Hello,
We are trying to test AES encrypt and decrypt function with the HW of HSE on RDB3 board. We tried PKCS11-tool and Opnessl , none worked. Could you please help have a check?
~/pkcs11-tool\
> --module /usr/lib/libpkcs-hse.so.1\
> --encrypt\
> --mechanism AES-CBC\
> --id 000101 \
> --iv 0123456789abcdef0123456789abcdef\
> --input-file file1.txt\
> --output-file file1_pkcs11.dat
libhse: initialized, firmware status 0x6b20
Using slot 0 with a present token (0x0)
Using encrypt algorithm AES-CBC
libhse: service response 0xA5AA5317 on channel 5
libhse: read reply failed on channel 5
libhse: closed
error: PKCS11 function C_EncryptUpdate failed: rv = CKR_FUNCTION_FAILED (0x6)
Aborting.
2. OPENSSL
2.1 With -K parameter, key is provided directly. One failure reported and one blank file created. The log as below:
openssl enc -engine pkcs11 -aes-128-cbc -in file1.txt -out file1_HWenc.dat -iv 0123456789ABCDEF0123456789ABCDEF -K 0123456789ABCDEF0123456789ABCDEF -debug
Engine "pkcs11" set.
ctx_load_object returned NULL
BIO[0x55ad1bd370]: ctrl(6) - cipher
BIO[0x55ad1bd2a0]: ctrl(6) - FILE pointer
BIO[0x55ad1bd2a0]: ctrl return 0
BIO[0x55ad1bd370]: ctrl return 0
BIO[0x55ad1bd030]: ctrl(10) - FILE pointer
BIO[0x55ad1bd030]: ctrl return 0
BIO[0x55ad1bd030]: ctrl(2) - FILE pointer
BIO[0x55ad1bd030]: ctrl return 0
BIO[0x55ad1bd030]: read(0,8192) - FILE pointer
BIO[0x55ad1bd030]: read return 1 processed: 367
BIO[0x55ad1bd370]: write(0,367) - cipher
BIO[0x55ad1bd370]: write return 0 processed: 0
error writing output file
BIO[0x55ad1bd030]: Free - FILE pointer
BIO[0x55ad1bd2a0]: Free - FILE pointer
BIO[0x55ad1bd370]: Free - cipher
2.2 When we try to load key from HW, we cannot find a right parameter to use. -inkey/-key/-keyform are not supported on "openssl enc"
Many thanks.
Hi,
We assume that you are trying to implement this under Linux, is this correct?
If so, can you let us know which BSP version are you using?
Please, let us know.
Hi,
Thanks for your feedback.
All information on regards of HSE/Crypto usage under BSP40 are provided under the BSP40 User Manual for S32G3 platform.
Aside from that, we are not seeing much information on regards of PCKS11 and openssl usage, since we understand is not supported directly by NXP. For that, we can recommend contacting the related support team.
We do apologize.
Please, let us know.