TriCore HSM general communication

855 Views Asked by At

I'm new in HSM and I don't find any Information about detail communication. How does the communication between HSM and Host application work? I know there are some Driver but I want to understand the part of decryption and encryption by key. How can the application encrypt Messages? How it knows the specific Key?

Thank you for support.

Cheers, Horst

2

There are 2 best solutions below

3
On

There will be a low level protocol, which will be something like */IP (TCP or UDP), when the HSM is in an appliance form-factor, or a PCIe driver when it is a PCIe card, or a USB driver when it is a USB form-factor.

Layered on top of that will be the HSMs own communications protocol. This is the "comms" protocol, not the crypto system.

On top of the comms protocol, will be a crypto system. Standards-based crypto systems are like PKCS#11 or CAPI/CSP/CNG or JCE. The HSM will probably have its own native crypto system also, and in most cases the standards-based crypto system is simply a bridge to the proprietary system.

So, how the HSM prepares a key for use, and how your application uses the key is entirely up to the HSM, and your application.

In general, your application will:

  1. Log in (this may be happen more than once, if your HSM session is dual-control (or "4 eyes") aware).
  2. Find, open or prepare a key for use (different HSMs use different idioms). This 'key' may be an encrypted ("wrapped") blob, or it may be a key handle.
  3. Provide the key, data and flags to the HSM, along with a request. Sign/verify/encrypt/decrypt/wrap/unwrap/hash/...

The HSM will

  1. Accept the key, data, flags and operation request, perform the operation using or on the inputs, and then discard the key and input data.
  2. Return the result of the operation.

You can use a software based HSM simulator (SoftHSM, Utimaco GmbH's CryptoServer Simulator) to investigate how to use them in your local environment.

0
On

... and I don't find any Information about detail communication.

No wonder: At least 3 years ago, when I was working with the HSM, the HSM documents were confidential or strictly confidential and not every customer had access to all documents.

How does the communication between HSM and Host application work?

I cannot talk about information that I got from the confidential documents here.

However, even when reading the User Manual of the 27x CPUs, it is clear that shared RAM is used for the communication between the HSM and the host CPU.

I know there are some Driver ...

The HSM is "simply" a second CPU on the same chip as the host CPU. It has its own RAM and (if the HSM is active) own areas in the Flash memory that cannot be accessed by the main CPU.

The "Driver" is not only a driver but the complete code which runs on this second CPU.

You could replace that "Driver" by a software that performs other calculations - for example 2D graphics - instead of encryption and security. In this case the HSM would perform 2D graphics calculations instead of data encryption!

You might ask why encryption calculation is not done on the main CPU. The answer is simple:

The main CPU does not have access to the Flash memory or the RAM of the HSM.

If the main CPU is hacked, the hacker can read out the main CPU's RAM and Flash memory but it cannot access secret data (such as keys) stored in the RAM or Flash of the HSM.

How can the application encrypt Messages?
How it knows the specific Key ?

This depends on the software ("Driver") that runs on the HSM, of course.

Typically, the keys and the data to be encrypted are written in the shared RAM by the main CPU.

The application running on the HSM ("Driver") will read the data from there.

Typically, such an application provides the function to store secret keys into the HSM Flash memory (which cannot be accessed by the main CPU) and to use these keys for encryption.

The result (for example the encrypted message) will be placed back in the shared RAM where the host CPU can read the data.