks for reaching me out.

I'm sorry that I forgot to demonstrate a few things.

The original example code worked well, which means that there is likely some configuration mismatched in my project, and that's why I asked the question here.

Configuration in software of my code (initializing power/clk/drivers) looks very similar with the one in the example.

So here's what I am thinking about the problem.

  • My program runs in Trustzone, and there is something I missed in the configuration
    • I increased the secure flash memory, adjusted the location of non-secure flash memory, and modified the secure regions in TEE setting
  • The memory used by Hashcrypt has conflicted with the memory used by other codes in my project
  • Defined symbols and included header files might be different from the one in the example code

The next step I would like to try is

  • Get rid of other codes in TZ in my code and use only codes from the example in TZ, or
  • Move all the codes from the example to the normal world

I will update after having a try.

Thanks!

0 件の賞賛
返信
1,657件の閲覧回数
mat1024
Contributor III

I tried to do the following two steps,

  • Get rid of other codes in TZ in my code and use only codes from the example in TZ, or
  • Move all the codes from the example to the normal world

and found that the first way did not work; although I removed all other codes except for the crypto codes from the example, it was still stuck at the aforementioned function.

The second way works well, which means that it is likely to take place since I put the code into the secure world.

Is there any code to use crypto functions in Trustzone for LPC55s69 boards?

0 件の賞賛
返信
1,651件の閲覧回数
mat1024
Contributor III

I think I found the reason why it has taken place.

In the SHA functions in fsl_hashcrypt.c file,

if "base->MEMADDR", which is the address of being hashed, is set to non-secure regions, then it works well, but if base->MEMADDR is set to secure regions, then the value of "base->MEMCTRL" is remained as 0 which makes "base->STATUS" 5.

"base->STATUS" should've been set to 3 in order to pass the infinite loop.

Could you let me know why this happens? Does this mean that I should use non-secure memory for the message which can be an input for signing?

Are there any related documents?

Any comments would be appreciated a lot!

 

Thanks!

0 件の賞賛
返信