FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to decrypt and use a black key?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to decrypt and use a black key?

‎06-27-2017 08:48 AM
4,433 Views
robertlubas
Contributor II

imx 6ul‌ caam cryptography secure memory #black key

Hello,

Suppose that, we have following scenario:

  1. Generate some random 256 bit key, and treat as red key.
  2. Create an encryption device mapper (e.g. root file system) with red key.
  3. Encapsulate this red key into red blob and store in no-volatile memory.
  4. Decapsulate red blob to obtain red key and store in secure memory.
  5. Cover the red key to a black key and store in secure memory.
  6. Use the covered key to decrypt something - in particular pass this key as keyfile to the plain dm-crypt (volume with encrypted root file system.

We are using i.MX6 UL, Linux version 4.1.15-6UL ( with CONFIG_CRYPTO_DEV_FSL_CAAM_SM_TEST=y) , CAAM read to use. There is know how to accomplish the first 5 points.The point 6 in the scenario is the blocker. I try to uncover the blackened key.

As a starting point I modified the sm_test.c and sm_store.c from drivers/crypto/caam:

  1. Just focused on 256 bit case.
  2. Covered (blacken/encrypt key) loaded clear key and obtain black key.
  3. Allocated secured memory for 256 bit key slot for uncovering process.
  4. Uncover (whiten) black key and store it in the key slot. ( based on blacken_key_jobdesc function )
  5. Read, display and compare the clear key with the uncovered key.

The output:

[ 2.078030] platform caam_sm: blkkey_ex: 8 keystore units available
[ 2.084656] platform caam_sm: 256-bit clear key:
[ 2.089487] platform caam_sm: [0000] 00 01 02 03 04 0f 06 07
[ 2.095196] platform caam_sm: [0008] 08 09 0a 0b 0c 0d 0e 0f
[ 2.101254] platform caam_sm: [0016] 10 11 12 13 14 15 16 17
[ 2.107062] platform caam_sm: [0024] 18 19 1a 1b 1c 1d 1e 1f
[ 2.140432] platform caam_sm: 256-bit black key:
[ 2.145091] platform caam_sm: [0000] f7 7f ef d3 dd 15 45 34
[ 2.150823] platform caam_sm: [0008] 84 8d 39 3d 85 fe e7 69
[ 2.156556] platform caam_sm: [0016] 5c 54 c5 27 1c 36 86 49
[ 2.162255] platform caam_sm: [0024] d0 6d 34 c2 35 6f 6a a7
[ 2.195698] platform caam_sm: 256-bit uncover black key:
[ 2.201050] platform caam_sm: [0000] f7 7f ef d3 dd 15 45 34
[ 2.206781] platform caam_sm: [0008] 84 8d 39 3d 85 fe e7 69
[ 2.212479] platform caam_sm: [0016] 5c 54 c5 27 1c 36 86 49
[ 2.218210] platform caam_sm: [0024] d0 6d 34 c2 35 6f 6a a7
...

The uncovering procedure work bad...

General questions are:

Is my thinking process it correct?

It is possible to read and display uncovered key?

Does anybody has working caam job descriptor for this uncovering process?

Thank you,
Robert Lubaś

Labels (2)
Labels
0 Kudos
Reply
1 Reply

‎06-29-2017 02:49 AM
3,003 Views
Yuri
NXP Employee
NXP Employee

Hello,

   Sorry, but the information you are requesting is treated as confidential info at this time and requires a signed NDA (Non-Disclosure Agreement). Naturally, we cannot discuss this with you in public anyway, this requires to be handled as a Service Request (SR).

Support|NXP 

Have a great day,
Yuri

-------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-------------------------------------------------------------------------------

Example code to protect user keys and sensitive data with black key and blob on i.MX6UL platform 

0 Kudos
Reply