Hi.
I have been doing some exploring of the encryption engine accessed via /dev/tegra-crypto and mainly on using it with TEGRA_CRYPTO_IOCTL_NEED_SSK and it’s internal SSK.
Our test device has no fuses set, so
is set to zero and from checking two different nano modules the encryption results are different for each device, so we’re assuming some part of the SSK is device specific and not totally related to the device key, at least we are hoping so anyhow.
My question is mainly would we expect any changes between how things behave now, with no fuses set and once we blow the final production fuse and the device is in production mode? SO even if the Device Key is set to 0, the encryption is device/module specific.
My test code is below, and the “Output Data:” was what we checked, and it was symmetric, so re-encrypting it brought us back to the original and it was different across different modules.
retcode = ioctl(crypto_dev, TEGRA_CRYPTO_IOCTL_NEED_SSK, 1);
// Set up
ourRequest.op = TEGRA_CRYPTO_CBC;
ourRequest.encrypt = true;
memset(ourRequest.key, 0 ,TEGRA_CRYPTO_KEY_128_SIZE);
ourRequest.keylen = TEGRA_CRYPTO_KEY_128_SIZE;
memset(ourRequest.iv, 0x55 ,TEGRA_CRYPTO_IV_SIZE);
memcpy(ourRequest.iv, default_iv, TEGRA_CRYPTO_IV_SIZE);
ourRequest.ivlen = TEGRA_CRYPTO_IV_SIZE;
ourRequest.plaintext = plaintext;
ourRequest.result = resulttext;
ourRequest.plaintext_sz = strlen(plaintext);
ourRequest.skip_iv = 0;
ourRequest.skip_exit = false;
printf("Changing skip_key to 0\n");
ourRequest.skip_key = 0;
// Do the encrypt
printf("Input Data : ");
dump_buffer(plaintext, strlen(plaintext));
retcode = ioctl(crypto_dev, TEGRA_CRYPTO_IOCTL_PROCESS_REQ, &ourRequest);
if (retcode != 0) {
printf("ioctl(TEGRA_CRYPTO_IOCTL_PROCESS_REQ) returned %d (errNo = %s)\n", retcode, strerror(errno));
}
printf("Output Data : ");
dump_buffer(resulttext, strlen(plaintext));
Regards
Marc.