1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417 |
- /* wolfcaam_seco.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #if defined(WOLFSSL_SECO_CAAM)
- #include <hsm/hsm_api.h>
- #include <seco_nvm.h>
- #include <wolfssl/wolfcrypt/logging.h>
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
- #include <wolfssl/wolfcrypt/cmac.h>
- #include <wolfssl/wolfcrypt/aes.h>
- #define MAX_SECO_TIMEOUT 1000
- static wolfSSL_Mutex caamMutex;
- static pthread_t tid;
- static uint32_t nvm_status = 0;
- static hsm_hdl_t hsm_session;
- static hsm_hdl_t key_store_hdl;
- static int wc_TranslateHSMError(int current, hsm_err_t err);
- static void* hsm_storage_init(void* args)
- {
- seco_nvm_manager(NVM_FLAGS_HSM, &nvm_status);
- (void)args;
- return NULL;
- }
- /* return 0 on success */
- int wc_SECOInitInterface()
- {
- int i;
- open_session_args_t session_args;
- hsm_err_t err;
- nvm_status = NVM_STATUS_UNDEF;
- if (wc_InitMutex(&caamMutex) != 0) {
- WOLFSSL_MSG("Could not init mutex");
- return -1;
- }
- (void)pthread_create(&tid, NULL, hsm_storage_init, NULL);
- /* wait for NVM to be ready for SECO */
- for (i = 0 ; i < MAX_SECO_TIMEOUT && nvm_status <= NVM_STATUS_STARTING;
- i++) {
- usleep(1000);
- }
- if (i == MAX_SECO_TIMEOUT) {
- WOLFSSL_MSG("Timed out waiting for SECO setup");
- return -1;
- }
- if (nvm_status == NVM_STATUS_STOPPED) {
- WOLFSSL_MSG("Error with SECO setup");
- return -1;
- }
- session_args.session_priority = 0;
- session_args.operating_mode = 0;
- err = hsm_open_session(&session_args, &hsm_session);
- if (err != HSM_NO_ERROR) {
- WOLFSSL_MSG("Error with HSM session open");
- return -1;
- }
- WOLFSSL_MSG("SECO HSM setup done");
- return 0;
- }
- void wc_SECOFreeInterface()
- {
- hsm_err_t err;
- err = hsm_close_session(hsm_session);
- if (err != HSM_NO_ERROR) {
- WOLFSSL_MSG("Error with HSM session close");
- }
- if (nvm_status != NVM_STATUS_STOPPED) {
- if (pthread_cancel(tid) != 0) {
- WOLFSSL_MSG("SECO HSM thread shutdown failed");
- }
- }
- seco_nvm_close_session();
- WOLFSSL_MSG("SECO HSM shutdown");
- wc_FreeMutex(&caamMutex);
- }
- /* open the key management HSM handle
- * return 0 on success
- */
- int wc_SECO_OpenHSM(word32 keyStoreId, word32 nonce, word16 maxUpdates,
- byte flag)
- {
- hsm_err_t err;
- open_svc_key_store_args_t key_store_args;
- XMEMSET(&key_store_args, 0, sizeof(open_svc_key_store_args_t));
- key_store_args.key_store_identifier = keyStoreId,
- key_store_args.authentication_nonce = nonce;
- key_store_args.max_updates_number = maxUpdates;
- switch (flag) {
- case CAAM_KEYSTORE_CREATE:
- key_store_args.flags = HSM_SVC_KEY_STORE_FLAGS_CREATE;
- break;
- case CAAM_KEYSTORE_UPDATE:
- #ifdef HSM_SVC_KEY_STORE_FLAGS_UPDATE
- key_store_args.flags = HSM_SVC_KEY_STORE_FLAGS_UPDATE;
- #else
- key_store_args.flags = 0;
- #endif
- break;
- default:
- WOLFSSL_MSG("Unknown flag");
- return -1;
- }
- err = hsm_open_key_store_service(hsm_session, &key_store_args,
- &key_store_hdl);
- if (wc_TranslateHSMError(0, err) != Success) {
- return -1;
- }
- else {
- return 0;
- }
- }
- /* close the key management HSM handle
- * return 0 on success
- */
- int wc_SECO_CloseHSM()
- {
- hsm_err_t err = hsm_close_key_store_service(key_store_hdl);
- if (wc_TranslateHSMError(0, err) != Success) {
- return -1;
- }
- else {
- return 0;
- }
- }
- /* returns error enum found from hsm calls, HSM_NO_ERROR on success */
- static hsm_err_t wc_SECO_RNG(unsigned int args[4], CAAM_BUFFER *buf, int sz)
- {
- hsm_hdl_t rng;
- hsm_err_t err;
- open_svc_rng_args_t svcArgs = {0};
- op_get_random_args_t rngArgs = {0};
- err = hsm_open_rng_service(hsm_session, &svcArgs, &rng);
- if (err == HSM_NO_ERROR) {
- rngArgs.output = (uint8_t*)buf[0].TheAddress;
- rngArgs.random_size = (uint32_t)buf[0].Length;
- err = hsm_get_random(rng, &rngArgs);
- #ifdef DEBUG_SECO
- {
- uint32_t z;
- printf("Pulled rng data from HSM :");
- for (z = 0; z < rngArgs.random_size; z++)
- printf("%02X", rngArgs.output[z]);
- printf("\n");
- }
- #endif
- }
- if (err == HSM_NO_ERROR) {
- err = hsm_close_rng_service(rng);
- }
- (void)args;
- (void)sz;
- return err;
- }
- static hsm_err_t wc_SECO_Hash(unsigned args[4], CAAM_BUFFER *buf, int sz,
- int type)
- {
- hsm_hdl_t hash;
- hsm_err_t err = HSM_NO_ERROR;
- op_hash_one_go_args_t hashArgs = {0};
- open_svc_hash_args_t sessionArgs = {0};
- if (args[0] != CAAM_ALG_FINAL) {
- WOLFSSL_MSG("Only expecting to call the HSM on final");
- err = HSM_GENERAL_ERROR;
- }
- if (err == HSM_NO_ERROR) {
- err = hsm_open_hash_service(hsm_session, &sessionArgs, &hash);
- }
- if (err == HSM_NO_ERROR) {
- switch (type) {
- case CAAM_SHA224:
- hashArgs.algo = HSM_HASH_ALGO_SHA_224;
- break;
- case CAAM_SHA256:
- hashArgs.algo = HSM_HASH_ALGO_SHA_256;
- break;
- case CAAM_SHA384:
- hashArgs.algo = HSM_HASH_ALGO_SHA_384;
- break;
- case CAAM_SHA512:
- hashArgs.algo = HSM_HASH_ALGO_SHA_512;
- break;
- }
- hashArgs.output = (uint8_t*)buf[0].TheAddress;
- hashArgs.output_size = buf[0].Length;
- hashArgs.input = (uint8_t*)buf[1].TheAddress;
- hashArgs.input_size = buf[1].Length;
- err = hsm_hash_one_go(hash, &hashArgs);
- if (err != HSM_NO_ERROR) {
- WOLFSSL_MSG("Error with HSM hash call");
- }
- #ifdef DEBUG_SECO
- {
- word32 z;
- printf("hash algo type = %d\n", hashArgs.algo);
- printf("\tlength of input data = %d\n", hashArgs.input_size);
- printf("\toutput : ");
- for (z = 0; z < hashArgs.output_size; z++)
- printf("%02X", hashArgs.output[z]);
- printf("\n");
- }
- #endif
- /* always try to close the hash handle */
- if (hsm_close_hash_service(hash) != HSM_NO_ERROR) {
- WOLFSSL_MSG("Error with HSM hash close");
- if (err == HSM_NO_ERROR) {
- err = HSM_GENERAL_ERROR;
- }
- }
- }
- (void)sz;
- return err;
- }
- /* convert ECDSEL type to HSM type
- * return 0 on fail
- */
- static hsm_key_type_t ECDSELtoHSM(int ecdsel)
- {
- switch (ecdsel) {
- case CAAM_ECDSA_P192:
- case CAAM_ECDSA_P224:
- WOLFSSL_MSG("P192 and P224 are not supported");
- break;
- case CAAM_ECDSA_P256:
- return CAAM_KEYTYPE_ECDSA_P256;
- case CAAM_ECDSA_P384:
- return CAAM_KEYTYPE_ECDSA_P384;
- case CAAM_ECDSA_P521:
- return CAAM_KEYTYPE_ECDSA_P521;
- }
- return 0;
- }
- static hsm_key_type_t KeyTypeToHSM(int keyTypeIn)
- {
- hsm_key_type_t ret = 0;
- switch (keyTypeIn) {
- case CAAM_KEYTYPE_ECDSA_P256:
- ret = HSM_KEY_TYPE_ECDSA_NIST_P256;
- break;
- case CAAM_KEYTYPE_ECDSA_P384:
- ret = HSM_KEY_TYPE_ECDSA_NIST_P384;
- break;
- case CAAM_KEYTYPE_ECDSA_P521:
- ret = HSM_KEY_TYPE_ECDSA_NIST_P521;
- break;
- case CAAM_KEYTYPE_AES128:
- ret = HSM_KEY_TYPE_AES_128;
- break;
- case CAAM_KEYTYPE_AES192:
- ret = HSM_KEY_TYPE_AES_192;
- break;
- case CAAM_KEYTYPE_AES256:
- ret = HSM_KEY_TYPE_AES_256;
- break;
- #ifdef HSM_KEY_TYPE_HMAC_224
- case CAAM_KEYTYPE_HMAC224:
- ret = HSM_KEY_TYPE_HMAC_224;
- break;
- #endif
- #ifdef HSM_KEY_TYPE_HMAC_256
- case CAAM_KEYTYPE_HMAC256:
- ret = HSM_KEY_TYPE_HMAC_256;
- break;
- #endif
- #ifdef HSM_KEY_TYPE_HMAC_384
- case CAAM_KEYTYPE_HMAC384:
- ret = HSM_KEY_TYPE_HMAC_384;
- break;
- #endif
- #ifdef HSM_KEY_TYPE_HMAC_512
- case CAAM_KEYTYPE_HMAC512:
- ret = HSM_KEY_TYPE_HMAC_512;
- break;
- #endif
- }
- return ret;
- }
- static hsm_key_info_t KeyInfoToHSM(int keyInfoIn)
- {
- hsm_key_info_t ret = 0;
- switch (keyInfoIn) {
- case CAAM_KEY_PERSISTENT:
- ret = HSM_KEY_INFO_PERSISTENT;
- break;
- case CAAM_KEY_TRANSIENT:
- ret = HSM_KEY_INFO_TRANSIENT;
- break;
- case CAAM_KEY_KEK:
- ret = HSM_KEY_INFO_KEK;
- break;
- }
- return ret;
- }
- static int KeyFlagsToHSM(int flags)
- {
- int ret = 0;
- #ifdef HSM_OP_KEY_GENERATION_FLAGS_UPDATE
- if (flags & CAAM_UPDATE_KEY) {
- ret = HSM_OP_KEY_GENERATION_FLAGS_UPDATE;
- }
- #endif
- #ifdef HSM_OP_KEY_GENERATION_FLAGS_CREATE
- if (flags & CAAM_GENERATE_KEY) {
- ret = HSM_OP_KEY_GENERATION_FLAGS_CREATE;
- }
- #endif
- return ret;
- }
- /* generic generate key with HSM
- * return 0 on success
- */
- int wc_SECO_GenerateKey(int flags, int group, byte* out, int outSz,
- int keyTypeIn, int keyInfoIn, unsigned int* keyIdOut)
- {
- hsm_err_t err;
- hsm_hdl_t key_mgmt_hdl;
- open_svc_key_management_args_t key_mgmt_args;
- op_generate_key_args_t key_args;
- hsm_key_type_t keyType;
- hsm_key_info_t keyInfo;
- if (flags == CAAM_UPDATE_KEY && group != 0) {
- WOLFSSL_MSG("Group must be 0 if updating key");
- return BAD_FUNC_ARG;
- }
- keyType = KeyTypeToHSM(keyTypeIn);
- keyInfo = KeyInfoToHSM(keyInfoIn);
- if (wc_LockMutex(&caamMutex) != 0) {
- return BAD_MUTEX_E;
- }
- XMEMSET(&key_mgmt_args, 0, sizeof(key_mgmt_args));
- err = hsm_open_key_management_service(
- key_store_hdl, &key_mgmt_args, &key_mgmt_hdl);
- /* setup key arguments */
- if (err == HSM_NO_ERROR) {
- XMEMSET(&key_args, 0, sizeof(key_args));
- key_args.key_identifier = keyIdOut;
- key_args.out_size = outSz;
- key_args.out_key = out;
- /* default to strict operations with key in NVM */
- key_args.flags = KeyFlagsToHSM(flags) |
- HSM_OP_KEY_GENERATION_FLAGS_STRICT_OPERATION;
- key_args.key_group = group;
- key_args.key_info = keyInfo;
- key_args.key_type = keyType;
- #ifdef DEBUG_SECO
- printf("Generating key using:\n");
- printf("\tflags = %d\n", key_args.flags);
- printf("\tgroup = %d\n", key_args.key_group);
- printf("\tinfo = %d\n", key_args.key_info);
- printf("\ttype = %d\n", key_args.key_type);
- printf("\tout = %p\n", key_args.out_key);
- printf("\toutSZ = %d\n", key_args.out_size);
- #endif
- err = hsm_generate_key(key_mgmt_hdl, &key_args);
- if (err != HSM_NO_ERROR) {
- WOLFSSL_MSG("Key generation error");
- }
- #ifdef DEBUG_SECO
- if (err == HSM_NO_ERROR) {
- printf("KeyID generated = %u\n", *key_args.key_identifier);
- }
- #endif
- /* always try to close key management if open */
- if (hsm_close_key_management_service(key_mgmt_hdl) != HSM_NO_ERROR) {
- err = HSM_GENERAL_ERROR;
- }
- }
- else {
- WOLFSSL_MSG("Could not open key management");
- }
- wc_UnLockMutex(&caamMutex);
- if (wc_TranslateHSMError(0, err) == Success) {
- return 0;
- }
- else {
- return -1;
- }
- }
- /* delete a key
- * return 0 on success
- */
- int wc_SECO_DeleteKey(unsigned int keyId, int group, int keyTypeIn)
- {
- hsm_hdl_t key_mgmt_hdl;
- open_svc_key_management_args_t key_mgmt_args;
- op_manage_key_args_t del_args;
- hsm_err_t err;
- XMEMSET(&key_mgmt_args, 0, sizeof(key_mgmt_args));
- err = hsm_open_key_management_service(
- key_store_hdl, &key_mgmt_args, &key_mgmt_hdl);
- if (err == HSM_NO_ERROR) {
- XMEMSET(&del_args, 0, sizeof(del_args));
- del_args.key_identifier = &keyId;
- del_args.flags = HSM_OP_MANAGE_KEY_FLAGS_DELETE;
- del_args.key_type = KeyTypeToHSM(keyTypeIn);
- del_args.key_group = group;
- #ifdef DEBUG_SECO
- printf("Trying to delete key:\n");
- printf("\tkeyID : %u\n", keyId);
- printf("\tkey type : %d\n", del_args.key_type);
- printf("\tkey grp : %d\n", del_args.key_group);
- #endif
- err = hsm_manage_key(key_mgmt_hdl, &del_args);
- /* always try to close key management if open */
- if (hsm_close_key_management_service(key_mgmt_hdl) != HSM_NO_ERROR) {
- err = HSM_GENERAL_ERROR;
- }
- }
- if (wc_TranslateHSMError(0, err) == Success) {
- return 0;
- }
- else {
- return -1;
- }
- }
- #if defined(WOLFSSL_CMAC)
- void wc_SECO_CMACSetKeyID(Cmac* cmac, int keyId)
- {
- cmac->blackKey = keyId;
- }
- int wc_SECO_CMACGetKeyID(Cmac* cmac)
- {
- return cmac->blackKey;
- }
- #endif
- void wc_SECO_AesSetKeyID(Aes* aes, int keyId)
- {
- aes->blackKey = keyId;
- }
- int wc_SECO_AesGetKeyID(Aes* aes)
- {
- return aes->blackKey;
- }
- /* return 0 on success and fill in out buffer (must be 32 bytes) */
- int wc_SECO_ExportKEK(byte* out, byte outSz, byte isCommon)
- {
- hsm_err_t err;
- op_export_root_kek_args_t export_args;
- XMEMSET(&export_args, 0, sizeof(export_args));
- export_args.signed_message = NULL;
- export_args.signed_msg_size = 0;
- if (isCommon == 1) {
- export_args.flags = HSM_OP_EXPORT_ROOT_KEK_FLAGS_COMMON_KEK;
- }
- else {
- export_args.flags = HSM_OP_EXPORT_ROOT_KEK_FLAGS_UNIQUE_KEK;
- }
- export_args.out_root_kek = out;
- export_args.root_kek_size = outSz;
- err = hsm_export_root_key_encryption_key (hsm_session, &export_args);
- if (wc_TranslateHSMError(0, err) != Success) {
- return -1;
- }
- else {
- return 0;
- }
- }
- /* make a black key using HSM */
- static hsm_err_t wc_SECO_ECDSA_Make(unsigned int args[4], CAAM_BUFFER *buf,
- int sz)
- {
- hsm_key_type_t keyType;
- (void)sz;
- keyType = ECDSELtoHSM(args[1] ^ CAAM_ECDSA_KEYGEN_PD);
- if (wc_SECO_GenerateKey(HSM_OP_KEY_GENERATION_FLAGS_CREATE,
- 1,
- (byte*)buf[1].TheAddress,
- buf[1].Length,
- keyType,
- CAAM_KEY_TRANSIENT,
- (word32*)&buf[0].TheAddress) == 0) {
- return HSM_NO_ERROR;
- }
- else {
- return HSM_GENERAL_ERROR;
- }
- }
- /* sign a message (hash(msg)) using a hsm key */
- static hsm_err_t wc_SECO_ECDSA_Sign(unsigned int args[4], CAAM_BUFFER *buf,
- int sz)
- {
- hsm_err_t err;
- hsm_hdl_t sig_gen_hdl;
- open_svc_sign_gen_args_t open_args;
- op_generate_sign_args_t sig_args;
- byte sigOut[2*MAX_ECC_BYTES];
- if (args[3] != 32 && args[3] != 48) {
- WOLFSSL_MSG("Unexpected key size");
- return BAD_FUNC_ARG;
- }
- if (buf[1].Length != (int)args[3]) {
- WOLFSSL_MSG("Bad message input size");
- return BAD_FUNC_ARG;
- }
- if (wc_LockMutex(&caamMutex) != 0) {
- return BAD_MUTEX_E;
- }
- XMEMSET(&open_args, 0, sizeof(open_args));
- err = hsm_open_signature_generation_service(key_store_hdl, &open_args,
- &sig_gen_hdl);
- if (err == HSM_NO_ERROR) {
- XMEMSET(&sig_args, 0, sizeof(sig_args));
- sig_args.key_identifier = buf[0].TheAddress;
- sig_args.message = (uint8_t*)buf[1].TheAddress;
- sig_args.message_size = buf[1].Length;
- sig_args.signature = sigOut;
- sig_args.signature_size = buf[2].Length + buf[3].Length + 1;
- if (args[3] == 32) {
- sig_args.scheme_id = HSM_SIGNATURE_SCHEME_ECDSA_NIST_P256_SHA_256;
- }
- else {
- sig_args.scheme_id = HSM_SIGNATURE_SCHEME_ECDSA_NIST_P384_SHA_384;
- }
- sig_args.flags = HSM_OP_GENERATE_SIGN_FLAGS_INPUT_DIGEST;
- #ifdef DEBUG_SECO
- printf("Trying to create an ECC signature:\n");
- printf("\tkeyID : %u\n", sig_args.key_identifier);
- printf("\tmsg size : %d\n", sig_args.message_size);
- printf("\tsig size : %d\n", sig_args.signature_size);
- #endif
- err = hsm_generate_signature(sig_gen_hdl, &sig_args);
- /* always try to close sign service when open */
- if (hsm_close_signature_generation_service(sig_gen_hdl)
- != HSM_NO_ERROR) {
- err = HSM_GENERAL_ERROR;
- }
- }
- /* copy out r and s on success */
- if (err == HSM_NO_ERROR) {
- XMEMCPY((byte*)buf[2].TheAddress, sigOut, buf[2].Length);
- XMEMCPY((byte*)buf[3].TheAddress, sigOut + buf[2].Length,
- buf[3].Length);
- }
- wc_UnLockMutex(&caamMutex);
- (void)sz;
- if (wc_TranslateHSMError(0, err) != Success) {
- return -1;
- }
- else {
- return 0;
- }
- }
- /* verify a signature (hash(msg)) using HSM */
- static hsm_err_t wc_SECO_ECDSA_Verify(unsigned int args[4], CAAM_BUFFER *buf,
- int sz)
- {
- hsm_err_t err;
- hsm_hdl_t sig_ver_hdl;
- open_svc_sign_ver_args_t open_sig_ver_args;
- op_verify_sign_args_t sig_ver_args;
- hsm_verification_status_t verify;
- byte rsR[2*MAX_ECC_BYTES];
- word32 rsRSz = 2*MAX_ECC_BYTES;
- if (args[3] != 32 && args[3] != 48) {
- WOLFSSL_MSG("Unexpected key size");
- return BAD_FUNC_ARG;
- }
- if (buf[1].Length != (int)args[3]) {
- WOLFSSL_MSG("Bad message input size");
- return BAD_FUNC_ARG;
- }
- if (wc_LockMutex(&caamMutex) != 0) {
- return BAD_MUTEX_E;
- }
- XMEMSET(rsR, 0, rsRSz);
- XMEMCPY(rsR, (byte*)buf[2].TheAddress, buf[2].Length);
- XMEMCPY(rsR + buf[2].Length, (byte*)buf[3].TheAddress, buf[3].Length);
- rsRSz = buf[2].Length + buf[3].Length + 1; /* +1 for the HSM compression */
- XMEMSET(&open_sig_ver_args, 0, sizeof(open_sig_ver_args));
- err = hsm_open_signature_verification_service(hsm_session,
- &open_sig_ver_args, &sig_ver_hdl);
- if (err == HSM_NO_ERROR) {
- XMEMSET(&sig_ver_args, 0, sizeof(sig_ver_args));
- sig_ver_args.key = (uint8_t*)buf[0].TheAddress;
- sig_ver_args.key_size = buf[0].Length;
- sig_ver_args.message = (uint8_t*)buf[1].TheAddress;
- sig_ver_args.message_size = buf[1].Length;
- sig_ver_args.signature = rsR;
- sig_ver_args.signature_size = rsRSz;
- if (args[3] == 32) {
- sig_ver_args.scheme_id =
- HSM_SIGNATURE_SCHEME_ECDSA_NIST_P256_SHA_256;
- }
- else {
- sig_ver_args.scheme_id =
- HSM_SIGNATURE_SCHEME_ECDSA_NIST_P384_SHA_384;
- }
- sig_ver_args.flags = HSM_OP_VERIFY_SIGN_FLAGS_INPUT_DIGEST;
- #ifdef DEBUG_SECO
- {
- word32 i;
- printf("Trying to verify an ECC signature:\n");
- printf("\tpublic key : ");
- for (i = 0; i < sig_ver_args.key_size; i++)
- printf("%02X", sig_ver_args.key[i]);
- printf("\n");
- printf("\tsignature : ");
- for (i = 0; i < sig_ver_args.signature_size; i++)
- printf("%02X", sig_ver_args.signature[i]);
- printf("\n");
- printf("\tmsg size : %d\n", sig_ver_args.message_size);
- }
- #endif
- err = hsm_verify_signature (sig_ver_hdl, &sig_ver_args,
- &verify);
- if (verify != HSM_VERIFICATION_STATUS_SUCCESS) {
- WOLFSSL_MSG("Verification found bad signature");
- err = HSM_GENERAL_ERROR;
- }
- if (hsm_close_signature_verification_service(sig_ver_hdl) !=
- HSM_NO_ERROR) {
- err = HSM_GENERAL_ERROR;
- }
- }
- wc_UnLockMutex(&caamMutex);
- (void)sz;
- return err;
- }
- static hsm_err_t wc_SECO_CMAC(unsigned int args[4], CAAM_BUFFER* buf, int sz)
- {
- unsigned int blackKey;
- hsm_err_t err;
- hsm_hdl_t mac_hdl;
- open_svc_mac_args_t mac_svc_args;
- op_mac_one_go_args_t mac_args;
- hsm_mac_verification_status_t status;
- if ((args[0] & CAAM_ALG_FINAL) == 0) {
- WOLFSSL_MSG("CMAC expected only in final case!");
- return HSM_GENERAL_ERROR;
- }
- blackKey = args[2];
- /* black key listed as 0, the key needs to be imported */
- if (blackKey == 0) {
- int keyGroup = 1; /* group one was chosen arbitrarily */
- byte importIV[GCM_NONCE_MID_SZ];
- int importIVSz = GCM_NONCE_MID_SZ;
- int keyType = 0;
- WC_RNG rng;
- if (wc_InitRng(&rng) != 0) {
- WOLFSSL_MSG("RNG init for IV failed");
- return HSM_GENERAL_ERROR;
- }
- if (wc_RNG_GenerateBlock(&rng, importIV, importIVSz) != 0) {
- WOLFSSL_MSG("Generate IV failed");
- wc_FreeRng(&rng);
- return HSM_GENERAL_ERROR;
- }
- wc_FreeRng(&rng);
- switch (buf[0].Length) {
- case AES_128_KEY_SIZE: keyType = CAAM_KEYTYPE_AES128; break;
- case AES_192_KEY_SIZE: keyType = CAAM_KEYTYPE_AES192; break;
- case AES_256_KEY_SIZE: keyType = CAAM_KEYTYPE_AES256; break;
- }
- blackKey = wc_SECO_WrapKey(0, (byte*)buf[0].TheAddress, buf[0].Length,
- importIV, importIVSz, keyType, CAAM_KEY_TRANSIENT, keyGroup);
- if (blackKey == 0) {
- return WC_HW_E;
- }
- }
- err = hsm_open_mac_service(key_store_hdl, &mac_svc_args, &mac_hdl);
- if (err == HSM_NO_ERROR) {
- mac_args.key_identifier = blackKey; /* blackKey / HSM */
- mac_args.algorithm = HSM_OP_MAC_ONE_GO_ALGO_AES_CMAC;
- mac_args.flags = HSM_OP_MAC_ONE_GO_FLAGS_MAC_GENERATION;
- mac_args.payload = (uint8_t*)buf[2].TheAddress;
- mac_args.payload_size = buf[2].Length;
- mac_args.mac = (uint8_t*)buf[1].TheAddress;
- mac_args.mac_size = (buf[1].Length < AES_BLOCK_SIZE)? buf[1].Length:
- AES_BLOCK_SIZE;
- #ifdef DEBUG_SECO
- printf("CMAC arguments used:\n");
- printf("\tkey id = %d\n", mac_args.key_identifier);
- printf("\tpayload = %p\n", mac_args.payload);
- printf("\tpayload size = %d\n", mac_args.payload_size);
- printf("\tmac out = %p\n", mac_args.mac);
- printf("\tmac out size = %d\n", mac_args.mac_size);
- #endif
- err = hsm_mac_one_go(mac_hdl, &mac_args, &status);
- /* always try to close mac service if open */
- if (hsm_close_mac_service(mac_hdl) != HSM_NO_ERROR) {
- WOLFSSL_MSG("Error closing down mac service handle");
- err = HSM_GENERAL_ERROR;
- }
- }
- (void)sz;
- return err;
- }
- /* common code between CBC,ECB, and CCM modes */
- static hsm_err_t wc_SEC_AES_Common(unsigned int args[4], CAAM_BUFFER* buf,
- int sz, hsm_op_cipher_one_go_algo_t algo,
- uint8_t* in, int inSz, uint8_t* out, int outSz)
- {
- int dir;
- hsm_hdl_t cipher_hdl;
- open_svc_cipher_args_t open_args;
- op_cipher_one_go_args_t cipher_args;
- hsm_err_t err;
- XMEMSET(&open_args, 0, sizeof(open_args));
- err = hsm_open_cipher_service(key_store_hdl, &open_args, &cipher_hdl);
- if (err == HSM_NO_ERROR) {
- XMEMSET(&cipher_args, 0, sizeof(cipher_args));
- cipher_args.key_identifier = args[3]; /* black key / HSM */
- if (algo == HSM_CIPHER_ONE_GO_ALGO_AES_ECB) {
- cipher_args.iv_size = 0; /* no iv with AES-ECB */
- }
- else {
- cipher_args.iv = (uint8_t*)buf[1].TheAddress;
- cipher_args.iv_size = buf[1].Length;
- }
- cipher_args.cipher_algo = algo;
- dir = args[0] & 0xFFFF; /* extract direction enc/dec from input args */
- if (dir == CAAM_DEC) {
- cipher_args.flags = HSM_CIPHER_ONE_GO_FLAGS_DECRYPT;
- }
- else {
- cipher_args.flags = HSM_CIPHER_ONE_GO_FLAGS_ENCRYPT;
- }
- cipher_args.input = in;
- cipher_args.input_size = inSz;
- cipher_args.output = out;
- cipher_args.output_size = outSz;
- #ifdef DEBUG_SECO
- printf("AES Operation :\n");
- printf("\tkeyID : %u\n", cipher_args.key_identifier);
- printf("\tinput : %p\n", cipher_args.input);
- printf("\tinput sz : %d\n", cipher_args.input_size);
- printf("\toutput : %p\n", cipher_args.output);
- printf("\toutput sz : %d\n", cipher_args.output_size);
- printf("\tiv : %p\n", cipher_args.iv);
- printf("\tiv sz : %d\n", cipher_args.iv_size);
- #endif
- err = hsm_cipher_one_go(cipher_hdl, &cipher_args);
- /* always try to close cipher service if open */
- if (hsm_close_cipher_service(cipher_hdl) != HSM_NO_ERROR) {
- err = HSM_GENERAL_ERROR;
- }
- }
- (void)sz;
- return err;
- }
- static hsm_err_t wc_SECO_AESECB(unsigned int args[4], CAAM_BUFFER* buf, int sz)
- {
- return wc_SEC_AES_Common(args, buf, sz, HSM_CIPHER_ONE_GO_ALGO_AES_ECB,
- (uint8_t*)buf[1].TheAddress, buf[1].Length,
- (uint8_t*)buf[2].TheAddress, buf[2].Length);
- }
- static hsm_err_t wc_SECO_AESCBC(unsigned int args[4], CAAM_BUFFER* buf, int sz)
- {
- return wc_SEC_AES_Common(args, buf, sz, HSM_CIPHER_ONE_GO_ALGO_AES_CBC,
- (uint8_t*)buf[2].TheAddress, buf[2].Length,
- (uint8_t*)buf[3].TheAddress, buf[3].Length);
- }
- static hsm_err_t wc_SECO_AESCCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
- {
- hsm_err_t err;
- uint8_t* in;
- uint8_t* out;
- int inSz;
- int outSz;
- int dir;
- byte* cipherAndTag = NULL;
- int cipherAndTagSz = 0;
- if (buf[1].Length != 12) {
- WOLFSSL_MSG("SECO expecting nonce size of 12");
- return HSM_GENERAL_ERROR;
- }
- if (buf[4].Length != 16) {
- WOLFSSL_MSG("SECO expecting tag size of 16");
- return HSM_GENERAL_ERROR;
- }
- if (buf[5].Length != 0) {
- WOLFSSL_MSG("SECO expecting adata size of 0");
- return HSM_GENERAL_ERROR;
- }
- cipherAndTagSz = buf[4].Length + buf[2].Length;
- cipherAndTag = (byte*)XMALLOC(cipherAndTagSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- dir = args[0] & 0xFFFF; /* get if doing enc or dec */
- if (dir == CAAM_ENC) {
- in = (uint8_t*)buf[2].TheAddress;
- inSz = buf[2].Length;
- out = cipherAndTag;
- outSz = cipherAndTagSz;
- }
- else {
- XMEMCPY(cipherAndTag, (uint8_t*)buf[2].TheAddress, buf[2].Length);
- XMEMCPY(cipherAndTag + buf[2].Length, (uint8_t*)buf[4].TheAddress,
- buf[4].Length);
- in = cipherAndTag;
- inSz = cipherAndTagSz;
- out = (uint8_t*)buf[3].TheAddress;
- outSz = buf[3].Length;
- }
- err = wc_SEC_AES_Common(args, buf, sz, HSM_CIPHER_ONE_GO_ALGO_AES_CCM,
- in, inSz, out, outSz);
- if (err == HSM_NO_ERROR) {
- if (dir == CAAM_ENC) {
- XMEMCPY((uint8_t*)buf[4].TheAddress, cipherAndTag + inSz,
- buf[4].Length);
- XMEMCPY((uint8_t*)buf[3].TheAddress, cipherAndTag, buf[3].Length);
- }
- }
- XFREE(cipherAndTag, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return err;
- }
- static hsm_err_t wc_SECO_AESGCM(unsigned int args[4], CAAM_BUFFER* buf, int sz)
- {
- hsm_err_t err;
- hsm_hdl_t cipher_hdl;
- op_auth_enc_args_t auth_args;
- open_svc_cipher_args_t open_args;
- uint8_t* in;
- uint8_t* out;
- int inSz;
- int outSz;
- byte* cipherAndTag = NULL;
- int cipherAndTagSz = 0;
- int dir;
- dir = args[0] & 0xFFFF; /* extract direction enc/dec from input args */
- XMEMSET(&open_args, 0, sizeof(open_args));
- err = hsm_open_cipher_service(key_store_hdl, &open_args, &cipher_hdl);
- if (err == HSM_NO_ERROR) {
- cipherAndTagSz = buf[4].Length + buf[2].Length;
- cipherAndTag = (byte*)XMALLOC(cipherAndTagSz, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (dir == CAAM_ENC) {
- in = (uint8_t*)buf[2].TheAddress;
- inSz = buf[2].Length;
- out = cipherAndTag;
- outSz = cipherAndTagSz;
- }
- else {
- XMEMCPY(cipherAndTag, (uint8_t*)buf[2].TheAddress, buf[2].Length);
- XMEMCPY(cipherAndTag + buf[2].Length, (uint8_t*)buf[4].TheAddress,
- buf[4].Length);
- in = cipherAndTag;
- inSz = cipherAndTagSz;
- out = (uint8_t*)buf[3].TheAddress;
- outSz = buf[3].Length;
- }
- auth_args.key_identifier = args[3]; /* black key / HSM */
- auth_args.iv = (uint8_t*)buf[1].TheAddress;
- auth_args.iv_size = buf[1].Length;
- auth_args.input = in;
- auth_args.input_size = inSz;
- auth_args.output = out;
- auth_args.output_size = outSz;
- auth_args.aad = (uint8_t*)buf[5].TheAddress;
- auth_args.aad_size = buf[5].Length;
- if (dir == CAAM_DEC) {
- auth_args.flags = HSM_AUTH_ENC_FLAGS_DECRYPT;
- }
- else {
- auth_args.flags = HSM_AUTH_ENC_FLAGS_ENCRYPT;
- }
- auth_args.ae_algo = HSM_AUTH_ENC_ALGO_AES_GCM;
- #ifdef DEBUG_SECO
- printf("AES GCM Operation :\n");
- printf("\tkeyID : %u\n", auth_args.key_identifier);
- printf("\tinput : %p\n", auth_args.input);
- printf("\tinput sz : %d\n", auth_args.input_size);
- printf("\toutput : %p\n", auth_args.output);
- printf("\toutput sz : %d\n", auth_args.output_size);
- printf("\tiv : %p\n", auth_args.iv);
- printf("\tiv sz : %d\n", auth_args.iv_size);
- printf("\taad : %p\n", auth_args.aad);
- printf("\taad sz : %d\n", auth_args.aad_size);
- #endif
- err = hsm_auth_enc(cipher_hdl, &auth_args);
- /* always try to close cipher service if open */
- if (hsm_close_cipher_service(cipher_hdl) != HSM_NO_ERROR) {
- err = HSM_GENERAL_ERROR;
- }
- }
- if (err == HSM_NO_ERROR) {
- if (dir == CAAM_ENC) {
- XMEMCPY((uint8_t*)buf[4].TheAddress, cipherAndTag + inSz,
- buf[4].Length);
- XMEMCPY((uint8_t*)buf[3].TheAddress, cipherAndTag, buf[3].Length);
- }
- }
- XFREE(cipherAndTag, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- (void)sz;
- return HSM_NO_ERROR;
- }
- /* use KEK to encrypt and import a key
- * return 0 on failure and new key ID on success */
- word32 wc_SECO_WrapKey(word32 keyId, byte* in, word32 inSz, byte* iv,
- word32 ivSz, int keyType, int keyInfo, int group)
- {
- op_manage_key_args_t key_args;
- hsm_hdl_t key_mgmt_hdl;
- Aes aes;
- int ret = 0;
- word32 outId = 0;
- byte *wrappedKey = NULL;
- word32 wrappedKeySz;
- open_svc_key_management_args_t key_mgmt_args;
- hsm_err_t err;
- if (group > MAX_GROUP) {
- WOLFSSL_MSG("group number is too large");
- return 0;
- }
- if (ivSz != (word32)GCM_NONCE_MID_SZ) {
- WOLFSSL_MSG("expected an IV size of 12");
- return 0;
- }
- /* iv + key + tag */
- wrappedKeySz = GCM_NONCE_MID_SZ + inSz + AES_BLOCK_SIZE;
- wrappedKey = (byte*)XMALLOC(wrappedKeySz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (wrappedKey == NULL) {
- WOLFSSL_MSG("Error malloc'ing buffer for wrapped key");
- return 0;
- }
- XMEMSET(&key_mgmt_args, 0, sizeof(key_mgmt_args));
- err = hsm_open_key_management_service(
- key_store_hdl, &key_mgmt_args, &key_mgmt_hdl);
- XMEMSET(&key_args, 0, sizeof(key_args));
- XMEMSET(wrappedKey, 0, wrappedKeySz);
- XMEMCPY(wrappedKey, iv, ivSz);
- key_args.flags = HSM_OP_MANAGE_KEY_FLAGS_IMPORT_CREATE;
- if (keyId == 0) { /* use the root unique key if no ID is provided */
- byte KEK[AES_256_KEY_SIZE];
- byte KEKSz = AES_256_KEY_SIZE;
- ret = wc_SECO_ExportKEK(KEK, KEKSz, 0);
- if (ret != 0) {
- WOLFSSL_MSG("error with getting KEK from device");
- }
- if (ret == 0) {
- /* use software implementation for encrypting with KEK */
- ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
- }
- if (ret == 0) {
- ret = wc_AesGcmSetKey(&aes, KEK, KEKSz);
- if (ret != 0) {
- WOLFSSL_MSG("error with AES-GCM set key");
- }
- }
- key_args.flags |= HSM_OP_MANAGE_KEY_FLAGS_PART_UNIQUE_ROOT_KEK;
- #if 0
- /* for now only using the unique kek, this would be for common */
- key_args.flags |= HSM_OP_MANAGE_KEY_FLAGS_COMMON_ROOT_KEK;
- #endif
- }
- else {
- wc_AesInit(&aes, NULL, WOLFSSL_SECO_DEVID);
- wc_SECO_AesSetKeyID(&aes, keyId);
- }
- if (ret == 0) {
- ret = wc_AesGcmEncrypt(&aes, wrappedKey + ivSz, in, inSz,
- wrappedKey, ivSz, wrappedKey + ivSz + inSz, AES_BLOCK_SIZE,
- NULL, 0);
- if (ret != 0) {
- WOLFSSL_MSG("error with AES-GCM encrypt when wrapping key");
- }
- }
- if (err == HSM_NO_ERROR) {
- key_args.key_identifier = &outId;
- key_args.kek_identifier = keyId;
- key_args.key_group = group;
- key_args.key_type = KeyTypeToHSM(keyType);
- key_args.key_info = KeyInfoToHSM(keyInfo);
- key_args.input_data = wrappedKey;
- key_args.input_size = wrappedKeySz;
- #ifdef DEBUG_SECO
- {
- word32 i;
- printf("Import Key Operation :\n");
- printf("\tkey ID : %u\n", *key_args.key_identifier);
- printf("\tkEK ID : %u\n", key_args.kek_identifier);
- printf("\tflags : %u\n", key_args.flags);
- printf("\tgroup : %u\n", key_args.key_group);
- printf("\tkey type : %d\n", key_args.key_type);
- printf("\tkey info : %d\n", key_args.key_info);
- printf("\tkey input Size [iv | key | tag ]: %d\n", key_args.input_size);
- printf("\t[iv] = ");
- for (i = 0; i < 12; i++)
- printf("%02X", key_args.input_data[i]);
- printf("\n");
- printf("\t[enc] = ");
- for (i = 12; i < 12 + inSz; i++)
- printf("%02X", key_args.input_data[i]);
- printf("\n");
- printf("\t[tag] = ");
- for (i = 12 + inSz; i < 12 + inSz + 16; i++)
- printf("%02X", key_args.input_data[i]);
- printf("\n");
- }
- #endif
- /* only try to import if the AES-GCM encrypt was successful */
- if (ret == 0) {
- err = hsm_manage_key(key_mgmt_hdl, &key_args);
- }
- #ifdef DEBUG_SECO
- if (err == HSM_NO_ERROR) {
- printf("Result of Import Key Operation :\n");
- printf("\tkey ID : %u\n", *key_args.key_identifier);
- }
- #endif
- /* always try to close key management if open */
- if (hsm_close_key_management_service(key_mgmt_hdl) != HSM_NO_ERROR) {
- err = HSM_GENERAL_ERROR;
- }
- }
- if (wrappedKey != NULL) {
- XFREE(wrappedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (wc_TranslateHSMError(0, err) != Success) {
- return 0;
- }
- else {
- return *key_args.key_identifier;
- }
- }
- /* trasnlates the HSM error to wolfSSL error and does debug print out */
- int wc_TranslateHSMError(int current, hsm_err_t err)
- {
- int ret = -1;
- switch (err) {
- case HSM_NO_ERROR:
- ret = Success;
- break;
- case HSM_INVALID_MESSAGE:
- WOLFSSL_MSG("SECO HSM: Invalid/unknown msg");
- break;
- case HSM_INVALID_ADDRESS:
- WOLFSSL_MSG("SECO HSM: Invalid address");
- break;
- case HSM_UNKNOWN_ID:
- WOLFSSL_MSG("SECO HSM: unknown ID");
- break;
- case HSM_INVALID_PARAM:
- WOLFSSL_MSG("SECO HSM: invalid param");
- break;
- case HSM_NVM_ERROR:
- WOLFSSL_MSG("SECO HSM: generic nvm error");
- break;
- case HSM_OUT_OF_MEMORY:
- WOLFSSL_MSG("SECO HSM: out of memory");
- break;
- case HSM_UNKNOWN_HANDLE:
- WOLFSSL_MSG("SECO HSM: unknown handle");
- break;
- case HSM_UNKNOWN_KEY_STORE:
- WOLFSSL_MSG("SECO HSM: unknown key store");
- break;
- case HSM_KEY_STORE_AUTH:
- WOLFSSL_MSG("SECO HSM: key store auth error");
- break;
- case HSM_KEY_STORE_ERROR:
- WOLFSSL_MSG("SECO HSM: key store error");
- break;
- case HSM_ID_CONFLICT:
- WOLFSSL_MSG("SECO HSM: id conflict");
- break;
- case HSM_RNG_NOT_STARTED:
- WOLFSSL_MSG("SECO HSM: RNG not started");
- break;
- case HSM_CMD_NOT_SUPPORTED:
- WOLFSSL_MSG("SECO HSM: CMD not support");
- break;
- case HSM_INVALID_LIFECYCLE:
- WOLFSSL_MSG("SECO HSM: invalid lifecycle");
- break;
- case HSM_KEY_STORE_CONFLICT:
- WOLFSSL_MSG("SECO HSM: store conflict");
- break;
- case HSM_KEY_STORE_COUNTER:
- WOLFSSL_MSG("SECO HSM: key store counter error");
- break;
- case HSM_FEATURE_NOT_SUPPORTED:
- WOLFSSL_MSG("SECO HSM: feature not supported");
- break;
- case HSM_SELF_TEST_FAILURE:
- WOLFSSL_MSG("SECO HSM: self test failure");
- break;
- case HSM_NOT_READY_RATING:
- WOLFSSL_MSG("SECO HSM: not ready");
- break;
- case HSM_FEATURE_DISABLED:
- WOLFSSL_MSG("SECO HSM: feature is disabled error");
- break;
- case HSM_GENERAL_ERROR:
- WOLFSSL_MSG("SECO HSM: general error found");
- break;
- default:
- WOLFSSL_MSG("SECO HSM: unknown error value found");
- }
- if (current != 0) {
- WOLFSSL_MSG("In an error state before SECO HSM error");
- ret = current;
- }
- return ret;
- }
- /* Do a synchronous operations and block till done
- * returns Success on success */
- int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf,
- int sz)
- {
- int ret = 0;
- hsm_err_t err = HSM_NO_ERROR;
- CAAM_ADDRESS pubkey, privkey;
- switch (type) {
- case CAAM_ENTROPY:
- err = wc_SECO_RNG(args, buf, sz);
- break;
- case CAAM_SHA224:
- case CAAM_SHA256:
- case CAAM_SHA384:
- case CAAM_SHA512:
- err = wc_SECO_Hash(args, buf, sz, type);
- break;
- case CAAM_GET_PART:
- case CAAM_FREE_PART:
- case CAAM_FIND_PART:
- case CAAM_READ_PART:
- case CAAM_WRITE_PART:
- break;
- case CAAM_ECDSA_KEYPAIR:
- err = wc_SECO_ECDSA_Make(args, buf, sz);
- break;
- case CAAM_ECDSA_VERIFY:
- err = wc_SECO_ECDSA_Verify(args, buf, sz);
- break;
- case CAAM_ECDSA_SIGN:
- err = wc_SECO_ECDSA_Sign(args, buf, sz);
- break;
- case CAAM_ECDSA_ECDH:
- break;
- case CAAM_BLOB_ENCAP:
- case CAAM_BLOB_DECAP:
- break;
- case CAAM_AESECB:
- err = wc_SECO_AESECB(args, buf, sz);
- break;
- case CAAM_AESCBC:
- err = wc_SECO_AESCBC(args, buf, sz);
- break;
- case CAAM_AESCCM:
- err = wc_SECO_AESCCM(args, buf, sz);
- break;
- case CAAM_AESGCM:
- err = wc_SECO_AESGCM(args, buf, sz);
- break;
- case CAAM_CMAC:
- err = wc_SECO_CMAC(args, buf, sz);
- break;
- case CAAM_FIFO_S:
- default:
- WOLFSSL_MSG("Unknown/unsupported type");
- ret = -1;
- }
- (void)pubkey;
- (void)privkey;
- (void)sz;
- return wc_TranslateHSMError(ret, err);
- }
- #endif /* WOLFSSL_SECO_CAAM */
|