ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

a question about key import in s32k

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

a question about key import in s32k

‎11-25-2022 06:07 AM
2,019件の閲覧回数
cfyywcc
Contributor II

In our s32k project, we want to encrypt/decrypt data by using the aes128cbc of CSEc module, but i don't understand how to import the key bytes to the CSEc modle.

in one user manual, i've noticed that, for security purpose we should not use plaintext key in code but use the derived m1-m5, which means:

1.KDF(plaintext key: "123456789abc"), and output M1/M2/M3/M4/M5, which is irreversible, irreversible, irreversible.

2. load M1-M3 to CSEc,and get M4_/M5_

3. compare M4_/M5_ to M4/M5, if matched,it means the key loadinng success

but,,,,,,how ?why?

since the 1st step mentioned above is irreversible,  even if M1//M3 is loaded to CESc, it can not get the original plaintext: "123456789abc", so how does it work to  decrypt one cipher  packet which is encrypted with the key "123456789abc" in my peer host pc.

 

Any kind repy is appreciated!

 

タグ(4)
0 件の賞賛
返信
3 返答(返信)

‎11-25-2022 11:06 AM
2,006件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

have you already seen AN5401?

https://www.nxp.com/webapp/Download?colCode=AN5401&location=null

https://www.nxp.com/webapp/Download?colCode=AN5401SW&location=null

It should provides all necessary details  you need to know at the beginning.

 

One thing is a key which is used to encrypt/decrypt a message a second thing is the message. A key is loaded to the CSEc during initialization of the device. You can’t read the key anymore, you can only update it if needed (for update, you need to know previous value of the key or MASTER_ECU_KEY). All this behavior is given by SHE specification (you can find that on the web).

If you receive a message encrypted by the same key, the key can be used to decrypt the message and you will get original plain text.

Regards,

Lukas

0 件の賞賛
返信

‎11-25-2022 06:06 PM
1,997件の閲覧回数
cfyywcc
Contributor II

Thanks for your kind reply.

 

Yes,i've already read the an5401 doc

And also i know how to implement the encryption/decryption just step by step.

But i just wonder INSIDE the Csec module how does it get the plaintext key to encrypt or decrypt by just loading key with m1/m3 in code:

(Inside the CSEc) If m1/m3 can be reversely calculated to the original plaintext key,the distribution and declosure of m1/m3 is a safety risk.

(Inside the CSEc) If m1/m3 calculation is irreversable,inside the Csec,how does it get the actual plaintext key to encrypt or decrypt?(i mean... Message Encrypted with key "123456789abc" should be decrypted also with the same key,right?)

 

This is exactly what i don' understand.

I'm confused.....

 

0 件の賞賛
返信

‎11-28-2022 12:16 AM
1,976件の閲覧回数
lukaszadrapa
NXP TechSupport
NXP TechSupport

Hi,

the key cannot be reversely calculated from M1-M3 values without knowledge of authorizing key. Moreover, it's not possible to export the key. Only CSEc engine is able to read it. For user, it's not accessible ever. Because the CSEc knows the authorizing key, it's able to get the original plaintext key.

Regards,

Lukas

0 件の賞賛
返信