• State Verified Answer
  • Replies 15 replies
  • Subscribers 75 subscribers
  • Views 2448 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 279344
Options

Calculate CMAC using KMU and nrfx library

GiulianoFranchetto

Hi,

Is it possible to calculate a CMAC using the nrfx security library?

Our keys are stored in the KMU of a nRF9160.

For now, we are using mbedtls function mbedtls_aes_setkey_enc_shadow_key( ) for encryption for example, but I've not found a way to calculate a 4-bytes CMAC.

Regards

Giuliano

Parents
  • 0

    Hi again  

    The blog-post on secure storage is not ready yet.
    But one of the per-cursors for many of the types of secure storage is Trusted Firmware-M.
    Recently I posted a blog on An Introduction to Trusted Firmware-M (TF-M). Maybe you find this useful.

    Regards,
    Sigurd Hellesvik

  • 0 in reply to Sigurd Hellesvik

    Hi, is there any progress on this secure storage blog post?

    I am wondering what I can do if I want to store ECC keys. Could I use KMU for this? Is it correct that I could use KMU to store any key, but the biggest problem is that KMU can only pass symmetric keys through HW to the cryptocell (I am using the nRF53)?

    So my only option for ECC keys would be to use ITS (Internal Trusted Storage) using the Platform Security Architecture (PSA) APIs?

    Is the use of ITS by PSA still under development as you noted 1 year ago?

    Is it also correct to say that this ITS is a part of flash storage where things will be stored encrypted (AES?). So for example if I want to store my ECC key there, it will be encrypted and stored in flash. If I want to use it, it will be read from flash, decrypted to a variable, and this variable would be used as an input for my ecc encryption or decryption function? So it will reside in memory for a short amount of time. There is no way to direct it to the cryptocell HW immediately?

    Kind regards,

Reply
  • 0 in reply to Sigurd Hellesvik

    Hi, is there any progress on this secure storage blog post?

    I am wondering what I can do if I want to store ECC keys. Could I use KMU for this? Is it correct that I could use KMU to store any key, but the biggest problem is that KMU can only pass symmetric keys through HW to the cryptocell (I am using the nRF53)?

    So my only option for ECC keys would be to use ITS (Internal Trusted Storage) using the Platform Security Architecture (PSA) APIs?

    Is the use of ITS by PSA still under development as you noted 1 year ago?

    Is it also correct to say that this ITS is a part of flash storage where things will be stored encrypted (AES?). So for example if I want to store my ECC key there, it will be encrypted and stored in flash. If I want to use it, it will be read from flash, decrypted to a variable, and this variable would be used as an input for my ecc encryption or decryption function? So it will reside in memory for a short amount of time. There is no way to direct it to the cryptocell HW immediately?

    Kind regards,

Children
Related
Terms of service