Hi,
I installed HSE firmware and demo app software on S32K358. However, when I try to load a AES key that has different key handle value, HSE responses as invalid param (0x55A5A399). I also formatted key catalogs after changing key handle value. What is the reason of it? How can I solve this?
Thank you
解決済! 解決策の投稿を見る。
The HSE FW reference manual can be downloaded in this page:
https://www.nxp.com/products/processors-and-microcontrollers/s32-automotive-platform/s32k-auto-gener...
Go to the Documentation -> Secure Files. Here you should find "HSE-B Firmware Reference Manual - V2.2", document number RM758222.
In case of:
#define HSE_DEMO_SHE_RAM_KEY_HANDLE GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 0)
... you are trying to put SHE key to group HSE_KEY_TYPE_AES:
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_AES, 10U, HSE_KEY128_BITS}
You need to make sure that the key type matches the group type.
In case of:
#define HSE_DEMO_RAM_AES128_KEY0 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 0, 0)
... you are trying to put AES key to group HSE_KEY_TYPE_SHE:
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_SHE, 1U, HSE_KEY128_BITS}
And in case of:
#define HSE_DEMO_RAM_AES128_KEY1 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 1)
... this one should work.
Please take a look at the manual as I wrote earlier.
Regards,
Lukas
Hi @Yetkin
Could you show me value of used key handle and how the key catalogs are defined? You can take a look at Table 45 in the HSE-B Firmware Reference Manual v2.2. It shows some examples of valid and invalid key handle value based on catalogs defined on previous page. This could help to find the root cause.
Regards,
Lukas
Hi @lukaszadrapa,
I do not have the reference manual that you mentioned. Could you share Table 45 with me if it won't be a problem?
These are the codes from the HSE demo software. I only changed the group indexes of related key handle values as you can see.
/* Points to an ECC key pair NVM slot */
/* #define HSE_DEMO_SHE_RAM_KEY_HANDLE GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 0, 0) Original key handle*/
#define HSE_DEMO_SHE_RAM_KEY_HANDLE GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 0)
/* #define HSE_DEMO_RAM_AES128_KEY0 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 0) Original key handle */
#define HSE_DEMO_RAM_AES128_KEY0 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 0, 0)
#define HSE_DEMO_RAM_AES128_KEY1 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 1)
/** @brief HSE RAM key catalog configuration*/
#define HSE_DEMO_RAM_KEY_CATALOG_CFG \
/* keyType numOfKeySlots maxKeyBitLen*/ \
/* Symmetric key */ \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_SHE, 1U, HSE_KEY128_BITS}, /* KEY_RAM */ \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_AES, 10U, HSE_KEY128_BITS}, \
{HSE_MU0_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_AES, 10U, HSE_KEY256_BITS}, /* HMAC key */ \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_HMAC, 6U, HSE_KEY1024_BITS}, /* RSA key */ \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_RSA_PUB, 2U, HSE_KEY2048_BITS}, \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_RSA_PUB_EXT, 1U, HSE_KEY1024_BITS}, \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, WRP_KEY_TYPE_ECC_PAIR, 2U, WRP_ECC_KEY_SIZE}, \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, WRP_KEY_TYPE_ECC_PUB, 5U, WRP_ECC_KEY_SIZE}, \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_SHARED_SECRET, 2U, HSE_KEY638_BITS}, \
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_SHARED_SECRET, 1U, HSE_KEY2048_BITS}, \
{ \
0U, 0U, 0U, 0U, 0U \
}
Sincerely,
Yetkin
The HSE FW reference manual can be downloaded in this page:
https://www.nxp.com/products/processors-and-microcontrollers/s32-automotive-platform/s32k-auto-gener...
Go to the Documentation -> Secure Files. Here you should find "HSE-B Firmware Reference Manual - V2.2", document number RM758222.
In case of:
#define HSE_DEMO_SHE_RAM_KEY_HANDLE GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 0)
... you are trying to put SHE key to group HSE_KEY_TYPE_AES:
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_AES, 10U, HSE_KEY128_BITS}
You need to make sure that the key type matches the group type.
In case of:
#define HSE_DEMO_RAM_AES128_KEY0 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 0, 0)
... you are trying to put AES key to group HSE_KEY_TYPE_SHE:
{HSE_ALL_MU_MASK, HSE_KEY_OWNER_ANY, HSE_KEY_TYPE_SHE, 1U, HSE_KEY128_BITS}
And in case of:
#define HSE_DEMO_RAM_AES128_KEY1 GET_KEY_HANDLE(HSE_KEY_CATALOG_ID_RAM, 1, 1)
... this one should work.
Please take a look at the manual as I wrote earlier.
Regards,
Lukas