FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STSAFE-A110 with mbedTLS and local envelope API

Michael98006
Associate III

‎2024-07-16 12:38 AM

I'm using an STSAFE-A110 chip with SPL02 profile on a custom board and trying to get StSafeA_WrapLocalEnvelope() function working. I've already successfully paired my chip with my MCU/FW by writing the default host MAC key from the ST examples to the STSAFE chip:

{0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}.
I generated envelope slot keys and checked for them with the StSafeA_LocalEnvelopeKeySlotQuery() function, and both key 0 and 1 slots have the envelope keys.
A call to StSafeA_WrapLocalEnvelope(gStsafeHandle, keySlot, dataIn, dataInSize, &localEnvelopeInfo, STSAFEA_MAC_HOST_CMAC, STSAFEA_ENCRYPTION_NONE) returns STSAFEA_INVALID_CMAC. I don't know why that means and I'm looking to find out what this error code might mean. And perhaps more importantly, how do I debug this issue?  @Benjamin BARATTE 
 
I'm on the Nordic nRF52832 platform using Nordic SDK and the version of mbedTLS they provided, so my implementation of StSafeA_AES_MAC_*() functions looks like this:

 

// Call nrf_crypto_init() at start-up.
//
// Return value checks are omitted below for brivity, but
// the original code had them in place and no errors were detected.


void StSafeA_AES_MAC_Start(void **ppAesMacCtx)
{
    uint8_t iv[NRF_CRYPTO_MBEDTLS_AES_IV_SIZE] = {0};

    *ppAesMacCtx = &cbc_mac_128_ctx;
    nrf_crypto_aes_init(*ppAesMacCtx,
                        &g_nrf_crypto_aes_cbc_mac_128_pad_pkcs7_info,
                        NRF_CRYPTO_MAC_CALCULATE);
    
    nrf_crypto_aes_key_set(*ppAesMacCtx, (uint8_t*)gHostMacKey);
    nrf_crypto_aes_iv_set(*ppAesMacCtx, iv);
}

void StSafeA_AES_MAC_Update(uint8_t *pInData, uint16_t InDataLength, void *pAesMacCtx)
{
    uint8_t  mac[16] = {0};

    nrf_crypto_aes_update(pAesMacCtx,
                          (uint8_t *)pInData,
                          InDataLength,
                          (uint8_t *)mac);
}

static uint8_t gMac[16] = {0};

__weak void StSafeA_AES_MAC_LastUpdate(uint8_t *pInData, uint16_t InDataLength, void *pAesMacCtx)
{
    size_t outLen = sizeof(gMac);
    
    nrf_crypto_aes_finalize(pAesMacCtx,
                            (uint8_t *)pInData,
                            InDataLength,
                            (uint8_t *)gMac,
                            &outLen);
}

__weak void StSafeA_AES_MAC_Final(uint8_t *pOutMac, void **ppAesMacCtx)
{
    memcpy(pOutMac, gMac, sizeof(gMac));

    nrf_crypto_aes_uninit(*ppAesMacCtx);
    *ppAesMacCtx = NULL;
}

 

Thank you!

Labels:
0 Kudos
0 REPLIES 0
Top