FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

AES Encryption/Decryption using imx-secure-enclave library

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

AES Encryption/Decryption using imx-secure-enclave library

Jump to solution
2 weeks ago
465 Views
JohnKlug
Senior Contributor I

I am trying to use something like hsm_do_cipher or hsm_cipher_one_go to encrypt with AES 256 a small amount of data (32 bytes).

When I tried hsm_do_cipher I get an error that the handle is bad.  If I use hsm_cipher_one_go I get a bad parameter error.

I tried to use this code to create my test:

https://github.com/nxp-imx/imx-secure-enclave/blob/1130c8bb820881ad037ba3f060e7fa70635fae3c/test/hsm...

I get this error from hsm_cipher_one_go:

SAB Error: SAB CMD [0x62] Resp [0x429] - MU sanity check failed / Invalid parameters.

aesencrypt: aesencrypt.c:164: hsm_do_cipher failed, err=0x4

 

Is there a way to determine what is wrong with my parameters?  I see no errors when I create my key in a separate program.  Files are created under /etc/ele.
Here is my code setting up the cipher_args:

    memset(&cipher_args,0,sizeof cipher_args);
    cipher_args.key_identifier = KEYID;
    cipher_args.iv = SM2_IDENTIFIER;
    cipher_args.iv_size = sizeof(SM2_IDENTIFIER);
    cipher_args.flags = HSM_CIPHER_ONE_GO_FLAGS_ENCRYPT;
    cipher_args.cipher_algo = HSM_CIPHER_ONE_GO_ALGO_ECB;
    cipher_args.input = sp;
    cipher_args.input_size = slength;
    cipher_args.output = od;
    cipher_args.output_size = slength;



Labels (1)
Labels
aeskeygen.c
Preview file
5 KB
aesencrypt.c
Preview file
6 KB
aesencrypt-log.txt
Preview file
1 KB
aeskeygen-log.txt
Preview file
1 KB
0 Kudos
Reply
1 Solution

Jump to solution
2 weeks ago
416 Views
JohnKlug
Senior Contributor I
I found code that I could use:

https://github.com/nxp-imx/imx-secure-enclave/blob/1130c8bb820881ad037ba3f060e7fa70635fae3c/test/com...

I found that 8 bytes of input data will cause the function hsm_do_hash() to fail with an invalid argument message. 16 bytes does work.

It would be nice if key_identifier requirements were spelled out, iv_size does not have limits, neither does input_size.

View solution in original post

0 Kudos
Reply
3 Replies

Jump to solution
2 weeks ago
435 Views
JohnKlug
Senior Contributor I
I see that the test I copied has this at the start:

f (se_get_soc_id() == SOC_IMX95)
do_cipher_stream_opaquekey_test(key_store_hdl, key_mgmt_hdl);

So this probably prevents this test from running on the i.MX91. So why is the filter on imx95 present? Can you use the keystore with AES encryption on an i.MX91? Is there an example anywhere?
0 Kudos
Reply

Jump to solution
2 weeks ago
432 Views
JohnKlug
Senior Contributor I
It should be:
if (se_get_soc_id() == SOC_IMX95)

Here is the code that skips what I want to do on an i.MX91:
https://github.com/nxp-imx/imx-secure-enclave/blob/1130c8bb820881ad037ba3f060e7fa70635fae3c/test/com...
0 Kudos
Reply

Jump to solution
2 weeks ago
417 Views
JohnKlug
Senior Contributor I
I found code that I could use:

https://github.com/nxp-imx/imx-secure-enclave/blob/1130c8bb820881ad037ba3f060e7fa70635fae3c/test/com...

I found that 8 bytes of input data will cause the function hsm_do_hash() to fail with an invalid argument message. 16 bytes does work.

It would be nice if key_identifier requirements were spelled out, iv_size does not have limits, neither does input_size.
0 Kudos
Reply