FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How can I create encrypted data for i.MX-RT 1050's BEE ?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How can I create encrypted data for i.MX-RT 1050's BEE ?

‎02-01-2019 01:28 AM
2,201 Views
shinyakondo
Contributor I

How can I create encrypted data for i.MX-RT 1050's BEE ?
I tried to create it using openssl, but I can not decode it successfully with BEE.

  1. $ openssl enc -e -aes-128-ctr -iv 0 –K 010203040506070809000A0B0C0D0E0F -nosalt -in TEST.BIN -out TEST_ENC.BIN
  2.  write TEST_ENC.BIN to QSPI serial flash rom at target board ( offset: 0x00030000, abs address 0x60030000 )

// use fsl_bee.c

#include "fsl_bee.h"

#define FLEXSPI_START_ADDR 0x60030000U

#define BEE_USE_USER_KEY 1

#define REG0_START_ADDR_GPR GPR18
#define REG0_END_ADDR_GPR GPR19
#define REG0_DECRYPT_EN_GPR GPR11
#define REG0_DECRYPT_EN IOMUXC_GPR_GPR11_BEE_DE_RX_EN(1)

#define AES_KEY_LEN 16

#define AES_NONCE_LEN 16

#define BEE_REGION_SIZE 0x1000U

static const uint8_t aesKey[] = {0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x00, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01};

static const uint8_t aesNonce[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

void TestBee()

{

  bee_region_config_t beeConfig;
   IOMUXC_GPR_Type *iomuxc = IOMUXC_GPR;
   BEE_Init(BEE);

   BEE_GetDefaultConfig(&beeConfig);
   
   beeConfig.region0Mode = kBEE_AesCtrMode;
   beeConfig.region1Bot = 0U;
   beeConfig.region1Top = 0U;


   iomuxc->REG0_START_ADDR_GPR = FLEXSPI_START_ADDR;
   iomuxc->REG0_END_ADDR_GPR = FLEXSPI_START_ADDR + BEE_REGION_SIZE;
   iomuxc->REG0_DECRYPT_EN_GPR = REG0_DECRYPT_EN;

  

   BEE_SetConfig(BEE, &beeConfig);

   BEE_SetRegionKey(BEE, kBEE_Region0, aesKey, AES_KEY_LEN);
   BEE_SetRegionNonce(BEE, kBEE_Region0, aesNonce, AES_NONCE_LEN);
   BEE_Enable(BEE);

   // dump 0x60030000 -> NG

   BEE_Deinit(BEE);

}

Labels (1)
Labels
Reply
3 Replies

‎02-14-2019 07:12 PM
1,729 Views
shinyakondo
Contributor I

We solved the problem by setting as follows.

  • openssl's iv
    • bit 128:32 is unique value
    • bit 31:0 is top address >> 4
    • ex.

              nonce unique value: 1234567890ABCDEF01020304

        crypt top address: 0x60030000

        iv:     1234567890ABCDEF0102030406003000 

        aesKey: 010203040506070809000A0B0C0D0E0F

$ openssl enc -e -aes-128-ctr -nopad -nosalt -K 010203040506070809000A0B0C0D0E0F -iv 1234567890ABCDEF0102030406003000 -in TEST.BIN -out TEST_ENC.BIN

  • need endianSwapEn option
beeConfig.endianSwapEn = kBEE_EndianSwapEnabled;
  • Bit 32: 0 of BEE_SetRegionNonce() 's aesNonce needs to set 0

static const uint8_t aesNonce[] = {0x00, 0x00, 0x00, 0x00, 0x04, 0x03, 0x02, 0x01, 0xEF, 0xCD, 0xAB, 0x90, 0x78, 0x56, 0x34, 0x12};

Reply

‎08-05-2019 02:05 AM
1,729 Views
ng_h_nhan0207
Contributor I

Dear Shinya Kondo,

Can you share the project of encrypted data with MCUXpresso?

Best regards,

Nhan Nguyen.

0 Kudos
Reply

‎02-11-2019 04:46 PM
1,729 Views
victorjimenez
NXP TechSupport
NXP TechSupport

Hello Shinya Kondo,

In the SDK you can find an example of the Bus Encryption Engine (BEE). I recommend you checking this example and use it as a base for your project.

pastedImage_790.png

You can download the SDK from the following link.

Hope it helps!

Victor.

-----------------------------------------------------------------------------------------------------------------------

Note: If this post answers your question, please click the Correct Answer button. Thank you!

-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply