5.13.1. Key Injection to PUF

This example demonstrates how to enroll PUF on LPC55S, inject PlatformSCP keys into PUF and retrieve key codes. This example can be used as a starting point to inject default SCP03 keys into PUF.

Note

After running this example, update ex_scp03_puf.h file with the new Activation code and keyCodes.

5.13.1.1. Pre-requisites

5.13.1.2. How to build

  • Replace the following keys with the keys to be provisioned into PUF:

    /** New key material
      * These will be the static platform SCP03 keys
      * which will be provisioned on the SE and in PUF.
      */
    SSS_HAVE_SE05X_VER_GTE_06_00
    uint8_t PROV_KEY_ENC[PUF_INTRINSIC_KEY_SIZE] = SSS_AUTH_SE051C2_KEY_ENC;
    uint8_t PROV_KEY_MAC[PUF_INTRINSIC_KEY_SIZE] = SSS_AUTH_SE051C2_KEY_MAC;
    uint8_t PROV_KEY_DEK[PUF_INTRINSIC_KEY_SIZE] = SSS_AUTH_SE051C2_KEY_DEK;
    e
    uint8_t PROV_KEY_ENC[PUF_INTRINSIC_KEY_SIZE] = SSS_AUTH_SE050_DEVKIT_KEY_ENC;
    uint8_t PROV_KEY_MAC[PUF_INTRINSIC_KEY_SIZE] = SSS_AUTH_SE050_DEVKIT_KEY_MAC;
    uint8_t PROV_KEY_DEK[PUF_INTRINSIC_KEY_SIZE] = SSS_AUTH_SE050_DEVKIT_KEY_DEK;
    if
    

    For information on PUF, refer SCP03 with PUF.

  • Compile and run the example with the following CMake options:

    • Host=lpcxpresso55s

    • Project:puf_inject_scp03

5.13.1.3. How to use

  • Flash the binary on the device.

  • On successful execution, you will be able to see the ActivationCode and KeyCodes printed out on the console.

5.13.1.4. Injecting keys into PUF

Refer to the below implementation on how to implement a simple function to inject SCP03 keys into PUF.

static status_t puf_insert_scp03_keys(uint8_t *PROV_KEY_ENC, uint8_t *PROV_KEY_MAC, uint8_t *PROV_KEY_DEK)
{
    status_t result = kStatus_Fail;
    uint8_t activationCode[PUF_ACTIVATION_CODE_SIZE];

    srand(0xbabadeda);

    puf_config_t conf;
    PUF_GetDefaultConfig(&conf);
    PUF_Deinit(PUF, &conf);

    result = PUF_Init(PUF, &conf);
    ENSURE_OR_GO_CLEANUP(result == kStatus_Success);

    result = PUF_Enroll(PUF, activationCode, sizeof(activationCode));
    ENSURE_OR_GO_CLEANUP(result == kStatus_Success);
    LOG_MAU8_I("ActivationCode", activationCode, sizeof(activationCode));
    PUF_Deinit(PUF, &conf);

    result = PUF_Init(PUF, &conf);
    ENSURE_OR_GO_CLEANUP(result == kStatus_Success);

    result = PUF_Start(PUF, activationCode, PUF_ACTIVATION_CODE_SIZE);
    ENSURE_OR_GO_CLEANUP(result == kStatus_Success);

    result = PUF_SetUserKey(PUF,
        kPUF_KeyIndex_00,
        PROV_KEY_ENC,
        PUF_INTRINSIC_KEY_SIZE,
        keyCodeENC_01,
        PUF_GET_KEY_CODE_SIZE_FOR_KEY_SIZE(PUF_INTRINSIC_KEY_SIZE));
    ENSURE_OR_GO_CLEANUP(result == kStatus_Success);
    LOG_MAU8_I("KeyCode_ENC", keyCodeENC_01, PUF_GET_KEY_CODE_SIZE_FOR_KEY_SIZE(PUF_INTRINSIC_KEY_SIZE));
    result = PUF_SetUserKey(PUF,
        kPUF_KeyIndex_00,
        PROV_KEY_MAC,
        PUF_INTRINSIC_KEY_SIZE,
        keyCodeMAC_01,
        PUF_GET_KEY_CODE_SIZE_FOR_KEY_SIZE(PUF_INTRINSIC_KEY_SIZE));
    ENSURE_OR_GO_CLEANUP(result == kStatus_Success);
    LOG_MAU8_I("KeyCode_MAC", keyCodeMAC_01, PUF_GET_KEY_CODE_SIZE_FOR_KEY_SIZE(PUF_INTRINSIC_KEY_SIZE));
    result = PUF_SetUserKey(PUF,
        kPUF_KeyIndex_00,
        PROV_KEY_DEK,
        PUF_INTRINSIC_KEY_SIZE,
        keyCodeDEK_01,
        PUF_GET_KEY_CODE_SIZE_FOR_KEY_SIZE(PUF_INTRINSIC_KEY_SIZE));
    ENSURE_OR_GO_CLEANUP(result == kStatus_Success);
    LOG_MAU8_I("KeyCode_DEK", keyCodeDEK_01, PUF_GET_KEY_CODE_SIZE_FOR_KEY_SIZE(PUF_INTRINSIC_KEY_SIZE));

cleanup:
    PUF_Deinit(PUF, &conf);
    return result;
}