Question about Hashcrypt in LPC55S69

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Question about Hashcrypt in LPC55S69

Jump to solution
1,640 Views
mat1024
Contributor III

Hi,

 

I am trying to use 'an elliptic curve' for signing and verifying in Trustzone,

but it seems that there is no example of it.

There is a benchmark using mbedTLS, so I've been trying to port it into my trustzone project,

but whenever I debugged, the board always was stuck in 'hashcrypt_sha_finalize', more specifically, 

/* poll wait for final digest */
    while (0U == (base->STATUS & HASHCRYPT_STATUS_DIGEST_MASK))
    {
    }

I searched what this status means, but I couldn't find meaningful results.

Any comments would be greatly appreciated.

 

Let me specify what I have done in the program.

  1. Copy and paste 'lpcxpresso55s69_mbedtls_benchmark' project into my project
  2. Due to the size limitation of secure flash memory, increase the flash size in build setting and adjust secure flash memory and non-secure flash memory in TZ setting
  3. Call functions from the example, in order,
    1. CRYPTO_InitHardware()
    2. mbedtls_ecdsa_init( &ecdsa )
    3. mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL )
    4. mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size, tmp, &sig_len, myrand, NULL )

Everything goes fine except for the last one, mbedtls_ecdsa_write_signature().

During calling the function, it's stuck at the sha function as I mentioned above.

 

Thank you so much for reading!

Labels (1)
Tags (1)
0 Kudos
Reply
1 Solution
1,551 Views
mat1024
Contributor III
0 Kudos
Reply
6 Replies
1,552 Views
mat1024
Contributor III
0 Kudos
Reply
1,609 Views
CarlosGarabito
NXP TechSupport
NXP TechSupport

hi @mat1024 

My apologies, but this example is from mbed, so you need to check it with the community correspondent https://os.mbed.com/forum/

0 Kudos
Reply
1,604 Views
mat1024
Contributor III

Also, the reason why I asked the question about "hashcrypt_sha_finalize()" is that it would be greatly helpful to me to guess what I missed if I get a hint for that part.

There is no information I found about the status bit of Hashcrypt, so any comments about this also very useful to me.

Thanks!!

0 Kudos
Reply
1,605 Views
mat1024
Contributor III

Hi @CarlosGarabito ,

Thanks for reaching me out.

I'm sorry that I forgot to demonstrate a few things.

The original example code worked well, which means that there is likely some configuration mismatched in my project, and that's why I asked the question here.

Configuration in software of my code (initializing power/clk/drivers) looks very similar with the one in the example.

So here's what I am thinking about the problem.

  • My program runs in Trustzone, and there is something I missed in the configuration
    • I increased the secure flash memory, adjusted the location of non-secure flash memory, and modified the secure regions in TEE setting
  • The memory used by Hashcrypt has conflicted with the memory used by other codes in my project
  • Defined symbols and included header files might be different from the one in the example code

The next step I would like to try is

  • Get rid of other codes in TZ in my code and use only codes from the example in TZ, or
  • Move all the codes from the example to the normal world

I will update after having a try.

Thanks!

0 Kudos
Reply
1,598 Views
mat1024
Contributor III

I tried to do the following two steps,

  • Get rid of other codes in TZ in my code and use only codes from the example in TZ, or
  • Move all the codes from the example to the normal world

and found that the first way did not work; although I removed all other codes except for the crypto codes from the example, it was still stuck at the aforementioned function.

The second way works well, which means that it is likely to take place since I put the code into the secure world.

Is there any code to use crypto functions in Trustzone for LPC55s69 boards?

0 Kudos
Reply
1,592 Views
mat1024
Contributor III

I think I found the reason why it has taken place.

In the SHA functions in fsl_hashcrypt.c file,

if "base->MEMADDR", which is the address of being hashed, is set to non-secure regions, then it works well, but if base->MEMADDR is set to secure regions, then the value of "base->MEMCTRL" is remained as 0 which makes "base->STATUS" 5.

"base->STATUS" should've been set to 3 in order to pass the infinite loop.

Could you let me know why this happens? Does this mean that I should use non-secure memory for the message which can be an input for signing?

Are there any related documents?

Any comments would be appreciated a lot!

 

Thanks!

0 Kudos
Reply