PRF function in HSE

1. The HSE service response is as attached in the image1.png.
2. Regarding the contents of the PRF function I have attached the master.c program above.

Hello @ashwini2024,

Thanks for the information, I see that the error is just "general error" so we cannot get much details following that. 

About the contents of srv_desc.hseSrv.keyDeriveReq.sch.TLS12Prf, sorry for not asking more clearly, I meant the contents of the structure at run time, this is to get the actual information that is being sent to the HSE.

Thanks in advance.

Thank you for the clarification. 
I will attach the output in image3.png.

Hello @ashwini2024, 

Thanks for the information, here are my findings, some are just recommendations since I do not know your setup:

You are usgin the following parameter as "not used", while the API manual indicates that for "master secret" is needed

Ensure the key handle (0x00020600) has the required flags

Please use a different key handle than pskKeyHandle, since they have different requirements

Please ensure that the targetKeyHandle (0x00000000) has the required flags

Please check the noes above and let me know if the behavior changes, if you receive a different error, please let me know.

Thanks!

Hello

Thank you for the reply.

As per your inputs I have updated my code and is as attached I am still facing the same issue.
I have also attached the flags that are set for each key handle.

Here is the updated code.

Here are the attached files.

Hello @ashwini2024,

Thanks for the test, Please test using different key slots for pskKeyHandle and srcKeyHandle. Please ensure the requirements detailed in the API ref manual are met:

Please let me know if the behavior changes,
Thanks

Hello 

Please have a look at my service descriptor values that I am passing I have updated the key handles. But still I am facing the general error , I do not understand why i dont get invalid parameters error if the inputs I pass are invalid.

Hello @ashwini2024,

did you mean yo attach another version of your service descriptor? I cannot see any file. 

About the error, this might be because it the params are "valid values" but invalid at a "logic level".

Let me know if you meant to attach another file or you meant the original one

Thanks

Hello , 
Here is my updated code.
Also I have generated a AES-128 bit key in NVM slot and set the usage flag for the key handle as :HSE_KF_USAGE_DERIVE

Please let me know what is the issue with my service descriptor and why I am facing the general error.

Hello @ashwini2024,

Please share the output of the prints you have in your program and the key flags you have for the the three key slots you are using:

Also please use memcpy instead of the assignment operator, as done in the demo app to avoid any problems:

Thanks

Hello @alejandro_e,
Would you be able to reproduce the master key generation process on your end and let me know if it works for you?

Hello @ashwini2024,

I have not tested, I been somewhat overloaded the pasts weeks and setting up a Linux Configuration with HSE might take some time which I cannot fit in my schedule at the moment. For now I can only guide you following the information you share and the documentation available.

Have you done other test which might help us narrow down the problem?

Thanks. 

I have attached the usage flags for the key handles.

Thank you very much for your response. I’ve updated the code based on your suggestions, but I’m still encountering the same error.

Hello @ashwini2024,

I contacted the internal team in parallel and they gave me relevant information, there is a sample project (of which I was not aware until now) , it includes examples on how to use HSE fo TLS, you can download it from FlexNet, it is under Automotive SW – S32G Reference Software and it is named Automotive SW - S32G - mbedTLS, after downloading and installing the exe installer, SW32G3XX_MbedTLS(wHSE)_RTM_1.0.0_230224.exe, you will have the sample project in C:\NXP\SW32G3XX_MbedTLS(wHSE)_RTM_1.0.0.

Please let me know if you need anything else

Could you please let me know which key handle i must use from the HSE firmware version :HSE_FW_S32G3XX_0_2_64_0 for psk handle , src handle and target handle in the global_defs.h for hse standard firmware.

Hi @alejandro_e,

I've noticed that in pkcs11, the following mechanisms are defined:
#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL)
#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL)
#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL)

However, I couldn't find any implementation for these mechanisms. Could you please guide me on where I can add my own custom implementations for them?Is it possible to send a custom implementation for the same?

Thanks!