AES and ECDH key exchange

WorkerEmbedded · ‎10-17-2023

Hi! i'm tryna to modify a demo of se050 devboard running on LPC55S69 that make ECDH simulation with the integration of AES generation key, the added code is:

uint8_t aesKey[16] = {0};

size_t aesKeyLen = sizeof(aesKey);

size_t aesKeyBitLen = sizeof(aesKey) * 8;

sss_object_t keySingle = {0};

status = sss_key_object_init(&keySingle, &pCtx->ks);

ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);

status = sss_key_object_allocate_handle(&keySingle,

MAKE_TEST_ID(__LINE__),

kSSS_KeyPart_Default,

kSSS_CipherType_NONE,

16,

kKeyObject_Mode_Persistent);

ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);

status = sss_key_store_generate_key(&pCtx->ks, &keySingle, AES_KEY_BIT_LENGTH, 0);

ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);

status = sss_key_store_get_key(&pCtx->ks, &keySingle, aesKey, &aesKeyLen, &aesKeyBitLen);

ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success);

LOG_MAU8_I("AES Key", aesKey, aesKeyLen);

I recived this error:

sss :WARN :nxEnsure:'keyObject->objectType == kSSS_KeyPart_Pair' failed. At Line:3493 Function:sss_se05x_key_store_generate_key
App :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:93 Function:ex_sss_entry
App :ERROR:ex_sss_ecdh Example Failed !!!...
App :INFO :ex_sss Finished
App :ERROR:ex_sss_entry Failed
App :ERROR:!ERROR! ret != 0.

Somebody can help me?

Kan_Li · ‎10-18-2023

Hi @WorkerEmbedded ,

For symmetric key types such as AES key, it is not possible to use the generation functions, as the symmetric keys are not allowed to be read out when they are stored in the SE05x, so if they are generated inside, the host would never know what they are. You have to generate the AES key value from host, and then use set function to write the AES key into the SE.

Please refer to the demo of ex_sss_symmetric for more details.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

Kan_Li · ‎10-18-2023

Hi @WorkerEmbedded ,

For symmetric key types such as AES key, it is not possible to use the generation functions, as the symmetric keys are not allowed to be read out when they are stored in the SE05x, so if they are generated inside, the host would never know what they are. You have to generate the AES key value from host, and then use set function to write the AES key into the SE.

Please refer to the demo of ex_sss_symmetric for more details.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

WorkerEmbedded · ‎10-19-2023

Thanks, i've another question... i'm trying to generate an ECC KeyPair with the sss_key_store_generate_key() functions.

I've see on the MW documentation that this function allow the return of the only PK,

what i'm supposed to recive is a 65 bytes but i noticed that are 91... I think that is a DER rapresentation of it an that i've to extract the pk

is correct?

Kan_Li · ‎10-22-2023

Hi @WorkerEmbedded ,

I am sorry, but are you referring to sss_key_store_get_key instead? Is it possible to have your code for a review?

Best Regards,

Kan

WorkerEmbedded · ‎10-17-2023

i've already modify kSSS_CipherType_NONE in kSSS_CipherType_AES but nothing...