- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
- Home
- :
- Identification and Security
- :
- Secure Authentication
- :
- SE050: NIST Key Wrapping using secure element
SE050: NIST Key Wrapping using secure element
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SE050: NIST Key Wrapping using secure element
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am trying to replicate a software-crypto module to use the secure element (SE050). The way the design works is that, the crypto module is initialized with a dmk key and three other keys as (dck, dkek, cpk) are derived from this key. After deriving these keys, they are transient keys in host krypto and I store them in the SE key store to use the dck for aead encryption and decryption. (Till here works fine)(If you see any problem or have any point about these steps please share with me)!
Now, A new wrapped key is received which has to be unwrapped using the dkek(kek) key ( I can retrieve the key object of the dkek which I derived and stored beforehand). After unwrapping the crpyto-module is initialized with this new unwrapped key and the other keys are derived again. I am not able to find my on how to implement this nist unwrapping using secure element. Here's the mbedTLS code version which I want to implement it using the secure element. Could you give me some hints or is there an example?
kek_ is the dkek key.
nist_unwrap(AES128Key *&key, octet *wrapped_key, size_t len_wrapped_key) {
mbedtls_nist_kw_context ctx;
//Initialise key-wrap context
mbedtls_nist_kw_init(&ctx);
//Set up the context
int res = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, kek_->key_, kek_->length_, KWMODE_UNWRAP);
if (res) {
mbedtls_nist_kw_free(&ctx);
return res;
}
auto output = new octet[len_wrapped_key];
size_t len_output;
res = mbedtls_nist_kw_unwrap(&ctx, MBEDTLS_KW_MODE_KW,
wrapped_key,
len_wrapped_key, /* here the length is NOT!!!! in the number of semiblocks, doc is wrong*/
output, &len_output,
len_wrapped_key);
mbedtls_nist_kw_free(&ctx);
if (res) {
if (res == MBEDTLS_ERR_CIPHER_AUTH_FAILED) {
return -2;
} else {
return res;
}
}
// set the key with the found.
return deserializeKeyHeader(key, output, len_output);
}
Kan_Li
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Zarein94 ,
Actually neither MW nor SDK has a separate NIST KW demo.
But there is a self-test, placed in middleware\mbedtls\library\nist_kw.c in the mbedtls_nist_kw_self_test() function. It can be used as a demo example.
The NIST KW API is very clear https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/nist__kw_8h/
And AES is HW accelerated on all platforms.
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
