WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

add seco examples

pull/301/head
JacobBarthelmeh 2022-01-06 22:09:11 +00:00
parent 48b7d5af0c
commit 8b8e61d35d
8 changed files with 845 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
caam/seco/Makefile 100644
View File

@ -0,0 +1,24 @@
# SECO Examples Makefile
WOLFSSL_PATH ?= /usr/local
DEVCRYPTO_PATH ?= /usr
ZLIB_PATH ?= /usr
CFLAGS = -O -Wall -I$(WOLFSSL_PATH)/include -I$(SECO_PATH)/include -I$(DEVCRYPTO_PATH)/include
LIBS = -L$(WOLFSSL_PATH)/lib -L$(ZLIB_PATH)/lib -lm -lz -lpthread
# option variables
DYN_LIB = -lwolfssl
STATIC_LIB = $(WOLFSSL_PATH)/lib/libwolfssl.a
# build targets
SRC=$(wildcard *.c)
TARGETS=$(patsubst %.c, %, $(SRC))
.PHONY: clean all
all: $(TARGETS)
# build template
%: %.c
$(CC) -o $@ $< $(CFLAGS) $(LIBS) $(STATIC_LIB) $(SECO_PATH)/lib/hsm_lib.a $(SECO_PATH)/lib/seco_nvm_manager.a
clean:
rm -f $(TARGETS)

10
caam/seco/README.md 100644
View File

@ -0,0 +1,10 @@
Example use cases when compiling wolfSSL with --enable-caam=seco
## Setup Envirnment
Setup the location to SECO HSM and NVM library, cryptodev header (if wolfSSL is built to look for it), wolfSSL library path, and libz install path. The following is examples of setting the envirnment variables:
export SECO_PATH=/home/user/imx-seco-libs/export/usr
export DEVCRYPTO_PATH=/home/user/build-xwayland/sysroots-components/aarch64/cryptodev-linux/usr
export WOLFSSL_PATH=/home/user/wolfssl-install
export ZLIB_PATH=/home/user/zlib-aarch64-install

134
caam/seco/aes-cbc.c 100644
View File

@ -0,0 +1,134 @@
/* aes-cbc.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#define MAX_UPDATES 100
static unsigned int createAesKey()
{
int keyGroup = 1; /* group one was chosen arbitrarily */
unsigned int keyIdOut;
int keyInfo = CAAM_KEY_PERSISTENT;
int keyType = CAAM_KEYTYPE_AES128;
byte pubOut[32];
/* generate a CMAC key in the HSM */
if (wc_SECO_GenerateKey(CAAM_GENERATE_KEY, keyGroup, pubOut, 0, keyType,
keyInfo, &keyIdOut) != 0) {
printf("Error generating key in hsm\n");
return -1;
}
return keyIdOut;
}
static int doCcb(unsigned int keyId, const byte* in, int inSz, const byte* iv,
int ivSz)
{
Aes aes;
byte out[AES_BLOCK_SIZE*2];
byte cipherTxt[AES_BLOCK_SIZE*2];
int i;
XMEMSET(cipherTxt, 0, sizeof(cipherTxt));
wc_AesInit(&aes, NULL, WOLFSSL_CAAM_DEVID);
wc_AesSetIV(&aes, iv);
wc_SECO_AesSetKeyID(&aes, keyId);
printf("in = %p\n", in);
printf("out = %p\n", out);
printf("cipherTxt = %p\n", cipherTxt);
printf("Encrypting : ");
for (i = 0; i < inSz; i++)
printf("%02X", in[i]);
printf("\n");
if (wc_AesCbcEncrypt(&aes, cipherTxt, in, inSz) != 0) {
printf("Issue with ccb encrypt\n");
}
printf("Cipher text: ");
for (i = 0; i < inSz; i++)
printf("%02X", cipherTxt[i]);
printf("\n");
wc_AesCbcDecrypt(&aes, out, cipherTxt, inSz);
printf("Decrypted : ");
for (i = 0; i < inSz; i++)
printf("%02X", out[i]);
printf("\n");
wc_AesFree(&aes);
return 0;
}
int main(int argc, char** argv)
{
word32 nonce = 0x1111;
int create = 0;
unsigned int keyId;
unsigned int keyStoreId;
const byte in[] = "test message to encrypt";
const byte iv[] = {0,1,2,3,4,5,6,7,8,9,10,11,12};
if (argc == 4) {
if (XSTRNCMP(argv[1], "1", 1) == 0) {
create = CAAM_KEYSTORE_CREATE;
}
keyId = (unsigned int)XATOI(argv[2]);
keyStoreId = (unsigned int)XATOI(argv[3]);
}
else {
printf("USAGE: %s <1/0 create> <keyid (0 if create)> <key store id>\n",
argv[0]);
return -1;
}
wolfSSL_Debugging_ON();
if (wolfCrypt_Init() != 0) {
printf("Could not initialize wolfSSL library!\n");
return -1;
}
if (wc_SECO_OpenHSM(keyStoreId, nonce, MAX_UPDATES, create) != 0) {
printf("unable to open HSM\n");
wolfCrypt_Cleanup();
return -1;
}
if (create) {
keyId = createAesKey();
}
printf("Key ID: %u\n", keyId);
doCcb(keyId, in, AES_BLOCK_SIZE, iv, sizeof(iv));
wc_SECO_CloseHSM();
wolfCrypt_Cleanup();
return 0;
}

145
caam/seco/aes-gcm.c 100644
View File

@ -0,0 +1,145 @@
/* aes-gcm.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#define MAX_UPDATES 100
static unsigned int createAesKey()
{
int keyGroup = 1; /* group one was chosen arbitrarily */
unsigned int keyIdOut;
int keyInfo = CAAM_KEY_TRANSIENT;
int keyType = CAAM_KEYTYPE_AES128;
byte pubOut[AES_256_KEY_SIZE];
/* generate a CMAC key in the HSM */
if (wc_SECO_GenerateKey(CAAM_GENERATE_KEY, keyGroup, pubOut, 0, keyType,
keyInfo, &keyIdOut) != 0) {
printf("Error generating key in hsm\n");
return -1;
}
return keyIdOut;
}
static int doGcm(unsigned int keyId, const byte* in, int inSz,
const byte* nonce, const byte* aad, int aadSz)
{
Aes aes;
byte out[AES_BLOCK_SIZE*2];
byte cipherTxt[AES_BLOCK_SIZE*2];
byte authTag[AES_BLOCK_SIZE];
int i;
XMEMSET(authTag, 0, AES_BLOCK_SIZE);
XMEMSET(cipherTxt, 0, sizeof(cipherTxt));
wc_AesInit(&aes, NULL, WOLFSSL_SECO_DEVID);
wc_SECO_AesSetKeyID(&aes, keyId);
printf("Encrypting : ");
for (i = 0; i < inSz; i++)
printf("%02X", in[i]);
printf("\n");
if (wc_AesGcmEncrypt(&aes, cipherTxt, in, inSz, nonce, GCM_NONCE_MID_SZ,
authTag, AES_BLOCK_SIZE, aad, aadSz) != 0) {
printf("Issue with ccm encrypt\n");
}
printf("Cipher text: ");
for (i = 0; i < inSz; i++)
printf("%02X", cipherTxt[i]);
printf("\n");
printf("Tag : ");
for (i = 0; i < AES_BLOCK_SIZE; i++)
printf("%02X", authTag[i]);
printf("\n");
if (wc_AesGcmDecrypt(&aes, out, cipherTxt, inSz, nonce, GCM_NONCE_MID_SZ,
authTag, AES_BLOCK_SIZE, aad, aadSz) != 0) {
printf("Issue with ccm decrypt\n");
}
printf("Decrypted : ");
for (i = 0; i < inSz; i++)
printf("%02X", out[i]);
printf("\n");
wc_AesFree(&aes);
return 0;
}
int main(int argc, char** argv)
{
word32 nonce = 0x1111;
int create = 0;
unsigned int keyId;
unsigned int keyStoreId;
const byte in[] = "test message to encrypt";
int inSz;
const byte n[] = {1,2,3,4,5,6,7,8,9,10,11,12};
const byte aad[] = {1,2,3,4};
inSz = (int)XSTRLEN((const char*)in);
if (argc == 4) {
if (XSTRNCMP(argv[1], "1", 1) == 0) {
create = CAAM_KEYSTORE_CREATE;
}
keyId = (unsigned int)XATOI(argv[2]);
keyStoreId = (unsigned int)XATOI(argv[3]);
}
else {
printf("USAGE: %s <1/0 create> <keyid (0 if create)> <key store id>\n",
argv[0]);
return -1;
}
wolfSSL_Debugging_ON();
if (wolfCrypt_Init() != 0) {
printf("Could not initialize wolfSSL library!\n");
return -1;
}
if (wc_SECO_OpenHSM(keyStoreId, nonce, MAX_UPDATES, create) != 0) {
printf("unable to open HSM\n");
wolfCrypt_Cleanup();
return -1;
}
if (create == CAAM_KEYSTORE_CREATE) {
keyId = createAesKey();
}
printf("Key ID: %u\n", keyId);
doGcm(keyId, in, inSz, n, aad, sizeof(aad));
wc_SECO_CloseHSM();
wolfCrypt_Cleanup();
return 0;
}

120
caam/seco/cmac.c 100644
View File

@ -0,0 +1,120 @@
/* cmac.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h>
#define MAX_UPDATES 100
static int doCmac(unsigned int keyId, int create, const byte* in, int inSz,
byte* out, word32* outSz)
{
Cmac cmac;
int keyGroup = 1; /* group one was chosen arbitrarily */
unsigned int keyIdOut;
int keyInfo = CAAM_KEY_TRANSIENT;
int keyType = CAAM_KEYTYPE_AES128;
byte pubKey[32];
if (create) {
/* generate a CMAC key in the HSM */
if (wc_SECO_GenerateKey(CAAM_GENERATE_KEY, keyGroup, pubKey, 0, keyType,
keyInfo, &keyIdOut) != 0) {
printf("Error generating key in hsm\n");
return -1;
}
}
else {
keyIdOut = keyId;
}
printf("Using key ID %u\n", keyIdOut);
wc_InitCmac_ex(&cmac, NULL, 0, WC_CMAC_AES, NULL, NULL, WOLFSSL_SECO_DEVID);
wc_SECO_CMACSetKeyID(&cmac, keyIdOut);
if (wc_CmacUpdate(&cmac, in, inSz) != 0) {
printf("CMAC update failed\n");
}
else {
if (wc_CmacFinal(&cmac, out, outSz) != 0) {
printf("CMAC final failed\n");
}
}
return 0;
}
int main(int argc, char** argv)
{
word32 nonce = 0x101;
int create = 0;
unsigned int keyId;
unsigned int keyStoreId;
const byte in[] = "test message to mac";
int inSz;
byte out[AES_BLOCK_SIZE];
word32 outSz = AES_BLOCK_SIZE, i;
inSz = (int)XSTRLEN(in);
outSz = (word32)sizeof(out);
if (argc == 4) {
if (XSTRNCMP(argv[1], "1", 1) == 0) {
create = CAAM_KEYSTORE_CREATE;
}
keyId = (unsigned int)XATOI(argv[2]);
keyStoreId = (unsigned int)XATOI(argv[3]);
}
else {
printf("USAGE: %s <1/0 create> <keyid (0 if create)> <key store id>\n",
argv[0]);
return -1;
}
wolfSSL_Debugging_ON();
if (wolfCrypt_Init() != 0) {
printf("Could not initialize wolfSSL library!\n");
return -1;
}
if (create) {
printf("Creating key store\n");
}
if (wc_SECO_OpenHSM(keyStoreId, nonce, MAX_UPDATES, create) != 0) {
printf("unable to open HSM\n");
wolfCrypt_Cleanup();
return -1;
}
doCmac(keyId, create, in, inSz, out, &outSz);
printf("mac : ");
for (i = 0; i < outSz; i++)
printf("%02X", out[i]);
printf("\n");
wc_SECO_CloseHSM();
wolfCrypt_Cleanup();
return 0;
}

202
caam/seco/ecc-sign-verify.c 100644
View File

@ -0,0 +1,202 @@
/* ecc-sign-verify.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/hash.h>
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#include <stdio.h>
#define MAX_UPDATES 100
#define ECC_P256_KEYSIZE 32
static int createHardwareEccKey(ecc_key* key)
{
WC_RNG rng;
int ret;
ret = wc_InitRng(&rng);
if (ret != 0) {
printf("Error with RNG init\n");
}
if (ret == 0) {
ret = wc_ecc_init_ex(key, NULL, WOLFSSL_SECO_DEVID);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, ECC_P256_KEYSIZE, key);
if (ret != 0) {
printf("error %d making hardware key\n", ret);
}
}
wc_FreeRng(&rng);
return ret;
}
/* create signature, return 0 on success */
static int createSignature(ecc_key* key, byte* sigOut, word32* sigOutSz,
byte* msg, word32 msgSz)
{
int ret;
byte digest[WC_SHA256_DIGEST_SIZE];
byte digestSz = WC_SHA256_DIGEST_SIZE;
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0)
ret = wc_Hash(WC_HASH_TYPE_SHA256, msg, msgSz, digest, digestSz);
if (ret == 0)
ret = wc_ecc_sign_hash(digest, digestSz, sigOut, sigOutSz, &rng, key);
wc_FreeRng(&rng);
return ret;
}
static int exportPubKey(ecc_key* from, ecc_key* to, int devId)
{
int ret;
byte pub[1024];
word32 pubSz = 1024;
wc_ecc_init_ex(to, NULL, devId);
ret = wc_ecc_export_x963(from, pub, &pubSz);
if (ret == 0) {
ret = wc_ecc_import_x963(pub, pubSz, to);
if (ret != 0) {
printf("issue %d importing public key\n", ret);
}
}
else {
printf("issue %d exporting public key\n", ret);
}
return ret;
}
static int verifySignature(ecc_key* key, byte* sig, word32 sigSz,
byte* msg, word32 msgSz)
{
int ret;
byte digest[WC_SHA256_DIGEST_SIZE];
byte digestSz = WC_SHA256_DIGEST_SIZE;
int res = 0;
ret = wc_Hash(WC_HASH_TYPE_SHA256, msg, msgSz, digest, digestSz);
if (ret == 0)
ret = wc_ecc_verify_hash(sig, sigSz, digest, digestSz, &res, key);
if (ret == 0 && res == 1) {
printf("verify successful\n");
}
else {
printf("verify failed\n");
}
return ret;
}
int main(int argc, char** argv)
{
ecc_key softKey, hardKey;
byte sig[1024];
byte msg[] = "Test signing and verifying";
word32 msgSz;
word32 sigSz = 1024, i;
word32 nonce = 0x1111;
int create = 0;
int ret;
unsigned int keyId;
unsigned int keyStoreId;
msgSz = (word32)XSTRLEN((char*)msg);
if (argc == 4) {
if (XSTRNCMP(argv[1], "1", 1) == 0) {
create = CAAM_KEYSTORE_CREATE;
}
keyId = (unsigned int)XATOI(argv[2]);
keyStoreId = (unsigned int)XATOI(argv[3]);
}
else {
printf("USAGE: %s <1/0 create> <keyid (0 if create)> <key store id>\n",
argv[0]);
return -1;
}
wolfSSL_Debugging_ON();
if (wolfCrypt_Init() != 0) {
printf("Could not initialize wolfSSL library!\n");
return -1;
}
if (wc_SECO_OpenHSM(keyStoreId, nonce, MAX_UPDATES, create) != 0) {
printf("unable to open HSM\n");
wolfCrypt_Cleanup();
return -1;
}
XMEMSET(sig, 0, sigSz);
ret = createHardwareEccKey(&hardKey);
if (ret == 0)
ret = createSignature(&hardKey, sig, &sigSz, msg, msgSz);
if (ret == 0) {
printf("signature created from hardware key:\n\t");
for (i = 0; i < sigSz; i++)
printf("%02X", sig[i]);
printf("\n");
exportPubKey(&hardKey, &softKey, INVALID_DEVID);
}
if (ret == 0)
ret = verifySignature(&softKey, sig, sigSz, msg, msgSz);
if (ret == 0) {
printf("\nverify signature using HSM key\n");
ret = verifySignature(&hardKey, sig, sigSz, msg, msgSz);
}
if (ret == 0) {
printf("\nalter the signature and confirm verification fails\n");
sig[4] = !sig[4];
verifySignature(&softKey, sig, sigSz, msg, msgSz);
}
wc_ecc_free(&softKey);
wc_ecc_free(&hardKey);
if (wc_SECO_CloseHSM() != 0) {
printf("Error closing down the key store\n");
}
wolfCrypt_Cleanup();
(void)keyId;
return 0;
}

47
caam/seco/export_kek.c 100644
View File

@ -0,0 +1,47 @@
/* export_kek.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
int main(int argc, char** argv)
{
byte kek[32];
byte kekSz = 32, i;
wolfSSL_Debugging_ON();
if (wolfCrypt_Init() != 0) {
printf("Could not initialize wolfSSL library!\n");
return -1;
}
XMEMSET(kek, 0, kekSz);
wc_SECO_ExportKEK(kek, kekSz, 0);
printf("exported : ");
for (i = 0; i < kekSz; i++)
printf("%02X", kek[i]);
printf("\n");
wolfCrypt_Cleanup();
return 0;
}

163
caam/seco/import-key.c 100644
View File

@ -0,0 +1,163 @@
/* import-key.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#define MAX_UPDATES 100
static unsigned int ImportAesKey(const byte* key, int keySz)
{
int keyGroup = 1; /* group one was chosen arbitrarily */
unsigned int keyIdOut;
byte iv[] = {1,2,3,4,5,6,7,8,9,10,11,12};
int ivSz = 12;
/* generate a CMAC key in the HSM */
keyIdOut = wc_SECO_WrapKey(0, (byte*)key, keySz, iv, ivSz,
CAAM_KEYTYPE_AES128, CAAM_KEY_TRANSIENT, keyGroup);
return keyIdOut;
}
/* known answer test from wolfcrypt/test/test.c */
int TestAesCbc(Aes* enc, Aes* dec)
{
int i;
int ret = 0;
const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
{
0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
};
const byte iv[] = "1234567890abcdef "; /* align */
byte cipher[AES_BLOCK_SIZE * 4];
byte plain[AES_BLOCK_SIZE * 4];
if (enc == NULL || dec == NULL) {
printf("null argument\n");
return -1;
}
XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
ret = wc_AesSetIV(enc, iv);
if (ret != 0) {
printf("Aes CBC set iv failed with ret = %d\n", ret);
return ret;
}
ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
if (ret != 0) {
printf("Aes CBC encrypt failed with ret = %d\n", ret);
return ret;
}
printf("cipher :");
for (i = 0; i < AES_BLOCK_SIZE; i++)
printf("%02X", cipher[i]);
printf("\n");
XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
ret = wc_AesSetIV(dec, iv);
if (ret != 0) {
printf("Aes CBC set iv failed with ret = %d\n", ret);
return ret;
}
ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
if (ret != 0) {
printf("Aes CBC decrypt failed with ret = %d\n", ret);
return ret;
}
printf("decrypted :");
for (i = 0; i < AES_BLOCK_SIZE; i++)
printf("%02X", plain[i]);
printf("\n");
if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) {
printf("bad decryption found plain != msg\n");
ret = -1;
}
if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) {
printf("bad encrypt found cipher != verify\n");
ret = -1;
}
return ret;
}
int main(int argc, char** argv)
{
Aes enc, dec;
word32 nonce = 0x00001111;
unsigned int keyId;
unsigned int keyStoreId;
const byte key[] = "0123456789abcdef "; /* align */
if (argc == 2) {
keyStoreId = (unsigned int)XATOI(argv[1]);
}
else {
printf("USAGE: %s <key store id>\n", argv[0]);
return -1;
}
wolfSSL_Debugging_ON();
if (wolfCrypt_Init() != 0) {
printf("Could not initialize wolfSSL library!\n");
return -1;
}
if (wc_SECO_OpenHSM(keyStoreId, nonce, MAX_UPDATES, CAAM_KEYSTORE_CREATE)
!= 0) {
printf("unable to open HSM\n");
wolfCrypt_Cleanup();
return -1;
}
keyId = ImportAesKey(key, 16);
printf("Key ID: %u\n", keyId);
wc_AesInit(&enc, NULL, WOLFSSL_SECO_DEVID);
wc_SECO_AesSetKeyID(&enc, keyId);
wc_AesInit(&dec, NULL, WOLFSSL_SECO_DEVID);
wc_SECO_AesSetKeyID(&dec, keyId);
TestAesCbc(&enc, &dec);
wc_SECO_CloseHSM();
wolfCrypt_Cleanup();
return 0;
}