From 54477d1bea51e2e0132d0186159508566ff85fc0 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Thu, 17 Mar 2022 10:01:27 -0700
Subject: [PATCH] improvements around keystore key update

---
 wolfcrypt/src/port/caam/wolfcaam_seco.c     | 27 ++++++++++++++++++++-
 wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h |  2 +-
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/port/caam/wolfcaam_seco.c b/wolfcrypt/src/port/caam/wolfcaam_seco.c
index cad76e0f0..63d7003ee 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_seco.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_seco.c
@@ -382,6 +382,25 @@ static hsm_key_info_t KeyInfoToHSM(int keyInfoIn)
 }
 
 
+static int KeyFlagsToHSM(int flags)
+{
+    int ret = 0;
+
+    #ifdef HSM_OP_KEY_GENERATION_FLAGS_UPDATE
+    if (flags & CAAM_UPDATE_KEY) {
+        ret = HSM_OP_KEY_GENERATION_FLAGS_UPDATE;
+    }
+    #endif
+
+    #ifdef HSM_OP_KEY_GENERATION_FLAGS_CREATE
+    if (flags & CAAM_GENERATE_KEY) {
+        ret = HSM_OP_KEY_GENERATION_FLAGS_CREATE;
+    }
+    #endif
+    return ret;
+}
+
+
 /* generic generate key with HSM
  * return 0 on success
  */
@@ -395,6 +414,11 @@ int wc_SECO_GenerateKey(int flags, int group, byte* out, int outSz,
     hsm_key_type_t keyType;
     hsm_key_info_t keyInfo;
 
+    if (flags == CAAM_UPDATE_KEY && group != 0) {
+        WOLFSSL_MSG("Group must be 0 if updating key");
+        return BAD_FUNC_ARG;
+    }
+
     keyType = KeyTypeToHSM(keyTypeIn);
     keyInfo = KeyInfoToHSM(keyInfoIn);
 
@@ -415,7 +439,8 @@ int wc_SECO_GenerateKey(int flags, int group, byte* out, int outSz,
         key_args.out_key  = out;
 
         /* default to strict operations with key in NVM */
-        key_args.flags = flags | HSM_OP_KEY_GENERATION_FLAGS_STRICT_OPERATION;
+        key_args.flags = KeyFlagsToHSM(flags) |
+                            HSM_OP_KEY_GENERATION_FLAGS_STRICT_OPERATION;
         key_args.key_group = group;
         key_args.key_info  = keyInfo;
         key_args.key_type  = keyType;
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h
index 2b42fd21d..ec6fb4cce 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h
@@ -93,7 +93,7 @@
 #define CAAM_KEYTYPE_HMAC512    9
 
 /* flags for key management */
-#define CAAM_UPDATE_KEY   0
+#define CAAM_UPDATE_KEY   1
 #define CAAM_GENERATE_KEY 2
 #define CAAM_DELETE_KEY   4