It should be possible, but there are no examples of this in the SDK (or anywhere else that I am aware of). SaSi_UtilKeyDerivation() can be used to derive an AES key from KDR.
Although, deriving the key means that the key will be copied into a buffer right? This would leave a footprint of the key on the RAM. Which beats the entire purpose of having KDR registers in the cryptocell. Am i right?
Also the register documentation here says that I can select a key using the HOST_CRYPTOKEY_SEL. I was looking for a documentation/example for this exact feature.
Although, deriving the key means that the key will be copied into a buffer right? This would leave a footprint of the key on the RAM. Which beats the entire purpose of having KDR registers in the cryptocell. Am i right?
Yes and no. It is not copied into normal RAM, but kept internally in a secure RAM block in CC310. It is not possible to access the key, only refer to it so that it can be used for crypto operations in CC310. There is one related fact you should be aware of, though. CryptoCell only has secure RAM, not secure flash. That means that you have to store the root key in normal flash for it to be persistent, as described in this post.
chirag-parmar said:
Also the register documentation here says that I can select a key using the HOST_CRYPTOKEY_SEL. I was looking for a documentation/example for this exact feature.
We do not have any examples or documentation, unfortunately. The only reference is the CC310 API documentation.
But, The derived key will stay in the normal RAM. So,
1. Is it OK to hold the derived the key in the normal RAM? 2. What are the best security practices for handling the derived key? 2. Also, Will the same root key generate the same derived key every time, provided the input variables stay constant?
But, The derived key will stay in the normal RAM. So,
1. Is it OK to hold the derived the key in the normal RAM? 2. What are the best security practices for handling the derived key? 2. Also, Will the same root key generate the same derived key every time, provided the input variables stay constant?
1. Is it OK to hold the derived the key in the normal RAM?
If it is in normal RAM then it is susceptible to some attacks. If that is OK or not depends on your security requirements.
chirag-parmar said:
2. What are the best security practices for handling the derived key?
We do not have any recommendations here.
chirag-parmar said:
2. Also, Will the same root key generate the same derived key every time, provided the input variables stay constant?
Yes, provided the lengh/size, label, context and root key is the same.
Please note that the lack of secure memory means that you may not find CryptoCell the best option if you need very high security with regard to keeping key(s) secret. If that is the case, then you may want to use a secure element such as the Optiga TrustX or similar (I mention that since it is integrated with the SDK, but there are another alternative as well). However, this will, of course, increase the BOM and is therefor only sensible for security-critical applications.
No, unfortunately not. The only information you can securely store in the internal secure RAM in CryptoCell is KDR (128 bit). And that cannot be read back, only used for crypto operations (such as deriving other keys).
