- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am trying to use 'an elliptic curve' for signing and verifying in Trustzone,
but it seems that there is no example of it.
There is a benchmark using mbedTLS, so I've been trying to port it into my trustzone project,
but whenever I debugged, the board always was stuck in 'hashcrypt_sha_finalize', more specifically,
/* poll wait for final digest */
while (0U == (base->STATUS & HASHCRYPT_STATUS_DIGEST_MASK))
{
}
I searched what this status means, but I couldn't find meaningful results.
Any comments would be greatly appreciated.
Let me specify what I have done in the program.
- Copy and paste 'lpcxpresso55s69_mbedtls_benchmark' project into my project
- Due to the size limitation of secure flash memory, increase the flash size in build setting and adjust secure flash memory and non-secure flash memory in TZ setting
- Call functions from the example, in order,
- CRYPTO_InitHardware()
- mbedtls_ecdsa_init( &ecdsa )
- mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL )
- mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size, tmp, &sig_len, myrand, NULL )
Everything goes fine except for the last one, mbedtls_ecdsa_write_signature().
During calling the function, it's stuck at the sha function as I mentioned above.
Thank you so much for reading!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Solved!
Please refer to this post for more details.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Solved!
Please refer to this post for more details.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @mat1024
My apologies, but this example is from mbed, so you need to check it with the community correspondent https://os.mbed.com/forum/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also, the reason why I asked the question about "hashcrypt_sha_finalize()" is that it would be greatly helpful to me to guess what I missed if I get a hint for that part.
There is no information I found about the status bit of Hashcrypt, so any comments about this also very useful to me.
Thanks!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @CarlosGarabito ,
Thanks for reaching me out.
I'm sorry that I forgot to demonstrate a few things.
The original example code worked well, which means that there is likely some configuration mismatched in my project, and that's why I asked the question here.
Configuration in software of my code (initializing power/clk/drivers) looks very similar with the one in the example.
So here's what I am thinking about the problem.
- My program runs in Trustzone, and there is something I missed in the configuration
- I increased the secure flash memory, adjusted the location of non-secure flash memory, and modified the secure regions in TEE setting
- The memory used by Hashcrypt has conflicted with the memory used by other codes in my project
- Defined symbols and included header files might be different from the one in the example code
The next step I would like to try is
- Get rid of other codes in TZ in my code and use only codes from the example in TZ, or
- Move all the codes from the example to the normal world
I will update after having a try.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried to do the following two steps,
- Get rid of other codes in TZ in my code and use only codes from the example in TZ, or
- Move all the codes from the example to the normal world
and found that the first way did not work; although I removed all other codes except for the crypto codes from the example, it was still stuck at the aforementioned function.
The second way works well, which means that it is likely to take place since I put the code into the secure world.
Is there any code to use crypto functions in Trustzone for LPC55s69 boards?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think I found the reason why it has taken place.
In the SHA functions in fsl_hashcrypt.c file,
if "base->MEMADDR", which is the address of being hashed, is set to non-secure regions, then it works well, but if base->MEMADDR is set to secure regions, then the value of "base->MEMCTRL" is remained as 0 which makes "base->STATUS" 5.
"base->STATUS" should've been set to 3 in order to pass the infinite loop.
Could you let me know why this happens? Does this mean that I should use non-secure memory for the message which can be an input for signing?
Are there any related documents?
Any comments would be appreciated a lot!
Thanks!