/* wolfcaam_seco.c * * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ #ifdef HAVE_CONFIG_H #include #endif #include #if defined(WOLFSSL_SECO_CAAM) #include #include #include #include #include #include #include #define MAX_SECO_TIMEOUT 1000 static wolfSSL_Mutex caamMutex; static pthread_t tid; static uint32_t nvm_status = 0; static hsm_hdl_t hsm_session; static hsm_hdl_t key_store_hdl; static int wc_TranslateHSMError(int current, hsm_err_t err); static void* hsm_storage_init(void* args) { seco_nvm_manager(NVM_FLAGS_HSM, &nvm_status); (void)args; return NULL; } /* return 0 on success */ int wc_SECOInitInterface() { int i; open_session_args_t session_args; hsm_err_t err; nvm_status = NVM_STATUS_UNDEF; if (wc_InitMutex(&caamMutex) != 0) { WOLFSSL_MSG("Could not init mutex"); return -1; } (void)pthread_create(&tid, NULL, hsm_storage_init, NULL); /* wait for NVM to be ready for SECO */ for (i = 0 ; i < MAX_SECO_TIMEOUT && nvm_status <= NVM_STATUS_STARTING; i++) { usleep(1000); } if (i == MAX_SECO_TIMEOUT) { WOLFSSL_MSG("Timed out waiting for SECO setup"); return -1; } if (nvm_status == NVM_STATUS_STOPPED) { WOLFSSL_MSG("Error with SECO setup"); return -1; } session_args.session_priority = 0; session_args.operating_mode = 0; err = hsm_open_session(&session_args, &hsm_session); if (err != HSM_NO_ERROR) { WOLFSSL_MSG("Error with HSM session open"); return -1; } WOLFSSL_MSG("SECO HSM setup done"); return 0; } void wc_SECOFreeInterface() { hsm_err_t err; err = hsm_close_session(hsm_session); if (err != HSM_NO_ERROR) { WOLFSSL_MSG("Error with HSM session close"); } if (nvm_status != NVM_STATUS_STOPPED) { if (pthread_cancel(tid) != 0) { WOLFSSL_MSG("SECO HSM thread shutdown failed"); } } seco_nvm_close_session(); WOLFSSL_MSG("SECO HSM shutdown"); wc_FreeMutex(&caamMutex); } /* open the key management HSM handle * return 0 on success */ int wc_SECO_OpenHSM(word32 keyStoreId, word32 nonce, word16 maxUpdates, byte flag) { hsm_err_t err; open_svc_key_store_args_t key_store_args; XMEMSET(&key_store_args, 0, sizeof(open_svc_key_store_args_t)); key_store_args.key_store_identifier = keyStoreId, key_store_args.authentication_nonce = nonce; key_store_args.max_updates_number = maxUpdates; switch (flag) { case CAAM_KEYSTORE_CREATE: key_store_args.flags = HSM_SVC_KEY_STORE_FLAGS_CREATE; break; case CAAM_KEYSTORE_UPDATE: #ifdef HSM_SVC_KEY_STORE_FLAGS_UPDATE key_store_args.flags = HSM_SVC_KEY_STORE_FLAGS_UPDATE; #else key_store_args.flags = 0; #endif break; default: WOLFSSL_MSG("Unknown flag"); return -1; } err = hsm_open_key_store_service(hsm_session, &key_store_args, &key_store_hdl); if (wc_TranslateHSMError(0, err) != Success) { return -1; } else { return 0; } } /* close the key management HSM handle * return 0 on success */ int wc_SECO_CloseHSM() { hsm_err_t err = hsm_close_key_store_service(key_store_hdl); if (wc_TranslateHSMError(0, err) != Success) { return -1; } else { return 0; } } /* returns error enum found from hsm calls, HSM_NO_ERROR on success */ static hsm_err_t wc_SECO_RNG(unsigned int args[4], CAAM_BUFFER *buf, int sz) { hsm_hdl_t rng; hsm_err_t err; open_svc_rng_args_t svcArgs = {0}; op_get_random_args_t rngArgs = {0}; err = hsm_open_rng_service(hsm_session, &svcArgs, &rng); if (err == HSM_NO_ERROR) { rngArgs.output = (uint8_t*)buf[0].TheAddress; rngArgs.random_size = (uint32_t)buf[0].Length; err = hsm_get_random(rng, &rngArgs); #ifdef DEBUG_SECO { uint32_t z; printf("Pulled rng data from HSM :"); for (z = 0; z < rngArgs.random_size; z++) printf("%02X", rngArgs.output[z]); printf("\n"); } #endif } if (err == HSM_NO_ERROR) { err = hsm_close_rng_service(rng); } (void)args; (void)sz; return err; } static hsm_err_t wc_SECO_Hash(unsigned args[4], CAAM_BUFFER *buf, int sz, int type) { hsm_hdl_t hash; hsm_err_t err = HSM_NO_ERROR; op_hash_one_go_args_t hashArgs = {0}; open_svc_hash_args_t sessionArgs = {0}; if (args[0] != CAAM_ALG_FINAL) { WOLFSSL_MSG("Only expecting to call the HSM on final"); err = HSM_GENERAL_ERROR; } if (err == HSM_NO_ERROR) { err = hsm_open_hash_service(hsm_session, &sessionArgs, &hash); } if (err == HSM_NO_ERROR) { switch (type) { case CAAM_SHA224: hashArgs.algo = HSM_HASH_ALGO_SHA_224; break; case CAAM_SHA256: hashArgs.algo = HSM_HASH_ALGO_SHA_256; break; case CAAM_SHA384: hashArgs.algo = HSM_HASH_ALGO_SHA_384; break; case CAAM_SHA512: hashArgs.algo = HSM_HASH_ALGO_SHA_512; break; } hashArgs.output = (uint8_t*)buf[0].TheAddress; hashArgs.output_size = buf[0].Length; hashArgs.input = (uint8_t*)buf[1].TheAddress; hashArgs.input_size = buf[1].Length; err = hsm_hash_one_go(hash, &hashArgs); if (err != HSM_NO_ERROR) { WOLFSSL_MSG("Error with HSM hash call"); } #ifdef DEBUG_SECO { word32 z; printf("hash algo type = %d\n", hashArgs.algo); printf("\tlength of input data = %d\n", hashArgs.input_size); printf("\toutput : "); for (z = 0; z < hashArgs.output_size; z++) printf("%02X", hashArgs.output[z]); printf("\n"); } #endif /* always try to close the hash handle */ if (hsm_close_hash_service(hash) != HSM_NO_ERROR) { WOLFSSL_MSG("Error with HSM hash close"); if (err == HSM_NO_ERROR) { err = HSM_GENERAL_ERROR; } } } (void)sz; return err; } /* convert ECDSEL type to HSM type * return 0 on fail */ static hsm_key_type_t ECDSELtoHSM(int ecdsel) { switch (ecdsel) { case CAAM_ECDSA_P192: case CAAM_ECDSA_P224: WOLFSSL_MSG("P192 and P224 are not supported"); break; case CAAM_ECDSA_P256: return CAAM_KEYTYPE_ECDSA_P256; case CAAM_ECDSA_P384: return CAAM_KEYTYPE_ECDSA_P384; case CAAM_ECDSA_P521: return CAAM_KEYTYPE_ECDSA_P521; } return 0; } static hsm_key_type_t KeyTypeToHSM(int keyTypeIn) { hsm_key_type_t ret = 0; switch (keyTypeIn) { case CAAM_KEYTYPE_ECDSA_P256: ret = HSM_KEY_TYPE_ECDSA_NIST_P256; break; case CAAM_KEYTYPE_ECDSA_P384: ret = HSM_KEY_TYPE_ECDSA_NIST_P384; break; case CAAM_KEYTYPE_ECDSA_P521: ret = HSM_KEY_TYPE_ECDSA_NIST_P521; break; case CAAM_KEYTYPE_AES128: ret = HSM_KEY_TYPE_AES_128; break; case CAAM_KEYTYPE_AES192: ret = HSM_KEY_TYPE_AES_192; break; case CAAM_KEYTYPE_AES256: ret = HSM_KEY_TYPE_AES_256; break; #ifdef HSM_KEY_TYPE_HMAC_224 case CAAM_KEYTYPE_HMAC224: ret = HSM_KEY_TYPE_HMAC_224; break; #endif #ifdef HSM_KEY_TYPE_HMAC_256 case CAAM_KEYTYPE_HMAC256: ret = HSM_KEY_TYPE_HMAC_256; break; #endif #ifdef HSM_KEY_TYPE_HMAC_384 case CAAM_KEYTYPE_HMAC384: ret = HSM_KEY_TYPE_HMAC_384; break; #endif #ifdef HSM_KEY_TYPE_HMAC_512 case CAAM_KEYTYPE_HMAC512: ret = HSM_KEY_TYPE_HMAC_512; break; #endif } return ret; } static hsm_key_info_t KeyInfoToHSM(int keyInfoIn) { hsm_key_info_t ret = 0; switch (keyInfoIn) { case CAAM_KEY_PERSISTENT: ret = HSM_KEY_INFO_PERSISTENT; break; case CAAM_KEY_TRANSIENT: ret = HSM_KEY_INFO_TRANSIENT; break; case CAAM_KEY_KEK: ret = HSM_KEY_INFO_KEK; break; } return ret; } static int KeyFlagsToHSM(int flags) { int ret = 0; #ifdef HSM_OP_KEY_GENERATION_FLAGS_UPDATE if (flags & CAAM_UPDATE_KEY) { ret = HSM_OP_KEY_GENERATION_FLAGS_UPDATE; } #endif #ifdef HSM_OP_KEY_GENERATION_FLAGS_CREATE if (flags & CAAM_GENERATE_KEY) { ret = HSM_OP_KEY_GENERATION_FLAGS_CREATE; } #endif return ret; } /* generic generate key with HSM * return 0 on success */ int wc_SECO_GenerateKey(int flags, int group, byte* out, int outSz, int keyTypeIn, int keyInfoIn, unsigned int* keyIdOut) { hsm_err_t err; hsm_hdl_t key_mgmt_hdl; open_svc_key_management_args_t key_mgmt_args; op_generate_key_args_t key_args; hsm_key_type_t keyType; hsm_key_info_t keyInfo; if (flags == CAAM_UPDATE_KEY && group != 0) { WOLFSSL_MSG("Group must be 0 if updating key"); return BAD_FUNC_ARG; } keyType = KeyTypeToHSM(keyTypeIn); keyInfo = KeyInfoToHSM(keyInfoIn); if (wc_LockMutex(&caamMutex) != 0) { return BAD_MUTEX_E; } XMEMSET(&key_mgmt_args, 0, sizeof(key_mgmt_args)); err = hsm_open_key_management_service( key_store_hdl, &key_mgmt_args, &key_mgmt_hdl); /* setup key arguments */ if (err == HSM_NO_ERROR) { XMEMSET(&key_args, 0, sizeof(key_args)); key_args.key_identifier = keyIdOut; key_args.out_size = outSz; key_args.out_key = out; /* default to strict operations with key in NVM */ key_args.flags = KeyFlagsToHSM(flags) | HSM_OP_KEY_GENERATION_FLAGS_STRICT_OPERATION; key_args.key_group = group; key_args.key_info = keyInfo; key_args.key_type = keyType; #ifdef DEBUG_SECO printf("Generating key using:\n"); printf("\tflags = %d\n", key_args.flags); printf("\tgroup = %d\n", key_args.key_group); printf("\tinfo = %d\n", key_args.key_info); printf("\ttype = %d\n", key_args.key_type); printf("\tout = %p\n", key_args.out_key); printf("\toutSZ = %d\n", key_args.out_size); #endif err = hsm_generate_key(key_mgmt_hdl, &key_args); if (err != HSM_NO_ERROR) { WOLFSSL_MSG("Key generation error"); } #ifdef DEBUG_SECO if (err == HSM_NO_ERROR) { printf("KeyID generated = %u\n", *key_args.key_identifier); } #endif /* always try to close key management if open */ if (hsm_close_key_management_service(key_mgmt_hdl) != HSM_NO_ERROR) { err = HSM_GENERAL_ERROR; } } else { WOLFSSL_MSG("Could not open key management"); } wc_UnLockMutex(&caamMutex); if (wc_TranslateHSMError(0, err) == Success) { return 0; } else { return -1; } } /* delete a key * return 0 on success */ int wc_SECO_DeleteKey(unsigned int keyId, int group, int keyTypeIn) { hsm_hdl_t key_mgmt_hdl; open_svc_key_management_args_t key_mgmt_args; op_manage_key_args_t del_args; hsm_err_t err; XMEMSET(&key_mgmt_args, 0, sizeof(key_mgmt_args)); err = hsm_open_key_management_service( key_store_hdl, &key_mgmt_args, &key_mgmt_hdl); if (err == HSM_NO_ERROR) { XMEMSET(&del_args, 0, sizeof(del_args)); del_args.key_identifier = &keyId; del_args.flags = HSM_OP_MANAGE_KEY_FLAGS_DELETE; del_args.key_type = KeyTypeToHSM(keyTypeIn); del_args.key_group = group; #ifdef DEBUG_SECO printf("Trying to delete key:\n"); printf("\tkeyID : %u\n", keyId); printf("\tkey type : %d\n", del_args.key_type); printf("\tkey grp : %d\n", del_args.key_group); #endif err = hsm_manage_key(key_mgmt_hdl, &del_args); /* always try to close key management if open */ if (hsm_close_key_management_service(key_mgmt_hdl) != HSM_NO_ERROR) { err = HSM_GENERAL_ERROR; } } if (wc_TranslateHSMError(0, err) == Success) { return 0; } else { return -1; } } #if defined(WOLFSSL_CMAC) void wc_SECO_CMACSetKeyID(Cmac* cmac, int keyId) { cmac->blackKey = keyId; } int wc_SECO_CMACGetKeyID(Cmac* cmac) { return cmac->blackKey; } #endif void wc_SECO_AesSetKeyID(Aes* aes, int keyId) { aes->blackKey = keyId; } int wc_SECO_AesGetKeyID(Aes* aes) { return aes->blackKey; } /* return 0 on success and fill in out buffer (must be 32 bytes) */ int wc_SECO_ExportKEK(byte* out, byte outSz, byte isCommon) { hsm_err_t err; op_export_root_kek_args_t export_args; XMEMSET(&export_args, 0, sizeof(export_args)); export_args.signed_message = NULL; export_args.signed_msg_size = 0; if (isCommon == 1) { export_args.flags = HSM_OP_EXPORT_ROOT_KEK_FLAGS_COMMON_KEK; } else { export_args.flags = HSM_OP_EXPORT_ROOT_KEK_FLAGS_UNIQUE_KEK; } export_args.out_root_kek = out; export_args.root_kek_size = outSz; err = hsm_export_root_key_encryption_key (hsm_session, &export_args); if (wc_TranslateHSMError(0, err) != Success) { return -1; } else { return 0; } } /* make a black key using HSM */ static hsm_err_t wc_SECO_ECDSA_Make(unsigned int args[4], CAAM_BUFFER *buf, int sz) { hsm_key_type_t keyType; (void)sz; keyType = ECDSELtoHSM(args[1] ^ CAAM_ECDSA_KEYGEN_PD); if (wc_SECO_GenerateKey(HSM_OP_KEY_GENERATION_FLAGS_CREATE, 1, (byte*)buf[1].TheAddress, buf[1].Length, keyType, CAAM_KEY_TRANSIENT, (word32*)&buf[0].TheAddress) == 0) { return HSM_NO_ERROR; } else { return HSM_GENERAL_ERROR; } } /* sign a message (hash(msg)) using a hsm key */ static hsm_err_t wc_SECO_ECDSA_Sign(unsigned int args[4], CAAM_BUFFER *buf, int sz) { hsm_err_t err; hsm_hdl_t sig_gen_hdl; open_svc_sign_gen_args_t open_args; op_generate_sign_args_t sig_args; byte sigOut[2*MAX_ECC_BYTES]; if (args[3] != 32 && args[3] != 48) { WOLFSSL_MSG("Unexpected key size"); return BAD_FUNC_ARG; } if (buf[1].Length != (int)args[3]) { WOLFSSL_MSG("Bad message input size"); return BAD_FUNC_ARG; } if (wc_LockMutex(&caamMutex) != 0) { return BAD_MUTEX_E; } XMEMSET(&open_args, 0, sizeof(open_args)); err = hsm_open_signature_generation_service(key_store_hdl, &open_args, &sig_gen_hdl); if (err == HSM_NO_ERROR) { XMEMSET(&sig_args, 0, sizeof(sig_args)); sig_args.key_identifier = buf[0].TheAddress; sig_args.message = (uint8_t*)buf[1].TheAddress; sig_args.message_size = buf[1].Length; sig_args.signature = sigOut; sig_args.signature_size = buf[2].Length + buf[3].Length + 1; if (args[3] == 32) { sig_args.scheme_id = HSM_SIGNATURE_SCHEME_ECDSA_NIST_P256_SHA_256; } else { sig_args.scheme_id = HSM_SIGNATURE_SCHEME_ECDSA_NIST_P384_SHA_384; } sig_args.flags = HSM_OP_GENERATE_SIGN_FLAGS_INPUT_DIGEST; #ifdef DEBUG_SECO printf("Trying to create an ECC signature:\n"); printf("\tkeyID : %u\n", sig_args.key_identifier); printf("\tmsg size : %d\n", sig_args.message_size); printf("\tsig size : %d\n", sig_args.signature_size); #endif err = hsm_generate_signature(sig_gen_hdl, &sig_args); /* always try to close sign service when open */ if (hsm_close_signature_generation_service(sig_gen_hdl) != HSM_NO_ERROR) { err = HSM_GENERAL_ERROR; } } /* copy out r and s on success */ if (err == HSM_NO_ERROR) { XMEMCPY((byte*)buf[2].TheAddress, sigOut, buf[2].Length); XMEMCPY((byte*)buf[3].TheAddress, sigOut + buf[2].Length, buf[3].Length); } wc_UnLockMutex(&caamMutex); (void)sz; if (wc_TranslateHSMError(0, err) != Success) { return -1; } else { return 0; } } /* verify a signature (hash(msg)) using HSM */ static hsm_err_t wc_SECO_ECDSA_Verify(unsigned int args[4], CAAM_BUFFER *buf, int sz) { hsm_err_t err; hsm_hdl_t sig_ver_hdl; open_svc_sign_ver_args_t open_sig_ver_args; op_verify_sign_args_t sig_ver_args; hsm_verification_status_t verify; byte rsR[2*MAX_ECC_BYTES]; word32 rsRSz = 2*MAX_ECC_BYTES; if (args[3] != 32 && args[3] != 48) { WOLFSSL_MSG("Unexpected key size"); return BAD_FUNC_ARG; } if (buf[1].Length != (int)args[3]) { WOLFSSL_MSG("Bad message input size"); return BAD_FUNC_ARG; } if (wc_LockMutex(&caamMutex) != 0) { return BAD_MUTEX_E; } XMEMSET(rsR, 0, rsRSz); XMEMCPY(rsR, (byte*)buf[2].TheAddress, buf[2].Length); XMEMCPY(rsR + buf[2].Length, (byte*)buf[3].TheAddress, buf[3].Length); rsRSz = buf[2].Length + buf[3].Length + 1; /* +1 for the HSM compression */ XMEMSET(&open_sig_ver_args, 0, sizeof(open_sig_ver_args)); err = hsm_open_signature_verification_service(hsm_session, &open_sig_ver_args, &sig_ver_hdl); if (err == HSM_NO_ERROR) { XMEMSET(&sig_ver_args, 0, sizeof(sig_ver_args)); sig_ver_args.key = (uint8_t*)buf[0].TheAddress; sig_ver_args.key_size = buf[0].Length; sig_ver_args.message = (uint8_t*)buf[1].TheAddress; sig_ver_args.message_size = buf[1].Length; sig_ver_args.signature = rsR; sig_ver_args.signature_size = rsRSz; if (args[3] == 32) { sig_ver_args.scheme_id = HSM_SIGNATURE_SCHEME_ECDSA_NIST_P256_SHA_256; } else { sig_ver_args.scheme_id = HSM_SIGNATURE_SCHEME_ECDSA_NIST_P384_SHA_384; } sig_ver_args.flags = HSM_OP_VERIFY_SIGN_FLAGS_INPUT_DIGEST; #ifdef DEBUG_SECO { word32 i; printf("Trying to verify an ECC signature:\n"); printf("\tpublic key : "); for (i = 0; i < sig_ver_args.key_size; i++) printf("%02X", sig_ver_args.key[i]); printf("\n"); printf("\tsignature : "); for (i = 0; i < sig_ver_args.signature_size; i++) printf("%02X", sig_ver_args.signature[i]); printf("\n"); printf("\tmsg size : %d\n", sig_ver_args.message_size); } #endif err = hsm_verify_signature (sig_ver_hdl, &sig_ver_args, &verify); if (verify != HSM_VERIFICATION_STATUS_SUCCESS) { WOLFSSL_MSG("Verification found bad signature"); err = HSM_GENERAL_ERROR; } if (hsm_close_signature_verification_service(sig_ver_hdl) != HSM_NO_ERROR) { err = HSM_GENERAL_ERROR; } } wc_UnLockMutex(&caamMutex); (void)sz; return err; } static hsm_err_t wc_SECO_CMAC(unsigned int args[4], CAAM_BUFFER* buf, int sz) { unsigned int blackKey; hsm_err_t err; hsm_hdl_t mac_hdl; open_svc_mac_args_t mac_svc_args; op_mac_one_go_args_t mac_args; hsm_mac_verification_status_t status; if ((args[0] & CAAM_ALG_FINAL) == 0) { WOLFSSL_MSG("CMAC expected only in final case!"); return HSM_GENERAL_ERROR; } blackKey = args[2]; /* black key listed as 0, the key needs to be imported */ if (blackKey == 0) { int keyGroup = 1; /* group one was chosen arbitrarily */ byte importIV[GCM_NONCE_MID_SZ]; int importIVSz = GCM_NONCE_MID_SZ; int keyType = 0; WC_RNG rng; if (wc_InitRng(&rng) != 0) { WOLFSSL_MSG("RNG init for IV failed"); return HSM_GENERAL_ERROR; } if (wc_RNG_GenerateBlock(&rng, importIV, importIVSz) != 0) { WOLFSSL_MSG("Generate IV failed"); wc_FreeRng(&rng); return HSM_GENERAL_ERROR; } wc_FreeRng(&rng); switch (buf[0].Length) { case AES_128_KEY_SIZE: keyType = CAAM_KEYTYPE_AES128; break; case AES_192_KEY_SIZE: keyType = CAAM_KEYTYPE_AES192; break; case AES_256_KEY_SIZE: keyType = CAAM_KEYTYPE_AES256; break; } blackKey = wc_SECO_WrapKey(0, (byte*)buf[0].TheAddress, buf[0].Length, importIV, importIVSz, keyType, CAAM_KEY_TRANSIENT, keyGroup); if (blackKey == 0) { return WC_HW_E; } } err = hsm_open_mac_service(key_store_hdl, &mac_svc_args, &mac_hdl); if (err == HSM_NO_ERROR) { mac_args.key_identifier = blackKey; /* blackKey / HSM */ mac_args.algorithm = HSM_OP_MAC_ONE_GO_ALGO_AES_CMAC; mac_args.flags = HSM_OP_MAC_ONE_GO_FLAGS_MAC_GENERATION; mac_args.payload = (uint8_t*)buf[2].TheAddress; mac_args.payload_size = buf[2].Length; mac_args.mac = (uint8_t*)buf[1].TheAddress; mac_args.mac_size = (buf[1].Length < WC_AES_BLOCK_SIZE)? buf[1].Length: WC_AES_BLOCK_SIZE; #ifdef DEBUG_SECO printf("CMAC arguments used:\n"); printf("\tkey id = %d\n", mac_args.key_identifier); printf("\tpayload = %p\n", mac_args.payload); printf("\tpayload size = %d\n", mac_args.payload_size); printf("\tmac out = %p\n", mac_args.mac); printf("\tmac out size = %d\n", mac_args.mac_size); #endif err = hsm_mac_one_go(mac_hdl, &mac_args, &status); /* always try to close mac service if open */ if (hsm_close_mac_service(mac_hdl) != HSM_NO_ERROR) { WOLFSSL_MSG("Error closing down mac service handle"); err = HSM_GENERAL_ERROR; } } (void)sz; return err; } /* common code between CBC,ECB, and CCM modes */ static hsm_err_t wc_SEC_AES_Common(unsigned int args[4], CAAM_BUFFER* buf, int sz, hsm_op_cipher_one_go_algo_t algo, uint8_t* in, int inSz, uint8_t* out, int outSz) { int dir; hsm_hdl_t cipher_hdl; open_svc_cipher_args_t open_args; op_cipher_one_go_args_t cipher_args; hsm_err_t err; XMEMSET(&open_args, 0, sizeof(open_args)); err = hsm_open_cipher_service(key_store_hdl, &open_args, &cipher_hdl); if (err == HSM_NO_ERROR) { XMEMSET(&cipher_args, 0, sizeof(cipher_args)); cipher_args.key_identifier = args[3]; /* black key / HSM */ if (algo == HSM_CIPHER_ONE_GO_ALGO_AES_ECB) { cipher_args.iv_size = 0; /* no iv with AES-ECB */ } else { cipher_args.iv = (uint8_t*)buf[1].TheAddress; cipher_args.iv_size = buf[1].Length; } cipher_args.cipher_algo = algo; dir = args[0] & 0xFFFF; /* extract direction enc/dec from input args */ if (dir == CAAM_DEC) { cipher_args.flags = HSM_CIPHER_ONE_GO_FLAGS_DECRYPT; } else { cipher_args.flags = HSM_CIPHER_ONE_GO_FLAGS_ENCRYPT; } cipher_args.input = in; cipher_args.input_size = inSz; cipher_args.output = out; cipher_args.output_size = outSz; #ifdef DEBUG_SECO printf("AES Operation :\n"); printf("\tkeyID : %u\n", cipher_args.key_identifier); printf("\tinput : %p\n", cipher_args.input); printf("\tinput sz : %d\n", cipher_args.input_size); printf("\toutput : %p\n", cipher_args.output); printf("\toutput sz : %d\n", cipher_args.output_size); printf("\tiv : %p\n", cipher_args.iv); printf("\tiv sz : %d\n", cipher_args.iv_size); #endif err = hsm_cipher_one_go(cipher_hdl, &cipher_args); /* always try to close cipher service if open */ if (hsm_close_cipher_service(cipher_hdl) != HSM_NO_ERROR) { err = HSM_GENERAL_ERROR; } } (void)sz; return err; } static hsm_err_t wc_SECO_AESECB(unsigned int args[4], CAAM_BUFFER* buf, int sz) { return wc_SEC_AES_Common(args, buf, sz, HSM_CIPHER_ONE_GO_ALGO_AES_ECB, (uint8_t*)buf[1].TheAddress, buf[1].Length, (uint8_t*)buf[2].TheAddress, buf[2].Length); } static hsm_err_t wc_SECO_AESCBC(unsigned int args[4], CAAM_BUFFER* buf, int sz) { return wc_SEC_AES_Common(args, buf, sz, HSM_CIPHER_ONE_GO_ALGO_AES_CBC, (uint8_t*)buf[2].TheAddress, buf[2].Length, (uint8_t*)buf[3].TheAddress, buf[3].Length); } static hsm_err_t wc_SECO_AESCCM(unsigned int args[4], CAAM_BUFFER* buf, int sz) { hsm_err_t err; uint8_t* in; uint8_t* out; int inSz; int outSz; int dir; byte* cipherAndTag = NULL; int cipherAndTagSz = 0; if (buf[1].Length != 12) { WOLFSSL_MSG("SECO expecting nonce size of 12"); return HSM_GENERAL_ERROR; } if (buf[4].Length != 16) { WOLFSSL_MSG("SECO expecting tag size of 16"); return HSM_GENERAL_ERROR; } if (buf[5].Length != 0) { WOLFSSL_MSG("SECO expecting adata size of 0"); return HSM_GENERAL_ERROR; } cipherAndTagSz = buf[4].Length + buf[2].Length; cipherAndTag = (byte*)XMALLOC(cipherAndTagSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); dir = args[0] & 0xFFFF; /* get if doing enc or dec */ if (dir == CAAM_ENC) { in = (uint8_t*)buf[2].TheAddress; inSz = buf[2].Length; out = cipherAndTag; outSz = cipherAndTagSz; } else { XMEMCPY(cipherAndTag, (uint8_t*)buf[2].TheAddress, buf[2].Length); XMEMCPY(cipherAndTag + buf[2].Length, (uint8_t*)buf[4].TheAddress, buf[4].Length); in = cipherAndTag; inSz = cipherAndTagSz; out = (uint8_t*)buf[3].TheAddress; outSz = buf[3].Length; } err = wc_SEC_AES_Common(args, buf, sz, HSM_CIPHER_ONE_GO_ALGO_AES_CCM, in, inSz, out, outSz); if (err == HSM_NO_ERROR) { if (dir == CAAM_ENC) { XMEMCPY((uint8_t*)buf[4].TheAddress, cipherAndTag + inSz, buf[4].Length); XMEMCPY((uint8_t*)buf[3].TheAddress, cipherAndTag, buf[3].Length); } } XFREE(cipherAndTag, NULL, DYNAMIC_TYPE_TMP_BUFFER); return err; } static hsm_err_t wc_SECO_AESGCM(unsigned int args[4], CAAM_BUFFER* buf, int sz) { hsm_err_t err; hsm_hdl_t cipher_hdl; op_auth_enc_args_t auth_args; open_svc_cipher_args_t open_args; uint8_t* in; uint8_t* out; int inSz; int outSz; byte* cipherAndTag = NULL; int cipherAndTagSz = 0; int dir; dir = args[0] & 0xFFFF; /* extract direction enc/dec from input args */ XMEMSET(&open_args, 0, sizeof(open_args)); err = hsm_open_cipher_service(key_store_hdl, &open_args, &cipher_hdl); if (err == HSM_NO_ERROR) { cipherAndTagSz = buf[4].Length + buf[2].Length; cipherAndTag = (byte*)XMALLOC(cipherAndTagSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (dir == CAAM_ENC) { in = (uint8_t*)buf[2].TheAddress; inSz = buf[2].Length; out = cipherAndTag; outSz = cipherAndTagSz; } else { XMEMCPY(cipherAndTag, (uint8_t*)buf[2].TheAddress, buf[2].Length); XMEMCPY(cipherAndTag + buf[2].Length, (uint8_t*)buf[4].TheAddress, buf[4].Length); in = cipherAndTag; inSz = cipherAndTagSz; out = (uint8_t*)buf[3].TheAddress; outSz = buf[3].Length; } auth_args.key_identifier = args[3]; /* black key / HSM */ auth_args.iv = (uint8_t*)buf[1].TheAddress; auth_args.iv_size = buf[1].Length; auth_args.input = in; auth_args.input_size = inSz; auth_args.output = out; auth_args.output_size = outSz; auth_args.aad = (uint8_t*)buf[5].TheAddress; auth_args.aad_size = buf[5].Length; if (dir == CAAM_DEC) { auth_args.flags = HSM_AUTH_ENC_FLAGS_DECRYPT; } else { auth_args.flags = HSM_AUTH_ENC_FLAGS_ENCRYPT; } auth_args.ae_algo = HSM_AUTH_ENC_ALGO_AES_GCM; #ifdef DEBUG_SECO printf("AES GCM Operation :\n"); printf("\tkeyID : %u\n", auth_args.key_identifier); printf("\tinput : %p\n", auth_args.input); printf("\tinput sz : %d\n", auth_args.input_size); printf("\toutput : %p\n", auth_args.output); printf("\toutput sz : %d\n", auth_args.output_size); printf("\tiv : %p\n", auth_args.iv); printf("\tiv sz : %d\n", auth_args.iv_size); printf("\taad : %p\n", auth_args.aad); printf("\taad sz : %d\n", auth_args.aad_size); #endif err = hsm_auth_enc(cipher_hdl, &auth_args); /* always try to close cipher service if open */ if (hsm_close_cipher_service(cipher_hdl) != HSM_NO_ERROR) { err = HSM_GENERAL_ERROR; } } if (err == HSM_NO_ERROR) { if (dir == CAAM_ENC) { XMEMCPY((uint8_t*)buf[4].TheAddress, cipherAndTag + inSz, buf[4].Length); XMEMCPY((uint8_t*)buf[3].TheAddress, cipherAndTag, buf[3].Length); } } XFREE(cipherAndTag, NULL, DYNAMIC_TYPE_TMP_BUFFER); (void)sz; return err; } /* use KEK to encrypt and import a key * return 0 on failure and new key ID on success */ word32 wc_SECO_WrapKey(word32 keyId, byte* in, word32 inSz, byte* iv, word32 ivSz, int keyType, int keyInfo, int group) { op_manage_key_args_t key_args; hsm_hdl_t key_mgmt_hdl; Aes aes; int ret = 0; word32 outId = 0; byte *wrappedKey = NULL; word32 wrappedKeySz; open_svc_key_management_args_t key_mgmt_args; hsm_err_t err; if (group > MAX_GROUP) { WOLFSSL_MSG("group number is too large"); return 0; } if (ivSz != (word32)GCM_NONCE_MID_SZ) { WOLFSSL_MSG("expected an IV size of 12"); return 0; } /* iv + key + tag */ wrappedKeySz = GCM_NONCE_MID_SZ + inSz + WC_AES_BLOCK_SIZE; wrappedKey = (byte*)XMALLOC(wrappedKeySz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (wrappedKey == NULL) { WOLFSSL_MSG("Error malloc'ing buffer for wrapped key"); return 0; } XMEMSET(&key_mgmt_args, 0, sizeof(key_mgmt_args)); err = hsm_open_key_management_service( key_store_hdl, &key_mgmt_args, &key_mgmt_hdl); XMEMSET(&key_args, 0, sizeof(key_args)); XMEMSET(wrappedKey, 0, wrappedKeySz); XMEMCPY(wrappedKey, iv, ivSz); key_args.flags = HSM_OP_MANAGE_KEY_FLAGS_IMPORT_CREATE; if (keyId == 0) { /* use the root unique key if no ID is provided */ byte KEK[AES_256_KEY_SIZE]; byte KEKSz = AES_256_KEY_SIZE; ret = wc_SECO_ExportKEK(KEK, KEKSz, 0); if (ret != 0) { WOLFSSL_MSG("error with getting KEK from device"); } if (ret == 0) { /* use software implementation for encrypting with KEK */ ret = wc_AesInit(&aes, NULL, INVALID_DEVID); } if (ret == 0) { ret = wc_AesGcmSetKey(&aes, KEK, KEKSz); if (ret != 0) { WOLFSSL_MSG("error with AES-GCM set key"); } } key_args.flags |= HSM_OP_MANAGE_KEY_FLAGS_PART_UNIQUE_ROOT_KEK; #if 0 /* for now only using the unique kek, this would be for common */ key_args.flags |= HSM_OP_MANAGE_KEY_FLAGS_COMMON_ROOT_KEK; #endif } else { wc_AesInit(&aes, NULL, WOLFSSL_SECO_DEVID); wc_SECO_AesSetKeyID(&aes, keyId); } if (ret == 0) { ret = wc_AesGcmEncrypt(&aes, wrappedKey + ivSz, in, inSz, wrappedKey, ivSz, wrappedKey + ivSz + inSz, WC_AES_BLOCK_SIZE, NULL, 0); if (ret != 0) { WOLFSSL_MSG("error with AES-GCM encrypt when wrapping key"); } } if (err == HSM_NO_ERROR) { key_args.key_identifier = &outId; key_args.kek_identifier = keyId; key_args.key_group = group; key_args.key_type = KeyTypeToHSM(keyType); key_args.key_info = KeyInfoToHSM(keyInfo); key_args.input_data = wrappedKey; key_args.input_size = wrappedKeySz; #ifdef DEBUG_SECO { word32 i; printf("Import Key Operation :\n"); printf("\tkey ID : %u\n", *key_args.key_identifier); printf("\tkEK ID : %u\n", key_args.kek_identifier); printf("\tflags : %u\n", key_args.flags); printf("\tgroup : %u\n", key_args.key_group); printf("\tkey type : %d\n", key_args.key_type); printf("\tkey info : %d\n", key_args.key_info); printf("\tkey input Size [iv | key | tag ]: %d\n", key_args.input_size); printf("\t[iv] = "); for (i = 0; i < 12; i++) printf("%02X", key_args.input_data[i]); printf("\n"); printf("\t[enc] = "); for (i = 12; i < 12 + inSz; i++) printf("%02X", key_args.input_data[i]); printf("\n"); printf("\t[tag] = "); for (i = 12 + inSz; i < 12 + inSz + 16; i++) printf("%02X", key_args.input_data[i]); printf("\n"); } #endif /* only try to import if the AES-GCM encrypt was successful */ if (ret == 0) { err = hsm_manage_key(key_mgmt_hdl, &key_args); } #ifdef DEBUG_SECO if (err == HSM_NO_ERROR) { printf("Result of Import Key Operation :\n"); printf("\tkey ID : %u\n", *key_args.key_identifier); } #endif /* always try to close key management if open */ if (hsm_close_key_management_service(key_mgmt_hdl) != HSM_NO_ERROR) { err = HSM_GENERAL_ERROR; } } XFREE(wrappedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (wc_TranslateHSMError(0, err) != Success) { return 0; } else { return *key_args.key_identifier; } } /* Translates the HSM error to wolfSSL error and does debug print out */ int wc_TranslateHSMError(int current, hsm_err_t err) { int ret = -1; switch (err) { case HSM_NO_ERROR: ret = Success; break; case HSM_INVALID_MESSAGE: WOLFSSL_MSG("SECO HSM: Invalid/unknown msg"); break; case HSM_INVALID_ADDRESS: WOLFSSL_MSG("SECO HSM: Invalid address"); break; case HSM_UNKNOWN_ID: WOLFSSL_MSG("SECO HSM: unknown ID"); break; case HSM_INVALID_PARAM: WOLFSSL_MSG("SECO HSM: invalid param"); break; case HSM_NVM_ERROR: WOLFSSL_MSG("SECO HSM: generic nvm error"); break; case HSM_OUT_OF_MEMORY: WOLFSSL_MSG("SECO HSM: out of memory"); break; case HSM_UNKNOWN_HANDLE: WOLFSSL_MSG("SECO HSM: unknown handle"); break; case HSM_UNKNOWN_KEY_STORE: WOLFSSL_MSG("SECO HSM: unknown key store"); break; case HSM_KEY_STORE_AUTH: WOLFSSL_MSG("SECO HSM: key store auth error"); break; case HSM_KEY_STORE_ERROR: WOLFSSL_MSG("SECO HSM: key store error"); break; case HSM_ID_CONFLICT: WOLFSSL_MSG("SECO HSM: id conflict"); break; case HSM_RNG_NOT_STARTED: WOLFSSL_MSG("SECO HSM: RNG not started"); break; case HSM_CMD_NOT_SUPPORTED: WOLFSSL_MSG("SECO HSM: CMD not support"); break; case HSM_INVALID_LIFECYCLE: WOLFSSL_MSG("SECO HSM: invalid lifecycle"); break; case HSM_KEY_STORE_CONFLICT: WOLFSSL_MSG("SECO HSM: store conflict"); break; case HSM_KEY_STORE_COUNTER: WOLFSSL_MSG("SECO HSM: key store counter error"); break; case HSM_FEATURE_NOT_SUPPORTED: WOLFSSL_MSG("SECO HSM: feature not supported"); break; case HSM_SELF_TEST_FAILURE: WOLFSSL_MSG("SECO HSM: self test failure"); break; case HSM_NOT_READY_RATING: WOLFSSL_MSG("SECO HSM: not ready"); break; case HSM_FEATURE_DISABLED: WOLFSSL_MSG("SECO HSM: feature is disabled error"); break; case HSM_GENERAL_ERROR: WOLFSSL_MSG("SECO HSM: general error found"); break; default: WOLFSSL_MSG("SECO HSM: unknown error value found"); } if (current != 0) { WOLFSSL_MSG("In an error state before SECO HSM error"); ret = current; } return ret; } /* Do a synchronous operations and block till done * returns Success on success */ int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf, int sz) { int ret = 0; hsm_err_t err = HSM_NO_ERROR; CAAM_ADDRESS pubkey, privkey; switch (type) { case CAAM_ENTROPY: err = wc_SECO_RNG(args, buf, sz); break; case CAAM_SHA224: case CAAM_SHA256: case CAAM_SHA384: case CAAM_SHA512: err = wc_SECO_Hash(args, buf, sz, type); break; case CAAM_GET_PART: case CAAM_FREE_PART: case CAAM_FIND_PART: case CAAM_READ_PART: case CAAM_WRITE_PART: break; case CAAM_ECDSA_KEYPAIR: err = wc_SECO_ECDSA_Make(args, buf, sz); break; case CAAM_ECDSA_VERIFY: err = wc_SECO_ECDSA_Verify(args, buf, sz); break; case CAAM_ECDSA_SIGN: err = wc_SECO_ECDSA_Sign(args, buf, sz); break; case CAAM_ECDSA_ECDH: break; case CAAM_BLOB_ENCAP: case CAAM_BLOB_DECAP: break; case CAAM_AESECB: err = wc_SECO_AESECB(args, buf, sz); break; case CAAM_AESCBC: err = wc_SECO_AESCBC(args, buf, sz); break; case CAAM_AESCCM: err = wc_SECO_AESCCM(args, buf, sz); break; case CAAM_AESGCM: err = wc_SECO_AESGCM(args, buf, sz); break; case CAAM_CMAC: err = wc_SECO_CMAC(args, buf, sz); break; case CAAM_FIFO_S: default: WOLFSSL_MSG("Unknown/unsupported type"); ret = -1; } (void)pubkey; (void)privkey; (void)sz; return wc_TranslateHSMError(ret, err); } #endif /* WOLFSSL_SECO_CAAM */