FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAES using wrapped key

AKova.3
Associate II

‎2024-11-08 04:18 AM

I am working with SAES on STM32U585. I am trying to make use of wrapping/unwrappinng my encryption key with  hardware-secret key DHUK . 

This in the SAES initialization I am using

 

	hcryp.Instance = SAES;
	hcryp.Init.DataType = CRYP_BYTE_SWAP;
	hcryp.Init.KeySize = CRYP_KEYSIZE_128B;
	hcryp.Init.pInitVect = (uint32_t *)iv;
	hcryp.Init.pKey = (uint32_t *)key;
	hcryp.Init.Algorithm = CRYP_AES_CBC;
	hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_WORD;
	hcryp.Init.KeyIVConfigSkip = CRYP_KEYNOCONFIG;
	hcryp.Init.KeyMode = CRYP_KEYMODE_WRAPPED;
	hcryp.Init.KeySelect = CRYP_KEYSEL_HW;
	hcryp.Init.KeyProtection = CRYP_KEYPROT_DISABLE;

 

 I make the encryption key available to SAES with 

 

	  HAL_CRYPEx_WrapKey(&hcryp, key, encrypted_key, 100);
	  HAL_CRYPEx_UnwrapKey(&hcryp, encrypted_key, 100);

 

If I make a simple test with

 

	  HAL_CRYP_Encrypt(&hcryp, (uint32_t*)test, 4, (uint32_t*)wbuf, 100);
	  HAL_CRYP_Decrypt(&hcryp, (uint32_t*)wbuf, 4, (uint32_t*)dbuf, 100);

 

i get the expected results. The encrypted text is what it shoud be and decrypt returns the original text. 

If I however call HAL_CRYP_Decrypt for the second time following the first call, passing it the same encypted text as the first time, it returns incorrect result. Also, a call to HAL_CRYP_Encrypt following a previous HAL_CRYP_Decrypt produces different result if passed the same plain text each time. I have found that all successive calls to HAL_CRYP_Encrypt produce the same result, which is correct if HAL_CRYP_Decrypt hasn't been called before, or incorrect if HAL_CRYP_Decrypt has previously been called. KEYVALID bit in SAES->CR register is set for the whole time and no error flags are raised. I have stepped through both HAL_CRYP_Encrypt and HAL_CRYP_Decrypt functions making sure that software doesn't try to load KEY registers since a valid key is already present there from wrapping/unwrapping procedure. I have observed the same thing when using ECB or CBC mode.

If I do a sequence of denit, init and key unwrapping, the next call to either HAL_CRYP_Encrypt or HAL_CRYP_Decrypt produces expected results. 

It sort of looks like that some state is carried over from decryption on to the next operation.

I did not observe this behaviour if I didn't use key wrapping/unwrapping but was loading the encryption key with software.

Any help would be appriciated.

Labels:
0 Kudos
0 REPLIES 0
Top