Question about Hashcrypt in LPC55S69

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决

Question about Hashcrypt in LPC55S69

跳至解决方案
772 次查看
mat1024
Contributor II

Hi,

 

I am trying to use 'an elliptic curve' for signing and verifying in Trustzone,

but it seems that there is no example of it.

There is a benchmark using mbedTLS, so I've been trying to port it into my trustzone project,

but whenever I debugged, the board always was stuck in 'hashcrypt_sha_finalize', more specifically, 

/* poll wait for final digest */
    while (0U == (base->STATUS & HASHCRYPT_STATUS_DIGEST_MASK))
    {
    }

I searched what this status means, but I couldn't find meaningful results.

Any comments would be greatly appreciated.

 

Let me specify what I have done in the program.

  1. Copy and paste 'lpcxpresso55s69_mbedtls_benchmark' project into my project
  2. Due to the size limitation of secure flash memory, increase the flash size in build setting and adjust secure flash memory and non-secure flash memory in TZ setting
  3. Call functions from the example, in order,
    1. CRYPTO_InitHardware()
    2. mbedtls_ecdsa_init( &ecdsa )
    3. mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL )
    4. mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size, tmp, &sig_len, myrand, NULL )

Everything goes fine except for the last one, mbedtls_ecdsa_write_signature().

During calling the function, it's stuck at the sha function as I mentioned above.

 

Thank you so much for reading!

标签 (1)
标记 (1)
0 项奖励
1 解答
683 次查看
mat1024
Contributor II
0 项奖励
6 回复数
684 次查看
mat1024
Contributor II
0 项奖励
741 次查看
CarlosGarabito
NXP TechSupport
NXP TechSupport

hi @mat1024 

My apologies, but this example is from mbed, so you need to check it with the community correspondent https://os.mbed.com/forum/

0 项奖励
736 次查看
mat1024
Contributor II

Also, the reason why I asked the question about "hashcrypt_sha_finalize()" is that it would be greatly helpful to me to guess what I missed if I get a hint for that part.

There is no information I found about the status bit of Hashcrypt, so any comments about this also very useful to me.

Thanks!!

0 项奖励
737 次查看
mat1024
Contributor II

Hi @CarlosGarabito ,

Thanks for reaching me out.

I'm sorry that I forgot to demonstrate a few things.

The original example code worked well, which means that there is likely some configuration mismatched in my project, and that's why I asked the question here.

Configuration in software of my code (initializing power/clk/drivers) looks very similar with the one in the example.

So here's what I am thinking about the problem.

  • My program runs in Trustzone, and there is something I missed in the configuration
    • I increased the secure flash memory, adjusted the location of non-secure flash memory, and modified the secure regions in TEE setting
  • The memory used by Hashcrypt has conflicted with the memory used by other codes in my project
  • Defined symbols and included header files might be different from the one in the example code

The next step I would like to try is

  • Get rid of other codes in TZ in my code and use only codes from the example in TZ, or
  • Move all the codes from the example to the normal world

I will update after having a try.

Thanks!

0 项奖励
730 次查看
mat1024
Contributor II

I tried to do the following two steps,

  • Get rid of other codes in TZ in my code and use only codes from the example in TZ, or
  • Move all the codes from the example to the normal world

and found that the first way did not work; although I removed all other codes except for the crypto codes from the example, it was still stuck at the aforementioned function.

The second way works well, which means that it is likely to take place since I put the code into the secure world.

Is there any code to use crypto functions in Trustzone for LPC55s69 boards?

0 项奖励
724 次查看
mat1024
Contributor II

I think I found the reason why it has taken place.

In the SHA functions in fsl_hashcrypt.c file,

if "base->MEMADDR", which is the address of being hashed, is set to non-secure regions, then it works well, but if base->MEMADDR is set to secure regions, then the value of "base->MEMCTRL" is remained as 0 which makes "base->STATUS" 5.

"base->STATUS" should've been set to 3 in order to pass the infinite loop.

Could you let me know why this happens? Does this mean that I should use non-secure memory for the message which can be an input for signing?

Are there any related documents?

Any comments would be appreciated a lot!

 

Thanks!

0 项奖励