S32K314 importing ECC public key ImportEccKeyReq function returns error 0x055A5A399

Is it possible to share simple project to reproduce it on my side?

Here's the problem:

I can see that you have two groups for SHARED_SECRET in RAM catalog:

When computing shared secret, key handle 0x00020900 (RAM catalog, group 9, key 0) is passed to the function:

However, when you step over the function, the key allocator selects key handle 0x00020800 (RAM catalog, group 8, key 0):

So, the shared secret is stored to 0x00020800. 

But then, in your function KdfSP800_56C_ONESTEP_ReqTest_demo, you configure the original key handle 0x00020900 as a source key handle. Not the one that was assigned by key allocator:

So, that's the reason why the key slot looks like empty - because it is actually empty. You need to select a key handle which was allocated by key allocator. 

Regards,

Lukas 

 

Providing the C file can be added to your project to help with verification. Thank you.

Hi @铅笔 

I did quick test on my side and it works as expected:

My project is attached. 

Have you tried to disable data cache?

Regards,

Lukas

I compared the DEMO you provided in the attachment with mine, and they are consistent. Currently, I have tried both scenarios with caching enabled and disabled, and the phenomena are as follows:
1. With caching enabled, but the sending and receiving variables were placed in the corresponding no-cache section, the results are as previously mentioned; reading the version number and generating the shared key are normal, but importing the public key using ImportEccKeyReq returned an error 0x055A5A399, preventing subsequent key exchange and key derivation steps from proceeding. 2. With caching disabled, the public key import using ImportEccKeyReq (step 4) and the key exchange DHSharedSecretCompute (step 5) returned normally, but the subsequent key derivation steps KdfSP800_56C_ONESTEP_ReqTest_demo (step 6) and HSEKeyDeriveExtractKeyReq (step 7) returned a key slot empty error 0xA5AA5317. Based on the above attempts, after step 5 DHSharedSecretCompute, I imported a 32-byte fake shared key into the corresponding shared key slot using ImportSharedKeyReq(&SHARED_ImportSecret_1_0), and steps 6 and 7 returned correctly and derived the corresponding key, which leads me to conclude that although step 4 ImportEccKeyReq function returned normally, it did not successfully import the public key. The current running project is based on a newly created S32K314 project in S32DS, and then I imported the corresponding functional files from the HSE DEMO; I'm not sure if this affects the execution results. I have tried many methods and still cannot solve the problem, please help analyze the issue, thank you.

uint8_t sharedSecretKey[32] =
{ 0x00, 0xd0, 0x07, 0xe1, 0xb9, 0xaf, 0xcc, 0x31, 0x2e, 0xec, 0x9c, 0xec, 0xff,
0xa0, 0x28, 0x07, 0x52, 0xbb, 0xd1, 0x95, 0x31, 0x82, 0xed, 0xef, 0x12,
0xf3, 0xfc, 0x36, 0x6e, 0x8f, 0x43, 0x56
};

void HSE_CryptoKeyTest(void)
{
hseSrvResponse_t HseResponse;

hseKeyHandle_t eccRAMKeyHandle = HSE_DEMO_RAM_ECC_PAIR_KEY_HANDLE;
hseKeyHandle_t DHSharedSecretRAMKeyHandle = HSE_DEMO_DH_SHARED_SECRET_HANDLE;

hseKeyHandle_t AESDerivedKeyInfoHandle0 = HSE_DEMO_RAM_AES256_KEY0;
hseKeyHandle_t AESDerivedKeyInfoHandle1 = HSE_DEMO_RAM_AES128_KEY1;
hseKeyHandle_t ImportEccPubRAMKeyHandle = HSE_DEMO_RAM_ECC_PUB_KEY_HANDLE;


HseResponse = GenerateEccKeyAndExportPublic(HSE_DEMO_RAM_ECC_PAIR_KEY_HANDLE, HSE_EC_SEC_SECP256R1, (HSE_KF_USAGE_EXCHANGE | HSE_KF_ACCESS_EXPORTABLE), eccP256PubKeyGet);
printf("hse_step3: %X\n\r", HseResponse);

HseResponse = ImportEccKeyReq(
HSE_DEMO_RAM_ECC_PUB_KEY_HANDLE,
HSE_KEY_TYPE_ECC_PUB,
(HSE_KF_USAGE_EXCHANGE | HSE_KF_ACCESS_EXPORTABLE),
HSE_EC_SEC_SECP256R1,
KeyBitLen(HSE_EC_SEC_SECP256R1),
eccP256PubKeyGet,
NULL);
printf("hse_step4: %X\n\r", HseResponse);

HseResponse = DHSharedSecretCompute(
HSE_DEMO_RAM_ECC_PUB_KEY_HANDLE,
HSE_DEMO_RAM_ECC_PAIR_KEY_HANDLE,
&DHSharedSecretRAMKeyHandle,
RAM_KEY,
KeyBitLen(HSE_EC_SEC_SECP256R1));
printf("hse_step5: %X\n\r", HseResponse);

// ImportSharedKeyReq(&SHARED_ImportSecret_1_0);


HseResponse = KdfSP800_56C_ONESTEP_ReqTest_demo();
printf("hse_step6: %X\n\r", HseResponse);

HseResponse = HSEKeyDeriveExtractKeyReq
(
KdfSP800_56C_ONESTEP_Scheme_1_0.kdfCommon.targetKeyHandle,
0,
&AESDerivedKeyInfoHandle1,
RAM_KEY,
aes128KeyInfo
);
printf("hse_step7: %X\n\r", HseResponse);
}

What is inside KdfSP800_56C_ONESTEP_ReqTest_demo()? It looks like wrong key handle is used in this function. 

hseKdfSP800_56COneStepScheme_t KdfSP800_56C_ONESTEP_Scheme_1_0 =
{
.salt = {
.saltKeyHandle = HSE_INVALID_KEY_HANDLE,
.saltLength = 0,
.pSalt = NULL
},
.kdfCommon = {
.prfAlgo = HSE_KDF_SHA2_256,
.srcKeyHandle = HSE_INVALID_KEY_HANDLE,
.targetKeyHandle = HSE_INVALID_KEY_HANDLE,
.keyMatLen = BITS_TO_BYTES(256UL),
.kdfPrf = HSE_KDF_PRF_HASH,
.pInfo = (HOST_ADDR)KdfSP800_56C_ONESTEP_FixedInfo_1_0,
.infoLength = ARRAY_SIZE(KdfSP800_56C_ONESTEP_FixedInfo_1_0)
}
};

hseSrvResponse_t KdfSP800_56C_ONESTEP_ReqTest_demo()
{
hseSrvResponse_t hseResponse;
hseKeyHandle_t DHSharedSecretRAMKeyHandle = HSE_DEMO_DH_SHARED_SECRET_HANDLE;

hseResponse = HKF_AllocKeySlot(RAM_KEY, HSE_KEY_TYPE_SHARED_SECRET, KdfSP800_56C_ONESTEP_Scheme_1_0.kdfCommon.keyMatLen * 8U, &targetSharedSecretKey_0);

KdfSP800_56C_ONESTEP_Scheme_1_0.kdfCommon.srcKeyHandle = DHSharedSecretRAMKeyHandle;
KdfSP800_56C_ONESTEP_Scheme_1_0.kdfCommon.targetKeyHandle = targetSharedSecretKey_0;

hseResponse = KdfSP800_56C_ONESTEP_Test_0(&KdfSP800_56C_ONESTEP_Scheme_1_0);

return hseResponse;
}

static hseSrvResponse_t KdfSP800_56C_ONESTEP_Test_0(hseKdfSP800_56COneStepScheme_t *pKdfScheme)
{
hseSrvResponse_t hseResponse;

hseResponse = HSEKdfSP800_56COneStepReq(pKdfScheme);

return hseResponse;
}