ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

CAAM secure (tagged) keys with openssl

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

CAAM secure (tagged) keys with openssl

‎09-16-2021 04:05 AM
3,524件の閲覧回数
tmayr
Contributor I

Hello,

we set up an iMX6 board with secure boot and CAAM support enabled, and also configured file-system encryption using CAAM and secure keys (tagged keys).

Now we'd like to use tagged keys with openssl (AES) as well. We managed to configure CAAM as engine for openssl, using cryptodev. However, only non-tagged-key algorithms (e.g. aes-256-cbc) are available in openssl.

How can we tell openssl about the tagged key algorithms?
I found this document about how to use black keys with openssl for asymmetric crypto operations, but has anything similar already been done for AES (e.g. aes-256-cbc-tk)?

Thanks,
Tobias

0 件の賞賛
返信
6 返答(返信)

‎11-15-2022 05:11 AM
2,273件の閲覧回数
Fabien_M
Contributor I

Hello @igorpadykov ,
I would also like to use AES openssl with black keys.

May I also get the procedure and patch please ?

Note : I use 5.15.52 BSP on iMX8mp.

Best regards,
Fabien

0 件の賞賛
返信

‎10-18-2021 10:12 PM
3,385件の閲覧回数
igorpadykov
NXP Employee
NXP Employee

Hi Tobias

 

from team:

----------------------

Please tell me your BSP version. I think this need to be done by adding some custom code to link the tagged key transform. It can't be selected autonomously. Please share test code or patch to reproduce on our side.

----------------------

Best regards
igor

0 件の賞賛
返信

‎10-20-2021 01:26 AM
3,368件の閲覧回数
tmayr
Contributor I

Hi Igor,

This is the BSP we are using: https://github.com/varigit/variscite-bsp-platform/tree/dunfell

I'm not sure what the team means by "code or patch to reproduce on our side", but I would like to do something like

openssl enc -e -engine cryptodev -in plainfile -out cryptofile aes-256-cbc-tk -K blackkey

to encrypt a plainfile using the provided blackkey (note the -tk in the cipher, which obviously openssl doesn't know about), through the CAAM (e.g. with cryptodev).

This doesn't work out of the box, and it would be cool to know what's missing.

Tobias

0 件の賞賛
返信

‎11-16-2021 02:40 AM
3,251件の閲覧回数
igorpadykov
NXP Employee
NXP Employee

procedure and verification patch were sent via mail.

-----------------------

Best regards
igor

0 件の賞賛
返信

‎08-30-2024 05:05 AM
348件の閲覧回数
jborregos
Contributor I

Can i get the path for the -tk solution?

Thanks!!!

0 件の賞賛
返信

‎02-14-2023 08:31 AM
2,082件の閲覧回数
ahightower
Contributor I

Has this been mainlined in the past year?  What was the resolution of this?

0 件の賞賛
返信