• State Suggested Answer
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 76 subscribers
  • Views 753 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 332781
Options

psa_import_key failed with error code: -134 (PSA_ERROR_NOT_SUPPORTED)

JY wu

Hello!

We. are now developing on nrf82840 , using zephyr SDK 2.6.1 with toolchain v2.7.0 

when our program runs, psa_import_key always return error code : -134

After google serach, we found an error code list here: https://docs.silabs.com/d/platform-security/4.3/error

It says the error code -134 is PSA_ERROR_NOT_SUPPORTED.

This is our code:

int import_key(uint8_t sha1Key[TESLA_SHA1_PREFIX_LENGTH], psa_key_handle_t *key_handle)
{

psa_status_t status;

LOG_INF("Generating random AES key...");

/* Configure the key attributes */
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;

psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
psa_set_key_algorithm(&key_attributes, PSA_ALG_GCM);
psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&key_attributes, 128);

/* Generate a random key. The key is not exposed to the application,
* we can use it to encrypt/decrypt using the key handle
*/

status = psa_import_key(&key_attributes, sha1Key, TESLA_SHA1_PREFIX_LENGTH, key_handle);
if (status != PSA_SUCCESS)
{
LOG_INF("psa_generate_key failed! (Error: %d)", status);
return APP_ERROR;
}

}

the return status of psa_import_key is always -134.

 

This is our prj.con for reference:

CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=2048
CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_SIGN=y
CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR=y
CONFIG_PSA_WANT_ALG_SHA_256=y
CONFIG_PSA_WANT_AES_KEY_SIZE_128=y
CONFIG_PSA_WANT_RSA_KEY_SIZE_2048=y

 

You can use sha1Key  : sha1[16]: 755fcd623d914ee3676a59cc03944063 for test.

Would you please help us to find out the solution?

Parents
  • 0

    Do you have:
    CONFIG_PSA_WANT_ALG_GCM    =y

    You doing a car key? I made one too :)
    Good luck.

  • 0 in reply to JeffW

    Hi Jeff:

           Thank you very much. As you know, we are making car keys.

    Well, after applying your suggestion to prj.conf, compile failed.

    Error messages:

    In file included from /Users/jywu/Documents/GitHub/Teriapp/jowua-keyfob_work/build/modules/nrf/subsys/nrf_security/src/include/generated/nrf-psa-crypto-config.h:464,
    from /opt/nordic/ncs/v2.6.1/modules/crypto/mbedtls/include/mbedtls/build_info.h:105,
    from /opt/nordic/ncs/v2.6.1/nrf/ext/oberon/psa/core/library/common.h:36,
    from /opt/nordic/ncs/v2.6.1/nrf/ext/oberon/psa/core/library/psa_crypto_slot_management.c:21:
    /opt/nordic/ncs/v2.6.1/nrf/ext/oberon/psa/core/library/check_crypto_config.h:68:2: error: #error "PSA_WANT_ALG_GCM defined, but not all prerequisites"
    68 | #error "PSA_WANT_ALG_GCM defined, but not all prerequisites"
    | ^~~~~
    [10/324] Building C object zephyr/CMakeFiles/offsets.dir/arch/arm/core/offsets/offsets.c.obj
    ninja: build stopped: subcommand failed.

    Our prj.conf is:

    CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
    CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

    CONFIG_NRF_SECURITY=y
    CONFIG_MBEDTLS_PSA_CRYPTO_C=y

    CONFIG_MBEDTLS_ENABLE_HEAP=y
    CONFIG_MBEDTLS_HEAP_SIZE=2048
    CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_SIGN=y
    CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR=y
    CONFIG_PSA_WANT_ALG_SHA_256=y
    CONFIG_PSA_WANT_ALG_GCM=y
    CONFIG_PSA_WANT_AES_KEY_SIZE_128=y
    CONFIG_PSA_WANT_RSA_KEY_SIZE_2048=y

    It seems we can not just turn on CONFIG_PSA_WANT_ALG_GCM=y.

    There are some undocumented configurations also need to be turned on.

    So, it's not work.

  • 0 in reply to JY wu

    Ah yeah, GCM is not supported by the CC310 hardware backend.

    https://www.youtube.com/watch?v=aKcacl8_YQg

    After cryptography with all the edits is setup, the harder part is low power scanning. :)

  • 0 in reply to JeffW

    Thanks for your suggestion and information.

    It works fine after following your suggestions.

Reply Children
No Data
Related
Terms of service