• 状态
  • 已锁定 已锁定
  • 回复 3 回复
  • 订户 0 订户
  • 视图 3 视图
  • 用户 0 会员在此处
选项
选项
相关

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

[参考译文] CC2745R10-Q1:关于加密计算时间

admin
Guru**** 2419530 points


请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

https://e2e.ti.com/support/wireless-connectivity/bluetooth-group/bluetooth/f/bluetooth-forum/1540907/cc2745r10-q1-about-cryptogram-calculation-time

器件型号:CC2745R10-Q1


工具/软件:

之前使用 SDK8.30 测量的 SHA256 计算时间约为 0.2ms、但使用 SDK9.10 测量时大约需要 7ms。

我们还确认、AES 等其他操作也需要大约 7ms 的时间。
这是否是一种防御性措施、以防止识别在预期发生侧信道攻击时在操作时间执行的操作?

是否可以通过更改某些设置以原始速度执行操作?

  • 0
    TI__Guru**** 2419530 points
    请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

    您好:

    我将联系研发团队、收到回复(1-2 天)后、我将更新此主题。

    同时、您使用哪些 API 来执行这些函数?

    此致、

    Nima Behmanesh

  • 0
    TI__Guru**** 2419530 points
    请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

    嗨、Nima、

    使用的代码是将示例代码 empty.c 修改到此代码。 

    /*
 * Copyright (c) 2017-2024, Texas Instruments Incorporated
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * *  Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * *  Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * *  Neither the name of Texas Instruments Incorporated nor the names of
 *    its contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
/*
 *  ======== sha2hash.c ========
 */
#include <stdint.h>
#include <stdio.h>
#include <string.h>

/* Driver Header files */
#include <ti/drivers/GPIO.h>
#include <ti/drivers/SHA2.h>

/* Driver configuration */
#include "ti_drivers_config.h"

#define mcU2_SEED_LENGTH 102

static uint8_t au1s_SEED[mcU2_SEED_LENGTH] = { 0x4D,0x08,0x88,0x88,0x88,0x88,0x88,0x88,0x88,0x88,
0x86,0x20,0x43,0xD6,0x05,0x52,0x69,0x99,0xF0,0x32,0xE0,0x8F,0x31,0x4F,0x22,0xEB,0xCE,0x05,
0x1D,0x1D,0xAE,0x53,0xDC,0x71,0xF1,0xC4,0xD6,0x14,0xB0,0x33,0x7B,0xB1,0x7F,0x20,
0x87,0x20,0xF9,0x8C,0xCA,0x31,0x65,0x1A,0xD2,0xE6,0x32,0x66,0x14,0x4B,0x24,0x50,0xFD,0x60,
0x81,0xD8,0xFE,0xA8,0xCE,0xB8,0x26,0xE1,0xFB,0x10,0xE8,0x03,0x4E,0x93,0x24,0x46,
0x4C,0x10,0xBF,0x1C,0x41,0x26,0x82,0x30,0xAF,0x76,0xBF,0xFE,0x3E,0x7C,0x5D,0x00,0xCF,0x4A,
0x93,0x04,0x41,0x5D,0x95,0x69
};


static uint8_t au1s_K[32];

void callbackFxn(SHA2_Handle handle, int_fast16_t returnStatus)
{
    /* LED OFF */
    GPIO_write(CONFIG_GPIO_LED_0, CONFIG_GPIO_LED_OFF);
}


/*
 *  ======== mainThread ========
 */
void *mainThread(void *arg0)
{    
    SHA2_Params params;
    SHA2_Handle handle;
    int_fast16_t result;

    GPIO_init();

    /* LED ON */
    GPIO_write(CONFIG_GPIO_LED_0, CONFIG_GPIO_LED_ON);


    /* SHA-256演算 */
    SHA2_init();
    SHA2_Params_init(&params);
    params.hashType = SHA2_HASH_TYPE_256;
    params.returnBehavior = SHA2_RETURN_BEHAVIOR_CALLBACK;
    params.callbackFxn = callbackFxn;
    handle = SHA2_open(0, &params);

    result = SHA2_hashData(handle, au1s_SEED, mcU2_SEED_LENGTH, au1s_K);

    SHA2_close(handle);

    while(1)
    {
    }

}

    此外、测量速度减慢 7ms 的原因可能不是 SDK 中的差异造成的、而是测量分辨率的差异造成的。
    在 100ms/s 下测量时、测量值为 7.2ms、但在 50ms/s 下测量时、测量值为 0.2ms。

    尽管如此、7ms 似乎对于 SHA256 计算来说时间太长、因此请检查是否可以通过设置更快地进行计算。

  • 0
    TI__Guru**** 2419530 points
    请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

    您好:

    通过您的代码、我看到您正在测量初始化驱动程序的时间、设置参数、打开句柄、然后执行散列操作。 此外、无论何时获得回调、您都将关闭驱动程序的句柄。 这可能会在较大的应用程序中导致问题、您需要 在 操作完成后关闭句柄。

    注意: 任何加密驱动程序的首次初始化都将导致 HSM 启动、从而产生一定的时间成本。 由于 HSM 将已启动、因此在至少一次加密初始化后初始化的任何加密驱动程序都会更快。

    我已经修改了代码以考虑初始化: 

    #include <stdint.h>
#include <stdio.h>
#include <string.h>

/* Driver Header files */
#include <ti/drivers/GPIO.h>
#include <ti/drivers/SHA2.h>

/* Driver configuration */
#include "ti_drivers_config.h"

#define mcU2_SEED_LENGTH 102

static uint8_t au1s_SEED[mcU2_SEED_LENGTH] = { 0x4D,0x08,0x88,0x88,0x88,0x88,0x88,0x88,0x88,0x88,
0x86,0x20,0x43,0xD6,0x05,0x52,0x69,0x99,0xF0,0x32,0xE0,0x8F,0x31,0x4F,0x22,0xEB,0xCE,0x05,
0x1D,0x1D,0xAE,0x53,0xDC,0x71,0xF1,0xC4,0xD6,0x14,0xB0,0x33,0x7B,0xB1,0x7F,0x20,
0x87,0x20,0xF9,0x8C,0xCA,0x31,0x65,0x1A,0xD2,0xE6,0x32,0x66,0x14,0x4B,0x24,0x50,0xFD,0x60,
0x81,0xD8,0xFE,0xA8,0xCE,0xB8,0x26,0xE1,0xFB,0x10,0xE8,0x03,0x4E,0x93,0x24,0x46,
0x4C,0x10,0xBF,0x1C,0x41,0x26,0x82,0x30,0xAF,0x76,0xBF,0xFE,0x3E,0x7C,0x5D,0x00,0xCF,0x4A,
0x93,0x04,0x41,0x5D,0x95,0x69
};


static uint8_t au1s_K[32];
volatile uint8_t flag = 0;

void callbackFxn(SHA2_Handle handle, int_fast16_t returnStatus)
{
    /* LED OFF */
    GPIO_write(CONFIG_GPIO_LED_0, CONFIG_GPIO_LED_OFF);
    flag = 1;
}


/*
 *  ======== mainThread ========
 */
void *mainThread(void *arg0)
{    
    SHA2_Params params;
    SHA2_Handle handle;
    int_fast16_t result;

    GPIO_init();

    /* SHA-256演算 */
    SHA2_init();
    SHA2_Params_init(&params);
    params.hashType = SHA2_HASH_TYPE_256;
    params.returnBehavior = SHA2_RETURN_BEHAVIOR_CALLBACK;
    params.callbackFxn = callbackFxn;
    handle = SHA2_open(0, &params);

    GPIO_write(CONFIG_GPIO_LED_0, CONFIG_GPIO_LED_ON);
    result = SHA2_hashData(handle, au1s_SEED, mcU2_SEED_LENGTH, au1s_K);

    while(1)
    {
        if (flag == 1)
        {
            SHA2_close(handle);
        }
    }
}

    使用此设置、我看到哈希操作需要 302.1 μ s:

    在此应用程序中、回调与阻塞与轮询模式之间的时序差异可以忽略不计、但是、在具有多个任务的较大应用程序中、您可能会产生开销。 之所以这么做、是因为 HSM IRQ 可能会推送到要处理的 ISR 列表底部、因为可能需要先处理更高优先级的中断。 因此、不建议在回调模式下分析哈希操作、因为稍后可以为回调中断提供服务、从而导致哈希时间变长。

    希望这能有所帮助!

    此致、

    Nima Behmanesh