diff --git a/.github/workflows/compile-examples.yml b/.github/workflows/compile-examples.yml index 6cb1406db..b17c614a6 100644 --- a/.github/workflows/compile-examples.yml +++ b/.github/workflows/compile-examples.yml @@ -129,7 +129,6 @@ jobs: - libraries/PDM - libraries/Camera/examples/CameraCaptureRawBytes - libraries/Camera/examples/CameraCaptureZoomPan - - libraries/SE05X - libraries/STM32H747_System - libraries/ThreadDebug - libraries/USBHID diff --git a/cores/arduino/mbed/storage/filesystem/littlefsv2/include/littlefsv2/LittleFileSystem2.h b/cores/arduino/mbed/storage/filesystem/littlefsv2/include/littlefsv2/LittleFileSystem2.h index d753b3fb1..0d13ef7fb 100644 --- a/cores/arduino/mbed/storage/filesystem/littlefsv2/include/littlefsv2/LittleFileSystem2.h +++ b/cores/arduino/mbed/storage/filesystem/littlefsv2/include/littlefsv2/LittleFileSystem2.h @@ -289,9 +289,9 @@ class LittleFileSystem2 : public mbed::FileSystem { #endif //!(DOXYGEN_ONLY) private: - lfs2_t _lfs; // The actual file system - struct lfs2_config _config; - mbed::BlockDevice *_bd; // The block device + lfs2_t _lfs{}; // The actual file system + struct lfs2_config _config {}; + mbed::BlockDevice *_bd = nullptr; // The block device // thread-safe locking PlatformMutex _mutex; diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/fsl_sss_ftr.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/fsl_sss_ftr.h deleted file mode 100644 index 95dd7f92f..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/fsl_sss_ftr.h +++ /dev/null @@ -1,651 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_APIS_INC_FSL_SSS_FTR_H_ -#define SSS_APIS_INC_FSL_SSS_FTR_H_ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -/* clang-format off */ - - -/* # CMake Features : Start */ - - -/** Applet : The Secure Element Applet - * - * You can compile host library for different Applets listed below. - * Please note, some of these Applets may be for NXP Internal use only. - */ - -/** Compiling without any Applet Support */ -#define SSS_HAVE_APPLET_NONE 0 - -/** A71CH (ECC) */ -#define SSS_HAVE_APPLET_A71CH 0 - -/** A71CL (RSA) */ -#define SSS_HAVE_APPLET_A71CL 0 - -/** Similar to A71CH */ -#define SSS_HAVE_APPLET_A71CH_SIM 0 - -/** SE050 Type A (ECC) */ -#define SSS_HAVE_APPLET_SE05X_A 0 - -/** SE050 Type B (RSA) */ -#define SSS_HAVE_APPLET_SE05X_B 0 - -/** SE050 (Super set of A + B) */ -#define SSS_HAVE_APPLET_SE05X_C 1 - -/** SE050 (Similar to A71CL) */ -#define SSS_HAVE_APPLET_SE05X_L 0 - -/** NXP Internal testing Applet */ -#define SSS_HAVE_APPLET_LOOPBACK 0 - -#if (( 0 \ - + SSS_HAVE_APPLET_NONE \ - + SSS_HAVE_APPLET_A71CH \ - + SSS_HAVE_APPLET_A71CL \ - + SSS_HAVE_APPLET_A71CH_SIM \ - + SSS_HAVE_APPLET_SE05X_A \ - + SSS_HAVE_APPLET_SE05X_B \ - + SSS_HAVE_APPLET_SE05X_C \ - + SSS_HAVE_APPLET_SE05X_L \ - + SSS_HAVE_APPLET_LOOPBACK \ - ) > 1) -# error "Enable only one of 'Applet'" -#endif - - -#if (( 0 \ - + SSS_HAVE_APPLET_NONE \ - + SSS_HAVE_APPLET_A71CH \ - + SSS_HAVE_APPLET_A71CL \ - + SSS_HAVE_APPLET_A71CH_SIM \ - + SSS_HAVE_APPLET_SE05X_A \ - + SSS_HAVE_APPLET_SE05X_B \ - + SSS_HAVE_APPLET_SE05X_C \ - + SSS_HAVE_APPLET_SE05X_L \ - + SSS_HAVE_APPLET_LOOPBACK \ - ) == 0) -# error "Enable at-least one of 'Applet'" -#endif - - - -/** SE05X_Ver : SE05X Applet version. - * - * Selection of Applet version 03_XX enables SE050 features. - * Selection of Applet version 06_00 enables SE051 features. - * - */ - -/** SE050 */ -#define SSS_HAVE_SE05X_VER_03_XX 1 - -/** SE051 */ -#define SSS_HAVE_SE05X_VER_06_00 0 - -#if (( 0 \ - + SSS_HAVE_SE05X_VER_03_XX \ - + SSS_HAVE_SE05X_VER_06_00 \ - ) > 1) -# error "Enable only one of 'SE05X_Ver'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SE05X_VER_03_XX \ - + SSS_HAVE_SE05X_VER_06_00 \ - ) == 0) -# error "Enable at-least one of 'SE05X_Ver'" -#endif - - - -/** HostCrypto : Counterpart Crypto on Host - * - * What is being used as a cryptographic library on the host. - * As of now only OpenSSL / mbedTLS is supported - */ - -/** Use mbedTLS as host crypto */ -#define SSS_HAVE_HOSTCRYPTO_MBEDTLS 0 - -/** Use mbed-crypto as host crypto - * Required for ARM-PSA / TF-M */ -#define SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO 0 - -/** Use OpenSSL as host crypto */ -#define SSS_HAVE_HOSTCRYPTO_OPENSSL 0 - -/** User Implementation of Host Crypto - * e.g. Files at ``sss/src/user/crypto`` have low level AES/CMAC primitives. - * The files at ``sss/src/user`` use those primitives. - * This becomes an example for users with their own AES Implementation - * This then becomes integration without mbedTLS/OpenSSL for SCP03 / AESKey. - * - * .. note:: ECKey abstraction is not implemented/available yet. */ -#define SSS_HAVE_HOSTCRYPTO_USER 0 - -/** NO Host Crypto - * Note, this is unsecure and only provided for experimentation - * on platforms that do not have an mbedTLS PORT - * Many :ref:`sssftr-control` have to be disabled to have a valid build. */ -#define SSS_HAVE_HOSTCRYPTO_NONE 0 - -#if (( 0 \ - + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ - + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ - + SSS_HAVE_HOSTCRYPTO_OPENSSL \ - + SSS_HAVE_HOSTCRYPTO_USER \ - + SSS_HAVE_HOSTCRYPTO_NONE \ - ) > 1) -# error "Enable only one of 'HostCrypto'" -#endif - - -/** mbedTLS_ALT : ALT Engine implementation for mbedTLS - * - * When set to None, mbedTLS would not use ALT Implementation to connect to / use Secure Element. - * This needs to be set to SSS for Cloud Demos over SSS APIs - */ - -/** Use SSS Layer ALT implementation */ -#define SSS_HAVE_MBEDTLS_ALT_SSS 1 - -/** Legacy implementation */ -#define SSS_HAVE_MBEDTLS_ALT_A71CH 0 - -/** Not using any mbedTLS_ALT - * - * When this is selected, cloud demos can not work with mbedTLS */ -#define SSS_HAVE_MBEDTLS_ALT_NONE 0 - -#if (( 0 \ - + SSS_HAVE_MBEDTLS_ALT_SSS \ - + SSS_HAVE_MBEDTLS_ALT_A71CH \ - + SSS_HAVE_MBEDTLS_ALT_NONE \ - ) > 1) -# error "Enable only one of 'mbedTLS_ALT'" -#endif - - -#if (( 0 \ - + SSS_HAVE_MBEDTLS_ALT_SSS \ - + SSS_HAVE_MBEDTLS_ALT_A71CH \ - + SSS_HAVE_MBEDTLS_ALT_NONE \ - ) == 0) -# error "Enable at-least one of 'mbedTLS_ALT'" -#endif - - - -/** SCP : Secure Channel Protocol - * - * In case we enable secure channel to Secure Element, which interface to be used. - */ - -/** */ -#define SSS_HAVE_SCP_NONE 0 - -/** Use SSS Layer for SCP. Used for SE050 family. */ -#define SSS_HAVE_SCP_SCP03_SSS 0 - -/** Use Host Crypto Layer for SCP03. Legacy implementation. Used for older demos of A71CH Family. */ -#define SSS_HAVE_SCP_SCP03_HOSTCRYPTO 0 - -#if (( 0 \ - + SSS_HAVE_SCP_NONE \ - + SSS_HAVE_SCP_SCP03_SSS \ - + SSS_HAVE_SCP_SCP03_HOSTCRYPTO \ - ) > 1) -# error "Enable only one of 'SCP'" -#endif - - -/** FIPS : Enable or disable FIPS - * - * This selection mostly impacts tests, and generally not the actual Middleware - */ - -/** NO FIPS */ -#define SSS_HAVE_FIPS_NONE 1 - -/** SE050 IC FIPS */ -#define SSS_HAVE_FIPS_SE050 0 - -/** FIPS 140-2 */ -#define SSS_HAVE_FIPS_140_2 0 - -/** FIPS 140-3 */ -#define SSS_HAVE_FIPS_140_3 0 - -#if (( 0 \ - + SSS_HAVE_FIPS_NONE \ - + SSS_HAVE_FIPS_SE050 \ - + SSS_HAVE_FIPS_140_2 \ - + SSS_HAVE_FIPS_140_3 \ - ) > 1) -# error "Enable only one of 'FIPS'" -#endif - - -#if (( 0 \ - + SSS_HAVE_FIPS_NONE \ - + SSS_HAVE_FIPS_SE050 \ - + SSS_HAVE_FIPS_140_2 \ - + SSS_HAVE_FIPS_140_3 \ - ) == 0) -# error "Enable at-least one of 'FIPS'" -#endif - - - -/** SBL : Enable/Disable SBL Bootable support - * - * This option is to enable/disable boot from SBL by switching linker address - */ - -/** Not SBL bootable */ -#define SSS_HAVE_SBL_NONE 1 - -/** SE050 based LPC55S SBL bootable */ -#define SSS_HAVE_SBL_SBL_LPC55S 0 - -#if (( 0 \ - + SSS_HAVE_SBL_NONE \ - + SSS_HAVE_SBL_SBL_LPC55S \ - ) > 1) -# error "Enable only one of 'SBL'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SBL_NONE \ - + SSS_HAVE_SBL_SBL_LPC55S \ - ) == 0) -# error "Enable at-least one of 'SBL'" -#endif - - - -/** SE05X_Auth : SE050 Authentication - * - * This settings is used by examples to connect using various options - * to authenticate with the Applet. - * The SE05X_Auth options can be changed for KSDK Demos and Examples. - * To change SE05X_Auth option follow below steps. - * Set flag ``SSS_HAVE_SCP_SCP03_SSS`` to 1 and Reset flag ``SSS_HAVE_SCP_NONE`` to 0. - * To change SE05X_Auth option other than ``None`` and ``PlatfSCP03``, - * execute se05x_Delete_and_test_provision.exe in order to provision the Authentication Key. - * To change SE05X_Auth option to ``ECKey`` or ``ECKey_PlatfSCP03``, - * Set additional flag ``SSS_HAVE_HOSTCRYPTO_ANY`` to 1. - */ - -/** Use the default session (i.e. session less) login */ -#define SSS_HAVE_SE05X_AUTH_NONE 1 - -/** Do User Authentication with UserID */ -#define SSS_HAVE_SE05X_AUTH_USERID 0 - -/** Use Platform SCP for connection to SE */ -#define SSS_HAVE_SE05X_AUTH_PLATFSCP03 0 - -/** Do User Authentication with AES Key - * Earlier this was called AppletSCP03 */ -#define SSS_HAVE_SE05X_AUTH_AESKEY 0 - -/** Do User Authentication with EC Key - * Earlier this was called FastSCP */ -#define SSS_HAVE_SE05X_AUTH_ECKEY 0 - -/** UserID and PlatfSCP03 */ -#define SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 0 - -/** AESKey and PlatfSCP03 */ -#define SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 0 - -/** ECKey and PlatfSCP03 */ -#define SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 0 - -#if (( 0 \ - + SSS_HAVE_SE05X_AUTH_NONE \ - + SSS_HAVE_SE05X_AUTH_USERID \ - + SSS_HAVE_SE05X_AUTH_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY \ - + SSS_HAVE_SE05X_AUTH_ECKEY \ - + SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 \ - ) > 1) -# error "Enable only one of 'SE05X_Auth'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SE05X_AUTH_NONE \ - + SSS_HAVE_SE05X_AUTH_USERID \ - + SSS_HAVE_SE05X_AUTH_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY \ - + SSS_HAVE_SE05X_AUTH_ECKEY \ - + SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 \ - ) == 0) -# error "Enable at-least one of 'SE05X_Auth'" -#endif - - - -/** A71CH_AUTH : A71CH Authentication - * - * This settings is used by SSS-API based examples to connect using either plain or authenticated to the A71CH. - */ - -/** Plain communication, not authenticated or encrypted */ -#define SSS_HAVE_A71CH_AUTH_NONE 1 - -/** SCP03 enabled */ -#define SSS_HAVE_A71CH_AUTH_SCP03 0 - -#if (( 0 \ - + SSS_HAVE_A71CH_AUTH_NONE \ - + SSS_HAVE_A71CH_AUTH_SCP03 \ - ) > 1) -# error "Enable only one of 'A71CH_AUTH'" -#endif - - -#if (( 0 \ - + SSS_HAVE_A71CH_AUTH_NONE \ - + SSS_HAVE_A71CH_AUTH_SCP03 \ - ) == 0) -# error "Enable at-least one of 'A71CH_AUTH'" -#endif - - -/* ====================================================================== * - * == Feature selection/values ========================================== * - * ====================================================================== */ - - -/** SE05X Secure Element : Symmetric AES */ -#define SSSFTR_SE05X_AES 1 - -/** SE05X Secure Element : Elliptic Curve Cryptography */ -#define SSSFTR_SE05X_ECC 1 - -/** SE05X Secure Element : RSA */ -#define SSSFTR_SE05X_RSA 1 - -/** SE05X Secure Element : KEY operations : SET Key */ -#define SSSFTR_SE05X_KEY_SET 1 - -/** SE05X Secure Element : KEY operations : GET Key */ -#define SSSFTR_SE05X_KEY_GET 1 - -/** SE05X Secure Element : Authenticate via ECKey */ -#define SSSFTR_SE05X_AuthECKey 1 - -/** SE05X Secure Element : Allow creation of user/authenticated session. - * - * If the intended deployment only uses Platform SCP - * Or it is a pure session less integration, this can - * save some code size. */ -#define SSSFTR_SE05X_AuthSession 0 - -/** SE05X Secure Element : Allow creation/deletion of Crypto Objects - * - * If disabled, new Crytpo Objects are neither created and - * old/existing Crypto Objects are not deleted. - * It is assumed that during provisioning phase, the required - * Crypto Objects are pre-created or they are never going to - * be needed. */ -#define SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ 1 - -/** Software : Symmetric AES */ -#define SSSFTR_SW_AES 1 - -/** Software : Elliptic Curve Cryptography */ -#define SSSFTR_SW_ECC 1 - -/** Software : RSA */ -#define SSSFTR_SW_RSA 1 - -/** Software : KEY operations : SET Key */ -#define SSSFTR_SW_KEY_SET 1 - -/** Software : KEY operations : GET Key */ -#define SSSFTR_SW_KEY_GET 1 - -/** Software : Used as a test counterpart - * - * e.g. Major part of the mebdTLS SSS layer is purely used for - * testing of Secure Element implementation, and can be avoided - * fully during many production scenarios. */ -#define SSSFTR_SW_TESTCOUNTERPART 1 - -/* ====================================================================== * - * == Computed Options ================================================== * - * ====================================================================== */ - -/** Symmetric AES */ -#define SSSFTR_AES (SSSFTR_SE05X_AES + SSSFTR_SW_AES) -/** Elliptic Curve Cryptography */ -#define SSSFTR_ECC (SSSFTR_SE05X_ECC + SSSFTR_SW_ECC) -/** RSA */ -#define SSSFTR_RSA (SSSFTR_SE05X_RSA + SSSFTR_SW_RSA) -/** KEY operations : SET Key */ -#define SSSFTR_KEY_SET (SSSFTR_SE05X_KEY_SET + SSSFTR_SW_KEY_SET) -/** KEY operations : GET Key */ -#define SSSFTR_KEY_GET (SSSFTR_SE05X_KEY_GET + SSSFTR_SW_KEY_GET) -/** KEY operations */ -#define SSSFTR_KEY (SSSFTR_KEY_SET + SSSFTR_KEY_GET) -/** KEY operations */ -#define SSSFTR_SE05X_KEY (SSSFTR_SE05X_KEY_SET + SSSFTR_SE05X_KEY_GET) -/** KEY operations */ -#define SSSFTR_SW_KEY (SSSFTR_SW_KEY_SET + SSSFTR_SW_KEY_GET) - - -#define SSS_HAVE_APPLET \ - (SSS_HAVE_APPLET_A71CH | SSS_HAVE_APPLET_A71CL | SSS_HAVE_APPLET_A71CH_SIM | SSS_HAVE_APPLET_SE05X_A | SSS_HAVE_APPLET_SE05X_B | SSS_HAVE_APPLET_SE05X_C | SSS_HAVE_APPLET_SE05X_L | SSS_HAVE_APPLET_LOOPBACK) - -#define SSS_HAVE_APPLET_SE05X_IOT \ - (SSS_HAVE_APPLET_SE05X_A | SSS_HAVE_APPLET_SE05X_B | SSS_HAVE_APPLET_SE05X_C) - -#define SSS_HAVE_MBEDTLS_ALT \ - (SSS_HAVE_MBEDTLS_ALT_SSS | SSS_HAVE_MBEDTLS_ALT_A71CH) - -#define SSS_HAVE_HOSTCRYPTO_ANY \ - (SSS_HAVE_HOSTCRYPTO_MBEDTLS | SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO | SSS_HAVE_HOSTCRYPTO_OPENSSL | SSS_HAVE_HOSTCRYPTO_USER) - -#define SSS_HAVE_FIPS \ - (SSS_HAVE_FIPS_SE050 | SSS_HAVE_FIPS_140_2 | SSS_HAVE_FIPS_140_3) - - -/* Version checks GTE - Greater Than Or Equal To */ -#if SSS_HAVE_APPLET_SE05X_IOT -# if SSS_HAVE_SE05X_VER_06_00 -# define SSS_HAVE_SE05X_VER_GTE_06_00 1 -# define SSS_HAVE_SE05X_VER_GTE_03_XX 1 -# endif /* SSS_HAVE_SE05X_VER_06_00 */ -# if SSS_HAVE_SE05X_VER_03_XX -# define SSS_HAVE_SE05X_VER_GTE_06_00 0 -# define SSS_HAVE_SE05X_VER_GTE_03_XX 1 -# endif /* SSS_HAVE_SE05X_VER_03_XX */ -#else //SSS_HAVE_APPLET_SE05X_IOT -# define SSS_HAVE_SE05X_VER_GTE_03_XX 0 -# define SSS_HAVE_SE05X_VER_GTE_06_00 0 -#endif // SSS_HAVE_APPLET_SE05X_IOT -/** Deprecated items. Used here for backwards compatibility. */ - -#define WithApplet_SE05X (SSS_HAVE_APPLET_SE05X_IOT) -#define WithApplet_SE050_A (SSS_HAVE_APPLET_SE05X_A) -#define WithApplet_SE050_B (SSS_HAVE_APPLET_SE05X_B) -#define WithApplet_SE050_C (SSS_HAVE_APPLET_SE05X_C) -#define SSS_HAVE_SE050_A (SSS_HAVE_APPLET_SE05X_A) -#define SSS_HAVE_SE050_B (SSS_HAVE_APPLET_SE05X_B) -#define SSS_HAVE_SE050_C (SSS_HAVE_APPLET_SE05X_C) -#define SSS_HAVE_SE05X (SSS_HAVE_APPLET_SE05X_IOT) -#define SSS_HAVE_SE (SSS_HAVE_APPLET) -#define SSS_HAVE_LOOPBACK (SSS_HAVE_APPLET_LOOPBACK) -#define SSS_HAVE_ALT (SSS_HAVE_MBEDTLS_ALT) -#define WithApplet_None (SSS_HAVE_APPLET_NONE) -#define SSS_HAVE_None (SSS_HAVE_APPLET_NONE) -#define WithApplet_A71CH (SSS_HAVE_APPLET_A71CH) -#define SSS_HAVE_A71CH (SSS_HAVE_APPLET_A71CH) -#define WithApplet_A71CL (SSS_HAVE_APPLET_A71CL) -#define SSS_HAVE_A71CL (SSS_HAVE_APPLET_A71CL) -#define WithApplet_A71CH_SIM (SSS_HAVE_APPLET_A71CH_SIM) -#define SSS_HAVE_A71CH_SIM (SSS_HAVE_APPLET_A71CH_SIM) -#define WithApplet_SE05X_A (SSS_HAVE_APPLET_SE05X_A) -#define SSS_HAVE_SE05X_A (SSS_HAVE_APPLET_SE05X_A) -#define WithApplet_SE05X_B (SSS_HAVE_APPLET_SE05X_B) -#define SSS_HAVE_SE05X_B (SSS_HAVE_APPLET_SE05X_B) -#define WithApplet_SE05X_C (SSS_HAVE_APPLET_SE05X_C) -#define SSS_HAVE_SE05X_C (SSS_HAVE_APPLET_SE05X_C) -#define WithApplet_SE05X_L (SSS_HAVE_APPLET_SE05X_L) -#define SSS_HAVE_SE05X_L (SSS_HAVE_APPLET_SE05X_L) -#define WithApplet_LoopBack (SSS_HAVE_APPLET_LOOPBACK) -#define SSS_HAVE_LoopBack (SSS_HAVE_APPLET_LOOPBACK) -#define SSS_HAVE_MBEDTLS (SSS_HAVE_HOSTCRYPTO_MBEDTLS) -#define SSS_HAVE_MBEDCRYPTO (SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO) -#define SSS_HAVE_OPENSSL (SSS_HAVE_HOSTCRYPTO_OPENSSL) -#define SSS_HAVE_USER (SSS_HAVE_HOSTCRYPTO_USER) -#define SSS_HAVE_NONE (SSS_HAVE_HOSTCRYPTO_NONE) -#define SSS_HAVE_ALT_SSS (SSS_HAVE_MBEDTLS_ALT_SSS) -#define SSS_HAVE_ALT_A71CH (SSS_HAVE_MBEDTLS_ALT_A71CH) -#define SSS_HAVE_ALT_NONE (SSS_HAVE_MBEDTLS_ALT_NONE) -#define SSS_HAVE_SE05X_Auth_None (SSS_HAVE_SE05X_AUTH_NONE) -#define SSS_HAVE_SE05X_Auth_UserID (SSS_HAVE_SE05X_AUTH_USERID) -#define SSS_HAVE_SE05X_Auth_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_PLATFSCP03) -#define SSS_HAVE_SE05X_Auth_AESKey (SSS_HAVE_SE05X_AUTH_AESKEY) -#define SSS_HAVE_SE05X_Auth_ECKey (SSS_HAVE_SE05X_AUTH_ECKEY) -#define SSS_HAVE_SE05X_Auth_UserID_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) -#define SSS_HAVE_SE05X_Auth_AESKey_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) -#define SSS_HAVE_SE05X_Auth_ECKey_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) - -/* # CMake Features : END */ - -/* ========= Miscellaneous values : START =================== */ - -/* ECC Mode is available */ -#define SSS_HAVE_ECC 1 - -/* RSA is available */ -#define SSS_HAVE_RSA 1 - -/* TPM BARRETO_NAEHRIG Curve is enabled */ -#define SSS_HAVE_TPM_BN 1 - -/* Edwards Curve is enabled */ -#define SSS_HAVE_EC_ED 1 - -/* Montgomery Curve is enabled */ -#define SSS_HAVE_EC_MONT 1 - -/* MIFARE DESFire is enabled */ -#define SSS_HAVE_MIFARE_DESFIRE 1 - -/* PBKDF2 is enabled */ -#define SSS_HAVE_PBKDF2 1 - -/* TLS handshake support on SE is enabled */ -#define SSS_HAVE_TLS_HANDSHAKE 1 - -/* Import Export Key is enabled */ -#define SSS_HAVE_IMPORT 1 - -/* With NXP NFC Reader Library */ -#define SSS_HAVE_NXPNFCRDLIB 0 - -#define SSS_HAVE_A71XX \ - (SSS_HAVE_APPLET_A71CH | SSS_HAVE_APPLET_A71CH_SIM) - -#define SSS_HAVE_SSCP (SSS_HAVE_A71XX) - -/* For backwards compatibility */ -#define SSS_HAVE_TESTCOUNTERPART (SSSFTR_SW_TESTCOUNTERPART) - -/* ========= Miscellaneous values : END ===================== */ - -/* ========= Calculated values : START ====================== */ - -/* Should we expose, SSS APIs */ -#define SSS_HAVE_SSS ( 0 \ - + SSS_HAVE_SSCP \ - + SSS_HAVE_APPLET_SE05X_IOT \ - + SSS_HAVE_HOSTCRYPTO_OPENSSL \ - + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ - + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ - + SSS_HAVE_HOSTCRYPTO_USER \ - ) - -/* MBEDCRYPTO is superset of MBEDTLS and exposing that way */ -#if SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO -# undef SSS_HAVE_MBEDTLS -# undef SSS_HAVE_HOSTCRYPTO_MBEDTLS - -# define SSS_HAVE_MBEDTLS 1 -# define SSS_HAVE_HOSTCRYPTO_MBEDTLS 1 -#endif // SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO - -#if SSS_HAVE_HOSTCRYPTO_NONE -# undef SSSFTR_SE05X_AuthSession -# define SSSFTR_SE05X_AuthSession 0 -#endif - -/* Montgomery curves is not supported in SE05X_A*/ -#if SSS_HAVE_APPLET_SE05X_A -# undef SSS_HAVE_EC_MONT -# define SSS_HAVE_EC_MONT 0 -/* ED is not supported in SE050_A */ -#if SSS_HAVE_SE05X_VER_03_XX -# undef SSS_HAVE_EC_ED -# define SSS_HAVE_EC_ED 0 -#endif -#endif - -#if SSS_HAVE_RSA -# define SSS_HAVE_RSA_4K 1 -#endif - -#if SSS_HAVE_ECC -# define SSS_HAVE_EC_NIST_192 1 -# define SSS_HAVE_EC_NIST_224 1 -# define SSS_HAVE_EC_NIST_256 1 -# define SSS_HAVE_EC_NIST_384 1 -# define SSS_HAVE_EC_NIST_521 1 -# define SSS_HAVE_EC_BP 1 -# define SSS_HAVE_EC_NIST_K 1 -# define SSS_HAVE_ECDAA 1 -# define SSS_HAVE_EDDSA 1 -#if SSS_HAVE_APPLET_SE05X_A -# undef SSS_HAVE_ECDAA -# undef SSS_HAVE_EDDSA -# define SSS_HAVE_ECDAA 0 -# define SSS_HAVE_EDDSA 0 -#endif -#endif - -#if SSS_HAVE_APPLET -#define SSS_HAVE_HASH_1 1 -#define SSS_HAVE_HASH_224 1 -#define SSS_HAVE_HASH_512 1 -#endif - - -/* ========= Calculated values : END ======================== */ - -/* clang-format on */ - -#endif /* SSS_APIS_INC_FSL_SSS_FTR_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/Applet_SE050_Ver.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/Applet_SE050_Ver.h deleted file mode 100644 index 51aaf715b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/Applet_SE050_Ver.h +++ /dev/null @@ -1,114 +0,0 @@ -/* -* -* Copyright 2019,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef APPLET_SE050_VERSION_INFO_H_INCLUDED -#define APPLET_SE050_VERSION_INFO_H_INCLUDED - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -/* clang-format off */ -//#define APPLET_SE050_PROD_NAME "Applet_SE050" -//#define APPLET_SE050_VER_STRING_NUM "v03.01.00" -//#define APPLET_SE050_PROD_NAME_VER_FULL "Applet_SE050_v03.01.00" - -#if SSS_HAVE_SE05X_VER_04_04 == 1 -# define APPLET_SE050_VER_MAJOR (4u) -# define APPLET_SE050_VER_MINOR (4u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_04_08 == 1 -# define APPLET_SE050_VER_MAJOR (4u) -# define APPLET_SE050_VER_MINOR (8u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_04_12 == 1 -# define APPLET_SE050_VER_MAJOR (4u) -# define APPLET_SE050_VER_MINOR (12u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_05_00 == 1 -# define APPLET_SE050_VER_MAJOR (5u) -# define APPLET_SE050_VER_MINOR (0u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_05_02 == 1 -# define APPLET_SE050_VER_MAJOR (5u) -# define APPLET_SE050_VER_MINOR (2u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_05_04 == 1 -# define APPLET_SE050_VER_MAJOR (5u) -# define APPLET_SE050_VER_MINOR (4u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_05_08 == 1 -# define APPLET_SE050_VER_MAJOR (5u) -# define APPLET_SE050_VER_MINOR (8u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_05_10 == 1 -# define APPLET_SE050_VER_MAJOR (5u) -# define APPLET_SE050_VER_MINOR (10u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_05_12 == 1 -# define APPLET_SE050_VER_MAJOR (5u) -# define APPLET_SE050_VER_MINOR (12u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_SE05X_VER_06_00 == 1 -# define APPLET_SE050_VER_MAJOR (6u) -# define APPLET_SE050_VER_MINOR (0u) -# define APPLET_SE050_VER_DEV (0u) -#elif SSS_HAVE_FIPS -# define APPLET_SE050_VER_MAJOR (3u) -# define APPLET_SE050_VER_MINOR (6u) -# define APPLET_SE050_VER_DEV (0u) -#else -# define APPLET_SE050_VER_MAJOR (3u) -# define APPLET_SE050_VER_MINOR (1u) -# define APPLET_SE050_VER_DEV (0u) -# define APPLET_SE050_VER_DEV_PATCH1 (1u) /* Allow this as well */ -#endif - - -/* v03.01 = 30001u */ -#define APPLET_SE050_VER_MAJOR_MINOR ( 0 \ - | (APPLET_SE050_VER_MAJOR * 10000u) \ - | (APPLET_SE050_VER_MINOR)) - -/* v03.01.00 = 300010000ULL */ -#define APPLET_SE050_VER_MAJOR_MINOR_DEV ( 0 \ - | (APPLET_SE050_VER_MAJOR * 10000*10000u) \ - | (APPLET_SE050_VER_MINOR * 10000u) \ - | (APPLET_SE050_VER_DEV)) - -/* clang-format on */ - -/* Version Information: - * Generated by: - * ..\..\..\scripts\version_info.py (v2019.01.17_00) - * - * Do not edit this file. Update: - * ./version_info.txt instead. - * - * - * prod_name = "Applet_SE050" - * - * prod_desc = "Applet AR6" - * - * lang_c_prefix = prod_name.upper() - * - * lang_namespace = "" - * - * v_major = "03" - * - * v_minor = "01" - * - * v_dev = "00" - * - * v_meta = "" - * - * maturity = "P" - * - */ - -#endif /* APPLET_SE050_VERSION_INFO_H_INCLUDED */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_HostLib_Ver.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_HostLib_Ver.h deleted file mode 100644 index 52d7966be..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_HostLib_Ver.h +++ /dev/null @@ -1,63 +0,0 @@ -/* Copyright 2019-2021 NXP - * - * SPDX-License-Identifier: Apache-2.0 - * - * - */ - -#ifndef PLUGANDTRUST_HOSTLIB_VERSION_INFO_H_INCLUDED -#define PLUGANDTRUST_HOSTLIB_VERSION_INFO_H_INCLUDED - - -/* clang-format off */ -#define PLUGANDTRUST_HOSTLIB_PROD_NAME "PlugAndTrust_HostLib" -#define PLUGANDTRUST_HOSTLIB_VER_STRING_NUM "v03.03.00_20210528" -#define PLUGANDTRUST_HOSTLIB_PROD_NAME_VER_FULL "PlugAndTrust_HostLib_v03.03.00_20210528" -#define PLUGANDTRUST_HOSTLIB_VER_MAJOR (3u) -#define PLUGANDTRUST_HOSTLIB_VER_MINOR (3u) -#define PLUGANDTRUST_HOSTLIB_VER_DEV (0u) - -/* v03.03 = 30003u */ -#define PLUGANDTRUST_HOSTLIB_VER_MAJOR_MINOR ( 0 \ - | (PLUGANDTRUST_HOSTLIB_VER_MAJOR * 10000u) \ - | (PLUGANDTRUST_HOSTLIB_VER_MINOR)) - -/* v03.03.00 = 300030000ULL */ -#define PLUGANDTRUST_HOSTLIB_VER_MAJOR_MINOR_DEV ( 0 \ - | (PLUGANDTRUST_HOSTLIB_VER_MAJOR * 10000*10000u) \ - | (PLUGANDTRUST_HOSTLIB_VER_MINOR * 10000u) \ - | (PLUGANDTRUST_HOSTLIB_VER_DEV)) - -/* clang-format on */ - - -/* Version Information: - * Generated by: - * scripts\version_info.py (v2019.01.17_00) - * - * Do not edit this file. Update: - * hostlib/version_info.txt instead. - * - * - * prod_name = "PlugAndTrust_HostLib" - * - * prod_desc = "Host Library" - * - * lang_c_prefix = prod_name.upper() - * - * lang_namespace = "" - * - * v_major = "03" - * - * v_minor = "03" - * - * v_dev = "00" - * - * v_meta = "" - * - * maturity = "B" - * - * - */ - -#endif /* PLUGANDTRUST_HOSTLIB_VERSION_INFO_H_INCLUDED */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_Pkg_Ver.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_Pkg_Ver.h deleted file mode 100644 index 619970855..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_Pkg_Ver.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Copyright 2019-2021 NXP - * - * SPDX-License-Identifier: Apache-2.0 - * - * - */ - -#ifndef PLUGANDTRUST_VERSION_INFO_H_INCLUDED -#define PLUGANDTRUST_VERSION_INFO_H_INCLUDED - - -/* clang-format off */ -#define PLUGANDTRUST_PROD_NAME "PlugAndTrust" -#define PLUGANDTRUST_VER_STRING_NUM "v03.03.00_20210528" -#define PLUGANDTRUST_PROD_NAME_VER_FULL "PlugAndTrust_v03.03.00_20210528" -#define PLUGANDTRUST_VER_MAJOR (3u) -#define PLUGANDTRUST_VER_MINOR (3u) -#define PLUGANDTRUST_VER_DEV (0u) - -/* v03.03 = 30003u */ -#define PLUGANDTRUST_VER_MAJOR_MINOR ( 0 \ - | (PLUGANDTRUST_VER_MAJOR * 10000u) \ - | (PLUGANDTRUST_VER_MINOR)) - -/* v03.03.00 = 300030000ULL */ -#define PLUGANDTRUST_VER_MAJOR_MINOR_DEV ( 0 \ - | (PLUGANDTRUST_VER_MAJOR * 10000*10000u) \ - | (PLUGANDTRUST_VER_MINOR * 10000u) \ - | (PLUGANDTRUST_VER_DEV)) - -/* clang-format on */ - - -/* Version Information: - * Generated by: - * scripts\version_info.py (v2019.01.17_00) - * - * Do not edit this file. Update: - * ./version_info.txt instead. - * - * prod_name = "PlugAndTrust" - * - * prod_desc = "Plug And Trust Package" - * - * lang_c_prefix = prod_name.upper() - * - * lang_namespace = "" - * - * v_major = "03" - * - * v_minor = "03" - * - * v_dev = "00" - * - * # Develop Branch - * v_meta = "" - * - * maturity = "B" - * - */ - -#endif /* PLUGANDTRUST_VERSION_INFO_H_INCLUDED */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxEnsure.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxEnsure.h deleted file mode 100644 index a58a75f22..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxEnsure.h +++ /dev/null @@ -1,279 +0,0 @@ -/* -* -* Copyright 2019 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -/** @file - * - * @addtogroup param_check - * - * @{ - * - * nxEnsure.h: Helper parameter assertion check macros. - * - * Pre Condition: The source file must have included nxLog - * header file. - * - * Project: SecureIoTMW - * - * - */ - -#ifndef HOSTLIB_HOSTLIB_INC_NXENSURE_H_ -#define HOSTLIB_HOSTLIB_INC_NXENSURE_H_ - -/* ***************************************************************************************************************** - * Includes - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * MACROS/Defines - * ***************************************************************************************************************** */ - -/** Build time over-ride if we want to enable/disable Warning Prints - * - * During debug builds, it makes sense to print them, - * During retail builds, such loggings would be of any use and remove and reduce code size. - * - */ -#ifndef NX_ENSURE_DO_LOG_MESSAGE -#define NX_ENSURE_DO_LOG_MESSAGE 1 -#endif /* NX_ENSURE_DO_LOG_MESSAGE */ - -/** - * @brief Waring print of the parameter ``strCONDITION`` - * - * @warning NX_ENSURE_MESSAGE is an internal message/API to this file. - * Do not use directly. - * - */ -#if NX_ENSURE_DO_LOG_MESSAGE -# define NX_ENSURE_MESSAGE(strCONDITION) \ - LOG_W("nxEnsure:'" strCONDITION "' failed. At Line:%d Function:%s", __LINE__, __FUNCTION__) -#else /* NX_ENSURE_DO_LOG_MESSAGE */ -# define NX_ENSURE_MESSAGE(strCONDITION) /* No Message */ -#endif /* NX_ENSURE_DO_LOG_MESSAGE */ - -/** - * @brief Waring print of the parameter ``strCONDITION`` - * - * @warning NX_ENSURE_MESSAGE is an internal message/API to this file. - * Do not use directly. - * - */ -#if NX_ENSURE_DO_LOG_MESSAGE -# define NX_ENSURE_MESSAGE(strCONDITION) \ - LOG_W("nxEnsure:'" strCONDITION "' failed. At Line:%d Function:%s", __LINE__, __FUNCTION__) -#else /* NX_ENSURE_DO_LOG_MESSAGE */ -# define NX_ENSURE_MESSAGE(strCONDITION) /* No Message */ -#endif /* NX_ENSURE_DO_LOG_MESSAGE */ - -/** If condition fails, goto :cleanup label - * - * @code{.c} - * - * { - * ... - * - * status = Operation1(); - * ENSURE_OR_GO_CLEANUP(0 == status); - * - * status = Operation2(); - * ENSURE_OR_GO_CLEANUP(0 == status); - * - * ... - * - * cleanup: - * return status; - * } - * - * @endcode - * - */ -#define ENSURE_OR_GO_CLEANUP(CONDITION) \ - if (!(CONDITION)) { \ - NX_ENSURE_MESSAGE(#CONDITION); \ - goto cleanup; \ - } - -/** If condition fails, goto :exit label - * - * @code{.c} - * - * { - * ... - * - * status = Operation1(); - * ENSURE_OR_GO_EXIT(0 == status); - * - * status = Operation2(); - * ENSURE_OR_GO_EXIT(0 == status); - * - * ... - * - * exit: - * return status; - * } - * - * @endcode - * - */ -#define ENSURE_OR_GO_EXIT(CONDITION) \ - if (!(CONDITION)) { \ - NX_ENSURE_MESSAGE(#CONDITION); \ - goto exit; \ - } - -/** If condition fails, break. - * - * Sample Usage: - * - * @code{.c} - * - * int SomeAPI() - * { - * ... - * - * do { - * status = Operation1(); - * ENSURE_OR_BREAK(0 == status); - * - * status = Operation2(); - * ENSURE_OR_BREAK(0 == status); - * - * ... - * - * } while(0); - * - * return status; - * } - * - * @endcode - * - */ -#define ENSURE_OR_BREAK(CONDITION) \ - if (!(CONDITION)) { \ - NX_ENSURE_MESSAGE(#CONDITION); \ - break; \ - } - -/** If condition fails, return - * - * - * @code{.c} - * - * void SomeAPI() - * { - * ... - * - * status = Operation1(); - * ENSURE_OR_RETURN(0 == status); - * - * status = Operation2(); - * ENSURE_OR_RETURN(0 == status); - * - * ... - * - * return; - * } - * - * @endcode - * - * @warning This macro introduces system of mutliple - * returns from a function which is not - * easy to debug/trace through and hence - * not recommended. - * - */ -#define ENSURE_OR_RETURN(CONDITION) \ - if (!(CONDITION)) { \ - NX_ENSURE_MESSAGE(#CONDITION); \ - return; \ - } - -/** If condition fails, return - * - * - * @code{.c} - * - * int SomeAPI() - * { - * ... - * - * status = Operation1(); - * ENSURE_OR_RETURN_ON_ERROR(0 == status, ERR_FAIL); - * - * status = Operation2(); - * ENSURE_OR_RETURN_ON_ERROR(0 == status, ERR_NOT_ENOUGH_SPACE); - * - * ... - * - * return 0; - * } - * - * @endcode - * - * @warning This macro introduces system of mutliple - * returns from a function which is not - * easy to debug/trace through and hence - * not recommended. - * - */ -#define ENSURE_OR_RETURN_ON_ERROR(CONDITION, RETURN_VALUE) \ - if (!(CONDITION)) { \ - NX_ENSURE_MESSAGE(#CONDITION); \ - return RETURN_VALUE; \ - } - -/** If condition fails, goto quit with return value status updated. - * - * - * @code{.c} - * - * int SomeAPI() - * { - int status = 0; - * ... - * - * value = Operation1(); - * ENSURE_OR_QUIT_WITH_STATUS_ON_ERROR(0 == value, status, ERR_FAIL); - * - * value = Operation2(); - * ENSURE_OR_QUIT_WITH_STATUS_ON_ERROR(0 == value, status, ERR_NOT_ENOUGH_SPACE); - * - * ... - * quit: - * return status; - * } - * - * @endcode - * - * @warning This macro introduces system of mutliple - * returns from a function which is not - * easy to debug/trace through and hence - * not recommended. - * - */ -#define ENSURE_OR_EXIT_WITH_STATUS_ON_ERROR(CONDITION, STATUS, RETURN_VALUE) \ - if (!(CONDITION)) { \ - NX_ENSURE_MESSAGE(#CONDITION); \ - STATUS = RETURN_VALUE; \ - goto exit; \ - } - -/* ***************************************************************************************************************** - * Types/Structure Declarations - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Extern Variables - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Function Prototypes - * ***************************************************************************************************************** */ - -/** @} */ - -#endif /* HOSTLIB_HOSTLIB_INC_NXENSURE_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Apis.h deleted file mode 100644 index a37357e3f..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Apis.h +++ /dev/null @@ -1,90 +0,0 @@ -/* -* -* Copyright 2018 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef NXSCP03_APIS_H_ -#define NXSCP03_APIS_H_ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#ifdef __cplusplus -extern "C" { -#endif - -#include "nxScp03_Types.h" -#include "nxScp03_Const.h" - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** -* To Secure the on going communicatation -*/ - -/** -* To Verify SE -*/ -sss_status_t nxScp03_HostLocal_VerifyCardCryptogram( - sss_object_t *keyObj, uint8_t *hostChallenge, uint8_t *cardChallenge, uint8_t *cardCryptogram); - -/** -* To Verify Host -*/ -sss_status_t nxScp03_HostLocal_CalculateHostCryptogram( - sss_object_t *keyObj, uint8_t *hostChallenge, uint8_t *cardChallenge, uint8_t *hostCryptogram); - -/** -* To sending secure Command APDU -*/ -sss_status_t nxSCP03_Encrypt_CommandAPDU( - NXSCP03_DynCtx_t *pdySCP03SessCtx, uint8_t *cmdBuf, size_t *cmdBufLen); -/** -* To provide additional Security with MAC as CRC -*/ -sss_status_t nxpSCP03_CalculateMac_CommandAPDU( - NXSCP03_DynCtx_t *pdySCP03SessCtx, uint8_t *pCmdBuf, size_t pCmdBufLen, uint8_t *mac, size_t *macLen); - -/** -* To get Plain Response APDU -*/ -uint16_t nxpSCP03_Decrypt_ResponseAPDU( - NXSCP03_DynCtx_t *pdySCP03SessCtx, size_t cmdBufLen, uint8_t *rspBuf, size_t *pRspBufLen, uint8_t hasle); - -/* -* To set the derivation data -*/ -void nxScp03_setDerivationData( - uint8_t ddA[], uint16_t *pDdALen, uint8_t ddConstant, uint16_t ddL, uint8_t iCounter, uint8_t *context, uint16_t contextLen); - -/** -* To Generate Session Keys -*/ -sss_status_t nxScp03_Generate_SessionKey( - sss_object_t *keyObj, uint8_t *inData, uint32_t inDataLen, uint8_t *outSignature, uint32_t *outSignatureLen); - -/** -* To Maintain count of commands -*/ -void nxpSCP03_Inc_CommandCounter(NXSCP03_DynCtx_t *pdySCP03SessCtx); - -#ifdef __cplusplus -} /* extern "c"*/ -#endif - -#endif /* NXSCP03_APIS_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Const.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Const.h deleted file mode 100644 index 26890fa45..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Const.h +++ /dev/null @@ -1,97 +0,0 @@ -/* -* -* Copyright 2018 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef NXSCP03_CONST_H_ -#define NXSCP03_CONST_H_ -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#define SCP_GP_IU_KEY_DIV_DATA_LEN 10 //!< SCP GP Init Update key Div length -#define SCP_GP_IU_KEY_INFO_LEN 3 //!< SCP GP Init Update key info length -#define SCP_GP_CARD_CHALLENGE_LEN 8 //!< SCP GP Card Challenge length -#define SCP_GP_HOST_CHALLENGE_LEN 8 //!< SCP GP Host Challenge length -#define SCP_GP_IU_CARD_CRYPTOGRAM_LEN 8 //!< SCP GP Card Cryptogram length -#define SCP_GP_IU_SEQ_COUNTER_LEN 3 //!< SCP GP Init Update Sequence Counter length -#define SCP_GP_SW_LEN 2 //!< SCP Status Word length -#define CRYPTO_KEY_CHECK_LEN (3) //!< SCP key check length - -#define ASN_ECC_NIST_256_HEADER_LEN 26 -#define KEY_PARAMETER_REFERENCE_TAG 0xF0 -#define KEY_PARAMETER_REFERENCE_VALUE_LEN 0x01 // Fixed for Nist256key -#define KEY_PARAMETER_REFERENCE_VALUE 0x03 // key parameter value need to check in the spec it is 00 -#define GPCS_KEY_TYPE_ECC_NIST256 0xB0 -#define GPCS_KEY_TYPE_AES 0x88 -#define GPCS_KEY_LEN_AES 16 - -#define SCP_ID 0xAB -#define SCP_CONFIG 0x01 - -#define SCP_MCV_LEN 16 // MAC Chaining Length - -#define CLA_ISO7816 (0x00) //!< ISO7816-4 defined CLA byte -#define CLA_GP_7816 (0x80) //!< GP 7816-4 defined CLA byte -#define CLA_GP_SECURITY_BIT (0x04) //!< GP CLA Security bit - -#define INS_GP_INITIALIZE_UPDATE (0x50) //!< Global platform defined instruction -#define INS_GP_EXTERNAL_AUTHENTICATE (0x82) //!< Global platform defined instruction -#define INS_GP_SELECT (0xA4) //!< Global platform defined instruction -#define INS_GP_PUT_KEY (0xD8) //!< Global platform defined instruction -#define INS_GP_INTERNAL_AUTHENTICATE (0x88) //!< Global platform defined instruction -#define INS_GP_GET_DATA (0xCA) //!< Global platform defined instruction -#define P1_GP_GET_DATA (0xBF) //!< Global platform defined instruction -#define P2_GP_GET_DATA (0x21) //!< Global platform defined instruction - -/* Sizes used in SCP */ -#define AES_KEY_LEN_nBYTE (16) //!< AES key length - -#define SCP_KEY_SIZE (16) -#define SCP_CMAC_SIZE (16) // length of the CMAC calculated (and used as MAC chaining value) -#define SCP_IV_SIZE (16) // length of the Inital Vector -#define SCP_COMMAND_MAC_SIZE (8) // length of the MAC appended in the APDU payload (8 'MSB's) - -#define DATA_CARD_CRYPTOGRAM (0x00) //!< Data card cryptogram -#define DATA_HOST_CRYPTOGRAM (0x01) //!< Data host cryptogram -#define DATA_DERIVATION_SENC (0x04) //!< Data Derivation to generate Sess ENC Key -#define DATA_DERIVATION_SMAC (0x06) //!< Data Derivation to generate Sess MAC Key -#define DATA_DERIVATION_SRMAC (0x07) //!< Data Derivation to generate Sess RMAC Key -#define DATA_DERIVATION_INITIAL_MCV (0x08)//!< Data Derivation to generate Initial MCV -#define DATA_DERIVATION_L_64BIT (0x0040) //!< Data Derivation length -#define DATA_DERIVATION_L_128BIT (0x0080) //!< Data Derivation length -#define DATA_DERIVATION_KDF_CTR (0x01) //!< Data Derivation counter - -#define DD_LABEL_LEN 12 //!< Data Derivation length - -/* defines used to indicate the command type */ -#define C_MAC (0x01) //!< C MAC security -#define C_ENC (0x02) //!< C ENC security -#define R_MAC (0x10) //!< R MAC security -#define R_ENC (0x20) //!< R ENC security - -#define SECLVL_CDEC_RENC_CMAC_RMAC (0x33) //!< Full security - -#define SCP_DATA_PAD_BYTE 0x80 //!< Data Pad Byte - -#define CMAC_SIZE (8) //!< CMAC Compare size - -#define SCP_OK (SW_OK) -#define SCP_UNDEFINED_CHANNEL_ID (0x7041) //!< Undefined SCP channel identifier -#define SCP_FAIL (0x7042) //!< Undefined SCP channel identifier -#define SCP_CARD_CRYPTOGRAM_FAILS_TO_VERIFY (0x7043) //!< Undefined SCP channel identifier -#define SCP_PARAMETER_ERROR (0x7044) //!< Undefined SCP channel identifier - -#define NO_C_MAC_NO_C_ENC_NO_R_MAC_NO_R_ENC 0 //!< No security requested -#define C_MAC_NO_C_ENC_R_MAC_NO_R_ENC (C_MAC | R_MAC) //!< One apply MAC'ing (Not implemented) -#define C_MAC_C_ENC_R_MAC_R_ENC (C_MAC | C_ENC | R_MAC | R_ENC) //!< Apply full security -#define SECURITY_LEVEL C_MAC_C_ENC_R_MAC_R_ENC - -#define APPLET_SCP_INIT_UPDATE_LEN 0x0D //!< Applet SCP Initialize Update Length -#define APPLET_SCP_EXT_AUTH_LEN 0x15 //!< Applet SCP External Authenticate Length - -#endif /*NXSCP03_CONST_H_*/ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Types.h deleted file mode 100644 index 0ce5df623..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Types.h +++ /dev/null @@ -1,306 +0,0 @@ -/* -* -* Copyright 2018,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef NXSCP03_TYPES_H_ -#define NXSCP03_TYPES_H_ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ -#include -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_MBEDTLS -#include -#endif -#if SSS_HAVE_OPENSSL -#include -#endif -#if SSS_HAVE_HOSTCRYPTO_USER -# include -#endif - -#include "sm_api.h" -#if SSS_HAVE_SSCP -#include "fsl_sscp_a71ch.h" -#endif - -typedef enum -{ - kSSS_AuthType_None = 0, - /** Global platform SCP03 */ - kSSS_AuthType_SCP03 = 1, - /** (e.g. SE05X) UserID based connection */ - kSSS_AuthType_ID = 2, - - /** (e.g. SE05X) Use AESKey for user authentication - * - * Earlier this was called kSSS_AuthType_AppletSCP03 - */ - kSSS_AuthType_AESKey = 3, - /** (e.g. SE05X) Use ECKey for user authentication - * - * Earlier this was called kSSS_AuthType_FastSCP - */ - kSSS_AuthType_ECKey = 4, - - /* ================ Internal ======================= */ - /* Not to be selected by end user... directly */ - - /** - * Used internally, not to be set/used by user. - * - * For the versions of the applet where we have to add - * the a counter during KDF. - */ - kSSS_AuthType_INT_ECKey_Counter = 0x14, - - kSSS_SIZE = 0x7FFFFFFF, -} SE_AuthType_t; - -#define kSSS_AuthType_INT_FastSCP_Counter kSSS_AuthType_INT_ECKey_Counter -#define kSSS_AuthType_FastSCP_Counter kSSS_AuthType_INT_ECKey_Counter -#define kSSS_AuthType_FastSCP kSSS_AuthType_ECKey -#define kSSS_AuthType_AppletSCP03 kSSS_AuthType_AESKey - -/** - * Dynamic SCP03 Context. - * - * This structure is filled **after** establishing - * an SCP03 session. - */ -typedef struct -{ - sss_object_t Enc; //!< session channel encryption key - sss_object_t Mac; //!< session command authentication key - sss_object_t Rmac; //!< session response authentication key - uint8_t MCV[16]; //!< MAC chaining value - uint8_t cCounter[16]; //!< command counter - uint8_t SecurityLevel; //!< security level set - - /** Handle differnt types of auth.. PlatformSCP / AppletSCP */ - SE_AuthType_t authType; -} NXSCP03_DynCtx_t; - -/** - * Static SCP03 Context. - * - * This structure is filled **before** establishing - * an SCP03 session. - * - * Depending on system, these objects may point to keys - * inside other security system. - */ -typedef struct -{ - /** Key version no to use for chanel - authentication in SCP03 */ - uint8_t keyVerNo; - /** Encryption key object */ - sss_object_t Enc; - sss_object_t Mac; //!< static secure channel authentication key obj - sss_object_t Dek; //!< data encryption key obj -} NXSCP03_StaticCtx_t; - -/** -* Static and Dynamic Context in one Context. -* -* -* Depending on system, these objects may point to keys -* inside other security system. -*/ -typedef struct -{ - NXSCP03_StaticCtx_t *pStatic_ctx; //!< .static keys data - NXSCP03_DynCtx_t *pDyn_ctx; //!< session keys data -} NXSCP03_AuthCtx_t; - -/** Static part of keys for FAST SCP */ -typedef struct -{ - /** Host ECDSA Private key */ - sss_object_t HostEcdsaObj; - /** Host ephemeral ECC key pair */ - sss_object_t HostEcKeypair; - /** SE ECC public key */ - sss_object_t SeEcPubKey; - /** Host master Secret */ - sss_object_t masterSec; -} NXECKey03_StaticCtx_t; - -/** Keys to connect for a ECKey Connection */ -typedef struct -{ - /** The Input/Static part of the ECKey Authentication - * - * We start/initiate a session with the keys here. - */ - NXECKey03_StaticCtx_t *pStatic_ctx; - /** The Dynamic part of the ECKey Authentication - * - * We derive/compute the session keys based on the - * ``pStatic_ctx``. - */ - NXSCP03_DynCtx_t *pDyn_ctx; // session keys data -} SE05x_AuthCtx_ECKey_t; - -/** UseID / PIN baed authentication object - * - * This is required to open an UserID / PIN based session to the SE. - */ -typedef struct -{ - /** The corresponding authentication object on the Host */ - sss_object_t * pObj; -} SE05x_AuthCtx_ID_t; - - -/** Legacy, only for A71CH with Host Crypto */ -typedef struct -{ - sss_object_t pKeyEnc; //!< SSS AES Enc Key object - sss_object_t pKeyMac; //!< SSS AES Mac Key object - sss_object_t pKeyDek; //!< SSS AES Dek Key object -} SM_SECURE_SCP03_KEYOBJ; - -/** Authentication mechanims */ -typedef struct _SE_AuthCtx -{ - /** How exactly we are going to authenticat ot the system. - * - * Since ``ctx`` is a union, this is needed to know exactly how - * we are going to authenticate. - */ - - SE_AuthType_t authType; - - /** Depending on ``authType``, the input and output parameters. - * - * This has both input and output parameters. - * - * Input is for Keys that are used to initiate the connection. - * While connecting, session keys/parameters are generated and they - * are also part of this context. - * - * In any case, we connect to only one type - */ - union { - /** For PlatformSCP / Applet SCP. - * - * Same SCP context will be used for platform and applet scp03 */ - NXSCP03_AuthCtx_t scp03; - - /** For ECKey */ - SE05x_AuthCtx_ECKey_t eckey; - - /** For UserID/PIN based based Authentication */ - SE05x_AuthCtx_ID_t idobj; - - /** Legacy, only for A71CH with Host Crypto */ - SM_SECURE_SCP03_KEYOBJ a71chAuthKeys; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_AUTH_MAX_CONTEXT_SIZE]; - } extension; - } ctx; -} SE_AuthCtx_t; - -/** - * When connecting to a secure element, - * - * Extension of sss_connect_ctx_t - */ -typedef struct -{ - /** to support binary compatibility/check, sizeOfStucture helps */ - uint16_t sizeOfStucture; - /** If we need to authenticate, add required objects for authentication */ - SE_AuthCtx_t auth; - /** If some policy restrictions apply when we connect, point it here */ - sss_policy_session_u *session_policy; - - /* =================================== */ - /* Implementation specific part starts */ - /* =================================== */ - - /** If we connect logically, via some software layer */ - sss_tunnel_t *tunnelCtx; - - /** How exactly are we going to connect physically */ - SSS_Conn_Type_t connType; - - /** Connection port name for Socket names, etc. */ - const char *portName; - - /** 12C address on embedded devices. */ - U32 i2cAddress; - - /** If we need to refresh session, SE050 specific */ - uint8_t refresh_session : 1; - - /** In the case of Key Rotation, and other use cases - * where we do not select the IoT Applet and skip - * the selection of the IoT Applet. - * - * One of the use cases is to do platform SCP - * key rotation. - * - * When set to 0: - * Do not skip IoT Applet selection and run as-is. - * - * When set to 1: - * Skip selection of card manager. - * Skip selection of Applet. - * - * Internally, if there is platform SCP selected as - * Auth mechanism during compile time, the internal - * logic would Select the card manager. But, - * skip selection of the Applet. - * - */ - uint8_t skip_select_applet : 1; -} SE_Connect_Ctx_t; - -/** Wrapper strucutre sss_connect_ctx_t */ -typedef struct -{ - /** To support binary compatibility/check, sizeOfStucture helps */ - uint16_t sizeOfStucture; - /** If we need to authenticate, add required objects for authentication */ - SE_AuthCtx_t auth; - /** If some policy restrictions apply when we connect, point it here */ - sss_policy_session_u *session_policy; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_CONNECT_MAX_CONTEXT_SIZE]; - } extension; -} sss_connect_ctx_t; - -/* Deprecated */ - -#define SE05x_AuthCtx_t SE_AuthCtx_t - -#define kSE05x_AuthType_None kSSS_AuthType_None -#define kSE05x_AuthType_SCP03 kSSS_AuthType_SCP03 -#define kSE05x_AuthType_UserID kSSS_AuthType_ID -#define kSE05x_AuthType_AESKey kSSS_AuthType_AESKey -#define kSE05x_AuthType_ECKey kSSS_AuthType_ECKey - -/* For backwards compatibility */ -#define SE05x_AuthType_t SE_AuthType_t - -#endif /* NXSCP03_TYPES_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/scp.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/scp.h deleted file mode 100644 index ab59629b2..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/scp.h +++ /dev/null @@ -1,127 +0,0 @@ -/* -* -* Copyright 2016,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -/** - * @par Description - * This file defines the interface to an APDU transfer function supporting both - * communication in the clear and channel encryption. - * @par History - * - */ - -#ifndef SCP_H -#define SCP_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include "smCom.h" - -/// @cond -#define HOST_CHANNEL_STATE_IDX 0 -#define ADMIN_CHANNEL_STATE_IDX 1 - -/* Sizes used in SCP */ -#define AES_KEY_LEN_nBYTE (16) -#define DES_KEY_LEN_nBYTE (16) - -#define SCP_CRYPTOGRAM_SIZE (16) -#define SCP_CHALLENGE_SIZE (8) -#define SCP_KEY_SIZE (16) -#define SCP_CMAC_SIZE (16) // length of the CMAC calculated (and used as MAC chaining value) -#define SCP_COMMAND_MAC_SIZE (8) // length of the MAC appended in the APDU payload (8 'MSB's) - -/* defines used to indicate the command type */ -#define C_MAC (0x01) -#define C_ENC (0x02) -#define R_MAC (0x10) -#define R_ENC (0x20) - -#define SECLVL_CDEC_RENC_CMAC_RMAC (0x33) - -#define SCP02_SECLVL_CMAC (0x01) -#define SCP02_SECLVL_CDEC_CMAC (0x03) -#define SCP02_SECLVL_CDEC_CMAC_RMAC (0x13) - -#define SCP03_KEY_ID (0x01) - -#define PUT_KEYS_MULTIPLE_KEYS (0x80) -#define PUT_KEYS_KEY_TYPE_CODING_AES (0x88) -#define PUT_KEYS_KEY_IDENTIFIER ((PUT_KEYS_MULTIPLE_KEYS) | (SCP03_KEY_ID)) - -/* security levels, matching the CLA bytes for each level */ -#define SECLVL_OFF (0x80) -#define SECLVL_MAC (0xC0) -#define SECLVL_ENC (0xE0) - -#define DD_INPUT_SIZE (32) - -#define DD_OFFSET_SESSION_COUNTER (10) -#define DD_OFFSET_DD_CONSTANT (11) -#define DD_OFFSET_L_MSB (13) -#define DD_OFFSET_L_LSB (14) -#define DD_OFFSET_I (15) -#define DD_OFFSET_HOST_CHALLENGE (16) -#define DD_OFFSET_CARD_CHALLENGE (24) - -#define DATA_CARD_CRYPTOGRAM (0x00) -#define DATA_HOST_CRYPTOGRAM (0x01) -#define DATA_DERIVATION_SENC (0x04) -#define DATA_DERIVATION_SMAC (0x06) -#define DATA_DERIVATION_SRMAC (0x07) -#define DATA_DERIVATION_L_64BIT (0x0040) -#define DATA_DERIVATION_L_128BIT (0x0080) -#define DATA_DERIVATION_KDF_CTR (0x01) - -#define DD_LABEL_LEN 12 - -#define SCP_GP_IU_KEY_DIV_DATA_LEN 10 -#define SCP_GP_IU_KEY_INFO_LEN 3 -#define SCP02_GP_IU_KEY_INFO_LEN 2 -#define SCP_GP_CARD_CHALLENGE_LEN 8 -#define SCP02_GP_CARD_CHALLENGE_LEN 6 -#define SCP_GP_HOST_CHALLENGE_LEN 8 -#define SCP_GP_IU_CARD_CRYPTOGRAM_LEN 8 -#define SCP_GP_IU_SEQ_COUNTER_LEN 3 -#define SCP02_GP_IU_SEQ_COUNTER_LEN 2 -#define SCP_GP_SW_LEN 2 -#define CRYPTO_KEY_CHECK_LEN (3) - -#define SCP_MCV_LEN 16 // MAC Chaining Length -/// @endcond - -/** - * Enumerated type encoding the security level requested to be applied to the APDU. - */ -typedef enum -{ - NO_C_MAC_NO_C_ENC_NO_R_MAC_NO_R_ENC = 0, //!< No security requested - C_MAC_NO_C_ENC_R_MAC_NO_R_ENC = (C_MAC | R_MAC), //!< One apply MAC'ing (Not implemented) - C_MAC_C_ENC_R_MAC_R_ENC = (C_MAC | C_ENC | R_MAC | R_ENC) //!< Apply full security -} scp_CommandType_t; - -/** - * Exchanges APDU, applies SCP03 encryption depending on \p type parameter and on the - * authentication status of the SCP03 channel. - * - * @param[in] conn_ctx connection context - * @param[in,out] pApdu apdu_t datastructure - * @param[in] type encryption/mac request - * - * @retval ::SMCOM_OK Operation successful - * @retval ::SMCOM_SND_FAILED Send Failed - * @retval ::SMCOM_RCV_FAILED Receive Failed - * @retval ::ERR_CRYPTO_ENGINE_FAILED Failure in crypto engine - * @retval ::SCP_RSP_MAC_FAIL MAC on response failed to verify - * @retval ::SCP_DECODE_FAIL Encrypted Response did not decode to correctly padded plaintext - */ -U32 scp_Transceive(void *conn_ctx, apdu_t * pApdu, scp_CommandType_t type); - -#ifdef __cplusplus -} -#endif -#endif /* _SCP_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_const.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_const.h deleted file mode 100644 index a2a95fe11..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_const.h +++ /dev/null @@ -1,168 +0,0 @@ -/* -* -* Copyright 2019,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef FSL_SSS_SE05X_CONST_H -#define FSL_SSS_SE05X_CONST_H - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT - -#include - -#define SE05X_SESSIONID_LEN (8) - -/* See MAX_APDU_PAYLOAD_LENGTH in SE05x APDU Specifications. - * - * Using 892 so that buffer boundaries are potentially word aligned for Se050. - * Using 1024 for Se051. - * And expecting a failure from OnCard in case host sends a - * larger than expected buffer. - * Please note, depending on choice of: - * {No Auth | UserID Auth | Applet SCP | Fast SCP } - * and combination of either of above along with Platform SCP, - * there is no easy way how many Exact bytes the host can - * send to SE05x. - */ -#if SSS_HAVE_SE05X_VER_GTE_06_00 -/* SE051 MAX_APDU_PAYLOAD_LENGTH 1024 */ -#define SE05X_MAX_BUF_SIZE_CMD (1024) -#define SE05X_MAX_BUF_SIZE_RSP (1024) -#else -/* SE050 MAX_APDU_PAYLOAD_LENGTH 892 */ -#define SE05X_MAX_BUF_SIZE_CMD (892) -#define SE05X_MAX_BUF_SIZE_RSP (892) -#endif - -#define SE050_MODULE_UNIQUE_ID_LEN 18 - -#define SE05X_I2CM_MAX_BUF_SIZE_CMD (271) -#define SE05X_I2CM_MAX_BUF_SIZE_RSP (271) -#define SE05X_I2CM_MAX_TIMESTAMP_SIZE (12) -#define SE05X_I2CM_MAX_FRESHNESS_SIZE (16) -#define SE05X_I2CM_MAX_CHIP_ID_SIZE (18) - -/** How many attestation records - * - * Whle reading RSA Objects, modulus and public exporent get attested separately, */ - -#define SE05X_MAX_ATTST_DATA 2 - -#if SE05X_FTR_32BIT_CURVE_ID -#define START_SE05X_ID_CURVE_START (0x7E000000) -#else -#define START_SE05X_ID_CURVE_START (0) -#endif - -#define CIPHER_BLOCK_SIZE 16 -#define CIPHER_UPDATE_DATA_SIZE 256 -#define AEAD_BLOCK_SIZE 16 -#define BINARY_WRITE_MAX_LEN 500 - -enum Se05x_SYMM_CIPHER_MODES -{ - Se05x_SYMM_MODE_NONE = 0x00, - Se05x_SYMM_CBC = 0x01, - Se05x_SYMM_EBC = 0x02, - Se05x_SYMM_CTR = 0x08, /* For AES */ -}; - -enum Se05x_AES_PADDING -{ - Se05x_AES_PADDING_NONE = 0x00, - Se05x_AES_PAD_NOPAD = 0x01, - Se05x_AES_PAD_ISO9797_M1 = 0x02, - Se05x_AES_PAD_ISO9797_M2 = 0x03, -}; - -enum Se05x_SHA_TYPE -{ - Se05x_SHA_1 = 0x00, - Se05x_SHA_256 = 0x04, - Se05x_SHA_384 = 0x05, - Se05x_SHA_512 = 0x06, -}; - -enum Se05x_MAC_TYPE -{ - Se05x_CMAC = 0x0A, -}; - -enum Se05x_MAC_Sign_verify -{ - Se05x_MAC_Sign = 0x00, - Se05x_MAC_Verify = 0x01, -}; - -enum Se05x_I2CM_RESULT_TYPE -{ - Se05x_I2CM_RESULT_SUCCESS = 0xA5, - Se05x_I2CM_RESULT_FAILURE = 0x96 // The APDU spec defines this as 0x5A, implementation deviates! -}; - -#define MAX_OBJ_PCR_VALUE_SIZE 32 -#define MAX_POLICY_BUFFER_SIZE 256 -#define MAX_OBJ_POLICY_SIZE 47 -#define MAX_OBJ_POLICY_TYPES 6 -#define DEFAULT_OBJECT_POLICY_SIZE 8 -#define OBJ_POLICY_HEADER_OFFSET 5 -#define OBJ_POLICY_LENGTH_OFFSET 0 -#define OBJ_POLICY_AUTHID_OFFSET 1 -#define OBJ_POLICY_EXT_OFFSET 9 -#define OBJ_POLICY_PCR_DATA_SIZE (4 + MAX_OBJ_PCR_VALUE_SIZE) /*4 bytes PCR Obj id + 32 bytes PCR value*/ -#define OBJ_POLICY_AUTH_DATA_SIZE 2 - -#define SESSION_POLICY_LENGTH_OFFSET 0 -#define SESSION_POLICY_AR_HEADER_OFFSET 1 -#define DEFAULT_SESSION_POLICY_SIZE 3 - - -/*below bitmaps are set according to Se050 Applet implementation -Byte Ordering for Policy header:B1 B2 B3 B4 -bits ordering -b8 b7 b6 b5 b4 b3 b2 b1 -example : B1b8 : 0x80000000 -*/ - -/* Access Rules for Object Policy*/ -#define POLICY_OBJ_FORBID_ALL 0x20000000 -#define POLICY_OBJ_ALLOW_SIGN 0x10000000 -#define POLICY_OBJ_ALLOW_VERIFY 0x08000000 -#define POLICY_OBJ_ALLOW_KA 0x04000000 -#define POLICY_OBJ_ALLOW_ENC 0x02000000 -#define POLICY_OBJ_ALLOW_DEC 0x01000000 -#define POLICY_OBJ_ALLOW_KDF 0x00800000 -#define POLICY_OBJ_ALLOW_WRAP 0x00400000 -#define POLICY_OBJ_ALLOW_READ 0x00200000 -#define POLICY_OBJ_ALLOW_WRITE 0x00100000 -#define POLICY_OBJ_ALLOW_GEN 0x00080000 -#define POLICY_OBJ_ALLOW_DELETE 0x00040000 -#define POLICY_OBJ_REQUIRE_SM 0x00020000 -#define POLICY_OBJ_REQUIRE_PCR_VALUE 0x00010000 -#define POLICY_OBJ_ALLOW_ATTESTATION 0x00008000 -#define POLICY_OBJ_ALLOW_DESFIRE_AUTHENTICATION 0x00004000 -#define POLICY_OBJ_ALLOW_DESFIRE_DUMP_SESSION_KEYS 0x00002000 -#define POLICY_OBJ_ALLOW_IMPORT_EXPORT 0x00001000 -#if SSS_HAVE_SE05X_VER_GTE_06_00 // 4.4 -#define POLICY_OBJ_FORBID_DERIVED_OUTPUT 0x00000800 -#endif -#if SSS_HAVE_SE05X_VER_GTE_06_00 // 5.4 -#define POLICY_OBJ_ALLOW_KDF_EXT_RANDOM 0x00000400 -#endif - -/* Access Rules for Session Policy*/ -#define POLICY_SESSION_MAX_APDU 0x8000 -#define POLICY_SESSION_MAX_TIME 0x4000 -#define POLICY_SESSION_ALLOW_REFRESH 0x2000 -/**/ - -#endif /* SSS_HAVE_APPLET_SE05X_IOT */ - -#endif /* FSL_SSS_SE05X_CONST_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves.h deleted file mode 100644 index 88787499e..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves.h +++ /dev/null @@ -1,19 +0,0 @@ -/* -* -* Copyright 2019,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef SE05X_ECC_CURVES_H_INC -#define SE05X_ECC_CURVES_H_INC - -#include "se05x_tlv.h" - -#define PROCESS_ECC_CURVE(NAME) \ - smStatus_t Se05x_API_CreateCurve_##NAME(Se05xSession_t *pSession, uint32_t obj_id) - -#include - -#undef PROCESS_ECC_CURVE - -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_inc.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_inc.h deleted file mode 100644 index 636ebef12..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_inc.h +++ /dev/null @@ -1,268 +0,0 @@ -/* -* -* Copyright 2019 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - - -/* NIST/X9.62/SECG curve over a 192 bit prime field */ -PROCESS_ECC_CURVE(prime192v1); - -/* NIST/SECG curve over a 224 bit prime field */ -PROCESS_ECC_CURVE(secp224r1); - -/* NIST/SECG curve over a 384 bit prime field */ -PROCESS_ECC_CURVE(secp384r1); - -/* X9.62/SECG curve over a 256 bit prime field */ -PROCESS_ECC_CURVE(prime256v1); - -/* NIST/SECG curve over a 521 bit prime field */ -PROCESS_ECC_CURVE(secp521r1); - -/* RFC 5639 curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP160r1); - -/* RFC 5639 curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP160t1); - -/* RFC 5639 curve over a 192 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP192r1); - -/* RFC 5639 curve over a 192 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP192t1); - -/* RFC 5639 curve over a 224 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP224r1); - -/* RFC 5639 curve over a 224 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP224t1); - -/* RFC 5639 curve over a 256 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP256r1); - -/* RFC 5639 curve over a 256 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP256t1); - -/* RFC 5639 curve over a 320 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP320r1); - -/* RFC 5639 curve over a 320 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP320t1); - -/* RFC 5639 curve over a 384 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP384r1); - -/* RFC 5639 curve over a 384 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP384t1); - -/* RFC 5639 curve over a 512 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP512r1); - -/* RFC 5639 curve over a 512 bit prime field */ -PROCESS_ECC_CURVE(brainpoolP512t1); - -/* SECG curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(secp160k1); - -/* SECG curve over a 192 bit prime field */ -PROCESS_ECC_CURVE(secp192k1); - -/* SECG curve over a 224 bit prime field */ -PROCESS_ECC_CURVE(secp224k1); - -/* SECG curve over a 256 bit prime field */ -PROCESS_ECC_CURVE(secp256k1); - -/* BN curve 256 bits */ -PROCESS_ECC_CURVE(tpm_bm_p256); - -#if 0 -/* clang-format off */ -/* SECG/WTLS curve over a 112 bit prime field */ -PROCESS_ECC_CURVE(secp112r1); - -/* SECG curve over a 112 bit prime field */ -PROCESS_ECC_CURVE(secp112r2); - -/* SECG curve over a 128 bit prime field */ -PROCESS_ECC_CURVE(secp128r1); - -/* SECG curve over a 128 bit prime field */ -PROCESS_ECC_CURVE(secp128r2); - -/* SECG curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(secp160r1); - -/* SECG/WTLS curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(secp160r2); - - - -/* X9.62 curve over a 192 bit prime field */ -PROCESS_ECC_CURVE(prime192v2); - -/* X9.62 curve over a 192 bit prime field */ -PROCESS_ECC_CURVE(prime192v3); - -/* X9.62 curve over a 239 bit prime field */ -PROCESS_ECC_CURVE(prime239v1); - -/* X9.62 curve over a 239 bit prime field */ -PROCESS_ECC_CURVE(prime239v2); - -/* X9.62 curve over a 239 bit prime field */ -PROCESS_ECC_CURVE(prime239v3); - - -/* SECG curve over a 113 bit binary field */ -PROCESS_ECC_CURVE(sect113r1); - -/* SECG curve over a 113 bit binary field */ -PROCESS_ECC_CURVE(sect113r2); - -/* SECG/WTLS curve over a 131 bit binary field */ -PROCESS_ECC_CURVE(sect131r1); - -/* SECG curve over a 131 bit binary field */ -PROCESS_ECC_CURVE(sect131r2); - -/* NIST/SECG/WTLS curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(sect163k1); - -/* SECG curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(sect163r1); - -/* NIST/SECG curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(sect163r2); - -/* SECG curve over a 193 bit binary field */ -PROCESS_ECC_CURVE(sect193r1); - -/* SECG curve over a 193 bit binary field */ -PROCESS_ECC_CURVE(sect193r2); - -/* NIST/SECG/WTLS curve over a 233 bit binary field */ -PROCESS_ECC_CURVE(sect233k1); - -/* NIST/SECG/WTLS curve over a 233 bit binary field */ -PROCESS_ECC_CURVE(sect233r1); - -/* SECG curve over a 239 bit binary field */ -PROCESS_ECC_CURVE(sect239k1); - -/* NIST/SECG curve over a 283 bit binary field */ -PROCESS_ECC_CURVE(sect283k1); - -/* NIST/SECG curve over a 283 bit binary field */ -PROCESS_ECC_CURVE(sect283r1); - -/* NIST/SECG curve over a 409 bit binary field */ -PROCESS_ECC_CURVE(sect409k1); - -/* NIST/SECG curve over a 409 bit binary field */ -PROCESS_ECC_CURVE(sect409r1); - -/* NIST/SECG curve over a 571 bit binary field */ -PROCESS_ECC_CURVE(sect571k1); - -/* NIST/SECG curve over a 571 bit binary field */ -PROCESS_ECC_CURVE(sect571r1); - -/* X9.62 curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(c2pnb163v1); - -/* X9.62 curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(c2pnb163v2); - -/* X9.62 curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(c2pnb163v3); - -/* X9.62 curve over a 176 bit binary field */ -PROCESS_ECC_CURVE(c2pnb176v1); - -/* X9.62 curve over a 191 bit binary field */ -PROCESS_ECC_CURVE(c2tnb191v1); - -/* X9.62 curve over a 191 bit binary field */ -PROCESS_ECC_CURVE(c2tnb191v2); - -/* X9.62 curve over a 191 bit binary field */ -PROCESS_ECC_CURVE(c2tnb191v3); - -/* X9.62 curve over a 208 bit binary field */ -PROCESS_ECC_CURVE(c2pnb208w1); - -/* X9.62 curve over a 239 bit binary field */ -PROCESS_ECC_CURVE(c2tnb239v1); - -/* X9.62 curve over a 239 bit binary field */ -PROCESS_ECC_CURVE(c2tnb239v2); - -/* X9.62 curve over a 239 bit binary field */ -PROCESS_ECC_CURVE(c2tnb239v3); - -/* X9.62 curve over a 272 bit binary field */ -PROCESS_ECC_CURVE(c2pnb272w1); - -/* X9.62 curve over a 304 bit binary field */ -PROCESS_ECC_CURVE(c2pnb304w1); - -/* X9.62 curve over a 359 bit binary field */ -PROCESS_ECC_CURVE(c2tnb359v1); - -/* X9.62 curve over a 368 bit binary field */ -PROCESS_ECC_CURVE(c2pnb368w1); - -/* X9.62 curve over a 431 bit binary field */ -PROCESS_ECC_CURVE(c2tnb431r1); - -/* WTLS curve over a 113 bit binary field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls1); - -/* NIST/SECG/WTLS curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls3); - -/* SECG curve over a 113 bit binary field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls4); - -/* X9.62 curve over a 163 bit binary field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls5); - -/* SECG/WTLS curve over a 112 bit prime field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls6); - -/* SECG/WTLS curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls7); - -/* WTLS curve over a 112 bit prime field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls8); - -/* WTLS curve over a 160 bit prime field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls9); - -/* NIST/SECG/WTLS curve over a 233 bit binary field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls10); - -/* NIST/SECG/WTLS curve over a 233 bit binary field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls11); - -/* WTLS curve over a 224 bit prime field */ -PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls12); - -/* - IPSec/IKE/Oakley curve #3 over a 155 bit binary field. - Not suitable for ECDSA. - Questionable extension field! */ -PROCESS_ECC_CURVE(Oakley_EC2N_3); - -/* - IPSec/IKE/Oakley curve #4 over a 185 bit binary field. - Not suitable for ECDSA. - Questionable extension field! */ -PROCESS_ECC_CURVE(Oakley_EC2N_4); - - -/* clang-format on */ - -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_values.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_values.h deleted file mode 100644 index c7398db66..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_values.h +++ /dev/null @@ -1,2801 +0,0 @@ -/* -* -* Copyright 2018 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef SE05X_ECC_CURVES_LIST_H_INC -#define SE05X_ECC_CURVES_LIST_H_INC - -/* clang-format off */ - -#if 0 -/* secp112r1 : SECG/WTLS curve over a 112 bit prime field */ -#define EC_PARAM_secp112r1_prime \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ - 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x8B -#define EC_PARAM_secp112r1_a \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ - 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x88 -#define EC_PARAM_secp112r1_b \ - 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, \ - 0xDE, 0x89, 0x11, 0x70, 0x2B, 0x22 -#define EC_PARAM_secp112r1_x \ - 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, \ - 0x6B, 0x55, 0xF9, 0xC2, 0xF0, 0x98 -#define EC_PARAM_secp112r1_y \ - 0xA8, 0x9C, 0xE5, 0xAF, 0x87, 0x24, 0xC0, 0xA2, \ - 0x3E, 0x0E, 0x0F, 0xF7, 0x75, 0x00 -#define EC_PARAM_secp112r1_order \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, \ - 0x28, 0xDF, 0xAC, 0x65, 0x61, 0xC5 -#endif - -#if 0 -/* secp112r2 : SECG curve over a 112 bit prime field */ -#define EC_PARAM_secp112r2_prime \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ - 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x8B -#define EC_PARAM_secp112r2_a \ - 0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, \ - 0xAA, 0xF6, 0x5C, 0x0E, 0xF0, 0x2C -#define EC_PARAM_secp112r2_b \ - 0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, \ - 0xFC, 0xC3, 0x4C, 0x85, 0xD7, 0x09 -#define EC_PARAM_secp112r2_x \ - 0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, \ - 0x64, 0x9D, 0xD0, 0x92, 0x86, 0x43 -#define EC_PARAM_secp112r2_y \ - 0xAD, 0xCD, 0x46, 0xF5, 0x88, 0x2E, 0x37, 0x47, \ - 0xDE, 0xF3, 0x6E, 0x95, 0x6E, 0x97 -#define EC_PARAM_secp112r2_order \ - 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, \ - 0x7C, 0xA1, 0x05, 0x20, 0xD0, 0x4B -#endif - -#if 0 -/* secp128r1 : SECG curve over a 128 bit prime field */ -#define EC_PARAM_secp128r1_prime \ - 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_secp128r1_a \ - 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_secp128r1_b \ - 0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, \ - 0xD8, 0x24, 0x99, 0x3C, 0x2C, 0xEE, 0x5E, 0xD3 -#define EC_PARAM_secp128r1_x \ - 0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, \ - 0x0C, 0x28, 0x60, 0x7C, 0xA5, 0x2C, 0x5B, 0x86 -#define EC_PARAM_secp128r1_y \ - 0xCF, 0x5A, 0xC8, 0x39, 0x5B, 0xAF, 0xEB, 0x13, \ - 0xC0, 0x2D, 0xA2, 0x92, 0xDD, 0xED, 0x7A, 0x83 -#define EC_PARAM_secp128r1_order \ - 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, \ - 0x75, 0xA3, 0x0D, 0x1B, 0x90, 0x38, 0xA1, 0x15 -#endif - -#if 0 -/* secp128r2 : SECG curve over a 128 bit prime field */ -#define EC_PARAM_secp128r2_prime \ - 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_secp128r2_a \ - 0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, \ - 0xBF, 0x59, 0xCC, 0x9B, 0xBF, 0xF9, 0xAE, 0xE1 -#define EC_PARAM_secp128r2_b \ - 0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, \ - 0xDC, 0x2C, 0x65, 0x58, 0xBB, 0x6D, 0x8A, 0x5D -#define EC_PARAM_secp128r2_x \ - 0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, \ - 0xE6, 0xFB, 0x32, 0xA7, 0xCD, 0xEB, 0xC1, 0x40 -#define EC_PARAM_secp128r2_y \ - 0x27, 0xB6, 0x91, 0x6A, 0x89, 0x4D, 0x3A, 0xEE, \ - 0x71, 0x06, 0xFE, 0x80, 0x5F, 0xC3, 0x4B, 0x44 -#define EC_PARAM_secp128r2_order \ - 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xBE, 0x00, 0x24, 0x72, 0x06, 0x13, 0xB5, 0xA3 -#endif - -#if 1 -/* secp160k1 : SECG curve over a 160 bit prime field */ -#define EC_PARAM_secp160k1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFE, 0xFF, 0xFF, 0xAC, 0x73 -#define EC_PARAM_secp160k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_secp160k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x07 -#define EC_PARAM_secp160k1_x \ - 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, \ - 0x92, 0xA4, 0x01, 0x9E, 0x76, 0x30, 0x36, 0xF4, \ - 0xF5, 0xDD, 0x4D, 0x7E, 0xBB -#define EC_PARAM_secp160k1_y \ - 0x93, 0x8C, 0xF9, 0x35, 0x31, 0x8F, 0xDC, \ - 0xED, 0x6B, 0xC2, 0x82, 0x86, 0x53, 0x17, 0x33, \ - 0xC3, 0xF0, 0x3C, 0x4F, 0xEE -#define EC_PARAM_secp160k1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xB8, 0xFA, 0x16, 0xDF, 0xAB, \ - 0x9A, 0xCA, 0x16, 0xB6, 0xB3 -#endif - -#if 0 -/* secp160r1 : SECG curve over a 160 bit prime field */ -#define EC_PARAM_secp160r1_prime \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0x7F, 0xFF, 0xFF, 0xFF -#define EC_PARAM_secp160r1_a \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0x7F, 0xFF, 0xFF, 0xFC -#define EC_PARAM_secp160r1_b \ - 0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, \ - 0x8B, 0x65, 0xAC, 0xF8, 0x9F, 0x81, 0xD4, 0xD4, \ - 0xAD, 0xC5, 0x65, 0xFA, 0x45 -#define EC_PARAM_secp160r1_x \ - 0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, \ - 0x28, 0x46, 0x64, 0x69, 0x89, 0x68, 0xC3, 0x8B, \ - 0xB9, 0x13, 0xCB, 0xFC, 0x82 -#define EC_PARAM_secp160r1_y \ - 0x00, 0x23, 0xA6, 0x28, 0x55, 0x31, 0x68, 0x94, \ - 0x7D, 0x59, 0xDC, 0xC9, 0x12, 0x04, 0x23, 0x51, \ - 0x37, 0x7A, 0xC5, 0xFB, 0x32 -#define EC_PARAM_secp160r1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xF4, 0xC8, 0xF9, 0x27, 0xAE, \ - 0xD3, 0xCA, 0x75, 0x22, 0x57 -#endif - -#if 0 -/* secp160r2 : SECG/WTLS curve over a 160 bit prime field */ -#define EC_PARAM_secp160r2_prime \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFE, 0xFF, 0xFF, 0xAC, 0x73 -#define EC_PARAM_secp160r2_a \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFE, 0xFF, 0xFF, 0xAC, 0x70 -#define EC_PARAM_secp160r2_b \ - 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, \ - 0x8B, 0xAB, 0x57, 0x27, 0x49, 0x04, 0x66, 0x4D, \ - 0x5A, 0xF5, 0x03, 0x88, 0xBA -#define EC_PARAM_secp160r2_x \ - 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, \ - 0x7E, 0x1F, 0x4F, 0xF1, 0x1B, 0x30, 0xF7, 0x19, \ - 0x9D, 0x31, 0x44, 0xCE, 0x6D -#define EC_PARAM_secp160r2_y \ - 0x00, 0xFE, 0xAF, 0xFE, 0xF2, 0xE3, 0x31, 0xF2, \ - 0x96, 0xE0, 0x71, 0xFA, 0x0D, 0xF9, 0x98, 0x2C, \ - 0xFE, 0xA7, 0xD4, 0x3F, 0x2E -#define EC_PARAM_secp160r2_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x35, 0x1E, 0xE7, 0x86, 0xA8, \ - 0x18, 0xF3, 0xA1, 0xA1, 0x6B -#endif - -#if 1 -/* secp192k1 : SECG curve over a 192 bit prime field */ -#define EC_PARAM_secp192k1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37 -#define EC_PARAM_secp192k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_secp192k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 -#define EC_PARAM_secp192k1_x \ - 0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, \ - 0x26, 0xB0, 0x7D, 0x02, 0x80, 0xB7, 0xF4, 0x34, \ - 0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D -#define EC_PARAM_secp192k1_y \ - 0x9B, 0x2F, 0x2F, 0x6D, 0x9C, 0x56, 0x28, 0xA7, \ - 0x84, 0x41, 0x63, 0xD0, 0x15, 0xBE, 0x86, 0x34, \ - 0x40, 0x82, 0xAA, 0x88, 0xD9, 0x5E, 0x2F, 0x9D -#define EC_PARAM_secp192k1_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFE, 0x26, 0xF2, 0xFC, 0x17, \ - 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D -#endif - -#if 1 -/* secp224k1 : SECG curve over a 224 bit prime field */ -#define EC_PARAM_secp224k1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFE, 0xFF, 0xFF, 0xE5, 0x6D -#define EC_PARAM_secp224k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_secp224k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x05 -#define EC_PARAM_secp224k1_x \ - 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, \ - 0xDF, 0x30, 0xFC, 0x28, 0xA1, 0x69, 0xA4, 0x67, \ - 0xE9, 0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65, \ - 0x0E, 0xB6, 0xB7, 0xA4, 0x5C -#define EC_PARAM_secp224k1_y \ - 0x7E, 0x08, 0x9F, 0xED, 0x7F, 0xBA, 0x34, \ - 0x42, 0x82, 0xCA, 0xFB, 0xD6, 0xF7, 0xE3, 0x19, \ - 0xF7, 0xC0, 0xB0, 0xBD, 0x59, 0xE2, 0xCA, 0x4B, \ - 0xDB, 0x55, 0x6D, 0x61, 0xA5 -#define EC_PARAM_secp224k1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xDC, \ - 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9, \ - 0x71, 0x76, 0x9F, 0xB1, 0xF7 -#endif - -#if 1 -/* secp224r1 : NIST/SECG curve over a 224 bit prime field */ -#define EC_PARAM_secp224r1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_secp224r1_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFE -#define EC_PARAM_secp224r1_b \ - 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, \ - 0xF5, 0x41, 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, \ - 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, \ - 0x23, 0x55, 0xFF, 0xB4 -#define EC_PARAM_secp224r1_x \ - 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, \ - 0x32, 0x13, 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, \ - 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, \ - 0x11, 0x5C, 0x1D, 0x21 -#define EC_PARAM_secp224r1_y \ - 0xBD, 0x37, 0x63, 0x88, 0xB5, 0xF7, 0x23, 0xFB, \ - 0x4C, 0x22, 0xDF, 0xE6, 0xCD, 0x43, 0x75, 0xA0, \ - 0x5A, 0x07, 0x47, 0x64, 0x44, 0xD5, 0x81, 0x99, \ - 0x85, 0x00, 0x7E, 0x34 -#define EC_PARAM_secp224r1_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, \ - 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, \ - 0x5C, 0x5C, 0x2A, 0x3D -#endif - -#if 1 -/* secp256k1 : SECG curve over a 256 bit prime field */ -#define EC_PARAM_secp256k1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F -#define EC_PARAM_secp256k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_secp256k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07 -#define EC_PARAM_secp256k1_x \ - 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, \ - 0x55, 0xA0, 0x62, 0x95, 0xCE, 0x87, 0x0B, 0x07, \ - 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, \ - 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98 -#define EC_PARAM_secp256k1_y \ - 0x48, 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, \ - 0x5D, 0xA4, 0xFB, 0xFC, 0x0E, 0x11, 0x08, 0xA8, \ - 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54, 0x19, \ - 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, 0xB8 -#define EC_PARAM_secp256k1_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, \ - 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 -#endif - -#if 1 -/* secp384r1 : NIST/SECG curve over a 384 bit prime field */ -#define EC_PARAM_secp384r1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_secp384r1_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_secp384r1_b \ - 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, \ - 0x98, 0x8E, 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19, \ - 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, \ - 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, \ - 0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D, \ - 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF -#define EC_PARAM_secp384r1_x \ - 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, \ - 0x8E, 0xB1, 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74, \ - 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, \ - 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, \ - 0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C, \ - 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7 -#define EC_PARAM_secp384r1_y \ - 0x36, 0x17, 0xDE, 0x4A, 0x96, 0x26, 0x2C, 0x6F, \ - 0x5D, 0x9E, 0x98, 0xBF, 0x92, 0x92, 0xDC, 0x29, \ - 0xF8, 0xF4, 0x1D, 0xBD, 0x28, 0x9A, 0x14, 0x7C, \ - 0xE9, 0xDA, 0x31, 0x13, 0xB5, 0xF0, 0xB8, 0xC0, \ - 0x0A, 0x60, 0xB1, 0xCE, 0x1D, 0x7E, 0x81, 0x9D, \ - 0x7A, 0x43, 0x1D, 0x7C, 0x90, 0xEA, 0x0E, 0x5F -#define EC_PARAM_secp384r1_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, \ - 0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A, \ - 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 -#endif - -#if 1 -/* secp521r1 : NIST/SECG curve over a 521 bit prime field */ -#define EC_PARAM_secp521r1_prime \ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF -#define EC_PARAM_secp521r1_a \ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFC -#define EC_PARAM_secp521r1_b \ - 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, \ - 0x9A, 0x1F, 0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85, \ - 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, \ - 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, \ - 0x09, 0xE1, 0x56, 0x19, 0x39, 0x51, 0xEC, 0x7E, \ - 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, \ - 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, \ - 0x34, 0xF1, 0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50, \ - 0x3F, 0x00 -#define EC_PARAM_secp521r1_x \ - 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, \ - 0xE9, 0xCD, 0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95, \ - 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, \ - 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, \ - 0x3D, 0xBA, 0xA1, 0x4B, 0x5E, 0x77, 0xEF, 0xE7, \ - 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, \ - 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, \ - 0x42, 0x9B, 0xF9, 0x7E, 0x7E, 0x31, 0xC2, 0xE5, \ - 0xBD, 0x66 -#define EC_PARAM_secp521r1_y \ - 0x01, 0x18, 0x39, 0x29, 0x6A, 0x78, 0x9A, 0x3B, \ - 0xC0, 0x04, 0x5C, 0x8A, 0x5F, 0xB4, 0x2C, 0x7D, \ - 0x1B, 0xD9, 0x98, 0xF5, 0x44, 0x49, 0x57, 0x9B, \ - 0x44, 0x68, 0x17, 0xAF, 0xBD, 0x17, 0x27, 0x3E, \ - 0x66, 0x2C, 0x97, 0xEE, 0x72, 0x99, 0x5E, 0xF4, \ - 0x26, 0x40, 0xC5, 0x50, 0xB9, 0x01, 0x3F, 0xAD, \ - 0x07, 0x61, 0x35, 0x3C, 0x70, 0x86, 0xA2, 0x72, \ - 0xC2, 0x40, 0x88, 0xBE, 0x94, 0x76, 0x9F, 0xD1, \ - 0x66, 0x50 -#define EC_PARAM_secp521r1_order \ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFA, 0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, \ - 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, \ - 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, \ - 0x47, 0xAE, 0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38, \ - 0x64, 0x09 -#endif - -#if 1 -/* prime192v1 : NIST/X9.62/SECG curve over a 192 bit prime field */ -#define EC_PARAM_prime192v1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime192v1_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime192v1_b \ - 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, \ - 0x0F, 0xA7, 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49, \ - 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1 -#define EC_PARAM_prime192v1_x \ - 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, \ - 0x7C, 0xBF, 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00, \ - 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12 -#define EC_PARAM_prime192v1_y \ - 0x07, 0x19, 0x2B, 0x95, 0xFF, 0xC8, 0xDA, 0x78, \ - 0x63, 0x10, 0x11, 0xED, 0x6B, 0x24, 0xCD, 0xD5, \ - 0x73, 0xF9, 0x77, 0xA1, 0x1E, 0x79, 0x48, 0x11 -#define EC_PARAM_prime192v1_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36, \ - 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 -#endif - -#if 0 -/* prime192v2 : X9.62 curve over a 192 bit prime field */ -#define EC_PARAM_prime192v2_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime192v2_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime192v2_b \ - 0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, \ - 0xE4, 0x9C, 0x0D, 0x63, 0x64, 0xA4, 0xE5, 0x98, \ - 0x0C, 0x39, 0x3A, 0xA2, 0x16, 0x68, 0xD9, 0x53 -#define EC_PARAM_prime192v2_x \ - 0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, \ - 0xF2, 0xDE, 0x77, 0x69, 0xCF, 0xE9, 0xC9, 0x89, \ - 0xC0, 0x72, 0xAD, 0x69, 0x6F, 0x48, 0x03, 0x4A -#define EC_PARAM_prime192v2_y \ - 0x65, 0x74, 0xD1, 0x1D, 0x69, 0xB6, 0xEC, 0x7A, \ - 0x67, 0x2B, 0xB8, 0x2A, 0x08, 0x3D, 0xF2, 0xF2, \ - 0xB0, 0x84, 0x7D, 0xE9, 0x70, 0xB2, 0xDE, 0x15 -#define EC_PARAM_prime192v2_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFE, 0x5F, 0xB1, 0xA7, 0x24, \ - 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31 -#endif - -#if 0 -/* prime192v3 : X9.62 curve over a 192 bit prime field */ -#define EC_PARAM_prime192v3_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime192v3_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime192v3_b \ - 0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, \ - 0xA7, 0x42, 0x3D, 0xAE, 0xCC, 0xC9, 0x47, 0x60, \ - 0xA7, 0xD4, 0x62, 0x25, 0x6B, 0xD5, 0x69, 0x16 -#define EC_PARAM_prime192v3_x \ - 0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, \ - 0xA1, 0x78, 0x37, 0x16, 0x58, 0x8D, 0xCE, 0x2B, \ - 0x8B, 0x4A, 0xEE, 0x8E, 0x22, 0x8F, 0x18, 0x96 -#define EC_PARAM_prime192v3_y \ - 0x38, 0xA9, 0x0F, 0x22, 0x63, 0x73, 0x37, 0x33, \ - 0x4B, 0x49, 0xDC, 0xB6, 0x6A, 0x6D, 0xC8, 0xF9, \ - 0x97, 0x8A, 0xCA, 0x76, 0x48, 0xA9, 0x43, 0xB0 -#define EC_PARAM_prime192v3_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7A, 0x62, 0xD0, 0x31, \ - 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13 -#endif - -#if 0 -/* prime239v1 : X9.62 curve over a 239 bit prime field */ -#define EC_PARAM_prime239v1_prime \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime239v1_a \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime239v1_b \ - 0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, \ - 0xD0, 0xD6, 0x54, 0x92, 0x14, 0x75, 0xCA, 0x71, \ - 0xA9, 0xDB, 0x2F, 0xB2, 0x7D, 0x1D, 0x37, 0x79, \ - 0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A -#define EC_PARAM_prime239v1_x \ - 0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, \ - 0xCC, 0x33, 0xB8, 0x64, 0x2B, 0xED, 0xF9, 0x05, \ - 0xC3, 0xD3, 0x58, 0x57, 0x3D, 0x3F, 0x27, 0xFB, \ - 0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF -#define EC_PARAM_prime239v1_y \ - 0x7D, 0xEB, 0xE8, 0xE4, 0xE9, 0x0A, 0x5D, 0xAE, \ - 0x6E, 0x40, 0x54, 0xCA, 0x53, 0x0B, 0xA0, 0x46, \ - 0x54, 0xB3, 0x68, 0x18, 0xCE, 0x22, 0x6B, 0x39, \ - 0xFC, 0xCB, 0x7B, 0x02, 0xF1, 0xAE -#define EC_PARAM_prime239v1_order \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x9E, \ - 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1, \ - 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B -#endif - -#if 0 -/* prime239v2 : X9.62 curve over a 239 bit prime field */ -#define EC_PARAM_prime239v2_prime \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime239v2_a \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime239v2_b \ - 0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, \ - 0xFE, 0xD5, 0x0D, 0x99, 0xF0, 0x24, 0x9C, 0x3F, \ - 0xEE, 0x58, 0xB9, 0x4B, 0xA0, 0x03, 0x8C, 0x7A, \ - 0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C -#define EC_PARAM_prime239v2_x \ - 0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, \ - 0x20, 0xC9, 0x21, 0xBB, 0x5E, 0x9E, 0x26, 0x29, \ - 0x6A, 0x3C, 0xDC, 0xF2, 0xF3, 0x57, 0x57, 0xA0, \ - 0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7 -#define EC_PARAM_prime239v2_y \ - 0x5B, 0x01, 0x25, 0xE4, 0xDB, 0xEA, 0x0E, 0xC7, \ - 0x20, 0x6D, 0xA0, 0xFC, 0x01, 0xD9, 0xB0, 0x81, \ - 0x32, 0x9F, 0xB5, 0x55, 0xDE, 0x6E, 0xF4, 0x60, \ - 0x23, 0x7D, 0xFF, 0x8B, 0xE4, 0xBA -#define EC_PARAM_prime239v2_order \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0xCF, \ - 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0, \ - 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 -#endif - -#if 0 -/* prime239v3 : X9.62 curve over a 239 bit prime field */ -#define EC_PARAM_prime239v3_prime \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime239v3_a \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime239v3_b \ - 0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, \ - 0xB1, 0xF4, 0xCB, 0x03, 0xD6, 0xA7, 0x50, 0xA3, \ - 0x0C, 0x25, 0x01, 0x02, 0xD4, 0x98, 0x87, 0x17, \ - 0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E -#define EC_PARAM_prime239v3_x \ - 0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, \ - 0xCF, 0x00, 0x5C, 0x94, 0x9A, 0xA2, 0xC6, 0xD9, \ - 0x48, 0x53, 0xD0, 0xE6, 0x60, 0xBB, 0xF8, 0x54, \ - 0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A -#define EC_PARAM_prime239v3_y \ - 0x16, 0x07, 0xE6, 0x89, 0x8F, 0x39, 0x0C, 0x06, \ - 0xBC, 0x1D, 0x55, 0x2B, 0xAD, 0x22, 0x6F, 0x3B, \ - 0x6F, 0xCF, 0xE4, 0x8B, 0x6E, 0x81, 0x84, 0x99, \ - 0xAF, 0x18, 0xE3, 0xED, 0x6C, 0xF3 -#define EC_PARAM_prime239v3_order \ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x97, \ - 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C, \ - 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 -#endif - -#if 1 -/* prime256v1 : X9.62/SECG curve over a 256 bit prime field */ -#define EC_PARAM_prime256v1_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -#define EC_PARAM_prime256v1_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC -#define EC_PARAM_prime256v1_b \ - 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, \ - 0xB3, 0xEB, 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC, \ - 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, \ - 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B -#define EC_PARAM_prime256v1_x \ - 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, \ - 0xF8, 0xBC, 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2, \ - 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, \ - 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96 -#define EC_PARAM_prime256v1_y \ - 0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B, \ - 0x8E, 0xE7, 0xEB, 0x4A, 0x7C, 0x0F, 0x9E, 0x16, \ - 0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE, \ - 0xCB, 0xB6, 0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5 -#define EC_PARAM_prime256v1_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, \ - 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 -#endif - -#if 0 -/* sect113r1 : SECG curve over a 113 bit binary field */ -#define EC_PARAM_sect113r1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_sect113r1_a \ - 0x00, 0x30, 0x88, 0x25, 0x0C, 0xA6, 0xE7, 0xC7, \ - 0xFE, 0x64, 0x9C, 0xE8, 0x58, 0x20, 0xF7 -#define EC_PARAM_sect113r1_b \ - 0x00, 0xE8, 0xBE, 0xE4, 0xD3, 0xE2, 0x26, 0x07, \ - 0x44, 0x18, 0x8B, 0xE0, 0xE9, 0xC7, 0x23 -#define EC_PARAM_sect113r1_x \ - 0x00, 0x9D, 0x73, 0x61, 0x6F, 0x35, 0xF4, 0xAB, \ - 0x14, 0x07, 0xD7, 0x35, 0x62, 0xC1, 0x0F -#define EC_PARAM_sect113r1_y \ - 0x00, 0xA5, 0x28, 0x30, 0x27, 0x79, 0x58, 0xEE, \ - 0x84, 0xD1, 0x31, 0x5E, 0xD3, 0x18, 0x86 -#define EC_PARAM_sect113r1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0xD9, 0xCC, 0xEC, 0x8A, 0x39, 0xE5, 0x6F -#endif - -#if 0 -/* sect113r2 : SECG curve over a 113 bit binary field */ -#define EC_PARAM_sect113r2_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_sect113r2_a \ - 0x00, 0x68, 0x99, 0x18, 0xDB, 0xEC, 0x7E, 0x5A, \ - 0x0D, 0xD6, 0xDF, 0xC0, 0xAA, 0x55, 0xC7 -#define EC_PARAM_sect113r2_b \ - 0x00, 0x95, 0xE9, 0xA9, 0xEC, 0x9B, 0x29, 0x7B, \ - 0xD4, 0xBF, 0x36, 0xE0, 0x59, 0x18, 0x4F -#define EC_PARAM_sect113r2_x \ - 0x01, 0xA5, 0x7A, 0x6A, 0x7B, 0x26, 0xCA, 0x5E, \ - 0xF5, 0x2F, 0xCD, 0xB8, 0x16, 0x47, 0x97 -#define EC_PARAM_sect113r2_y \ - 0x00, 0xB3, 0xAD, 0xC9, 0x4E, 0xD1, 0xFE, 0x67, \ - 0x4C, 0x06, 0xE6, 0x95, 0xBA, 0xBA, 0x1D -#define EC_PARAM_sect113r2_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, \ - 0x08, 0x78, 0x9B, 0x24, 0x96, 0xAF, 0x93 -#endif - -#if 0 -/* sect131r1 : SECG/WTLS curve over a 131 bit binary field */ -#define EC_PARAM_sect131r1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, \ - 0x0D -#define EC_PARAM_sect131r1_a \ - 0x07, 0xA1, 0x1B, 0x09, 0xA7, 0x6B, 0x56, 0x21, \ - 0x44, 0x41, 0x8F, 0xF3, 0xFF, 0x8C, 0x25, 0x70, \ - 0xB8 -#define EC_PARAM_sect131r1_b \ - 0x02, 0x17, 0xC0, 0x56, 0x10, 0x88, 0x4B, 0x63, \ - 0xB9, 0xC6, 0xC7, 0x29, 0x16, 0x78, 0xF9, 0xD3, \ - 0x41 -#define EC_PARAM_sect131r1_x \ - 0x00, 0x81, 0xBA, 0xF9, 0x1F, 0xDF, 0x98, 0x33, \ - 0xC4, 0x0F, 0x9C, 0x18, 0x13, 0x43, 0x63, 0x83, \ - 0x99 -#define EC_PARAM_sect131r1_y \ - 0x07, 0x8C, 0x6E, 0x7E, 0xA3, 0x8C, 0x00, 0x1F, \ - 0x73, 0xC8, 0x13, 0x4B, 0x1B, 0x4E, 0xF9, 0xE1, \ - 0x50 -#define EC_PARAM_sect131r1_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x02, 0x31, 0x23, 0x95, 0x3A, 0x94, 0x64, 0xB5, \ - 0x4D -#endif - -#if 0 -/* sect131r2 : SECG curve over a 131 bit binary field */ -#define EC_PARAM_sect131r2_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, \ - 0x0D -#define EC_PARAM_sect131r2_a \ - 0x03, 0xE5, 0xA8, 0x89, 0x19, 0xD7, 0xCA, 0xFC, \ - 0xBF, 0x41, 0x5F, 0x07, 0xC2, 0x17, 0x65, 0x73, \ - 0xB2 -#define EC_PARAM_sect131r2_b \ - 0x04, 0xB8, 0x26, 0x6A, 0x46, 0xC5, 0x56, 0x57, \ - 0xAC, 0x73, 0x4C, 0xE3, 0x8F, 0x01, 0x8F, 0x21, \ - 0x92 -#define EC_PARAM_sect131r2_x \ - 0x03, 0x56, 0xDC, 0xD8, 0xF2, 0xF9, 0x50, 0x31, \ - 0xAD, 0x65, 0x2D, 0x23, 0x95, 0x1B, 0xB3, 0x66, \ - 0xA8 -#define EC_PARAM_sect131r2_y \ - 0x06, 0x48, 0xF0, 0x6D, 0x86, 0x79, 0x40, 0xA5, \ - 0x36, 0x6D, 0x9E, 0x26, 0x5D, 0xE9, 0xEB, 0x24, \ - 0x0F -#define EC_PARAM_sect131r2_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x01, 0x69, 0x54, 0xA2, 0x33, 0x04, 0x9B, 0xA9, \ - 0x8F -#endif - -#if 0 -/* sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field */ -#define EC_PARAM_sect163k1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xC9 -#define EC_PARAM_sect163k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect163k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect163k1_x \ - 0x02, 0xFE, 0x13, 0xC0, 0x53, 0x7B, 0xBC, 0x11, \ - 0xAC, 0xAA, 0x07, 0xD7, 0x93, 0xDE, 0x4E, 0x6D, \ - 0x5E, 0x5C, 0x94, 0xEE, 0xE8 -#define EC_PARAM_sect163k1_y \ - 0x02, 0x89, 0x07, 0x0F, 0xB0, 0x5D, 0x38, 0xFF, \ - 0x58, 0x32, 0x1F, 0x2E, 0x80, 0x05, 0x36, 0xD5, \ - 0x38, 0xCC, 0xDA, 0xA3, 0xD9 -#define EC_PARAM_sect163k1_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x02, 0x01, 0x08, 0xA2, 0xE0, 0xCC, \ - 0x0D, 0x99, 0xF8, 0xA5, 0xEF -#endif - -#if 0 -/* sect163r1 : SECG curve over a 163 bit binary field */ -#define EC_PARAM_sect163r1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xC9 -#define EC_PARAM_sect163r1_a \ - 0x07, 0xB6, 0x88, 0x2C, 0xAA, 0xEF, 0xA8, 0x4F, \ - 0x95, 0x54, 0xFF, 0x84, 0x28, 0xBD, 0x88, 0xE2, \ - 0x46, 0xD2, 0x78, 0x2A, 0xE2 -#define EC_PARAM_sect163r1_b \ - 0x07, 0x13, 0x61, 0x2D, 0xCD, 0xDC, 0xB4, 0x0A, \ - 0xAB, 0x94, 0x6B, 0xDA, 0x29, 0xCA, 0x91, 0xF7, \ - 0x3A, 0xF9, 0x58, 0xAF, 0xD9 -#define EC_PARAM_sect163r1_x \ - 0x03, 0x69, 0x97, 0x96, 0x97, 0xAB, 0x43, 0x89, \ - 0x77, 0x89, 0x56, 0x67, 0x89, 0x56, 0x7F, 0x78, \ - 0x7A, 0x78, 0x76, 0xA6, 0x54 -#define EC_PARAM_sect163r1_y \ - 0x00, 0x43, 0x5E, 0xDB, 0x42, 0xEF, 0xAF, 0xB2, \ - 0x98, 0x9D, 0x51, 0xFE, 0xFC, 0xE3, 0xC8, 0x09, \ - 0x88, 0xF4, 0x1F, 0xF8, 0x83 -#define EC_PARAM_sect163r1_order \ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0x48, 0xAA, 0xB6, 0x89, 0xC2, \ - 0x9C, 0xA7, 0x10, 0x27, 0x9B -#endif - -#if 0 -/* sect163r2 : NIST/SECG curve over a 163 bit binary field */ -#define EC_PARAM_sect163r2_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xC9 -#define EC_PARAM_sect163r2_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect163r2_b \ - 0x02, 0x0A, 0x60, 0x19, 0x07, 0xB8, 0xC9, 0x53, \ - 0xCA, 0x14, 0x81, 0xEB, 0x10, 0x51, 0x2F, 0x78, \ - 0x74, 0x4A, 0x32, 0x05, 0xFD -#define EC_PARAM_sect163r2_x \ - 0x03, 0xF0, 0xEB, 0xA1, 0x62, 0x86, 0xA2, 0xD5, \ - 0x7E, 0xA0, 0x99, 0x11, 0x68, 0xD4, 0x99, 0x46, \ - 0x37, 0xE8, 0x34, 0x3E, 0x36 -#define EC_PARAM_sect163r2_y \ - 0x00, 0xD5, 0x1F, 0xBC, 0x6C, 0x71, 0xA0, 0x09, \ - 0x4F, 0xA2, 0xCD, 0xD5, 0x45, 0xB1, 0x1C, 0x5C, \ - 0x0C, 0x79, 0x73, 0x24, 0xF1 -#define EC_PARAM_sect163r2_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x02, 0x92, 0xFE, 0x77, 0xE7, 0x0C, \ - 0x12, 0xA4, 0x23, 0x4C, 0x33 -#endif - -#if 0 -/* sect193r1 : SECG curve over a 193 bit binary field */ -#define EC_PARAM_sect193r1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, \ - 0x01 -#define EC_PARAM_sect193r1_a \ - 0x00, 0x17, 0x85, 0x8F, 0xEB, 0x7A, 0x98, 0x97, \ - 0x51, 0x69, 0xE1, 0x71, 0xF7, 0x7B, 0x40, 0x87, \ - 0xDE, 0x09, 0x8A, 0xC8, 0xA9, 0x11, 0xDF, 0x7B, \ - 0x01 -#define EC_PARAM_sect193r1_b \ - 0x00, 0xFD, 0xFB, 0x49, 0xBF, 0xE6, 0xC3, 0xA8, \ - 0x9F, 0xAC, 0xAD, 0xAA, 0x7A, 0x1E, 0x5B, 0xBC, \ - 0x7C, 0xC1, 0xC2, 0xE5, 0xD8, 0x31, 0x47, 0x88, \ - 0x14 -#define EC_PARAM_sect193r1_x \ - 0x01, 0xF4, 0x81, 0xBC, 0x5F, 0x0F, 0xF8, 0x4A, \ - 0x74, 0xAD, 0x6C, 0xDF, 0x6F, 0xDE, 0xF4, 0xBF, \ - 0x61, 0x79, 0x62, 0x53, 0x72, 0xD8, 0xC0, 0xC5, \ - 0xE1 -#define EC_PARAM_sect193r1_y \ - 0x00, 0x25, 0xE3, 0x99, 0xF2, 0x90, 0x37, 0x12, \ - 0xCC, 0xF3, 0xEA, 0x9E, 0x3A, 0x1A, 0xD1, 0x7F, \ - 0xB0, 0xB3, 0x20, 0x1B, 0x6A, 0xF7, 0xCE, 0x1B, \ - 0x05 -#define EC_PARAM_sect193r1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0xC7, 0xF3, 0x4A, \ - 0x77, 0x8F, 0x44, 0x3A, 0xCC, 0x92, 0x0E, 0xBA, \ - 0x49 -#endif - -#if 0 -/* sect193r2 : SECG curve over a 193 bit binary field */ -#define EC_PARAM_sect193r2_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, \ - 0x01 -#define EC_PARAM_sect193r2_a \ - 0x01, 0x63, 0xF3, 0x5A, 0x51, 0x37, 0xC2, 0xCE, \ - 0x3E, 0xA6, 0xED, 0x86, 0x67, 0x19, 0x0B, 0x0B, \ - 0xC4, 0x3E, 0xCD, 0x69, 0x97, 0x77, 0x02, 0x70, \ - 0x9B -#define EC_PARAM_sect193r2_b \ - 0x00, 0xC9, 0xBB, 0x9E, 0x89, 0x27, 0xD4, 0xD6, \ - 0x4C, 0x37, 0x7E, 0x2A, 0xB2, 0x85, 0x6A, 0x5B, \ - 0x16, 0xE3, 0xEF, 0xB7, 0xF6, 0x1D, 0x43, 0x16, \ - 0xAE -#define EC_PARAM_sect193r2_x \ - 0x00, 0xD9, 0xB6, 0x7D, 0x19, 0x2E, 0x03, 0x67, \ - 0xC8, 0x03, 0xF3, 0x9E, 0x1A, 0x7E, 0x82, 0xCA, \ - 0x14, 0xA6, 0x51, 0x35, 0x0A, 0xAE, 0x61, 0x7E, \ - 0x8F -#define EC_PARAM_sect193r2_y \ - 0x01, 0xCE, 0x94, 0x33, 0x56, 0x07, 0xC3, 0x04, \ - 0xAC, 0x29, 0xE7, 0xDE, 0xFB, 0xD9, 0xCA, 0x01, \ - 0xF5, 0x96, 0xF9, 0x27, 0x22, 0x4C, 0xDE, 0xCF, \ - 0x6C -#define EC_PARAM_sect193r2_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01, 0x5A, 0xAB, 0x56, \ - 0x1B, 0x00, 0x54, 0x13, 0xCC, 0xD4, 0xEE, 0x99, \ - 0xD5 -#endif - -#if 0 -/* sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field */ -#define EC_PARAM_sect233k1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect233k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_sect233k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect233k1_x \ - 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, \ - 0x1A, 0xF1, 0x29, 0xF2, 0x2F, 0xF4, 0x14, 0x95, \ - 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C, \ - 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26 -#define EC_PARAM_sect233k1_y \ - 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, \ - 0xF7, 0x0F, 0x55, 0x5A, 0x67, 0xC4, 0x27, 0xA8, \ - 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0, \ - 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3 -#define EC_PARAM_sect233k1_order \ - 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, \ - 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, \ - 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF -#endif - -#if 0 -/* sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field */ -#define EC_PARAM_sect233r1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect233r1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect233r1_b \ - 0x00, 0x66, 0x64, 0x7E, 0xDE, 0x6C, 0x33, 0x2C, \ - 0x7F, 0x8C, 0x09, 0x23, 0xBB, 0x58, 0x21, 0x3B, \ - 0x33, 0x3B, 0x20, 0xE9, 0xCE, 0x42, 0x81, 0xFE, \ - 0x11, 0x5F, 0x7D, 0x8F, 0x90, 0xAD -#define EC_PARAM_sect233r1_x \ - 0x00, 0xFA, 0xC9, 0xDF, 0xCB, 0xAC, 0x83, 0x13, \ - 0xBB, 0x21, 0x39, 0xF1, 0xBB, 0x75, 0x5F, 0xEF, \ - 0x65, 0xBC, 0x39, 0x1F, 0x8B, 0x36, 0xF8, 0xF8, \ - 0xEB, 0x73, 0x71, 0xFD, 0x55, 0x8B -#define EC_PARAM_sect233r1_y \ - 0x01, 0x00, 0x6A, 0x08, 0xA4, 0x19, 0x03, 0x35, \ - 0x06, 0x78, 0xE5, 0x85, 0x28, 0xBE, 0xBF, 0x8A, \ - 0x0B, 0xEF, 0xF8, 0x67, 0xA7, 0xCA, 0x36, 0x71, \ - 0x6F, 0x7E, 0x01, 0xF8, 0x10, 0x52 -#define EC_PARAM_sect233r1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, \ - 0xE9, 0x74, 0xE7, 0x2F, 0x8A, 0x69, 0x22, 0x03, \ - 0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7 -#endif - -#if 0 -/* sect239k1 : SECG curve over a 239 bit binary field */ -#define EC_PARAM_sect239k1_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect239k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_sect239k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect239k1_x \ - 0x29, 0xA0, 0xB6, 0xA8, 0x87, 0xA9, 0x83, 0xE9, \ - 0x73, 0x09, 0x88, 0xA6, 0x87, 0x27, 0xA8, 0xB2, \ - 0xD1, 0x26, 0xC4, 0x4C, 0xC2, 0xCC, 0x7B, 0x2A, \ - 0x65, 0x55, 0x19, 0x30, 0x35, 0xDC -#define EC_PARAM_sect239k1_y \ - 0x76, 0x31, 0x08, 0x04, 0xF1, 0x2E, 0x54, 0x9B, \ - 0xDB, 0x01, 0x1C, 0x10, 0x30, 0x89, 0xE7, 0x35, \ - 0x10, 0xAC, 0xB2, 0x75, 0xFC, 0x31, 0x2A, 0x5D, \ - 0xC6, 0xB7, 0x65, 0x53, 0xF0, 0xCA -#define EC_PARAM_sect239k1_order \ - 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5A, \ - 0x79, 0xFE, 0xC6, 0x7C, 0xB6, 0xE9, 0x1F, 0x1C, \ - 0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5 -#endif - -#if 0 -/* sect283k1 : NIST/SECG curve over a 283 bit binary field */ -#define EC_PARAM_sect283k1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x10, 0xA1 -#define EC_PARAM_sect283k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_sect283k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect283k1_x \ - 0x05, 0x03, 0x21, 0x3F, 0x78, 0xCA, 0x44, 0x88, \ - 0x3F, 0x1A, 0x3B, 0x81, 0x62, 0xF1, 0x88, 0xE5, \ - 0x53, 0xCD, 0x26, 0x5F, 0x23, 0xC1, 0x56, 0x7A, \ - 0x16, 0x87, 0x69, 0x13, 0xB0, 0xC2, 0xAC, 0x24, \ - 0x58, 0x49, 0x28, 0x36 -#define EC_PARAM_sect283k1_y \ - 0x01, 0xCC, 0xDA, 0x38, 0x0F, 0x1C, 0x9E, 0x31, \ - 0x8D, 0x90, 0xF9, 0x5D, 0x07, 0xE5, 0x42, 0x6F, \ - 0xE8, 0x7E, 0x45, 0xC0, 0xE8, 0x18, 0x46, 0x98, \ - 0xE4, 0x59, 0x62, 0x36, 0x4E, 0x34, 0x11, 0x61, \ - 0x77, 0xDD, 0x22, 0x59 -#define EC_PARAM_sect283k1_order \ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xE9, 0xAE, 0x2E, 0xD0, 0x75, 0x77, \ - 0x26, 0x5D, 0xFF, 0x7F, 0x94, 0x45, 0x1E, 0x06, \ - 0x1E, 0x16, 0x3C, 0x61 -#endif - -#if 0 -/* sect283r1 : NIST/SECG curve over a 283 bit binary field */ -#define EC_PARAM_sect283r1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x10, 0xA1 -#define EC_PARAM_sect283r1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect283r1_b \ - 0x02, 0x7B, 0x68, 0x0A, 0xC8, 0xB8, 0x59, 0x6D, \ - 0xA5, 0xA4, 0xAF, 0x8A, 0x19, 0xA0, 0x30, 0x3F, \ - 0xCA, 0x97, 0xFD, 0x76, 0x45, 0x30, 0x9F, 0xA2, \ - 0xA5, 0x81, 0x48, 0x5A, 0xF6, 0x26, 0x3E, 0x31, \ - 0x3B, 0x79, 0xA2, 0xF5 -#define EC_PARAM_sect283r1_x \ - 0x05, 0xF9, 0x39, 0x25, 0x8D, 0xB7, 0xDD, 0x90, \ - 0xE1, 0x93, 0x4F, 0x8C, 0x70, 0xB0, 0xDF, 0xEC, \ - 0x2E, 0xED, 0x25, 0xB8, 0x55, 0x7E, 0xAC, 0x9C, \ - 0x80, 0xE2, 0xE1, 0x98, 0xF8, 0xCD, 0xBE, 0xCD, \ - 0x86, 0xB1, 0x20, 0x53 -#define EC_PARAM_sect283r1_y \ - 0x03, 0x67, 0x68, 0x54, 0xFE, 0x24, 0x14, 0x1C, \ - 0xB9, 0x8F, 0xE6, 0xD4, 0xB2, 0x0D, 0x02, 0xB4, \ - 0x51, 0x6F, 0xF7, 0x02, 0x35, 0x0E, 0xDD, 0xB0, \ - 0x82, 0x67, 0x79, 0xC8, 0x13, 0xF0, 0xDF, 0x45, \ - 0xBE, 0x81, 0x12, 0xF4 -#define EC_PARAM_sect283r1_order \ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xEF, 0x90, 0x39, 0x96, 0x60, 0xFC, \ - 0x93, 0x8A, 0x90, 0x16, 0x5B, 0x04, 0x2A, 0x7C, \ - 0xEF, 0xAD, 0xB3, 0x07 -#endif - -#if 0 -/* sect409k1 : NIST/SECG curve over a 409 bit binary field */ -#define EC_PARAM_sect409k1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect409k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_sect409k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect409k1_x \ - 0x00, 0x60, 0xF0, 0x5F, 0x65, 0x8F, 0x49, 0xC1, \ - 0xAD, 0x3A, 0xB1, 0x89, 0x0F, 0x71, 0x84, 0x21, \ - 0x0E, 0xFD, 0x09, 0x87, 0xE3, 0x07, 0xC8, 0x4C, \ - 0x27, 0xAC, 0xCF, 0xB8, 0xF9, 0xF6, 0x7C, 0xC2, \ - 0xC4, 0x60, 0x18, 0x9E, 0xB5, 0xAA, 0xAA, 0x62, \ - 0xEE, 0x22, 0x2E, 0xB1, 0xB3, 0x55, 0x40, 0xCF, \ - 0xE9, 0x02, 0x37, 0x46 -#define EC_PARAM_sect409k1_y \ - 0x01, 0xE3, 0x69, 0x05, 0x0B, 0x7C, 0x4E, 0x42, \ - 0xAC, 0xBA, 0x1D, 0xAC, 0xBF, 0x04, 0x29, 0x9C, \ - 0x34, 0x60, 0x78, 0x2F, 0x91, 0x8E, 0xA4, 0x27, \ - 0xE6, 0x32, 0x51, 0x65, 0xE9, 0xEA, 0x10, 0xE3, \ - 0xDA, 0x5F, 0x6C, 0x42, 0xE9, 0xC5, 0x52, 0x15, \ - 0xAA, 0x9C, 0xA2, 0x7A, 0x58, 0x63, 0xEC, 0x48, \ - 0xD8, 0xE0, 0x28, 0x6B -#define EC_PARAM_sect409k1_order \ - 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFE, 0x5F, 0x83, 0xB2, 0xD4, 0xEA, \ - 0x20, 0x40, 0x0E, 0xC4, 0x55, 0x7D, 0x5E, 0xD3, \ - 0xE3, 0xE7, 0xCA, 0x5B, 0x4B, 0x5C, 0x83, 0xB8, \ - 0xE0, 0x1E, 0x5F, 0xCF -#endif - -#if 0 -/* sect409r1 : NIST/SECG curve over a 409 bit binary field */ -#define EC_PARAM_sect409r1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect409r1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect409r1_b \ - 0x00, 0x21, 0xA5, 0xC2, 0xC8, 0xEE, 0x9F, 0xEB, \ - 0x5C, 0x4B, 0x9A, 0x75, 0x3B, 0x7B, 0x47, 0x6B, \ - 0x7F, 0xD6, 0x42, 0x2E, 0xF1, 0xF3, 0xDD, 0x67, \ - 0x47, 0x61, 0xFA, 0x99, 0xD6, 0xAC, 0x27, 0xC8, \ - 0xA9, 0xA1, 0x97, 0xB2, 0x72, 0x82, 0x2F, 0x6C, \ - 0xD5, 0x7A, 0x55, 0xAA, 0x4F, 0x50, 0xAE, 0x31, \ - 0x7B, 0x13, 0x54, 0x5F -#define EC_PARAM_sect409r1_x \ - 0x01, 0x5D, 0x48, 0x60, 0xD0, 0x88, 0xDD, 0xB3, \ - 0x49, 0x6B, 0x0C, 0x60, 0x64, 0x75, 0x62, 0x60, \ - 0x44, 0x1C, 0xDE, 0x4A, 0xF1, 0x77, 0x1D, 0x4D, \ - 0xB0, 0x1F, 0xFE, 0x5B, 0x34, 0xE5, 0x97, 0x03, \ - 0xDC, 0x25, 0x5A, 0x86, 0x8A, 0x11, 0x80, 0x51, \ - 0x56, 0x03, 0xAE, 0xAB, 0x60, 0x79, 0x4E, 0x54, \ - 0xBB, 0x79, 0x96, 0xA7 -#define EC_PARAM_sect409r1_y \ - 0x00, 0x61, 0xB1, 0xCF, 0xAB, 0x6B, 0xE5, 0xF3, \ - 0x2B, 0xBF, 0xA7, 0x83, 0x24, 0xED, 0x10, 0x6A, \ - 0x76, 0x36, 0xB9, 0xC5, 0xA7, 0xBD, 0x19, 0x8D, \ - 0x01, 0x58, 0xAA, 0x4F, 0x54, 0x88, 0xD0, 0x8F, \ - 0x38, 0x51, 0x4F, 0x1F, 0xDF, 0x4B, 0x4F, 0x40, \ - 0xD2, 0x18, 0x1B, 0x36, 0x81, 0xC3, 0x64, 0xBA, \ - 0x02, 0x73, 0xC7, 0x06 -#define EC_PARAM_sect409r1_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xE2, 0xAA, 0xD6, 0xA6, 0x12, \ - 0xF3, 0x33, 0x07, 0xBE, 0x5F, 0xA4, 0x7C, 0x3C, \ - 0x9E, 0x05, 0x2F, 0x83, 0x81, 0x64, 0xCD, 0x37, \ - 0xD9, 0xA2, 0x11, 0x73 -#endif - -#if 0 -/* sect571k1 : NIST/SECG curve over a 571 bit binary field */ -#define EC_PARAM_sect571k1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25 -#define EC_PARAM_sect571k1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_sect571k1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect571k1_x \ - 0x02, 0x6E, 0xB7, 0xA8, 0x59, 0x92, 0x3F, 0xBC, \ - 0x82, 0x18, 0x96, 0x31, 0xF8, 0x10, 0x3F, 0xE4, \ - 0xAC, 0x9C, 0xA2, 0x97, 0x00, 0x12, 0xD5, 0xD4, \ - 0x60, 0x24, 0x80, 0x48, 0x01, 0x84, 0x1C, 0xA4, \ - 0x43, 0x70, 0x95, 0x84, 0x93, 0xB2, 0x05, 0xE6, \ - 0x47, 0xDA, 0x30, 0x4D, 0xB4, 0xCE, 0xB0, 0x8C, \ - 0xBB, 0xD1, 0xBA, 0x39, 0x49, 0x47, 0x76, 0xFB, \ - 0x98, 0x8B, 0x47, 0x17, 0x4D, 0xCA, 0x88, 0xC7, \ - 0xE2, 0x94, 0x52, 0x83, 0xA0, 0x1C, 0x89, 0x72 -#define EC_PARAM_sect571k1_y \ - 0x03, 0x49, 0xDC, 0x80, 0x7F, 0x4F, 0xBF, 0x37, \ - 0x4F, 0x4A, 0xEA, 0xDE, 0x3B, 0xCA, 0x95, 0x31, \ - 0x4D, 0xD5, 0x8C, 0xEC, 0x9F, 0x30, 0x7A, 0x54, \ - 0xFF, 0xC6, 0x1E, 0xFC, 0x00, 0x6D, 0x8A, 0x2C, \ - 0x9D, 0x49, 0x79, 0xC0, 0xAC, 0x44, 0xAE, 0xA7, \ - 0x4F, 0xBE, 0xBB, 0xB9, 0xF7, 0x72, 0xAE, 0xDC, \ - 0xB6, 0x20, 0xB0, 0x1A, 0x7B, 0xA7, 0xAF, 0x1B, \ - 0x32, 0x04, 0x30, 0xC8, 0x59, 0x19, 0x84, 0xF6, \ - 0x01, 0xCD, 0x4C, 0x14, 0x3E, 0xF1, 0xC7, 0xA3 -#define EC_PARAM_sect571k1_order \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x13, 0x18, 0x50, 0xE1, \ - 0xF1, 0x9A, 0x63, 0xE4, 0xB3, 0x91, 0xA8, 0xDB, \ - 0x91, 0x7F, 0x41, 0x38, 0xB6, 0x30, 0xD8, 0x4B, \ - 0xE5, 0xD6, 0x39, 0x38, 0x1E, 0x91, 0xDE, 0xB4, \ - 0x5C, 0xFE, 0x77, 0x8F, 0x63, 0x7C, 0x10, 0x01 -#endif - -#if 0 -/* sect571r1 : NIST/SECG curve over a 571 bit binary field */ -#define EC_PARAM_sect571r1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25 -#define EC_PARAM_sect571r1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_sect571r1_b \ - 0x02, 0xF4, 0x0E, 0x7E, 0x22, 0x21, 0xF2, 0x95, \ - 0xDE, 0x29, 0x71, 0x17, 0xB7, 0xF3, 0xD6, 0x2F, \ - 0x5C, 0x6A, 0x97, 0xFF, 0xCB, 0x8C, 0xEF, 0xF1, \ - 0xCD, 0x6B, 0xA8, 0xCE, 0x4A, 0x9A, 0x18, 0xAD, \ - 0x84, 0xFF, 0xAB, 0xBD, 0x8E, 0xFA, 0x59, 0x33, \ - 0x2B, 0xE7, 0xAD, 0x67, 0x56, 0xA6, 0x6E, 0x29, \ - 0x4A, 0xFD, 0x18, 0x5A, 0x78, 0xFF, 0x12, 0xAA, \ - 0x52, 0x0E, 0x4D, 0xE7, 0x39, 0xBA, 0xCA, 0x0C, \ - 0x7F, 0xFE, 0xFF, 0x7F, 0x29, 0x55, 0x72, 0x7A -#define EC_PARAM_sect571r1_x \ - 0x03, 0x03, 0x00, 0x1D, 0x34, 0xB8, 0x56, 0x29, \ - 0x6C, 0x16, 0xC0, 0xD4, 0x0D, 0x3C, 0xD7, 0x75, \ - 0x0A, 0x93, 0xD1, 0xD2, 0x95, 0x5F, 0xA8, 0x0A, \ - 0xA5, 0xF4, 0x0F, 0xC8, 0xDB, 0x7B, 0x2A, 0xBD, \ - 0xBD, 0xE5, 0x39, 0x50, 0xF4, 0xC0, 0xD2, 0x93, \ - 0xCD, 0xD7, 0x11, 0xA3, 0x5B, 0x67, 0xFB, 0x14, \ - 0x99, 0xAE, 0x60, 0x03, 0x86, 0x14, 0xF1, 0x39, \ - 0x4A, 0xBF, 0xA3, 0xB4, 0xC8, 0x50, 0xD9, 0x27, \ - 0xE1, 0xE7, 0x76, 0x9C, 0x8E, 0xEC, 0x2D, 0x19 -#define EC_PARAM_sect571r1_y \ - 0x03, 0x7B, 0xF2, 0x73, 0x42, 0xDA, 0x63, 0x9B, \ - 0x6D, 0xCC, 0xFF, 0xFE, 0xB7, 0x3D, 0x69, 0xD7, \ - 0x8C, 0x6C, 0x27, 0xA6, 0x00, 0x9C, 0xBB, 0xCA, \ - 0x19, 0x80, 0xF8, 0x53, 0x39, 0x21, 0xE8, 0xA6, \ - 0x84, 0x42, 0x3E, 0x43, 0xBA, 0xB0, 0x8A, 0x57, \ - 0x62, 0x91, 0xAF, 0x8F, 0x46, 0x1B, 0xB2, 0xA8, \ - 0xB3, 0x53, 0x1D, 0x2F, 0x04, 0x85, 0xC1, 0x9B, \ - 0x16, 0xE2, 0xF1, 0x51, 0x6E, 0x23, 0xDD, 0x3C, \ - 0x1A, 0x48, 0x27, 0xAF, 0x1B, 0x8A, 0xC1, 0x5B -#define EC_PARAM_sect571r1_order \ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xE6, 0x61, 0xCE, 0x18, \ - 0xFF, 0x55, 0x98, 0x73, 0x08, 0x05, 0x9B, 0x18, \ - 0x68, 0x23, 0x85, 0x1E, 0xC7, 0xDD, 0x9C, 0xA1, \ - 0x16, 0x1D, 0xE9, 0x3D, 0x51, 0x74, 0xD6, 0x6E, \ - 0x83, 0x82, 0xE9, 0xBB, 0x2F, 0xE8, 0x4E, 0x47 -#endif - -#if 0 -/* c2pnb163v1 : X9.62 curve over a 163 bit binary field */ -#define EC_PARAM_c2pnb163v1_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01, 0x07 -#define EC_PARAM_c2pnb163v1_a \ - 0x07, 0x25, 0x46, 0xB5, 0x43, 0x52, 0x34, 0xA4, \ - 0x22, 0xE0, 0x78, 0x96, 0x75, 0xF4, 0x32, 0xC8, \ - 0x94, 0x35, 0xDE, 0x52, 0x42 -#define EC_PARAM_c2pnb163v1_b \ - 0x00, 0xC9, 0x51, 0x7D, 0x06, 0xD5, 0x24, 0x0D, \ - 0x3C, 0xFF, 0x38, 0xC7, 0x4B, 0x20, 0xB6, 0xCD, \ - 0x4D, 0x6F, 0x9D, 0xD4, 0xD9 -#define EC_PARAM_c2pnb163v1_x \ - 0x07, 0xAF, 0x69, 0x98, 0x95, 0x46, 0x10, 0x3D, \ - 0x79, 0x32, 0x9F, 0xCC, 0x3D, 0x74, 0x88, 0x0F, \ - 0x33, 0xBB, 0xE8, 0x03, 0xCB -#define EC_PARAM_c2pnb163v1_y \ - 0x01, 0xEC, 0x23, 0x21, 0x1B, 0x59, 0x66, 0xAD, \ - 0xEA, 0x1D, 0x3F, 0x87, 0xF7, 0xEA, 0x58, 0x48, \ - 0xAE, 0xF0, 0xB7, 0xCA, 0x9F -#define EC_PARAM_c2pnb163v1_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xE6, 0x0F, 0xC8, 0x82, 0x1C, \ - 0xC7, 0x4D, 0xAE, 0xAF, 0xC1 -#endif - -#if 0 -/* c2pnb163v2 : X9.62 curve over a 163 bit binary field */ -#define EC_PARAM_c2pnb163v2_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01, 0x07 -#define EC_PARAM_c2pnb163v2_a \ - 0x01, 0x08, 0xB3, 0x9E, 0x77, 0xC4, 0xB1, 0x08, \ - 0xBE, 0xD9, 0x81, 0xED, 0x0E, 0x89, 0x0E, 0x11, \ - 0x7C, 0x51, 0x1C, 0xF0, 0x72 -#define EC_PARAM_c2pnb163v2_b \ - 0x06, 0x67, 0xAC, 0xEB, 0x38, 0xAF, 0x4E, 0x48, \ - 0x8C, 0x40, 0x74, 0x33, 0xFF, 0xAE, 0x4F, 0x1C, \ - 0x81, 0x16, 0x38, 0xDF, 0x20 -#define EC_PARAM_c2pnb163v2_x \ - 0x00, 0x24, 0x26, 0x6E, 0x4E, 0xB5, 0x10, 0x6D, \ - 0x0A, 0x96, 0x4D, 0x92, 0xC4, 0x86, 0x0E, 0x26, \ - 0x71, 0xDB, 0x9B, 0x6C, 0xC5 -#define EC_PARAM_c2pnb163v2_y \ - 0x07, 0x9F, 0x68, 0x4D, 0xDF, 0x66, 0x84, 0xC5, \ - 0xCD, 0x25, 0x8B, 0x38, 0x90, 0x02, 0x1B, 0x23, \ - 0x86, 0xDF, 0xD1, 0x9F, 0xC5 -#define EC_PARAM_c2pnb163v2_order \ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFD, 0xF6, 0x4D, 0xE1, 0x15, 0x1A, \ - 0xDB, 0xB7, 0x8F, 0x10, 0xA7 -#endif - -#if 0 -/* c2pnb163v3 : X9.62 curve over a 163 bit binary field */ -#define EC_PARAM_c2pnb163v3_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01, 0x07 -#define EC_PARAM_c2pnb163v3_a \ - 0x07, 0xA5, 0x26, 0xC6, 0x3D, 0x3E, 0x25, 0xA2, \ - 0x56, 0xA0, 0x07, 0x69, 0x9F, 0x54, 0x47, 0xE3, \ - 0x2A, 0xE4, 0x56, 0xB5, 0x0E -#define EC_PARAM_c2pnb163v3_b \ - 0x03, 0xF7, 0x06, 0x17, 0x98, 0xEB, 0x99, 0xE2, \ - 0x38, 0xFD, 0x6F, 0x1B, 0xF9, 0x5B, 0x48, 0xFE, \ - 0xEB, 0x48, 0x54, 0x25, 0x2B -#define EC_PARAM_c2pnb163v3_x \ - 0x02, 0xF9, 0xF8, 0x7B, 0x7C, 0x57, 0x4D, 0x0B, \ - 0xDE, 0xCF, 0x8A, 0x22, 0xE6, 0x52, 0x47, 0x75, \ - 0xF9, 0x8C, 0xDE, 0xBD, 0xCB -#define EC_PARAM_c2pnb163v3_y \ - 0x05, 0xB9, 0x35, 0x59, 0x0C, 0x15, 0x5E, 0x17, \ - 0xEA, 0x48, 0xEB, 0x3F, 0xF3, 0x71, 0x8B, 0x89, \ - 0x3D, 0xF5, 0x9A, 0x05, 0xD0 -#define EC_PARAM_c2pnb163v3_order \ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFE, 0x1A, 0xEE, 0x14, 0x0F, 0x11, \ - 0x0A, 0xFF, 0x96, 0x13, 0x09 -#endif - -#if 0 -/* c2pnb176v1 : X9.62 curve over a 176 bit binary field */ -#define EC_PARAM_c2pnb176v1_prime \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x07 -#define EC_PARAM_c2pnb176v1_a \ - 0x00, 0xE4, 0xE6, 0xDB, 0x29, 0x95, 0x06, 0x5C, \ - 0x40, 0x7D, 0x9D, 0x39, 0xB8, 0xD0, 0x96, 0x7B, \ - 0x96, 0x70, 0x4B, 0xA8, 0xE9, 0xC9, 0x0B -#define EC_PARAM_c2pnb176v1_b \ - 0x00, 0x5D, 0xDA, 0x47, 0x0A, 0xBE, 0x64, 0x14, \ - 0xDE, 0x8E, 0xC1, 0x33, 0xAE, 0x28, 0xE9, 0xBB, \ - 0xD7, 0xFC, 0xEC, 0x0A, 0xE0, 0xFF, 0xF2 -#define EC_PARAM_c2pnb176v1_x \ - 0x00, 0x8D, 0x16, 0xC2, 0x86, 0x67, 0x98, 0xB6, \ - 0x00, 0xF9, 0xF0, 0x8B, 0xB4, 0xA8, 0xE8, 0x60, \ - 0xF3, 0x29, 0x8C, 0xE0, 0x4A, 0x57, 0x98 -#define EC_PARAM_c2pnb176v1_y \ - 0x00, 0x6F, 0xA4, 0x53, 0x9C, 0x2D, 0xAD, 0xDD, \ - 0xD6, 0xBA, 0xB5, 0x16, 0x7D, 0x61, 0xB4, 0x36, \ - 0xE1, 0xD9, 0x2B, 0xB1, 0x6A, 0x56, 0x2C -#define EC_PARAM_c2pnb176v1_order \ - 0x00, 0x00, 0x01, 0x00, 0x92, 0x53, 0x73, 0x97, \ - 0xEC, 0xA4, 0xF6, 0x14, 0x57, 0x99, 0xD6, 0x2B, \ - 0x0A, 0x19, 0xCE, 0x06, 0xFE, 0x26, 0xAD -#endif - -#if 0 -/* c2tnb191v1 : X9.62 curve over a 191 bit binary field */ -#define EC_PARAM_c2tnb191v1_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_c2tnb191v1_a \ - 0x28, 0x66, 0x53, 0x7B, 0x67, 0x67, 0x52, 0x63, \ - 0x6A, 0x68, 0xF5, 0x65, 0x54, 0xE1, 0x26, 0x40, \ - 0x27, 0x6B, 0x64, 0x9E, 0xF7, 0x52, 0x62, 0x67 -#define EC_PARAM_c2tnb191v1_b \ - 0x2E, 0x45, 0xEF, 0x57, 0x1F, 0x00, 0x78, 0x6F, \ - 0x67, 0xB0, 0x08, 0x1B, 0x94, 0x95, 0xA3, 0xD9, \ - 0x54, 0x62, 0xF5, 0xDE, 0x0A, 0xA1, 0x85, 0xEC -#define EC_PARAM_c2tnb191v1_x \ - 0x36, 0xB3, 0xDA, 0xF8, 0xA2, 0x32, 0x06, 0xF9, \ - 0xC4, 0xF2, 0x99, 0xD7, 0xB2, 0x1A, 0x9C, 0x36, \ - 0x91, 0x37, 0xF2, 0xC8, 0x4A, 0xE1, 0xAA, 0x0D -#define EC_PARAM_c2tnb191v1_y \ - 0x76, 0x5B, 0xE7, 0x34, 0x33, 0xB3, 0xF9, 0x5E, \ - 0x33, 0x29, 0x32, 0xE7, 0x0E, 0xA2, 0x45, 0xCA, \ - 0x24, 0x18, 0xEA, 0x0E, 0xF9, 0x80, 0x18, 0xFB -#define EC_PARAM_c2tnb191v1_order \ - 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x04, 0xA2, 0x0E, 0x90, \ - 0xC3, 0x90, 0x67, 0xC8, 0x93, 0xBB, 0xB9, 0xA5 -#endif - -#if 0 -/* c2tnb191v2 : X9.62 curve over a 191 bit binary field */ -#define EC_PARAM_c2tnb191v2_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_c2tnb191v2_a \ - 0x40, 0x10, 0x28, 0x77, 0x4D, 0x77, 0x77, 0xC7, \ - 0xB7, 0x66, 0x6D, 0x13, 0x66, 0xEA, 0x43, 0x20, \ - 0x71, 0x27, 0x4F, 0x89, 0xFF, 0x01, 0xE7, 0x18 -#define EC_PARAM_c2tnb191v2_b \ - 0x06, 0x20, 0x04, 0x8D, 0x28, 0xBC, 0xBD, 0x03, \ - 0xB6, 0x24, 0x9C, 0x99, 0x18, 0x2B, 0x7C, 0x8C, \ - 0xD1, 0x97, 0x00, 0xC3, 0x62, 0xC4, 0x6A, 0x01 -#define EC_PARAM_c2tnb191v2_x \ - 0x38, 0x09, 0xB2, 0xB7, 0xCC, 0x1B, 0x28, 0xCC, \ - 0x5A, 0x87, 0x92, 0x6A, 0xAD, 0x83, 0xFD, 0x28, \ - 0x78, 0x9E, 0x81, 0xE2, 0xC9, 0xE3, 0xBF, 0x10 -#define EC_PARAM_c2tnb191v2_y \ - 0x17, 0x43, 0x43, 0x86, 0x62, 0x6D, 0x14, 0xF3, \ - 0xDB, 0xF0, 0x17, 0x60, 0xD9, 0x21, 0x3A, 0x3E, \ - 0x1C, 0xF3, 0x7A, 0xEC, 0x43, 0x7D, 0x66, 0x8A -#define EC_PARAM_c2tnb191v2_order \ - 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x50, 0x50, 0x8C, 0xB8, \ - 0x9F, 0x65, 0x28, 0x24, 0xE0, 0x6B, 0x81, 0x73 -#endif - -#if 0 -/* c2tnb191v3 : X9.62 curve over a 191 bit binary field */ -#define EC_PARAM_c2tnb191v3_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_c2tnb191v3_a \ - 0x6C, 0x01, 0x07, 0x47, 0x56, 0x09, 0x91, 0x22, \ - 0x22, 0x10, 0x56, 0x91, 0x1C, 0x77, 0xD7, 0x7E, \ - 0x77, 0xA7, 0x77, 0xE7, 0xE7, 0xE7, 0x7F, 0xCB -#define EC_PARAM_c2tnb191v3_b \ - 0x71, 0xFE, 0x1A, 0xF9, 0x26, 0xCF, 0x84, 0x79, \ - 0x89, 0xEF, 0xEF, 0x8D, 0xB4, 0x59, 0xF6, 0x63, \ - 0x94, 0xD9, 0x0F, 0x32, 0xAD, 0x3F, 0x15, 0xE8 -#define EC_PARAM_c2tnb191v3_x \ - 0x37, 0x5D, 0x4C, 0xE2, 0x4F, 0xDE, 0x43, 0x44, \ - 0x89, 0xDE, 0x87, 0x46, 0xE7, 0x17, 0x86, 0x01, \ - 0x50, 0x09, 0xE6, 0x6E, 0x38, 0xA9, 0x26, 0xDD -#define EC_PARAM_c2tnb191v3_y \ - 0x54, 0x5A, 0x39, 0x17, 0x61, 0x96, 0x57, 0x5D, \ - 0x98, 0x59, 0x99, 0x36, 0x6E, 0x6A, 0xD3, 0x4C, \ - 0xE0, 0xA7, 0x7C, 0xD7, 0x12, 0x7B, 0x06, 0xBE -#define EC_PARAM_c2tnb191v3_order \ - 0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, \ - 0x55, 0x55, 0x55, 0x55, 0x61, 0x0C, 0x0B, 0x19, \ - 0x68, 0x12, 0xBF, 0xB6, 0x28, 0x8A, 0x3E, 0xA3 -#endif - -#if 0 -/* c2pnb208w1 : X9.62 curve over a 208 bit binary field */ -#define EC_PARAM_c2pnb208w1_prime \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x07 -#define EC_PARAM_c2pnb208w1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00 -#define EC_PARAM_c2pnb208w1_b \ - 0x00, 0xC8, 0x61, 0x9E, 0xD4, 0x5A, 0x62, 0xE6, \ - 0x21, 0x2E, 0x11, 0x60, 0x34, 0x9E, 0x2B, 0xFA, \ - 0x84, 0x44, 0x39, 0xFA, 0xFC, 0x2A, 0x3F, 0xD1, \ - 0x63, 0x8F, 0x9E -#define EC_PARAM_c2pnb208w1_x \ - 0x00, 0x89, 0xFD, 0xFB, 0xE4, 0xAB, 0xE1, 0x93, \ - 0xDF, 0x95, 0x59, 0xEC, 0xF0, 0x7A, 0xC0, 0xCE, \ - 0x78, 0x55, 0x4E, 0x27, 0x84, 0xEB, 0x8C, 0x1E, \ - 0xD1, 0xA5, 0x7A -#define EC_PARAM_c2pnb208w1_y \ - 0x00, 0x0F, 0x55, 0xB5, 0x1A, 0x06, 0xE7, 0x8E, \ - 0x9A, 0xC3, 0x8A, 0x03, 0x5F, 0xF5, 0x20, 0xD8, \ - 0xB0, 0x17, 0x81, 0xBE, 0xB1, 0xA6, 0xBB, 0x08, \ - 0x61, 0x7D, 0xE3 -#define EC_PARAM_c2pnb208w1_order \ - 0x00, 0x00, 0x01, 0x01, 0xBA, 0xF9, 0x5C, 0x97, \ - 0x23, 0xC5, 0x7B, 0x6C, 0x21, 0xDA, 0x2E, 0xFF, \ - 0x2D, 0x5E, 0xD5, 0x88, 0xBD, 0xD5, 0x71, 0x7E, \ - 0x21, 0x2F, 0x9D -#endif - -#if 0 -/* c2tnb239v1 : X9.62 curve over a 239 bit binary field */ -#define EC_PARAM_c2tnb239v1_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x10, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_c2tnb239v1_a \ - 0x32, 0x01, 0x08, 0x57, 0x07, 0x7C, 0x54, 0x31, \ - 0x12, 0x3A, 0x46, 0xB8, 0x08, 0x90, 0x67, 0x56, \ - 0xF5, 0x43, 0x42, 0x3E, 0x8D, 0x27, 0x87, 0x75, \ - 0x78, 0x12, 0x57, 0x78, 0xAC, 0x76 -#define EC_PARAM_c2tnb239v1_b \ - 0x79, 0x04, 0x08, 0xF2, 0xEE, 0xDA, 0xF3, 0x92, \ - 0xB0, 0x12, 0xED, 0xEF, 0xB3, 0x39, 0x2F, 0x30, \ - 0xF4, 0x32, 0x7C, 0x0C, 0xA3, 0xF3, 0x1F, 0xC3, \ - 0x83, 0xC4, 0x22, 0xAA, 0x8C, 0x16 -#define EC_PARAM_c2tnb239v1_x \ - 0x57, 0x92, 0x70, 0x98, 0xFA, 0x93, 0x2E, 0x7C, \ - 0x0A, 0x96, 0xD3, 0xFD, 0x5B, 0x70, 0x6E, 0xF7, \ - 0xE5, 0xF5, 0xC1, 0x56, 0xE1, 0x6B, 0x7E, 0x7C, \ - 0x86, 0x03, 0x85, 0x52, 0xE9, 0x1D -#define EC_PARAM_c2tnb239v1_y \ - 0x61, 0xD8, 0xEE, 0x50, 0x77, 0xC3, 0x3F, 0xEC, \ - 0xF6, 0xF1, 0xA1, 0x6B, 0x26, 0x8D, 0xE4, 0x69, \ - 0xC3, 0xC7, 0x74, 0x4E, 0xA9, 0xA9, 0x71, 0x64, \ - 0x9F, 0xC7, 0xA9, 0x61, 0x63, 0x05 -#define EC_PARAM_c2tnb239v1_order \ - 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F, \ - 0x4D, 0x42, 0xFF, 0xE1, 0x49, 0x2A, 0x49, 0x93, \ - 0xF1, 0xCA, 0xD6, 0x66, 0xE4, 0x47 -#endif - -#if 0 -/* c2tnb239v2 : X9.62 curve over a 239 bit binary field */ -#define EC_PARAM_c2tnb239v2_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x10, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_c2tnb239v2_a \ - 0x42, 0x30, 0x01, 0x77, 0x57, 0xA7, 0x67, 0xFA, \ - 0xE4, 0x23, 0x98, 0x56, 0x9B, 0x74, 0x63, 0x25, \ - 0xD4, 0x53, 0x13, 0xAF, 0x07, 0x66, 0x26, 0x64, \ - 0x79, 0xB7, 0x56, 0x54, 0xE6, 0x5F -#define EC_PARAM_c2tnb239v2_b \ - 0x50, 0x37, 0xEA, 0x65, 0x41, 0x96, 0xCF, 0xF0, \ - 0xCD, 0x82, 0xB2, 0xC1, 0x4A, 0x2F, 0xCF, 0x2E, \ - 0x3F, 0xF8, 0x77, 0x52, 0x85, 0xB5, 0x45, 0x72, \ - 0x2F, 0x03, 0xEA, 0xCD, 0xB7, 0x4B -#define EC_PARAM_c2tnb239v2_x \ - 0x28, 0xF9, 0xD0, 0x4E, 0x90, 0x00, 0x69, 0xC8, \ - 0xDC, 0x47, 0xA0, 0x85, 0x34, 0xFE, 0x76, 0xD2, \ - 0xB9, 0x00, 0xB7, 0xD7, 0xEF, 0x31, 0xF5, 0x70, \ - 0x9F, 0x20, 0x0C, 0x4C, 0xA2, 0x05 -#define EC_PARAM_c2tnb239v2_y \ - 0x56, 0x67, 0x33, 0x4C, 0x45, 0xAF, 0xF3, 0xB5, \ - 0xA0, 0x3B, 0xAD, 0x9D, 0xD7, 0x5E, 0x2C, 0x71, \ - 0xA9, 0x93, 0x62, 0x56, 0x7D, 0x54, 0x53, 0xF7, \ - 0xFA, 0x6E, 0x22, 0x7E, 0xC8, 0x33 -#define EC_PARAM_c2tnb239v2_order \ - 0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, \ - 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3C, \ - 0x6F, 0x28, 0x85, 0x25, 0x9C, 0x31, 0xE3, 0xFC, \ - 0xDF, 0x15, 0x46, 0x24, 0x52, 0x2D -#endif - -#if 0 -/* c2tnb239v3 : X9.62 curve over a 239 bit binary field */ -#define EC_PARAM_c2tnb239v3_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x10, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_c2tnb239v3_a \ - 0x01, 0x23, 0x87, 0x74, 0x66, 0x6A, 0x67, 0x76, \ - 0x6D, 0x66, 0x76, 0xF7, 0x78, 0xE6, 0x76, 0xB6, \ - 0x69, 0x99, 0x17, 0x66, 0x66, 0xE6, 0x87, 0x66, \ - 0x6D, 0x87, 0x66, 0xC6, 0x6A, 0x9F -#define EC_PARAM_c2tnb239v3_b \ - 0x6A, 0x94, 0x19, 0x77, 0xBA, 0x9F, 0x6A, 0x43, \ - 0x51, 0x99, 0xAC, 0xFC, 0x51, 0x06, 0x7E, 0xD5, \ - 0x87, 0xF5, 0x19, 0xC5, 0xEC, 0xB5, 0x41, 0xB8, \ - 0xE4, 0x41, 0x11, 0xDE, 0x1D, 0x40 -#define EC_PARAM_c2tnb239v3_x \ - 0x70, 0xF6, 0xE9, 0xD0, 0x4D, 0x28, 0x9C, 0x4E, \ - 0x89, 0x91, 0x3C, 0xE3, 0x53, 0x0B, 0xFD, 0xE9, \ - 0x03, 0x97, 0x7D, 0x42, 0xB1, 0x46, 0xD5, 0x39, \ - 0xBF, 0x1B, 0xDE, 0x4E, 0x9C, 0x92 -#define EC_PARAM_c2tnb239v3_y \ - 0x2E, 0x5A, 0x0E, 0xAF, 0x6E, 0x5E, 0x13, 0x05, \ - 0xB9, 0x00, 0x4D, 0xCE, 0x5C, 0x0E, 0xD7, 0xFE, \ - 0x59, 0xA3, 0x56, 0x08, 0xF3, 0x38, 0x37, 0xC8, \ - 0x16, 0xD8, 0x0B, 0x79, 0xF4, 0x61 -#define EC_PARAM_c2tnb239v3_order \ - 0x0C, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, \ - 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xAC, \ - 0x49, 0x12, 0xD2, 0xD9, 0xDF, 0x90, 0x3E, 0xF9, \ - 0x88, 0x8B, 0x8A, 0x0E, 0x4C, 0xFF -#endif - -#if 0 -/* c2pnb272w1 : X9.62 curve over a 272 bit binary field */ -#define EC_PARAM_c2pnb272w1_prime \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x0B -#define EC_PARAM_c2pnb272w1_a \ - 0x00, 0x91, 0xA0, 0x91, 0xF0, 0x3B, 0x5F, 0xBA, \ - 0x4A, 0xB2, 0xCC, 0xF4, 0x9C, 0x4E, 0xDD, 0x22, \ - 0x0F, 0xB0, 0x28, 0x71, 0x2D, 0x42, 0xBE, 0x75, \ - 0x2B, 0x2C, 0x40, 0x09, 0x4D, 0xBA, 0xCD, 0xB5, \ - 0x86, 0xFB, 0x20 -#define EC_PARAM_c2pnb272w1_b \ - 0x00, 0x71, 0x67, 0xEF, 0xC9, 0x2B, 0xB2, 0xE3, \ - 0xCE, 0x7C, 0x8A, 0xAA, 0xFF, 0x34, 0xE1, 0x2A, \ - 0x9C, 0x55, 0x70, 0x03, 0xD7, 0xC7, 0x3A, 0x6F, \ - 0xAF, 0x00, 0x3F, 0x99, 0xF6, 0xCC, 0x84, 0x82, \ - 0xE5, 0x40, 0xF7 -#define EC_PARAM_c2pnb272w1_x \ - 0x00, 0x61, 0x08, 0xBA, 0xBB, 0x2C, 0xEE, 0xBC, \ - 0xF7, 0x87, 0x05, 0x8A, 0x05, 0x6C, 0xBE, 0x0C, \ - 0xFE, 0x62, 0x2D, 0x77, 0x23, 0xA2, 0x89, 0xE0, \ - 0x8A, 0x07, 0xAE, 0x13, 0xEF, 0x0D, 0x10, 0xD1, \ - 0x71, 0xDD, 0x8D -#define EC_PARAM_c2pnb272w1_y \ - 0x00, 0x10, 0xC7, 0x69, 0x57, 0x16, 0x85, 0x1E, \ - 0xEF, 0x6B, 0xA7, 0xF6, 0x87, 0x2E, 0x61, 0x42, \ - 0xFB, 0xD2, 0x41, 0xB8, 0x30, 0xFF, 0x5E, 0xFC, \ - 0xAC, 0xEC, 0xCA, 0xB0, 0x5E, 0x02, 0x00, 0x5D, \ - 0xDE, 0x9D, 0x23 -#define EC_PARAM_c2pnb272w1_order \ - 0x00, 0x00, 0x01, 0x00, 0xFA, 0xF5, 0x13, 0x54, \ - 0xE0, 0xE3, 0x9E, 0x48, 0x92, 0xDF, 0x6E, 0x31, \ - 0x9C, 0x72, 0xC8, 0x16, 0x16, 0x03, 0xFA, 0x45, \ - 0xAA, 0x7B, 0x99, 0x8A, 0x16, 0x7B, 0x8F, 0x1E, \ - 0x62, 0x95, 0x21 -#endif - -#if 0 -/* c2pnb304w1 : X9.62 curve over a 304 bit binary field */ -#define EC_PARAM_c2pnb304w1_prime \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x07 -#define EC_PARAM_c2pnb304w1_a \ - 0x00, 0xFD, 0x0D, 0x69, 0x31, 0x49, 0xA1, 0x18, \ - 0xF6, 0x51, 0xE6, 0xDC, 0xE6, 0x80, 0x20, 0x85, \ - 0x37, 0x7E, 0x5F, 0x88, 0x2D, 0x1B, 0x51, 0x0B, \ - 0x44, 0x16, 0x00, 0x74, 0xC1, 0x28, 0x80, 0x78, \ - 0x36, 0x5A, 0x03, 0x96, 0xC8, 0xE6, 0x81 -#define EC_PARAM_c2pnb304w1_b \ - 0x00, 0xBD, 0xDB, 0x97, 0xE5, 0x55, 0xA5, 0x0A, \ - 0x90, 0x8E, 0x43, 0xB0, 0x1C, 0x79, 0x8E, 0xA5, \ - 0xDA, 0xA6, 0x78, 0x8F, 0x1E, 0xA2, 0x79, 0x4E, \ - 0xFC, 0xF5, 0x71, 0x66, 0xB8, 0xC1, 0x40, 0x39, \ - 0x60, 0x1E, 0x55, 0x82, 0x73, 0x40, 0xBE -#define EC_PARAM_c2pnb304w1_x \ - 0x00, 0x19, 0x7B, 0x07, 0x84, 0x5E, 0x9B, 0xE2, \ - 0xD9, 0x6A, 0xDB, 0x0F, 0x5F, 0x3C, 0x7F, 0x2C, \ - 0xFF, 0xBD, 0x7A, 0x3E, 0xB8, 0xB6, 0xFE, 0xC3, \ - 0x5C, 0x7F, 0xD6, 0x7F, 0x26, 0xDD, 0xF6, 0x28, \ - 0x5A, 0x64, 0x4F, 0x74, 0x0A, 0x26, 0x14 -#define EC_PARAM_c2pnb304w1_y \ - 0x00, 0xE1, 0x9F, 0xBE, 0xB7, 0x6E, 0x0D, 0xA1, \ - 0x71, 0x51, 0x7E, 0xCF, 0x40, 0x1B, 0x50, 0x28, \ - 0x9B, 0xF0, 0x14, 0x10, 0x32, 0x88, 0x52, 0x7A, \ - 0x9B, 0x41, 0x6A, 0x10, 0x5E, 0x80, 0x26, 0x0B, \ - 0x54, 0x9F, 0xDC, 0x1B, 0x92, 0xC0, 0x3B -#define EC_PARAM_c2pnb304w1_order \ - 0x00, 0x00, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, \ - 0xAB, 0xAC, 0x80, 0x01, 0x01, 0xD5, 0x56, 0x57, \ - 0x2A, 0xAB, 0xAC, 0x80, 0x01, 0x02, 0x2D, 0x5C, \ - 0x91, 0xDD, 0x17, 0x3F, 0x8F, 0xB5, 0x61, 0xDA, \ - 0x68, 0x99, 0x16, 0x44, 0x43, 0x05, 0x1D -#endif - -#if 0 -/* c2tnb359v1 : X9.62 curve over a 359 bit binary field */ -#define EC_PARAM_c2tnb359v1_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_c2tnb359v1_a \ - 0x56, 0x67, 0x67, 0x6A, 0x65, 0x4B, 0x20, 0x75, \ - 0x4F, 0x35, 0x6E, 0xA9, 0x20, 0x17, 0xD9, 0x46, \ - 0x56, 0x7C, 0x46, 0x67, 0x55, 0x56, 0xF1, 0x95, \ - 0x56, 0xA0, 0x46, 0x16, 0xB5, 0x67, 0xD2, 0x23, \ - 0xA5, 0xE0, 0x56, 0x56, 0xFB, 0x54, 0x90, 0x16, \ - 0xA9, 0x66, 0x56, 0xA5, 0x57 -#define EC_PARAM_c2tnb359v1_b \ - 0x24, 0x72, 0xE2, 0xD0, 0x19, 0x7C, 0x49, 0x36, \ - 0x3F, 0x1F, 0xE7, 0xF5, 0xB6, 0xDB, 0x07, 0x5D, \ - 0x52, 0xB6, 0x94, 0x7D, 0x13, 0x5D, 0x8C, 0xA4, \ - 0x45, 0x80, 0x5D, 0x39, 0xBC, 0x34, 0x56, 0x26, \ - 0x08, 0x96, 0x87, 0x74, 0x2B, 0x63, 0x29, 0xE7, \ - 0x06, 0x80, 0x23, 0x19, 0x88 -#define EC_PARAM_c2tnb359v1_x \ - 0x3C, 0x25, 0x8E, 0xF3, 0x04, 0x77, 0x67, 0xE7, \ - 0xED, 0xE0, 0xF1, 0xFD, 0xAA, 0x79, 0xDA, 0xEE, \ - 0x38, 0x41, 0x36, 0x6A, 0x13, 0x2E, 0x16, 0x3A, \ - 0xCE, 0xD4, 0xED, 0x24, 0x01, 0xDF, 0x9C, 0x6B, \ - 0xDC, 0xDE, 0x98, 0xE8, 0xE7, 0x07, 0xC0, 0x7A, \ - 0x22, 0x39, 0xB1, 0xB0, 0x97 -#define EC_PARAM_c2tnb359v1_y \ - 0x53, 0xD7, 0xE0, 0x85, 0x29, 0x54, 0x70, 0x48, \ - 0x12, 0x1E, 0x9C, 0x95, 0xF3, 0x79, 0x1D, 0xD8, \ - 0x04, 0x96, 0x39, 0x48, 0xF3, 0x4F, 0xAE, 0x7B, \ - 0xF4, 0x4E, 0xA8, 0x23, 0x65, 0xDC, 0x78, 0x68, \ - 0xFE, 0x57, 0xE4, 0xAE, 0x2D, 0xE2, 0x11, 0x30, \ - 0x5A, 0x40, 0x71, 0x04, 0xBD -#define EC_PARAM_c2tnb359v1_order \ - 0x01, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, \ - 0xBC, 0xA1, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, \ - 0x86, 0xBC, 0xA1, 0xAF, 0x28, 0x6B, 0xC9, 0xFB, \ - 0x8F, 0x6B, 0x85, 0xC5, 0x56, 0x89, 0x2C, 0x20, \ - 0xA7, 0xEB, 0x96, 0x4F, 0xE7, 0x71, 0x9E, 0x74, \ - 0xF4, 0x90, 0x75, 0x8D, 0x3B -#endif - -#if 0 -/* c2pnb368w1 : X9.62 curve over a 368 bit binary field */ -#define EC_PARAM_c2pnb368w1_prime \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07 -#define EC_PARAM_c2pnb368w1_a \ - 0x00, 0xE0, 0xD2, 0xEE, 0x25, 0x09, 0x52, 0x06, \ - 0xF5, 0xE2, 0xA4, 0xF9, 0xED, 0x22, 0x9F, 0x1F, \ - 0x25, 0x6E, 0x79, 0xA0, 0xE2, 0xB4, 0x55, 0x97, \ - 0x0D, 0x8D, 0x0D, 0x86, 0x5B, 0xD9, 0x47, 0x78, \ - 0xC5, 0x76, 0xD6, 0x2F, 0x0A, 0xB7, 0x51, 0x9C, \ - 0xCD, 0x2A, 0x1A, 0x90, 0x6A, 0xE3, 0x0D -#define EC_PARAM_c2pnb368w1_b \ - 0x00, 0xFC, 0x12, 0x17, 0xD4, 0x32, 0x0A, 0x90, \ - 0x45, 0x2C, 0x76, 0x0A, 0x58, 0xED, 0xCD, 0x30, \ - 0xC8, 0xDD, 0x06, 0x9B, 0x3C, 0x34, 0x45, 0x38, \ - 0x37, 0xA3, 0x4E, 0xD5, 0x0C, 0xB5, 0x49, 0x17, \ - 0xE1, 0xC2, 0x11, 0x2D, 0x84, 0xD1, 0x64, 0xF4, \ - 0x44, 0xF8, 0xF7, 0x47, 0x86, 0x04, 0x6A -#define EC_PARAM_c2pnb368w1_x \ - 0x00, 0x10, 0x85, 0xE2, 0x75, 0x53, 0x81, 0xDC, \ - 0xCC, 0xE3, 0xC1, 0x55, 0x7A, 0xFA, 0x10, 0xC2, \ - 0xF0, 0xC0, 0xC2, 0x82, 0x56, 0x46, 0xC5, 0xB3, \ - 0x4A, 0x39, 0x4C, 0xBC, 0xFA, 0x8B, 0xC1, 0x6B, \ - 0x22, 0xE7, 0xE7, 0x89, 0xE9, 0x27, 0xBE, 0x21, \ - 0x6F, 0x02, 0xE1, 0xFB, 0x13, 0x6A, 0x5F -#define EC_PARAM_c2pnb368w1_y \ - 0x00, 0x7B, 0x3E, 0xB1, 0xBD, 0xDC, 0xBA, 0x62, \ - 0xD5, 0xD8, 0xB2, 0x05, 0x9B, 0x52, 0x57, 0x97, \ - 0xFC, 0x73, 0x82, 0x2C, 0x59, 0x05, 0x9C, 0x62, \ - 0x3A, 0x45, 0xFF, 0x38, 0x43, 0xCE, 0xE8, 0xF8, \ - 0x7C, 0xD1, 0x85, 0x5A, 0xDA, 0xA8, 0x1E, 0x2A, \ - 0x07, 0x50, 0xB8, 0x0F, 0xDA, 0x23, 0x10 -#define EC_PARAM_c2pnb368w1_order \ - 0x00, 0x00, 0x01, 0x00, 0x90, 0x51, 0x2D, 0xA9, \ - 0xAF, 0x72, 0xB0, 0x83, 0x49, 0xD9, 0x8A, 0x5D, \ - 0xD4, 0xC7, 0xB0, 0x53, 0x2E, 0xCA, 0x51, 0xCE, \ - 0x03, 0xE2, 0xD1, 0x0F, 0x3B, 0x7A, 0xC5, 0x79, \ - 0xBD, 0x87, 0xE9, 0x09, 0xAE, 0x40, 0xA6, 0xF1, \ - 0x31, 0xE9, 0xCF, 0xCE, 0x5B, 0xD9, 0x67 -#endif - -#if 0 -/* c2tnb431r1 : X9.62 curve over a 431 bit binary field */ -#define EC_PARAM_c2tnb431r1_prime \ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_c2tnb431r1_a \ - 0x1A, 0x82, 0x7E, 0xF0, 0x0D, 0xD6, 0xFC, 0x0E, \ - 0x23, 0x4C, 0xAF, 0x04, 0x6C, 0x6A, 0x5D, 0x8A, \ - 0x85, 0x39, 0x5B, 0x23, 0x6C, 0xC4, 0xAD, 0x2C, \ - 0xF3, 0x2A, 0x0C, 0xAD, 0xBD, 0xC9, 0xDD, 0xF6, \ - 0x20, 0xB0, 0xEB, 0x99, 0x06, 0xD0, 0x95, 0x7F, \ - 0x6C, 0x6F, 0xEA, 0xCD, 0x61, 0x54, 0x68, 0xDF, \ - 0x10, 0x4D, 0xE2, 0x96, 0xCD, 0x8F -#define EC_PARAM_c2tnb431r1_b \ - 0x10, 0xD9, 0xB4, 0xA3, 0xD9, 0x04, 0x7D, 0x8B, \ - 0x15, 0x43, 0x59, 0xAB, 0xFB, 0x1B, 0x7F, 0x54, \ - 0x85, 0xB0, 0x4C, 0xEB, 0x86, 0x82, 0x37, 0xDD, \ - 0xC9, 0xDE, 0xDA, 0x98, 0x2A, 0x67, 0x9A, 0x5A, \ - 0x91, 0x9B, 0x62, 0x6D, 0x4E, 0x50, 0xA8, 0xDD, \ - 0x73, 0x1B, 0x10, 0x7A, 0x99, 0x62, 0x38, 0x1F, \ - 0xB5, 0xD8, 0x07, 0xBF, 0x26, 0x18 -#define EC_PARAM_c2tnb431r1_x \ - 0x12, 0x0F, 0xC0, 0x5D, 0x3C, 0x67, 0xA9, 0x9D, \ - 0xE1, 0x61, 0xD2, 0xF4, 0x09, 0x26, 0x22, 0xFE, \ - 0xCA, 0x70, 0x1B, 0xE4, 0xF5, 0x0F, 0x47, 0x58, \ - 0x71, 0x4E, 0x8A, 0x87, 0xBB, 0xF2, 0xA6, 0x58, \ - 0xEF, 0x8C, 0x21, 0xE7, 0xC5, 0xEF, 0xE9, 0x65, \ - 0x36, 0x1F, 0x6C, 0x29, 0x99, 0xC0, 0xC2, 0x47, \ - 0xB0, 0xDB, 0xD7, 0x0C, 0xE6, 0xB7 -#define EC_PARAM_c2tnb431r1_y \ - 0x20, 0xD0, 0xAF, 0x89, 0x03, 0xA9, 0x6F, 0x8D, \ - 0x5F, 0xA2, 0xC2, 0x55, 0x74, 0x5D, 0x3C, 0x45, \ - 0x1B, 0x30, 0x2C, 0x93, 0x46, 0xD9, 0xB7, 0xE4, \ - 0x85, 0xE7, 0xBC, 0xE4, 0x1F, 0x6B, 0x59, 0x1F, \ - 0x3E, 0x8F, 0x6A, 0xDD, 0xCB, 0xB0, 0xBC, 0x4C, \ - 0x2F, 0x94, 0x7A, 0x7D, 0xE1, 0xA8, 0x9B, 0x62, \ - 0x5D, 0x6A, 0x59, 0x8B, 0x37, 0x60 -#define EC_PARAM_c2tnb431r1_order \ - 0x00, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, \ - 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, \ - 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, \ - 0x34, 0x03, 0x40, 0x34, 0x03, 0x23, 0xC3, 0x13, \ - 0xFA, 0xB5, 0x05, 0x89, 0x70, 0x3B, 0x5E, 0xC6, \ - 0x8D, 0x35, 0x87, 0xFE, 0xC6, 0x0D, 0x16, 0x1C, \ - 0xC1, 0x49, 0xC1, 0xAD, 0x4A, 0x91 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls1 : WTLS curve over a 113 bit binary field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls1_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls1_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls1_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls1_x \ - 0x01, 0x66, 0x79, 0x79, 0xA4, 0x0B, 0xA4, 0x97, \ - 0xE5, 0xD5, 0xC2, 0x70, 0x78, 0x06, 0x17 -#define EC_PARAM_wap_wsg_idm_ecid_wtls1_y \ - 0x00, 0xF4, 0x4B, 0x4A, 0xF1, 0xEC, 0xC2, 0x63, \ - 0x0E, 0x08, 0x78, 0x5C, 0xEB, 0xCC, 0x15 -#define EC_PARAM_wap_wsg_idm_ecid_wtls1_order \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFD, 0xBF, 0x91, 0xAF, 0x6D, 0xEA, 0x73 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls3 : NIST/SECG/WTLS curve over a 163 bit binary field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls3_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0xC9 -#define EC_PARAM_wap_wsg_idm_ecid_wtls3_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls3_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls3_x \ - 0x02, 0xFE, 0x13, 0xC0, 0x53, 0x7B, 0xBC, 0x11, \ - 0xAC, 0xAA, 0x07, 0xD7, 0x93, 0xDE, 0x4E, 0x6D, \ - 0x5E, 0x5C, 0x94, 0xEE, 0xE8 -#define EC_PARAM_wap_wsg_idm_ecid_wtls3_y \ - 0x02, 0x89, 0x07, 0x0F, 0xB0, 0x5D, 0x38, 0xFF, \ - 0x58, 0x32, 0x1F, 0x2E, 0x80, 0x05, 0x36, 0xD5, \ - 0x38, 0xCC, 0xDA, 0xA3, 0xD9 -#define EC_PARAM_wap_wsg_idm_ecid_wtls3_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x02, 0x01, 0x08, 0xA2, 0xE0, 0xCC, \ - 0x0D, 0x99, 0xF8, 0xA5, 0xEF -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls4 : SECG curve over a 113 bit binary field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls4_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls4_a \ - 0x00, 0x30, 0x88, 0x25, 0x0C, 0xA6, 0xE7, 0xC7, \ - 0xFE, 0x64, 0x9C, 0xE8, 0x58, 0x20, 0xF7 -#define EC_PARAM_wap_wsg_idm_ecid_wtls4_b \ - 0x00, 0xE8, 0xBE, 0xE4, 0xD3, 0xE2, 0x26, 0x07, \ - 0x44, 0x18, 0x8B, 0xE0, 0xE9, 0xC7, 0x23 -#define EC_PARAM_wap_wsg_idm_ecid_wtls4_x \ - 0x00, 0x9D, 0x73, 0x61, 0x6F, 0x35, 0xF4, 0xAB, \ - 0x14, 0x07, 0xD7, 0x35, 0x62, 0xC1, 0x0F -#define EC_PARAM_wap_wsg_idm_ecid_wtls4_y \ - 0x00, 0xA5, 0x28, 0x30, 0x27, 0x79, 0x58, 0xEE, \ - 0x84, 0xD1, 0x31, 0x5E, 0xD3, 0x18, 0x86 -#define EC_PARAM_wap_wsg_idm_ecid_wtls4_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0xD9, 0xCC, 0xEC, 0x8A, 0x39, 0xE5, 0x6F -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls5 : X9.62 curve over a 163 bit binary field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls5_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01, 0x07 -#define EC_PARAM_wap_wsg_idm_ecid_wtls5_a \ - 0x07, 0x25, 0x46, 0xB5, 0x43, 0x52, 0x34, 0xA4, \ - 0x22, 0xE0, 0x78, 0x96, 0x75, 0xF4, 0x32, 0xC8, \ - 0x94, 0x35, 0xDE, 0x52, 0x42 -#define EC_PARAM_wap_wsg_idm_ecid_wtls5_b \ - 0x00, 0xC9, 0x51, 0x7D, 0x06, 0xD5, 0x24, 0x0D, \ - 0x3C, 0xFF, 0x38, 0xC7, 0x4B, 0x20, 0xB6, 0xCD, \ - 0x4D, 0x6F, 0x9D, 0xD4, 0xD9 -#define EC_PARAM_wap_wsg_idm_ecid_wtls5_x \ - 0x07, 0xAF, 0x69, 0x98, 0x95, 0x46, 0x10, 0x3D, \ - 0x79, 0x32, 0x9F, 0xCC, 0x3D, 0x74, 0x88, 0x0F, \ - 0x33, 0xBB, 0xE8, 0x03, 0xCB -#define EC_PARAM_wap_wsg_idm_ecid_wtls5_y \ - 0x01, 0xEC, 0x23, 0x21, 0x1B, 0x59, 0x66, 0xAD, \ - 0xEA, 0x1D, 0x3F, 0x87, 0xF7, 0xEA, 0x58, 0x48, \ - 0xAE, 0xF0, 0xB7, 0xCA, 0x9F -#define EC_PARAM_wap_wsg_idm_ecid_wtls5_order \ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xE6, 0x0F, 0xC8, 0x82, 0x1C, \ - 0xC7, 0x4D, 0xAE, 0xAF, 0xC1 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls6 : SECG/WTLS curve over a 112 bit prime field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls6_prime \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ - 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x8B -#define EC_PARAM_wap_wsg_idm_ecid_wtls6_a \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ - 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x88 -#define EC_PARAM_wap_wsg_idm_ecid_wtls6_b \ - 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, \ - 0xDE, 0x89, 0x11, 0x70, 0x2B, 0x22 -#define EC_PARAM_wap_wsg_idm_ecid_wtls6_x \ - 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, \ - 0x6B, 0x55, 0xF9, 0xC2, 0xF0, 0x98 -#define EC_PARAM_wap_wsg_idm_ecid_wtls6_y \ - 0xA8, 0x9C, 0xE5, 0xAF, 0x87, 0x24, 0xC0, 0xA2, \ - 0x3E, 0x0E, 0x0F, 0xF7, 0x75, 0x00 -#define EC_PARAM_wap_wsg_idm_ecid_wtls6_order \ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, \ - 0x28, 0xDF, 0xAC, 0x65, 0x61, 0xC5 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls7 : SECG/WTLS curve over a 160 bit prime field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls7_prime \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFE, 0xFF, 0xFF, 0xAC, 0x73 -#define EC_PARAM_wap_wsg_idm_ecid_wtls7_a \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFE, 0xFF, 0xFF, 0xAC, 0x70 -#define EC_PARAM_wap_wsg_idm_ecid_wtls7_b \ - 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, \ - 0x8B, 0xAB, 0x57, 0x27, 0x49, 0x04, 0x66, 0x4D, \ - 0x5A, 0xF5, 0x03, 0x88, 0xBA -#define EC_PARAM_wap_wsg_idm_ecid_wtls7_x \ - 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, \ - 0x7E, 0x1F, 0x4F, 0xF1, 0x1B, 0x30, 0xF7, 0x19, \ - 0x9D, 0x31, 0x44, 0xCE, 0x6D -#define EC_PARAM_wap_wsg_idm_ecid_wtls7_y \ - 0x00, 0xFE, 0xAF, 0xFE, 0xF2, 0xE3, 0x31, 0xF2, \ - 0x96, 0xE0, 0x71, 0xFA, 0x0D, 0xF9, 0x98, 0x2C, \ - 0xFE, 0xA7, 0xD4, 0x3F, 0x2E -#define EC_PARAM_wap_wsg_idm_ecid_wtls7_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x35, 0x1E, 0xE7, 0x86, 0xA8, \ - 0x18, 0xF3, 0xA1, 0xA1, 0x6B -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls8 : WTLS curve over a 112 bit prime field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls8_prime \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xE7 -#define EC_PARAM_wap_wsg_idm_ecid_wtls8_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_wap_wsg_idm_ecid_wtls8_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 -#define EC_PARAM_wap_wsg_idm_ecid_wtls8_x \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls8_y \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 -#define EC_PARAM_wap_wsg_idm_ecid_wtls8_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, \ - 0xEC, 0xEA, 0x55, 0x1A, 0xD8, 0x37, 0xE9 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls9 : WTLS curve over a 160 bit prime field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls9_prime \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFC, 0x80, 0x8F -#define EC_PARAM_wap_wsg_idm_ecid_wtls9_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_wap_wsg_idm_ecid_wtls9_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x03 -#define EC_PARAM_wap_wsg_idm_ecid_wtls9_x \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls9_y \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x02 -#define EC_PARAM_wap_wsg_idm_ecid_wtls9_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xCD, 0xC9, 0x8A, 0xE0, 0xE2, \ - 0xDE, 0x57, 0x4A, 0xBF, 0x33 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls10 : NIST/SECG/WTLS curve over a 233 bit binary field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls10_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls10_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_wap_wsg_idm_ecid_wtls10_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls10_x \ - 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, \ - 0x1A, 0xF1, 0x29, 0xF2, 0x2F, 0xF4, 0x14, 0x95, \ - 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C, \ - 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26 -#define EC_PARAM_wap_wsg_idm_ecid_wtls10_y \ - 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, \ - 0xF7, 0x0F, 0x55, 0x5A, 0x67, 0xC4, 0x27, 0xA8, \ - 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0, \ - 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3 -#define EC_PARAM_wap_wsg_idm_ecid_wtls10_order \ - 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, \ - 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, \ - 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls11 : NIST/SECG/WTLS curve over a 233 bit binary field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls11_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls11_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls11_b \ - 0x00, 0x66, 0x64, 0x7E, 0xDE, 0x6C, 0x33, 0x2C, \ - 0x7F, 0x8C, 0x09, 0x23, 0xBB, 0x58, 0x21, 0x3B, \ - 0x33, 0x3B, 0x20, 0xE9, 0xCE, 0x42, 0x81, 0xFE, \ - 0x11, 0x5F, 0x7D, 0x8F, 0x90, 0xAD -#define EC_PARAM_wap_wsg_idm_ecid_wtls11_x \ - 0x00, 0xFA, 0xC9, 0xDF, 0xCB, 0xAC, 0x83, 0x13, \ - 0xBB, 0x21, 0x39, 0xF1, 0xBB, 0x75, 0x5F, 0xEF, \ - 0x65, 0xBC, 0x39, 0x1F, 0x8B, 0x36, 0xF8, 0xF8, \ - 0xEB, 0x73, 0x71, 0xFD, 0x55, 0x8B -#define EC_PARAM_wap_wsg_idm_ecid_wtls11_y \ - 0x01, 0x00, 0x6A, 0x08, 0xA4, 0x19, 0x03, 0x35, \ - 0x06, 0x78, 0xE5, 0x85, 0x28, 0xBE, 0xBF, 0x8A, \ - 0x0B, 0xEF, 0xF8, 0x67, 0xA7, 0xCA, 0x36, 0x71, \ - 0x6F, 0x7E, 0x01, 0xF8, 0x10, 0x52 -#define EC_PARAM_wap_wsg_idm_ecid_wtls11_order \ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, \ - 0xE9, 0x74, 0xE7, 0x2F, 0x8A, 0x69, 0x22, 0x03, \ - 0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7 -#endif - -#if 0 -/* wap-wsg-idm-ecid-wtls12 : WTLS curve over a 224 bit prime field */ -#define EC_PARAM_wap_wsg_idm_ecid_wtls12_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_wap_wsg_idm_ecid_wtls12_a \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFE -#define EC_PARAM_wap_wsg_idm_ecid_wtls12_b \ - 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, \ - 0xF5, 0x41, 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, \ - 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, \ - 0x23, 0x55, 0xFF, 0xB4 -#define EC_PARAM_wap_wsg_idm_ecid_wtls12_x \ - 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, \ - 0x32, 0x13, 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, \ - 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, \ - 0x11, 0x5C, 0x1D, 0x21 -#define EC_PARAM_wap_wsg_idm_ecid_wtls12_y \ - 0xBD, 0x37, 0x63, 0x88, 0xB5, 0xF7, 0x23, 0xFB, \ - 0x4C, 0x22, 0xDF, 0xE6, 0xCD, 0x43, 0x75, 0xA0, \ - 0x5A, 0x07, 0x47, 0x64, 0x44, 0xD5, 0x81, 0x99, \ - 0x85, 0x00, 0x7E, 0x34 -#define EC_PARAM_wap_wsg_idm_ecid_wtls12_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, \ - 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, \ - 0x5C, 0x5C, 0x2A, 0x3D -#endif - -#if 0 -/* Oakley-EC2N-3 : - IPSec/IKE/Oakley curve #3 over a 155 bit binary field. - Not suitable for ECDSA. - Questionable extension field! */ -#define EC_PARAM_Oakley_EC2N_3_prime \ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_Oakley_EC2N_3_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_Oakley_EC2N_3_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x07, 0x33, 0x8F -#define EC_PARAM_Oakley_EC2N_3_x \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x7B -#define EC_PARAM_Oakley_EC2N_3_y \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x01, 0xC8 -#define EC_PARAM_Oakley_EC2N_3_order \ - 0x02, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, \ - 0xAA, 0xAA, 0xC7, 0xF3, 0xC7, 0x88, 0x1B, 0xD0, \ - 0x86, 0x8F, 0xA8, 0x6C -#endif - -#if 0 -/* Oakley-EC2N-4 : - IPSec/IKE/Oakley curve #4 over a 185 bit binary field. - Not suitable for ECDSA. - Questionable extension field! */ -#define EC_PARAM_Oakley_EC2N_4_prime \ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_Oakley_EC2N_4_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_Oakley_EC2N_4_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1E, 0xE9 -#define EC_PARAM_Oakley_EC2N_4_x \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18 -#define EC_PARAM_Oakley_EC2N_4_y \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D -#define EC_PARAM_Oakley_EC2N_4_order \ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xED, 0xF9, 0x7C, 0x44, \ - 0xDB, 0x9F, 0x24, 0x20, 0xBA, 0xFC, 0xA7, 0x5E -#endif - -#if 1 -/* brainpoolP160r1 : RFC 5639 curve over a 160 bit prime field */ -#define EC_PARAM_brainpoolP160r1_prime \ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ - 0x60, 0xDF, 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, \ - 0x95, 0x15, 0x62, 0x0F -#define EC_PARAM_brainpoolP160r1_a \ - 0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, \ - 0xE2, 0xBE, 0x61, 0xBA, 0xDA, 0x74, 0x5D, 0x97, \ - 0xE8, 0xF7, 0xC3, 0x00 -#define EC_PARAM_brainpoolP160r1_b \ - 0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, \ - 0x13, 0x4F, 0xAA, 0x2D, 0xBD, 0xEC, 0x95, 0xC8, \ - 0xD8, 0x67, 0x5E, 0x58 -#define EC_PARAM_brainpoolP160r1_x \ - 0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, \ - 0x62, 0x93, 0x8C, 0x46, 0x31, 0xEB, 0x5A, 0xF7, \ - 0xBD, 0xBC, 0xDB, 0xC3 -#define EC_PARAM_brainpoolP160r1_y \ - 0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, \ - 0x38, 0xF9, 0x47, 0x41, 0x66, 0x9C, 0x97, 0x63, \ - 0x16, 0xDA, 0x63, 0x21 -#define EC_PARAM_brainpoolP160r1_order \ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ - 0x60, 0xDF, 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40, \ - 0x9E, 0x60, 0xFC, 0x09 -#endif - -#if 1 -/* brainpoolP160t1 : RFC 5639 curve over a 160 bit prime field */ -#define EC_PARAM_brainpoolP160t1_prime \ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ - 0x60, 0xDF, 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, \ - 0x95, 0x15, 0x62, 0x0F -#define EC_PARAM_brainpoolP160t1_a \ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ - 0x60, 0xDF, 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, \ - 0x95, 0x15, 0x62, 0x0C -#define EC_PARAM_brainpoolP160t1_b \ - 0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, \ - 0x51, 0xED, 0x2C, 0x4D, 0x7D, 0xAA, 0x7A, 0x0B, \ - 0x5C, 0x55, 0xF3, 0x80 -#define EC_PARAM_brainpoolP160t1_x \ - 0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, \ - 0x39, 0x7E, 0x64, 0xBA, 0xEB, 0x05, 0xAC, 0xC2, \ - 0x65, 0xFF, 0x23, 0x78 -#define EC_PARAM_brainpoolP160t1_y \ - 0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, \ - 0xF0, 0x99, 0x1B, 0x84, 0x24, 0x43, 0x77, 0x21, \ - 0x52, 0xC9, 0xE0, 0xAD -#define EC_PARAM_brainpoolP160t1_order \ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ - 0x60, 0xDF, 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40, \ - 0x9E, 0x60, 0xFC, 0x09 -#endif - -#if 1 -/* brainpoolP192r1 : RFC 5639 curve over a 192 bit prime field */ -#define EC_PARAM_brainpoolP192r1_prime \ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ - 0xA7, 0xA3, 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, \ - 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97 -#define EC_PARAM_brainpoolP192r1_a \ - 0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, \ - 0x9C, 0x39, 0xC0, 0x31, 0xFE, 0x86, 0x85, 0xC1, \ - 0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF -#define EC_PARAM_brainpoolP192r1_b \ - 0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, \ - 0xDC, 0x72, 0x1D, 0x04, 0x4F, 0x44, 0x96, 0xBC, \ - 0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9 -#define EC_PARAM_brainpoolP192r1_x \ - 0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, \ - 0x53, 0xB0, 0x33, 0xC5, 0x6C, 0xB0, 0xF0, 0x90, \ - 0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6 -#define EC_PARAM_brainpoolP192r1_y \ - 0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, \ - 0x8B, 0x5F, 0x48, 0x28, 0xC1, 0x49, 0x00, 0x02, \ - 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F -#define EC_PARAM_brainpoolP192r1_order \ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ - 0xA7, 0xA3, 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B, \ - 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 -#endif - -#if 1 -/* brainpoolP192t1 : RFC 5639 curve over a 192 bit prime field */ -#define EC_PARAM_brainpoolP192t1_prime \ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ - 0xA7, 0xA3, 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, \ - 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97 -#define EC_PARAM_brainpoolP192t1_a \ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ - 0xA7, 0xA3, 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, \ - 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x94 -#define EC_PARAM_brainpoolP192t1_b \ - 0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, \ - 0x68, 0xF9, 0xDE, 0xB4, 0x3B, 0x35, 0xBE, 0xC2, \ - 0xFB, 0x68, 0x54, 0x2E, 0x27, 0x89, 0x7B, 0x79 -#define EC_PARAM_brainpoolP192t1_x \ - 0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, \ - 0x28, 0x2E, 0x1F, 0xE7, 0xBB, 0xF4, 0x3F, 0xA7, \ - 0x2C, 0x44, 0x6A, 0xF6, 0xF4, 0x61, 0x81, 0x29 -#define EC_PARAM_brainpoolP192t1_y \ - 0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, \ - 0x90, 0x2A, 0xB5, 0xCA, 0x44, 0x9D, 0x00, 0x84, \ - 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9 -#define EC_PARAM_brainpoolP192t1_order \ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ - 0xA7, 0xA3, 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B, \ - 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 -#endif - -#if 1 -/* brainpoolP224r1 : RFC 5639 curve over a 224 bit prime field */ -#define EC_PARAM_brainpoolP224r1_prime \ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ - 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, \ - 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, \ - 0x7E, 0xC8, 0xC0, 0xFF -#define EC_PARAM_brainpoolP224r1_a \ - 0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, \ - 0x29, 0x98, 0x03, 0xA6, 0xC1, 0x53, 0x0B, 0x51, \ - 0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59, \ - 0xCA, 0xD2, 0x9F, 0x43 -#define EC_PARAM_brainpoolP224r1_b \ - 0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, \ - 0x87, 0x07, 0x13, 0xB1, 0xA9, 0x23, 0x69, 0xE3, \ - 0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72, \ - 0x38, 0x6C, 0x40, 0x0B -#define EC_PARAM_brainpoolP224r1_x \ - 0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, \ - 0x34, 0x08, 0x23, 0xB2, 0xA8, 0x7D, 0xC6, 0x8C, \ - 0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD, \ - 0xEE, 0x12, 0xC0, 0x7D -#define EC_PARAM_brainpoolP224r1_y \ - 0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, \ - 0x24, 0xC6, 0xB8, 0x9E, 0x4E, 0xCD, 0xAC, 0x24, \ - 0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3, \ - 0x76, 0x14, 0x02, 0xCD -#define EC_PARAM_brainpoolP224r1_order \ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ - 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, \ - 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, \ - 0xA5, 0xA7, 0x93, 0x9F -#endif - -#if 1 -/* brainpoolP224t1 : RFC 5639 curve over a 224 bit prime field */ -#define EC_PARAM_brainpoolP224t1_prime \ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ - 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, \ - 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, \ - 0x7E, 0xC8, 0xC0, 0xFF -#define EC_PARAM_brainpoolP224t1_a \ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ - 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, \ - 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, \ - 0x7E, 0xC8, 0xC0, 0xFC -#define EC_PARAM_brainpoolP224t1_b \ - 0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, \ - 0xEF, 0x27, 0x1B, 0xF6, 0x0C, 0xED, 0x1E, 0xD2, \ - 0x0D, 0xA1, 0x4C, 0x08, 0xB3, 0xBB, 0x64, 0xF1, \ - 0x8A, 0x60, 0x88, 0x8D -#define EC_PARAM_brainpoolP224t1_x \ - 0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, \ - 0x96, 0x42, 0x4E, 0x7F, 0xFE, 0x14, 0x76, 0x2E, \ - 0xCB, 0x49, 0xF8, 0x92, 0x8A, 0xC0, 0xC7, 0x60, \ - 0x29, 0xB4, 0xD5, 0x80 -#define EC_PARAM_brainpoolP224t1_y \ - 0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, \ - 0xD2, 0x3F, 0x3F, 0x4D, 0x7C, 0x0D, 0x4B, 0x1E, \ - 0x41, 0xC8, 0xCC, 0x0D, 0x1C, 0x6A, 0xBD, 0x5F, \ - 0x1A, 0x46, 0xDB, 0x4C -#define EC_PARAM_brainpoolP224t1_order \ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ - 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, \ - 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, \ - 0xA5, 0xA7, 0x93, 0x9F -#endif - -#if 1 -/* brainpoolP256r1 : RFC 5639 curve over a 256 bit prime field */ -#define EC_PARAM_brainpoolP256r1_prime \ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ - 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, \ - 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, \ - 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77 -#define EC_PARAM_brainpoolP256r1_a \ - 0x7D, 0x5A, 0x09, 0x75, 0xFC, 0x2C, 0x30, 0x57, \ - 0xEE, 0xF6, 0x75, 0x30, 0x41, 0x7A, 0xFF, 0xE7, \ - 0xFB, 0x80, 0x55, 0xC1, 0x26, 0xDC, 0x5C, 0x6C, \ - 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9 -#define EC_PARAM_brainpoolP256r1_b \ - 0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, \ - 0xF3, 0x30, 0xB5, 0xD9, 0xBB, 0xD7, 0x7C, 0xBF, \ - 0x95, 0x84, 0x16, 0x29, 0x5C, 0xF7, 0xE1, 0xCE, \ - 0x6B, 0xCC, 0xDC, 0x18, 0xFF, 0x8C, 0x07, 0xB6 -#define EC_PARAM_brainpoolP256r1_x \ - 0x8B, 0xD2, 0xAE, 0xB9, 0xCB, 0x7E, 0x57, 0xCB, \ - 0x2C, 0x4B, 0x48, 0x2F, 0xFC, 0x81, 0xB7, 0xAF, \ - 0xB9, 0xDE, 0x27, 0xE1, 0xE3, 0xBD, 0x23, 0xC2, \ - 0x3A, 0x44, 0x53, 0xBD, 0x9A, 0xCE, 0x32, 0x62 -#define EC_PARAM_brainpoolP256r1_y \ - 0x54, 0x7E, 0xF8, 0x35, 0xC3, 0xDA, 0xC4, 0xFD, \ - 0x97, 0xF8, 0x46, 0x1A, 0x14, 0x61, 0x1D, 0xC9, \ - 0xC2, 0x77, 0x45, 0x13, 0x2D, 0xED, 0x8E, 0x54, \ - 0x5C, 0x1D, 0x54, 0xC7, 0x2F, 0x04, 0x69, 0x97 -#define EC_PARAM_brainpoolP256r1_order \ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ - 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, \ - 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7, \ - 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7 -#endif - -#if 1 -/* brainpoolP256t1 : RFC 5639 curve over a 256 bit prime field */ -#define EC_PARAM_brainpoolP256t1_prime \ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ - 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, \ - 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, \ - 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77 -#define EC_PARAM_brainpoolP256t1_a \ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ - 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, \ - 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, \ - 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x74 -#define EC_PARAM_brainpoolP256t1_b \ - 0x66, 0x2C, 0x61, 0xC4, 0x30, 0xD8, 0x4E, 0xA4, \ - 0xFE, 0x66, 0xA7, 0x73, 0x3D, 0x0B, 0x76, 0xB7, \ - 0xBF, 0x93, 0xEB, 0xC4, 0xAF, 0x2F, 0x49, 0x25, \ - 0x6A, 0xE5, 0x81, 0x01, 0xFE, 0xE9, 0x2B, 0x04 -#define EC_PARAM_brainpoolP256t1_x \ - 0xA3, 0xE8, 0xEB, 0x3C, 0xC1, 0xCF, 0xE7, 0xB7, \ - 0x73, 0x22, 0x13, 0xB2, 0x3A, 0x65, 0x61, 0x49, \ - 0xAF, 0xA1, 0x42, 0xC4, 0x7A, 0xAF, 0xBC, 0x2B, \ - 0x79, 0xA1, 0x91, 0x56, 0x2E, 0x13, 0x05, 0xF4 -#define EC_PARAM_brainpoolP256t1_y \ - 0x2D, 0x99, 0x6C, 0x82, 0x34, 0x39, 0xC5, 0x6D, \ - 0x7F, 0x7B, 0x22, 0xE1, 0x46, 0x44, 0x41, 0x7E, \ - 0x69, 0xBC, 0xB6, 0xDE, 0x39, 0xD0, 0x27, 0x00, \ - 0x1D, 0xAB, 0xE8, 0xF3, 0x5B, 0x25, 0xC9, 0xBE -#define EC_PARAM_brainpoolP256t1_order \ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ - 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, \ - 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7, \ - 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7 -#endif - -#if 1 -/* brainpoolP320r1 : RFC 5639 curve over a 320 bit prime field */ -#define EC_PARAM_brainpoolP320r1_prime \ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ - 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ - 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, \ - 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, \ - 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27 -#define EC_PARAM_brainpoolP320r1_a \ - 0x3E, 0xE3, 0x0B, 0x56, 0x8F, 0xBA, 0xB0, 0xF8, \ - 0x83, 0xCC, 0xEB, 0xD4, 0x6D, 0x3F, 0x3B, 0xB8, \ - 0xA2, 0xA7, 0x35, 0x13, 0xF5, 0xEB, 0x79, 0xDA, \ - 0x66, 0x19, 0x0E, 0xB0, 0x85, 0xFF, 0xA9, 0xF4, \ - 0x92, 0xF3, 0x75, 0xA9, 0x7D, 0x86, 0x0E, 0xB4 -#define EC_PARAM_brainpoolP320r1_b \ - 0x52, 0x08, 0x83, 0x94, 0x9D, 0xFD, 0xBC, 0x42, \ - 0xD3, 0xAD, 0x19, 0x86, 0x40, 0x68, 0x8A, 0x6F, \ - 0xE1, 0x3F, 0x41, 0x34, 0x95, 0x54, 0xB4, 0x9A, \ - 0xCC, 0x31, 0xDC, 0xCD, 0x88, 0x45, 0x39, 0x81, \ - 0x6F, 0x5E, 0xB4, 0xAC, 0x8F, 0xB1, 0xF1, 0xA6 -#define EC_PARAM_brainpoolP320r1_x \ - 0x43, 0xBD, 0x7E, 0x9A, 0xFB, 0x53, 0xD8, 0xB8, \ - 0x52, 0x89, 0xBC, 0xC4, 0x8E, 0xE5, 0xBF, 0xE6, \ - 0xF2, 0x01, 0x37, 0xD1, 0x0A, 0x08, 0x7E, 0xB6, \ - 0xE7, 0x87, 0x1E, 0x2A, 0x10, 0xA5, 0x99, 0xC7, \ - 0x10, 0xAF, 0x8D, 0x0D, 0x39, 0xE2, 0x06, 0x11 -#define EC_PARAM_brainpoolP320r1_y \ - 0x14, 0xFD, 0xD0, 0x55, 0x45, 0xEC, 0x1C, 0xC8, \ - 0xAB, 0x40, 0x93, 0x24, 0x7F, 0x77, 0x27, 0x5E, \ - 0x07, 0x43, 0xFF, 0xED, 0x11, 0x71, 0x82, 0xEA, \ - 0xA9, 0xC7, 0x78, 0x77, 0xAA, 0xAC, 0x6A, 0xC7, \ - 0xD3, 0x52, 0x45, 0xD1, 0x69, 0x2E, 0x8E, 0xE1 -#define EC_PARAM_brainpoolP320r1_order \ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ - 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ - 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3, \ - 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, \ - 0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11 -#endif - -#if 1 -/* brainpoolP320t1 : RFC 5639 curve over a 320 bit prime field */ -#define EC_PARAM_brainpoolP320t1_prime \ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ - 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ - 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, \ - 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, \ - 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27 -#define EC_PARAM_brainpoolP320t1_a \ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ - 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ - 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, \ - 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, \ - 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x24 -#define EC_PARAM_brainpoolP320t1_b \ - 0xA7, 0xF5, 0x61, 0xE0, 0x38, 0xEB, 0x1E, 0xD5, \ - 0x60, 0xB3, 0xD1, 0x47, 0xDB, 0x78, 0x20, 0x13, \ - 0x06, 0x4C, 0x19, 0xF2, 0x7E, 0xD2, 0x7C, 0x67, \ - 0x80, 0xAA, 0xF7, 0x7F, 0xB8, 0xA5, 0x47, 0xCE, \ - 0xB5, 0xB4, 0xFE, 0xF4, 0x22, 0x34, 0x03, 0x53 -#define EC_PARAM_brainpoolP320t1_x \ - 0x92, 0x5B, 0xE9, 0xFB, 0x01, 0xAF, 0xC6, 0xFB, \ - 0x4D, 0x3E, 0x7D, 0x49, 0x90, 0x01, 0x0F, 0x81, \ - 0x34, 0x08, 0xAB, 0x10, 0x6C, 0x4F, 0x09, 0xCB, \ - 0x7E, 0xE0, 0x78, 0x68, 0xCC, 0x13, 0x6F, 0xFF, \ - 0x33, 0x57, 0xF6, 0x24, 0xA2, 0x1B, 0xED, 0x52 -#define EC_PARAM_brainpoolP320t1_y \ - 0x63, 0xBA, 0x3A, 0x7A, 0x27, 0x48, 0x3E, 0xBF, \ - 0x66, 0x71, 0xDB, 0xEF, 0x7A, 0xBB, 0x30, 0xEB, \ - 0xEE, 0x08, 0x4E, 0x58, 0xA0, 0xB0, 0x77, 0xAD, \ - 0x42, 0xA5, 0xA0, 0x98, 0x9D, 0x1E, 0xE7, 0x1B, \ - 0x1B, 0x9B, 0xC0, 0x45, 0x5F, 0xB0, 0xD2, 0xC3 -#define EC_PARAM_brainpoolP320t1_order \ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ - 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ - 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3, \ - 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, \ - 0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11 -#endif - -#if 1 -/* brainpoolP384r1 : RFC 5639 curve over a 384 bit prime field */ -#define EC_PARAM_brainpoolP384r1_prime \ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ - 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ - 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, \ - 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, \ - 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, \ - 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53 -#define EC_PARAM_brainpoolP384r1_a \ - 0x7B, 0xC3, 0x82, 0xC6, 0x3D, 0x8C, 0x15, 0x0C, \ - 0x3C, 0x72, 0x08, 0x0A, 0xCE, 0x05, 0xAF, 0xA0, \ - 0xC2, 0xBE, 0xA2, 0x8E, 0x4F, 0xB2, 0x27, 0x87, \ - 0x13, 0x91, 0x65, 0xEF, 0xBA, 0x91, 0xF9, 0x0F, \ - 0x8A, 0xA5, 0x81, 0x4A, 0x50, 0x3A, 0xD4, 0xEB, \ - 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26 -#define EC_PARAM_brainpoolP384r1_b \ - 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, \ - 0x8B, 0x39, 0xB5, 0x54, 0x16, 0xF0, 0x44, 0x7C, \ - 0x2F, 0xB7, 0x7D, 0xE1, 0x07, 0xDC, 0xD2, 0xA6, \ - 0x2E, 0x88, 0x0E, 0xA5, 0x3E, 0xEB, 0x62, 0xD5, \ - 0x7C, 0xB4, 0x39, 0x02, 0x95, 0xDB, 0xC9, 0x94, \ - 0x3A, 0xB7, 0x86, 0x96, 0xFA, 0x50, 0x4C, 0x11 -#define EC_PARAM_brainpoolP384r1_x \ - 0x1D, 0x1C, 0x64, 0xF0, 0x68, 0xCF, 0x45, 0xFF, \ - 0xA2, 0xA6, 0x3A, 0x81, 0xB7, 0xC1, 0x3F, 0x6B, \ - 0x88, 0x47, 0xA3, 0xE7, 0x7E, 0xF1, 0x4F, 0xE3, \ - 0xDB, 0x7F, 0xCA, 0xFE, 0x0C, 0xBD, 0x10, 0xE8, \ - 0xE8, 0x26, 0xE0, 0x34, 0x36, 0xD6, 0x46, 0xAA, \ - 0xEF, 0x87, 0xB2, 0xE2, 0x47, 0xD4, 0xAF, 0x1E -#define EC_PARAM_brainpoolP384r1_y \ - 0x8A, 0xBE, 0x1D, 0x75, 0x20, 0xF9, 0xC2, 0xA4, \ - 0x5C, 0xB1, 0xEB, 0x8E, 0x95, 0xCF, 0xD5, 0x52, \ - 0x62, 0xB7, 0x0B, 0x29, 0xFE, 0xEC, 0x58, 0x64, \ - 0xE1, 0x9C, 0x05, 0x4F, 0xF9, 0x91, 0x29, 0x28, \ - 0x0E, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11, \ - 0x42, 0x82, 0x03, 0x41, 0x26, 0x3C, 0x53, 0x15 -#define EC_PARAM_brainpoolP384r1_order \ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ - 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ - 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, \ - 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, \ - 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, \ - 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 -#endif - -#if 1 -/* brainpoolP384t1 : RFC 5639 curve over a 384 bit prime field */ -#define EC_PARAM_brainpoolP384t1_prime \ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ - 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ - 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, \ - 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, \ - 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, \ - 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53 -#define EC_PARAM_brainpoolP384t1_a \ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ - 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ - 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, \ - 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, \ - 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, \ - 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x50 -#define EC_PARAM_brainpoolP384t1_b \ - 0x7F, 0x51, 0x9E, 0xAD, 0xA7, 0xBD, 0xA8, 0x1B, \ - 0xD8, 0x26, 0xDB, 0xA6, 0x47, 0x91, 0x0F, 0x8C, \ - 0x4B, 0x93, 0x46, 0xED, 0x8C, 0xCD, 0xC6, 0x4E, \ - 0x4B, 0x1A, 0xBD, 0x11, 0x75, 0x6D, 0xCE, 0x1D, \ - 0x20, 0x74, 0xAA, 0x26, 0x3B, 0x88, 0x80, 0x5C, \ - 0xED, 0x70, 0x35, 0x5A, 0x33, 0xB4, 0x71, 0xEE -#define EC_PARAM_brainpoolP384t1_x \ - 0x18, 0xDE, 0x98, 0xB0, 0x2D, 0xB9, 0xA3, 0x06, \ - 0xF2, 0xAF, 0xCD, 0x72, 0x35, 0xF7, 0x2A, 0x81, \ - 0x9B, 0x80, 0xAB, 0x12, 0xEB, 0xD6, 0x53, 0x17, \ - 0x24, 0x76, 0xFE, 0xCD, 0x46, 0x2A, 0xAB, 0xFF, \ - 0xC4, 0xFF, 0x19, 0x1B, 0x94, 0x6A, 0x5F, 0x54, \ - 0xD8, 0xD0, 0xAA, 0x2F, 0x41, 0x88, 0x08, 0xCC -#define EC_PARAM_brainpoolP384t1_y \ - 0x25, 0xAB, 0x05, 0x69, 0x62, 0xD3, 0x06, 0x51, \ - 0xA1, 0x14, 0xAF, 0xD2, 0x75, 0x5A, 0xD3, 0x36, \ - 0x74, 0x7F, 0x93, 0x47, 0x5B, 0x7A, 0x1F, 0xCA, \ - 0x3B, 0x88, 0xF2, 0xB6, 0xA2, 0x08, 0xCC, 0xFE, \ - 0x46, 0x94, 0x08, 0x58, 0x4D, 0xC2, 0xB2, 0x91, \ - 0x26, 0x75, 0xBF, 0x5B, 0x9E, 0x58, 0x29, 0x28 -#define EC_PARAM_brainpoolP384t1_order \ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ - 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ - 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, \ - 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, \ - 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, \ - 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 -#endif - -#if 1 -/* brainpoolP512r1 : RFC 5639 curve over a 512 bit prime field */ -#define EC_PARAM_brainpoolP512r1_prime \ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ - 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ - 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, \ - 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, \ - 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, \ - 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, \ - 0x28, 0xAA, 0x60, 0x56, 0x58, 0x3A, 0x48, 0xF3 -#define EC_PARAM_brainpoolP512r1_a \ - 0x78, 0x30, 0xA3, 0x31, 0x8B, 0x60, 0x3B, 0x89, \ - 0xE2, 0x32, 0x71, 0x45, 0xAC, 0x23, 0x4C, 0xC5, \ - 0x94, 0xCB, 0xDD, 0x8D, 0x3D, 0xF9, 0x16, 0x10, \ - 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC, \ - 0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1, \ - 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5, \ - 0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, \ - 0xE7, 0xC1, 0xAC, 0x4D, 0x77, 0xFC, 0x94, 0xCA -#define EC_PARAM_brainpoolP512r1_b \ - 0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, \ - 0xEA, 0x98, 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A, \ - 0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9, \ - 0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, 0x17, 0xA7, \ - 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D, \ - 0x77, 0xFC, 0x94, 0xCA, 0xDC, 0x08, 0x3E, 0x67, \ - 0x98, 0x40, 0x50, 0xB7, 0x5E, 0xBA, 0xE5, 0xDD, \ - 0x28, 0x09, 0xBD, 0x63, 0x80, 0x16, 0xF7, 0x23 -#define EC_PARAM_brainpoolP512r1_x \ - 0x81, 0xAE, 0xE4, 0xBD, 0xD8, 0x2E, 0xD9, 0x64, \ - 0x5A, 0x21, 0x32, 0x2E, 0x9C, 0x4C, 0x6A, 0x93, \ - 0x85, 0xED, 0x9F, 0x70, 0xB5, 0xD9, 0x16, 0xC1, \ - 0xB4, 0x3B, 0x62, 0xEE, 0xF4, 0xD0, 0x09, 0x8E, \ - 0xFF, 0x3B, 0x1F, 0x78, 0xE2, 0xD0, 0xD4, 0x8D, \ - 0x50, 0xD1, 0x68, 0x7B, 0x93, 0xB9, 0x7D, 0x5F, \ - 0x7C, 0x6D, 0x50, 0x47, 0x40, 0x6A, 0x5E, 0x68, \ - 0x8B, 0x35, 0x22, 0x09, 0xBC, 0xB9, 0xF8, 0x22 -#define EC_PARAM_brainpoolP512r1_y \ - 0x7D, 0xDE, 0x38, 0x5D, 0x56, 0x63, 0x32, 0xEC, \ - 0xC0, 0xEA, 0xBF, 0xA9, 0xCF, 0x78, 0x22, 0xFD, \ - 0xF2, 0x09, 0xF7, 0x00, 0x24, 0xA5, 0x7B, 0x1A, \ - 0xA0, 0x00, 0xC5, 0x5B, 0x88, 0x1F, 0x81, 0x11, \ - 0xB2, 0xDC, 0xDE, 0x49, 0x4A, 0x5F, 0x48, 0x5E, \ - 0x5B, 0xCA, 0x4B, 0xD8, 0x8A, 0x27, 0x63, 0xAE, \ - 0xD1, 0xCA, 0x2B, 0x2F, 0xA8, 0xF0, 0x54, 0x06, \ - 0x78, 0xCD, 0x1E, 0x0F, 0x3A, 0xD8, 0x08, 0x92 -#define EC_PARAM_brainpoolP512r1_order \ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ - 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ - 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, \ - 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, \ - 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, \ - 0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, \ - 0xB5, 0x87, 0x96, 0x82, 0x9C, 0xA9, 0x00, 0x69 -#endif - -#if 1 -/* brainpoolP512t1 : RFC 5639 curve over a 512 bit prime field */ -#define EC_PARAM_brainpoolP512t1_prime \ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ - 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ - 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, \ - 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, \ - 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, \ - 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, \ - 0x28, 0xAA, 0x60, 0x56, 0x58, 0x3A, 0x48, 0xF3 -#define EC_PARAM_brainpoolP512t1_a \ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ - 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ - 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, \ - 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, \ - 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, \ - 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, \ - 0x28, 0xAA, 0x60, 0x56, 0x58, 0x3A, 0x48, 0xF0 -#define EC_PARAM_brainpoolP512t1_b \ - 0x7C, 0xBB, 0xBC, 0xF9, 0x44, 0x1C, 0xFA, 0xB7, \ - 0x6E, 0x18, 0x90, 0xE4, 0x68, 0x84, 0xEA, 0xE3, \ - 0x21, 0xF7, 0x0C, 0x0B, 0xCB, 0x49, 0x81, 0x52, \ - 0x78, 0x97, 0x50, 0x4B, 0xEC, 0x3E, 0x36, 0xA6, \ - 0x2B, 0xCD, 0xFA, 0x23, 0x04, 0x97, 0x65, 0x40, \ - 0xF6, 0x45, 0x00, 0x85, 0xF2, 0xDA, 0xE1, 0x45, \ - 0xC2, 0x25, 0x53, 0xB4, 0x65, 0x76, 0x36, 0x89, \ - 0x18, 0x0E, 0xA2, 0x57, 0x18, 0x67, 0x42, 0x3E -#define EC_PARAM_brainpoolP512t1_x \ - 0x64, 0x0E, 0xCE, 0x5C, 0x12, 0x78, 0x87, 0x17, \ - 0xB9, 0xC1, 0xBA, 0x06, 0xCB, 0xC2, 0xA6, 0xFE, \ - 0xBA, 0x85, 0x84, 0x24, 0x58, 0xC5, 0x6D, 0xDE, \ - 0x9D, 0xB1, 0x75, 0x8D, 0x39, 0xC0, 0x31, 0x3D, \ - 0x82, 0xBA, 0x51, 0x73, 0x5C, 0xDB, 0x3E, 0xA4, \ - 0x99, 0xAA, 0x77, 0xA7, 0xD6, 0x94, 0x3A, 0x64, \ - 0xF7, 0xA3, 0xF2, 0x5F, 0xE2, 0x6F, 0x06, 0xB5, \ - 0x1B, 0xAA, 0x26, 0x96, 0xFA, 0x90, 0x35, 0xDA -#define EC_PARAM_brainpoolP512t1_y \ - 0x5B, 0x53, 0x4B, 0xD5, 0x95, 0xF5, 0xAF, 0x0F, \ - 0xA2, 0xC8, 0x92, 0x37, 0x6C, 0x84, 0xAC, 0xE1, \ - 0xBB, 0x4E, 0x30, 0x19, 0xB7, 0x16, 0x34, 0xC0, \ - 0x11, 0x31, 0x15, 0x9C, 0xAE, 0x03, 0xCE, 0xE9, \ - 0xD9, 0x93, 0x21, 0x84, 0xBE, 0xEF, 0x21, 0x6B, \ - 0xD7, 0x1D, 0xF2, 0xDA, 0xDF, 0x86, 0xA6, 0x27, \ - 0x30, 0x6E, 0xCF, 0xF9, 0x6D, 0xBB, 0x8B, 0xAC, \ - 0xE1, 0x98, 0xB6, 0x1E, 0x00, 0xF8, 0xB3, 0x32 -#define EC_PARAM_brainpoolP512t1_order \ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ - 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ - 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, \ - 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, \ - 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, \ - 0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, \ - 0xB5, 0x87, 0x96, 0x82, 0x9C, 0xA9, 0x00, 0x69 -#endif - -#if 1 -/* TPM_BM_P256 : TPM_BM_P256 curve over a 256 bit */ -#define EC_PARAM_tpm_bm_p256_prime \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, \ - 0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9F, \ - 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98, 0x0A, 0x82, \ - 0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x13 -#define EC_PARAM_tpm_bm_p256_a \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -#define EC_PARAM_tpm_bm_p256_b \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 -#define EC_PARAM_tpm_bm_p256_x \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 -#define EC_PARAM_tpm_bm_p256_y \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 -#define EC_PARAM_tpm_bm_p256_order \ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, \ - 0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9E, \ - 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x99, 0x92, 0x1A, \ - 0xF6, 0x2D, 0x53, 0x6C, 0xD1, 0x0B, 0x50, 0x0D -#endif - -/* clang-format on */ -#endif /* SE05X_ECC_CURVES_LIST_H_INC */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_enums.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_enums.h deleted file mode 100644 index cb0191c91..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_enums.h +++ /dev/null @@ -1,1030 +0,0 @@ -/* -* -* Copyright 2019,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -/** @file */ - -#ifndef SE05x_ENUMS_H -#define SE05x_ENUMS_H - -#include - - -/* + more or less machine Generated */ - -/** Reserved idendntifiers of the Applet */ -typedef enum -{ - /** Invalid */ - kSE05x_AppletResID_NA = 0, - /** An authentication object which allows the user to switch - * LockState of the applet. The LockState defines whether the - * applet is transport locked or not. */ - kSE05x_AppletResID_TRANSPORT = 0x7FFF0200, - /** A device unique NIST P-256 key pair which contains SK.SE.ECKA - * and PK.SE.ECKA in ECKey session context. */ - kSE05x_AppletResID_KP_ECKEY_USER = 0x7FFF0201, - /** A device unique NIST P-256 key pair which contains SK.SE.ECKA - * and PK.SE.ECKA in ECKey session context; A constant card - * challenge (all zeroes) is applicable. */ - kSE05x_AppletResID_KP_ECKEY_IMPORT = 0x7FFF0202, - /* Reserved Key @ location 0x7FFF0203 */ - /** An authentication object which allows the user to change the - applet variant. */ - kSE05x_AppletResID_FEATURE = 0x7FFF0204, - /** An authentication object which allows the user to delete all - objects, except trust provisioned by NXP objects. */ - kSE05x_AppletResID_FACTORY_RESET = 0x7FFF0205, - /** A BinaryFile Secure Object which holds the device unique - * ID. This file cannot be overwritten or deleted. */ - kSE05x_AppletResID_UNIQUE_ID = 0x7FFF0206, - /** An authentication object which allows the user to change the - * platform SCP requirements, i.e. make platform SCP mandatory or - * not, using SetPlatformSCPRequest. Mandatory means full security, - * i.e. command & response MAC and encryption. Only SCP03 will be - * sufficient. */ - kSE05x_AppletResID_PLATFORM_SCP = 0x7FFF0207, - /** An authentication object which grants access to the I2C master - * feature. If the credential is not present, access to I2C master - * is allowed in general. Otherwise, a session using this - * credential shall be established and I2CM commands shall be sent - * within this session. */ - kSE05x_AppletResID_I2CM_ACCESS = 0x7FFF0208, - /** An authentication object which grants access to the - * SetLockState command */ - kSE05x_AppletResID_RESTRICT = 0x7FFF020A, - -} SE05x_AppletResID_t; - -/** Mapping of 2 byte return code */ -typedef enum -{ - /** Invalid */ - kSE05x_SW12_NA = 0, - /** No Error */ - kSE05x_SW12_NO_ERROR = 0x9000, - /** Conditions not satisfied */ - kSE05x_SW12_CONDITIONS_NOT_SATISFIED = 0x6985, - /** Security status not satisfied. */ - kSE05x_SW12_SECURITY_STATUS = 0x6982, - /** Wrong data provided. */ - kSE05x_SW12_WRONG_DATA = 0x6A80, - /** Data invalid - policy set invalid for the given object */ - kSE05x_SW12_DATA_INVALID = 0x6984, - /** Command not allowed - access denied based on object policy */ - kSE05x_SW12_COMMAND_NOT_ALLOWED = 0x6986, -} SE05x_SW12_t; - -/** Values for INS in ISO7816 APDU */ -typedef enum -{ - /** Invalid */ - kSE05x_INS_NA = 0, - /** 3 MSBit for instruction characteristics. */ - kSE05x_INS_MASK_INS_CHAR = 0xE0, - /** 5 LSBit for instruction */ - kSE05x_INS_MASK_INSTRUCTION = 0x1F, - - /** Mask for transient object creation, can only be combined with INS_WRITE. */ - kSE05x_INS_TRANSIENT = 0x80, - /** Mask for authentication object creation, can only be combined with INS_WRITE */ - kSE05x_INS_AUTH_OBJECT = 0x40, - /** Mask for getting attestation data. */ - kSE05x_INS_ATTEST = 0x20, - - /** Write or create a persistent object. */ - kSE05x_INS_WRITE = 0x01, - /** Read the object */ - kSE05x_INS_READ = 0x02, - /** Perform Security Operation */ - kSE05x_INS_CRYPTO = 0x03, - /** General operation */ - kSE05x_INS_MGMT = 0x04, - /** Process session command */ - kSE05x_INS_PROCESS = 0x05, -} SE05x_INS_t; - -/** Values for P1 in ISO7816 APDU */ -typedef enum -{ - /** Invalid */ - kSE05x_P1_NA = 0, - /** Highest bit not used */ - kSE05x_P1_UNUSED = 0x80, - /** 2 MSBit for key type */ - kSE05x_P1_MASK_KEY_TYPE = 0x60, - /** 5 LSBit for credential type */ - kSE05x_P1_MASK_CRED_TYPE = 0x1F, - - /** Key pair (private key + public key) */ - kSE05x_P1_KEY_PAIR = 0x60, - /** Private key */ - kSE05x_P1_PRIVATE = 0x40, - /** Public key */ - kSE05x_P1_PUBLIC = 0x20, - - kSE05x_P1_DEFAULT = 0x00, - kSE05x_P1_EC = 0x01, - kSE05x_P1_RSA = 0x02, - kSE05x_P1_AES = 0x03, - kSE05x_P1_DES = 0x04, - kSE05x_P1_HMAC = 0x05, - kSE05x_P1_BINARY = 0x06, - kSE05x_P1_UserID = 0x07, - kSE05x_P1_COUNTER = 0x08, - kSE05x_P1_PCR = 0x09, - kSE05x_P1_CURVE = 0x0B, - kSE05x_P1_SIGNATURE = 0x0C, - kSE05x_P1_MAC = 0x0D, - kSE05x_P1_CIPHER = 0x0E, - kSE05x_P1_TLS = 0x0F, - kSE05x_P1_CRYPTO_OBJ = 0x10, -#if SSS_HAVE_SE05X_VER_GTE_06_00 - /** Applet >= 4.4 */ - kSE05x_P1_AEAD = 0x11, - /** Applet >= 4.4 */ - kSE05x_P1_AEAD_SP800_38D = 0x12, -#endif /* SSS_HAVE_SE05X_VER_GTE_06_00 */ -} SE05x_P1_t; - -/** Values for P2 in ISO7816 APDU */ -typedef enum -{ - /** Invalid */ - kSE05x_P2_DEFAULT = 0x00, - kSE05x_P2_GENERATE = 0x03, - kSE05x_P2_CREATE = 0x04, - kSE05x_P2_SIZE = 0x07, - kSE05x_P2_SIGN = 0x09, - kSE05x_P2_VERIFY = 0x0A, - kSE05x_P2_INIT = 0x0B, - kSE05x_P2_UPDATE = 0x0C, - kSE05x_P2_FINAL = 0x0D, - kSE05x_P2_ONESHOT = 0x0E, - kSE05x_P2_DH = 0x0F, - kSE05x_P2_DIVERSIFY = 0x10, - // kSE05x_P2_AUTH_PART1 = 0x11, - kSE05x_P2_AUTH_FIRST_PART2 = 0x12, - kSE05x_P2_AUTH_NONFIRST_PART2 = 0x13, - kSE05x_P2_DUMP_KEY = 0x14, - kSE05x_P2_CHANGE_KEY_PART1 = 0x15, - kSE05x_P2_CHANGE_KEY_PART2 = 0x16, - kSE05x_P2_KILL_AUTH = 0x17, - kSE05x_P2_IMPORT = 0x18, - kSE05x_P2_EXPORT = 0x19, - kSE05x_P2_SESSION_CREATE = 0x1B, - kSE05x_P2_SESSION_CLOSE = 0x1C, - kSE05x_P2_SESSION_REFRESH = 0x1E, - kSE05x_P2_SESSION_POLICY = 0x1F, - kSE05x_P2_VERSION = 0x20, - kSE05x_P2_VERSION_EXT = 0x21, - kSE05x_P2_MEMORY = 0x22, - kSE05x_P2_LIST = 0x25, - kSE05x_P2_TYPE = 0x26, - kSE05x_P2_EXIST = 0x27, - kSE05x_P2_DELETE_OBJECT = 0x28, - kSE05x_P2_DELETE_ALL = 0x2A, - kSE05x_P2_SESSION_UserID = 0x2C, - kSE05x_P2_HKDF = 0x2D, - kSE05x_P2_PBKDF = 0x2E, - /* Applet >= 4.4 */ - kSE05x_P2_HKDF_EXPAND_ONLY = 0x2F, - kSE05x_P2_I2CM = 0x30, - kSE05x_P2_I2CM_ATTESTED = 0x31, - kSE05x_P2_MAC = 0x32, - kSE05x_P2_UNLOCK_CHALLENGE = 0x33, - kSE05x_P2_CURVE_LIST = 0x34, - kSE05x_P2_SIGN_ECDAA = 0x35, - kSE05x_P2_ID = 0x36, - kSE05x_P2_ENCRYPT_ONESHOT = 0x37, - kSE05x_P2_DECRYPT_ONESHOT = 0x38, - kSE05x_P2_ATTEST = 0x3A, - kSE05x_P2_ATTRIBUTES = 0x3B, - kSE05x_P2_CPLC = 0x3C, - kSE05x_P2_TIME = 0x3D, - kSE05x_P2_TRANSPORT = 0x3E, - kSE05x_P2_VARIANT = 0x3F, - kSE05x_P2_PARAM = 0x40, - kSE05x_P2_DELETE_CURVE = 0x41, - kSE05x_P2_ENCRYPT = 0x42, - kSE05x_P2_DECRYPT = 0x43, - kSE05x_P2_VALIDATE = 0x44, - kSE05x_P2_GENERATE_ONESHOT = 0x45, - kSE05x_P2_VALIDATE_ONESHOT = 0x46, - kSE05x_P2_CRYPTO_LIST = 0x47, - kSE05x_P2_RANDOM = 0x49, - kSE05x_P2_TLS_PMS = 0x4A, - kSE05x_P2_TLS_PRF_CLI_HELLO = 0x4B, - kSE05x_P2_TLS_PRF_SRV_HELLO = 0x4C, - kSE05x_P2_TLS_PRF_CLI_RND = 0x4D, - kSE05x_P2_TLS_PRF_SRV_RND = 0x4E, - kSE05x_P2_TLS_PRF_BOTH = 0x5A, - kSE05x_P2_RAW = 0x4F, - kSE05x_P2_IMPORT_EXT = 0x51, - kSE05x_P2_SCP = 0x52, - kSE05x_P2_AUTH_FIRST_PART1 = 0x53, - kSE05x_P2_AUTH_NONFIRST_PART1 = 0x54, -#if SSS_HAVE_SE05X_VER_GTE_06_00 - kSE05x_P2_CM_COMMAND = 0x55, - kSE05x_P2_MODE_OF_OPERATION = 0x56, - kSE05x_P2_RESTRICT = 0x57, - kSE05x_P2_SANITY = 0x58, - kSE05x_P2_DH_REVERSE = 0x59, - kSE05x_P2_READ_STATE = 0x5B -#endif -} SE05x_P2_t; - - -/** Data for available memory */ -typedef enum -{ - /** Invalid */ - kSE05x_MemoryType_NA = 0, - /** Persistent memory */ - kSE05x_MemoryType_PERSISTENT = 0x01, - /** Transient memory, clear on reset */ - kSE05x_MemoryType_TRANSIENT_RESET = 0x02, - /** Transient memory, clear on deselect */ - kSE05x_MemoryType_TRANSIENT_DESELECT = 0x03, -} SE05x_MemoryType_t; - -/** Where was this object originated */ -typedef enum -{ - /** Invalid */ - kSE05x_Origin_NA = 0, - /** Generated outside the module. */ - kSE05x_Origin_EXTERNAL = 0x01, - /** Generated inside the module. */ - kSE05x_Origin_INTERNAL = 0x02, - /** Trust provisioned by NXP */ - kSE05x_Origin_PROVISIONED = 0x03, -} SE05x_Origin_t; - -/** Different TAG Values to talk to SE05X IoT Applet */ -typedef enum -{ - /** Invalid */ - kSE05x_TAG_NA = 0, - kSE05x_TAG_SESSION_ID = 0x10, - kSE05x_TAG_POLICY = 0x11, - kSE05x_TAG_MAX_ATTEMPTS = 0x12, - kSE05x_TAG_IMPORT_AUTH_DATA = 0x13, - kSE05x_TAG_IMPORT_AUTH_KEY_ID = 0x14, - kSE05x_TAG_POLICY_CHECK = 0x15, - kSE05x_TAG_1 = 0x41, - kSE05x_TAG_2 = 0x42, - kSE05x_TAG_3 = 0x43, - kSE05x_TAG_4 = 0x44, - kSE05x_TAG_5 = 0x45, - kSE05x_TAG_6 = 0x46, - kSE05x_TAG_7 = 0x47, - kSE05x_TAG_8 = 0x48, - kSE05x_TAG_9 = 0x49, - kSE05x_TAG_10 = 0x4A, - kSE05x_TAG_11 = 0x4B, - kSE05x_GP_TAG_CONTRL_REF_PARM = 0xA6, - kSE05x_GP_TAG_AID = 0x4F, - kSE05x_GP_TAG_KEY_TYPE = 0x80, - kSE05x_GP_TAG_KEY_LEN = 0x81, - kSE05x_GP_TAG_GET_DATA = 0x83, - kSE05x_GP_TAG_DR_SE = 0x85, - kSE05x_GP_TAG_RECEIPT = 0x86, - kSE05x_GP_TAG_SCP_PARMS = 0x90, -} SE05x_TAG_t; - -#ifndef __DOXYGEN__ -#define kSE05x_TAG_GP_CONTRL_REF_PARM kSE05x_GP_TAG_CONTRL_REF_PARM -#endif - -/** Different signature algorithms for EC */ -typedef enum -{ - /** Invalid */ - kSE05x_ECSignatureAlgo_NA = 0, - /** NOT SUPPORTED */ - kSE05x_ECSignatureAlgo_PLAIN = 0x09, - kSE05x_ECSignatureAlgo_SHA = 0x11, - kSE05x_ECSignatureAlgo_SHA_224 = 0x25, - kSE05x_ECSignatureAlgo_SHA_256 = 0x21, - kSE05x_ECSignatureAlgo_SHA_384 = 0x22, - kSE05x_ECSignatureAlgo_SHA_512 = 0x26, -} SE05x_ECSignatureAlgo_t; - -/** Different signature algorithms for ED */ -typedef enum -{ - /** Invalid */ - kSE05x_EDSignatureAlgo_NA = 0, - /** Message input must be plain Data. Pure EDDSA algorithm */ - kSE05x_EDSignatureAlgo_ED25519PURE_SHA_512 = 0xA3, -} SE05x_EDSignatureAlgo_t; - -/** Different signature algorithms for ECDAA */ -typedef enum -{ - /** Invalid */ - kSE05x_ECDAASignatureAlgo_NA = 0, - /** Message input must be pre-hashed (using SHA256) */ - kSE05x_ECDAASignatureAlgo_ECDAA = 0xF4, -} SE05x_ECDAASignatureAlgo_t; - -/** Different signature algorithms for RSA */ -typedef enum -{ - /** Invalid */ - kSE05x_RSASignatureAlgo_NA = 0, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignatureAlgo_SHA1_PKCS1_PSS = 0x15, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignatureAlgo_SHA224_PKCS1_PSS = 0x2B, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignatureAlgo_SHA256_PKCS1_PSS = 0x2C, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignatureAlgo_SHA384_PKCS1_PSS = 0x2D, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignatureAlgo_SHA512_PKCS1_PSS = 0x2E, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignatureAlgo_SHA1_PKCS1 = 0x0A, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignatureAlgo_SHA_224_PKCS1 = 0x27, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignatureAlgo_SHA_256_PKCS1 = 0x28, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignatureAlgo_SHA_384_PKCS1 = 0x29, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignatureAlgo_SHA_512_PKCS1 = 0x2A, -} SE05x_RSASignatureAlgo_t; - -/** Different encryption/decryption algorithms for RSA */ -typedef enum -{ - /** Invalid */ - kSE05x_RSAEncryptionAlgo_NA = 0, - /** Plain RSA, padding required on host. */ - kSE05x_RSAEncryptionAlgo_NO_PAD = 0x0C, - /** RFC8017: RSAES-PKCS1-v1_5 */ - kSE05x_RSAEncryptionAlgo_PKCS1 = 0x0A, - /** RFC8017: RSAES-OAEP */ - kSE05x_RSAEncryptionAlgo_PKCS1_OAEP = 0x0F, -} SE05x_RSAEncryptionAlgo_t; - -/** Size of RSA Key Objects */ -typedef enum -{ - /** Invalid */ - kSE05x_RSABitLength_NA = 0, - kSE05x_RSABitLength_512 = 512, - kSE05x_RSABitLength_1024 = 1024, - kSE05x_RSABitLength_1152 = 1152, - kSE05x_RSABitLength_2048 = 2048, - kSE05x_RSABitLength_3072 = 3072, - kSE05x_RSABitLength_4096 = 4096, -} SE05x_RSABitLength_t; - -/** Part of the RSA Key Objects */ -typedef enum -{ - /** Invalid */ - kSE05x_RSAKeyComponent_NA = 0xFF, - /** Modulus */ - kSE05x_RSAKeyComponent_MOD = 0x00, - /** Public key exponent */ - kSE05x_RSAKeyComponent_PUB_EXP = 0x01, - /** Private key exponent */ - kSE05x_RSAKeyComponent_PRIV_EXP = 0x02, - /** CRT component p */ - kSE05x_RSAKeyComponent_P = 0x03, - /** CRT component q */ - kSE05x_RSAKeyComponent_Q = 0x04, - /** CRT component dp */ - kSE05x_RSAKeyComponent_DP = 0x05, - /** CRT component dq */ - kSE05x_RSAKeyComponent_DQ = 0x06, - /** CRT component q_inv */ - kSE05x_RSAKeyComponent_INVQ = 0x07, -} SE05x_RSAKeyComponent_t; - -/** Hashing/Digest algorithms */ -typedef enum -{ - /** Invalid */ - kSE05x_DigestMode_NA = 0, - kSE05x_DigestMode_NO_HASH = 0x00, - kSE05x_DigestMode_SHA = 0x01, - /** Not supported */ - kSE05x_DigestMode_SHA224 = 0x07, - kSE05x_DigestMode_SHA256 = 0x04, - kSE05x_DigestMode_SHA384 = 0x05, - kSE05x_DigestMode_SHA512 = 0x06, -} SE05x_DigestMode_t; - -/** HMAC/CMAC Algorithms */ -typedef enum -{ - /** Invalid */ - kSE05x_MACAlgo_NA = 0, - kSE05x_MACAlgo_HMAC_SHA1 = 0x18, - kSE05x_MACAlgo_HMAC_SHA256 = 0x19, - kSE05x_MACAlgo_HMAC_SHA384 = 0x1A, - kSE05x_MACAlgo_HMAC_SHA512 = 0x1B, - kSE05x_MACAlgo_CMAC_128 = 0x31, -} SE05x_MACAlgo_t; - -/** AEAD Algorithms */ -typedef enum -{ - /** Invalid */ - kSE05x_AeadAlgo_NA = 0, - kSE05x_AeadGCMAlgo = 0xB0, - kSE05x_AeadGCM_IVAlgo = 0xF3, - kSE05x_AeadCCMAlgo = 0xF4, -} SE05x_AeadAlgo_t; - -/** HKDF Mode */ -typedef enum -{ - /** Invalid */ - kSE05x_HkdfMode_NA = 0x00, - kSE05x_HkdfMode_ExtractExpand = 0x01, - kSE05x_HkdfMode_ExpandOnly = 0x02, -} SE05x_HkdfMode_t; - -/** ECC Curve Identifiers */ -typedef enum -{ - /** Invalid */ - kSE05x_ECCurve_NA = 0x00, - kSE05x_ECCurve_NIST_P192 = 0x01, - kSE05x_ECCurve_NIST_P224 = 0x02, - kSE05x_ECCurve_NIST_P256 = 0x03, - kSE05x_ECCurve_NIST_P384 = 0x04, - kSE05x_ECCurve_NIST_P521 = 0x05, - kSE05x_ECCurve_Brainpool160 = 0x06, - kSE05x_ECCurve_Brainpool192 = 0x07, - kSE05x_ECCurve_Brainpool224 = 0x08, - kSE05x_ECCurve_Brainpool256 = 0x09, - kSE05x_ECCurve_Brainpool320 = 0x0A, - kSE05x_ECCurve_Brainpool384 = 0x0B, - kSE05x_ECCurve_Brainpool512 = 0x0C, - kSE05x_ECCurve_Secp160k1 = 0x0D, - kSE05x_ECCurve_Secp192k1 = 0x0E, - kSE05x_ECCurve_Secp224k1 = 0x0F, - kSE05x_ECCurve_Secp256k1 = 0x10, - kSE05x_ECCurve_TPM_ECC_BN_P256 = 0x11, - /** Not Weierstrass */ - kSE05x_ECCurve_ECC_ED_25519 = 0x40, - kSE05x_ECCurve_ECC_MONT_DH_25519 = 0x41, - /** Not Weierstrass */ - kSE05x_ECCurve_ECC_MONT_DH_448 = 0x43, -} SE05x_ECCurve_t; - -#ifndef __DOXYGEN__ - -/** Same as kSE05x_ECCurve_TPM_ECC_BN_P256 */ -#define kSE05x_ECCurve_RESERVED_ID_ECC_ED_25519 kSE05x_ECCurve_ECC_ED_25519 -#define kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_25519 kSE05x_ECCurve_ECC_MONT_DH_25519 -#if SSS_HAVE_SE05X_VER_GTE_06_00 -#define kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_448 kSE05x_ECCurve_ECC_MONT_DH_448 -#endif -#define kSE05x_ECCurve_Total_Weierstrass_Curves kSE05x_ECCurve_TPM_ECC_BN_P256 -#endif - -/** Parameters while setting the curve */ -typedef enum -{ /** Invalid */ - kSE05x_ECCurveParam_NA = 0, - kSE05x_ECCurveParam_PARAM_A = 0x01, - kSE05x_ECCurveParam_PARAM_B = 0x02, - kSE05x_ECCurveParam_PARAM_G = 0x04, - kSE05x_ECCurveParam_PARAM_N = 0x08, - kSE05x_ECCurveParam_PARAM_PRIME = 0x10, -} SE05x_ECCurveParam_t; - -/** Symmetric cipher modes */ -typedef enum -{ - /** Invalid */ - kSE05x_CipherMode_NA = 0, - /** Typically using DESKey identifiers */ - kSE05x_CipherMode_DES_CBC_NOPAD = 0x01, - /** Typically using DESKey identifiers */ - kSE05x_CipherMode_DES_CBC_ISO9797_M1 = 0x02, - /** Typically using DESKey identifiers */ - kSE05x_CipherMode_DES_CBC_ISO9797_M2 = 0x03, - /** NOT SUPPORTED */ - kSE05x_CipherMode_DES_CBC_PKCS5 = 0x04, - /** Typically using DESKey identifiers */ - kSE05x_CipherMode_DES_ECB_NOPAD = 0x05, - /** NOT SUPPORTED */ - kSE05x_CipherMode_DES_ECB_ISO9797_M1 = 0x06, - /** NOT SUPPORTED */ - kSE05x_CipherMode_DES_ECB_ISO9797_M2 = 0x07, - /** NOT SUPPORTED */ - kSE05x_CipherMode_DES_ECB_PKCS5 = 0x08, - /** Typically using AESKey identifiers */ - kSE05x_CipherMode_AES_ECB_NOPAD = 0x0E, - /** Typically using AESKey identifiers */ - kSE05x_CipherMode_AES_CBC_NOPAD = 0x0D, - /** Typically using AESKey identifiers */ - kSE05x_CipherMode_AES_CBC_ISO9797_M1 = 0x16, - /** Typically using AESKey identifiers */ - kSE05x_CipherMode_AES_CBC_ISO9797_M2 = 0x17, - /** NOT SUPPORTED */ - kSE05x_CipherMode_AES_CBC_PKCS5 = 0x18, - /** Typically using AEAD GCM mode */ - kSE05x_CipherMode_AES_GCM = 0xB0, - /** Typically using AESKey identifiers */ - kSE05x_CipherMode_AES_CTR = 0xF0, - /** Typically using AEAD GCM with internal IV Gen */ - kSE05x_CipherMode_AES_GCM_INT_IV = 0xF3, - /** Typically using AEAD CCM mode */ - kSE05x_CipherMode_AES_CCM = 0xF4, -} SE05x_CipherMode_t; - -/** Features which are available / enabled in the Applet */ -typedef enum { - /** Invalid */ - kSE05x_AppletConfig_NA = 0, - /** Use of curve TPM_ECC_BN_P256 */ - kSE05x_AppletConfig_ECDAA = 0x0001, - /** EC DSA and DH support */ - kSE05x_AppletConfig_ECDSA_ECDH_ECDHE = 0x0002, - /** Use of curve RESERVED_ID_ECC_ED_25519 */ - kSE05x_AppletConfig_EDDSA = 0x0004, - /** Use of curve RESERVED_ID_ECC_MONT_DH_25519 */ - kSE05x_AppletConfig_DH_MONT = 0x0008, - /** Writing HMACKey objects */ - kSE05x_AppletConfig_HMAC = 0x0010, - /** Writing RSAKey objects */ - kSE05x_AppletConfig_RSA_PLAIN = 0x0020, - /** Writing RSAKey objects */ - kSE05x_AppletConfig_RSA_CRT = 0x0040, - /** Writing AESKey objects */ - kSE05x_AppletConfig_AES = 0x0080, - /** Writing DESKey objects */ - kSE05x_AppletConfig_DES = 0x0100, - /** PBKDF2 */ - kSE05x_AppletConfig_PBKDF = 0x0200, - /** TLS Handshake support commands (see 4.16) in APDU Spec*/ - kSE05x_AppletConfig_TLS = 0x0400, - /** Mifare DESFire support (see 4.15) in APDU Spec*/ - kSE05x_AppletConfig_MIFARE = 0x0800, - /** RFU1 */ - kSE05x_AppletConfig_RFU1 = 0x1000, - /** I2C Master support (see 4.17) in APDU Spec*/ - kSE05x_AppletConfig_I2CM = 0x2000, - /** RFU2 */ - kSE05x_AppletConfig_RFU2 = 0x4000, -} SE05x_AppletConfig_t; - -/** Transient / Persistent lock */ -typedef enum -{ - /** Invalid */ - kSE05x_LockIndicator_NA = 0, - kSE05x_LockIndicator_TRANSIENT_LOCK = 0x01, - kSE05x_LockIndicator_PERSISTENT_LOCK = 0x02, -} SE05x_LockIndicator_t; - -/** - * Applet >= 4.4 - * - * See @ref Se05x_API_DisableObjCreation */ -typedef enum -{ - kSE05x_RestrictMode_NA = 0, - kSE05x_RestrictMode_RESTRICT_NEW = 0x01, - kSE05x_RestrictMode_RESTRICT_ALL = 0x02, -} SE05x_RestrictMode_t; - -/** - * Lock the sample (until unlocked ) - */ -typedef enum -{ - /** Invalid */ - kSE05x_LockState_NA = 0, - kSE05x_LockState_LOCKED = 0x01, - // kSE05x_LockState_UNLOCKED = Any except 0x01, -} SE05x_LockState_t; - -/** Cryptographic context for operation */ -typedef enum -{ - /** Invalid */ - kSE05x_CryptoContext_NA = 0, - /** For DigestInit/DigestUpdate/DigestFinal */ - kSE05x_CryptoContext_DIGEST = 0x01, - /** For CipherInit/CipherUpdate/CipherFinal */ - kSE05x_CryptoContext_CIPHER = 0x02, - /** For MACInit/MACUpdate/MACFinal */ - kSE05x_CryptoContext_SIGNATURE = 0x03, - /** For AEADInit/AEADUpdate/AEADFinal */ - kSE05x_CryptoContext_AEAD = 0x04, -} SE05x_CryptoContext_t; - -/** Result of operations */ -typedef enum -{ - /** Invalid */ - kSE05x_Result_NA = 0, - kSE05x_Result_SUCCESS = 0x01, - kSE05x_Result_FAILURE = 0x02, -} SE05x_Result_t; - -/** Whether object is transient or persistent */ -typedef enum -{ - /** Invalid */ - kSE05x_TransientIndicator_NA = 0, - kSE05x_TransientIndicator_PERSISTENT = 0x01, - kSE05x_TransientIndicator_TRANSIENT = 0x02, -} SE05x_TransientIndicator_t; - -/** Whether object attribute is set */ -typedef enum -{ - /** Invalid */ - kSE05x_SetIndicator_NA = 0, - kSE05x_SetIndicator_NOT_SET = 0x01, - kSE05x_SetIndicator_SET = 0x02, -} SE05x_SetIndicator_t; - -/** When there are more entries yet to be fetched from few of the APIs */ -typedef enum -{ - /** Invalid */ - kSE05x_MoreIndicator_NA = 0, - /** No more data available */ - kSE05x_MoreIndicator_NO_MORE = 0x01, - /** More data available */ - kSE05x_MoreIndicator_MORE = 0x02, -} SE05x_MoreIndicator_t; - -#if SSS_HAVE_SE05X_VER_GTE_06_00 -/** Health check */ -typedef enum -{ - /** Invalid */ - kSE05x_HealthCheckMode_NA = 0, - /** Performs all on-demand self-tests. Can only be done when - * the module is in FIPS mode. When the test fails, the chip - * goes into TERMINATED state. */ - kSE05x_HealthCheckMode_FIPS = 0xF906, - /** Performs ROM integrity checks. When the test fails, the chip - * triggers the attack counter and the chip will reset. */ - kSE05x_HealthCheckMode_CODE_SIGNATURE = 0xFE01, - /** Performs flash integrity tests. When the test fails, the chip - * triggers the attack counter and the chip will reset. */ - kSE05x_HealthCheckMode_DYNAMIC_FLASH_INTEGRITY = 0xFD02, - /** Performs tests on the active shield protection of the - * hardware. When the test fails, the chip triggers the attack - * counter and the chip will reset. */ - kSE05x_HealthCheckMode_SHIELDING = 0xFB04, - /** Performs self-tests on hardware sensors and reports the - * status. */ - kSE05x_HealthCheckMode_SENSOR = 0xFA05, - /** Performs self-tests on the hardware registers. When the test - * fails, the chip triggers the attack counter and the chip will - * reset. */ - kSE05x_HealthCheckMode_SFR_CHECK = 0xFC03, -} SE05x_HealthCheckMode_t; -#endif - -/** Mandate platform SCP or not */ -typedef enum -{ - /** Invalid */ - kSE05x_PlatformSCPRequest_NA = 0, - /** Platform SCP is required (full enc & MAC) */ - kSE05x_PlatformSCPRequest_REQUIRED = 0x01, - /** No platform SCP required. */ - kSE05x_PlatformSCPRequest_NOT_REQUIRED = 0x02, -} SE05x_PlatformSCPRequest_t; - -/** Crypto object identifiers */ -typedef enum -{ - /** Invalid */ - kSE05x_CryptoObject_NA = 0, - kSE05x_CryptoObject_DIGEST_SHA, - kSE05x_CryptoObject_DIGEST_SHA224, - kSE05x_CryptoObject_DIGEST_SHA256, - kSE05x_CryptoObject_DIGEST_SHA384, - kSE05x_CryptoObject_DIGEST_SHA512, - kSE05x_CryptoObject_DES_CBC_NOPAD, - kSE05x_CryptoObject_DES_CBC_ISO9797_M1, - kSE05x_CryptoObject_DES_CBC_ISO9797_M2, - kSE05x_CryptoObject_DES_CBC_PKCS5, - kSE05x_CryptoObject_DES_ECB_NOPAD, - kSE05x_CryptoObject_DES_ECB_ISO9797_M1, - kSE05x_CryptoObject_DES_ECB_ISO9797_M2, - kSE05x_CryptoObject_DES_ECB_PKCS5, - kSE05x_CryptoObject_AES_ECB_NOPAD, - kSE05x_CryptoObject_AES_CBC_NOPAD, - kSE05x_CryptoObject_AES_CBC_ISO9797_M1, - kSE05x_CryptoObject_AES_CBC_ISO9797_M2, - kSE05x_CryptoObject_AES_CBC_PKCS5, - kSE05x_CryptoObject_AES_CTR, - kSE05x_CryptoObject_HMAC_SHA1, - kSE05x_CryptoObject_HMAC_SHA256, - kSE05x_CryptoObject_HMAC_SHA384, - kSE05x_CryptoObject_HMAC_SHA512, - kSE05x_CryptoObject_CMAC_128, - kSE05x_CryptoObject_AES_GCM, - kSE05x_CryptoObject_AES_GCM_INT_IV, - kSE05x_CryptoObject_AES_CCM, -} SE05x_CryptoObject_t; - -/** @copydoc SE05x_CryptoObject_t */ -#define SE05x_CryptoObjectID_t SE05x_CryptoObject_t - -/** Maximum number of session supported by SE050 */ -#define SE050_MAX_NUMBER_OF_SESSIONS 2 -/** Maximum number of session supported by SE050 */ -#define SE050_OBJECT_IDENTIFIER_SIZE 4 -/** How many bytes can be used for buffer for I2C Master interface */ -#define SE050_MAX_I2CM_COMMAND_LENGTH 255 -/** - * the maximum APDU payload length will be smaller, depending on which protocol applies, etc. - */ -#define SE050_MAX_APDU_PAYLOAD_LENGTH 892 -//#define SE050_DEFAULT_MAX_ATTEMPTS 10 - -/** 3 MSBit for instruction characteristics. */ -#define SE050_INS_MASK_INS_CHAR 0xE0 -/** 5 LSBit for instruction */ -#define SE050_INS_MASK_INSTRUCTION 0x1F - -/** Type of Object */ -typedef enum -{ - /** */ - kSE05x_SecObjTyp_EC_KEY_PAIR = 0x01, - /** */ - kSE05x_SecObjTyp_EC_PRIV_KEY = 0x02, - /** */ - kSE05x_SecObjTyp_EC_PUB_KEY = 0x03, - /** */ - kSE05x_SecObjTyp_RSA_KEY_PAIR = 0x04, - /** */ - kSE05x_SecObjTyp_RSA_KEY_PAIR_CRT = 0x05, - /** */ - kSE05x_SecObjTyp_RSA_PRIV_KEY = 0x06, - /** */ - kSE05x_SecObjTyp_RSA_PRIV_KEY_CRT = 0x07, - /** */ - kSE05x_SecObjTyp_RSA_PUB_KEY = 0x08, - /** */ - kSE05x_SecObjTyp_AES_KEY = 0x09, - /** */ - kSE05x_SecObjTyp_DES_KEY = 0x0A, - /** */ - kSE05x_SecObjTyp_BINARY_FILE = 0x0B, - /** */ - kSE05x_SecObjTyp_UserID = 0x0C, - /** */ - kSE05x_SecObjTyp_COUNTER = 0x0D, - /** */ - kSE05x_SecObjTyp_PCR = 0x0F, - /** */ - kSE05x_SecObjTyp_CURVE = 0x10, - /** */ - kSE05x_SecObjTyp_HMAC_KEY = 0x11, -} SE05x_SecObjTyp_t; - -/** @copydoc SE05x_SecObjTyp_t */ -typedef SE05x_SecObjTyp_t SE05x_SecureObjectType_t; - -/** Type of memory. Used when we query available free size */ -typedef enum -{ - /** Transient memory, clear on reset */ - kSE05x_MemTyp_TRANSIENT_RESET = 0x01, - /** Transient memory, clear on deselect */ - kSE05x_MemTyp_TRANSIENT_DESELECT = 0x02, - /** Persistent memory */ - kSE05x_MemTyp_PERSISTENT = 0x03, -} SE05x_MemTyp_t; - -/** Algorithms for RSA Signature */ -typedef enum -{ - /** Invalid */ - kSE05x_RSASignAlgo_NA = 0, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignAlgo_SHA1_PKCS1_PSS = 0x15, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignAlgo_SHA224_PKCS1_PSS = 0x2B, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignAlgo_SHA256_PKCS1_PSS = 0x2C, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignAlgo_SHA384_PKCS1_PSS = 0x2D, - /** RFC8017: RSASSA-PSS */ - kSE05x_RSASignAlgo_SHA512_PKCS1_PSS = 0x2E, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignAlgo_SHA_224_PKCS1 = 0x27, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignAlgo_SHA_256_PKCS1 = 0x28, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignAlgo_SHA_384_PKCS1 = 0x29, - /** RFC8017: RSASSA-PKCS1-v1_5 */ - kSE05x_RSASignAlgo_SHA_512_PKCS1 = 0x2A, -} SE05x_RSASignAlgo_t; - -// typedef enum -// { -// /** Plain RSA, padding required on host. */ -// kSE05x_RSAEncrAlgo_NO_PAD = 0x0C, -// * RFC8017: RSAES-PKCS1-v1_5 -// kSE05x_RSAEncrAlgo_PKCS1 = 0x0A, -// /** RFC8017: RSAES-OAEP */ -// kSE05x_RSAEncrAlgo_PKCS1_OAEP = 0x0F, -// } SE05x_RSAEncrAlgo_t; - -/** Public part of RSA Keys */ -typedef enum -{ - kSE05x_RSAPubKeyComp_NA = 0, - kSE05x_RSAPubKeyComp_MOD = kSE05x_RSAKeyComponent_MOD, - kSE05x_RSAPubKeyComp_PUB_EXP = kSE05x_RSAKeyComponent_PUB_EXP, -} SE05x_RSAPubKeyComp_t; - -/** Cyrpto module subtype */ -typedef union { - /** In case it's digest */ - SE05x_DigestMode_t digest; - /** In case it's cipher */ - SE05x_CipherMode_t cipher; - /** In case it's mac */ - SE05x_MACAlgo_t mac; - /** In case it's aead */ - SE05x_AeadAlgo_t aead; - /** Accessing 8 bit value for APDUs */ - uint8_t union_8bit; -} SE05x_CryptoModeSubType_t; - -/** @addtogroup se050_i2cm - * - * @{ - */ -/** @brief I2C Master micro operation */ -typedef enum -{ - kSE05x_TAG_I2CM_Config = 0x01, - kSE05x_TAG_I2CM_Write = 0x03, - kSE05x_TAG_I2CM_Read = 0x04, -} SE05x_I2CM_TAG_t; - -/*! -*@} -*/ /* end of se050_i2cm */ - -/** Whether key is transient of persistent */ -typedef enum -{ - kSE05x_TransientType_Persistent = 0, - kSE05x_TransientType_Transient = kSE05x_INS_TRANSIENT, -} SE05x_TransientType_t; - -/** Part of the asymmetric key */ -typedef enum -{ - kSE05x_KeyPart_NA = kSE05x_P1_DEFAULT, - /** Key pair (private key + public key) */ - kSE05x_KeyPart_Pair = kSE05x_P1_KEY_PAIR, - /** Private key */ - kSE05x_KeyPart_Private = kSE05x_P1_PRIVATE, - /** Public key */ - kSE05x_KeyPart_Public = kSE05x_P1_PUBLIC, -} SE05x_KeyPart_t; - -/** Cipher Operation. - * - * Encrypt or decrypt */ -typedef enum -{ - kSE05x_Cipher_Oper_NA = 0, - kSE05x_Cipher_Oper_Encrypt = kSE05x_P2_ENCRYPT, - kSE05x_Cipher_Oper_Decrypt = kSE05x_P2_DECRYPT, -} SE05x_Cipher_Oper_t; - -/** One Shot operations helper */ -typedef enum -{ - kSE05x_Cipher_Oper_OneShot_NA = 0, - kSE05x_Cipher_Oper_OneShot_Encrypt = kSE05x_P2_ENCRYPT_ONESHOT, - kSE05x_Cipher_Oper_OneShot_Decrypt = kSE05x_P2_DECRYPT_ONESHOT, -} SE05x_Cipher_Oper_OneShot_t; - -/** MAC operations */ -typedef enum -{ - kSE05x_Mac_Oper_NA = 0, - kSE05x_Mac_Oper_Generate = kSE05x_P2_GENERATE, - kSE05x_Mac_Oper_Validate = kSE05x_P2_VALIDATE, -} SE05x_Mac_Oper_t; - -/** In case the read is attested */ -typedef enum -{ - kSE05x_AttestationType_None = 0, - kSE05x_AttestationType_AUTH = kSE05x_INS_AUTH_OBJECT, -} SE05x_AttestationType_t; - -/** Symmetric keys */ -typedef enum -{ - kSE05x_SymmKeyType_NA = 0, - kSE05x_SymmKeyType_AES = kSE05x_P1_AES, - kSE05x_SymmKeyType_DES = kSE05x_P1_DES, - kSE05x_SymmKeyType_HMAC = kSE05x_P1_HMAC, - kSE05x_SymmKeyType_CMAC = kSE05x_P1_AES, -} SE05x_SymmKeyType_t; - -/** @copydoc SE05x_AppletConfig_t */ -typedef SE05x_AppletConfig_t SE05x_Variant_t; - -/** TLS Perform PRF */ -typedef enum -{ - kSE05x_TLS_PRF_NA = 0, - kSE05x_TLS_PRF_CLI_HELLO = kSE05x_P2_TLS_PRF_CLI_HELLO, - kSE05x_TLS_PRF_SRV_HELLO = kSE05x_P2_TLS_PRF_SRV_HELLO, - kSE05x_TLS_PRF_CLI_RND = kSE05x_P2_TLS_PRF_CLI_RND, - kSE05x_TLS_PRF_SRV_RND = kSE05x_P2_TLS_PRF_SRV_RND, - kSE05x_TLS_PRF_BOTH = kSE05x_P2_TLS_PRF_BOTH, -} SE05x_TLSPerformPRFType_t; - -/** Attestation */ -typedef enum -{ - kSE05x_AttestationAlgo_NA = 0, - kSE05x_AttestationAlgo_EC_PLAIN = kSE05x_ECSignatureAlgo_PLAIN, - kSE05x_AttestationAlgo_EC_SHA = kSE05x_ECSignatureAlgo_SHA, - kSE05x_AttestationAlgo_EC_SHA_224 = kSE05x_ECSignatureAlgo_SHA_224, - kSE05x_AttestationAlgo_EC_SHA_256 = kSE05x_ECSignatureAlgo_SHA_256, - kSE05x_AttestationAlgo_EC_SHA_384 = kSE05x_ECSignatureAlgo_SHA_384, - kSE05x_AttestationAlgo_EC_SHA_512 = kSE05x_ECSignatureAlgo_SHA_512, - kSE05x_AttestationAlgo_ED25519PURE_SHA_512 = kSE05x_EDSignatureAlgo_ED25519PURE_SHA_512, - kSE05x_AttestationAlgo_ECDAA = kSE05x_ECDAASignatureAlgo_ECDAA, - kSE05x_AttestationAlgo_RSA_SHA1_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA1_PKCS1_PSS, - kSE05x_AttestationAlgo_RSA_SHA224_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA224_PKCS1_PSS, - kSE05x_AttestationAlgo_RSA_SHA256_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA256_PKCS1_PSS, - kSE05x_AttestationAlgo_RSA_SHA384_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA384_PKCS1_PSS, - kSE05x_AttestationAlgo_RSA_SHA512_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA512_PKCS1_PSS, - kSE05x_AttestationAlgo_RSA_SHA_224_PKCS1 = kSE05x_RSASignatureAlgo_SHA_224_PKCS1, - kSE05x_AttestationAlgo_RSA_SHA_256_PKCS1 = kSE05x_RSASignatureAlgo_SHA_256_PKCS1, - kSE05x_AttestationAlgo_RSA_SHA_384_PKCS1 = kSE05x_RSASignatureAlgo_SHA_384_PKCS1, - kSE05x_AttestationAlgo_RSA_SHA_512_PKCS1 = kSE05x_RSASignatureAlgo_SHA_512_PKCS1, - -} SE05x_AttestationAlgo_t; - -/** RSA Key format */ -typedef enum -{ - kSE05x_RSAKeyFormat_CRT = kSE05x_P2_DEFAULT, - kSE05x_RSAKeyFormat_RAW = kSE05x_P2_RAW, -} SE05x_RSAKeyFormat_t; - -/** @copydoc SE05x_MACAlgo_t */ -typedef SE05x_MACAlgo_t SE05x_MacOperation_t; - -/** SE05X's key IDs */ -typedef uint32_t SE05x_KeyID_t; -/** Case when there is no KEK */ -#define SE05x_KeyID_KEK_NONE 0 - -/** [Optional: if the authentication key is the same as the key to be replaced, this TAG should not be present]. */ -#define SE05x_KeyID_MFDF_NONE 0 - -/** SE05X key's max attempts */ -typedef uint16_t SE05x_MaxAttemps_t; -/** Fall back to applet default */ -#define SE05x_MaxAttemps_UNLIMITED 0 -/** Identify in code that this is not an AUTH object and hence not applicable */ -#define SE05x_MaxAttemps_NA 0 - -/** When we want to read with attestation */ -#define kSE05x_INS_READ_With_Attestation (kSE05x_INS_READ | kSE05x_INS_ATTEST) - -/** When we want to read I2CM Data with attestation */ -#define kSE05x_INS_I2CM_Attestation (kSE05x_INS_CRYPTO | kSE05x_INS_ATTEST) - -#ifndef __DOXYGEN__ -/* RSA Helper Macros to make code little more readable */ -#define SE05X_RSA_NO_p /* Skip */ NULL, 0 -#define SE05X_RSA_NO_q /* Skip */ NULL, 0 -#define SE05X_RSA_NO_dp /* Skip */ NULL, 0 -#define SE05X_RSA_NO_dq /* Skip */ NULL, 0 -#define SE05X_RSA_NO_qInv /* Skip */ NULL, 0 -#define SE05X_RSA_NO_pubExp /* Skip */ NULL, 0 -#define SE05X_RSA_NO_priv /* Skip */ NULL, 0 -#define SE05X_RSA_NO_pubMod /* Skip */ NULL, 0 -#endif // __DOXYGEN__ - - -#endif /* SE05x_ENUMS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ftr.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ftr.h deleted file mode 100644 index 95ac4a2ee..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ftr.h +++ /dev/null @@ -1,36 +0,0 @@ -/* -* -* Copyright 2019,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef SE05X_FTR_H -#define SE05X_FTR_H - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT - -#include - -/** @def SE05X_FTR_8BIT_CURVE_ID - * - * Curve IDs are 8bit wide. Else, the follow same 32 bit - * namespace. - */ - -#if APPLET_SE050_VER_MAJOR_MINOR > 10002u -#define SE05X_FTR_8BIT_CURVE_ID (1) -#define SE05X_FTR_32BIT_CURVE_ID (0) -#else -#define SE05X_FTR_8BIT_CURVE_ID (0) -#define SE05X_FTR_32BIT_CURVE_ID (1) -#endif /* APPLET_SE050_VER_MAJOR_MINOR > 10002u */ - -#endif /* SSS_HAVE_APPLET_SE05X_IOT */ - -#endif /* SE05X_FTR_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_tlv.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_tlv.h deleted file mode 100644 index 3c2158ac8..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_tlv.h +++ /dev/null @@ -1,370 +0,0 @@ -/* -* -* Copyright 2019,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef SE05X_TLV_H_INC -#define SE05X_TLV_H_INC - -#include -#include - - -#include "nxLog.h" -#include "nxScp03_Types.h" -//#include - -// #define VERBOSE_APDU_LOGS 1 - - -#define kSE05x_CLA 0x80 - -typedef enum -{ - SM_NOT_OK = 0xFFFF, - SM_OK = 0x9000, - SM_ERR_CONDITIONS_OF_USE_NOT_SATISFIED = 0x6985, - SM_ERR_ACCESS_DENIED_BASED_ON_POLICY = 0x6986, -} smStatus_t; - - -typedef enum -{ - CRED_DEFAULT = 0x00, - CRED_EC = 0x01, - CRED_RSA = 0x02, - CRED_AES = 0x03, - CRED_DES = 0x04, - CRED_BINARY = 0x05, - CRED_PIN = 0x06, - CRED_COUNTER = 0x07, - CRED_PCR = 0x08, - CRED_OBJECT = 0x09, - - CRED_PUB_EC, - CRED_PUB_RSA -} eSE05xType_t; - - -typedef struct -{ - uint8_t *se05xTxBuf; - size_t se05xTxBufLen; - size_t ws_LC; // With Session LC - size_t ws_LCW; // With Session LC Width 1 or 3 bytes - uint8_t *wsSe05x_cmd; // WithSession SE05X command - size_t wsSe05x_cmdLen; // WithSession SE05X command Length - size_t wsSe05x_tag1Len; // WithSession SE05X Tag1 len - size_t wsSe05x_tag1W; // WithSession SE05X Tag1 Width - uint8_t *wsSe05x_tag1Cmd; // WithSession SE05X Tag1 Command Data - size_t wsSe05x_tag1CmdLen; // WithSession SE05X Tag1 Command Data Len - const tlvHeader_t *se05xCmd_hdr; // SE05x Command Header - size_t se05xCmdLC; // SE05x Command LC - size_t se05xCmdLCW; // SE05x Command LC width - uint8_t *se05xCmd; // SE05x Command - size_t se05xCmdLen; // SE05x Command Length - uint8_t *dataToMac; - size_t dataToMacLen; -} Se05xApdu_t; - -struct Se05xSession; -struct _sss_se05x_tunnel_context; - -typedef struct Se05xSession -{ - uint8_t value[8]; - uint8_t hasSession : 1; - SE_AuthType_t authType; - /** Meta Funciton - * - * Internall first calls fp_Transform - * Then calls fp_RawTXn - * Then calls fp_DeCrypt - */ - smStatus_t(*fp_TXn)(struct Se05xSession * pSession, - const tlvHeader_t *hdr, uint8_t *cmdBuf, size_t cmdBufLen, uint8_t *rsp, size_t *rspLen, uint8_t hasle); - - /** API called by fp_TXn. Helps handle UserID/Applet/ECKey to transform buffer. - * - * But this API never sends any data out over any communication link. */ - smStatus_t(*fp_Transform)(struct Se05xSession * pSession, - /** IN */ - const tlvHeader_t *inHdr, - /** IN */ - uint8_t *inCmdBuf, - /** IN */ - size_t inCmdBufLen, - /** OUT: - * For Session less, - * For Platform SCP this will be copy of, inHDR, with outHdr[0] = outHdr[0] | 0x04 - * For Plain Session: Same as inHDR - * - * For With Session: - * This will be with TLV Header for Wrapped Session Command - */ - tlvHeader_t *outHdr, - /** OUT: For Session less, this will be copy of inCmdBuf - * - * For session based impelementation, this will have - * TAG=Session, L=8,V=Session,TAG=TAG1,L=inCmdBufLen,inCmdBuf */ - uint8_t * pTxBuf, - /** IN,OUT: */ - size_t * pTxBufLen, - /** IN */ - uint8_t hasle); - - /* API called by fp_TXn. Helps handle Applet/Fast SCP to decrypt buffer. - * - * But this API never reads any data */ - smStatus_t(*fp_DeCrypt)(struct Se05xSession * pSession, - size_t prevCmdBufLen, - uint8_t *pInRxBuf, - size_t *pInRxBufLen, - uint8_t hasle); -#if SSS_HAVE_APPLET_SE05X_IOT - /* It's either a minimal/single implemntation that calls smCom_TransceiveRaw() - * - * if pTunnelCtx is Null, directly call smCom_TransceiveRaw() - * - * Or an API part of tunnel ctx that can do PlatformSCP */ - smStatus_t (*fp_RawTXn)(void *conn_ctx, - struct _sss_se05x_tunnel_context *pChannelCtx, - SE_AuthType_t currAuth, - const tlvHeader_t *hdr, - uint8_t *cmdBuf, - size_t cmdBufLen, - uint8_t *rsp, - size_t *rspLen, - uint8_t hasle); - - struct _sss_se05x_tunnel_context * pChannelCtx; -#endif -#if SSS_HAVE_SE - smStatus_t(*fp_Transmit)( - SE_AuthType_t currAuth, - const tlvHeader_t *hdr, - uint8_t *cmdBuf, - size_t cmdBufLen, - uint8_t *rsp, - size_t *rspLen, - uint8_t hasle); -#endif - NXSCP03_DynCtx_t *pdynScp03Ctx; - - /**Connection data context */ - void *conn_ctx; -} Se05xSession_t; - - -typedef struct -{ - uint8_t *value; - size_t value_len; -} Se05xPolicy_t; - -typedef struct -{ - uint8_t ts[12]; -} SE05x_TimeStamp_t; - -typedef struct -{ - uint8_t features[30]; -} SE05x_ExtendedFeatures_t; - -typedef struct -{ - SE05x_Variant_t variant; - SE05x_ExtendedFeatures_t *extended_features; -} Se05x_AppletFeatures_t; - -typedef Se05x_AppletFeatures_t *pSe05xAppletFeatures_t; -typedef Se05xSession_t *pSe05xSession_t; -typedef Se05xPolicy_t *pSe05xPolicy_t; - -#if VERBOSE_APDU_LOGS -#define DO_LOG_V(TAG, DESCRIPTION, VALUE) nLog("APDU", NX_LEVEL_DEBUG, #TAG " [" DESCRIPTION "] = 0x%X", VALUE); -#define DO_LOG_A(TAG, DESCRIPTION, ARRAY, ARRAY_LEN) \ - nLog_au8("APDU", NX_LEVEL_DEBUG, #TAG " [" DESCRIPTION "]", ARRAY, ARRAY_LEN); -#else -#define DO_LOG_V(TAG, DESCRIPTION, VALUE) -#define DO_LOG_A(TAG, DESCRIPTION, ARRAY, ARRAY_LEN) -#endif - -#define TLVSET_Se05xSession(DESCRIPTION, PBUF, PBUFLEN, TAG, SESSIONID) \ - TLVSET_u8buf(DESCRIPTION, PBUF, PBUFLEN, TAG, SESSIONID->value, sizeof(SESSIONID->value)) - -#define TLVSET_Se05xPolicy(DESCRIPTION, PBUF, PBUFLEN, TAG, POLICY) \ - tlvSet_Se05xPolicy(DESCRIPTION, PBUF, PBUFLEN, TAG, POLICY) - -#define TLVSET_U8(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_U8(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_U16(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_U16(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_U16Optional(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_U16Optional(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_U32(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_U32(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_U64_SIZE(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE,SIZE) \ - tlvSet_U64_size(PBUF, PBUFLEN, TAG, VALUE,SIZE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_KeyID(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_KeyID(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_MaxAttemps(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_MaxAttemps(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_AttestationAlgo TLVSET_U8 -#define TLVSET_CipherMode TLVSET_U8 - -#define TLVSET_ECCurve(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - tlvSet_ECCurve(PBUF, PBUFLEN, TAG, VALUE); \ - DO_LOG_V(TAG, DESCRIPTION, VALUE) - -#define TLVSET_ECCurveParam TLVSET_U8 -#define TLVSET_ECDAASignatureAlgo TLVSET_U8 -#define TLVSET_ECSignatureAlgo TLVSET_U8 -#define TLVSET_EDSignatureAlgo TLVSET_U8 -#define TLVSET_MacOperation TLVSET_U8 -#define TLVSET_RSAEncryptionAlgo TLVSET_U8 -#define TLVSET_RSAKeyComponent TLVSET_U8 -#define TLVSET_RSASignatureAlgo TLVSET_U8 -#define TLVSET_DigestMode TLVSET_U8 -#define TLVSET_Variant tlvSet_u8buf_features -#define TLVSET_RSAPubKeyComp TLVSET_U8 -#define TLVSET_PlatformSCPRequest TLVSET_U8 -#define TLVSET_MemoryType TLVSET_U8 - -#define TLVSET_CryptoContext TLVSET_U8 -#define TLVSET_CryptoModeSubType(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ - TLVSET_U8(DESCRIPTION, PBUF, PBUFLEN, TAG, ((VALUE).union_8bit)) - -#define TLVSET_CryptoObjectID TLVSET_U16 - -// #define TLVSET_pVoid(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) (0) -// #define tlvGet_pVoid(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) (0) - -#define TLVSET_u8buf(DESCRIPTION, PBUF, PBUFLEN, TAG, CMD, CMDLEN) \ - tlvSet_u8buf(PBUF, PBUFLEN, TAG, CMD, CMDLEN); \ - DO_LOG_A(TAG, DESCRIPTION, CMD, CMDLEN) - -#define TLVSET_u8bufOptional(DESCRIPTION, PBUF, PBUFLEN, TAG, CMD, CMDLEN) \ - tlvSet_u8bufOptional(PBUF, PBUFLEN, TAG, CMD, CMDLEN); \ - DO_LOG_A(TAG, DESCRIPTION, CMD, CMDLEN) - -#define TLVSET_u8bufOptional_ByteShift(DESCRIPTION, PBUF, PBUFLEN, TAG, CMD, CMDLEN) \ - tlvSet_u8bufOptional_ByteShift(PBUF, PBUFLEN, TAG, CMD, CMDLEN); \ - DO_LOG_A(TAG, DESCRIPTION, CMD, CMDLEN) - - -#define TLVSET_u8buf_I2CM(DESCRIPTION, PBUF, PBUFLEN, TAG, CMD, CMDLEN) \ - tlvSet_u8buf_I2CM(PBUF, PBUFLEN, TAG, CMD, CMDLEN); \ - DO_LOG_A(TAG, DESCRIPTION, CMD, CMDLEN) - - -int tlvSet_U8(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint8_t value); -int tlvSet_U16(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint16_t value); -int tlvSet_U16Optional(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint16_t value); -int tlvSet_U32(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint32_t value); -int tlvSet_U64_size(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint64_t value,uint16_t size); -int tlvSet_u8buf(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, const uint8_t *cmd, size_t cmdLen); -int tlvSet_u8bufOptional(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, const uint8_t *cmd, size_t cmdLen); -/* Same as tlvSet_u8bufOptional, but some time, Most Significant Byte needs to be shifted and Plus by 1 */ -int tlvSet_u8bufOptional_ByteShift(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, const uint8_t *cmd, size_t cmdLen); -int tlvSet_Se05xPolicy(const char *description, uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, Se05xPolicy_t *policy); -int tlvSet_KeyID(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint32_t keyID); -int tlvSet_MaxAttemps(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint16_t maxAttemps); -int tlvSet_ECCurve(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, SE05x_ECCurve_t value); -int tlvSet_u8buf_features(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, pSe05xAppletFeatures_t appletVariant); - -int tlvGet_U8(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint8_t *pRsp); -int tlvGet_U16(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint16_t *pRsp); -int tlvGet_U32(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint32_t *pRsp); - -int tlvGet_u8buf(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint8_t *rsp, size_t *pRspLen); -int tlvGet_ValueIndex(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag); -int tlvGet_Se05xSession( - uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, pSe05xSession_t *pSessionId); -int tlvGet_TimeStamp(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, SE05x_TimeStamp_t *pTs); - -int tlvSet_u8buf_I2CM(uint8_t **buf, size_t *bufLen, SE05x_I2CM_TAG_t tag, const uint8_t *cmd, size_t cmdLen); - -int tlvGet_SecureObjectType(uint8_t *buf, size_t *pBufIndex, size_t bufLen, SE05x_TAG_t tag, SE05x_SecObjTyp_t *pType); - -int tlvGet_Result(uint8_t *buf, size_t *pBufIndex, size_t bufLen, SE05x_TAG_t tag, SE05x_Result_t *presult); - - - -smStatus_t se05x_Transform(struct Se05xSession *pSession, - const tlvHeader_t *hdr, - uint8_t *cmdApduBuf, - const size_t cmdApduBufLen, - tlvHeader_t *out_hdr, - uint8_t *txBuf, - size_t *ptxBufLen, - uint8_t hasle); - -smStatus_t se05x_Transform_scp(struct Se05xSession *pSession, - const tlvHeader_t *hdr, - uint8_t *cmdApduBuf, - const size_t cmdApduBufLen, - tlvHeader_t *outhdr, - uint8_t *txBuf, - size_t *ptxBufLen, - uint8_t hasle); - -smStatus_t se05x_DeCrypt(struct Se05xSession *pSessionCtx, - size_t cmd_cmacLen, - uint8_t *rsp, - size_t *rspLength, - uint8_t hasle); - -smStatus_t DoAPDUTxRx_s_Case2(Se05xSession_t *pSessionCtx, - const tlvHeader_t *hdr, - uint8_t *cmdBuf, - size_t cmdBufLen, - uint8_t *rspBuf, - size_t *pRspBufLen); - -smStatus_t DoAPDUTx_s_Case3(Se05xSession_t *pSessionCtx, - const tlvHeader_t *hdr, - uint8_t *cmdBuf, - size_t cmdBufLen); - -smStatus_t DoAPDUTxRx_s_Case4(Se05xSession_t *pSessionCtx, - const tlvHeader_t *hdr, - uint8_t *cmdBuf, - size_t cmdBufLen, - uint8_t *rspBuf, - size_t *pRspBufLen); - -smStatus_t DoAPDUTxRx_s_Case4_ext(Se05xSession_t *pSessionCtx, - const tlvHeader_t *hdr, - uint8_t *cmdBuf, - size_t cmdBufLen, - uint8_t *rspBuf, - size_t *pRspBufLen); - -smStatus_t DoAPDUTxRx(Se05xSession_t *pSessionCtx, - uint8_t *cmdBuf, - size_t cmdBufLen, - uint8_t *rspBuf, - size_t *pRspBufLen); - -#if SSS_HAVE_APPLET_SE05X_IOT -smStatus_t Se05x_API_I2CM_Send( - pSe05xSession_t sessionId, const uint8_t *buffer, size_t bufferLen, uint8_t *result, size_t *presultLen); -#endif -#endif // !SE05X_TLV_H_INC diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/sm_const.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/sm_const.h deleted file mode 100644 index 7beb37cfa..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/sm_const.h +++ /dev/null @@ -1,123 +0,0 @@ -/* -* -* Copyright 2016,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef _A71CH_CONST_H_ -#define _A71CH_CONST_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_A71CH && (!(SSS_HAVE_A71CH_SIM)) -# define APPLET_NAME "a71ch" // 0x61.37.31.63.68 -# define APPLET_NAME_LEN (sizeof(APPLET_NAME) - 1) -# define SE_NAME "A71CH" -#endif -#if SSS_HAVE_LOOPBACK -# define APPLET_NAME \ - { 0xD2, 0x76, 0x00, 0x00, 0x85, 0x54, 0x65, 0x73, \ - 0x74, 0x01, 0x01 } //echo applet -# define APPLET_NAME_LEN (11) -# define SE_NAME "LoopBack" -#endif -#if SSS_HAVE_A71CL -# define APPLET_NAME \ - { 0xA0, 0x00, 0x00, 0x00, 0x41, 0x6C, 0x69, 0x59, \ - 0x75, 0x6E, 0x2E, 0x49, 0x44, 0x32, 0x01}// "Ali Yun" -# define APPLET_NAME_LEN (15) -# define SE_NAME "A71CL" -#endif - -#if SSS_HAVE_SE050_L -# define APPLET_NAME \ -{ 0xA0, 0x00, 0x00, 0x00, 0x41, 0x6C, 0x69, 0x59, \ - 0x75, 0x6E, 0x2E, 0x49, 0x44, 0x32 \ -}// "Ali Yun" - - -# define APPLET_NAME_LEN (14) -# define SE_NAME "SE050_L" -#endif - -#if SSS_HAVE_A71CH_SIM -# define APPLET_NAME \ - {0xa0, 0x00, 0x00, 0x03, 0x96, 0x54, 0x53, 0x00, \ - 0x00, 0x00, 0x01, 0x03, 0x00, 0x00, 0x00, 0x00} -# define APPLET_NAME_LEN (16) -# define SE_NAME "SE050:EAR:CH" -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT -# define APPLET_NAME \ - {0xa0, 0x00, 0x00, 0x03, 0x96, 0x54, 0x53, 0x00, \ - 0x00, 0x00, 0x01, 0x03, 0x00, 0x00, 0x00, 0x00} -# define APPLET_NAME_LEN (16) - -# define SSD_NAME \ - { 0xD2, 0x76, 0x00, 0x00, 0x85, 0x30, 0x4A, 0x43, 0x4F, 0x90, 0x03} -#endif - -#if SSS_HAVE_SE05X_A -# define SE_NAME "SE050:A" -#endif -#if SSS_HAVE_SE05X_B -# define SE_NAME "SE050:B" -#endif -#if SSS_HAVE_SE05X_C -# define SE_NAME "SE050:C" -#endif - -#define A71CH_KEY_PAIR_MAX_A 2 //!< Maximum amount of ECC key pairs that can be stored in A71CH (A device) -#define A71CH_PUBLIC_KEY_MAX_A 2 //!< Maximum amount of ECC public keys that can be stored in A71CH (A device) -#define A71CH_SYM_KEY_MAX_A 4 //!< Maximum amount of Symmetric keys that can be stored in A71CH (A device) -#define A71CH_KEY_PAIR_MAX_B 4 //!< Maximum amount of ECC key pairs that can be stored in A71CH (B device) -#define A71CH_PUBLIC_KEY_MAX_B 3 //!< Maximum amount of ECC public keys that can be stored in A71CH (B device) -#define A71CH_SYM_KEY_MAX_B 8 //!< Maximum amount of Symmetric keys that can be stored in A71CH (A device) -#define A71CH_COUNTER_MAX 2 //!< Maximum amount of monotonic counters that can be stored in A71CH (A&B) - -// We cover two A71CH product variants that differ in the amount of credentials that can be stored. -// These two variants are referred to (in this example source code) as -// - TYPE_A (or simply A) - which is the device with lesser storage -// - TYPE_B (or simply B) - which is the device with more storage -// As the example source code depends on the amount of credentials that can be stored -// the ::A71CH_DEVICE_TYPE define must be used to select between either variant at compile time. -#define A71CH_DEVICE_TYPE_A (0x41) //!< Symbolic constant to represent the Initial A71CH device -#define A71CH_DEVICE_TYPE_B (0x42) //!< Synbolic constant to represent the A71CH device with more storage -#define A71CH_DEVICE_TYPE A71CH_DEVICE_TYPE_B //!< Indicate the credential storage capabilities of the A71CH - - -/** @def A71CH_KEY_PAIR_MAX - * Maximum ECC Key Pairs in the Secure module */ -/** @def A71CH_PUBLIC_KEY_MAX - * Maximum ECC Public Keys in the Secure module */ -/** @def A71CH_SYM_KEY_MAX - * Maximum ECC Symmetric Keys in the Secure module */ -/** @def A71CH_GP_STORAGE_SIZE - * Maximum General Purpose Storage in the Secure module */ - -#if A71CH_DEVICE_TYPE == A71CH_DEVICE_TYPE_A -//!< Effective value used in examples -# define A71CH_KEY_PAIR_MAX A71CH_KEY_PAIR_MAX_A -# define A71CH_PUBLIC_KEY_MAX A71CH_PUBLIC_KEY_MAX_A -# define A71CH_SYM_KEY_MAX A71CH_SYM_KEY_MAX_A -# define A71CH_GP_STORAGE_SIZE A71CH_GP_STORAGE_SIZE_A -#else -# define A71CH_KEY_PAIR_MAX A71CH_KEY_PAIR_MAX_B -# define A71CH_PUBLIC_KEY_MAX A71CH_PUBLIC_KEY_MAX_B -# define A71CH_SYM_KEY_MAX A71CH_SYM_KEY_MAX_B -# define A71CH_GP_STORAGE_SIZE A71CH_GP_STORAGE_SIZE_B -#endif - -#ifdef __cplusplus -} -#endif -#endif //_A71CHCONSTL_H_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.h deleted file mode 100644 index 9e358d425..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.h +++ /dev/null @@ -1,28 +0,0 @@ -/* -* -* Copyright 2016,2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef _GLOBAL_PLATF_ -#define _GLOBAL_PLATF_ - -#include "sm_types.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define CLA_ISO7816 (0x00) //!< ISO7816-4 defined CLA byte - -#define INS_GP_INITIALIZE_UPDATE (0x50) //!< Global platform defined instruction -#define INS_GP_EXTERNAL_AUTHENTICATE (0x82) //!< Global platform defined instruction -#define INS_GP_SELECT (0xA4) //!< Global platform defined instruction -#define INS_GP_PUT_KEY (0xD8) //!< Global platform defined instruction - -U16 GP_Select(void *conn_ctx, const U8 *appletName, U16 appletNameLen, U8 *response, U16 *responseLen); -U16 GP_GetCLAppletVersion(U8 *appletVersion, U16 *verionLength); -#ifdef __cplusplus -} -#endif -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.h deleted file mode 100644 index 47a739a5f..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.h +++ /dev/null @@ -1,217 +0,0 @@ -/* - * - * Copyright 2016 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * @par Description - * This file defines the API of the APDU parser for AX host library. - * @par History - * 1.0 31-mar-2014 : Initial version - * - */ - -#ifndef _SM_APDU_H_ -#define _SM_APDU_H_ - -#include "apduComm.h" -#include "sm_types.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef A71_IGNORE_PARAM_CHECK -#error "Do not remove API parameter check" -#endif - -/* ------------------------------ */ - -#define MAX_APDU_BUF_LENGTH (256 + 1024) // This value has not been optimized for TGT_A71CH (256+64) - -#define MAX_EXT_APDU_BUF_LENGTH (32769) // extended APDU Max supported Len is 0x7FFF + 2 bytes status code - - -#define APDU_HEADER_LENGTH (5) -#define APDU_EXTENDED_HEADER_LENGTH (7) -#define EXT_CASE4_APDU_OVERHEAD (9) -#define SCP03_OVERHEAD (24) // padding (=16) + mac (=8) -#define RSP_APDU_STATUS_OVERHEAD (2) -#define APDU_STD_MAX_DATA (255) - -// -#ifdef TGT_A70CI -#define TAG_SST_IDENTIFIER (0x01) -#define TAG_SST_INDEX (0x02) -#define TAG_ECC_PRIVATE_KEY (0x03) -#define TAG_ECC_PUBLIC_KEY (0x04) -#define TAG_SHARED_SECRET (0x05) -#define TAG_RSA_PRIVATE_KEY_P (0x06) -#define TAG_RSA_PRIVATE_KEY_Q (0x07) -#define TAG_RSA_PRIVATE_KEY_DP (0x08) -#define TAG_RSA_PRIVATE_KEY_DQ (0x09) -#define TAG_RSA_PRIVATE_KEY_IPQ (0x0A) -#define TAG_PUBLIC_KEY (0x0B) -#define TAG_AES_KEY (0x0C) -#define TAG_AUTH_PUBLIC_KEY_ID (0x0D) -#define TAG_CONTEXT (0x0F) -#define TAG_DIRECTION (0x10) -#define TAG_IV (0x11) -#define TAG_INPUT_DATA (0x12) -#define TAG_OUTPUT_DATA (0x13) -#define TAG_AUTHENTICATION_DATA (0x14) -#define TAG_GMAC_DATA (0x15) -#define TAG_GMAC_LENGTH (0x16) -#define TAG_KEYWRAP_ALGO (0x17) -#define TAG_HASH (0x18) -#define TAG_SIGNATURE (0x19) -#define TAG_VERIFICATION (0x1A) -#define TAG_CERTIFICATE (0x1B) -#define TAG_SIZE (0x1C) -#define TAG_SALT (0x1E) -#elif defined(TGT_A70CM) -#define TAG_DLMS_SECURITY_BYTE (0x00) -#define TAG_SST_IDENTIFIER (0x01) -#define TAG_SST_INDEX (0x02) -#define TAG_ECC_PRIVATE_KEY (0x03) -#define TAG_ECC_PUBLIC_KEY (0x04) -#define TAG_SHARED_SECRET (0x05) -#define TAG_RSA_PRIVATE_KEY_P (0x06) -#define TAG_RSA_PRIVATE_KEY_Q (0x07) -#define TAG_RSA_PRIVATE_KEY_DP (0x08) -#define TAG_RSA_PRIVATE_KEY_DQ (0x09) -#define TAG_RSA_PRIVATE_KEY_IPQ (0x0A) -#define TAG_RSA_PUBLIC_KEY_MOD (0x0B) -#define TAG_AES_KEY (0x0C) -#define TAG_WRAPPED_AES_KEY (0x0D) -#define TAG_CONTEXT (0x0E) -#define TAG_DIRECTION (0x0F) -#define TAG_IV (0x10) -#define TAG_INPUT_DATA (0x11) -#define TAG_OUTPUT_DATA (0x12) -#define TAG_AUTHENTICATION_DATA (0x13) -#define TAG_GMAC_DATA (0x14) -#define TAG_GMAC_LENGTH (0x15) -#define TAG_KEYWRAP_ALGO (0x16) -#define TAG_HASH (0x17) -#define TAG_SIGNATURE (0x18) -#define TAG_DLMS_AK_INDEX (0x19) -#define TAG_VERIFICATION (0x1A) -#define TAG_CERTIFICATE (0x1B) -#define TAG_OFFSET (0x1C) -#define TAG_SIZE (0x1D) -#define TAG_SST_WRAPPING_KEY_INDEX (0x1E) -#else // -/// @cond not_relevant_for_A71ch & A71cl -#define TAG_DLMS_SECURITY_BYTE (0x00) -#define TAG_SST_IDENTIFIER (0x01) -#define TAG_SST_INDEX (0x02) -#define TAG_ECC_PRIVATE_KEY (0x03) -#define TAG_ECC_PUBLIC_KEY (0x04) -#define TAG_SHARED_SECRET (0x05) -#define TAG_RSA_PRIVATE_KEY_P (0x06) -#define TAG_RSA_PRIVATE_KEY_Q (0x07) -#define TAG_RSA_PRIVATE_KEY_DP (0x08) -#define TAG_RSA_PRIVATE_KEY_DQ (0x09) -#define TAG_SST_IDENTIFIER2 (0x0A) -#define TAG_SST_INDEX2 (0x0B) -#define TAG_AES_KEY (0x0C) -#define TAG_WRAPPED_AES_KEY (0x0D) -#define TAG_CONTEXT (0x0E) -#define TAG_DIRECTION (0x0F) -#define TAG_IV (0x10) -#define TAG_INPUT_DATA (0x11) -#define TAG_OUTPUT_DATA (0x12) -#define TAG_AUTHENTICATION_DATA (0x13) -#define TAG_GMAC_DATA (0x14) -#define TAG_GMAC_LENGTH (0x15) -#define TAG_KEYWRAP_ALGO (0x16) -#define TAG_HASH (0x17) -#define TAG_SIGNATURE (0x18) -#define TAG_STATE (0x19) -#define TAG_VERIFICATION (0x1A) -#define TAG_CERTIFICATE (0x1B) -#define TAG_OFFSET (0x1C) -#define TAG_SIZE (0x1D) -#define TAG_SST_WRAPPING_KEY_INDEX (0x1E) -#define TAG_INTERFACE (0x1F) -#define TAG_CHUNK_NUMBER (0x23) -#define TAG_SCP_MIN_SEC_LEVEL (0x24) -#define TAG_STATUS_WORD (0x25) -/// @endcond -#endif // TGT_A70CI -// - -/* ------------------------------ */ -#define AX_CLA (0x80) - -// #define SW_WARNING_FILE_DEACTIVATED (0x6283) -// #define SW_WARNING_FILE_TERMINATED (0x6285) - -#define SW_WRONG_LENGTH (0x6700) //!< ISO7816-4 defined status word: Wrong Length of data -#define SW_SECURE_MESSAGING_NOT_SUPPORTED (0x6882) //!< ISO7816-4 defined status word -#define SW_SECURITY_STATUS_NOT_SATISFIED (0x6982) //!< ISO7816-4 defined status word -#define SW_DATA_INVALID (0x6984) //!< ISO7816-4 defined status word -#define SW_CONDITIONS_NOT_SATISFIED (0x6985) //!< ISO7816-4 defined status word: Conditions of use not satisfied, e.g. a command is not allowed, the provided identifier is not applicable or the index is out of range. -#define SW_COMMAND_NOT_ALLOWED (0x6986) //!< ISO7816-4 defined status word -#define SW_WRONG_DATA (0x6A80) //!< ISO7816-4 defined status word: Wrong data, e.g. the command does not have the right parameters or a parameter is not correct (size, structure). -#define SW_FILE_NOT_FOUND (0x6A82) //!< ISO7816-4 defined status word -#define SW_INCORRECT_P1P2 (0x6A86) //!< ISO7816-4 defined status word: Incorrect P1-P2 parameters -#define SW_INS_NOT_SUPPORTED (0x6D00) //!< ISO7816-4 defined status word: INS byte not supported -#define SW_CLA_NOT_SUPPORTED (0x6E00) //!< ISO7816-4 defined status word: CLA byte not supported -#define SW_NO_ERROR (0x9000) //!< ISO7816-4 defined status word - -#define USE_STANDARD_APDU_LEN 0 //!< Create a standard length APDU. -#define USE_EXTENDED_APDU_LEN 1 //!< Create an extended length APDU. -#define SESSION_ID_LEN 4 - -U8 SetApduHeader(apdu_t * pApdu, U8 extendedLength); -U8 AllocateAPDUBuffer(apdu_t * pApdu); -U8 FreeAPDUBuffer(apdu_t * pApdu); -void smApduAdaptLcLe(apdu_t *pApdu, U16 lc, U16 le); -void smApduAdaptLc(apdu_t *pApdu, U16 lc); -void smApduAdaptLe(apdu_t *pApdu, U16 le); -// U16 GetStatusWord(apdu_t *pApdu); -U16 smGetSw(apdu_t *pApdu, U8 *pIsOk); -void set_SessionId_Tlv(U32 sessionId); - - -U16 AddTlvItem(apdu_t * pApdu, U16 tag, U16 dataLength, const U8 *pValue); -U16 ParseResponse(apdu_t * pApdu, U16 expectedTag, U16 * pLen, U8* pValue); -U16 AddStdCmdData(apdu_t * pApdu, U16 dataLen, const U8 *data); - -U16 smApduGetResponseBody(apdu_t *pApdu, U8 *buf, U16 *bufLen); -U16 smApduAppendCmdData(apdu_t * pApdu, const U8 *data, U16 dataLen); -U16 smApduAdaptChkSum(apdu_t *pApdu, U16 chkSum); - -/** - * @brief Check and convert given hex string to array of bytes to buffer. - * - * Memory allocation needs to be done by the caller, boundary checks on the output - * are performed, null-termination is always added. - * @param[in] str: The binary data to convert. - * @param[in] buffer: buffer to which converted array to be copied. - * @param[in] buffer_len: Size of the available buffer for sanity check. - * @param[out] len: The length of the binary data written to buffer. - * @return True if conversion is successful. - */ -bool smApduGetArrayBytes(char *str, size_t *len, uint8_t * buffer, size_t buffer_len); - -/** - * @brief Parse given apdu command and return command data offset and command data length along with case-id as described in ISO/IEC FDIS 7816-3 spec. - * - * @param[in] apdu: Buffer containing APDU command. - * @param[in] apduLen: The length of APDU command. - * @param[out] data_offset: Offset of data field if present. - * @param[out] dataLen: Length of data field (LC field value) if present. - * @param[out] apdu_case: APDU txrx case accoring to 7816 spec. - * @return True if APDU command has valid format. - */ -bool smApduGetTxRxCase(uint8_t *apdu, size_t apduLen, size_t* data_offset, size_t *dataLen, apduTxRx_case_t *apdu_case); - - -#ifdef __cplusplus -} -#endif -#endif //_SM_APDU_H_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_api.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_api.h deleted file mode 100644 index 6fa2de732..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_api.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** -* @par Description -* This file is the communication specific Host API of the A70CM/CI and A71CH secure module. -* It also customizes the Generic Ax library for this specific product instance -* @par History -* 1.0 27-march-2014 : Initial version -* 7-may-2017 : Unified version for A70CM, CI and A71CH -* -*****************************************************************************/ -#ifndef _SM_API_ -#define _SM_API_ - -#include "sm_types.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -#define AX_HOST_LIB_MAJOR (PLUGANDTRUST_HOSTLIB_VER_MAJOR) //!< Major number A71CH Host Library -#define AX_HOST_LIB_MINOR (PLUGANDTRUST_HOSTLIB_VER_MINOR) //!< Minor (High Nibble)/Patch number (Low Nibble) of A71CH Host Library - -/*! -* @addtogroup sss_sscp_a71ch -* @{ -*/ - -#define SE_CONNECT_TYPE_START 0x000 - -typedef enum -{ - kType_SE_Conn_Type_NONE = 0, - /** Used for A71XX Family */ - kType_SE_Conn_Type_SCII2C = SE_CONNECT_TYPE_START + 2, - /** Used for PC/OSX for virtual COM Port */ - kType_SE_Conn_Type_VCOM = SE_CONNECT_TYPE_START + 3, - /** Used for Legacy JRCP V1 protocol with iMX Linux Proxy */ - kType_SE_Conn_Type_JRCP_V1 = SE_CONNECT_TYPE_START + 4, - /** Used for New JRCP Protocol */ - kType_SE_Conn_Type_JRCP_V2 = SE_CONNECT_TYPE_START + 5, - /** Used for T=1 over I2C for SE050 family */ - kType_SE_Conn_Type_T1oI2C = SE_CONNECT_TYPE_START + 6, - /** Used for Use NFC Interface to talk to SE */ - kType_SE_Conn_Type_NFC = SE_CONNECT_TYPE_START + 7, - /** Used for Use a software layer to talk to SE - * This logicaly allows double encryption of packets - * from same host and allows multi-tenenancy - * - * Channel can be deemed as "Secure Channel" where applicable. - * - * Or it may be a plain "arbiter" to allow plain communication from - * multiple threads on the same application. - */ - kType_SE_Conn_Type_Channel = SE_CONNECT_TYPE_START + 8, - - kType_SE_Conn_Type_PCSC = SE_CONNECT_TYPE_START + 9, - - kType_SE_Conn_Type_LAST, - kType_SE_Conn_Type_SIZE = 0x7FFF -} SSS_Conn_Type_t; - -#define SELECT_APPLET 0 //!< Select predefined applet -#define SELECT_NONE 1 //!< Don't issue a select -#define SELECT_SSD 2 //!< Select SSD - -/** - * Contains the information required to resume a connection with the Security Module. - * Its content is only to be interpreted by the Host Library. - * The semantics of the param1 and param2 fields depends on the link layer. - */ -typedef struct { - U16 connType; - U16 param1; //!< Useage depends on link layer - U16 param2; //!< Useage depends on link layer - U16 hostLibVersion; //!< MSByte contains major version (::AX_HOST_LIB_MAJOR); LSByte contains minor version of HostLib (::AX_HOST_LIB_MINOR) - U32 appletVersion; /*!< MSByte contains major version; - 3 leading bits of LSByte contains minor version of Applet; - Last bit of LSByte encodes whether Applet is in Debug Mode, a '1' means 'Debug Mode' is available */ - U16 sbVersion; //!< Expected to be 0x0000 - U8 select; //!< Applet selection mode -} SmCommState_t; - -/** \name Communication functions - @{ */ -U16 SM_Close(void *conn_ctx, U8 mode); -U16 SM_Connect(void *conn_ctx, SmCommState_t *commState, U8 *atr, U16 *atrLen); -U16 SM_ConnectWithAID(SmCommState_t *commState, U8* appletAID, U16 appletAIDLen, U8 *atr, U16 *atrLen); -U16 SM_RjctConnect(void **conn_ctx, const char *connectString, SmCommState_t *commState, U8 *atr, U16 *atrLen); -U16 SM_RjctConnectWithAID(const char *connectString, SmCommState_t *commState, U8* appletAID, U16 appletAIDLen, U8 *atr, U16 *atrLen); -U16 SM_I2CConnect(void **conn_ctx, SmCommState_t *commState, U8 *atr, U16 *atrLen, const char *pConnString); - -U16 SM_SendAPDU(U8 *cmd, U16 cmdLen, U8 *resp, U16 *respLen); - -#if defined(SMCOM_JRCP_V1_AM) -U16 SM_LockChannel(); -U16 SM_UnlockChannel(); -#endif - -#if defined(SMCOM_JRCP_V1_AM) -#define SM_LOCK_CHANNEL() SM_LockChannel() -#define SM_UNLOCK_CHANNEL() SM_UnlockChannel() -#else -#define SM_LOCK_CHANNEL() -#define SM_UNLOCK_CHANNEL() -#endif - -/** @}*/ - -#ifdef __cplusplus -} -#endif -#endif //_SM_API_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.h deleted file mode 100644 index b5ba47077..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * - * Copyright 2016 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * - * @par Description - * This file provides an interface to generic APDU response evaluation. - * @par History - * 1.0 20-feb-2012 : Initial version - * - */ - -#ifndef _SM_ERRORS_ -#define _SM_ERRORS_ - -#include "apduComm.h" - -#ifdef __cplusplus -extern "C" { -#endif - -U16 CheckNoResponseData(apdu_t * pApdu); -U16 CheckNoResponseDataRaw(U8 *rawResponse, U16 rawResponseLen); - -#ifdef __cplusplus -} -#endif -#endif //_SM_ERRORS_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_types.h deleted file mode 100644 index 56220f1b0..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_types.h +++ /dev/null @@ -1,163 +0,0 @@ -/* - * - * Copyright 2016-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * @par Description - * This file defines A7-series specific types - * @par History - * 1.0 20-feb-2012 : Initial version - * - */ - -#ifndef _SM_TYPES_H_ -#define _SM_TYPES_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(__GNUC__) || defined(__arm__) || defined(__ICCARM__) -#include -#include -#include -#endif /* __GNUC__ || __arm__ || iccarm */ - -#if defined(__ICCARM__) -#include "stddef.h" -#endif /* __ICCARM__ */ - -#if defined(_MSC_VER) && _MSC_VER >= 1600 -#include -#if _MSC_VER >= 1800 -#include -#endif -#endif /* _MSC_VER */ - -typedef uint8_t U8; -typedef uint16_t U16; -typedef uint32_t U32; - -typedef int8_t S8; -typedef int16_t S16; -typedef int32_t S32; - -#if !defined(__cplusplus) && !defined(__GNUC__) && !defined(__arm__) && !defined(__ICCARM__) -#ifdef _MSC_VER -#if _MSC_VER < 1600 -typedef unsigned char bool; // C++ and GCC has bool. -#define false(0) -#define true(1) -#endif //_MSC_VER < 1600 -#else // _MSC_VER -typedef unsigned char bool; // C++ and GCC has bool. -#endif -#endif /* bool */ - -#ifndef FALSE -#define FALSE false -#endif - -#ifndef TRUE -#define TRUE true -#endif - -/** @define AX_EMBEDDED Plaform is embedded like Kinetis / LPC / i.MX RT / Freedom Series */ -#if defined(FREEDOM) || defined(IMX_RT) || defined(CPU_LPC54018) || defined(LPC_55x) || defined(QN9090DK6) -#define AX_EMBEDDED 1 -#elif defined(AX_EMBEDDED) -/* OK */ -#else -#define AX_EMBEDDED 0 -#endif - -/** - * Identification of ECC curve. Not all turnkey solutions cover all these ECC curves. - */ -typedef enum -{ - ECCCurve_NIST_P192 = 0x01, - ECCCurve_NIST_P224 = 0x02, - ECCCurve_NIST_P256 = 0x03, /**< NIST Curve with 256 bits */ - ECCCurve_BrainPoolP192r1 = 0x04, - ECCCurve_BrainPoolP224r1 = 0x05, - ECCCurve_BrainPoolP256r1 = 0x06 -} ECCCurve_t; - -/** - * Identification of hash algorithm - */ -typedef enum -{ - HASHAlgo_SHA1 = 0x01, - HASHAlgo_SHA256 = 0x02 -} HASHAlgo_t; - -typedef U16 SM_Error_t; - -#define AX_UNUSED_ARG(x) (void)(x) - -// The following defines are visible at the smCom layer -// Because they are also used in the platform specific implementation -// layer, they have ended up in this include file. -// They do not belong here from a structural point of view. -#define SMCOM_CLOSE_MODE_STD 0x00 -#define SMCOM_CLOSE_MODE_TERMINATE 0x01 - -// The following is a set of predefined return values. - -/* Don't use -// Protocol error codes -#define BAD_SEQ_NUMBER 0x8000 -#define UNAUTH_CLIENT 0x8001 -#define SEND_ERROR 0x8002 -#define UNKNOW_ORDER 0x8003 -*/ - -/* ------------------------------ */ -// Error/status word -#define SW_OK (0x9000) //!< Operation successfull - -#define ERR_CONNECT_LINK_FAILED (0x7001) -#define ERR_CONNECT_SELECT_FAILED (0x7002) -#define ERR_COMM_ERROR (0x7003) //!< Generic communication error -#define ERR_NO_VALID_IP_PORT_PATTERN (0x8000) -#define ERR_COM_ALREADY_OPEN (0x7016) //!< Communication link is already open with device - -/* Range 0x701x is reserved for Error codes defined in smCom.h */ -// #define SMCOM_SND_FAILED 0x7010 -// #define SMCOM_RCV_FAILED 0x7011 - -#define ERR_MEMORY (0x7020) //!< Memory allocation error -#define ERR_GENERAL_ERROR (0x7021) //!< Non-specific error code -#define ERR_WRONG_RESPONSE (0x7022) //!< Semantic error discovered while parsing APDU response -#define ERR_API_ERROR (0x7023) //!< Illegal parameter value passed to API -#define ERR_TLV_MISSING (0x7024) //!< Specific TAG is missing from APDU response -#define ERR_HASH_COMPARE_FAILS (0x7025) -#define ERR_BUF_TOO_SMALL (0x7026) //!< Buffer provided is too small -#define ERR_CRYPTO_ENGINE_FAILED \ - (0x7027) //!< The crypto engine (implemented underneath a crypto abstraction layer) failed to provide a crypto service. -#define ERR_PATTERN_COMPARE_FAILED (0x7028) -#define ERR_NOT_IMPLEMENTED (0x7029) -#define ERR_FILE_SYSTEM (0x7030) -#define ERR_NO_PRIVATE_KEY (0x7031) -#define ERR_IDENT_IDX_RANGE (0x7032) //!< Identifier or Index of Reference Key is out of bounds -#define ERR_CRC_CHKSUM_VERIFY (0x7033) //!< CRC checksum verify error -#define ERR_INTERNAL_BUF_TOO_SMALL (0x7034) //!< In A71CH PSP 1.6 this had value 0x7033. Code was already taken by A71CL - -#define SCP_OK (SW_OK) -#define SCP_UNDEFINED_CHANNEL_ID (0x7041) //!< Undefined SCP channel identifier -#define SCP_FAIL (0x7042) -#define SCP_CARD_CRYPTOGRAM_FAILS_TO_VERIFY (0x7043) -#define SCP_PARAMETER_ERROR (0x7044) - -#define SCP_RSP_MAC_FAIL (0x7050) //!< MAC on APDU response is not correct -#define SCP_DECODE_FAIL (0x7051) //!< Encrypted Response did not decode to correctly padded plaintext - -#ifdef __cplusplus -} -#endif - -#endif // _SM_TYPES_H_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.h deleted file mode 100644 index a520a5704..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.h +++ /dev/null @@ -1,107 +0,0 @@ -/* -* -* Copyright 2018 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef NX_LOG_H -#define NX_LOG_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * - * Overview - * ========================================== - * - * These set of files help control logging levels in - * the applicaiton. - * - * The overall idea is to - * - Control logging at mutiple levels - * - Fine gain control of logging - * - Easy for the devleoper to add log messages - * - Easy for the devleoper to add/remove log components - * - Focus on embedded systems - * - * - * Control logging at mutiple levels - * ========================================== - * - * Each component can log one of the following levels. - * DEBUG - For the developer. Too much verbsity. - * INFO - General Information. Easy for end user to keep track what is happening. - * WARN - Some error occured, but can be handled - * ERROR - Some erro roccured, but no nice way to handle - * - * For each level, the logging APIs, LOG_D, LOG_I, LOG_W, LOG_E are available. - * - * - * Fine gain control of logging - * ========================================== - * - * Each component get's its own logging file. - * e.g. nxLog_SSS.h for SSS Layer, nxLog_UseCase.h for use cases. - * SSS Layer and UseCase layer's source files include these individual files - * and with that they can control logging level. - * - * Common `nxLog_Config.h` can control the logging levels, - * or individual source files can control their logging levels. - * - * Easy for the devleoper to add log messages - * ========================================== - * - * Within the source code, only include the file for the given component, e.g. `nxLog_SSS.h`. - * And only call LOG_D, LOG_E, etc. within that file. - * - * - * Easy for the devleoper to add/remove log components - * =========================================================================== - * - * When not required, the files like `nxLog_SSS.h` can be deleted. And when needed - * the script nxLog_Gen.py can be run: - * - * python nxLog_Gen.py - * - * - * Focus on embedded systems - * =========================================================================== - * - * Do not take loging level information at run time, but at compile time. - * This enables to reduce the code size. - * - * - **/ - -#include -#include - -#define NX_LEVEL_DEBUG 4 -#define NX_LEVEL_INFO 3 -#define NX_LEVEL_WARN 2 -#define NX_LEVEL_ERROR 1 - -#define NX_LOG_D -#define NX_LOG_I -#define NX_LOG_W -#define NX_LOG_E - -/* - * Initialised the multithreading locks if running on Native or FreeRtos. - * If running on system where mutex or semaphore is not available, return - * success without doing anything. - */ -uint8_t nLog_Init(); -void nLog_DeInit(); - -void nLog(const char *comp, int level, const char *format, ...); - -void nLog_au8(const char *comp, int level, const char *message, const unsigned char *array, size_t array_len); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_App.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_App.h deleted file mode 100644 index c2ad1f90b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_App.h +++ /dev/null @@ -1,183 +0,0 @@ -/* -* -* Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_APP_H -#define NX_LOG_APP_H - -#include - -/* ############################################################ */ -/* ## AUTO Generated ########################################## */ -/* ############################################################ */ - -/* Default configuration file */ -#include - -/* clang-format off */ - -/* Check if we are double defining these macros */ -#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) -/* This should not happen. The only reason this could happn is double inclusion of different log files. */ -# error "LOG_ macro already defined" -#endif /* LOG_E */ - -/* Enable/Set log levels for 'App' - start */ -/* If source file, or nxLog_Config.h has not set it, set these defines - * - * Do not #undef these values, rather set to 0/1. This way we can - * jump to definition and avoid plain-old-text-search to jump to - * undef. */ - -#ifndef NX_LOG_ENABLE_APP_DEBUG -# define NX_LOG_ENABLE_APP_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) -#endif -#ifndef NX_LOG_ENABLE_APP_INFO -# define NX_LOG_ENABLE_APP_INFO (NX_LOG_ENABLE_APP_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) -#endif -#ifndef NX_LOG_ENABLE_APP_WARN -# define NX_LOG_ENABLE_APP_WARN (NX_LOG_ENABLE_APP_INFO + NX_LOG_ENABLE_DEFAULT_WARN) -#endif -#ifndef NX_LOG_ENABLE_APP_ERROR -# define NX_LOG_ENABLE_APP_ERROR (NX_LOG_ENABLE_APP_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) -#endif - -/* Enable/Set log levels for 'App' - end */ - -#if NX_LOG_ENABLE_APP_DEBUG -# define LOG_DEBUG_ENABLED 1 -# define LOG_D(format, ...) \ - nLog("App", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) -# define LOG_X8_D(VALUE) \ - nLog("App", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_D(VALUE) \ - nLog("App", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X16_D(VALUE) \ - nLog("App", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_D(VALUE) \ - nLog("App", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X32_D(VALUE) \ - nLog("App", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_D(VALUE) \ - nLog("App", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_D(ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) -#else -# define LOG_DEBUG_ENABLED 0 -# define LOG_D(...) -# define LOG_X8_D(VALUE) -# define LOG_U8_D(VALUE) -# define LOG_X16_D(VALUE) -# define LOG_U16_D(VALUE) -# define LOG_X32_D(VALUE) -# define LOG_U32_D(VALUE) -# define LOG_AU8_D(ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_APP_INFO -# define LOG_INFO_ENABLED 1 -# define LOG_I(format, ...) \ - nLog("App", NX_LEVEL_INFO, format, ##__VA_ARGS__) -# define LOG_X8_I(VALUE) \ - nLog("App", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_I(VALUE) \ - nLog("App", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X16_I(VALUE) \ - nLog("App", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_I(VALUE) \ - nLog("App", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X32_I(VALUE) \ - nLog("App", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_I(VALUE) \ - nLog("App", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_I(ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) -#else -# define LOG_INFO_ENABLED 0 -# define LOG_I(...) -# define LOG_X8_I(VALUE) -# define LOG_U8_I(VALUE) -# define LOG_X16_I(VALUE) -# define LOG_U16_I(VALUE) -# define LOG_X32_I(VALUE) -# define LOG_U32_I(VALUE) -# define LOG_AU8_I(ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_APP_WARN -# define LOG_WARN_ENABLED 1 -# define LOG_W(format, ...) \ - nLog("App", NX_LEVEL_WARN, format, ##__VA_ARGS__) -# define LOG_X8_W(VALUE) \ - nLog("App", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_W(VALUE) \ - nLog("App", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X16_W(VALUE) \ - nLog("App", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_W(VALUE) \ - nLog("App", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X32_W(VALUE) \ - nLog("App", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_W(VALUE) \ - nLog("App", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_W(ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) -#else -# define LOG_WARN_ENABLED 0 -# define LOG_W(...) -# define LOG_X8_W(VALUE) -# define LOG_U8_W(VALUE) -# define LOG_X16_W(VALUE) -# define LOG_U16_W(VALUE) -# define LOG_X32_W(VALUE) -# define LOG_U32_W(VALUE) -# define LOG_AU8_W(ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_APP_ERROR -# define LOG_ERROR_ENABLED 1 -# define LOG_E(format, ...) \ - nLog("App", NX_LEVEL_ERROR, format, ##__VA_ARGS__) -# define LOG_X8_E(VALUE) \ - nLog("App", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_E(VALUE) \ - nLog("App", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X16_E(VALUE) \ - nLog("App", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_E(VALUE) \ - nLog("App", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X32_E(VALUE) \ - nLog("App", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_E(VALUE) \ - nLog("App", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_E(ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ - nLog_au8("App", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) -#else -# define LOG_ERROR_ENABLED 0 -# define LOG_E(...) -# define LOG_X8_E(VALUE) -# define LOG_U8_E(VALUE) -# define LOG_X16_E(VALUE) -# define LOG_U16_E(VALUE) -# define LOG_X32_E(VALUE) -# define LOG_U32_E(VALUE) -# define LOG_AU8_E(ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) -#endif - -/* clang-format on */ - -#endif /* NX_LOG_APP_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_DefaultConfig.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_DefaultConfig.h deleted file mode 100644 index 1b0cee9de..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_DefaultConfig.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * - * Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_DEFAULT_CONFIG_H -#define NX_LOG_DEFAULT_CONFIG_H - -/* See Plug & Trust Middleware Docuemntation --> stack --> Logging - for more information */ - -/* - * - 1 => Enable Debug level logging - for all. - * - 0 => Disable Debug level logging. This has to be - * enabled individually by other logging - * header/source files */ -#define NX_LOG_ENABLE_DEFAULT_DEBUG 1 - -/* Same as NX_LOG_ENABLE_DEFAULT_DEBUG but for Info Level */ -#define NX_LOG_ENABLE_DEFAULT_INFO 1 - -/* Same as NX_LOG_ENABLE_DEFAULT_DEBUG but for Warn Level */ -#define NX_LOG_ENABLE_DEFAULT_WARN 1 - -/* Same as NX_LOG_ENABLE_DEFAULT_DEBUG but for Error Level. - * Ideally, this shoudl alwasy be kept enabled */ -#define NX_LOG_ENABLE_DEFAULT_ERROR 1 - - -/* Release - retail build */ -#ifdef FLOW_SILENT -#undef NX_LOG_ENABLE_DEFAULT_DEBUG -#undef NX_LOG_ENABLE_DEFAULT_INFO -#undef NX_LOG_ENABLE_DEFAULT_WARN -#undef NX_LOG_ENABLE_DEFAULT_ERROR - -#define NX_LOG_ENABLE_DEFAULT_DEBUG 0 -#define NX_LOG_ENABLE_DEFAULT_INFO 0 -#define NX_LOG_ENABLE_DEFAULT_WARN 0 -#define NX_LOG_ENABLE_DEFAULT_ERROR 0 -#endif - -#endif /* NX_LOG_DEFAULT_CONFIG_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_hostLib.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_hostLib.h deleted file mode 100644 index 65e68a3b9..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_hostLib.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * - * Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_HOSTLIB_H -#define NX_LOG_HOSTLIB_H - -#include - -/* ############################################################ */ -/* ## AUTO Generated ########################################## */ -/* ############################################################ */ - -/* Default configuration file */ -#include - -/* clang-format off */ - -/* Check if we are double defining these macros */ -#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) -/* This should not happen. The only reason this could happn is double inclusion of different log files. */ -# error "LOG_ macro already defined" -#endif /* LOG_E */ - -/* Enable/Set log levels for 'hostLib' - start */ -/* If source file, or nxLog_Config.h has not set it, set these defines - * - * Do not #undef these values, rather set to 0/1. This way we can - * jump to definition and avoid plain-old-text-search to jump to - * undef. */ - -#ifndef NX_LOG_ENABLE_HOSTLIB_DEBUG -# define NX_LOG_ENABLE_HOSTLIB_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) -#endif -#ifndef NX_LOG_ENABLE_HOSTLIB_INFO -# define NX_LOG_ENABLE_HOSTLIB_INFO (NX_LOG_ENABLE_HOSTLIB_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) -#endif -#ifndef NX_LOG_ENABLE_HOSTLIB_WARN -# define NX_LOG_ENABLE_HOSTLIB_WARN (NX_LOG_ENABLE_HOSTLIB_INFO + NX_LOG_ENABLE_DEFAULT_WARN) -#endif -#ifndef NX_LOG_ENABLE_HOSTLIB_ERROR -# define NX_LOG_ENABLE_HOSTLIB_ERROR (NX_LOG_ENABLE_HOSTLIB_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) -#endif - -/* Enable/Set log levels for 'hostLib' - end */ - -#if NX_LOG_ENABLE_HOSTLIB_DEBUG -# define LOG_DEBUG_ENABLED 1 -# define LOG_D(format, ...) \ - nLog("hostLib", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) -# define LOG_X8_D(VALUE) \ - nLog("hostLib", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_D(VALUE) \ - nLog("hostLib", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X16_D(VALUE) \ - nLog("hostLib", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_D(VALUE) \ - nLog("hostLib", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X32_D(VALUE) \ - nLog("hostLib", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_D(VALUE) \ - nLog("hostLib", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_D(ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) -#else -# define LOG_DEBUG_ENABLED 0 -# define LOG_D(...) -# define LOG_X8_D(VALUE) -# define LOG_U8_D(VALUE) -# define LOG_X16_D(VALUE) -# define LOG_U16_D(VALUE) -# define LOG_X32_D(VALUE) -# define LOG_U32_D(VALUE) -# define LOG_AU8_D(ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_HOSTLIB_INFO -# define LOG_INFO_ENABLED 1 -# define LOG_I(format, ...) \ - nLog("hostLib", NX_LEVEL_INFO, format, ##__VA_ARGS__) -# define LOG_X8_I(VALUE) \ - nLog("hostLib", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_I(VALUE) \ - nLog("hostLib", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X16_I(VALUE) \ - nLog("hostLib", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_I(VALUE) \ - nLog("hostLib", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X32_I(VALUE) \ - nLog("hostLib", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_I(VALUE) \ - nLog("hostLib", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_I(ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) -#else -# define LOG_INFO_ENABLED 0 -# define LOG_I(...) -# define LOG_X8_I(VALUE) -# define LOG_U8_I(VALUE) -# define LOG_X16_I(VALUE) -# define LOG_U16_I(VALUE) -# define LOG_X32_I(VALUE) -# define LOG_U32_I(VALUE) -# define LOG_AU8_I(ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_HOSTLIB_WARN -# define LOG_WARN_ENABLED 1 -# define LOG_W(format, ...) \ - nLog("hostLib", NX_LEVEL_WARN, format, ##__VA_ARGS__) -# define LOG_X8_W(VALUE) \ - nLog("hostLib", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_W(VALUE) \ - nLog("hostLib", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X16_W(VALUE) \ - nLog("hostLib", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_W(VALUE) \ - nLog("hostLib", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X32_W(VALUE) \ - nLog("hostLib", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_W(VALUE) \ - nLog("hostLib", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_W(ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) -#else -# define LOG_WARN_ENABLED 0 -# define LOG_W(...) -# define LOG_X8_W(VALUE) -# define LOG_U8_W(VALUE) -# define LOG_X16_W(VALUE) -# define LOG_U16_W(VALUE) -# define LOG_X32_W(VALUE) -# define LOG_U32_W(VALUE) -# define LOG_AU8_W(ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_HOSTLIB_ERROR -# define LOG_ERROR_ENABLED 1 -# define LOG_E(format, ...) \ - nLog("hostLib", NX_LEVEL_ERROR, format, ##__VA_ARGS__) -# define LOG_X8_E(VALUE) \ - nLog("hostLib", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_E(VALUE) \ - nLog("hostLib", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X16_E(VALUE) \ - nLog("hostLib", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_E(VALUE) \ - nLog("hostLib", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X32_E(VALUE) \ - nLog("hostLib", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_E(VALUE) \ - nLog("hostLib", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_E(ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ - nLog_au8("hostLib", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) -#else -# define LOG_ERROR_ENABLED 0 -# define LOG_E(...) -# define LOG_X8_E(VALUE) -# define LOG_U8_E(VALUE) -# define LOG_X16_E(VALUE) -# define LOG_U16_E(VALUE) -# define LOG_X32_E(VALUE) -# define LOG_U32_E(VALUE) -# define LOG_AU8_E(ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) -#endif - -/* clang-format on */ - -#endif /* NX_LOG_HOSTLIB_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_mbedtls.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_mbedtls.h deleted file mode 100644 index cd866fc9c..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_mbedtls.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * - * Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_MBEDTLS_H -#define NX_LOG_MBEDTLS_H - -#include - -/* ############################################################ */ -/* ## AUTO Generated ########################################## */ -/* ############################################################ */ - -/* Default configuration file */ -#include - -/* clang-format off */ - -/* Check if we are double defining these macros */ -#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) -/* This should not happen. The only reason this could happn is double inclusion of different log files. */ -# error "LOG_ macro already defined" -#endif /* LOG_E */ - -/* Enable/Set log levels for 'mbedtls' - start */ -/* If source file, or nxLog_Config.h has not set it, set these defines - * - * Do not #undef these values, rather set to 0/1. This way we can - * jump to definition and avoid plain-old-text-search to jump to - * undef. */ - -#ifndef NX_LOG_ENABLE_MBEDTLS_DEBUG -# define NX_LOG_ENABLE_MBEDTLS_DEBUG (NX_LOG_ENABLE_SSS_DEBUG) -#endif -#ifndef NX_LOG_ENABLE_MBEDTLS_INFO -# define NX_LOG_ENABLE_MBEDTLS_INFO (NX_LOG_ENABLE_MBEDTLS_DEBUG + NX_LOG_ENABLE_SSS_INFO) -#endif -#ifndef NX_LOG_ENABLE_MBEDTLS_WARN -# define NX_LOG_ENABLE_MBEDTLS_WARN (NX_LOG_ENABLE_MBEDTLS_INFO + NX_LOG_ENABLE_SSS_WARN) -#endif -#ifndef NX_LOG_ENABLE_MBEDTLS_ERROR -# define NX_LOG_ENABLE_MBEDTLS_ERROR (NX_LOG_ENABLE_MBEDTLS_WARN + NX_LOG_ENABLE_SSS_ERROR) -#endif - -/* Enable/Set log levels for 'mbedtls' - end */ - -#if NX_LOG_ENABLE_MBEDTLS_DEBUG -# define LOG_DEBUG_ENABLED 1 -# define LOG_D(format, ...) \ - nLog("mbedtls", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) -# define LOG_X8_D(VALUE) \ - nLog("mbedtls", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_D(VALUE) \ - nLog("mbedtls", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X16_D(VALUE) \ - nLog("mbedtls", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_D(VALUE) \ - nLog("mbedtls", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X32_D(VALUE) \ - nLog("mbedtls", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_D(VALUE) \ - nLog("mbedtls", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_D(ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) -#else -# define LOG_DEBUG_ENABLED 0 -# define LOG_D(...) -# define LOG_X8_D(VALUE) -# define LOG_U8_D(VALUE) -# define LOG_X16_D(VALUE) -# define LOG_U16_D(VALUE) -# define LOG_X32_D(VALUE) -# define LOG_U32_D(VALUE) -# define LOG_AU8_D(ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_MBEDTLS_INFO -# define LOG_INFO_ENABLED 1 -# define LOG_I(format, ...) \ - nLog("mbedtls", NX_LEVEL_INFO, format, ##__VA_ARGS__) -# define LOG_X8_I(VALUE) \ - nLog("mbedtls", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_I(VALUE) \ - nLog("mbedtls", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X16_I(VALUE) \ - nLog("mbedtls", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_I(VALUE) \ - nLog("mbedtls", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X32_I(VALUE) \ - nLog("mbedtls", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_I(VALUE) \ - nLog("mbedtls", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_I(ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) -#else -# define LOG_INFO_ENABLED 0 -# define LOG_I(...) -# define LOG_X8_I(VALUE) -# define LOG_U8_I(VALUE) -# define LOG_X16_I(VALUE) -# define LOG_U16_I(VALUE) -# define LOG_X32_I(VALUE) -# define LOG_U32_I(VALUE) -# define LOG_AU8_I(ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_MBEDTLS_WARN -# define LOG_WARN_ENABLED 1 -# define LOG_W(format, ...) \ - nLog("mbedtls", NX_LEVEL_WARN, format, ##__VA_ARGS__) -# define LOG_X8_W(VALUE) \ - nLog("mbedtls", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_W(VALUE) \ - nLog("mbedtls", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X16_W(VALUE) \ - nLog("mbedtls", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_W(VALUE) \ - nLog("mbedtls", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X32_W(VALUE) \ - nLog("mbedtls", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_W(VALUE) \ - nLog("mbedtls", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_W(ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) -#else -# define LOG_WARN_ENABLED 0 -# define LOG_W(...) -# define LOG_X8_W(VALUE) -# define LOG_U8_W(VALUE) -# define LOG_X16_W(VALUE) -# define LOG_U16_W(VALUE) -# define LOG_X32_W(VALUE) -# define LOG_U32_W(VALUE) -# define LOG_AU8_W(ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_MBEDTLS_ERROR -# define LOG_ERROR_ENABLED 1 -# define LOG_E(format, ...) \ - nLog("mbedtls", NX_LEVEL_ERROR, format, ##__VA_ARGS__) -# define LOG_X8_E(VALUE) \ - nLog("mbedtls", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_E(VALUE) \ - nLog("mbedtls", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X16_E(VALUE) \ - nLog("mbedtls", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_E(VALUE) \ - nLog("mbedtls", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X32_E(VALUE) \ - nLog("mbedtls", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_E(VALUE) \ - nLog("mbedtls", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_E(ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ - nLog_au8("mbedtls", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) -#else -# define LOG_ERROR_ENABLED 0 -# define LOG_E(...) -# define LOG_X8_E(VALUE) -# define LOG_U8_E(VALUE) -# define LOG_X16_E(VALUE) -# define LOG_U16_E(VALUE) -# define LOG_X32_E(VALUE) -# define LOG_U32_E(VALUE) -# define LOG_AU8_E(ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) -#endif - -/* clang-format on */ - -#endif /* NX_LOG_MBEDTLS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_scp.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_scp.h deleted file mode 100644 index c8bc4f2ad..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_scp.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * - * Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_SCP_H -#define NX_LOG_SCP_H - -#include - -/* ############################################################ */ -/* ## AUTO Generated ########################################## */ -/* ############################################################ */ - -/* Default configuration file */ -#include - -/* clang-format off */ - -/* Check if we are double defining these macros */ -#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) -/* This should not happen. The only reason this could happn is double inclusion of different log files. */ -# error "LOG_ macro already defined" -#endif /* LOG_E */ - -/* Enable/Set log levels for 'scp' - start */ -/* If source file, or nxLog_Config.h has not set it, set these defines - * - * Do not #undef these values, rather set to 0/1. This way we can - * jump to definition and avoid plain-old-text-search to jump to - * undef. */ - -#ifndef NX_LOG_ENABLE_SCP_DEBUG -# define NX_LOG_ENABLE_SCP_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) -#endif -#ifndef NX_LOG_ENABLE_SCP_INFO -# define NX_LOG_ENABLE_SCP_INFO (NX_LOG_ENABLE_SCP_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) -#endif -#ifndef NX_LOG_ENABLE_SCP_WARN -# define NX_LOG_ENABLE_SCP_WARN (NX_LOG_ENABLE_SCP_INFO + NX_LOG_ENABLE_DEFAULT_WARN) -#endif -#ifndef NX_LOG_ENABLE_SCP_ERROR -# define NX_LOG_ENABLE_SCP_ERROR (NX_LOG_ENABLE_SCP_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) -#endif - -/* Enable/Set log levels for 'scp' - end */ - -#if NX_LOG_ENABLE_SCP_DEBUG -# define LOG_DEBUG_ENABLED 1 -# define LOG_D(format, ...) \ - nLog("scp", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) -# define LOG_X8_D(VALUE) \ - nLog("scp", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_D(VALUE) \ - nLog("scp", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X16_D(VALUE) \ - nLog("scp", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_D(VALUE) \ - nLog("scp", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X32_D(VALUE) \ - nLog("scp", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_D(VALUE) \ - nLog("scp", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_D(ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) -#else -# define LOG_DEBUG_ENABLED 0 -# define LOG_D(...) -# define LOG_X8_D(VALUE) -# define LOG_U8_D(VALUE) -# define LOG_X16_D(VALUE) -# define LOG_U16_D(VALUE) -# define LOG_X32_D(VALUE) -# define LOG_U32_D(VALUE) -# define LOG_AU8_D(ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SCP_INFO -# define LOG_INFO_ENABLED 1 -# define LOG_I(format, ...) \ - nLog("scp", NX_LEVEL_INFO, format, ##__VA_ARGS__) -# define LOG_X8_I(VALUE) \ - nLog("scp", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_I(VALUE) \ - nLog("scp", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X16_I(VALUE) \ - nLog("scp", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_I(VALUE) \ - nLog("scp", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X32_I(VALUE) \ - nLog("scp", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_I(VALUE) \ - nLog("scp", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_I(ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) -#else -# define LOG_INFO_ENABLED 0 -# define LOG_I(...) -# define LOG_X8_I(VALUE) -# define LOG_U8_I(VALUE) -# define LOG_X16_I(VALUE) -# define LOG_U16_I(VALUE) -# define LOG_X32_I(VALUE) -# define LOG_U32_I(VALUE) -# define LOG_AU8_I(ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SCP_WARN -# define LOG_WARN_ENABLED 1 -# define LOG_W(format, ...) \ - nLog("scp", NX_LEVEL_WARN, format, ##__VA_ARGS__) -# define LOG_X8_W(VALUE) \ - nLog("scp", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_W(VALUE) \ - nLog("scp", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X16_W(VALUE) \ - nLog("scp", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_W(VALUE) \ - nLog("scp", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X32_W(VALUE) \ - nLog("scp", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_W(VALUE) \ - nLog("scp", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_W(ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) -#else -# define LOG_WARN_ENABLED 0 -# define LOG_W(...) -# define LOG_X8_W(VALUE) -# define LOG_U8_W(VALUE) -# define LOG_X16_W(VALUE) -# define LOG_U16_W(VALUE) -# define LOG_X32_W(VALUE) -# define LOG_U32_W(VALUE) -# define LOG_AU8_W(ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SCP_ERROR -# define LOG_ERROR_ENABLED 1 -# define LOG_E(format, ...) \ - nLog("scp", NX_LEVEL_ERROR, format, ##__VA_ARGS__) -# define LOG_X8_E(VALUE) \ - nLog("scp", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_E(VALUE) \ - nLog("scp", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X16_E(VALUE) \ - nLog("scp", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_E(VALUE) \ - nLog("scp", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X32_E(VALUE) \ - nLog("scp", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_E(VALUE) \ - nLog("scp", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_E(ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ - nLog_au8("scp", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) -#else -# define LOG_ERROR_ENABLED 0 -# define LOG_E(...) -# define LOG_X8_E(VALUE) -# define LOG_U8_E(VALUE) -# define LOG_X16_E(VALUE) -# define LOG_U16_E(VALUE) -# define LOG_X32_E(VALUE) -# define LOG_U32_E(VALUE) -# define LOG_AU8_E(ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) -#endif - -/* clang-format on */ - -#endif /* NX_LOG_SCP_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_smCom.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_smCom.h deleted file mode 100644 index 7d42451a1..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_smCom.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * - * Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_SMCOM_H -#define NX_LOG_SMCOM_H - -#include - -/* ############################################################ */ -/* ## AUTO Generated ########################################## */ -/* ############################################################ */ - -/* Default configuration file */ -#include - -/* clang-format off */ - -/* Check if we are double defining these macros */ -#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) -/* This should not happen. The only reason this could happn is double inclusion of different log files. */ -# error "LOG_ macro already defined" -#endif /* LOG_E */ - -/* Enable/Set log levels for 'smCom' - start */ -/* If source file, or nxLog_Config.h has not set it, set these defines - * - * Do not #undef these values, rather set to 0/1. This way we can - * jump to definition and avoid plain-old-text-search to jump to - * undef. */ - -#ifndef NX_LOG_ENABLE_SMCOM_DEBUG -# define NX_LOG_ENABLE_SMCOM_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) -#endif -#ifndef NX_LOG_ENABLE_SMCOM_INFO -# define NX_LOG_ENABLE_SMCOM_INFO (NX_LOG_ENABLE_SMCOM_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) -#endif -#ifndef NX_LOG_ENABLE_SMCOM_WARN -# define NX_LOG_ENABLE_SMCOM_WARN (NX_LOG_ENABLE_SMCOM_INFO + NX_LOG_ENABLE_DEFAULT_WARN) -#endif -#ifndef NX_LOG_ENABLE_SMCOM_ERROR -# define NX_LOG_ENABLE_SMCOM_ERROR (NX_LOG_ENABLE_SMCOM_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) -#endif - -/* Enable/Set log levels for 'smCom' - end */ - -#if NX_LOG_ENABLE_SMCOM_DEBUG -# define LOG_DEBUG_ENABLED 1 -# define LOG_D(format, ...) \ - nLog("smCom", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) -# define LOG_X8_D(VALUE) \ - nLog("smCom", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_D(VALUE) \ - nLog("smCom", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X16_D(VALUE) \ - nLog("smCom", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_D(VALUE) \ - nLog("smCom", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X32_D(VALUE) \ - nLog("smCom", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_D(VALUE) \ - nLog("smCom", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_D(ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) -#else -# define LOG_DEBUG_ENABLED 0 -# define LOG_D(...) -# define LOG_X8_D(VALUE) -# define LOG_U8_D(VALUE) -# define LOG_X16_D(VALUE) -# define LOG_U16_D(VALUE) -# define LOG_X32_D(VALUE) -# define LOG_U32_D(VALUE) -# define LOG_AU8_D(ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SMCOM_INFO -# define LOG_INFO_ENABLED 1 -# define LOG_I(format, ...) \ - nLog("smCom", NX_LEVEL_INFO, format, ##__VA_ARGS__) -# define LOG_X8_I(VALUE) \ - nLog("smCom", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_I(VALUE) \ - nLog("smCom", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X16_I(VALUE) \ - nLog("smCom", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_I(VALUE) \ - nLog("smCom", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X32_I(VALUE) \ - nLog("smCom", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_I(VALUE) \ - nLog("smCom", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_I(ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) -#else -# define LOG_INFO_ENABLED 0 -# define LOG_I(...) -# define LOG_X8_I(VALUE) -# define LOG_U8_I(VALUE) -# define LOG_X16_I(VALUE) -# define LOG_U16_I(VALUE) -# define LOG_X32_I(VALUE) -# define LOG_U32_I(VALUE) -# define LOG_AU8_I(ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SMCOM_WARN -# define LOG_WARN_ENABLED 1 -# define LOG_W(format, ...) \ - nLog("smCom", NX_LEVEL_WARN, format, ##__VA_ARGS__) -# define LOG_X8_W(VALUE) \ - nLog("smCom", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_W(VALUE) \ - nLog("smCom", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X16_W(VALUE) \ - nLog("smCom", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_W(VALUE) \ - nLog("smCom", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X32_W(VALUE) \ - nLog("smCom", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_W(VALUE) \ - nLog("smCom", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_W(ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) -#else -# define LOG_WARN_ENABLED 0 -# define LOG_W(...) -# define LOG_X8_W(VALUE) -# define LOG_U8_W(VALUE) -# define LOG_X16_W(VALUE) -# define LOG_U16_W(VALUE) -# define LOG_X32_W(VALUE) -# define LOG_U32_W(VALUE) -# define LOG_AU8_W(ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SMCOM_ERROR -# define LOG_ERROR_ENABLED 1 -# define LOG_E(format, ...) \ - nLog("smCom", NX_LEVEL_ERROR, format, ##__VA_ARGS__) -# define LOG_X8_E(VALUE) \ - nLog("smCom", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_E(VALUE) \ - nLog("smCom", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X16_E(VALUE) \ - nLog("smCom", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_E(VALUE) \ - nLog("smCom", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X32_E(VALUE) \ - nLog("smCom", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_E(VALUE) \ - nLog("smCom", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_E(ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ - nLog_au8("smCom", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) -#else -# define LOG_ERROR_ENABLED 0 -# define LOG_E(...) -# define LOG_X8_E(VALUE) -# define LOG_U8_E(VALUE) -# define LOG_X16_E(VALUE) -# define LOG_U16_E(VALUE) -# define LOG_X32_E(VALUE) -# define LOG_U32_E(VALUE) -# define LOG_AU8_E(ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) -#endif - -/* clang-format on */ - -#endif /* NX_LOG_SMCOM_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_sss.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_sss.h deleted file mode 100644 index fb61c1fdc..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_sss.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * - * Copyright 2018 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef NX_LOG_SSS_H -#define NX_LOG_SSS_H - -#include - -/* ############################################################ */ -/* ## AUTO Generated ########################################## */ -/* ############################################################ */ - -/* Default configuration file */ -#include - -/* clang-format off */ - -/* Check if we are double defining these macros */ -#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) -/* This should not happen. The only reason this could happn is double inclusion of different log files. */ -# error "LOG_ macro already defined" -#endif /* LOG_E */ - -/* Enable/Set log levels for 'sss' - start */ -/* If source file, or nxLog_Config.h has not set it, set these defines - * - * Do not #undef these values, rather set to 0/1. This way we can - * jump to definition and avoid plain-old-text-search to jump to - * undef. */ - -#ifndef NX_LOG_ENABLE_SSS_DEBUG -# define NX_LOG_ENABLE_SSS_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) -#endif -#ifndef NX_LOG_ENABLE_SSS_INFO -# define NX_LOG_ENABLE_SSS_INFO (NX_LOG_ENABLE_SSS_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) -#endif -#ifndef NX_LOG_ENABLE_SSS_WARN -# define NX_LOG_ENABLE_SSS_WARN (NX_LOG_ENABLE_SSS_INFO + NX_LOG_ENABLE_DEFAULT_WARN) -#endif -#ifndef NX_LOG_ENABLE_SSS_ERROR -# define NX_LOG_ENABLE_SSS_ERROR (NX_LOG_ENABLE_SSS_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) -#endif - -/* Enable/Set log levels for 'sss' - end */ - -#if NX_LOG_ENABLE_SSS_DEBUG -# define LOG_DEBUG_ENABLED 1 -# define LOG_D(format, ...) \ - nLog("sss", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) -# define LOG_X8_D(VALUE) \ - nLog("sss", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_D(VALUE) \ - nLog("sss", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X16_D(VALUE) \ - nLog("sss", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_D(VALUE) \ - nLog("sss", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_X32_D(VALUE) \ - nLog("sss", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_D(VALUE) \ - nLog("sss", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_D(ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) -#else -# define LOG_DEBUG_ENABLED 0 -# define LOG_D(...) -# define LOG_X8_D(VALUE) -# define LOG_U8_D(VALUE) -# define LOG_X16_D(VALUE) -# define LOG_U16_D(VALUE) -# define LOG_X32_D(VALUE) -# define LOG_U32_D(VALUE) -# define LOG_AU8_D(ARRAY, LEN) -# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SSS_INFO -# define LOG_INFO_ENABLED 1 -# define LOG_I(format, ...) \ - nLog("sss", NX_LEVEL_INFO, format, ##__VA_ARGS__) -# define LOG_X8_I(VALUE) \ - nLog("sss", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_I(VALUE) \ - nLog("sss", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X16_I(VALUE) \ - nLog("sss", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_I(VALUE) \ - nLog("sss", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_X32_I(VALUE) \ - nLog("sss", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_I(VALUE) \ - nLog("sss", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_I(ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) -#else -# define LOG_INFO_ENABLED 0 -# define LOG_I(...) -# define LOG_X8_I(VALUE) -# define LOG_U8_I(VALUE) -# define LOG_X16_I(VALUE) -# define LOG_U16_I(VALUE) -# define LOG_X32_I(VALUE) -# define LOG_U32_I(VALUE) -# define LOG_AU8_I(ARRAY, LEN) -# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SSS_WARN -# define LOG_WARN_ENABLED 1 -# define LOG_W(format, ...) \ - nLog("sss", NX_LEVEL_WARN, format, ##__VA_ARGS__) -# define LOG_X8_W(VALUE) \ - nLog("sss", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_W(VALUE) \ - nLog("sss", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X16_W(VALUE) \ - nLog("sss", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_W(VALUE) \ - nLog("sss", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_X32_W(VALUE) \ - nLog("sss", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_W(VALUE) \ - nLog("sss", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_W(ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) -#else -# define LOG_WARN_ENABLED 0 -# define LOG_W(...) -# define LOG_X8_W(VALUE) -# define LOG_U8_W(VALUE) -# define LOG_X16_W(VALUE) -# define LOG_U16_W(VALUE) -# define LOG_X32_W(VALUE) -# define LOG_U32_W(VALUE) -# define LOG_AU8_W(ARRAY, LEN) -# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) -#endif - -#if NX_LOG_ENABLE_SSS_ERROR -# define LOG_ERROR_ENABLED 1 -# define LOG_E(format, ...) \ - nLog("sss", NX_LEVEL_ERROR, format, ##__VA_ARGS__) -# define LOG_X8_E(VALUE) \ - nLog("sss", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) -# define LOG_U8_E(VALUE) \ - nLog("sss", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X16_E(VALUE) \ - nLog("sss", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) -# define LOG_U16_E(VALUE) \ - nLog("sss", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_X32_E(VALUE) \ - nLog("sss", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) -# define LOG_U32_E(VALUE) \ - nLog("sss", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) -# define LOG_AU8_E(ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ - nLog_au8("sss", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) -#else -# define LOG_ERROR_ENABLED 0 -# define LOG_E(...) -# define LOG_X8_E(VALUE) -# define LOG_U8_E(VALUE) -# define LOG_X16_E(VALUE) -# define LOG_U16_E(VALUE) -# define LOG_X32_E(VALUE) -# define LOG_U32_E(VALUE) -# define LOG_AU8_E(ARRAY, LEN) -# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) -#endif - -/* clang-format on */ - -#endif /* NX_LOG_SSS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseStatus.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseStatus.h deleted file mode 100644 index b14761df9..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseStatus.h +++ /dev/null @@ -1,421 +0,0 @@ -/* - * Copyright 2010-2014,2018-2019 NXP - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * ESE Status Values - Function Return Codes - */ - -#ifndef PHESESTATUS_H -#define PHESESTATUS_H - -#include "phEseTypes.h" - -/* Internally required by PHESESTVAL. */ -#define PHESESTSHL8 (8U) -/* Required by PHESESTVAL. */ -#define PHESESTBLOWER ((ESESTATUS)(0x00FFU)) - -/* - * ESE Status Composition Macro - * - * This is the macro which must be used to compose status values. - * - * phEseCompID Component ID, as defined in phEseCompId.h . - * phEseStatus Status values, as defined in phEseStatus.h . - * - * The macro is not required for the ESESTATUS_SUCCESS value. - * This is the only return value to be used directly. - * For all other values it shall be used in assignment and conditional statements, e.g.: - * ESESTATUS status = PHESESTVAL(phEseCompID, phEseStatus); ... - * if (status == PHESESTVAL(phEseCompID, phEseStatus)) ... - */ -#define PHESESTVAL(phEseCompID, phEseStatus) \ - ( ((phEseStatus) == (ESESTATUS_SUCCESS)) ? (ESESTATUS_SUCCESS) : \ - ( (((ESESTATUS)(phEseStatus)) & (PHESESTBLOWER)) | \ - (((uint16_t)(phEseCompID)) << (PHESESTSHL8)) ) ) - -/* - * PHESESTATUS - * Get grp_retval from Status Code - */ -#define PHESESTATUS(phEseStatus) ((phEseStatus) & 0x00FFU) -#define PHESECID(phEseStatus) (((phEseStatus) & 0xFF00U)>>8) - -/* - * Status Codes - * - * Generic Status codes for the ESE components. Combined with the Component ID - * they build the value (status) returned by each function. - * Example: - * grp_comp_id "Component ID" - e.g. 0x10, plus - * status code as listed in this file - e.g. 0x03 - * result in a status value of 0x0003. - */ - -/* - * The function indicates successful completion - */ -#define ESESTATUS_SUCCESS (0x0000) - -/* - * The function indicates successful completion - */ -#define ESESTATUS_OK (ESESTATUS_SUCCESS) - -/* - * At least one parameter could not be properly interpreted - */ -#define ESESTATUS_INVALID_PARAMETER (0x0001) - -/* - * Invalid buffer provided by application - * */ -#define ESESTATUS_INVALID_BUFFER (0x0002) - -/* - * The buffer provided by the caller is too small - */ -#define ESESTATUS_BUFFER_TOO_SMALL (0x0003) - -/* - * Invalid class byte provided by application - * */ -#define ESESTATUS_INVALID_CLA (0x0004) - -/* - * Invalid command pdu type provided by application - * */ -#define ESESTATUS_INVALID_CPDU_TYPE (0x0005) - -/* - * Invalid command LE type provided by application - * */ -#define ESESTATUS_INVALID_LE_TYPE (0x0007) - -/* - * Device specifier/handle value is invalid for the operation - */ -#define ESESTATUS_INVALID_DEVICE (0x0006) - -/* - * The function executed successfully but could have returned - * more information than space provided by the caller - */ -#define ESESTATUS_MORE_FRAME (0x0008) - -/* - * No response from the remote device received: Time-out - */ -#define ESESTATUS_LAST_FRAME (0x0009) - -/* - * CRC Error during data transaction with the device - */ -#define ESESTATUS_CRC_ERROR (0x000A) - -/* - * SOF Error during data transaction with the device - */ -#define ESESTATUS_SOF_ERROR (0x000B) - -/* - * Not enough resources Memory, Timer etc(e.g. allocation failed.) - */ -#define ESESTATUS_INSUFFICIENT_RESOURCES (0x000C) - -/* - * A non-blocking function returns this immediately to indicate - * that an internal operation is in progress - */ -#define ESESTATUS_PENDING (0x000D) - -/* - * A board communication error occurred - * (e.g. Configuration went wrong) - */ -#define ESESTATUS_BOARD_COMMUNICATION_ERROR (0x000F) - -/* - * Invalid State of the particular state machine - */ -#define ESESTATUS_INVALID_STATE (0x0011) - - -/* - * This Layer is Not initialized, hence initialization required. - */ -#define ESESTATUS_NOT_INITIALISED (0x0031) - - -/* - * The Layer is already initialized, hence initialization repeated. - */ -#define ESESTATUS_ALREADY_INITIALISED (0x0032) - - -/* - * Feature not supported - */ -#define ESESTATUS_FEATURE_NOT_SUPPORTED (0x0033) - -/* - * Parity Error - */ -#define ESESTATUS_PARITY_ERROR (0x0034) - - -/* The Registration command has failed because the user wants to register on - * an element for which he is already registered - */ -#define ESESTATUS_ALREADY_REGISTERED (0x0035) - -/* Chained frame is being sent */ -#define ESESTATUS_CHAINED_FRAME (0x0036) - -/* - * Single frame is sent - */ -#define ESESTATUS_SINGLE_FRAME (0x0037) - -/* - * A DESELECT event has occurred - */ -#define ESESTATUS_DESELECTED (0x0038) - -/* - * A RELEASE event has occurred - */ -#define ESESTATUS_RELEASED (0x0039) - -/* - * The operation is currently not possible or not allowed - */ -#define ESESTATUS_NOT_ALLOWED (0x003A) - -/* - * Other indicaated error sent by JCOP. - */ -#define ESESTATUS_OTHER_ERROR (0x003C) -/* - * The system is busy with the firmware download operation. - */ -#define ESESTATUS_DWNLD_BUSY (0x006E) - -/* - * The system is busy with the previous operation. - */ -#define ESESTATUS_BUSY (0x006F) - - -/* NDEF Mapping error codes */ - -/* The remote device (type) is not valid for this request. */ -#define ESESTATUS_INVALID_REMOTE_DEVICE (0x001D) - -/* Read operation failed */ -#define ESESTATUS_READ_FAILED (0x0014) - -/* - * Write operation failed - */ -#define ESESTATUS_WRITE_FAILED (0x0015) - - -/* Non Ndef Compliant */ -#define ESESTATUS_NO_NDEF_SUPPORT (0x0016) - -/* resend the frame with seq_counter 0*/ -#define ESESTATUS_RESET_SEQ_COUNTER_FRAME_RESEND (0x001A) - -/* Incorrect number of bytes received from the card*/ -#define ESESTATUS_INVALID_RECEIVE_LENGTH (0x001B) - -/* The data format/composition is not understood/correct. */ -#define ESESTATUS_INVALID_FORMAT (0x001C) - - -/* There is not sufficient storage available. */ -#define ESESTATUS_INSUFFICIENT_STORAGE (0x001F) - -/* The last command would be re-sent */ -#define ESESTATUS_FRAME_RESEND (0x0023) - -/* The write timeout error */ -#define ESESTATUS_WRITE_TIMEOUT (0x0024) - -/* - * Response Time out for the control message(ESEC not responded) - */ -#define ESESTATUS_RESPONSE_TIMEOUT (0x0025) - -/* - * Resend the last R Frame - */ -#define ESESTATUS_FRAME_RESEND_R_FRAME (0x0026) - -/* - * Send next chained frame - */ -#define ESESTATUS_SEND_NEXT_FRAME (0x0027) - -/* - * Protocol revovery started - */ -#define ESESTATUS_REVOCERY_STARTED (0x0028) - -/* - * Single Target Detected - */ -#define ESESTATUS_SEND_R_FRAME (0x0029) - -/* - * Resend the RNAK - */ - -#define ESESTATUS_FRAME_RESEND_RNAK (0x0030) - -/* - * Resend the last R Frame - */ -#define ESESTATUS_FRAME_SEND_R_FRAME (0x003B) - -/* - * Unknown error Status Codes - */ -#define ESESTATUS_UNKNOWN_ERROR (0x00FE) - -/* - * Status code for failure - */ -#define ESESTATUS_FAILED (0x00FF) - -/* - * The function/command has been aborted - */ -#define ESESTATUS_CMD_ABORTED (0x0002) - -/* - * No target found after poll - */ -#define ESESTATUS_NO_TARGET_FOUND (0x000A) - -/* Attempt to disconnect a not connected remote device. */ -#define ESESTATUS_NO_DEVICE_CONNECTED (0x000B) - - -/* requesting a resynchronization */ -#define ESESTATUS_RESYNCH_REQ (0x000E) - -/* - * acknowledging resynchronization - */ -#define ESESTATUS_RESYNCH_RES (0x0010) - -/* - * S-block offering a maximum size of the information field - */ -#define ESESTATUS_IFS_REQ (0x001E) - -/* S-block offering a maximum size of the information field */ -#define ESESTATUS_IFS_RES (0x0017) - -/* S-block requesting a chain abortion */ -#define ESESTATUS_ABORT_REQ (0x00F0) - - -/*S-block acknowledging the chain abortion*/ -#define ESESTATUS_ABORT_RES (0x00F2) - - -/* S-block requesting a waiting time extension*/ -#define ESESTATUS_WTX_REQ (0x00F5) - -/* S-block acknowledging the waiting time extension */ -#define ESESTATUS_WTX_RES (0x00F6) - -/* S-block interface reset request */ -#define ESESTATUS_RESET_REQ (0x00F7) - -/* S-block interface reset response */ -#define ESESTATUS_RESET_RES (0x00F8) - -/* S-block requesting a end of apdu transfer*/ -#define ESESTATUS_END_APDU_REQ (0x00F9) - -/* S-block acknowledging end of apdu transfer*/ -#define ESESTATUS_END_APDU_RES (0x00FA) - -/* - * Shutdown in progress, cannot handle the request at this time. - */ -#define ESESTATUS_SHUTDOWN (0x0091) - -/* - * Target is no more in RF field - */ -#define ESESTATUS_TARGET_LOST (0x0092) - -/* - * Request is rejected - */ -#define ESESTATUS_REJECTED (0x0093) - -/* - * Target is not connected - */ -#define ESESTATUS_TARGET_NOT_CONNECTED (0x0094) - -/* - * Invalid handle for the operation - */ -#define ESESTATUS_INVALID_HANDLE (0x0095) - -/* - * Process aborted - */ -#define ESESTATUS_ABORTED (0x0096) - -/* - * Requested command is not supported - */ -#define ESESTATUS_COMMAND_NOT_SUPPORTED (0x0097) - -/* - * Tag is not NDEF compilant - */ -#define ESESTATUS_NON_NDEF_COMPLIANT (0x0098) - -/* - * Not enough memory available to complete the requested operation - */ -#define ESESTATUS_NOT_ENOUGH_MEMORY (0x001F) - -/* - * Indicates incoming connection - */ -#define ESESTATUS_INCOMING_CONNECTION (0x0045) - -/* - * Indicates Connection was successful - */ -#define ESESTATUS_CONNECTION_SUCCESS (0x0046) - -/* - * Indicates Connection failed - */ -#define ESESTATUS_CONNECTION_FAILED (0x0047) - -#endif /* PHESESTATUS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseTypes.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseTypes.h deleted file mode 100644 index 6a511644b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseTypes.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright 2010-2014,2018-2019 NXP - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PHESETYPES_H -#define PHESETYPES_H -#include -#include -#include -#include - -typedef uint8_t utf8_t; /* UTF8 Character String */ -typedef uint8_t bool_t; /* boolean data type */ -typedef uint16_t ESESTATUS; /* Return values */ -#define STATIC static - -#define UNUSED(X) (void)X; - -#endif /* PHESETYPES_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h deleted file mode 100644 index 8b44bc7d6..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright 2010-2014,2018-2020 NXP - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - /** - * \addtogroup eSe_PAL_I2C - * \brief PAL I2C port implementation for linux - * @{ */ -#ifndef _PHNXPESE_PAL_I2C_H -#define _PHNXPESE_PAL_I2C_H - -/* Basic type definitions */ -#include - - -/*! - * \brief ESE Poll timeout (min 1 miliseconds) - */ -#define ESE_POLL_DELAY_MS (1) -/*! - * \brief ESE Poll timeout. - * As Max WTX timeout is 1sec, select ESE_NAD_POLLING_MAX count in such a way that WTX request frm SE is not skiped - * select target value is 2 sec. - * - * Note: Here ESE_NAD_POLLING_MAX is depend on platform, If i2c driver does not have backoff delay implemented, - * then set ESE_NAD_POLLING_MAX value to >=300 - * - */ -#if AX_EMBEDDED //back off delay is implemented for AX_EMBEDDED devices - /*TODO:semslite need more than 20 polling count right now max is set to 60 as 46 was the max sof counter observed - SIMW-2927*/ -#if defined(LPC_55x) - #define ESE_NAD_POLLING_MAX (2*250) - #else - #define ESE_NAD_POLLING_MAX (2*30) -#endif -#else - #define ESE_NAD_POLLING_MAX (2*250) -#endif -/*! - * \brief Max retry count for Write - */ -#define MAX_RETRY_COUNT 3 - -/*! - * \brief ESE wakeup delay in case of write error retry - */ -#define WAKE_UP_DELAY_MS 5 //5 ms -/*! - * \brief ESE wakeup delay in case of write error retry - */ -#define NAD_POLLING_SCALER 1 -/*! - * \brief ESE wakeup delay in case of write error retry - */ -#define CHAINED_PKT_SCALER 1 -/*! - * \brief This function is used to set slave address of ESE - * - */ -// #define I2C_MASTER_SLAVE_ADDR_7BIT (0x90U >> 1) //slve bit address is 20U but driver do right shift so set to 40U -#define SMCOM_I2C_ADDRESS (0x90) - -/*! - * \ingroup eSe_PAL_I2C - * - * \brief PAL Configuration exposed to upper layer. - */ -typedef struct phPalEse_Config -{ - int8_t *pDevName; - /*!< Port name connected to ESE - * - * Platform specific canonical device name to which ESE is connected. - * - * e.g. On Linux based systems this would be /dev/p73 - */ - - int8_t DeviceAddress; - /*!< I2C Address of SE connected - */ - - uint32_t dwBaudRate; - /*!< Communication speed between DH and ESE - * - * This is the baudrate of the bus for communication between DH and ESE - */ - - void *pDevHandle; - /*!< Device handle output */ -} phPalEse_Config_t,*pphPalEse_Config_t; /* pointer to phPalEse_Config_t */ - -void phPalEse_i2c_close(void *pDevHandle); -ESESTATUS phPalEse_i2c_open_and_configure(pphPalEse_Config_t pConfig); -int phPalEse_i2c_read(void *pDevHandle, uint8_t * pBuffer, int nNbBytesToRead); -int phPalEse_i2c_write(void *pDevHandle,uint8_t * pBuffer, int nNbBytesToWrite); -/** @} */ -#endif /* _PHNXPESE_PAL_I2C_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.h deleted file mode 100644 index ccfd00e87..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.h +++ /dev/null @@ -1,443 +0,0 @@ -/* - * Copyright 2010-2014,2018-2020 NXP - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef _PHNXPESEPROTO7816_3_H_ -#define _PHNXPESEPROTO7816_3_H_ -#include - - -/** - * \addtogroup ISO7816-3_protocol_lib - * \brief 7816-3 PROTOCOL STACK - * @{ */ - -/********************* Definitions and structures *****************************/ - -/*! - * \brief S-Frame types used in 7816-3 protocol stack - */ -typedef enum sFrameTypes { - RESYNCH_REQ = 0x00,/*!< Re-synchronisation request between host and ESE */ - RESYNCH_RSP = 0x20,/*!< Re-synchronisation response between host and ESE */ - IFSC_REQ = 0x01,/*!< IFSC size request */ - IFSC_RES = 0x21,/*!< IFSC size response */ - ABORT_REQ = 0x02,/*!< Abort request */ - ABORT_RES = 0x22,/*!< Abort response */ - WTX_REQ = 0x03,/*!< WTX request */ - WTX_RSP = 0x23,/*!< WTX response */ -#if defined(T1oI2C_UM11225) - INTF_RESET_REQ = 0x0F,/*!< Interface reset request */ - INTF_RESET_RSP = 0x2F,/*!< Interface reset response */ - PROP_END_APDU_REQ = 0x05,/*!< Proprietary Enf of APDU request */ - PROP_END_APDU_RSP = 0x25,/*!< Proprietary Enf of APDU response */ - CHIP_RESET_REQ = 0x06, /*chip reset request*/ - CHIP_RESET_RES = 0x26, /*chip reset response*/ - ATR_REQ = 0x07, /* get ATR request*/ - ATR_RES = 0x27, /*get ATR response*/ -#elif defined(T1oI2C_GP1_0) - SWR_REQ = 0x0F,/*!< Software reset request */ - SWR_RSP = 0x2F,/*!< Software reset response */ - COLD_RESET_REQ = 0x1E, /*cold reset request*/ - COLD_RESET_RES = 0x3E, /*cold reset response*/ - RELEASE_REQ = 0x06, /* Release request*/ - RELEASE_RES = 0x26, /* Release response*/ - CIP_REQ = 0x04,/*!< Get CIP request */ - CIP_RES = 0x24,/*!< Get CIP response */ -#endif - INVALID_REQ_RES /*!< Invalid request */ - } sFrameTypes_t; - -/*! - * \brief R-Frame types used in 7816-3 protocol stack - */ -typedef enum rFrameTypes -{ - RACK = 0x01, /*!< R-frame Acknowledgement frame indicator */ - RNACK = 0x02 /*!< R-frame Negative-Acknowledgement frame indicator */ -}rFrameTypes_t; - -/*! - * \brief R-Frame error types used 7816-3 protocol stack - */ -typedef enum rFrameErrorTypes -{ - NO_ERROR, /*!< R-frame received with success */ - PARITY_ERROR, /*!< R-frame received with parity error */ - OTHER_ERROR, /*!< R-frame received with Other error */ - SOF_MISSED_ERROR, /*!< R-frame received with frame missing error */ - UNDEFINED_ERROR /*!< R-frame received with some undefined error */ -}rFrameErrorTypes_t; - -/*! - * \brief Frame types used in 7816-3 protocol stack - */ -typedef enum phNxpEseProto7816_FrameTypes -{ - IFRAME,/*!< Frame type: I-frame */ - SFRAME,/*!< Frame type: S-frame */ - RFRAME,/*!< Frame type: R-frame */ - INVALID,/*!< Frame type: Invalid */ - UNKNOWN /*!< Frame type: Unknown */ -}phNxpEseProto7816_FrameTypes_t; - -/*! - * \brief 7816-3 protocol stack states - */ -typedef enum phNxpEseProto7816_State -{ - PH_NXP_ESE_PROTO_7816_IDLE,/*!< 7816-3 protocol state: IDLE */ - PH_NXP_ESE_PROTO_7816_TRANSCEIVE,/*!< 7816-3 protocol state: TRANSCEIVE going on */ - PH_NXP_ESE_PROTO_7816_DEINIT /*!< 7816-3 protocol state: DeInit going on */ -}phNxpEseProto7816_State_t; - -/*! - * \brief 7816-3 protocol transceive states - */ -typedef enum phNxpEseProto7816_TransceiveStates -{ - IDLE_STATE, /*!< 7816-3 protocol transceive state: IDLE */ - SEND_IFRAME, /*!< 7816-3 protocol transceive state: I-frame to be sent */ - SEND_R_NACK, /*!< 7816-3 protocol transceive state: R-NACK frame to be sent */ - SEND_R_ACK, /*!< 7816-3 protocol transceive state: R-ACK frame to be sent */ - SEND_S_RSYNC, /*!< 7816-3 protocol transceive state: S-frame re-synchronisation command to be sent */ -#if defined(T1oI2C_UM11225) - SEND_S_INTF_RST, /*!< 7816-3 protocol transceive state: S-frame interface reset command to be sent */ - SEND_S_EOS, /*!< 7816-3 protocol transceive state: S-frame end of session command to be sent */ - SEND_S_ATR, /*!< 7816-3 protocol transceive state: S-frame ATR command to be sent */ - SEND_S_CHIP_RST, /*!< 7816-3 protocol transceive state: S-frame chip reset command to be sent */ -#elif defined(T1oI2C_GP1_0) - SEND_S_SWR, /*!< 7816-3 protocol transceive state: S-frame Software reset command to be sent */ - SEND_S_RELEASE, /*!< 7816-3 protocol transceive state: S-frame RELEASE command to be sent */ - SEND_S_CIP, /*!< 7816-3 protocol transceive state: S-frame CIP command to be sent */ - SEND_S_COLD_RST, /*!< 7816-3 protocol transceive state: S-frame cold reset command to be sent */ -#endif - SEND_S_WTX_REQ, /*!< 7816-3 protocol transceive state: S-frame WTX command to be sent */ - SEND_S_WTX_RSP, /*!< 7816-3 protocol transceive state: S-frame WTX response to be sent */ - -}phNxpEseProto7816_TransceiveStates_t; - -/*! - * \brief I-frame information structure for ISO 7816-3 - * - * This structure holds the information of I-frame used for sending - * and receiving the frame packet. - * - */ -typedef struct iFrameInfo -{ - bool_t isChained; /*!< I-frame: Indicates if more frames to follow in the same data packet or not */ - uint8_t *p_data; /*!< I-frame: Actual data (Information field (INF)) */ - uint8_t seqNo; /*!< I-frame: Sequence number of the I-frame */ - uint32_t maxDataLen; /*!< I-frame: Maximum data length to be allowed in a single I-frame */ - uint32_t dataOffset; /*!< I-frame: Offset to the actual data(INF) for the current frame of the packet */ - uint32_t totalDataLen; /*!< I-frame: Total data left in the packet, used to set the chained flag/calculating offset */ - uint32_t sendDataLen; /*!< I-frame: the length of the I-frame actual data */ -}iFrameInfo_t; - -/*! - * \brief S-frame information structure for ISO 7816-3 - * - * This structure holds the information of S-frame used for sending - * and receiving the frame packet. - * - */ -typedef struct sFrameInfo -{ - sFrameTypes_t sFrameType;/*!< S-frame: Type of S-frame cmd/rsp */ -}sFrameInfo_t; - -/*! - * \brief R-frame information structure for ISO 7816-3 - * - * This structure holds the information of R-frame used for sending - * and receiving the frame packet. - * - */ -typedef struct rFrameInfo -{ - uint8_t seqNo; /*!< R-frame: Sequence number of the expected I-frame */ - rFrameErrorTypes_t errCode; /*!< R-frame: Error type */ -}rFrameInfo_t; - -/*! - * \brief Next/Last Tx information structure holding transceive data - * - * This structure holds the information of the next/last sent - * I-frame/R-frame/S-frame depending on the frame type - * - */ -typedef struct phNxpEseProto7816_NextTx_Info -{ - //union { - iFrameInfo_t - IframeInfo; /*!< Information of the I-frame to be send next or the last sent I-frame depending on the frame type */ - rFrameInfo_t - RframeInfo; /*!< Information of the R-frame to be send next or the last sent R-frame depending on the frame type */ - sFrameInfo_t - SframeInfo; /*!< Information of the S-frame to be send next or the last sent S-frame depending on the frame type */ - //} f; - phNxpEseProto7816_FrameTypes_t FrameType; /*!< Frame (I/R/S frames) type to be sent next */ -}phNxpEseProto7816_NextTx_Info_t; - -/*! - * \brief Last sent Tx ransceive data - * - * This structure holds the information of the last sent - * I-frame/R-frame/S-frame - * - */ -typedef phNxpEseProto7816_NextTx_Info_t phNxpEseProto7816_LastTx_Info_t; - -/*! - * \brief Last Rx information structure holding transceive data - * - * This structure holds the information of the next/last sent - * I-frame/R-frame/S-frame - * - */ -typedef struct phNxpEseRx_Cntx -{ - iFrameInfo_t lastRcvdIframeInfo; /*!< I-frame: Last received frame */ - rFrameInfo_t lastRcvdRframeInfo; /*!< R-frame: Last received frame */ - sFrameInfo_t lastRcvdSframeInfo; /*!< S-frame: Last received frame */ - phNxpEseProto7816_FrameTypes_t lastRcvdFrameType; /*!< Last received frame type */ - phNxpEse_data *pRsp; -}phNxpEseRx_Cntx_t; - -/*! - * \brief 7816-3 protocol stack context structure - * - * This structure holds the complete information of the - * 7816-3 protocol stack context - * - */ -typedef struct phNxpEseProto7816 -{ - phNxpEseProto7816_LastTx_Info_t phNxpEseLastTx_Cntx; /*!< Last transmitted frame information */ - phNxpEseProto7816_NextTx_Info_t phNxpEseNextTx_Cntx; /*!< Next frame to be transmitted */ - phNxpEseRx_Cntx_t phNxpEseRx_Cntx; /*!< Last received frame information */ - phNxpEseProto7816_TransceiveStates_t phNxpEseProto7816_nextTransceiveState; /*!< Next Transceive state. It determines the next - action to be done from host */ - phNxpEseProto7816_State_t phNxpEseProto7816_CurrentState;/*!< Current protocol stack state */ - uint8_t recoveryCounter; /*!< Keeps track of number of error recovery done. Stack exits after it reaches max. count */ - unsigned long int wtx_counter_limit; /*!< Max. WTX counter limit */ - unsigned long int wtx_counter; /*!< WTX count tracker */ - uint8_t timeoutCounter; /*!< Keeps track of number of timeout happened. Stack exits after it reaches max. count */ - phNxpEseProto7816_FrameTypes_t lastSentNonErrorframeType; /*!< Copy of the last sent non-error frame type: R-ACK, S-frame, I-frame */ - unsigned long int rnack_retry_limit; - unsigned long int rnack_retry_counter; -}phNxpEseProto7816_t; - -/*! - * \brief 7816-3 protocol stack init params - * - * This structure holds the parameters to be passed to open 7816-3 protocl stack instance - * - */ -typedef struct phNxpEseProto7816InitParam -{ - unsigned long int wtx_counter_limit; /*!< WTX count limit */ - bool_t interfaceReset; /*!< INTF reset required or not>*/ - unsigned long int rnack_retry_limit; -}phNxpEseProto7816InitParam_t; - -/*! - * \brief 7816-3 protocol PCB bit level structure - * - * This structure holds the bit level information of PCB byte - * as per 7816-3 protocol - * - */ -typedef struct phNxpEseProto7816_PCB_bits { - uint8_t lsb :1; /*!< PCB: lsb */ - uint8_t bit2 :1; /*!< PCB: bit2 */ - uint8_t bit3 :1; /*!< PCB: bit3 */ - uint8_t bit4 :1; /*!< PCB: bit4 */ - uint8_t bit5 :1; /*!< PCB: bit5 */ - uint8_t bit6 :1; /*!< PCB: bit6 */ - uint8_t bit7 :1; /*!< PCB: bit7 */ - uint8_t msb :1; /*!< PCB: msb */ -}phNxpEseProto7816_PCB_bits_t; - -/*! - * \brief 7816_3 protocol stack instance - */ -//phNxpEseProto7816_t phNxpEseProto7816_3_Var; - -/*! - * \brief Max. size of the frame that can be sent - */ -#define IFSC_SIZE_SEND 254 -/*! - * \brief Delay to be used before sending the next frame, after error reported by ESE - */ -#define DELAY_ERROR_RECOVERY 3500 -/*! - * \brief 7816-3 protocol frame header length - */ -#if defined(T1oI2C_UM11225) - #define PH_PROTO_7816_HEADER_LEN 0x03 // LEN field is 1 byte -#elif defined(T1oI2C_GP1_0) - #define PH_PROTO_7816_HEADER_LEN 0x04 // LEN field is 2 byte -#endif -/*! - * \brief 7816-3 protocol frame CRC length - */ -#define PH_PROTO_7816_CRC_LEN 0x02 -/*! - * \brief 7816-3 Chaining flag bit for masking - */ -#define PH_PROTO_7816_CHAINING 0x20 -/*! - * \brief 7816-3 frame length offset - */ -#define PH_PROPTO_7816_FRAME_LENGTH_OFFSET 0x02 -/*! - * \brief 7816-3 S-block request command mask - */ -#define PH_PROTO_7816_S_BLOCK_REQ 0xC0 -/*! - * \brief 7816-3 S-block response mask - */ -#define PH_PROTO_7816_S_BLOCK_RSP 0xE0 -/*! - * \brief 7816-3 S-block reset command mask - */ -#define PH_PROTO_7816_S_RESET 0x0F -/*! - * \brief 7816-3 S-block End of APDU cmd mask - */ -#define PH_PROTO_7816_S_END_OF_APDU 0x05 -/*! - * \brief 7816-3 S-block WTX mask - */ -#define PH_PROTO_7816_S_WTX 0x03 -/*! - * \brief 7816-3 S-block re-sync mask - */ -#define PH_PROTO_7816_S_RESYNCH 0x00 -/*! - * \brief 7816-3 protocol max. error retry counter - */ -#define PH_PROTO_7816_FRAME_RETRY_COUNT 10 -/*! - * \brief 7816-3 protocol max. WTX default count - */ -#define PH_PROTO_WTX_DEFAULT_COUNT 500 -/*! - * \brief 7816-3 protocol max. timeout retry count - */ -#define PH_PROTO_7816_TIMEOUT_RETRY_COUNT 1 -/*! - * \brief 7816-3 to represent magic number zero - */ -#define PH_PROTO_7816_VALUE_ZERO 0x00 -/*! - * \brief 7816-3 to represent magic number one - */ -#define PH_PROTO_7816_VALUE_ONE 0x01 -/*! - * \brief 7816-3 for max retry for CRC error - */ -#define MAX_RNACK_RETRY_LIMIT 0x02 -/*! - * \brief 7816-3 S-block chip reset mask - */ -#if defined(T1oI2C_UM11225) -#define PH_PROTO_7816_S_CHIP_RST 0x06 -#elif defined(T1oI2C_GP1_0) -#define PH_PROTO_7816_S_COLD_RST 0x1E -#endif -/*! - * \brief 7816-3 S-block get atr mask - */ -#define PH_PROTO_7816_S_GET_ATR 0x07 -/*! - * \brief 7816-3 S-block software reset mask - */ -#define PH_PROTO_7816_S_SWR 0x0F -/*! - * \brief 7816-3 S-block release cmd mask - */ -#define PH_PROTO_7816_S_RELEASE 0x06 -/*! - * \brief 7816-3 S-block get CIP cmd mask - */ -#define PH_PROTO_7816_S_GET_CIP 0x04 - -/* T=1 protocol Block format for T1oI2C UM11225_SE050 - ___________________________________________________________________________________________________ -| Prologue Filed (Mandatory) | Information Field (Optional)| Epilogue Filed (Mandatory) | -|________________________________________|_____________________________|____________________________| -|NAD(1 byte) | PCB(1 byte) | LEN(1 byte) | INF(LEN bytes) | CRC(2 bytes) | | -|____________|_____________|_____________|_____________________________|____________________________| | -*/ - -/* T=1 protocol Block format for T1oI2C GP - ___________________________________________________________________________________________________ -| Prologue Filed (Mandatory) | Information Field (Optional)| Epilogue Filed (Mandatory) | -|________________________________________|_____________________________|____________________________| -|NAD(1 byte) | PCB(1 byte) | LEN(2 byte) | INF(LEN bytes) | CRC(2 bytes) | | -|____________|_____________|_____________|_____________________________|____________________________| | -*/ - -#define PH_PROPTO_7816_NAD_OFFSET 0 -#define PH_PROPTO_7816_PCB_OFFSET 1 -#define PH_PROPTO_7816_LEN_UPPER_OFFSET 2 -#define PH_PROPTO_7816_LEN_LOWER_OFFSET 3 /* for GP lower byte will be a part of T=1 protocol frame*/ -#define PH_PROPTO_7816_INF_BYTE_OFFSET (PH_PROTO_7816_HEADER_LEN) - - - -/*! - * \brief Start of frame marker - * \ communication Direction NAD value - * \ SE host to SE 0x5A - * \ SE to SE host 0xA5 - * \ eUICC host to Euicc 0x4B - * \ eUICC to eUICC host 0xB4 - */ -#define SEND_PACKET_SOF 0x5A -/*! - * \Retrieve Information Filed from 7816-3 T=1 protocol frame - * NAD -1 byte - * PCB -1 byte - * LEN -(1 or 3 bytes for UM11225_SE050) & (2 bytes for GP) - * CRC16 -2 bytes - */ -#define PH_PROTO_7816_INF_FILED (PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN) -/* - * APIs exposed from the 7816-3 protocol layer - */ - -#if defined(T1oI2C_UM11225) -bool_t phNxpEseProto7816_IntfReset(void* conn_ctx, phNxpEse_data *AtrRsp); -bool_t phNxpEseProto7816_GetAtr(void* conn_ctx, phNxpEse_data *pRsp); -bool_t phNxpEseProto7816_ChipReset(void* conn_ctx); -#endif -bool_t phNxpEseProto7816_Close(void* conn_ctx); -bool_t phNxpEseProto7816_Open(void* conn_ctx, phNxpEseProto7816InitParam_t initParam , phNxpEse_data *AtrRsp); -bool_t phNxpEseProto7816_Transceive(void* conn_ctx, phNxpEse_data *pCmd, phNxpEse_data *pRsp); -bool_t phNxpEseProto7816_Reset(void); -bool_t phNxpEseProto7816_SetIfscSize(uint16_t IFSC_Size); -bool_t phNxpEseProto7816_ResetProtoParams(void); -#if defined(T1oI2C_GP1_0) -bool_t phNxpEseProto7816_SoftReset(void* conn_ctx); -bool_t phNxpEseProto7816_GetCip(void* conn_ctx, phNxpEse_data *pRsp); -bool_t phNxpEseProto7816_ColdReset(void* conn_ctx); -#endif -uint8_t getMaxSupportedSendIFrameSize(void); -/** @} */ -#endif /* _PHNXPESEPROTO7816_3_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.h deleted file mode 100644 index 6b8e2025b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * - * \brief ESE Lib layer interface to application - * @{ */ - -#ifndef _PHNXPESE_API_H_ -#define _PHNXPESE_API_H_ - -#include -#include -#include -#include "smComT1oI2C.h" - -#include "phEseStatus.h" - -/** - * - * \brief Ese data buffer - * - */ -typedef struct phNxpEse_data -{ - uint32_t len; /*!< length of the buffer */ - uint8_t *p_data; /*!< pointer to a buffer */ -} phNxpEse_data; - - -/** - * - * \brief Ese library init parameters to be set while calling phNxpEse_init - * - */ -typedef struct phNxpEse_initParams -{ - phNxpEse_initMode initMode; /*!< Ese communication mode */ -} phNxpEse_initParams; - - -ESESTATUS phNxpEse_init(void *conn_ctx, phNxpEse_initParams initParams, phNxpEse_data *AtrRsp); -ESESTATUS phNxpEse_open(void **conn_ctx, phNxpEse_initParams initParams, const char *pConnString); -ESESTATUS phNxpEse_Transceive(void* conn_ctx, phNxpEse_data *pCmd, phNxpEse_data *pRsp); -ESESTATUS phNxpEse_deInit(void* conn_ctx); -ESESTATUS phNxpEse_close(void* conn_ctx); -ESESTATUS phNxpEse_reset(void* conn_ctx); -ESESTATUS phNxpEse_chipReset(void* conn_ctx); -ESESTATUS phNxpEse_setIfsc(uint16_t IFSC_Size); -ESESTATUS phNxpEse_EndOfApdu(void* conn_ctx); -void* phNxpEse_memset(void *buff, int val, size_t len); -void* phNxpEse_memcpy(void *dest, const void *src, size_t len); -void *phNxpEse_memalloc(uint32_t size); -void phNxpEse_free(void* ptr); -ESESTATUS phNxpEse_getAtr(void* conn_ctx, phNxpEse_data *pRsp); -ESESTATUS phNxpEse_getCip(void* conn_ctx, phNxpEse_data *pRsp); -/** @} */ -#endif /* _PHNXPESE_API_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Internal.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Internal.h deleted file mode 100644 index cea3c0c4b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Internal.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef _PHNXPESE_INTERNAL_H_ -#define _PHNXPESE_INTERNAL_H_ - -#include -#include - -#ifdef T1oI2C_UM1225_SE050 -/* MW version 02.13.00 onwards */ -# error Do not define T1oI2C_UM1225_SE050, define T1oI2C_UM11225 instead. -#endif - -/********************* Definitions and structures *****************************/ - -typedef enum -{ - ESE_STATUS_CLOSE = 0x00, - ESE_STATUS_BUSY, - ESE_STATUS_RECOVERY, - ESE_STATUS_IDLE, - ESE_STATUS_OPEN, -} phNxpEse_LibStatus; - -/* I2C Control structure */ -typedef struct phNxpEse_Context -{ - phNxpEse_LibStatus EseLibStatus; /* Indicate if Ese Lib is open or closed */ - void *pDevHandle; - - uint8_t p_read_buff[MAX_DATA_LEN]; - uint16_t cmd_len; - uint8_t p_cmd_data[MAX_DATA_LEN]; - phNxpEse_initParams initParams; -} phNxpEse_Context_t; - - -ESESTATUS phNxpEse_WriteFrame(void* conn_ctx, uint32_t data_len, const uint8_t *p_data); -ESESTATUS phNxpEse_read(void* conn_ctx, uint32_t *data_len, uint8_t **pp_data); -void phNxpEse_clearReadBuffer(void* conn_ctx); - -#endif /* _PHNXPESE_INTERNAL_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/apduComm.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/apduComm.h deleted file mode 100644 index b87c5d400..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/apduComm.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * - * Copyright 2016 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef _APDUCOMM_H_ -#define _APDUCOMM_H_ - -#include "sm_types.h" -/// @cond -#define APDU_OFFSET_CLA (0) -#define APDU_OFFSET_INS (1) -#define APDU_OFFSET_P1 (2) -#define APDU_OFFSET_P2 (3) -/// @endcond -#define APDU_OFFSET_LC (4) //!< Zero index based offset into the APDU of the LC field. - -/** - * Contains APDU exchanged between Host and Secure Modulde. - */ -typedef struct -{ - U8 cla; - U8 ins; - U8 p1; - U8 p2; - U8* pBuf; - U16 buflen; - U16 rxlen; - U8 extendedLength; - U8 hasData; - U16 lc; - U8 lcLength; - U8 hasLe; - U16 le; - U8 leLength; - U16 offset; - -#ifdef TGT_A71CL - U8 txHasChkSum; - U16 txChkSum; - U16 txChkSumLength; - U8 rxHasChkSum; - U16 rxChkSum; - U16 rxChkSumLength; -#endif - -} apdu_t; - -/** - * Contains APDU TxRx case as described in ISO/IEC FDIS 7816-3 spec. - */ -typedef enum -{ - APDU_TXRX_CASE_1 = 0x00, - APDU_TXRX_CASE_2 = 0x01, - APDU_TXRX_CASE_2E = 0x02, - APDU_TXRX_CASE_3 = 0x03, - APDU_TXRX_CASE_3E = 0x04, - APDU_TXRX_CASE_4 = 0x05, - APDU_TXRX_CASE_4E = 0x06, - APDU_TXRX_CASE_INVALID = 0xFF, -} apduTxRx_case_t; -#endif //_APDUCOMM_H_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.h deleted file mode 100644 index 797d5b1a0..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * - * Copyright 2016-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * @par Description - * Interface of installable communication layer to exchange APDU's between Host and Secure Module. - */ - -#ifndef _SCCOM_H_ -#define _SCCOM_H_ - -#include "sm_types.h" -#include "apduComm.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define SMCOM_OK 0x9000 //!< Communication successful -#define SMCOM_SND_FAILED 0x7010 //!< Communication failed while sending data -#define SMCOM_RCV_FAILED 0x7011 //!< Communication failed while receiving data -#define SMCOM_COM_FAILED 0x7012 //!< Cannot open communication link with ax device -#define SMCOM_PROTOCOL_FAILED 0x7013 //!< APDU exchange protocol failed to be established successfully -#define SMCOM_NO_ATR 0x7014 //!< No ATR can be retrieved -#define SMCOM_NO_PRIOR_INIT 0x7015 //!< The callbacks doing the actual transfer have not been installed -#define SMCOM_COM_ALREADY_OPEN 0x7016 //!< Communication link is already open with device -#define SMCOM_COM_INIT_FAILED 0x7017 //!< Communication init failed - - -/* ------------------------------------------------------------------------- */ -typedef U32 (*ApduTransceiveFunction_t) (void* conn_ctx, apdu_t * pAdpu); -typedef U32 (*ApduTransceiveRawFunction_t) (void* conn_ctx, U8 * pTx, U16 txLen, U8 * pRx, U32 * pRxLen); - -U16 smCom_Init(ApduTransceiveFunction_t pTransceive, ApduTransceiveRawFunction_t pTransceiveRaw); -void smCom_DeInit(void); -U32 smCom_Transceive(void *conn_ctx, apdu_t *pApdu); -U32 smCom_TransceiveRaw(void *conn_ctx, U8 *pTx, U16 txLen, U8 *pRx, U32 *pRxLen); - -#if defined(SMCOM_JRCP_V2) -void smCom_Echo(void *conn_ctx, const char *comp, const char *level, const char *buffer); -#endif - -#ifdef __cplusplus -} -#endif -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.h deleted file mode 100644 index 6def7131b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * @par Description - * This file provides the API of the SmCom T1oI2C communication layer. - * - *****************************************************************************/ - -#ifndef _SMCOMT1OI2C_H_ -#define _SMCOMT1OI2C_H_ - -#include "smCom.h" - -/** - * \ingroup spi_libese - * \brief Ese Channel mode - * - */ -typedef enum -{ - ESE_MODE_NORMAL = 0, /*!< All wired transaction other OSU */ - ESE_MODE_OSU /*!< Jcop Os update mode */ -} phNxpEse_initMode; - -#if defined(__cplusplus) -extern "C" { -#endif - -/** - * closes the T=1 o I2C communication layer. - * @param conn_ctx connection context - * @param mode Ese Communication mode either - * ESE_MODE_NORMAL: All wired transaction other OSU or - * ESE_MODE_OSU :Jcop Os update mode - * @return - */ -U16 smComT1oI2C_Close(void *conn_ctx, U8 mode); - -/** - * @param conn_ctx connection context - * Reset the T=1 o protocol instance. - * @return - */ -U16 smComT1oI2C_ComReset(void *conn_ctx); - -/** - * Initializes or resumes the T=1 o I2C communication layer. - * @param conn_ctx IN: connection context - * @param mode Ese Communication mode either ESE_MODE_NORMAL: All wired transaction other OSU or ESE_MODE_OSU :Jcop Os update mode - * @param T1oI2Catr IN: Pointer to buffer to contain SCI2C_ATR value - * @param T1oI2CatrLen IN: Size of buffer provided; OUT: Actual length of atr retrieved - * @return - */ -U16 smComT1oI2C_Open(void *conn_ctx, U8 mode, U8 seqCnt, U8 *T1oI2Catr, U16 *T1oI2CatrLen); - -/** -* Open I2C device. -* @param conn_ctx IN: pointer connection context -* @param pConnParam IN: I2C address -* @return -*/ -U16 smComT1oI2C_Init(void **conn_ctx, const char *pConnString); - -#if defined(__cplusplus) -} -#endif -#endif /* _SMCOMT1OI2C_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/i2c_a7.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/i2c_a7.h deleted file mode 100644 index dc1b72086..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/i2c_a7.h +++ /dev/null @@ -1,160 +0,0 @@ -/* - * - * Copyright 2017-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * @par Description - * - * I2C API used by SCI2C & T=1 over I2C protocol implementation. - * - * - SCIIC / SCI2C is the protocol used by A71CH / A71CL family of secure elements. - * - * - T=1 over I2C is the protocol used by SE050 family of secure elements. - * - * - T=1 over I2C with GP is the protocol used by other secure elements. - * - * These APIs are to be implemented when porting the Middleware stack to a new - * host platform. - * - * @note Few APIs are only required for the SCI2C protocol and few are only - * needed for T=1 over I2C Protocol. They are marked by the defines - * ``SCI2C`` , ``T1oI2C`` and ``T1oI2C_GP1_0`` - * - * # Convention of the APIs. - * - * - * APIs for which a buffer is input. e.g.:: - * - * i2c_error_t axI2CWrite(unsigned char bus, unsigned char addr, - * unsigned char * pTx, unsigned short txLen); - * - * - * In the above case :samp:`pTx` is a buffer input. It is assumed that - * the lengh as set in :samp:`txLen` is same as that pointed to by - * :samp:`pTx`. This parameter is used as is and any mistake by the - * calling/implemented API will have unpredictable errors. - * - * - * APIs for which a buffer is output. e.g.:: - * - * i2c_error_t axI2CWriteRead(unsigned char bus, - * unsigned char addr, - * unsigned char *pTx, - * unsigned short txLen, - * unsigned char *pRx, - * unsigned short *pRxLen); - * - * - * In the above case :samp:`pRx` is a buffer output and :samp:`pRxLen` - * is both input and output. It is assumed that the lengh as set in - * :samp:`pRxLen` is set to the maximum as available to the pointer - * pointed by :samp:`pRx`. This parameter is used as is and any mistake - * by the calling/implemented API will have unpredictable errors. - * - * @par History - * - **/ - -#ifndef _I2C_A7_H -#define _I2C_A7_H - -#include "sm_types.h" - -#define SCI2C_T_CMDG 180 //!< Minimum delay between stop of Wakeup command and start of subsequent command (Value in micro seconds) - -#define I2C_IDLE 0 -#define I2C_STARTED 1 -#define I2C_RESTARTED 2 -#define I2C_REPEATED_START 3 -#define DATA_ACK 4 -#define DATA_NACK 5 -#define I2C_BUSY 6 -#define I2C_NO_DATA 7 -#define I2C_NACK_ON_ADDRESS 8 -#define I2C_NACK_ON_DATA 9 -#define I2C_ARBITRATION_LOST 10 -#define I2C_TIME_OUT 11 -#define I2C_OK 12 -#define I2C_FAILED 13 - -typedef unsigned int i2c_error_t; -#define I2C_BUS_0 (0) - -#if defined(__cplusplus) -extern "C"{ -#endif -/** Initialize the I2C platform HW/Driver*/ - -/* MAX data supported by respective protocol in single read/write*/ -#if defined(SCI2C) -#define MAX_DATA_LEN 270 -#elif defined(T1oI2C) -#define MAX_DATA_LEN 260 -#endif - - -i2c_error_t axI2CInit(void **conn_ctx, const char *pDevName); - -/** Terminate / de-initialize the I2C platform HW/Driver - * - * - * @param[in] connection context. - * @param[in] mode Can be either 0 or 1. - * - * Where applicable, and implemented a value of 0 corresponds - * to a 'light-weight' terminate. - * - * In genral, this is not used for most of the porting - * platforms and use cases. - * - * - */ -void axI2CTerm(void* conn_ctx, int mode); - -#if AX_EMBEDDED -/** Smarter handling of back off logic - * - * When we get a NAK from SE, we back off and keep on increasing the delay for next I2C Read/Write. - * - * When we get an ACK from SE, we reset this back off delay. - */ -void axI2CResetBackoffDelay( void ); -#endif /* FREEDOM */ - -#if defined(SCI2C) /* Means SCI2C SCIIC */ -/** Write a byte. - * - * Needed only for SCI2C */ -i2c_error_t axI2CWriteByte(void* conn_ctx, unsigned char bus, unsigned char addr, unsigned char * pTx); -/** Write and read only after an ACK. - * - * Needed only for SCI2C */ -i2c_error_t axI2CWriteRead(void* conn_ctx, - unsigned char bus, - unsigned char addr, - unsigned char *pTx, - unsigned short txLen, - unsigned char *pRx, - unsigned short *pRxLen); -#endif - -#if defined(SCI2C) /* Means SCI2C SCIIC */ || defined(T1oI2C) -/** Write a frame. - * - * Needed for SCI2C and T=1 over I2C */ -i2c_error_t axI2CWrite(void* conn_ctx, unsigned char bus, unsigned char addr, unsigned char * pTx, unsigned short txLen); -#endif - -#ifdef T1oI2C -/** Read a byte. - * - * Needed only for T=1 over I2C */ -i2c_error_t axI2CRead(void* conn_ctx, unsigned char bus, unsigned char addr, unsigned char * pRx, unsigned short rxLen); -#endif /* T1oI2C */ -#if defined(__cplusplus) -} -#endif - -#endif // _I2C_A7_H diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/se05x_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/se05x_apis.h deleted file mode 100644 index 1c1da67dd..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/se05x_apis.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - * - * Copyright 2018-2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef _SE05X_API_H -#define _SE05X_API_H - -/* - * Define Reset logic for reset pin on SE - * Active high for SE050 - */ -#define SE_RESET_LOGIC 1 - -void se05x_ic_reset(void); -void se05x_ic_power_on(void); -void se05x_ic_power_off(void); - -#endif // _SE05X_API_H diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_printf.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_printf.h deleted file mode 100644 index eabfb652a..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_printf.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * - * Copyright 2016-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef _SM_PRINTF_H_ -#define _SM_PRINTF_H_ -#include -#include -#include "sm_types.h" -#ifdef __cplusplus -extern "C" { -#endif - - -#if AX_EMBEDDED \ - && (!defined (__MBED__)) -# include "fsl_debug_console.h" -#else -# define PRINTF printf -# define SCANF scanf -# define PUTCHAR putchar -# define GETCHAR getchar -#endif - -#define CONSOLE (0x01) -#define MEMORY (0x02) -#define LOGFILE (0x04) -#define DBGOUT_ALL (CONSOLE|MEMORY|LOGFILE) - -#define DBGOUT CONSOLE - -void sm_printf(unsigned char dev, const char * format, ...); -void AssertZeroAllocation(void); - -#ifdef __cplusplus -} -#endif -#endif // _SM_PRINTF_H_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_timer.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_timer.h deleted file mode 100644 index 72c351264..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_timer.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * - * Copyright 2016 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef _SM_TIMER_H_ -#define _SM_TIMER_H_ - -#include -#ifdef __gnu_linux__ -#include -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* Change this value to tick rate used by the controller */ -#define TICK_RATE_HZ 1000 -#define MS_TO_TICKS(msec) (( (msec) * (TICK_RATE_HZ) ) / (1000)) - -/* function used for delay loops */ -uint32_t sm_initSleep(void); -void sm_sleep(uint32_t msec); -void sm_usleep(uint32_t microsec); - -#ifdef __cplusplus -} -#endif -#endif // _SM_TIMER_H_ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_apis.h deleted file mode 100644 index 02ce2e318..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_apis.h +++ /dev/null @@ -1,1207 +0,0 @@ -/* - * - * Copyright 2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#if SSS_HAVE_SE05X_VER_GTE_06_00 -/* OK */ -#else -#error "Only with SE051 based build" -#endif - -/** Se05x_API_AeadOneShot - * - * Authenticated encryption or decryption with associated data in one shot mode. - * - * The key object must be either an AES key or DES key. - * - * The AEADOneShot command returns the computed GMAC (when P2 equals - * P2_ENCRYPT_ONESHOT) or indicates whether the GMAC is correct (when P2 equals - * P2_DECRYPT_ONESHOT). The length of the GMAC is always 16 bytes when P2 equals - * P2_ENCRYPT_ONESHOT. - * - * When P2 equals P2_DECRYPT_ONESHOT: - * - * * the minimum tag length to pass is 4 bytes. - * - * * when the GMAC tag is not correct, only the result will be returned, no output data will be present. - * - * Note: on applet v4.4.0, the maximum lengths are not yet enforced and might - * differ from the values listed in the C-APDU. - * - * # Command to Applet - * - * @rst - * +---------+---------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+===========================+================================================+ - * | CLA | 0x80 | | - * +---------+---------------------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+---------------------------+------------------------------------------------+ - * | P1 | P1_AEAD or P1_AEAD_INT_IV | See :cpp:type:`SE05x_P1_t` | - * +---------+---------------------------+------------------------------------------------+ - * | P2 | P2_ENCRYPT_ONESHOT or | See :cpp:type:`SE05x_P2_t` | - * | | P2_DECRYPT_ONESHOT | | - * +---------+---------------------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+---------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the AESKey Secure object. | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 1-byte AEADMode | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing input data. Maximum | - * | | | length = 256 bytes. [Optional] | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_4] | Byte array containing Additional Authenticated | - * | | | Data. Maximum length = 64 bytes. [Optional] | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_5] | Byte array containing an initialization vector | - * | | | (if P1 equals P1_AEAD) or 2-byte value | - * | | | containing the initialization vector length | - * | | | (if P1 equals P1_AEAD_SP800_108). Maximum IV | - * | | | length = 60 bytes. [Optional] | - * | | | [Conditional: required when P1 equals | - * | | | P1_AEAD_INT_IV] | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_6] | Byte array containing the GMAC tag to verify. | - * | | | [Conditional: when P2 equals | - * | | | P2_DECRYPT_ONESHOT] | - * +---------+---------------------------+------------------------------------------------+ - * | Le | 0x00 | Expecting return data. | - * +---------+---------------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------------------------+ - * | Value | Description | - * +============+==============================================+ - * | TLV[TAG_1] | Byte array containing output data. | - * +------------+----------------------------------------------+ - * | TLV[TAG_2] | Byte array containing tag (if P2 = | - * | | P2_ENCRYPT_ONESHOT) or byte array containing | - * | | Result (if P2 = P2_DECRYPT_ONESHOT) | - * +------------+----------------------------------------------+ - * | TLV[TAG_3] | Byte array containing the initialization | - * | | vector (if P1 = P1_AEAD_INT_IV and P2 = | - * | | P2_ENCRYPT_ONESHOT). | - * +------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] cipherMode The cipher mode - * @param[in] inputData The input data - * @param[in] inputDataLen The input data length - * @param[in] aad The aad - * @param[in] aadLen The aad length - * @param[in] IV The iv - * @param[in] IVLen The iv length - * @param tagData The tag data - * @param tagDataLen The tag data length - * @param outputData The output data - * @param poutputDataLen The poutput data length - * @param[in] operation The operation - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadOneShot(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CipherMode_t cipherMode, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *IV, - size_t IVLen, - uint8_t *tagData, - size_t *tagDataLen, - uint8_t *outputData, - size_t *poutputDataLen, - const SE05x_Cipher_Oper_OneShot_t operation); - -/** Se05x_API_AeadInit - * - * Initialize an authentication encryption or decryption with associated data. - * The Crypto Object keeps the state of the AEAD operation until it's finalized - * or deleted. Once the AEADFinal function is executed successfully, the Crypto - * Object state returns to the state immediately after the previous AEADInit - * function. - * - * When P1 equals P1_AEAD_INT_IV and P2 equals P1_ENCRYPT, TLV[TAG_5] must - * includes the length of the initialization vector. In that case, the - * initialization vector is generated internally and passed back in the response - * command. When the device is in FIPS mode (see FIPS Compliance), P1 equal to - * P1_AEAD will result in SW_CONDITIONS_NOT_SATISFIED. - * - * # Command to Applet - * - * @rst - * +---------+---------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+===========================+================================================+ - * | CLA | 0x80 | | - * +---------+---------------------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+---------------------------+------------------------------------------------+ - * | P1 | P1_AEAD or P1_AEAD_INT_IV | See :cpp:type:`SE05x_P1_t` | - * +---------+---------------------------+------------------------------------------------+ - * | P2 | P2_ENCRYPT or P2_DECRYPT | See :cpp:type:`SE05x_P2_t` | - * +---------+---------------------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+---------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the AESKey Secure object. | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +---------+---------------------------+------------------------------------------------+ - * | | TLV[TAG_5] | Byte array containing the initialization | - * | | | vector (if P1 equals P1_AEAD or P1 equals | - * | | | P1_AEAD and P2 equals P2_DECRYPT) or 2-byte | - * | | | value containing the initialization vector | - * | | | length (if P1 equals P1_AEAD_INT_IV and P2 | - * | | | equals P2_ENCRYPT) [Optional] | - * | | | [Conditional: required when P1 equals | - * | | | P1_AEAD_INT_IV and P2 equals P2_ENCRYPT] | - * +---------+---------------------------+------------------------------------------------+ - * | Le | - | | - * +---------+---------------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------------------------+ - * | Value | Description | - * +============+===============================================+ - * | TLV[TAG_3] | Byte array containing the used initialization | - * | | vector. It remains valid until deselect, | - * | | AEADInit, AEADFinal or AEADOneShot is called. | - * | | [Conditional: Only when P1 equals | - * | | P1_AEAD_INT_IV and P2 equals P2_ENCRYPT] | - * +------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] cryptoObjectID The crypto object id - * @param[in] pIV { parameter_description } - * @param[in] IVLen The iv length - * @param[in] operation The operation - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CipherMode_t cipherMode, - SE05x_CryptoObjectID_t cryptoObjectID, - uint8_t *pIV, - size_t IVLen, - const SE05x_Cipher_Oper_t operation); - -/** Se05x_API_AeadCCMInit - * - * Initialize an authentication encryption or decryption with associated data. - * The Crypto Object keeps the state of the AEAD operation until it's finalized - * or deleted. Once the AEADFinal function is executed successfully, the Crypto - * Object state returns to the state immediately after the previous AEADInit - * function.AEAD in CCM mode. - * - * # Command to Applet - * - * @rst - * +---------+--------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+==========================+================================================+ - * | CLA | 0x80 | | - * +---------+--------------------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+--------------------------+------------------------------------------------+ - * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | - * +---------+--------------------------+------------------------------------------------+ - * | P2 | P2_ENCRYPT or P2_DECRYPT | See :cpp:type:`SE05x_P2_t` | - * +---------+--------------------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+--------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the AESKey Secure object. | - * +---------+--------------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +---------+--------------------------+------------------------------------------------+ - * | | TLV[TAG_5] | Byte array containing the initialization | - * | | | vector [12 bytes until 60 bytes] or a 2-byte | - * | | | value containing the initialization vector | - * | | | length, depending on the AEADMode of the | - * | | | Crypto Object. | - * +---------+--------------------------+------------------------------------------------+ - * | | TLV[TAG_6] | Byte array containing 2-byte AAD length. | - * | | | [Conditional: needed if AEADMode equals | - * | | | AES_CCM] | - * +---------+--------------------------+------------------------------------------------+ - * | | TLV[TAG_7] | Byte array containing 2-byte message length. | - * | | | [Conditional: needed if AEADMode equals | - * | | | AES_CCM] | - * +---------+--------------------------+------------------------------------------------+ - * | | TLV[TAG_8] | Byte array containing 2-byte tag size. | - * | | | [Conditional: needed if AEADMode equals | - * | | | AES_CCM]. | - * +---------+--------------------------+------------------------------------------------+ - * | Le | - | | - * +---------+--------------------------+------------------------------------------------+ - * @endrst - * - * - * # R-APDU Body - * NA - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] cryptoObjectID The crypto object id - * @param[in] pIV { parameter_description } - * @param[in] IVLen The iv length - * @param[in] aadLen The aad length - * @param[in] payloadLen The payloadLen length - * @param[in] tagLen The tag length - * @param[in] operation The operation - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadCCMInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *pIV, - size_t IVLen, - size_t aadLen, - size_t payloadLen, - size_t tagLen, - const SE05x_Cipher_Oper_t operation); - -/** - * @brief Se05x_API_AeadCCMLastUpdate - * - * # Command to Applet - * - * @rst - * +------------+---------------+------------------------------------------------+ - * | Field | Value | Description | - * +============+===============+================================================+ - * | CLA | 0x80 | | - * +------------+---------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+---------------+------------------------------------------------+ - * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | - * +------------+---------------+------------------------------------------------+ - * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | - * +------------+---------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +------------+---------------+------------------------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+---------------+------------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing input data | - * | | | [Conditional: only when | - * | | | TLV[TAG_4] is not present] | - * | | | [Optional] | - * +------------+---------------+------------------------------------------------+ - * | Le | 0x00 | Expecting returned data. | - * +------------+---------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * NA - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * - * - * @param[in] session_ctx The session context - * @param[in] cryptoObjectID The crypto object id - * @param[in] pInputData The input data - * @param[in] inputDataLen The input data length - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadCCMLastUpdate( - pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *pInputData, size_t inputDataLen); - -/** Se05x_API_AeadCCMFinal - * - * Finish a sequence of AES_CCM AEAD operations. - * - * # Command to Applet - * - * @rst - * +------------+----------------------------------+---------------------------------+ - * | Field | Value | Description | - * +============+==================================+=================================+ - * | CLA | 0x80 | | - * +------------+----------------------------------+---------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+----------------------------------+---------------------------------+ - * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | - * +------------+----------------------------------+---------------------------------+ - * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | - * +------------+----------------------------------+---------------------------------+ - * | Lc | #(Payload) | | - * +------------+----------------------------------+---------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+----------------------------------+---------------------------------+ - * | TLV[TAG_6] | Byte array containing tag to | | - * | | verify [Conditional] When the | | - * | | mode is decrypt and verify (i.e. | | - * | | AEADInit has been called with | | - * | | P2 = P2_DECRYPT). | | - * +------------+----------------------------------+---------------------------------+ - * | Le | 0x00 | Expected returned data. | - * +------------+----------------------------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_1] | Output data | - * | | | - * +------------+------------------------------------------------+ - * | TLV[TAG_2] | Byte array containing tag (if P2 = P2_ENCRYPT) | - * | | or byte array containing Result (if P2 = | - * | | P2_DECRYPT) | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] cryptoObjectID The crypto object id - * @param[out] pOutputData The output data - * @param[out] pOutputLen The output length - * @param tag The tag - * @param tagLen The tag length - * @param[in] operation The operation - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadCCMFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - uint8_t *pOutputData, - size_t *pOutputLen, - uint8_t *pTag, - size_t *pTagLen, - const SE05x_Cipher_Oper_t operation); - -/** Se05x_API_AeadUpdate_aad - * - * Update a Crypto Object of type CC_AEAD. - * - * The user either needs to send input data or Additional Authenticated Data - * (AAD), but not both at once. - * - * # Command to Applet - * - * @rst - * +------------+----------------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +============+==================================+================================================+ - * | CLA | 0x80 | | - * +------------+----------------------------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+----------------------------------+------------------------------------------------+ - * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | - * +------------+----------------------------------+------------------------------------------------+ - * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | - * +------------+----------------------------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +------------+----------------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+----------------------------------+------------------------------------------------+ - * | | TLV[TAG_4] | Byte array containing Additional Authenticated | - * | | | Data. [Conditional: only when TLV[TAG_3] is | - * | | | not present] [Optional] | - * +------------+----------------------------------+------------------------------------------------+ - * | Le | 0x00 | Expecting returned data. | - * +------------+----------------------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] cryptoObjectID The crypto object id - * @param[in] pAadData The aad data - * @param[in] aadDataLen The aad data length - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadUpdate_aad( - pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *pAadData, size_t aadDataLen); - -/** - * @brief Se05x_API_AeadUpdate - * - * # Command to Applet - * - * @rst - * +------------+---------------+------------------------------------------------+ - * | Field | Value | Description | - * +============+===============+================================================+ - * | CLA | 0x80 | | - * +------------+---------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+---------------+------------------------------------------------+ - * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | - * +------------+---------------+------------------------------------------------+ - * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | - * +------------+---------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +------------+---------------+------------------------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+---------------+------------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing input data | - * | | | [Conditional: only when | - * | | | TLV[TAG_4] is not present] | - * | | | [Optional] | - * +------------+---------------+------------------------------------------------+ - * | Le | 0x00 | Expecting returned data. | - * +------------+---------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+---------------------------------------+ - * | Value | Description | - * +============+=======================================+ - * | TLV[TAG_1] | Output data [Conditional: only when | - * | | TLV[TAG_3] is passed as input] | - * +------------+---------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * - * - * @param[in] session_ctx The session context - * @param[in] cryptoObjectID The crypto object id - * @param[in] pInputData The input data - * @param[in] inputDataLen The input data length - * @param pOutputData The output data - * @param pOutputLen The output length - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadUpdate(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *pInputData, - size_t inputDataLen, - uint8_t *pOutputData, - size_t *pOutputLen); - -/** Se05x_API_AeadFinal - * - * Finish a sequence of AEAD operations. The AEADFinal command provides the - * computed GMAC or indicates whether the GMAC is correct depending on the P2 - * parameters passed during AEADInit. The length of the GMAC is always 16 bytes - * when P2 equals P2_ENCRYPT. When P2 equals P2_DECRYPT, the minimum tag length - * to pass is 4 bytes. - * - * # Command to Applet - * - * @rst - * +------------+----------------------------------+---------------------------------+ - * | Field | Value | Description | - * +============+==================================+=================================+ - * | CLA | 0x80 | | - * +------------+----------------------------------+---------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+----------------------------------+---------------------------------+ - * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | - * +------------+----------------------------------+---------------------------------+ - * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | - * +------------+----------------------------------+---------------------------------+ - * | Lc | #(Payload) | | - * +------------+----------------------------------+---------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+----------------------------------+---------------------------------+ - * | TLV[TAG_6] | Byte array containing tag to | | - * | | verify [Conditional] When the | | - * | | mode is decrypt and verify (i.e. | | - * | | AEADInit has been called with | | - * | | P2 = P2_DECRYPT). | | - * +------------+----------------------------------+---------------------------------+ - * | Le | 0x00 | Expected returned data. | - * +------------+----------------------------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_2] | Byte array containing tag (if P2 = P2_ENCRYPT) | - * | | or byte array containing Result (if P2 = | - * | | P2_DECRYPT) | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] cryptoObjectID The crypto object id - * @param tag The tag - * @param tagLen The tag length - * @param[in] operation The operation - * - * @return The sm status. - */ -smStatus_t Se05x_API_AeadFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - uint8_t *tag, - size_t *tagLen, - const SE05x_Cipher_Oper_t operation); - -/** Se05x_API_DisableObjCreation - * - * - * # Command to Applet - * - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] lockIndicator [1:kSE05x_TAG_1] - * @param[in] restrictMode [2:kSE05x_TAG_2] - */ -smStatus_t Se05x_API_DisableObjCreation( - pSe05xSession_t session_ctx, SE05x_LockIndicator_t lockIndicator, SE05x_RestrictMode_t restrictMode); - -/** Se05x_API_ReadObjectAttributes - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[out] data [0:kSE05x_TAG_2] - * @param[in,out] pdataLen Length for data - */ -smStatus_t Se05x_API_ReadObjectAttributes( - pSe05xSession_t session_ctx, uint32_t objectID, uint8_t *data, size_t *pdataLen); - -/** Se05x_API_TriggerSelfTest - * - * Trigger a system health check for the system. When calling this command, a self-test is - * triggered in the operating system. When the test fails, the device might not respond with - * a R-APDU as the chip is reset. - * If HealthCheckMode is set to HCM_FIPS, the test will only work if the device is running in - * FIPS approved mode of operation. - * - * # Command to Applet - * - * - * @rst - * +------------+---------------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +============+=================================+================================================+ - * | CLA | 0x80 | | - * +------------+---------------------------------+------------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t`. In addition to | - * | | | INS_CRYPTO, users can set the INS_ATTEST | - * | | | flag. In that case, attestation applies. | - * +------------+---------------------------------+------------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +------------+---------------------------------+------------------------------------------------+ - * | P2 | P2_SANITY | See :cpp:type:`SE05x_P2_t` | - * +------------+---------------------------------+------------------------------------------------+ - * | Lc | #(Payload) | Payload length | - * +------------+---------------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_1] | 2-byte value from HealthCheckMode | - * +------------+---------------------------------+------------------------------------------------+ - * | Le | 0x00 | 2-byte response + attested data (if INS_ATTEST | - * | | | is set). | - * +------------+---------------------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_1] | TLV containing 1-byte Result. | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] HealthCheckMode The health check mode - * @param result The result of Self Test - * - * @return The sm status. - */ - -smStatus_t Se05x_API_TriggerSelfTest( - pSe05xSession_t session_ctx, SE05x_HealthCheckMode_t healthCheckMode, uint8_t *result); - -/** Se05x_API_TriggerSelfTest_W_Attst - * - * Trigger a system health check for the system. When calling this command, a self-test is - * triggered in the operating system. When the test fails, the device might not respond with - * a R-APDU as the chip is reset. - * If HealthCheckMode is set to HCM_FIPS, the test will only work if the device is running in - * FIPS approved mode of operation. - * - * # Command to Applet - * - * - * @rst - * +------------+---------------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +============+=================================+================================================+ - * | CLA | 0x80 | | - * +------------+---------------------------------+------------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t`. In addition to | - * | | | INS_CRYPTO, users can set the INS_ATTEST | - * | | | flag. In that case, attestation applies. | - * +------------+---------------------------------+------------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +------------+---------------------------------+------------------------------------------------+ - * | P2 | P2_SANITY | See :cpp:type:`SE05x_P2_t` | - * +------------+---------------------------------+------------------------------------------------+ - * | Lc | #(Payload) | Payload length | - * +------------+---------------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_1] | 2-byte value from HealthCheckMode | - * +------------+---------------------------------+------------------------------------------------+ - * | TLV[TAG_5] | 4-byte attestation object | | - * | | identifier. [Optional] | | - * | | [Conditional: only when | | - * | | INS_ATTEST is set] | | - * +------------+---------------------------------+------------------------------------------------+ - * | TLV[TAG_6] | 1-byte AttestationAlgo | | - * | | [Optional] [Conditional: only | | - * | | when INS_ATTEST is set] | | - * +------------+---------------------------------+------------------------------------------------+ - * | TLV[TAG_7] | 16-byte freshness random | | - * | | [Optional] [Conditional: only | | - * | | when INS_ATTEST is set] | | - * +------------+---------------------------------+------------------------------------------------+ - * | Le | 0x00 | 2-byte response + attested data (if INS_ATTEST | - * | | | is set). | - * +------------+---------------------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_1] | TLV containing 1-byte Result. | - * +------------+------------------------------------------------+ - * | TLV[TAG_3] | TLV containing 12-byte timestamp | - * | | [Conditional: only when C-APDU contains | - * | | INS_ATTEST] | - * +------------+------------------------------------------------+ - * | TLV[TAG_4] | TLV containing 16-byte freshness (random) | - * | | [Conditional: only when C-APDU contains | - * | | INS_ATTEST] | - * +------------+------------------------------------------------+ - * | TLV[TAG_5] | TLV containing 18-byte chip unique ID | - * | | [Conditional: only when C-APDU contains | - * | | INS_ATTEST] | - * +------------+------------------------------------------------+ - * | TLV[TAG_6] | TLV containing signature over the concatenated | - * | | values of TLV[TAG_1], TLV[TAG_3], TLV[TAG_4] | - * | | and TLV[TAG_5]. [Conditional: only when | - * | | C-APDU contains INS_ATTEST] | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] HealthCheckMode The health check mode - * @param[in] attestID The attest id - * @param[in] attestAlgo The attest algorithm - * @param[in] random The random - * @param[in] randomLen The random length - * @param result The result of Self Test - * @param ptimeStamp The ptime stamp - * @param outrandom The outrandom - * @param poutrandomLen The poutrandom length - * @param chipId The chip identifier - * @param pchipIdLen The pchip identifier length - * @param signature The signature - * @param psignatureLen The psignature length - * - * @return The sm status. - */ -smStatus_t Se05x_API_TriggerSelfTest_W_Attst(pSe05xSession_t session_ctx, - SE05x_HealthCheckMode_t healthCheckMode, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *result, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_ECDHGenerateSharedSecret_InObject - * - * See @ref Se05x_API_ECDHGenerateSharedSecret - * - */ -smStatus_t Se05x_API_ECDHGenerateSharedSecret_InObject(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *pubKey, - size_t pubKeyLen, - uint32_t sharedSecretID, - uint8_t invertEndianness); - -/* -* @param[in] session_ctx Session Context[0:kSE05x_pSession] -* @param[in] keyPairId keyPairId[1:kSE05x_TAG_1] -* @param[in] pskId pskId[2:kSE05x_TAG_2] -* @param[in] hmacKeyId hmacKeyId[3:kSE05x_TAG_3] -* @param[in] inputData inputData[4:kSE05x_TAG_4] -* @param[in] inputDataLen Length of inputData -* @param[in] clientVersion client version[6:kSE05x_TAG_6] -* @param[in] clientVersionLen Length of client version -*/ - -smStatus_t Se05x_API_TLSCalculateRsaPreMasterSecret(pSe05xSession_t session_ctx, - uint32_t keyPairId, - uint32_t pskId, - uint32_t hmacKeyId, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *clientVersion, - size_t clientVersionLen); - -/** Se05x_API_WriteRSAKey_Ver -* -* See @ref Se05x_API_WriteRSAKey. Also allows to set key version (4 bytes). -* -*/ -smStatus_t Se05x_API_WriteRSAKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t size, - const uint8_t *p, - size_t pLen, - const uint8_t *q, - size_t qLen, - const uint8_t *dp, - size_t dpLen, - const uint8_t *dq, - size_t dqLen, - const uint8_t *qInv, - size_t qInvLen, - const uint8_t *pubExp, - size_t pubExpLen, - const uint8_t *priv, - size_t privLen, - const uint8_t *pubMod, - size_t pubModLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - const SE05x_RSAKeyFormat_t rsa_format, - uint32_t version); - -/** Se05x_API_UpdateRSAKey_Ver -* -* See @ref Se05x_API_WriteRSAKey. Also allows to set key version (4 bytes). -* Called to update the value of already existing object. If policy is passed, -* it should match with existing policy on object. -*/ -smStatus_t Se05x_API_UpdateRSAKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t size, - const uint8_t *p, - size_t pLen, - const uint8_t *q, - size_t qLen, - const uint8_t *dp, - size_t dpLen, - const uint8_t *dq, - size_t dqLen, - const uint8_t *qInv, - size_t qInvLen, - const uint8_t *pubExp, - size_t pubExpLen, - const uint8_t *priv, - size_t privLen, - const uint8_t *pubMod, - size_t pubModLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - const SE05x_RSAKeyFormat_t rsa_format, - uint32_t version); - -#define Se05x_API_WriteECKey_with_version Se05x_API_WriteECKey_Ver -/** Se05x_API_WriteECKey_Ver -* -* See @ref Se05x_API_WriteECKey. Also allows to set key version (4 bytes). -* -*/ -smStatus_t Se05x_API_WriteECKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_ECCurve_t curveID, - const uint8_t *privKey, - size_t privKeyLen, - const uint8_t *pubKey, - size_t pubKeyLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - uint32_t version); - -/** Se05x_API_UpdateECKey_Ver -* -* See @ref Se05x_API_WriteECKey. Also allows to set key version (4 bytes). -* Called to update the value of already existing object. If policy is passed, -* it should match with existing policy on object. -*/ -smStatus_t Se05x_API_UpdateECKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_ECCurve_t curveID, - const uint8_t *privKey, - size_t privKeyLen, - const uint8_t *pubKey, - size_t pubKeyLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - uint32_t version); - -/** Se05x_API_WriteSymmKey_Ver -* -* See @ref Se05x_API_WriteSymmKey. Also allows to set key version (4 bytes). -* -*/ -smStatus_t Se05x_API_WriteSymmKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_KeyID_t kekID, - const uint8_t *keyValue, - size_t keyValueLen, - const SE05x_INS_t ins_type, - const SE05x_SymmKeyType_t type, - uint32_t version); - -/** Se05x_API_UpdateSymmKey_Ver -* -* See @ref Se05x_API_WriteSymmKey. Also allows to set key version (4 bytes). -* Called to update the value of already existing object. If policy is passed, -* it should match with existing policy on object. -*/ -smStatus_t Se05x_API_UpdateSymmKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_KeyID_t kekID, - const uint8_t *keyValue, - size_t keyValueLen, - const SE05x_INS_t ins_type, - const SE05x_SymmKeyType_t type, - uint32_t version); - -/** Se05x_API_WriteBinary_Ver -* -* See @ref Se05x_API_WriteBinary. Also allows to set key version (4 bytes). -* -*/ -smStatus_t Se05x_API_WriteBinary_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t offset, - uint16_t length, - const uint8_t *inputData, - size_t inputDataLen, - uint32_t version); - -/** Se05x_API_UpdateBinary_Ver -* -* See @ref Se05x_API_WriteBinary. Also allows to set key version (4 bytes). -* Called to update the value of already existing object. If policy is passed, -* it should match with existing policy on object. -* -*/ -smStatus_t Se05x_API_UpdateBinary_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t offset, - uint16_t length, - const uint8_t *inputData, - size_t inputDataLen, - uint32_t version); - -/** Se05x_API_ReadState -* -* -* # Command to Applet -* -* -* # R-APDU Body -* -* NA -* -* # R-APDU Trailer -* -* -* -* -* @param[in] session_ctx Session Context [0:kSE05x_pSession] -* @param[out] pstateValues [1:kSE05x_TAG_1] -*/ -smStatus_t Se05x_API_ReadState(pSe05xSession_t session_ctx, uint8_t *pstateValues, size_t *pstateValuesLen); - -/** Se05x_API_GetExtVersion -* -* Gets the applet extended version information. -* -* This will return 37-byte VersionInfo (including major, minor and patch version -* of the applet, supported applet features and secure box version). -* -* # Command to Applet -* -* @rst -* +-------+------------------------------+----------------------------------------------+ -* | Field | Value | Description | -* +=======+==============================+==============================================+ -* | CLA | 0x80 | | -* +-------+------------------------------+----------------------------------------------+ -* | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | -* +-------+------------------------------+----------------------------------------------+ -* | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | -* +-------+------------------------------+----------------------------------------------+ -* | P2 | P2_VERSION or P2_VERSION_EXT | See :cpp:type:`SE05x_P2_t` | -* +-------+------------------------------+----------------------------------------------+ -* | Lc | #(Payload) | | -* +-------+------------------------------+----------------------------------------------+ -* | Le | 0x00 | Expecting TLV with 7-byte data (when P2 = | -* | | | P2_VERSION) or a TLV with 37 byte data (when | -* | | | P2= P2_VERSION_EXT). | -* +-------+------------------------------+----------------------------------------------+ -* @endrst -* -* -* # R-APDU Body -* -* @rst -* +------------+------------------------------------------------+ -* | Value | Description | -* +============+================================================+ -* | TLV[TAG_1] | 7-byte :cpp:type:`VersionInfoRef` (if P2 = | -* | | P2_VERSION) or 7-byte VersionInfo followed by | -* | | 30 bytes extendedFeatureBits (if P2 = | -* | | P2_VERSION_EXT) | -* +------------+------------------------------------------------+ -* @endrst -* -* # R-APDU Trailer -* -* @rst -* +-------------+--------------------------------+ -* | SW | Description | -* +=============+================================+ -* | SW_NO_ERROR | Data is returned successfully. | -* +-------------+--------------------------------+ -* @endrst -* -* @param[in] session_ctx The session context -* @param pappletVersion The papplet version -* @param appletVersionLen The applet version length -* -* @return The sm status. -*/ -smStatus_t Se05x_API_GetExtVersion(pSe05xSession_t session_ctx, uint8_t *pappletVersion, size_t *appletVersionLen); - -/**Se05x_API_SendCardManagerCmd -* -* Sends a command to the Card Manager. -* -* This APDU will send command to Card Manager -* -* # Command to Card Manager -* -* @rst -* +---------+---------------+--------------------------------------+ -* | Field | Value | Description | -* +=========+===============+======================================+ -* | CLA | 0x80 | | -* +---------+---------------+--------------------------------------+ -* | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | -* +---------+---------------+--------------------------------------+ -* | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | -* +---------+---------------+--------------------------------------+ -* | P2 | P2_CM_COMMAND | See :cpp:type:`SE05x_P2_t` | -* +---------+---------------+--------------------------------------+ -* | Lc | #(Payload) | Payload length | -* +---------+---------------+--------------------------------------+ -* | Payload | TLV[TAG_1] | APDU to be sent to the Card Manager. | -* +---------+---------------+--------------------------------------+ -* | Le | 0x00 | Expected response length | -* +---------+---------------+--------------------------------------+ -* @endrst -* -* # R-APDU Body -* -* @rst -* +------------+----------------------------------------+ -* | Value | Description | -* +============+========================================+ -* | TLV[TAG_1] | Byte array containing the Card Manager | -* | | response. | -* +------------+----------------------------------------+ -* @endrst -* -* # R-APDU Trailer -* -* @rst -* +-------------+--------------------------------------+ -* | SW | Description | -* +=============+======================================+ -* | SW_NO_ERROR | The command is handled successfully. | -* +-------------+--------------------------------------+ -* @endrst -* -* @param[in] session_ctx The session context -* @param[in] pCmdData The command input data -* @param[in] cmdDataLen The command input data length -* @param[out] pOutputData The response data -* @param[out] pOutputDataLen The response data length -* -* @return The sm status. -*/ -smStatus_t Se05x_API_SendCardManagerCmd( - pSe05xSession_t session_ctx, uint8_t *pCmdData, size_t cmdDataLen, uint8_t *pOutputData, size_t *pOutputDataLen); - -/** Se05x_API_UpdatePCR -* -* See @ref Se05x_API_WritePCR. -* Called to update the value of already existing object. If policy is passed, -* it should match with existing policy on object. -*/ -smStatus_t Se05x_API_UpdatePCR( - pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t pcrID, const uint8_t *inputData, size_t inputDataLen); - -/** Se05x_API_UpdateCounter -* -* See @ref Se05x_API_SetCounterValue. -* Called to update the value of already existing object. If policy is passed, -* it should match with existing policy on object. -*/ -smStatus_t Se05x_API_UpdateCounter( - pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t objectID, uint16_t size, uint64_t value); diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_impl.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_impl.h deleted file mode 100644 index ac531d92b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_impl.h +++ /dev/null @@ -1,1535 +0,0 @@ -/* - * Copyright 2020 NXP - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#include -#include -#include - -#if defined(NONSECURE_WORLD) -#include "veneer_printf_table.h" -#endif - -#if SSS_HAVE_SE05X_VER_GTE_06_00 -/* OK */ -#else -#error "Only with SE051 based build" -#endif - -#ifndef NEWLINE -#define NEWLINE must be already defined -#endif - -smStatus_t Se05x_API_AeadOneShot(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CipherMode_t cipherMode, - const uint8_t *pInputData, - size_t inputDataLen, - const uint8_t *pAad, - size_t aadLen, - uint8_t *pIV, - size_t IVLen, - uint8_t *pTagData, - size_t *pTagDataLen, - uint8_t *pOutputData, - size_t *pOutputDataLen, - const SE05x_Cipher_Oper_OneShot_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, operation}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); - SE05x_Result_t result; - uint16_t ivlen16 = (uint16_t)IVLen; - size_t ivlen32 = IVLen; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadOneShot []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CipherMode("cipherMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cipherMode); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, pInputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("AdditionalData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pAad, aadLen); - if (0 != tlvRet) { - goto cleanup; - } - - if ((cipherMode == kSE05x_CipherMode_AES_GCM) || - ((cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV) && (operation == kSE05x_Cipher_Oper_OneShot_Decrypt))) { - tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, pIV, IVLen); - if (0 != tlvRet) { - goto cleanup; - } - } - else { - tlvRet = TLVSET_U16("IVLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, ivlen16); - if (0 != tlvRet) { - goto cleanup; - } - } - if (operation == kSE05x_Cipher_Oper_OneShot_Decrypt) { - tlvRet = TLVSET_u8bufOptional("tag", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, pTagData, *pTagDataLen); - if (0 != tlvRet) { - goto cleanup; - } - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - if (inputDataLen != 0) { - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - } - if (operation == kSE05x_Cipher_Oper_OneShot_Encrypt) { - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pTagData, pTagDataLen); - if (0 != tlvRet) { - goto cleanup; - } - } - if (operation == kSE05x_Cipher_Oper_OneShot_Decrypt) { - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, &result); - if (0 != tlvRet) { - goto cleanup; - } - if (result != kSE05x_Result_SUCCESS) { - goto cleanup; - } - } - if ((operation == kSE05x_Cipher_Oper_OneShot_Encrypt) && (cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV)) { - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, pIV, &ivlen32); - if (0 != tlvRet) { - goto cleanup; - } - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CipherMode_t cipherMode, - SE05x_CryptoObjectID_t cryptoObjectID, - uint8_t *pIV, - size_t IVLen, - const SE05x_Cipher_Oper_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, operation}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); - uint16_t ivlen16 = (uint16_t)IVLen; - size_t ivlen32 = IVLen; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadInit []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - if ((cipherMode == kSE05x_CipherMode_AES_GCM) || - ((cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV) && (operation == kSE05x_Cipher_Oper_Decrypt))) { - tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, pIV, IVLen); - if (0 != tlvRet) { - goto cleanup; - } - } - else { - tlvRet = TLVSET_U16("IVLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, ivlen16); - if (0 != tlvRet) { - goto cleanup; - } - } - if ((cipherMode == kSE05x_CipherMode_AES_GCM) || - ((cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV) && (operation == kSE05x_Cipher_Oper_Decrypt))) { - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - } - else { - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pIV, &ivlen32); - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - } -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadCCMInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *pIV, - size_t IVLen, - size_t aadLen, - size_t payloadLen, - size_t tagLen, - const SE05x_Cipher_Oper_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, operation}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint16_t aadLen16 = (uint16_t)aadLen; - uint16_t payloadLen16 = (uint16_t)payloadLen; - uint16_t tagLen16 = (uint16_t)tagLen; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadCCMInit []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, pIV, IVLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("aadLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, aadLen16); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("payloadLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, payloadLen16); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("tagLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_8, tagLen16); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadUpdate_aad( - pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *pAadData, size_t aadDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_UPDATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadUpdate_aad []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("aad", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pAadData, aadDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadUpdate(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *pInputData, - size_t inputDataLen, - uint8_t *pOutputData, - size_t *pOutputLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_UPDATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadUpdate []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, pInputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputLen); - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadCCMLastUpdate( - pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *pInputData, size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_UPDATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadUpdate []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, pInputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadCCMFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - uint8_t *pOutputData, - size_t *pOutputLen, - uint8_t *pTag, - size_t *pTagLen, - const SE05x_Cipher_Oper_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_FINAL}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); - size_t tagLen = *pTagLen; - SE05x_Result_t result; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadFinal []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - if (operation == kSE05x_Cipher_Oper_Decrypt) { - tlvRet = TLVSET_u8bufOptional("tag", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, pTag, tagLen); - if (0 != tlvRet) { - goto cleanup; - } - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputLen); - if (0 != tlvRet) { - goto cleanup; - } - if (operation == kSE05x_Cipher_Oper_Encrypt) { - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pTag, pTagLen); - if (0 != tlvRet) { - goto cleanup; - } - } - if (operation == kSE05x_Cipher_Oper_Decrypt) { - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, &result); - if (0 != tlvRet) { - goto cleanup; - } - - if (result != kSE05x_Result_SUCCESS) { - goto cleanup; - } - } - - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_AeadFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - uint8_t *pTag, - size_t *pTagLen, - const SE05x_Cipher_Oper_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_FINAL}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); - size_t tagLen = *pTagLen; - SE05x_Result_t result; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "AeadFinal []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - if (operation == kSE05x_Cipher_Oper_Decrypt) { - tlvRet = TLVSET_u8bufOptional("tag", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, pTag, tagLen); - if (0 != tlvRet) { - goto cleanup; - } - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - if (operation == kSE05x_Cipher_Oper_Encrypt) { - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pTag, pTagLen); - if (0 != tlvRet) { - goto cleanup; - } - } - if (operation == kSE05x_Cipher_Oper_Decrypt) { - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, &result); - if (0 != tlvRet) { - goto cleanup; - } - if (result != kSE05x_Result_SUCCESS) { - goto cleanup; - } - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DisableObjCreation( - pSe05xSession_t session_ctx, SE05x_LockIndicator_t lockIndicator, SE05x_RestrictMode_t restrictMode) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_RESTRICT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DisableObjCreation []"); -#endif /* VERBOSE_APDU_LOGS */ - - tlvRet = TLVSET_U8("lockIndicator", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, lockIndicator); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("restrictMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, restrictMode); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_TriggerSelfTest( - pSe05xSession_t session_ctx, SE05x_HealthCheckMode_t healthCheckMode, uint8_t *result) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SANITY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "TriggerSelfTest []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U16("health check mode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, healthCheckMode); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, result); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_TriggerSelfTest_W_Attst(pSe05xSession_t session_ctx, - SE05x_HealthCheckMode_t healthCheckMode, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *result, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT | kSE05x_INS_ATTEST, kSE05x_P1_DEFAULT, kSE05x_P2_SANITY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "TriggerSelfTest []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U16("health check mode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, healthCheckMode); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("attestID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, attestID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("attestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, attestAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8buf("random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, random, randomLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, result); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, outrandom, poutrandomLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadObjectAttributes( - pSe05xSession_t session_ctx, uint32_t objectID, uint8_t *data, size_t *pdataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_ATTRIBUTES}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadObjectAttributes []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, data, pdataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadObjectAttributes_W_Attst(pSe05xSession_t session_ctx, - uint32_t objectID, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *data, - size_t *pdataLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ_With_Attestation, kSE05x_P1_DEFAULT, kSE05x_P2_ATTRIBUTES}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadObjectAttributes_W_Attst []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("attestID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, attestID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_AttestationAlgo("attestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, attestAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, random, randomLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, data, pdataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, outrandom, poutrandomLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ECDHGenerateSharedSecret_InObject(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *pubKey, - size_t pubKeyLen, - uint32_t sharedSecretID, - uint8_t invertEndianness) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = { - {kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_EC, invertEndianness == 0x01 ? kSE05x_P2_DH_REVERSE : kSE05x_P2_DH}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ECDHGenerateSharedSecret []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, pubKey, pubKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("sharedSecretID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, sharedSecretID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - if (2 == rspbufLen) { - retStatus = (rspbuf[0] << 8) | (rspbuf[1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_TLSCalculateRsaPreMasterSecret(pSe05xSession_t session_ctx, - uint32_t keyPairId, - uint32_t pskId, - uint32_t hmacKeyId, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *clientVersion, - size_t clientVersionLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_TLS, kSE05x_P2_TLS_PMS}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "TLSCalculateRsaPreMasterSecret []"); -#endif /* VERBOSE_APDU_LOGS */ - if (pskId != 0) { - tlvRet = TLVSET_U32("pskId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pskId); - if (0 != tlvRet) { - goto cleanup; - } - } - tlvRet = TLVSET_U32("keyPairId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, keyPairId); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("hmacKeyId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, hmacKeyId); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("clientVersion", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, clientVersion, clientVersionLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteRSAKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t size, - const uint8_t *p, - size_t pLen, - const uint8_t *q, - size_t qLen, - const uint8_t *dp, - size_t dpLen, - const uint8_t *dq, - size_t dqLen, - const uint8_t *qInv, - size_t qInvLen, - const uint8_t *pubExp, - size_t pubExpLen, - const uint8_t *priv, - size_t privLen, - const uint8_t *pubMod, - size_t pubModLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - const SE05x_RSAKeyFormat_t rsa_format, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_RSA | key_part, rsa_format}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_WriteRSAKey_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("To be Checked(last 3 not pdf)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("size in bits", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, size); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("p", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, p, pLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("q", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, q, qLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("dp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, dp, dpLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("dq", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, dq, dqLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("qnv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, qInv, qInvLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("public exp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_8, pubExp, pubExpLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("priv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_9, priv, privLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("public mod", &pCmdbuf, &cmdbufLen, kSE05x_TAG_10, pubMod, pubModLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteECKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_ECCurve_t curveID, - const uint8_t *privKey, - size_t privKeyLen, - const uint8_t *pubKey, - size_t pubKeyLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_EC | key_part, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_WriteECKey_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECCurve("curveID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, curveID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("privKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, privKey, privKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pubKey, pubKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteSymmKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_KeyID_t kekID, - const uint8_t *keyValue, - size_t keyValueLen, - const SE05x_INS_t ins_type, - const SE05x_SymmKeyType_t type, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, type, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_WriteSymmKey_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_KeyID("KEK id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, kekID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("key value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, keyValue, keyValueLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteBinary_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t offset, - uint16_t length, - const uint8_t *inputData, - size_t inputDataLen, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_BINARY, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_WriteBinary_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("input data", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadState(pSe05xSession_t session_ctx, uint8_t *pstateValues, size_t *pstateValuesLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_READ_STATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadState []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pstateValues, pstateValuesLen); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_GetExtVersion(pSe05xSession_t session_ctx, uint8_t *pappletVersion, size_t *appletVersionLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_VERSION_EXT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "GetVersion []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pappletVersion, appletVersionLen); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_SendCardManagerCmd( - pSe05xSession_t session_ctx, uint8_t *pCmdData, size_t cmdDataLen, uint8_t *pOutputData, size_t *pOutputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_CM_COMMAND}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "SendCardManagerCmd []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("cmdData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pCmdData, cmdDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_UpdateRSAKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t size, - const uint8_t *p, - size_t pLen, - const uint8_t *q, - size_t qLen, - const uint8_t *dp, - size_t dpLen, - const uint8_t *dq, - size_t dqLen, - const uint8_t *qInv, - size_t qInvLen, - const uint8_t *pubExp, - size_t pubExpLen, - const uint8_t *priv, - size_t privLen, - const uint8_t *pubMod, - size_t pubModLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - const SE05x_RSAKeyFormat_t rsa_format, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_RSA | key_part, rsa_format}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdateRSAKey_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - /* Tag policy Check is not applicable for Generate key */ - if (((p != NULL) && (pLen != 0)) || ((pubExp != NULL) && (pubExpLen != 0)) || ((priv != NULL) && (privLen != 0))) { - tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); - if (0 != tlvRet) { - goto cleanup; - } - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("size in bits", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, size); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("p", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, p, pLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("q", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, q, qLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("dp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, dp, dpLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("dq", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, dq, dqLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("qnv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, qInv, qInvLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("public exp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_8, pubExp, pubExpLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("priv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_9, priv, privLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("public mod", &pCmdbuf, &cmdbufLen, kSE05x_TAG_10, pubMod, pubModLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_UpdateECKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_ECCurve_t curveID, - const uint8_t *privKey, - size_t privKeyLen, - const uint8_t *pubKey, - size_t pubKeyLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_EC | key_part, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdateECKey_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - - /* Tag policy Check is not applicable for Generate key */ - if (((privKey != NULL) && (privKeyLen != 0)) || ((pubKey != NULL) && (pubKeyLen != 0))) { - tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); - if (0 != tlvRet) { - goto cleanup; - } - } - - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECCurve("curveID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, curveID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("privKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, privKey, privKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pubKey, pubKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_UpdateBinary_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t offset, - uint16_t length, - const uint8_t *inputData, - size_t inputDataLen, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_BINARY, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdateBinary_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("input data", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_UpdateSymmKey_Ver(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_KeyID_t kekID, - const uint8_t *keyValue, - size_t keyValueLen, - const SE05x_INS_t ins_type, - const SE05x_SymmKeyType_t type, - uint32_t version) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, type, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdateSymmKey_Ver []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_KeyID("KEK id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, kekID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("key value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, keyValue, keyValueLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_UpdatePCR( - pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t pcrID, const uint8_t *inputData, size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_PCR, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(pcrID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdatePCR []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pcrID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_UpdateCounter( - pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t objectID, uint16_t size, uint64_t value) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_COUNTER, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_CreateCounter []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy check", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - - if ((size > 0) && (size <= 8)) { - if (value != 0) { - tlvRet = TLVSET_U64_SIZE("value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, value, size); - if (0 != tlvRet) { - goto cleanup; - } - } - } - else { - LOG_E("Wrong size provided"); - goto cleanup; - } - - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.h deleted file mode 100644 index b01f54216..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * - * Copyright 2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file */ - -#ifndef SE050X_APDU_H -#define SE050X_APDU_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include "se05x_tlv.h" -#include "se05x_const.h" -#include "se05x_APDU_apis.h" - -/** Se05x_API_DeleteAll_Iterative - * - * Go through each object and delete it individually. - * - * This API does not use the Applet API @ref Se05x_API_DeleteAll. It - * does not delete ALL objects and purposefully skips few objects. - * - * Instead, this API uses @ref Se05x_API_ReadIDList and @ref - * Se05x_API_ReadCryptoObjectList to first fetch list of objects to host, and - * **selectitvely** deletes. - * - * For e.g. It does not kill objects from: - * - The range SE05X_OBJID_SE05X_APPLET_RES_START to - * SE05X_OBJID_SE05X_APPLET_RES_END. This range is used by applet. - * - The range EX_SSS_OBJID_DEMO_AUTH_START to EX_SSS_OBJID_DEMO_AUTH_END, - * which is used by middleware DEMOS for authentication. - * - And others. - * - * Kindly see the Implementation of is API Se05x_API_DeleteAll_Iterative to see - * the list of ranges that are skipped. - * - * @param[in] session_ctx Session Context - * - * @return The status of API. - */ -smStatus_t Se05x_API_DeleteAll_Iterative(pSe05xSession_t session_ctx); - -/** - * @brief Get the Curve ID for existing Key. - * - * This API is functionally same as @ref Se05x_API_GetECCurveId - * but uses @ref SE05x_ECCurve_t as a type instead of uint8_t. - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param pcurveId The pcurve identifier - * - * - * @return The sm status. - */ -smStatus_t Se05x_API_EC_CurveGetId(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_ECCurve_t *pcurveId); - -/** Wrapper for @ref Se05x_API_ECDHGenerateSharedSecret */ - -#define Se05x_API_ECGenSharedSecret Se05x_API_ECDHGenerateSharedSecret - -/** Wrapper for @ref Se05x_API_DigestOneShot */ -#define Se05x_API_SHAOneShot Se05x_API_DigestOneShot - -// For SIMW-656 -bool Se05x_IsInValidRangeOfUID(uint32_t uid); - -#ifdef __cplusplus -} -#endif - -#endif /* SE050X_APDU_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h deleted file mode 100644 index ca095d260..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h +++ /dev/null @@ -1,5812 +0,0 @@ -/* - * - * Copyright 2019-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file */ - -#ifndef SE050X_APDU_APIS_H_INC -#define SE050X_APDU_APIS_H_INC - -#include "se05x_enums.h" -#include "se05x_tlv.h" - -/* Enable compilation of deprecated API Se05x_API_WritePCR - * Deprecated from Q1 2021. - * Support will be removed by Q1 2022 - */ -#define ENABLE_DEPRECATED_API_WritePCR 1 - -/** Se05x_API_CreateSession - * - * Creates a session on SE05X . - * - * Depending on the authentication object being referenced, a specific method of - * authentication applies. The response needs to adhere to this authentication - * method. - * - * - * # Command to Applet - * - * @rst - * +---------+-------------------+------------------------------+ - * | Field | Value | Description | - * +=========+===================+==============================+ - * | CLA | 0x80 | | - * +---------+-------------------+------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +---------+-------------------+------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+-------------------+------------------------------+ - * | P2 | P2_SESSION_CREATE | See :cpp:type:`SE05x_P2_t` | - * +---------+-------------------+------------------------------+ - * | Lc | #(Payload) | Payload length. | - * +---------+-------------------+------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte authentication object | - * | | | identifier. | - * +---------+-------------------+------------------------------+ - * | Le | 0x0A | Expecting TLV with 8-byte | - * | | | session ID. | - * +---------+-------------------+------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------+ - * | Value | Description | - * +============+============================+ - * | TLV[TAG_1] | 8-byte session identifier. | - * +------------+----------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * SW_NO_ERROR: - * * The command is handled successfully. - * - * SW_CONDITIONS_NOT_SATISFIED: - * * The authenticator does not exist - * * The provided input data are incorrect. - * * The session is invalid. - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] authObjectID auth [1:kSE05x_TAG_1] - * @param[out] sessionId [0:kSE05x_TAG_1] - * @param[in,out] psessionIdLen Length for sessionId - * - * - */ -smStatus_t Se05x_API_CreateSession( - pSe05xSession_t session_ctx, uint32_t authObjectID, uint8_t *sessionId, size_t *psessionIdLen); - -/** Se05x_API_ExchangeSessionData - * - * Sets session policies for the current session. - * - * - * # Command to Applet - * - * @rst - * +---------+-------------------+-----------------------------+ - * | Field | Value | Description | - * +=========+===================+=============================+ - * | CLA | 0x80 or 0x84 | - | - * +---------+-------------------+-----------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +---------+-------------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+-------------------+-----------------------------+ - * | P2 | P2_SESSION_POLICY | See P2 | - * +---------+-------------------+-----------------------------+ - * | Lc | #(Payload) | Payload length. | - * +---------+-------------------+-----------------------------+ - * | Payload | TLV[TAG_1] | Session policies | - * +---------+-------------------+-----------------------------+ - * | | C-MAC | If applicable | - * +---------+-------------------+-----------------------------+ - * | Le | 0x00 | - | - * +---------+-------------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +-------+----------------------------+ - * | Value | Description | - * +=======+============================+ - * | R-MAC | Optional, depending on | - * | | established security level | - * +-------+----------------------------+ - * @endrst - * - * - * @rst - * +-----------------------------+------------------------+ - * | SW | Description | - * +=============================+========================+ - * | SW_NO_ERROR | The command is handled | - * | | successfully. | - * +-----------------------------+------------------------+ - * | SW_CONDITIONS_NOT_SATISFIED | Invalid policies | - * +-----------------------------+------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] policy Check pdf [1:kSE05x_TAG_1] - * - */ -smStatus_t Se05x_API_ExchangeSessionData(pSe05xSession_t session_ctx, pSe05xPolicy_t policy); - -/** Se05x_API_RefreshSession - * - * Refreshes a session on , the policy of the running session can be updated; the - * rest of the session state remains. - * - * # Command to Applet - * - * @rst - * +-------+--------------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+====================+===============================================+ - * | CLA | 0x80 | - | - * +-------+--------------------+-----------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+--------------------+-----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------------+-----------------------------------------------+ - * | P2 | P2_SESSION_REFRESH | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------------+-----------------------------------------------+ - * | Lc | #(Payload) | Payload length. | - * +-------+--------------------+-----------------------------------------------+ - * | | TLV[TAG_POLICY] | Byte array containing the policy to attach to | - * | | | the session. [Optional] | - * +-------+--------------------+-----------------------------------------------+ - * | Le | - | | - * +-------+--------------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] policy policy [1:kSE05x_TAG_POLICY] - */ -smStatus_t Se05x_API_RefreshSession(pSe05xSession_t session_ctx, pSe05xPolicy_t policy); - -/** Se05x_API_CloseSession - * - * Closes a running session. - * - * When a session is closed, it cannot be reopened. - * - * All session parameters are transient. - * - * # Command to Applet - * - * @rst - * +-------+------------------+-----------------------------+ - * | Field | Value | Description | - * +=======+==================+=============================+ - * | CLA | 0x80 | | - * +-------+------------------+-----------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------+-----------------------------+ - * | P2 | P2_SESSION_CLOSE | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+-------------------------------------+ - * | SW | Description | - * +=============+=====================================+ - * | SW_NO_ERROR | The session is closed successfully. | - * +-------------+-------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - */ -smStatus_t Se05x_API_CloseSession(pSe05xSession_t session_ctx); - -/** Se05x_API_VerifySessionUserID - * - * Verifies the session user identifier (UserID) in order to allow setting up a - * session. If the UserID is correct, the session establishment is successful; - * otherwise the session cannot be opened (SW_CONDITIONS_NOT_SATISFIED is - * returned). - * - * # Command to Applet - * - * @rst - * +-------+-------------------+-----------------------------+ - * | Field | Value | Description | - * +=======+===================+=============================+ - * | CLA | 0x80 | | - * +-------+-------------------+-----------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+-------------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+-------------------+-----------------------------+ - * | P2 | P2_SESSION_USERID | See :cpp:type:`SE05x_P2_t` | - * +-------+-------------------+-----------------------------+ - * | Lc | #(Payload) | Payload length. | - * +-------+-------------------+-----------------------------+ - * | | TLV[TAG_1] | UserID value | - * +-------+-------------------+-----------------------------+ - * | Le | - | | - * +-------+-------------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] userId userId [1:kSE05x_TAG_1] - * @param[in] userIdLen Length of userId - */ -smStatus_t Se05x_API_VerifySessionUserID(pSe05xSession_t session_ctx, const uint8_t *userId, size_t userIdLen); - -/** Se05x_API_SetLockState - * - * Sets the applet transport lock (locked or unlocked). There is a Persistent - * lock and a Transient Lock. If the Persistent lock is UNLOCKED, the device is - * unlocked (regardless of the Transient lock). If the Persistent lock is LOCKED, - * the device is only unlocked when the Transient lock is UNLOCKED and the device - * will be locked again after deselect of the applet. - * - * Note that regardless of the lock state, the credential RESERVED_ID_TRANSPORT - * allows access to all features. For example, it is possible to write/update - * objects within the session opened by RESERVED_ID_TRANSPORT, even if the applet - * is locked. - * - * The default TRANSIENT_LOCK state is LOCKED; there is no default - * PERSISTENT_LOCK state (depends on product configuration). - * - * This command can only be used in a session that used the credential with - * identifier RESERVED_ID_TRANSPORT as authentication object. - * - * @rst - * +-----------------+----------------+-----------------------------------------------+ - * | PERSISTENT_LOCK | TRANSIENT_LOCK | Behavior | - * +=================+================+===============================================+ - * | UNLOCKED | UNLOCKED | Unlocked until PERSISTENT_LOCK set to LOCKED. | - * +-----------------+----------------+-----------------------------------------------+ - * | UNLOCKED | LOCKED | Unlocked until PERSISTENT_LOCK set to LOCKED. | - * +-----------------+----------------+-----------------------------------------------+ - * | LOCKED | UNLOCKED | Unlocked until deselect or TRANSIENT_LOCK set | - * | | | to LOCKED. | - * +-----------------+----------------+-----------------------------------------------+ - * | LOCKED | LOCKED | Locked until PERSISTENT_LOCK set to UNLOCKED. | - * +-----------------+----------------+-----------------------------------------------+ - * @endrst - * - * - * # Command to Applet - * - * @rst - * +---------+--------------+-------------------------------------+ - * | Field | Value | Description | - * +=========+==============+=====================================+ - * | CLA | 0x80 | | - * +---------+--------------+-------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +---------+--------------+-------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+--------------+-------------------------------------+ - * | P2 | P2_TRANSPORT | See :cpp:type:`SE05x_P2_t` | - * +---------+--------------+-------------------------------------+ - * | Lc | #(Payload) | | - * +---------+--------------+-------------------------------------+ - * | Payload | TLV[TAG_1] | 1-byte :cpp:type:`LockIndicatorRef` | - * +---------+--------------+-------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`LockStateRef` | - * +---------+--------------+-------------------------------------+ - * | Le | | | - * +---------+--------------+-------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] lockIndicator lock indicator [1:kSE05x_TAG_1] - * @param[in] lockState lock state [2:kSE05x_TAG_2] - */ -smStatus_t Se05x_API_SetLockState(pSe05xSession_t session_ctx, uint8_t lockIndicator, uint8_t lockState); - -/** Se05x_API_SetPlatformSCPRequest - * - * Sets the required state for platform SCP (required or not required). This is a - * persistent state. - * - * If platform SCP is set to SCP_REQUIRED, any applet APDU command will be - * refused by the applet when platform SCP is not enabled. Enabled means full - * encryption and MAC, both on C-APDU and R-APDU. Any other level is not - * sufficient and will not be accepted. SCP02 will not be accepted (as there is - * no response MAC and encryption). - * - * If platform SCP is set to "not required," any applet APDU command will be - * accepted by the applet. - * - * This command can only be used in a session that used the credential with - * identifier RESERVED_ID_PLATFORM_SCP as authentication object. - * - * Note that the default state is SCP_NOT_REQUIRED. - * - * - * # Command to Applet - * - * @rst - * +---------+------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=========+============+===============================================+ - * | CLA | 0x80 | | - * +---------+------------+-----------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +---------+------------+-----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+------------+-----------------------------------------------+ - * | P2 | P2_SCP | See :cpp:type:`SE05x_P2_t` | - * +---------+------------+-----------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+------------+-----------------------------------------------+ - * | Payload | TLV[TAG_1] | 1-byte :cpp:type:`SE05x_PlatformSCPRequest_t` | - * +---------+------------+-----------------------------------------------+ - * | Le | | | - * +---------+------------+-----------------------------------------------+ - * @endrst - * - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] platformSCPRequest platf scp req [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_SetPlatformSCPRequest(pSe05xSession_t session_ctx, SE05x_PlatformSCPRequest_t platformSCPRequest); - -/** Se05x_API_SetAppletFeatures - * - * Sets the applet features that are supported. To successfully execute this - * command, the session must be authenticated using the RESERVED_ID_FEATURE. - * - * The 2-byte input value is a pre-defined AppletConfig value. - * - * # Command to Applet - * - * @rst - * +---------+------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=========+============+===============================================+ - * | CLA | 0x80 | | - * +---------+------------+-----------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +---------+------------+-----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+------------+-----------------------------------------------+ - * | P2 | P2_VARIANT | See :cpp:type:`SE05x_P2_t` | - * +---------+------------+-----------------------------------------------+ - * | Lc | #(Payload) | Payload length | - * +---------+------------+-----------------------------------------------+ - * | Payload | TLV[TAG_1] | 2-byte Variant from | - * | | | :cpp:type:`SE05x_AppletConfig_t` | - * +---------+------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] variant variant [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_SetAppletFeatures(pSe05xSession_t session_ctx, pSe05xAppletFeatures_t appletVariant); - -/** Se05x_API_WriteECKey - * - * Write or update an EC key object. - * - * P1KeyPart indicates the key type to be created (if the object does not yet - * exist). - * - * If P1KeyPart = P1_KEY_PAIR, Private Key Value (TLV[TAG_3]) and Public Key - * Value (TLV[TAG_4) must both be present, or both be absent. If absent, the key - * pair is generated in the SE05X . - * - * If the object already exists, P1KeyPart is ignored. - * - * @rst - * +---------+------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+========================+================================================+ - * | P1 | :cpp:type:`SE05x_P1_t` | See :cpp:type:`SE05x_P1_t` , P1KeyType | - * | | | P1_EC | should only be set for new objects. | - * +---------+------------------------+------------------------------------------------+ - * | P2 | P2_DEFAULT | See P2 | - * +---------+------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional - only when the object | - * | | | identifier is not in use yet] | - * +---------+------------------------+------------------------------------------------+ - * | | TLV[TAG_MAX_ATTEMPTS] | 2-byte maximum number of attempts. If 0 is | - * | | | given, this means unlimited. [Optional: | - * | | | default unlimited] [Conditional: only when | - * | | | the object identifier is not in use yet and | - * | | | INS includes INS_AUTH_OBJECT; see | - * | | | AuthenticationObjectPolicies ] | - * +---------+------------------------+------------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +---------+------------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 1-byte curve identifier, see ECCurve | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet; ] | - * +---------+------------------------+------------------------------------------------+ - * | | TLV[TAG_3] | Private key value (see :cpp:type:`ECKeyRef` | - * | | | ) [Conditional: only when the private key is | - * | | | externally generated and P1KeyType is either | - * | | | P1_KEY_PAIR or P1_PRIVATE] | - * +---------+------------------------+------------------------------------------------+ - * | | TLV[TAG_4] | Public key value (see :cpp:type:`ECKeyRef` ) | - * | | | [Conditional: only when the public key is | - * | | | externally generated and P1KeyType is either | - * | | | P1_KEY_PAIR or P1_PUBLIC] | - * +---------+------------------------+------------------------------------------------+ - * | | TLV[TAG_11] | 4-byte version [Optional] | - * +---------+------------------------+------------------------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param[in] policy The policy - * @param[in] maxAttempt The maximum attempt - * @param[in] objectID The object id - * @param[in] curveID The curve id - * @param[in] privKey The priv key - * @param[in] privKeyLen The priv key length - * @param[in] pubKey The pub key - * @param[in] pubKeyLen The pub key length - * @param[in] ins_type The insert type - * @param[in] key_part The key part - * - * @return The sm status. - */ -smStatus_t Se05x_API_WriteECKey(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_ECCurve_t curveID, - const uint8_t *privKey, - size_t privKeyLen, - const uint8_t *pubKey, - size_t pubKeyLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part); - -/** Se05x_API_WriteRSAKey - * - * Creates or writes an RSA key or a key component. - * - * Supported key sizes are listed in RSABitLength. Other values are not - * supported. - * - * An RSA key creation requires multiple ADPUs to be sent: - * - * * The first APDU must contain: - * - * * Policy (optional, so only if non-default applies) - * - * * Object identifier - * - * * Key size - * - * * 1 of the key components. - * - * * Each next APDU must contain 1 of the key components. - * - * The policy applies only once all key components are set. - * - * Once an RSAKey object has been created, its format remains fixed and cannot - * be updated (so CRT or raw mode, no switch possible). - * - * If the object already exists, P1KeyType is ignored. - * - * For key pairs, if no component is present (TAG_3 until TAG_9), the key pair - * will be generated on chip; otherwise the key pair will be constructed - * starting with the given component. - * - * For private keys or public keys, there should always be exactly one of the - * tags TAG_3 until TAG_10. - * - * * TLV[TAG_8] and TLV[TAG_10] must only contain a value if the key pair is - * to be set to a known value and P1KeyType is either P1_KEY_PAIR or - * P1_PUBLIC; otherwise the value must be absent and the length must be - * equal to 0. - * - * * TLV[TAG_9] must only contain a value it the key is to be set in raw mode - * to a known value and P1KeyType is either P1_KEY_PAIR or P1_PRIVATE; - * otherwise the value must be absent and the length must be equal to 0. - * - * * If TLV[TAG_3] up to TLV[TAG_10] are absent (except TLV[TAG_8]), the RSA - * key will be generated on chip in case the object does not yet exist; - * otherwise it will be regenerated. This only applies to RSA key pairs. - * - * * Keys can be set by setting the different components of a key; only 1 - * component can be set at a time in this case. - * - * - * @rst - * +---------+-------------------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+===============================+================================================+ - * | P1 | :cpp:type:`SE05x_KeyPart_t` | | See :cpp:type:`SE05x_P1_t` | - * | | P1_RSA | | - * +---------+-------------------------------+------------------------------------------------+ - * | P2 | P2_DEFAULT or P2_RAW | See :cpp:type:`SE05x_P2_t`; P2_RAW only in | - * | | | case P1KeyPart = P1_KEY_PAIR and TLV[TAG_3] | - * | | | until TLV[TAG_10] is empty and the must | - * | | | generate a raw RSA key pair; all other cases: | - * | | | P2_DEFAULT. | - * +---------+-------------------------------+------------------------------------------------+ - * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 2-byte key size in bits | - * | | | (:cpp:type:`SE05x_RSABitLength_t`) | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_3] | P component [Conditional: only when the | - * | | | object identifier is in CRT mode and the key | - * | | | is generated externally and P1KeyPart is | - * | | | either P1_KEY_PAIR or P1_PRIVATE] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_4] | Q component [Conditional: only when the | - * | | | object identifier is in CRT mode and the key | - * | | | is generated externally and P1KeyPart is | - * | | | either P1_KEY_PAIR or P1_PRIVATE] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_5] | DP component [Conditional: only when the | - * | | | object identifier is in CRT mode and the key | - * | | | is generated externally and P1KeyPart is | - * | | | either P1_KEY_PAIR or P1_PRIVATE] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_6] | DQ component [Conditional: only when the | - * | | | object identifier is in CRT mode and the key | - * | | | is generated externally and P1KeyPart is | - * | | | either P1_KEY_PAIR or P1_PRIVATE] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_7] | INV_Q component [Conditional: only when the | - * | | | object identifier is in CRT mode and the key | - * | | | is generated externally and P1KeyPart is | - * | | | either P1_KEY_PAIR or P1_PRIVATE] | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_8] | Public exponent | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_9] | Private Key (non-CRT mode only) | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_10] | Public Key (Modulus) | - * +---------+-------------------------------+------------------------------------------------+ - * | | TLV[TAG_11] | 4-byte version [Optional] | - * +---------+-------------------------------+------------------------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param[in] policy The policy - * @param[in] objectID The object id - * @param[in] size The size - * @param[in] p The part p - * @param[in] pLen The p length - * @param[in] q The quarter - * @param[in] qLen The quarter length - * @param[in] dp The part dp - * @param[in] dpLen The dp length - * @param[in] dq The part dq - * @param[in] dqLen The dq length - * @param[in] qInv The quarter inv - * @param[in] qInvLen The quarter inv length - * @param[in] pubExp The pub exponent - * @param[in] pubExpLen The pub exponent length - * @param[in] priv The priv - * @param[in] privLen The priv length - * @param[in] pubMod The pub modifier - * @param[in] pubModLen The pub modifier length - * @param[in] transient_type The transient type - * @param[in] key_part The key part - * @param[in] rsa_format The rsa format - * - * @return The sm status. - */ - -smStatus_t Se05x_API_WriteRSAKey(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t size, - const uint8_t *p, - size_t pLen, - const uint8_t *q, - size_t qLen, - const uint8_t *dp, - size_t dpLen, - const uint8_t *dq, - size_t dqLen, - const uint8_t *qInv, - size_t qInvLen, - const uint8_t *pubExp, - size_t pubExpLen, - const uint8_t *priv, - size_t privLen, - const uint8_t *pubMod, - size_t pubModLen, - const SE05x_INS_t transient_type, - const SE05x_KeyPart_t key_part, - const SE05x_RSAKeyFormat_t rsa_format); - -/** Se05x_API_WriteSymmKey - * - * Creates or writes an AES key, DES key or HMAC key, indicated by P1: - * - * * P1_AES - * - * * P1_DES - * - * * P1_HMAC - * - * Users can pass RFC3394 wrapped keys by indicating the KEK in TLV[TAG_2]. Note - * that RFC3394 required 8-byte aligned input, so this can only be used when the - * key has an 8-byte aligned length. - * - * # Command to Applet - * - * @rst - * +---------+-----------------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=========+=======================+===============================================+ - * | P1 | See above | See :cpp:type:`SE05x_P1_t` | - * +---------+-----------------------+-----------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +---------+-----------------------+-----------------------------------------------+ - * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_MAX_ATTEMPTS] | 2-byte maximum number of attempts. If 0 is | - * | | | given, this means unlimited. [Optional: | - * | | | default unlimited] [Conditional: only when | - * | | | the object identifier is not in use yet and | - * | | | INS includes INS_AUTH_OBJECT; see | - * | | | AuthenticationObjectPolicies] | - * +---------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +---------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 4-byte KEK identifier [Conditional: only | - * | | | when the key value is RFC3394 wrapped] | - * +---------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_3] | Key value, either plain or RFC3394 wrapped. | - * +---------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_4] | Tag length for GCM/GMAC. Will only be used if | - * | | | the object is an AESKey. [Optional] | - * +---------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_11] | 4-byte version [Optional] | - * +---------+-----------------------+-----------------------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param[in] policy The policy - * @param[in] maxAttempt The maximum attempt - * @param[in] objectID The object id - * @param[in] kekID The kek id - * @param[in] keyValue The key value - * @param[in] keyValueLen The key value length - * @param[in] ins_type The insert type - * @param[in] type The type - * - * @return The sm status. - */ -smStatus_t Se05x_API_WriteSymmKey(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_KeyID_t kekID, - const uint8_t *keyValue, - size_t keyValueLen, - const SE05x_INS_t ins_type, - const SE05x_SymmKeyType_t type); - -/** Se05x_API_WriteBinary - * - * Creates or writes to a binary file object. Data are written to either the - * start of the file or (if specified) to the offset passed to the function. - * - * # Command to Applet - * - * @rst - * +---------+-----------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=========+=================+===============================================+ - * | P1 | P1_BINARY | See :cpp:type:`SE05x_P1_t` | - * +---------+-----------------+-----------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +---------+-----------------+-----------------------------------------------+ - * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-----------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +---------+-----------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 2-byte file offset [Optional: default = 0] | - * +---------+-----------------+-----------------------------------------------+ - * | | TLV[TAG_3] | 2-byte file length (up to 0x7FFF). | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-----------------+-----------------------------------------------+ - * | | TLV[TAG_4] | Data to be written [Optional: if not given, | - * | | | TAG_3 must be filled] | - * +---------+-----------------+-----------------------------------------------+ - * | | TLV[TAG_11] | 4-byte version [Optional] | - * +---------+-----------------+-----------------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] policy policy [1:kSE05x_TAG_POLICY] - * @param[in] objectID object id [2:kSE05x_TAG_1] - * @param[in] offset offset [3:kSE05x_TAG_2] - * @param[in] length length [4:kSE05x_TAG_3] - * @param[in] inputData input data [5:kSE05x_TAG_4] - * @param[in] inputDataLen Length of inputData - */ - -smStatus_t Se05x_API_WriteBinary(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t offset, - uint16_t length, - const uint8_t *inputData, - size_t inputDataLen); - -/** Se05x_API_WriteUserID - * - * Creates a UserID object, setting the user identifier value. The policy defines - * the maximum number of attempts that can be performed as comparison. - * - * # Command to Applet - * - * @rst - * +-------+-----------------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+=======================+===============================================+ - * | P1 | P1_USERID | See :cpp:type:`SE05x_P1_t` | - * +-------+-----------------------+-----------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +-------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +-------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_MAX_ATTEMPTS] | 2-byte maximum number of attempts. If 0 is | - * | | | given, this means unlimited. For pins, the | - * | | | maximum number of attempts must be smaller | - * | | | than 256. [Optional: default = 0] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet and INS includes | - * | | | INS_AUTH_OBJECT; see :cpp:type:`-`] | - * +-------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier. | - * +-------+-----------------------+-----------------------------------------------+ - * | | TLV[TAG_2] | Byte array containing 4 to 16 bytes user | - * | | | identifier value. | - * +-------+-----------------------+-----------------------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param[in] policy The policy - * @param[in] maxAttempt The maximum attempt - * @param[in] objectID The object id - * @param[in] userId The user identifier - * @param[in] userIdLen The user identifier length - * @param[in] attestation_type The attestation type - * - * @return The sm status. - */ -smStatus_t Se05x_API_WriteUserID(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - const uint8_t *userId, - size_t userIdLen, - const SE05x_AttestationType_t attestation_type); - -/** Se05x_API_CreateCounter - * - * Creates a new counter object. - * - * Counters can only be incremented, not decremented. - * - * When a counter reaches its maximum value (e.g., 0xFFFFFFFF for a 4-byte - * counter), they cannot be incremented again. - * - * An input value (TAG_3) must always have the same length as the existing - * counter (if it exists); otherwise the command will return an error. - * - * # Command to Applet - * - * @rst - * +---------+-----------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+=================+================================================+ - * | P1 | P1_COUNTER | See :cpp:type:`SE05x_P1_t` | - * +---------+-----------------+------------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +---------+-----------------+------------------------------------------------+ - * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-----------------+------------------------------------------------+ - * | | TLV[TAG_1] | 4-byte counter identifier. | - * +---------+-----------------+------------------------------------------------+ - * | | TLV[TAG_2] | 2-byte counter size (1 up to 8 bytes). | - * | | | [Conditional: only if object doesn't exist yet | - * | | | and TAG_3 is not given] | - * +---------+-----------------+------------------------------------------------+ - * | | TLV[TAG_3] | Counter value [Optional: - if object doesn't | - * | | | exist: must be present if TAG_2 is not given. | - * | | | - if object exists: if not present, increment | - * | | | by 1. if present, set counter to value.] | - * +---------+-----------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * NA - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] policy policy [1:kSE05x_TAG_POLICY] - * @param[in] objectID object id [2:kSE05x_TAG_1] - * @param[in] size size [3:kSE05x_TAG_2] - */ -smStatus_t Se05x_API_CreateCounter( - pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t objectID, uint16_t size); - -/** Se05x_API_SetCounterValue - * - * See @ref Se05x_API_CreateCounter - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[in] size size [3:kSE05x_TAG_2] - * @param[in] value value [4:kSE05x_TAG_3] - */ -smStatus_t Se05x_API_SetCounterValue(pSe05xSession_t session_ctx, uint32_t objectID, uint16_t size, uint64_t value); - -/** Se05x_API_IncCounter - * - * See @ref Se05x_API_CreateCounter - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_IncCounter(pSe05xSession_t session_ctx, uint32_t objectID); - -/** Se05x_API_WritePCR - * - * Creates or writes to a PCR object. - * - * A PCR is a hash to which data can be appended; i.e., writing data to a PCR - * will update the value of the PCR to be the hash of all previously inserted - * data concatenated with the new input data. - * - * A PCR will always use DigestMode = DIGEST_SHA256; no other configuration - * possible. - * - * If TAG_2 and TAG_3 is not passed, the PCR is reset to its initial value (i.e., - * the value set when the PCR was created). - * - * This reset is controlled under the POLICY_OBJ_ALLOW_DELETE policy, so users - * that can delete the PCR can also reset the PCR to initial value. - * - * # Command to Applet - * - * @rst - * +---------+-----------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+=================+================================================+ - * | P1 | P1_PCR | See :cpp:type:`SE05x_P1_t` | - * +---------+-----------------+------------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +---------+-----------------+------------------------------------------------+ - * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | - * | | | [Optional: default policy applies] | - * | | | [Conditional: only when the object identifier | - * | | | is not in use yet] | - * +---------+-----------------+------------------------------------------------+ - * | | TLV[TAG_1] | 4-byte PCR identifier. | - * +---------+-----------------+------------------------------------------------+ - * | | TLV[TAG_2] | Initial hash value [Conditional: only when | - * | | | the object identifier is not in use yet] | - * +---------+-----------------+------------------------------------------------+ - * | | TLV[TAG_3] | Data to be extended to the existing PCR. | - * | | | [Conditional: only when the object identifier | - * | | | is already in use] [Optional: not present if | - * | | | a Reset is requested] | - * +---------+-----------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] policy policy [1:kSE05x_TAG_POLICY] - * @param[in] pcrID object id [2:kSE05x_TAG_1] - * @param[in] initialValue initialValue [3:kSE05x_TAG_2] - * @param[in] initialValueLen Length of initialValue - * @param[in] inputData inputData [4:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - */ -#if ENABLE_DEPRECATED_API_WritePCR -smStatus_t Se05x_API_WritePCR(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t pcrID, - const uint8_t *initialValue, - size_t initialValueLen, - const uint8_t *inputData, - size_t inputDataLen); -#endif // ENABLE_DEPRECATED_API_WritePCR -smStatus_t Se05x_API_WritePCR_WithType(pSe05xSession_t session_ctx, - const SE05x_INS_t ins_type, - pSe05xPolicy_t policy, - uint32_t pcrID, - const uint8_t *initialValue, - size_t initialValueLen, - const uint8_t *inputData, - size_t inputDataLen); - -/** Se05x_API_ImportObject - * - * Writes a serialized Secure Object to the SE05X (i.e., "import") - * - * # Command to Applet - * - * @rst - * +---------+------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=========+============+===============================================+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+------------+-----------------------------------------------+ - * | P2 | P2_IMPORT | See :cpp:type:`SE05x_P2_t` | - * +---------+------------+-----------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier. | - * +---------+------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSAKeyComponent_t` | - * | | | [Conditional: only when the identifier refers | - * | | | to an RSAKey object] | - * +---------+------------+-----------------------------------------------+ - * | | TLV[TAG_3] | Serialized object (encrypted). | - * +---------+------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[in] rsaKeyComp rsaKeyComp [2:kSE05x_TAG_2] - * @param[in] serializedObject serializedObject [3:kSE05x_TAG_3] - * @param[in] serializedObjectLen Length of serializedObject - */ -smStatus_t Se05x_API_ImportObject(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAKeyComponent_t rsaKeyComp, - const uint8_t *serializedObject, - size_t serializedObjectLen); - -/** Se05x_API_ImportExternalObject - * - * Combined with the INS_IMPORT_EXTERNAL mask, enables users to send a - * WriteSecureObject APDU (WriteECKey until WritePCR) protected by a - * secure channel. - * - * Secure Objects can be imported into the SE05X through a secure channel which - * does not require the establishment of a session. This feature is also referred - * to single side import and can only be used to create or update objects. - * - * The mechanism is based on ECKey session to protect the Secure Object content - * and is summarized in the following figure. - * - * External import flow - * - * The flow above can be summarized in the following steps: - * - * 1. The user obtains the SE public key for import via the to get - * the public key from the device's key pair. Key ID 0x02 will - * return the public key of the EC key pair with - * RESERVED_ID_EXTERNAL_IMPORT. The response is signed by the - * same key pair. - * - * 2. The user calls with input: - * * the applet AID (e.g.A0000003965453000000010300000000) - * - * * the SCPparameters - * - * * 1-byte SCP identifier, must equal0xAB - * - * * 2-byte SCP parameter, must equal 0x01 followed by 1-byte - * security level (which follows the GlobalPlatform security - * level definition, see: . - * - * * key type, must be 0x88 (AES keytype) - * - * * key length, must be 0x10 (AES128key) - * - * * host public key (65-byte NIST P-256 publickey) - * - * * host public key curve identifier (must be 0x03 (=NIST_P256)) - * - * * ASN.1 signature over the TLV with tags 0xA6 and0x7F49. - * - * The applet will then calculate the master key by performing SHA256 - * over a byte array containing (in order): - * - * * 4-byte counter value being0x00000001 - * - * * shared secret (ECDH calculation according [IEEE P1363] using - * the private keyfrom RESERVED_ID_ECKEY_SESSION and the public - * key provided as input to ECKeySessionInternalAuthenticate. The - * length depends on the curve used (e.g. 32 byte for NIST P-256 - * curve). - * - * * 16-byte random generated by the SE05X. - * - * * 2-byte SCP parameter, must equal 0x01 followed by 1-byte - * security level (which follows the GlobalPlatform security level - * definition, see: . - * - * * 1-byte keytype - * - * * 1-byte keylength - * - * The master key will then be the 16 MSB's of the hash output. - * - * Using the master key, the 3 session keys are derived by following the - * GlobalPlatform specification to derive session keys, e.g. derivation input: - * - * * ENCsession key = CMAC(MK, 00000000000000000000000400008001) - * - * * CMACsession key = CMAC(MK, 00000000000000000000000600008001) - * - * * RMACsession key = CMAC(MK, 00000000000000000000000700008001) - * - * The Authentication Object ID needs to be passed using TAG_IMPORT_AUTH_KEY_ID, - * followed by the Write APDU command (using tag TAG_1). - * - * The Write APDU command needs to be constructed as follows: - * - * * Encrypt the command encryption counter (starting with - * 0x00000000000000000000000000000001) using the S_ENC key. This - * becomes the IV for the encrypted APDU. - * - * * Get the APDU command payload and pad it (ISO9797 M2 padding). - * - * * Encrypt the payload in AES CBC mode using the S_ENC key. - * - * * Set the Secure Messaging bit in the CLA (0x04). - * - * * Concatenate the MAC chaining value with the full APDU. - * - * * Then calculate the MAC on this byte array and append the 8-byte - * MAC value to the APDU. - * - * * Finally increment the encryption counter for the next command. - * - * A receipt will be generated by doing a CMAC operation on the input from tag - * 0xA6 and 0x7F49 using the RMAC session key, - * - * Receipt = CMAC(RMAC session key, ) - * - * There is no need to establish a session; therefore, the ImportExternalObject - * commands are always sent in the default session. The ImportExternalObject - * commands are replayable. - * - * The P1 and P2 parameters shall be coded as per the intended operation. For - * example, to import an EC Key, the P1 and P2 parameters as defined in - * WriteECKey shall be specified. - * - * # Command to Applet - * - * @rst - * +---------+-----------------------------+---------------------------------------------+ - * | Field | Value | Description | - * +=========+=============================+=============================================+ - * | CLA | 0x80 | | - * +---------+-----------------------------+---------------------------------------------+ - * | INS | INS_IMPORT_EXTERNAL | See :cpp:type:`SE05x_INS_t` | - * +---------+-----------------------------+---------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +---------+-----------------------------+---------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +---------+-----------------------------+---------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+-----------------------------+---------------------------------------------+ - * | Payload | TLV[TAG_IMPORT_AUTH_DATA] | Authentication data | - * +---------+-----------------------------+---------------------------------------------+ - * | | TLV[TAG_IMPORT_AUTH_KEY_ID] | Host public key Identifier | - * +---------+-----------------------------+---------------------------------------------+ - * | | TLV[TAG_1]... | Wraps a complete WriteSecureObject command, | - * | | | protected by ECKey session secure messaging | - * +---------+-----------------------------+---------------------------------------------+ - * | | TLV[TAG_11] | 4-byte version [Optional] | - * +---------+-----------------------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] ECKeydata ECKeydata [1:kSE05x_TAG_2] - * @param[in] ECKeydataLen Length of ECKeydata - * @param[in] serializedObject serializedObject [2:kSE05x_TAG_3] - * @param[in] serializedObjectLen Length of serializedObject - */ -smStatus_t Se05x_API_ImportExternalObject(pSe05xSession_t session_ctx, - const uint8_t *ECKeydata, - size_t ECKeydataLen, - const uint8_t *ECAuthKeyID, - size_t ECAuthKeyIDLen, - const uint8_t *serializedObject, - size_t serializedObjectLen); - -/** Se05x_API_ReadObject - * - * Reads the content of a Secure Object. - * - * * If the object is a key pair, the command will return the key - * pair's public key. - * - * * If the object is a public key, the command will return the public - * key. - * - * * If the object is a private key or a symmetric key or a userID, - * the command will return SW_CONDITIONS_NOT_SATISFIED. - * - * * If the object is a binary file, the file content is read, giving - * the offset in TLV[TAG_2] and the length to read in - * TLV[TAG_3]. Both TLV[TAG_2] and TLV[TAG_3] are bound together; - * i.e.. either both tags are present, or both are absent. If both - * are absent, the whole file content is returned. - * - * * If the object is a monotonic counter, the counter value is - * returned. - * - * * If the object is a PCR, the PCR value is returned. - * - * * If TLV[TAG_4] is filled, only the modulus or public exponent of - * an RSA key pair or RSA public key is read. It does not apply to - * other Secure Object types. - * - * # Command to Applet - * - * @rst - * +-------+------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+============+==============================================+ - * | CLA | 0x80 | | - * +-------+------------+----------------------------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t`, in addition to | - * | | | INS_READ, users can set the INS_ATTEST flag. | - * | | | In that case, attestation applies. | - * +-------+------------+----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+----------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+----------------------------------------------+ - * | Lc | #(Payload) | Payload Length. | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_2] | 2-byte offset [Optional: default 0] | - * | | | [Conditional: only when the object is a | - * | | | BinaryFile object] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_3] | 2-byte length [Optional: default 0] | - * | | | [Conditional: only when the object is a | - * | | | BinaryFile object] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_4] | 1-byte :cpp:type:`SE05x_RSAKeyComponent_t`: | - * | | | either RSA_COMP_MOD or RSA_COMP_PUB_EXP. | - * | | | [Optional] [Conditional: only for RSA key | - * | | | components] | - * +-------+------------+----------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------------+ - * | Value | Description | - * +============+============================================+ - * | TLV[TAG_1] | Data read from the secure object. | - * +------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | The read is done successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[in] offset offset [2:kSE05x_TAG_2] - * @param[in] length length [3:kSE05x_TAG_3] - * @param[out] data [0:kSE05x_TAG_1] - * @param[in,out] pdataLen Length for data - */ -smStatus_t Se05x_API_ReadObject( - pSe05xSession_t session_ctx, uint32_t objectID, uint16_t offset, uint16_t length, uint8_t *data, size_t *pdataLen); - -/** Se05x_API_ReadObject_W_Attst - * - * Read with attestation. - * - * See @ref Se05x_API_ReadObject - * - * When INS_ATTEST is set in addition to INS_READ, the secure object is read with - * attestation. In addition to the response in TLV[TAG_1], there are additional - * tags: - * - * TLV[TAG_2] will hold the object attributes (see ObjectAttributes). - * - * TLV[TAG_3] relative timestamp when the object has been retrieved - * - * TLV[TAG_4] will hold freshness random data - * - * TLV[TAG_5] will hold the unique ID of the device. - * - * TLV[TAG_6] will hold the signature over all concatenated Value fields tags of - * the response (TAG_1 until and including TAG_5). - * - * # Command to Applet - * - * @rst - * +-------+------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+============+==============================================+ - * | CLA | 0x80 | | - * +-------+------------+----------------------------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t`, in addition to | - * | | | INS_READ, users can set the INS_ATTEST flag. | - * | | | In that case, attestation applies. | - * +-------+------------+----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+----------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+----------------------------------------------+ - * | Lc | #(Payload) | Payload Length. | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_2] | 2-byte offset [Optional: default 0] | - * | | | [Conditional: only when the object is a | - * | | | BinaryFile object] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_3] | 2-byte length [Optional: default 0] | - * | | | [Conditional: only when the object is a | - * | | | BinaryFile object] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_4] | 1-byte :cpp:type:`SE05x_RSAKeyComponent_t`: | - * | | | either RSA_COMP_MOD or RSA_COMP_PUB_EXP. | - * | | | [Optional] [Conditional: only for RSA key | - * | | | components] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_5] | 4-byte attestation object identifier. | - * | | | [Optional] [Conditional: only when | - * | | | INS_ATTEST is set] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_6] | 1-byte :cpp:type:`SE05x_AttestationAlgo_t` | - * | | | [Optional] [Conditional: only when | - * | | | INS_ATTEST is set] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_7] | 16-byte freshness random [Optional] | - * | | | [Conditional: only when INS_ATTEST is set] | - * +-------+------------+----------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------+----------------------------------------------+ - * @endrst - * - * - * @rst - * +------------+--------------------------------------------+ - * | Value | Description | - * +============+============================================+ - * | TLV[TAG_1] | Data read from the secure object. | - * +------------+--------------------------------------------+ - * | TLV[TAG_2] | (only when INS_ATTEST is set) Byte array | - * | | containing the attributes (see | - * | | :cpp:type:`ObjectAttributesRef`). | - * +------------+--------------------------------------------+ - * | TLV[TAG_3] | (only when INS_ATTEST is set) 12-byte | - * | | timestamp | - * +------------+--------------------------------------------+ - * | TLV[TAG_4] | (only when INS_ATTEST is set) 16-byte | - * | | freshness random | - * +------------+--------------------------------------------+ - * | TLV[TAG_5] | (only when INS_ATTEST is set) 18-byte Chip | - * | | unique ID | - * +------------+--------------------------------------------+ - * | TLV[TAG_6] | (only when INS_ATTEST is set) Signature | - * | | applied over the value of TLV[TAG_1], | - * | | TLV[TAG_2], TLV[TAG_3], TLV[TAG_4] and | - * | | TLV[TAG_5]. | - * +------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------------+ - * | Value | Description | - * +============+============================================+ - * | TLV[TAG_1] | Data read from the secure object. | - * +------------+--------------------------------------------+ - * | TLV[TAG_2] | (only when INS_ATTEST is set) Byte array | - * | | containing the attributes (see | - * | | :cpp:type:`ObjectAttributesRef`). | - * +------------+--------------------------------------------+ - * | TLV[TAG_3] | (only when INS_ATTEST is set) 12-byte | - * | | timestamp | - * +------------+--------------------------------------------+ - * | TLV[TAG_4] | (only when INS_ATTEST is set) 16-byte | - * | | freshness random | - * +------------+--------------------------------------------+ - * | TLV[TAG_5] | (only when INS_ATTEST is set) 18-byte Chip | - * | | unique ID | - * +------------+--------------------------------------------+ - * | TLV[TAG_6] | (only when INS_ATTEST is set) Signature | - * | | applied over the value of TLV[TAG_1], | - * | | TLV[TAG_2], TLV[TAG_3], TLV[TAG_4] and | - * | | TLV[TAG_5]. | - * +------------+--------------------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] offset The offset - * @param[in] length The length - * @param[in] attestID The attest id - * @param[in] attestAlgo The attest algorithm - * @param[in] random The random - * @param[in] randomLen The random length - * @param data The data - * @param pdataLen The pdata length - * @param attribute The attribute - * @param pattributeLen The pattribute length - * @param ptimeStamp The ptime stamp - * @param outrandom The outrandom - * @param poutrandomLen The poutrandom length - * @param chipId The chip identifier - * @param pchipIdLen The pchip identifier length - * @param signature The signature - * @param psignatureLen The psignature length - * - * @return The sm status. - */ -smStatus_t Se05x_API_ReadObject_W_Attst(pSe05xSession_t session_ctx, - uint32_t objectID, - uint16_t offset, - uint16_t length, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *data, - size_t *pdataLen, - uint8_t *attribute, - size_t *pattributeLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_ReadRSA - * - * See @ref Se05x_API_ReadObject - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[in] offset offset [2:kSE05x_TAG_2] - * @param[in] length length [3:kSE05x_TAG_3] - * @param[in] rsa_key_comp rsa_key_comp [4:kSE05x_TAG_4] - * @param[out] data [0:kSE05x_TAG_1] - * @param[in,out] pdataLen Length for data - */ -smStatus_t Se05x_API_ReadRSA(pSe05xSession_t session_ctx, - uint32_t objectID, - uint16_t offset, - uint16_t length, - SE05x_RSAPubKeyComp_t rsa_key_comp, - uint8_t *data, - size_t *pdataLen); - -/** Se05x_API_ReadRSA_W_Attst - * - * See @ref Se05x_API_ReadObject_W_Attst - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] offset The offset - * @param[in] length The length - * @param[in] rsa_key_comp The rsa key component - * @param[in] attestID The attest id - * @param[in] attestAlgo The attest algorithm - * @param[in] random The random - * @param[in] randomLen The random length - * @param data The data - * @param pdataLen The pdata length - * @param attribute The attribute - * @param pattributeLen The pattribute length - * @param ptimeStamp The ptime stamp - * @param outrandom The outrandom - * @param poutrandomLen The poutrandom length - * @param chipId The chip identifier - * @param pchipIdLen The pchip identifier length - * @param signature The signature - * @param psignatureLen The psignature length - * - * @return The sm status. - */ -smStatus_t Se05x_API_ReadRSA_W_Attst(pSe05xSession_t session_ctx, - uint32_t objectID, - uint16_t offset, - uint16_t length, - SE05x_RSAPubKeyComp_t rsa_key_comp, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *data, - size_t *pdataLen, - uint8_t *attribute, - size_t *pattributeLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_ReadObjectAttributes_W_Attst - * - * Reads the attributes of a Secure Object (without the value of the Secure - * Object). - * - * Each Secure Object has a number of attributes assigned to it. These attributes - * are listed in for Authentication Objects and in for non-Authentication - * Objects. - * - * # Authentication Object attributes - * - * @rst - * +----------------------------------+--------------+------------------------------------------------+ - * | Attribute | Size (bytes) | Description | - * +==================================+==============+================================================+ - * | Object identifier | 4 | See :cpp:type:`identifiersRef` | - * +----------------------------------+--------------+------------------------------------------------+ - * | Object type | 1 | One of SecureObjectType | - * +----------------------------------+--------------+------------------------------------------------+ - * | Authentication attribute | 1 | One of :cpp:type:`SetIndicatorRef` | - * +----------------------------------+--------------+------------------------------------------------+ - * | Object counter | 2 | Number of failed attempts for an | - * | | | authentication object if the Maximum | - * | | | Authentication Attempts has been set. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Authentication object identifier | 4 | "Owner" of the secure object; i.e., the | - * | | | identifier of the session authentication | - * | | | object when the object has been created. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Maximum authentication attempts | 2 | Maximum number of authentication attempts. 0 | - * | | | means unlimited. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Policy | Variable | Policy attached to the object | - * +----------------------------------+--------------+------------------------------------------------+ - * | Origin | 1 | One of :cpp:type:`OriginRef`; indicates the | - * | | | origin of the Secure Object, either | - * | | | externally set, internally generated or trust | - * | | | provisioned by NXP. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Version | 1 | The Secure Object version. Default = 0. See | - * | | | FIPS compliance for details about versioning | - * | | | of Secure Objects. | - * +----------------------------------+--------------+------------------------------------------------+ - * @endrst - * - * # Non-Authentication Objects - * - * @rst - * +----------------------------------+--------------+------------------------------------------------+ - * | Attribute | Size (bytes) | Description | - * +==================================+==============+================================================+ - * | Object identifier | 4 | See Object identifiers | - * +----------------------------------+--------------+------------------------------------------------+ - * | Object type | 1 | One of SecureObjectType | - * +----------------------------------+--------------+------------------------------------------------+ - * | Authentication attribute | 1 | One of :cpp:type:`SetIndicatorRef` | - * +----------------------------------+--------------+------------------------------------------------+ - * | Tag length | 2 | Set to 0x0000, except for AESKey objects: for | - * | | | AESKey objects, this indicates the GMAC | - * | | | length that applies when doing AEAD | - * | | | operations. If the value is set to 0 and AEAD | - * | | | operations are done, the GMAC length shall be | - * | | | 128 bit. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Authentication object identifier | 4 | "Owner" of the secure object; i.e., the | - * | | | identifier of the session authentication | - * | | | object when the object has been created. | - * +----------------------------------+--------------+------------------------------------------------+ - * | RFU | 2 | Set to 0x0000. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Policy | Variable | Policy attached to the object | - * +----------------------------------+--------------+------------------------------------------------+ - * | Origin | 1 | One of :cpp:type:`OriginRef`; indicates the | - * | | | origin of the Secure Object, either | - * | | | externally set, internally generated or trust | - * | | | provisioned by NXP. | - * +----------------------------------+--------------+------------------------------------------------+ - * | Version | 1 | The Secure Object version. Default = 0. See | - * | | | FIPS compliance for details about versioning | - * | | | of Secure Objects. | - * +----------------------------------+--------------+------------------------------------------------+ - * @endrst - * - * - * # Command to Applet - * - * @rst - * +-------+---------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+===============+===============================================+ - * | CLA | 0x80 | | - * +-------+---------------+-----------------------------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t`, in addition to | - * | | | INS_READ, users can set the INS_ATTEST flag. | - * | | | In that case, attestation applies. | - * +-------+---------------+-----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------+-----------------------------------------------+ - * | P2 | P2_ATTRIBUTES | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------+-----------------------------------------------+ - * | Lc | #(Payload) | Payload Length. | - * +-------+---------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +-------+---------------+-----------------------------------------------+ - * | | TLV[TAG_5] | 4-byte attestation object identifier. | - * | | | [Optional] [Conditional: only when | - * | | | INS_ATTEST is set] | - * +-------+---------------+-----------------------------------------------+ - * | | TLV[TAG_6] | 1-byte AttestationAlgo [Optional] | - * | | | [Conditional: only when INS_ATTEST is set] | - * +-------+---------------+-----------------------------------------------+ - * | | TLV[TAG_7] | 16-byte freshness random [Optional] | - * | | | [Conditional: only when INS_ATTEST is set] | - * +-------+---------------+-----------------------------------------------+ - * | Le | 0x00 | | - * +-------+---------------+-----------------------------------------------+ - * @endrst - * - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------------+ - * | Value | Description | - * +============+============================================+ - * | TLV[TAG_2] | Byte array containing the attributes (see | - * | | Object Attributes). | - * +------------+--------------------------------------------+ - * | TLV[TAG_3] | (only when INS_ATTEST is set) 12-byte | - * | | timestamp | - * +------------+--------------------------------------------+ - * | TLV[TAG_4] | (only when INS_ATTEST is set) 16-byte | - * | | freshness random | - * +------------+--------------------------------------------+ - * | TLV[TAG_5] | (only when INS_ATTEST is set) 18-byte Chip | - * | | unique ID | - * +------------+--------------------------------------------+ - * | TLV[TAG_6] | (only when INS_ATTEST is set) Signature | - * | | applied over the value of TLV[TAG_2], | - * | | TLV[TAG_2], TLV[TAG_3], TLV[TAG_4] and | - * | | TLV[TAG_5]. | - * +------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | The read is done successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] attestID The attest id - * @param[in] attestAlgo The attest algorithm - * @param[in] random The random - * @param[in] randomLen The random length - * @param data The data - * @param pdataLen The pdata length - * @param ptimeStamp The ptime stamp - * @param outrandom The outrandom - * @param poutrandomLen The poutrandom length - * @param chipId The chip identifier - * @param pchipIdLen The pchip identifier length - * @param signature The signature - * @param psignatureLen The psignature length - * - * @return The sm status. - */ -smStatus_t Se05x_API_ReadObjectAttributes_W_Attst(pSe05xSession_t session_ctx, - uint32_t objectID, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *data, - size_t *pdataLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_ExportObject - * - * Reads a transient Secure Object from SE05X. - * - * Secure Objects can be serialized so the Secure Object can be represented as a - * byte array. The byte array contains all attributes of the Secure Object, as - * well as the value (including the secret part!) of the object. - * - * The purpose of the serialization is to be able to allow export and import of - * Secure Objects. Serialized Secure Objects can be reconstructed so they can be - * used as a (normal) Secure Object. Any operation like key or file management - * and crypto operation can only be done on a deserialized Secure Object. - * - * Users can export transient Secure Objects to a non-trusted environment (e.g., - * host controller). The object must be AESKey, DESKey, RSAKey or ECCKey. - * - * Exported credentials are always encrypted and MAC'ed. - * - * The following steps are taken: - * - * * The secure element holds a randomly generated persistent - * 256-bit AES cipher and an 128-bit AES CMAC key. Both keys do - * not require user interaction, they are internal to the SE05X . - * - * * A Secure Object that is identified for export is - * serialized. This means the key value as well as all Secure - * Object attributes are stored as byte array (see Object - * attributes for attribute details). - * - * * The serialized Secure Object is encrypted using AES CBC (no - * padding) and using the default IV. - * - * * A CMAC is applied to the serialized Secure Object + metadata - * using the AES CMAC key. - * - * * The byte array is exported. - * - * An object may only be imported into the store if the SecureObject ID and type - * are the same as the exported object. Therefore, it is not possible to import - * if the corresponding object in the applet has been deleted. - * - * NOTES: - * - * * The exported object is not deleted automatically. - * - * * The timestamp has a 100msec granularity, so it is possible to - * export multiple times with the same timestamp. The freshness - * (user input) should avoid duplicate attestation results as the - * user has to provide different freshness input. - * - * # Command to Applet - * - * @rst - * +-------+------------+--------------------------------------------+ - * | Field | Value | Description | - * +=======+============+============================================+ - * | CLA | 0x80 | | - * +-------+------------+--------------------------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t`. | - * +-------+------------+--------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+--------------------------------------------+ - * | P2 | P2_EXPORT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+--------------------------------------------+ - * | Lc | #(Payload) | Payload Length. | - * +-------+------------+--------------------------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier | - * +-------+------------+--------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSAKeyComponent_t` | - * | | | (only applies to Secure Objects of type | - * | | | RSAKey). | - * +-------+------------+--------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------------------------+ - * | Value | Description | - * +============+==============================================+ - * | TLV[TAG_1] | Byte array containing exported Secure Object | - * | | data. | - * +------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+----------------------------------------------+ - * | SW | Description | - * +=============+==============================================+ - * | SW_NO_ERROR | The file is created or updated successfully. | - * +-------------+----------------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[in] rsaKeyComp rsaKeyComp [2:kSE05x_TAG_2] - * @param[out] data [0:kSE05x_TAG_1] - * @param[in,out] pdataLen Length for data - */ -smStatus_t Se05x_API_ExportObject(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAKeyComponent_t rsaKeyComp, - uint8_t *data, - size_t *pdataLen); - -/** Se05x_API_ReadType - * - * Get the type of a Secure Object. - * - * # Command to Applet - * - * @rst - * +-------+------------+-----------------------------+ - * | Field | Value | Description | - * +=======+============+=============================+ - * | CLA | 0x80 | | - * +-------+------------+-----------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-----------------------------+ - * | P2 | P2_TYPE | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-----------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-----------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier. | - * +-------+------------+-----------------------------+ - * | Le | 0x00 | | - * +-------+------------+-----------------------------+ - * @endrst - * - - * # R-APDU Body - * - * @rst - * +------------+-----------------------------------+ - * | Value | Description | - * +============+===================================+ - * | TLV[TAG_1] | Type of the Secure Object: one of | - * | | :cpp:type:`SE05x_SecObjTyp_t` | - * +------------+-----------------------------------+ - * | TLV[TAG_2] | :cpp:type:`TransientIndicatorRef` | - * +------------+-----------------------------------+ - * @endrst - * - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param ptype The ptype - * @param pisTransient The pis transient - * @param[in] attestation_type The attestation type - * - * @return The sm status. - */ -smStatus_t Se05x_API_ReadType(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_SecureObjectType_t *ptype, - uint8_t *pisTransient, - const SE05x_AttestationType_t attestation_type); - -/** Se05x_API_ReadSize - * - * ReadSize - * - * Get the size of a Secure Object (in bytes): - * - * * For EC keys: the size of the curve is returned. - * - * * For RSA keys: the key size is returned. - * - * * For AES/DES/HMAC keys, the key size is returned. - * - * * For binary files: the file size is returned - * - * * For userIDs: nothing is returned (SW_CONDITIONS_NOT_SATISFIED). - * - * * For counters: the counter length is returned. - * - * * For PCR: the PCR length is returned. - * - * # Command to Applet - * - * @rst - * +-------+------------+-----------------------------+ - * | Field | Value | Description | - * +=======+============+=============================+ - * | CLA | 0x80 | | - * +-------+------------+-----------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-----------------------------+ - * | P2 | P2_SIZE | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-----------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-----------------------------+ - * | | TLV[TAG_1] | 4-byte object identifier. | - * +-------+------------+-----------------------------+ - * | Le | 0x00 | | - * +-------+------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------+ - * | Value | Description | - * +============+=============================+ - * | TLV[TAG_1] | Byte array containing size. | - * +------------+-----------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param psize The psize - * - * @return The sm status. - */ -smStatus_t Se05x_API_ReadSize(pSe05xSession_t session_ctx, uint32_t objectID, uint16_t *psize); - -/** Se05x_API_ReadIDList - * - * Get a list of present Secure Object identifiers. - * - * The offset in TAG_1 is an 0-based offset in the list of object. As the user - * does not know how many objects would be returned, the offset needs to be based - * on the return values from the previous ReadIDList. If the applet only returns - * a part of the result, it will indicate that more identifiers are available (by - * setting TLV[TAG_1] in the response to 0x01). The user can then retrieve the - * next chunk of identifiers by calling ReadIDList with an offset that equals the - * amount of identifiers listed in the previous response. - * - * _Example 1:_ first ReadIDList command TAG_1=0, response TAG_1=0, - * TAG_2=complete list - * - * _Example 2:_ first ReadIDList command TAG_1=0, response TAG_1=1, TAG_2=first - * chunk (m entries) second ReadIDList command TAG_1=m, response TAG_1=1, - * TAG_2=second chunk (n entries) thirst ReadIDList command TAG_1=(m+n), response - * TAG_1=0, TAG_2=third last chunk - * - * # Command to Applet - * - * @rst - * +-------+------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+============+===============================================+ - * | CLA | 0x80 | | - * +-------+------------+-----------------------------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-----------------------------------------------+ - * | P2 | P2_LIST | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 2-byte offset | - * +-------+------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte type filter: 1 byte from | - * | | | :cpp:type:`SE05x_SecObjTyp_t` or 0xFF for all | - * | | | types. | - * +-------+------------+-----------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------------------------------------+ - * | Value | Description | - * +============+===========================================+ - * | TLV[TAG_1] | 1-byte :cpp:type:`MoreIndicatorRef` | - * +------------+-------------------------------------------+ - * | TLV[TAG_2] | Byte array containing 4-byte identifiers. | - * +------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] outputOffset output offset [1:kSE05x_TAG_1] - * @param[in] filter filter [2:kSE05x_TAG_2] - * @param[out] pmore If more ids are present [0:kSE05x_TAG_1] - * @param[out] idlist Byte array containing 4-byte identifiers [1:kSE05x_TAG_2] - * @param[in,out] pidlistLen Length for idlist - */ -smStatus_t Se05x_API_ReadIDList(pSe05xSession_t session_ctx, - uint16_t outputOffset, - uint8_t filter, - uint8_t *pmore, - uint8_t *idlist, - size_t *pidlistLen); - -/** Se05x_API_CheckObjectExists - * - * - * Check if a Secure Object with a certain identifier exists or not. - * - * # Command to Applet - * - * @rst - * +-------+------------+-------------------------------------------+ - * | Field | Value | Description | - * +=======+============+===========================================+ - * | CLA | 0x80 | | - * +-------+------------+-------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-------------------------------------------+ - * | P2 | P2_EXIST | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-------------------------------------------+ - * | | TLV[TAG_1] | 4-byte existing Secure Object identifier. | - * +-------+------------+-------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------------+ - * | Value | Description | - * +============+===================================+ - * | TLV[TAG_1] | 1-byte :cpp:type:`SE05x_Result_t` | - * +------------+-----------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[out] presult [0:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_CheckObjectExists(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_Result_t *presult); - -/** Se05x_API_DeleteSecureObject - * - * Deletes a Secure Object. - * - * If the object origin = ORIGIN_PROVISIONED, an error will be returned and the - * object is not deleted. - * - * - * # Command to Applet - * - * @rst - * +-------+------------------+-------------------------------------------+ - * | Field | Value | Description | - * +=======+==================+===========================================+ - * | CLA | 0x80 | | - * +-------+------------------+-------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------------+-------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------+-------------------------------------------+ - * | P2 | P2_DELETE_OBJECT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------+-------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------------+-------------------------------------------+ - * | | TLV[TAG_1] | 4-byte existing Secure Object identifier. | - * +-------+------------------+-------------------------------------------+ - * | Le | - | | - * +-------+------------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+----------------------------------------------+ - * | SW | Description | - * +=============+==============================================+ - * | SW_NO_ERROR | The file is created or updated successfully. | - * +-------------+----------------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_DeleteSecureObject(pSe05xSession_t session_ctx, uint32_t objectID); - -/** Se05x_API_CreateECCurve - * - * Create an EC curve listed in ECCurve. - * - * - * # Command to Applet - * - * @rst - * +-------+------------+-------------------------------+ - * | Field | Value | Description | - * +=======+============+===============================+ - * | CLA | 0x80 | | - * +-------+------------+-------------------------------+ - * | INS | INS_WRITE | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-------------------------------+ - * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-------------------------------+ - * | P2 | P2_CREATE | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-------------------------------+ - * | | TLV[TAG_1] | 1-byte curve identifier (from | - * | | | :cpp:type:`SE05x_ECCurve_t`). | - * +-------+------------+-------------------------------+ - * | Le | | | - * +-------+------------+-------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] curveID curve id [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_CreateECCurve(pSe05xSession_t session_ctx, SE05x_ECCurve_t curveID); - -/** Se05x_API_SetECCurveParam - * - * Set a curve parameter. The curve must have been created first by - * CreateEcCurve. - * - * All parameters must match the expected value for the listed curves. If the - * curve parameters are not correct, the curve cannot be used. - * - * Users have to set all 5 curve parameters for the curve to be usable. Once all - * curve parameters are given, the secure element will check if all parameters - * are correct and return SW_NO_ERROR.. - * - * # Command to Applet - * - * @rst - * +-------+------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+============+==============================================+ - * | CLA | 0x80 | | - * +-------+------------+----------------------------------------------+ - * | INS | INS_WRITE | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+----------------------------------------------+ - * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+----------------------------------------------+ - * | P2 | P2_PARAM | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_1] | 1-byte curve identifier, from | - * | | | :cpp:type:`SE05x_ECCurve_t` | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_ECCurveParam_t` | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_3] | Bytestring containing curve parameter value. | - * +-------+------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] curveID curve id [1:kSE05x_TAG_1] - * @param[in] ecCurveParam ecCurveParam [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - */ -smStatus_t Se05x_API_SetECCurveParam(pSe05xSession_t session_ctx, - SE05x_ECCurve_t curveID, - SE05x_ECCurveParam_t ecCurveParam, - const uint8_t *inputData, - size_t inputDataLen); - -/** Se05x_API_GetECCurveId - * - * Get the curve associated with an EC key. - * - * - * # Command to Applet - * - * @rst - * +---------+------------+-----------------------------+ - * | Field | Value | Description | - * +=========+============+=============================+ - * | CLA | 0x80 | | - * +---------+------------+-----------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | - * +---------+------------+-----------------------------+ - * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | - * +---------+------------+-----------------------------+ - * | P2 | P2_ID | See :cpp:type:`SE05x_P2_t` | - * +---------+------------+-----------------------------+ - * | Lc | #(Payload) | | - * +---------+------------+-----------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier | - * +---------+------------+-----------------------------+ - * | Le | 0x00 | | - * +---------+------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------------------------+ - * | Value | Description | - * +============+===============================+ - * | TLV[TAG_1] | 1-byte curve identifier (from | - * | | :cpp:type:`SE05x_ECCurve_t`) | - * +------------+-------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID object id [1:kSE05x_TAG_1] - * @param[out] pcurveId [0:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_GetECCurveId(pSe05xSession_t session_ctx, uint32_t objectID, uint8_t *pcurveId); - -/** Se05x_API_ReadECCurveList - * - * Get a list of (Weierstrass) EC curves that are instantiated. - * - * - * # Command to Applet - * - * @rst - * +-------+----------+-----------------------------+ - * | Field | Value | Description | - * +=======+==========+=============================+ - * | CLA | 0x80 | | - * +-------+----------+-----------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | - * +-------+----------+-----------------------------+ - * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | - * +-------+----------+-----------------------------+ - * | P2 | P2_LIST | See :cpp:type:`SE05x_P2_t` | - * +-------+----------+-----------------------------+ - * | Le | 0x00 | | - * +-------+----------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_1] | Byte array listing all curve identifiers in | - * | | :cpp:type:`SE05x_ECCurve_t` (excluding UNUSED) | - * | | where the curve identifier < 0x40; for each | - * | | curve, a 1-byte :cpp:type:`SetIndicatorRef` is | - * | | returned. | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[out] curveList [0:kSE05x_TAG_1] - * @param[in,out] pcurveListLen Length for curveList - */ -smStatus_t Se05x_API_ReadECCurveList(pSe05xSession_t session_ctx, uint8_t *curveList, size_t *pcurveListLen); - -/** Se05x_API_DeleteECCurve - * - * Deletes an EC curve. - * - * # Command to Applet - * - * @rst - * +-------+------------------+-------------------------------+ - * | Field | Value | Description | - * +=======+==================+===============================+ - * | CLA | 0x80 | | - * +-------+------------------+-------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------------+-------------------------------+ - * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------+-------------------------------+ - * | P2 | P2_DELETE_OBJECT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------+-------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------------+-------------------------------+ - * | | TLV[TAG_1] | 1-byte curve identifier (from | - * | | | :cpp:type:`SE05x_ECCurve_t`) | - * +-------+------------------+-------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] curveID curve id [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_DeleteECCurve(pSe05xSession_t session_ctx, SE05x_ECCurve_t curveID); - -/** Se05x_API_CreateCryptoObject - * - * Creates a Crypto Object on the SE05X . Once the Crypto Object is created, it - * is bound to the user who created the Crypto Object. - * - * A CryptoObject is a 2-byte value consisting of a CryptoContext in MSB and one - * of the following in LSB: - * - * * DigestMode in case CryptoContext = CC_DIGEST - * - * * CipherMode in case CryptoContext = CC_CIPHER - * - * * MACAlgo in case CryptoContext = CC_SIGNATURE - * - * * AEADMode in case CryptoContext = CC_AEAD - * - * # Command to Applet - * - * @rst - * +---------+---------------+-------------------------------------------+ - * | Field | Value | Description | - * +=========+===============+===========================================+ - * | CLA | 0x80 | | - * +---------+---------------+-------------------------------------------+ - * | INS | INS_WRITE | See :cpp:type:`SE05x_INS_t` | - * +---------+---------------+-------------------------------------------+ - * | P1 | P1_CRYPTO_OBJ | See :cpp:type:`SE05x_P1_t` | - * +---------+---------------+-------------------------------------------+ - * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | - * +---------+---------------+-------------------------------------------+ - * | Lc | #(Payload) | Payload length | - * +---------+---------------+-------------------------------------------+ - * | Payload | TLV[TAG_1] | 2-byte Crypto Object identifier | - * +---------+---------------+-------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_CryptoObject_t` | - * +---------+---------------+-------------------------------------------+ - * | | TLV[TAG_3] | 1-byte Crypto Object subtype, either from | - * | | | :cpp:type:`DigestModeRef`, CipherMode, | - * | | | MACAlgo (depending on TAG_2) or AEADMode. | - * +---------+---------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+----------------------------------------------+ - * | SW | Description | - * +=============+==============================================+ - * | SW_NO_ERROR | The file is created or updated successfully. | - * +-------------+----------------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_1] - * @param[in] cryptoContext cryptoContext [2:kSE05x_TAG_2] - * - * @param[in] subtype 1-byte Crypto Object subtype, either from - * DigestMode, CipherMode or MACAlgo (depending on - * TAG_2). [3:kSE05x_TAG_3] - */ -smStatus_t Se05x_API_CreateCryptoObject(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - SE05x_CryptoContext_t cryptoContext, - SE05x_CryptoModeSubType_t subtype); - -/** Se05x_API_ReadCryptoObjectList - * - * Get the list of allocated Crypto Objects indicating the identifier, the - * CryptoContext and the sub type of the CryptoContext. - * - * # Command to Applet - * - * @rst - * +-------+---------------+-----------------------------+ - * | Field | Value | Description | - * +=======+===============+=============================+ - * | CLA | 0x80 | | - * +-------+---------------+-----------------------------+ - * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | - * +-------+---------------+-----------------------------+ - * | P1 | P1_CRYPTO_OBJ | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------+-----------------------------+ - * | P2 | P2_LIST | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------+-----------------------------+ - * | Le | 0x00 | | - * +-------+---------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------------------------+ - * | Value | Description | - * +============+===============================================+ - * | TLV[TAG_1] | Byte array containing a list of 2-byte Crypto | - * | | Object identifiers, followed by 1-byte | - * | | CryptoContext and 1-byte subtype for each | - * | | Crypto Object (so 4 bytes for each Crypto | - * | | Object). | - * +------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[out] idlist If more ids are present [0:kSE05x_TAG_1] - * @param[in,out] pidlistLen Length for idlist - */ -smStatus_t Se05x_API_ReadCryptoObjectList(pSe05xSession_t session_ctx, uint8_t *idlist, size_t *pidlistLen); - -/** Se05x_API_DeleteCryptoObject - * - * Deletes a Crypto Object on the SE05X . - * - * Note: when a Crypto Object is deleted, the memory (as mentioned in ) is de- - * allocated, but the transient memory is only freed when de-selecting the - * applet! - * - * # Command to Applet - * - * @rst - * +---------+------------------+---------------------------------+ - * | Field | Value | Description | - * +=========+==================+=================================+ - * | CLA | 0x80 | | - * +---------+------------------+---------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +---------+------------------+---------------------------------+ - * | P1 | P1_CRYPTO_OBJ | See :cpp:type:`SE05x_P1_t` | - * +---------+------------------+---------------------------------+ - * | P2 | P2_DELETE_OBJECT | See :cpp:type:`SE05x_P2_t` | - * +---------+------------------+---------------------------------+ - * | Lc | #(Payload) | Payload length | - * +---------+------------------+---------------------------------+ - * | Payload | TLV[TAG_1] | 2-byte Crypto Object identifier | - * +---------+------------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+----------------------------------------------+ - * | SW | Description | - * +=============+==============================================+ - * | SW_NO_ERROR | The file is created or updated successfully. | - * +-------------+----------------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_DeleteCryptoObject(pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID); - -/** Se05x_API_ECDSASign - * - * The ECDSASign command signs external data using the indicated key pair or - * private key. - * - * The ECSignatureAlgo indicates the ECDSA algorithm that is used, but the - * hashing of data always must be done on the host. E.g., if ECSignatureAlgo = - * SIG_ ECDSA_SHA256, the user must have applied SHA256 on the input data - * already. - * - * The user must take care of providing the correct input length; i.e., the data - * input length (TLV[TAG_3]) must match the digest indicated in the signature - * algorithm (TLV[TAG_2]). - * - * In any case, the APDU payload must be smaller than MAX_APDU_PAYLOAD_LENGTH. - * - * This is performed according to the ECDSA algorithm as specified in [ANSI - * X9.62]. The signature (a sequence of two integers 'r' and 's') as - * returned in the response adheres to the ASN.1 DER encoded formatting rules for - * integers. - * - * # Command to Applet - * - * @rst - * +-------+--------------+---------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+=============================================+ - * | CLA | 0x80 | | - * +-------+--------------+---------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+---------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+---------------------------------------------+ - * | P2 | P2_SIGN | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+---------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+---------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of EC key pair or private | - * | | | key. | - * +-------+--------------+---------------------------------------------+ - * | | TLV[TAG_2] | 1-byte ECSignatureAlgo. | - * +-------+--------------+---------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing input data. | - * +-------+--------------+---------------------------------------------+ - * | Le | 0x00 | Expecting ASN.1 signature | - * +-------+--------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------------+ - * | Value | Description | - * +============+==================================+ - * | TLV[TAG_1] | ECDSA Signature in ASN.1 format. | - * +------------+----------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] ecSignAlgo ecSignAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] signature [0:kSE05x_TAG_1] - * @param[in,out] psignatureLen Length for signature - */ -smStatus_t Se05x_API_ECDSASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_ECSignatureAlgo_t ecSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_EdDSASign - * - * The EdDSASign command signs external data using the indicated key pair or - * private key (using a Twisted Edwards curve). This is performed according to - * the EdDSA algorithm as specified in [RFC8032]. - * - * The input data need to be the plain data (not hashed). - * - * The signature as returned in the response is a 64-byte array, being the - * concatenation of the signature r and s component (without leading zeroes for - * sign indication). - * - * # Command to Applet - * - * @rst - * +-------+--------------+---------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+=============================================+ - * | CLA | 0x80 | | - * +-------+--------------+---------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+---------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+---------------------------------------------+ - * | P2 | P2_SIGN | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+---------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+---------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of EC key pair or private | - * | | | key. | - * +-------+--------------+---------------------------------------------+ - * | | TLV[TAG_2] | 1-byte EDSignatureAlgo | - * +-------+--------------+---------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing plain input data. | - * +-------+--------------+---------------------------------------------+ - * | Le | 0x00 | Expecting signature | - * +-------+--------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------+ - * | Value | Description | - * +============+==========================================+ - * | TLV[TAG_1] | EdDSA Signature (r concatenated with s). | - * +------------+------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] edSignAlgo edSignAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] signature [0:kSE05x_TAG_1] - * @param[in,out] psignatureLen Length for signature - */ -smStatus_t Se05x_API_EdDSASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_EDSignatureAlgo_t edSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_ECDAASign - * - * The ECDAASign command signs external data using the indicated key pair or - * private key. This is performed according to ECDAA. The generated signature is: - * - * * r = random mod n - * - * * s = (r + T.ds) mod n where d is the private key - * - * The ECDAASignatureAlgo indicates the applied algorithm. - * - * This APDU command should be used with a key identifier linked to - * TPM_ECC_BN_P256 curve. - * - * _Note:_ The applet allows the random input to be 32 bytes of zeroes; the user - * must take care that this is not considered as valid input. Only input in the - * interval [1, n-1] must be considered as valid. - * - * # Command to Applet - * - * @rst - * +-------+--------------+------------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+================================================+ - * | CLA | 0x80 | | - * +-------+--------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+------------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+------------------------------------------------+ - * | P2 | P2_SIGN | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+------------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of EC key pair or private | - * | | | key. | - * +-------+--------------+------------------------------------------------+ - * | | TLV[TAG_2] | 1-byte ECDAASignatureAlgo | - * +-------+--------------+------------------------------------------------+ - * | | TLV[TAG_3] | T = 32-byte array containing hashed input | - * | | | data. | - * +-------+--------------+------------------------------------------------+ - * | | TLV[TAG_4] | r = 32-byte array containing random data, must | - * | | | be in the interval [1, n-1] where n is the | - * | | | order of the curve. | - * +-------+--------------+------------------------------------------------+ - * | Le | 0x00 | Expecting signature | - * +-------+--------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------+ - * | Value | Description | - * +============+==========================================+ - * | TLV[TAG_1] | ECDSA Signature (r concatenated with s). | - * +------------+------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] ecdaaSignAlgo ecdaaSignAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[in] randomData randomData [4:kSE05x_TAG_4] - * @param[in] randomDataLen Length of randomData - * @param[out] signature [0:kSE05x_TAG_1] - * @param[in,out] psignatureLen Length for signature - */ -smStatus_t Se05x_API_ECDAASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_ECDAASignatureAlgo_t ecdaaSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *randomData, - size_t randomDataLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_ECDSAVerify - * - * The ECDSAVerify command verifies whether the signature is correct for a given - * (hashed) data input using an EC public key or EC key pair's public key. - * - * The ECSignatureAlgo indicates the ECDSA algorithm that is used, but the - * hashing of data must always be done on the host. E.g., if ECSignatureAlgo = - * SIG_ ECDSA_SHA256, the user must have applied SHA256 on the input data - * already. - * - * The key cannot be passed externally to the command directly. In case users - * want to use the command to verify signatures using different public keys or - * the public key value regularly changes, the user should create a transient key - * object to which the key value is written and then the identifier of that - * transient secure object can be used by this ECDSAVerify command. - * - * # Command to Applet - * - * @rst - * +-------+--------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+===============================================+ - * | CLA | 0x80 | | - * +-------+--------------+-----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+-----------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+-----------------------------------------------+ - * | P2 | P2_VERIFY | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+-----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of the key pair or public | - * | | | key. | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte ECSignatureAlgo. | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing ASN.1 signature | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_5] | Byte array containing hashed data to compare. | - * +-------+--------------+-----------------------------------------------+ - * | Le | 0x03 | Expecting TLV with :cpp:type:`SE05x_Result_t` | - * +-------+--------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------+ - * | Value | Description | - * +============+======================================+ - * | TLV[TAG_1] | Result of the signature verification | - * | | (:cpp:type:`SE05x_Result_t`). | - * +------------+--------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-----------------------------+--------------------------------------+ - * | SW | Description | - * +=============================+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-----------------------------+--------------------------------------+ - * | SW_CONDITIONS_NOT_SATISFIED | Incorrect data | - * +-----------------------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] ecSignAlgo ecSignAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[in] signature signature [4:kSE05x_TAG_5] - * @param[in] signatureLen Length of signature - * @param[out] presult [0:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_ECDSAVerify(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_ECSignatureAlgo_t ecSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *signature, - size_t signatureLen, - SE05x_Result_t *presult); - -/** Se05x_API_EdDSAVerify - * - * The EdDSAVerify command verifies whether the signature is correct for a given - * data input (hashed using SHA512) using an EC public key or EC key pair's - * public key. The signature needs to be given as concatenation of r and s. - * - * The data needs to be compared with the plain message without being hashed. - * - * _Note_ : See chapter 7 for correct byte order as both r and s need to be byte - * swapped. - * - * This is performed according to the EdDSA algorithm as specified in [RFC8032]. - * - * The key cannot be passed externally to the command directly. In case users - * want to use the command to verify signatures using different public keys or - * the public key value regularly changes, the user should create a transient key - * object to which the key value is written and then the identifier of that - * transient secure object can be used by this EdDSAVerify command. - * - * # Command to Applet - * - * @rst - * +-------+--------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+===============================================+ - * | CLA | 0x80 | | - * +-------+--------------+-----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+-----------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+-----------------------------------------------+ - * | P2 | P2_VERIFY | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+-----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of the key pair or public | - * | | | key. | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`EDSignatureAlgoRef`. | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_3] | 64-byte array containing the signature | - * | | | (concatenation of r and s). | - * +-------+--------------+-----------------------------------------------+ - * | | TLV[TAG_5] | Byte array containing plain data to compare. | - * +-------+--------------+-----------------------------------------------+ - * | Le | 0x03 | Expecting TLV with :cpp:type:`SE05x_Result_t` | - * +-------+--------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------+ - * | Value | Description | - * +============+======================================+ - * | TLV[TAG_1] | Result of the signature verification | - * | | (:cpp:type:`SE05x_Result_t`). | - * +------------+--------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-----------------------------+--------------------------------------+ - * | SW | Description | - * +=============================+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-----------------------------+--------------------------------------+ - * | SW_CONDITIONS_NOT_SATISFIED | Incorrect data | - * +-----------------------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] edSignAlgo edSignAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[in] signature signature [4:kSE05x_TAG_5] - * @param[in] signatureLen Length of signature - * @param[out] presult [0:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_EdDSAVerify(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_EDSignatureAlgo_t edSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *signature, - size_t signatureLen, - SE05x_Result_t *presult); - -/** Se05x_API_ECDHGenerateSharedSecret - * - * The ECDHGenerateSharedSecret command generates a shared secret ECC point on - * the curve using an EC private key on SE05X and an external public key provided - * by the caller. The output shared secret is returned to the caller. - * - * All curves from ECCurve are supported, except ECC_ED_25519. - * - * Note that ECDHGenerateSharedSecret commands with EC keys using curve - * ID_ECC_MONT_DH_25519 or ID_ECC_MONT_DH_448 cause NVM write operations for each - * call. This is not the case for the other curves. - * - * When CONFIG_FIPS_MODE_DISABLED is not set, this function will always return - * SW_CONDTIONS_NOT_SATISFIED. - * - * The shared secret can only be received when the Secure Object containing the - * key pair or private key (TLV[TAG_1]) does not contain the policy - * POLICY_OBJ_FORBID_DERIVED_OUTPUT. If that is the case, the user must provide - * TLV[TAG_7} to store the shared secret in an HMACKey object. The user is - * responsible to assign the correct size of the HMACKey object: this must equal - * the size of the shared secret exactly. - * - * On applet 4.4.0, the policy POLICY_OBJ_FORBID_DERIVED_OUTPUT is not yet - * verified for this function. It will always be allowed. - * - * # Command to Applet - * - * @rst - * +------------+------------------------------+----------------------------------------------+ - * | Field | Value | Description | - * +============+==============================+==============================================+ - * | CLA | 0x80 | | - * +------------+------------------------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+------------------------------+----------------------------------------------+ - * | P1 | P1_EC | See :cpp:type:`SE05x_P1_t` | - * +------------+------------------------------+----------------------------------------------+ - * | P2 | P2_DH | See :cpp:type:`SE05x_P2_t` | - * +------------+------------------------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +------------+------------------------------+----------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the key pair or private | - * | | | key. | - * +------------+------------------------------+----------------------------------------------+ - * | TLV[TAG_2] | External public key (see | | - * | | :cpp:type:`ECKeyRef`). | | - * +------------+------------------------------+----------------------------------------------+ - * | TLV[TAG_7] | 4-byte HMACKey identifier to | | - * | | store output. [Optional] | | - * +------------+------------------------------+----------------------------------------------+ - * | Le | 0x00 | Expected shared secret length. | - * +------------+------------------------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------------------------+ - * | Value | Description | - * +============+==============================================+ - * | TLV[TAG_1] | The returned shared secret. [Conditional: | - * | | only when the input does not contain | - * | | TLV[TAG_7].} | - * +------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] pubKey pubKey [2:kSE05x_TAG_2] - * @param[in] pubKeyLen Length of pubKey - * @param[out] sharedSecret [0:kSE05x_TAG_1] - * @param[in,out] psharedSecretLen Length for sharedSecret - */ -smStatus_t Se05x_API_ECDHGenerateSharedSecret(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *pubKey, - size_t pubKeyLen, - uint8_t *sharedSecret, - size_t *psharedSecretLen); - -/** Se05x_API_RSASign - * - * The RSASign command signs the input message using an RSA private key. - * - * @rst - * +----------------------+-------+----------------------------+ - * | Name | Value | Description | - * +======================+=======+============================+ - * | RSA_SHA1_PKCS1_PSS | 0x15 | RFC8017: RSASSA-PSS | - * +----------------------+-------+----------------------------+ - * | RSA_SHA224_PKCS1_PSS | 0x2B | RFC8017: RSASSA-PSS | - * +----------------------+-------+----------------------------+ - * | RSA_SHA256_PKCS1_PSS | 0x2C | RFC8017: RSASSA-PSS | - * +----------------------+-------+----------------------------+ - * | RSA_SHA384_PKCS1_PSS | 0x2D | RFC8017: RSASSA-PSS | - * +----------------------+-------+----------------------------+ - * | RSA_SHA512_PKCS1_PSS | 0x2E | RFC8017: RSASSA-PSS | - * +----------------------+-------+----------------------------+ - * | RSA_SHA1_PKCS1 | 0x0A | RFC8017: RSASSA-PKCS1-v1_5 | - * +----------------------+-------+----------------------------+ - * | RSA_SHA_224_PKCS1 | 0x27 | RFC8017: RSASSA-PKCS1-v1_5 | - * +----------------------+-------+----------------------------+ - * | RSA_SHA_256_PKCS1 | 0x28 | RFC8017: RSASSA-PKCS1-v1_5 | - * +----------------------+-------+----------------------------+ - * | RSA_SHA_384_PKCS1 | 0x29 | RFC8017: RSASSA-PKCS1-v1_5 | - * +----------------------+-------+----------------------------+ - * | RSA_SHA_512_PKCS1 | 0x2A | RFC8017: RSASSA-PKCS1-v1_5 | - * +----------------------+-------+----------------------------+ - * @endrst - * - * # Command to Applet - * - * @rst - * +-------+--------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+==============================================+ - * | CLA | 0x80 | | - * +-------+--------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+----------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+----------------------------------------------+ - * | P2 | P2_SIGN | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of the key pair or private | - * | | | key. | - * +-------+--------------+----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSASignAlgo_t` | - * +-------+--------------+----------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing input data. | - * +-------+--------------+----------------------------------------------+ - * | Le | 0x00 | Expecting ASN.1 signature. | - * +-------+--------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------+ - * | Value | Description | - * +============+================================+ - * | TLV[TAG_1] | RSA signature in ASN.1 format. | - * +------------+--------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] rsaSigningAlgo rsaSigningAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] signature [0:kSE05x_TAG_1] - * @param[in,out] psignatureLen Length for signature - */ -smStatus_t Se05x_API_RSASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSASignatureAlgo_t rsaSigningAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *signature, - size_t *psignatureLen); - -/** Se05x_API_RSAVerify - * - * The RSAVerify command verifies the given signature and returns the result. - * - * The key cannot be passed externally to the command directly. In case users - * want to use the command to verify signatures using different public keys or - * the public key value regularly changes, the user should create a transient key - * object to which the key value is written and then the identifier of that - * transient secure object can be used by this RSAVerify command. - * - * # Command to Applet - * - * @rst - * +---------+--------------+---------------------------------------------+ - * | Field | Value | Description | - * +=========+==============+=============================================+ - * | CLA | 0x80 | | - * +---------+--------------+---------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+--------------+---------------------------------------------+ - * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | - * +---------+--------------+---------------------------------------------+ - * | P2 | P2_VERIFY | See :cpp:type:`SE05x_P2_t` | - * +---------+--------------+---------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+--------------+---------------------------------------------+ - * | Payload | | | - * +---------+--------------+---------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of the key pair or public | - * | | | key. | - * +---------+--------------+---------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSASignAlgo_t` | - * +---------+--------------+---------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing data to be verified. | - * +---------+--------------+---------------------------------------------+ - * | | TLV[TAG_5] | Byte array containing ASN.1 signature. | - * +---------+--------------+---------------------------------------------+ - * | Le | 0x03 | Expecting Result in TLV | - * +---------+--------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------+ - * | Value | Description | - * +============+==========================================+ - * | TLV[TAG_1] | :cpp:type:`SE05x_Result_t`: Verification | - * | | result | - * +------------+------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] rsaSigningAlgo rsaSigningAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[in] signature signature [4:kSE05x_TAG_5] - * @param[in] signatureLen Length of signature - * @param[out] presult [0:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_RSAVerify(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSASignatureAlgo_t rsaSigningAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *signature, - size_t signatureLen, - SE05x_Result_t *presult); - -/** Se05x_API_RSAEncrypt - * - * The RSAEncrypt command encrypts data. - * - * # Command to Applet - * - * @rst - * +---------+--------------------+----------------------------------------------+ - * | Field | Value | Description | - * +=========+====================+==============================================+ - * | CLA | 0x80 | | - * +---------+--------------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+--------------------+----------------------------------------------+ - * | P1 | P1_RSA | See :cpp:type:`SE05x_P1_t` | - * +---------+--------------------+----------------------------------------------+ - * | P2 | P2_ENCRYPT_ONESHOT | See :cpp:type:`SE05x_P2_t` | - * +---------+--------------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+--------------------+----------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the key pair or public | - * | | | key. | - * +---------+--------------------+----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSAEncryptionAlgo_t` | - * +---------+--------------------+----------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing data to be encrypted. | - * +---------+--------------------+----------------------------------------------+ - * | Le | 0x00 | Expected TLV with encrypted data. | - * +---------+--------------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------+ - * | Value | Description | - * +============+================+ - * | TLV[TAG_1] | Encrypted data | - * +------------+----------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] rsaEncryptionAlgo rsaEncryptionAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] encryptedData [0:kSE05x_TAG_1] - * @param[in,out] pencryptedDataLen Length for encryptedData - */ -smStatus_t Se05x_API_RSAEncrypt(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *encryptedData, - size_t *pencryptedDataLen); - -/** Se05x_API_RSADecrypt - * - * The RSADecrypt command decrypts data. - * - * - * # Command to Applet - * - * @rst - * +---------+--------------------+----------------------------------------------+ - * | Field | Value | Description | - * +=========+====================+==============================================+ - * | CLA | 0x80 | | - * +---------+--------------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+--------------------+----------------------------------------------+ - * | P1 | P1_RSA | See :cpp:type:`SE05x_P1_t` | - * +---------+--------------------+----------------------------------------------+ - * | P2 | P2_DECRYPT_ONESHOT | See :cpp:type:`SE05x_P2_t` | - * +---------+--------------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+--------------------+----------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the key pair or private | - * | | | key. | - * +---------+--------------------+----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSAEncryptionAlgo_t` | - * +---------+--------------------+----------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing data to be decrypted. | - * +---------+--------------------+----------------------------------------------+ - * | Le | 0x00 | Expected TLV with decrypted data. | - * +---------+--------------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------+ - * | Value | Description | - * +============+================+ - * | TLV[TAG_1] | Encrypted data | - * +------------+----------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] rsaEncryptionAlgo rsaEncryptionAlgo [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] decryptedData [0:kSE05x_TAG_1] - * @param[in,out] pdecryptedDataLen Length for decryptedData - */ -smStatus_t Se05x_API_RSADecrypt(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *decryptedData, - size_t *pdecryptedDataLen); - -/** Se05x_API_CipherInit - * - * Initialize a symmetric encryption or decryption. The Crypto Object keeps the - * state of the cipher operation until it's finalized or deleted. Once the - * CipherFinal function is executed successfully, the Crypto Object state returns - * to the state immediately after the previous CipherInit function. - * - * # Command to Applet - * - * @rst - * +---------+--------------------------+--------------------------------------------+ - * | Field | Value | Description | - * +=========+==========================+============================================+ - * | CLA | 0x80 | | - * +---------+--------------------------+--------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+--------------------------+--------------------------------------------+ - * | P1 | P1_CIPHER | See :cpp:type:`SE05x_P1_t` | - * +---------+--------------------------+--------------------------------------------+ - * | P2 | P2_ENCRYPT or P2_DECRYPT | See :cpp:type:`SE05x_P2_t` | - * +---------+--------------------------+--------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+--------------------------+--------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the key object. | - * +---------+--------------------------+--------------------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +---------+--------------------------+--------------------------------------------+ - * | | TLV[TAG_4] | Initialization Vector [Optional] | - * | | | [Conditional: only when the Crypto Object | - * | | | type equals CC_CIPHER and subtype is not | - * | | | including ECB] | - * +---------+--------------------------+--------------------------------------------+ - * | Le | - | | - * +---------+--------------------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] cryptoObjectID cryptoObjectID [2:kSE05x_TAG_2] - * @param[in] IV IV [3:kSE05x_TAG_4] - * @param[in] IVLen Length of IV - * @param[in] operation See @ref SE05x_Cipher_Oper_t - */ -smStatus_t Se05x_API_CipherInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *IV, - size_t IVLen, - const SE05x_Cipher_Oper_t operation); - -/** Se05x_API_CipherUpdate - * - * Update a cipher context. - * - * - * # Command to Applet - * - * @rst - * +------------+----------------------------------+---------------------------------+ - * | Field | Value | Description | - * +============+==================================+=================================+ - * | CLA | 0x80 | | - * +------------+----------------------------------+---------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+----------------------------------+---------------------------------+ - * | P1 | P1_CIPHER | See :cpp:type:`SE05x_P1_t` | - * +------------+----------------------------------+---------------------------------+ - * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | - * +------------+----------------------------------+---------------------------------+ - * | Lc | #(Payload) | | - * +------------+----------------------------------+---------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+----------------------------------+---------------------------------+ - * | TLV[TAG_3] | Byte array containing input data | | - * +------------+----------------------------------+---------------------------------+ - * | Le | 0x00 | Expecting returned data. | - * +------------+----------------------------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------+ - * | Value | Description | - * +============+=============+ - * | TLV[TAG_1] | Output data | - * +------------+-------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] - * @param[in] inputData inputData [2:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] outputData [0:kSE05x_TAG_1] - * @param[in,out] poutputDataLen Length for outputData - */ -smStatus_t Se05x_API_CipherUpdate(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen); - -/** Se05x_API_CipherFinal - * - * Finish a sequence of cipher operations. - * - * # Command to Applet - * - * @rst - * +------------+------------+---------------------------------+ - * | Field | Value | Description | - * +============+============+=================================+ - * | CLA | 0x80 | | - * +------------+------------+---------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+------------+---------------------------------+ - * | P1 | P1_CIPHER | See :cpp:type:`SE05x_P1_t` | - * +------------+------------+---------------------------------+ - * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | - * +------------+------------+---------------------------------+ - * | Lc | #(Payload) | | - * +------------+------------+---------------------------------+ - * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +------------+------------+---------------------------------+ - * | TLV[TAG_3] | Input data | | - * +------------+------------+---------------------------------+ - * | Le | 0x00 | Expected returned data. | - * +------------+------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------+ - * | Value | Description | - * +============+=============+ - * | TLV[TAG_1] | Output data | - * +------------+-------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] - * @param[in] inputData inputData [2:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] outputData [0:kSE05x_TAG_1] - * @param[in,out] poutputDataLen Length for outputData - */ -smStatus_t Se05x_API_CipherFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen); - -/** - * @brief Se05x_API_CipherOneShot - * - * Encrypt or decrypt data in one shot mode. - * - * The key object must be either an AES key or DES key. - * - * # Command to Applet - * - * @rst - * +---------+-----------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=========+=======================+================================================+ - * | CLA | 0x80 | | - * +---------+-----------------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+-----------------------+------------------------------------------------+ - * | P1 | P1_CIPHER | See :cpp:type:`SE05x_P1_t` | - * +---------+-----------------------+------------------------------------------------+ - * | P2 | P2_ENCRYPT_ONESHOT or | See :cpp:type:`SE05x_P2_t` | - * | | P2_DECRYPT_ONESHOT | | - * +---------+-----------------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+-----------------------+------------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the key object. | - * +---------+-----------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 1-byte CipherMode | - * +---------+-----------------------+------------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing input data. | - * +---------+-----------------------+------------------------------------------------+ - * | | TLV[TAG_4] | Byte array containing an initialization | - * | | | vector. [Optional] [Conditional: only when | - * | | | the Crypto Object type equals CC_CIPHER and | - * | | | subtype is not including ECB] | - * +---------+-----------------------+------------------------------------------------+ - * | Le | 0x00 | Expecting return data. | - * +---------+-----------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------+ - * | Value | Description | - * +============+=============+ - * | TLV[TAG_1] | Output data | - * +------------+-------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] cipherMode The cipher mode - * @param[in] inputData The input data - * @param[in] inputDataLen The input data length - * @param[in] IV Initial vector - * @param[in] IVLen The iv length - * @param outputData The output data - * @param poutputDataLen The poutput data length - * @param[in] operation The operation - * - * @return The sm status. - */ -smStatus_t Se05x_API_CipherOneShot(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CipherMode_t cipherMode, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *IV, - size_t IVLen, - uint8_t *outputData, - size_t *poutputDataLen, - const SE05x_Cipher_Oper_OneShot_t operation); - -/** Se05x_API_MACInit - * - * Initiate a MAC operation. The state of the MAC operation is kept in the Crypto - * Object until it's finalized or deleted. - * - * The 4-byte identifier of the key must refer to an AESKey, DESKey or HMACKey. - * - * - * # Command to Applet - * - * @rst - * +---------+----------------------------+-----------------------------------+ - * | Field | Value | Description | - * +=========+============================+===================================+ - * | CLA | 0x80 | | - * +---------+----------------------------+-----------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+----------------------------+-----------------------------------+ - * | P1 | P1_MAC | See :cpp:type:`SE05x_P1_t` | - * +---------+----------------------------+-----------------------------------+ - * | P2 | P2_GENERATE or P2_VALIDATE | See :cpp:type:`SE05x_P2_t` | - * +---------+----------------------------+-----------------------------------+ - * | Lc | #(Payload) | | - * +---------+----------------------------+-----------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the MAC key. | - * +---------+----------------------------+-----------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +---------+----------------------------+-----------------------------------+ - * | Le | 0x00 | | - * +---------+----------------------------+-----------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] cryptoObjectID cryptoObjectID [2:kSE05x_TAG_2] - * @param[in] mac_oper The Operation - */ -smStatus_t Se05x_API_MACInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CryptoObjectID_t cryptoObjectID, - const SE05x_Mac_Oper_t mac_oper); - -/** Se05x_API_MACUpdate - * - * Update MAC - * - * # Command to Applet - * - * @rst - * +---------+------------+-------------------------------------------+ - * | Field | Value | Description | - * +=========+============+===========================================+ - * | CLA | 0x80 | | - * +---------+------------+-------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+------------+-------------------------------------------+ - * | P1 | P1_MAC | See :cpp:type:`SE05x_P1_t` | - * +---------+------------+-------------------------------------------+ - * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | - * +---------+------------+-------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+------------+-------------------------------------------+ - * | Payload | TLV[TAG_1] | Byte array containing data to be taken as | - * | | | input to MAC. | - * +---------+------------+-------------------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +---------+------------+-------------------------------------------+ - * | Le | - | | - * +---------+------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] inputData inputData [1:kSE05x_TAG_1] - * @param[in] inputDataLen Length of inputData - * @param[in] cryptoObjectID cryptoObjectID [2:kSE05x_TAG_2] - */ -smStatus_t Se05x_API_MACUpdate( - pSe05xSession_t session_ctx, const uint8_t *inputData, size_t inputDataLen, SE05x_CryptoObjectID_t cryptoObjectID); - -/** Se05x_API_MACFinal - * - * # Command to Applet - * - * @rst - * +---------+------------+--------------------------------------------+ - * | Field | Value | Description | - * +=========+============+============================================+ - * | CLA | 0x80 | | - * +---------+------------+--------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+------------+--------------------------------------------+ - * | P1 | P1_MAC | See :cpp:type:`SE05x_P1_t` | - * +---------+------------+--------------------------------------------+ - * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | - * +---------+------------+--------------------------------------------+ - * | Payload | TLV[TAG_1] | Byte array containing data to be taken as | - * | | | input to MAC. | - * +---------+------------+--------------------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +---------+------------+--------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing MAC to validate. | - * | | | [Conditional: only applicable the crypto | - * | | | object is set for validating (MACInit P2 = | - * | | | P2_VALIDATE)] | - * +---------+------------+--------------------------------------------+ - * | Le | 0x00 | Expecting MAC or result. | - * +---------+------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------------------------+ - * | Value | Description | - * +============+===============================================+ - * | TLV[TAG_1] | MAC value (when MACInit had P2 = P2_GENERATE) | - * | | or :cpp:type:`SE05x_Result_t` (when MACInit | - * | | had P2 = P2_VERIFY). | - * +------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] inputData inputData [1:kSE05x_TAG_1] - * @param[in] inputDataLen Length of inputData - * @param[in] cryptoObjectID cryptoObjectID [2:kSE05x_TAG_2] - * @param[in] macValidateData macValidateData [3:kSE05x_TAG_3] - * @param[in] macValidateDataLen Length of macValidateData - * @param[out] macValue [0:kSE05x_TAG_1] - * @param[in,out] pmacValueLen Length for macValue - */ -smStatus_t Se05x_API_MACFinal(pSe05xSession_t session_ctx, - const uint8_t *inputData, - size_t inputDataLen, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *macValidateData, - size_t macValidateDataLen, - uint8_t *macValue, - size_t *pmacValueLen); - -/** Se05x_API_MACOneShot_G - * - * Generate. See @ref Se05x_API_MACOneShot_V for Verfiication. - * - * Performs a MAC operation in one shot (without keeping state). - * - * The 4-byte identifier of the key must refer to an AESKey, DESKey or HMACKey. - * - * # Command to Applet - * - * @rst - * +---------+------------------------+---------------------------------------------+ - * | Field | Value | Description | - * +=========+========================+=============================================+ - * | CLA | 0x80 | | - * +---------+------------------------+---------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +---------+------------------------+---------------------------------------------+ - * | P1 | P1_MAC | See :cpp:type:`SE05x_P1_t` | - * +---------+------------------------+---------------------------------------------+ - * | P2 | P2_GENERATE_ONESHOT or | See :cpp:type:`SE05x_P2_t` | - * | | P2_VALIDATE_ONESHOT | | - * +---------+------------------------+---------------------------------------------+ - * | Lc | #(Payload) | | - * +---------+------------------------+---------------------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte identifier of the key object. | - * +---------+------------------------+---------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`MACAlgoRef` | - * +---------+------------------------+---------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing data to be taken as | - * | | | input to MAC. | - * +---------+------------------------+---------------------------------------------+ - * | | TLV[TAG_5] | MAC to verify (when P2=P2_VALIDATE_ONESHOT) | - * +---------+------------------------+---------------------------------------------+ - * | Le | 0x00 | Expecting MAC or Result. | - * +---------+------------------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+---------------------------------------+ - * | Value | Description | - * +============+=======================================+ - * | TLV[TAG_1] | MAC value (P2=P2_GENERATE_ONESHOT) or | - * | | :cpp:type:`SE05x_Result_t` (when | - * | | p2=P2_VALIDATE_ONESHOT). | - * +------------+---------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] macOperation macOperation [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] macValue [0:kSE05x_TAG_1] - * @param[in,out] pmacValueLen Length for macValue - */ -smStatus_t Se05x_API_MACOneShot_G(pSe05xSession_t session_ctx, - uint32_t objectID, - uint8_t macOperation, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *macValue, - size_t *pmacValueLen); - -/** Se05x_API_MACOneShot_V - * - * Validate. See @ref Se05x_API_MACOneShot_G for Generation. - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] macOperation macOperation [2:kSE05x_TAG_2] - * @param[in] inputData inputData [3:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[in] MAC MAC to verify (when P2=P2_VALIDATE_ONESHOT) [4:kSE05x_TAG_5] - * @param[in] MACLen Length of MAC - * @param[out] macValue [0:kSE05x_TAG_1] - * @param[in,out] pmacValueLen Length for macValue - */ -smStatus_t Se05x_API_MACOneShot_V(pSe05xSession_t session_ctx, - uint32_t objectID, - uint8_t macOperation, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *MAC, - size_t MACLen, - uint8_t *macValue, - size_t *pmacValueLen); - -/** Se05x_API_HKDF - * - * Note that this KDF is equal to the KDF in Feedback Mode described in [NIST - * SP800-108] with the PRF being HMAC with SHA256 and with an 8-bit counter at - * the end of the iteration variable. - * - * The full HKDF algorithm is executed, i.e. Extract-And-Expand. - * - * The caller must provide a salt length (0 up to 64 bytes). If salt length - * equals 0 or salt is not provided as input, the default salt will be used. - * - * The output of the HKDF functions can be either: - * - * * send back to the caller => _precondition_ : none of the input Secure Objects -if present- shall have a policy POLICY_OBJ_FORBID_DERIVED_OUTPUT set. - * - * * be stored in a Secure Object => _precondition_ : the Secure Object must be created upfront and the size must exactly match the expected length. - * - * - * # Command to Applet - * - * @rst - * +------------+--------------------------------+-----------------------------------+ - * | Field | Value | Description | - * +============+================================+===================================+ - * | CLA | 0x80 | | - * +------------+--------------------------------+-----------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+--------------------------------+-----------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +------------+--------------------------------+-----------------------------------+ - * | P2 | P2_HKDF | See :cpp:type:`SE05x_P2_t` | - * +------------+--------------------------------+-----------------------------------+ - * | Lc | #(Payload) | | - * +------------+--------------------------------+-----------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte HMACKey identifier (= IKM) | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_2] | 1-byte DigestMode (except | | - * | | DIGEST_NO_HASH) | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_3] | Byte array (0-64 bytes) | | - * | | containing salt. [Optional] | | - * | | [Conditional: only when | | - * | | TLV[TAG_6] is absent.] | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_4] | Info: The context and | | - * | | information to apply (1 to 80 | | - * | | bytes). [Optional] | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_5] | 2-byte requested length (L): 1 | | - * | | up to MAX_APDU_PAYLOAD_LENGTH | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_6] | 4-byte HMACKey identifier | | - * | | containing salt. [Optional] | | - * | | [Conditional: only when | | - * | | TLV[TAG_3] is absent] | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_7] | 4-byte HMACKey identifier to | | - * | | store output. [Optional] | | - * +------------+--------------------------------+-----------------------------------+ - * | Le | 0x00 | | - * +------------+--------------------------------+-----------------------------------+ - * @endrst - * - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------------+ - * | Value | Description | - * +============+============================================+ - * | TLV[TAG_1] | HKDF output. [Conditional: only when the | - * | | input does not contain TLV[TAG-7]] | - * +------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+------------------------------------+ - * | SW | Description | - * +=============+====================================+ - * | SW_NO_ERROR | The HKDF is executed successfully. | - * +-------------+------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] hmacID hmacID [1:kSE05x_TAG_1] - * @param[in] digestMode digestMode [2:kSE05x_TAG_2] - * @param[in] salt salt [3:kSE05x_TAG_3] - * @param[in] saltLen Length of salt - * @param[in] info info [4:kSE05x_TAG_4] - * @param[in] infoLen Length of info - * @param[in] deriveDataLen 2-byte requested length (L) [5:kSE05x_TAG_5] - * @param[out] hkdfOuput [0:kSE05x_TAG_1] - * @param[in,out] phkdfOuputLen Length for hkdfOuput - */ -smStatus_t Se05x_API_HKDF(pSe05xSession_t session_ctx, - uint32_t hmacID, - SE05x_DigestMode_t digestMode, - const uint8_t *salt, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - uint16_t deriveDataLen, - uint8_t *hkdfOuput, - size_t *phkdfOuputLen); - -/** Se05x_API_HKDF_Extended - * - * Only step 2 of the algorithm is executed, i.e. Expand only. - * - * Using an IV as input parameter results in a FIPS compliant SP800-108 KDF in - * Feedback Mode where K[0] is the provided IV. This KDF is then using a 8-bit - * counter, AFTER_FIXED counter location. - * - * # Command to Applet - * - * @rst - * +------------+--------------------------------+-----------------------------------+ - * | Field | Value | Description | - * +============+================================+===================================+ - * | CLA | 0x80 | | - * +------------+--------------------------------+-----------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +------------+--------------------------------+-----------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +------------+--------------------------------+-----------------------------------+ - * | P2 | P2_HKDF_EXPAND_ONLY | See :cpp:type:`SE05x_P2_t` | - * +------------+--------------------------------+-----------------------------------+ - * | Lc | #(Payload) | | - * +------------+--------------------------------+-----------------------------------+ - * | Payload | TLV[TAG_1] | 4-byte HMACKey identifier (= PRK) | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_2] | 1-byte DigestMode (except | | - * | | DIGEST_NO_HASH) | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_3] | Byte array (0-64 bytes) | | - * | | containing IV. [Optional] | | - * | | [Conditional: only when | | - * | | TLV[TAG_6] is absent.] | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_4] | Info: The context and | | - * | | information to apply (1 to 80 | | - * | | bytes). [Optional] | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_5] | 2-byte requested length (L): 1 | | - * | | up to MAX_APDU_PAYLOAD_LENGTH | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_6] | 4-byte HMACKey identifier | | - * | | containing IV. [Optional] | | - * | | [Conditional: only when | | - * | | TLV[TAG_3] is absent] | | - * +------------+--------------------------------+-----------------------------------+ - * | TLV[TAG_7] | 4-byte HMACKey identifier to | | - * | | store output. [Optional] | | - * +------------+--------------------------------+-----------------------------------+ - * | Le | 0x00 | | - * +------------+--------------------------------+-----------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------------+ - * | Value | Description | - * +============+============================================+ - * | TLV[TAG_1] | HKDF output. [Conditional: only when the | - * | | input does not contain TLV[TAG-7]] | - * +------------+--------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+------------------------------------+ - * | SW | Description | - * +=============+====================================+ - * | SW_NO_ERROR | The HKDF is executed successfully. | - * +-------------+------------------------------------+ - * - * - */ -smStatus_t Se05x_API_HKDF_Extended(pSe05xSession_t session_ctx, - uint32_t hmacID, - SE05x_DigestMode_t digestMode, - SE05x_HkdfMode_t hkdfMode, - const uint8_t *salt, - size_t saltLen, - uint32_t saltID, - const uint8_t *info, - size_t infoLen, - uint32_t derivedKeyID, - uint16_t deriveDataLen, - uint8_t *hkdfOuput, - size_t *phkdfOuputLen); - -/** Se05x_API_PBKDF2 - * - * Password Based Key Derivation Function 2 (PBKDF2) according [RFC8018]. - * - * The password is an input to the KDF and must be stored inside the . - * - * The output is returned to the host. - * - * - * # Command to Applet - * - * @rst - * +-------+------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+============+==============================================+ - * | CLA | 0x80 | | - * +-------+------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+------------+----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+----------------------------------------------+ - * | P2 | P2_PBKDF | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte password identifier (object type must | - * | | | be HMACKey) | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_2] | Salt (0 to 64 bytes) [Optional] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_3] | 2-byte Iteration count: 1 up to 0x7FFF. | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_4] | 2-byte Requested length: 1 up to 512 bytes. | - * +-------+------------+----------------------------------------------+ - * | Le | 0x00 | Expecting derived key material. | - * +-------+------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------------------------------+ - * | Value | Description | - * +============+=====================================+ - * | TLV[TAG_1] | Derived key material (session key). | - * +------------+-------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID 4-byte password identifier (object type must be HMACKey) [1:kSE05x_TAG_1] - * @param[in] salt salt [2:kSE05x_TAG_2] - * @param[in] saltLen Length of salt - * @param[in] count count [3:kSE05x_TAG_3] - * @param[in] requestedLen requestedLen [4:kSE05x_TAG_4] - * @param[out] derivedSessionKey [0:kSE05x_TAG_1] - * @param[in,out] pderivedSessionKeyLen Length for derivedSessionKey - */ -smStatus_t Se05x_API_PBKDF2(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *salt, - size_t saltLen, - uint16_t count, - uint16_t requestedLen, - uint8_t *derivedSessionKey, - size_t *pderivedSessionKeyLen); - -/** Se05x_API_DFDiversifyKey - * - * - * Create a Diversified Key. Input is _divInput_ 1 up to 31 bytes. - * - * Note that users need to create the diversified key object before calling this - * function. - * - * Both the master key and the diversified key need the policy - * POLICY_OBJ_ALLOW_DESFIRE_AUTHENTICATION to be set. - * - * # Command to Applet - * - * @rst - * +-------+--------------+------------------------------------------+ - * | Field | Value | Description | - * +=======+==============+==========================================+ - * | CLA | 0x80 | | - * +-------+--------------+------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+------------------------------------------+ - * | P2 | P2_DIVERSIFY | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+------------------------------------------+ - * | | TLV[TAG_1] | 4-byte master key identifier. | - * +-------+--------------+------------------------------------------+ - * | | TLV[TAG_2] | 4-byte diversified key identifier. | - * +-------+--------------+------------------------------------------+ - * | | TLV[TAG_3] | Byte array containing divInput (up to 31 | - * | | | bytes). | - * +-------+--------------+------------------------------------------+ - * | Le | | | - * +-------+--------------+------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-----------------------------+--------------------------------------+ - * | SW | Description | - * +=============================+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-----------------------------+--------------------------------------+ - * | SW_CONDITIONS_NOT_SATISFIED | No master key found. | - * +-----------------------------+--------------------------------------+ - * | | Wrong length for divInput. | - * +-----------------------------+--------------------------------------+ - * @endrst - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] masterKeyID masterKeyID [1:kSE05x_TAG_1] - * @param[in] diversifiedKeyID diversifiedKeyID [2:kSE05x_TAG_2] - * @param[in] divInputData divInputData [3:kSE05x_TAG_3] - * @param[in] divInputDataLen Length of divInputData - */ -smStatus_t Se05x_API_DFDiversifyKey(pSe05xSession_t session_ctx, - uint32_t masterKeyID, - uint32_t diversifiedKeyID, - const uint8_t *divInputData, - size_t divInputDataLen); - -/** Se05x_API_DFAuthenticateFirstPart1 - * - * MIFARE DESFire support - * - * MIFARE DESFire EV2 Key derivation (S-mode). This is limited to AES128 keys - * only. - * - * The SE05X can be used by a card reader to setup a session where the SE05X - * stores the master key(s) and the session keys are generated and passed to the - * host. - * - * The SE05X keeps an internal state of MIFARE DESFire authentication data during - * authentication setup. This state is fully transient, so it is lost on deselect - * of the applet. - * - * The MIFARE DESFire state is owned by 1 user at a time; i.e., the user who - * calls DFAuthenticateFirstPart1 owns the MIFARE DESFire context until - * DFAuthenticateFirstPart1 is called again or until DFKillAuthentication is - * called. - * - * The SE05X can also be used to support a ChangeKey command, either supporting - * ChangeKey or ChangeKeyEV2. To establish a correct use case, policies need to - * be applied to the keys to indicate keys can be used for ChangeKey or not, etc. - * (to be detailed) - * - * # Command to Applet - * - * @rst - * +-------+---------------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+=====================+==============================================+ - * | CLA | 0x80 | | - * +-------+---------------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+---------------------+----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------------+----------------------------------------------+ - * | P2 | P2_AUTH_FIRST_PART1 | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+---------------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte key identifier. | - * +-------+---------------------+----------------------------------------------+ - * | | TLV[TAG_2] | 16-byte encrypted card challenge: E(Kx,RndB) | - * +-------+---------------------+----------------------------------------------+ - * | Le | 0x00 | | - * +-------+---------------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+---------------------------------------------+ - * | Value | Description | - * +============+=============================================+ - * | TLV[TAG_1] | 32-byte output data: E(Kx, RandA || RandB') | - * +------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] inputData inputData [2:kSE05x_TAG_2] - * @param[in] inputDataLen Length of inputData - * @param[out] outputData [0:kSE05x_TAG_1] - * @param[in,out] poutputDataLen Length for outputData - */ -smStatus_t Se05x_API_DFAuthenticateFirstPart1(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen); - -/** Se05x_API_DFAuthenticateNonFirstPart1 - * - * - * # Command to Applet - * - * @rst - * +-------+------------------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+========================+==============================================+ - * | CLA | 0x80 | | - * +-------+------------------------+----------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+------------------------+----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------------+----------------------------------------------+ - * | P2 | P2_AUTH_NONFIRST_PART1 | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte key identifier. | - * +-------+------------------------+----------------------------------------------+ - * | | TLV[TAG_2] | 16-byte encrypted card challenge: E(Kx,RndB) | - * +-------+------------------------+----------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+---------------------------------------------+ - * | Value | Description | - * +============+=============================================+ - * | TLV[TAG_1] | 32-byte output data: E(Kx, RandA || RandB') | - * +------------+---------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] objectID objectID [1:kSE05x_TAG_1] - * @param[in] inputData inputData [2:kSE05x_TAG_2] - * @param[in] inputDataLen Length of inputData - * @param[out] outputData [0:kSE05x_TAG_1] - * @param[in,out] poutputDataLen Length for outputData - */ -smStatus_t Se05x_API_DFAuthenticateNonFirstPart1(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen); - -/** Se05x_API_DFAuthenticateFirstPart2 - * - * For First part 2, the key identifier is implicitly set to the identifier used - * for the First authentication. DFAuthenticateFirstPart1 needs to be called - * before; otherwise an error is returned. - * - * # Command to Applet - * - * @rst - * +-------+---------------------+------------------------------------+ - * | Field | Value | Description | - * +=======+=====================+====================================+ - * | CLA | 0x80 | | - * +-------+---------------------+------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+---------------------+------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------------+------------------------------------+ - * | P2 | P2_AUTH_FIRST_PART2 | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------------+------------------------------------+ - * | Lc | #(Payload) | | - * +-------+---------------------+------------------------------------+ - * | | TLV[TAG_1] | 32 byte input: | - * | | | E(Kx,TI||RndA'||PDcap2||PCDcap2) | - * +-------+---------------------+------------------------------------+ - * | Le | 0x00 | | - * +-------+---------------------+------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------+ - * | Value | Description | - * +============+==========================================+ - * | TLV[TAG_1] | 12-byte array returning PDcap2||PCDcap2. | - * +------------+------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-----------------------------+--------------------------------------+ - * | SW | Description | - * +=============================+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-----------------------------+--------------------------------------+ - * | SW_WRONG_DATA | | - * +-----------------------------+--------------------------------------+ - * | SW_CONDITIONS_NOT_SATISFIED | | - * +-----------------------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] inputData inputData [1:kSE05x_TAG_1] - * @param[in] inputDataLen Length of inputData - * @param[out] outputData [0:kSE05x_TAG_1] - * @param[in,out] poutputDataLen Length for outputData - */ -smStatus_t Se05x_API_DFAuthenticateFirstPart2(pSe05xSession_t session_ctx, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen); - -/** Se05x_API_DFAuthenticateNonFirstPart2 - * - * For NonFirst part 2, the key identifier is implicitly set to the identifier - * used for the NonFirst part 1 authentication. DFAuthenticateNonFirstPart1 needs - * to be called before; otherwise an error is returned. - * - * If authentication fails, SW_WRONG_DATA will be returned. - * - * # Command to Applet - * - * @rst - * +-------+------------------------+----------------------------+ - * | Field | Value | Description | - * +=======+========================+============================+ - * | CLA | 0x80 | | - * +-------+------------------------+----------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+------------------------+----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------------+----------------------------+ - * | P2 | P2_AUTH_NONFIRST_PART2 | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------------+----------------------------+ - * | Lc | #(Payload) | | - * +-------+------------------------+----------------------------+ - * | | TLV[TAG_1] | 16-byte E(Kx, RndA') | - * +-------+------------------------+----------------------------+ - * | Le | 0x00 | | - * +-------+------------------------+----------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] inputData inputData [1:kSE05x_TAG_1] - * @param[in] inputDataLen Length of inputData - */ -smStatus_t Se05x_API_DFAuthenticateNonFirstPart2( - pSe05xSession_t session_ctx, const uint8_t *inputData, size_t inputDataLen); - -/** Se05x_API_DFDumpSessionKeys - * - * Dump the Transaction Identifier and the session keys to the host. - * - * - * # Command to Applet - * - * @rst - * +-------+-------------+-----------------------------------+ - * | Field | Value | Description | - * +=======+=============+===================================+ - * | CLA | 0x80 | | - * +-------+-------------+-----------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+-------------+-----------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+-------------+-----------------------------------+ - * | P2 | P2_DUMP_KEY | See :cpp:type:`SE05x_P2_t` | - * +-------+-------------+-----------------------------------+ - * | Lc | #(Payload) | | - * +-------+-------------+-----------------------------------+ - * | Le | 0x28 | Expecting TLV with 38 bytes data. | - * +-------+-------------+-----------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------------------------------+ - * | Value | Description | - * +============+======================================+ - * | TLV[TAG_1] | 38 bytes: KeyID.SesAuthENCKey || | - * | | KeyID.SesAuthMACKey || TI || Cmd-Ctr | - * +------------+--------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[out] sessionData 38 bytes: KeyID.SesAuthENCKey || KeyID.SesAuthMACKey || TI || Cmd-Ctr [0:kSE05x_TAG_1] - * @param[in,out] psessionDataLen Length for sessionData - */ -smStatus_t Se05x_API_DFDumpSessionKeys(pSe05xSession_t session_ctx, uint8_t *sessionData, size_t *psessionDataLen); - -/** Se05x_API_DFChangeKeyPart1 - * - * - * The DFChangeKeyPart1 command is supporting the function to change keys on the - * DESFire PICC. The command generates the cryptogram required to perform such - * operation. - * - * The new key and, if used, the current (or old) key must be stored in the SE05X - * and have the POLICY_OBJ_ALLOW_DESFIRE_AUTHENTICATION associated to execute - * this command. This means the new PICC key must have been loaded into the SE05X - * prior to issuing this command. - * - * The 1-byte key set number indicates whether DESFire ChangeKey or DESFire - * ChangeKeyEV2 is used. When key set equals 0xFF, ChangeKey is used. - * - * - * # Command to Applet - * - * @rst - * +-------+---------------------+------------------------------------------------+ - * | Field | Value | Description | - * +=======+=====================+================================================+ - * | CLA | 0x80 | | - * +-------+---------------------+------------------------------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+---------------------+------------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------------+------------------------------------------------+ - * | P2 | P2_CHANGE_KEY_PART1 | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+---------------------+------------------------------------------------+ - * | | TLV[TAG_1] | 4-byte identifier of the old key. [Optional: | - * | | | if the authentication key is the same as the | - * | | | key to be replaced, this TAG should not be | - * | | | present]. | - * +-------+---------------------+------------------------------------------------+ - * | | TLV[TAG_2] | 4-byte identifier of the new key. | - * +-------+---------------------+------------------------------------------------+ - * | | TLV[TAG_3] | 1-byte key set number [Optional: default = | - * | | | 0xC6] | - * +-------+---------------------+------------------------------------------------+ - * | | TLV[TAG_4] | 1-byte DESFire key number to be targeted. | - * +-------+---------------------+------------------------------------------------+ - * | | TLV[TAG_5] | 1-byte key version | - * +-------+---------------------+------------------------------------------------+ - * | Le | 0x00 | | - * +-------+---------------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------+ - * | Value | Description | - * +============+=============================+ - * | TLV[TAG_1] | Cryptogram holding key data | - * +------------+-----------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] oldObjectID oldObjectID [1:kSE05x_TAG_1] - * @param[in] newObjectID newObjectID [2:kSE05x_TAG_2] - * @param[in] keySetNr keySetNr [3:kSE05x_TAG_3] - * @param[in] keyNoDESFire keyNoDESFire [4:kSE05x_TAG_4] - * @param[in] keyVer keyVer [5:kSE05x_TAG_5] - * @param[out] KeyData [0:kSE05x_TAG_1] - * @param[in,out] pKeyDataLen Length for KeyData - */ -smStatus_t Se05x_API_DFChangeKeyPart1(pSe05xSession_t session_ctx, - uint32_t oldObjectID, - uint32_t newObjectID, - uint8_t keySetNr, - uint8_t keyNoDESFire, - uint8_t keyVer, - uint8_t *KeyData, - size_t *pKeyDataLen); - -/** Se05x_API_DFChangeKeyPart2 - * - * The DFChangeKeyPart2 command verifies the MAC returned by ChangeKey or - * ChangeKeyEV2. Note that this function only needs to be called if a MAC is - * returned (which is not the case if the currently authenticated key is changed - * on the DESFire card). - * - * # Command to Applet - * - * @rst - * +-------+---------------------+----------------------------+ - * | Field | Value | Description | - * +=======+=====================+============================+ - * | CLA | 0x80 | | - * +-------+---------------------+----------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+---------------------+----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------------+----------------------------+ - * | P2 | P2_CHANGE_KEY_PART2 | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------------+----------------------------+ - * | Lc | #(Payload) | | - * +-------+---------------------+----------------------------+ - * | | TLV[TAG_1] | MAC | - * +-------+---------------------+----------------------------+ - * | Le | 0x00 | | - * +-------+---------------------+----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-----------------------------------+ - * | Value | Description | - * +============+===================================+ - * | TLV[TAG_1] | 1-byte :cpp:type:`SE05x_Result_t` | - * +------------+-----------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] MAC MAC [1:kSE05x_TAG_1] - * @param[in] MACLen Length of MAC - * @param[out] presult [0:kSE05x_TAG_1] - */ -smStatus_t Se05x_API_DFChangeKeyPart2(pSe05xSession_t session_ctx, const uint8_t *MAC, size_t MACLen, uint8_t *presult); - -/** Se05x_API_DFKillAuthentication - * - * DFKillAuthentication invalidates any authentication and clears the internal - * DESFire state. Keys used as input (master keys or diversified keys) are not - * touched. - * - * # Command to Applet - * - * @rst - * +-------+--------------+----------------------------+ - * | Field | Value | Description | - * +=======+==============+============================+ - * | CLA | 0x80 | | - * +-------+--------------+----------------------------+ - * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | - * +-------+--------------+----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+--------------+----------------------------+ - * | P2 | P2_KILL_AUTH | See :cpp:type:`SE05x_P2_t` | - * +-------+--------------+----------------------------+ - * | Lc | #(Payload) | | - * +-------+--------------+----------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - */ -smStatus_t Se05x_API_DFKillAuthentication(pSe05xSession_t session_ctx); - -/** Se05x_API_TLSGenerateRandom - * - * Generates a random that is stored in the SE05X and used by TLSPerformPRF. - * - * # Command to Applet - * - * @rst - * +-------+------------+-----------------------------------+ - * | Field | Value | Description | - * +=======+============+===================================+ - * | CLA | 0x80 | | - * +-------+------------+-----------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-----------------------------------+ - * | P1 | P1_TLS | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-----------------------------------+ - * | P2 | P2_RANDOM | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-----------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-----------------------------------+ - * | Le | 0x22 | Expecting TLV with 32 bytes data. | - * +-------+------------+-----------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------+ - * | Value | Description | - * +============+======================+ - * | TLV[TAG_1] | 32-byte random value | - * +------------+----------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[out] randomValue [0:kSE05x_TAG_1] - * @param[in,out] prandomValueLen Length for randomValue - */ -smStatus_t Se05x_API_TLSGenerateRandom(pSe05xSession_t session_ctx, uint8_t *randomValue, size_t *prandomValueLen); - -/** Se05x_API_TLSCalculatePreMasterSecret - * - * The command TLSCalculatePreMasterSecret will compute the pre-master secret for - * TLS according [RFC5246]. The pre-master secret will always be stored in an - * HMACKey object (TLV[TAG_3]). The HMACKey object must be created before; - * otherwise the calculation of the pre-master secret will fail. - * - * It can use one of these algorithms: - - - - - * - * * PSK Key Exchange algorithm as defined in [RFC4279] - * - * * RSA_PSK Key Exchange algorithm as defined in [RFC4279] - * - * * ECDHE_PSK Key Exchange algorithm as defined in [RFC5489] - * - * * EC Key Exchange algorithm as defined in [RFC4492] - * - * * RSA Key Exchange algorithm as defined in [RFC5246] - * - * - * TLV[TAG_1] needs to be an (existing) HMACKey identifier containing the pre- - * shared Key. - * - * Input data in TLV[TAG_4] are: - * - * * An EC public key when TLV[TAG_2] refers to an EC key pair. - * - * * An RSA encrypted secret when TLV[TAG_2] refers to an RSA key pair. - * - * * Empty when TLV[TAG_2] is absent or empty. - * - * - * # Command to Applet - * - * @rst - * +-------+------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+============+==============================================+ - * | CLA | 0x80 | | - * +-------+------------+----------------------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+----------------------------------------------+ - * | P1 | P1_TLS | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+----------------------------------------------+ - * | P2 | P2_PMS | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte PSK identifier referring to a 16, 32, | - * | | | 48 or 64-byte Pre Shared Key. [Optional] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_2] | 4-byte key pair identifier. [Optional] | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_3] | 4-byte target HMACKey identifier. | - * +-------+------------+----------------------------------------------+ - * | | TLV[TAG_4] | Byte array containing input data. | - * +-------+------------+----------------------------------------------+ - * | Le | - | | - * +-------+------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] keyPairId keyPairId [1:kSE05x_TAG_1] - * @param[in] pskId pskId [2:kSE05x_TAG_2] - * @param[in] hmacKeyId hmacKeyId [3:kSE05x_TAG_3] - * @param[in] inputData inputData [4:kSE05x_TAG_4] - * @param[in] inputDataLen Length of inputData - */ -smStatus_t Se05x_API_TLSCalculatePreMasterSecret(pSe05xSession_t session_ctx, - uint32_t keyPairId, - uint32_t pskId, - uint32_t hmacKeyId, - const uint8_t *inputData, - size_t inputDataLen); - -/** Se05x_API_TLSPerformPRF - * - * The command TLSPerformPRF will compute either: - * - * * the master secret for TLS according [RFC5246], section 8.1 - * - * * key expansion data from a master secret for TLS according [RFC5246], section 6.3 - * - * Each time before calling this function, TLSGenerateRandom must be called. - * Executing this function will clear the random that is stored in the SE05X . - * - * The function can be called as client or as server and either using the pre- - * master secret or master secret as input, stored in an HMACKey. The input - * length must be either 16, 32, 48 or 64 bytes. - * - * This results in P2 having 4 possibilities: - * - * * P2_TLS_PRF_CLI_HELLO: pass the clientHelloRandom to calculate a master secret, the serverHelloRandom is in SE05X , generated by TLSGenerateRandom. - * - * * P2_TLS_PRF_SRV_HELLO: pass the serverHelloRandom to calculate a master secret, the clientHelloRandom is in SE05X , generated by TLSGenerateRandom. - * - * * P2_TLS_PRF_CLI_RANDOM: pass the clientRandom to generate key expansion data, the serverRandom is in SE05X , generated by TLSGenerateRandom. - * - * * P2_TLS_PRF_SRV_RANDOM: pass the serverRandom to generate key expansion data, the clientRandom is in SE05X - * - * - * # Command to Applet - * - * @rst - * +-------+------------------------+-----------------------------------------------+ - * | Field | Value | Description | - * +=======+========================+===============================================+ - * | CLA | 0x80 | | - * +-------+------------------------+-----------------------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------------------+-----------------------------------------------+ - * | P1 | P1_TLS | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------------+-----------------------------------------------+ - * | P2 | See description above. | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------------+-----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------------------+-----------------------------------------------+ - * | | TLV[TAG_1] | 4-byte HMACKey identifier. | - * +-------+------------------------+-----------------------------------------------+ - * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_DigestMode_t`, except | - * | | | DIGEST_NO_HASH. | - * +-------+------------------------+-----------------------------------------------+ - * | | TLV[TAG_3] | Label (1 to 64 bytes) | - * +-------+------------------------+-----------------------------------------------+ - * | | TLV[TAG_4] | 32-byte random | - * +-------+------------------------+-----------------------------------------------+ - * | | TLV[TAG_5] | 2-byte requested length | - * +-------+------------------------+-----------------------------------------------+ - * | Le | 0x00 | | - * +-------+------------------------+-----------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------------------------+ - * | Value | Description | - * +============+==============================================+ - * | TLV[TAG_1] | Byte array containing requested output data. | - * +------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * - * @param[in] session_ctx The session context - * @param[in] objectID The object id - * @param[in] digestAlgo The digest algorithm - * @param[in] label The label - * @param[in] labelLen The label length - * @param[in] random The random - * @param[in] randomLen The random length - * @param[in] reqLen The request length - * @param outputData The output data - * @param poutputDataLen The poutput data length - * @param[in] tlsprf The tlsprf - * - * @return The sm status. - */ -smStatus_t Se05x_API_TLSPerformPRF(pSe05xSession_t session_ctx, - uint32_t objectID, - uint8_t digestAlgo, - const uint8_t *label, - size_t labelLen, - const uint8_t *random, - size_t randomLen, - uint16_t reqLen, - uint8_t *outputData, - size_t *poutputDataLen, - const SE05x_TLSPerformPRFType_t tlsprf); - -/** Se05x_API_I2CM_ExecuteCommandSet - * - * Execute one or multiple I2C commands in master mode. Execution is conditional - * to the presence of the authentication object identified by - * RESERVED_ID_I2CM_ACCESS. If the credential is not present in the eSE, access - * is allowed in general. Otherwise, a session shall be established before - * executing this command. In this case, the I2CM_ExecuteCommandSet command shall - * be sent within the mentioned session. - * - * The I2C command set is constructed as a sequence of instructions described in - * with the following rules: - * - * * The length should be limited to MAX_I2CM_COMMAND_LENGTH. - * - * * The data to be read cannot exceed MAX_I2CM_COMMAND_LENGTH, including protocol overhead. - * - * # Command to Applet - * - * @rst - * +-------+------------+------------------------------------------------+ - * | Field | Value | Description | - * +=======+============+================================================+ - * | CLA | 0x80 | | - * +-------+------------+------------------------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t`, in addition to | - * | | | INS_CRYPTO, users can set the INS_ATTEST flag. | - * | | | In that case, attestation applies. | - * +-------+------------+------------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+------------------------------------------------+ - * | P2 | P2_I2CM | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+------------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+------------------------------------------------+ - * | | TLV[TAG_1] | Byte array containing I2C Command set as TLV | - * | | | array. | - * +-------+------------+------------------------------------------------+ - * | | TLV[TAG_2] | 4-byte attestation object identifier. | - * | | | [Optional] [Conditional: only when | - * | | | INS_ATTEST is set] | - * +-------+------------+------------------------------------------------+ - * | | TLV[TAG_3] | 1-byte :cpp:type:`SE05x_AttestationAlgo_t` | - * | | | [Optional] [Conditional: only when | - * | | | INS_ATTEST is set] | - * +-------+------------+------------------------------------------------+ - * | | TLV[TAG_7] | 16-byte freshness random [Optional] | - * | | | [Conditional: only when INS_ATTEST is set] | - * +-------+------------+------------------------------------------------+ - * | Le | 0x00 | Expecting TLV with return data. | - * +-------+------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_1] | Read response, a bytestring containing a | - * | | sequence of: * CONFIGURE (0x01), | - * | | followed by 1 byte of return code (0x5A = | - * | | SUCCESS). * WRITE (0x03), | - * | | followed by 1 byte of return code * | - * | | READ (0x04), followed by - | - * | | Length: 2 bytes in big endian encoded without | - * | | TLV length encoding - | - * | | Read bytes * | - * | | 0xFF followed by the error return code in case | - * | | of a structural error of the incoming buffer | - * | | (too long, for example) | - * +------------+------------------------------------------------+ - * | TLV[TAG_3] | TLV containing 12-byte timestamp | - * +------------+------------------------------------------------+ - * | TLV[TAG_4] | TLV containing 16-byte freshness (random) | - * +------------+------------------------------------------------+ - * | TLV[TAG_5] | TLV containing 18-byte chip unique ID | - * +------------+------------------------------------------------+ - * | TLV[TAG_6] | TLV containing signature over the concatenated | - * | | values of TLV[TAG_1], TLV[TAG_3], TLV[TAG_4] | - * | | and TLV[TAG_5]. | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * - * - * @param[in] session_ctx The session context - * @param[in] inputData The input data - * @param[in] inputDataLen The input data length - * @param[in] attestationID The attestation id - * @param[in] attestationAlgo The attestation algorithm - * @param response The response - * @param presponseLen The presponse length - * @param ptimeStamp The ptime stamp - * @param freshness The freshness - * @param pfreshnessLen The pfreshness length - * @param chipId The chip identifier - * @param pchipIdLen The pchip identifier length - * @param signature The signature - * @param psignatureLen The psignature length - * @param randomAttst The random attst - * @param[in] randomAttstLen The random attst length - * - * @return The sm status. - */ -smStatus_t Se05x_API_I2CM_ExecuteCommandSet(pSe05xSession_t session_ctx, - const uint8_t *inputData, - size_t inputDataLen, - uint32_t attestationID, - uint8_t attestationAlgo, - uint8_t *response, - size_t *presponseLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *freshness, - size_t *pfreshnessLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen, - uint8_t *randomAttst, - size_t randomAttstLen); - -/** Se05x_API_DigestInit - * - * Open a digest operation. The state of the digest operation is kept in the - * Crypto Object until the Crypto Object is finalized or deleted. - * - * - * # Command to Applet - * - * @rst - * +-------+------------+---------------------------------+ - * | Field | Value | Description | - * +=======+============+=================================+ - * | CLA | 0x80 | | - * +-------+------------+---------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+---------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+---------------------------------+ - * | P2 | P2_INIT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+---------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+---------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +-------+------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] - */ -smStatus_t Se05x_API_DigestInit(pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID); - -/** Se05x_API_DigestUpdate - * - * - * # Command to Applet - * - * @rst - * +-------+------------+---------------------------------+ - * | Field | Value | Description | - * +=======+============+=================================+ - * | CLA | 0x80 | | - * +-------+------------+---------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+---------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+---------------------------------+ - * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+---------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+---------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +-------+------------+---------------------------------+ - * | | TLV[TAG_3] | Data to be hashed. | - * +-------+------------+---------------------------------+ - * | Le | | | - * +-------+------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------------+ - * | SW | Description | - * +=============+======================================+ - * | SW_NO_ERROR | The command is handled successfully. | - * +-------------+--------------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] - * @param[in] inputData inputData [2:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - */ -smStatus_t Se05x_API_DigestUpdate( - pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *inputData, size_t inputDataLen); - -/** Se05x_API_DigestFinal - * - * - * # Command to Applet - * - * @rst - * +-------+------------+------------------------------------+ - * | Field | Value | Description | - * +=======+============+====================================+ - * | CLA | 0x80 | | - * +-------+------------+------------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+------------------------------------+ - * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+------------------------------------+ - * | | TLV[TAG_2] | 2-byte Crypto Object identifier | - * +-------+------------+------------------------------------+ - * | | TLV[TAG_3] | Data to be encrypted or decrypted. | - * +-------+------------+------------------------------------+ - * | Le | 0x00 | Expecting TLV with hash value. | - * +-------+------------+------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------+ - * | Value | Description | - * +============+=============+ - * | TLV[TAG_1] | CMAC value | - * +------------+-------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+-----------------------------------+ - * | SW | Description | - * +=============+===================================+ - * | SW_NO_ERROR | The hash is created successfully. | - * +-------------+-----------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] - * @param[in] inputData inputData [2:kSE05x_TAG_3] - * @param[in] inputDataLen Length of inputData - * @param[out] cmacValue [0:kSE05x_TAG_1] - * @param[in,out] pcmacValueLen Length for cmacValue - */ -smStatus_t Se05x_API_DigestFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *cmacValue, - size_t *pcmacValueLen); - -/** Se05x_API_DigestOneShot - * - * Performs a hash operation in one shot (without context). - * - * - * # Command to Applet - * - * @rst - * +-------+------------+-------------------------------------------+ - * | Field | Value | Description | - * +=======+============+===========================================+ - * | CLA | 0x80 | | - * +-------+------------+-------------------------------------------+ - * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-------------------------------------------+ - * | P2 | P2_ONESHOT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-------------------------------------------+ - * | | TLV[TAG_1] | 1-byte DigestMode (except DIGEST_NO_HASH) | - * +-------+------------+-------------------------------------------+ - * | | TLV[TAG_2] | Data to hash. | - * +-------+------------+-------------------------------------------+ - * | Le | 0x00 | TLV expecting hash value | - * +-------+------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------+ - * | Value | Description | - * +============+=============+ - * | TLV[TAG_1] | Hash value. | - * +------------+-------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+-----------------------------------+ - * | SW | Description | - * +=============+===================================+ - * | SW_NO_ERROR | The hash is created successfully. | - * +-------------+-----------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - * @param[in] digestMode digestMode [1:kSE05x_TAG_1] - * @param[in] inputData inputData [2:kSE05x_TAG_2] - * @param[in] inputDataLen Length of inputData - * @param[out] hashValue [0:kSE05x_TAG_1] - * @param[in,out] phashValueLen Length for hashValue - */ -smStatus_t Se05x_API_DigestOneShot(pSe05xSession_t session_ctx, - uint8_t digestMode, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *hashValue, - size_t *phashValueLen); - -/** Se05x_API_GetVersion - * - * Gets the applet version information. - * - * This will return 7-byte VersionInfo (including major, minor and patch version - * of the applet, supported applet features and secure box version). - * - * # Command to Applet - * - * @rst - * +-------+------------------------------+----------------------------------------------+ - * | Field | Value | Description | - * +=======+==============================+==============================================+ - * | CLA | 0x80 | | - * +-------+------------------------------+----------------------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------------------------+----------------------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------------------------+----------------------------------------------+ - * | P2 | P2_VERSION or P2_VERSION_EXT | See :cpp:type:`SE05x_P2_t` | - * +-------+------------------------------+----------------------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------------------------+----------------------------------------------+ - * | Le | 0x00 | Expecting TLV with 7-byte data (when P2 = | - * | | | P2_VERSION) or a TLV with 37 byte data (when | - * | | | P2= P2_VERSION_EXT). | - * +-------+------------------------------+----------------------------------------------+ - * @endrst - * - * - * # R-APDU Body - * - * @rst - * +------------+------------------------------------------------+ - * | Value | Description | - * +============+================================================+ - * | TLV[TAG_1] | 7-byte :cpp:type:`VersionInfoRef` (if P2 = | - * | | P2_VERSION) or 7-byte VersionInfo followed by | - * | | 30 bytes extendedFeatureBits (if P2 = | - * | | P2_VERSION_EXT) | - * +------------+------------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * @param[in] session_ctx The session context - * @param pappletVersion The papplet version - * @param appletVersionLen The applet version length - * - * @return The sm status. - */ -smStatus_t Se05x_API_GetVersion(pSe05xSession_t session_ctx, uint8_t *pappletVersion, size_t *appletVersionLen); - -/** Se05x_API_GetTimestamp - * - * Gets a monotonic counter value (time stamp) from the operating system of the - * device (both persistent and transient part). See TimestampFunctionality for - * details on the timestamps. - * - * - * # Command to Applet - * - * @rst - * +-------+------------+-------------------------------+ - * | Field | Value | Description | - * +=======+============+===============================+ - * | CLA | 0x80 | | - * +-------+------------+-------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-------------------------------+ - * | P2 | P2_TIME | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-------------------------------+ - * | Le | 0x2C | Expecting TLV with timestamp. | - * +-------+------------+-------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+-------------------------------------------+ - * | Value | Description | - * +============+===========================================+ - * | TLV[TAG_1] | TLV containing a 12-byte operating system | - * | | timestamp. | - * +------------+-------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx The session context - * @param ptimeStamp The ptime stamp - * - * @return The sm status. - */ -smStatus_t Se05x_API_GetTimestamp(pSe05xSession_t session_ctx, SE05x_TimeStamp_t *ptimeStamp); - -/** Se05x_API_GetFreeMemory - * - * Gets the amount of free memory. MemoryType indicates the type of memory. - * - * The result indicates the amount of free memory. Note that behavior of the - * function might not be fully linear and can have a granularity of 16 bytes - * where the applet will typically report the "worst case" amount. For example, - * when allocating 2 bytes a time, the first report will show 16 bytes being - * allocated, which remains the same for the next 7 allocations of 2 bytes. - * - * - * # Command to Applet - * - * @rst - * +-------+------------+---------------------------------+ - * | Field | Value | Description | - * +=======+============+=================================+ - * | CLA | 0x80 | | - * +-------+------------+---------------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+---------------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+---------------------------------+ - * | P2 | P2_MEMORY | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+---------------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+---------------------------------+ - * | | TLV[TAG_1] | :cpp:type:`SE05x_MemTyp_t` | - * +-------+------------+---------------------------------+ - * | Le | 0x04 | Expecting TLV with 2-byte data. | - * +-------+------------+---------------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+----------------------------------------------+ - * | Value | Description | - * +============+==============================================+ - * | TLV[TAG_1] | 2 bytes indicating the amount of free memory | - * | | of the requested memory type. 0x7FFF as | - * | | response means at least 32768 bytes are | - * | | available. | - * +------------+----------------------------------------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx The session context - * @param[in] memoryType The memory type - * @param pfreeMem The pfree memory - * - * @return The sm status. - */ -smStatus_t Se05x_API_GetFreeMemory(pSe05xSession_t session_ctx, SE05x_MemoryType_t memoryType, uint16_t *pfreeMem); - -/** Se05x_API_GetRandom - * - * Gets random data from the SE05X . - * - * - * # Command to Applet - * - * @rst - * +-------+------------+-----------------------------+ - * | Field | Value | Description | - * +=======+============+=============================+ - * | CLA | 0x80 | | - * +-------+------------+-----------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+------------+-----------------------------+ - * | P2 | P2_RANDOM | See :cpp:type:`SE05x_P2_t` | - * +-------+------------+-----------------------------+ - * | Lc | #(Payload) | | - * +-------+------------+-----------------------------+ - * | | TLV[TAG_1] | 2-byte requested size. | - * +-------+------------+-----------------------------+ - * | Le | 0x00 | Expecting random data | - * +-------+------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * @rst - * +------------+--------------+ - * | Value | Description | - * +============+==============+ - * | TLV[TAG_1] | Random data. | - * +------------+--------------+ - * @endrst - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx The session context - * @param[in] size The size - * @param randomData The random data - * @param prandomDataLen The prandom data length - * - * @return The sm status. - */ -smStatus_t Se05x_API_GetRandom(pSe05xSession_t session_ctx, uint16_t size, uint8_t *randomData, size_t *prandomDataLen); - -/** Se05x_API_DeleteAll - * - * Delete all Secure Objects, delete all curves and Crypto Objects. Secure - * Objects that are trust provisioned by NXP are not deleted (i.e., all objects - * that have Origin set to ORIGIN_PROVISIONED, including the objects with - * reserved object identifiers listed in Object attributes). - * - * This command can only be used from sessions that are authenticated using the - * credential with index RESERVED_ID_FACTORY_RESET. - * - * _Important_ : if a secure messaging session is up & running (e.g., AESKey or - * ECKey session) and the command is sent within this session, the response of - * the DeleteAll command will not be wrapped (i.e., not encrypted and no R-MAC), - * so this will also break down the secure channel protocol (as the session is - * closed by the DeleteAll command itself). - * - * # Command to Applet - * - * @rst - * +-------+---------------+-----------------------------+ - * | Field | Value | Description | - * +=======+===============+=============================+ - * | CLA | 0x80 | | - * +-------+---------------+-----------------------------+ - * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | - * +-------+---------------+-----------------------------+ - * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | - * +-------+---------------+-----------------------------+ - * | P2 | P2_DELETE_ALL | See :cpp:type:`SE05x_P2_t` | - * +-------+---------------+-----------------------------+ - * | Lc | 0x00 | | - * +-------+---------------+-----------------------------+ - * @endrst - * - * # R-APDU Body - * - * NA - * - * # R-APDU Trailer - * - * @rst - * +-------------+--------------------------------+ - * | SW | Description | - * +=============+================================+ - * | SW_NO_ERROR | Data is returned successfully. | - * +-------------+--------------------------------+ - * @endrst - * - * - * - * @param[in] session_ctx Session Context [0:kSE05x_pSession] - */ -smStatus_t Se05x_API_DeleteAll(pSe05xSession_t session_ctx); - -#if SSS_HAVE_SE05X_VER_GTE_06_00 -#include "se05x_04_xx_APDU_apis.h" -#endif - -#endif /* SE050X_APDU_APIS_H_INC */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_impl.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_impl.h deleted file mode 100644 index 4717f19f7..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_impl.h +++ /dev/null @@ -1,3470 +0,0 @@ -/* - * - * Copyright 2019-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#if defined(NONSECURE_WORLD) -#include "veneer_printf_table.h" -#endif - -#if defined(NONSECURE_WORLD) -#define NEWLINE() DbgConsole_Printf_NSE("\r\n") -#else -#define NEWLINE() printf("\r\n") -#endif - -smStatus_t Se05x_API_CreateSession( - pSe05xSession_t session_ctx, uint32_t authObjectID, uint8_t *sessionId, size_t *psessionIdLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_CREATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CreateSession []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("auth", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, authObjectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, sessionId, psessionIdLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ExchangeSessionData(pSe05xSession_t session_ctx, pSe05xPolicy_t policy) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_POLICY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - // uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ExchangeSessionData []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("Policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, policy); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_RefreshSession(pSe05xSession_t session_ctx, pSe05xPolicy_t policy) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_REFRESH}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "RefreshSession []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CloseSession(pSe05xSession_t session_ctx) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_CLOSE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t iCnt = 0; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CloseSession []"); -#endif /* VERBOSE_APDU_LOGS */ - if (((session_ctx->value[0] || session_ctx->value[1] || session_ctx->value[2] || session_ctx->value[3] || - session_ctx->value[4] || session_ctx->value[5] || session_ctx->value[6] || session_ctx->value[7])) && - (session_ctx->hasSession == 1)) { - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - if (retStatus == SM_OK) { - for (iCnt = 0; iCnt < 8; iCnt++) { - session_ctx->value[iCnt] = 0; - } - session_ctx->hasSession = 0; - } - } - else { - LOG_D("CloseSession command is sent only if valid Session exists!!!"); - } - return retStatus; -} - -smStatus_t Se05x_API_VerifySessionUserID(pSe05xSession_t session_ctx, const uint8_t *userId, size_t userIdLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_UserID}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "VerifySessionUserID []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("userId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, userId, userIdLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_SetLockState(pSe05xSession_t session_ctx, uint8_t lockIndicator, uint8_t lockState) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_TRANSPORT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "SetLockState []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U8("lock indicator", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, lockIndicator); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("lock state", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, lockState); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_SetPlatformSCPRequest(pSe05xSession_t session_ctx, SE05x_PlatformSCPRequest_t platformSCPRequest) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SCP}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "SetPlatformSCPRequest []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_PlatformSCPRequest("platf scp req", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, platformSCPRequest); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_SetAppletFeatures(pSe05xSession_t session_ctx, pSe05xAppletFeatures_t appletVariant) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_VARIANT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "SetAppletFeatures []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Variant(&pCmdbuf, &cmdbufLen, kSE05x_TAG_1, appletVariant); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteECKey(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_ECCurve_t curveID, - const uint8_t *privKey, - size_t privKeyLen, - const uint8_t *pubKey, - size_t pubKeyLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_EC | key_part, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "WriteECKey []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECCurve("curveID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, curveID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("privKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, privKey, privKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pubKey, pubKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteRSAKey(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t size, - const uint8_t *p, - size_t pLen, - const uint8_t *q, - size_t qLen, - const uint8_t *dp, - size_t dpLen, - const uint8_t *dq, - size_t dqLen, - const uint8_t *qInv, - size_t qInvLen, - const uint8_t *pubExp, - size_t pubExpLen, - const uint8_t *priv, - size_t privLen, - const uint8_t *pubMod, - size_t pubModLen, - const SE05x_INS_t ins_type, - const SE05x_KeyPart_t key_part, - const SE05x_RSAKeyFormat_t rsa_format) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_RSA | key_part, rsa_format}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "WriteRSAKey []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("To be Checked(last 3 not pdf)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("size in bits", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, size); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("p", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, p, pLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("q", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, q, qLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("dp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, dp, dpLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("dq", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, dq, dqLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("qnv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, qInv, qInvLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("public exp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_8, pubExp, pubExpLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("priv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_9, priv, privLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional_ByteShift("public mod", &pCmdbuf, &cmdbufLen, kSE05x_TAG_10, pubMod, pubModLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteSymmKey(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - SE05x_KeyID_t kekID, - const uint8_t *keyValue, - size_t keyValueLen, - const SE05x_INS_t ins_type, - const SE05x_SymmKeyType_t type) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, type, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "WriteSymmKey []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_KeyID("KEK id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, kekID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("key value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, keyValue, keyValueLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteBinary(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t objectID, - uint16_t offset, - uint16_t length, - const uint8_t *inputData, - size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_BINARY, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "WriteBinary []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("input data", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_WriteUserID(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - SE05x_MaxAttemps_t maxAttempt, - uint32_t objectID, - const uint8_t *userId, - size_t userIdLen, - const SE05x_AttestationType_t attestation_type) -{ - smStatus_t retStatus = SM_NOT_OK; - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | attestation_type, kSE05x_P1_UserID, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "WriteUserID []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("userId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, userId, userIdLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CreateCounter(pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t objectID, uint16_t size) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_COUNTER, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_CreateCounter []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - - if (size != 0) { - tlvRet = TLVSET_U16("size", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, size); - if (0 != tlvRet) { - goto cleanup; - } - } - - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_SetCounterValue(pSe05xSession_t session_ctx, uint32_t objectID, uint16_t size, uint64_t value) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_COUNTER, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "SetCounterValue []"); -#endif /* VERBOSE_APDU_LOGS */ - - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - - if ((size > 0) && (size <= 8)) { - if (value != 0) { - tlvRet = TLVSET_U64_SIZE("value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, value, size); - if (0 != tlvRet) { - goto cleanup; - } - } - } - else { - LOG_E("Wrong size provided"); - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_IncCounter(pSe05xSession_t session_ctx, uint32_t objectID) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_COUNTER, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(objectID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "IncCounter []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -#if ENABLE_DEPRECATED_API_WritePCR -smStatus_t Se05x_API_WritePCR(pSe05xSession_t session_ctx, - pSe05xPolicy_t policy, - uint32_t pcrID, - const uint8_t *initialValue, - size_t initialValueLen, - const uint8_t *inputData, - size_t inputDataLen) -{ - return Se05x_API_WritePCR_WithType( - session_ctx, kSE05x_INS_NA, policy, pcrID, initialValue, initialValueLen, inputData, inputDataLen); -} -#endif // ENABLE_DEPRECATED_API_WritePCR - -smStatus_t Se05x_API_WritePCR_WithType(pSe05xSession_t session_ctx, - const SE05x_INS_t ins_type, - pSe05xPolicy_t policy, - uint32_t pcrID, - const uint8_t *initialValue, - size_t initialValueLen, - const uint8_t *inputData, - size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_PCR, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - - if (Se05x_IsInValidRangeOfUID(pcrID)) - return SM_NOT_OK; - -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "WritePCR []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pcrID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("initialValue", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, initialValue, initialValueLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ImportObject(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAKeyComponent_t rsaKeyComp, - const uint8_t *serializedObject, - size_t serializedObjectLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_DEFAULT, kSE05x_P2_IMPORT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ImportObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - if (rsaKeyComp != kSE05x_RSAKeyComponent_NA) { - tlvRet = TLVSET_RSAKeyComponent("rsaKeyComp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaKeyComp); - if (0 != tlvRet) { - goto cleanup; - } - } - tlvRet = TLVSET_u8bufOptional( - "serializedObject", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, serializedObject, serializedObjectLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ImportExternalObject(pSe05xSession_t session_ctx, - const uint8_t *ECKeydata, - size_t ECKeydataLen, - const uint8_t *ECAuthKeyID, - size_t ECAuthKeyIDLen, - const uint8_t *serializedObject, - size_t serializedObjectLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, 0x06, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ImportExternalObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8buf("AuthData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_IMPORT_AUTH_DATA, ECKeydata, ECKeydataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8buf("AuthID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_IMPORT_AUTH_KEY_ID, ECAuthKeyID, ECAuthKeyIDLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional( - "serializedObject", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, serializedObject, serializedObjectLen); - - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadObject( - pSe05xSession_t session_ctx, uint32_t objectID, uint16_t offset, uint16_t length, uint8_t *data, size_t *pdataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - - if (retStatus == SM_ERR_ACCESS_DENIED_BASED_ON_POLICY) - LOG_W("Denied to read object %08X bases on policy.", objectID); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadObject_W_Attst(pSe05xSession_t session_ctx, - uint32_t objectID, - uint16_t offset, - uint16_t length, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *data, - size_t *pdataLen, - uint8_t *attribute, - size_t *pattributeLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ_With_Attestation, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadObject_W_Attst []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("attestID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, attestID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_AttestationAlgo("attestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, attestAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, random, randomLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ - if (0 != tlvRet) { - /* Keys with no read policy will not return TAG1 */ - //goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, attribute, pattributeLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, outrandom, poutrandomLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadRSA(pSe05xSession_t session_ctx, - uint32_t objectID, - uint16_t offset, - uint16_t length, - SE05x_RSAPubKeyComp_t rsa_key_comp, - uint8_t *data, - size_t *pdataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadRSA []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSAPubKeyComp("rsa_key_comp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, rsa_key_comp); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadRSA_W_Attst(pSe05xSession_t session_ctx, - uint32_t objectID, - uint16_t offset, - uint16_t length, - SE05x_RSAPubKeyComp_t rsa_key_comp, - uint32_t attestID, - SE05x_AttestationAlgo_t attestAlgo, - const uint8_t *random, - size_t randomLen, - uint8_t *data, - size_t *pdataLen, - uint8_t *attribute, - size_t *pattributeLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *outrandom, - size_t *poutrandomLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ_With_Attestation, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadRSA_W_Attst []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSAPubKeyComp("rsa_key_comp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, rsa_key_comp); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("attestID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, attestID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_AttestationAlgo("attestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, attestAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, random, randomLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, attribute, pattributeLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, outrandom, poutrandomLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ExportObject( - pSe05xSession_t session_ctx, uint32_t objectID, SE05x_RSAKeyComponent_t rsaKeyComp, uint8_t *data, size_t *pdataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_EXPORT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ExportObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSAKeyComponent("rsaKeyComp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaKeyComp); - if (0 != tlvRet) { - goto cleanup; - } - - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadType(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_SecureObjectType_t *ptype, - uint8_t *pisTransient, - const SE05x_AttestationType_t attestation_type) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ | attestation_type, kSE05x_P1_DEFAULT, kSE05x_P2_TYPE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadType []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_SecureObjectType(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, ptype); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pisTransient); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadSize(pSe05xSession_t session_ctx, uint32_t objectID, uint16_t *psize) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_SIZE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadSize []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U16(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, psize); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadIDList(pSe05xSession_t session_ctx, - uint16_t outputOffset, - uint8_t filter, - uint8_t *pmore, - uint8_t *idlist, - size_t *pidlistLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_LIST}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadIDList []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U16("output offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, outputOffset); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("filter", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, filter); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pmore); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, - &rspIndex, - rspbufLen, - kSE05x_TAG_2, - idlist, - pidlistLen); /* Byte array containing 4-byte identifiers */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (smStatus_t)((pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1])); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CheckObjectExists(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_Result_t *presult) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_EXIST}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CheckObjectExists []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DeleteSecureObject(pSe05xSession_t session_ctx, uint32_t objectID) -{ - smStatus_t retStatus = SM_NOT_OK; - - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_DELETE_OBJECT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DeleteSecureObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CreateECCurve(pSe05xSession_t session_ctx, SE05x_ECCurve_t curveID) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_CURVE, kSE05x_P2_CREATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CreateECCurve []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_ECCurve("curve id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, curveID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_SetECCurveParam(pSe05xSession_t session_ctx, - SE05x_ECCurve_t curveID, - SE05x_ECCurveParam_t ecCurveParam, - const uint8_t *inputData, - size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_CURVE, kSE05x_P2_PARAM}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "SetECCurveParam []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_ECCurve("curve id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, curveID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECCurveParam("ecCurveParam", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, ecCurveParam); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_GetECCurveId(pSe05xSession_t session_ctx, uint32_t objectID, uint8_t *pcurveId) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_CURVE, kSE05x_P2_ID}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "GetECCurveId []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pcurveId); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadECCurveList(pSe05xSession_t session_ctx, uint8_t *curveList, size_t *pcurveListLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_CURVE, kSE05x_P2_LIST}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadECCurveList []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, curveList, pcurveListLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DeleteECCurve(pSe05xSession_t session_ctx, SE05x_ECCurve_t curveID) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_CURVE, kSE05x_P2_DELETE_OBJECT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DeleteECCurve []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_ECCurve("curve id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, curveID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CreateCryptoObject(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - SE05x_CryptoContext_t cryptoContext, - SE05x_CryptoModeSubType_t subtype) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_CRYPTO_OBJ, kSE05x_P2_DEFAULT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CreateCryptoObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoContext("cryptoContext", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoContext); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoModeSubType( - "1-byte Crypto Object subtype, either from DigestMode, CipherMode or MACAlgo (depending on TAG_2).", - &pCmdbuf, - &cmdbufLen, - kSE05x_TAG_3, - subtype); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ReadCryptoObjectList(pSe05xSession_t session_ctx, uint8_t *idlist, size_t *pidlistLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_CRYPTO_OBJ, kSE05x_P2_LIST}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ReadCryptoObjectList []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = - tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, idlist, pidlistLen); /* If more ids are present */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DeleteCryptoObject(pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_CRYPTO_OBJ, kSE05x_P2_DELETE_OBJECT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DeleteCryptoObject []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ECDSASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_ECSignatureAlgo_t ecSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_SIGN}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ECDSASign []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECSignatureAlgo("ecSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, ecSignAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_EdDSASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_EDSignatureAlgo_t edSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_SIGN}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "EdDSASign []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_EDSignatureAlgo("edSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, edSignAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ECDAASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_ECDAASignatureAlgo_t ecdaaSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *randomData, - size_t randomDataLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_SIGN}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ECDAASign []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECDAASignatureAlgo("ecdaaSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, ecdaaSignAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("randomData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, randomData, randomDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ECDSAVerify(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_ECSignatureAlgo_t ecSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *signature, - size_t signatureLen, - SE05x_Result_t *presult) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_VERIFY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ECDSAVerify []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_ECSignatureAlgo("ecSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, ecSignAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("signature", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, signature, signatureLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_EdDSAVerify(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_EDSignatureAlgo_t edSignAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *signature, - size_t signatureLen, - SE05x_Result_t *presult) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_VERIFY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "EdDSAVerify []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_EDSignatureAlgo("edSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, edSignAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("signature", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, signature, signatureLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_ECDHGenerateSharedSecret(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *pubKey, - size_t pubKeyLen, - uint8_t *sharedSecret, - size_t *psharedSecretLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_EC, kSE05x_P2_DH}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "ECDHGenerateSharedSecret []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, pubKey, pubKeyLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, sharedSecret, psharedSecretLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_RSASign(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSASignatureAlgo_t rsaSigningAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *signature, - size_t *psignatureLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_SIGN}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "RSASign []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSASignatureAlgo("rsaSigningAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaSigningAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_RSAVerify(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSASignatureAlgo_t rsaSigningAlgo, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *signature, - size_t signatureLen, - SE05x_Result_t *presult) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_VERIFY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "RSAVerify []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSASignatureAlgo("rsaSigningAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaSigningAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("signature", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, signature, signatureLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_RSAEncrypt(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *encryptedData, - size_t *pencryptedDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_RSA, kSE05x_P2_ENCRYPT_ONESHOT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "RSAEncrypt []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSAEncryptionAlgo("rsaEncryptionAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaEncryptionAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, encryptedData, pencryptedDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_RSADecrypt(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *decryptedData, - size_t *pdecryptedDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_RSA, kSE05x_P2_DECRYPT_ONESHOT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "RSADecrypt []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_RSAEncryptionAlgo("rsaEncryptionAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaEncryptionAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, decryptedData, pdecryptedDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CipherInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *IV, - size_t IVLen, - const SE05x_Cipher_Oper_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_CIPHER, operation}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CipherInit []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, IV, IVLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CipherUpdate(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_CIPHER, kSE05x_P2_UPDATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CipherUpdate []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CipherFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_CIPHER, kSE05x_P2_FINAL}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CipherFinal []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_CipherOneShot(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CipherMode_t cipherMode, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *IV, - size_t IVLen, - uint8_t *outputData, - size_t *poutputDataLen, - const SE05x_Cipher_Oper_OneShot_t operation) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_CIPHER, operation}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "CipherOneShot []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CipherMode("cipherMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cipherMode); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, IV, IVLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_MACInit(pSe05xSession_t session_ctx, - uint32_t objectID, - SE05x_CryptoObjectID_t cryptoObjectID, - const SE05x_Mac_Oper_t mac_oper) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, mac_oper}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "MACInit []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_MACUpdate( - pSe05xSession_t session_ctx, const uint8_t *inputData, size_t inputDataLen, SE05x_CryptoObjectID_t cryptoObjectID) -{ - smStatus_t retStatus = SM_NOT_OK; - - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, kSE05x_P2_UPDATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "MACUpdate []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_MACFinal(pSe05xSession_t session_ctx, - const uint8_t *inputData, - size_t inputDataLen, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *macValidateData, - size_t macValidateDataLen, - uint8_t *macValue, - size_t *pmacValueLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, kSE05x_P2_FINAL}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "MACFinal []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional( - "macValidateData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, macValidateData, macValidateDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, macValue, pmacValueLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_MACOneShot_G(pSe05xSession_t session_ctx, - uint32_t objectID, - uint8_t macOperation, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *macValue, - size_t *pmacValueLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, kSE05x_P2_GENERATE_ONESHOT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "MACOneShot_G []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("macOperation", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, macOperation); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, macValue, pmacValueLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_MACOneShot_V(pSe05xSession_t session_ctx, - uint32_t objectID, - uint8_t macOperation, - const uint8_t *inputData, - size_t inputDataLen, - const uint8_t *MAC, - size_t MACLen, - uint8_t *macValue, - size_t *pmacValueLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, kSE05x_P2_VALIDATE_ONESHOT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "MACOneShot_V []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("macOperation", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, macOperation); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional( - "MAC to verify (when P2=P2_VALIDATE_ONESHOT)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, MAC, MACLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, macValue, pmacValueLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_HKDF(pSe05xSession_t session_ctx, - uint32_t hmacID, - SE05x_DigestMode_t digestMode, - const uint8_t *salt, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - uint16_t deriveDataLen, - uint8_t *hkdfOuput, - size_t *phkdfOuputLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_HKDF}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "HKDF []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("hmacID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, hmacID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_DigestMode("digestMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, digestMode); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("salt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, salt, saltLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("info", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, info, infoLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("2-byte requested length (L)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, deriveDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, hkdfOuput, phkdfOuputLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_HKDF_Extended(pSe05xSession_t session_ctx, - uint32_t hmacID, - SE05x_DigestMode_t digestMode, - SE05x_HkdfMode_t hkdfMode, - const uint8_t *salt, - size_t saltLen, - uint32_t saltID, - const uint8_t *info, - size_t infoLen, - uint32_t derivedKeyID, - uint16_t deriveDataLen, - uint8_t *hkdfOuput, - size_t *phkdfOuputLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_HKDF}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); - hdr.hdr[3] = (hkdfMode == kSE05x_HkdfMode_ExpandOnly ? kSE05x_P2_HKDF_EXPAND_ONLY : kSE05x_P2_HKDF); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "HKDF []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("hmacID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, hmacID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_DigestMode("digestMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, digestMode); - if (0 != tlvRet) { - goto cleanup; - } - if ((salt != NULL) && (hkdfMode != kSE05x_HkdfMode_ExpandOnly)) { - tlvRet = TLVSET_u8bufOptional("salt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, salt, saltLen); - if (0 != tlvRet) { - goto cleanup; - } - } - tlvRet = TLVSET_u8bufOptional("info", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, info, infoLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("2-byte requested length (L)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, deriveDataLen); - if (0 != tlvRet) { - goto cleanup; - } - // Warning: TAGS must be in numerical order, so this cannot be the else statement of (salt != null) - if ((salt == NULL) && (hkdfMode != kSE05x_HkdfMode_ExpandOnly)) { - tlvRet = TLVSET_U32("saltID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, saltID); - if (0 != tlvRet) { - goto cleanup; - } - } - if (hkdfOuput == NULL) { - tlvRet = TLVSET_U32("derivedKeyID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, derivedKeyID); - if (0 != tlvRet) { - goto cleanup; - } - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - if (hkdfOuput == NULL) { - retStatus = SM_NOT_OK; - if (2 == rspbufLen) { - retStatus = (rspbuf[0] << 8) | (rspbuf[1]); - } - } - else { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, hkdfOuput, phkdfOuputLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_PBKDF2(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *salt, - size_t saltLen, - uint16_t count, - uint16_t requestedLen, - uint8_t *derivedSessionKey, - size_t *pderivedSessionKeyLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_PBKDF}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "PBKDF2 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32( - "4-byte password identifier (object type must be HMACKey)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("salt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, salt, saltLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("count", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, count); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("requestedLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, requestedLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = - tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, derivedSessionKey, pderivedSessionKeyLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFDiversifyKey(pSe05xSession_t session_ctx, - uint32_t masterKeyID, - uint32_t diversifiedKeyID, - const uint8_t *divInputData, - size_t divInputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_DIVERSIFY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFDiversifyKey []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("masterKeyID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, masterKeyID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("diversifiedKeyID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, diversifiedKeyID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("divInputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, divInputData, divInputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFAuthenticateFirstPart1(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_AUTH_FIRST_PART1}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFAuthenticateFirstPart1 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFAuthenticateNonFirstPart1(pSe05xSession_t session_ctx, - uint32_t objectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_AUTH_NONFIRST_PART1}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFAuthenticateFirstPart1 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFAuthenticateFirstPart2(pSe05xSession_t session_ctx, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *outputData, - size_t *poutputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_AUTH_FIRST_PART2}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFAuthenticateFirstPart2 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFAuthenticateNonFirstPart2( - pSe05xSession_t session_ctx, const uint8_t *inputData, size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_AUTH_NONFIRST_PART2}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFAuthenticateNonFirstPart2 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFDumpSessionKeys(pSe05xSession_t session_ctx, uint8_t *sessionData, size_t *psessionDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_DUMP_KEY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFDumpSessionKeys []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, - &rspIndex, - rspbufLen, - kSE05x_TAG_1, - sessionData, - psessionDataLen); /* 38 bytes: KeyID.SesAuthENCKey || KeyID.SesAuthMACKey || TI || Cmd-Ctr */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFChangeKeyPart1(pSe05xSession_t session_ctx, - uint32_t oldObjectID, - uint32_t newObjectID, - uint8_t keySetNr, - uint8_t keyNoDESFire, - uint8_t keyVer, - uint8_t *KeyData, - size_t *pKeyDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_CHANGE_KEY_PART1}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFChangeKeyPart1 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_KeyID("oldObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, oldObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("newObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, newObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("keySetNr", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, keySetNr); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("keyNoDESFire", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, keyNoDESFire); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("keyVer", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, keyVer); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, KeyData, pKeyDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFChangeKeyPart2(pSe05xSession_t session_ctx, const uint8_t *MAC, size_t MACLen, uint8_t *presult) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_CHANGE_KEY_PART2}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFChangeKeyPart2 []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("MAC", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, MAC, MACLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DFKillAuthentication(pSe05xSession_t session_ctx) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_KILL_AUTH}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DFKillAuthentication []"); -#endif /* VERBOSE_APDU_LOGS */ - - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - - return retStatus; -} - -smStatus_t Se05x_API_TLSGenerateRandom(pSe05xSession_t session_ctx, uint8_t *randomValue, size_t *prandomValueLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_TLS, kSE05x_P2_RANDOM}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "TLSGenerateRandom []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, randomValue, prandomValueLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_TLSCalculatePreMasterSecret(pSe05xSession_t session_ctx, - uint32_t keyPairId, - uint32_t pskId, - uint32_t hmacKeyId, - const uint8_t *inputData, - size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_TLS, kSE05x_P2_TLS_PMS}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "TLSCalculatePreMasterSecret []"); -#endif /* VERBOSE_APDU_LOGS */ - if (pskId != 0) { - tlvRet = TLVSET_U32("pskId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pskId); - if (0 != tlvRet) { - goto cleanup; - } - } - tlvRet = TLVSET_U32("keyPairId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, keyPairId); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("hmacKeyId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, hmacKeyId); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_TLSPerformPRF(pSe05xSession_t session_ctx, - uint32_t objectID, - uint8_t digestAlgo, - const uint8_t *label, - size_t labelLen, - const uint8_t *random, - size_t randomLen, - uint16_t reqLen, - uint8_t *outputData, - size_t *poutputDataLen, - const SE05x_TLSPerformPRFType_t tlsprf) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_TLS, tlsprf}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "TLSPerformPRF []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("digestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, digestAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("Label (1 to 64 bytes)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, label, labelLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("32-byte random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, random, randomLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U16("2-byte requested length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, reqLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_I2CM_ExecuteCommandSet(pSe05xSession_t session_ctx, - const uint8_t *inputData, - size_t inputDataLen, - uint32_t attestationID, - uint8_t attestationAlgo, - uint8_t *response, - size_t *presponseLen, - SE05x_TimeStamp_t *ptimeStamp, - uint8_t *freshness, - size_t *pfreshnessLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen, - uint8_t *randomAttst, - size_t randomAttstLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_I2CM_Attestation, kSE05x_P1_DEFAULT, kSE05x_P2_I2CM}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "I2CM_ExecuteCommandSet []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U32("attestationID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, attestationID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_U8("attestationAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, attestationAlgo); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8bufOptional("freshness random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, randomAttst, randomAttstLen); - if (0 != tlvRet) { - goto cleanup; - } - - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, response, presponseLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, freshness, pfreshnessLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DigestInit(pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_INIT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DigestInit []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DigestUpdate( - pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *inputData, size_t inputDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_UPDATE}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DigestUpdate []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DigestFinal(pSe05xSession_t session_ctx, - SE05x_CryptoObjectID_t cryptoObjectID, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *cmacValue, - size_t *pcmacValueLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_FINAL}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DigestFinal []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, cmacValue, pcmacValueLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DigestOneShot(pSe05xSession_t session_ctx, - uint8_t digestMode, - const uint8_t *inputData, - size_t inputDataLen, - uint8_t *hashValue, - size_t *phashValueLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_ONESHOT}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DigestOneShot []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U8("digestMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, digestMode); - if (0 != tlvRet) { - goto cleanup; - } - tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, inputData, inputDataLen); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, hashValue, phashValueLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_GetVersion(pSe05xSession_t session_ctx, uint8_t *pappletVersion, size_t *appletVersionLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_VERSION}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "GetVersion []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pappletVersion, appletVersionLen); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_GetTimestamp(pSe05xSession_t session_ctx, SE05x_TimeStamp_t *ptimeStamp) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_TIME}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "GetTimestamp []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, ptimeStamp); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_GetFreeMemory(pSe05xSession_t session_ctx, SE05x_MemoryType_t memoryType, uint16_t *pfreeMem) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_MEMORY}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "GetFreeMemory []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_MemoryType("memoryType", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, memoryType); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_U16(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pfreeMem); /* - */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_GetRandom(pSe05xSession_t session_ctx, uint16_t size, uint8_t *randomData, size_t *prandomDataLen) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_RANDOM}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; - uint8_t *pCmdbuf = &cmdbuf[0]; - int tlvRet = 0; - uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; - uint8_t *pRspbuf = &rspbuf[0]; - size_t rspbufLen = ARRAY_SIZE(rspbuf); -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "GetRandom []"); -#endif /* VERBOSE_APDU_LOGS */ - tlvRet = TLVSET_U16("size", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, size); - if (0 != tlvRet) { - goto cleanup; - } - retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); - if (retStatus == SM_OK) { - retStatus = SM_NOT_OK; - size_t rspIndex = 0; - tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, randomData, prandomDataLen); /* */ - if (0 != tlvRet) { - goto cleanup; - } - if ((rspIndex + 2) == rspbufLen) { - retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); - } - } - -cleanup: - return retStatus; -} - -smStatus_t Se05x_API_DeleteAll(pSe05xSession_t session_ctx) -{ - smStatus_t retStatus = SM_NOT_OK; - tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_DELETE_ALL}}; - uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; - size_t cmdbufLen = 0; -#if VERBOSE_APDU_LOGS - NEWLINE(); - nLog("APDU", NX_LEVEL_DEBUG, "DeleteAll []"); -#endif /* VERBOSE_APDU_LOGS */ - retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); - return retStatus; -} diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_scp03_puf.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_scp03_puf.h deleted file mode 100644 index be9e9f1ce..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_scp03_puf.h +++ /dev/null @@ -1,124 +0,0 @@ -/* - * - * Copyright 2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef __EX_SCP03_PUF_H__ -#define __EX_SCP03_PUF_H__ - -#if defined(SECURE_WORLD) - -/** - * Activation Code to start PUF. - * This is used only for testing purposes, actual - * activation code should be stored in PFR and always - * read from PFR before PUF_Start. - * - * AC is different for all PUFs, this code cannot be used - * on any other board. - */ - -#define ACTIVATION_CODE_TESTING_LOCAL \ - { \ - 0xA2, 0x7D, 0xF7, 0x38, 0x15, 0x8E, 0x1F, 0xE1, 0x8D, 0x9F, 0x45, 0x6F, 0x8A, 0x2C, 0xA5, 0x8D, 0xC2, 0x15, \ - 0xD1, 0x9A, 0x13, 0xFA, 0xD8, 0x5E, 0x36, 0x00, 0x9A, 0xDD, 0x42, 0xB6, 0x4F, 0x6D, 0x08, 0xFB, 0x89, \ - 0x37, 0x3C, 0x1D, 0xAF, 0xD5, 0x63, 0xE1, 0xE8, 0xC8, 0x93, 0x93, 0x5C, 0xD8, 0x49, 0xF3, 0x2D, 0xD1, \ - 0xF9, 0x3D, 0x74, 0x97, 0x37, 0xBD, 0xC5, 0xBE, 0x04, 0x6A, 0x5E, 0xBC, 0xF3, 0x7D, 0xBD, 0xE0, 0xC6, \ - 0x3E, 0x66, 0x5F, 0xC0, 0x5C, 0x57, 0x09, 0x57, 0x8C, 0x45, 0x30, 0x12, 0x6F, 0xFA, 0x3B, 0xDB, 0x40, \ - 0xCE, 0xB8, 0xF2, 0x6E, 0x9B, 0xF1, 0x16, 0x74, 0x2A, 0x34, 0x7A, 0x6F, 0xB6, 0xEF, 0xA3, 0xD3, 0x8C, \ - 0xF0, 0x03, 0xB8, 0xB8, 0x8B, 0x2F, 0x27, 0x16, 0xDD, 0xE0, 0x92, 0xC8, 0xD7, 0x4E, 0x4A, 0x44, 0xBC, \ - 0x4D, 0x7C, 0x7E, 0xA0, 0xE7, 0x8E, 0xA3, 0x5D, 0xFB, 0x53, 0x4D, 0x67, 0x74, 0x4B, 0x65, 0x1E, 0xC1, \ - 0x57, 0x7C, 0x67, 0xB3, 0x58, 0x42, 0x4F, 0x36, 0xF9, 0x0C, 0x77, 0x58, 0x6C, 0x9A, 0x04, 0x15, 0x0D, \ - 0x71, 0x55, 0x3F, 0x8E, 0x69, 0x12, 0x2C, 0xFC, 0xCA, 0x80, 0xD7, 0xC7, 0x27, 0xFE, 0xEA, 0x6E, 0x7D, \ - 0xFC, 0x84, 0x50, 0x0F, 0x00, 0x71, 0x09, 0x8F, 0x2C, 0x91, 0x57, 0xAF, 0xE7, 0xF3, 0x11, 0xA8, 0xA2, \ - 0x76, 0xF2, 0x1D, 0x88, 0xA5, 0x2F, 0x2E, 0x09, 0x02, 0xB3, 0xC4, 0xD5, 0x1D, 0x39, 0x20, 0x3C, 0x36, \ - 0x51, 0x19, 0x9C, 0xFB, 0xC9, 0x33, 0xD6, 0xBE, 0x93, 0xBD, 0x68, 0x6D, 0x51, 0x30, 0xA9, 0x11, 0x98, \ - 0xAD, 0x84, 0xC5, 0x50, 0x9A, 0x7E, 0x11, 0x8E, 0x43, 0x78, 0x79, 0x3A, 0xE2, 0xF0, 0x52, 0xB8, 0xDD, \ - 0x4E, 0xD3, 0xB8, 0xE0, 0xF9, 0xA6, 0x34, 0xF2, 0xE1, 0xA3, 0xEC, 0x92, 0x46, 0xE4, 0xAE, 0x09, 0xFB, \ - 0x2A, 0x1F, 0x6F, 0xD0, 0x23, 0x0F, 0xE8, 0x0D, 0x52, 0x98, 0x88, 0xA3, 0x15, 0xC9, 0x01, 0x94, 0x61, \ - 0x1D, 0xB7, 0x2F, 0x5F, 0xB2, 0x94, 0x5D, 0x01, 0x54, 0x61, 0xB1, 0xF2, 0xB6, 0xF3, 0x79, 0x22, 0x2F, \ - 0x9C, 0x44, 0xAB, 0xD5, 0x0D, 0xC8, 0x42, 0x06, 0x03, 0x33, 0x8E, 0x52, 0xDF, 0xC8, 0xDE, 0x18, 0xF6, \ - 0xD6, 0x73, 0x64, 0x70, 0x94, 0xC5, 0x0F, 0x64, 0x3E, 0x7E, 0x14, 0xE9, 0xF4, 0x4C, 0xF9, 0x5E, 0x5A, \ - 0xC6, 0x39, 0xF7, 0xA9, 0x72, 0xB5, 0x08, 0x51, 0x11, 0x7A, 0xDB, 0x8A, 0x72, 0xF9, 0xF7, 0x23, 0x59, \ - 0xAC, 0x9A, 0x61, 0x2F, 0xA6, 0xDB, 0x84, 0xBD, 0x7C, 0x7E, 0x1A, 0xEA, 0xFB, 0x6B, 0xC8, 0x5E, 0xE3, \ - 0x04, 0xBF, 0x13, 0x05, 0xFA, 0xDA, 0xF7, 0x96, 0x91, 0x6A, 0x40, 0xA8, 0xC7, 0x77, 0xC6, 0xCB, 0xAC, \ - 0x2C, 0xD9, 0xCD, 0x6C, 0x6D, 0xA4, 0x19, 0x50, 0x07, 0x8C, 0x72, 0xEE, 0x0F, 0x33, 0xA2, 0x48, 0x20, \ - 0x24, 0x5E, 0x93, 0xE7, 0xC2, 0x73, 0x02, 0x00, 0x87, 0xFD, 0x11, 0x2A, 0x8F, 0x9F, 0xD9, 0xFB, 0xF7, \ - 0xAC, 0x0D, 0x77, 0xBB, 0x1C, 0xF8, 0x55, 0xE7, 0x10, 0x05, 0x5C, 0x18, 0x23, 0x26, 0xDD, 0x60, 0xDD, \ - 0xFF, 0xAB, 0x8D, 0x68, 0xDE, 0x7E, 0xE8, 0xB3, 0xDE, 0xA2, 0x6D, 0x35, 0x7C, 0x9B, 0x31, 0x11, 0x5E, \ - 0xEC, 0xB5, 0x51, 0x00, 0x1C, 0x5C, 0x65, 0xA3, 0xC7, 0x35, 0xFA, 0x37, 0x1C, 0xDF, 0xD0, 0x26, 0xA0, \ - 0x44, 0x57, 0xD4, 0xC9, 0xCE, 0xE5, 0x2B, 0xB4, 0x06, 0xF6, 0x9B, 0xE9, 0xE5, 0x66, 0x6F, 0x24, 0x30, \ - 0xBF, 0x6D, 0x8E, 0x2E, 0xE7, 0x13, 0x94, 0x0B, 0x6F, 0x1A, 0x7A, 0x77, 0xAB, 0xD9, 0xB4, 0x2D, 0xFF, \ - 0x4F, 0xB4, 0xC7, 0x04, 0x2E, 0xF7, 0x1B, 0xF6, 0x66, 0x2D, 0xA7, 0x59, 0x99, 0x57, 0x5F, 0x2C, 0x1A, \ - 0x75, 0x81, 0xF3, 0xAC, 0x41, 0x7A, 0xFB, 0x47, 0xF3, 0x0E, 0xDC, 0x9E, 0xAB, 0xED, 0x18, 0xA4, 0x43, \ - 0xCC, 0x80, 0xFB, 0x6E, 0x53, 0xD6, 0x91, 0x9F, 0x30, 0x80, 0xEA, 0x04, 0x42, 0x7B, 0x94, 0x62, 0x34, \ - 0x25, 0xEA, 0xA4, 0x9A, 0x72, 0x9B, 0x81, 0x47, 0xA5, 0xA0, 0xE9, 0x07, 0xBB, 0x09, 0xDA, 0x4C, 0x51, \ - 0x61, 0x00, 0xC7, 0x1E, 0x0E, 0x37, 0x7F, 0xF2, 0x2B, 0x82, 0xD0, 0xF6, 0x18, 0xFA, 0x56, 0xC7, 0x2D, \ - 0xEB, 0x22, 0xFC, 0xDC, 0x97, 0xDF, 0x65, 0xBC, 0xB4, 0x2A, 0xB3, 0x10, 0xFF, 0xC5, 0x7A, 0x9F, 0xF8, \ - 0xCD, 0xB9, 0x84, 0x60, 0x9E, 0x92, 0xFD, 0xF9, 0x16, 0x90, 0xB2, 0x81, 0x52, 0x7E, 0x03, 0xBC, 0x91, \ - 0xD8, 0x9A, 0x0C, 0xC1, 0x99, 0x93, 0x42, 0x67, 0x96, 0x3C, 0x01, 0x55, 0x37, 0x86, 0xD2, 0x37, 0xE6, \ - 0x07, 0xC8, 0x74, 0x41, 0xCD, 0x88, 0x93, 0x51, 0xBA, 0x9B, 0xB0, 0x00, 0x6D, 0x14, 0x4F, 0xD8, 0x7F, \ - 0x77, 0x9F, 0x7E, 0x15, 0xE2, 0xA9, 0xA0, 0xC8, 0x7F, 0xD4, 0xFA, 0xCD, 0x60, 0x91, 0xA8, 0x9B, 0xB7, \ - 0x41, 0x6E, 0x07, 0xCB, 0x21, 0xE9, 0x42, 0xC1, 0xB7, 0x6E, 0x63, 0x68, 0x90, 0x0E, 0x29, 0xBB, 0x0D, \ - 0x83, 0x32, 0xD0, 0x71, 0x5A, 0xE1, 0xEC, 0x21, 0x0E, 0x78, 0xC6, 0x60, 0x3D, 0x78, 0xFA, 0x5C, 0xEE, \ - 0xAC, 0x29, 0xC4, 0xE4, 0x0F, 0x92, 0x27, 0xBE, 0xD0, 0xA5, 0x1E, 0xF4, 0xDD, 0xAB, 0xB9, 0x22, 0xA0, \ - 0x7E, 0xFE, 0x47, 0x1D, 0x62, 0x69, 0x9D, 0x8D, 0x01, 0xCF, 0x5D, 0xC1, 0xAD, 0x50, 0x61, 0x77, 0x91, \ - 0x39, 0x0A, 0x97, 0x92, 0x92, 0x66, 0x9F, 0xE5, 0x57, 0x26, 0xD7, 0x01, 0xC3, 0xEF, 0x23, 0xCC, 0x98, \ - 0xB9, 0x39, 0x20, 0x6D, 0xC8, 0x10, 0x2D, 0xB8, 0x18, 0x2E, 0xC2, 0x25, 0x83, 0x88, 0x2A, 0xDF, 0xC7, \ - 0xBF, 0xBC, 0xE8, 0xA9, 0x7B, 0xD4, 0x19, 0x0E, 0xEF, 0x4E, 0xE4, 0xBA, 0x8B, 0x7C, 0xDB, 0x6A, 0x2A, \ - 0xEA, 0xA3, 0xED, 0xDD, 0xCF, 0x00, 0x85, 0x4B, 0xA0, 0xC2, 0xBC, 0x72, 0x39, 0x3D, 0x6A, 0x5C, 0x9D, \ - 0xDA, 0x8C, 0x1C, 0x67, 0x9A, 0xDC, 0x73, 0xF3, 0x9E, 0x2E, 0xA2, 0x0C, 0x42, 0x86, 0xE4, 0xA6, 0x3F, \ - 0x05, 0x57, 0xD0, 0xE4, 0xA7, 0x75, 0x5B, 0xA8, 0xA4, 0xE3, 0x1A, 0x57, 0x02, 0xBD, 0xE7, 0xDA, 0x32, \ - 0xA2, 0x69, 0xAA, 0xEC, 0xEB, 0xAF, 0x42, 0x8C, 0x72, 0xE4, 0xB1, 0x15, 0x26, 0x25, 0x7B, 0x29, 0xF8, \ - 0x97, 0x3F, 0x12, 0x29, 0x4F, 0x0B, 0xA5, 0x2E, 0x74, 0x8F, 0xA9, 0xF4, 0xED, 0x00, 0x42, 0x73, 0x92, \ - 0x59, 0x0B, 0xA8, 0x98, 0xF7, 0x7E, 0xE7, 0x09, 0xEE, 0xA4, 0x91, 0x2F, 0x93, 0xB7, 0x91, 0x1A, 0xBF, \ - 0x94, 0x96, 0xF9, 0xCC, 0xA4, 0x16, 0xDA, 0x01, 0x7C, 0x1A, 0xF9, 0xC3, 0xE5, 0x8A, 0xCC, 0x96, 0x54, \ - 0xC2, 0xDE, 0x1E, 0x04, 0x98, 0xA3, 0x6B, 0x55, 0x61, 0xB8, 0x1C, 0x57, 0x70, 0x9E, 0xAB, 0x48, 0xEA, \ - 0xD7, 0x18, 0x0A, 0xC8, 0x45, 0xB1, 0xC8, 0x6A, 0x5A, 0xAA, 0xB6, 0xDE, 0x76, 0x76, 0x2B, 0x82, 0x45, \ - 0x7E, 0x17, 0x83, 0x51, 0xAA, 0x13, 0xC8, 0xBF, 0x30, 0x62, 0xB9, 0xAE, 0xB7, 0x74, 0x55, 0xC7, 0x24, \ - 0x94, 0x3C, 0x1C, 0xA5, 0x1E, 0x94, 0x70, 0x71, 0xAF, 0x29, 0x5B, 0x79, 0xF1, 0xAF, 0x31, 0x30, 0x82, \ - 0x0F, 0x3C, 0x5A, 0x05, 0x1D, 0x88, 0x7D, 0x63, 0x4C, 0xCE, 0x7D, 0xFD, 0x07, 0x17, 0xB0, 0xC8, 0x13, \ - 0xC4, 0x7B, 0x0F, 0xBD, 0xFC, 0x5E, 0x58, 0x14, 0xD6, 0x17, 0x10, 0x5D, 0xDB, 0x54, 0x60, 0x3C, 0x68, \ - 0x0B, 0x54, 0x84, 0xFA, 0xAB, 0xD0, 0x02, 0xFE, 0x66, 0xB3, 0xEC, 0xDF, 0x06, 0x97, 0xC4, 0x0C, 0xDC, \ - 0xEC, 0x4B, 0x9B, 0x6C, 0x3A, 0x04, 0x72, 0x84, 0xA0, 0x9D, 0xC2, 0x6A, 0xB5, 0x69, 0x81, 0x30, 0x57, \ - 0x5F, 0x40, 0x81, 0x4C, 0x57, 0xA8, 0x0B, 0x41, 0x24, 0x68, 0x36, 0x8E, 0xFD, 0x2A, 0xE0, 0x69, 0xF5, \ - 0x3E, 0x56, 0x52, 0xF4, 0x5A, 0xFF, 0xF6, 0x32, 0xC2, 0xAE, 0xF4, 0xCC, 0x88, 0xA6, 0x5F, 0xFB, 0xFB, \ - 0x6B, 0xD1, 0xFF, 0x65, 0x31, 0xE9, 0x38, 0x1B, 0xCC, 0xA0, 0x47, 0xC0, 0x0D, 0x3C, 0x10, 0x5D, 0xB3, \ - 0x46, 0x63, 0x2A, 0xC4, 0x74, 0xCA, 0xC4, 0x3E, 0x49, 0xEB, 0x0A, 0xE3, 0xD6, 0xF1, 0xE8, 0xF5, 0xC3, \ - 0x9C, 0xD2, 0xE6, 0xEF, 0xCB, 0x29, 0xAF, 0x5D, 0xEA, 0x27, 0x1D, 0x8B, 0x8F, 0xEB, 0x33, 0x9E, 0x57, \ - 0xD4, 0x55, 0xD8, 0xB0, 0x34, 0x43, 0xA4, 0xF6, 0x38, 0x8B, 0x66, 0x1E, 0x30, 0xA1, 0x7D, 0xAF, 0xC2, \ - 0x1E, 0x6B, 0xFD, 0x73, 0x05, 0x39, 0xB5, 0x06, 0xEF, 0x93, 0x1D, 0x7A, 0xF7, 0x15, 0x74, 0x3A, 0x72, \ - 0x06, 0x6F, 0x9F, 0xA8, 0xCF, 0x4D, 0x2A, 0x8C, 0xB4, 0x7F, 0xB9, 0x40, 0xE7, 0x2E, 0x8B, 0xC1, 0xD9, \ - 0x84, 0xFF, 0x5E, 0x78, 0x5D, 0x6C, 0x36, 0xDC, 0xD5, 0x92, 0x94, 0x17, 0x11, 0x0E, 0xE0, 0xE2, 0xFD, \ - 0xC0, \ - } - -#define KEY_CODE_ENC \ - { \ - 0x00, 0x00, 0x00, 0x02, 0xE2, 0x9B, 0x12, 0x4E, 0xF2, 0xDC, 0xA8, 0xE3, 0x2D, 0x7A, 0xB3, 0x98, 0x56, 0x3E, \ - 0x0A, 0x0F, 0x66, 0xCF, 0xB2, 0x37, 0x31, 0xBD, 0xD4, 0xD4, 0x42, 0x27, 0x73, 0x92, 0x23, 0xCC, 0xA7, \ - 0xE7, 0x51, 0xA4, 0x99, 0x91, 0x19, 0x68, 0x74, 0x92, 0xC9, 0x9D, 0xF2, 0x9F, 0x5B, 0x6E, 0x5E, 0x81 \ - } - -#define KEY_CODE_MAC \ - { \ - 0x00, 0x00, 0x00, 0x02, 0x81, 0x54, 0x3E, 0x5D, 0x47, 0xDE, 0x23, 0x7C, 0x00, 0x1B, 0x16, 0xBE, 0x1B, 0x05, \ - 0xED, 0xD2, 0xD5, 0xB2, 0x4D, 0x3C, 0xD3, 0xDD, 0xD5, 0xA9, 0x40, 0x5E, 0x7D, 0x90, 0x73, 0x74, 0xDE, \ - 0x05, 0xAC, 0x76, 0x7D, 0x87, 0xB6, 0x5E, 0x1F, 0x8E, 0xB5, 0x93, 0x53, 0x41, 0x51, 0x27, 0xE9, 0xF9 \ - } - -#define KEY_CODE_DEK \ - { \ - 0x00, 0x00, 0x00, 0x02, 0x88, 0xE0, 0x9A, 0x2B, 0x23, 0x77, 0xC3, 0xF5, 0xEE, 0x28, 0x4F, 0x7C, 0x5B, 0xD8, \ - 0x9C, 0xF5, 0xA8, 0xC9, 0xE4, 0xE3, 0xDC, 0x8D, 0x34, 0x3C, 0x00, 0x39, 0x7E, 0xA3, 0x35, 0x39, 0xFD, \ - 0xD1, 0xE4, 0x8D, 0xA9, 0x8C, 0x41, 0xAF, 0x8C, 0x8D, 0x50, 0xFE, 0x63, 0x96, 0x46, 0x2E, 0x4D, 0xEB \ - } - -#define EX_SSS_AUTH_SE05X_KEY_ENC KEY_CODE_ENC -#define EX_SSS_AUTH_SE05X_KEY_MAC KEY_CODE_MAC -#define EX_SSS_AUTH_SE05X_KEY_DEK KEY_CODE_DEK - -#endif // SECURE_WORLD - -#endif // __EX_SCP03_PUF_H__ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss.h deleted file mode 100644 index f967247a4..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss.h +++ /dev/null @@ -1,96 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_EX_INC_EX_SSS_H_ -#define SSS_EX_INC_EX_SSS_H_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#include - -#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM -#include -#endif -#if SSS_HAVE_MBEDTLS -#include -#endif -#if SSS_HAVE_OPENSSL -#include -#endif - -#if SSS_HAVE_SSCP -#include -#endif - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -#ifndef MAKE_TEST_ID -#define MAKE_TEST_ID(ID) (0xEF000000u + ID) -#endif /* MAKE_TEST_ID */ - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -#if 0 -typedef struct -{ - sss_session_t currentSession; - - sss_key_store_t ks; - - sss_sscp_session_t *sscp_session; -#if (SSS_HAVE_A71CH) || (SSS_HAVE_A71CH_SIM) - sss_a71ch_key_store_t *a71ch_keystore; -#endif - - sscp_context_t sscp; - sss_asymmetric_t asymVerifyCtx; - sss_asymmetric_t asymm; - sss_object_t keyPair; - sss_object_t extPubkey; - - sss_object_t Device_Cert; - sss_object_t Pubkey; - sss_object_t interCaCert; - sss_object_t interkeyPair; - sss_object_t clientCert; -#if SSS_HAVE_APPLET_SE05X_IOT - sss_session_t hostSession; - sss_key_store_t hostKs; - sss_object_t hostKey; -#endif - sss_symmetric_t symm; - sss_rng_context_t rng; - sss_mac_t mac; - -} sss_ex_ctx_t; - -#endif - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ -// extern const char *gszA71COMPortDefault; -// extern const char *gszA71SocketPortDefault; - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/* Entry point for each individual SSS API Based example */ - -#endif /* SSS_EX_INC_EX_SSS_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_auth.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_auth.h deleted file mode 100644 index ffd5be8b3..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_auth.h +++ /dev/null @@ -1,180 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_EX_INC_EX_SSS_AUTH_H_ -#define SSS_EX_INC_EX_SSS_AUTH_H_ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#include "ex_sss_boot.h" -#include "ex_sss_objid.h" -#include "ex_sss_scp03_keys.h" -#if defined(SECURE_WORLD) -#include "ex_scp03_puf.h" -#endif /* SECURE_WORLD */ -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -/* clang-format off */ - -/* Used in examples and testing */ -/* doc:start:auth-key-user-id */ -#define EX_SSS_AUTH_SE05X_UserID_AUTH_ID kEX_SSS_ObjID_UserID_Auth - -#define EX_SSS_AUTH_SE05X_UserID_VALUE \ - { \ - 0xC0, 0x01, 0x02, 0x03, 0x04 \ - } /* COOL 234*/ - -#define EX_SSS_AUTH_SE05X_UserID_VALUE2 \ - { \ - 0xC0, 0x01, 0x02, 0x03, 0x04, 0x05 \ - } /* COOL 2345*/ -/* doc:end:auth-key-user-id */ - -#define EX_SSS_AUTH_SE05X_NONE_AUTH_ID 0x00000000 - -/* doc:start:auth-key-applet-scp */ -#define EX_SSS_AUTH_SE05X_APPLETSCP_AUTH_ID kEX_SSS_ObjID_APPLETSCP03_Auth - -#define EX_SSS_AUTH_SE05X_APPLETSCP_VALUE \ - { \ - 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, \ - 0x4B, 0x4C, 0x4D, 0x4E, 0x4F \ - } - -#define EX_SSS_AUTH_SE05X_APPLETSCP_VALUE2 \ - { 0xea, 0x62, 0x04, 0x48, 0x0b, 0xf5, 0x19, 0xf6, 0xc2, 0xb7, 0x7f, \ - 0xba, 0x8b, 0x2d, 0x57, 0x30 \ - } -/* doc:end:auth-key-applet-scp */ - -/* Use the Platform SCP03 keys from required OEF - * See https://www.nxp.com/docs/en/application-note/AN12436.pdf - */ - -#if EXTERNAL_CUSTOMER_BUILD_CONFIGURATION - -#if SSS_HAVE_SE05X_VER_06_00 // Applet 6.0 - #ifndef EX_SSS_AUTH_SE05X_KEY_ENC - # define EX_SSS_AUTH_SE05X_KEY_ENC SSS_AUTH_SE051C2_KEY_ENC - #endif - #ifndef EX_SSS_AUTH_SE05X_KEY_MAC - # define EX_SSS_AUTH_SE05X_KEY_MAC SSS_AUTH_SE051C2_KEY_MAC - #endif - #ifndef EX_SSS_AUTH_SE05X_KEY_DEK - # define EX_SSS_AUTH_SE05X_KEY_DEK SSS_AUTH_SE051C2_KEY_DEK - #endif -#else - #ifndef EX_SSS_AUTH_SE05X_KEY_ENC - # define EX_SSS_AUTH_SE05X_KEY_ENC SSS_AUTH_SE050_DEVKIT_KEY_ENC - #endif - #ifndef EX_SSS_AUTH_SE05X_KEY_MAC - # define EX_SSS_AUTH_SE05X_KEY_MAC SSS_AUTH_SE050_DEVKIT_KEY_MAC - #endif - #ifndef EX_SSS_AUTH_SE05X_KEY_DEK - # define EX_SSS_AUTH_SE05X_KEY_DEK SSS_AUTH_SE050_DEVKIT_KEY_DEK - #endif -#endif - -#else -/* Test / dummy keys */ - -#ifndef EX_SSS_AUTH_SE05X_KEY_ENC -# define EX_SSS_AUTH_SE05X_KEY_ENC \ - { 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x01 } -#endif - -#ifndef EX_SSS_AUTH_SE05X_KEY_MAC -# define EX_SSS_AUTH_SE05X_KEY_MAC \ - { 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x02 } -#endif - -#ifndef EX_SSS_AUTH_SE05X_KEY_DEK -# define EX_SSS_AUTH_SE05X_KEY_DEK \ - { 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x03 } -#endif - -#endif - - -#define EX_SSS_AUTH_SE05X_KEY_VERSION_NO 0x0B - -/* doc:start:auth-key-fast-scp-ecdsa */ -#define EX_SSS_AUTH_SE05X_ECKEY_ECDSA_AUTH_ID kEX_SSS_objID_ECKEY_Auth - -#define EX_SSS_AUTH_SE05X_KEY_HOST_ECDSA_KEY \ - { \ - 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, \ - 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, \ - 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, \ - 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, \ - 0x01, 0x01, 0x04, 0x20, \ - 0x6D, 0x2F, 0x43, 0x2F, 0x8A, 0x2F, 0x45, 0xEC, \ - 0xD5, 0x82, 0x84, 0x7E, 0xC0, 0x83, 0xBB, 0xEB, \ - 0xC2, 0x3F, 0x1D, 0xF4, 0xF0, 0xDD, 0x2A, 0x6F, \ - 0xB8, 0x1A, 0x24, 0xE7, 0xB6, 0xD5, 0x4C, 0x7F, \ - 0xA1, 0x44, 0x03, 0x42, 0x00, \ - 0x04, 0x3C, 0x9E, 0x47, 0xED, 0xF0, 0x51, 0xA3, \ - 0x58, 0x9F, 0x67, 0x30, 0x2D, 0x22, 0x56, 0x7C, \ - 0x2E, 0x17, 0x22, 0x9E, 0x88, 0x83, 0x33, 0x8E, \ - 0xC3, 0xB7, 0xD5, 0x27, 0xF9, 0xEE, 0x71, 0xD0, \ - 0xA8, 0x1A, 0xAE, 0x7F, 0xE2, 0x1C, 0xAA, 0x66, \ - 0x77, 0x78, 0x3A, 0xA8, 0x8D, 0xA6, 0xD6, 0xA8, \ - 0xAD, 0x5E, 0xC5, 0x3B, 0x10, 0xBC, 0x0B, 0x11, \ - 0x09, 0x44, 0x82, 0xF0, 0x4D, 0x24, 0xB5, 0xBE, \ - 0xC4 \ - } - -#define EX_SSS_AUTH_SE05X_KEY_HOST_ECDSA_KEY2 \ - { \ - 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, \ - 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, \ - 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, \ - 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, \ - 0x01, 0x01, 0x04, 0x20, \ - 0x12, 0xe2, 0xd3, 0xc7, 0x31, 0xa6, 0x7c, 0x32, \ - 0xfb, 0xd7, 0x2f, 0xa9, 0xc4, 0xbb, 0xc2, 0xd0, \ - 0x64, 0xad, 0x50, 0x99, 0xd3, 0x3d, 0x01, 0x4b, \ - 0x4f, 0x36, 0x90, 0x9c, 0xba, 0xab, 0xbb, 0xda, \ - 0xA1, 0x44, 0x03, 0x42, 0x00, \ - 0x04, 0x0d, 0x0e, 0x03, 0xdd, 0x40, 0x1e, 0x77, \ - 0xff, 0xab, 0xa8, 0xb5, 0x79, 0xdb, 0x8a, 0xf4, \ - 0x09, 0x7b, 0x59, 0x4e, 0xe8, 0xa0, 0xb8, 0x1c, \ - 0xeb, 0xa8, 0x53, 0x96, 0xc6, 0x13, 0x96, 0x56, \ - 0x13, 0x5e, 0x68, 0x75, 0xb9, 0xe9, 0x79, 0x29, \ - 0x28, 0x8c, 0x7d, 0xa1, 0xf2, 0x78, 0x7b, 0x66, \ - 0x86, 0xcc, 0x9e, 0x6b, 0xf6, 0x03, 0xc2, 0xfe, \ - 0x59, 0x1b, 0xab, 0x4a, 0x40, 0x24, 0x70, 0xe4, \ - 0x8b \ - } - -/* doc:end:auth-key-fast-scp-ecdsa */ - -/* clang-format on */ - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -#endif /* SSS_EX_INC_EX_SSS_AUTH_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_boot.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_boot.h deleted file mode 100644 index 3d6ed1b12..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_boot.h +++ /dev/null @@ -1,220 +0,0 @@ -/* - * - * Copyright 2019-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file - * - * ex_sss_boot.h: *The purpose and scope of this file* - * - * Project: SecureIoTMW-Debug@appboot-top-eclipse_x86 - * - * $Date: Mar 10, 2019 $ - * $Author: ing05193 $ - * $Revision$ - */ - -#ifndef SSS_EX_INC_EX_SSS_BOOT_H_ -#define SSS_EX_INC_EX_SSS_BOOT_H_ - -/* ***************************************************************************************************************** - * Includes - * ***************************************************************************************************************** */ - -#ifdef __cplusplus -extern "C" { -#endif - -#include "ex_sss.h" -#include "fsl_sss_api.h" - -#if SSS_HAVE_APPLET_SE05X_IOT -#include "fsl_sss_se05x_types.h" -#endif -#include "ex_sss_ports.h" -#include "nxScp03_Types.h" - -/* ***************************************************************************************************************** - * MACROS/Defines - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Types/Structure Declarations - * ***************************************************************************************************************** */ -#if SSS_HAVE_SE || SSS_HAVE_APPLET_SE05X_IOT - -typedef union ex_auth { - struct - { - NXSCP03_StaticCtx_t ex_static; //!< .static keys data - NXSCP03_DynCtx_t ex_dyn; //!< session keys data - } scp03; - struct - { - NXECKey03_StaticCtx_t ex_static; //!< .static keys data - NXSCP03_DynCtx_t ex_dyn; //!< session keys data - } eckey; - struct - { - sss_object_t ex_id; - } id; -} ex_SE05x_authCtx_t; -#endif - -typedef struct -{ - sss_session_t session; - sss_key_store_t ks; - -#if SSS_HAVE_HOSTCRYPTO_ANY || SSS_HAVE_SSCP - sss_session_t host_session; -#endif - -#if SSS_HAVE_HOSTCRYPTO_ANY - sss_key_store_t host_ks; -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT || SSS_HAVE_APPLET_LOOPBACK - SE_Connect_Ctx_t se05x_open_ctx; - sss_tunnel_t *pTunnel_ctx; - ex_SE05x_authCtx_t ex_se05x_auth; -#endif - -#if SSS_HAVE_SSCP - sscp_context_t sscp_ctx; -#endif - -} ex_sss_boot_ctx_t; - -#if SSS_HAVE_APPLET_SE05X_IOT -typedef struct -{ - sss_session_t platf_session; - SE_Connect_Ctx_t platf_open_ctx; - sss_session_t *phost_session; - sss_key_store_t *phost_ks; -#if 1 //SSS_HAVE_HOSTCRYPTO_ANY - /* Keeping this to be consistant on binary sizes */ - ex_SE05x_authCtx_t ex_se05x_auth; -#endif // SSS_HAVE_HOSTCRYPTO_ANY -} ex_sss_platf_ctx_t; -#endif - -typedef struct -{ - sss_object_t pub_obj; - sss_object_t obj; - sss_object_t dev_cert; - sss_object_t interCaCert; - sss_key_store_t *pHost_ks; - uint32_t client_keyPair_index; - uint32_t client_cert_index; -} ex_sss_cloud_ctx_t; - -/* ***************************************************************************************************************** - * Extern Variables - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Function Prototypes - * ***************************************************************************************************************** */ - -#if SSS_HAVE_APPLET_SE05X_IOT - -sss_status_t ex_sss_se05x_prepare_host(sss_session_t *host_session, - sss_key_store_t *host_ks, - SE05x_Connect_Ctx_t *se05x_open_ctx, - ex_SE05x_authCtx_t *ex_se05x_authctx, - SE_AuthType_t auth_type); - -/* Prepare host for multiple user sessions */ -sss_status_t ex_sss_se05x_prepare_host_keys(sss_session_t *pHostSession, - sss_key_store_t *pHostKs, - SE_Connect_Ctx_t *pConnectCtx, - ex_SE05x_authCtx_t *se05x_auth_ctx, - uint32_t offset); -#endif - -#if SSS_HAVE_SE -sss_status_t ex_sss_se_prepare_host(sss_session_t *host_session, - sss_key_store_t *host_ks, - SE_Connect_Ctx_t *se05x_open_ctx, - ex_SE05x_authCtx_t *ex_se05x_authctx, - SE_AuthType_t auth_type); -#endif - -/** The case where we connect to the cyrptogrpahic system directly. - * - * e.g. when running form an embedded sytem, without any choice of Port Numbers, etc. - */ -sss_status_t ex_sss_boot_direct(void); - -/** The case where we connect to the cyrptogrpahic system in-directly. - * - * This function is a similar to @ref ex_sss_boot_direct. - * - * This function expects that the last argument in argv is the - * expected/probable port name. - * - * e.g. when running form PC, where we are connected - * to secure element via a COM Port/Socket Port. In such cases, - * taking the Port number from a Command Line Argument, - * or Environment Variable would make sense and examples - * would become more portable. - * - * @param argc count of parameters, as received by main - * @param argv Array of argv, as received by main - * @param[out] pPortName Possible port name - * @return 0 if successful. - */ -sss_status_t ex_sss_boot_connectstring(int argc, const char *argv[], const char **pPortName); - -/** - * For the case where few activities have to be performed - * after RTOS initialization, this API would be executed - * as an RTOS Task. - * - * @return - */ -sss_status_t ex_sss_boot_rtos(void *); - -/** Is this a serail port */ -bool ex_sss_boot_isSerialPortName(const char *portName); - -/** Is this --help request */ -bool ex_sss_boot_isHelp(const char *argname); - -/** Is this a socket port */ -bool ex_sss_boot_isSocketPortName(const char *portName); - -/** Open an example session */ -sss_status_t ex_sss_boot_open(ex_sss_boot_ctx_t *pCtx, const char *portName); - -/** Open an example cc session */ -sss_status_t ex_sss_boot_open_on_id(ex_sss_boot_ctx_t *pCtx, const char *portName, const int32_t authId); - -/** Open an example session */ -sss_status_t ex_sss_boot_factory_reset(ex_sss_boot_ctx_t *pCtx); - -/** Close an example session */ -void ex_sss_session_close(ex_sss_boot_ctx_t *pCtx); - -/** Entry Point for each example */ -sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx); - -#define ex_sss_kestore_and_object_init ex_sss_key_store_and_object_init - -sss_status_t ex_sss_key_store_and_object_init(ex_sss_boot_ctx_t *pCtx); - -int ex_sss_boot_rtos_init(void); - -#if SSS_HAVE_HOSTCRYPTO_ANY -sss_status_t ex_sss_boot_open_host_session(ex_sss_boot_ctx_t *pCtx); -#endif - -#if defined(__cplusplus) -} -#endif - -#endif /* SSS_EX_INC_EX_SSS_BOOT_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc.h deleted file mode 100644 index 9ce448dbb..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc.h +++ /dev/null @@ -1,382 +0,0 @@ -/* - * - * Copyright 2019-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/* Common, Re-Usable main implementation */ -/* Include this header file only once in the application */ - -/* - * Applications control the boot flow by defining these macros. - * - * - * - EX_SSS_BOOT_PCONTEXT : Pointer to ex_sss_boot_ctx_t - * This allows that boot framework do not blindly rely on - * global variables. - * - * - EX_SSS_BOOT_DO_ERASE : Delete all objects on boot up if 1 - * Few examples expect the IC is *empty*, and few examples - * expect to work with previously provisioned/persisted data. - * This variable allows to over-ride that behaviour. - * - * - EX_SSS_BOOT_EXPOSE_ARGC_ARGV : Expose ARGC & ARGV from Command - * line to Application. - * When running from PC/Linux/OSX, command line arguments allow - * to choose extra command line parameters, e.g. Input/Output - * certificate or signing/verifying data. - * But on embedded platforms, such feature is not possible to - * achieve. - * - * Optional variables: - * - * - EX_SSS_BOOT_RTOS_STACK_SIZE : For RTOS based system, - * this is over-ridden and passed to RTOS based example - * boot up. It sets value needed for new task. - * Please note, FREE RTOS will reserve - * EX_SSS_BOOT_RTOS_STACK_SIZE * sizeof(UBaseType_t) - * bytes. - * - * - EX_SSS_BOOT_OPEN_HOST_SESSION : For examples that do not - * need host side implementation, his allows to skip opening - * the host session. (Host session is needed to either re-verify - * test data at host, or for SCP03). - * By default this is enabled. - * - * - */ - -#if defined(FRDM_KW41Z) || defined(FRDM_K64F) || defined(IMX_RT) || defined(LPC_55x) || defined(QN9090DK6) -#define HAVE_KSDK -#endif - -#ifdef HAVE_KSDK -#include "ex_sss_main_inc_ksdk.h" -#endif - -#if defined(__linux__) && defined(T1oI2C) -#if SSS_HAVE_APPLET_SE05X_IOT -#include "ex_sss_main_inc_linux.h" -#endif -#endif -#include /* memset */ - -#include "PlugAndTrust_Pkg_Ver.h" -#include "string.h" /* memset */ - -#if defined(USE_RTOS) && USE_RTOS == 1 -#ifndef INC_FREERTOS_H /* Header guard of FreeRTOS */ -#include "FreeRTOS.h" -#include "FreeRTOSConfig.h" -#endif /* INC_FREERTOS_H */ -#include "task.h" -#include "iot_logging_task.h" -#define LOGGING_TASK_PRIORITY (tskIDLE_PRIORITY + 1) -#define LOGGING_TASK_STACK_SIZE (200) -#define LOGGING_QUEUE_LENGTH (16) -#endif - -#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM -#include "ex_a71ch_scp03.h" -#endif - -#ifdef EX_SSS_BOOT_PCONTEXT -#define PCONTEXT EX_SSS_BOOT_PCONTEXT -#else -#define PCONTEXT (NULL) -#endif - -#if !defined(EX_SSS_BOOT_DO_ERASE) -#error EX_SSS_BOOT_DO_ERASE must be set to 0 or 1 -#endif - -#if !defined(EX_SSS_BOOT_EXPOSE_ARGC_ARGV) -#error EX_SSS_BOOT_EXPOSE_ARGC_ARGV must be set to 0 or 1 -#endif - -#if EX_SSS_BOOT_EXPOSE_ARGC_ARGV -static int gex_sss_argc; -static const char **gex_sss_argv; -#endif - -#if !defined(EX_SSS_BOOT_OPEN_HOST_SESSION) -#define EX_SSS_BOOT_OPEN_HOST_SESSION 1 -#endif - -#if !defined(EX_SSS_BOOT_RTOS_STACK_SIZE) -#define EX_SSS_BOOT_RTOS_STACK_SIZE 8500 -#endif - -#if defined(USE_RTOS) && USE_RTOS == 1 -static TaskHandle_t gSSSExRtosTaskHandle = NULL; -static void sss_ex_rtos_task(void *ctx); -#if INCLUDE_uxTaskGetStackHighWaterMark -void sss_ex_rtos_stack_size(const char *when); -#endif // INCLUDE_uxTaskGetStackHighWaterMark -#if (!AX_EMBEDDED) -extern void prvMiscInitialisation(void); -#endif -#endif /* RTOS */ - -#if defined(CPU_JN518X) -/* Allocate the memory for the heap. */ -uint8_t __attribute__((section(".bss.$SRAM1"))) ucHeap[configTOTAL_HEAP_SIZE]; -#endif - -int main(int argc, const char *argv[]) -{ - int ret; - sss_status_t status = kStatus_SSS_Fail; - const char *portName; - -#if EX_SSS_BOOT_EXPOSE_ARGC_ARGV - gex_sss_argc = argc; - gex_sss_argv = argv; -#endif // EX_SSS_BOOT_EXPOSE_ARGC_ARGV - -#ifdef HAVE_KSDK - ex_sss_main_ksdk_bm(); -#endif // HAVE_KSDK - -#if defined(__linux__) && defined(T1oI2C) && SSS_HAVE_APPLET_SE05X_IOT - ex_sss_main_linux_conf(); -#endif // defined(__linux__) && defined(T1oI2C) && SSS_HAVE_APPLET_SE05X_IOT - - LOG_I(PLUGANDTRUST_PROD_NAME_VER_FULL); - -#ifdef EX_SSS_BOOT_PCONTEXT - memset((EX_SSS_BOOT_PCONTEXT), 0, sizeof(*(EX_SSS_BOOT_PCONTEXT))); -#endif // EX_SSS_BOOT_PCONTEXT - -#if AX_EMBEDDED - portName = NULL; -#else - status = ex_sss_boot_connectstring(argc, argv, &portName); - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_boot_connectstring Failed"); - goto cleanup; - } -#endif // AX_EMBEDDED - -#if defined(USE_RTOS) && USE_RTOS == 1 -#if (!AX_EMBEDDED) && ENABLE_CLOUD_DEMOS - prvMiscInitialisation(); -#endif -#endif - - /* Initialise Logging locks */ - if (nLog_Init() != 0) { - LOG_E("Lock initialisation failed"); - } -#if defined(EX_SSS_BOOT_SKIP_SELECT_APPLET) && (EX_SSS_BOOT_SKIP_SELECT_APPLET == 1) - (PCONTEXT)->se05x_open_ctx.skip_select_applet = 1; -#endif - -#if defined(USE_RTOS) && USE_RTOS == 1 - if (xTaskCreate(&sss_ex_rtos_task, - "sss_ex_rtos_task", - EX_SSS_BOOT_RTOS_STACK_SIZE, - (void *)portName, - (tskIDLE_PRIORITY), - &gSSSExRtosTaskHandle) != pdPASS) { - LOG_E("Task creation failed!.\r\n"); - while (1) - ; - } - - /* Run RTOS */ - vTaskStartScheduler(); - -#else /* No RTOS, No Embedded */ - -#if !AX_EMBEDDED - if (ex_sss_boot_isHelp(portName)) { - memset(PCONTEXT, 0, sizeof(*PCONTEXT)); -#if EX_SSS_BOOT_EXPOSE_ARGC_ARGV - /* so that tool can fetchup last value */ - gex_sss_argc++; -#endif // EX_SSS_BOOT_EXPOSE_ARGC_ARGV - goto before_ex_sss_entry; - } -#endif - - status = ex_sss_boot_open(PCONTEXT, portName); - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_session_open Failed"); - goto cleanup; - } - -#if EX_SSS_BOOT_DO_ERASE - status = ex_sss_boot_factory_reset((PCONTEXT)); -#endif - - if (kType_SSS_SubSystem_NONE == ((PCONTEXT)->session.subsystem)) { - /* Nothing to do. Device is not opened - * This is needed for the case when we open a generic communication - * channel, without being specific to SE05X - */ - } - else { - status = ex_sss_key_store_and_object_init((PCONTEXT)); - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_key_store_and_object_init Failed"); - goto cleanup; - } - } - -#if EX_SSS_BOOT_OPEN_HOST_SESSION && SSS_HAVE_HOSTCRYPTO_ANY - ex_sss_boot_open_host_session((PCONTEXT)); -#endif - -#if (SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM) && SSS_HAVE_A71CH_AUTH_SCP03 - LOG_I("A71CH SCP03 add-on"); - { - // Variables used by calls to legacy API - U8 sCounter[3]; - U16 sCounterLen = sizeof(sCounter); - U16 sw = 0; - U8 scpKeyEncBase[SCP_KEY_SIZE]; - U8 scpKeyMacBase[SCP_KEY_SIZE]; - U8 scpKeyDekBase[SCP_KEY_SIZE]; - - LOG_I("** Establish SCP03 session: Start **"); - status = ex_a71ch_FetchRandomScp03Keys(scpKeyEncBase, scpKeyMacBase, scpKeyDekBase); - ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); - - status = ex_a71ch_SetSeScp03Keys(scpKeyEncBase, scpKeyMacBase, scpKeyDekBase); - ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); - - LOG_I("Clear host-side SCP03 channel state"); - DEV_ClearChannelState(); - - LOG_I("SCP_Authenticate()"); - sw = SCP_Authenticate(scpKeyEncBase, scpKeyMacBase, scpKeyDekBase, SCP_KEY_SIZE, sCounter, &sCounterLen); - status = (sw == SW_OK) ? kStatus_SSS_Success : kStatus_SSS_Fail; - ENSURE_OR_GO_CLEANUP(sw == SW_OK); - LOG_I("** Establish SCP03 session: End **"); - } -#endif // SSS_HAVE_A71CH && SSS_HAVE_A71CH_AUTH_SCP03 - -#if !AX_EMBEDDED -before_ex_sss_entry: -#endif - - status = ex_sss_entry((PCONTEXT)); - LOG_I("ex_sss Finished"); - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_entry Failed"); - goto cleanup; - } -#endif /* No RTOS, No Embedded */ - // Delete locks for pthreads - nLog_DeInit(); - goto cleanup; - -cleanup: -#ifdef EX_SSS_BOOT_PCONTEXT - ex_sss_session_close((EX_SSS_BOOT_PCONTEXT)); -#endif - if (kStatus_SSS_Success == status) { - ret = 0; -#if defined(HAVE_KSDK) && HAVE_KSDK_LED_APIS == 1 - ex_sss_main_ksdk_success(); -#endif -#if defined(__linux__) && defined(T1oI2C) && SSS_HAVE_APPLET_SE05X_IOT - ex_sss_main_linux_unconf(); -#endif // defined(__linux__) && defined(T1oI2C) && SSS_HAVE_APPLET_SE05X_IOT - } - else { - LOG_E("!ERROR! ret != 0."); - ret = 1; -#if defined(HAVE_KSDK) && HAVE_KSDK_LED_APIS == 1 - ex_sss_main_ksdk_failure(); -#endif - } - return ret; -} - -#if defined(USE_RTOS) && USE_RTOS == 1 -static void sss_ex_rtos_task(void *ctx) -{ - sss_status_t status; - -#if INCLUDE_uxTaskGetStackHighWaterMark - sss_ex_rtos_stack_size("Boot"); -#endif // INCLUDE_uxTaskGetStackHighWaterMark - -#if AX_EMBEDDED - ex_sss_main_ksdk_boot_rtos_task(); -#endif - status = ex_sss_boot_open(PCONTEXT, (const char *)ctx); - - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_session_open Failed."); - goto exit; - } - - status = ex_sss_key_store_and_object_init((PCONTEXT)); - - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_key_store_and_object_init Failed"); - goto exit; - } - -#if INCLUDE_uxTaskGetStackHighWaterMark - sss_ex_rtos_stack_size("Before:ex_sss_entry"); -#endif // INCLUDE_uxTaskGetStackHighWaterMark - -#if EX_SSS_BOOT_DO_ERASE - status = ex_sss_boot_factory_reset((PCONTEXT)); - if (kStatus_SSS_Success != status) { - LOG_W("ex_sss_boot_factory_reset Failed"); - } -#if INCLUDE_uxTaskGetStackHighWaterMark - sss_ex_rtos_stack_size("after:erase"); -#endif // INCLUDE_uxTaskGetStackHighWaterMark -#endif - -#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM -#if EX_SSS_BOOT_OPEN_HOST_SESSION - ex_sss_boot_open_host_session((PCONTEXT)); -#endif -#endif - - xLoggingTaskInitialize(LOGGING_TASK_STACK_SIZE, LOGGING_TASK_PRIORITY, LOGGING_QUEUE_LENGTH); - status = ex_sss_entry((PCONTEXT)); - - LOG_I("ex_sss Finished"); - if (kStatus_SSS_Success != status) { - LOG_E("ex_sss_entry Failed"); - } - - ex_sss_session_close(PCONTEXT); - /* Delete locks for FreeRtos*/ - nLog_DeInit(); -#if INCLUDE_uxTaskGetStackHighWaterMark - sss_ex_rtos_stack_size("After:ex_sss_entry"); -#endif // INCLUDE_uxTaskGetStackHighWaterMark -exit: -#if defined(_MSC_VER) || defined(__linux__) || defined(__MINGW32__) || defined(__MINGW64__) - if (kStatus_SSS_Success == status) { - exit(0); - } - else { - exit(1); - } -#else - vTaskDelete(NULL); -#endif -} - -#if INCLUDE_uxTaskGetStackHighWaterMark -void sss_ex_rtos_stack_size(const char *when) -{ -#if LOG_INFO_ENABLED - UBaseType_t stackused; - stackused = EX_SSS_BOOT_RTOS_STACK_SIZE - uxTaskGetStackHighWaterMark(gSSSExRtosTaskHandle); - LOG_I("STACK USED [%s] %d", when, sizeof(UBaseType_t) * stackused); -#endif -} -#endif /* INCLUDE_uxTaskGetStackHighWaterMark */ - -#endif /* No RTOS, No Embedded */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc_linux.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc_linux.h deleted file mode 100644 index cd8b4002d..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc_linux.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - * - * Copyright 2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#include "ax_reset.h" - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -void ex_sss_main_linux_conf() -{ - axReset_HostConfigure(); - axReset_PowerUp(); -} - -void ex_sss_main_linux_unconf() -{ - axReset_PowerDown(); - axReset_HostUnconfigure(); -} diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_objid.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_objid.h deleted file mode 100644 index 5e5beb1b4..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_objid.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * - * Copyright 2019-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file - * - * ex_sss_objid.h: Reserved Object Identifiers - * - * Project: SecureIoTMW-Debug@simw-top-eclipse_x86 - * - * $Date: Mar 27, 2019 $ - * $Author: ing05193 $ - * $Revision$ - */ - -#ifndef SSS_EX_INC_EX_SSS_OBJID_H_ -#define SSS_EX_INC_EX_SSS_OBJID_H_ - -/* ***************************************************************************************************************** - * Includes - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * MACROS/Defines - * ***************************************************************************************************************** */ - -/* clang-format off */ -#define EX_SSS_OBJID_CUST_START 0x00000001u -#define SE05X_OBJID_TP_MASK(X) (0xFFFFFFFC & (X)) -#define EX_SSS_OBJID_CUST_END 0x7BFFFFFFu - -#define EX_SSS_OBJID_AKM_START 0x7C000000u -#define EX_SSS_OBJID_AKM_END 0x7CFFFFFFu - -#define EX_SSS_OBJID_DEMO_START 0x7D000000u -#define EX_SSS_OBJID_DEMO_SA_START 0x7D500000u -#define EX_SSS_OBJID_DEMO_WIFI_START 0x7D51F000u -/* doc:start:mif-kdf-start-keyid */ -#define EX_SSS_OBJID_DEMO_MFDF_START 0x7D5DF000u -/* doc:end:mif-kdf-start-keyid */ -/////// EX_SSS_OBJID_DEMO_SA_END 0x7D5FFFFFu -#define EX_SSS_OBJID_DEMO_AUTH_START 0x7DA00000u -#define EX_SSS_OBJID_DEMO_AUTH_MASK(X) (0xFFFF0000u & (X)) -/////// EX_SSS_OBJID_DEMO_AUTH_END 0x7DA0FFFFu -#define EX_SSS_OBJID_DEMO_CLOUD_START 0x7DC00000u -#define EX_SSS_OBJID_DEMO_CLOUD_IBM_START 0x7DC1B000u -#define EX_SSS_OBJID_DEMO_CLOUD_GCP_START 0x7DC6C000u -#define EX_SSS_OBJID_DEMO_CLOUD_AWS_START 0x7DCA5000u -#define EX_SSS_OBJID_DEMO_CLOUD_AZURE_START 0x7DCAC000u -/////// EX_SSS_OBJID_DEMO_CLOUD_END 0x7DCFFFFFu -#define EX_SSS_OBJID_DEMO_END 0x7DFFFFFFu -#define SE05X_OBJID_SE05X_APPLET_RES_START 0x7FFF0000u -#define SE05X_OBJID_SE05X_APPLET_RES_MASK(X) \ - (0xFFFF0000u & (X)) -#define SE05X_OBJID_SE05X_APPLET_RES_END 0x7FFFFFFFu - -/* IoT Hub Managed */ -#define SE05X_OBJID_IOT_HUB_M_START 0x80000000u -#define SE05X_OBJID_IOT_HUB_M_END 0xEEFFFFFFu -#define EX_SSS_OBJID_TEST_START 0xEF000000u -#define EX_SSS_OBJID_TEST_END 0xEFFFFFFFu - -/* IoT Hub Access */ -#define EX_SSS_OBJID_IOT_HUB_A_START 0xF0000000u -#define EX_SSS_OBJID_IOT_HUB_A_MASK(X) (0xF0000000u & (X)) - -//Device Key and Certificate - ECC-256 -#define EX_SSS_OBJID_TP_KEY_EC_D 0xF0000100 -#define EX_SSS_OBJID_TP_CERT_EC_D 0xF0000101 -//Gateway Key and Certificate - ECC-256 -#define EX_SSS_OBJID_TP_KEY_EC_G 0xF0000102 -#define EX_SSS_OBJID_TP_CERT_EC_G 0xF0000103 - -//Device Key and Certificate - RSA-2K -#define EX_SSS_OBJID_TP_KEY_RSA2K_D 0xF0000110 -#define EX_SSS_OBJID_TP_CERT_RSA2K_D 0xF0000111 -//Gateway Key and Certificate - RSA-2K -#define EX_SSS_OBJID_TP_KEY_RSA2K_G 0xF0000112 -#define EX_SSS_OBJID_TP_CERT_RSA2K_G 0xF0000113 -//Device Key and Certificate - RSA-4K -#define EX_SSS_OBJID_TP_KEY_RSA4K_D 0xF0000120 -#define EX_SSS_OBJID_TP_CERT_RSA4K_D 0xF0000121 -//Gateway Key and Certificate - RSA-4K -#define EX_SSS_OBJID_TP_KEY_RSA4K_G 0xF0000122 -#define EX_SSS_OBJID_TP_CERT_RSA4K_G 0xF0000123 - -#define EX_SSS_OBJID_IOT_HUB_A_END 0xFFFFFFFFu - -/* clang-format on */ - -/* ***************************************************************************************************************** - * Types/Structure Declarations - * ***************************************************************************************************************** */ - -enum -{ - kEX_SSS_ObjID_UserID_Auth = EX_SSS_OBJID_DEMO_AUTH_START + 1, - kEX_SSS_ObjID_APPLETSCP03_Auth, - kEX_SSS_objID_ECKEY_Auth, -}; - -/* ***************************************************************************************************************** - * Extern Variables - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Function Prototypes - * ***************************************************************************************************************** */ - -#endif /* SSS_EX_INC_EX_SSS_OBJID_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_ports.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_ports.h deleted file mode 100644 index ed238e7ef..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_ports.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * - * Copyright 2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file - * - * ex_sss_ports.h: Default ports being used in Examples and test cases - * - * $Date: Mar 10, 2019 $ - * $Author: ing05193 $ - * $Revision$ - */ - -#ifndef SSS_EX_INC_EX_SSS_PORTS_H_ -#define SSS_EX_INC_EX_SSS_PORTS_H_ - -/* ***************************************************************************************************************** - * Includes - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * MACROS/Defines - * ***************************************************************************************************************** */ - -#define EX_SSS_BOOT_SSS_PORT "EX_SSS_BOOT_SSS_PORT" -#ifdef __linux__ -#define EX_SSS_BOOT_SSS_COMPORT_DEFAULT "/dev/ttyACM0" -#else -#define EX_SSS_BOOT_SSS_COMPORT_DEFAULT "\\\\.\\COM7" -#endif -#define EX_SSS_BOOT_SSS_SOCKET_HOSTNAME_DEFAULT "127.0.0.1" -#define EX_SSS_BOOT_SSS_SOCKET_PORTNUMBER_DEFAULT 8050 -#define EX_SSS_BOOT_SSS_SOCKET_PORTSZ_DEFAULT "8050" -#define EX_SSS_BOOT_SSS_PCSC_READER_DEFAULT "NXP SE050C v03.01.00 0" -#define EX_SSS_BOOT_SSS_SOCKETPORT_DEFAULT \ - EX_SSS_BOOT_SSS_SOCKET_HOSTNAME_DEFAULT \ - ":" EX_SSS_BOOT_SSS_SOCKET_PORTSZ_DEFAULT - -/* ***************************************************************************************************************** - * Types/Structure Declarations - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Extern Variables - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Function Prototypes - * ***************************************************************************************************************** */ - -#endif /* SSS_EX_INC_EX_SSS_PORTS_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_scp03_keys.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_scp03_keys.h deleted file mode 100644 index 9e894babd..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_scp03_keys.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_EX_INC_EX_SSS_SCP03_KEYS_H_ -#define SSS_EX_INC_EX_SSS_SCP03_KEYS_H_ - -#include "ex_sss_tp_scp03_keys.h" - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -#define EX_SSS_BOOT_SCP03_PATH_ENV "EX_SSS_BOOT_SCP03_PATH" - -/* Modify based on platform */ -#if defined(ANDROID) -/* Could be set to /data/vendor/secure_iot/ if sepolicies are in effect */ -/* doc:start:android-scp03-path */ -#define EX_SSS_SCP03_FILE_DIR "/data/vendor/SE05x/" -#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt" -/* doc:end:android-scp03-path */ -#elif defined(__linux__) -/* doc:start:linux-scp03-path */ -#define EX_SSS_SCP03_FILE_DIR "/tmp/SE05X/" -#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt" -/* doc:end:linux-scp03-path */ -#elif defined(_MSC_VER) -/* doc:start:windows-scp03-path */ -#define EX_SSS_SCP03_FILE_DIR "C:\\nxp\\SE05X\\" -#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt" -/* doc:end:windows-scp03-path */ -#else -/* Not defined / avialable */ -#endif - -#ifdef EX_SSS_SCP03_FILE_PATH -sss_status_t scp03_keys_from_path( - uint8_t *penc, size_t enc_len, uint8_t *pmac, size_t mac_len, uint8_t *pdek, size_t dek_len); -#endif - -#define SSS_AUTH_SE050_OEF_0004A2D0_KEY_ENC \ - { \ - 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x01 \ - } - -#define SSS_AUTH_SE050_OEF_0004A2D0_KEY_MAC \ - { \ - 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x02 \ - } - -#define SSS_AUTH_SE050_OEF_0004A2D0_KEY_DEK \ - { \ - 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x03 \ - } - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -#endif /* SSS_EX_INC_EX_SSS_SCP03_KEYS_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_tp_scp03_keys.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_tp_scp03_keys.h deleted file mode 100644 index 24421b7cd..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_tp_scp03_keys.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * - * Copyright 2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_AUTH_SE050_OEF_20191211_1809_ -#define SSS_AUTH_SE050_OEF_20191211_1809_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -/* clang-format off */ - - - -/* See https://www.nxp.com/docs/en/application-note/AN12436.pdf */ - -// Variant ==> OEF ID -// SE050A1 ==> A204 -// SE050A2 ==> A205 -// SE050B1 ==> A202 -// SE050B2 ==> A203 -// SE050C1 ==> A200 -// SE050C2 ==> A201 -// Development Board ==> A1F4 (DEVKIT) - -// SE050A1 -#define SSS_AUTH_SE050A1_KEY_ENC \ - {0x34, 0xae, 0x09, 0x67, 0xe3, 0x29, 0xe9, 0x51, 0x8e, 0x72, 0x65, 0xd5, 0xad, 0xcc, 0x01, 0xc2 } -#define SSS_AUTH_SE050A1_KEY_MAC \ - {0x52, 0xb2, 0x53, 0xca, 0xdf, 0x47, 0x2b, 0xdb, 0x3d, 0x0f, 0xb3, 0x8e, 0x09, 0x77, 0x00, 0x99 } -#define SSS_AUTH_SE050A1_KEY_DEK \ - {0xac, 0xc9, 0x14, 0x31, 0xfe, 0x26, 0x81, 0x1b, 0x5e, 0xcb, 0xc8, 0x45, 0x62, 0x0d, 0x83, 0x44 } - -// SE050A2 -#define SSS_AUTH_SE050A2_KEY_ENC \ - {0x46, 0xa9, 0xc4, 0x8c, 0x34, 0xef, 0xe3, 0x44, 0xa5, 0x22, 0xe6, 0x67, 0x44, 0xf8, 0x99, 0x6a } -#define SSS_AUTH_SE050A2_KEY_MAC \ - {0x12, 0x03, 0xff, 0x61, 0xdf, 0xbc, 0x9c, 0x86, 0x19, 0x6a, 0x22, 0x74, 0xae, 0xf4, 0xed, 0x28 } -#define SSS_AUTH_SE050A2_KEY_DEK \ - {0xf7, 0x56, 0x1c, 0x6f, 0x48, 0x33, 0x61, 0x19, 0xee, 0x39, 0x43, 0x9a, 0xab, 0x34, 0x09, 0x8e } - -// SE050B1 -#define SSS_AUTH_SE050B1_KEY_ENC \ - {0xd4, 0x99, 0xbc, 0x90, 0xde, 0xa5, 0x42, 0xcf, 0x78, 0xd2, 0x5e, 0x13, 0xd6, 0x4c, 0xbb, 0x1f } -#define SSS_AUTH_SE050B1_KEY_MAC \ - {0x08, 0x15, 0x55, 0x96, 0x43, 0xfb, 0x79, 0xeb, 0x85, 0x01, 0xa0, 0xdc, 0x83, 0x3d, 0x90, 0x1f } -#define SSS_AUTH_SE050B1_KEY_DEK \ - {0xbe, 0x7d, 0xdf, 0xb4, 0x06, 0xe8, 0x1a, 0xe4, 0xe9, 0x66, 0x5a, 0x9f, 0xed, 0x64, 0x26, 0x7c } - -// SE050B2 -#define SSS_AUTH_SE050B2_KEY_ENC \ - {0x5f, 0xa4, 0x3d, 0x82, 0x02, 0xd2, 0x5e, 0x9a, 0x85, 0xb1, 0xfe, 0x7e, 0x2d, 0x26, 0x47, 0x8d } -#define SSS_AUTH_SE050B2_KEY_MAC \ - {0x10, 0x5c, 0xea, 0x22, 0x19, 0xf5, 0x2b, 0xd1, 0x67, 0xa0, 0x74, 0x63, 0xc6, 0x93, 0x79, 0xc3 } -#define SSS_AUTH_SE050B2_KEY_DEK \ - {0xd7, 0x02, 0x81, 0x57, 0xf2, 0xad, 0x37, 0x2c, 0x74, 0xbe, 0x96, 0x9b, 0xcc, 0x39, 0x06, 0x27 } - -// SE050C1 -#define SSS_AUTH_SE050C1_KEY_ENC \ - {0x85, 0x2b, 0x59, 0x62, 0xe9, 0xcc, 0xe5, 0xd0, 0xbe, 0x74, 0x6b, 0x83, 0x3b, 0xcc, 0x62, 0x87 } -#define SSS_AUTH_SE050C1_KEY_MAC \ - {0xdb, 0x0a, 0xa3, 0x19, 0xa4, 0x08, 0x69, 0x6c, 0x8e, 0x10, 0x7a, 0xb4, 0xe3, 0xc2, 0x6b, 0x47 } -#define SSS_AUTH_SE050C1_KEY_DEK \ - {0x4c, 0x2f, 0x75, 0xc6, 0xa2, 0x78, 0xa4, 0xae, 0xe5, 0xc9, 0xaf, 0x7c, 0x50, 0xee, 0xa8, 0x0c } - -// SE050C2 -#define SSS_AUTH_SE050C2_KEY_ENC \ - {0xbd, 0x1d, 0xe2, 0x0a, 0x81, 0xea, 0xb2, 0xbf, 0x3b, 0x70, 0x9a, 0x9d, 0x69, 0xa3, 0x12, 0x54 } -#define SSS_AUTH_SE050C2_KEY_MAC \ - {0x9a, 0x76, 0x1b, 0x8d, 0xba, 0x6b, 0xed, 0xf2, 0x27, 0x41, 0xe4, 0x5d, 0x8d, 0x42, 0x36, 0xf5 } -#define SSS_AUTH_SE050C2_KEY_DEK \ - {0x9b, 0x99, 0x3b, 0x60, 0x0f, 0x1c, 0x64, 0xf5, 0xad, 0xc0, 0x63, 0x19, 0x2a, 0x96, 0xc9, 0x47 } - -// SE050_DEVKIT -#define SSS_AUTH_SE050_DEVKIT_KEY_ENC \ - {0x35, 0xc2, 0x56, 0x45, 0x89, 0x58, 0xa3, 0x4f, 0x61, 0x36, 0x15, 0x5f, 0x82, 0x09, 0xd6, 0xcd } -#define SSS_AUTH_SE050_DEVKIT_KEY_MAC \ - {0xaf, 0x17, 0x7d, 0x5d, 0xbd, 0xf7, 0xc0, 0xd5, 0xc1, 0x0a, 0x05, 0xb9, 0xf1, 0x60, 0x7f, 0x78 } -#define SSS_AUTH_SE050_DEVKIT_KEY_DEK \ - {0xa1, 0xbc, 0x84, 0x38, 0xbf, 0x77, 0x93, 0x5b, 0x36, 0x1a, 0x44, 0x25, 0xfe, 0x79, 0xfa, 0x29 } - -// SE051A2 -#define SSS_AUTH_SE051A2_KEY_ENC \ - { 0x84, 0x0a, 0x5d, 0x51, 0x79, 0x55, 0x11, 0xc9, 0xce, 0xf0, 0xc9, 0x6f, 0xd2, 0xcb, 0xf0, 0x41 } -#define SSS_AUTH_SE051A2_KEY_MAC \ - { 0x64, 0x6b, 0xc2, 0xb8, 0xc3, 0xa4, 0xd9, 0xc1, 0xfa, 0x8d, 0x71, 0x16, 0xbe, 0x04, 0xfd, 0xfe } -#define SSS_AUTH_SE051A2_KEY_DEK \ - { 0x03, 0xe6, 0x69, 0x9a, 0xca, 0x94, 0x26, 0xd9, 0xc3, 0x89, 0x22, 0xf8, 0x91, 0x4c, 0xe5, 0xf7 } - -// SE051C2 -#define SSS_AUTH_SE051C2_KEY_ENC \ - { 0x88, 0xdb, 0xcd, 0x65, 0x82, 0x0d, 0x2a, 0xa0, 0x6f, 0xfa, 0xb9, 0x2a, 0xa8, 0xe7, 0x93, 0x64 } -#define SSS_AUTH_SE051C2_KEY_MAC \ - { 0xa8, 0x64, 0x4e, 0x2a, 0x04, 0xd9, 0xe9, 0xc8, 0xc0, 0xea, 0x60, 0x86, 0x68, 0x29, 0x99, 0xe5 } -#define SSS_AUTH_SE051C2_KEY_DEK \ - { 0x8a, 0x38, 0x72, 0x38, 0x99, 0x88, 0x18, 0x44, 0xe2, 0xc1, 0x51, 0x3d, 0xac, 0xd9, 0xf8, 0x0d } - -/* clang-format on */ - -/* ************************************************************************** */ -/* Structures and Typedefs */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -#endif /* SSS_AUTH_SE050_OEF_20191211_1809_ */ \ No newline at end of file diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_int.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_int.h deleted file mode 100644 index f060e1244..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_int.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * - * Copyright 2019-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file - * - * ex_sss_boot_int.h: *The purpose and scope of this file* - * - * Project: SecureIoTMW-Debug@appboot-top-eclipse_x86 - * - * $Date: Mar 10, 2019 $ - * $Author: ing05193 $ - * $Revision$ - */ - -#ifndef SSS_EX_SRC_EX_SSS_BOOT_INT_H_ -#define SSS_EX_SRC_EX_SSS_BOOT_INT_H_ - -/* ***************************************************************************************************************** - * Includes - * ***************************************************************************************************************** */ -#include - -#include "fsl_sss_se05x_apis.h" - -/* ***************************************************************************************************************** - * MACROS/Defines - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Types/Structure Declarations - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Extern Variables - * ***************************************************************************************************************** */ - -/* ***************************************************************************************************************** - * Function Prototypes - * ***************************************************************************************************************** */ -#if SSS_HAVE_SE -sss_status_t ex_sss_boot_se_open(ex_sss_boot_ctx_t *pCtx, const char *portName); -#endif - -/** Entry Point for SE050 based build */ - -#if SSS_HAVE_APPLET_SE05X_IOT -sss_status_t ex_sss_boot_se05x_open(ex_sss_boot_ctx_t *pCtx, const char *portName); -sss_status_t ex_sss_boot_se05x_open_on_Id(ex_sss_boot_ctx_t *pCtx, const char *portName, const int32_t authID); -#endif - -#if SSS_HAVE_MBEDTLS -sss_status_t ex_sss_boot_mbedtls_open(ex_sss_boot_ctx_t *pCtx, const char *portName); -#endif - -#if SSS_HAVE_OPENSSL -sss_status_t ex_sss_boot_openssl_open(ex_sss_boot_ctx_t *pCtx, const char *portName); -#endif - -#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM -sss_status_t ex_sss_boot_a71ch_open(ex_sss_boot_ctx_t *pCtx, const char *portName); -#endif - -#if SSS_HAVE_A71CL || SSS_HAVE_SE050_L -sss_status_t ex_sss_boot_a71cl_open(ex_sss_boot_ctx_t *pCtx, const char *portName); -#endif - -#endif /* SSS_EX_SRC_EX_SSS_BOOT_INT_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sscp.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sscp.h deleted file mode 100644 index bb4f10f61..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sscp.h +++ /dev/null @@ -1,428 +0,0 @@ -/* - * - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ -#ifndef _FSL_SSCP_H_ -#define _FSL_SSCP_H_ - -#include -#include -#include - -#include "fsl_sscp_commands.h" - -/*! -@defgroup sscp Security Subsystem Communication Protocol (SSCP) - - # SSCP protocol description - - SSCP is very simple remote procedure call protocol. - Function parameters are described by one or multiple SSCP operation descriptor(s). - One parameter descriptor describes up to 7 function parameters as contexts, buffers, values or aggregates. - Multiple parameter descriptors can be linked by the aggregate parameter type (kSSCP_ParamType_Aggregate). - - Function arguments are described as a buffer (address and size), a value (a tuple of two words), - a context (pointer and type id) or an aggregate. - If the parameter is the aggregate (kSSCP_ParamType_Aggregate type), then it will contain a pointer to another - sscp_operation_t. This allows to link additional sscp_operation_t. - - The protocol allows for remote calling by a copy of all arguments (including buffer contents), - that is, to remote call to a sub-system having no physical access to Host CPU memory. - If a sub-system has access to Host CPU memory, the SSCP transport implementation can decide to transfer - only the buffer descriptor (pointer and size) without physically transmitting the buffer content, - as the buffer content can be accessed by the sub-system when the remote function executes. - The same holds for the context descriptor (pointer and type id). The actual SSCP implementation - can transfer only pointer to a sub-system, if the sub-system has the memory, where the context data - structure is located, and if it has an application level knowledge of the context data structure - layout (either based on the command id or the context type id). - - Byte length (for void* and uintptr_t) and endianess is inherited from the host CPU. - - # SSCP operation descriptors - - A remote function is invoked by transmitting a command id (unique identifier to specify a remote function), - followed by SSCP operation descriptors ::sscp_operation_t. There is always one descriptor and optionally - it can link another descriptor, if the number of ::sscp_operation_t params is not sufficient - to described all function parameters. In the example below, the last params[n-1] on the left side is an aggregate - that links secondary descriptor. - - @code - command - paramTypes - params[0] - ... - params[n-1] ------------- paramTypes - params[0] - ... - params[n-1] - @endcode - - where n = 1, 2, ..., 7. - - These operation descriptors serve as an input to ::sscp_invoke_command() function. - The serialization to the communication system is implementation specific. - For example, implementations may decide to transfer only pointers and values (without payloads), - because security sub-system has access to memory, so it can read and write payloads on its own during function - execution. Other implementations may need to serialize everything to a communication bus. - - This implementation specific data transfer is implemented by an invoke() function. - During implementation specific initialization of the SSCP transfer, sscp__init() function, - a pointer to implementation specific invoke() function is stored in the sscp__context_t. - - @code - sscp_mu_init(ctx, invoke = sscp_mu_invoke_command) - ... - ctx->invoke() - ... - ctx->invoke() - ... - sscp_deinit(ctx) - @endcode - - # Example for SSCP protocol implementation with S3MU - - The ::sscp_invoke_command() implementation for the S3MU (Sentinel), ::sscp_mu_invoke_command(), - builds up the serial message as follows: - - word 0 | word 1 | word 2 | word 3 | ... | word (n*2 + 1) - -------|-----------|-------------|-------------|-----|--------------- - CMD |paramTypes | params[0].a | params[0].b | ... | params[n-1].b - - where the n value is CMD specific and it is present in the CMD word. - Passing this message through S3MU to the Sentinel sub-system is done by simply moving the 16 words into S3MU Tx A - registers. - - # Example with the SSS API - - @code - sss_status_t sss_aead_one_go(sss_aead_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *nonce, - size_t nonceLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *tag, - size_t tagLen); - - uint32_t cmd = kSSCP_CMD_SSS_AeadOneGo(n=6); - - sscp_operation_t op = (0); - sscp_status_t status = kStatus_SSCP_Fail; - uint32_t ret = 0; - - if (context->mode == Encrypt) - { - op.paramTypes = SSCP_OP_SET_PARAM(kSSCP_ParamType_ContextReference, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_MemrefOutput, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_MemrefOutput, - kSSCP_ParamType_None); - } - else - { - op.paramTypes = SSCP_OP_SET_PARAM(kSSCP_ParamType_ContextReference, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_MemrefOutput, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_MemrefInput, - kSSCP_ParamType_None); - } - - ... context is an aggregate data type ... - ... implementation specific sscp_operation_t to serialize the context data ... - op.params[0].context.ptr = context; - op.params[0].context.type = kSSCP_ParamContextType_SSS_Aead; - - ... function parameters ... - op.params[1].memref.buffer = srcData; - op.params[1].memref.size = size; - - op.params[2].memref.buffer = destData; - op.params[2].memref.size = size; - - op.params[3].memref.buffer = nonce; - op.params[3].memref.size = nonceLen; - - op.params[4].memref.buffer = aad; - op.params[4].memref.size = aadLen; - - op.params[5].memref.buffer = tag; - op.params[5].memref.size = tagLen; - - ... Serialize to the link ... - status = context->session->sscp->invoke(context->sscpSession, cmd, &op, &ret); - if (status != kStatus_SSCP_Success) - { - return kStatus_SSS_Fail; - } - - return (sss_status_t)ret; - - @endcode - - # Example with the SSCP Client API - - @code - SSCP_Result SSCP_InvokeCommand(SSCP_Session *sessionSSCP, - uint32_t commandID, - SSCP_Operation *operation, - uint32_t *returnOrigin); - - - uint32_t cmd = kSSCP_CMD_SSCP_InvokeCommand; - - sscp_operation_t op = {0}; - sscp_status_t status = kStatus_SSCP_Fail; - uint32_t ret = 0; - - op.paramTypes = SSCP_OP_SET_PARAM(kSSCP_ParamType_ContextReference, - kSSCP_ParamType_ValueInput, - kSSCP_ParamType_ContextReference, - kSSCP_ParamType_MemrefOutput, - kSSCP_ParamType_None, - kSSCP_ParamType_None, - kSSCP_ParamType_None); - - op.params[0].context.ptr = sessionSSCP; - op.params[0].context.type = kSSCP_ParamContextType_SSCP_Session; - - op.params[1].value.a = commandID; - op.params[1].value.b = 0; - - op.params[2].context.ptr = operation; - op.params[2].context.type = kSSCP_ParamContextType_SSCP_Operation; - - op.params[3].memref.buffer = returnOrigin; - op.params[3].memref.size = sizeof(*returnOrigin); - - @endcode - */ - -/*! - * @addtogroup sscp - * @{ - */ - -/*! @brief Maximum number of parameters to be supported in one sscp_operation_t */ -#define SSCP_OPERATION_PARAM_COUNT (7) - -/*! @brief Default SSCP context is a pointer to memory. */ -#ifndef SSCP_MAX_CONTEXT_SIZE -#define SSCP_MAX_CONTEXT_SIZE (sizeof(void *)) -#endif - -/*! @brief Set parameter types for the SSCP operation. Each param type is encoded into 4-bits bit field. */ -#define SSCP_OP_SET_PARAM(p0, p1, p2, p3, p4, p5, p6) \ - (((uint32_t)p0 & 0xFu)) | (((uint32_t)p1 & 0xFu) << 4u) | (((uint32_t)p2 & 0xFu) << 8u) | \ - (((uint32_t)p3 & 0xFu) << 12u) | (((uint32_t)p4 & 0xFu) << 16u) | (((uint32_t)p5 & 0xFu) << 20u) | \ - (((uint32_t)p6 & 0xFu) << 24u); - -/*! @brief Decode i-th parameter as 4-bit unsigned integer. */ -#define SSCP_OP_GET_PARAM(i, paramTypes) ((uint32_t)((((uint32_t)paramTypes) >> i * 4) & 0xFu)) - -/*! @brief Data type for SSCP function return values */ -typedef uint32_t sscp_status_t; - -typedef struct _sscp_context sscp_context_t; - -/** - * @brief SSCP operation descriptor - * - */ -typedef struct _sscp_operation sscp_operation_t; - -/*! @brief Typedef for a function that sends a command and associated parameters to security sub-system - * - * The commandID and operation content is serialized and sent over to the selected security sub-system. - * This is implementation specific function. - * The function can invoke both blocking and non-blocking secure functions in the selected security sub-system. - * - * @param context Initialized SSCP context - * @param commandID Command - an id of a remote secure function to be invoked - * @param op Description of function arguments as a sequence of buffers, values, context references and aggregates - * @param ret Return code of the remote secure function (application layer return value) - * - * @returns Status of the operation - * @retval kStatus_SSCP_Success A blocking command has completed or a non-blocking command has been accepted. - * @retval kStatus_SSCP_Fail Operation failure, for example hardware fail. - * @retval kStatus_SSCP_InvalidArgument One of the arguments is invalid for the function to execute. - */ -typedef sscp_status_t (*fn_sscp_invoke_command_t)( - sscp_context_t *context, uint32_t commandID, sscp_operation_t *op, uint32_t *ret); - -/** - * struct _sscp_context - SSCP context struct - * - * This data type is used to keep context of the SSCP link. - * It has one mandatory member - pointer to invoke() function. - * Otherwise it is completely implementation specific. - * - * @param invoke Pointer to implementation specific invoke() function - * @param context Container for the implementation specific data. - */ -struct _sscp_context -{ - fn_sscp_invoke_command_t invoke; - // sscp_status_t (*sscp_invoke_command)(sscp_context_t *context, uint32_t commandID, sscp_operation_t *op); - - /*! Implementation specific part */ - struct - { - uint8_t data[SSCP_MAX_CONTEXT_SIZE]; - } context; -}; - -/** - * struct _sscp_memref - Buffer - * - * This data type is used to describe a function argument as a buffer. - * - * @param buffer Memory address - * @param size Length of the buffer in bytes - */ -typedef struct _sscp_memref -{ - void *buffer; - size_t size; -} sscp_memref_t; - -/** - * struct _sscp_value - Small raw data - * - * This data type is used to describe a function argument as a tuple of two 32-bit values. - * - * @param a First 32-bit data value. - * @param b Second 32-bit data value. - */ -typedef struct _sscp_value -{ - uint32_t a; - uint32_t b; -} sscp_value_t; - -/** - * @brief SSCP descriptor for an aggregate - * - * This data type is used to link additional SSCP operation. - * - * @param op Pointer to sscp_operation_t. - */ -typedef struct _sscp_aggregate_operation -{ - sscp_operation_t *op; -} sscp_aggregate_operation_t; - -/** - * @brief SSCP descriptor for a context struct - * - * This data type is used pass context struct to SSCP by reference - * - * @param ptr Pointer to a data structure - * @param type 32-bit identifier specifying context struct type - */ -typedef struct _sscp_context_operation -{ - void *ptr; - uint32_t type; -} sscp_context_reference_t; - -/** - * @brief Data structure representing a function argument. - * - * Either the client uses a shared memory reference, or a small raw - * data container. - * - * @param value Small raw data container - * @param memref Memory reference - * @param aggregate Reference to another SSCP descriptor - * @param context Pointer to a data struct to be passed to SSCP by reference - */ -typedef union _sscp_parameter { - sscp_value_t value; - sscp_memref_t memref; - sscp_aggregate_operation_t aggregate; - sscp_context_reference_t context; -} sscp_parameter_t; - -/** - * @brief Data structure describing function arguments. - * Function argument are described as a sequence of buffers, values, context references and aggregates. - * It serves as an input to ::sscp_invoke_command(), an implementation specific serialization function. - * - * @param paramTypes Type of data passed. - * @param params Array of parameters of type sscp_parameter_t. - * - */ -struct _sscp_operation -{ - uint32_t paramTypes; - sscp_parameter_t params[SSCP_OPERATION_PARAM_COUNT]; -}; - -/** - * @brief Enum with SSCP operation parameters. - */ -typedef enum _sscp_param_types -{ - kSSCP_ParamType_None = 0, /*! Parameter not in use */ - kSSCP_ParamType_Aggregate = 0x1u, /*! Link to another ::sscp_operation_t */ - kSSCP_ParamType_ContextReference, /*! Reference to a context structure - pointer and type */ - kSSCP_ParamType_MemrefInput, /*! Reference to a memory buffer - input to remote function or service */ - kSSCP_ParamType_MemrefOutput, /*! Reference to a memory buffer - output by remote function or service. - Implementations shall update the size member of the ::sscp_memref_t - with the actual number of bytes written. */ - kSSCP_ParamType_MemrefInOut, /*! Reference to a memory buffer - input to and ouput from remote function or service - */ - kSSCP_ParamType_ValueInput, /*! Tuple of two 32-bit integers - input to remote function or service */ - kSSCP_ParamType_ValueOutput, /*! Tuple of two 32-bit integers - output by remote function or service */ -} sscp_param_types_t; - -/** - * @brief Enum with return values from SSCP functions - */ -enum _sscp_return_values -{ - kStatus_SSCP_Success = 0x10203040u, - kStatus_SSCP_Fail = 0x40302010u, -}; - -/******************************************************************************* - * API - ******************************************************************************/ -#if defined(__cplusplus) -extern "C" { -#endif - -/*! @brief Sends a command and associated parameters to security sub-system - * - * The commandID and operation content is serialized and sent over to the selected security sub-system. - * This is implementation specific function. - * The function can invoke both blocking and non-blocking secure functions in the selected security sub-system. - * - * @param context Initialized SSCP context - * @param commandID Command - an id of a remote secure function to be invoked - * @param op Description of function arguments as a sequence of buffers and values - * @param ret Return code of the remote secure function (application layer return value) - * - * @returns Status of the operation - * @retval kStatus_SSCP_Success A blocking command has completed or a non-blocking command has been accepted. - * @retval kStatus_SSCP_Fail Operation failure, for example hardware fail. - * @retval kStatus_SSCP_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sscp_status_t sscp_invoke_command(sscp_context_t *context, uint32_t commandID, sscp_operation_t *op, uint32_t *ret); - -#if defined(__cplusplus) -} -#endif - -/*! - *@} - */ /* end of sscp */ - -#endif /* _FSL_SSCP_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api.h deleted file mode 100644 index f1b71c086..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api.h +++ /dev/null @@ -1,1892 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ -/** @file */ -#ifndef _FSL_SSS_H_ -#define _FSL_SSS_H_ - -#if !defined(SSS_CONFIG_FILE) -#include "fsl_sss_config.h" -#else -#include SSS_CONFIG_FILE -#endif - -#include - -#include "fsl_sss_types.h" - -/** Version of the SSS API */ -#define SSS_API_VERSION (0x00000001u) - -/** Size of an AES Block, in bytes */ -#define SSS_AES_BLOCK_SIZE (16u) -/** Size of a DES Block, in bytes */ -#define SSS_DES_BLOCK_SIZE (8u) -/** Size of a DES Key, in bytes */ -#define SSS_DES_KEY_SIZE (8u) -/** Size of a DES IV, in bytes */ -#define SSS_DES_IV_SIZE (8u) - -/** Status of the SSS APIs */ -typedef enum -{ - /** Operation was successful */ - kStatus_SSS_Success = 0x5a5a5a5au, - /** Operation failed */ - kStatus_SSS_Fail = 0x3c3c0000u, - /** Operation not performed because some of the passed parameters - * were found inappropriate */ - kStatus_SSS_InvalidArgument = 0x3c3c0001u, - /** Where the underlying sub-system *supports* multi-threading, - * Internal status to handle simultaneous access. - * - * This status is not expected to be returned to higher layers. - * */ - kStatus_SSS_ResourceBusy = 0x3c3c0002u, -} sss_status_t; - -/** Helper macro to set enum value */ - -#define SSS_ENUM(GROUP, INDEX) ((GROUP) | (INDEX)) - -/** Cryptographic sub system */ -typedef enum -{ - kType_SSS_SubSystem_NONE, - /** Software based */ - kType_SSS_Software = SSS_ENUM(0x01 << 8, 0x00), - kType_SSS_mbedTLS = SSS_ENUM(kType_SSS_Software, 0x01), - kType_SSS_OpenSSL = SSS_ENUM(kType_SSS_Software, 0x02), - /** HOST HW Based */ - kType_SSS_HW = SSS_ENUM(0x02 << 8, 0x00), - kType_SSS_SECO = SSS_ENUM(kType_SSS_HW, 0x01), - /** Isolated HW */ - kType_SSS_Isolated_HW = SSS_ENUM(0x04 << 8, 0x00), - kType_SSS_Sentinel = SSS_ENUM(kType_SSS_Isolated_HW, 0x01), - kType_SSS_Sentinel200 = SSS_ENUM(kType_SSS_Isolated_HW, 0x02), - kType_SSS_Sentinel300 = SSS_ENUM(kType_SSS_Isolated_HW, 0x03), - kType_SSS_Sentinel400 = SSS_ENUM(kType_SSS_Isolated_HW, 0x04), - kType_SSS_Sentinel500 = SSS_ENUM(kType_SSS_Isolated_HW, 0x05), - /** Secure Element */ - kType_SSS_SecureElement = SSS_ENUM(0x08 << 8, 0x00), - /** To connect to https://www.nxp.com/products/:A71CH */ - kType_SSS_SE_A71CH = SSS_ENUM(kType_SSS_SecureElement, 0x01), - kType_SSS_SE_A71CL = SSS_ENUM(kType_SSS_SecureElement, 0x02), - /** To connect to https://www.nxp.com/products/:SE050 */ - kType_SSS_SE_SE05x = SSS_ENUM(kType_SSS_SecureElement, 0x03), - kType_SSS_SubSystem_LAST -} sss_type_t; - -/** Destintion connection type */ -typedef enum -{ - /* Plain => Lowest level of security requested. - * => Probably a system with no mechanism to *identify* who - * has opened the session from host - * => Probably a system with Easy for man in the middle attack. - * - */ - kSSS_ConnectionType_Plain, - /* Password: - * => Some level of user authentication/identification requested - * => Probably a system with "static" authentication/identification. - * => Probably same Password us always. - * => "Password" mostly gets sent in plain over the communication layer - * => Probably a system with replay attack possible - */ - kSSS_ConnectionType_Password, - /* Encrypted: - * Communication is guaranteed to be Encrypted. - * For SE => This would mean highest level of authentication - * For other system => channel would be encrypted - * - * In general, almost a level of security that is definitely higher than - * Plain/Password/PIN. - * - * Using *Dynamic* Sessions Keys for authenticated communication. - */ - kSSS_ConnectionType_Encrypted -} sss_connection_type_t; - -#ifndef __DOXYGEN__ - -#define SSS_ALGORITHM_START_AES (0x00) -#define SSS_ALGORITHM_START_CHACHA (0x01) -#define SSS_ALGORITHM_START_DES (0x02) -#define SSS_ALGORITHM_START_SHA (0x03) -#define SSS_ALGORITHM_START_MAC (0x04) -#define SSS_ALGORITHM_START_DH (0x05) -#define SSS_ALGORITHM_START_DSA (0x06) -#define SSS_ALGORITHM_START_RSASSA_PKCS1_V1_5 (0x07) -#define SSS_ALGORITHM_START_RSASSA_PKCS1_PSS_MGF1 (0x08) -#define SSS_ALGORITHM_START_RSAES_PKCS1_OAEP (0x09) -#define SSS_ALGORITHM_START_RSAES_PKCS1_V1_5 (0x0A) -#define SSS_ALGORITHM_START_RSASSA_NO_PADDING (0x0B) -#define SSS_ALGORITHM_START_ECDSA (0x0C) -#define SSS_ALGORITHM_START_ECDAA (0x0D) - -/* Not available outside this file */ -#define SSS_ENUM_ALGORITHM(GROUP, INDEX) (((SSS_ALGORITHM_START_##GROUP) << 8) | (INDEX)) - -#endif - -/** Cryptographic algorithm to be applied */ -typedef enum /* _sss_algorithm */ -{ - kAlgorithm_None, - /* AES */ - kAlgorithm_SSS_AES_ECB = SSS_ENUM_ALGORITHM(AES, 0x01), - kAlgorithm_SSS_AES_CBC = SSS_ENUM_ALGORITHM(AES, 0x02), - kAlgorithm_SSS_AES_CTR = SSS_ENUM_ALGORITHM(AES, 0x03), - kAlgorithm_SSS_AES_GCM = SSS_ENUM_ALGORITHM(AES, 0x04), - kAlgorithm_SSS_AES_CCM = SSS_ENUM_ALGORITHM(AES, 0x05), - kAlgorithm_SSS_AES_GCM_INT_IV = SSS_ENUM_ALGORITHM(AES, 0x06), - /* CHACHA_POLY */ - kAlgorithm_SSS_CHACHA_POLY = SSS_ENUM_ALGORITHM(CHACHA, 0x01), - /* DES */ - kAlgorithm_SSS_DES_ECB = SSS_ENUM_ALGORITHM(DES, 0x01), - kAlgorithm_SSS_DES_CBC = SSS_ENUM_ALGORITHM(DES, 0x02), - /* DES3 */ - kAlgorithm_SSS_DES3_ECB = SSS_ENUM_ALGORITHM(DES, 0x03), - kAlgorithm_SSS_DES3_CBC = SSS_ENUM_ALGORITHM(DES, 0x04), - /* digest */ - /* doc:start hash_algo */ - kAlgorithm_SSS_SHA1 = SSS_ENUM_ALGORITHM(SHA, 0x01), - kAlgorithm_SSS_SHA224 = SSS_ENUM_ALGORITHM(SHA, 0x02), - kAlgorithm_SSS_SHA256 = SSS_ENUM_ALGORITHM(SHA, 0x03), - kAlgorithm_SSS_SHA384 = SSS_ENUM_ALGORITHM(SHA, 0x04), - kAlgorithm_SSS_SHA512 = SSS_ENUM_ALGORITHM(SHA, 0x05), - /* doc:end hash_algo */ - /* MAC */ - kAlgorithm_SSS_CMAC_AES = SSS_ENUM_ALGORITHM(MAC, 0x01), - kAlgorithm_SSS_HMAC_SHA1 = SSS_ENUM_ALGORITHM(MAC, 0x02), - kAlgorithm_SSS_HMAC_SHA224 = SSS_ENUM_ALGORITHM(MAC, 0x03), - kAlgorithm_SSS_HMAC_SHA256 = SSS_ENUM_ALGORITHM(MAC, 0x04), - kAlgorithm_SSS_HMAC_SHA384 = SSS_ENUM_ALGORITHM(MAC, 0x05), - kAlgorithm_SSS_HMAC_SHA512 = SSS_ENUM_ALGORITHM(MAC, 0x06), - /* See above: - * kAlgorithm_SSS_HMAC_SHA224 = SSS_ENUM_ALGORITHM(CHACHA, 0x01) */ - - /* Diffie-Helmann */ - kAlgorithm_SSS_DH = SSS_ENUM_ALGORITHM(DH, 0x01), - kAlgorithm_SSS_ECDH = SSS_ENUM_ALGORITHM(DH, 0x02), - /* DSA */ - kAlgorithm_SSS_DSA_SHA1 = SSS_ENUM_ALGORITHM(DSA, 0x01), - kAlgorithm_SSS_DSA_SHA224 = SSS_ENUM_ALGORITHM(DSA, 0x02), - kAlgorithm_SSS_DSA_SHA256 = SSS_ENUM_ALGORITHM(DSA, 0x03), - - /* RSA */ - /* doc:start rsa_sign_algo */ - kAlgorithm_SSS_RSASSA_PKCS1_V1_5_NO_HASH = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x01), - kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x02), - kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x03), - kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x04), - kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x05), - kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x06), - kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x01), - kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x02), - kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x03), - kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x04), - kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x05), - /* doc:end rsa_sign_algo */ - - /* doc:start rsa_enc_algo */ - kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x01), - kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x02), - kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x03), - kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x04), - kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x05), - kAlgorithm_SSS_RSAES_PKCS1_V1_5 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_V1_5, 0x01), - /* doc:end rsa_enc_algo */ - - /* doc:start rsa_sign_algo_no_padding */ - kAlgorithm_SSS_RSASSA_NO_PADDING = SSS_ENUM_ALGORITHM(RSASSA_NO_PADDING, 0x01), - /* doc:end rsa_sign_algo_no_padding */ - - /* ECDSA */ - /* doc:start ecc_sign_algo */ - kAlgorithm_SSS_ECDSA_SHA1 = SSS_ENUM_ALGORITHM(ECDSA, 0x01), - kAlgorithm_SSS_ECDSA_SHA224 = SSS_ENUM_ALGORITHM(ECDSA, 0x02), - kAlgorithm_SSS_ECDSA_SHA256 = SSS_ENUM_ALGORITHM(ECDSA, 0x03), - kAlgorithm_SSS_ECDSA_SHA384 = SSS_ENUM_ALGORITHM(ECDSA, 0x04), - kAlgorithm_SSS_ECDSA_SHA512 = SSS_ENUM_ALGORITHM(ECDSA, 0x05), - /* doc:end ecc_sign_algo */ - - /* ECDAA */ - /* doc:start ecc_bn_sign_algo */ - kAlgorithm_SSS_ECDAA = SSS_ENUM_ALGORITHM(ECDAA, 0x01), - /* doc:end ecc_bn_sign_algo */ -} sss_algorithm_t; - -#undef SSS_ENUM_ALGORITHM - -#ifndef __DOXYGEN__ - -// Deprecated names for RSAES_PKCS1_OAEP algorithms -#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA1 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1 -#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA224 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224 -#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA256 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256 -#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA384 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384 -#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA512 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512 - -// Deprecated names for RSAES_PKCS1_V1_5 algorithms -#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA1 kAlgorithm_SSS_RSAES_PKCS1_V1_5 -#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA224 kAlgorithm_SSS_RSAES_PKCS1_V1_5 -#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA256 kAlgorithm_SSS_RSAES_PKCS1_V1_5 -#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA384 kAlgorithm_SSS_RSAES_PKCS1_V1_5 -#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA512 kAlgorithm_SSS_RSAES_PKCS1_V1_5 - -#endif /* __DOXYGEN__ */ - -/** High level algorihtmic operations. - * - * Augmented by @ref sss_algorithm_t - */ -typedef enum -{ - kMode_SSS_Encrypt = 1, //!< Encrypt - kMode_SSS_Decrypt = 2, //!< Decrypt - kMode_SSS_Sign = 3, //!< Sign - kMode_SSS_Verify = 4, //!< Verify - /* Compute Shared Secret. e.g. Diffie-Hellman */ - kMode_SSS_ComputeSharedSecret = 5, - kMode_SSS_Digest = 6, //!< Message Digest - kMode_SSS_Mac = 7, //!< Message Authentication Code - - // For now, use kMode_SSS_ComputeSharedSecret for HKDF Extract and Expand - // kMode_SSS_HKDF = 8, //!< HKDF Extract and Expand (RFC 5869) - kMode_SSS_HKDF_ExpandOnly = 9 //!< HKDF Expand Only (RFC 5869) -} sss_mode_t; - -/** - * Permissions of an object - */ -typedef enum -{ - /** Can read (applicable) contents of the key. - * - * @note This is not same as @ref kAccessPermission_SSS_Use. - * - * Without reading, the object, the key can be used. - */ - kAccessPermission_SSS_Read = (1u << 0), - /** Can change the value of an object */ - kAccessPermission_SSS_Write = (1u << 1), - /** Can use an object */ - kAccessPermission_SSS_Use = (1u << 2), - /** Can delete an object */ - kAccessPermission_SSS_Delete = (1u << 3), - /** Can change permissions applicable to an object */ - kAccessPermission_SSS_ChangeAttributes = (1u << 4), - /** Bitwise OR of all sss_access_permission. */ - kAccessPermission_SSS_All_Permission = 0x1F, -} sss_access_permission_t; - -/** - * Persistent / Non persistent mode of a key - */ -typedef enum -{ - kKeyObject_Mode_None = 0, //!< kKeyObject_Mode_None - /** Key object will be persisted in memory - * and will retain it's value after a closed session - */ - kKeyObject_Mode_Persistent = 1, - /** Key Object will be stored in RAM. - * It will lose it's contents after a session is closed - */ - kKeyObject_Mode_Transient = 2, -} sss_key_object_mode_t; - -/** Part of a key */ -typedef enum -{ - kSSS_KeyPart_NONE, - /** Applicable where we have UserID, Binary Files, - * Certificates, Symmetric Keys, PCR, HMAC-key, counter */ - kSSS_KeyPart_Default = 1, - /** Public part of asymmetric key */ - kSSS_KeyPart_Public = 2, - /** Private only part of asymmetric key */ - kSSS_KeyPart_Private = 3, - /** Both, public and private part of asymmetric key */ - kSSS_KeyPart_Pair = 4, -} sss_key_part_t; - -/** For all cipher types, key bit length is provides at the time key is inserted/generated */ -typedef enum -{ - kSSS_CipherType_NONE, - kSSS_CipherType_AES = 10, - kSSS_CipherType_DES = 12, - - kSSS_CipherType_CMAC = 20, - kSSS_CipherType_HMAC = 21, - - kSSS_CipherType_MAC = 30, - kSSS_CipherType_RSA = 31, /*! RSA RAW format */ - kSSS_CipherType_RSA_CRT = 32, /*! RSA CRT format */ - - /* The following keys can be identified - * solely by the *Family* and bit length - */ - kSSS_CipherType_EC_NIST_P = 40, /*! Keys Part of NIST-P Family */ - kSSS_CipherType_EC_NIST_K = 41, /*! Keys Part of NIST-K Family */ - - /* The following keys need their full curve parameters (p,a,b,x,y,n,h) - */ - /** Montgomery Key, */ - kSSS_CipherType_EC_MONTGOMERY = 50, - /** twisted Edwards form elliptic curve public key */ - kSSS_CipherType_EC_TWISTED_ED = 51, - /** Brainpool form elliptic curve public key */ - kSSS_CipherType_EC_BRAINPOOL = 52, - /** Barreto Naehrig curve */ - kSSS_CipherType_EC_BARRETO_NAEHRIG = 53, - - kSSS_CipherType_UserID = 70, - - /** Use kSSS_CipherType_Binary to store Certificate */ - kSSS_CipherType_Certificate = 71, - kSSS_CipherType_Binary = 72, - - kSSS_CipherType_Count = 73, - kSSS_CipherType_PCR = 74, - kSSS_CipherType_ReservedPin = 75, -} sss_cipher_type_t; - -/** XY Co-ordinates for ECC Curves */ -typedef struct -{ - /** X Point */ - uint8_t *X; - /** Y Point */ - uint8_t *Y; -} sss_ecc_point_t; - -/** ECC Curve Parameter */ -typedef struct -{ - uint8_t *p; /**< ECC parameter P */ - uint8_t *a; /**< ECC parameter a */ - uint8_t *b; /**< ECC parameter b */ - sss_ecc_point_t *G; /**< ECC parameter G */ - uint8_t *n; /**< ECC parameter n */ - uint8_t *h; /**< ECC parameter h */ -} sss_eccgfp_group_t; - -/** - * @addtogroup sss_session - * @{ - */ - -/** Properties of session that are U32 - * - * From 0 to kSSS_SessionProp_Optional_Prop_Start, - * around 2^24 = 16777215 Properties are - * possible. - * - * From 0 to kSSS_SessionProp_Optional_Prop_Start, - * around 2^24 = 16777215 Properties are - * possible. - * - */ -typedef enum -{ - /** Invalid */ - kSSS_SessionProp_u32_NA = 0, - /** Major version */ - kSSS_SessionProp_VerMaj, - /** Minor Version */ - kSSS_SessionProp_VerMin, - /** Development Version */ - kSSS_SessionProp_VerDev, - - /* Lenght of UID */ - kSSS_SessionProp_UIDLen, - - /** Optional Properties Start */ - kSSS_SessionProp_u32_Optional_Start = 0x00FFFFFFu, - - /** How much persistent memory is free */ - kSSS_KeyStoreProp_FreeMem_Persistant, - - /** How much transient memory is free */ - kSSS_KeyStoreProp_FreeMem_Transient, - - /** Proprietary Properties Start */ - kSSS_SessionProp_u32_Proprietary_Start = 0x01FFFFFFu, - -} sss_session_prop_u32_t; - -/** Properties of session that are S32 - * - * From 0 to kSSS_SessionProp_Optional_Prop_Start, - * around 2^24 = 16777215 Properties are - * possible. - * - * From 0 to kSSS_SessionProp_Optional_Prop_Start, - * around 2^24 = 16777215 Properties are - * possible. - * - */ -typedef enum -{ - /** Invalid */ - kSSS_SessionProp_au8_NA = 0, - /** Name of the product, string */ - kSSS_SessionProp_szName, - /** Unique Identifier */ - kSSS_SessionProp_UID, - - /** Optional Properties Start */ - kSSS_SessionProp_au8_Optional_Start = 0x00FFFFFFu, - - /** Proprietary Properties Start */ - kSSS_SessionProp_au8_Proprietary_Start = 0x01FFFFFFu, - -} sss_session_prop_au8_t; - -/** @} */ - -/** - * @addtogroup sss_session - * @{ - */ - -/** @brief Root session - * - * This is a *singleton* for each connection (physical/logical) - * to individual cryptographic system. - */ -typedef struct -{ - /** Indicates which security subsystem is selected. - * - * This is set when @ref sss_session_open is successful */ - sss_type_t subsystem; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_SESSION_MAX_CONTEXT_SIZE]; - } extension; -} sss_session_t; -/** @} */ - -/** - * @addtogroup sss_key_store - * @{ - */ - -/** @brief Store for secure and non secure key objects within a cryptographic system. - * - * - A cryptographic system may have more than partitions to store such keys. - * - */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_session_t *session; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_KEY_STORE_MAX_CONTEXT_SIZE]; - } extension; -} sss_key_store_t; - -/** properties of a Key Store that return array */ -typedef enum -{ - /** Optional Properties Start */ - kSSS_KeyStoreProp_au8_Optional_Start = 0x00FFFFFFu, - -} sss_key_store_prop_au8_t; - -/** Entity on the other side of the tunnel */ -typedef enum -{ - /** Default value */ - kSSS_TunnelDest_None = 0, - - /** SE05X IoT Applet */ - kSSS_TunnelType_Se05x_Iot_applet, -} sss_tunnel_dest_t; - -/** @} */ - -/** - * @addtogroup sss_key_object - * @{ - */ - -/** @brief An object (secure / non-secure) within a Key Store. - * - */ -typedef struct -{ - /** key store holding the data and other properties */ - sss_key_store_t *keyStore; - /** The type/part of object is referneced from @ref sss_key_part_t */ - uint32_t objectType; - /** cipherType type from @ref sss_cipher_type_t */ - uint32_t cipherType; - /** Application specific key identifier. The keyId is kept in the key store - * along with the key data and other properties. */ - uint32_t keyId; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_KEY_OBJECT_MAX_CONTEXT_SIZE]; - } extension; -} sss_object_t; - -/** @} */ - -/** - * @addtogroup sss_crypto_symmetric - * @{ - */ - -/** @brief Typedef for the symmetric crypto context */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_session_t *session; - /** Key to be used for the symmetric operation */ - sss_object_t *keyObject; - /** Algorithm to be applied, e.g AES_ECB / CBC */ - sss_algorithm_t algorithm; - /** Mode of operation, e.g Encryption/Decryption */ - sss_mode_t mode; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_SYMMETRIC_MAX_CONTEXT_SIZE]; - } extension; -} sss_symmetric_t; -/** @} */ - -/** @brief Authenticated Encryption with Additional Data - * - */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_session_t *session; - /** Key to be used for asymmetric */ - sss_object_t *keyObject; - /** Algorithm to be used */ - sss_algorithm_t algorithm; - /** High level operation (encrypt/decrypt) */ - sss_mode_t mode; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_AEAD_MAX_CONTEXT_SIZE]; - } extension; -} sss_aead_t; - -/** Message Digest operations */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_session_t *session; - /** Algorithm to be applied, e.g SHA1, SHA256 */ - sss_algorithm_t algorithm; - /** Mode of operation, e.g Sign/Verify */ - sss_mode_t mode; - /** Full digest length per algorithm definition. This field is initialized along with algorithm. */ - size_t digestFullLen; - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_DIGEST_MAX_CONTEXT_SIZE]; - } extension; -} sss_digest_t; - -/** @brief Message Authentication Code - * - */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_session_t *session; - /** Key to be used for ... */ - sss_object_t *keyObject; - /** Algorithm to be applied, e.g. MAC/CMAC */ - sss_algorithm_t algorithm; - /** Mode of operation for MAC (kMode_SSS_Mac) */ - sss_mode_t mode; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_MAC_MAX_CONTEXT_SIZE]; - } extension; -} sss_mac_t; - -/** @brief Asymmetric Cryptographic operations - * - * e.g. RSA/ECC. - */ - -typedef struct -{ - /** Pointer to root session */ - sss_session_t *session; - /** KeyObject used for Asymmetric operation */ - sss_object_t *keyObject; - /** Algorithm to be applied, e.g. ECDSA */ - sss_algorithm_t algorithm; - /** Mode of operation for the Asymmetric operation. - * e.g. Sign/Verify/Encrypt/Decrypt */ - sss_mode_t mode; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_ASYMMETRIC_MAX_CONTEXT_SIZE]; - } extension; -} sss_asymmetric_t; - -/** Header for a IS716 APDU */ - -typedef struct -{ - /** ISO 7816 APDU Header */ - uint8_t hdr[0 /* For Indentation */ - + 1 /* CLA */ - + 1 /* INS */ - + 1 /* P1 */ - + 1 /* P2 */ - ]; -} tlvHeader_t; - -/** Tunneling - * - * Used for communication via another system. - */ -typedef struct -{ - /** Pointer to the session */ - sss_session_t *session; - /** Tunnel to which Applet (Currently unused) */ - uint32_t tunnelType; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_TUNNEL_MAX_CONTEXT_SIZE]; - } extension; -} sss_tunnel_t; - -/** - * @addtogroup sss_crypto_derive_key - * @{ - */ - -/** Key derivation */ -typedef struct -{ - /** Pointer to the session */ - sss_session_t *session; - /** KeyObject used to derive key s*/ - sss_object_t *keyObject; - /** Algorithm to be applied, e.g. ... */ - sss_algorithm_t algorithm; - /** Mode of operation for .... e.g. ... */ - sss_mode_t mode; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_DERIVE_KEY_MAX_CONTEXT_SIZE]; - } extension; -} sss_derive_key_t; -/** @} */ - -/** Random number generator context */ -typedef struct -{ - /** Pointer to the session */ - sss_session_t *session; - - /** Reserved memory for implementation specific extension */ - struct - { - uint8_t data[SSS_RNG_MAX_CONTEXT_SIZE]; - } context; - -} sss_rng_context_t; - -/******************************************************************************* - * API - ******************************************************************************/ -#if defined(__cplusplus) -extern "C" { -#endif - -/** - * @addtogroup sss_session - * @{ - */ - -/** - * Same as @ref sss_session_open but to support sub systems - * that explictily need a create before opening. - * - * For the sake of portabilty across various sub systems, - * the applicaiton has to call @ref sss_session_create - * before calling @ref sss_session_open. - * - * - * @param[in,out] session Pointer to session context - * @param[in] subsystem See @ref sss_session_open - * @param[in] application_id See @ref sss_session_open - * @param[in] connection_type See @ref sss_session_open - * @param[in] connectionData See @ref sss_session_open - */ -sss_status_t sss_session_create(sss_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** - * @brief Open session between application and a security subsystem. - * - * Open virtual session between application (user context) and a - * security subsystem and function thereof. Pointer to session - * shall be supplied to all SSS APIs as argument. Low level SSS - * functions can provide implementation specific behaviour based - * on the session argument. - * Note: sss_session_open() must not be called concurrently from - * multiple threads. The application must ensure this. - * - * @param[in,out] session Session context. - * @param[in] subsystem Indicates which security subsystem is - * selected to be used. - * @param[in] application_id ObjectId/AuthenticationID Connecting to: - * - ``application_id`` == 0 => Super use / Plaform user - * - Anything else => Authenticated user - * @param[in] connection_type How are we connecting to the system. - * @param[in,out] connectionData subsystem specific connection parameters. - * - * @return status - */ -sss_status_t sss_session_open(sss_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** - * @brief Get an underlying property of the crypto sub system - * - * This API is used to get values that are - * numeric in nature. - * - * Property can be either fixed value that is - * calculated at compile time and returned - * directly, or it may involve some access to the - * underlying system. - * - * For applicable properties see @ref sss_session_prop_u32_t - * - * @param[in] session Session context - * @param[in] property Value that is part of @ref sss_session_prop_u32_t - * @param[out] pValue - * - * @return - */ -sss_status_t sss_session_prop_get_u32(sss_session_t *session, uint32_t property, uint32_t *pValue); - -/** - * @brief Get an underlying property of the crypto sub system - * - * This API is used to get values that are - * numeric in nature. - * - * Property can be either fixed value that is - * calculated at compile time and returned - * directly, or it may involve some access to the - * underlying system. - * - * @param[in] session Session context - * @param[in] property Value that is part of @ref sss_session_prop_au8_t - * @param[out] pValue Output buffer array - * @param[in,out] pValueLen Count of values thare are/must br read - * @return - */ -sss_status_t sss_session_prop_get_au8(sss_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** - * @brief Close session between application and security subsystem. - * - * This function closes a session which has been opened with a security subsystem. - * All commands within the session must have completed before this function can be called. - * The implementation must do nothing if the input ``session`` parameter is NULL. - * - * - * @param session Session context. - */ -void sss_session_close(sss_session_t *session); - -/** Counterpart to @ref sss_session_create - * - * Similar to contraint on @ref sss_session_create, application - * may call @ref sss_session_delete to explicitly release all - * underlying/used session specific resoures of that implementation. - */ -void sss_session_delete(sss_session_t *session); - -/** - *@} - */ /* end of sss_session */ - -/** - * @addtogroup sss_key_store - * @{ - */ - -/** @brief Constructor for the key store context data structure. - * - * @param[out] keyStore Pointer to key store context. Key store context is updated on function return. - * @param session Session context. - */ -sss_status_t sss_key_store_context_init(sss_key_store_t *keyStore, sss_session_t *session); - -/** @brief Get handle to key store. - * If the key store already exists, nothing is allocated. - * If the key store does not exists, new empty key store is created and initialized. - * Key store context structure is updated with actual information. - * - * @param[out] keyStore Pointer to key store context. Key store context is updated on function return. - * @param keyStoreId Implementation specific ID, can be used in case security subsystem manages multiple different - * key stores. - */ -sss_status_t sss_key_store_allocate(sss_key_store_t *keyStore, uint32_t keyStoreId); - -/** @brief Save all cached persistent objects to persistent memory. - */ -sss_status_t sss_key_store_save(sss_key_store_t *keyStore); - -/** @brief Load from persistent memory to cached objects. - */ -sss_status_t sss_key_store_load(sss_key_store_t *keyStore); - -/** @brief This function moves data[] from memory to the destination key store. - * - * @param keyStore Key store context - * @param keyObject Reference to a key and it's properties - * @param data Data to be stored in Key. When setting ecc private key only, do not include key header. - * @param dataLen Length of the data - * @param keyBitLen Crypto algorithm key bit length - * @param options Pointer to implementation specific options - * @param optionsLen Length of the options in bytes - * - * @return - */ -sss_status_t sss_key_store_set_key(sss_key_store_t *keyStore, - sss_object_t *keyObject, - const uint8_t *data, - size_t dataLen, - size_t keyBitLen, - void *options, - size_t optionsLen); - -/** @brief This function generates key[] in the destination key store. */ -sss_status_t sss_key_store_generate_key( - sss_key_store_t *keyStore, sss_object_t *keyObject, size_t keyBitLen, void *options); - -/** @brief This function exports plain key[] from key store (if constraints and user id allows reading) */ -sss_status_t sss_key_store_get_key( - sss_key_store_t *keyStore, sss_object_t *keyObject, uint8_t *data, size_t *dataLen, size_t *pKeyBitLen); - -/** - * @brief Access key store using one more level of encryption - * - * e.g. Access keys / encryption key during storage - * - * @param keyStore The key store - * @param keyObject The key object that is to be used as a KEK (Key Encryption Key) - * - * @return The sss status. - */ -sss_status_t sss_key_store_open_key(sss_key_store_t *keyStore, sss_object_t *keyObject); - -/** - * @brief The referenced key cannot be updated any more. - * - * @param keyStore The key store - * @param keyObject The key object to be locked / frozen. - * - * @return The sss status. - */ -sss_status_t sss_key_store_freeze_key(sss_key_store_t *keyStore, sss_object_t *keyObject); - -/** - * @brief Delete / destroy allocated keyObect . - * - * @param keyStore The key store - * @param keyObject The key object to be deleted - * - * @return The sss status. - */ -sss_status_t sss_key_store_erase_key(sss_key_store_t *keyStore, sss_object_t *keyObject); - -// sss_status_t sss_key_store_clear_all(sss_key_store_t *keyStore); - -/** @brief Destructor for the key store context. */ -void sss_key_store_context_free(sss_key_store_t *keyStore); - -/** - *@} - */ /* end of sss_key_store */ - -/** - * @addtogroup sss_key_object - * @{ - */ - -/** @brief Constructor for a key object data structure - * The function initializes keyObject data structure and associates it with a key store - * in which the plain key and other attributes are stored. - * - * @param keyObject - * @param keyStore - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_key_object_init(sss_object_t *keyObject, sss_key_store_t *keyStore); - -/** - * @brief Allocate / pre-provision memory for new key - * - * This API allows underlying cryptographic subsystems to perform - * preconditions of before creating any cryptographic key object. - * - * @param[in,out] keyObject The object If required, update implementation - * defined values inside the keyObject - * @param keyId External Key ID. Later on this may be used by - * @ref sss_key_object_get_handle - * @param keyPart See @ref sss_key_part_t - * @param cipherType See @ref sss_cipher_type_t - * @param keyByteLenMax Maximum storage this type of key may need. For - * systems that have their own internal allocation - * table this would help - * @param options 0 = Persistant Key (Default) or Transient Key. - * See sss_key_object_mode_t - * - * @return Status of object allocation. - */ -sss_status_t sss_key_object_allocate_handle(sss_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t options); /* Check if this can be made sss_key_object_mode_t */ - -/** - * @brief Get handle to an existing allocated/provisioned/created Object - * - * See @ref sss_key_object_allocate_handle. - * - * After calling this API, Ideally keyObject should become equivlant - * to as set after the calling of @ref - * sss_key_object_allocate_handle api. - * - * @param keyObject The key object - * @param[in] keyId The key identifier - * - * @return The sss status. - */ -sss_status_t sss_key_object_get_handle(sss_object_t *keyObject, uint32_t keyId); - -/** @brief Assign user to a key object. - * - * @param keyObject the object where permission restrictions are applied - * - * @param user Assign User id for a key object. The user is kept in the key - * store along with the key data and other properties. - * @param options Transient or persistent update. Allows for transient update - * of persistent attributes. - */ -sss_status_t sss_key_object_set_user(sss_object_t *keyObject, uint32_t user, uint32_t options); - -/** @brief Assign purpose to a key object. - * - * @param keyObject the object where permission restrictions are applied - * @param purpose Usage of the key. - * @param options Transient or persistent update. Allows for transient update of persistent attributes. - */ -sss_status_t sss_key_object_set_purpose(sss_object_t *keyObject, sss_mode_t purpose, uint32_t options); - -/** @brief Assign access permissions to a key object. - * - * @param keyObject the object where permission restrictions are applied - * @param access Logical OR of read, write, delete, use, change attributes defined by enum _sss_access_permission. - * @param options Transient or persistent update. Allows for transient update of persistent attributes. - */ -sss_status_t sss_key_object_set_access(sss_object_t *keyObject, uint32_t access, uint32_t options); - -/** @brief Set elliptic curve domain parameters over Fp for a key object - * - * When the key object is a reference to one of ECC Private, ECC Public or ECC Pair key types, - * this function shall be used to specify the exact domain parameters prior to using the key object - * for ECDSA or ECDH algorithms. - * - * @param keyObject The destination key object - * @param group Pointer to elliptic curve domain parameters over Fp (sextuple p,a,b,G,n,h) - */ -sss_status_t sss_key_object_set_eccgfp_group(sss_object_t *keyObject, sss_eccgfp_group_t *group); - -/** @brief get attributes */ -sss_status_t sss_key_object_get_user(sss_object_t *keyObject, uint32_t *user); - -/** Check what is purpose restrictions on an object - * - * @param keyObject Object to be checked - * @param purpose Know what is permitted. - * @return - */ -sss_status_t sss_key_object_get_purpose(sss_object_t *keyObject, sss_mode_t *purpose); - -/** Check what are access restrictions on an object - * - * @param keyObject Object - * @param access What is permitted - * @return - */ -sss_status_t sss_key_object_get_access(sss_object_t *keyObject, uint32_t *access); - -/** @brief Destructor for the key object. - * The function frees key object context. - * - * @param keyObject Pointer to key object context. - */ -void sss_key_object_free(sss_object_t *keyObject); - -/** - *@} - */ /* end of sss_key_object */ - -/** - * @addtogroup sss_crypto_symmetric - * @{ - */ - -/** @brief Symmetric context init. - * The function initializes symmetric context with initial values. - * - * @param context Pointer to symmetric crypto context. - * @param session Associate SSS session with symmetric context. - * @param keyObject Associate SSS key object with symmetric context. - * @param algorithm One of the symmetric algorithms defined by @ref sss_algorithm_t. - * @param mode One of the modes defined by @ref sss_mode_t. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_symmetric_context_init(sss_symmetric_t *context, - sss_session_t *session, - sss_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @brief Symmetric cipher in one blocking function call. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to symmetric crypto context. - * @param iv Buffer containing the symmetric operation Initialization Vector. - * @param ivLen Length of the Initialization Vector in bytes. - * @param srcData Buffer containing the input data (block aligned). - * @param destData Buffer containing the output data. - * @param dataLen Size of input and output data buffer in bytes. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_cipher_one_go( - sss_symmetric_t *context, uint8_t *iv, size_t ivLen, const uint8_t *srcData, uint8_t *destData, size_t dataLen); - -/** @brief Symmetric cipher init. - * The function starts the symmetric cipher operation. - * - * @param context Pointer to symmetric crypto context. - * @param iv Buffer containing the symmetric operation Initialization Vector. - * @param ivLen Length of the Initialization Vector in bytes. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_cipher_init(sss_symmetric_t *context, uint8_t *iv, size_t ivLen); - -/** @brief Symmetric cipher update. - * Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. - * Unless one or more calls of this function have supplied sufficient input data, no output is generated. - * The cipher operation is finalized with a call to @ref sss_cipher_finish(). - * - * @param context Pointer to symmetric crypto context. - * @param srcData Buffer containing the input data. - * @param srcLen Length of the input data in bytes. - * @param destData Buffer containing the output data. - * @param[in,out] destLen Length of the output data in bytes. Buffer length on entry, reflects actual output size on - * return. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_cipher_update( - sss_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @brief Symmetric cipher finalize. - * - * @param context Pointer to symmetric crypto context. - * @param srcData Buffer containing final chunk of input data. - * @param srcLen Length of final chunk of input data in bytes. - * @param destData Buffer containing output data. - * @param[in,out] destLen Length of output data in bytes. Buffer length on entry, reflects actual output size on - * return. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_cipher_finish( - sss_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @brief Symmetric AES in Counter mode in one blocking function call. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to symmetric crypto context. - * @param srcData Buffer containing the input data. - * @param destData Buffer containing the output data. - * @param size Size of source and destination data buffers in bytes. - * @param[in,out] initialCounter Input counter (updates on return) - * @param[out] lastEncryptedCounter Output cipher of last counter, for chained CTR calls. NULL can be passed if - * chained calls are not used. - * @param[out] szLeft Output number of bytes in left unused in lastEncryptedCounter block. NULL can be passed if - * chained calls are not used. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_cipher_crypt_ctr(sss_symmetric_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *initialCounter, - uint8_t *lastEncryptedCounter, - size_t *szLeft); - -/** @brief Symmetric context release. - * The function frees symmetric context. - * - * @param context Pointer to symmetric crypto context. - */ -void sss_symmetric_context_free(sss_symmetric_t *context); -/** - *@} - */ /* end of sss_crypto_symmetric */ - -/** - * @addtogroup sss_crypto_aead - * @{ - */ - -/** @brief AEAD context init. - * The function initializes aead context with initial values. - * - * @param context Pointer to aead crypto context. - * @param session Associate SSS session with aead context. - * @param keyObject Associate SSS key object with aead context. - * @param algorithm One of the aead algorithms defined by @ref sss_algorithm_t. - * @param mode One of the modes defined by @ref sss_mode_t. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_aead_context_init( - sss_aead_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @brief AEAD in one blocking function call. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to aead crypto context. - * @param srcData Buffer containing the input data. - * @param destData Buffer containing the output data. - * @param size Size of input and output data buffer in bytes. - * @param nonce The operation nonce or IV. - * @param nonceLen The length of nonce in bytes. For AES-GCM it must be >= 1. For AES-CCM it must be 7, 8, 9, 10, - * 11, 12, or 13. - * @param aad Input additional authentication data AAD - * @param aadLen Input size in bytes of AAD - * @param tag Encryption: Output buffer filled with computed tag - * Decryption: Input buffer filled with received tag - * @param tagLen Length of the tag in bytes. - * For AES-GCM it must be 4,8,12,13,14,15 or 16. - * For AES-CCM it must be 4,6,8,10,12,14 or 16. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_aead_one_go(sss_aead_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *nonce, - size_t nonceLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *tag, - size_t *tagLen); - -/** @brief AEAD init. - * The function starts the aead operation. - * - * @param context Pointer to aead crypto context. - * @param nonce The operation nonce or IV. - * @param nonceLen The length of nonce in bytes. For AES-GCM it must be >= 1. For AES-CCM it must be 7, 8, 9, 10, - * 11, 12, or 13. - * @param tagLen Length of the computed or received tag in bytes. - * For AES-GCM it must be 4,8,12,13,14,15 or 16. - * For AES-CCM it must be 4,6,8,10,12,14 or 16. - * @param aadLen Input size in bytes of AAD. Used only for AES-CCM. Ignored for AES-GCM. - * @param payloadLen Length in bytes of the payload. Used only for AES-CCM. Ignored for AES-GCM. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_aead_init( - sss_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); - -/** @brief Feeds a new chunk of the AAD. - * Subsequent calls of this function are possible. - * - * @param context Pointer to aead crypto context - * @param aadData Input buffer containing the chunk of AAD - * @param aadDataLen Length of the AAD data in bytes. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_aead_update_aad(sss_aead_t *context, const uint8_t *aadData, size_t aadDataLen); - -/** @brief AEAD data update. - * Feeds a new chunk of the data payload. - * Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. - * Unless one or more calls of this function have supplied sufficient input data, no output is generated. - * The integration check is done by @ref sss_aead_finish(). Until then it is not sure if the decrypt data is - * authentic. - * - * @param context Pointer to aead crypto context. - * @param srcData Buffer containing the input data. - * @param srcLen Length of the input data in bytes. - * @param destData Buffer containing the output data. - * @param[in,out] destLen Length of the output data in bytes. Buffer length on entry, reflects actual output size on - * return. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_aead_update( - sss_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @brief Finalize AEAD. - * The functions processes data that has not been processed by previous calls to sss_aead_update() as well as - * srcData. It finalizes the AEAD operations and computes the tag (encryption) or compares the computed tag with the - * tag supplied in the parameter (decryption). - * - * @param context Pointer to aead crypto context. - * @param srcData Buffer containing final chunk of input data. - * @param srcLen Length of final chunk of input data in bytes. - * @param destData Buffer containing output data. - * @param[in,out] destLen Length of output data in bytes. Buffer length on entry, reflects actual output size on - * return. - * @param tag Encryption: Output buffer filled with computed tag - * Decryption: Input buffer filled with received tag - * @param tagLen Length of the computed or received tag in bytes. - * For AES-GCM it must be 4,8,12,13,14,15 or 16. - * For AES-CCM it must be 4,6,8,10,12,14 or 16. - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_aead_finish(sss_aead_t *context, - const uint8_t *srcData, - size_t srcLen, - uint8_t *destData, - size_t *destLen, - uint8_t *tag, - size_t *tagLen); - -/** @brief AEAD context release. - * The function frees aead context. - * - * @param context Pointer to aead context. - */ -void sss_aead_context_free(sss_aead_t *context); -/** - *@} - */ /* end of sss_crypto_aead */ - -/** - * @addtogroup sss_crypto_digest - * @{ - */ - -/** @brief Digest context init. - * The function initializes digest context with initial values. - * - * @param context Pointer to digest context. - * @param session Associate SSS session with digest context. - * @param algorithm One of the digest algorithms defined by @ref sss_algorithm_t. - * @param mode One of the modes defined by @ref sss_mode_t. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_digest_context_init( - sss_digest_t *context, sss_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @brief Message digest in one blocking function call. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to digest context. - * @param message Input message - * @param messageLen Length of the input message in bytes - * @param digest Output message digest - * @param digestLen Message digest byte length - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_digest_one_go( - sss_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); - -/** @brief Init digest for a message. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to digest context. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_digest_init(sss_digest_t *context); - -/** @brief Update digest for a message. - * - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to digest context. - * @param message Buffer with a message chunk. - * @param messageLen Length of the input buffer in bytes. - * @returns Status of the operation - * - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_digest_update(sss_digest_t *context, const uint8_t *message, size_t messageLen); - -/** @brief Finish digest for a message. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to digest context. - * @param digest Output message digest - * @param digestLen Message digest byte length - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_digest_finish(sss_digest_t *context, uint8_t *digest, size_t *digestLen); - -/** @brief Digest context release. - * The function frees digest context. - * - * @param context Pointer to digest context. - */ -void sss_digest_context_free(sss_digest_t *context); - -/** - *@} - */ /* end of sss_crypto_digest */ - -/** - * @addtogroup sss_crypto_mac - * @{ - */ - -/** @brief MAC context init. - * The function initializes mac context with initial values. - * - * @param context Pointer to mac context. - * @param session Associate SSS session with mac context. - * @param keyObject Associate SSS key object with mac context. - * @param algorithm One of the mac algorithms defined by @ref sss_algorithm_t. - * @param mode One of the modes defined by @ref sss_mode_t. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_mac_context_init( - sss_mac_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @brief Message MAC in one blocking function call. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to mac context. - * @param message Input message - * @param messageLen Length of the input message in bytes - * @param mac Output message MAC - * @param macLen Computed MAC byte length - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_mac_one_go( - sss_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @brief Init mac for a message. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to mac context. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_mac_init(sss_mac_t *context); - -/** @brief Update mac for a message. - * - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to mac context. - * @param message Buffer with a message chunk. - * @param messageLen Length of the input buffer in bytes. - * @returns Status of the operation - * - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_mac_update(sss_mac_t *context, const uint8_t *message, size_t messageLen); - -/** @brief Finish mac for a message. - * The function blocks current thread until the operation completes or an error occurs. - * - * @param context Pointer to mac context. - * @param mac Output message MAC - * @param macLen Computed MAC byte length - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - */ -sss_status_t sss_mac_finish(sss_mac_t *context, uint8_t *mac, size_t *macLen); - -/** @brief MAC context release. - * The function frees mac context. - * - * @param context Pointer to mac context. - */ -void sss_mac_context_free(sss_mac_t *context); -/** - *@} - */ /* end of sss_crypto_mac */ - -/** - * @addtogroup sss_crypto_asymmetric - * @{ - */ - -/** @brief Asymmetric context init. - * The function initializes asymmetric context with initial values. - * - * @param context Pointer to asymmetric crypto context. - * @param session Associate SSS session with asymmetric context. - * @param keyObject Associate SSS key object with asymmetric context. - * @param algorithm One of the asymmetric algorithms defined by @ref sss_algorithm_t. - * @param mode One of the modes defined by @ref sss_mode_t. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_asymmetric_context_init(sss_asymmetric_t *context, - sss_session_t *session, - sss_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @brief Asymmetric encryption - * The function uses asymmetric algorithm to encrypt data. Public key portion of a key pair is used for encryption. - * - * @param context Pointer to asymmetric context. - * @param srcData Input buffer - * @param srcLen Length of the input in bytes - * @param destData Output buffer - * @param destLen Length of the output in bytes - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_asymmetric_encrypt( - sss_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @brief Asymmetric decryption - * The function uses asymmetric algorithm to decrypt data. Private key portion of a key pair is used for - * decryption. - * - * @param context Pointer to asymmetric context. - * @param srcData Input buffer - * @param srcLen Length of the input in bytes - * @param destData Output buffer - * @param destLen Length of the output in bytes - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_asymmetric_decrypt( - sss_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @brief Asymmetric signature of a message digest - * The function signs a message digest. - * - * @param context Pointer to asymmetric context. - * @param digest Input buffer containing the input message digest - * @param digestLen Length of the digest in bytes - * @param signature Output buffer written with the signature of the digest - * @param signatureLen Length of the signature in bytes - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_asymmetric_sign_digest( - sss_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); - -/** @brief Asymmetric verify of a message digest - * The function verifies a message digest. - * - * @param context Pointer to asymmetric context. - * @param digest Input buffer containing the input message digest - * @param digestLen Length of the digest in bytes - * @param signature Input buffer containing the signature to verify - * @param signatureLen Length of the signature in bytes - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_asymmetric_verify_digest( - sss_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); - -/** @brief Asymmetric context release. - * The function frees asymmetric context. - * - * @param context Pointer to asymmetric context. - */ -void sss_asymmetric_context_free(sss_asymmetric_t *context); -/** - *@} - */ /* end of sss_crypto_asymmetric */ - -/** - * @addtogroup sss_crypto_derive_key - * @{ - */ - -/** @brief Derive key context init. - * The function initializes derive key context with initial values. - * - * @param context Pointer to derive key context. - * @param session Associate SSS session with the derive key context. - * @param keyObject Associate SSS key object with the derive key context. - * @param algorithm One of the derive key algorithms defined by @ref sss_algorithm_t. - * @param mode One of the modes defined by @ref sss_mode_t. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_derive_key_context_init(sss_derive_key_t *context, - sss_session_t *session, - sss_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @brief Symmetric key derivation - * The function cryptographically derives a key from another key. - * For example MIFARE key derivation, PRF, HKDF-Extract. - * - * @deprecated Please use ::sss_derive_key_one_go instead - * - * @param context Pointer to derive key context. - * @param saltData Input data buffer, typically with some random data. - * @param saltLen Length of saltData buffer in bytes. - * @param info Input data buffer, typically with some fixed info. - * @param infoLen Length of info buffer in bytes. - * @param[in,out] derivedKeyObject Reference to a derived key - * @param deriveDataLen Requested length of output - * @param hkdfOutput Output buffer containing key derivation output - * @param hkdfOutputLen Output containing length of hkdfOutput - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_derive_key_go(sss_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_object_t *derivedKeyObject, - uint16_t deriveDataLen, - uint8_t *hkdfOutput, - size_t *hkdfOutputLen); - -/** @brief Symmetric key derivation (replaces the deprecated function ::sss_derive_key_go) - * The function cryptographically derives a key from another key. - * For example MIFARE key derivation, PRF, HKDF-Extract-Expand, HKDF-Expand. - * Refer to ::sss_derive_key_sobj_one_go in case the Salt is available as a key object. - * - * @param context Pointer to derive key context. - * @param saltData Input data buffer, typically with some random data. - * @param saltLen Length of saltData buffer in bytes. - * @param info Input data buffer, typically with some fixed info. - * @param infoLen Length of info buffer in bytes. - * @param[in,out] derivedKeyObject Reference to a derived key - * @param[in] deriveDataLen Expected length of derived key. - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_derive_key_one_go(sss_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** - * @brief Symmetric key derivation (salt in key object) - * Refer to ::sss_derive_key_one_go in case the salt is not available as a key object. - * - * @param context Pointer to derive key context - * @param saltKeyObject Reference to salt. The salt key object must reside in the same keystore as the derive key context. - * @param[in] info Input data buffer, typically with some fixed info. - * @param[in] infoLen Length of info buffer in bytes. - * @param derivedKeyObject Reference to a derived key - * @param[in] deriveDataLen The derive data length - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_derive_key_sobj_one_go(sss_derive_key_t *context, - sss_object_t *saltKeyObject, - const uint8_t *info, - size_t infoLen, - sss_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @brief Asymmetric key derivation Diffie-Helmann - * The function cryptographically derives a key from another key. - * For example Diffie-Helmann. - * - * @param context Pointer to derive key context. - * @param otherPartyKeyObject Public key of the other party in the Diffie-Helmann algorithm - * @param[in,out] derivedKeyObject Reference to a derived key - * - * @returns Status of the operation - * @retval #kStatus_SSS_Success The operation has completed successfully. - * @retval #kStatus_SSS_Fail The operation has failed. - * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. - */ -sss_status_t sss_derive_key_dh( - sss_derive_key_t *context, sss_object_t *otherPartyKeyObject, sss_object_t *derivedKeyObject); - -/** @brief Derive key context release. - * The function frees derive key context. - * - * @param context Pointer to derive key context. - */ -void sss_derive_key_context_free(sss_derive_key_t *context); -/** - *@} - */ /* end of sss_crypto_derive_key */ - -/** - * @addtogroup sss_rng - * @{ - */ - -/** - * @brief Initialise random generator context between application and a security subsystem. - * - * - * @warning API Changed - * - * Earlier: - * sss_status_t sss_rng_context_init( - * sss_session_t *session, sss_rng_context_t *context); - * - * Now: Parameters are swapped - * sss_status_t sss_rng_context_init( - * sss_rng_context_t *context, sss_session_t *session); - * - * @param session Session context. - * @param context random generator context. - * @return status - */ -sss_status_t sss_rng_context_init(sss_rng_context_t *context, sss_session_t *session); - -/** - * @brief Generate random number. - * - * @param context random generator context. - * @param random_data buffer to hold random data. - * @param dataLen required random number length - * @return status - */ -sss_status_t sss_rng_get_random(sss_rng_context_t *context, uint8_t *random_data, size_t dataLen); - -/** - * @brief free random genertor context. - * - * @param context generator context. - * @return status - */ -sss_status_t sss_rng_context_free(sss_rng_context_t *context); - -/** - *@} - */ /* end of sss_rng */ - -/** - * @addtogroup sss_crypto_tunnel - * @{ - */ - -/** @brief Constructor for the tunnelling service context. - * - * Earlier: - * sss_status_t sss_tunnel_context_init( - * sss_session_t *session, sss_tunnel_t *context); - * - * Now: Parameters are swapped - * sss_status_t sss_tunnel_context_init( - * sss_tunnel_t *context, sss_session_t *session); - * - * @param[out] context Pointer to tunnel context. Tunnel context is updated on function return. - * @param session Pointer to session this tunnelling service belongs to. - */ -sss_status_t sss_tunnel_context_init(sss_tunnel_t *context, sss_session_t *session); - -/** @brief Tunnelling service. - * - * @param[in,out] context Pointer to tunnel context. - * @param data Pointer to data to be send to subsystem. - * @param dataLen Length of the data in bytes. - * @param keyObjects Objects references used by the service. - * @param keyObjectCount Number of key references at ``keyObjects``. - * @param tunnelType Implementation specific id of the service. - */ -sss_status_t sss_tunnel(sss_tunnel_t *context, - uint8_t *data, - size_t dataLen, - sss_object_t *keyObjects, - uint32_t keyObjectCount, - uint32_t tunnelType); - -/** @brief Destructor for the tunnelling service context. - * - * @param[out] context Pointer to tunnel context. */ -void sss_tunnel_context_free(sss_tunnel_t *context); - -/** - *@} - */ /* end of sss_crypto_channel */ - -/** - * @addtogroup sss_str_log - * @{ - */ - -/** - * @brief Returns string error code for @ref sss_status_t - * - * @param[in] status See @ref sss_status_t - * - * @return String conversion of ``status`` to String. - */ - -const char *sss_status_sz(sss_status_t status); - -/** -* @brief Returns string error code for @ref sss_cipher_type_t -* -* @param[in] status See @ref sss_cipher_type_t -* -* @return String conversion of ``cipher_type`` to String. -*/ - -const char *sss_cipher_type_sz(sss_cipher_type_t cipher_type); - -/** - *@} - */ /* end of sss_str_log */ - -#if defined(__cplusplus) -} -#endif - -#endif /* _FSL_SSS_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api_ver.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api_ver.h deleted file mode 100644 index cdc223d1c..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api_ver.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Copyright 2019-2021 NXP - * - * SPDX-License-Identifier: Apache-2.0 - * - * - */ - -#ifndef SSS_APIS_VERSION_INFO_H_INCLUDED -#define SSS_APIS_VERSION_INFO_H_INCLUDED - - -/* clang-format off */ -#define SSS_APIS_PROD_NAME "SSS_APIs" -#define SSS_APIS_VER_STRING_NUM "v03.06.00_20210528" -#define SSS_APIS_PROD_NAME_VER_FULL "SSS_APIs_v03.06.00_20210528" -#define SSS_APIS_VER_MAJOR (3u) -#define SSS_APIS_VER_MINOR (6u) -#define SSS_APIS_VER_DEV (0u) - -/* v03.06 = 30006u */ -#define SSS_APIS_VER_MAJOR_MINOR ( 0 \ - | (SSS_APIS_VER_MAJOR * 10000u) \ - | (SSS_APIS_VER_MINOR)) - -/* v03.06.00 = 300060000ULL */ -#define SSS_APIS_VER_MAJOR_MINOR_DEV ( 0 \ - | (SSS_APIS_VER_MAJOR * 10000*10000u) \ - | (SSS_APIS_VER_MINOR * 10000u) \ - | (SSS_APIS_VER_DEV)) - -/* clang-format on */ - - -/* Version Information: - * Generated by: - * scripts\version_info.py (v2019.01.17_00) - * - * Do not edit this file. Update: - * sss/version_info.txt instead. - * - * prod_name = "SSS_APIs" - * - * prod_desc = "SSS APIs" - * - * lang_c_prefix = prod_name.upper() - * - * lang_namespace = "" - * - * v_major = "03" - * - * v_minor = "06" - * - * v_dev = "00" - * - * v_meta = "" - * - * maturity = "B" - * - * # - * # 03.00.00 : Changed Enums - * # - */ - -#endif /* SSS_APIS_VERSION_INFO_H_INCLUDED */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_config.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_config.h deleted file mode 100644 index 6d2b9c363..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_config.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef _FSL_SSS_CONFIG_H_ -#define _FSL_SSS_CONFIG_H_ - -/* clang-format off */ -#define SSS_SESSION_MAX_CONTEXT_SIZE ( 0 \ - + (1 * sizeof(void *)) \ - + (1 * sizeof(void *)) \ - + (8 * sizeof(void *)) \ - + 16) -#define SSS_KEY_STORE_MAX_CONTEXT_SIZE ( 0 \ - + (1 * sizeof(void *)) \ - + (4 * sizeof(void *)) \ - + 16) -#define SSS_KEY_OBJECT_MAX_CONTEXT_SIZE ( 0 \ - + (1 * sizeof(void *)) \ - + (2 * sizeof(int)) \ - + (4 * sizeof(void *)) \ - + 16) -#define SSS_SYMMETRIC_MAX_CONTEXT_SIZE ( 0 \ - + (2 * sizeof(void *)) \ - + (2 * sizeof(int)) \ - + (2 * sizeof(void *)) \ - + 16 /* Buffer in case of unaligned block cipher operations */ \ - + 4 /* Buffer length in case of unaligned block cipher operations */ \ - + 16) -#define SSS_AEAD_MAX_CONTEXT_SIZE ( 0 \ - + (5 * sizeof(void *)) \ - + (6 * sizeof(int)) \ - + (5 * sizeof(void *)) \ - + 16) -#define SSS_DIGEST_MAX_CONTEXT_SIZE ( 0 \ - + (1 * sizeof(void *)) \ - + (3 * sizeof(int)) \ - + (2 * sizeof(void *)) \ - + 16) -#define SSS_MAC_MAX_CONTEXT_SIZE ( 0 \ - + (2 * sizeof(void *)) \ - + (2 * sizeof(int)) \ - + (2 * sizeof(void *)) \ - + 32) -#define SSS_ASYMMETRIC_MAX_CONTEXT_SIZE ( 0 \ - + (2 * sizeof(void *)) \ - + (3 * sizeof(int)) \ - + (2 * sizeof(void *)) \ - + 16) -#define SSS_TUNNEL_MAX_CONTEXT_SIZE ( 0 \ - + (1 * sizeof(void *)) \ - + (2 * sizeof(int)) \ - + (2 * sizeof(void *)) \ - + 16) -#define SSS_CHANNEL_MAX_CONTEXT_SIZE ( 0 \ - + (2 * sizeof(void *)) \ - + 16) -#define SSS_DERIVE_KEY_MAX_CONTEXT_SIZE ( 0 \ - + (2 * sizeof(void *)) \ - + (2 * sizeof(int)) \ - + (2 * sizeof(void *)) \ - + 16) -#define SSS_RNG_MAX_CONTEXT_SIZE ( 0 \ - + (1 * sizeof(void *)) \ - + (2 * sizeof(void *)) \ - + 16) - -#define SSS_CONNECT_MAX_CONTEXT_SIZE ( 0 \ - + (4 * sizeof(void *)) \ - + 8 \ - ) - -#define SSS_AUTH_MAX_CONTEXT_SIZE ( 0 \ - + (3 * sizeof(void *)) \ - + 8 \ - ) - -#define SSS_POLICY_COUNT_MAX (10) - -/* clang-format on */ - -#endif /* _FSL_SSS_CONFIG_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_ftr_default.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_ftr_default.h deleted file mode 100644 index 0113d794b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_ftr_default.h +++ /dev/null @@ -1,673 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_APIS_INC_FSL_SSS_FTR_H_ -#define SSS_APIS_INC_FSL_SSS_FTR_H_ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -/* clang-format off */ - - -/* # CMake Features : Start */ - - -/** Applet : The Secure Element Applet - * - * You can compile host library for different Applets listed below. - * Please note, some of these Applets may be for NXP Internal use only. - */ - -/** Compiling without any Applet Support */ -#define SSS_HAVE_APPLET_NONE 0 - -/** A71CH (ECC) */ -#define SSS_HAVE_APPLET_A71CH 0 - -/** A71CL (RSA) */ -#define SSS_HAVE_APPLET_A71CL 0 - -/** Similar to A71CH */ -#define SSS_HAVE_APPLET_A71CH_SIM 0 - -/** SE050 Type A (ECC) */ -#define SSS_HAVE_APPLET_SE05X_A 0 - -/** SE050 Type B (RSA) */ -#define SSS_HAVE_APPLET_SE05X_B 0 - -/** SE050 (Super set of A + B) */ -#define SSS_HAVE_APPLET_SE05X_C 1 - -/** SE050 (Similar to A71CL) */ -#define SSS_HAVE_APPLET_SE05X_L 0 - -/** NXP Internal testing Applet */ -#define SSS_HAVE_APPLET_LOOPBACK 0 - -#if (( 0 \ - + SSS_HAVE_APPLET_NONE \ - + SSS_HAVE_APPLET_A71CH \ - + SSS_HAVE_APPLET_A71CL \ - + SSS_HAVE_APPLET_A71CH_SIM \ - + SSS_HAVE_APPLET_SE05X_A \ - + SSS_HAVE_APPLET_SE05X_B \ - + SSS_HAVE_APPLET_SE05X_C \ - + SSS_HAVE_APPLET_SE05X_L \ - + SSS_HAVE_APPLET_LOOPBACK \ - ) > 1) -# error "Enable only one of 'Applet'" -#endif - - -#if (( 0 \ - + SSS_HAVE_APPLET_NONE \ - + SSS_HAVE_APPLET_A71CH \ - + SSS_HAVE_APPLET_A71CL \ - + SSS_HAVE_APPLET_A71CH_SIM \ - + SSS_HAVE_APPLET_SE05X_A \ - + SSS_HAVE_APPLET_SE05X_B \ - + SSS_HAVE_APPLET_SE05X_C \ - + SSS_HAVE_APPLET_SE05X_L \ - + SSS_HAVE_APPLET_LOOPBACK \ - ) == 0) -# error "Enable at-least one of 'Applet'" -#endif - - - -/** SE05X_Ver : SE05X Applet version. - * - * Selection of Applet version 03_XX enables SE050 features. - * Selection of Applet version 06_00 enables SE051 features. - * - */ - -/** SE050 */ -#define SSS_HAVE_SE05X_VER_03_XX 1 - -/** SE051 */ -#define SSS_HAVE_SE05X_VER_06_00 0 - -#if (( 0 \ - + SSS_HAVE_SE05X_VER_03_XX \ - + SSS_HAVE_SE05X_VER_06_00 \ - ) > 1) -# error "Enable only one of 'SE05X_Ver'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SE05X_VER_03_XX \ - + SSS_HAVE_SE05X_VER_06_00 \ - ) == 0) -# error "Enable at-least one of 'SE05X_Ver'" -#endif - - - -/** HostCrypto : Counterpart Crypto on Host - * - * What is being used as a cryptographic library on the host. - * As of now only OpenSSL / mbedTLS is supported - */ - -/** Use mbedTLS as host crypto */ -#define SSS_HAVE_HOSTCRYPTO_MBEDTLS 1 - -/** Use mbed-crypto as host crypto - * Required for ARM-PSA / TF-M */ -#define SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO 0 - -/** Use OpenSSL as host crypto */ -#define SSS_HAVE_HOSTCRYPTO_OPENSSL 0 - -/** User Implementation of Host Crypto - * e.g. Files at ``sss/src/user/crypto`` have low level AES/CMAC primitives. - * The files at ``sss/src/user`` use those primitives. - * This becomes an example for users with their own AES Implementation - * This then becomes integration without mbedTLS/OpenSSL for SCP03 / AESKey. - * - * .. note:: ECKey abstraction is not implemented/available yet. */ -#define SSS_HAVE_HOSTCRYPTO_USER 0 - -/** NO Host Crypto - * Note, this is unsecure and only provided for experimentation - * on platforms that do not have an mbedTLS PORT - * Many :ref:`sssftr-control` have to be disabled to have a valid build. */ -#define SSS_HAVE_HOSTCRYPTO_NONE 0 - -#if (( 0 \ - + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ - + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ - + SSS_HAVE_HOSTCRYPTO_OPENSSL \ - + SSS_HAVE_HOSTCRYPTO_USER \ - + SSS_HAVE_HOSTCRYPTO_NONE \ - ) > 1) -# error "Enable only one of 'HostCrypto'" -#endif - - -#if (( 0 \ - + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ - + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ - + SSS_HAVE_HOSTCRYPTO_OPENSSL \ - + SSS_HAVE_HOSTCRYPTO_USER \ - + SSS_HAVE_HOSTCRYPTO_NONE \ - ) == 0) -# error "Enable at-least one of 'HostCrypto'" -#endif - - - -/** mbedTLS_ALT : ALT Engine implementation for mbedTLS - * - * When set to None, mbedTLS would not use ALT Implementation to connect to / use Secure Element. - * This needs to be set to SSS for Cloud Demos over SSS APIs - */ - -/** Use SSS Layer ALT implementation */ -#define SSS_HAVE_MBEDTLS_ALT_SSS 1 - -/** Legacy implementation */ -#define SSS_HAVE_MBEDTLS_ALT_A71CH 0 - -/** Not using any mbedTLS_ALT - * - * When this is selected, cloud demos can not work with mbedTLS */ -#define SSS_HAVE_MBEDTLS_ALT_NONE 0 - -#if (( 0 \ - + SSS_HAVE_MBEDTLS_ALT_SSS \ - + SSS_HAVE_MBEDTLS_ALT_A71CH \ - + SSS_HAVE_MBEDTLS_ALT_NONE \ - ) > 1) -# error "Enable only one of 'mbedTLS_ALT'" -#endif - - -#if (( 0 \ - + SSS_HAVE_MBEDTLS_ALT_SSS \ - + SSS_HAVE_MBEDTLS_ALT_A71CH \ - + SSS_HAVE_MBEDTLS_ALT_NONE \ - ) == 0) -# error "Enable at-least one of 'mbedTLS_ALT'" -#endif - - - -/** SCP : Secure Channel Protocol - * - * In case we enable secure channel to Secure Element, which interface to be used. - */ - -/** */ -#define SSS_HAVE_SCP_NONE 0 - -/** Use SSS Layer for SCP. Used for SE050 family. */ -#define SSS_HAVE_SCP_SCP03_SSS 1 - -/** Use Host Crypto Layer for SCP03. Legacy implementation. Used for older demos of A71CH Family. */ -#define SSS_HAVE_SCP_SCP03_HOSTCRYPTO 0 - -#if (( 0 \ - + SSS_HAVE_SCP_NONE \ - + SSS_HAVE_SCP_SCP03_SSS \ - + SSS_HAVE_SCP_SCP03_HOSTCRYPTO \ - ) > 1) -# error "Enable only one of 'SCP'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SCP_NONE \ - + SSS_HAVE_SCP_SCP03_SSS \ - + SSS_HAVE_SCP_SCP03_HOSTCRYPTO \ - ) == 0) -# error "Enable at-least one of 'SCP'" -#endif - - - -/** FIPS : Enable or disable FIPS - * - * This selection mostly impacts tests, and generally not the actual Middleware - */ - -/** NO FIPS */ -#define SSS_HAVE_FIPS_NONE 1 - -/** SE050 IC FIPS */ -#define SSS_HAVE_FIPS_SE050 0 - -/** FIPS 140-2 */ -#define SSS_HAVE_FIPS_140_2 0 - -/** FIPS 140-3 */ -#define SSS_HAVE_FIPS_140_3 0 - -#if (( 0 \ - + SSS_HAVE_FIPS_NONE \ - + SSS_HAVE_FIPS_SE050 \ - + SSS_HAVE_FIPS_140_2 \ - + SSS_HAVE_FIPS_140_3 \ - ) > 1) -# error "Enable only one of 'FIPS'" -#endif - - -#if (( 0 \ - + SSS_HAVE_FIPS_NONE \ - + SSS_HAVE_FIPS_SE050 \ - + SSS_HAVE_FIPS_140_2 \ - + SSS_HAVE_FIPS_140_3 \ - ) == 0) -# error "Enable at-least one of 'FIPS'" -#endif - - - -/** SBL : Enable/Disable SBL Bootable support - * - * This option is to enable/disable boot from SBL by switching linker address - */ - -/** Not SBL bootable */ -#define SSS_HAVE_SBL_NONE 1 - -/** SE050 based LPC55S SBL bootable */ -#define SSS_HAVE_SBL_SBL_LPC55S 0 - -#if (( 0 \ - + SSS_HAVE_SBL_NONE \ - + SSS_HAVE_SBL_SBL_LPC55S \ - ) > 1) -# error "Enable only one of 'SBL'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SBL_NONE \ - + SSS_HAVE_SBL_SBL_LPC55S \ - ) == 0) -# error "Enable at-least one of 'SBL'" -#endif - - - -/** SE05X_Auth : SE050 Authentication - * - * This settings is used by examples to connect using various options - * to authenticate with the Applet. - * The SE05X_Auth options can be changed for KSDK Demos and Examples. - * To change SE05X_Auth option follow below steps. - * Set flag ``SSS_HAVE_SCP_SCP03_SSS`` to 1 and Reset flag ``SSS_HAVE_SCP_NONE`` to 0. - * To change SE05X_Auth option other than ``None`` and ``PlatfSCP03``, - * execute se05x_Delete_and_test_provision.exe in order to provision the Authentication Key. - * To change SE05X_Auth option to ``ECKey`` or ``ECKey_PlatfSCP03``, - * Set additional flag ``SSS_HAVE_HOSTCRYPTO_ANY`` to 1. - */ - -/** Use the default session (i.e. session less) login */ -#define SSS_HAVE_SE05X_AUTH_NONE 1 - -/** Do User Authentication with UserID */ -#define SSS_HAVE_SE05X_AUTH_USERID 0 - -/** Use Platform SCP for connection to SE */ -#define SSS_HAVE_SE05X_AUTH_PLATFSCP03 0 - -/** Do User Authentication with AES Key - * Earlier this was called AppletSCP03 */ -#define SSS_HAVE_SE05X_AUTH_AESKEY 0 - -/** Do User Authentication with EC Key - * Earlier this was called FastSCP */ -#define SSS_HAVE_SE05X_AUTH_ECKEY 0 - -/** UserID and PlatfSCP03 */ -#define SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 0 - -/** AESKey and PlatfSCP03 */ -#define SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 0 - -/** ECKey and PlatfSCP03 */ -#define SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 0 - -#if (( 0 \ - + SSS_HAVE_SE05X_AUTH_NONE \ - + SSS_HAVE_SE05X_AUTH_USERID \ - + SSS_HAVE_SE05X_AUTH_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY \ - + SSS_HAVE_SE05X_AUTH_ECKEY \ - + SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 \ - ) > 1) -# error "Enable only one of 'SE05X_Auth'" -#endif - - -#if (( 0 \ - + SSS_HAVE_SE05X_AUTH_NONE \ - + SSS_HAVE_SE05X_AUTH_USERID \ - + SSS_HAVE_SE05X_AUTH_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY \ - + SSS_HAVE_SE05X_AUTH_ECKEY \ - + SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 \ - + SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 \ - ) == 0) -# error "Enable at-least one of 'SE05X_Auth'" -#endif - - - -/** A71CH_AUTH : A71CH Authentication - * - * This settings is used by SSS-API based examples to connect using either plain or authenticated to the A71CH. - */ - -/** Plain communication, not authenticated or encrypted */ -#define SSS_HAVE_A71CH_AUTH_NONE 1 - -/** SCP03 enabled */ -#define SSS_HAVE_A71CH_AUTH_SCP03 0 - -#if (( 0 \ - + SSS_HAVE_A71CH_AUTH_NONE \ - + SSS_HAVE_A71CH_AUTH_SCP03 \ - ) > 1) -# error "Enable only one of 'A71CH_AUTH'" -#endif - - -#if (( 0 \ - + SSS_HAVE_A71CH_AUTH_NONE \ - + SSS_HAVE_A71CH_AUTH_SCP03 \ - ) == 0) -# error "Enable at-least one of 'A71CH_AUTH'" -#endif - - -/* ====================================================================== * - * == Feature selection/values ========================================== * - * ====================================================================== */ - - -/** SE05X Secure Element : Symmetric AES */ -#define SSSFTR_SE05X_AES 1 - -/** SE05X Secure Element : Elliptic Curve Cryptography */ -#define SSSFTR_SE05X_ECC 1 - -/** SE05X Secure Element : RSA */ -#define SSSFTR_SE05X_RSA 1 - -/** SE05X Secure Element : KEY operations : SET Key */ -#define SSSFTR_SE05X_KEY_SET 1 - -/** SE05X Secure Element : KEY operations : GET Key */ -#define SSSFTR_SE05X_KEY_GET 1 - -/** SE05X Secure Element : Authenticate via ECKey */ -#define SSSFTR_SE05X_AuthECKey 1 - -/** SE05X Secure Element : Allow creation of user/authenticated session. - * - * If the intended deployment only uses Platform SCP - * Or it is a pure session less integration, this can - * save some code size. */ -#define SSSFTR_SE05X_AuthSession 1 - -/** SE05X Secure Element : Allow creation/deletion of Crypto Objects - * - * If disabled, new Crytpo Objects are neither created and - * old/existing Crypto Objects are not deleted. - * It is assumed that during provisioning phase, the required - * Crypto Objects are pre-created or they are never going to - * be needed. */ -#define SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ 1 - -/** Software : Symmetric AES */ -#define SSSFTR_SW_AES 1 - -/** Software : Elliptic Curve Cryptography */ -#define SSSFTR_SW_ECC 1 - -/** Software : RSA */ -#define SSSFTR_SW_RSA 1 - -/** Software : KEY operations : SET Key */ -#define SSSFTR_SW_KEY_SET 1 - -/** Software : KEY operations : GET Key */ -#define SSSFTR_SW_KEY_GET 1 - -/** Software : Used as a test counterpart - * - * e.g. Major part of the mebdTLS SSS layer is purely used for - * testing of Secure Element implementation, and can be avoided - * fully during many production scenarios. */ -#define SSSFTR_SW_TESTCOUNTERPART 1 - -/* ====================================================================== * - * == Computed Options ================================================== * - * ====================================================================== */ - -/** Symmetric AES */ -#define SSSFTR_AES (SSSFTR_SE05X_AES + SSSFTR_SW_AES) -/** Elliptic Curve Cryptography */ -#define SSSFTR_ECC (SSSFTR_SE05X_ECC + SSSFTR_SW_ECC) -/** RSA */ -#define SSSFTR_RSA (SSSFTR_SE05X_RSA + SSSFTR_SW_RSA) -/** KEY operations : SET Key */ -#define SSSFTR_KEY_SET (SSSFTR_SE05X_KEY_SET + SSSFTR_SW_KEY_SET) -/** KEY operations : GET Key */ -#define SSSFTR_KEY_GET (SSSFTR_SE05X_KEY_GET + SSSFTR_SW_KEY_GET) -/** KEY operations */ -#define SSSFTR_KEY (SSSFTR_KEY_SET + SSSFTR_KEY_GET) -/** KEY operations */ -#define SSSFTR_SE05X_KEY (SSSFTR_SE05X_KEY_SET + SSSFTR_SE05X_KEY_GET) -/** KEY operations */ -#define SSSFTR_SW_KEY (SSSFTR_SW_KEY_SET + SSSFTR_SW_KEY_GET) - - -#define SSS_HAVE_APPLET \ - (SSS_HAVE_APPLET_A71CH | SSS_HAVE_APPLET_A71CL | SSS_HAVE_APPLET_A71CH_SIM | SSS_HAVE_APPLET_SE05X_A | SSS_HAVE_APPLET_SE05X_B | SSS_HAVE_APPLET_SE05X_C | SSS_HAVE_APPLET_SE05X_L | SSS_HAVE_APPLET_LOOPBACK) - -#define SSS_HAVE_APPLET_SE05X_IOT \ - (SSS_HAVE_APPLET_SE05X_A | SSS_HAVE_APPLET_SE05X_B | SSS_HAVE_APPLET_SE05X_C) - -#define SSS_HAVE_MBEDTLS_ALT \ - (SSS_HAVE_MBEDTLS_ALT_SSS | SSS_HAVE_MBEDTLS_ALT_A71CH) - -#define SSS_HAVE_HOSTCRYPTO_ANY \ - (SSS_HAVE_HOSTCRYPTO_MBEDTLS | SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO | SSS_HAVE_HOSTCRYPTO_OPENSSL | SSS_HAVE_HOSTCRYPTO_USER) - -#define SSS_HAVE_FIPS \ - (SSS_HAVE_FIPS_SE050 | SSS_HAVE_FIPS_140_2 | SSS_HAVE_FIPS_140_3) - - -/* Version checks GTE - Greater Than Or Equal To */ -#if SSS_HAVE_APPLET_SE05X_IOT -# if SSS_HAVE_SE05X_VER_06_00 -# define SSS_HAVE_SE05X_VER_GTE_06_00 1 -# define SSS_HAVE_SE05X_VER_GTE_03_XX 1 -# endif /* SSS_HAVE_SE05X_VER_06_00 */ -# if SSS_HAVE_SE05X_VER_03_XX -# define SSS_HAVE_SE05X_VER_GTE_06_00 0 -# define SSS_HAVE_SE05X_VER_GTE_03_XX 1 -# endif /* SSS_HAVE_SE05X_VER_03_XX */ -#else //SSS_HAVE_APPLET_SE05X_IOT -# define SSS_HAVE_SE05X_VER_GTE_03_XX 0 -# define SSS_HAVE_SE05X_VER_GTE_06_00 0 -#endif // SSS_HAVE_APPLET_SE05X_IOT -/** Deprecated items. Used here for backwards compatibility. */ - -#define WithApplet_SE05X (SSS_HAVE_APPLET_SE05X_IOT) -#define WithApplet_SE050_A (SSS_HAVE_APPLET_SE05X_A) -#define WithApplet_SE050_B (SSS_HAVE_APPLET_SE05X_B) -#define WithApplet_SE050_C (SSS_HAVE_APPLET_SE05X_C) -#define SSS_HAVE_SE050_A (SSS_HAVE_APPLET_SE05X_A) -#define SSS_HAVE_SE050_B (SSS_HAVE_APPLET_SE05X_B) -#define SSS_HAVE_SE050_C (SSS_HAVE_APPLET_SE05X_C) -#define SSS_HAVE_SE05X (SSS_HAVE_APPLET_SE05X_IOT) -#define SSS_HAVE_SE (SSS_HAVE_APPLET) -#define SSS_HAVE_LOOPBACK (SSS_HAVE_APPLET_LOOPBACK) -#define SSS_HAVE_ALT (SSS_HAVE_MBEDTLS_ALT) -#define WithApplet_None (SSS_HAVE_APPLET_NONE) -#define SSS_HAVE_None (SSS_HAVE_APPLET_NONE) -#define WithApplet_A71CH (SSS_HAVE_APPLET_A71CH) -#define SSS_HAVE_A71CH (SSS_HAVE_APPLET_A71CH) -#define WithApplet_A71CL (SSS_HAVE_APPLET_A71CL) -#define SSS_HAVE_A71CL (SSS_HAVE_APPLET_A71CL) -#define WithApplet_A71CH_SIM (SSS_HAVE_APPLET_A71CH_SIM) -#define SSS_HAVE_A71CH_SIM (SSS_HAVE_APPLET_A71CH_SIM) -#define WithApplet_SE05X_A (SSS_HAVE_APPLET_SE05X_A) -#define SSS_HAVE_SE05X_A (SSS_HAVE_APPLET_SE05X_A) -#define WithApplet_SE05X_B (SSS_HAVE_APPLET_SE05X_B) -#define SSS_HAVE_SE05X_B (SSS_HAVE_APPLET_SE05X_B) -#define WithApplet_SE05X_C (SSS_HAVE_APPLET_SE05X_C) -#define SSS_HAVE_SE05X_C (SSS_HAVE_APPLET_SE05X_C) -#define WithApplet_SE05X_L (SSS_HAVE_APPLET_SE05X_L) -#define SSS_HAVE_SE05X_L (SSS_HAVE_APPLET_SE05X_L) -#define WithApplet_LoopBack (SSS_HAVE_APPLET_LOOPBACK) -#define SSS_HAVE_LoopBack (SSS_HAVE_APPLET_LOOPBACK) -#define SSS_HAVE_MBEDTLS (SSS_HAVE_HOSTCRYPTO_MBEDTLS) -#define SSS_HAVE_MBEDCRYPTO (SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO) -#define SSS_HAVE_OPENSSL (SSS_HAVE_HOSTCRYPTO_OPENSSL) -#define SSS_HAVE_USER (SSS_HAVE_HOSTCRYPTO_USER) -#define SSS_HAVE_NONE (SSS_HAVE_HOSTCRYPTO_NONE) -#define SSS_HAVE_ALT_SSS (SSS_HAVE_MBEDTLS_ALT_SSS) -#define SSS_HAVE_ALT_A71CH (SSS_HAVE_MBEDTLS_ALT_A71CH) -#define SSS_HAVE_ALT_NONE (SSS_HAVE_MBEDTLS_ALT_NONE) -#define SSS_HAVE_SE05X_Auth_None (SSS_HAVE_SE05X_AUTH_NONE) -#define SSS_HAVE_SE05X_Auth_UserID (SSS_HAVE_SE05X_AUTH_USERID) -#define SSS_HAVE_SE05X_Auth_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_PLATFSCP03) -#define SSS_HAVE_SE05X_Auth_AESKey (SSS_HAVE_SE05X_AUTH_AESKEY) -#define SSS_HAVE_SE05X_Auth_ECKey (SSS_HAVE_SE05X_AUTH_ECKEY) -#define SSS_HAVE_SE05X_Auth_UserID_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) -#define SSS_HAVE_SE05X_Auth_AESKey_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) -#define SSS_HAVE_SE05X_Auth_ECKey_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) - -/* # CMake Features : END */ - -/* ========= Miscellaneous values : START =================== */ - -/* ECC Mode is available */ -#define SSS_HAVE_ECC 1 - -/* RSA is available */ -#define SSS_HAVE_RSA 1 - -/* TPM BARRETO_NAEHRIG Curve is enabled */ -#define SSS_HAVE_TPM_BN 1 - -/* Edwards Curve is enabled */ -#define SSS_HAVE_EC_ED 1 - -/* Montgomery Curve is enabled */ -#define SSS_HAVE_EC_MONT 1 - -/* MIFARE DESFire is enabled */ -#define SSS_HAVE_MIFARE_DESFIRE 1 - -/* PBKDF2 is enabled */ -#define SSS_HAVE_PBKDF2 1 - -/* TLS handshake support on SE is enabled */ -#define SSS_HAVE_TLS_HANDSHAKE 1 - -/* Import Export Key is enabled */ -#define SSS_HAVE_IMPORT 1 - -/* With NXP NFC Reader Library */ -#define SSS_HAVE_NXPNFCRDLIB 0 - -#define SSS_HAVE_A71XX \ - (SSS_HAVE_APPLET_A71CH | SSS_HAVE_APPLET_A71CH_SIM) - -#define SSS_HAVE_SSCP (SSS_HAVE_A71XX) - -/* For backwards compatibility */ -#define SSS_HAVE_TESTCOUNTERPART (SSSFTR_SW_TESTCOUNTERPART) - -/* ========= Miscellaneous values : END ===================== */ - -/* ========= Calculated values : START ====================== */ - -/* Should we expose, SSS APIs */ -#define SSS_HAVE_SSS ( 0 \ - + SSS_HAVE_SSCP \ - + SSS_HAVE_APPLET_SE05X_IOT \ - + SSS_HAVE_HOSTCRYPTO_OPENSSL \ - + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ - + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ - + SSS_HAVE_HOSTCRYPTO_USER \ - ) - -/* MBEDCRYPTO is superset of MBEDTLS and exposing that way */ -#if SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO -# undef SSS_HAVE_MBEDTLS -# undef SSS_HAVE_HOSTCRYPTO_MBEDTLS - -# define SSS_HAVE_MBEDTLS 1 -# define SSS_HAVE_HOSTCRYPTO_MBEDTLS 1 -#endif // SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO - -#if SSS_HAVE_HOSTCRYPTO_NONE -# undef SSSFTR_SE05X_AuthSession -# define SSSFTR_SE05X_AuthSession 0 -#endif - -/* Montgomery curves is not supported in SE05X_A*/ -#if SSS_HAVE_APPLET_SE05X_A -# undef SSS_HAVE_EC_MONT -# define SSS_HAVE_EC_MONT 0 -/* ED is not supported in SE050_A */ -#if SSS_HAVE_SE05X_VER_03_XX -# undef SSS_HAVE_EC_ED -# define SSS_HAVE_EC_ED 0 -#endif -#endif - -#if SSS_HAVE_RSA -# define SSS_HAVE_RSA_4K 1 -#endif - -#if SSS_HAVE_ECC -# define SSS_HAVE_EC_NIST_192 1 -# define SSS_HAVE_EC_NIST_224 1 -# define SSS_HAVE_EC_NIST_256 1 -# define SSS_HAVE_EC_NIST_384 1 -# define SSS_HAVE_EC_NIST_521 1 -# define SSS_HAVE_EC_BP 1 -# define SSS_HAVE_EC_NIST_K 1 -# define SSS_HAVE_ECDAA 1 -# define SSS_HAVE_EDDSA 1 -#if SSS_HAVE_APPLET_SE05X_A -# undef SSS_HAVE_ECDAA -# undef SSS_HAVE_EDDSA -# define SSS_HAVE_ECDAA 0 -# define SSS_HAVE_EDDSA 0 -#endif -#endif - -#if SSS_HAVE_APPLET -#define SSS_HAVE_HASH_1 1 -#define SSS_HAVE_HASH_224 1 -#define SSS_HAVE_HASH_512 1 -#endif - - -/* ========= Calculated values : END ======================== */ - -/* clang-format on */ - -#endif /* SSS_APIS_INC_FSL_SSS_FTR_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_keyid_map.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_keyid_map.h deleted file mode 100644 index 2b9b58a1c..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_keyid_map.h +++ /dev/null @@ -1,182 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/* Mapping between key id and physical key store */ - -#ifndef SSS_INC_KEYID_MAP_H_ -#define SSS_INC_KEYID_MAP_H_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#include - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -/* Physical index */ -/* clang-format off */ -#define K_INDEX_MASK (0xFFFFu << 0u) -#define K_TYPE_MASK (0xFFu << 24u) -#define K_TYPE_ECC_KP (0x01u << 24u) -#define K_TYPE_ECC_PUB (0x02u << 24u) -#define K_TYPE_AES (0x03u << 24u) -#define K_TYPE_CERT (0x04u << 24u) - -/* Key store N Count */ -#define KS_N_ECC_KEY_PAIRS 4 -#define KS_N_ECC_PUB_KEYS 3 -#define KS_N_AES_KEYS 8 -#define KS_N_CERTIFCATES 4 -#define KS_N_RSA_KEY_PAIRS 1 -#define KS_N_SYM_KEYS 1 - -/* clang-format on */ - -#define KS_N_ENTIRES_CL (0 + KS_N_RSA_KEY_PAIRS + KS_N_SYM_KEYS) - -#define KS_N_ENTIRES (0 + KS_N_ECC_KEY_PAIRS + KS_N_ECC_PUB_KEYS + KS_N_AES_KEYS + KS_N_CERTIFCATES) - -#define KEYSTORE_MAGIC (0xA71C401L) -#define KEYSTORE_VERSION (0x0004) -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -/* Generic entry of a Key ID Mapping inside the secure element */ -typedef struct -{ - /** External index */ - uint32_t extKeyId; - - /* Of type sss_key_part_t - * - * B0,B1,B2,B3 -> Key part and B4,B5,B6,B7 -> (No of slots taken - 1) */ - uint8_t keyPart; - uint8_t accessPermission; - uint8_t cipherType; /* Of type sss_cipher_type_t */ - /** Internal index */ - uint8_t keyIntIndex; -} keyIdAndTypeIndexLookup_t; - -typedef struct _keyStoreTable_t -{ - /** Fixed - Unique 32bit magic number. - * - * In case some one over-writes we can know. */ - uint32_t magic; - /** Fixed - constant based on version number */ - uint16_t version; - /** - * maxEntries Fixed - constant in the Layout. Should be equal to - * KS_N_ENTIRES This will help in porting between A71CH with less memory and - * SE050 with more memory - */ - uint16_t maxEntries; - /** Dynamic entries */ - keyIdAndTypeIndexLookup_t *entries; -} keyStoreTable_t; - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** - * Initialize the File allocation table entry - * - * @param keystore_shadow Shadow structure (to be persisted later to EEPROM or - * File System) - * @param lookup_entires Mapping table - * @param max_entries Maximum entries that the Key Store can have - */ -void ks_common_init_fat( - keyStoreTable_t *keystore_shadow, keyIdAndTypeIndexLookup_t *lookup_entires, size_t max_entries); - -/** - * Update the File Allocation Table for the key. - * - * @param[out] keystore_shadow - * @param[in] sss_key The key object. - * @param[in] intIndex internal index. - * @param extId External 32bit id of the key - * @param object_type Type of the object - * @param intIndex Internal index of the key. - * @param accessPermission Access (Read/write/etc.) - * - * @note accessPermission is not used for A71CH - * - * @return Fail if not able to add the entry. - - */ -sss_status_t ks_common_update_fat(keyStoreTable_t *keystore_shadow, - uint32_t extId, - sss_key_part_t object_part, - sss_cipher_type_t cipher_type, - uint8_t intIndex, - uint32_t accessPermission, - uint16_t keyLen); - -/** - * check if the internal slot is availble for the key type. - * - * @param[in] keystore_shadow - * @param[in] object_type type of key Object - * @param[out] next_free_index avialable internal index for a particular key - * type - * - * @return Fail if internal index is not available. - */ -sss_status_t ks_common_check_available_int_index(keyStoreTable_t *keystore_shadow, - uint8_t object_type, - uint8_t cipher_type, - uint16_t *next_free_index, - uint16_t keyLen); - -sss_status_t ks_common_extId_to_int_index(keyStoreTable_t *keystore_shadow, uint32_t extId, uint16_t *intIndex); -/** - * check if the key store is valid. - * - * @param[in] keystore_shadow The shadow of keystore - * @param[out] status - * - * @return Fail if key store is not valid - */ -sss_status_t isValidKeyStoreShadow(keyStoreTable_t *keystore_shadow); -/** -* check if the internal slot is availble for the key type. -* -* @param[in] keystore_shadow -* @param[in] keyId key id for getting key object -* @param[out] keyType type of keyobject retrieved from keyId* type -* -* @return Fail if keyId not found -*/ -sss_status_t ks_common_get_keyType_from_keyid( - keyStoreTable_t *keystore_shadow, uint32_t keyId, uint32_t *keyType, uint32_t *cipherType); -/** - * remove entry from shadow keystore. - * - * @param[in] keystore_shadow - * @param[in] extId key id for getting key object - * - * @return Fail if keyId not found - */ -sss_status_t ks_common_remove_fat(keyStoreTable_t *keystore_shadow, uint32_t extId); - -void ks_sw_fat_remove(const char *szRootPath); -void ks_sw_fat_free(keyStoreTable_t *keystore_shadow); -void ks_sw_fat_allocate(keyStoreTable_t **keystore_shadow); -void ks_sw_getKeyFileName( - char *const file_name, const size_t size, const sss_object_t *sss_key, const char *root_folder); -sss_status_t ks_sw_fat_load(const char *szRootPath, keyStoreTable_t *pKeystore_shadow); - -#endif /* SSS_INC_KEYID_MAP_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_lpc55s_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_lpc55s_apis.h deleted file mode 100644 index d9e1a05f4..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_lpc55s_apis.h +++ /dev/null @@ -1,115 +0,0 @@ -/* - * - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef __FSL_SSS_LPC55S_APIS_H__ -#define __FSL_SSS_LPC55S_APIS_H__ - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if defined(SECURE_WORLD) -#if SSS_HAVE_HOSTCRYPTO_MBEDTLS -#include -#include - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** @copydoc sss_session_open - * - */ -sss_status_t sss_lpc55s_impl_session_open(sss_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_close - * - */ -void sss_lpc55s_impl_session_close(sss_session_t *session); - -/** - * @addtogroup sss_lpc55s_impl_mac - * @{ - */ -/** @copydoc sss_mac_context_init - * - */ -sss_status_t sss_lpc55s_impl_mac_context_init( - sss_mac_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @copydoc sss_mac_one_go - * - */ -sss_status_t sss_lpc55s_impl_mac_one_go( - sss_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_context_free - * - */ -void sss_lpc55s_impl_mac_context_free(sss_mac_t *context); - -/** Re-define sss_host_session_open to be redirected - * from HashCrypt session open - */ -#ifdef sss_host_session_open -#undef sss_host_session_open -#define sss_host_session_open(session, subsystem, application_id, connection_type, connectionData) \ - sss_lpc55s_impl_session_open((session), (subsystem), (application_id), (connection_type), (connectionData)) -#endif - -/** Re-define sss_host_session_close to be redirected - * from HashCrypt session open - */ -#ifdef sss_host_session_close -#undef sss_host_session_close -#define sss_host_session_close(session) sss_lpc55s_impl_session_close((session)) -#endif - -/** Re-define sss_host_mac_context_init to be redirected - * from HashCrypt MAC operations - */ -#ifdef sss_host_mac_context_init -#undef sss_host_mac_context_init -#define sss_host_mac_context_init(context, session, keyObject, algorithm, mode) \ - sss_lpc55s_impl_mac_context_init((context), (session), (keyObject), (algorithm), (mode)) -#endif - -/** Re-define sss_host_mac_one_go to be redirected - * from HashCrypt MAC operations - */ -#ifdef sss_host_mac_one_go -#undef sss_host_mac_one_go -#define sss_host_mac_one_go(context, message, messageLen, mac, macLen) \ - sss_lpc55s_impl_mac_one_go((context), (message), (messageLen), (mac), (macLen)) -#endif - -/** Re-define sss_host_mac_context_free to be redirected - * from HashCrypt MAC operations - */ -#ifdef sss_host_mac_context_free -#undef sss_host_mac_context_free -#define sss_host_mac_context_free(context) sss_lpc55s_impl_mac_context_free((context)) -#endif - -/* clang-format on */ -#endif /* SSS_HAVE_HOSTCRYPTO_MBEDTLS */ -#endif /* SECURE_WORLD */ - -#ifdef __cplusplus -} // extern "C" -#endif /* __cplusplus */ - -#endif /* __FSL_SSS_LPC55S_APIS_H__ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_apis.h deleted file mode 100644 index d077f6308..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_apis.h +++ /dev/null @@ -1,837 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef FSL_SSS_MBEDTLS_APIS_H -#define FSL_SSS_MBEDTLS_APIS_H - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_MBEDTLS -#include - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/** - * @addtogroup sss_mbedtls_session - * @{ - */ -/** @copydoc sss_session_create - * - */ -sss_status_t sss_mbedtls_session_create(sss_mbedtls_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_open - * - */ -sss_status_t sss_mbedtls_session_open(sss_mbedtls_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_prop_get_u32 - * - */ -sss_status_t sss_mbedtls_session_prop_get_u32(sss_mbedtls_session_t *session, uint32_t property, uint32_t *pValue); - -/** @copydoc sss_session_prop_get_au8 - * - */ -sss_status_t sss_mbedtls_session_prop_get_au8( - sss_mbedtls_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** @copydoc sss_session_close - * - */ -void sss_mbedtls_session_close(sss_mbedtls_session_t *session); - -/** @copydoc sss_session_delete - * - */ -void sss_mbedtls_session_delete(sss_mbedtls_session_t *session); - -/*! @} */ /* end of : sss_mbedtls_session */ - -/** - * @addtogroup sss_mbedtls_keyobj - * @{ - */ -/** @copydoc sss_key_object_init - * - */ -sss_status_t sss_mbedtls_key_object_init(sss_mbedtls_object_t *keyObject, sss_mbedtls_key_store_t *keyStore); - -/** @copydoc sss_key_object_allocate_handle - * - */ -sss_status_t sss_mbedtls_key_object_allocate_handle(sss_mbedtls_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t options); - -/** @copydoc sss_key_object_get_handle - * - */ -sss_status_t sss_mbedtls_key_object_get_handle(sss_mbedtls_object_t *keyObject, uint32_t keyId); - -/** @copydoc sss_key_object_set_user - * - */ -sss_status_t sss_mbedtls_key_object_set_user(sss_mbedtls_object_t *keyObject, uint32_t user, uint32_t options); - -/** @copydoc sss_key_object_set_purpose - * - */ -sss_status_t sss_mbedtls_key_object_set_purpose(sss_mbedtls_object_t *keyObject, sss_mode_t purpose, uint32_t options); - -/** @copydoc sss_key_object_set_access - * - */ -sss_status_t sss_mbedtls_key_object_set_access(sss_mbedtls_object_t *keyObject, uint32_t access, uint32_t options); - -/** @copydoc sss_key_object_set_eccgfp_group - * - */ -sss_status_t sss_mbedtls_key_object_set_eccgfp_group(sss_mbedtls_object_t *keyObject, sss_eccgfp_group_t *group); - -/** @copydoc sss_key_object_get_user - * - */ -sss_status_t sss_mbedtls_key_object_get_user(sss_mbedtls_object_t *keyObject, uint32_t *user); - -/** @copydoc sss_key_object_get_purpose - * - */ -sss_status_t sss_mbedtls_key_object_get_purpose(sss_mbedtls_object_t *keyObject, sss_mode_t *purpose); - -/** @copydoc sss_key_object_get_access - * - */ -sss_status_t sss_mbedtls_key_object_get_access(sss_mbedtls_object_t *keyObject, uint32_t *access); - -/** @copydoc sss_key_object_free - * - */ -void sss_mbedtls_key_object_free(sss_mbedtls_object_t *keyObject); - -/*! @} */ /* end of : sss_mbedtls_keyobj */ - -/** - * @addtogroup sss_mbedtls_keyderive - * @{ - */ -/** @copydoc sss_derive_key_context_init - * - */ -sss_status_t sss_mbedtls_derive_key_context_init(sss_mbedtls_derive_key_t *context, - sss_mbedtls_session_t *session, - sss_mbedtls_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_derive_key_go - * - */ -sss_status_t sss_mbedtls_derive_key_go(sss_mbedtls_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_mbedtls_object_t *derivedKeyObject, - uint16_t deriveDataLen, - uint8_t *hkdfOutput, - size_t *hkdfOutputLen); - -/** @copydoc sss_derive_key_one_go -* -*/ -sss_status_t sss_mbedtls_derive_key_one_go(sss_mbedtls_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_mbedtls_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_sobj_one_go -* -*/ -sss_status_t sss_mbedtls_derive_key_sobj_one_go(sss_mbedtls_derive_key_t *context, - sss_mbedtls_object_t *saltKeyObject, - const uint8_t *info, - size_t infoLen, - sss_mbedtls_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_dh - * - */ -sss_status_t sss_mbedtls_derive_key_dh(sss_mbedtls_derive_key_t *context, - sss_mbedtls_object_t *otherPartyKeyObject, - sss_mbedtls_object_t *derivedKeyObject); - -/** @copydoc sss_derive_key_context_free - * - */ -void sss_mbedtls_derive_key_context_free(sss_mbedtls_derive_key_t *context); - -/*! @} */ /* end of : sss_mbedtls_keyderive */ - -/** - * @addtogroup sss_mbedtls_keystore - * @{ - */ -/** @copydoc sss_key_store_context_init - * - */ -sss_status_t sss_mbedtls_key_store_context_init(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_session_t *session); - -/** @copydoc sss_key_store_allocate - * - */ -sss_status_t sss_mbedtls_key_store_allocate(sss_mbedtls_key_store_t *keyStore, uint32_t keyStoreId); - -/** @copydoc sss_key_store_save - * - */ -sss_status_t sss_mbedtls_key_store_save(sss_mbedtls_key_store_t *keyStore); - -/** @copydoc sss_key_store_load - * - */ -sss_status_t sss_mbedtls_key_store_load(sss_mbedtls_key_store_t *keyStore); - -/** @copydoc sss_key_store_set_key - * - */ -sss_status_t sss_mbedtls_key_store_set_key(sss_mbedtls_key_store_t *keyStore, - sss_mbedtls_object_t *keyObject, - const uint8_t *data, - size_t dataLen, - size_t keyBitLen, - void *options, - size_t optionsLen); - -/** @copydoc sss_key_store_generate_key - * - */ -sss_status_t sss_mbedtls_key_store_generate_key( - sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject, size_t keyBitLen, void *options); - -/** @copydoc sss_key_store_get_key - * - */ -sss_status_t sss_mbedtls_key_store_get_key(sss_mbedtls_key_store_t *keyStore, - sss_mbedtls_object_t *keyObject, - uint8_t *data, - size_t *dataLen, - size_t *pKeyBitLen); - -/** @copydoc sss_key_store_open_key - * - */ -sss_status_t sss_mbedtls_key_store_open_key(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject); - -/** @copydoc sss_key_store_freeze_key - * - */ -sss_status_t sss_mbedtls_key_store_freeze_key(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject); - -/** @copydoc sss_key_store_erase_key - * - */ -sss_status_t sss_mbedtls_key_store_erase_key(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject); - -/** @copydoc sss_key_store_context_free - * - */ -void sss_mbedtls_key_store_context_free(sss_mbedtls_key_store_t *keyStore); - -/*! @} */ /* end of : sss_mbedtls_keystore */ - -/** - * @addtogroup sss_mbedtls_asym - * @{ - */ -/** @copydoc sss_asymmetric_context_init - * - */ -sss_status_t sss_mbedtls_asymmetric_context_init(sss_mbedtls_asymmetric_t *context, - sss_mbedtls_session_t *session, - sss_mbedtls_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_asymmetric_encrypt - * - */ -sss_status_t sss_mbedtls_asymmetric_encrypt( - sss_mbedtls_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_decrypt - * - */ -sss_status_t sss_mbedtls_asymmetric_decrypt( - sss_mbedtls_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_sign_digest - * - */ -sss_status_t sss_mbedtls_asymmetric_sign_digest( - sss_mbedtls_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); - -/** @copydoc sss_asymmetric_verify_digest - * - */ -sss_status_t sss_mbedtls_asymmetric_verify_digest( - sss_mbedtls_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); - -/** @copydoc sss_asymmetric_context_free - * - */ -void sss_mbedtls_asymmetric_context_free(sss_mbedtls_asymmetric_t *context); - -/*! @} */ /* end of : sss_mbedtls_asym */ - -/** - * @addtogroup sss_mbedtls_symm - * @{ - */ -/** @copydoc sss_symmetric_context_init - * - */ -sss_status_t sss_mbedtls_symmetric_context_init(sss_mbedtls_symmetric_t *context, - sss_mbedtls_session_t *session, - sss_mbedtls_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_cipher_one_go - * - */ -sss_status_t sss_mbedtls_cipher_one_go(sss_mbedtls_symmetric_t *context, - uint8_t *iv, - size_t ivLen, - const uint8_t *srcData, - uint8_t *destData, - size_t dataLen); - -/** @copydoc sss_cipher_init - * - */ -sss_status_t sss_mbedtls_cipher_init(sss_mbedtls_symmetric_t *context, uint8_t *iv, size_t ivLen); - -/** @copydoc sss_cipher_update - * - */ -sss_status_t sss_mbedtls_cipher_update( - sss_mbedtls_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_finish - * - */ -sss_status_t sss_mbedtls_cipher_finish( - sss_mbedtls_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_crypt_ctr - * - */ -sss_status_t sss_mbedtls_cipher_crypt_ctr(sss_mbedtls_symmetric_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *initialCounter, - uint8_t *lastEncryptedCounter, - size_t *szLeft); - -/** @copydoc sss_symmetric_context_free - * - */ -void sss_mbedtls_symmetric_context_free(sss_mbedtls_symmetric_t *context); - -/*! @} */ /* end of : sss_mbedtls_symm */ - -/** - * @addtogroup sss_mbedtls_aead - * @{ - */ -/** @copydoc sss_aead_context_init - * - */ -sss_status_t sss_mbedtls_aead_context_init(sss_mbedtls_aead_t *context, - sss_mbedtls_session_t *session, - sss_mbedtls_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_aead_one_go - * - */ -sss_status_t sss_mbedtls_aead_one_go(sss_mbedtls_aead_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *nonce, - size_t nonceLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_init - * - */ -sss_status_t sss_mbedtls_aead_init( - sss_mbedtls_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); - -/** @copydoc sss_aead_update_aad - * - */ -sss_status_t sss_mbedtls_aead_update_aad(sss_mbedtls_aead_t *context, const uint8_t *aadData, size_t aadDataLen); - -/** @copydoc sss_aead_update - * - */ -sss_status_t sss_mbedtls_aead_update( - sss_mbedtls_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_aead_finish - * - */ -sss_status_t sss_mbedtls_aead_finish(sss_mbedtls_aead_t *context, - const uint8_t *srcData, - size_t srcLen, - uint8_t *destData, - size_t *destLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_context_free - * - */ -void sss_mbedtls_aead_context_free(sss_mbedtls_aead_t *context); - -/*! @} */ /* end of : sss_mbedtls_aead */ - -/** - * @addtogroup sss_mbedtls_mac - * @{ - */ -/** @copydoc sss_mac_context_init - * - */ -sss_status_t sss_mbedtls_mac_context_init(sss_mbedtls_mac_t *context, - sss_mbedtls_session_t *session, - sss_mbedtls_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_mac_one_go - * - */ -sss_status_t sss_mbedtls_mac_one_go( - sss_mbedtls_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_init - * - */ -sss_status_t sss_mbedtls_mac_init(sss_mbedtls_mac_t *context); - -/** @copydoc sss_mac_update - * - */ -sss_status_t sss_mbedtls_mac_update(sss_mbedtls_mac_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_mac_finish - * - */ -sss_status_t sss_mbedtls_mac_finish(sss_mbedtls_mac_t *context, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_context_free - * - */ -void sss_mbedtls_mac_context_free(sss_mbedtls_mac_t *context); - -/*! @} */ /* end of : sss_mbedtls_mac */ - -/** - * @addtogroup sss_mbedtls_md - * @{ - */ -/** @copydoc sss_digest_context_init - * - */ -sss_status_t sss_mbedtls_digest_context_init( - sss_mbedtls_digest_t *context, sss_mbedtls_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @copydoc sss_digest_one_go - * - */ -sss_status_t sss_mbedtls_digest_one_go( - sss_mbedtls_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_init - * - */ -sss_status_t sss_mbedtls_digest_init(sss_mbedtls_digest_t *context); - -/** @copydoc sss_digest_update - * - */ -sss_status_t sss_mbedtls_digest_update(sss_mbedtls_digest_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_digest_finish - * - */ -sss_status_t sss_mbedtls_digest_finish(sss_mbedtls_digest_t *context, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_context_free - * - */ -void sss_mbedtls_digest_context_free(sss_mbedtls_digest_t *context); - -/*! @} */ /* end of : sss_mbedtls_md */ - -/** - * @addtogroup sss_mbedtls_rng - * @{ - */ -/** @copydoc sss_rng_context_init - * - */ -sss_status_t sss_mbedtls_rng_context_init(sss_mbedtls_rng_context_t *context, sss_mbedtls_session_t *session); - -/** @copydoc sss_rng_get_random - * - */ -sss_status_t sss_mbedtls_rng_get_random(sss_mbedtls_rng_context_t *context, uint8_t *random_data, size_t dataLen); - -/** @copydoc sss_rng_context_free - * - */ -sss_status_t sss_mbedtls_rng_context_free(sss_mbedtls_rng_context_t *context); - -/*! @} */ /* end of : sss_mbedtls_rng */ - -/* clang-format off */ -# if (SSS_HAVE_SSS == 1) - /* Direct Call : session */ -# define sss_session_create(session,subsystem,application_id,connection_type,connectionData) \ - sss_mbedtls_session_create(((sss_mbedtls_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_session_open(session,subsystem,application_id,connection_type,connectionData) \ - sss_mbedtls_session_open(((sss_mbedtls_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_session_prop_get_u32(session,property,pValue) \ - sss_mbedtls_session_prop_get_u32(((sss_mbedtls_session_t * ) session),(property),(pValue)) -# define sss_session_prop_get_au8(session,property,pValue,pValueLen) \ - sss_mbedtls_session_prop_get_au8(((sss_mbedtls_session_t * ) session),(property),(pValue),(pValueLen)) -# define sss_session_close(session) \ - sss_mbedtls_session_close(((sss_mbedtls_session_t * ) session)) -# define sss_session_delete(session) \ - sss_mbedtls_session_delete(((sss_mbedtls_session_t * ) session)) - /* Direct Call : keyobj */ -# define sss_key_object_init(keyObject,keyStore) \ - sss_mbedtls_key_object_init(((sss_mbedtls_object_t * ) keyObject),((sss_mbedtls_key_store_t * ) keyStore)) -# define sss_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ - sss_mbedtls_key_object_allocate_handle(((sss_mbedtls_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) -# define sss_key_object_get_handle(keyObject,keyId) \ - sss_mbedtls_key_object_get_handle(((sss_mbedtls_object_t * ) keyObject),(keyId)) -# define sss_key_object_set_user(keyObject,user,options) \ - sss_mbedtls_key_object_set_user(((sss_mbedtls_object_t * ) keyObject),(user),(options)) -# define sss_key_object_set_purpose(keyObject,purpose,options) \ - sss_mbedtls_key_object_set_purpose(((sss_mbedtls_object_t * ) keyObject),(purpose),(options)) -# define sss_key_object_set_access(keyObject,access,options) \ - sss_mbedtls_key_object_set_access(((sss_mbedtls_object_t * ) keyObject),(access),(options)) -# define sss_key_object_set_eccgfp_group(keyObject,group) \ - sss_mbedtls_key_object_set_eccgfp_group(((sss_mbedtls_object_t * ) keyObject),(group)) -# define sss_key_object_get_user(keyObject,user) \ - sss_mbedtls_key_object_get_user(((sss_mbedtls_object_t * ) keyObject),(user)) -# define sss_key_object_get_purpose(keyObject,purpose) \ - sss_mbedtls_key_object_get_purpose(((sss_mbedtls_object_t * ) keyObject),(purpose)) -# define sss_key_object_get_access(keyObject,access) \ - sss_mbedtls_key_object_get_access(((sss_mbedtls_object_t * ) keyObject),(access)) -# define sss_key_object_free(keyObject) \ - sss_mbedtls_key_object_free(((sss_mbedtls_object_t * ) keyObject)) - /* Direct Call : keyderive */ -# define sss_derive_key_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_derive_key_context_init(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ - sss_mbedtls_derive_key_go(((sss_mbedtls_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_mbedtls_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) -# define sss_derive_key_one_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen) \ - sss_mbedtls_derive_key_one_go(((sss_mbedtls_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_mbedtls_object_t * ) derivedKeyObject),(deriveDataLen)) -# define sss_derive_key_sobj_one_go(context,saltKeyObject,info,infoLen,derivedKeyObject,deriveDataLen) \ - sss_mbedtls_derive_key_sobj_one_go(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_object_t * )saltKeyObject),(info),(infoLen),((sss_mbedtls_object_t * ) derivedKeyObject),(deriveDataLen)) -# define sss_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ - sss_mbedtls_derive_key_dh(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_object_t * ) otherPartyKeyObject),((sss_mbedtls_object_t * ) derivedKeyObject)) -# define sss_derive_key_context_free(context) \ - sss_mbedtls_derive_key_context_free(((sss_mbedtls_derive_key_t * ) context)) - /* Direct Call : keystore */ -# define sss_key_store_context_init(keyStore,session) \ - sss_mbedtls_key_store_context_init(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_session_t * ) session)) -# define sss_key_store_allocate(keyStore,keyStoreId) \ - sss_mbedtls_key_store_allocate(((sss_mbedtls_key_store_t * ) keyStore),(keyStoreId)) -# define sss_key_store_save(keyStore) \ - sss_mbedtls_key_store_save(((sss_mbedtls_key_store_t * ) keyStore)) -# define sss_key_store_load(keyStore) \ - sss_mbedtls_key_store_load(((sss_mbedtls_key_store_t * ) keyStore)) -# define sss_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ - sss_mbedtls_key_store_set_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) -# define sss_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ - sss_mbedtls_key_store_generate_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(keyBitLen),(options)) -# define sss_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ - sss_mbedtls_key_store_get_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) -# define sss_key_store_open_key(keyStore,keyObject) \ - sss_mbedtls_key_store_open_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) -# define sss_key_store_freeze_key(keyStore,keyObject) \ - sss_mbedtls_key_store_freeze_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) -# define sss_key_store_erase_key(keyStore,keyObject) \ - sss_mbedtls_key_store_erase_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) -# define sss_key_store_context_free(keyStore) \ - sss_mbedtls_key_store_context_free(((sss_mbedtls_key_store_t * ) keyStore)) - /* Direct Call : asym */ -# define sss_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_asymmetric_context_init(((sss_mbedtls_asymmetric_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_asymmetric_encrypt(((sss_mbedtls_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_asymmetric_decrypt(((sss_mbedtls_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ - sss_mbedtls_asymmetric_sign_digest(((sss_mbedtls_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ - sss_mbedtls_asymmetric_verify_digest(((sss_mbedtls_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_asymmetric_context_free(context) \ - sss_mbedtls_asymmetric_context_free(((sss_mbedtls_asymmetric_t * ) context)) - /* Direct Call : symm */ -# define sss_symmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_symmetric_context_init(((sss_mbedtls_symmetric_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ - sss_mbedtls_cipher_one_go(((sss_mbedtls_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) -# define sss_cipher_init(context,iv,ivLen) \ - sss_mbedtls_cipher_init(((sss_mbedtls_symmetric_t * ) context),(iv),(ivLen)) -# define sss_cipher_update(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_cipher_update(((sss_mbedtls_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_cipher_finish(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_cipher_finish(((sss_mbedtls_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ - sss_mbedtls_cipher_crypt_ctr(((sss_mbedtls_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) -# define sss_symmetric_context_free(context) \ - sss_mbedtls_symmetric_context_free(((sss_mbedtls_symmetric_t * ) context)) - /* Direct Call : aead */ -# define sss_aead_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_aead_context_init(((sss_mbedtls_aead_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ - sss_mbedtls_aead_one_go(((sss_mbedtls_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) -# define sss_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ - sss_mbedtls_aead_init(((sss_mbedtls_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) -# define sss_aead_update_aad(context,aadData,aadDataLen) \ - sss_mbedtls_aead_update_aad(((sss_mbedtls_aead_t * ) context),(aadData),(aadDataLen)) -# define sss_aead_update(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_aead_update(((sss_mbedtls_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ - sss_mbedtls_aead_finish(((sss_mbedtls_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) -# define sss_aead_context_free(context) \ - sss_mbedtls_aead_context_free(((sss_mbedtls_aead_t * ) context)) - /* Direct Call : mac */ -# define sss_mac_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_mac_context_init(((sss_mbedtls_mac_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_mac_one_go(context,message,messageLen,mac,macLen) \ - sss_mbedtls_mac_one_go(((sss_mbedtls_mac_t * ) context),(message),(messageLen),(mac),(macLen)) -# define sss_mac_init(context) \ - sss_mbedtls_mac_init(((sss_mbedtls_mac_t * ) context)) -# define sss_mac_update(context,message,messageLen) \ - sss_mbedtls_mac_update(((sss_mbedtls_mac_t * ) context),(message),(messageLen)) -# define sss_mac_finish(context,mac,macLen) \ - sss_mbedtls_mac_finish(((sss_mbedtls_mac_t * ) context),(mac),(macLen)) -# define sss_mac_context_free(context) \ - sss_mbedtls_mac_context_free(((sss_mbedtls_mac_t * ) context)) - /* Direct Call : md */ -# define sss_digest_context_init(context,session,algorithm,mode) \ - sss_mbedtls_digest_context_init(((sss_mbedtls_digest_t * ) context),((sss_mbedtls_session_t * ) session),(algorithm),(mode)) -# define sss_digest_one_go(context,message,messageLen,digest,digestLen) \ - sss_mbedtls_digest_one_go(((sss_mbedtls_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) -# define sss_digest_init(context) \ - sss_mbedtls_digest_init(((sss_mbedtls_digest_t * ) context)) -# define sss_digest_update(context,message,messageLen) \ - sss_mbedtls_digest_update(((sss_mbedtls_digest_t * ) context),(message),(messageLen)) -# define sss_digest_finish(context,digest,digestLen) \ - sss_mbedtls_digest_finish(((sss_mbedtls_digest_t * ) context),(digest),(digestLen)) -# define sss_digest_context_free(context) \ - sss_mbedtls_digest_context_free(((sss_mbedtls_digest_t * ) context)) - /* Direct Call : rng */ -# define sss_rng_context_init(context,session) \ - sss_mbedtls_rng_context_init(((sss_mbedtls_rng_context_t * ) context),((sss_mbedtls_session_t * ) session)) -# define sss_rng_get_random(context,random_data,dataLen) \ - sss_mbedtls_rng_get_random(((sss_mbedtls_rng_context_t * ) context),(random_data),(dataLen)) -# define sss_rng_context_free(context) \ - sss_mbedtls_rng_context_free(((sss_mbedtls_rng_context_t * ) context)) -# endif /* (SSS_HAVE_SSS == 1) */ -# if (SSS_HAVE_OPENSSL == 0) - /* Host Call : session */ -# define sss_host_session_create(session,subsystem,application_id,connection_type,connectionData) \ - sss_mbedtls_session_create(((sss_mbedtls_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_host_session_open(session,subsystem,application_id,connection_type,connectionData) \ - sss_mbedtls_session_open(((sss_mbedtls_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_host_session_prop_get_u32(session,property,pValue) \ - sss_mbedtls_session_prop_get_u32(((sss_mbedtls_session_t * ) session),(property),(pValue)) -# define sss_host_session_prop_get_au8(session,property,pValue,pValueLen) \ - sss_mbedtls_session_prop_get_au8(((sss_mbedtls_session_t * ) session),(property),(pValue),(pValueLen)) -# define sss_host_session_close(session) \ - sss_mbedtls_session_close(((sss_mbedtls_session_t * ) session)) -# define sss_host_session_delete(session) \ - sss_mbedtls_session_delete(((sss_mbedtls_session_t * ) session)) - /* Host Call : keyobj */ -# define sss_host_key_object_init(keyObject,keyStore) \ - sss_mbedtls_key_object_init(((sss_mbedtls_object_t * ) keyObject),((sss_mbedtls_key_store_t * ) keyStore)) -# define sss_host_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ - sss_mbedtls_key_object_allocate_handle(((sss_mbedtls_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) -# define sss_host_key_object_get_handle(keyObject,keyId) \ - sss_mbedtls_key_object_get_handle(((sss_mbedtls_object_t * ) keyObject),(keyId)) -# define sss_host_key_object_set_user(keyObject,user,options) \ - sss_mbedtls_key_object_set_user(((sss_mbedtls_object_t * ) keyObject),(user),(options)) -# define sss_host_key_object_set_purpose(keyObject,purpose,options) \ - sss_mbedtls_key_object_set_purpose(((sss_mbedtls_object_t * ) keyObject),(purpose),(options)) -# define sss_host_key_object_set_access(keyObject,access,options) \ - sss_mbedtls_key_object_set_access(((sss_mbedtls_object_t * ) keyObject),(access),(options)) -# define sss_host_key_object_set_eccgfp_group(keyObject,group) \ - sss_mbedtls_key_object_set_eccgfp_group(((sss_mbedtls_object_t * ) keyObject),(group)) -# define sss_host_key_object_get_user(keyObject,user) \ - sss_mbedtls_key_object_get_user(((sss_mbedtls_object_t * ) keyObject),(user)) -# define sss_host_key_object_get_purpose(keyObject,purpose) \ - sss_mbedtls_key_object_get_purpose(((sss_mbedtls_object_t * ) keyObject),(purpose)) -# define sss_host_key_object_get_access(keyObject,access) \ - sss_mbedtls_key_object_get_access(((sss_mbedtls_object_t * ) keyObject),(access)) -# define sss_host_key_object_free(keyObject) \ - sss_mbedtls_key_object_free(((sss_mbedtls_object_t * ) keyObject)) - /* Host Call : keyderive */ -# define sss_host_derive_key_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_derive_key_context_init(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ - sss_mbedtls_derive_key_go(((sss_mbedtls_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_mbedtls_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) -# define sss_host_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ - sss_mbedtls_derive_key_dh(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_object_t * ) otherPartyKeyObject),((sss_mbedtls_object_t * ) derivedKeyObject)) -# define sss_host_derive_key_context_free(context) \ - sss_mbedtls_derive_key_context_free(((sss_mbedtls_derive_key_t * ) context)) - /* Host Call : keystore */ -# define sss_host_key_store_context_init(keyStore,session) \ - sss_mbedtls_key_store_context_init(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_session_t * ) session)) -# define sss_host_key_store_allocate(keyStore,keyStoreId) \ - sss_mbedtls_key_store_allocate(((sss_mbedtls_key_store_t * ) keyStore),(keyStoreId)) -# define sss_host_key_store_save(keyStore) \ - sss_mbedtls_key_store_save(((sss_mbedtls_key_store_t * ) keyStore)) -# define sss_host_key_store_load(keyStore) \ - sss_mbedtls_key_store_load(((sss_mbedtls_key_store_t * ) keyStore)) -# define sss_host_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ - sss_mbedtls_key_store_set_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) -# define sss_host_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ - sss_mbedtls_key_store_generate_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(keyBitLen),(options)) -# define sss_host_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ - sss_mbedtls_key_store_get_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) -# define sss_host_key_store_open_key(keyStore,keyObject) \ - sss_mbedtls_key_store_open_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) -# define sss_host_key_store_freeze_key(keyStore,keyObject) \ - sss_mbedtls_key_store_freeze_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) -# define sss_host_key_store_erase_key(keyStore,keyObject) \ - sss_mbedtls_key_store_erase_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) -# define sss_host_key_store_context_free(keyStore) \ - sss_mbedtls_key_store_context_free(((sss_mbedtls_key_store_t * ) keyStore)) - /* Host Call : asym */ -# define sss_host_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_asymmetric_context_init(((sss_mbedtls_asymmetric_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_asymmetric_encrypt(((sss_mbedtls_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_asymmetric_decrypt(((sss_mbedtls_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ - sss_mbedtls_asymmetric_sign_digest(((sss_mbedtls_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_host_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ - sss_mbedtls_asymmetric_verify_digest(((sss_mbedtls_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_host_asymmetric_context_free(context) \ - sss_mbedtls_asymmetric_context_free(((sss_mbedtls_asymmetric_t * ) context)) - /* Host Call : symm */ -# define sss_host_symmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_symmetric_context_init(((sss_mbedtls_symmetric_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ - sss_mbedtls_cipher_one_go(((sss_mbedtls_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) -# define sss_host_cipher_init(context,iv,ivLen) \ - sss_mbedtls_cipher_init(((sss_mbedtls_symmetric_t * ) context),(iv),(ivLen)) -# define sss_host_cipher_update(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_cipher_update(((sss_mbedtls_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_cipher_finish(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_cipher_finish(((sss_mbedtls_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ - sss_mbedtls_cipher_crypt_ctr(((sss_mbedtls_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) -# define sss_host_symmetric_context_free(context) \ - sss_mbedtls_symmetric_context_free(((sss_mbedtls_symmetric_t * ) context)) - /* Host Call : aead */ -# define sss_host_aead_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_aead_context_init(((sss_mbedtls_aead_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ - sss_mbedtls_aead_one_go(((sss_mbedtls_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) -# define sss_host_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ - sss_mbedtls_aead_init(((sss_mbedtls_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) -# define sss_host_aead_update_aad(context,aadData,aadDataLen) \ - sss_mbedtls_aead_update_aad(((sss_mbedtls_aead_t * ) context),(aadData),(aadDataLen)) -# define sss_host_aead_update(context,srcData,srcLen,destData,destLen) \ - sss_mbedtls_aead_update(((sss_mbedtls_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ - sss_mbedtls_aead_finish(((sss_mbedtls_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) -# define sss_host_aead_context_free(context) \ - sss_mbedtls_aead_context_free(((sss_mbedtls_aead_t * ) context)) - /* Host Call : mac */ -# define sss_host_mac_context_init(context,session,keyObject,algorithm,mode) \ - sss_mbedtls_mac_context_init(((sss_mbedtls_mac_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_mac_one_go(context,message,messageLen,mac,macLen) \ - sss_mbedtls_mac_one_go(((sss_mbedtls_mac_t * ) context),(message),(messageLen),(mac),(macLen)) -# define sss_host_mac_init(context) \ - sss_mbedtls_mac_init(((sss_mbedtls_mac_t * ) context)) -# define sss_host_mac_update(context,message,messageLen) \ - sss_mbedtls_mac_update(((sss_mbedtls_mac_t * ) context),(message),(messageLen)) -# define sss_host_mac_finish(context,mac,macLen) \ - sss_mbedtls_mac_finish(((sss_mbedtls_mac_t * ) context),(mac),(macLen)) -# define sss_host_mac_context_free(context) \ - sss_mbedtls_mac_context_free(((sss_mbedtls_mac_t * ) context)) - /* Host Call : md */ -# define sss_host_digest_context_init(context,session,algorithm,mode) \ - sss_mbedtls_digest_context_init(((sss_mbedtls_digest_t * ) context),((sss_mbedtls_session_t * ) session),(algorithm),(mode)) -# define sss_host_digest_one_go(context,message,messageLen,digest,digestLen) \ - sss_mbedtls_digest_one_go(((sss_mbedtls_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) -# define sss_host_digest_init(context) \ - sss_mbedtls_digest_init(((sss_mbedtls_digest_t * ) context)) -# define sss_host_digest_update(context,message,messageLen) \ - sss_mbedtls_digest_update(((sss_mbedtls_digest_t * ) context),(message),(messageLen)) -# define sss_host_digest_finish(context,digest,digestLen) \ - sss_mbedtls_digest_finish(((sss_mbedtls_digest_t * ) context),(digest),(digestLen)) -# define sss_host_digest_context_free(context) \ - sss_mbedtls_digest_context_free(((sss_mbedtls_digest_t * ) context)) - /* Host Call : rng */ -# define sss_host_rng_context_init(context,session) \ - sss_mbedtls_rng_context_init(((sss_mbedtls_rng_context_t * ) context),((sss_mbedtls_session_t * ) session)) -# define sss_host_rng_get_random(context,random_data,dataLen) \ - sss_mbedtls_rng_get_random(((sss_mbedtls_rng_context_t * ) context),(random_data),(dataLen)) -# define sss_host_rng_context_free(context) \ - sss_mbedtls_rng_context_free(((sss_mbedtls_rng_context_t * ) context)) -# endif /* (SSS_HAVE_SSS == 1) */ -/* clang-format on */ -#endif /* SSS_HAVE_MBEDTLS */ -#ifdef __cplusplus -} // extern "C" -#endif /* __cplusplus */ - -#endif /* FSL_SSS_MBEDTLS_APIS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_types.h deleted file mode 100644 index 1d090753a..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_types.h +++ /dev/null @@ -1,253 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_APIS_INC_FSL_SSS_MBEDTLS_TYPES_H_ -#define SSS_APIS_INC_FSL_SSS_MBEDTLS_TYPES_H_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#include - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_MBEDTLS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include -#include -#include -#include -#include -#include -#include -#include - -/** - * @addtogroup sss_sw_mbedtls - * @{ - */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -#define SSS_SUBSYSTEM_TYPE_IS_MBEDTLS(subsystem) (subsystem == kType_SSS_mbedTLS) - -#define SSS_SESSION_TYPE_IS_MBEDTLS(session) (session && SSS_SUBSYSTEM_TYPE_IS_MBEDTLS(session->subsystem)) - -#define SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore) (keyStore && SSS_SESSION_TYPE_IS_MBEDTLS(keyStore->session)) - -#define SSS_OBJECT_TYPE_IS_MBEDTLS(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_MBEDTLS(pObject->keyStore)) - -#define SSS_ASYMMETRIC_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -#define SSS_DERIVE_KEY_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -#define SSS_SYMMETRIC_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -#define SSS_MAC_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -#define SSS_RNG_CONTEXT_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -#define SSS_DIGEST_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -#define SSS_AEAD_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -struct _sss_mbedtls_session; - -typedef struct _sss_mbedtls_session -{ - /*! Indicates which security subsystem is selected to be used. */ - sss_type_t subsystem; - - mbedtls_entropy_context *entropy; - mbedtls_ctr_drbg_context *ctr_drbg; - -#ifdef MBEDTLS_FS_IO - /* Root Path for persitant key store */ - const char *szRootPath; -#endif -} sss_mbedtls_session_t; - -struct _sss_mbedtls_object; - -typedef struct _sss_mbedtls_key_store -{ - sss_mbedtls_session_t *session; - -#ifdef MBEDTLS_FS_IO - /*! Implementation specific part */ - struct _sss_mbedtls_object **objects; - uint32_t max_object_count; - - keyStoreTable_t *keystore_shadow; -#endif -} sss_mbedtls_key_store_t; - -typedef struct _sss_mbedtls_object -{ - /*! key store holding the data and other properties */ - sss_mbedtls_key_store_t *keyStore; - /*! Object types */ - uint32_t objectType; - uint32_t cipherType; - /*! Application specific key identifier. The keyId is kept in the key store - * along with the key data and other properties. */ - uint32_t keyId; - - /*! Implementation specific part */ - /** Contents are malloced, so must be freed */ - uint32_t contents_must_free : 1; - /** Type of key. Persistnet/trainsient @ref sss_key_object_mode_t */ - uint32_t keyMode : 3; - /** Max size allocated */ - size_t contents_max_size; - size_t contents_size; - size_t keyBitLen; - uint32_t user_id; - sss_mode_t purpose; - sss_access_permission_t accessRights; - /* malloced / referenced contents */ - void *contents; -} sss_mbedtls_object_t; - -typedef struct _sss_mbedtls_derive_key -{ - sss_mbedtls_session_t *session; - sss_mbedtls_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - -} sss_mbedtls_derive_key_t; - -typedef struct _sss_mbedtls_asymmetric -{ - sss_mbedtls_session_t *session; - sss_mbedtls_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - -} sss_mbedtls_asymmetric_t; - -typedef struct _sss_mbedtls_symmetric -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_mbedtls_session_t *session; - sss_mbedtls_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - mbedtls_cipher_context_t *cipher_ctx; - uint8_t cache_data[16]; - size_t cache_data_len; - -} sss_mbedtls_symmetric_t; - -typedef struct _sss_mbedtls_mac -{ - sss_mbedtls_session_t *session; - sss_mbedtls_object_t *keyObject; /*! Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - - /*! Implementation specific part */ - mbedtls_cipher_context_t *cipher_ctx; /*For init- update -finish*/ - mbedtls_md_context_t *HmacCtx; -} sss_mbedtls_mac_t; - -typedef struct _sss_mbedtls_aead -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_mbedtls_session_t *session; - sss_mbedtls_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - - /*! Implementation specific part */ - mbedtls_gcm_context *gcm_ctx; /*!< Reference to gcm context. */ - mbedtls_ccm_context *ccm_ctx; /*!< Reference to ccm context. */ - uint8_t *pNonce; /*!< Reference to IV. */ - size_t nonceLen; /*!< Store IV len. */ - const uint8_t *pCcm_aad; /*!< Reference to AAD */ - size_t ccm_aadLen; /*!< Store AAD len. */ - uint8_t *pCcm_data; /*!< Ref to CCM data dynamic allocated.. */ - size_t ccm_dataTotalLen; /*!< Store CCM data total len. */ - size_t ccm_dataoffset; /*!< Store CCM data offset. */ - uint8_t cache_data[16]; /*!< Cache for GCM data */ - size_t cache_data_len; /*!< Store GCM Cache len*/ -} sss_mbedtls_aead_t; - -typedef struct _sss_mbedtls_digest -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_mbedtls_session_t *session; - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ - size_t digestFullLen; - /*! Implementation specific part */ - mbedtls_md_context_t md_ctx; -} sss_mbedtls_digest_t; - -typedef struct -{ - sss_mbedtls_session_t *session; - -} sss_mbedtls_rng_context_t; - -#define sss_mbedtls_tunnel_t sss_tunnel_t - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -#ifdef MBEDTLS_FS_IO - -/** Store key inside persistant key store */ -sss_status_t ks_mbedtls_store_key(const sss_mbedtls_object_t *sss_key); - -sss_status_t ks_mbedtls_load_key(sss_mbedtls_object_t *sss_key, keyStoreTable_t *keystore_shadow, uint32_t extKeyId); - -sss_status_t ks_mbedtls_remove_key(const sss_mbedtls_object_t *sss_key); - -sss_status_t ks_mbedtls_fat_update(sss_mbedtls_key_store_t *keyStore); - -#endif /* MBEDTLS_FS_IO */ - -/* Low Level API Key object create */ -sss_status_t ks_mbedtls_key_object_create(sss_mbedtls_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t keyMode); - -/** @} */ - -#endif /* SSS_HAVE_MBEDTLS */ - -#endif /* SSS_APIS_INC_FSL_SSS_MBEDTLS_TYPES_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_apis.h deleted file mode 100644 index b4e02131d..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_apis.h +++ /dev/null @@ -1,839 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef FSL_SSS_OPENSSL_APIS_H -#define FSL_SSS_OPENSSL_APIS_H - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_OPENSSL -#include - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/** - * @addtogroup sss_openssl_session - * @{ - */ -/** @copydoc sss_session_create - * - */ -sss_status_t sss_openssl_session_create(sss_openssl_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_open - * - */ -sss_status_t sss_openssl_session_open(sss_openssl_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_prop_get_u32 - * - */ -sss_status_t sss_openssl_session_prop_get_u32(sss_openssl_session_t *session, uint32_t property, uint32_t *pValue); - -/** @copydoc sss_session_prop_get_au8 - * - */ -sss_status_t sss_openssl_session_prop_get_au8( - sss_openssl_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** @copydoc sss_session_close - * - */ -void sss_openssl_session_close(sss_openssl_session_t *session); - -/** @copydoc sss_session_delete - * - */ -void sss_openssl_session_delete(sss_openssl_session_t *session); - -/*! @} */ /* end of : sss_openssl_session */ - -/** - * @addtogroup sss_openssl_keyobj - * @{ - */ -/** @copydoc sss_key_object_init - * - */ -sss_status_t sss_openssl_key_object_init(sss_openssl_object_t *keyObject, sss_openssl_key_store_t *keyStore); - -/** @copydoc sss_key_object_allocate_handle - * - */ -sss_status_t sss_openssl_key_object_allocate_handle(sss_openssl_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t options); - -/** @copydoc sss_key_object_get_handle - * - */ -sss_status_t sss_openssl_key_object_get_handle(sss_openssl_object_t *keyObject, uint32_t keyId); - -/** @copydoc sss_key_object_set_user - * - */ -sss_status_t sss_openssl_key_object_set_user(sss_openssl_object_t *keyObject, uint32_t user, uint32_t options); - -/** @copydoc sss_key_object_set_purpose - * - */ -sss_status_t sss_openssl_key_object_set_purpose(sss_openssl_object_t *keyObject, sss_mode_t purpose, uint32_t options); - -/** @copydoc sss_key_object_set_access - * - */ -sss_status_t sss_openssl_key_object_set_access(sss_openssl_object_t *keyObject, uint32_t access, uint32_t options); - -/** @copydoc sss_key_object_set_eccgfp_group - * - */ -sss_status_t sss_openssl_key_object_set_eccgfp_group(sss_openssl_object_t *keyObject, sss_eccgfp_group_t *group); - -/** @copydoc sss_key_object_get_user - * - */ -sss_status_t sss_openssl_key_object_get_user(sss_openssl_object_t *keyObject, uint32_t *user); - -/** @copydoc sss_key_object_get_purpose - * - */ -sss_status_t sss_openssl_key_object_get_purpose(sss_openssl_object_t *keyObject, sss_mode_t *purpose); - -/** @copydoc sss_key_object_get_access - * - */ -sss_status_t sss_openssl_key_object_get_access(sss_openssl_object_t *keyObject, uint32_t *access); - -/** @copydoc sss_key_object_free - * - */ -void sss_openssl_key_object_free(sss_openssl_object_t *keyObject); - -/*! @} */ /* end of : sss_openssl_keyobj */ - -/** - * @addtogroup sss_openssl_keyderive - * @{ - */ -/** @copydoc sss_derive_key_context_init - * - */ -sss_status_t sss_openssl_derive_key_context_init(sss_openssl_derive_key_t *context, - sss_openssl_session_t *session, - sss_openssl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_derive_key_one_go -* -*/ -sss_status_t sss_openssl_derive_key_one_go(sss_openssl_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_openssl_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_sobj_one_go -* -*/ -sss_status_t sss_openssl_derive_key_sobj_one_go(sss_openssl_derive_key_t *context, - sss_openssl_object_t *saltKeyObject, - const uint8_t *info, - size_t infoLen, - sss_openssl_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_go - * - */ -sss_status_t sss_openssl_derive_key_go(sss_openssl_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_openssl_object_t *derivedKeyObject, - uint16_t deriveDataLen, - uint8_t *hkdfOutput, - size_t *hkdfOutputLen); - -/** @copydoc sss_derive_key_dh - * - */ -sss_status_t sss_openssl_derive_key_dh(sss_openssl_derive_key_t *context, - sss_openssl_object_t *otherPartyKeyObject, - sss_openssl_object_t *derivedKeyObject); - -/** @copydoc sss_derive_key_context_free - * - */ -void sss_openssl_derive_key_context_free(sss_openssl_derive_key_t *context); - -/*! @} */ /* end of : sss_openssl_keyderive */ - -/** - * @addtogroup sss_openssl_keystore - * @{ - */ -/** @copydoc sss_key_store_context_init - * - */ -sss_status_t sss_openssl_key_store_context_init(sss_openssl_key_store_t *keyStore, sss_openssl_session_t *session); - -/** @copydoc sss_key_store_allocate - * - */ -sss_status_t sss_openssl_key_store_allocate(sss_openssl_key_store_t *keyStore, uint32_t keyStoreId); - -/** @copydoc sss_key_store_save - * - */ -sss_status_t sss_openssl_key_store_save(sss_openssl_key_store_t *keyStore); - -/** @copydoc sss_key_store_load - * - */ -sss_status_t sss_openssl_key_store_load(sss_openssl_key_store_t *keyStore); - -/** @copydoc sss_key_store_set_key - * - */ -sss_status_t sss_openssl_key_store_set_key(sss_openssl_key_store_t *keyStore, - sss_openssl_object_t *keyObject, - const uint8_t *data, - size_t dataLen, - size_t keyBitLen, - void *options, - size_t optionsLen); - -/** @copydoc sss_key_store_generate_key - * - */ -sss_status_t sss_openssl_key_store_generate_key( - sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject, size_t keyBitLen, void *options); - -/** @copydoc sss_key_store_get_key - * - */ -sss_status_t sss_openssl_key_store_get_key(sss_openssl_key_store_t *keyStore, - sss_openssl_object_t *keyObject, - uint8_t *data, - size_t *dataLen, - size_t *pKeyBitLen); - -/** @copydoc sss_key_store_open_key - * - */ -sss_status_t sss_openssl_key_store_open_key(sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject); - -/** @copydoc sss_key_store_freeze_key - * - */ -sss_status_t sss_openssl_key_store_freeze_key(sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject); - -/** @copydoc sss_key_store_erase_key - * - */ -sss_status_t sss_openssl_key_store_erase_key(sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject); - -/** @copydoc sss_key_store_context_free - * - */ -void sss_openssl_key_store_context_free(sss_openssl_key_store_t *keyStore); - -/*! @} */ /* end of : sss_openssl_keystore */ - -/** - * @addtogroup sss_openssl_asym - * @{ - */ -/** @copydoc sss_asymmetric_context_init - * - */ -sss_status_t sss_openssl_asymmetric_context_init(sss_openssl_asymmetric_t *context, - sss_openssl_session_t *session, - sss_openssl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_asymmetric_encrypt - * - */ -sss_status_t sss_openssl_asymmetric_encrypt( - sss_openssl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_decrypt - * - */ -sss_status_t sss_openssl_asymmetric_decrypt( - sss_openssl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_sign_digest - * - */ -sss_status_t sss_openssl_asymmetric_sign_digest( - sss_openssl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); - -/** @copydoc sss_asymmetric_verify_digest - * - */ -sss_status_t sss_openssl_asymmetric_verify_digest( - sss_openssl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); - -/** @copydoc sss_asymmetric_context_free - * - */ -void sss_openssl_asymmetric_context_free(sss_openssl_asymmetric_t *context); - -/*! @} */ /* end of : sss_openssl_asym */ - -/** - * @addtogroup sss_openssl_symm - * @{ - */ -/** @copydoc sss_symmetric_context_init - * - */ -sss_status_t sss_openssl_symmetric_context_init(sss_openssl_symmetric_t *context, - sss_openssl_session_t *session, - sss_openssl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_cipher_one_go - * - */ -sss_status_t sss_openssl_cipher_one_go(sss_openssl_symmetric_t *context, - uint8_t *iv, - size_t ivLen, - const uint8_t *srcData, - uint8_t *destData, - size_t dataLen); - -/** @copydoc sss_cipher_init - * - */ -sss_status_t sss_openssl_cipher_init(sss_openssl_symmetric_t *context, uint8_t *iv, size_t ivLen); - -/** @copydoc sss_cipher_update - * - */ -sss_status_t sss_openssl_cipher_update( - sss_openssl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_finish - * - */ -sss_status_t sss_openssl_cipher_finish( - sss_openssl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_crypt_ctr - * - */ -sss_status_t sss_openssl_cipher_crypt_ctr(sss_openssl_symmetric_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *initialCounter, - uint8_t *lastEncryptedCounter, - size_t *szLeft); - -/** @copydoc sss_symmetric_context_free - * - */ -void sss_openssl_symmetric_context_free(sss_openssl_symmetric_t *context); - -/*! @} */ /* end of : sss_openssl_symm */ - -/** - * @addtogroup sss_openssl_aead - * @{ - */ -/** @copydoc sss_aead_context_init - * - */ -sss_status_t sss_openssl_aead_context_init(sss_openssl_aead_t *context, - sss_openssl_session_t *session, - sss_openssl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_aead_one_go - * - */ -sss_status_t sss_openssl_aead_one_go(sss_openssl_aead_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *nonce, - size_t nonceLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_init - * - */ -sss_status_t sss_openssl_aead_init( - sss_openssl_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); - -/** @copydoc sss_aead_update_aad - * - */ -sss_status_t sss_openssl_aead_update_aad(sss_openssl_aead_t *context, const uint8_t *aadData, size_t aadDataLen); - -/** @copydoc sss_aead_update - * - */ -sss_status_t sss_openssl_aead_update( - sss_openssl_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_aead_finish - * - */ -sss_status_t sss_openssl_aead_finish(sss_openssl_aead_t *context, - const uint8_t *srcData, - size_t srcLen, - uint8_t *destData, - size_t *destLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_context_free - * - */ -void sss_openssl_aead_context_free(sss_openssl_aead_t *context); - -/*! @} */ /* end of : sss_openssl_aead */ - -/** - * @addtogroup sss_openssl_mac - * @{ - */ -/** @copydoc sss_mac_context_init - * - */ -sss_status_t sss_openssl_mac_context_init(sss_openssl_mac_t *context, - sss_openssl_session_t *session, - sss_openssl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_mac_one_go - * - */ -sss_status_t sss_openssl_mac_one_go( - sss_openssl_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_init - * - */ -sss_status_t sss_openssl_mac_init(sss_openssl_mac_t *context); - -/** @copydoc sss_mac_update - * - */ -sss_status_t sss_openssl_mac_update(sss_openssl_mac_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_mac_finish - * - */ -sss_status_t sss_openssl_mac_finish(sss_openssl_mac_t *context, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_context_free - * - */ -void sss_openssl_mac_context_free(sss_openssl_mac_t *context); - -/*! @} */ /* end of : sss_openssl_mac */ - -/** - * @addtogroup sss_openssl_md - * @{ - */ -/** @copydoc sss_digest_context_init - * - */ -sss_status_t sss_openssl_digest_context_init( - sss_openssl_digest_t *context, sss_openssl_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @copydoc sss_digest_one_go - * - */ -sss_status_t sss_openssl_digest_one_go( - sss_openssl_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_init - * - */ -sss_status_t sss_openssl_digest_init(sss_openssl_digest_t *context); - -/** @copydoc sss_digest_update - * - */ -sss_status_t sss_openssl_digest_update(sss_openssl_digest_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_digest_finish - * - */ -sss_status_t sss_openssl_digest_finish(sss_openssl_digest_t *context, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_context_free - * - */ -void sss_openssl_digest_context_free(sss_openssl_digest_t *context); - -/*! @} */ /* end of : sss_openssl_md */ - -/** - * @addtogroup sss_openssl_rng - * @{ - */ -/** @copydoc sss_rng_context_init - * - */ -sss_status_t sss_openssl_rng_context_init(sss_openssl_rng_context_t *context, sss_openssl_session_t *session); - -/** @copydoc sss_rng_get_random - * - */ -sss_status_t sss_openssl_rng_get_random(sss_openssl_rng_context_t *context, uint8_t *random_data, size_t dataLen); - -/** @copydoc sss_rng_context_free - * - */ -sss_status_t sss_openssl_rng_context_free(sss_openssl_rng_context_t *context); - -/*! @} */ /* end of : sss_openssl_rng */ - -/* clang-format off */ -# if (SSS_HAVE_SSS == 1) - /* Direct Call : session */ -# define sss_session_create(session,subsystem,application_id,connection_type,connectionData) \ - sss_openssl_session_create(((sss_openssl_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_session_open(session,subsystem,application_id,connection_type,connectionData) \ - sss_openssl_session_open(((sss_openssl_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_session_prop_get_u32(session,property,pValue) \ - sss_openssl_session_prop_get_u32(((sss_openssl_session_t * ) session),(property),(pValue)) -# define sss_session_prop_get_au8(session,property,pValue,pValueLen) \ - sss_openssl_session_prop_get_au8(((sss_openssl_session_t * ) session),(property),(pValue),(pValueLen)) -# define sss_session_close(session) \ - sss_openssl_session_close(((sss_openssl_session_t * ) session)) -# define sss_session_delete(session) \ - sss_openssl_session_delete(((sss_openssl_session_t * ) session)) - /* Direct Call : keyobj */ -# define sss_key_object_init(keyObject,keyStore) \ - sss_openssl_key_object_init(((sss_openssl_object_t * ) keyObject),((sss_openssl_key_store_t * ) keyStore)) -# define sss_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ - sss_openssl_key_object_allocate_handle(((sss_openssl_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) -# define sss_key_object_get_handle(keyObject,keyId) \ - sss_openssl_key_object_get_handle(((sss_openssl_object_t * ) keyObject),(keyId)) -# define sss_key_object_set_user(keyObject,user,options) \ - sss_openssl_key_object_set_user(((sss_openssl_object_t * ) keyObject),(user),(options)) -# define sss_key_object_set_purpose(keyObject,purpose,options) \ - sss_openssl_key_object_set_purpose(((sss_openssl_object_t * ) keyObject),(purpose),(options)) -# define sss_key_object_set_access(keyObject,access,options) \ - sss_openssl_key_object_set_access(((sss_openssl_object_t * ) keyObject),(access),(options)) -# define sss_key_object_set_eccgfp_group(keyObject,group) \ - sss_openssl_key_object_set_eccgfp_group(((sss_openssl_object_t * ) keyObject),(group)) -# define sss_key_object_get_user(keyObject,user) \ - sss_openssl_key_object_get_user(((sss_openssl_object_t * ) keyObject),(user)) -# define sss_key_object_get_purpose(keyObject,purpose) \ - sss_openssl_key_object_get_purpose(((sss_openssl_object_t * ) keyObject),(purpose)) -# define sss_key_object_get_access(keyObject,access) \ - sss_openssl_key_object_get_access(((sss_openssl_object_t * ) keyObject),(access)) -# define sss_key_object_free(keyObject) \ - sss_openssl_key_object_free(((sss_openssl_object_t * ) keyObject)) - /* Direct Call : keyderive */ -# define sss_derive_key_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_derive_key_context_init(((sss_openssl_derive_key_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_derive_key_one_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen) \ - sss_openssl_derive_key_one_go(((sss_openssl_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen)) -# define sss_derive_key_sobj_one_go(context,saltKeyObject,info,infoLen,derivedKeyObject,deriveDataLen) \ - sss_openssl_derive_key_sobj_one_go(((sss_openssl_derive_key_t * ) context),((sss_openssl_object_t *)saltKeyObject),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen)) -# define sss_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ - sss_openssl_derive_key_go(((sss_openssl_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) -# define sss_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ - sss_openssl_derive_key_dh(((sss_openssl_derive_key_t * ) context),((sss_openssl_object_t * ) otherPartyKeyObject),((sss_openssl_object_t * ) derivedKeyObject)) -# define sss_derive_key_context_free(context) \ - sss_openssl_derive_key_context_free(((sss_openssl_derive_key_t * ) context)) - /* Direct Call : keystore */ -# define sss_key_store_context_init(keyStore,session) \ - sss_openssl_key_store_context_init(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_session_t * ) session)) -# define sss_key_store_allocate(keyStore,keyStoreId) \ - sss_openssl_key_store_allocate(((sss_openssl_key_store_t * ) keyStore),(keyStoreId)) -# define sss_key_store_save(keyStore) \ - sss_openssl_key_store_save(((sss_openssl_key_store_t * ) keyStore)) -# define sss_key_store_load(keyStore) \ - sss_openssl_key_store_load(((sss_openssl_key_store_t * ) keyStore)) -# define sss_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ - sss_openssl_key_store_set_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) -# define sss_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ - sss_openssl_key_store_generate_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(keyBitLen),(options)) -# define sss_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ - sss_openssl_key_store_get_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) -# define sss_key_store_open_key(keyStore,keyObject) \ - sss_openssl_key_store_open_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) -# define sss_key_store_freeze_key(keyStore,keyObject) \ - sss_openssl_key_store_freeze_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) -# define sss_key_store_erase_key(keyStore,keyObject) \ - sss_openssl_key_store_erase_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) -# define sss_key_store_context_free(keyStore) \ - sss_openssl_key_store_context_free(((sss_openssl_key_store_t * ) keyStore)) - /* Direct Call : asym */ -# define sss_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_asymmetric_context_init(((sss_openssl_asymmetric_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ - sss_openssl_asymmetric_encrypt(((sss_openssl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ - sss_openssl_asymmetric_decrypt(((sss_openssl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ - sss_openssl_asymmetric_sign_digest(((sss_openssl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ - sss_openssl_asymmetric_verify_digest(((sss_openssl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_asymmetric_context_free(context) \ - sss_openssl_asymmetric_context_free(((sss_openssl_asymmetric_t * ) context)) - /* Direct Call : symm */ -# define sss_symmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_symmetric_context_init(((sss_openssl_symmetric_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ - sss_openssl_cipher_one_go(((sss_openssl_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) -# define sss_cipher_init(context,iv,ivLen) \ - sss_openssl_cipher_init(((sss_openssl_symmetric_t * ) context),(iv),(ivLen)) -# define sss_cipher_update(context,srcData,srcLen,destData,destLen) \ - sss_openssl_cipher_update(((sss_openssl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_cipher_finish(context,srcData,srcLen,destData,destLen) \ - sss_openssl_cipher_finish(((sss_openssl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ - sss_openssl_cipher_crypt_ctr(((sss_openssl_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) -# define sss_symmetric_context_free(context) \ - sss_openssl_symmetric_context_free(((sss_openssl_symmetric_t * ) context)) - /* Direct Call : aead */ -# define sss_aead_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_aead_context_init(((sss_openssl_aead_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ - sss_openssl_aead_one_go(((sss_openssl_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) -# define sss_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ - sss_openssl_aead_init(((sss_openssl_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) -# define sss_aead_update_aad(context,aadData,aadDataLen) \ - sss_openssl_aead_update_aad(((sss_openssl_aead_t * ) context),(aadData),(aadDataLen)) -# define sss_aead_update(context,srcData,srcLen,destData,destLen) \ - sss_openssl_aead_update(((sss_openssl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ - sss_openssl_aead_finish(((sss_openssl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) -# define sss_aead_context_free(context) \ - sss_openssl_aead_context_free(((sss_openssl_aead_t * ) context)) - /* Direct Call : mac */ -# define sss_mac_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_mac_context_init(((sss_openssl_mac_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_mac_one_go(context,message,messageLen,mac,macLen) \ - sss_openssl_mac_one_go(((sss_openssl_mac_t * ) context),(message),(messageLen),(mac),(macLen)) -# define sss_mac_init(context) \ - sss_openssl_mac_init(((sss_openssl_mac_t * ) context)) -# define sss_mac_update(context,message,messageLen) \ - sss_openssl_mac_update(((sss_openssl_mac_t * ) context),(message),(messageLen)) -# define sss_mac_finish(context,mac,macLen) \ - sss_openssl_mac_finish(((sss_openssl_mac_t * ) context),(mac),(macLen)) -# define sss_mac_context_free(context) \ - sss_openssl_mac_context_free(((sss_openssl_mac_t * ) context)) - /* Direct Call : md */ -# define sss_digest_context_init(context,session,algorithm,mode) \ - sss_openssl_digest_context_init(((sss_openssl_digest_t * ) context),((sss_openssl_session_t * ) session),(algorithm),(mode)) -# define sss_digest_one_go(context,message,messageLen,digest,digestLen) \ - sss_openssl_digest_one_go(((sss_openssl_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) -# define sss_digest_init(context) \ - sss_openssl_digest_init(((sss_openssl_digest_t * ) context)) -# define sss_digest_update(context,message,messageLen) \ - sss_openssl_digest_update(((sss_openssl_digest_t * ) context),(message),(messageLen)) -# define sss_digest_finish(context,digest,digestLen) \ - sss_openssl_digest_finish(((sss_openssl_digest_t * ) context),(digest),(digestLen)) -# define sss_digest_context_free(context) \ - sss_openssl_digest_context_free(((sss_openssl_digest_t * ) context)) - /* Direct Call : rng */ -# define sss_rng_context_init(context,session) \ - sss_openssl_rng_context_init(((sss_openssl_rng_context_t * ) context),((sss_openssl_session_t * ) session)) -# define sss_rng_get_random(context,random_data,dataLen) \ - sss_openssl_rng_get_random(((sss_openssl_rng_context_t * ) context),(random_data),(dataLen)) -# define sss_rng_context_free(context) \ - sss_openssl_rng_context_free(((sss_openssl_rng_context_t * ) context)) -# endif /* (SSS_HAVE_SSS == 1) */ -# if (SSS_HAVE_MBEDTLS == 0) - /* Host Call : session */ -# define sss_host_session_create(session,subsystem,application_id,connection_type,connectionData) \ - sss_openssl_session_create(((sss_openssl_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_host_session_open(session,subsystem,application_id,connection_type,connectionData) \ - sss_openssl_session_open(((sss_openssl_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_host_session_prop_get_u32(session,property,pValue) \ - sss_openssl_session_prop_get_u32(((sss_openssl_session_t * ) session),(property),(pValue)) -# define sss_host_session_prop_get_au8(session,property,pValue,pValueLen) \ - sss_openssl_session_prop_get_au8(((sss_openssl_session_t * ) session),(property),(pValue),(pValueLen)) -# define sss_host_session_close(session) \ - sss_openssl_session_close(((sss_openssl_session_t * ) session)) -# define sss_host_session_delete(session) \ - sss_openssl_session_delete(((sss_openssl_session_t * ) session)) - /* Host Call : keyobj */ -# define sss_host_key_object_init(keyObject,keyStore) \ - sss_openssl_key_object_init(((sss_openssl_object_t * ) keyObject),((sss_openssl_key_store_t * ) keyStore)) -# define sss_host_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ - sss_openssl_key_object_allocate_handle(((sss_openssl_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) -# define sss_host_key_object_get_handle(keyObject,keyId) \ - sss_openssl_key_object_get_handle(((sss_openssl_object_t * ) keyObject),(keyId)) -# define sss_host_key_object_set_user(keyObject,user,options) \ - sss_openssl_key_object_set_user(((sss_openssl_object_t * ) keyObject),(user),(options)) -# define sss_host_key_object_set_purpose(keyObject,purpose,options) \ - sss_openssl_key_object_set_purpose(((sss_openssl_object_t * ) keyObject),(purpose),(options)) -# define sss_host_key_object_set_access(keyObject,access,options) \ - sss_openssl_key_object_set_access(((sss_openssl_object_t * ) keyObject),(access),(options)) -# define sss_host_key_object_set_eccgfp_group(keyObject,group) \ - sss_openssl_key_object_set_eccgfp_group(((sss_openssl_object_t * ) keyObject),(group)) -# define sss_host_key_object_get_user(keyObject,user) \ - sss_openssl_key_object_get_user(((sss_openssl_object_t * ) keyObject),(user)) -# define sss_host_key_object_get_purpose(keyObject,purpose) \ - sss_openssl_key_object_get_purpose(((sss_openssl_object_t * ) keyObject),(purpose)) -# define sss_host_key_object_get_access(keyObject,access) \ - sss_openssl_key_object_get_access(((sss_openssl_object_t * ) keyObject),(access)) -# define sss_host_key_object_free(keyObject) \ - sss_openssl_key_object_free(((sss_openssl_object_t * ) keyObject)) - /* Host Call : keyderive */ -# define sss_host_derive_key_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_derive_key_context_init(((sss_openssl_derive_key_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_derive_key_one_go(context,saltData,saltLen,saltKeyObject,info,infoLen,derivedKeyObject,deriveDataLen) \ - sss_openssl_derive_key_go(((sss_openssl_derive_key_t * ) context),(saltData),(saltLen),((sss_openssl_object_t *)saltKeyObject),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen)) -# define sss_host_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ - sss_openssl_derive_key_go(((sss_openssl_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) -# define sss_host_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ - sss_openssl_derive_key_dh(((sss_openssl_derive_key_t * ) context),((sss_openssl_object_t * ) otherPartyKeyObject),((sss_openssl_object_t * ) derivedKeyObject)) -# define sss_host_derive_key_context_free(context) \ - sss_openssl_derive_key_context_free(((sss_openssl_derive_key_t * ) context)) - /* Host Call : keystore */ -# define sss_host_key_store_context_init(keyStore,session) \ - sss_openssl_key_store_context_init(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_session_t * ) session)) -# define sss_host_key_store_allocate(keyStore,keyStoreId) \ - sss_openssl_key_store_allocate(((sss_openssl_key_store_t * ) keyStore),(keyStoreId)) -# define sss_host_key_store_save(keyStore) \ - sss_openssl_key_store_save(((sss_openssl_key_store_t * ) keyStore)) -# define sss_host_key_store_load(keyStore) \ - sss_openssl_key_store_load(((sss_openssl_key_store_t * ) keyStore)) -# define sss_host_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ - sss_openssl_key_store_set_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) -# define sss_host_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ - sss_openssl_key_store_generate_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(keyBitLen),(options)) -# define sss_host_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ - sss_openssl_key_store_get_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) -# define sss_host_key_store_open_key(keyStore,keyObject) \ - sss_openssl_key_store_open_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) -# define sss_host_key_store_freeze_key(keyStore,keyObject) \ - sss_openssl_key_store_freeze_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) -# define sss_host_key_store_erase_key(keyStore,keyObject) \ - sss_openssl_key_store_erase_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) -# define sss_host_key_store_context_free(keyStore) \ - sss_openssl_key_store_context_free(((sss_openssl_key_store_t * ) keyStore)) - /* Host Call : asym */ -# define sss_host_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_asymmetric_context_init(((sss_openssl_asymmetric_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ - sss_openssl_asymmetric_encrypt(((sss_openssl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ - sss_openssl_asymmetric_decrypt(((sss_openssl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ - sss_openssl_asymmetric_sign_digest(((sss_openssl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_host_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ - sss_openssl_asymmetric_verify_digest(((sss_openssl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_host_asymmetric_context_free(context) \ - sss_openssl_asymmetric_context_free(((sss_openssl_asymmetric_t * ) context)) - /* Host Call : symm */ -# define sss_host_symmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_symmetric_context_init(((sss_openssl_symmetric_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ - sss_openssl_cipher_one_go(((sss_openssl_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) -# define sss_host_cipher_init(context,iv,ivLen) \ - sss_openssl_cipher_init(((sss_openssl_symmetric_t * ) context),(iv),(ivLen)) -# define sss_host_cipher_update(context,srcData,srcLen,destData,destLen) \ - sss_openssl_cipher_update(((sss_openssl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_cipher_finish(context,srcData,srcLen,destData,destLen) \ - sss_openssl_cipher_finish(((sss_openssl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ - sss_openssl_cipher_crypt_ctr(((sss_openssl_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) -# define sss_host_symmetric_context_free(context) \ - sss_openssl_symmetric_context_free(((sss_openssl_symmetric_t * ) context)) - /* Host Call : aead */ -# define sss_host_aead_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_aead_context_init(((sss_openssl_aead_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ - sss_openssl_aead_one_go(((sss_openssl_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) -# define sss_host_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ - sss_openssl_aead_init(((sss_openssl_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) -# define sss_host_aead_update_aad(context,aadData,aadDataLen) \ - sss_openssl_aead_update_aad(((sss_openssl_aead_t * ) context),(aadData),(aadDataLen)) -# define sss_host_aead_update(context,srcData,srcLen,destData,destLen) \ - sss_openssl_aead_update(((sss_openssl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ - sss_openssl_aead_finish(((sss_openssl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) -# define sss_host_aead_context_free(context) \ - sss_openssl_aead_context_free(((sss_openssl_aead_t * ) context)) - /* Host Call : mac */ -# define sss_host_mac_context_init(context,session,keyObject,algorithm,mode) \ - sss_openssl_mac_context_init(((sss_openssl_mac_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_mac_one_go(context,message,messageLen,mac,macLen) \ - sss_openssl_mac_one_go(((sss_openssl_mac_t * ) context),(message),(messageLen),(mac),(macLen)) -# define sss_host_mac_init(context) \ - sss_openssl_mac_init(((sss_openssl_mac_t * ) context)) -# define sss_host_mac_update(context,message,messageLen) \ - sss_openssl_mac_update(((sss_openssl_mac_t * ) context),(message),(messageLen)) -# define sss_host_mac_finish(context,mac,macLen) \ - sss_openssl_mac_finish(((sss_openssl_mac_t * ) context),(mac),(macLen)) -# define sss_host_mac_context_free(context) \ - sss_openssl_mac_context_free(((sss_openssl_mac_t * ) context)) - /* Host Call : md */ -# define sss_host_digest_context_init(context,session,algorithm,mode) \ - sss_openssl_digest_context_init(((sss_openssl_digest_t * ) context),((sss_openssl_session_t * ) session),(algorithm),(mode)) -# define sss_host_digest_one_go(context,message,messageLen,digest,digestLen) \ - sss_openssl_digest_one_go(((sss_openssl_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) -# define sss_host_digest_init(context) \ - sss_openssl_digest_init(((sss_openssl_digest_t * ) context)) -# define sss_host_digest_update(context,message,messageLen) \ - sss_openssl_digest_update(((sss_openssl_digest_t * ) context),(message),(messageLen)) -# define sss_host_digest_finish(context,digest,digestLen) \ - sss_openssl_digest_finish(((sss_openssl_digest_t * ) context),(digest),(digestLen)) -# define sss_host_digest_context_free(context) \ - sss_openssl_digest_context_free(((sss_openssl_digest_t * ) context)) - /* Host Call : rng */ -# define sss_host_rng_context_init(context,session) \ - sss_openssl_rng_context_init(((sss_openssl_rng_context_t * ) context),((sss_openssl_session_t * ) session)) -# define sss_host_rng_get_random(context,random_data,dataLen) \ - sss_openssl_rng_get_random(((sss_openssl_rng_context_t * ) context),(random_data),(dataLen)) -# define sss_host_rng_context_free(context) \ - sss_openssl_rng_context_free(((sss_openssl_rng_context_t * ) context)) -# endif /* (SSS_HAVE_SSS == 1) */ -/* clang-format on */ -#endif /* SSS_HAVE_OPENSSL */ -#ifdef __cplusplus -} // extern "C" -#endif /* __cplusplus */ - -#endif /* FSL_SSS_OPENSSL_APIS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_types.h deleted file mode 100644 index f76bf5b39..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_types.h +++ /dev/null @@ -1,239 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_APIS_INC_FSL_SSS_OPENSSL_TYPES_H_ -#define SSS_APIS_INC_FSL_SSS_OPENSSL_TYPES_H_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#include -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_OPENSSL - -#include -#include -#include -#include -/** - * @addtogroup sss_sw_openssl - * @{ - */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -#define SSS_SUBSYSTEM_TYPE_IS_OPENSSL(subsystem) (subsystem == kType_SSS_OpenSSL) - -#define SSS_SESSION_TYPE_IS_OPENSSL(session) (session && SSS_SUBSYSTEM_TYPE_IS_OPENSSL(session->subsystem)) - -#define SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore) (keyStore && SSS_SESSION_TYPE_IS_OPENSSL(keyStore->session)) - -#define SSS_OBJECT_TYPE_IS_OPENSSL(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_OPENSSL(pObject->keyStore)) - -#define SSS_ASYMMETRIC_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -#define SSS_DERIVE_KEY_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -#define SSS_SYMMETRIC_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -#define SSS_MAC_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -#define SSS_RNG_CONTEXT_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -#define SSS_DIGEST_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -#define SSS_AEAD_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -struct _sss_openssl_session; - -typedef struct _sss_openssl_session -{ - /*! Indicates which security subsystem is selected to be used. */ - sss_type_t subsystem; - - /* Root Path for persitant key store */ - const char *szRootPath; -} sss_openssl_session_t; - -struct _sss_openssl_object; - -typedef struct _sss_openssl_key_store -{ - sss_openssl_session_t *session; - - /*! Implementation specific part */ - struct _sss_openssl_object **objects; - uint32_t max_object_count; - - keyStoreTable_t *keystore_shadow; - -} sss_openssl_key_store_t; - -typedef struct _sss_openssl_object -{ - /*! key store holding the data and other properties */ - sss_openssl_key_store_t *keyStore; - /*! Object types */ - uint32_t objectType; - uint32_t cipherType; - /*! Application specific key identifier. The keyId is kept in the key store - * along with the key data and other properties. */ - uint32_t keyId; - - /*! Implementation specific part */ - /** Contents are malloced, so must be freed */ - uint32_t contents_must_free : 1; - /** Type of key. Persistnet/trainsient @ref sss_key_object_mode_t */ - uint32_t keyMode : 3; - /** Max size allocated */ - size_t contents_max_size; - size_t contents_size; - size_t keyBitLen; - uint32_t user_id; - sss_mode_t purpose; - sss_access_permission_t accessRights; - /* malloced / referenced contents */ - void *contents; -} sss_openssl_object_t; - -typedef struct _sss_openssl_derive_key -{ - sss_openssl_session_t *session; - sss_openssl_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - -} sss_openssl_derive_key_t; - -typedef struct _sss_openssl_asymmetric -{ - sss_openssl_session_t *session; - sss_openssl_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - -} sss_openssl_asymmetric_t; - -typedef struct _sss_openssl_symmetric -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_openssl_session_t *session; - sss_openssl_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - EVP_CIPHER_CTX *cipher_ctx; - uint8_t cache_data[16]; - size_t cache_data_len; -} sss_openssl_symmetric_t; - -typedef struct -{ - sss_openssl_session_t *session; - sss_openssl_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ - CMAC_CTX *cmac_ctx; - HMAC_CTX *hmac_ctx; -} sss_openssl_mac_t; - -typedef struct _sss_openssl_aead -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_openssl_session_t *session; - sss_openssl_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - - /*! Implementation specific part */ - EVP_CIPHER_CTX *aead_ctx; /*!< Reference to aead context. */ - uint8_t cache_data[16]; /*!< Cache for GCM data */ - size_t cache_data_len; /*!< Store GCM Cache len*/ - uint8_t *pCcm_data; /*!< Ref to CCM data dynamic allocated.. */ - size_t ccm_dataTotalLen; /*!< Store CCM data total len. */ - size_t ccm_dataoffset; /*!< Store CCM data offset. */ - uint8_t *pCcm_tag; /*!< Reference to tag. */ - size_t ccm_tagLen; /*!< Store tag len. */ - const uint8_t *pCcm_aad; /*!< Reference to AAD */ - size_t ccm_aadLen; /*!< Store AAD len. */ - const uint8_t *pCcm_iv; /*!< Reference to IV. */ - size_t ccm_ivLen; /*!< Store IV len. */ -} sss_openssl_aead_t; - -typedef struct _sss_openssl_digest -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_openssl_session_t *session; - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ - size_t digestFullLen; - /*! Implementation specific part */ - EVP_MD_CTX *mdctx; -} sss_openssl_digest_t; - -typedef struct -{ - sss_openssl_session_t *session; -} sss_openssl_rng_context_t; - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** Similar to @ref sss_openssl_asymmetric_sign_digest, -* -* but hashing/digest done by openssl -*/ -sss_status_t sss_openssl_asymmetric_sign( - sss_openssl_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t *signatureLen); - -/** Similar to @ref sss_openssl_asymmetric_verify_digest, -* but hashing/digest done by openssl -* -*/ -sss_status_t sss_openssl_asymmetric_verify( - sss_openssl_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t signatureLen); - -/** Store key inside persistant key store */ -sss_status_t ks_openssl_store_key(const sss_openssl_object_t *sss_key); - -sss_status_t ks_openssl_load_key(sss_openssl_object_t *sss_key, keyStoreTable_t *keystore_shadow, uint32_t extKeyId); - -sss_status_t ks_openssl_fat_update(sss_openssl_key_store_t *keyStore); - -sss_status_t ks_openssl_remove_key(const sss_openssl_object_t *sss_key); - -sss_status_t sss_openssl_key_object_allocate(sss_openssl_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t keyMode); - -/** @} */ - -#endif /* SSS_HAVE_OPENSSL */ - -#endif /* SSS_APIS_INC_FSL_SSS_OPENSSL_TYPES_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_policy.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_policy.h deleted file mode 100644 index 5edff4859..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_policy.h +++ /dev/null @@ -1,221 +0,0 @@ -/* - * - * Copyright 2019,2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ -/** @file */ - -#ifndef _FSL_SSS_POLICY_H_ -#define _FSL_SSS_POLICY_H_ - -#if !defined(SSS_CONFIG_FILE) -#include "fsl_sss_config.h" -#else -#include SSS_CONFIG_FILE -#endif - -#include "fsl_sss_types.h" -//#include - -/** @defgroup sss_policy Policy - * - * Policies to restrict and control sessions and objects. - */ - -/** @addtogroup sss_policy - * @{ */ - -/** Type of policy */ -typedef enum -{ - /** No policy applied */ - KPolicy_None, - /** Policy related to session. @see sss_policy_session_u */ - KPolicy_Session, - /** Policy related to key. @see sss_policy_key_u */ - KPolicy_Sym_Key, - KPolicy_Asym_Key, - KPolicy_UserID, - KPolicy_File, - KPolicy_Counter, - KPolicy_PCR, - KPolicy_Common, - KPolicy_Common_PCR_Value, -} sss_policy_type_u; - -/** Policy applicable to a session */ -typedef struct -{ - /** Number of operations permitted in a session */ - uint16_t maxOperationsInSession; - /** Session can be used for this much time, in seconds */ - uint16_t maxDurationOfSession_sec; - /** Whether maxOperationsInSession is set. - * This is to ensure '0 == maxOperationsInSession' does not get set - * by middleware. */ - uint8_t has_MaxOperationsInSession : 1; - /** Whether maxOperationsInSession is set. - * This is to ensure '0 == maxDurationOfSession_sec' does not get set - * by middleware. */ - uint8_t has_MaxDurationOfSession_sec : 1; - /** Whether this session can be refreshed without losing context. - * And also reset maxDurationOfSession_sec / maxOperationsInSession */ - uint8_t allowRefresh : 1; -} sss_policy_session_u; - -/** Policies applicable to Symmetric KEY */ -typedef struct -{ - /** Allow signature generation */ - uint8_t can_Sign : 1; - /** Allow signature verification */ - uint8_t can_Verify : 1; - /** Allow encryption */ - uint8_t can_Encrypt : 1; - /** Allow decryption */ - uint8_t can_Decrypt : 1; - /** Allow key derivation */ - uint8_t can_KD : 1; - /** Allow key wrapping */ - uint8_t can_Wrap : 1; - /** Allow to write the object */ - uint8_t can_Write : 1; - /** Allow to (re)generate the object */ - uint8_t can_Gen : 1; - /** Allow to perform DESFire authentication */ - uint8_t can_Desfire_Auth : 1; - /** Allow to dump DESFire session keys */ - uint8_t can_Desfire_Dump : 1; - /** Allow to imported or exported */ - uint8_t can_Import_Export : 1; -#if 1 // SSS_HAVE_SE05X_VER_GTE_06_00 - /** Forbid derived output */ - uint8_t forbid_Derived_Output : 1; -#endif - /** Allow kdf(prf) external random */ - uint8_t allow_kdf_ext_rnd : 1; -} sss_policy_sym_key_u; - -/** Policies applicable to Asymmetric KEY */ -typedef struct -{ - /** Allow signature generation */ - uint8_t can_Sign : 1; - /** Allow signature verification */ - uint8_t can_Verify : 1; - /** Allow encryption */ - uint8_t can_Encrypt : 1; - /** Allow decryption */ - uint8_t can_Decrypt : 1; - /** Allow key derivation */ - uint8_t can_KD : 1; - /** Allow key wrapping */ - uint8_t can_Wrap : 1; - /** Allow to write the object */ - uint8_t can_Write : 1; - /** Allow to (re)generate the object */ - uint8_t can_Gen : 1; - /** Allow to imported or exported */ - uint8_t can_Import_Export : 1; - /** Allow key agreement */ - uint8_t can_KA : 1; - /** Allow to read the object */ - uint8_t can_Read : 1; - /** Allow to attest an object */ - uint8_t can_Attest : 1; -#if 1 // SSS_HAVE_SE05X_VER_GTE_06_00 - /** Forbid derived output */ - uint8_t forbid_Derived_Output : 1; -#endif -} sss_policy_asym_key_u; - -/** All policies related to secure object type File */ -typedef struct -{ - /** Allow to write the object */ - uint8_t can_Write : 1; - /** Allow to read the object */ - uint8_t can_Read : 1; -} sss_policy_file_u; - -/** All policies related to secure object type Counter */ -typedef struct -{ - /** Allow to write the object */ - uint8_t can_Write : 1; - /** Allow to read the object */ - uint8_t can_Read : 1; -} sss_policy_counter_u; - -/** All policies related to secure object type PCR */ -typedef struct -{ - /** Allow to write the object */ - uint8_t can_Write : 1; - /** Allow to read the object */ - uint8_t can_Read : 1; -} sss_policy_pcr_u; - -/** All policies related to secure object type UserID */ -typedef struct -{ - /** Allow to write the object */ - uint8_t can_Write : 1; -} sss_policy_userid_u; - -/** Common Policies for all object types */ -typedef struct -{ - /** Forbid all operations */ - uint8_t forbid_All : 1; - /** Allow to delete the object */ - uint8_t can_Delete : 1; - /** Require having secure messaging enabled with encryption and integrity on the command */ - uint8_t req_Sm : 1; -} sss_policy_common_u; - -/** Common PCR Value Policies for all object types */ -typedef struct -{ - /** PCR object ID */ - uint32_t pcrObjId; - /** Expected value of the PCR */ - uint8_t pcrExpectedValue[32]; -} sss_policy_common_pcr_value_u; - -/** Unique/individual policy. - * For any operation, you need array of sss_policy_u. - */ -typedef struct -{ - /** Secure Object Type */ - sss_policy_type_u type; - /** Auth ID for each Object Policy, invalid for session policy type == KPolicy_Session*/ - uint32_t auth_obj_id; - /** Union of applicable policies based on the type of object - */ - union { - sss_policy_file_u file; - sss_policy_counter_u counter; - sss_policy_pcr_u pcr; - sss_policy_sym_key_u symmkey; - sss_policy_asym_key_u asymmkey; - sss_policy_userid_u pin; - sss_policy_common_u common; - sss_policy_common_pcr_value_u common_pcr_value; - sss_policy_session_u session; - } policy; -} sss_policy_u; - -/** An array of policies @ref sss_policy_u */ -typedef struct -{ - /** Array of unique policies, this needs to be allocated based nPolicies */ - const sss_policy_u *policies[SSS_POLICY_COUNT_MAX]; - /** Number of policies */ - size_t nPolicies; -} sss_policy_t; - -/** @} */ - -#endif /* _FSL_SSS_POLICY_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_apis.h deleted file mode 100644 index b0937f8f5..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_apis.h +++ /dev/null @@ -1,781 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** @file */ - -#ifndef FSL_SSS_SE05X_APIS_H -#define FSL_SSS_SE05X_APIS_H - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT -#include - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/** - * @addtogroup sss_se05x_session - * @{ - */ -/** @copydoc sss_session_create - * - */ -sss_status_t sss_se05x_session_create(sss_se05x_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_open - * - */ -sss_status_t sss_se05x_session_open(sss_se05x_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_prop_get_u32 - * - */ -sss_status_t sss_se05x_session_prop_get_u32(sss_se05x_session_t *session, uint32_t property, uint32_t *pValue); - -/** @copydoc sss_session_prop_get_au8 - * - */ -sss_status_t sss_se05x_session_prop_get_au8( - sss_se05x_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** @copydoc sss_session_close - * - */ -void sss_se05x_session_close(sss_se05x_session_t *session); - -/** @copydoc sss_session_delete - * - */ -void sss_se05x_session_delete(sss_se05x_session_t *session); - -/*! @} */ /* end of : sss_se05x_session */ - -/** - * @addtogroup sss_se05x_keyobj - * @{ - */ -/** @copydoc sss_key_object_init - * - */ -sss_status_t sss_se05x_key_object_init(sss_se05x_object_t *keyObject, sss_se05x_key_store_t *keyStore); - -/** @copydoc sss_key_object_allocate_handle - * - * On SE050, the memory get reserved only when the actual object is created and - * hence there is no memory reservation happening in this API call. but - * internally it checks if the object already exists or not . if the object is - * already existing it returns a failure. - * - */ -sss_status_t sss_se05x_key_object_allocate_handle(sss_se05x_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t options); - -/** @copydoc sss_key_object_get_handle - * - * On SE05X, this API uses @ref Se05x_API_ReadType and fetches - * parameters of the API. - * - */ -sss_status_t sss_se05x_key_object_get_handle(sss_se05x_object_t *keyObject, uint32_t keyId); - -/** Not Available for SE05X - * - */ -sss_status_t sss_se05x_key_object_set_user(sss_se05x_object_t *keyObject, uint32_t user, uint32_t options); - -/** @copydoc sss_key_object_set_purpose - * - */ -sss_status_t sss_se05x_key_object_set_purpose(sss_se05x_object_t *keyObject, sss_mode_t purpose, uint32_t options); - -/** Not Available for SE05X - * - */ -sss_status_t sss_se05x_key_object_set_access(sss_se05x_object_t *keyObject, uint32_t access, uint32_t options); - -/** Not Available for SE05X - * - */ -sss_status_t sss_se05x_key_object_set_eccgfp_group(sss_se05x_object_t *keyObject, sss_eccgfp_group_t *group); - -/** Not Available for SE05X - * - */ -sss_status_t sss_se05x_key_object_get_user(sss_se05x_object_t *keyObject, uint32_t *user); - -/** Not Available for SE05X - * - */ -sss_status_t sss_se05x_key_object_get_purpose(sss_se05x_object_t *keyObject, sss_mode_t *purpose); - -/** Not Available for SE05X - * - */ -sss_status_t sss_se05x_key_object_get_access(sss_se05x_object_t *keyObject, uint32_t *access); - -/** @copydoc sss_key_object_free - * - * On SE050, this has no impact on physical Key Object. - */ -void sss_se05x_key_object_free(sss_se05x_object_t *keyObject); - -/*! @} */ /* end of : sss_se05x_keyobj */ - -/** - * @addtogroup sss_se05x_keyderive - * @{ - */ -/** @copydoc sss_derive_key_context_init - * - */ -sss_status_t sss_se05x_derive_key_context_init(sss_se05x_derive_key_t *context, - sss_se05x_session_t *session, - sss_se05x_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_derive_key_go - * - */ -sss_status_t sss_se05x_derive_key_go(sss_se05x_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_se05x_object_t *derivedKeyObject, - uint16_t deriveDataLen, - uint8_t *hkdfOutput, - size_t *hkdfOutputLen); - -/** @copydoc sss_derive_key_one_go - * - */ -sss_status_t sss_se05x_derive_key_one_go(sss_se05x_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_se05x_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_sobj_one_go -* -*/ -sss_status_t sss_se05x_derive_key_sobj_one_go(sss_se05x_derive_key_t *context, - sss_se05x_object_t *saltKeyObject, - const uint8_t *info, - size_t infoLen, - sss_se05x_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_dh - * - */ -sss_status_t sss_se05x_derive_key_dh( - sss_se05x_derive_key_t *context, sss_se05x_object_t *otherPartyKeyObject, sss_se05x_object_t *derivedKeyObject); - -/** @copydoc sss_derive_key_context_free - * - */ -void sss_se05x_derive_key_context_free(sss_se05x_derive_key_t *context); - -/*! @} */ /* end of : sss_se05x_keyderive */ - -/** - * @addtogroup sss_se05x_keystore - * @{ - */ -/** @copydoc sss_key_store_context_init - * - */ -sss_status_t sss_se05x_key_store_context_init(sss_se05x_key_store_t *keyStore, sss_se05x_session_t *session); - -/** @copydoc sss_key_store_allocate - * - * This API does not do anything special on SE05X. - */ -sss_status_t sss_se05x_key_store_allocate(sss_se05x_key_store_t *keyStore, uint32_t keyStoreId); - -/** @copydoc sss_key_store_save - * - * This API does not do anything special on SE05X. - */ -sss_status_t sss_se05x_key_store_save(sss_se05x_key_store_t *keyStore); - -/** @copydoc sss_key_store_load - * - * This API does not do anything special on SE05X. - */ -sss_status_t sss_se05x_key_store_load(sss_se05x_key_store_t *keyStore); - -/** @copydoc sss_key_store_set_key - * - */ -sss_status_t sss_se05x_key_store_set_key(sss_se05x_key_store_t *keyStore, - sss_se05x_object_t *keyObject, - const uint8_t *data, - size_t dataLen, - size_t keyBitLen, - void *options, - size_t optionsLen); - -/** @copydoc sss_key_store_generate_key - * - */ -sss_status_t sss_se05x_key_store_generate_key( - sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, size_t keyBitLen, void *options); - -/** @copydoc sss_key_store_get_key - * - */ -sss_status_t sss_se05x_key_store_get_key( - sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, uint8_t *data, size_t *dataLen, size_t *pKeyBitLen); - -/** @copydoc sss_key_store_open_key - * - * In SE05X, these keys can be used as KEK encryption key - * - * If ``keyObject`` == NULL, then subsequent key injection does not use any KEK. - * - * @return The sss status. - */ -sss_status_t sss_se05x_key_store_open_key(sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject); - -/** Not available for SE05X - * - */ -sss_status_t sss_se05x_key_store_freeze_key(sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject); - -/** @copydoc sss_key_store_erase_key - * - */ -sss_status_t sss_se05x_key_store_erase_key(sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject); - -/** @copydoc sss_key_store_context_free - * - */ -void sss_se05x_key_store_context_free(sss_se05x_key_store_t *keyStore); - -/** Export Key from SE050 to host - * - * Only Transient keys can be exported. - */ -sss_status_t sss_se05x_key_store_export_key( - sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, uint8_t *key, size_t *keylen); - -/** Re Import previously exported SE05X key from host to the SE05X - * - * Only Transient keys can be imported. - */ -sss_status_t sss_se05x_key_store_import_key( - sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, uint8_t *key, size_t keylen); - -/*! @} */ /* end of : sss_se05x_keystore */ - -/** - * @addtogroup sss_se05x_asym - * @{ - */ -/** @copydoc sss_asymmetric_context_init - * - */ -sss_status_t sss_se05x_asymmetric_context_init(sss_se05x_asymmetric_t *context, - sss_se05x_session_t *session, - sss_se05x_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_asymmetric_encrypt - * - */ -sss_status_t sss_se05x_asymmetric_encrypt( - sss_se05x_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_decrypt - * - */ -sss_status_t sss_se05x_asymmetric_decrypt( - sss_se05x_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_sign_digest - * - */ -sss_status_t sss_se05x_asymmetric_sign_digest( - sss_se05x_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); - -/** @copydoc sss_asymmetric_verify_digest - * - */ -sss_status_t sss_se05x_asymmetric_verify_digest( - sss_se05x_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); - -/** @copydoc sss_asymmetric_context_free - * - */ -void sss_se05x_asymmetric_context_free(sss_se05x_asymmetric_t *context); - -/*! @} */ /* end of : sss_se05x_asym */ - -/** - * @addtogroup sss_se05x_symm - * @{ - */ -/** @copydoc sss_symmetric_context_init - * - */ -sss_status_t sss_se05x_symmetric_context_init(sss_se05x_symmetric_t *context, - sss_se05x_session_t *session, - sss_se05x_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_cipher_one_go - * - */ -sss_status_t sss_se05x_cipher_one_go(sss_se05x_symmetric_t *context, - uint8_t *iv, - size_t ivLen, - const uint8_t *srcData, - uint8_t *destData, - size_t dataLen); - -/** @copydoc sss_cipher_init - * - */ -sss_status_t sss_se05x_cipher_init(sss_se05x_symmetric_t *context, uint8_t *iv, size_t ivLen); - -/** @copydoc sss_cipher_update - * - */ -sss_status_t sss_se05x_cipher_update( - sss_se05x_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_finish - * - */ -sss_status_t sss_se05x_cipher_finish( - sss_se05x_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_crypt_ctr - * - */ -sss_status_t sss_se05x_cipher_crypt_ctr(sss_se05x_symmetric_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *initialCounter, - uint8_t *lastEncryptedCounter, - size_t *szLeft); - -/** @copydoc sss_symmetric_context_free - * - */ -void sss_se05x_symmetric_context_free(sss_se05x_symmetric_t *context); - -/*! @} */ /* end of : sss_se05x_symm */ - -/** - * @addtogroup sss_se05x_aead - * @{ - */ -/** @copydoc sss_aead_context_init - * - */ -sss_status_t sss_se05x_aead_context_init(sss_se05x_aead_t *context, - sss_se05x_session_t *session, - sss_se05x_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_aead_one_go - * - */ -sss_status_t sss_se05x_aead_one_go(sss_se05x_aead_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *nonce, - size_t nonceLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_init - * - */ -sss_status_t sss_se05x_aead_init( - sss_se05x_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); - -/** @copydoc sss_aead_update_aad - * - */ -sss_status_t sss_se05x_aead_update_aad(sss_se05x_aead_t *context, const uint8_t *aadData, size_t aadDataLen); - -/** @copydoc sss_aead_update - * - */ -sss_status_t sss_se05x_aead_update( - sss_se05x_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_aead_finish - * - */ -sss_status_t sss_se05x_aead_finish(sss_se05x_aead_t *context, - const uint8_t *srcData, - size_t srcLen, - uint8_t *destData, - size_t *destLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_context_free - * - */ -void sss_se05x_aead_context_free(sss_se05x_aead_t *context); - -/*! @} */ /* end of : sss_se05x_aead */ - -/** - * @addtogroup sss_se05x_mac - * @{ - */ -/** @copydoc sss_mac_context_init - * - */ -sss_status_t sss_se05x_mac_context_init(sss_se05x_mac_t *context, - sss_se05x_session_t *session, - sss_se05x_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_mac_one_go - * - */ -sss_status_t sss_se05x_mac_one_go( - sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_init - * - */ -sss_status_t sss_se05x_mac_init(sss_se05x_mac_t *context); - -/** @copydoc sss_mac_update - * - */ -sss_status_t sss_se05x_mac_update(sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_mac_finish - * - */ -sss_status_t sss_se05x_mac_finish(sss_se05x_mac_t *context, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_context_free - * - */ -void sss_se05x_mac_context_free(sss_se05x_mac_t *context); - -/*! @} */ /* end of : sss_se05x_mac */ - -/** - * @addtogroup sss_se05x_md - * @{ - */ -/** @copydoc sss_digest_context_init - * - */ -sss_status_t sss_se05x_digest_context_init( - sss_se05x_digest_t *context, sss_se05x_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @copydoc sss_digest_one_go - * - */ -sss_status_t sss_se05x_digest_one_go( - sss_se05x_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_init - * - */ -sss_status_t sss_se05x_digest_init(sss_se05x_digest_t *context); - -/** @copydoc sss_digest_update - * - */ -sss_status_t sss_se05x_digest_update(sss_se05x_digest_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_digest_finish - * - */ -sss_status_t sss_se05x_digest_finish(sss_se05x_digest_t *context, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_context_free - * - */ -void sss_se05x_digest_context_free(sss_se05x_digest_t *context); - -/*! @} */ /* end of : sss_se05x_md */ - -/** - * @addtogroup sss_se05x_rng - * @{ - */ -/** @copydoc sss_rng_context_init - * - */ -sss_status_t sss_se05x_rng_context_init(sss_se05x_rng_context_t *context, sss_se05x_session_t *session); - -/** @copydoc sss_rng_get_random - * - */ -sss_status_t sss_se05x_rng_get_random(sss_se05x_rng_context_t *context, uint8_t *random_data, size_t dataLen); - -/** @copydoc sss_rng_context_free - * - */ -sss_status_t sss_se05x_rng_context_free(sss_se05x_rng_context_t *context); - -/*! @} */ /* end of : sss_se05x_rng */ - -/** -* @addtogroup sss_se05x_tunnel -* @{ -*/ -/** @copydoc sss_tunnel_context_init - * - */ -sss_status_t sss_se05x_tunnel_context_init(sss_se05x_tunnel_context_t *context, sss_se05x_session_t *session); - -/** @copydoc sss_tunnel_context_free -* -*/ -void sss_se05x_tunnel_context_free(sss_se05x_tunnel_context_t *context); - -/*! @} */ /* end of : sss_se05x_tunnel */ - -sss_status_t sss_se05x_refresh_session(sss_se05x_session_t *session, void *connectionData); - -/** - * @addtogroup sss_se05x_tunnel - * @{ - */ - -/** @copydoc sss_tunnel_context_init - * - */ -sss_status_t sss_se05x_tunnel_context_init(sss_se05x_tunnel_context_t *context, sss_se05x_session_t *session); - -/** @copydoc sss_tunnel_t - * - */ -sss_status_t sss_se05x_tunnel(sss_se05x_tunnel_context_t *context, - uint8_t *data, - size_t dataLen, - sss_se05x_object_t *keyObjects, - uint32_t keyObjectCount, - uint32_t tunnelType); - -/** @copydoc sss_tunnel_context_free - * - */ -void sss_se05x_tunnel_context_free(sss_se05x_tunnel_context_t *context); - -/*! @} */ /* end of : sss_se05x_tunnel */ - -/** Set features of the Applet. - * - * See @ref Se05x_API_SetAppletFeatures - */ -sss_status_t sss_se05x_set_feature( - sss_se05x_session_t *session, SE05x_Applet_Feature_t feature, SE05x_Applet_Feature_Disable_t disable_features); - -SE05x_DigestMode_t se05x_get_sha_algo(sss_algorithm_t algorithm); - -#if SSSFTR_SE05X_ECC -sss_status_t sss_se05x_key_store_create_curve(Se05xSession_t *pSession, uint32_t curve_id); -#endif - -/* clang-format off */ -# if (SSS_HAVE_SSS == 1) - /* Direct Call : session */ -# define sss_session_create(session,subsystem,application_id,connection_type,connectionData) \ - sss_se05x_session_create(((sss_se05x_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_session_open(session,subsystem,application_id,connection_type,connectionData) \ - sss_se05x_session_open(((sss_se05x_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) -# define sss_session_prop_get_u32(session,property,pValue) \ - sss_se05x_session_prop_get_u32(((sss_se05x_session_t * ) session),(property),(pValue)) -# define sss_session_prop_get_au8(session,property,pValue,pValueLen) \ - sss_se05x_session_prop_get_au8(((sss_se05x_session_t * ) session),(property),(pValue),(pValueLen)) -# define sss_session_close(session) \ - sss_se05x_session_close(((sss_se05x_session_t * ) session)) -# define sss_session_delete(session) \ - sss_se05x_session_delete(((sss_se05x_session_t * ) session)) - /* Direct Call : keyobj */ -# define sss_key_object_init(keyObject,keyStore) \ - sss_se05x_key_object_init(((sss_se05x_object_t * ) keyObject),((sss_se05x_key_store_t * ) keyStore)) -# define sss_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ - sss_se05x_key_object_allocate_handle(((sss_se05x_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) -# define sss_key_object_get_handle(keyObject,keyId) \ - sss_se05x_key_object_get_handle(((sss_se05x_object_t * ) keyObject),(keyId)) -# define sss_key_object_set_user(keyObject,user,options) \ - sss_se05x_key_object_set_user(((sss_se05x_object_t * ) keyObject),(user),(options)) -# define sss_key_object_set_purpose(keyObject,purpose,options) \ - sss_se05x_key_object_set_purpose(((sss_se05x_object_t * ) keyObject),(purpose),(options)) -# define sss_key_object_set_access(keyObject,access,options) \ - sss_se05x_key_object_set_access(((sss_se05x_object_t * ) keyObject),(access),(options)) -# define sss_key_object_set_eccgfp_group(keyObject,group) \ - sss_se05x_key_object_set_eccgfp_group(((sss_se05x_object_t * ) keyObject),(group)) -# define sss_key_object_get_user(keyObject,user) \ - sss_se05x_key_object_get_user(((sss_se05x_object_t * ) keyObject),(user)) -# define sss_key_object_get_purpose(keyObject,purpose) \ - sss_se05x_key_object_get_purpose(((sss_se05x_object_t * ) keyObject),(purpose)) -# define sss_key_object_get_access(keyObject,access) \ - sss_se05x_key_object_get_access(((sss_se05x_object_t * ) keyObject),(access)) -# define sss_key_object_free(keyObject) \ - sss_se05x_key_object_free(((sss_se05x_object_t * ) keyObject)) - /* Direct Call : keyderive */ -# define sss_derive_key_context_init(context,session,keyObject,algorithm,mode) \ - sss_se05x_derive_key_context_init(((sss_se05x_derive_key_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) -# define sss_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ - sss_se05x_derive_key_go(((sss_se05x_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_se05x_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) -# define sss_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ - sss_se05x_derive_key_dh(((sss_se05x_derive_key_t * ) context),((sss_se05x_object_t * ) otherPartyKeyObject),((sss_se05x_object_t * ) derivedKeyObject)) -# define sss_derive_key_context_free(context) \ - sss_se05x_derive_key_context_free(((sss_se05x_derive_key_t * ) context)) - /* Direct Call : keystore */ -# define sss_key_store_context_init(keyStore,session) \ - sss_se05x_key_store_context_init(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_session_t * ) session)) -# define sss_key_store_allocate(keyStore,keyStoreId) \ - sss_se05x_key_store_allocate(((sss_se05x_key_store_t * ) keyStore),(keyStoreId)) -# define sss_key_store_save(keyStore) \ - sss_se05x_key_store_save(((sss_se05x_key_store_t * ) keyStore)) -# define sss_key_store_load(keyStore) \ - sss_se05x_key_store_load(((sss_se05x_key_store_t * ) keyStore)) -# define sss_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ - sss_se05x_key_store_set_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) -# define sss_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ - sss_se05x_key_store_generate_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject),(keyBitLen),(options)) -# define sss_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ - sss_se05x_key_store_get_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) -# define sss_key_store_open_key(keyStore,keyObject) \ - sss_se05x_key_store_open_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject)) -# define sss_key_store_freeze_key(keyStore,keyObject) \ - sss_se05x_key_store_freeze_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject)) -# define sss_key_store_erase_key(keyStore,keyObject) \ - sss_se05x_key_store_erase_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject)) -# define sss_key_store_context_free(keyStore) \ - sss_se05x_key_store_context_free(((sss_se05x_key_store_t * ) keyStore)) - /* Direct Call : asym */ -# define sss_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_se05x_asymmetric_context_init(((sss_se05x_asymmetric_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) -# define sss_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ - sss_se05x_asymmetric_encrypt(((sss_se05x_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ - sss_se05x_asymmetric_decrypt(((sss_se05x_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ - sss_se05x_asymmetric_sign_digest(((sss_se05x_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ - sss_se05x_asymmetric_verify_digest(((sss_se05x_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_asymmetric_context_free(context) \ - sss_se05x_asymmetric_context_free(((sss_se05x_asymmetric_t * ) context)) - /* Direct Call : symm */ -# define sss_symmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_se05x_symmetric_context_init(((sss_se05x_symmetric_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) -# define sss_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ - sss_se05x_cipher_one_go(((sss_se05x_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) -# define sss_cipher_init(context,iv,ivLen) \ - sss_se05x_cipher_init(((sss_se05x_symmetric_t * ) context),(iv),(ivLen)) -# define sss_cipher_update(context,srcData,srcLen,destData,destLen) \ - sss_se05x_cipher_update(((sss_se05x_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_cipher_finish(context,srcData,srcLen,destData,destLen) \ - sss_se05x_cipher_finish(((sss_se05x_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ - sss_se05x_cipher_crypt_ctr(((sss_se05x_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) -# define sss_symmetric_context_free(context) \ - sss_se05x_symmetric_context_free(((sss_se05x_symmetric_t * ) context)) - /* Direct Call : aead */ -# define sss_aead_context_init(context,session,keyObject,algorithm,mode) \ - sss_se05x_aead_context_init(((sss_se05x_aead_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) -# define sss_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ - sss_se05x_aead_one_go(((sss_se05x_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) -# define sss_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ - sss_se05x_aead_init(((sss_se05x_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) -# define sss_aead_update_aad(context,aadData,aadDataLen) \ - sss_se05x_aead_update_aad(((sss_se05x_aead_t * ) context),(aadData),(aadDataLen)) -# define sss_aead_update(context,srcData,srcLen,destData,destLen) \ - sss_se05x_aead_update(((sss_se05x_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ - sss_se05x_aead_finish(((sss_se05x_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) -# define sss_aead_context_free(context) \ - sss_se05x_aead_context_free(((sss_se05x_aead_t * ) context)) - /* Direct Call : mac */ -# define sss_mac_context_init(context,session,keyObject,algorithm,mode) \ - sss_se05x_mac_context_init(((sss_se05x_mac_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) -# define sss_mac_one_go(context,message,messageLen,mac,macLen) \ - sss_se05x_mac_one_go(((sss_se05x_mac_t * ) context),(message),(messageLen),(mac),(macLen)) -# define sss_mac_init(context) \ - sss_se05x_mac_init(((sss_se05x_mac_t * ) context)) -# define sss_mac_update(context,message,messageLen) \ - sss_se05x_mac_update(((sss_se05x_mac_t * ) context),(message),(messageLen)) -# define sss_mac_finish(context,mac,macLen) \ - sss_se05x_mac_finish(((sss_se05x_mac_t * ) context),(mac),(macLen)) -# define sss_mac_context_free(context) \ - sss_se05x_mac_context_free(((sss_se05x_mac_t * ) context)) - /* Direct Call : md */ -# define sss_digest_context_init(context,session,algorithm,mode) \ - sss_se05x_digest_context_init(((sss_se05x_digest_t * ) context),((sss_se05x_session_t * ) session),(algorithm),(mode)) -# define sss_digest_one_go(context,message,messageLen,digest,digestLen) \ - sss_se05x_digest_one_go(((sss_se05x_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) -# define sss_digest_init(context) \ - sss_se05x_digest_init(((sss_se05x_digest_t * ) context)) -# define sss_digest_update(context,message,messageLen) \ - sss_se05x_digest_update(((sss_se05x_digest_t * ) context),(message),(messageLen)) -# define sss_digest_finish(context,digest,digestLen) \ - sss_se05x_digest_finish(((sss_se05x_digest_t * ) context),(digest),(digestLen)) -# define sss_digest_context_free(context) \ - sss_se05x_digest_context_free(((sss_se05x_digest_t * ) context)) - /* Direct Call : rng */ -# define sss_rng_context_init(context,session) \ - sss_se05x_rng_context_init(((sss_se05x_rng_context_t * ) context),((sss_se05x_session_t * ) session)) -# define sss_rng_get_random(context,random_data,dataLen) \ - sss_se05x_rng_get_random(((sss_se05x_rng_context_t * ) context),(random_data),(dataLen)) -# define sss_rng_context_free(context) \ - sss_se05x_rng_context_free(((sss_se05x_rng_context_t * ) context)) - /* Direct Call : tunnel */ -# define sss_tunnel_context_init(context,session) \ - sss_se05x_tunnel_context_init(((sss_se05x_tunnel_context_t * ) context),((sss_se05x_session_t * ) session)) -# define sss_tunnel(context,data,dataLen,keyObjects,keyObjectCount,tunnelType) \ - sss_se05x_tunnel(((sss_se05x_tunnel_context_t * ) context),(data),(dataLen),((sss_se05x_object_t * ) keyObjects),(keyObjectCount),(tunnelType)) -# define sss_tunnel_context_free(context) \ - sss_se05x_tunnel_context_free(((sss_se05x_tunnel_context_t * ) context)) -# endif /* (SSS_HAVE_SSS == 1) */ -/* clang-format on */ -#endif /* SSS_HAVE_APPLET_SE05X_IOT */ -#ifdef __cplusplus -} // extern "C" -#endif /* __cplusplus */ - -#endif /* FSL_SSS_SE05X_APIS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_policy.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_policy.h deleted file mode 100644 index bab222bf0..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_policy.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef FSL_SSS_SE05X_POLICY_H -#define FSL_SSS_SE05X_POLICY_H - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT -#include -#include -#include - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** @brief - * The function serializes input passed by user (array of sss_policy_t) in to - * uin8[] policy buffer - * - * @param[in] Array of policies passed by user. - * @param[out] buffer passed by user where serialized policy data is copied. - * @param[out] buf_len passed by user where serialized policy data length is copied. - * - * @warning Please ensure pbuff is atleast of size MAX_POLICY_BUFFER_SIZE - * - */ -sss_status_t sss_se05x_create_object_policy_buffer(sss_policy_t *policies, uint8_t *pbuff, size_t *buf_len); -/*! @brief - * The function serializes input passed by user (sss_policy_session_u) in to - * uin8[] policy buffer - * - * @param[in] pointer to sss_policy_session_u passed by user. - * @param[out] buffer passed by user where serialized policy data is copied. - * @param[out] buf_len passed by user where serialized policy data length is copied. - * - * @warning Please ensure session_pol_buff is atleast of size MAX_POLICY_BUFFER_SIZE - * - */ -sss_status_t sss_se05x_create_session_policy_buffer( - sss_policy_session_u *session_policy, uint8_t *session_pol_buff, size_t *buf_len); -#endif /* SSS_HAVE_APPLET_SE05X_IOT */ -#endif /* FSL_SSS_SE05X_POLICY_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_scp03.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_scp03.h deleted file mode 100644 index d15a4bdd9..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_scp03.h +++ /dev/null @@ -1,56 +0,0 @@ -/* -* -* Copyright 2018-2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef FSL_SSS_SE05X_SCP03_H -#define FSL_SSS_SE05X_SCP03_H - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#ifdef __cplusplus -extern "C" { -#endif - -#include "nxScp03_Const.h" -#include "nxScp03_Types.h" -#include "se05x_tlv.h" -#if SSS_HAVE_MBEDTLS -#include -#endif -#if SSS_HAVE_OPENSSL -#include -#endif - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/** -* To send and receive encrypted communication using SCP03 -*/ -sss_status_t nxScp03_AuthenticateChannel(pSe05xSession_t se05xSession, NXSCP03_AuthCtx_t *authScp03); - -/** -* To send and receive encrypted communication using Fast SCP -*/ -sss_status_t nxECKey_AuthenticateChannel(pSe05xSession_t se05xSession, SE05x_AuthCtx_ECKey_t *pAuthFScp); - -#ifdef __cplusplus -} /* extern "c"*/ -#endif - -#endif /* FSL_SSS_SE05X_SCP03_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_types.h deleted file mode 100644 index 12cb2dd9a..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_types.h +++ /dev/null @@ -1,618 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_APIS_INC_FSL_SSS_SE05X_TYPES_H_ -#define SSS_APIS_INC_FSL_SSS_SE05X_TYPES_H_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#include -#include - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_APPLET_SE05X_IOT -#include "nxScp03_Types.h" -#include "se05x_const.h" -#include "se05x_tlv.h" -#include "sm_api.h" -#if (__GNUC__ && !AX_EMBEDDED && !__MBED__) -#include -/* Only for base session with os */ -#elif __MBED__ -#include "cmsis_os2.h" -#include "mbed_rtos_storage.h" -#endif -/* FreeRTOS includes. */ -#if USE_RTOS -#include "FreeRTOS.h" -#include "FreeRTOSIPConfig.h" -#include "semphr.h" -#include "task.h" -#endif - -/*! - * @addtogroup sss_sw_se05x - * @{ - */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_SUBSYSTEM_TYPE_IS_SE05X(subsystem) (subsystem == kType_SSS_SE_SE05x) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_SESSION_TYPE_IS_SE05X(session) (session && SSS_SUBSYSTEM_TYPE_IS_SE05X(session->subsystem)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_KEY_STORE_TYPE_IS_SE05X(keyStore) (keyStore && SSS_SESSION_TYPE_IS_SE05X(keyStore->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_OBJECT_TYPE_IS_SE05X(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_SE05X(pObject->keyStore)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_ASYMMETRIC_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_DERIVE_KEY_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_SYMMETRIC_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_MAC_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_RNG_CONTEXT_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_DIGEST_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_AEAD_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_TUNNEL_CONTEXT_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/** Are we using SE05X as crypto subsystem? */ -#define SSS_TUNNEL_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -struct _sss_se05x_session; - -/** @copydoc sss_tunnel_t */ -typedef struct _sss_se05x_tunnel_context -{ - /** Pointer to the base SE050 SEssion */ - struct _sss_se05x_session *se05x_session; - /** Where exactly this tunnel terminates to */ - sss_tunnel_dest_t tunnelDest; -/** For systems where we potentially have multi-threaded operations, have a lock */ -#if USE_RTOS - SemaphoreHandle_t channelLock; -#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) - pthread_mutex_t channelLock; -#elif __MBED__ - osSemaphoreId_t channelLock; -#endif -} sss_se05x_tunnel_context_t; - -/** @copydoc sss_session_t */ -typedef struct _sss_se05x_session -{ - /** Indicates which security subsystem is selected to be used. */ - sss_type_t subsystem; - - /** Connection context to SE050 */ - - Se05xSession_t s_ctx; - - /** In case connection is tunneled, context to the tunnel */ - - sss_se05x_tunnel_context_t *ptun_ctx; -} sss_se05x_session_t; - -struct _sss_se05x_object; - -/** @copydoc sss_key_store_t */ -typedef struct -{ - /** Pointer to the session */ - sss_se05x_session_t *session; - /** In case the we are using Key Wrapping while injecting the keys, pointer to key used for wrapping */ - struct _sss_se05x_object *kekKey; - -} sss_se05x_key_store_t; - -/** @copydoc sss_object_t */ -typedef struct _sss_se05x_object -{ - /** key store holding the data and other properties */ - sss_se05x_key_store_t *keyStore; - /** @copydoc sss_object_t::objectType */ - uint32_t objectType; - /** @copydoc sss_object_t::cipherType */ - uint32_t cipherType; - /** Application specific key identifier. The keyId is kept in the key store - * along with the key data and other properties. */ - uint32_t keyId; - - /** If this is an ECC Key, the Curve ID of the key */ - SE05x_ECCurve_t curve_id; - - /** Whether this is a persistant or tansient object */ - uint8_t isPersistant : 1; - -} sss_se05x_object_t; - -/** @copydoc sss_derive_key_t */ -typedef struct -{ - /** @copydoc sss_derive_key_t::session */ - sss_se05x_session_t *session; - /** @copydoc sss_derive_key_t::keyObject */ - sss_se05x_object_t *keyObject; - /** @copydoc sss_derive_key_t::algorithm */ - sss_algorithm_t algorithm; - /** @copydoc sss_derive_key_t::mode */ - sss_mode_t mode; - -} sss_se05x_derive_key_t; - -/** @copydoc sss_asymmetric_t */ -typedef struct -{ - /** @copydoc sss_asymmetric_t::session */ - sss_se05x_session_t *session; - /** @copydoc sss_asymmetric_t::keyObject */ - sss_se05x_object_t *keyObject; - /** @copydoc sss_asymmetric_t::algorithm */ - sss_algorithm_t algorithm; - /** @copydoc sss_asymmetric_t::mode */ - sss_mode_t mode; - -} sss_se05x_asymmetric_t; - -/** @copydoc sss_symmetric_t */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_se05x_session_t *session; - /** Reference to key and it's properties. */ - sss_se05x_object_t *keyObject; - /** @copydoc sss_symmetric_t::algorithm */ - sss_algorithm_t algorithm; - /** @copydoc sss_symmetric_t::mode */ - sss_mode_t mode; - - /* Implementation specific part */ - - /** Used crypto object ID for this operation */ - SE05x_CryptoObjectID_t cryptoObjectId; - /** Since underlying system conly only process in fixed chunks, chache them on host - * to complete the operation sanely */ - uint8_t cache_data[16]; - /** Length of bytes cached on host */ - size_t cache_data_len; -} sss_se05x_symmetric_t; - -/** @copydoc sss_mac_t */ -typedef struct -{ - /** copydoc sss_mac_t::session */ - sss_se05x_session_t *session; - /** copydoc sss_mac_t::keyObject */ - sss_se05x_object_t *keyObject; - - /** copydoc sss_mac_t::algorithm */ - sss_algorithm_t algorithm; - /** copydoc sss_mac_t::mode */ - sss_mode_t mode; - /* Implementation specific part */ - - /** Used crypto object ID for this operation */ - SE05x_CryptoObjectID_t cryptoObjectId; -} sss_se05x_mac_t; - -/** @copydoc sss_aead_t */ -typedef struct -{ - /** @copydoc sss_aead_t::session */ - sss_se05x_session_t *session; - /** @copydoc sss_aead_t::keyObject */ - sss_se05x_object_t *keyObject; - /** @copydoc sss_aead_t::algorithm */ - sss_algorithm_t algorithm; - /** @copydoc sss_aead_t::mode */ - sss_mode_t mode; - - /** Implementation specific part */ - SE05x_CryptoObjectID_t cryptoObjectId; - /** Cache in case of un-alined inputs */ - uint8_t cache_data[16]; - /** How much we have cached */ - size_t cache_data_len; -} sss_se05x_aead_t; - -/** @copydoc sss_digest_t */ -typedef struct -{ - /** Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_se05x_session_t *session; - /** @copydoc sss_digest_t::algorithm */ - sss_algorithm_t algorithm; - /** @copydoc sss_digest_t::mode */ - sss_mode_t mode; - /** @copydoc sss_digest_t::digestFullLen */ - size_t digestFullLen; - /** Implementation specific part */ - - SE05x_CryptoObjectID_t cryptoObjectId; -} sss_se05x_digest_t; - -/** @copydoc sss_rng_context_t */ -typedef struct -{ - /** @copydoc sss_rng_context_t::session */ - sss_se05x_session_t *session; -} sss_se05x_rng_context_t; - -/** SE050 Properties that can be represented as an array */ -typedef enum -{ - kSSS_SE05x_SessionProp_CertUID = kSSS_SessionProp_au8_Proprietary_Start + 1, -} sss_s05x_sesion_prop_au8_t; - -/** SE050 Properties that can be represented as 32bit numbers */ -typedef enum -{ - kSSS_SE05x_SessionProp_CertUIDLen = kSSS_SessionProp_u32_Optional_Start + 1, -} sss_s05x_sesion_prop_u32_t; - -/** deprecated : Used only for backwards compatibility */ -#define SE05x_Connect_Ctx_t SE_Connect_Ctx_t -/** deprecated : Used only for backwards compatibility */ -#define se05x_auth_context_t SE_Connect_Ctx_t - -/** Used to enable Applet Features via ``sss_se05x_set_feature`` */ -typedef struct -{ - /** Use of curve TPM_ECC_BN_P256 */ - uint8_t AppletConfig_ECDAA : 1; - /** EC DSA and DH support */ - uint8_t AppletConfig_ECDSA_ECDH_ECDHE : 1; - /** Use of curve RESERVED_ID_ECC_ED_25519 */ - uint8_t AppletConfig_EDDSA : 1; - /** Use of curve RESERVED_ID_ECC_MONT_DH_25519 */ - uint8_t AppletConfig_DH_MONT : 1; - /** Writing HMACKey objects */ - uint8_t AppletConfig_HMAC : 1; - /** Writing RSAKey objects */ - uint8_t AppletConfig_RSA_PLAIN : 1; - /** Writing RSAKey objects */ - uint8_t AppletConfig_RSA_CRT : 1; - /** Writing AESKey objects */ - uint8_t AppletConfig_AES : 1; - /** Writing DESKey objects */ - uint8_t AppletConfig_DES : 1; - /** PBKDF2 */ - uint8_t AppletConfig_PBKDF : 1; - /** TLS Handshake support commands (see 4.16) in APDU Spec*/ - uint8_t AppletConfig_TLS : 1; - /** Mifare DESFire support (see 4.15) in APDU Spec*/ - uint8_t AppletConfig_MIFARE : 1; - /** Allocated value undefined and reserved for future use */ - uint8_t AppletConfig_RFU1 : 1; - /** I2C Master support (see 4.17) in APDU Spec*/ - uint8_t AppletConfig_I2CM : 1; - /** RFU */ - uint8_t AppletConfig_RFU21 : 1; -} SE05x_Applet_Feature_t; - -/** Used to disable Applet Features via ``sss_se05x_set_feature`` */ -typedef struct -{ - /** Disable feature ECDH B2b8 */ - uint8_t EXTCFG_FORBID_ECDH : 1; - /** Disable feature ECDAA B2b7 */ - uint8_t EXTCFG_FORBID_ECDAA : 1; - /** Disable feature RSA_LT_2K B6b8 */ - uint8_t EXTCFG_FORBID_RSA_LT_2K : 1; - /** Disable feature RSA_SHA1 B6b7 */ - uint8_t EXTCFG_FORBID_RSA_SHA1 : 1; - /** Disable feature AES_GCM B8b8 */ - uint8_t EXTCFG_FORBID_AES_GCM : 1; - /** Disable feature AES_GCM_EXT_IV B8b7 */ - uint8_t EXTCFG_FORBID_AES_GCM_EXT_IV : 1; - /** Disable feature HKDF_EXTRACT B10b7 */ - uint8_t EXTCFG_FORBID_HKDF_EXTRACT : 1; -} SE05x_Applet_Feature_Disable_t; - -/** Attestation data */ -typedef struct -{ - /** Random used during attestation */ - uint8_t outrandom[16]; - /** length of outrandom */ - size_t outrandomLen; - /** time stamp */ - SE05x_TimeStamp_t timeStamp; - /** Length of timeStamp */ - size_t timeStampLen; - /** Uinquie ID of SE050 */ - uint8_t chipId[SE050_MODULE_UNIQUE_ID_LEN]; - /** Lenght of the Unique ID */ - size_t chipIdLen; - /** Attributes */ - uint8_t attribute[MAX_POLICY_BUFFER_SIZE + 15]; - /** Length of Attribute */ - size_t attributeLen; - /** Signature for attestation */ - uint8_t signature[512]; - /** Lenght of signature */ - size_t signatureLen; -} sss_se05x_attst_comp_data_t; - -/** Data to be read with attestation */ -typedef struct -{ - /** Whle reading RSA Objects, modulus and public exporent get attested separately, */ - sss_se05x_attst_comp_data_t data[SE05X_MAX_ATTST_DATA]; - /** How many entries to attest */ - uint8_t valid_number; -} sss_se05x_attst_data_t; - -/** @} */ - -/** @addtogroup se050_i2cm - * - * @{ */ - -/** Types of entries in an I2CM Transaction */ -typedef enum -{ - /** Do nothing */ - kSE05x_I2CM_None = 0, - /** Configure the address, baudrate */ - kSE05x_I2CM_Configure, - /** Write to I2C Slave */ - kSE05x_I2CM_Write = 3, - /** Read from I2C Slave */ - kSE05x_I2CM_Read, - - /** Response from SE05x that there is something wrong */ - kSE05x_I2CM_StructuralIssue = 0xFF -} SE05x_I2CM_TLV_type_t; - -/** Status of I2CM Transaction */ -typedef enum -{ - kSE05x_I2CM_Success = 0x5A, - kSE05x_I2CM_I2C_Nack_Fail = 0x01, - kSE05x_I2CM_I2C_Write_Error = 0x02, - kSE05x_I2CM_I2C_Read_Error = 0x03, - kSE05x_I2CM_I2C_Time_Out_Error = 0x05, - kSE05x_I2CM_Invalid_Tag = 0x11, - kSE05x_I2CM_Invalid_Length = 0x12, - kSE05x_I2CM_Invalid_Length_Encode = 0x13, - kSE05x_I2CM_I2C_Config = 0x21 -} SE05x_I2CM_status_t; - -/** Additional operation on data read by I2C */ -typedef enum -{ - kSE05x_Security_None = 0, - kSE05x_Sign_Request, - kSE05x_Sign_Enc_Request, -} SE05x_I2CM_securityReq_t; - -/** Configuration for I2CM */ -typedef enum -{ - kSE05x_I2CM_Baud_Rate_100Khz = 0, - kSE05x_I2CM_Baud_Rate_400Khz, -} SE05x_I2CM_Baud_Rate_t; - -/** Data Configuration for I2CM */ -typedef struct -{ - /** 7 Bit address of I2C slave */ - uint8_t I2C_addr; - /** What baud rate */ - SE05x_I2CM_Baud_Rate_t I2C_baudRate; - /** return status of the config operation */ - SE05x_I2CM_status_t status; -} SE05x_I2CM_configData_t; - -/** @brief Security Configuration for I2CM */ -typedef struct -{ - /** @copydoc SE05x_I2CM_securityReq_t */ - SE05x_I2CM_securityReq_t operation; - /** object used for the operation */ - uint32_t keyObject; -} SE05x_I2CM_securityData_t; - -/** @brief Write From I2CM to I2C Slave */ -typedef struct -{ - /** How many bytes to write */ - uint8_t writeLength; - /** [Out] status of the operation */ - SE05x_I2CM_status_t wrStatus; - /** Buffer to be written */ - uint8_t *writebuf; /* Input */ -} SE05x_I2CM_writeData_t; - -/** Read to I2CM from I2C Slave */ -typedef struct -{ - /** How many bytes to read */ - uint16_t readLength; - /** [Out] status of the operation */ - SE05x_I2CM_status_t rdStatus; - /** Output. rdBuf will point to Host buffer. */ - uint8_t *rdBuf; -} SE05x_I2CM_readData_t; - -/** Used to report error response, not for outgoing command */ -typedef struct -{ - /** [Out] In case there is any structural issue */ - SE05x_I2CM_status_t issueStatus; -} SE05x_I2CM_structuralIssue_t; - -/** @brief Individual entry in array of TLV commands */ -typedef union { - /** @copydoc SE05x_I2CM_configData_t */ - SE05x_I2CM_configData_t cfg; - /** @copydoc SE05x_I2CM_securityData_t */ - SE05x_I2CM_securityData_t sec; - /** @copydoc SE05x_I2CM_writeData_t */ - SE05x_I2CM_writeData_t w; - /** @copydoc SE05x_I2CM_readData_t */ - SE05x_I2CM_readData_t rd; - /** @copydoc SE05x_I2CM_structuralIssue_t */ - SE05x_I2CM_structuralIssue_t issue; -} SE05x_I2CM_INS_type_t; - -/** Individual entry in array of TLV commands, with type - * - * @ref Se05x_i2c_master_txn would expect an array of these. - */ -typedef struct _SE05x_I2CM_cmd -{ - /** @copybrief SE05x_I2CM_TLV_type_t */ - SE05x_I2CM_TLV_type_t type; - /** @copybrief SE05x_I2CM_INS_type_t */ - SE05x_I2CM_INS_type_t cmd; -} SE05x_I2CM_cmd_t; - -/*! - *@} - */ /* end of se050_i2cm */ - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** MAC Validate - * - */ -sss_status_t sss_se05x_mac_validate_one_go( - sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t macLen); - -/** Similar to @ref sss_se05x_asymmetric_sign_digest, - * - * but hashing/digest done by SE - */ -sss_status_t sss_se05x_asymmetric_sign( - sss_se05x_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t *signatureLen); - -/** Similar to @ref sss_se05x_asymmetric_verify_digest, - * but hashing/digest done by SE - * - */ -sss_status_t sss_se05x_asymmetric_verify( - sss_se05x_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t signatureLen); - -/** Read with attestation - * - */ -sss_status_t sss_se05x_key_store_get_key_attst(sss_se05x_key_store_t *keyStore, - sss_se05x_object_t *keyObject, - uint8_t *key, - size_t *keylen, - size_t *pKeyBitLen, - sss_se05x_object_t *keyObject_attst, - sss_algorithm_t algorithm_attst, - uint8_t *random_attst, - size_t randomLen_attst, - sss_se05x_attst_data_t *attst_data); - -uint32_t se05x_sssKeyTypeLenToCurveId(sss_cipher_type_t keyType, size_t keyBits); - -/** @addtogroup se050_i2cm - * - * @{ -*/ - -/** @brief Se05x_i2c_master_txn -* -* I2CM Transaction -* -* @param[in] sess session identifier -* @param[in,out] cmds Array of structure type capturing a sequence of i2c master cmd/rsp transactions. -* @param[in] cmdLen Amount of structures contained in cmds -* -* @pre p describes I2C master commands. -* @post p contains execution state of I2C master commands, the I2C master commands can be overwritten to report on execution failure. -*/ -smStatus_t Se05x_i2c_master_txn(sss_session_t *sess, SE05x_I2CM_cmd_t *cmds, uint8_t cmdLen); - -/** @brief Se05x_i2c_master_attst_txn - * - * I2CM Read With Attestation - * - * @param[in] sess session identifier - * @param[in] keyObject Keyobject which contains 4 byte attestaion KeyId - * @param[in,out] p Array of structure type capturing a sequence of i2c master cmd/rsp transactions. - * @param[in] random_attst 16-byte freshness random - * @param[in] random_attstLen length of freshness random - * @param[in] attst_algo 1 byte attestationAlgo - * @param[out] ptimeStamp timestamp - * @param[out] timeStampLen Length for timestamp - * @param[out] freshness freshness (random) - * @param[out] pfreshnessLen Length for freshness - * @param[out] chipId unique chip Id - * @param[out] pchipIdLen Length for chipId - * @param[out] signature signature - * @param[out] psignatureLen Length for signature - * @param[in] noOftags Amount of structures contained in ``p`` - * - * @pre p describes I2C master commands. - * @post p contains execution state of I2C master commands, the I2C master commands can be overwritten to report on execution failure. - */ -smStatus_t Se05x_i2c_master_attst_txn(sss_session_t *sess, - sss_object_t *keyObject, - SE05x_I2CM_cmd_t *p, - uint8_t *random_attst, - size_t random_attstLen, - SE05x_AttestationAlgo_t attst_algo, - SE05x_TimeStamp_t *ptimeStamp, - size_t *timeStampLen, - uint8_t *freshness, - size_t *pfreshnessLen, - uint8_t *chipId, - size_t *pchipIdLen, - uint8_t *signature, - size_t *psignatureLen, - uint8_t noOftags); - -/*! - *@} - */ /* end of se050_i2cm */ - -#endif /* SSS_HAVE_APPLET_SE05X_IOT */ - -#endif /* SSS_APIS_INC_FSL_SSS_SE05X_TYPES_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_sscp.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_sscp.h deleted file mode 100644 index b80f0c3e6..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_sscp.h +++ /dev/null @@ -1,717 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef _FSL_SSS_SSCP_H_ -#define _FSL_SSS_SSCP_H_ - -#include "fsl_sscp.h" -#include "fsl_sss_api.h" - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if !defined(SSS_SSCP_CONFIG_FILE) -#include "fsl_sss_sscp_config.h" -#else -#include SSS_SSCP_CONFIG_FILE -#endif - -#define SSS_SUBSYSTEM_TYPE_IS_SSCP(subsystem) ((subsystem == kType_SSS_SE_A71CH) || (subsystem == kType_SSS_SE_A71CL)) - -#define SSS_SESSION_TYPE_IS_SSCP(session) (session && SSS_SUBSYSTEM_TYPE_IS_SSCP(session->subsystem)) - -#define SSS_KEY_STORE_TYPE_IS_SSCP(keyStore) (keyStore && SSS_SESSION_TYPE_IS_SSCP(keyStore->session)) - -#define SSS_OBJECT_TYPE_IS_SSCP(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_SSCP(pObject->keyStore)) - -#define SSS_DERIVE_KEY_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -#define SSS_ASYMMETRIC_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -#define SSS_SYMMETRIC_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -#define SSS_MAC_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -#define SSS_RNG_CONTEXT_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -#define SSS_DIGEST_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -#define SSS_AEAD_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) - -typedef enum -{ - kSSS_SSCP_SessionProp_CertUID = kSSS_SessionProp_au8_Proprietary_Start + 1, -} sss_sscp_sesion_prop_au8_t; - -typedef enum -{ - kSSS_SSCP_SessionProp_CertUIDLen = kSSS_SessionProp_u32_Optional_Start + 1, -} sss_sscp_sesion_prop_u32_t; - -typedef void (*fn_sscp_close_t)(void); - -typedef struct _sss_sscp_session -{ - /*! Indicates which security subsystem is selected to be used. */ - sss_type_t subsystem; - - /*! Implementation specific part - * This will be NULL unitl and unless we are not ready to use the sscp_context. - */ - sscp_context_t *sscp_context; - /** - * Allocated structure, not to be used directly... - * Use only sscp_context */ - sscp_context_t mem_sscp_ctx; - /** session identifier */ - uint32_t sessionId; - /** Function pointer that can be used to close the last active session. */ - fn_sscp_close_t fp_closeConnection; -} sss_sscp_session_t; - -typedef struct _sss_sscp_key_store -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_sscp_session_t *session; - /*! Implementation specific part */ - uint32_t keyStoreId; -} sss_sscp_key_store_t; - -typedef struct _sss_sscp_object -{ - /*! key store holding the data and other properties */ - sss_sscp_key_store_t *keyStore; - - uint32_t objectType; /*!< Object types */ - uint32_t cipherType; /*!< Cipher types */ - /*! Application specific key identifier. The keyId is kept in the key store along with the key data and other - * properties. */ - uint32_t keyId; - - void *transientObject; - size_t transientObjectLen; - size_t transientObjectBitLen; - uint8_t slotId; -} sss_sscp_object_t; - -/*! @brief ::sss_symmetric_t with SSCP specific information */ -typedef struct _sss_sscp_symmetric -{ - /*! Virtual connection between application (user context) and - specific security subsystem and function thereof. */ - sss_sscp_session_t *session; - sss_sscp_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*!< What eventual operation algorithm be performed */ - sss_mode_t mode; /*!< High level operation, encrypt/decrypt/etc. */ - uint32_t sessionId; /*!< Session identifier in case of parallel contexts */ - /*! Implementation specific part */ - struct - { - uint8_t data[SSS_SSCP_SYMMETRIC_CONTEXT_SIZE]; - } context; -} sss_sscp_symmetric_t; - -typedef struct _sss_sscp_aead -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_sscp_session_t *session; - sss_sscp_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - - /*! Implementation specific part */ -} sss_sscp_aead_t; - -typedef struct _sss_sscp_digest -{ - /*! Virtual connection between application (user context) and specific security subsystem and function thereof. */ - sss_sscp_session_t *session; - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ - size_t digestFullLen; - - /*! Implementation specific part */ - struct - { - uint8_t data[SSS_SSCP_DIGEST_CONTEXT_SIZE]; - } context; -} sss_sscp_digest_t; - -typedef struct _sss_sscp_mac -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_sscp_session_t *session; - sss_sscp_object_t *keyObject; /*!< Reference to key and it's properties. */ - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - - /*! Implementation specific part */ - uint32_t macFullLen; - struct - { - uint8_t data[SSS_SSCP_MAC_CONTEXT_SIZE]; - } context; -} sss_sscp_mac_t; - -typedef struct _sss_sscp_asymmetric -{ - sss_sscp_session_t *session; - sss_sscp_object_t *keyObject; - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - size_t signatureFullLen; - uint32_t sessionId; /*!< */ - /*! Implementation specific part */ -} sss_sscp_asymmetric_t; - -typedef struct _sss_sscp_tunnel -{ - sss_sscp_session_t *session; - uint32_t tunnelType; - uint32_t sessionId; /*!< */ - /*! Implementation specific part */ -} sss_sscp_tunnel_t; - -typedef struct _sss_sscp_derive_key -{ - sss_sscp_session_t *session; - sss_sscp_object_t *keyObject; - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - uint32_t sessionId; /*!< */ - /*! Implementation specific part */ -} sss_sscp_derive_key_t; - -typedef struct -{ - /** Context holder of session */ - sss_sscp_session_t *session; -} sss_sscp_rng_context_t; - -/******************************************************************************* - * API - ******************************************************************************/ -#if defined(__cplusplus) -extern "C" { -#endif - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/** - * @addtogroup sss_sscp_session - * @{ - */ -/** @copydoc sss_session_open - * - */ -sss_status_t sss_sscp_session_open(sss_sscp_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connection_type, - void *connectionData); - -/** @copydoc sss_session_prop_get_u32 - * - */ -sss_status_t sss_sscp_session_prop_get_u32(sss_sscp_session_t *session, uint32_t property, uint32_t *pValue); - -/** @copydoc sss_session_prop_get_au8 - * - */ -sss_status_t sss_sscp_session_prop_get_au8( - sss_sscp_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** @copydoc sss_session_close - * - */ -void sss_sscp_session_close(sss_sscp_session_t *session); - -/*! @} */ /* end of : sss_sscp_session */ - -/** - * @addtogroup sss_sscp_keyobj - * @{ - */ -/** @copydoc sss_key_object_init - * - */ -sss_status_t sss_sscp_key_object_init(sss_sscp_object_t *keyObject, sss_sscp_key_store_t *keyStore); - -/** @copydoc sss_key_object_allocate_handle - * - */ -sss_status_t sss_sscp_key_object_allocate_handle(sss_sscp_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t options); - -/** @copydoc sss_key_object_get_handle - * - */ -sss_status_t sss_sscp_key_object_get_handle(sss_sscp_object_t *keyObject, uint32_t keyId); - -/** @copydoc sss_key_object_set_user - * - */ -sss_status_t sss_sscp_key_object_set_user(sss_sscp_object_t *keyObject, uint32_t user, uint32_t options); - -/** @copydoc sss_key_object_set_purpose - * - */ -sss_status_t sss_sscp_key_object_set_purpose(sss_sscp_object_t *keyObject, sss_mode_t purpose, uint32_t options); - -/** @copydoc sss_key_object_set_access - * - */ -sss_status_t sss_sscp_key_object_set_access(sss_sscp_object_t *keyObject, uint32_t access, uint32_t options); - -/** @copydoc sss_key_object_set_eccgfp_group - * - */ -sss_status_t sss_sscp_key_object_set_eccgfp_group(sss_sscp_object_t *keyObject, sss_eccgfp_group_t *group); - -/** @copydoc sss_key_object_get_user - * - */ -sss_status_t sss_sscp_key_object_get_user(sss_sscp_object_t *keyObject, uint32_t *user); - -/** @copydoc sss_key_object_get_purpose - * - */ -sss_status_t sss_sscp_key_object_get_purpose(sss_sscp_object_t *keyObject, sss_mode_t *purpose); - -/** @copydoc sss_key_object_get_access - * - */ -sss_status_t sss_sscp_key_object_get_access(sss_sscp_object_t *keyObject, uint32_t *access); - -/** @copydoc sss_key_object_free - * - */ -void sss_sscp_key_object_free(sss_sscp_object_t *keyObject); - -/*! @} */ /* end of : sss_sscp_keyobj */ - -/** - * @addtogroup sss_sscp_keyderive - * @{ - */ -/** @copydoc sss_derive_key_context_init - * - */ -sss_status_t sss_sscp_derive_key_context_init(sss_sscp_derive_key_t *context, - sss_sscp_session_t *session, - sss_sscp_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_derive_key_one_go -* -*/ -sss_status_t sss_sscp_derive_key_one_go(sss_sscp_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_sscp_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_sobj_one_go -* -*/ -sss_status_t sss_sscp_derive_key_sobj_one_go(sss_sscp_derive_key_t *context, - sss_sscp_object_t *saltKeyObject, - const uint8_t *info, - size_t infoLen, - sss_sscp_object_t *derivedKeyObject, - uint16_t deriveDataLen); - -/** @copydoc sss_derive_key_go - * - */ -sss_status_t sss_sscp_derive_key_go(sss_sscp_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_sscp_object_t *derivedKeyObject, - uint16_t deriveDataLen, - uint8_t *hkdfOutput, - size_t *hkdfOutputLen); - -/** @copydoc sss_derive_key_dh - * - */ -sss_status_t sss_sscp_derive_key_dh( - sss_sscp_derive_key_t *context, sss_sscp_object_t *otherPartyKeyObject, sss_sscp_object_t *derivedKeyObject); - -/** @copydoc sss_derive_key_context_free - * - */ -void sss_sscp_derive_key_context_free(sss_sscp_derive_key_t *context); - -/*! @} */ /* end of : sss_sscp_keyderive */ - -/** - * @addtogroup sss_sscp_keystore - * @{ - */ -/** @copydoc sss_key_store_context_init - * - */ -sss_status_t sss_sscp_key_store_context_init(sss_sscp_key_store_t *keyStore, sss_sscp_session_t *session); - -/** @copydoc sss_key_store_allocate - * - */ -sss_status_t sss_sscp_key_store_allocate(sss_sscp_key_store_t *keyStore, uint32_t keyStoreId); - -/** @copydoc sss_key_store_save - * - */ -sss_status_t sss_sscp_key_store_save(sss_sscp_key_store_t *keyStore); - -/** @copydoc sss_key_store_load - * - */ -sss_status_t sss_sscp_key_store_load(sss_sscp_key_store_t *keyStore); - -/** @copydoc sss_key_store_set_key - * - */ -sss_status_t sss_sscp_key_store_set_key(sss_sscp_key_store_t *keyStore, - sss_sscp_object_t *keyObject, - const uint8_t *data, - size_t dataLen, - size_t keyBitLen, - void *options, - size_t optionsLen); - -/** @copydoc sss_key_store_generate_key - * - */ -sss_status_t sss_sscp_key_store_generate_key( - sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject, size_t keyBitLen, void *options); - -/** @copydoc sss_key_store_get_key - * - */ -sss_status_t sss_sscp_key_store_get_key( - sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject, uint8_t *data, size_t *dataLen, size_t *pKeyBitLen); - -#if 0 -/* To be reviewed: Purnank */ -/** @copydoc sss_sscp_key_store_get_key_fromoffset - * - */ -sss_status_t sss_sscp_key_store_get_key_fromoffset(sss_sscp_key_store_t *keyStore, - sss_sscp_object_t *keyObject, - uint8_t *data, - size_t *dataLen, - size_t *pKeyBitLen, - uint16_t offset); -#endif -/** @copydoc sss_key_store_open_key - * - */ -sss_status_t sss_sscp_key_store_open_key(sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject); - -/** @copydoc sss_key_store_freeze_key - * - */ -sss_status_t sss_sscp_key_store_freeze_key(sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject); - -/** @copydoc sss_key_store_erase_key - * - */ -sss_status_t sss_sscp_key_store_erase_key(sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject); - -/** @copydoc sss_key_store_context_free - * - */ -void sss_sscp_key_store_context_free(sss_sscp_key_store_t *keyStore); - -/*! @} */ /* end of : sss_sscp_keystore */ - -/** - * @addtogroup sss_sscp_asym - * @{ - */ -/** @copydoc sss_asymmetric_context_init - * - */ -sss_status_t sss_sscp_asymmetric_context_init(sss_sscp_asymmetric_t *context, - sss_sscp_session_t *session, - sss_sscp_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_asymmetric_encrypt - * - */ -sss_status_t sss_sscp_asymmetric_encrypt( - sss_sscp_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_decrypt - * - */ -sss_status_t sss_sscp_asymmetric_decrypt( - sss_sscp_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_sign_digest - * - */ -sss_status_t sss_sscp_asymmetric_sign_digest( - sss_sscp_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); - -/** @copydoc sss_asymmetric_verify_digest - * - */ -sss_status_t sss_sscp_asymmetric_verify_digest( - sss_sscp_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); - -/** @copydoc sss_asymmetric_context_free - * - */ -void sss_sscp_asymmetric_context_free(sss_sscp_asymmetric_t *context); - -/*! @} */ /* end of : sss_sscp_asym */ - -/** - * @addtogroup sss_sscp_symm - * @{ - */ -/** @copydoc sss_symmetric_context_init - * - */ -sss_status_t sss_sscp_symmetric_context_init(sss_sscp_symmetric_t *context, - sss_sscp_session_t *session, - sss_sscp_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_cipher_one_go - * - */ -sss_status_t sss_sscp_cipher_one_go(sss_sscp_symmetric_t *context, - uint8_t *iv, - size_t ivLen, - const uint8_t *srcData, - uint8_t *destData, - size_t dataLen); - -/** @copydoc sss_cipher_init - * - */ -sss_status_t sss_sscp_cipher_init(sss_sscp_symmetric_t *context, uint8_t *iv, size_t ivLen); - -/** @copydoc sss_cipher_update - * - */ -sss_status_t sss_sscp_cipher_update( - sss_sscp_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_finish - * - */ -sss_status_t sss_sscp_cipher_finish( - sss_sscp_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_crypt_ctr - * - */ -sss_status_t sss_sscp_cipher_crypt_ctr(sss_sscp_symmetric_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *initialCounter, - uint8_t *lastEncryptedCounter, - size_t *szLeft); - -/** @copydoc sss_symmetric_context_free - * - */ -void sss_sscp_symmetric_context_free(sss_sscp_symmetric_t *context); - -/*! @} */ /* end of : sss_sscp_symm */ - -/** - * @addtogroup sss_sscp_aead - * @{ - */ -/** @copydoc sss_aead_context_init - * - */ -sss_status_t sss_sscp_aead_context_init(sss_sscp_aead_t *context, - sss_sscp_session_t *session, - sss_sscp_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_aead_one_go - * - */ -sss_status_t sss_sscp_aead_one_go(sss_sscp_aead_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *nonce, - size_t nonceLen, - const uint8_t *aad, - size_t aadLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_init - * - */ -sss_status_t sss_sscp_aead_init( - sss_sscp_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); - -/** @copydoc sss_aead_update_aad - * - */ -sss_status_t sss_sscp_aead_update_aad(sss_sscp_aead_t *context, const uint8_t *aadData, size_t aadDataLen); - -/** @copydoc sss_aead_update - * - */ -sss_status_t sss_sscp_aead_update( - sss_sscp_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_aead_finish - * - */ -sss_status_t sss_sscp_aead_finish(sss_sscp_aead_t *context, - const uint8_t *srcData, - size_t srcLen, - uint8_t *destData, - size_t *destLen, - uint8_t *tag, - size_t *tagLen); - -/** @copydoc sss_aead_context_free - * - */ -void sss_sscp_aead_context_free(sss_sscp_aead_t *context); - -/*! @} */ /* end of : sss_sscp_aead */ - -/** - * @addtogroup sss_sscp_mac - * @{ - */ -/** @copydoc sss_mac_context_init - * - */ -sss_status_t sss_sscp_mac_context_init(sss_sscp_mac_t *context, - sss_sscp_session_t *session, - sss_sscp_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_mac_one_go - * - */ -sss_status_t sss_sscp_mac_one_go( - sss_sscp_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_init - * - */ -sss_status_t sss_sscp_mac_init(sss_sscp_mac_t *context); - -/** @copydoc sss_mac_update - * - */ -sss_status_t sss_sscp_mac_update(sss_sscp_mac_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_mac_finish - * - */ -sss_status_t sss_sscp_mac_finish(sss_sscp_mac_t *context, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_context_free - * - */ -void sss_sscp_mac_context_free(sss_sscp_mac_t *context); - -/*! @} */ /* end of : sss_sscp_mac */ - -/** - * @addtogroup sss_sscp_md - * @{ - */ -/** @copydoc sss_digest_context_init - * - */ -sss_status_t sss_sscp_digest_context_init( - sss_sscp_digest_t *context, sss_sscp_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @copydoc sss_digest_one_go - * - */ -sss_status_t sss_sscp_digest_one_go( - sss_sscp_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_init - * - */ -sss_status_t sss_sscp_digest_init(sss_sscp_digest_t *context); - -/** @copydoc sss_digest_update - * - */ -sss_status_t sss_sscp_digest_update(sss_sscp_digest_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_digest_finish - * - */ -sss_status_t sss_sscp_digest_finish(sss_sscp_digest_t *context, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_context_free - * - */ -void sss_sscp_digest_context_free(sss_sscp_digest_t *context); - -/*! @} */ /* end of : sss_sscp_md */ - -/** - * @addtogroup sss_sscp_rng - * @{ - */ -/** @copydoc sss_rng_context_init - * - */ -sss_status_t sss_sscp_rng_context_init(sss_sscp_rng_context_t *context, sss_sscp_session_t *session); - -/** @copydoc sss_rng_get_random - * - */ -sss_status_t sss_sscp_rng_get_random(sss_sscp_rng_context_t *context, uint8_t *random_data, size_t dataLen); - -/** @copydoc sss_rng_context_free - * - */ -sss_status_t sss_sscp_rng_context_free(sss_sscp_rng_context_t *context); - -/*! @} */ /* end of : sss_sscp_rng */ - -#if defined(__cplusplus) -} -#endif - -#endif /* _FSL_SSS_SSCP_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_apis.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_apis.h deleted file mode 100644 index 65900ab50..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_apis.h +++ /dev/null @@ -1,627 +0,0 @@ -/* - * - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef fsl_sss_user_apis_H -#define fsl_sss_user_apis_H - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_HOSTCRYPTO_USER -#include - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/** - * @addtogroup sss_user_impl_session - * @{ - */ -/** @copydoc sss_session_create - * - */ -sss_status_t sss_user_impl_session_create(sss_user_impl_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connetion_type, - void *connectionData); - -/** @copydoc sss_session_open - * - */ -sss_status_t sss_user_impl_session_open(sss_user_impl_session_t *session, - sss_type_t subsystem, - uint32_t application_id, - sss_connection_type_t connetion_type, - void *connectionData); - -/** @copydoc sss_session_prop_get_u32 - * - */ -sss_status_t sss_user_impl_session_prop_get_u32(sss_user_impl_session_t *session, uint32_t property, uint32_t *pValue); - -/** @copydoc sss_session_prop_get_au8 - * - */ -sss_status_t sss_user_impl_session_prop_get_au8( - sss_user_impl_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** @copydoc sss_session_close - * - */ -void sss_user_impl_session_close(sss_user_impl_session_t *session); - -/** @copydoc sss_session_delete - * - */ -void sss_user_impl_session_delete(sss_user_impl_session_t *session); - -/*! @} */ /* end of : sss_user_impl_session */ - -/** - * @addtogroup sss_user_impl_keyobj - * @{ - */ -/** @copydoc sss_key_object_init - * - */ -sss_status_t sss_user_impl_key_object_init(sss_user_impl_object_t *keyObject, sss_user_impl_key_store_t *keyStore); - -/** @copydoc sss_key_object_allocate_handle - * - */ -sss_status_t sss_user_impl_key_object_allocate_handle(sss_user_impl_object_t *keyObject, - uint32_t keyId, - sss_key_part_t keyPart, - sss_cipher_type_t cipherType, - size_t keyByteLenMax, - uint32_t options); - -/** @copydoc sss_key_object_get_handle - * - */ -sss_status_t sss_user_impl_key_object_get_handle(sss_user_impl_object_t *keyObject, uint32_t keyId); - -/** @copydoc sss_key_object_set_user - * - */ -sss_status_t sss_user_impl_key_object_set_user(sss_user_impl_object_t *keyObject, uint32_t user, uint32_t options); - -/** @copydoc sss_key_object_set_purpose - * - */ -sss_status_t sss_user_impl_key_object_set_purpose( - sss_user_impl_object_t *keyObject, sss_mode_t purpose, uint32_t options); - -/** @copydoc sss_key_object_set_access - * - */ -sss_status_t sss_user_impl_key_object_set_access(sss_user_impl_object_t *keyObject, uint32_t access, uint32_t options); - -/** @copydoc sss_key_object_set_eccgfp_group - * - */ -sss_status_t sss_user_impl_key_object_set_eccgfp_group(sss_user_impl_object_t *keyObject, sss_eccgfp_group_t *group); - -/** @copydoc sss_key_object_get_user - * - */ -sss_status_t sss_user_impl_key_object_get_user(sss_user_impl_object_t *keyObject, uint32_t *user); - -/** @copydoc sss_key_object_get_purpose - * - */ -sss_status_t sss_user_impl_key_object_get_purpose(sss_user_impl_object_t *keyObject, sss_mode_t *purpose); - -/** @copydoc sss_key_object_get_access - * - */ -sss_status_t sss_user_impl_key_object_get_access(sss_user_impl_object_t *keyObject, uint32_t *access); - -/** @copydoc sss_key_object_free - * - */ -void sss_user_impl_key_object_free(sss_user_impl_object_t *keyObject); - -/*! @} */ /* end of : sss_user_impl_keyobj */ - -/** - * @addtogroup sss_user_impl_keyderive - * @{ - */ -/** @copydoc sss_derive_key_context_init - * - */ -sss_status_t sss_user_impl_derive_key_context_init(sss_user_impl_derive_key_t *context, - sss_user_impl_session_t *session, - sss_user_impl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_derive_key_go - * - */ -sss_status_t sss_user_impl_derive_key_go(sss_user_impl_derive_key_t *context, - const uint8_t *saltData, - size_t saltLen, - const uint8_t *info, - size_t infoLen, - sss_user_impl_object_t *derivedKeyObject, - uint16_t deriveDataLen, - uint8_t *hkdfOutput, - size_t *hkdfOutputLen); - -/** @copydoc sss_derive_key_dh - * - */ -sss_status_t sss_user_impl_derive_key_dh(sss_user_impl_derive_key_t *context, - sss_user_impl_object_t *otherPartyKeyObject, - sss_user_impl_object_t *derivedKeyObject); - -/** @copydoc sss_derive_key_context_free - * - */ -void sss_user_impl_derive_key_context_free(sss_user_impl_derive_key_t *context); - -/*! @} */ /* end of : sss_user_impl_keyderive */ - -/** - * @addtogroup sss_user_impl_keystore - * @{ - */ -/** @copydoc sss_key_store_context_init - * - */ -sss_status_t sss_user_impl_key_store_context_init( - sss_user_impl_key_store_t *keyStore, sss_user_impl_session_t *session); - -/** @copydoc sss_key_store_allocate - * - */ -sss_status_t sss_user_impl_key_store_allocate(sss_user_impl_key_store_t *keyStore, uint32_t keyStoreId); - -/** @copydoc sss_key_store_save - * - */ -sss_status_t sss_user_impl_key_store_save(sss_user_impl_key_store_t *keyStore); - -/** @copydoc sss_key_store_load - * - */ -sss_status_t sss_user_impl_key_store_load(sss_user_impl_key_store_t *keyStore); - -/** @copydoc sss_key_store_set_key - * - */ -sss_status_t sss_user_impl_key_store_set_key(sss_user_impl_key_store_t *keyStore, - sss_user_impl_object_t *keyObject, - const uint8_t *data, - size_t dataLen, - size_t keyBitLen, - void *options, - size_t optionsLen); - -/** @copydoc sss_key_store_generate_key - * - */ -sss_status_t sss_user_impl_key_store_generate_key( - sss_user_impl_key_store_t *keyStore, sss_user_impl_object_t *keyObject, size_t keyBitLen, void *options); - -/** @copydoc sss_key_store_get_key - * - */ -sss_status_t sss_user_impl_key_store_get_key(sss_user_impl_key_store_t *keyStore, - sss_user_impl_object_t *keyObject, - uint8_t *data, - size_t *dataLen, - size_t *pKeyBitLen); - -/** @copydoc sss_key_store_open_key - * - */ -sss_status_t sss_user_impl_key_store_open_key(sss_user_impl_key_store_t *keyStore, sss_user_impl_object_t *keyObject); - -/** @copydoc sss_key_store_freeze_key - * - */ -sss_status_t sss_user_impl_key_store_freeze_key(sss_user_impl_key_store_t *keyStore, sss_user_impl_object_t *keyObject); - -/** @copydoc sss_key_store_erase_key - * - */ -sss_status_t sss_user_impl_key_store_erase_key(sss_user_impl_key_store_t *keyStore, sss_user_impl_object_t *keyObject); - -/** @copydoc sss_key_store_prop_get_u32 - * - */ -sss_status_t sss_user_impl_key_store_prop_get_u32( - sss_user_impl_key_store_t *session, uint32_t property, uint32_t *pValue); - -/** @copydoc sss_key_store_prop_get_au8 - * - */ -sss_status_t sss_user_impl_key_store_prop_get_au8( - sss_user_impl_key_store_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); - -/** @copydoc sss_key_store_context_free - * - */ -void sss_user_impl_key_store_context_free(sss_user_impl_key_store_t *keyStore); - -/*! @} */ /* end of : sss_user_impl_keystore */ - -/** - * @addtogroup sss_user_impl_asym - * @{ - */ -/** @copydoc sss_asymmetric_context_init - * - */ -sss_status_t sss_user_impl_asymmetric_context_init(sss_user_impl_asymmetric_t *context, - sss_user_impl_session_t *session, - sss_user_impl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_asymmetric_encrypt - * - */ -sss_status_t sss_user_impl_asymmetric_encrypt( - sss_user_impl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_decrypt - * - */ -sss_status_t sss_user_impl_asymmetric_decrypt( - sss_user_impl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_asymmetric_sign_digest - * - */ -sss_status_t sss_user_impl_asymmetric_sign_digest( - sss_user_impl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); - -/** @copydoc sss_asymmetric_verify_digest - * - */ -sss_status_t sss_user_impl_asymmetric_verify_digest( - sss_user_impl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); - -/** @copydoc sss_asymmetric_context_free - * - */ -void sss_user_impl_asymmetric_context_free(sss_user_impl_asymmetric_t *context); - -/*! @} */ /* end of : sss_user_impl_asym */ - -/** - * @addtogroup sss_user_impl_symm - * @{ - */ -/** @copydoc sss_symmetric_context_init - * - */ -sss_status_t sss_user_impl_symmetric_context_init(sss_user_impl_symmetric_t *context, - sss_user_impl_session_t *session, - sss_user_impl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_cipher_one_go - * - */ -sss_status_t sss_user_impl_cipher_one_go(sss_user_impl_symmetric_t *context, - uint8_t *iv, - size_t ivLen, - const uint8_t *srcData, - uint8_t *destData, - size_t dataLen); - -/** @copydoc sss_cipher_init - * - */ -sss_status_t sss_user_impl_cipher_init(sss_user_impl_symmetric_t *context, uint8_t *iv, size_t ivLen); - -/** @copydoc sss_cipher_update - * - */ -sss_status_t sss_user_impl_cipher_update( - sss_user_impl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_finish - * - */ -sss_status_t sss_user_impl_cipher_finish( - sss_user_impl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); - -/** @copydoc sss_cipher_crypt_ctr - * - */ -sss_status_t sss_user_impl_cipher_crypt_ctr(sss_user_impl_symmetric_t *context, - const uint8_t *srcData, - uint8_t *destData, - size_t size, - uint8_t *initialCounter, - uint8_t *lastEncryptedCounter, - size_t *szLeft); - -/** @copydoc sss_symmetric_context_free - * - */ -void sss_user_impl_symmetric_context_free(sss_user_impl_symmetric_t *context); - -/*! @} */ /* end of : sss_user_impl_symm */ - -/** - * @addtogroup sss_user_impl_aead - * @{ - */ - -/** - * @addtogroup sss_user_impl_mac - * @{ - */ -/** @copydoc sss_mac_context_init - * - */ -sss_status_t sss_user_impl_mac_context_init(sss_user_impl_mac_t *context, - sss_user_impl_session_t *session, - sss_user_impl_object_t *keyObject, - sss_algorithm_t algorithm, - sss_mode_t mode); - -/** @copydoc sss_mac_one_go - * - */ -sss_status_t sss_user_impl_mac_one_go( - sss_user_impl_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_init - * - */ -sss_status_t sss_user_impl_mac_init(sss_user_impl_mac_t *context); - -/** @copydoc sss_mac_update - * - */ -sss_status_t sss_user_impl_mac_update(sss_user_impl_mac_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_mac_finish - * - */ -sss_status_t sss_user_impl_mac_finish(sss_user_impl_mac_t *context, uint8_t *mac, size_t *macLen); - -/** @copydoc sss_mac_context_free - * - */ -void sss_user_impl_mac_context_free(sss_user_impl_mac_t *context); - -/*! @} */ /* end of : sss_user_impl_mac */ - -/** - * @addtogroup sss_user_impl_md - * @{ - */ -/** @copydoc sss_digest_context_init - * - */ -sss_status_t sss_user_impl_digest_context_init( - sss_user_impl_digest_t *context, sss_user_impl_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); - -/** @copydoc sss_digest_one_go - * - */ -sss_status_t sss_user_impl_digest_one_go( - sss_user_impl_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_init - * - */ -sss_status_t sss_user_impl_digest_init(sss_user_impl_digest_t *context); - -/** @copydoc sss_digest_update - * - */ -sss_status_t sss_user_impl_digest_update(sss_user_impl_digest_t *context, const uint8_t *message, size_t messageLen); - -/** @copydoc sss_digest_finish - * - */ -sss_status_t sss_user_impl_digest_finish(sss_user_impl_digest_t *context, uint8_t *digest, size_t *digestLen); - -/** @copydoc sss_digest_context_free - * - */ -void sss_user_impl_digest_context_free(sss_user_impl_digest_t *context); - -/*! @} */ /* end of : sss_user_impl_md */ - -/** - * @addtogroup sss_user_impl_rng - * @{ - */ -/** @copydoc sss_rng_context_init - * - */ -sss_status_t sss_user_impl_rng_context_init(sss_user_impl_rng_context_t *context, sss_user_impl_session_t *session); - -/** @copydoc sss_rng_get_random - * - */ -sss_status_t sss_user_impl_rng_get_random(sss_user_impl_rng_context_t *context, uint8_t *random_data, size_t dataLen); - -/** @copydoc sss_rng_context_free - * - */ -sss_status_t sss_user_impl_rng_context_free(sss_user_impl_rng_context_t *context); - -/*! @} */ /* end of : sss_user_impl_rng */ - -/* clang-format off */ - - /* Host Call : session */ -# define sss_host_session_create(session,subsystem,application_id,connetion_type,connectionData) \ - sss_user_impl_session_create(((sss_user_impl_session_t * ) session),(subsystem),(application_id),(connetion_type),(connectionData)) -# define sss_host_session_open(session,subsystem,application_id,connetion_type,connectionData) \ - sss_user_impl_session_open(((sss_user_impl_session_t * ) session),(subsystem),(application_id),(connetion_type),(connectionData)) -# define sss_host_session_prop_get_u32(session,property,pValue) \ - sss_user_impl_session_prop_get_u32(((sss_user_impl_session_t * ) session),(property),(pValue)) -# define sss_host_session_prop_get_au8(session,property,pValue,pValueLen) \ - sss_user_impl_session_prop_get_au8(((sss_user_impl_session_t * ) session),(property),(pValue),(pValueLen)) -# define sss_host_session_close(session) \ - sss_user_impl_session_close(((sss_user_impl_session_t * ) session)) -# define sss_host_session_delete(session) \ - sss_user_impl_session_delete(((sss_user_impl_session_t * ) session)) - /* Host Call : keyobj */ -# define sss_host_key_object_init(keyObject,keyStore) \ - sss_user_impl_key_object_init(((sss_user_impl_object_t * ) keyObject),((sss_user_impl_key_store_t * ) keyStore)) -# define sss_host_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ - sss_user_impl_key_object_allocate_handle(((sss_user_impl_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) -# define sss_host_key_object_get_handle(keyObject,keyId) \ - sss_user_impl_key_object_get_handle(((sss_user_impl_object_t * ) keyObject),(keyId)) -# define sss_host_key_object_set_user(keyObject,user,options) \ - sss_user_impl_key_object_set_user(((sss_user_impl_object_t * ) keyObject),(user),(options)) -# define sss_host_key_object_set_purpose(keyObject,purpose,options) \ - sss_user_impl_key_object_set_purpose(((sss_user_impl_object_t * ) keyObject),(purpose),(options)) -# define sss_host_key_object_set_access(keyObject,access,options) \ - sss_user_impl_key_object_set_access(((sss_user_impl_object_t * ) keyObject),(access),(options)) -# define sss_host_key_object_set_eccgfp_group(keyObject,group) \ - sss_user_impl_key_object_set_eccgfp_group(((sss_user_impl_object_t * ) keyObject),(group)) -# define sss_host_key_object_get_user(keyObject,user) \ - sss_user_impl_key_object_get_user(((sss_user_impl_object_t * ) keyObject),(user)) -# define sss_host_key_object_get_purpose(keyObject,purpose) \ - sss_user_impl_key_object_get_purpose(((sss_user_impl_object_t * ) keyObject),(purpose)) -# define sss_host_key_object_get_access(keyObject,access) \ - sss_user_impl_key_object_get_access(((sss_user_impl_object_t * ) keyObject),(access)) -# define sss_host_key_object_free(keyObject) \ - sss_user_impl_key_object_free(((sss_user_impl_object_t * ) keyObject)) - /* Host Call : keyderive */ -# define sss_host_derive_key_context_init(context,session,keyObject,algorithm,mode) \ - sss_user_impl_derive_key_context_init(((sss_user_impl_derive_key_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ - sss_user_impl_derive_key_go(((sss_user_impl_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_user_impl_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) -# define sss_host_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ - sss_user_impl_derive_key_dh(((sss_user_impl_derive_key_t * ) context),((sss_user_impl_object_t * ) otherPartyKeyObject),((sss_user_impl_object_t * ) derivedKeyObject)) -# define sss_host_derive_key_context_free(context) \ - sss_user_impl_derive_key_context_free(((sss_user_impl_derive_key_t * ) context)) - /* Host Call : keystore */ -# define sss_host_key_store_context_init(keyStore,session) \ - sss_user_impl_key_store_context_init(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_session_t * ) session)) -# define sss_host_key_store_allocate(keyStore,keyStoreId) \ - sss_user_impl_key_store_allocate(((sss_user_impl_key_store_t * ) keyStore),(keyStoreId)) -# define sss_host_key_store_save(keyStore) \ - sss_user_impl_key_store_save(((sss_user_impl_key_store_t * ) keyStore)) -# define sss_host_key_store_load(keyStore) \ - sss_user_impl_key_store_load(((sss_user_impl_key_store_t * ) keyStore)) -# define sss_host_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ - sss_user_impl_key_store_set_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) -# define sss_host_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ - sss_user_impl_key_store_generate_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject),(keyBitLen),(options)) -# define sss_host_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ - sss_user_impl_key_store_get_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) -# define sss_host_key_store_open_key(keyStore,keyObject) \ - sss_user_impl_key_store_open_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject)) -# define sss_host_key_store_freeze_key(keyStore,keyObject) \ - sss_user_impl_key_store_freeze_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject)) -# define sss_host_key_store_erase_key(keyStore,keyObject) \ - sss_user_impl_key_store_erase_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject)) -# define sss_host_key_store_prop_get_u32(session,property,pValue) \ - sss_user_impl_key_store_prop_get_u32(((sss_user_impl_key_store_t * ) session),(property),(pValue)) -# define sss_host_key_store_prop_get_au8(session,property,pValue,pValueLen) \ - sss_user_impl_key_store_prop_get_au8(((sss_user_impl_key_store_t * ) session),(property),(pValue),(pValueLen)) -# define sss_host_key_store_context_free(keyStore) \ - sss_user_impl_key_store_context_free(((sss_user_impl_key_store_t * ) keyStore)) - /* Host Call : asym */ -# define sss_host_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_user_impl_asymmetric_context_init(((sss_user_impl_asymmetric_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ - sss_user_impl_asymmetric_encrypt(((sss_user_impl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ - sss_user_impl_asymmetric_decrypt(((sss_user_impl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ - sss_user_impl_asymmetric_sign_digest(((sss_user_impl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_host_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ - sss_user_impl_asymmetric_verify_digest(((sss_user_impl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) -# define sss_host_asymmetric_context_free(context) \ - sss_user_impl_asymmetric_context_free(((sss_user_impl_asymmetric_t * ) context)) - /* Host Call : symm */ -# define sss_host_symmetric_context_init(context,session,keyObject,algorithm,mode) \ - sss_user_impl_symmetric_context_init(((sss_user_impl_symmetric_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ - sss_user_impl_cipher_one_go(((sss_user_impl_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) -# define sss_host_cipher_init(context,iv,ivLen) \ - sss_user_impl_cipher_init(((sss_user_impl_symmetric_t * ) context),(iv),(ivLen)) -# define sss_host_cipher_update(context,srcData,srcLen,destData,destLen) \ - sss_user_impl_cipher_update(((sss_user_impl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_cipher_finish(context,srcData,srcLen,destData,destLen) \ - sss_user_impl_cipher_finish(((sss_user_impl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ - sss_user_impl_cipher_crypt_ctr(((sss_user_impl_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) -# define sss_host_symmetric_context_free(context) \ - sss_user_impl_symmetric_context_free(((sss_user_impl_symmetric_t * ) context)) - /* Host Call : aead */ -# define sss_host_aead_context_init(context,session,keyObject,algorithm,mode) \ - sss_user_impl_aead_context_init(((sss_user_impl_aead_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ - sss_user_impl_aead_one_go(((sss_user_impl_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) -# define sss_host_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ - sss_user_impl_aead_init(((sss_user_impl_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) -# define sss_host_aead_update_aad(context,aadData,aadDataLen) \ - sss_user_impl_aead_update_aad(((sss_user_impl_aead_t * ) context),(aadData),(aadDataLen)) -# define sss_host_aead_update(context,srcData,srcLen,destData,destLen) \ - sss_user_impl_aead_update(((sss_user_impl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) -# define sss_host_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ - sss_user_impl_aead_finish(((sss_user_impl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) -# define sss_host_aead_context_free(context) \ - sss_user_impl_aead_context_free(((sss_user_impl_aead_t * ) context)) - /* Host Call : mac */ -# define sss_host_mac_context_init(context,session,keyObject,algorithm,mode) \ - sss_user_impl_mac_context_init(((sss_user_impl_mac_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) -# define sss_host_mac_one_go(context,message,messageLen,mac,macLen) \ - sss_user_impl_mac_one_go(((sss_user_impl_mac_t * ) context),(message),(messageLen),(mac),(macLen)) -# define sss_host_mac_init(context) \ - sss_user_impl_mac_init(((sss_user_impl_mac_t * ) context)) -# define sss_host_mac_update(context,message,messageLen) \ - sss_user_impl_mac_update(((sss_user_impl_mac_t * ) context),(message),(messageLen)) -# define sss_host_mac_finish(context,mac,macLen) \ - sss_user_impl_mac_finish(((sss_user_impl_mac_t * ) context),(mac),(macLen)) -# define sss_host_mac_context_free(context) \ - sss_user_impl_mac_context_free(((sss_user_impl_mac_t * ) context)) - /* Host Call : md */ -# define sss_host_digest_context_init(context,session,algorithm,mode) \ - sss_user_impl_digest_context_init(((sss_user_impl_digest_t * ) context),((sss_user_impl_session_t * ) session),(algorithm),(mode)) -# define sss_host_digest_one_go(context,message,messageLen,digest,digestLen) \ - sss_user_impl_digest_one_go(((sss_user_impl_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) -# define sss_host_digest_init(context) \ - sss_user_impl_digest_init(((sss_user_impl_digest_t * ) context)) -# define sss_host_digest_update(context,message,messageLen) \ - sss_user_impl_digest_update(((sss_user_impl_digest_t * ) context),(message),(messageLen)) -# define sss_host_digest_finish(context,digest,digestLen) \ - sss_user_impl_digest_finish(((sss_user_impl_digest_t * ) context),(digest),(digestLen)) -# define sss_host_digest_context_free(context) \ - sss_user_impl_digest_context_free(((sss_user_impl_digest_t * ) context)) - /* Host Call : rng */ -# define sss_host_rng_context_init(context,session) \ - sss_user_impl_rng_context_init(((sss_user_impl_rng_context_t * ) context),((sss_user_impl_session_t * ) session)) -# define sss_host_rng_get_random(context,random_data,dataLen) \ - sss_user_impl_rng_get_random(((sss_user_impl_rng_context_t * ) context),(random_data),(dataLen)) -# define sss_host_rng_context_free(context) \ - sss_user_impl_rng_context_free(((sss_user_impl_rng_context_t * ) context)) - -/* clang-format on */ -#endif /* SSS_HAVE_HOSTCRYPTO_USER */ -#ifdef __cplusplus -} // extern "C" -#endif /* __cplusplus */ - -#endif /* fsl_sss_user_apis_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_types.h deleted file mode 100644 index 302c34e90..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_types.h +++ /dev/null @@ -1,144 +0,0 @@ -/* - * - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef SSS_APIS_INC_fsl_sss_user_types_H_ -#define SSS_APIS_INC_fsl_sss_user_types_H_ - -/* ************************************************************************** */ -/* Includes */ -/* ************************************************************************** */ - -#include - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_HOSTCRYPTO_USER - -/** - * @addtogroup sss_sw_host_impl - * @{ - */ - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ - -#define SSS_SUBSYSTEM_TYPE_IS_HOST(subsystem) (subsystem == kType_SSS_mbedTLS) - -#define SSS_SESSION_TYPE_IS_HOST(session) (session && SSS_SUBSYSTEM_TYPE_IS_HOST(session->subsystem)) - -#define SSS_KEY_STORE_TYPE_IS_HOST(keyStore) (keyStore && SSS_SESSION_TYPE_IS_HOST(keyStore->session)) - -#define SSS_OBJECT_TYPE_IS_HOST(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_HOST(pObject->keyStore)) - -#define SSS_SYMMETRIC_TYPE_IS_HOST(context) (context && SSS_SESSION_TYPE_IS_HOST(context->session)) - -#define SSS_RNG_CONTEXT_TYPE_IS_HOST(context) (context && SSS_SESSION_TYPE_IS_HOST(context->session)) - -/* ************************************************************************** */ -/* Structrues and Typedefs */ -/* ************************************************************************** */ - -struct _sss_user_impl_session; - -typedef struct _sss_user_impl_session -{ - /*! Indicates which security subsystem is selected to be used. */ - sss_type_t subsystem; - -} sss_user_impl_session_t; - -struct _sss_user_impl_object; - -typedef struct _sss_user_impl_key_store -{ - sss_user_impl_session_t *session; - -} sss_user_impl_key_store_t; - -typedef struct _sss_user_impl_object -{ - /*! key store holding the data and other properties */ - sss_user_impl_key_store_t *keyStore; - /*! Object types */ - uint32_t objectType; - uint32_t cipherType; - /*! Application specific key identifier. The keyId is kept in the key store - * along with the key data and other properties. */ - uint32_t keyId; -} sss_user_impl_object_t; - -typedef struct _sss_user_impl_derive_key -{ - sss_user_impl_session_t *session; - sss_user_impl_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ -} sss_user_impl_derive_key_t; - -typedef struct _sss_user_impl_asymmetric -{ - sss_user_impl_session_t *session; - sss_user_impl_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ -} sss_user_impl_asymmetric_t; - -typedef struct _sss_user_impl_symmetric -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_user_impl_session_t *session; - /*** Reference to key and it's properties. */ - sss_user_impl_object_t *keyObject; - sss_algorithm_t algorithm; - sss_mode_t mode; -} sss_user_impl_symmetric_t; - -typedef struct _sss_user_impl_mac -{ - sss_user_impl_session_t *session; - /*! Reference to key and it's properties. */ - sss_user_impl_object_t *keyObject; - sss_algorithm_t algorithm; /*! */ - sss_mode_t mode; /*! */ -} sss_user_impl_mac_t; - -typedef struct _sss_user_impl_digest -{ - /*! Virtual connection between application (user context) and specific - * security subsystem and function thereof. */ - sss_user_impl_session_t *session; - sss_algorithm_t algorithm; /*!< */ - sss_mode_t mode; /*!< */ - /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ - size_t digestFullLen; - /*! Implementation specific part */ -} sss_user_impl_digest_t; - -typedef struct -{ - sss_user_impl_session_t *session; - -} sss_user_impl_rng_context_t; - -/* ************************************************************************** */ -/* Global Variables */ -/* ************************************************************************** */ - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ - -/** @} */ - -#endif /* SSS_HAVE_HOSTCRYPTO_USER */ - -#endif /* SSS_APIS_INC_fsl_sss_user_types_H_ */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_asn1_der.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_asn1_der.h deleted file mode 100644 index ae83a08ca..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_asn1_der.h +++ /dev/null @@ -1,175 +0,0 @@ -/* -* -* Copyright 2018-2020 NXP -* SPDX-License-Identifier: Apache-2.0 -*/ - -#ifndef FSL_SSS_UTIL_ASN1_DER_H -#define FSL_SSS_UTIL_ASN1_DER_H - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#include - -/* ************************************************************************** */ -/* Defines */ -/* ************************************************************************** */ -#define ASN_TAG_INT 0x02 -#define ASN_TAG_SEQUENCE 0x30 -#define ASN_TAG_BITSTRING 0x03 -#define ASN_TAG_OCTETSTRING 0x04 -#define ASN_TAG_OBJ_IDF 0x06 -#define ASN_TAG_CNT_SPECIFIC 0xA1 -#define ASN_TAG_CNT_SPECIFIC_PRIMITIVE 0x80 -#define ASN_TAG_CRL_EXTENSIONS 0xA0 - -extern const uint8_t grsa1kPubHeader[]; -extern const uint8_t grsa1152PubHeader[]; -extern const uint8_t grsa2kPubHeader[]; -extern const uint8_t grsa3kPubHeader[]; -extern const uint8_t grsa4kPubHeader[]; -extern const uint8_t gecc_der_header_nist192[]; -extern const uint8_t gecc_der_header_nist224[]; -extern const uint8_t gecc_der_header_nist256[]; -extern const uint8_t gecc_der_header_nist384[]; -extern const uint8_t gecc_der_header_nist521[]; -extern const uint8_t gecc_der_header_160k[]; -extern const uint8_t gecc_der_header_192k[]; -extern const uint8_t gecc_der_header_224k[]; -extern const uint8_t gecc_der_header_256k[]; -extern const uint8_t gecc_der_header_bp160[]; -extern const uint8_t gecc_der_header_bp192[]; -extern const uint8_t gecc_der_header_bp224[]; -extern const uint8_t gecc_der_header_bp256[]; -extern const uint8_t gecc_der_header_bp320[]; -extern const uint8_t gecc_der_header_bp384[]; -extern const uint8_t gecc_der_header_bp512[]; -extern const uint8_t gecc_der_header_mont_dh_448[]; -extern const uint8_t gecc_der_header_mont_dh_25519[]; -extern const uint8_t gecc_der_header_twisted_ed_25519[]; - -extern const size_t der_ecc_nistp192_header_len; -extern const size_t der_ecc_nistp224_header_len; -extern const size_t der_ecc_nistp256_header_len; -extern const size_t der_ecc_nistp384_header_len; -extern const size_t der_ecc_nistp521_header_len; -extern const size_t der_ecc_160k_header_len; -extern const size_t der_ecc_192k_header_len; -extern const size_t der_ecc_224k_header_len; -extern const size_t der_ecc_256k_header_len; -extern const size_t der_ecc_bp160_header_len; -extern const size_t der_ecc_bp192_header_len; -extern const size_t der_ecc_bp224_header_len; -extern const size_t der_ecc_bp256_header_len; -extern const size_t der_ecc_bp320_header_len; -extern const size_t der_ecc_bp384_header_len; -extern const size_t der_ecc_bp512_header_len; -extern const size_t der_ecc_mont_dh_448_header_len; -extern const size_t der_ecc_mont_dh_25519_header_len; -extern const size_t der_ecc_twisted_ed_25519_header_len; - -/* ************************************************************************** */ -/* Functions */ -/* ************************************************************************** */ -/**/ -sss_status_t sss_util_asn1_rsa_parse_private(const uint8_t *key, - size_t keylen, - sss_cipher_type_t cipher_type, - uint8_t **modulus, - size_t *modlen, - uint8_t **pubExp, - size_t *pubExplen, - uint8_t **priExp, - size_t *priExplen, - uint8_t **prime1, - size_t *prime1len, - uint8_t **prime2, - size_t *prime2len, - uint8_t **exponent1, - size_t *exponent1len, - uint8_t **exponent2, - size_t *exponent2len, - uint8_t **coefficient, - size_t *coefficientlen); - -sss_status_t sss_util_asn1_rsa_parse_private_allow_invalid_key(const uint8_t *key, - size_t keylen, - sss_cipher_type_t cipher_type, - uint8_t **modulus, - size_t *modlen, - uint8_t **pubExp, - size_t *pubExplen, - uint8_t **priExp, - size_t *priExplen, - uint8_t **prime1, - size_t *prime1len, - uint8_t **prime2, - size_t *prime2len, - uint8_t **exponent1, - size_t *exponent1len, - uint8_t **exponent2, - size_t *exponent2len, - uint8_t **coefficient, - size_t *coefficientlen); - -sss_status_t sss_util_asn1_rsa_parse_public_nomalloc( - const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen); - -sss_status_t sss_util_asn1_rsa_parse_public_nomalloc_complete_modulus( - const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen); - -sss_status_t sss_util_asn1_rsa_parse_public( - const uint8_t *key, size_t keylen, uint8_t **modulus, size_t *modlen, uint8_t **pubExp, size_t *pubExplen); - -sss_status_t sss_util_asn1_rsa_get_public( - uint8_t *key, size_t *keylen, uint8_t *modulus, size_t modlen, uint8_t *pubExp, size_t pubExplen); - -#if SSS_HAVE_ECDAA -sss_status_t sss_util_asn1_ecdaa_get_signature( - uint8_t *signature, size_t *signatureLen, uint8_t *rawSignature, size_t rawSignatureLen); -#endif - -sss_status_t sss_util_asn1_get_oid_from_header(uint8_t *input, size_t inLen, uint32_t *output, uint8_t *outLen); - -sss_status_t sss_util_asn1_get_oid_from_sssObj(sss_object_t *pkeyObject, uint32_t *output, uint8_t *outLen); - -sss_status_t sss_util_pkcs8_asn1_get_ec_public_key_index( - const uint8_t *input, size_t inLen, uint16_t *outkeyIndex, size_t *publicKeyLen); - -sss_status_t sss_util_pkcs8_asn1_get_ec_pair_key_index(const uint8_t *input, - size_t inLen, - uint16_t *pubkeyIndex, - size_t *publicKeyLen, - uint16_t *prvkeyIndex, - size_t *privateKeyLen); - -sss_status_t sss_util_rfc8410_asn1_get_ec_pair_key_index(const uint8_t *input, - size_t inLen, - uint16_t *pubkeyIndex, - size_t *publicKeyLen, - uint16_t *prvkeyIndex, - size_t *privateKeyLen); - -int asn_1_parse_tlv(uint8_t *pbuf, size_t *taglen, size_t *bufindex); - -sss_status_t sss_util_asn1_rsa_parse_public_nomalloc( - const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen); - -sss_status_t sss_util_asn1_rsa_parse_public_nomalloc_complete_modulus( - const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen); - -sss_status_t sss_util_openssl_read_pkcs12( - const char *pkcs12_cert, const char *password, uint8_t *private_key, uint8_t *cert); - -sss_status_t sss_util_openssl_write_pkcs12(const char *pkcs12_cert, - const char *password, - const char *ref_key, - long ref_key_length, - const char *cert, - long cert_length); - -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_rsa_sign_utils.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_rsa_sign_utils.h deleted file mode 100644 index c78fd34b0..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_rsa_sign_utils.h +++ /dev/null @@ -1,28 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef FSL_SSS_UTIL_RSA_SIGN_H -#define FSL_SSS_UTIL_RSA_SIGN_H - -uint8_t pkcs1_v15_encode( - sss_se05x_asymmetric_t *context, const uint8_t *hash, size_t hashlen, uint8_t *out, size_t *outLen); - -uint8_t pkcs1_v15_encode_no_hash( - sss_se05x_asymmetric_t *context, const uint8_t *hash, size_t hashlen, uint8_t *out, size_t *outLen); - -uint8_t sss_mgf_mask_func(uint8_t *dst, - size_t dlen, - uint8_t *src, - size_t slen, - sss_algorithm_t sha_algorithm, - sss_se05x_asymmetric_t *context); - -uint8_t emsa_encode(sss_se05x_asymmetric_t *context, const uint8_t *hash, size_t hashlen, uint8_t *out, size_t *outLen); - -uint8_t emsa_decode_and_compare( - sss_se05x_asymmetric_t *context, uint8_t *sig, size_t siglen, uint8_t *hash, size_t hashlen); - -#endif diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.h deleted file mode 100644 index 69a324a2d..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.h +++ /dev/null @@ -1,12 +0,0 @@ -/* - * Copyright 2018-2020 NXP - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#include "fsl_sss_api.h" - -/* - * Set sss keystore for ecdsa verify - */ -void sss_mbedtls_set_sss_keystore(sss_key_store_t *ssskeystore); \ No newline at end of file diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecp_alt.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecp_alt.h deleted file mode 100644 index 88dcf2349..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecp_alt.h +++ /dev/null @@ -1,191 +0,0 @@ -/** - * \file ecp_alt.h - * - * \brief This file provides an API for Elliptic Curves over GF(P) (ECP). - * - * The use of ECP in cryptography and TLS is defined in - * Standards for Efficient Cryptography Group (SECG): SEC1 - * Elliptic Curve Cryptography and - * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites - * for Transport Layer Security (TLS). - * - * RFC-2409: The Internet Key Exchange (IKE) defines ECP - * group types. - * - */ - -/* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of Mbed TLS (https://tls.mbed.org) - */ - -#ifndef SSS_ECP_ALT_H_INCLUDED -#define SSS_ECP_ALT_H_INCLUDED - -/* clang-format off */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(MBEDTLS_ECP_ALT) - -#if SSS_HAVE_ALT_SSS -#include -#endif -#if SSS_HAVE_ALT_A71CH -#include "HLSETypes.h" -#endif - -/* - * default mbed TLS elliptic curve arithmetic implementation - * - * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an - * alternative implementation for the whole module and it will replace this - * one.) - */ - -/** - * \brief The ECP group structure. - * - * We consider two types of curve equations: - *
  • Short Weierstrass: y^2 = x^3 + A x + B mod P - * (SEC1 + RFC-4492)
    • - *
  • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, - * Curve448)
- * In both cases, the generator (\p G) for a prime-order subgroup is fixed. - * - * For Short Weierstrass, this subgroup is the whole curve, and its - * cardinality is denoted by \p N. Our code requires that \p N is an - * odd prime as mbedtls_ecp_mul() requires an odd number, and - * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. - * - * For Montgomery curves, we do not store \p A, but (A + 2) / 4, - * which is the quantity used in the formulas. Additionally, \p nbits is - * not the size of \p N but the required size for private keys. - * - * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. - * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the - * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer - * which is congruent mod \p P to the given MPI, and is close enough to \p pbits - * in size, so that it may be efficiently brought in the 0..P-1 range by a few - * additions or subtractions. Therefore, it is only an approximative modular - * reduction. It must return 0 on success and non-zero on failure. - * - */ -typedef struct -{ - mbedtls_ecp_group_id id; /*!< An internal group identifier. */ - mbedtls_mpi P; /*!< The prime modulus of the base field. */ - mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For - Montgomery curves: (A + 2) / 4. */ - mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. - For Montgomery curves: unused. */ - mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ - mbedtls_mpi N; /*!< The order of \p G. */ - size_t pbits; /*!< The number of bits in \p P.*/ - size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. - For Montgomery curves: the number of bits in the - private keys. */ - unsigned int h; /*!< \internal 1 if the constants are static. */ - int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction - mod \p P (see above).*/ - int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ - int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ - void *t_data; /*!< Unused. */ - mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */ - size_t T_size; /*!< The number of pre-computed points. */ - -#if SSS_HAVE_ALT_A71CH - /** Reference to object mapped between HLSE Layer of A71CH Host library */ - HLSE_OBJECT_HANDLE hlse_handle; -#endif -#if SSS_HAVE_ALT_SSS - /** Reference to object mapped between SSS Layer */ - sss_object_t* pSSSObject; - sss_key_store_t* hostKs; -#endif -} -mbedtls_ecp_group; - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in config.h, or define them using the compiler command line. - * \{ - */ - -#if !defined(MBEDTLS_ECP_MAX_BITS) -/** - * The maximum size of the groups, that is, of \c N and \c P. - */ -#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ -#endif - -#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) -#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) - -#if !defined(MBEDTLS_ECP_WINDOW_SIZE) -/* - * Maximum "window" size used for point multiplication. - * Default: 6. - * Minimum value: 2. Maximum value: 7. - * - * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) - * points used for point multiplication. This value is directly tied to EC - * peak memory usage, so decreasing it by one should roughly cut memory usage - * by two (if large curves are in use). - * - * Reduction in size may reduce speed, but larger curves are impacted first. - * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): - * w-size: 6 5 4 3 2 - * 521 145 141 135 120 97 - * 384 214 209 198 177 146 - * 256 320 320 303 262 226 - * 224 475 475 453 398 342 - * 192 640 640 633 587 476 - */ -#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */ -#endif /* MBEDTLS_ECP_WINDOW_SIZE */ - -#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) -/* - * Trade memory for speed on fixed-point multiplication. - * - * This speeds up repeated multiplication of the generator (that is, the - * multiplication in ECDSA signatures, and half of the multiplications in - * ECDSA verification and ECDHE) by a factor roughly 3 to 4. - * - * The cost is increasing EC peak memory usage by a factor roughly 2. - * - * Change this value to 0 to reduce peak memory usage. - */ -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ -#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ - -/* \} name SECTION: Module settings */ - -#endif /* MBEDTLS_ECP_ALT */ - -#ifdef __cplusplus -} -#endif - -/* clang-format on */ - -#endif /* SSS_ECP_ALT_H_INCLUDED */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/rsa_alt.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/rsa_alt.h deleted file mode 100644 index e7ba8da2b..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/rsa_alt.h +++ /dev/null @@ -1,86 +0,0 @@ -/** - * \file rsa.h - * - * \brief This file provides an API for the RSA public-key cryptosystem. - * - * The RSA public-key cryptosystem is defined in Public-Key - * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption - * and Public-Key Cryptography Standards (PKCS) #1 v2.1: - * RSA Cryptography Specifications. - * - */ -/* - * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved - * Copyright (C) 2019, NXP, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of Mbed TLS (https://tls.mbed.org) - */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_RSA_ALT) -#include - -typedef struct -{ - int ver; /*!< Always 0.*/ - size_t len; /*!< The size of \p N in Bytes. */ - - mbedtls_mpi N; /*!< The public modulus. */ - mbedtls_mpi E; /*!< The public exponent. */ - - mbedtls_mpi D; /*!< The private exponent. */ - mbedtls_mpi P; /*!< The first prime factor. */ - mbedtls_mpi Q; /*!< The second prime factor. */ - - mbedtls_mpi DP; /*!< D % (P - 1). */ - mbedtls_mpi DQ; /*!< D % (Q - 1). */ - mbedtls_mpi QP; /*!< 1 / (Q % P). */ - - mbedtls_mpi RN; /*!< cached R^2 mod N. */ - - mbedtls_mpi RP; /*!< cached R^2 mod P. */ - mbedtls_mpi RQ; /*!< cached R^2 mod Q. */ - - mbedtls_mpi Vi; /*!< The cached blinding value. */ - mbedtls_mpi Vf; /*!< The cached un-blinding value. */ - - int padding; /*!< Selects padding mode: - #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and - #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */ - int hash_id; /*!< Hash identifier of mbedtls_md_type_t type, - as specified in md.h for use in the MGF - mask generating function used in the - EME-OAEP and EMSA-PSS encodings. */ -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */ -#endif - - /** Reference to object mapped between SSS Layer */ - sss_object_t *pSSSObject; -} mbedtls_rsa_context; - -#endif /* MBEDTLS_RSA_ALT */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.h deleted file mode 100644 index a559e1900..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.h +++ /dev/null @@ -1,102 +0,0 @@ -/* - * - * Copyright 2018-2020 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -/** - * @par Description - * Implementation of key association between NXP Secure Element and mbedtls. - * @par History - * 1.0 30-jan-2018 : Initial version - * - *****************************************************************************/ - -#ifndef AX_MBEDTLS_H -#define AX_MBEDTLS_H - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#if SSS_HAVE_ALT_SSS -#include "sss_mbedtls.h" -#else -#include "ax_mbedtls.h" -#endif - -#include - -#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM -#include -#endif -#if SSS_HAVE_MBEDTLS -#include -#endif - -/** @ingroup ax_mbed_tls */ -/** @{ */ - -#include "fsl_sss_api.h" -#include "mbedtls/pk.h" -#include "mbedtls/ssl.h" - -/** - * @brief Associate a keypair provisioned in the secure element for - * subsequent operations. - * - * @param[out] pkey Pointer to the mbedtls_pk_context which will be - * associated with data corresponding to the key_index - * - * @param[in] pkeyObject The object that we are going to be use. - * - * @return 0 if successful, or 1 if unsuccessful - */ -int sss_mbedtls_associate_keypair(mbedtls_pk_context *pkey, sss_object_t *pkeyObject); - -/** - * @brief Associate a pubkey provisioned in the secure element for - * subsequent operations. - * - * @param[out] pkey Pointer to the mbedtls_pk_context which will be - * associated with data corresponding to the key index - * - * @param[in] pkeyObject The object that we are going to be use. - * - * @return 0 if successful, or 1 if unsuccessful - */ -int sss_mbedtls_associate_pubkey(mbedtls_pk_context *pkey, sss_object_t *pkeyObject); - -/** - * @brief Update ECDSA HandShake key with given inded. - * - * @param[in,out] handshake Pointer to the mbedtls_ssl_handshake_params which - * will be associated with data corresponding to the - * key index - * - * @param[in] pkeyObject The object that we are going to be use. - * - * @param[in] hostKs Keystore to host for session key. - * - * @return 0 if successful, or 1 if unsuccessful - */ - -int sss_mbedtls_associate_ecdhctx( - mbedtls_ssl_handshake_params *handshake, sss_object_t *pkeyObject, sss_key_store_t *hostKs); - -/** @} */ - -/** - * \brief This function frees the components of a key pair. Original implementation - * \param key The key pair to free. - */ -void mbedtls_ecp_keypair_free_o(mbedtls_ecp_keypair *key); - -/** - * same as ``mbedtls_ecp_tls_read_group`` - */ -int mbedtls_ecp_tls_read_group_o(mbedtls_ecp_group *grp, const unsigned char **buf, size_t len); - -#endif /* AX_MBEDTLS_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_x86_config.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_x86_config.h deleted file mode 100644 index a312a7970..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_x86_config.h +++ /dev/null @@ -1,3368 +0,0 @@ -/** - * \file sss_mbedtls_x86_config.h - * - * \brief Configuration options (set of defines) - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. - */ -/* - * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved - * Copyright 2020 NXP - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#ifndef MBEDTLS_CONFIG_X86_H -#define MBEDTLS_CONFIG_X86_H - -/* clang-format off */ - -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - -#ifdef CHECK_MEMORY - -#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) -#define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -#define MBEDTLS_PLATFORM_MEMORY - -void tstDoTraceAndFree( - const char * szWhat, - const char * szFunction, const unsigned int line, - void * pWhat ); - -void * tstDoTraceAndCalloc( - const char * szNUM, const char * szSize, - const char * szFunction, const unsigned int line, - const unsigned int num, const unsigned int size ); - -#define MBEDTLS_PLATFORM_FREE_MACRO(WHAT) \ - tstDoTraceAndFree(#WHAT, __FUNCTION__, __LINE__, WHAT ) -#define MBEDTLS_PLATFORM_CALLOC_MACRO(NUM, SIZE) \ - tstDoTraceAndCalloc(#NUM, #SIZE, __FUNCTION__, __LINE__, NUM, SIZE ) - -#define MBEDTLS_MEMORY_DEBUG -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C - -#endif /* CHECK_MEMORY */ - -/** - * \name SECTION: System support - * - * This section sets system specific settings. - * \{ - */ - -/** - * \def MBEDTLS_HAVE_ASM - * - * The compiler has support for asm(). - * - * Requires support for asm() in compiler. - * - * Used in: - * library/aria.c - * library/timing.c - * include/mbedtls/bn_mul.h - * - * Required by: - * MBEDTLS_AESNI_C - * MBEDTLS_PADLOCK_C - * - * Comment to disable the use of assembly code. - */ -#define MBEDTLS_HAVE_ASM - -/** - * \def MBEDTLS_NO_UDBL_DIVISION - * - * The platform lacks support for double-width integer division (64-bit - * division on a 32-bit platform, 128-bit division on a 64-bit platform). - * - * Used in: - * include/mbedtls/bignum.h - * library/bignum.c - * - * The bignum code uses double-width division to speed up some operations. - * Double-width division is often implemented in software that needs to - * be linked with the program. The presence of a double-width integer - * type is usually detected automatically through preprocessor macros, - * but the automatic detection cannot know whether the code needs to - * and can be linked with an implementation of division for that type. - * By default division is assumed to be usable if the type is present. - * Uncomment this option to prevent the use of double-width division. - * - * Note that division for the native integer type is always required. - * Furthermore, a 64-bit type is always required even on a 32-bit - * platform, but it need not support multiplication or division. In some - * cases it is also desirable to disable some double-width operations. For - * example, if double-width division is implemented in software, disabling - * it can reduce code size in some embedded targets. - */ -//#define MBEDTLS_NO_UDBL_DIVISION - -/** - * \def MBEDTLS_NO_64BIT_MULTIPLICATION - * - * The platform lacks support for 32x32 -> 64-bit multiplication. - * - * Used in: - * library/poly1305.c - * - * Some parts of the library may use multiplication of two unsigned 32-bit - * operands with a 64-bit result in order to speed up computations. On some - * platforms, this is not available in hardware and has to be implemented in - * software, usually in a library provided by the toolchain. - * - * Sometimes it is not desirable to have to link to that library. This option - * removes the dependency of that library on platforms that lack a hardware - * 64-bit multiplier by embedding a software implementation in Mbed TLS. - * - * Note that depending on the compiler, this may decrease performance compared - * to using the library function provided by the toolchain. - */ -//#define MBEDTLS_NO_64BIT_MULTIPLICATION - -/** - * \def MBEDTLS_HAVE_SSE2 - * - * CPU supports SSE2 instruction set. - * - * Uncomment if the CPU supports SSE2 (IA-32 specific). - */ -//#define MBEDTLS_HAVE_SSE2 - -/** - * \def MBEDTLS_HAVE_TIME - * - * System has time.h and time(). - * The time does not need to be correct, only time differences are used, - * by contrast with MBEDTLS_HAVE_TIME_DATE - * - * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, - * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and - * MBEDTLS_PLATFORM_STD_TIME. - * - * Comment if your system does not support time functions - */ -#define MBEDTLS_HAVE_TIME - -/** - * \def MBEDTLS_HAVE_TIME_DATE - * - * System has time.h, time(), and an implementation for - * mbedtls_platform_gmtime_r() (see below). - * The time needs to be correct (not necesarily very accurate, but at least - * the date should be correct). This is used to verify the validity period of - * X.509 certificates. - * - * Comment if your system does not have a correct clock. - * - * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that - * behaves similarly to the gmtime_r() function from the C standard. Refer to - * the documentation for mbedtls_platform_gmtime_r() for more information. - * - * \note It is possible to configure an implementation for - * mbedtls_platform_gmtime_r() at compile-time by using the macro - * MBEDTLS_PLATFORM_GMTIME_R_ALT. - */ -#define MBEDTLS_HAVE_TIME_DATE - -/** - * \def MBEDTLS_PLATFORM_MEMORY - * - * Enable the memory allocation layer. - * - * By default mbed TLS uses the system-provided calloc() and free(). - * This allows different allocators (self-implemented or provided) to be - * provided to the platform abstraction layer. - * - * Enabling MBEDTLS_PLATFORM_MEMORY without the - * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide - * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and - * free() function pointer at runtime. - * - * Enabling MBEDTLS_PLATFORM_MEMORY and specifying - * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the - * alternate function at compile time. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Enable this layer to allow use of alternative memory allocators. - */ -//#define MBEDTLS_PLATFORM_MEMORY - -/** - * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - * - * Do not assign standard functions in the platform layer (e.g. calloc() to - * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) - * - * This makes sure there are no linking errors on platforms that do not support - * these functions. You will HAVE to provide alternatives, either at runtime - * via the platform_set_xxx() functions or at compile time by setting - * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a - * MBEDTLS_PLATFORM_XXX_MACRO. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Uncomment to prevent default assignment of standard functions in the - * platform layer. - */ -//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - -/** - * \def MBEDTLS_PLATFORM_EXIT_ALT - * - * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the - * function in the platform abstraction layer. - * - * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will - * provide a function "mbedtls_platform_set_printf()" that allows you to set an - * alternative printf function pointer. - * - * All these define require MBEDTLS_PLATFORM_C to be defined! - * - * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; - * it will be enabled automatically by check_config.h - * - * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as - * MBEDTLS_PLATFORM_XXX_MACRO! - * - * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME - * - * Uncomment a macro to enable alternate implementation of specific base - * platform function - */ -//#define MBEDTLS_PLATFORM_EXIT_ALT -//#define MBEDTLS_PLATFORM_TIME_ALT -//#define MBEDTLS_PLATFORM_FPRINTF_ALT -//#define MBEDTLS_PLATFORM_PRINTF_ALT -//#define MBEDTLS_PLATFORM_SNPRINTF_ALT -//#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT - -/** - * \def MBEDTLS_DEPRECATED_WARNING - * - * Mark deprecated functions so that they generate a warning if used. - * Functions deprecated in one version will usually be removed in the next - * version. You can enable this to help you prepare the transition to a new - * major version by making sure your code is not using these functions. - * - * This only works with GCC and Clang. With other compilers, you may want to - * use MBEDTLS_DEPRECATED_REMOVED - * - * Uncomment to get warnings on using deprecated functions. - */ -//#define MBEDTLS_DEPRECATED_WARNING - -/** - * \def MBEDTLS_DEPRECATED_REMOVED - * - * Remove deprecated functions so that they generate an error if used. - * Functions deprecated in one version will usually be removed in the next - * version. You can enable this to help you prepare the transition to a new - * major version by making sure your code is not using these functions. - * - * Uncomment to get errors on using deprecated functions. - */ -//#define MBEDTLS_DEPRECATED_REMOVED - -/** - * \def MBEDTLS_CHECK_PARAMS - * - * This configuration option controls whether the library validates more of - * the parameters passed to it. - * - * When this flag is not defined, the library only attempts to validate an - * input parameter if: (1) they may come from the outside world (such as the - * network, the filesystem, etc.) or (2) not validating them could result in - * internal memory errors such as overflowing a buffer controlled by the - * library. On the other hand, it doesn't attempt to validate parameters whose - * values are fully controlled by the application (such as pointers). - * - * When this flag is defined, the library additionally attempts to validate - * parameters that are fully controlled by the application, and should always - * be valid if the application code is fully correct and trusted. - * - * For example, when a function accepts as input a pointer to a buffer that may - * contain untrusted data, and its documentation mentions that this pointer - * must not be NULL: - * - the pointer is checked to be non-NULL only if this option is enabled - * - the content of the buffer is always validated - * - * When this flag is defined, if a library function receives a parameter that - * is invalid, it will: - * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a - * call to the function mbedtls_param_failed() - * - immediately return (with a specific error code unless the function - * returns void and can't communicate an error). - * - * When defining this flag, you also need to: - * - either provide a definition of the function mbedtls_param_failed() in - * your application (see platform_util.h for its prototype) as the library - * calls that function, but does not provide a default definition for it, - * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() - * below if the above mechanism is not flexible enough to suit your needs. - * See the documentation of this macro later in this file. - * - * Uncomment to enable validation of application-controlled parameters. - */ -//#define MBEDTLS_CHECK_PARAMS - -/* \} name SECTION: System support */ - -/** - * \name SECTION: mbed TLS feature support - * - * This section sets support for features that are or are not needed - * within the modules that are enabled. - * \{ - */ - -/** - * \def MBEDTLS_TIMING_ALT - * - * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), - * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() - * - * Only works if you have MBEDTLS_TIMING_C enabled. - * - * You will need to provide a header "timing_alt.h" and an implementation at - * compile time. - */ -//#define MBEDTLS_TIMING_ALT - -/** - * \def MBEDTLS_AES_ALT - * - * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your - * alternate core implementation of a symmetric crypto, an arithmetic or hash - * module (e.g. platform specific assembly optimized implementations). Keep - * in mind that the function prototypes should remain the same. - * - * This replaces the whole module. If you only want to replace one of the - * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer - * provide the "struct mbedtls_aes_context" definition and omit the base - * function declarations and implementations. "aes_alt.h" will be included from - * "aes.h" to include the new function definitions. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * module. - * - * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their - * use constitutes a security risk. If possible, we recommend - * avoiding dependencies on them, and considering stronger message - * digests and ciphers instead. - * - */ -//#define MBEDTLS_AES_ALT -//#define MBEDTLS_ARC4_ALT -//#define MBEDTLS_ARIA_ALT -//#define MBEDTLS_BLOWFISH_ALT -//#define MBEDTLS_CAMELLIA_ALT -//#define MBEDTLS_CCM_ALT -//#define MBEDTLS_CHACHA20_ALT -//#define MBEDTLS_CHACHAPOLY_ALT -//#define MBEDTLS_CMAC_ALT -//#define MBEDTLS_DES_ALT -//#define MBEDTLS_DHM_ALT -//#define MBEDTLS_ECJPAKE_ALT -//#define MBEDTLS_GCM_ALT -//#define MBEDTLS_NIST_KW_ALT -//#define MBEDTLS_MD2_ALT -//#define MBEDTLS_MD4_ALT -//#define MBEDTLS_MD5_ALT -//#define MBEDTLS_POLY1305_ALT -//#define MBEDTLS_RIPEMD160_ALT -//#define MBEDTLS_RSA_ALT -//#define MBEDTLS_SHA1_ALT -//#define MBEDTLS_SHA256_ALT -//#define MBEDTLS_SHA512_ALT -//#define MBEDTLS_XTEA_ALT - -/* - * When replacing the elliptic curve module, pleace consider, that it is - * implemented with two .c files: - * - ecp.c - * - ecp_curves.c - * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT - * macros as described above. The only difference is that you have to make sure - * that you provide functionality for both .c files. - */ - -#if defined(SSS_HAVE_ALT) && (SSS_HAVE_ALT) -# define MBEDTLS_ECP_ALT -# define MBEDTLS_RSA_ALT -#endif /* SSS_HAVE_ALT */ -//#define MBEDTLS_ECP_ALT - - -/** - * - MBEDTLS_ECDSA_VERIFY_ALT - * To use SE for all public key ecdsa verify operation, enable MBEDTLS_ECDSA_VERIFY_ALT - */ - -#if defined(SSS_HAVE_ALT) && (SSS_HAVE_ALT) -# define MBEDTLS_ECDH_ALT -# define MBEDTLS_ECDH_GEN_PUBLIC_ALT -# define MBEDTLS_ECDH_COMPUTE_SHARED_ALT -//# define MBEDTLS_ECDSA_VERIFY_ALT -#endif /* SSS_HAVE_ALT */ -//#define MBEDTLS_ECDH_ALT - -/** - * \def MBEDTLS_MD2_PROCESS_ALT - * - * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you - * alternate core implementation of symmetric crypto or hash function. Keep in - * mind that function prototypes should remain the same. - * - * This replaces only one function. The header file from mbed TLS is still - * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will - * no longer provide the mbedtls_sha1_process() function, but it will still provide - * the other function (using your mbedtls_sha1_process() function) and the definition - * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible - * with this definition. - * - * \note Because of a signature change, the core AES encryption and decryption routines are - * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, - * respectively. When setting up alternative implementations, these functions should - * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * must stay untouched. - * - * \note If you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - * - * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use - * constitutes a security risk. If possible, we recommend avoiding - * dependencies on them, and considering stronger message digests - * and ciphers instead. - * - */ -//#define MBEDTLS_MD2_PROCESS_ALT -//#define MBEDTLS_MD4_PROCESS_ALT -//#define MBEDTLS_MD5_PROCESS_ALT -//#define MBEDTLS_RIPEMD160_PROCESS_ALT -//#define MBEDTLS_SHA1_PROCESS_ALT -//#define MBEDTLS_SHA256_PROCESS_ALT -//#define MBEDTLS_SHA512_PROCESS_ALT -//#define MBEDTLS_DES_SETKEY_ALT -//#define MBEDTLS_DES_CRYPT_ECB_ALT -//#define MBEDTLS_DES3_CRYPT_ECB_ALT -//#define MBEDTLS_AES_SETKEY_ENC_ALT -//#define MBEDTLS_AES_SETKEY_DEC_ALT -//#define MBEDTLS_AES_ENCRYPT_ALT -//#define MBEDTLS_AES_DECRYPT_ALT -//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT -//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT -//#define MBEDTLS_ECDSA_VERIFY_ALT -//#define MBEDTLS_ECDSA_SIGN_ALT -//#define MBEDTLS_ECDSA_GENKEY_ALT - -/** - * \def MBEDTLS_ECP_INTERNAL_ALT - * - * Expose a part of the internal interface of the Elliptic Curve Point module. - * - * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your - * alternative core implementation of elliptic curve arithmetic. Keep in mind - * that function prototypes should remain the same. - * - * This partially replaces one function. The header file from mbed TLS is still - * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation - * is still present and it is used for group structures not supported by the - * alternative. - * - * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT - * and implementing the following functions: - * unsigned char mbedtls_internal_ecp_grp_capable( - * const mbedtls_ecp_group *grp ) - * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) - * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) - * The mbedtls_internal_ecp_grp_capable function should return 1 if the - * replacement functions implement arithmetic for the given group and 0 - * otherwise. - * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are - * called before and after each point operation and provide an opportunity to - * implement optimized set up and tear down instructions. - * - * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and - * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac - * function, but will use your mbedtls_internal_ecp_double_jac if the group is - * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when - * receives it as an argument). If the group is not supported then the original - * implementation is used. The other functions and the definition of - * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your - * implementation of mbedtls_internal_ecp_double_jac and - * mbedtls_internal_ecp_grp_capable must be compatible with this definition. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - */ -/* Required for all the functions in this section */ -//#define MBEDTLS_ECP_INTERNAL_ALT -/* Support for Weierstrass curves with Jacobi representation */ -//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT -//#define MBEDTLS_ECP_ADD_MIXED_ALT -//#define MBEDTLS_ECP_DOUBLE_JAC_ALT -//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT -//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT -/* Support for curves with Montgomery arithmetic */ -//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT -//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT -//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT - -/** - * \def MBEDTLS_TEST_NULL_ENTROPY - * - * Enables testing and use of mbed TLS without any configured entropy sources. - * This permits use of the library on platforms before an entropy source has - * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the - * MBEDTLS_ENTROPY_NV_SEED switches). - * - * WARNING! This switch MUST be disabled in production builds, and is suitable - * only for development. - * Enabling the switch negates any security provided by the library. - * - * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - * - */ -//#define MBEDTLS_TEST_NULL_ENTROPY - -/** - * \def MBEDTLS_ENTROPY_HARDWARE_ALT - * - * Uncomment this macro to let mbed TLS use your own implementation of a - * hardware entropy collector. - * - * Your function must be called \c mbedtls_hardware_poll(), have the same - * prototype as declared in entropy_poll.h, and accept NULL as first argument. - * - * Uncomment to use your own hardware entropy collector. - */ -//#define MBEDTLS_ENTROPY_HARDWARE_ALT - -/** - * \def MBEDTLS_AES_ROM_TABLES - * - * Use precomputed AES tables stored in ROM. - * - * Uncomment this macro to use precomputed AES tables stored in ROM. - * Comment this macro to generate AES tables in RAM at runtime. - * - * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb - * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the - * initialization time before the first AES operation can be performed. - * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c - * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded - * performance if ROM access is slower than RAM access. - * - * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. - * - */ -//#define MBEDTLS_AES_ROM_TABLES - -/** - * \def MBEDTLS_AES_FEWER_TABLES - * - * Use less ROM/RAM for AES tables. - * - * Uncommenting this macro omits 75% of the AES tables from - * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) - * by computing their values on the fly during operations - * (the tables are entry-wise rotations of one another). - * - * Tradeoff: Uncommenting this reduces the RAM / ROM footprint - * by ~6kb but at the cost of more arithmetic operations during - * runtime. Specifically, one has to compare 4 accesses within - * different tables to 4 accesses with additional arithmetic - * operations within the same table. The performance gain/loss - * depends on the system and memory details. - * - * This option is independent of \c MBEDTLS_AES_ROM_TABLES. - * - */ -//#define MBEDTLS_AES_FEWER_TABLES - -/** - * \def MBEDTLS_CAMELLIA_SMALL_MEMORY - * - * Use less ROM for the Camellia implementation (saves about 768 bytes). - * - * Uncomment this macro to use less memory for Camellia. - */ -//#define MBEDTLS_CAMELLIA_SMALL_MEMORY - -/** - * \def MBEDTLS_CIPHER_MODE_CBC - * - * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CBC - -/** - * \def MBEDTLS_CIPHER_MODE_CFB - * - * Enable Cipher Feedback mode (CFB) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CFB - -/** - * \def MBEDTLS_CIPHER_MODE_CTR - * - * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_CTR - -/** - * \def MBEDTLS_CIPHER_MODE_OFB - * - * Enable Output Feedback mode (OFB) for symmetric ciphers. - */ -#define MBEDTLS_CIPHER_MODE_OFB - -/** - * \def MBEDTLS_CIPHER_MODE_XTS - * - * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. - */ -#define MBEDTLS_CIPHER_MODE_XTS - -/** - * \def MBEDTLS_CIPHER_NULL_CIPHER - * - * Enable NULL cipher. - * Warning: Only do so when you know what you are doing. This allows for - * encryption or channels without any security! - * - * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable - * the following ciphersuites: - * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_WITH_NULL_SHA - * MBEDTLS_TLS_RSA_WITH_NULL_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA - * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 - * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 - * MBEDTLS_TLS_PSK_WITH_NULL_SHA - * - * Uncomment this macro to enable the NULL cipher and ciphersuites - */ -//#define MBEDTLS_CIPHER_NULL_CIPHER - -/** - * \def MBEDTLS_CIPHER_PADDING_PKCS7 - * - * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for - * specific padding modes in the cipher layer with cipher modes that support - * padding (e.g. CBC) - * - * If you disable all padding modes, only full blocks can be used with CBC. - * - * Enable padding modes in the cipher layer. - */ -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CIPHER_PADDING_ZEROS - -/** - * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES - * - * Enable weak ciphersuites in SSL / TLS. - * Warning: Only do so when you know what you are doing. This allows for - * channels with virtually no security at all! - * - * This enables the following ciphersuites: - * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA - * - * Uncomment this macro to enable weak ciphersuites - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers instead. - */ -//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES - -/** - * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES - * - * Remove RC4 ciphersuites by default in SSL / TLS. - * This flag removes the ciphersuites based on RC4 from the default list as - * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to - * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them - * explicitly. - * - * Uncomment this macro to remove RC4 ciphersuites by default. - */ -#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES - -/** - * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES - * - * Remove 3DES ciphersuites by default in SSL / TLS. - * This flag removes the ciphersuites based on 3DES from the default list as - * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible - * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including - * them explicitly. - * - * A man-in-the-browser attacker can recover authentication tokens sent through - * a TLS connection using a 3DES based cipher suite (see "On the Practical - * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan - * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls - * in your threat model or you are unsure, then you should keep this option - * enabled to remove 3DES based cipher suites. - * - * Comment this macro to keep 3DES in the default ciphersuite list. - */ -#define MBEDTLS_REMOVE_3DES_CIPHERSUITES - -/** - * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED - * - * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve - * module. By default all supported curves are enabled. - * - * Comment macros to disable the curve and functions for it - */ -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE448_ENABLED - -#ifdef TGT_A71CH -# undef MBEDTLS_ECP_DP_SECP192R1_ENABLED -# undef MBEDTLS_ECP_DP_SECP224R1_ENABLED -# undef MBEDTLS_ECP_DP_SECP384R1_ENABLED -# undef MBEDTLS_ECP_DP_SECP521R1_ENABLED -# undef MBEDTLS_ECP_DP_SECP192K1_ENABLED -# undef MBEDTLS_ECP_DP_SECP224K1_ENABLED -# undef MBEDTLS_ECP_DP_SECP256K1_ENABLED -# undef MBEDTLS_ECP_DP_BP256R1_ENABLED -# undef MBEDTLS_ECP_DP_BP384R1_ENABLED -# undef MBEDTLS_ECP_DP_BP512R1_ENABLED -# undef MBEDTLS_ECP_DP_CURVE25519_ENABLED -# undef MBEDTLS_ECP_DP_CURVE448_ENABLED -#endif - - -/** - * \def MBEDTLS_ECP_NIST_OPTIM - * - * Enable specific 'modulo p' routines for each NIST prime. - * Depending on the prime and architecture, makes operations 4 to 8 times - * faster on the corresponding curve. - * - * Comment this macro to disable NIST curves optimisation. - */ -#define MBEDTLS_ECP_NIST_OPTIM - -/** - * \def MBEDTLS_ECP_RESTARTABLE - * - * Enable "non-blocking" ECC operations that can return early and be resumed. - * - * This allows various functions to pause by returning - * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in - * order to further progress and eventually complete their operation. This is - * controlled through mbedtls_ecp_set_max_ops() which limits the maximum - * number of ECC operations a function may perform before pausing; see - * mbedtls_ecp_set_max_ops() for more information. - * - * This is useful in non-threaded environments if you want to avoid blocking - * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. - * - * Uncomment this macro to enable restartable ECC computations. - * - * \note This option only works with the default software implementation of - * elliptic curve functionality. It is incompatible with - * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT. - */ -//#define MBEDTLS_ECP_RESTARTABLE - -/** - * \def MBEDTLS_ECDSA_DETERMINISTIC - * - * Enable deterministic ECDSA (RFC 6979). - * Standard ECDSA is "fragile" in the sense that lack of entropy when signing - * may result in a compromise of the long-term signing key. This is avoided by - * the deterministic variant. - * - * Requires: MBEDTLS_HMAC_DRBG_C - * - * Comment this macro to disable deterministic ECDSA. - */ -#define MBEDTLS_ECDSA_DETERMINISTIC - -/** - * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - * - * Enable the PSK based ciphersuite modes in SSL / TLS. - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - * - * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - * - * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - * - * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - * - * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - * - * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - * - * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - * - * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - * - * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - * - * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Requires: MBEDTLS_ECJPAKE_C - * MBEDTLS_SHA256_C - * MBEDTLS_ECP_DP_SECP256R1_ENABLED - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 - */ -//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - -/** - * \def MBEDTLS_PK_PARSE_EC_EXTENDED - * - * Enhance support for reading EC keys using variants of SEC1 not allowed by - * RFC 5915 and RFC 5480. - * - * Currently this means parsing the SpecifiedECDomain choice of EC - * parameters (only known groups are supported, not arbitrary domains, to - * avoid validation issues). - * - * Disable if you only need to support RFC 5915 + 5480 key formats. - */ -#define MBEDTLS_PK_PARSE_EC_EXTENDED - -/** - * \def MBEDTLS_ERROR_STRERROR_DUMMY - * - * Enable a dummy error function to make use of mbedtls_strerror() in - * third party libraries easier when MBEDTLS_ERROR_C is disabled - * (no effect when MBEDTLS_ERROR_C is enabled). - * - * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're - * not using mbedtls_strerror() or error_strerror() in your application. - * - * Disable if you run into name conflicts and want to really remove the - * mbedtls_strerror() - */ -#define MBEDTLS_ERROR_STRERROR_DUMMY - -/** - * \def MBEDTLS_GENPRIME - * - * Enable the prime-number generation code. - * - * Requires: MBEDTLS_BIGNUM_C - */ -#define MBEDTLS_GENPRIME - -/** - * \def MBEDTLS_FS_IO - * - * Enable functions that use the filesystem. - */ -#define MBEDTLS_FS_IO - -/** - * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - * - * Do not add default entropy sources. These are the platform specific, - * mbedtls_timing_hardclock and HAVEGE based poll functions. - * - * This is useful to have more control over the added entropy sources in an - * application. - * - * Uncomment this macro to prevent loading of default entropy functions. - */ -//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - -/** - * \def MBEDTLS_NO_PLATFORM_ENTROPY - * - * Do not use built-in platform entropy functions. - * This is useful if your platform does not support - * standards like the /dev/urandom or Windows CryptoAPI. - * - * Uncomment this macro to disable the built-in platform entropy functions. - */ -//#define MBEDTLS_NO_PLATFORM_ENTROPY - -/** - * \def MBEDTLS_ENTROPY_FORCE_SHA256 - * - * Force the entropy accumulator to use a SHA-256 accumulator instead of the - * default SHA-512 based one (if both are available). - * - * Requires: MBEDTLS_SHA256_C - * - * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option - * if you have performance concerns. - * - * This option is only useful if both MBEDTLS_SHA256_C and - * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. - */ -//#define MBEDTLS_ENTROPY_FORCE_SHA256 - -/** - * \def MBEDTLS_ENTROPY_NV_SEED - * - * Enable the non-volatile (NV) seed file-based entropy source. - * (Also enables the NV seed read/write functions in the platform layer) - * - * This is crucial (if not required) on systems that do not have a - * cryptographic entropy source (in hardware or kernel) available. - * - * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C - * - * \note The read/write functions that are used by the entropy source are - * determined in the platform layer, and can be modified at runtime and/or - * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. - * - * \note If you use the default implementation functions that read a seedfile - * with regular fopen(), please make sure you make a seedfile with the - * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at - * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from - * and written to or you will get an entropy source error! The default - * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE - * bytes from the file. - * - * \note The entropy collector will write to the seed file before entropy is - * given to an external source, to update it. - */ -//#define MBEDTLS_ENTROPY_NV_SEED - -/** - * \def MBEDTLS_MEMORY_DEBUG - * - * Enable debugging of buffer allocator memory issues. Automatically prints - * (to stderr) all (fatal) messages on memory allocation issues. Enables - * function for 'debug output' of allocated memory. - * - * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Uncomment this macro to let the buffer allocator print out error messages. - */ -//#define MBEDTLS_MEMORY_DEBUG - -/** - * \def MBEDTLS_MEMORY_BACKTRACE - * - * Include backtrace information with each allocated block. - * - * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C - * GLIBC-compatible backtrace() an backtrace_symbols() support - * - * Uncomment this macro to include backtrace information - */ -//#define MBEDTLS_MEMORY_BACKTRACE - -/** - * \def MBEDTLS_PK_RSA_ALT_SUPPORT - * - * Support external private RSA keys (eg from a HSM) in the PK layer. - * - * Comment this macro to disable support for external private RSA keys. - */ -#define MBEDTLS_PK_RSA_ALT_SUPPORT - -/** - * \def MBEDTLS_PKCS1_V15 - * - * Enable support for PKCS#1 v1.5 encoding. - * - * Requires: MBEDTLS_RSA_C - * - * This enables support for PKCS#1 v1.5 operations. - */ -#define MBEDTLS_PKCS1_V15 - -/** - * \def MBEDTLS_PKCS1_V21 - * - * Enable support for PKCS#1 v2.1 encoding. - * - * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C - * - * This enables support for RSAES-OAEP and RSASSA-PSS operations. - */ -#define MBEDTLS_PKCS1_V21 - -/** - * \def MBEDTLS_RSA_NO_CRT - * - * Do not use the Chinese Remainder Theorem - * for the RSA private operation. - * - * Uncomment this macro to disable the use of CRT in RSA. - * - */ -//#define MBEDTLS_RSA_NO_CRT - -/** - * \def MBEDTLS_SELF_TEST - * - * Enable the checkup functions (*_self_test). - */ -//#define MBEDTLS_SELF_TEST - -/** - * \def MBEDTLS_SHA256_SMALLER - * - * Enable an implementation of SHA-256 that has lower ROM footprint but also - * lower performance. - * - * The default implementation is meant to be a reasonnable compromise between - * performance and size. This version optimizes more aggressively for size at - * the expense of performance. Eg on Cortex-M4 it reduces the size of - * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about - * 30%. - * - * Uncomment to enable the smaller implementation of SHA256. - */ -//#define MBEDTLS_SHA256_SMALLER - -/** - * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES - * - * Enable sending of alert messages in case of encountered errors as per RFC. - * If you choose not to send the alert messages, mbed TLS can still communicate - * with other servers, only debugging of failures is harder. - * - * The advantage of not sending alert messages, is that no information is given - * about reasons for failures thus preventing adversaries of gaining intel. - * - * Enable sending of all alert messages - */ -#define MBEDTLS_SSL_ALL_ALERT_MESSAGES - -/** - * \def MBEDTLS_SSL_ASYNC_PRIVATE - * - * Enable asynchronous external private key operations in SSL. This allows - * you to configure an SSL connection to call an external cryptographic - * module to perform private key operations instead of performing the - * operation inside the library. - * - */ -//#define MBEDTLS_SSL_ASYNC_PRIVATE - -/** - * \def MBEDTLS_SSL_DEBUG_ALL - * - * Enable the debug messages in SSL module for all issues. - * Debug messages have been disabled in some places to prevent timing - * attacks due to (unbalanced) debugging function calls. - * - * If you need all error reporting you should enable this during debugging, - * but remove this for production servers that should log as well. - * - * Uncomment this macro to report all debug messages on errors introducing - * a timing side-channel. - * - */ -//#define MBEDTLS_SSL_DEBUG_ALL - -/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC - * - * Enable support for Encrypt-then-MAC, RFC 7366. - * - * This allows peers that both support it to use a more robust protection for - * ciphersuites using CBC, providing deep resistance against timing attacks - * on the padding or underlying cipher. - * - * This only affects CBC ciphersuites, and is useless if none is defined. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Encrypt-then-MAC - */ -#define MBEDTLS_SSL_ENCRYPT_THEN_MAC - -/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET - * - * Enable support for Extended Master Secret, aka Session Hash - * (draft-ietf-tls-session-hash-02). - * - * This was introduced as "the proper fix" to the Triple Handshake familiy of - * attacks, but it is recommended to always use it (even if you disable - * renegotiation), since it actually fixes a more fundamental issue in the - * original SSL/TLS design, and has implications beyond Triple Handshake. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for Extended Master Secret. - */ -#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET - -/** - * \def MBEDTLS_SSL_FALLBACK_SCSV - * - * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). - * - * For servers, it is recommended to always enable this, unless you support - * only one version of TLS, or know for sure that none of your clients - * implements a fallback strategy. - * - * For clients, you only need this if you're using a fallback strategy, which - * is not recommended in the first place, unless you absolutely need it to - * interoperate with buggy (version-intolerant) servers. - * - * Comment this macro to disable support for FALLBACK_SCSV - */ -#define MBEDTLS_SSL_FALLBACK_SCSV - -/** - * \def MBEDTLS_SSL_HW_RECORD_ACCEL - * - * Enable hooking functions in SSL module for hardware acceleration of - * individual records. - * - * Uncomment this macro to enable hooking functions. - */ -//#define MBEDTLS_SSL_HW_RECORD_ACCEL - -/** - * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING - * - * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. - * - * This is a countermeasure to the BEAST attack, which also minimizes the risk - * of interoperability issues compared to sending 0-length records. - * - * Comment this macro to disable 1/n-1 record splitting. - */ -#define MBEDTLS_SSL_CBC_RECORD_SPLITTING - -/** - * \def MBEDTLS_SSL_RENEGOTIATION - * - * Enable support for TLS renegotiation. - * - * The two main uses of renegotiation are (1) refresh keys on long-lived - * connections and (2) client authentication after the initial handshake. - * If you don't need renegotiation, it's probably better to disable it, since - * it has been associated with security issues in the past and is easy to - * misuse/misunderstand. - * - * Comment this to disable support for renegotiation. - * - * \note Even if this option is disabled, both client and server are aware - * of the Renegotiation Indication Extension (RFC 5746) used to - * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). - * (See \c mbedtls_ssl_conf_legacy_renegotiation for the - * configuration of this extension). - * - */ -#define MBEDTLS_SSL_RENEGOTIATION - -/** - * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO - * - * Enable support for receiving and parsing SSLv2 Client Hello messages for the - * SSL Server module (MBEDTLS_SSL_SRV_C). - * - * Uncomment this macro to enable support for SSLv2 Client Hello messages. - */ -//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO - -/** - * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - * - * Pick the ciphersuite according to the client's preferences rather than ours - * in the SSL Server module (MBEDTLS_SSL_SRV_C). - * - * Uncomment this macro to respect client's ciphersuite order - */ -//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - -/** - * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - * - * Enable support for RFC 6066 max_fragment_length extension in SSL. - * - * Comment this macro to disable support for the max_fragment_length extension - */ -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH - -/** - * \def MBEDTLS_SSL_PROTO_SSL3 - * - * Enable support for SSL 3.0. - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for SSL 3.0 - */ -//#define MBEDTLS_SSL_PROTO_SSL3 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1 - * - * Enable support for TLS 1.0. - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.0 - */ -#define MBEDTLS_SSL_PROTO_TLS1 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_1 - * - * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 - */ -#define MBEDTLS_SSL_PROTO_TLS1_1 - -/** - * \def MBEDTLS_SSL_PROTO_TLS1_2 - * - * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). - * - * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C - * (Depends on ciphersuites) - * - * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 - */ -#define MBEDTLS_SSL_PROTO_TLS1_2 - -/** - * \def MBEDTLS_SSL_PROTO_DTLS - * - * Enable support for DTLS (all available versions). - * - * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, - * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. - * - * Requires: MBEDTLS_SSL_PROTO_TLS1_1 - * or MBEDTLS_SSL_PROTO_TLS1_2 - * - * Comment this macro to disable support for DTLS - */ -#define MBEDTLS_SSL_PROTO_DTLS - -/** - * \def MBEDTLS_SSL_ALPN - * - * Enable support for RFC 7301 Application Layer Protocol Negotiation. - * - * Comment this macro to disable support for ALPN. - */ -#define MBEDTLS_SSL_ALPN - -/** - * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY - * - * Enable support for the anti-replay mechanism in DTLS. - * - * Requires: MBEDTLS_SSL_TLS_C - * MBEDTLS_SSL_PROTO_DTLS - * - * \warning Disabling this is often a security risk! - * See mbedtls_ssl_conf_dtls_anti_replay() for details. - * - * Comment this to disable anti-replay in DTLS. - */ -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY - -/** - * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Enable support for HelloVerifyRequest on DTLS servers. - * - * This feature is highly recommended to prevent DTLS servers being used as - * amplifiers in DoS attacks against other hosts. It should always be enabled - * unless you know for sure amplification cannot be a problem in the - * environment in which your server operates. - * - * \warning Disabling this can ba a security risk! (see above) - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - * - * Comment this to disable support for HelloVerifyRequest. - */ -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY - -/** - * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - * - * Enable server-side support for clients that reconnect from the same port. - * - * Some clients unexpectedly close the connection and try to reconnect using the - * same source port. This needs special support from the server to handle the - * new connection securely, as described in section 4.2.8 of RFC 6347. This - * flag enables that support. - * - * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY - * - * Comment this to disable support for clients reusing the source port. - */ -#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE - -/** - * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT - * - * Enable support for a limit of records with bad MAC. - * - * See mbedtls_ssl_conf_dtls_badmac_limit(). - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - */ -#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT - -/** - * \def MBEDTLS_SSL_SESSION_TICKETS - * - * Enable support for RFC 5077 session tickets in SSL. - * Client-side, provides full support for session tickets (maintainance of a - * session store remains the responsibility of the application, though). - * Server-side, you also need to provide callbacks for writing and parsing - * tickets, including authenticated encryption and key management. Example - * callbacks are provided by MBEDTLS_SSL_TICKET_C. - * - * Comment this macro to disable support for SSL session tickets - */ -#define MBEDTLS_SSL_SESSION_TICKETS - -/** - * \def MBEDTLS_SSL_EXPORT_KEYS - * - * Enable support for exporting key block and master secret. - * This is required for certain users of TLS, e.g. EAP-TLS. - * - * Comment this macro to disable support for key export - */ -#define MBEDTLS_SSL_EXPORT_KEYS - -/** - * \def MBEDTLS_SSL_SERVER_NAME_INDICATION - * - * Enable support for RFC 6066 server name indication (SNI) in SSL. - * - * Requires: MBEDTLS_X509_CRT_PARSE_C - * - * Comment this macro to disable support for server name indication in SSL - */ -#define MBEDTLS_SSL_SERVER_NAME_INDICATION - -/** - * \def MBEDTLS_SSL_TRUNCATED_HMAC - * - * Enable support for RFC 6066 truncated HMAC in SSL. - * - * Comment this macro to disable support for truncated HMAC in SSL - */ -#define MBEDTLS_SSL_TRUNCATED_HMAC - -/** - * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT - * - * Fallback to old (pre-2.7), non-conforming implementation of the truncated - * HMAC extension which also truncates the HMAC key. Note that this option is - * only meant for a transitory upgrade period and is likely to be removed in - * a future version of the library. - * - * \warning The old implementation is non-compliant and has a security weakness - * (2^80 brute force attack on the HMAC key used for a single, - * uninterrupted connection). This should only be enabled temporarily - * when (1) the use of truncated HMAC is essential in order to save - * bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use - * the fixed implementation yet (pre-2.7). - * - * \deprecated This option is deprecated and will likely be removed in a - * future version of Mbed TLS. - * - * Uncomment to fallback to old, non-compliant truncated HMAC implementation. - * - * Requires: MBEDTLS_SSL_TRUNCATED_HMAC - */ -//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT - -/** - * \def MBEDTLS_THREADING_ALT - * - * Provide your own alternate threading implementation. - * - * Requires: MBEDTLS_THREADING_C - * - * Uncomment this to allow your own alternate threading implementation. - */ -//#define MBEDTLS_THREADING_ALT - -/** - * \def MBEDTLS_THREADING_PTHREAD - * - * Enable the pthread wrapper layer for the threading layer. - * - * Requires: MBEDTLS_THREADING_C - * - * Uncomment this to enable pthread mutexes. - */ -//#define MBEDTLS_THREADING_PTHREAD - -/** - * \def MBEDTLS_VERSION_FEATURES - * - * Allow run-time checking of compile-time enabled features. Thus allowing users - * to check at run-time if the library is for instance compiled with threading - * support via mbedtls_version_check_feature(). - * - * Requires: MBEDTLS_VERSION_C - * - * Comment this to disable run-time checking and save ROM space - */ -#define MBEDTLS_VERSION_FEATURES - -/** - * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an extension in a v1 or v2 certificate. - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - -/** - * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an unknown critical extension. - * - * \warning Depending on your PKI use, enabling this can be a security risk! - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - -/** - * \def MBEDTLS_X509_CHECK_KEY_USAGE - * - * Enable verification of the keyUsage extension (CA and leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused - * (intermediate) CA and leaf certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip keyUsage checking for both CA and leaf certificates. - */ -#define MBEDTLS_X509_CHECK_KEY_USAGE - -/** - * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - * - * Enable verification of the extendedKeyUsage extension (leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip extendedKeyUsage checking for certificates. - */ -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - -/** - * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT - * - * Enable parsing and verification of X.509 certificates, CRLs and CSRS - * signed with RSASSA-PSS (aka PKCS#1 v2.1). - * - * Comment this macro to disallow using RSASSA-PSS in certificates. - */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT - -/** - * \def MBEDTLS_ZLIB_SUPPORT - * - * If set, the SSL/TLS module uses ZLIB to support compression and - * decompression of packet data. - * - * \warning TLS-level compression MAY REDUCE SECURITY! See for example the - * CRIME attack. Before enabling this option, you should examine with care if - * CRIME or similar exploits may be a applicable to your use case. - * - * \note Currently compression can't be used with DTLS. - * - * \deprecated This feature is deprecated and will be removed - * in the next major revision of the library. - * - * Used in: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * This feature requires zlib library and headers to be present. - * - * Uncomment to enable use of ZLIB - */ -//#define MBEDTLS_ZLIB_SUPPORT -/* \} name SECTION: mbed TLS feature support */ - -/** - * \name SECTION: mbed TLS modules - * - * This section enables or disables entire modules in mbed TLS - * \{ - */ - -/** - * \def MBEDTLS_AESNI_C - * - * Enable AES-NI support on x86-64. - * - * Module: library/aesni.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the AES-NI instructions on x86-64 - */ -#define MBEDTLS_AESNI_C - -/** - * \def MBEDTLS_AES_C - * - * Enable the AES block cipher. - * - * Module: library/aes.c - * Caller: library/cipher.c - * library/pem.c - * library/ctr_drbg.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * - * PEM_PARSE uses AES for decrypting encrypted keys. - */ -#define MBEDTLS_AES_C - -/** - * \def MBEDTLS_ARC4_C - * - * Enable the ARCFOUR stream cipher. - * - * Module: library/arc4.c - * Caller: library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA - * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 - * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA - * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA - * - * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. If possible, we recommend avoidng dependencies on - * it, and considering stronger ciphers instead. - * - */ -#define MBEDTLS_ARC4_C - -/** - * \def MBEDTLS_ASN1_PARSE_C - * - * Enable the generic ASN1 parser. - * - * Module: library/asn1.c - * Caller: library/x509.c - * library/dhm.c - * library/pkcs12.c - * library/pkcs5.c - * library/pkparse.c - */ -#define MBEDTLS_ASN1_PARSE_C - -/** - * \def MBEDTLS_ASN1_WRITE_C - * - * Enable the generic ASN1 writer. - * - * Module: library/asn1write.c - * Caller: library/ecdsa.c - * library/pkwrite.c - * library/x509_create.c - * library/x509write_crt.c - * library/x509write_csr.c - */ -#define MBEDTLS_ASN1_WRITE_C - -/** - * \def MBEDTLS_BASE64_C - * - * Enable the Base64 module. - * - * Module: library/base64.c - * Caller: library/pem.c - * - * This module is required for PEM support (required by X.509). - */ -#define MBEDTLS_BASE64_C - -/** - * \def MBEDTLS_BIGNUM_C - * - * Enable the multi-precision integer library. - * - * Module: library/bignum.c - * Caller: library/dhm.c - * library/ecp.c - * library/ecdsa.c - * library/rsa.c - * library/rsa_internal.c - * library/ssl_tls.c - * - * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. - */ -#define MBEDTLS_BIGNUM_C - -/** - * \def MBEDTLS_BLOWFISH_C - * - * Enable the Blowfish block cipher. - * - * Module: library/blowfish.c - */ -#define MBEDTLS_BLOWFISH_C - -/** - * \def MBEDTLS_CAMELLIA_C - * - * Enable the Camellia block cipher. - * - * Module: library/camellia.c - * Caller: library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 - */ -#define MBEDTLS_CAMELLIA_C - -/** - * \def MBEDTLS_ARIA_C - * - * Enable the ARIA block cipher. - * - * Module: library/aria.c - * Caller: library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * - * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 - */ -//#define MBEDTLS_ARIA_C - -/** - * \def MBEDTLS_CCM_C - * - * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. - * - * Module: library/ccm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-CCM ciphersuites, if other requisites are - * enabled as well. - */ -#define MBEDTLS_CCM_C - -/** - * \def MBEDTLS_CERTS_C - * - * Enable the test certificates. - * - * Module: library/certs.c - * Caller: - * - * This module is used for testing (ssl_client/server). - */ -#define MBEDTLS_CERTS_C - -/** - * \def MBEDTLS_CHACHA20_C - * - * Enable the ChaCha20 stream cipher. - * - * Module: library/chacha20.c - */ -#define MBEDTLS_CHACHA20_C - -/** - * \def MBEDTLS_CHACHAPOLY_C - * - * Enable the ChaCha20-Poly1305 AEAD algorithm. - * - * Module: library/chachapoly.c - * - * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C - */ -#define MBEDTLS_CHACHAPOLY_C - -/** - * \def MBEDTLS_CIPHER_C - * - * Enable the generic cipher layer. - * - * Module: library/cipher.c - * Caller: library/ssl_tls.c - * - * Uncomment to enable generic cipher wrappers. - */ -#define MBEDTLS_CIPHER_C - -/** - * \def MBEDTLS_CMAC_C - * - * Enable the CMAC (Cipher-based Message Authentication Code) mode for block - * ciphers. - * - * Module: library/cmac.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C - * - */ -#define MBEDTLS_CMAC_C - -/** - * \def MBEDTLS_CTR_DRBG_C - * - * Enable the CTR_DRBG AES-based random generator. - * The CTR_DRBG generator uses AES-256 by default. - * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below. - * - * Module: library/ctr_drbg.c - * Caller: - * - * Requires: MBEDTLS_AES_C - * - * This module provides the CTR_DRBG AES random number generator. - */ -#define MBEDTLS_CTR_DRBG_C - -/** - * \def MBEDTLS_DEBUG_C - * - * Enable the debug functions. - * - * Module: library/debug.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module provides debugging functions. - */ -#define MBEDTLS_DEBUG_C - -/** - * \def MBEDTLS_DES_C - * - * Enable the DES block cipher. - * - * Module: library/des.c - * Caller: library/pem.c - * library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA - * - * PEM_PARSE uses DES/3DES for decrypting encrypted keys. - * - * \warning DES is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers instead. - */ -#define MBEDTLS_DES_C - -/** - * \def MBEDTLS_DHM_C - * - * Enable the Diffie-Hellman-Merkle module. - * - * Module: library/dhm.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * DHE-RSA, DHE-PSK - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_DHM_C - -/** - * \def MBEDTLS_ECDH_C - * - * Enable the elliptic curve Diffie-Hellman library. - * - * Module: library/ecdh.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK - * - * Requires: MBEDTLS_ECP_C - */ -#define MBEDTLS_ECDH_C - -/** - * \def MBEDTLS_ECDSA_C - * - * Enable the elliptic curve DSA library. - * - * Module: library/ecdsa.c - * Caller: - * - * This module is used by the following key exchanges: - * ECDHE-ECDSA - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C - */ -#define MBEDTLS_ECDSA_C - -/** - * \def MBEDTLS_ECJPAKE_C - * - * Enable the elliptic curve J-PAKE library. - * - * \warning This is currently experimental. EC J-PAKE support is based on the - * Thread v1.0.0 specification; incompatible changes to the specification - * might still happen. For this reason, this is disabled by default. - * - * Module: library/ecjpake.c - * Caller: - * - * This module is used by the following key exchanges: - * ECJPAKE - * - * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C - */ -//#define MBEDTLS_ECJPAKE_C - -/** - * \def MBEDTLS_ECP_C - * - * Enable the elliptic curve over GF(p) library. - * - * Module: library/ecp.c - * Caller: library/ecdh.c - * library/ecdsa.c - * library/ecjpake.c - * - * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED - */ -#define MBEDTLS_ECP_C - -/** - * \def MBEDTLS_ENTROPY_C - * - * Enable the platform-specific entropy code. - * - * Module: library/entropy.c - * Caller: - * - * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C - * - * This module provides a generic entropy pool - */ -#define MBEDTLS_ENTROPY_C - -/** - * \def MBEDTLS_ERROR_C - * - * Enable error code to error string conversion. - * - * Module: library/error.c - * Caller: - * - * This module enables mbedtls_strerror(). - */ -#define MBEDTLS_ERROR_C - -/** - * \def MBEDTLS_GCM_C - * - * Enable the Galois/Counter Mode (GCM) for AES. - * - * Module: library/gcm.c - * - * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C - * - * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other - * requisites are enabled as well. - */ -#define MBEDTLS_GCM_C - -/** - * \def MBEDTLS_HAVEGE_C - * - * Enable the HAVEGE random generator. - * - * Warning: the HAVEGE random generator is not suitable for virtualized - * environments - * - * Warning: the HAVEGE random generator is dependent on timing and specific - * processor traits. It is therefore not advised to use HAVEGE as - * your applications primary random generator or primary entropy pool - * input. As a secondary input to your entropy pool, it IS able add - * the (limited) extra entropy it provides. - * - * Module: library/havege.c - * Caller: - * - * Requires: MBEDTLS_TIMING_C - * - * Uncomment to enable the HAVEGE random generator. - */ -//#define MBEDTLS_HAVEGE_C - -/** - * \def MBEDTLS_HKDF_C - * - * Enable the HKDF algorithm (RFC 5869). - * - * Module: library/hkdf.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * This module adds support for the Hashed Message Authentication Code - * (HMAC)-based key derivation function (HKDF). - */ -#define MBEDTLS_HKDF_C - -/** - * \def MBEDTLS_HMAC_DRBG_C - * - * Enable the HMAC_DRBG random generator. - * - * Module: library/hmac_drbg.c - * Caller: - * - * Requires: MBEDTLS_MD_C - * - * Uncomment to enable the HMAC_DRBG random number geerator. - */ -#define MBEDTLS_HMAC_DRBG_C - -/** - * \def MBEDTLS_NIST_KW_C - * - * Enable the Key Wrapping mode for 128-bit block ciphers, - * as defined in NIST SP 800-38F. Only KW and KWP modes - * are supported. At the moment, only AES is approved by NIST. - * - * Module: library/nist_kw.c - * - * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C - */ -//#define MBEDTLS_NIST_KW_C - -/** - * \def MBEDTLS_MD_C - * - * Enable the generic message digest layer. - * - * Module: library/md.c - * Caller: - * - * Uncomment to enable generic message digest wrappers. - */ -#define MBEDTLS_MD_C - -/** - * \def MBEDTLS_MD2_C - * - * Enable the MD2 hash algorithm. - * - * Module: library/md2.c - * Caller: - * - * Uncomment to enable support for (rare) MD2-signed X.509 certs. - * - * \warning MD2 is considered a weak message digest and its use constitutes a - * security risk. If possible, we recommend avoiding dependencies on - * it, and considering stronger message digests instead. - * - */ -//#define MBEDTLS_MD2_C - -/** - * \def MBEDTLS_MD4_C - * - * Enable the MD4 hash algorithm. - * - * Module: library/md4.c - * Caller: - * - * Uncomment to enable support for (rare) MD4-signed X.509 certs. - * - * \warning MD4 is considered a weak message digest and its use constitutes a - * security risk. If possible, we recommend avoiding dependencies on - * it, and considering stronger message digests instead. - * - */ -//#define MBEDTLS_MD4_C - -/** - * \def MBEDTLS_MD5_C - * - * Enable the MD5 hash algorithm. - * - * Module: library/md5.c - * Caller: library/md.c - * library/pem.c - * library/ssl_tls.c - * - * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2 - * depending on the handshake parameters. Further, it is used for checking - * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded - * encrypted keys. - * - * \warning MD5 is considered a weak message digest and its use constitutes a - * security risk. If possible, we recommend avoiding dependencies on - * it, and considering stronger message digests instead. - * - */ -#define MBEDTLS_MD5_C - -/** - * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Enable the buffer allocator implementation that makes use of a (stack) - * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() - * calls) - * - * Module: library/memory_buffer_alloc.c - * - * Requires: MBEDTLS_PLATFORM_C - * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) - * - * Enable this module to enable the buffer memory allocator. - */ -//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C - -/** - * \def MBEDTLS_NET_C - * - * Enable the TCP and UDP over IPv6/IPv4 networking routines. - * - * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) - * and Windows. For other platforms, you'll want to disable it, and write your - * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/net_sockets.c - * - * This module provides networking routines. - */ -#define MBEDTLS_NET_C - -/** - * \def MBEDTLS_OID_C - * - * Enable the OID database. - * - * Module: library/oid.c - * Caller: library/asn1write.c - * library/pkcs5.c - * library/pkparse.c - * library/pkwrite.c - * library/rsa.c - * library/x509.c - * library/x509_create.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * library/x509write_crt.c - * library/x509write_csr.c - * - * This modules translates between OIDs and internal values. - */ -#define MBEDTLS_OID_C - -/** - * \def MBEDTLS_PADLOCK_C - * - * Enable VIA Padlock support on x86. - * - * Module: library/padlock.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the VIA PadLock on x86. - */ -#define MBEDTLS_PADLOCK_C - -/** - * \def MBEDTLS_PEM_PARSE_C - * - * Enable PEM decoding / parsing. - * - * Module: library/pem.c - * Caller: library/dhm.c - * library/pkparse.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for decoding / parsing PEM files. - */ -#define MBEDTLS_PEM_PARSE_C - -/** - * \def MBEDTLS_PEM_WRITE_C - * - * Enable PEM encoding / writing. - * - * Module: library/pem.c - * Caller: library/pkwrite.c - * library/x509write_crt.c - * library/x509write_csr.c - * - * Requires: MBEDTLS_BASE64_C - * - * This modules adds support for encoding / writing PEM files. - */ -#define MBEDTLS_PEM_WRITE_C - -/** - * \def MBEDTLS_PK_C - * - * Enable the generic public (asymetric) key layer. - * - * Module: library/pk.c - * Caller: library/ssl_tls.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C - * - * Uncomment to enable generic public key wrappers. - */ -#define MBEDTLS_PK_C - -/** - * \def MBEDTLS_PK_PARSE_C - * - * Enable the generic public (asymetric) key parser. - * - * Module: library/pkparse.c - * Caller: library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key parse functions. - */ -#define MBEDTLS_PK_PARSE_C - -/** - * \def MBEDTLS_PK_WRITE_C - * - * Enable the generic public (asymetric) key writer. - * - * Module: library/pkwrite.c - * Caller: library/x509write.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key write functions. - */ -#define MBEDTLS_PK_WRITE_C - -/** - * \def MBEDTLS_PKCS5_C - * - * Enable PKCS#5 functions. - * - * Module: library/pkcs5.c - * - * Requires: MBEDTLS_MD_C - * - * This module adds support for the PKCS#5 functions. - */ -#define MBEDTLS_PKCS5_C - -/** - * \def MBEDTLS_PKCS11_C - * - * Enable wrapper for PKCS#11 smartcard support. - * - * Module: library/pkcs11.c - * Caller: library/pk.c - * - * Requires: MBEDTLS_PK_C - * - * This module enables SSL/TLS PKCS #11 smartcard support. - * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) - */ -//#define MBEDTLS_PKCS11_C - -/** - * \def MBEDTLS_PKCS12_C - * - * Enable PKCS#12 PBE functions. - * Adds algorithms for parsing PKCS#8 encrypted private keys - * - * Module: library/pkcs12.c - * Caller: library/pkparse.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * Can use: MBEDTLS_ARC4_C - * - * This module enables PKCS#12 functions. - */ -#define MBEDTLS_PKCS12_C - -/** - * \def MBEDTLS_PLATFORM_C - * - * Enable the platform abstraction layer that allows you to re-assign - * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). - * - * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT - * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned - * above to be specified at runtime or compile time respectively. - * - * \note This abstraction layer must be enabled on Windows (including MSYS2) - * as other module rely on it for a fixed snprintf implementation. - * - * Module: library/platform.c - * Caller: Most other .c files - * - * This module enables abstraction of common (libc) functions. - */ -#define MBEDTLS_PLATFORM_C - -/** - * \def MBEDTLS_POLY1305_C - * - * Enable the Poly1305 MAC algorithm. - * - * Module: library/poly1305.c - * Caller: library/chachapoly.c - */ -#define MBEDTLS_POLY1305_C - -/** - * \def MBEDTLS_RIPEMD160_C - * - * Enable the RIPEMD-160 hash algorithm. - * - * Module: library/ripemd160.c - * Caller: library/md.c - * - */ -#define MBEDTLS_RIPEMD160_C - -/** - * \def MBEDTLS_RSA_C - * - * Enable the RSA public-key cryptosystem. - * - * Module: library/rsa.c - * library/rsa_internal.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509.c - * - * This module is used by the following key exchanges: - * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C - */ -#define MBEDTLS_RSA_C - -/** - * \def MBEDTLS_SHA1_C - * - * Enable the SHA1 cryptographic hash algorithm. - * - * Module: library/sha1.c - * Caller: library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * library/x509write_crt.c - * - * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 - * depending on the handshake parameters, and for SHA1-signed certificates. - * - * \warning SHA-1 is considered a weak message digest and its use constitutes - * a security risk. If possible, we recommend avoiding dependencies - * on it, and considering stronger message digests instead. - * - */ -#define MBEDTLS_SHA1_C - -/** - * \def MBEDTLS_SHA256_C - * - * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. - * - * Module: library/sha256.c - * Caller: library/entropy.c - * library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * This module adds support for SHA-224 and SHA-256. - * This module is required for the SSL/TLS 1.2 PRF function. - */ -#define MBEDTLS_SHA256_C - -/** - * \def MBEDTLS_SHA512_C - * - * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. - * - * Module: library/sha512.c - * Caller: library/entropy.c - * library/md.c - * library/ssl_cli.c - * library/ssl_srv.c - * - * This module adds support for SHA-384 and SHA-512. - */ -#define MBEDTLS_SHA512_C - -#if (SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM) -#undef MBEDTLS_SHA512_C -#endif - -/** - * \def MBEDTLS_SSL_CACHE_C - * - * Enable simple SSL cache implementation. - * - * Module: library/ssl_cache.c - * Caller: - * - * Requires: MBEDTLS_SSL_CACHE_C - */ -#define MBEDTLS_SSL_CACHE_C - -/** - * \def MBEDTLS_SSL_COOKIE_C - * - * Enable basic implementation of DTLS cookies for hello verification. - * - * Module: library/ssl_cookie.c - * Caller: - */ -#define MBEDTLS_SSL_COOKIE_C - -/** - * \def MBEDTLS_SSL_TICKET_C - * - * Enable an implementation of TLS server-side callbacks for session tickets. - * - * Module: library/ssl_ticket.c - * Caller: - * - * Requires: MBEDTLS_CIPHER_C - */ -#define MBEDTLS_SSL_TICKET_C - -/** - * \def MBEDTLS_SSL_CLI_C - * - * Enable the SSL/TLS client code. - * - * Module: library/ssl_cli.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS client support. - */ -#define MBEDTLS_SSL_CLI_C - -/** - * \def MBEDTLS_SSL_SRV_C - * - * Enable the SSL/TLS server code. - * - * Module: library/ssl_srv.c - * Caller: - * - * Requires: MBEDTLS_SSL_TLS_C - * - * This module is required for SSL/TLS server support. - */ -#define MBEDTLS_SSL_SRV_C - -/** - * \def MBEDTLS_SSL_TLS_C - * - * Enable the generic SSL/TLS code. - * - * Module: library/ssl_tls.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * and at least one of the MBEDTLS_SSL_PROTO_XXX defines - * - * This module is required for SSL/TLS. - */ -#define MBEDTLS_SSL_TLS_C - -/** - * \def MBEDTLS_THREADING_C - * - * Enable the threading abstraction layer. - * By default mbed TLS assumes it is used in a non-threaded environment or that - * contexts are not shared between threads. If you do intend to use contexts - * between threads, you will need to enable this layer to prevent race - * conditions. See also our Knowledge Base article about threading: - * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading - * - * Module: library/threading.c - * - * This allows different threading implementations (self-implemented or - * provided). - * - * You will have to enable either MBEDTLS_THREADING_ALT or - * MBEDTLS_THREADING_PTHREAD. - * - * Enable this layer to allow use of mutexes within mbed TLS - */ -//#define MBEDTLS_THREADING_C - -/** - * \def MBEDTLS_TIMING_C - * - * Enable the semi-portable timing interface. - * - * \note The provided implementation only works on POSIX/Unix (including Linux, - * BSD and OS X) and Windows. On other platforms, you can either disable that - * module and provide your own implementations of the callbacks needed by - * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide - * your own implementation of the whole module by setting - * \c MBEDTLS_TIMING_ALT in the current file. - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS - * - * Module: library/timing.c - * Caller: library/havege.c - * - * This module is used by the HAVEGE random number generator. - */ -#define MBEDTLS_TIMING_C - -/** - * \def MBEDTLS_VERSION_C - * - * Enable run-time version information. - * - * Module: library/version.c - * - * This module provides run-time version information. - */ -#define MBEDTLS_VERSION_C - -/** - * \def MBEDTLS_X509_USE_C - * - * Enable X.509 core for using certificates. - * - * Module: library/x509.c - * Caller: library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, - * MBEDTLS_PK_PARSE_C - * - * This module is required for the X.509 parsing modules. - */ -#define MBEDTLS_X509_USE_C - -/** - * \def MBEDTLS_X509_CRT_PARSE_C - * - * Enable X.509 certificate parsing. - * - * Module: library/x509_crt.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 certificate parsing. - */ -#define MBEDTLS_X509_CRT_PARSE_C - -/** - * \def MBEDTLS_X509_CRL_PARSE_C - * - * Enable X.509 CRL parsing. - * - * Module: library/x509_crl.c - * Caller: library/x509_crt.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 CRL parsing. - */ -#define MBEDTLS_X509_CRL_PARSE_C - -/** - * \def MBEDTLS_X509_CSR_PARSE_C - * - * Enable X.509 Certificate Signing Request (CSR) parsing. - * - * Module: library/x509_csr.c - * Caller: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is used for reading X.509 certificate request. - */ -#define MBEDTLS_X509_CSR_PARSE_C - -/** - * \def MBEDTLS_X509_CREATE_C - * - * Enable X.509 core for creating certificates. - * - * Module: library/x509_create.c - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C - * - * This module is the basis for creating X.509 certificates and CSRs. - */ -#define MBEDTLS_X509_CREATE_C - -/** - * \def MBEDTLS_X509_CRT_WRITE_C - * - * Enable creating X.509 certificates. - * - * Module: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate creation. - */ -#define MBEDTLS_X509_CRT_WRITE_C - -/** - * \def MBEDTLS_X509_CSR_WRITE_C - * - * Enable creating X.509 Certificate Signing Requests (CSR). - * - * Module: library/x509_csr_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate request writing. - */ -#define MBEDTLS_X509_CSR_WRITE_C - -/** - * \def MBEDTLS_XTEA_C - * - * Enable the XTEA block cipher. - * - * Module: library/xtea.c - * Caller: - */ -#define MBEDTLS_XTEA_C - -/* \} name SECTION: mbed TLS modules */ - -/** - * \name SECTION: Module configuration options - * - * This section allows for the setting of module specific sizes and - * configuration options. The default values are already present in the - * relevant header files and should suffice for the regular use cases. - * - * Our advice is to enable options and change their values here - * only if you have a good reason and know the consequences. - * - * Please check the respective header file for documentation on these - * parameters (to prevent duplicate documentation). - * \{ - */ - -/* MPI / BIGNUM options */ -//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ -//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ - -/* CTR_DRBG options */ -//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ -//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ -//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */ - -/* HMAC_DRBG options */ -//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ -//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ -//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ -//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ - -/* ECP options */ -//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ -//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ - -/* Entropy options */ -//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ -//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ -//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ - -/* Memory buffer allocator options */ -//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ - -/* Platform options */ -//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ -//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ - -/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ -/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ -//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ -//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ -/* Note: your snprintf must correclty zero-terminate the buffer! */ -//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ -//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ -//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ - -/** - * \brief This macro is invoked by the library when an invalid parameter - * is detected that is only checked with MBEDTLS_CHECK_PARAMS - * (see the documentation of that option for context). - * - * When you leave this undefined here, a default definition is - * provided that invokes the function mbedtls_param_failed(), - * which is declared in platform_util.h for the benefit of the - * library, but that you need to define in your application. - * - * When you define this here, this replaces the default - * definition in platform_util.h (which no longer declares the - * function mbedtls_param_failed()) and it is your responsibility - * to make sure this macro expands to something suitable (in - * particular, that all the necessary declarations are visible - * from within the library - you can ensure that by providing - * them in this file next to the macro definition). - * - * Note that you may define this macro to expand to nothing, in - * which case you don't have to worry about declarations or - * definitions. However, you will then be notified about invalid - * parameters only in non-void functions, and void function will - * just silently return early on invalid parameters, which - * partially negates the benefits of enabling - * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged. - * - * \param cond The expression that should evaluate to true, but doesn't. - */ -//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) - -/* SSL Cache options */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ -//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ - -/* SSL options */ - -/** \def MBEDTLS_SSL_MAX_CONTENT_LEN - * - * Maximum length (in bytes) of incoming and outgoing plaintext fragments. - * - * This determines the size of both the incoming and outgoing TLS I/O buffers - * in such a way that both are capable of holding the specified amount of - * plaintext data, regardless of the protection mechanism used. - * - * To configure incoming and outgoing I/O buffers separately, use - * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN, - * which overwrite the value set by this option. - * - * \note When using a value less than the default of 16KB on the client, it is - * recommended to use the Maximum Fragment Length (MFL) extension to - * inform the server about this limitation. On the server, there - * is no supported, standardized way of informing the client about - * restriction on the maximum size of incoming messages, and unless - * the limitation has been communicated by other means, it is recommended - * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN - * while keeping the default value of 16KB for the incoming buffer. - * - * Uncomment to set the maximum plaintext size of both - * incoming and outgoing I/O buffers. - */ -//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 - -/** \def MBEDTLS_SSL_IN_CONTENT_LEN - * - * Maximum length (in bytes) of incoming plaintext fragments. - * - * This determines the size of the incoming TLS I/O buffer in such a way - * that it is capable of holding the specified amount of plaintext data, - * regardless of the protection mechanism used. - * - * If this option is undefined, it inherits its value from - * #MBEDTLS_SSL_MAX_CONTENT_LEN. - * - * \note When using a value less than the default of 16KB on the client, it is - * recommended to use the Maximum Fragment Length (MFL) extension to - * inform the server about this limitation. On the server, there - * is no supported, standardized way of informing the client about - * restriction on the maximum size of incoming messages, and unless - * the limitation has been communicated by other means, it is recommended - * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN - * while keeping the default value of 16KB for the incoming buffer. - * - * Uncomment to set the maximum plaintext size of the incoming I/O buffer - * independently of the outgoing I/O buffer. - */ -//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 - -/** \def MBEDTLS_SSL_OUT_CONTENT_LEN - * - * Maximum length (in bytes) of outgoing plaintext fragments. - * - * This determines the size of the outgoing TLS I/O buffer in such a way - * that it is capable of holding the specified amount of plaintext data, - * regardless of the protection mechanism used. - * - * If this option undefined, it inherits its value from - * #MBEDTLS_SSL_MAX_CONTENT_LEN. - * - * It is possible to save RAM by setting a smaller outward buffer, while keeping - * the default inward 16384 byte buffer to conform to the TLS specification. - * - * The minimum required outward buffer size is determined by the handshake - * protocol's usage. Handshaking will fail if the outward buffer is too small. - * The specific size requirement depends on the configured ciphers and any - * certificate data which is sent during the handshake. - * - * Uncomment to set the maximum plaintext size of the outgoing I/O buffer - * independently of the incoming I/O buffer. - */ -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 - -/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING - * - * Maximum number of heap-allocated bytes for the purpose of - * DTLS handshake message reassembly and future message buffering. - * - * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN - * to account for a reassembled handshake message of maximum size, - * together with its reassembly bitmap. - * - * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) - * should be sufficient for all practical situations as it allows - * to reassembly a large handshake message (such as a certificate) - * while buffering multiple smaller handshake messages. - * - */ -//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 - -//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ -//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ -//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ - -/** - * Complete list of ciphersuites to use, in order of preference. - * - * \warning No dependency checking is done on that field! This option can only - * be used to restrict the set of available ciphersuites. It is your - * responsibility to make sure the needed modules are active. - * - * Use this to save a few hundred bytes of ROM (default ordering of all - * available ciphersuites) and a few to a few hundred bytes of RAM. - * - * The value below is only an example, not the default. - */ -//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - -/* X509 options */ -//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ -//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ - -/** - * Allow SHA-1 in the default TLS configuration for certificate signing. - * Without this build-time option, SHA-1 support must be activated explicitly - * through mbedtls_ssl_conf_cert_profile. Turning on this option is not - * recommended because of it is possible to generate SHA-1 collisions, however - * this may be safe for legacy infrastructure where additional controls apply. - * - * \warning SHA-1 is considered a weak message digest and its use constitutes - * a security risk. If possible, we recommend avoiding dependencies - * on it, and considering stronger message digests instead. - * - */ -// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES - -/** - * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake - * signature and ciphersuite selection. Without this build-time option, SHA-1 - * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. - * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by - * default. At the time of writing, there is no practical attack on the use - * of SHA-1 in handshake signatures, hence this option is turned on by default - * to preserve compatibility with existing peers, but the general - * warning applies nonetheless: - * - * \warning SHA-1 is considered a weak message digest and its use constitutes - * a security risk. If possible, we recommend avoiding dependencies - * on it, and considering stronger message digests instead. - * - */ -#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE - -/** - * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_platform_zeroize(). This replaces the default implementation in - * platform_util.c. - * - * mbedtls_platform_zeroize() is a widely used function across the library to - * zero a block of memory. The implementation is expected to be secure in the - * sense that it has been written to prevent the compiler from removing calls - * to mbedtls_platform_zeroize() as part of redundant code elimination - * optimizations. However, it is difficult to guarantee that calls to - * mbedtls_platform_zeroize() will not be optimized by the compiler as older - * versions of the C language standards do not provide a secure implementation - * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to - * configure their own implementation of mbedtls_platform_zeroize(), for - * example by using directives specific to their compiler, features from newer - * C standards (e.g using memset_s() in C11) or calling a secure memset() from - * their system (e.g explicit_bzero() in BSD). - */ -//#define MBEDTLS_PLATFORM_ZEROIZE_ALT - -/** - * Uncomment the macro to let Mbed TLS use your alternate implementation of - * mbedtls_platform_gmtime_r(). This replaces the default implementation in - * platform_util.c. - * - * gmtime() is not a thread-safe function as defined in the C standard. The - * library will try to use safer implementations of this function, such as - * gmtime_r() when available. However, if Mbed TLS cannot identify the target - * system, the implementation of mbedtls_platform_gmtime_r() will default to - * using the standard gmtime(). In this case, calls from the library to - * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex - * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the - * library are also guarded with this mutex to avoid race conditions. However, - * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will - * unconditionally use the implementation for mbedtls_platform_gmtime_r() - * supplied at compile time. - */ -//#define MBEDTLS_PLATFORM_GMTIME_R_ALT - -/* \} name SECTION: Customisation configuration options */ - -/* Target and application specific configurations - * - * Allow user to override any previous default. - * - */ -#if defined(MBEDTLS_USER_CONFIG_FILE) -#include MBEDTLS_USER_CONFIG_FILE -#endif - -#include "mbedtls/check_config.h" - -/* clang-format on */ - -#endif /* MBEDTLS_CONFIG_H */ diff --git a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port/default/fsl_sss_types.h b/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port/default/fsl_sss_types.h deleted file mode 100644 index 969be8767..000000000 --- a/cores/arduino/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port/default/fsl_sss_types.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2018,2019 NXP - * SPDX-License-Identifier: Apache-2.0 - */ - -#ifndef FSL_SSS_TYPES_H -#define FSL_SSS_TYPES_H - -#include -#include -#include - -#if (__STDC__ && !__MBED__) -#include -#endif - -#ifndef FALSE -#define FALSE false -#endif - -#ifndef TRUE -#define TRUE true -#endif - -#ifndef ARRAY_SIZE -#define ARRAY_SIZE(array) (sizeof(array) / (sizeof(array[0]))) -#endif - -#if __MBED__ -#include "mbed_assert.h" -#define assert_static(e) MBED_ASSERT(e) -#else -#define assert_static(e) \ - { \ - char assert_static__[(e) ? 1 : -1]; \ - assert_static__; \ - } -#endif - -/** Compile time assert */ -#define SSS_ASSERT(condition) assert_static(condition) - -/*! @brief Compile time sizeof() check */ -#define SSCP_BUILD_ASSURE(condition, msg) assert_static(condition) - -/* snprintf definition for MSVisualC */ -#ifdef _MSC_VER -#define SNPRINTF _snprintf -#define STRNICMP _strnicmp -#else /* _MSC_VER*/ -#define SNPRINTF snprintf -#define STRNICMP strncasecmp -#endif /*_MSC_VER*/ - -#ifndef SSS_MALLOC -#define SSS_MALLOC malloc -#endif // SSS_MALLOC - -#ifndef SSS_FREE -#define SSS_FREE free -#endif // SSS_FREE - -#ifndef SSS_CALLOC -#define SSS_CALLOC calloc -#endif // SSS_CALLOC - -#endif /* FSL_SSS_TYPES_H */ diff --git a/extras/variables/nicla.variables b/extras/variables/nicla.variables index c894e0366..b9340db07 100644 --- a/extras/variables/nicla.variables +++ b/extras/variables/nicla.variables @@ -1,5 +1,5 @@ export FLAVOUR="nicla" export VARIANTS=("NICLA NICLA_VISION GENERIC_STM32H747_M4") export FQBNS=("nicla_sense nicla_voice nicla_vision") -export LIBRARIES=("SPI Wire Scheduler Nicla_System WiFi ea_malloc openamp_arduino STM32H747_System ThreadDebug GC2145 Himax_HM01B0 PDM KernelDebug RPC USBHID Camera rpclib USBHOST mbed-memory-status USBMSD SocketWrapper MRI SE05X MLC NDP syntiant_ilib") +export LIBRARIES=("SPI Wire Scheduler Nicla_System WiFi ea_malloc openamp_arduino STM32H747_System ThreadDebug GC2145 Himax_HM01B0 PDM KernelDebug RPC USBHID Camera rpclib USBHOST mbed-memory-status USBMSD SocketWrapper MRI MLC NDP syntiant_ilib") export BOOTLOADERS=("NICLA NICLA_VISION NICLA_VOICE") diff --git a/libraries/SE05X/examples/SE05XImportPublicKey/SE05XImportPublicKey.ino b/libraries/SE05X/examples/SE05XImportPublicKey/SE05XImportPublicKey.ino deleted file mode 100644 index 25e17cb99..000000000 --- a/libraries/SE05X/examples/SE05XImportPublicKey/SE05XImportPublicKey.ino +++ /dev/null @@ -1,86 +0,0 @@ -/* - SE05X ImportAndVerify - - This sketch uses the SE05X to generate a new EC NIST P-256 keypair - and store it with id 999, then input buffer SHA256 is signed with the private - key. The public key is imported with another id 899 into SE05X and the - signature is checked using the imported public key. - - Circuit: - - Portenta - - Nicla Vision -*/ - -#include - -const byte input[64] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f -}; - -void printBufferHex(const byte input[], size_t inputLength) { - for (int i = 0; i < inputLength; i++) { - Serial.print(input[i] >> 4, HEX); - Serial.print(input[i] & 0x0f, HEX); - } - Serial.println(); -} - -void setup() { - Serial.begin(9600); - while (!Serial); - - if (!SE05X.begin()) { - Serial.println("Failed to communicate with SE05X!"); - while (1); - } - - const int privKeyId = 999; - const int publKeyId = 899; - byte derBuf[256]; - size_t derSize; - - SE05X.generatePrivateKey(privKeyId, derBuf, sizeof(derBuf), &derSize); - - // print the input - Serial.print("Input is: "); - printBufferHex(input, sizeof(input)); - - //calculate the input SHA256 - byte sha256[256]; - size_t sha256Len; - SE05X.SHA256(input, sizeof(input), sha256, sizeof(sha256), &sha256Len); - Serial.print("Input SHA256 is: "); - printBufferHex(sha256, sha256Len); - - // calculate the signature, input MUST be SHA256 - byte signature[256]; - size_t signatureLen; - SE05X.Sign(privKeyId, sha256, sha256Len, signature, sizeof(signature), &signatureLen); - - // print the signature - Serial.print("Signature using KeyId "); - Serial.print(privKeyId); - Serial.print(" is: "); - printBufferHex(signature, signatureLen); - - Serial.println(); - - SE05X.importPublicKey(publKeyId, derBuf, derSize); - - // To make the signature verifcation fail, uncomment the next line: - // signature[0] = 0x00; - - // validate the signature - if (SE05X.Verify(publKeyId, sha256, sha256Len, signature, signatureLen)) { - Serial.println("Verified signature successfully :D"); - } else { - Serial.println("oh no! failed to verify signature :("); - } -} - -void loop() { - -} diff --git a/libraries/SE05X/examples/SE05XPrivateKey/SE05XPrivateKey.ino b/libraries/SE05X/examples/SE05XPrivateKey/SE05XPrivateKey.ino deleted file mode 100644 index f30ebc651..000000000 --- a/libraries/SE05X/examples/SE05XPrivateKey/SE05XPrivateKey.ino +++ /dev/null @@ -1,41 +0,0 @@ -/* - SE05X Private Key - - This sketch uses the SE05X to generate a new EC NIST P-256 keypair - and store it with id 999, then the public key is printed in DER format. - - Circuit: - - Portenta - - Nicla Vision -*/ - -#include - -void printBufferHex(const byte input[], size_t inputLength) { - for (int i = 0; i < inputLength; i++) { - Serial.print(input[i] >> 4, HEX); - Serial.print(input[i] & 0x0f, HEX); - } - Serial.println(); -} - -void setup() { - Serial.begin(9600); - while (!Serial); - - if (!SE05X.begin()) { - Serial.println("Failed to communicate with SE05X!"); - while (1); - } - - const int KeyId = 999; - byte derBuf[256]; - size_t derSize; - - SE05X.generatePrivateKey(KeyId, derBuf, sizeof(derBuf), &derSize); - printBufferHex(derBuf, derSize); -} - -void loop() { - -} diff --git a/libraries/SE05X/examples/SE05XRandomNumber/SE05XRandomNumber.ino b/libraries/SE05X/examples/SE05XRandomNumber/SE05XRandomNumber.ino deleted file mode 100644 index 2a3e216c4..000000000 --- a/libraries/SE05X/examples/SE05XRandomNumber/SE05XRandomNumber.ino +++ /dev/null @@ -1,29 +0,0 @@ -/* - SE05X Random Number - - This sketch uses the SE05X to generate a random number - every second and print it to the Serial monitor - - Circuit: - - Portenta - - Nicla Vision -*/ - -#include - -void setup() { - Serial.begin(9600); - while (!Serial); - - if (!SE05X.begin()) { - Serial.println("Failed to communicate with SE05X!"); - while (1); - } -} - -void loop() { - Serial.print("Random number = "); - Serial.println(SE05X.random(65535)); - - delay(1000); -} diff --git a/libraries/SE05X/examples/SE05XSignAndVerify/SE05XSignAndVerify.ino b/libraries/SE05X/examples/SE05XSignAndVerify/SE05XSignAndVerify.ino deleted file mode 100644 index 1209ac141..000000000 --- a/libraries/SE05X/examples/SE05XSignAndVerify/SE05XSignAndVerify.ino +++ /dev/null @@ -1,82 +0,0 @@ -/* - SE05X SignAndVerify - - This sketch uses the SE05X to generate a new EC NIST P-256 keypair - and store it with id 999, then input buffer SHA256 is signed with the private - key and verified with the public key. - - Circuit: - - Portenta - - Nicla Vision -*/ - -#include - -const byte input[64] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f -}; - -void printBufferHex(const byte input[], size_t inputLength) { - for (int i = 0; i < inputLength; i++) { - Serial.print(input[i] >> 4, HEX); - Serial.print(input[i] & 0x0f, HEX); - } - Serial.println(); -} - -void setup() { - Serial.begin(9600); - while (!Serial); - - if (!SE05X.begin()) { - Serial.println("Failed to communicate with SE05X!"); - while (1); - } - - const int KeyId = 999; - byte derBuf[256]; - size_t derSize; - - SE05X.generatePrivateKey(KeyId, derBuf, sizeof(derBuf), &derSize); - - // print the input - Serial.print("Input is: "); - printBufferHex(input, sizeof(input)); - - //calculate the input SHA256 - byte sha256[256]; - size_t sha256Len; - SE05X.SHA256(input, sizeof(input), sha256, sizeof(sha256), &sha256Len); - Serial.print("Input SHA256 is: "); - printBufferHex(sha256, sha256Len); - - // calculate the signature, input MUST be SHA256 - byte signature[256]; - size_t signatureLen; - SE05X.Sign(KeyId, sha256, sha256Len, signature, sizeof(signature), &signatureLen); - - // print the signature - Serial.print("Signature using KeyId "); - Serial.print(KeyId); - Serial.print(" is: "); - printBufferHex(signature, signatureLen); - - Serial.println(); - - // To make the signature verifcation fail, uncomment the next line: - // signature[0] = 0x00; - - // validate the signature - if (SE05X.Verify(KeyId, sha256, sha256Len, signature, signatureLen)) { - Serial.println("Verified signature successfully :D"); - } else { - Serial.println("oh no! failed to verify signature :("); - } -} - -void loop() { - -} diff --git a/libraries/SE05X/library.properties b/libraries/SE05X/library.properties deleted file mode 100644 index f083826ce..000000000 --- a/libraries/SE05X/library.properties +++ /dev/null @@ -1,9 +0,0 @@ -name=SE05X -version=0.0.1 -author=Arduino -maintainer=Arduino -sentence=Arduino Library for the NXP SE05X crypto chips -paragraph= -category=Communication -url=https://github.com/arduino/ArduinoCore-mbed/tree/master/libraries/SE05X -architectures=mbed_nicla diff --git a/libraries/SE05X/src/SE05X.cpp b/libraries/SE05X/src/SE05X.cpp deleted file mode 100644 index 1fb3dfe22..000000000 --- a/libraries/SE05X/src/SE05X.cpp +++ /dev/null @@ -1,644 +0,0 @@ -/* - SE05X.cpp - Copyright (c) 2022 Arduino SA. All right reserved. - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -#include "SE05X.h" - -#define SE05X_EC_KEY_RAW_LENGTH 64 -#define SE05X_EC_KEY_HEADER_LENGTH 27 -#define SE05X_EC_KEY_DER_LENGTH SE05X_EC_KEY_HEADER_LENGTH + SE05X_EC_KEY_RAW_LENGTH -#define SE05X_EC_SIGNATURE_RAW_LENGTH 64 -#define SE05X_EC_SIGNATURE_HEADER_LENGTH 6 -#define SE05X_EC_SIGNATURE_DER_LENGTH SE05X_EC_SIGNATURE_HEADER_LENGTH + SE05X_EC_SIGNATURE_RAW_LENGTH -#define SE05X_SHA256_LENGTH 32 -#define SE05X_DER_BUFFER_SIZE 256 -#define SE05X_TEMP_OBJECT 9999 - -SE05XClass::SE05XClass() -: _cipher_type {kSSS_CipherType_EC_NIST_P} -, _algorithm_type {kAlgorithm_SSS_ECDSA_SHA256} -, _key_size_bits {256} -{ - -} - -SE05XClass::~SE05XClass() -{ - -} - -static void getECKeyXyValuesFromDER(byte* derKey, size_t derLen, byte* rawKey) -{ - memcpy(rawKey, &derKey[derLen - SE05X_EC_KEY_RAW_LENGTH], SE05X_EC_KEY_RAW_LENGTH); -} - -static void setECKeyXyVauesInDER(const byte* rawKey, byte* derKey) -{ - static const byte ecc_der_header_nist256[SE05X_EC_KEY_HEADER_LENGTH] = - { - 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, - 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, - 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, - 0x42, 0x00, 0x04 - }; - - memcpy(&derKey[0], &ecc_der_header_nist256[0], SE05X_EC_KEY_HEADER_LENGTH); - memcpy(&derKey[SE05X_EC_KEY_HEADER_LENGTH], &rawKey[0], SE05X_EC_KEY_RAW_LENGTH); -} - -static void getECSignatureRsValuesFromDER(byte* derSignature, size_t derLen, byte* rawSignature) -{ - byte rLen; - byte sLen; - - rLen = derSignature[3]; - sLen = derSignature[3 + rLen + 2]; - - byte * out = rawSignature; - - if(rLen == (SE05X_EC_SIGNATURE_RAW_LENGTH / 2)) - { - memcpy(out, &derSignature[4], (SE05X_EC_SIGNATURE_RAW_LENGTH / 2)); - } - else if ((rLen == ((SE05X_EC_SIGNATURE_RAW_LENGTH / 2) + 1)) && (derSignature[4] == 0)) - { - memcpy(out, &derSignature[5], (SE05X_EC_SIGNATURE_RAW_LENGTH / 2)); - } - - out += (SE05X_EC_SIGNATURE_RAW_LENGTH / 2); - - if(sLen == (SE05X_EC_SIGNATURE_RAW_LENGTH / 2)) - { - memcpy(out, &derSignature[3 + rLen + 3], (SE05X_EC_SIGNATURE_RAW_LENGTH / 2)); - } - else if ((sLen == ((SE05X_EC_SIGNATURE_RAW_LENGTH / 2) + 1)) && (derSignature[3 + rLen + 3] == 0)) - { - memcpy(out, &derSignature[3 + rLen + 4], (SE05X_EC_SIGNATURE_RAW_LENGTH / 2)); - } -} - -static void setECSignatureRsValuesInDER(const byte* rawSignature, byte* signature) -{ - byte rLen = (SE05X_EC_SIGNATURE_RAW_LENGTH / 2); - byte sLen = (SE05X_EC_SIGNATURE_RAW_LENGTH / 2); - byte rawSignatureLen = SE05X_EC_SIGNATURE_RAW_LENGTH; - - signature[0] = 0x30; - signature[1] = (uint8_t)(rawSignatureLen + 4); - signature[2] = 0x02; - signature[3] = (uint8_t)rLen; - memcpy(&signature[4], &rawSignature[0], rLen); - signature[3 + rLen + 1] = 0x02; - signature[3 + rLen + 2] = (uint8_t)sLen; - memcpy(&signature[3 + rLen + 3], &rawSignature[rLen], sLen); -} - -int SE05XClass::begin() -{ - memset(&_boot_ctx, 0, sizeof(ex_sss_boot_ctx_t)); - - se05x_ic_power_on(); - - if (nLog_Init() != 0) { - SE05X_PRINT_ERROR("Lock initialisation failed"); - return 0; - } - - if (kStatus_SSS_Success != ex_sss_boot_open(&_boot_ctx, "portName")) { - SE05X_PRINT_ERROR("ex_sss_session_open Failed"); - return 0; - } - - if (kStatus_SSS_Success != ex_sss_key_store_and_object_init(&_boot_ctx)) { - SE05X_PRINT_ERROR("ex_sss_key_store_and_object_init Failed"); - return 0; - } - - return 1; -} - -void SE05XClass::end() -{ - se05x_ic_power_off(); -} - -int SE05XClass::writeConfiguration(const byte data[]) -{ - _cipher_type = (sss_cipher_type_t)data[0]; - _algorithm_type = (sss_algorithm_t)(data[1] << 8 | data[2]); - _key_size_bits = (size_t)(data[3] << 8 | data[4]); - return 1; -} - -int SE05XClass::readConfiguration(byte data[]) -{ - data[0] = (byte)_cipher_type; - data[1] = (byte)_algorithm_type >> 8; - data[2] = (byte)_algorithm_type; - data[3] = (byte)_key_size_bits >> 8; - data[4] = (byte)_key_size_bits; - return 1; -} - -int SE05XClass::serialNumber(byte sn[]) -{ - return serialNumber(sn, SE05X_SN_LENGTH); -} - -int SE05XClass::serialNumber(byte sn[], size_t length) -{ - size_t uidLen = SE05X_SN_LENGTH; - byte UID[SE05X_SN_LENGTH]; - - if(!sn) { - return 0; - } - - sss_status_t status = sss_session_prop_get_au8(&_boot_ctx.session, kSSS_SessionProp_UID, UID, &uidLen); - if ((status != kStatus_SSS_Success)) { - SE05X_PRINT_ERROR("Error in Se05x_API_ReadObject \n"); - return 0; - } - memcpy(sn, UID, length < SE05X_SN_LENGTH ? length : SE05X_SN_LENGTH); - return 1; -} - -String SE05XClass::serialNumber() -{ - String result = (char*)NULL; - byte UID[SE05X_SN_LENGTH]; - - serialNumber(UID, sizeof(UID)); - - result.reserve(SE05X_SN_LENGTH * 2); - - for (size_t i = 0; i < SE05X_SN_LENGTH; i++) { - byte b = UID[i]; - - if (b < 16) { - result += "0"; - } - result += String(b, HEX); - } - - result.toUpperCase(); - - return result; -} - -long SE05XClass::random(long max) -{ - return random(0, max); -} - -long SE05XClass::random(long min, long max) -{ - if (min >= max) - { - return min; - } - - long diff = max - min; - - long r; - random((byte*)&r, sizeof(r)); - - if (r < 0) { - r = -r; - } - - r = (r % diff); - - return (r + min); -} - -int SE05XClass::random(byte data[], size_t length) -{ - sss_rng_context_t rng; - - if(kStatus_SSS_Success != sss_rng_context_init(&rng, &_boot_ctx.session)) { - return 0; - } - - if(kStatus_SSS_Success != sss_rng_get_random(&rng, data, length)) { - return 0; - } - - return 1; -} - -int SE05XClass::generatePrivateKey(int keyId, byte pubKeyDer[], size_t pubKeyDerMaxLen, size_t * pubKeyDerLen) -{ - sss_status_t status; - sss_object_t keyObject; - size_t derSzBits; - - if(!initObject(keyId, &keyObject, kSSS_KeyPart_Pair, kKeyObject_Mode_Persistent, _cipher_type)) { - return 0; - } - - status = sss_key_store_generate_key(&_boot_ctx.ks, &keyObject, _key_size_bits, NULL); - - if (status == kStatus_SSS_Success) { - derSzBits = pubKeyDerMaxLen * 8; - * pubKeyDerLen = pubKeyDerMaxLen; - status = sss_key_store_get_key(&_boot_ctx.ks, &keyObject, pubKeyDer, pubKeyDerLen, &derSzBits); - } - - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_key_store_get_key Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::generatePrivateKey(int slot, byte publicKey[]) -{ - byte publicKeyDer[SE05X_DER_BUFFER_SIZE]; - size_t publicKeyDerLen; - - if ((_cipher_type != kSSS_CipherType_EC_NIST_P) || (_algorithm_type != kAlgorithm_SSS_ECDSA_SHA256)) { - return 0; - } - - if (!generatePrivateKey(slot, publicKeyDer, sizeof(publicKeyDer), &publicKeyDerLen)) { - return 0; - } - - getECKeyXyValuesFromDER(publicKeyDer, publicKeyDerLen, publicKey); - return 1; -} - -int SE05XClass::generatePublicKey(int keyId, byte pubKeyDer[], size_t pubKeyDerMaxLen, size_t * pubKeyDerlen) -{ - sss_status_t status; - sss_object_t keyObject; - size_t derSzBits; - - if(!initObject(keyId, &keyObject, kSSS_KeyPart_Pair, kKeyObject_Mode_Persistent, _cipher_type)) { - return 0; - } - - derSzBits = pubKeyDerMaxLen * 8; - * pubKeyDerlen = pubKeyDerMaxLen; - status = sss_key_store_get_key(&_boot_ctx.ks, &keyObject, pubKeyDer, pubKeyDerlen, &derSzBits); - - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_key_store_get_key Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::generatePublicKey(int slot, byte publicKey[]) -{ - byte publicKeyDer[SE05X_DER_BUFFER_SIZE]; - size_t publicKeyDerLen; - - if ((_cipher_type != kSSS_CipherType_EC_NIST_P) || (_algorithm_type != kAlgorithm_SSS_ECDSA_SHA256)) { - return 0; - } - - if (!generatePublicKey(slot, publicKeyDer, sizeof(publicKeyDer), &publicKeyDerLen)) { - return 0; - } - - getECKeyXyValuesFromDER(publicKeyDer, publicKeyDerLen, publicKey); - return 1; -} - -int SE05XClass::importPublicKey(int keyId, const byte pubKeyDer[], size_t pubKeyDerLen) -{ - sss_status_t status; - sss_object_t keyObject; - - if(!initObject(keyId, &keyObject, kSSS_KeyPart_Public, kKeyObject_Mode_Persistent, _cipher_type)) { - return 0; - } - - status = sss_key_store_set_key(&_boot_ctx.ks, &keyObject, pubKeyDer, pubKeyDerLen, _key_size_bits, NULL, 0); - - if(status != kStatus_SSS_Success ) { - SE05X_PRINT_ERROR("sss_key_store_set_key Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::beginSHA256() -{ - sss_status_t status; - - status = sss_digest_context_init(&_digest_ctx, &_boot_ctx.session, kAlgorithm_SSS_SHA256, kMode_SSS_Digest); - - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_digest_context_init Failed!!!"); - return 0; - } - - status = sss_digest_init(&_digest_ctx); - - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_digest_init Failed!!!"); - return 0; - } - - return 1; -} - -int SE05XClass::updateSHA256(const byte in[], size_t inLen) -{ - sss_status_t status; - - status = sss_digest_update(&_digest_ctx, in, inLen); - - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_digest_update Failed!!!"); - return 0; - } - - return 1; -} - -int SE05XClass::endSHA256(byte out[], size_t * outLen) -{ - sss_status_t status; - - status = sss_digest_finish(&_digest_ctx, out, outLen); - sss_digest_context_free(&_digest_ctx); - if (status != kStatus_SSS_Success) { - return 0; - } - - return 1; -} - -int SE05XClass::SHA256(const byte in[], size_t inLen, byte out[], size_t outMaxLen, size_t * outLen) -{ - sss_status_t status; - - status = sss_digest_context_init(&_digest_ctx, &_boot_ctx.session, kAlgorithm_SSS_SHA256, kMode_SSS_Digest); - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_digest_context_init Failed!!!"); - return 0; - } - - * outLen = outMaxLen; - status = sss_digest_one_go(&_digest_ctx, in, inLen, out, outLen); - sss_digest_context_free(&_digest_ctx); - if (status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_digest_one_go Failed!!!"); - return 0; - } - - return 1; -} - -int SE05XClass::Sign(int keyId, const byte hash[], size_t hashLen, byte sig[], size_t sigMaxLen, size_t * sigLen) -{ - sss_status_t status; - sss_object_t keyObject; - sss_asymmetric_t ctx_asymm; - - if(!initObject(keyId, &keyObject, kSSS_KeyPart_Private, kKeyObject_Mode_Persistent, _cipher_type)) { - return 0; - } - - status = sss_asymmetric_context_init(&ctx_asymm, - &_boot_ctx.session, - &keyObject, - _algorithm_type, - kMode_SSS_Sign); - - if(status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_asymmetric_context_init Failed"); - return 0; - } - - * sigLen = sigMaxLen; - if(kStatus_SSS_Success != sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t *)hash, hashLen, (uint8_t *)sig, sigLen)) { - SE05X_PRINT_ERROR("sss_asymmetric_sign_digest Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::ecSign(int slot, const byte message[], byte signature[]) -{ - byte signatureDer[SE05X_DER_BUFFER_SIZE]; - size_t signatureDerLen; - - if ((_cipher_type != kSSS_CipherType_EC_NIST_P) || (_algorithm_type != kAlgorithm_SSS_ECDSA_SHA256)) { - return 0; - } - - if (!Sign(slot, message, SE05X_SHA256_LENGTH, signatureDer, sizeof(signatureDer), &signatureDerLen)) { - return 0; - } - - /* Get r s values from DER buffer */ - getECSignatureRsValuesFromDER(signatureDer, signatureDerLen, signature); - return 1; -} - -int SE05XClass::Verify(int keyId, const byte hash[], size_t hashLen, const byte sig[], size_t sigLen) -{ - sss_status_t status; - sss_object_t keyObject; - sss_asymmetric_t ctx_asymm; - - if(!initObject(keyId, &keyObject, kSSS_KeyPart_Public, kKeyObject_Mode_Persistent, _cipher_type)) { - return 0; - } - - status = sss_asymmetric_context_init(&ctx_asymm, - &_boot_ctx.session, - &keyObject, - _algorithm_type, - kMode_SSS_Verify); - - if(status != kStatus_SSS_Success) { - SE05X_PRINT_ERROR("sss_asymmetric_context_init Failed"); - return 0; - } - - if(kStatus_SSS_Success != sss_asymmetric_verify_digest(&ctx_asymm, (uint8_t *)hash, hashLen, (uint8_t *)sig, sigLen)) { - SE05X_PRINT_ERROR("sss_asymmetric_verify_digest Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::ecdsaVerify(const byte message[], const byte signature[], const byte pubkey[]) -{ - byte pubKeyDER[SE05X_EC_KEY_DER_LENGTH]; - byte signatureDER[SE05X_EC_SIGNATURE_DER_LENGTH]; - int result; - - if ((_cipher_type != kSSS_CipherType_EC_NIST_P) || (_algorithm_type != kAlgorithm_SSS_ECDSA_SHA256)) { - return 0; - } - - setECKeyXyVauesInDER(pubkey, pubKeyDER); - if (!importPublicKey(SE05X_TEMP_OBJECT, pubKeyDER, sizeof(pubKeyDER))) { - return 0; - } - - setECSignatureRsValuesInDER(signature, signatureDER); - - result = Verify(SE05X_TEMP_OBJECT, message, SE05X_SHA256_LENGTH, signatureDER, SE05X_EC_SIGNATURE_DER_LENGTH); - - if (!deleteBinaryObject(SE05X_TEMP_OBJECT)) { - return 0; - } - return result; -} - -int SE05XClass::readBinaryObject(int objectId, byte data[], size_t dataMaxLen, size_t * length) -{ - sss_status_t status; - sss_object_t binObject; - size_t binSizeBits; - - if(!initObject(objectId, &binObject, kSSS_KeyPart_Default, kKeyObject_Mode_Persistent, kSSS_CipherType_Binary)) { - return 0; - } - - * length = dataMaxLen; - status = sss_key_store_get_key(&_boot_ctx.ks, &binObject, data, length, &binSizeBits); - if(status != kStatus_SSS_Success ) { - SE05X_PRINT_ERROR("sss_key_store_get_key Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::readSlot(int slot, byte data[], int length) -{ - size_t binSizeBits; - return readBinaryObject(slot, data, length, &binSizeBits); -} - -int SE05XClass::writeBinaryObject(int objectId, const byte data[], size_t length) -{ - sss_status_t status; - sss_object_t binObject; - - if(!initObject(objectId, &binObject, kSSS_KeyPart_Default, kKeyObject_Mode_Persistent, kSSS_CipherType_Binary)) { - return 0; - } - - status = sss_key_store_set_key(&_boot_ctx.ks, &binObject, data, length, length * 8, NULL, 0); - if(status != kStatus_SSS_Success ) { - SE05X_PRINT_ERROR("sss_key_store_set_key Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::writeSlot(int slot, const byte data[], int length) -{ - if (existsBinaryObject(slot)) { - if (!deleteBinaryObject(slot)) { - return 0; - } - } - return writeBinaryObject(slot, data, length); -} - -int SE05XClass::existsBinaryObject(int objectId) -{ - sss_object_t binObject; - - if(!getObjectHandle(objectId, &binObject)) { - return 0; - } - - return 1; -} - -int SE05XClass::deleteBinaryObject(int objectId) -{ - sss_status_t status; - sss_object_t binObject; - - if(!initObject(objectId, &binObject, kSSS_KeyPart_Default, kKeyObject_Mode_Persistent, kSSS_CipherType_Binary)) { - return 0; - } - - status = sss_key_store_erase_key(&_boot_ctx.ks, &binObject); - if(status != kStatus_SSS_Success ) { - SE05X_PRINT_ERROR("sss_key_store_erase_key Failed"); - return 0; - } - - return 1; -} - -int SE05XClass::deleteAllObjects(void) -{ - sss_se05x_session_t *pSession = (sss_se05x_session_t *)&_boot_ctx.session; - - if(SW_OK != Se05x_API_DeleteAll_Iterative(&pSession->s_ctx)) { - return 0; - } - - return 1; -} - -int SE05XClass::getObjectHandle(int objectId, sss_object_t * object) -{ - if(kStatus_SSS_Success != sss_key_object_init(object, &_boot_ctx.ks)) { - SE05X_PRINT_ERROR("sss_key_object_init Failed"); - return 0; - } - - if(kStatus_SSS_Success != sss_key_object_get_handle(object, objectId)) { - SE05X_PRINT_ERROR("sss_key_object_get_handle Failed"); - return 0; - } - - return 1; -} - -ex_sss_boot_ctx_t* SE05XClass::getDeviceCtx(void) { - return &_boot_ctx; -} - -int SE05XClass::initObject(size_t objectId, sss_object_t * object, sss_key_part_t objectPart, sss_key_object_mode_t objectMode, sss_cipher_type_t objectChiper) -{ - if (getObjectHandle(objectId, object)) { - return 1; - } - - if(kStatus_SSS_Success != sss_key_object_allocate_handle(object, objectId, objectPart, objectChiper, 0, objectMode)) { - SE05X_PRINT_ERROR("sss_key_object_allocate_handle Failed"); - return 0; - } - return 1; -} - - -SE05XClass SE05X; diff --git a/libraries/SE05X/src/SE05X.h b/libraries/SE05X/src/SE05X.h deleted file mode 100644 index e955491ba..000000000 --- a/libraries/SE05X/src/SE05X.h +++ /dev/null @@ -1,100 +0,0 @@ -/* - SE05X.h - Copyright (c) 2022 Arduino SA. All right reserved. - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -#ifndef _SE05X_H_ -#define _SE05X_H_ - -#include -#include "ex_sss_boot.h" -#include "fsl_sss_api.h" -#include "se05x_apis.h" -#include "se05x_APDU.h" - -#if defined SE05X_PRINT_ERROR_ENABLE -#define SE05X_PRINT_ERROR(x) Serial.println(x) -#else -#define SE05X_PRINT_ERROR(x) -#endif - -#define SE05X_SN_LENGTH 18 - -class SE05XClass -{ -public: - SE05XClass(); - virtual ~SE05XClass(); - - int begin(); - void end(); - - int serialNumber(byte sn[]); - int serialNumber(byte sn[], size_t length); - String serialNumber(); - - long random(long max); - long random(long min, long max); - int random(byte data[], size_t length); - - int generatePrivateKey(int keyId, byte pubKeyDer[], size_t pubKeyDerMaxLen, size_t * pubKeyDerLen); - int generatePublicKey(int keyId, byte pubKeyDer[], size_t pubKeyDerMaxLen, size_t * pubKeyDerLen); - int importPublicKey(int keyId, const byte pubKeyDer[], size_t pubKeyDerLen); - - int beginSHA256(); - int updateSHA256(const byte in[], size_t inLen); - int endSHA256(byte out[], size_t * outLen); - int SHA256(const byte in[], size_t inLen, byte out[], size_t outMaxLen, size_t * outLen); - - int Sign(int keyId, const byte hash[], size_t hashLen, byte sig[], size_t maxSigLen, size_t * sigLen); - int Verify(int keyId, const byte hash[], size_t hashLen, const byte sig[],size_t sigLen); - - int readBinaryObject(int ObjectId, byte data[], size_t dataMaxLen, size_t * length); - int writeBinaryObject(int ObjectId, const byte data[], size_t length); - int existsBinaryObject(int objectId); - int deleteBinaryObject(int objectId); - int deleteAllObjects(); - - int getObjectHandle(int objectId, sss_object_t * object); - - ex_sss_boot_ctx_t* getDeviceCtx(void); - - int generatePrivateKey(int slot, byte publicKey[]); - int generatePublicKey(int slot, byte publicKey[]); - int ecdsaVerify(const byte message[], const byte signature[], const byte pubkey[]); - int ecSign(int slot, const byte message[], byte signature[]); - int readSlot(int slot, byte data[], int length); - int writeSlot(int slot, const byte data[], int length); - inline int locked() { return 1; } - int writeConfiguration(const byte data[]); - int readConfiguration(byte data[]); - inline int lock() { return 1; } - -private: - int initObject(size_t objectId, sss_object_t * object, sss_key_part_t objectPart, sss_key_object_mode_t objectMode, sss_cipher_type_t objectChiper); - -private: - ex_sss_boot_ctx_t _boot_ctx; - sss_digest_t _digest_ctx; - sss_cipher_type_t _cipher_type; - sss_algorithm_t _algorithm_type; - size_t _key_size_bits; -}; - -extern SE05XClass SE05X; - -#endif diff --git a/libraries/SE05X/src/WiFiSSLSE050Client.cpp b/libraries/SE05X/src/WiFiSSLSE050Client.cpp deleted file mode 100644 index b5c43852e..000000000 --- a/libraries/SE05X/src/WiFiSSLSE050Client.cpp +++ /dev/null @@ -1,43 +0,0 @@ -/* - WiFiSSLSE050Client.h - Copyright (c) 2022 Arduino SA. All right reserved. - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -#include "WiFiSSLSE050Client.h" - -arduino::MbedSSLSE050Client::MbedSSLSE050Client() { - onBeforeConnect(mbed::callback(this, &MbedSSLSE050Client::setRootCAClientCertKey)); -}; - -void arduino::MbedSSLSE050Client::setEccSlot(int KeySlot, const byte cert[], int certLen) { - - _keySlot = KeySlot; - _certLen = certLen; - _cert = cert; -} - -void WiFiSSLSE050Client::setEccSlot(int KeySlot, const byte cert[], int certLen) { - if (!client) { - newMbedClient(); - } - static_cast(client.get())->setEccSlot(KeySlot, cert, certLen); -} - -void WiFiSSLSE050Client::newMbedClient() { - client.reset(new MbedSSLSE050Client()); - client->setNetwork(getNetwork()); -} diff --git a/libraries/SE05X/src/WiFiSSLSE050Client.h b/libraries/SE05X/src/WiFiSSLSE050Client.h deleted file mode 100644 index 3aed4f4e3..000000000 --- a/libraries/SE05X/src/WiFiSSLSE050Client.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - WiFiSSLSE050Client.h - Copyright (c) 2022 Arduino SA. All right reserved. - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -#ifndef WIFISSLSE050CLIENT_H -#define WIFISSLSE050CLIENT_H - - -#include "SE05X.h" -#include "WiFiSSLClient.h" -#include "MbedSSLClient.h" - -extern const char CA_CERTIFICATES[]; - -namespace arduino { - -class MbedSSLSE050Client : public arduino::MbedSSLClient { - -public: - MbedSSLSE050Client(); - - void setEccSlot(int KeySlot, const byte cert[], int certLen); - -private: - const byte* _cert; - int _certLen; - int _keySlot; - sss_object_t _keyObject; - - int setRootCAClientCertKey() { - int err = setRootCA(); - if (err != NSAPI_ERROR_OK) { - return err; - } - - if(SE05X.getObjectHandle(_keySlot, &_keyObject) != NSAPI_ERROR_OK) { - return NSAPI_ERROR_DEVICE_ERROR; - } - - if(((TLSSocket*)sock)->set_client_cert_key((void*)_cert, - (size_t)_certLen, - &_keyObject, - SE05X.getDeviceCtx()) != NSAPI_ERROR_OK) { - return NSAPI_ERROR_DEVICE_ERROR; - } - return NSAPI_ERROR_OK; - } -}; - -class WiFiSSLSE050Client : public arduino::WiFiSSLClient { - -public: - - void setEccSlot(int KeySlot, const byte cert[], int certLen); - -protected: - virtual void newMbedClient(); -}; - -} - -#endif /* WIFISSLSE050CLIENT_H */ diff --git a/patches/0266-SE05x-remove-support-for-crypto-from-mbedos.patch b/patches/0266-SE05x-remove-support-for-crypto-from-mbedos.patch new file mode 100644 index 000000000..6f3e3f8c3 --- /dev/null +++ b/patches/0266-SE05x-remove-support-for-crypto-from-mbedos.patch @@ -0,0 +1,80780 @@ +From 9640127907b18b8338b1d1f32ff8992a95b605e4 Mon Sep 17 00:00:00 2001 +From: Andrea Gilardoni +Date: Wed, 15 Apr 2026 14:56:59 +0200 +Subject: [PATCH] SE05x: remove support for crypto from mbedos + +in favor of external library for se05x crypto shared among all cores. +--- + .../COMPONENT_SE050/Apache_2_0.txt | 202 - + .../COMPONENT_SE050/BSD3_license.txt | 11 - + .../COMPONENT_SE050/ChangeLog.md | 91 - + .../COMPONENT_SE050/LICENSE | 2 - + .../COMPONENT_SE050/README.rst | 328 - + .../ecc_example/CMakeLists.txt | 87 - + .../COMPONENT_SE050/fsl_sss_ftr.h | 651 -- + .../hostlib/hostLib/inc/Applet_SE050_Ver.h | 114 - + .../hostLib/inc/PlugAndTrust_HostLib_Ver.h | 63 - + .../hostLib/inc/PlugAndTrust_Pkg_Ver.h | 62 - + .../hostlib/hostLib/inc/nxEnsure.h | 279 - + .../hostlib/hostLib/inc/nxScp03_Apis.h | 90 - + .../hostlib/hostLib/inc/nxScp03_Const.h | 97 - + .../hostlib/hostLib/inc/nxScp03_Types.h | 306 - + .../COMPONENT_SE050/hostlib/hostLib/inc/scp.h | 127 - + .../hostlib/hostLib/inc/se05x_const.h | 168 - + .../hostlib/hostLib/inc/se05x_ecc_curves.h | 19 - + .../hostLib/inc/se05x_ecc_curves_inc.h | 268 - + .../hostLib/inc/se05x_ecc_curves_values.h | 2801 ------- + .../hostlib/hostLib/inc/se05x_enums.h | 1030 --- + .../hostlib/hostLib/inc/se05x_ftr.h | 36 - + .../hostlib/hostLib/inc/se05x_tlv.h | 370 - + .../hostlib/hostLib/inc/sm_const.h | 123 - + .../hostLib/libCommon/infra/global_platf.c | 87 - + .../hostLib/libCommon/infra/global_platf.h | 28 - + .../hostlib/hostLib/libCommon/infra/sm_apdu.c | 880 -- + .../hostlib/hostLib/libCommon/infra/sm_apdu.h | 217 - + .../hostlib/hostLib/libCommon/infra/sm_api.h | 119 - + .../hostLib/libCommon/infra/sm_connect.c | 655 -- + .../hostLib/libCommon/infra/sm_errors.c | 74 - + .../hostLib/libCommon/infra/sm_errors.h | 31 - + .../hostLib/libCommon/infra/sm_printf.c | 32 - + .../hostLib/libCommon/infra/sm_types.h | 163 - + .../hostLib/libCommon/nxScp/nxScp03_Com.c | 429 - + .../hostlib/hostLib/libCommon/nxlog/nxLog.c | 390 - + .../hostlib/hostLib/libCommon/nxlog/nxLog.h | 107 - + .../hostLib/libCommon/nxlog/nxLog_App.h | 183 - + .../libCommon/nxlog/nxLog_DefaultConfig.h | 44 - + .../hostLib/libCommon/nxlog/nxLog_hostLib.h | 183 - + .../hostLib/libCommon/nxlog/nxLog_mbedtls.h | 183 - + .../hostLib/libCommon/nxlog/nxLog_scp.h | 183 - + .../hostLib/libCommon/nxlog/nxLog_smCom.h | 183 - + .../hostLib/libCommon/nxlog/nxLog_sss.h | 183 - + .../libCommon/smCom/T1oI2C/phEseStatus.h | 421 - + .../libCommon/smCom/T1oI2C/phEseTypes.h | 31 - + .../libCommon/smCom/T1oI2C/phNxpEsePal_i2c.c | 202 - + .../libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h | 110 - + .../smCom/T1oI2C/phNxpEseProto7816_3.c | 1697 ---- + .../smCom/T1oI2C/phNxpEseProto7816_3.h | 443 - + .../libCommon/smCom/T1oI2C/phNxpEse_Api.c | 766 -- + .../libCommon/smCom/T1oI2C/phNxpEse_Api.h | 70 - + .../smCom/T1oI2C/phNxpEse_Internal.h | 54 - + .../hostLib/libCommon/smCom/apduComm.h | 65 - + .../hostlib/hostLib/libCommon/smCom/smCom.c | 204 - + .../hostlib/hostLib/libCommon/smCom/smCom.h | 49 - + .../hostLib/libCommon/smCom/smComT1oI2C.c | 200 - + .../hostLib/libCommon/smCom/smComT1oI2C.h | 71 - + .../hostlib/hostLib/mbedtls/src/ecdh_alt.c | 710 -- + .../hostlib/hostLib/mbedtls/src/rsa_alt.c | 2376 ------ + .../hostLib/platform/generic/sm_timer.c | 85 - + .../hostlib/hostLib/platform/inc/i2c_a7.h | 160 - + .../hostlib/hostLib/platform/inc/se05x_apis.h | 20 - + .../hostlib/hostLib/platform/inc/sm_printf.h | 40 - + .../hostlib/hostLib/platform/inc/sm_timer.h | 31 - + .../hostlib/hostLib/platform/se05x_i2c.cpp | 59 - + .../hostlib/hostLib/platform/se05x_power.cpp | 39 - + .../hostLib/se05x/src/se05x_ECC_curves.c | 72 - + .../hostlib/hostLib/se05x/src/se05x_mw.c | 106 - + .../hostlib/hostLib/se05x/src/se05x_tlv.c | 822 -- + .../se05x_03_xx_xx/se05x_04_xx_APDU_apis.h | 1207 --- + .../se05x_03_xx_xx/se05x_04_xx_APDU_impl.h | 1535 ---- + .../hostLib/se05x_03_xx_xx/se05x_APDU.c | 91 - + .../hostLib/se05x_03_xx_xx/se05x_APDU.h | 76 - + .../hostLib/se05x_03_xx_xx/se05x_APDU_apis.h | 5812 -------------- + .../hostLib/se05x_03_xx_xx/se05x_APDU_impl.h | 3470 -------- + .../mbedtls_cli_srv/CMakeLists.txt | 207 - + .../COMPONENT_SE050/sss/ex/ecc/ex_sss_ecc.c | 179 - + .../COMPONENT_SE050/sss/ex/inc/ex_scp03_puf.h | 124 - + .../COMPONENT_SE050/sss/ex/inc/ex_sss.h | 96 - + .../COMPONENT_SE050/sss/ex/inc/ex_sss_auth.h | 180 - + .../COMPONENT_SE050/sss/ex/inc/ex_sss_boot.h | 220 - + .../sss/ex/inc/ex_sss_main_inc.h | 382 - + .../sss/ex/inc/ex_sss_main_inc_linux.h | 25 - + .../COMPONENT_SE050/sss/ex/inc/ex_sss_objid.h | 112 - + .../COMPONENT_SE050/sss/ex/inc/ex_sss_ports.h | 53 - + .../sss/ex/inc/ex_sss_scp03_keys.h | 75 - + .../sss/ex/inc/ex_sss_tp_scp03_keys.h | 119 - + .../sss/ex/mbedtls/ex_sss_ssl2.c | 2275 ------ + .../COMPONENT_SE050/sss/ex/src/ex_sss_boot.c | 280 - + .../sss/ex/src/ex_sss_boot_connectstring.c | 178 - + .../sss/ex/src/ex_sss_boot_int.h | 70 - + .../sss/ex/src/ex_sss_scp03_auth.c | 233 - + .../COMPONENT_SE050/sss/ex/src/ex_sss_se05x.c | 427 - + .../sss/ex/src/ex_sss_se05x_auth.c | 602 -- + .../COMPONENT_SE050/sss/inc/fsl_sscp.h | 428 - + .../COMPONENT_SE050/sss/inc/fsl_sss_api.h | 1892 ----- + .../COMPONENT_SE050/sss/inc/fsl_sss_api_ver.h | 64 - + .../COMPONENT_SE050/sss/inc/fsl_sss_config.h | 84 - + .../sss/inc/fsl_sss_ftr_default.h | 673 -- + .../sss/inc/fsl_sss_keyid_map.h | 182 - + .../sss/inc/fsl_sss_lpc55s_apis.h | 115 - + .../sss/inc/fsl_sss_mbedtls_apis.h | 837 -- + .../sss/inc/fsl_sss_mbedtls_types.h | 253 - + .../sss/inc/fsl_sss_openssl_apis.h | 839 -- + .../sss/inc/fsl_sss_openssl_types.h | 239 - + .../COMPONENT_SE050/sss/inc/fsl_sss_policy.h | 221 - + .../sss/inc/fsl_sss_se05x_apis.h | 781 -- + .../sss/inc/fsl_sss_se05x_policy.h | 51 - + .../sss/inc/fsl_sss_se05x_scp03.h | 56 - + .../sss/inc/fsl_sss_se05x_types.h | 618 -- + .../COMPONENT_SE050/sss/inc/fsl_sss_sscp.h | 717 -- + .../sss/inc/fsl_sss_user_apis.h | 627 -- + .../sss/inc/fsl_sss_user_types.h | 144 - + .../sss/inc/fsl_sss_util_asn1_der.h | 175 - + .../sss/inc/fsl_sss_util_rsa_sign_utils.h | 28 - + .../sss/plugin/mbedtls/ecdh_alt_ax.c | 417 - + .../sss/plugin/mbedtls/ecdsa_verify_alt.c | 632 -- + .../sss/plugin/mbedtls/ecdsa_verify_alt.h | 12 - + .../sss/plugin/mbedtls/ecp_alt.h | 191 - + .../sss/plugin/mbedtls/port/ksdk/ecp_alt.c | 3115 -------- + .../plugin/mbedtls/port/ksdk/ecp_curves_alt.c | 1485 ---- + .../sss/plugin/mbedtls/rsa_alt.h | 86 - + .../sss/plugin/mbedtls/sss_mbedtls.c | 508 -- + .../sss/plugin/mbedtls/sss_mbedtls.h | 102 - + .../sss/plugin/mbedtls/sss_mbedtls_rsa.c | 251 - + .../plugin/mbedtls/sss_mbedtls_x86_config.h | 3368 -------- + .../sss/port/default/fsl_sss_types.h | 67 - + .../COMPONENT_SE050/sss/src/fsl_sss_apis.c | 2601 ------ + .../sss/src/fsl_sss_util_asn1_der.c | 1751 ---- + .../sss/src/fsl_sss_util_rsa_sign_utils.c | 553 -- + .../sss/src/keystore/keystore_cmn.c | 291 - + .../sss/src/keystore/keystore_openssl.c | 224 - + .../sss/src/keystore/keystore_pc.c | 340 - + .../sss/src/mbedtls/fsl_sss_mbedtls_apis.c | 3183 -------- + .../sss/src/openssl/fsl_sss_openssl_apis.c | 3737 --------- + .../sss/src/se05x/fsl_sss_se05x_apis.c | 7104 ----------------- + .../sss/src/se05x/fsl_sss_se05x_eckey.c | 534 -- + .../sss/src/se05x/fsl_sss_se05x_mw.c | 509 -- + .../sss/src/se05x/fsl_sss_se05x_policy.c | 392 - + .../sss/src/se05x/fsl_sss_se05x_scp03.c | 520 -- + targets/targets.json | 19 +- + 141 files changed, 1 insertion(+), 79625 deletions(-) + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/Apache_2_0.txt + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/BSD3_license.txt + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/ChangeLog.md + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/LICENSE + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/README.rst + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/ecc_example/CMakeLists.txt + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/fsl_sss_ftr.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/Applet_SE050_Ver.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_HostLib_Ver.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_Pkg_Ver.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxEnsure.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Apis.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Const.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Types.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/scp.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_const.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_inc.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_values.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_enums.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ftr.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_tlv.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/sm_const.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_api.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_connect.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_printf.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_types.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxScp/nxScp03_Com.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_App.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_DefaultConfig.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_hostLib.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_mbedtls.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_scp.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_smCom.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_sss.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseStatus.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseTypes.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Internal.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/apduComm.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/mbedtls/src/ecdh_alt.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/mbedtls/src/rsa_alt.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/generic/sm_timer.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/i2c_a7.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/se05x_apis.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_printf.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_timer.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/se05x_i2c.cpp + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/se05x_power.cpp + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x/src/se05x_ECC_curves.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x/src/se05x_mw.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x/src/se05x_tlv.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_apis.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_impl.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_impl.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/mbedtls_cli_srv/CMakeLists.txt + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/ecc/ex_sss_ecc.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_scp03_puf.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_auth.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_boot.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc_linux.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_objid.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_ports.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_scp03_keys.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_tp_scp03_keys.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/mbedtls/ex_sss_ssl2.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_connectstring.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_int.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_scp03_auth.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_se05x.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_se05x_auth.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sscp.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api_ver.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_config.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_ftr_default.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_keyid_map.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_lpc55s_apis.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_apis.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_types.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_apis.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_types.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_policy.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_apis.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_policy.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_scp03.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_types.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_sscp.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_apis.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_types.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_asn1_der.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_rsa_sign_utils.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdh_alt_ax.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecp_alt.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/port/ksdk/ecp_alt.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/port/ksdk/ecp_curves_alt.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/rsa_alt.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_rsa.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_x86_config.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port/default/fsl_sss_types.h + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/fsl_sss_apis.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/fsl_sss_util_asn1_der.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/fsl_sss_util_rsa_sign_utils.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/keystore/keystore_cmn.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/keystore/keystore_openssl.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/keystore/keystore_pc.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/mbedtls/fsl_sss_mbedtls_apis.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/openssl/fsl_sss_openssl_apis.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_apis.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_eckey.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_mw.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_policy.c + delete mode 100644 targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_scp03.c + +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/Apache_2_0.txt b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/Apache_2_0.txt +deleted file mode 100644 +index d645695673..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/Apache_2_0.txt ++++ /dev/null +@@ -1,202 +0,0 @@ +- +- Apache License +- Version 2.0, January 2004 +- http://www.apache.org/licenses/ +- +- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION +- +- 1. Definitions. +- +- "License" shall mean the terms and conditions for use, reproduction, +- and distribution as defined by Sections 1 through 9 of this document. +- +- "Licensor" shall mean the copyright owner or entity authorized by +- the copyright owner that is granting the License. +- +- "Legal Entity" shall mean the union of the acting entity and all +- other entities that control, are controlled by, or are under common +- control with that entity. For the purposes of this definition, +- "control" means (i) the power, direct or indirect, to cause the +- direction or management of such entity, whether by contract or +- otherwise, or (ii) ownership of fifty percent (50%) or more of the +- outstanding shares, or (iii) beneficial ownership of such entity. +- +- "You" (or "Your") shall mean an individual or Legal Entity +- exercising permissions granted by this License. +- +- "Source" form shall mean the preferred form for making modifications, +- including but not limited to software source code, documentation +- source, and configuration files. +- +- "Object" form shall mean any form resulting from mechanical +- transformation or translation of a Source form, including but +- not limited to compiled object code, generated documentation, +- and conversions to other media types. +- +- "Work" shall mean the work of authorship, whether in Source or +- Object form, made available under the License, as indicated by a +- copyright notice that is included in or attached to the work +- (an example is provided in the Appendix below). +- +- "Derivative Works" shall mean any work, whether in Source or Object +- form, that is based on (or derived from) the Work and for which the +- editorial revisions, annotations, elaborations, or other modifications +- represent, as a whole, an original work of authorship. For the purposes +- of this License, Derivative Works shall not include works that remain +- separable from, or merely link (or bind by name) to the interfaces of, +- the Work and Derivative Works thereof. +- +- "Contribution" shall mean any work of authorship, including +- the original version of the Work and any modifications or additions +- to that Work or Derivative Works thereof, that is intentionally +- submitted to Licensor for inclusion in the Work by the copyright owner +- or by an individual or Legal Entity authorized to submit on behalf of +- the copyright owner. For the purposes of this definition, "submitted" +- means any form of electronic, verbal, or written communication sent +- to the Licensor or its representatives, including but not limited to +- communication on electronic mailing lists, source code control systems, +- and issue tracking systems that are managed by, or on behalf of, the +- Licensor for the purpose of discussing and improving the Work, but +- excluding communication that is conspicuously marked or otherwise +- designated in writing by the copyright owner as "Not a Contribution." +- +- "Contributor" shall mean Licensor and any individual or Legal Entity +- on behalf of whom a Contribution has been received by Licensor and +- subsequently incorporated within the Work. +- +- 2. Grant of Copyright License. Subject to the terms and conditions of +- this License, each Contributor hereby grants to You a perpetual, +- worldwide, non-exclusive, no-charge, royalty-free, irrevocable +- copyright license to reproduce, prepare Derivative Works of, +- publicly display, publicly perform, sublicense, and distribute the +- Work and such Derivative Works in Source or Object form. +- +- 3. Grant of Patent License. Subject to the terms and conditions of +- this License, each Contributor hereby grants to You a perpetual, +- worldwide, non-exclusive, no-charge, royalty-free, irrevocable +- (except as stated in this section) patent license to make, have made, +- use, offer to sell, sell, import, and otherwise transfer the Work, +- where such license applies only to those patent claims licensable +- by such Contributor that are necessarily infringed by their +- Contribution(s) alone or by combination of their Contribution(s) +- with the Work to which such Contribution(s) was submitted. If You +- institute patent litigation against any entity (including a +- cross-claim or counterclaim in a lawsuit) alleging that the Work +- or a Contribution incorporated within the Work constitutes direct +- or contributory patent infringement, then any patent licenses +- granted to You under this License for that Work shall terminate +- as of the date such litigation is filed. +- +- 4. Redistribution. You may reproduce and distribute copies of the +- Work or Derivative Works thereof in any medium, with or without +- modifications, and in Source or Object form, provided that You +- meet the following conditions: +- +- (a) You must give any other recipients of the Work or +- Derivative Works a copy of this License; and +- +- (b) You must cause any modified files to carry prominent notices +- stating that You changed the files; and +- +- (c) You must retain, in the Source form of any Derivative Works +- that You distribute, all copyright, patent, trademark, and +- attribution notices from the Source form of the Work, +- excluding those notices that do not pertain to any part of +- the Derivative Works; and +- +- (d) If the Work includes a "NOTICE" text file as part of its +- distribution, then any Derivative Works that You distribute must +- include a readable copy of the attribution notices contained +- within such NOTICE file, excluding those notices that do not +- pertain to any part of the Derivative Works, in at least one +- of the following places: within a NOTICE text file distributed +- as part of the Derivative Works; within the Source form or +- documentation, if provided along with the Derivative Works; or, +- within a display generated by the Derivative Works, if and +- wherever such third-party notices normally appear. The contents +- of the NOTICE file are for informational purposes only and +- do not modify the License. You may add Your own attribution +- notices within Derivative Works that You distribute, alongside +- or as an addendum to the NOTICE text from the Work, provided +- that such additional attribution notices cannot be construed +- as modifying the License. +- +- You may add Your own copyright statement to Your modifications and +- may provide additional or different license terms and conditions +- for use, reproduction, or distribution of Your modifications, or +- for any such Derivative Works as a whole, provided Your use, +- reproduction, and distribution of the Work otherwise complies with +- the conditions stated in this License. +- +- 5. Submission of Contributions. Unless You explicitly state otherwise, +- any Contribution intentionally submitted for inclusion in the Work +- by You to the Licensor shall be under the terms and conditions of +- this License, without any additional terms or conditions. +- Notwithstanding the above, nothing herein shall supersede or modify +- the terms of any separate license agreement you may have executed +- with Licensor regarding such Contributions. +- +- 6. Trademarks. This License does not grant permission to use the trade +- names, trademarks, service marks, or product names of the Licensor, +- except as required for reasonable and customary use in describing the +- origin of the Work and reproducing the content of the NOTICE file. +- +- 7. Disclaimer of Warranty. Unless required by applicable law or +- agreed to in writing, Licensor provides the Work (and each +- Contributor provides its Contributions) on an "AS IS" BASIS, +- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +- implied, including, without limitation, any warranties or conditions +- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A +- PARTICULAR PURPOSE. You are solely responsible for determining the +- appropriateness of using or redistributing the Work and assume any +- risks associated with Your exercise of permissions under this License. +- +- 8. Limitation of Liability. In no event and under no legal theory, +- whether in tort (including negligence), contract, or otherwise, +- unless required by applicable law (such as deliberate and grossly +- negligent acts) or agreed to in writing, shall any Contributor be +- liable to You for damages, including any direct, indirect, special, +- incidental, or consequential damages of any character arising as a +- result of this License or out of the use or inability to use the +- Work (including but not limited to damages for loss of goodwill, +- work stoppage, computer failure or malfunction, or any and all +- other commercial damages or losses), even if such Contributor +- has been advised of the possibility of such damages. +- +- 9. Accepting Warranty or Additional Liability. While redistributing +- the Work or Derivative Works thereof, You may choose to offer, +- and charge a fee for, acceptance of support, warranty, indemnity, +- or other liability obligations and/or rights consistent with this +- License. However, in accepting such obligations, You may act only +- on Your own behalf and on Your sole responsibility, not on behalf +- of any other Contributor, and only if You agree to indemnify, +- defend, and hold each Contributor harmless for any liability +- incurred by, or claims asserted against, such Contributor by reason +- of your accepting any such warranty or additional liability. +- +- END OF TERMS AND CONDITIONS +- +- APPENDIX: How to apply the Apache License to your work. +- +- To apply the Apache License to your work, attach the following +- boilerplate notice, with the fields enclosed by brackets "[]" +- replaced with your own identifying information. (Don't include +- the brackets!) The text should be enclosed in the appropriate +- comment syntax for the file format. We also recommend that a +- file or class name and description of purpose be included on the +- same "printed page" as the copyright notice for easier +- identification within third-party archives. +- +- Copyright [yyyy] [name of copyright owner] +- +- Licensed under the Apache License, Version 2.0 (the "License"); +- you may not use this file except in compliance with the License. +- You may obtain a copy of the License at +- +- http://www.apache.org/licenses/LICENSE-2.0 +- +- Unless required by applicable law or agreed to in writing, software +- distributed under the License is distributed on an "AS IS" BASIS, +- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- See the License for the specific language governing permissions and +- limitations under the License. +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/BSD3_license.txt b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/BSD3_license.txt +deleted file mode 100644 +index 376933eca3..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/BSD3_license.txt ++++ /dev/null +@@ -1,11 +0,0 @@ +-Copyright 2010-2020 NXP +- +-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: +- +-1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +- +-2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +- +-3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. +- +-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/ChangeLog.md b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/ChangeLog.md +deleted file mode 100644 +index 4b37821827..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/ChangeLog.md ++++ /dev/null +@@ -1,91 +0,0 @@ +-# Plug-And-Trust Mini Package Change Log +- +-## Release v03.03.00 +- +-- sss_openssl_cipher_one_go() api modified to use EVP calls for AES (ECB, CBC, CTR) +- +-- sss_se05x_cipher_update() api modified to use block size of 256 to enhance performance. +- +- +-## Release v03.01.00 +- +-- Extended kSSS_KeyPart_Default for other objectType. +- +- - Earlier: Object type ``kSSS_KeyPart_Default`` is used for Binary Files, +- Certificates, Symmetric Keys, PCR and HMAC-key. +- +- - Now: UserID and Counter are added for ``kSSS_KeyPart_Default``. +- This means objectType of UserID and Counter will be ``kSSS_KeyPart_Default`` after +- calling :cpp:type:`sss_key_object_get_handle`. +- Comment for enum ``sss_key_part_t`` is updated accordingly. +- +-- Added new API :cpp:func:`Se05x_API_WritePCR_WithType` with support to +- write transient PCR objects also. +- +-- Deprecated API :cpp:func:`Se05x_API_WritePCR`. Added macro :c:macro:`ENABLE_DEPRECATED_API_WritePCR` +- to enable compilation of deprecated API :cpp:func:`Se05x_API_WritePCR`. +- Support will be removed by Q1 2022. +- +-- Bugfix - Handling of result tag in case of failure in :cpp:func:`Se05x_API_AeadOneShot`, +- :cpp:func:`Se05x_API_AeadFinal` and +- :cpp:func:`Se05x_API_AeadCCMFinal` +- +-- Bugfix - KVN12 key can be used for PlatformSCP authentication now in SE051. +- +-- SE05x APDU - Response length set to 0 in error condition - :cpp:func:`tlvGet_u8buf`. +- +-- Created separate library (``mwlog``) for logging framework. See :numref:`stack-logging` +- :ref:`stack-logging` +- +-- Order of log level reversed. Current log level is - ``{"ERROR", "WARN ", "INFO ", "DEBUG"}``. +- +-- Mbedtls ALT is extended with ECDSA verify operation using ``MBEDTLS_ECDSA_VERIFY_ALT`` define. (Disabled by default). +- Using this all EC public key verify operations can be performed using SE05x. +- +-- Changed files under BSD3 License with NXP Copyright to Apache2 License. +- +-- Changed files under Proprietary license to Apache 2 License. +- +- +-## Release v03.00.06 +- +-- smCom_Init: return type is now *U16* instead of *void*. Return value indicates success/failure to create mutex/semophore. +- +-- The enumerated type **SE05x_EDSignatureAlgo_t** contained a value **kSE05x_EDSignatureAlgo_ED25519PH_SHA_512**. +- The mnemonic name of the value was misleading as it actually corresponded to the `Pure EDDSA algorithm` not the +- `Prehashed (PH) EDDSA algorithm`. This has now been corrected. **This will require corresponding update in the application code.** +- +- - EDDSA signature algorithm enumerated value **kSE05x_EDSignatureAlgo_ED25519PH_SHA_512** is changed into **kSE05x_EDSignatureAlgo_ED25519PURE_SHA_512**. +- +- - EDDSA attestation algorithm enumerated value **kSE05x_AttestationAlgo_ED25519PH_SHA_512** is changed into as **kSE05x_AttestationAlgo_ED25519PURE_SHA_512**. +- +-- Fixed typo in example code API: ex_sss_kestore_and_object_init() is now ex_sss_key_store_and_object_init() +- +-- Added support for SE051 type +- +-- Extended SE051 specific APDU command and response buffer size to match SE051's capabilities. +- +-- SSS API blocks SHA512 attestation, signing and verification for RSA512 key +- +-- Bug Fix : Fix for attestation read of symmetric objects which have no read policy. +- +-- Added Platform SCP03 keys for SE051 (Variant A2 and C2). +- +- +-## Release v03.00.02 +- +-- T1oI2C: +- +- - Fixed: potential null pointer dereference +- +- - Fixed: RSYNC _ + CRC error results in saving response to uninitialised buffer. +- +-- ``hostlib/hostLib/platform/linux/i2c_a7.c``: A call to `axI2CTerm()` now closes the I2C file descriptor associated with the +- I2C communication channel. +- +- +-## Release v03.00.00 +- +-- Initial commit +- +-- Plug & Trust middleware to use secure element SE050 +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/LICENSE b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/LICENSE +deleted file mode 100644 +index 546a8e631f..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/LICENSE ++++ /dev/null +@@ -1,2 +0,0 @@ +-Unless specifically indicated otherwise in a file, files are licensed +-under the Apache 2.0 license, as can be found in: apache-2.0.txt +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/README.rst b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/README.rst +deleted file mode 100644 +index fb71b7bf10..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/README.rst ++++ /dev/null +@@ -1,328 +0,0 @@ +-Introduction on Plug & Trust Middleware Mini Package +-==================================================================== +- +-Plug and Trust middleware mini package contains the minimum files required to +-connect to SE05x using t1oi2c protocol. The package is tested on +-*Raspberry-Pi* with ``T=1 overI2C``. +- +-The complete Plug and Trust middleware package can be downloaded from +-https://www.nxp.com/products/:SE050. The package has support for other +-platforms. +- +-- iMX6UL, iMX8MQ - Linux +-- Freedom K64F, i.MX RT 1060, LPC55S - FreeRTOS/Without RTOS +-- Hikey 960 - Android +-- Windows PC(Visual Studio) +- +-It also includes other api usage examples, ssscli (command line tool to use +-SE05x), cloud connectivity examples, openssl engine, pkcs11 interface, AWS +-Greengrass, OPCUA and more. More details regarding SE05x and other detailed +-application notes can be found at https://www.nxp.com/products/:SE050 / +-https://www.nxp.com/products/:SE051. +- +- +-Change Log +-------------------------------------------------------------- +-Refer ChangeLog.md +- +- +- +-Folder structure of the Mini Pacakge +-------------------------------------------------------------- +- +-The folder structure of mini package is as under:: +- +- ├───ecc_example +- ├───hostlib +- │ └───hostLib +- │ ├───inc +- │ ├───libCommon +- │ │ ├───infra +- │ │ ├───nxScp +- │ │ └───smCom +- │ │ └───T1oI2C +- │ ├───mbedtls +- │ │ └───src +- │ ├───platform +- │ │ ├───generic +- │ │ ├───inc +- │ │ ├───linux +- │ │ └───rsp +- │ ├───se05x +- │ │ └───src +- │ └───se05x_03_xx_xx +- └───sss +- ├───ex +- │ ├───ecc +- │ ├───inc +- │ └───src +- ├───inc +- ├───plugin +- │ └───mbedtls +- ├───port +- │ └───default +- └───src +- ├───keystore +- ├───mbedtls +- ├───openssl +- └───se05x +- +-Important folders are as under: +- +-:ecc_example: ecc sign and verify example. (Tested on Raspberry Pi with openssl 1.1.1) +- +-:hostlib: This folder contains the common part of host library e.g. ``T=1oI2C`` communication +- protocol stack, SE050 APIs, etc. +- +-:sss: This folder contains the **SSS APIs** interface to the Application Layer. +- +- +-Prerequisite +-------------------------------------------------------------- +-- Linux should be running on the Raspberry Pi development board, +- the release was tested with Raspbian Buster (``4.19.75-v7l+``) +-- SE050 or SE051 connected to i2c-1 port of Raspberry Pi. +- +- +-ECC example +-------------------------------------------------------------- +- +-This example demonstrates Elliptic Curve Cryptography sign and verify +-operation using SSS APIs. (``/sss/ex/ecc/ex_sss_ecc.c``) Execute the command +-below to test the ecc example:: +- +- cd ecc_example +- mkdir build +- cd build +- cmake .. +- cmake --build . +- ./ex_ecc +- +- +-Build Applications using Mini Package +-------------------------------------------------------------- +- +-Use the source file in `sss/ex` folder to open the session to se05x. +-Applications code should start with function `ex_sss_entry`:: +- +- sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx) +- +-Refer the example `ecc_example`. +-Example File - `/sss/ex/ecc/ex_sss_ecc.c` +- +- +-Use the below macros in ``fsl_sss_ftr.h`` file to enable support for either SE050 or SE051. :: +- +- /** SE050 */ +- #define SSS_HAVE_SE05X_VER_03_XX 1 +- +- /** SE051 */ +- #define SSS_HAVE_SE05X_VER_06_00 0 +- +- +-To enable authenticated session to SE05x, make the following changes, +- +-1. Enable any host crypto (Mbedtls or openssl or User crypto) in +- ``fsl_sss_ftr.h`` file. Refer, +- +-- For Openssl: Refer section - *Openssl host crypto in mini package* +-- For Mbedtls: Refer section - *Mbedtls host crypto in mini package* +-- For User Crypto: Refer section - *User host crypto in mini package* +- +- +-2. Enable the below macros in ``fsl_sss_ftr.h`` file: +- +-- ``#define SSS_HAVE_SCP_SCP03_SSS 1`` +-- ``#define SSSFTR_SE05X_AuthSession 1`` +- +-3. Below settings can be used to authenticate with SE (Refer SE050 - User +- Guidelines in https://www.nxp.com/products/:SE050 for more details on session +- authentication) +- +-- ``SSS_HAVE_SE05X_AUTH_USERID`` +-- ``SSS_HAVE_SE05X_AUTH_AESKEY`` +-- ``SSS_HAVE_SE05X_AUTH_ECKEY`` +-- ``SSS_HAVE_SE05X_AUTH_PLATFSCP03`` +-- ``SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03`` +-- ``SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03`` +-- ``SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03`` +- +- +-4. Include the below source files for autheticated session open, +- +-- ``sss/ex/src/ex_sss_scp03_auth.c`` +-- ``sss/src/se05x/fsl_sss_se05x_eckey.c`` +-- ``sss/src/se05x/fsl_sss_se05x_scp03.c`` +-- ``hostlib/hostLib/libCommon/nxScp/nxScp03_Com.c`` +- +- +-Openssl host crypto in mini package +-------------------------------------------------------------- +- +-Enable/disable the openssl host crypto by changing the below definition in +-``fsl_sss_ftr.h`` file:: +- +- /** Use OpenSSL as host crypto */ +- #define SSS_HAVE_HOSTCRYPTO_OPENSSL 1 +- +-Include the below files for openssl host crypto support +-- ``sss/src/openssl/fsl_sss_openssl_apis.c`` +-- ``sss/src/keystore/keystore_cmn.c`` +-- ``sss/src/keystore/keystore_openssl.c`` +-- ``sss/src/keystore/keystore_pc.c`` +- +-Link the openssl library (version 1.1) as, +- TARGET_LINK_LIBRARIES(${PROJECT_NAME} ssl crypto) +- +- +-Mbedtls host crypto in mini package +-------------------------------------------------------------- +- +-Enable/disable the mbedtls host crypto by changing the below definition in +-``fsl_sss_ftr.h`` file:: +- +- /** Use mbedTLS as host crypto */ +- #define SSS_HAVE_HOSTCRYPTO_MBEDTLS 1 +- +-Include the below file for mbedtls host crypto support, +- +-- ``sss/src/mbedtls/fsl_sss_mbedtls_apis.c`` +-- ``sss/src/keystore/keystore_pc.c`` +-- ``sss/src/keystore/keystore_cmn.c`` +- +-Mbedtls applications depend on the following files to use se05x for crypto +-operations. Include the following files for compilation along with the mbedtls +-stack. (Tested with mbedtls-2.16.2). Mbedtls client server example using the +-below files is expalined in the next section, +- +-- ``/hostlib/hostLib/mbedtls/src/ecdh_alt.c`` +-- ``/hostlib/hostLib/mbedtls/src/rsa_alt.c`` +-- ``/sss/plugin/mbedtls/ecdh_alt_ax.c`` +-- ``/sss/plugin/mbedtls/sss_mbedtls.c`` +-- ``/sss/plugin/mbedtls/sss_mbedtls_rsa.c`` +-- ``/sss/plugin/mbedtls/port/ksdk/ecp_curves_alt.c`` +-- ``/sss/plugin/mbedtls/port/ksdk/ecp_alt.c`` +- +-Note: Exclude the file ``mbedtls/library/ecdh.c`` from mbedtls stack for compilation. +- +-Also add compile defination ``MBEDTLS_CONFIG_FILE`` to use the correct mbedtls config file:: +- +- TARGET_COMPILE_DEFINITIONS( +- ${PROJECT_NAME} +- PUBLIC +- MBEDTLS_CONFIG_FILE=\"sss_mbedtls_x86_config.h\" +- ) +- +-.. note:: +- +- Remove linking the openssl library in ``ecc_example/CMakeLists.txt``, if +- the example is built for mbedtls, ``TARGET_LINK_LIBRARIES(${PROJECT_NAME} +- ssl crypto)`` +- +- +- +-TLS Client Server Example using MbedTLS stack +-------------------------------------------------------------- +- +-This example demonstrates TLS client server connection using mbedtls stack. +-(``mbedtls_cli_srv``). Mbedtls client example is modified to use the +-client key and certificates from secure element. Modified mbedtls client +-example - ``sss/ex/mbedtls/ex_sss_ssl2.c`` +- +-Prerequisite for the demo: +- +-- Copy mbedtls (``mbedtls-2.16.2``) stack to ``ext/`` location, +-- client key provisoned inside SE050 with key id ``0x20181001``, +-- client certificate provisoned inside SE050 with key id ``0x20181002``, +-- Root CA public key provisoned inside SE050 with key id ``0x7DCCBB22``, +- +-Enable mbedtls host crypto in ``fsl_sss_ftr.h`` file. Execute the command +-below to build mbedtls client and server examples:: +- +- cd mbedtls_cli_srv +- mkdir build +- cd build +- cmake .. +- cmake --build . +- +- +-Run mbedtls server as:: +- +- ./ssl2_server exchanges=1 \ +- force_version=tls1_2 \ +- debug_level=1 \ +- ca_file= \ +- auth_mode=required \ +- key_file= \ +- crt_file= +- +-Run mbedtls client as:: +- +- ./ssl2_client server_name=localhost \ +- exchanges=1 \ +- force_version=tls1_2 \ +- debug_level=1 \ +- ca_file= \ +- auth_mode=required \ +- key_file=none \ +- crt_file=none \ +- force_ciphersuite=TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \ +- curves=secp256r1 none +- +- +- +-User host crypto in mini package +-------------------------------------------------------------- +- +-Enable/disable the user host crypto by changing the below definition in ``fsl_sss_ftr.h`` file:: +- +- #define SSS_HAVE_HOSTCRYPTO_USER 1 +- +-On enabling HOSTCRYPTO_USER, the user has to implement the required cryptographic function. +-Implement the functions declared in file ``sss/inc/fsl_sss_user_apis.h``. +- +-Refer Openssl host crypto implementation in - ``sss/src/mbedtls/fsl_sss_openssl_apis.c``. +-Refer Mbedtls host crypto implementation in - ``sss/src/mbedtls/fsl_sss_mbedtls_apis.c``. +- +- +- +-Port Mini package to different platform +-------------------------------------------------------------- +- +-To port the mini package to different platform, the i2c interface needs to be +-ported. Exsisting implementation for i2c read/write on Raspberry Pi is in - +-``hostlib/hostLib/platform/linux/i2c_a7.c``. +- +-Other file that may require porting is - +-``hostlib/hostLib/platform/generic/sm_timer.c`` +- +- +- +-Memory Details +-------------------------------------------------------------- +- +-Memory details of ex_ecc example on Raspberry Pi built with, +- +-- No hostcrypto +-- Plain session +- +-:: +- +- Text segment -- 184505 Bytes +- Data segment -- 416 Bytes +- Bss segment --- 2808 Bytes +- Total -------- 187729 Bytes +- +- +-Memory details of ex_ecc example on Raspberry Pi built with +- +-- Openssl hostcrypto +-- PlatformSCP + ECKey (EXFL_SE050_AUTH_ECKey_PlatfSCP03 ) session +- +-:: +- +- Text segment -- 292336 Bytes +- Data segment -- 1116 Bytes +- Bss segment --- 3692 Bytes +- Total -------- 297144 Bytes +- +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/ecc_example/CMakeLists.txt b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/ecc_example/CMakeLists.txt +deleted file mode 100644 +index 5f35c06dd1..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/ecc_example/CMakeLists.txt ++++ /dev/null +@@ -1,87 +0,0 @@ +-CMAKE_MINIMUM_REQUIRED(VERSION 3.5.0) +- +-project (ex_ecc) +- +-FILE( +- GLOB +- SOURCES +- ../sss/ex/src/ex_sss_boot.c +- ../sss/ex/src/ex_sss_boot_connectstring.c +- ../sss/ex/src/ex_sss_se05x.c +- ../sss/ex/src/ex_sss_se05x_auth.c +- ../sss/src/*.c +- +- ../sss/src/se05x/fsl_sss_se05x_apis.c +- ../sss/src/se05x/fsl_sss_se05x_mw.c +- ../sss/src/se05x/fsl_sss_se05x_policy.c +- +- ../hostlib/hostLib/libCommon/infra/*.c +- +- ../hostlib/hostLib/libCommon/log/nxLog.c +- +- ../hostlib/hostLib/libCommon/smCom/smCom.c +- ../hostlib/hostLib/platform/rsp/se05x_reset.c +- ../hostlib/hostLib/platform/generic/sm_timer.c +- +- ../hostlib/hostLib/se05x/src/se05x_ECC_curves.c +- ../hostlib/hostLib/se05x/src/se05x_mw.c +- ../hostlib/hostLib/se05x/src/se05x_tlv.c +- ../hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.c +- +- # T1oI2C files +- ../hostlib/hostLib/libCommon/smCom/smComT1oI2C.c +- ../hostlib/hostLib/libCommon/smCom/T1oI2C/*.c +- ../hostlib/hostLib/platform/linux/i2c_a7.c +- +- ##### Openssl Host crypto support +- #../sss/src/openssl/fsl_sss_openssl_apis.c +- #../sss/src/keystore/keystore_cmn.c +- #../sss/src/keystore/keystore_openssl.c +- #../sss/src/keystore/keystore_pc.c +- +- ##### Mbedtls Host crypto support +- #../sss/src/mbedtls/fsl_sss_mbedtls_apis.c +- #../sss/src/keystore/keystore_cmn.c +- #../sss/src/keystore/keystore_pc.c +- +- ##### Authenticated session to se05x +- #../sss/ex/src/ex_sss_scp03_auth.c +- #../sss/src/se05x/fsl_sss_se05x_eckey.c +- #../sss/src/se05x/fsl_sss_se05x_scp03.c +- #../hostlib/hostLib/libCommon/nxScp/nxScp03_Com.c +-) +- +-add_executable(${PROJECT_NAME} ../sss/ex/ecc/ex_sss_ecc.c ${SOURCES}) +- +-#TARGET_LINK_LIBRARIES(${PROJECT_NAME} ssl crypto) +- +- +-FILE( +- GLOB +- INC_DIR +- ../sss/inc +- ../sss/port/default +- ../sss/ex/src +- ../sss/ex/inc +- ../hostlib/hostLib/inc +- ../hostlib/hostLib/libCommon/infra +- ../hostlib/hostLib/libCommon/smCom +- ../hostlib/hostLib/libCommon/log +- ../hostlib/hostLib/libCommon/smCom/T1oI2C +- ../hostlib/hostLib/se05x_03_xx_xx +- ../hostlib/hostLib/platform/inc +- ../hostlib/hostLib/libCommon/smCom +-) +- +-TARGET_INCLUDE_DIRECTORIES( +- ${PROJECT_NAME} +- PUBLIC +- ../ +- ${INC_DIR} +- ) +- +- +-ADD_DEFINITIONS(-DSSS_USE_FTR_FILE) +-ADD_DEFINITIONS(-DSMCOM_T1oI2C) +-ADD_DEFINITIONS(-DT1oI2C) +-ADD_DEFINITIONS(-DT1oI2C_UM11225) +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/fsl_sss_ftr.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/fsl_sss_ftr.h +deleted file mode 100644 +index 95dd7f92ff..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/fsl_sss_ftr.h ++++ /dev/null +@@ -1,651 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef SSS_APIS_INC_FSL_SSS_FTR_H_ +-#define SSS_APIS_INC_FSL_SSS_FTR_H_ +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +- +-/* clang-format off */ +- +- +-/* # CMake Features : Start */ +- +- +-/** Applet : The Secure Element Applet +- * +- * You can compile host library for different Applets listed below. +- * Please note, some of these Applets may be for NXP Internal use only. +- */ +- +-/** Compiling without any Applet Support */ +-#define SSS_HAVE_APPLET_NONE 0 +- +-/** A71CH (ECC) */ +-#define SSS_HAVE_APPLET_A71CH 0 +- +-/** A71CL (RSA) */ +-#define SSS_HAVE_APPLET_A71CL 0 +- +-/** Similar to A71CH */ +-#define SSS_HAVE_APPLET_A71CH_SIM 0 +- +-/** SE050 Type A (ECC) */ +-#define SSS_HAVE_APPLET_SE05X_A 0 +- +-/** SE050 Type B (RSA) */ +-#define SSS_HAVE_APPLET_SE05X_B 0 +- +-/** SE050 (Super set of A + B) */ +-#define SSS_HAVE_APPLET_SE05X_C 1 +- +-/** SE050 (Similar to A71CL) */ +-#define SSS_HAVE_APPLET_SE05X_L 0 +- +-/** NXP Internal testing Applet */ +-#define SSS_HAVE_APPLET_LOOPBACK 0 +- +-#if (( 0 \ +- + SSS_HAVE_APPLET_NONE \ +- + SSS_HAVE_APPLET_A71CH \ +- + SSS_HAVE_APPLET_A71CL \ +- + SSS_HAVE_APPLET_A71CH_SIM \ +- + SSS_HAVE_APPLET_SE05X_A \ +- + SSS_HAVE_APPLET_SE05X_B \ +- + SSS_HAVE_APPLET_SE05X_C \ +- + SSS_HAVE_APPLET_SE05X_L \ +- + SSS_HAVE_APPLET_LOOPBACK \ +- ) > 1) +-# error "Enable only one of 'Applet'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_APPLET_NONE \ +- + SSS_HAVE_APPLET_A71CH \ +- + SSS_HAVE_APPLET_A71CL \ +- + SSS_HAVE_APPLET_A71CH_SIM \ +- + SSS_HAVE_APPLET_SE05X_A \ +- + SSS_HAVE_APPLET_SE05X_B \ +- + SSS_HAVE_APPLET_SE05X_C \ +- + SSS_HAVE_APPLET_SE05X_L \ +- + SSS_HAVE_APPLET_LOOPBACK \ +- ) == 0) +-# error "Enable at-least one of 'Applet'" +-#endif +- +- +- +-/** SE05X_Ver : SE05X Applet version. +- * +- * Selection of Applet version 03_XX enables SE050 features. +- * Selection of Applet version 06_00 enables SE051 features. +- * +- */ +- +-/** SE050 */ +-#define SSS_HAVE_SE05X_VER_03_XX 1 +- +-/** SE051 */ +-#define SSS_HAVE_SE05X_VER_06_00 0 +- +-#if (( 0 \ +- + SSS_HAVE_SE05X_VER_03_XX \ +- + SSS_HAVE_SE05X_VER_06_00 \ +- ) > 1) +-# error "Enable only one of 'SE05X_Ver'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_SE05X_VER_03_XX \ +- + SSS_HAVE_SE05X_VER_06_00 \ +- ) == 0) +-# error "Enable at-least one of 'SE05X_Ver'" +-#endif +- +- +- +-/** HostCrypto : Counterpart Crypto on Host +- * +- * What is being used as a cryptographic library on the host. +- * As of now only OpenSSL / mbedTLS is supported +- */ +- +-/** Use mbedTLS as host crypto */ +-#define SSS_HAVE_HOSTCRYPTO_MBEDTLS 0 +- +-/** Use mbed-crypto as host crypto +- * Required for ARM-PSA / TF-M */ +-#define SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO 0 +- +-/** Use OpenSSL as host crypto */ +-#define SSS_HAVE_HOSTCRYPTO_OPENSSL 0 +- +-/** User Implementation of Host Crypto +- * e.g. Files at ``sss/src/user/crypto`` have low level AES/CMAC primitives. +- * The files at ``sss/src/user`` use those primitives. +- * This becomes an example for users with their own AES Implementation +- * This then becomes integration without mbedTLS/OpenSSL for SCP03 / AESKey. +- * +- * .. note:: ECKey abstraction is not implemented/available yet. */ +-#define SSS_HAVE_HOSTCRYPTO_USER 0 +- +-/** NO Host Crypto +- * Note, this is unsecure and only provided for experimentation +- * on platforms that do not have an mbedTLS PORT +- * Many :ref:`sssftr-control` have to be disabled to have a valid build. */ +-#define SSS_HAVE_HOSTCRYPTO_NONE 0 +- +-#if (( 0 \ +- + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ +- + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ +- + SSS_HAVE_HOSTCRYPTO_OPENSSL \ +- + SSS_HAVE_HOSTCRYPTO_USER \ +- + SSS_HAVE_HOSTCRYPTO_NONE \ +- ) > 1) +-# error "Enable only one of 'HostCrypto'" +-#endif +- +- +-/** mbedTLS_ALT : ALT Engine implementation for mbedTLS +- * +- * When set to None, mbedTLS would not use ALT Implementation to connect to / use Secure Element. +- * This needs to be set to SSS for Cloud Demos over SSS APIs +- */ +- +-/** Use SSS Layer ALT implementation */ +-#define SSS_HAVE_MBEDTLS_ALT_SSS 1 +- +-/** Legacy implementation */ +-#define SSS_HAVE_MBEDTLS_ALT_A71CH 0 +- +-/** Not using any mbedTLS_ALT +- * +- * When this is selected, cloud demos can not work with mbedTLS */ +-#define SSS_HAVE_MBEDTLS_ALT_NONE 0 +- +-#if (( 0 \ +- + SSS_HAVE_MBEDTLS_ALT_SSS \ +- + SSS_HAVE_MBEDTLS_ALT_A71CH \ +- + SSS_HAVE_MBEDTLS_ALT_NONE \ +- ) > 1) +-# error "Enable only one of 'mbedTLS_ALT'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_MBEDTLS_ALT_SSS \ +- + SSS_HAVE_MBEDTLS_ALT_A71CH \ +- + SSS_HAVE_MBEDTLS_ALT_NONE \ +- ) == 0) +-# error "Enable at-least one of 'mbedTLS_ALT'" +-#endif +- +- +- +-/** SCP : Secure Channel Protocol +- * +- * In case we enable secure channel to Secure Element, which interface to be used. +- */ +- +-/** */ +-#define SSS_HAVE_SCP_NONE 0 +- +-/** Use SSS Layer for SCP. Used for SE050 family. */ +-#define SSS_HAVE_SCP_SCP03_SSS 0 +- +-/** Use Host Crypto Layer for SCP03. Legacy implementation. Used for older demos of A71CH Family. */ +-#define SSS_HAVE_SCP_SCP03_HOSTCRYPTO 0 +- +-#if (( 0 \ +- + SSS_HAVE_SCP_NONE \ +- + SSS_HAVE_SCP_SCP03_SSS \ +- + SSS_HAVE_SCP_SCP03_HOSTCRYPTO \ +- ) > 1) +-# error "Enable only one of 'SCP'" +-#endif +- +- +-/** FIPS : Enable or disable FIPS +- * +- * This selection mostly impacts tests, and generally not the actual Middleware +- */ +- +-/** NO FIPS */ +-#define SSS_HAVE_FIPS_NONE 1 +- +-/** SE050 IC FIPS */ +-#define SSS_HAVE_FIPS_SE050 0 +- +-/** FIPS 140-2 */ +-#define SSS_HAVE_FIPS_140_2 0 +- +-/** FIPS 140-3 */ +-#define SSS_HAVE_FIPS_140_3 0 +- +-#if (( 0 \ +- + SSS_HAVE_FIPS_NONE \ +- + SSS_HAVE_FIPS_SE050 \ +- + SSS_HAVE_FIPS_140_2 \ +- + SSS_HAVE_FIPS_140_3 \ +- ) > 1) +-# error "Enable only one of 'FIPS'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_FIPS_NONE \ +- + SSS_HAVE_FIPS_SE050 \ +- + SSS_HAVE_FIPS_140_2 \ +- + SSS_HAVE_FIPS_140_3 \ +- ) == 0) +-# error "Enable at-least one of 'FIPS'" +-#endif +- +- +- +-/** SBL : Enable/Disable SBL Bootable support +- * +- * This option is to enable/disable boot from SBL by switching linker address +- */ +- +-/** Not SBL bootable */ +-#define SSS_HAVE_SBL_NONE 1 +- +-/** SE050 based LPC55S SBL bootable */ +-#define SSS_HAVE_SBL_SBL_LPC55S 0 +- +-#if (( 0 \ +- + SSS_HAVE_SBL_NONE \ +- + SSS_HAVE_SBL_SBL_LPC55S \ +- ) > 1) +-# error "Enable only one of 'SBL'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_SBL_NONE \ +- + SSS_HAVE_SBL_SBL_LPC55S \ +- ) == 0) +-# error "Enable at-least one of 'SBL'" +-#endif +- +- +- +-/** SE05X_Auth : SE050 Authentication +- * +- * This settings is used by examples to connect using various options +- * to authenticate with the Applet. +- * The SE05X_Auth options can be changed for KSDK Demos and Examples. +- * To change SE05X_Auth option follow below steps. +- * Set flag ``SSS_HAVE_SCP_SCP03_SSS`` to 1 and Reset flag ``SSS_HAVE_SCP_NONE`` to 0. +- * To change SE05X_Auth option other than ``None`` and ``PlatfSCP03``, +- * execute se05x_Delete_and_test_provision.exe in order to provision the Authentication Key. +- * To change SE05X_Auth option to ``ECKey`` or ``ECKey_PlatfSCP03``, +- * Set additional flag ``SSS_HAVE_HOSTCRYPTO_ANY`` to 1. +- */ +- +-/** Use the default session (i.e. session less) login */ +-#define SSS_HAVE_SE05X_AUTH_NONE 1 +- +-/** Do User Authentication with UserID */ +-#define SSS_HAVE_SE05X_AUTH_USERID 0 +- +-/** Use Platform SCP for connection to SE */ +-#define SSS_HAVE_SE05X_AUTH_PLATFSCP03 0 +- +-/** Do User Authentication with AES Key +- * Earlier this was called AppletSCP03 */ +-#define SSS_HAVE_SE05X_AUTH_AESKEY 0 +- +-/** Do User Authentication with EC Key +- * Earlier this was called FastSCP */ +-#define SSS_HAVE_SE05X_AUTH_ECKEY 0 +- +-/** UserID and PlatfSCP03 */ +-#define SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 0 +- +-/** AESKey and PlatfSCP03 */ +-#define SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 0 +- +-/** ECKey and PlatfSCP03 */ +-#define SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 0 +- +-#if (( 0 \ +- + SSS_HAVE_SE05X_AUTH_NONE \ +- + SSS_HAVE_SE05X_AUTH_USERID \ +- + SSS_HAVE_SE05X_AUTH_PLATFSCP03 \ +- + SSS_HAVE_SE05X_AUTH_AESKEY \ +- + SSS_HAVE_SE05X_AUTH_ECKEY \ +- + SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 \ +- + SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 \ +- + SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 \ +- ) > 1) +-# error "Enable only one of 'SE05X_Auth'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_SE05X_AUTH_NONE \ +- + SSS_HAVE_SE05X_AUTH_USERID \ +- + SSS_HAVE_SE05X_AUTH_PLATFSCP03 \ +- + SSS_HAVE_SE05X_AUTH_AESKEY \ +- + SSS_HAVE_SE05X_AUTH_ECKEY \ +- + SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 \ +- + SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 \ +- + SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 \ +- ) == 0) +-# error "Enable at-least one of 'SE05X_Auth'" +-#endif +- +- +- +-/** A71CH_AUTH : A71CH Authentication +- * +- * This settings is used by SSS-API based examples to connect using either plain or authenticated to the A71CH. +- */ +- +-/** Plain communication, not authenticated or encrypted */ +-#define SSS_HAVE_A71CH_AUTH_NONE 1 +- +-/** SCP03 enabled */ +-#define SSS_HAVE_A71CH_AUTH_SCP03 0 +- +-#if (( 0 \ +- + SSS_HAVE_A71CH_AUTH_NONE \ +- + SSS_HAVE_A71CH_AUTH_SCP03 \ +- ) > 1) +-# error "Enable only one of 'A71CH_AUTH'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_A71CH_AUTH_NONE \ +- + SSS_HAVE_A71CH_AUTH_SCP03 \ +- ) == 0) +-# error "Enable at-least one of 'A71CH_AUTH'" +-#endif +- +- +-/* ====================================================================== * +- * == Feature selection/values ========================================== * +- * ====================================================================== */ +- +- +-/** SE05X Secure Element : Symmetric AES */ +-#define SSSFTR_SE05X_AES 1 +- +-/** SE05X Secure Element : Elliptic Curve Cryptography */ +-#define SSSFTR_SE05X_ECC 1 +- +-/** SE05X Secure Element : RSA */ +-#define SSSFTR_SE05X_RSA 1 +- +-/** SE05X Secure Element : KEY operations : SET Key */ +-#define SSSFTR_SE05X_KEY_SET 1 +- +-/** SE05X Secure Element : KEY operations : GET Key */ +-#define SSSFTR_SE05X_KEY_GET 1 +- +-/** SE05X Secure Element : Authenticate via ECKey */ +-#define SSSFTR_SE05X_AuthECKey 1 +- +-/** SE05X Secure Element : Allow creation of user/authenticated session. +- * +- * If the intended deployment only uses Platform SCP +- * Or it is a pure session less integration, this can +- * save some code size. */ +-#define SSSFTR_SE05X_AuthSession 0 +- +-/** SE05X Secure Element : Allow creation/deletion of Crypto Objects +- * +- * If disabled, new Crytpo Objects are neither created and +- * old/existing Crypto Objects are not deleted. +- * It is assumed that during provisioning phase, the required +- * Crypto Objects are pre-created or they are never going to +- * be needed. */ +-#define SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ 1 +- +-/** Software : Symmetric AES */ +-#define SSSFTR_SW_AES 1 +- +-/** Software : Elliptic Curve Cryptography */ +-#define SSSFTR_SW_ECC 1 +- +-/** Software : RSA */ +-#define SSSFTR_SW_RSA 1 +- +-/** Software : KEY operations : SET Key */ +-#define SSSFTR_SW_KEY_SET 1 +- +-/** Software : KEY operations : GET Key */ +-#define SSSFTR_SW_KEY_GET 1 +- +-/** Software : Used as a test counterpart +- * +- * e.g. Major part of the mebdTLS SSS layer is purely used for +- * testing of Secure Element implementation, and can be avoided +- * fully during many production scenarios. */ +-#define SSSFTR_SW_TESTCOUNTERPART 1 +- +-/* ====================================================================== * +- * == Computed Options ================================================== * +- * ====================================================================== */ +- +-/** Symmetric AES */ +-#define SSSFTR_AES (SSSFTR_SE05X_AES + SSSFTR_SW_AES) +-/** Elliptic Curve Cryptography */ +-#define SSSFTR_ECC (SSSFTR_SE05X_ECC + SSSFTR_SW_ECC) +-/** RSA */ +-#define SSSFTR_RSA (SSSFTR_SE05X_RSA + SSSFTR_SW_RSA) +-/** KEY operations : SET Key */ +-#define SSSFTR_KEY_SET (SSSFTR_SE05X_KEY_SET + SSSFTR_SW_KEY_SET) +-/** KEY operations : GET Key */ +-#define SSSFTR_KEY_GET (SSSFTR_SE05X_KEY_GET + SSSFTR_SW_KEY_GET) +-/** KEY operations */ +-#define SSSFTR_KEY (SSSFTR_KEY_SET + SSSFTR_KEY_GET) +-/** KEY operations */ +-#define SSSFTR_SE05X_KEY (SSSFTR_SE05X_KEY_SET + SSSFTR_SE05X_KEY_GET) +-/** KEY operations */ +-#define SSSFTR_SW_KEY (SSSFTR_SW_KEY_SET + SSSFTR_SW_KEY_GET) +- +- +-#define SSS_HAVE_APPLET \ +- (SSS_HAVE_APPLET_A71CH | SSS_HAVE_APPLET_A71CL | SSS_HAVE_APPLET_A71CH_SIM | SSS_HAVE_APPLET_SE05X_A | SSS_HAVE_APPLET_SE05X_B | SSS_HAVE_APPLET_SE05X_C | SSS_HAVE_APPLET_SE05X_L | SSS_HAVE_APPLET_LOOPBACK) +- +-#define SSS_HAVE_APPLET_SE05X_IOT \ +- (SSS_HAVE_APPLET_SE05X_A | SSS_HAVE_APPLET_SE05X_B | SSS_HAVE_APPLET_SE05X_C) +- +-#define SSS_HAVE_MBEDTLS_ALT \ +- (SSS_HAVE_MBEDTLS_ALT_SSS | SSS_HAVE_MBEDTLS_ALT_A71CH) +- +-#define SSS_HAVE_HOSTCRYPTO_ANY \ +- (SSS_HAVE_HOSTCRYPTO_MBEDTLS | SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO | SSS_HAVE_HOSTCRYPTO_OPENSSL | SSS_HAVE_HOSTCRYPTO_USER) +- +-#define SSS_HAVE_FIPS \ +- (SSS_HAVE_FIPS_SE050 | SSS_HAVE_FIPS_140_2 | SSS_HAVE_FIPS_140_3) +- +- +-/* Version checks GTE - Greater Than Or Equal To */ +-#if SSS_HAVE_APPLET_SE05X_IOT +-# if SSS_HAVE_SE05X_VER_06_00 +-# define SSS_HAVE_SE05X_VER_GTE_06_00 1 +-# define SSS_HAVE_SE05X_VER_GTE_03_XX 1 +-# endif /* SSS_HAVE_SE05X_VER_06_00 */ +-# if SSS_HAVE_SE05X_VER_03_XX +-# define SSS_HAVE_SE05X_VER_GTE_06_00 0 +-# define SSS_HAVE_SE05X_VER_GTE_03_XX 1 +-# endif /* SSS_HAVE_SE05X_VER_03_XX */ +-#else //SSS_HAVE_APPLET_SE05X_IOT +-# define SSS_HAVE_SE05X_VER_GTE_03_XX 0 +-# define SSS_HAVE_SE05X_VER_GTE_06_00 0 +-#endif // SSS_HAVE_APPLET_SE05X_IOT +-/** Deprecated items. Used here for backwards compatibility. */ +- +-#define WithApplet_SE05X (SSS_HAVE_APPLET_SE05X_IOT) +-#define WithApplet_SE050_A (SSS_HAVE_APPLET_SE05X_A) +-#define WithApplet_SE050_B (SSS_HAVE_APPLET_SE05X_B) +-#define WithApplet_SE050_C (SSS_HAVE_APPLET_SE05X_C) +-#define SSS_HAVE_SE050_A (SSS_HAVE_APPLET_SE05X_A) +-#define SSS_HAVE_SE050_B (SSS_HAVE_APPLET_SE05X_B) +-#define SSS_HAVE_SE050_C (SSS_HAVE_APPLET_SE05X_C) +-#define SSS_HAVE_SE05X (SSS_HAVE_APPLET_SE05X_IOT) +-#define SSS_HAVE_SE (SSS_HAVE_APPLET) +-#define SSS_HAVE_LOOPBACK (SSS_HAVE_APPLET_LOOPBACK) +-#define SSS_HAVE_ALT (SSS_HAVE_MBEDTLS_ALT) +-#define WithApplet_None (SSS_HAVE_APPLET_NONE) +-#define SSS_HAVE_None (SSS_HAVE_APPLET_NONE) +-#define WithApplet_A71CH (SSS_HAVE_APPLET_A71CH) +-#define SSS_HAVE_A71CH (SSS_HAVE_APPLET_A71CH) +-#define WithApplet_A71CL (SSS_HAVE_APPLET_A71CL) +-#define SSS_HAVE_A71CL (SSS_HAVE_APPLET_A71CL) +-#define WithApplet_A71CH_SIM (SSS_HAVE_APPLET_A71CH_SIM) +-#define SSS_HAVE_A71CH_SIM (SSS_HAVE_APPLET_A71CH_SIM) +-#define WithApplet_SE05X_A (SSS_HAVE_APPLET_SE05X_A) +-#define SSS_HAVE_SE05X_A (SSS_HAVE_APPLET_SE05X_A) +-#define WithApplet_SE05X_B (SSS_HAVE_APPLET_SE05X_B) +-#define SSS_HAVE_SE05X_B (SSS_HAVE_APPLET_SE05X_B) +-#define WithApplet_SE05X_C (SSS_HAVE_APPLET_SE05X_C) +-#define SSS_HAVE_SE05X_C (SSS_HAVE_APPLET_SE05X_C) +-#define WithApplet_SE05X_L (SSS_HAVE_APPLET_SE05X_L) +-#define SSS_HAVE_SE05X_L (SSS_HAVE_APPLET_SE05X_L) +-#define WithApplet_LoopBack (SSS_HAVE_APPLET_LOOPBACK) +-#define SSS_HAVE_LoopBack (SSS_HAVE_APPLET_LOOPBACK) +-#define SSS_HAVE_MBEDTLS (SSS_HAVE_HOSTCRYPTO_MBEDTLS) +-#define SSS_HAVE_MBEDCRYPTO (SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO) +-#define SSS_HAVE_OPENSSL (SSS_HAVE_HOSTCRYPTO_OPENSSL) +-#define SSS_HAVE_USER (SSS_HAVE_HOSTCRYPTO_USER) +-#define SSS_HAVE_NONE (SSS_HAVE_HOSTCRYPTO_NONE) +-#define SSS_HAVE_ALT_SSS (SSS_HAVE_MBEDTLS_ALT_SSS) +-#define SSS_HAVE_ALT_A71CH (SSS_HAVE_MBEDTLS_ALT_A71CH) +-#define SSS_HAVE_ALT_NONE (SSS_HAVE_MBEDTLS_ALT_NONE) +-#define SSS_HAVE_SE05X_Auth_None (SSS_HAVE_SE05X_AUTH_NONE) +-#define SSS_HAVE_SE05X_Auth_UserID (SSS_HAVE_SE05X_AUTH_USERID) +-#define SSS_HAVE_SE05X_Auth_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_PLATFSCP03) +-#define SSS_HAVE_SE05X_Auth_AESKey (SSS_HAVE_SE05X_AUTH_AESKEY) +-#define SSS_HAVE_SE05X_Auth_ECKey (SSS_HAVE_SE05X_AUTH_ECKEY) +-#define SSS_HAVE_SE05X_Auth_UserID_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) +-#define SSS_HAVE_SE05X_Auth_AESKey_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) +-#define SSS_HAVE_SE05X_Auth_ECKey_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) +- +-/* # CMake Features : END */ +- +-/* ========= Miscellaneous values : START =================== */ +- +-/* ECC Mode is available */ +-#define SSS_HAVE_ECC 1 +- +-/* RSA is available */ +-#define SSS_HAVE_RSA 1 +- +-/* TPM BARRETO_NAEHRIG Curve is enabled */ +-#define SSS_HAVE_TPM_BN 1 +- +-/* Edwards Curve is enabled */ +-#define SSS_HAVE_EC_ED 1 +- +-/* Montgomery Curve is enabled */ +-#define SSS_HAVE_EC_MONT 1 +- +-/* MIFARE DESFire is enabled */ +-#define SSS_HAVE_MIFARE_DESFIRE 1 +- +-/* PBKDF2 is enabled */ +-#define SSS_HAVE_PBKDF2 1 +- +-/* TLS handshake support on SE is enabled */ +-#define SSS_HAVE_TLS_HANDSHAKE 1 +- +-/* Import Export Key is enabled */ +-#define SSS_HAVE_IMPORT 1 +- +-/* With NXP NFC Reader Library */ +-#define SSS_HAVE_NXPNFCRDLIB 0 +- +-#define SSS_HAVE_A71XX \ +- (SSS_HAVE_APPLET_A71CH | SSS_HAVE_APPLET_A71CH_SIM) +- +-#define SSS_HAVE_SSCP (SSS_HAVE_A71XX) +- +-/* For backwards compatibility */ +-#define SSS_HAVE_TESTCOUNTERPART (SSSFTR_SW_TESTCOUNTERPART) +- +-/* ========= Miscellaneous values : END ===================== */ +- +-/* ========= Calculated values : START ====================== */ +- +-/* Should we expose, SSS APIs */ +-#define SSS_HAVE_SSS ( 0 \ +- + SSS_HAVE_SSCP \ +- + SSS_HAVE_APPLET_SE05X_IOT \ +- + SSS_HAVE_HOSTCRYPTO_OPENSSL \ +- + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ +- + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ +- + SSS_HAVE_HOSTCRYPTO_USER \ +- ) +- +-/* MBEDCRYPTO is superset of MBEDTLS and exposing that way */ +-#if SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO +-# undef SSS_HAVE_MBEDTLS +-# undef SSS_HAVE_HOSTCRYPTO_MBEDTLS +- +-# define SSS_HAVE_MBEDTLS 1 +-# define SSS_HAVE_HOSTCRYPTO_MBEDTLS 1 +-#endif // SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO +- +-#if SSS_HAVE_HOSTCRYPTO_NONE +-# undef SSSFTR_SE05X_AuthSession +-# define SSSFTR_SE05X_AuthSession 0 +-#endif +- +-/* Montgomery curves is not supported in SE05X_A*/ +-#if SSS_HAVE_APPLET_SE05X_A +-# undef SSS_HAVE_EC_MONT +-# define SSS_HAVE_EC_MONT 0 +-/* ED is not supported in SE050_A */ +-#if SSS_HAVE_SE05X_VER_03_XX +-# undef SSS_HAVE_EC_ED +-# define SSS_HAVE_EC_ED 0 +-#endif +-#endif +- +-#if SSS_HAVE_RSA +-# define SSS_HAVE_RSA_4K 1 +-#endif +- +-#if SSS_HAVE_ECC +-# define SSS_HAVE_EC_NIST_192 1 +-# define SSS_HAVE_EC_NIST_224 1 +-# define SSS_HAVE_EC_NIST_256 1 +-# define SSS_HAVE_EC_NIST_384 1 +-# define SSS_HAVE_EC_NIST_521 1 +-# define SSS_HAVE_EC_BP 1 +-# define SSS_HAVE_EC_NIST_K 1 +-# define SSS_HAVE_ECDAA 1 +-# define SSS_HAVE_EDDSA 1 +-#if SSS_HAVE_APPLET_SE05X_A +-# undef SSS_HAVE_ECDAA +-# undef SSS_HAVE_EDDSA +-# define SSS_HAVE_ECDAA 0 +-# define SSS_HAVE_EDDSA 0 +-#endif +-#endif +- +-#if SSS_HAVE_APPLET +-#define SSS_HAVE_HASH_1 1 +-#define SSS_HAVE_HASH_224 1 +-#define SSS_HAVE_HASH_512 1 +-#endif +- +- +-/* ========= Calculated values : END ======================== */ +- +-/* clang-format on */ +- +-#endif /* SSS_APIS_INC_FSL_SSS_FTR_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/Applet_SE050_Ver.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/Applet_SE050_Ver.h +deleted file mode 100644 +index 51aaf715bb..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/Applet_SE050_Ver.h ++++ /dev/null +@@ -1,114 +0,0 @@ +-/* +-* +-* Copyright 2019,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef APPLET_SE050_VERSION_INFO_H_INCLUDED +-#define APPLET_SE050_VERSION_INFO_H_INCLUDED +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-/* clang-format off */ +-//#define APPLET_SE050_PROD_NAME "Applet_SE050" +-//#define APPLET_SE050_VER_STRING_NUM "v03.01.00" +-//#define APPLET_SE050_PROD_NAME_VER_FULL "Applet_SE050_v03.01.00" +- +-#if SSS_HAVE_SE05X_VER_04_04 == 1 +-# define APPLET_SE050_VER_MAJOR (4u) +-# define APPLET_SE050_VER_MINOR (4u) +-# define APPLET_SE050_VER_DEV (0u) +-#elif SSS_HAVE_SE05X_VER_04_08 == 1 +-# define APPLET_SE050_VER_MAJOR (4u) +-# define APPLET_SE050_VER_MINOR (8u) +-# define APPLET_SE050_VER_DEV (0u) +-#elif SSS_HAVE_SE05X_VER_04_12 == 1 +-# define APPLET_SE050_VER_MAJOR (4u) +-# define APPLET_SE050_VER_MINOR (12u) +-# define APPLET_SE050_VER_DEV (0u) +-#elif SSS_HAVE_SE05X_VER_05_00 == 1 +-# define APPLET_SE050_VER_MAJOR (5u) +-# define APPLET_SE050_VER_MINOR (0u) +-# define APPLET_SE050_VER_DEV (0u) +-#elif SSS_HAVE_SE05X_VER_05_02 == 1 +-# define APPLET_SE050_VER_MAJOR (5u) +-# define APPLET_SE050_VER_MINOR (2u) +-# define APPLET_SE050_VER_DEV (0u) +-#elif SSS_HAVE_SE05X_VER_05_04 == 1 +-# define APPLET_SE050_VER_MAJOR (5u) +-# define APPLET_SE050_VER_MINOR (4u) +-# define APPLET_SE050_VER_DEV (0u) +-#elif SSS_HAVE_SE05X_VER_05_08 == 1 +-# define APPLET_SE050_VER_MAJOR (5u) +-# define APPLET_SE050_VER_MINOR (8u) +-# define APPLET_SE050_VER_DEV (0u) +-#elif SSS_HAVE_SE05X_VER_05_10 == 1 +-# define APPLET_SE050_VER_MAJOR (5u) +-# define APPLET_SE050_VER_MINOR (10u) +-# define APPLET_SE050_VER_DEV (0u) +-#elif SSS_HAVE_SE05X_VER_05_12 == 1 +-# define APPLET_SE050_VER_MAJOR (5u) +-# define APPLET_SE050_VER_MINOR (12u) +-# define APPLET_SE050_VER_DEV (0u) +-#elif SSS_HAVE_SE05X_VER_06_00 == 1 +-# define APPLET_SE050_VER_MAJOR (6u) +-# define APPLET_SE050_VER_MINOR (0u) +-# define APPLET_SE050_VER_DEV (0u) +-#elif SSS_HAVE_FIPS +-# define APPLET_SE050_VER_MAJOR (3u) +-# define APPLET_SE050_VER_MINOR (6u) +-# define APPLET_SE050_VER_DEV (0u) +-#else +-# define APPLET_SE050_VER_MAJOR (3u) +-# define APPLET_SE050_VER_MINOR (1u) +-# define APPLET_SE050_VER_DEV (0u) +-# define APPLET_SE050_VER_DEV_PATCH1 (1u) /* Allow this as well */ +-#endif +- +- +-/* v03.01 = 30001u */ +-#define APPLET_SE050_VER_MAJOR_MINOR ( 0 \ +- | (APPLET_SE050_VER_MAJOR * 10000u) \ +- | (APPLET_SE050_VER_MINOR)) +- +-/* v03.01.00 = 300010000ULL */ +-#define APPLET_SE050_VER_MAJOR_MINOR_DEV ( 0 \ +- | (APPLET_SE050_VER_MAJOR * 10000*10000u) \ +- | (APPLET_SE050_VER_MINOR * 10000u) \ +- | (APPLET_SE050_VER_DEV)) +- +-/* clang-format on */ +- +-/* Version Information: +- * Generated by: +- * ..\..\..\scripts\version_info.py (v2019.01.17_00) +- * +- * Do not edit this file. Update: +- * ./version_info.txt instead. +- * +- * +- * prod_name = "Applet_SE050" +- * +- * prod_desc = "Applet AR6" +- * +- * lang_c_prefix = prod_name.upper() +- * +- * lang_namespace = "" +- * +- * v_major = "03" +- * +- * v_minor = "01" +- * +- * v_dev = "00" +- * +- * v_meta = "" +- * +- * maturity = "P" +- * +- */ +- +-#endif /* APPLET_SE050_VERSION_INFO_H_INCLUDED */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_HostLib_Ver.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_HostLib_Ver.h +deleted file mode 100644 +index 52d7966bef..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_HostLib_Ver.h ++++ /dev/null +@@ -1,63 +0,0 @@ +-/* Copyright 2019-2021 NXP +- * +- * SPDX-License-Identifier: Apache-2.0 +- * +- * +- */ +- +-#ifndef PLUGANDTRUST_HOSTLIB_VERSION_INFO_H_INCLUDED +-#define PLUGANDTRUST_HOSTLIB_VERSION_INFO_H_INCLUDED +- +- +-/* clang-format off */ +-#define PLUGANDTRUST_HOSTLIB_PROD_NAME "PlugAndTrust_HostLib" +-#define PLUGANDTRUST_HOSTLIB_VER_STRING_NUM "v03.03.00_20210528" +-#define PLUGANDTRUST_HOSTLIB_PROD_NAME_VER_FULL "PlugAndTrust_HostLib_v03.03.00_20210528" +-#define PLUGANDTRUST_HOSTLIB_VER_MAJOR (3u) +-#define PLUGANDTRUST_HOSTLIB_VER_MINOR (3u) +-#define PLUGANDTRUST_HOSTLIB_VER_DEV (0u) +- +-/* v03.03 = 30003u */ +-#define PLUGANDTRUST_HOSTLIB_VER_MAJOR_MINOR ( 0 \ +- | (PLUGANDTRUST_HOSTLIB_VER_MAJOR * 10000u) \ +- | (PLUGANDTRUST_HOSTLIB_VER_MINOR)) +- +-/* v03.03.00 = 300030000ULL */ +-#define PLUGANDTRUST_HOSTLIB_VER_MAJOR_MINOR_DEV ( 0 \ +- | (PLUGANDTRUST_HOSTLIB_VER_MAJOR * 10000*10000u) \ +- | (PLUGANDTRUST_HOSTLIB_VER_MINOR * 10000u) \ +- | (PLUGANDTRUST_HOSTLIB_VER_DEV)) +- +-/* clang-format on */ +- +- +-/* Version Information: +- * Generated by: +- * scripts\version_info.py (v2019.01.17_00) +- * +- * Do not edit this file. Update: +- * hostlib/version_info.txt instead. +- * +- * +- * prod_name = "PlugAndTrust_HostLib" +- * +- * prod_desc = "Host Library" +- * +- * lang_c_prefix = prod_name.upper() +- * +- * lang_namespace = "" +- * +- * v_major = "03" +- * +- * v_minor = "03" +- * +- * v_dev = "00" +- * +- * v_meta = "" +- * +- * maturity = "B" +- * +- * +- */ +- +-#endif /* PLUGANDTRUST_HOSTLIB_VERSION_INFO_H_INCLUDED */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_Pkg_Ver.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_Pkg_Ver.h +deleted file mode 100644 +index 6199708554..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/PlugAndTrust_Pkg_Ver.h ++++ /dev/null +@@ -1,62 +0,0 @@ +-/* Copyright 2019-2021 NXP +- * +- * SPDX-License-Identifier: Apache-2.0 +- * +- * +- */ +- +-#ifndef PLUGANDTRUST_VERSION_INFO_H_INCLUDED +-#define PLUGANDTRUST_VERSION_INFO_H_INCLUDED +- +- +-/* clang-format off */ +-#define PLUGANDTRUST_PROD_NAME "PlugAndTrust" +-#define PLUGANDTRUST_VER_STRING_NUM "v03.03.00_20210528" +-#define PLUGANDTRUST_PROD_NAME_VER_FULL "PlugAndTrust_v03.03.00_20210528" +-#define PLUGANDTRUST_VER_MAJOR (3u) +-#define PLUGANDTRUST_VER_MINOR (3u) +-#define PLUGANDTRUST_VER_DEV (0u) +- +-/* v03.03 = 30003u */ +-#define PLUGANDTRUST_VER_MAJOR_MINOR ( 0 \ +- | (PLUGANDTRUST_VER_MAJOR * 10000u) \ +- | (PLUGANDTRUST_VER_MINOR)) +- +-/* v03.03.00 = 300030000ULL */ +-#define PLUGANDTRUST_VER_MAJOR_MINOR_DEV ( 0 \ +- | (PLUGANDTRUST_VER_MAJOR * 10000*10000u) \ +- | (PLUGANDTRUST_VER_MINOR * 10000u) \ +- | (PLUGANDTRUST_VER_DEV)) +- +-/* clang-format on */ +- +- +-/* Version Information: +- * Generated by: +- * scripts\version_info.py (v2019.01.17_00) +- * +- * Do not edit this file. Update: +- * ./version_info.txt instead. +- * +- * prod_name = "PlugAndTrust" +- * +- * prod_desc = "Plug And Trust Package" +- * +- * lang_c_prefix = prod_name.upper() +- * +- * lang_namespace = "" +- * +- * v_major = "03" +- * +- * v_minor = "03" +- * +- * v_dev = "00" +- * +- * # Develop Branch +- * v_meta = "" +- * +- * maturity = "B" +- * +- */ +- +-#endif /* PLUGANDTRUST_VERSION_INFO_H_INCLUDED */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxEnsure.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxEnsure.h +deleted file mode 100644 +index a58a75f22d..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxEnsure.h ++++ /dev/null +@@ -1,279 +0,0 @@ +-/* +-* +-* Copyright 2019 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-/** @file +- * +- * @addtogroup param_check +- * +- * @{ +- * +- * nxEnsure.h: Helper parameter assertion check macros. +- * +- * Pre Condition: The source file must have included nxLog +- * header file. +- * +- * Project: SecureIoTMW +- * +- * +- */ +- +-#ifndef HOSTLIB_HOSTLIB_INC_NXENSURE_H_ +-#define HOSTLIB_HOSTLIB_INC_NXENSURE_H_ +- +-/* ***************************************************************************************************************** +- * Includes +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * MACROS/Defines +- * ***************************************************************************************************************** */ +- +-/** Build time over-ride if we want to enable/disable Warning Prints +- * +- * During debug builds, it makes sense to print them, +- * During retail builds, such loggings would be of any use and remove and reduce code size. +- * +- */ +-#ifndef NX_ENSURE_DO_LOG_MESSAGE +-#define NX_ENSURE_DO_LOG_MESSAGE 1 +-#endif /* NX_ENSURE_DO_LOG_MESSAGE */ +- +-/** +- * @brief Waring print of the parameter ``strCONDITION`` +- * +- * @warning NX_ENSURE_MESSAGE is an internal message/API to this file. +- * Do not use directly. +- * +- */ +-#if NX_ENSURE_DO_LOG_MESSAGE +-# define NX_ENSURE_MESSAGE(strCONDITION) \ +- LOG_W("nxEnsure:'" strCONDITION "' failed. At Line:%d Function:%s", __LINE__, __FUNCTION__) +-#else /* NX_ENSURE_DO_LOG_MESSAGE */ +-# define NX_ENSURE_MESSAGE(strCONDITION) /* No Message */ +-#endif /* NX_ENSURE_DO_LOG_MESSAGE */ +- +-/** +- * @brief Waring print of the parameter ``strCONDITION`` +- * +- * @warning NX_ENSURE_MESSAGE is an internal message/API to this file. +- * Do not use directly. +- * +- */ +-#if NX_ENSURE_DO_LOG_MESSAGE +-# define NX_ENSURE_MESSAGE(strCONDITION) \ +- LOG_W("nxEnsure:'" strCONDITION "' failed. At Line:%d Function:%s", __LINE__, __FUNCTION__) +-#else /* NX_ENSURE_DO_LOG_MESSAGE */ +-# define NX_ENSURE_MESSAGE(strCONDITION) /* No Message */ +-#endif /* NX_ENSURE_DO_LOG_MESSAGE */ +- +-/** If condition fails, goto :cleanup label +- * +- * @code{.c} +- * +- * { +- * ... +- * +- * status = Operation1(); +- * ENSURE_OR_GO_CLEANUP(0 == status); +- * +- * status = Operation2(); +- * ENSURE_OR_GO_CLEANUP(0 == status); +- * +- * ... +- * +- * cleanup: +- * return status; +- * } +- * +- * @endcode +- * +- */ +-#define ENSURE_OR_GO_CLEANUP(CONDITION) \ +- if (!(CONDITION)) { \ +- NX_ENSURE_MESSAGE(#CONDITION); \ +- goto cleanup; \ +- } +- +-/** If condition fails, goto :exit label +- * +- * @code{.c} +- * +- * { +- * ... +- * +- * status = Operation1(); +- * ENSURE_OR_GO_EXIT(0 == status); +- * +- * status = Operation2(); +- * ENSURE_OR_GO_EXIT(0 == status); +- * +- * ... +- * +- * exit: +- * return status; +- * } +- * +- * @endcode +- * +- */ +-#define ENSURE_OR_GO_EXIT(CONDITION) \ +- if (!(CONDITION)) { \ +- NX_ENSURE_MESSAGE(#CONDITION); \ +- goto exit; \ +- } +- +-/** If condition fails, break. +- * +- * Sample Usage: +- * +- * @code{.c} +- * +- * int SomeAPI() +- * { +- * ... +- * +- * do { +- * status = Operation1(); +- * ENSURE_OR_BREAK(0 == status); +- * +- * status = Operation2(); +- * ENSURE_OR_BREAK(0 == status); +- * +- * ... +- * +- * } while(0); +- * +- * return status; +- * } +- * +- * @endcode +- * +- */ +-#define ENSURE_OR_BREAK(CONDITION) \ +- if (!(CONDITION)) { \ +- NX_ENSURE_MESSAGE(#CONDITION); \ +- break; \ +- } +- +-/** If condition fails, return +- * +- * +- * @code{.c} +- * +- * void SomeAPI() +- * { +- * ... +- * +- * status = Operation1(); +- * ENSURE_OR_RETURN(0 == status); +- * +- * status = Operation2(); +- * ENSURE_OR_RETURN(0 == status); +- * +- * ... +- * +- * return; +- * } +- * +- * @endcode +- * +- * @warning This macro introduces system of mutliple +- * returns from a function which is not +- * easy to debug/trace through and hence +- * not recommended. +- * +- */ +-#define ENSURE_OR_RETURN(CONDITION) \ +- if (!(CONDITION)) { \ +- NX_ENSURE_MESSAGE(#CONDITION); \ +- return; \ +- } +- +-/** If condition fails, return +- * +- * +- * @code{.c} +- * +- * int SomeAPI() +- * { +- * ... +- * +- * status = Operation1(); +- * ENSURE_OR_RETURN_ON_ERROR(0 == status, ERR_FAIL); +- * +- * status = Operation2(); +- * ENSURE_OR_RETURN_ON_ERROR(0 == status, ERR_NOT_ENOUGH_SPACE); +- * +- * ... +- * +- * return 0; +- * } +- * +- * @endcode +- * +- * @warning This macro introduces system of mutliple +- * returns from a function which is not +- * easy to debug/trace through and hence +- * not recommended. +- * +- */ +-#define ENSURE_OR_RETURN_ON_ERROR(CONDITION, RETURN_VALUE) \ +- if (!(CONDITION)) { \ +- NX_ENSURE_MESSAGE(#CONDITION); \ +- return RETURN_VALUE; \ +- } +- +-/** If condition fails, goto quit with return value status updated. +- * +- * +- * @code{.c} +- * +- * int SomeAPI() +- * { +- int status = 0; +- * ... +- * +- * value = Operation1(); +- * ENSURE_OR_QUIT_WITH_STATUS_ON_ERROR(0 == value, status, ERR_FAIL); +- * +- * value = Operation2(); +- * ENSURE_OR_QUIT_WITH_STATUS_ON_ERROR(0 == value, status, ERR_NOT_ENOUGH_SPACE); +- * +- * ... +- * quit: +- * return status; +- * } +- * +- * @endcode +- * +- * @warning This macro introduces system of mutliple +- * returns from a function which is not +- * easy to debug/trace through and hence +- * not recommended. +- * +- */ +-#define ENSURE_OR_EXIT_WITH_STATUS_ON_ERROR(CONDITION, STATUS, RETURN_VALUE) \ +- if (!(CONDITION)) { \ +- NX_ENSURE_MESSAGE(#CONDITION); \ +- STATUS = RETURN_VALUE; \ +- goto exit; \ +- } +- +-/* ***************************************************************************************************************** +- * Types/Structure Declarations +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Extern Variables +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Function Prototypes +- * ***************************************************************************************************************** */ +- +-/** @} */ +- +-#endif /* HOSTLIB_HOSTLIB_INC_NXENSURE_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Apis.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Apis.h +deleted file mode 100644 +index a37357e3fb..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Apis.h ++++ /dev/null +@@ -1,90 +0,0 @@ +-/* +-* +-* Copyright 2018 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef NXSCP03_APIS_H_ +-#define NXSCP03_APIS_H_ +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#include "nxScp03_Types.h" +-#include "nxScp03_Const.h" +- +-/* ************************************************************************** */ +-/* Structrues and Typedefs */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +- +-/** +-* To Secure the on going communicatation +-*/ +- +-/** +-* To Verify SE +-*/ +-sss_status_t nxScp03_HostLocal_VerifyCardCryptogram( +- sss_object_t *keyObj, uint8_t *hostChallenge, uint8_t *cardChallenge, uint8_t *cardCryptogram); +- +-/** +-* To Verify Host +-*/ +-sss_status_t nxScp03_HostLocal_CalculateHostCryptogram( +- sss_object_t *keyObj, uint8_t *hostChallenge, uint8_t *cardChallenge, uint8_t *hostCryptogram); +- +-/** +-* To sending secure Command APDU +-*/ +-sss_status_t nxSCP03_Encrypt_CommandAPDU( +- NXSCP03_DynCtx_t *pdySCP03SessCtx, uint8_t *cmdBuf, size_t *cmdBufLen); +-/** +-* To provide additional Security with MAC as CRC +-*/ +-sss_status_t nxpSCP03_CalculateMac_CommandAPDU( +- NXSCP03_DynCtx_t *pdySCP03SessCtx, uint8_t *pCmdBuf, size_t pCmdBufLen, uint8_t *mac, size_t *macLen); +- +-/** +-* To get Plain Response APDU +-*/ +-uint16_t nxpSCP03_Decrypt_ResponseAPDU( +- NXSCP03_DynCtx_t *pdySCP03SessCtx, size_t cmdBufLen, uint8_t *rspBuf, size_t *pRspBufLen, uint8_t hasle); +- +-/* +-* To set the derivation data +-*/ +-void nxScp03_setDerivationData( +- uint8_t ddA[], uint16_t *pDdALen, uint8_t ddConstant, uint16_t ddL, uint8_t iCounter, uint8_t *context, uint16_t contextLen); +- +-/** +-* To Generate Session Keys +-*/ +-sss_status_t nxScp03_Generate_SessionKey( +- sss_object_t *keyObj, uint8_t *inData, uint32_t inDataLen, uint8_t *outSignature, uint32_t *outSignatureLen); +- +-/** +-* To Maintain count of commands +-*/ +-void nxpSCP03_Inc_CommandCounter(NXSCP03_DynCtx_t *pdySCP03SessCtx); +- +-#ifdef __cplusplus +-} /* extern "c"*/ +-#endif +- +-#endif /* NXSCP03_APIS_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Const.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Const.h +deleted file mode 100644 +index 26890fa45d..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Const.h ++++ /dev/null +@@ -1,97 +0,0 @@ +-/* +-* +-* Copyright 2018 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef NXSCP03_CONST_H_ +-#define NXSCP03_CONST_H_ +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#define SCP_GP_IU_KEY_DIV_DATA_LEN 10 //!< SCP GP Init Update key Div length +-#define SCP_GP_IU_KEY_INFO_LEN 3 //!< SCP GP Init Update key info length +-#define SCP_GP_CARD_CHALLENGE_LEN 8 //!< SCP GP Card Challenge length +-#define SCP_GP_HOST_CHALLENGE_LEN 8 //!< SCP GP Host Challenge length +-#define SCP_GP_IU_CARD_CRYPTOGRAM_LEN 8 //!< SCP GP Card Cryptogram length +-#define SCP_GP_IU_SEQ_COUNTER_LEN 3 //!< SCP GP Init Update Sequence Counter length +-#define SCP_GP_SW_LEN 2 //!< SCP Status Word length +-#define CRYPTO_KEY_CHECK_LEN (3) //!< SCP key check length +- +-#define ASN_ECC_NIST_256_HEADER_LEN 26 +-#define KEY_PARAMETER_REFERENCE_TAG 0xF0 +-#define KEY_PARAMETER_REFERENCE_VALUE_LEN 0x01 // Fixed for Nist256key +-#define KEY_PARAMETER_REFERENCE_VALUE 0x03 // key parameter value need to check in the spec it is 00 +-#define GPCS_KEY_TYPE_ECC_NIST256 0xB0 +-#define GPCS_KEY_TYPE_AES 0x88 +-#define GPCS_KEY_LEN_AES 16 +- +-#define SCP_ID 0xAB +-#define SCP_CONFIG 0x01 +- +-#define SCP_MCV_LEN 16 // MAC Chaining Length +- +-#define CLA_ISO7816 (0x00) //!< ISO7816-4 defined CLA byte +-#define CLA_GP_7816 (0x80) //!< GP 7816-4 defined CLA byte +-#define CLA_GP_SECURITY_BIT (0x04) //!< GP CLA Security bit +- +-#define INS_GP_INITIALIZE_UPDATE (0x50) //!< Global platform defined instruction +-#define INS_GP_EXTERNAL_AUTHENTICATE (0x82) //!< Global platform defined instruction +-#define INS_GP_SELECT (0xA4) //!< Global platform defined instruction +-#define INS_GP_PUT_KEY (0xD8) //!< Global platform defined instruction +-#define INS_GP_INTERNAL_AUTHENTICATE (0x88) //!< Global platform defined instruction +-#define INS_GP_GET_DATA (0xCA) //!< Global platform defined instruction +-#define P1_GP_GET_DATA (0xBF) //!< Global platform defined instruction +-#define P2_GP_GET_DATA (0x21) //!< Global platform defined instruction +- +-/* Sizes used in SCP */ +-#define AES_KEY_LEN_nBYTE (16) //!< AES key length +- +-#define SCP_KEY_SIZE (16) +-#define SCP_CMAC_SIZE (16) // length of the CMAC calculated (and used as MAC chaining value) +-#define SCP_IV_SIZE (16) // length of the Inital Vector +-#define SCP_COMMAND_MAC_SIZE (8) // length of the MAC appended in the APDU payload (8 'MSB's) +- +-#define DATA_CARD_CRYPTOGRAM (0x00) //!< Data card cryptogram +-#define DATA_HOST_CRYPTOGRAM (0x01) //!< Data host cryptogram +-#define DATA_DERIVATION_SENC (0x04) //!< Data Derivation to generate Sess ENC Key +-#define DATA_DERIVATION_SMAC (0x06) //!< Data Derivation to generate Sess MAC Key +-#define DATA_DERIVATION_SRMAC (0x07) //!< Data Derivation to generate Sess RMAC Key +-#define DATA_DERIVATION_INITIAL_MCV (0x08)//!< Data Derivation to generate Initial MCV +-#define DATA_DERIVATION_L_64BIT (0x0040) //!< Data Derivation length +-#define DATA_DERIVATION_L_128BIT (0x0080) //!< Data Derivation length +-#define DATA_DERIVATION_KDF_CTR (0x01) //!< Data Derivation counter +- +-#define DD_LABEL_LEN 12 //!< Data Derivation length +- +-/* defines used to indicate the command type */ +-#define C_MAC (0x01) //!< C MAC security +-#define C_ENC (0x02) //!< C ENC security +-#define R_MAC (0x10) //!< R MAC security +-#define R_ENC (0x20) //!< R ENC security +- +-#define SECLVL_CDEC_RENC_CMAC_RMAC (0x33) //!< Full security +- +-#define SCP_DATA_PAD_BYTE 0x80 //!< Data Pad Byte +- +-#define CMAC_SIZE (8) //!< CMAC Compare size +- +-#define SCP_OK (SW_OK) +-#define SCP_UNDEFINED_CHANNEL_ID (0x7041) //!< Undefined SCP channel identifier +-#define SCP_FAIL (0x7042) //!< Undefined SCP channel identifier +-#define SCP_CARD_CRYPTOGRAM_FAILS_TO_VERIFY (0x7043) //!< Undefined SCP channel identifier +-#define SCP_PARAMETER_ERROR (0x7044) //!< Undefined SCP channel identifier +- +-#define NO_C_MAC_NO_C_ENC_NO_R_MAC_NO_R_ENC 0 //!< No security requested +-#define C_MAC_NO_C_ENC_R_MAC_NO_R_ENC (C_MAC | R_MAC) //!< One apply MAC'ing (Not implemented) +-#define C_MAC_C_ENC_R_MAC_R_ENC (C_MAC | C_ENC | R_MAC | R_ENC) //!< Apply full security +-#define SECURITY_LEVEL C_MAC_C_ENC_R_MAC_R_ENC +- +-#define APPLET_SCP_INIT_UPDATE_LEN 0x0D //!< Applet SCP Initialize Update Length +-#define APPLET_SCP_EXT_AUTH_LEN 0x15 //!< Applet SCP External Authenticate Length +- +-#endif /*NXSCP03_CONST_H_*/ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Types.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Types.h +deleted file mode 100644 +index 0ce5df6231..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/nxScp03_Types.h ++++ /dev/null +@@ -1,306 +0,0 @@ +-/* +-* +-* Copyright 2018,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef NXSCP03_TYPES_H_ +-#define NXSCP03_TYPES_H_ +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +-#include +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_MBEDTLS +-#include +-#endif +-#if SSS_HAVE_OPENSSL +-#include +-#endif +-#if SSS_HAVE_HOSTCRYPTO_USER +-# include +-#endif +- +-#include "sm_api.h" +-#if SSS_HAVE_SSCP +-#include "fsl_sscp_a71ch.h" +-#endif +- +-typedef enum +-{ +- kSSS_AuthType_None = 0, +- /** Global platform SCP03 */ +- kSSS_AuthType_SCP03 = 1, +- /** (e.g. SE05X) UserID based connection */ +- kSSS_AuthType_ID = 2, +- +- /** (e.g. SE05X) Use AESKey for user authentication +- * +- * Earlier this was called kSSS_AuthType_AppletSCP03 +- */ +- kSSS_AuthType_AESKey = 3, +- /** (e.g. SE05X) Use ECKey for user authentication +- * +- * Earlier this was called kSSS_AuthType_FastSCP +- */ +- kSSS_AuthType_ECKey = 4, +- +- /* ================ Internal ======================= */ +- /* Not to be selected by end user... directly */ +- +- /** +- * Used internally, not to be set/used by user. +- * +- * For the versions of the applet where we have to add +- * the a counter during KDF. +- */ +- kSSS_AuthType_INT_ECKey_Counter = 0x14, +- +- kSSS_SIZE = 0x7FFFFFFF, +-} SE_AuthType_t; +- +-#define kSSS_AuthType_INT_FastSCP_Counter kSSS_AuthType_INT_ECKey_Counter +-#define kSSS_AuthType_FastSCP_Counter kSSS_AuthType_INT_ECKey_Counter +-#define kSSS_AuthType_FastSCP kSSS_AuthType_ECKey +-#define kSSS_AuthType_AppletSCP03 kSSS_AuthType_AESKey +- +-/** +- * Dynamic SCP03 Context. +- * +- * This structure is filled **after** establishing +- * an SCP03 session. +- */ +-typedef struct +-{ +- sss_object_t Enc; //!< session channel encryption key +- sss_object_t Mac; //!< session command authentication key +- sss_object_t Rmac; //!< session response authentication key +- uint8_t MCV[16]; //!< MAC chaining value +- uint8_t cCounter[16]; //!< command counter +- uint8_t SecurityLevel; //!< security level set +- +- /** Handle differnt types of auth.. PlatformSCP / AppletSCP */ +- SE_AuthType_t authType; +-} NXSCP03_DynCtx_t; +- +-/** +- * Static SCP03 Context. +- * +- * This structure is filled **before** establishing +- * an SCP03 session. +- * +- * Depending on system, these objects may point to keys +- * inside other security system. +- */ +-typedef struct +-{ +- /** Key version no to use for chanel +- authentication in SCP03 */ +- uint8_t keyVerNo; +- /** Encryption key object */ +- sss_object_t Enc; +- sss_object_t Mac; //!< static secure channel authentication key obj +- sss_object_t Dek; //!< data encryption key obj +-} NXSCP03_StaticCtx_t; +- +-/** +-* Static and Dynamic Context in one Context. +-* +-* +-* Depending on system, these objects may point to keys +-* inside other security system. +-*/ +-typedef struct +-{ +- NXSCP03_StaticCtx_t *pStatic_ctx; //!< .static keys data +- NXSCP03_DynCtx_t *pDyn_ctx; //!< session keys data +-} NXSCP03_AuthCtx_t; +- +-/** Static part of keys for FAST SCP */ +-typedef struct +-{ +- /** Host ECDSA Private key */ +- sss_object_t HostEcdsaObj; +- /** Host ephemeral ECC key pair */ +- sss_object_t HostEcKeypair; +- /** SE ECC public key */ +- sss_object_t SeEcPubKey; +- /** Host master Secret */ +- sss_object_t masterSec; +-} NXECKey03_StaticCtx_t; +- +-/** Keys to connect for a ECKey Connection */ +-typedef struct +-{ +- /** The Input/Static part of the ECKey Authentication +- * +- * We start/initiate a session with the keys here. +- */ +- NXECKey03_StaticCtx_t *pStatic_ctx; +- /** The Dynamic part of the ECKey Authentication +- * +- * We derive/compute the session keys based on the +- * ``pStatic_ctx``. +- */ +- NXSCP03_DynCtx_t *pDyn_ctx; // session keys data +-} SE05x_AuthCtx_ECKey_t; +- +-/** UseID / PIN baed authentication object +- * +- * This is required to open an UserID / PIN based session to the SE. +- */ +-typedef struct +-{ +- /** The corresponding authentication object on the Host */ +- sss_object_t * pObj; +-} SE05x_AuthCtx_ID_t; +- +- +-/** Legacy, only for A71CH with Host Crypto */ +-typedef struct +-{ +- sss_object_t pKeyEnc; //!< SSS AES Enc Key object +- sss_object_t pKeyMac; //!< SSS AES Mac Key object +- sss_object_t pKeyDek; //!< SSS AES Dek Key object +-} SM_SECURE_SCP03_KEYOBJ; +- +-/** Authentication mechanims */ +-typedef struct _SE_AuthCtx +-{ +- /** How exactly we are going to authenticat ot the system. +- * +- * Since ``ctx`` is a union, this is needed to know exactly how +- * we are going to authenticate. +- */ +- +- SE_AuthType_t authType; +- +- /** Depending on ``authType``, the input and output parameters. +- * +- * This has both input and output parameters. +- * +- * Input is for Keys that are used to initiate the connection. +- * While connecting, session keys/parameters are generated and they +- * are also part of this context. +- * +- * In any case, we connect to only one type +- */ +- union { +- /** For PlatformSCP / Applet SCP. +- * +- * Same SCP context will be used for platform and applet scp03 */ +- NXSCP03_AuthCtx_t scp03; +- +- /** For ECKey */ +- SE05x_AuthCtx_ECKey_t eckey; +- +- /** For UserID/PIN based based Authentication */ +- SE05x_AuthCtx_ID_t idobj; +- +- /** Legacy, only for A71CH with Host Crypto */ +- SM_SECURE_SCP03_KEYOBJ a71chAuthKeys; +- +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_AUTH_MAX_CONTEXT_SIZE]; +- } extension; +- } ctx; +-} SE_AuthCtx_t; +- +-/** +- * When connecting to a secure element, +- * +- * Extension of sss_connect_ctx_t +- */ +-typedef struct +-{ +- /** to support binary compatibility/check, sizeOfStucture helps */ +- uint16_t sizeOfStucture; +- /** If we need to authenticate, add required objects for authentication */ +- SE_AuthCtx_t auth; +- /** If some policy restrictions apply when we connect, point it here */ +- sss_policy_session_u *session_policy; +- +- /* =================================== */ +- /* Implementation specific part starts */ +- /* =================================== */ +- +- /** If we connect logically, via some software layer */ +- sss_tunnel_t *tunnelCtx; +- +- /** How exactly are we going to connect physically */ +- SSS_Conn_Type_t connType; +- +- /** Connection port name for Socket names, etc. */ +- const char *portName; +- +- /** 12C address on embedded devices. */ +- U32 i2cAddress; +- +- /** If we need to refresh session, SE050 specific */ +- uint8_t refresh_session : 1; +- +- /** In the case of Key Rotation, and other use cases +- * where we do not select the IoT Applet and skip +- * the selection of the IoT Applet. +- * +- * One of the use cases is to do platform SCP +- * key rotation. +- * +- * When set to 0: +- * Do not skip IoT Applet selection and run as-is. +- * +- * When set to 1: +- * Skip selection of card manager. +- * Skip selection of Applet. +- * +- * Internally, if there is platform SCP selected as +- * Auth mechanism during compile time, the internal +- * logic would Select the card manager. But, +- * skip selection of the Applet. +- * +- */ +- uint8_t skip_select_applet : 1; +-} SE_Connect_Ctx_t; +- +-/** Wrapper strucutre sss_connect_ctx_t */ +-typedef struct +-{ +- /** To support binary compatibility/check, sizeOfStucture helps */ +- uint16_t sizeOfStucture; +- /** If we need to authenticate, add required objects for authentication */ +- SE_AuthCtx_t auth; +- /** If some policy restrictions apply when we connect, point it here */ +- sss_policy_session_u *session_policy; +- +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_CONNECT_MAX_CONTEXT_SIZE]; +- } extension; +-} sss_connect_ctx_t; +- +-/* Deprecated */ +- +-#define SE05x_AuthCtx_t SE_AuthCtx_t +- +-#define kSE05x_AuthType_None kSSS_AuthType_None +-#define kSE05x_AuthType_SCP03 kSSS_AuthType_SCP03 +-#define kSE05x_AuthType_UserID kSSS_AuthType_ID +-#define kSE05x_AuthType_AESKey kSSS_AuthType_AESKey +-#define kSE05x_AuthType_ECKey kSSS_AuthType_ECKey +- +-/* For backwards compatibility */ +-#define SE05x_AuthType_t SE_AuthType_t +- +-#endif /* NXSCP03_TYPES_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/scp.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/scp.h +deleted file mode 100644 +index ab59629b20..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/scp.h ++++ /dev/null +@@ -1,127 +0,0 @@ +-/* +-* +-* Copyright 2016,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-/** +- * @par Description +- * This file defines the interface to an APDU transfer function supporting both +- * communication in the clear and channel encryption. +- * @par History +- * +- */ +- +-#ifndef SCP_H +-#define SCP_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#include "smCom.h" +- +-/// @cond +-#define HOST_CHANNEL_STATE_IDX 0 +-#define ADMIN_CHANNEL_STATE_IDX 1 +- +-/* Sizes used in SCP */ +-#define AES_KEY_LEN_nBYTE (16) +-#define DES_KEY_LEN_nBYTE (16) +- +-#define SCP_CRYPTOGRAM_SIZE (16) +-#define SCP_CHALLENGE_SIZE (8) +-#define SCP_KEY_SIZE (16) +-#define SCP_CMAC_SIZE (16) // length of the CMAC calculated (and used as MAC chaining value) +-#define SCP_COMMAND_MAC_SIZE (8) // length of the MAC appended in the APDU payload (8 'MSB's) +- +-/* defines used to indicate the command type */ +-#define C_MAC (0x01) +-#define C_ENC (0x02) +-#define R_MAC (0x10) +-#define R_ENC (0x20) +- +-#define SECLVL_CDEC_RENC_CMAC_RMAC (0x33) +- +-#define SCP02_SECLVL_CMAC (0x01) +-#define SCP02_SECLVL_CDEC_CMAC (0x03) +-#define SCP02_SECLVL_CDEC_CMAC_RMAC (0x13) +- +-#define SCP03_KEY_ID (0x01) +- +-#define PUT_KEYS_MULTIPLE_KEYS (0x80) +-#define PUT_KEYS_KEY_TYPE_CODING_AES (0x88) +-#define PUT_KEYS_KEY_IDENTIFIER ((PUT_KEYS_MULTIPLE_KEYS) | (SCP03_KEY_ID)) +- +-/* security levels, matching the CLA bytes for each level */ +-#define SECLVL_OFF (0x80) +-#define SECLVL_MAC (0xC0) +-#define SECLVL_ENC (0xE0) +- +-#define DD_INPUT_SIZE (32) +- +-#define DD_OFFSET_SESSION_COUNTER (10) +-#define DD_OFFSET_DD_CONSTANT (11) +-#define DD_OFFSET_L_MSB (13) +-#define DD_OFFSET_L_LSB (14) +-#define DD_OFFSET_I (15) +-#define DD_OFFSET_HOST_CHALLENGE (16) +-#define DD_OFFSET_CARD_CHALLENGE (24) +- +-#define DATA_CARD_CRYPTOGRAM (0x00) +-#define DATA_HOST_CRYPTOGRAM (0x01) +-#define DATA_DERIVATION_SENC (0x04) +-#define DATA_DERIVATION_SMAC (0x06) +-#define DATA_DERIVATION_SRMAC (0x07) +-#define DATA_DERIVATION_L_64BIT (0x0040) +-#define DATA_DERIVATION_L_128BIT (0x0080) +-#define DATA_DERIVATION_KDF_CTR (0x01) +- +-#define DD_LABEL_LEN 12 +- +-#define SCP_GP_IU_KEY_DIV_DATA_LEN 10 +-#define SCP_GP_IU_KEY_INFO_LEN 3 +-#define SCP02_GP_IU_KEY_INFO_LEN 2 +-#define SCP_GP_CARD_CHALLENGE_LEN 8 +-#define SCP02_GP_CARD_CHALLENGE_LEN 6 +-#define SCP_GP_HOST_CHALLENGE_LEN 8 +-#define SCP_GP_IU_CARD_CRYPTOGRAM_LEN 8 +-#define SCP_GP_IU_SEQ_COUNTER_LEN 3 +-#define SCP02_GP_IU_SEQ_COUNTER_LEN 2 +-#define SCP_GP_SW_LEN 2 +-#define CRYPTO_KEY_CHECK_LEN (3) +- +-#define SCP_MCV_LEN 16 // MAC Chaining Length +-/// @endcond +- +-/** +- * Enumerated type encoding the security level requested to be applied to the APDU. +- */ +-typedef enum +-{ +- NO_C_MAC_NO_C_ENC_NO_R_MAC_NO_R_ENC = 0, //!< No security requested +- C_MAC_NO_C_ENC_R_MAC_NO_R_ENC = (C_MAC | R_MAC), //!< One apply MAC'ing (Not implemented) +- C_MAC_C_ENC_R_MAC_R_ENC = (C_MAC | C_ENC | R_MAC | R_ENC) //!< Apply full security +-} scp_CommandType_t; +- +-/** +- * Exchanges APDU, applies SCP03 encryption depending on \p type parameter and on the +- * authentication status of the SCP03 channel. +- * +- * @param[in] conn_ctx connection context +- * @param[in,out] pApdu apdu_t datastructure +- * @param[in] type encryption/mac request +- * +- * @retval ::SMCOM_OK Operation successful +- * @retval ::SMCOM_SND_FAILED Send Failed +- * @retval ::SMCOM_RCV_FAILED Receive Failed +- * @retval ::ERR_CRYPTO_ENGINE_FAILED Failure in crypto engine +- * @retval ::SCP_RSP_MAC_FAIL MAC on response failed to verify +- * @retval ::SCP_DECODE_FAIL Encrypted Response did not decode to correctly padded plaintext +- */ +-U32 scp_Transceive(void *conn_ctx, apdu_t * pApdu, scp_CommandType_t type); +- +-#ifdef __cplusplus +-} +-#endif +-#endif /* _SCP_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_const.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_const.h +deleted file mode 100644 +index a2a95fe116..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_const.h ++++ /dev/null +@@ -1,168 +0,0 @@ +-/* +-* +-* Copyright 2019,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef FSL_SSS_SE05X_CONST_H +-#define FSL_SSS_SE05X_CONST_H +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_APPLET_SE05X_IOT +- +-#include +- +-#define SE05X_SESSIONID_LEN (8) +- +-/* See MAX_APDU_PAYLOAD_LENGTH in SE05x APDU Specifications. +- * +- * Using 892 so that buffer boundaries are potentially word aligned for Se050. +- * Using 1024 for Se051. +- * And expecting a failure from OnCard in case host sends a +- * larger than expected buffer. +- * Please note, depending on choice of: +- * {No Auth | UserID Auth | Applet SCP | Fast SCP } +- * and combination of either of above along with Platform SCP, +- * there is no easy way how many Exact bytes the host can +- * send to SE05x. +- */ +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-/* SE051 MAX_APDU_PAYLOAD_LENGTH 1024 */ +-#define SE05X_MAX_BUF_SIZE_CMD (1024) +-#define SE05X_MAX_BUF_SIZE_RSP (1024) +-#else +-/* SE050 MAX_APDU_PAYLOAD_LENGTH 892 */ +-#define SE05X_MAX_BUF_SIZE_CMD (892) +-#define SE05X_MAX_BUF_SIZE_RSP (892) +-#endif +- +-#define SE050_MODULE_UNIQUE_ID_LEN 18 +- +-#define SE05X_I2CM_MAX_BUF_SIZE_CMD (271) +-#define SE05X_I2CM_MAX_BUF_SIZE_RSP (271) +-#define SE05X_I2CM_MAX_TIMESTAMP_SIZE (12) +-#define SE05X_I2CM_MAX_FRESHNESS_SIZE (16) +-#define SE05X_I2CM_MAX_CHIP_ID_SIZE (18) +- +-/** How many attestation records +- * +- * Whle reading RSA Objects, modulus and public exporent get attested separately, */ +- +-#define SE05X_MAX_ATTST_DATA 2 +- +-#if SE05X_FTR_32BIT_CURVE_ID +-#define START_SE05X_ID_CURVE_START (0x7E000000) +-#else +-#define START_SE05X_ID_CURVE_START (0) +-#endif +- +-#define CIPHER_BLOCK_SIZE 16 +-#define CIPHER_UPDATE_DATA_SIZE 256 +-#define AEAD_BLOCK_SIZE 16 +-#define BINARY_WRITE_MAX_LEN 500 +- +-enum Se05x_SYMM_CIPHER_MODES +-{ +- Se05x_SYMM_MODE_NONE = 0x00, +- Se05x_SYMM_CBC = 0x01, +- Se05x_SYMM_EBC = 0x02, +- Se05x_SYMM_CTR = 0x08, /* For AES */ +-}; +- +-enum Se05x_AES_PADDING +-{ +- Se05x_AES_PADDING_NONE = 0x00, +- Se05x_AES_PAD_NOPAD = 0x01, +- Se05x_AES_PAD_ISO9797_M1 = 0x02, +- Se05x_AES_PAD_ISO9797_M2 = 0x03, +-}; +- +-enum Se05x_SHA_TYPE +-{ +- Se05x_SHA_1 = 0x00, +- Se05x_SHA_256 = 0x04, +- Se05x_SHA_384 = 0x05, +- Se05x_SHA_512 = 0x06, +-}; +- +-enum Se05x_MAC_TYPE +-{ +- Se05x_CMAC = 0x0A, +-}; +- +-enum Se05x_MAC_Sign_verify +-{ +- Se05x_MAC_Sign = 0x00, +- Se05x_MAC_Verify = 0x01, +-}; +- +-enum Se05x_I2CM_RESULT_TYPE +-{ +- Se05x_I2CM_RESULT_SUCCESS = 0xA5, +- Se05x_I2CM_RESULT_FAILURE = 0x96 // The APDU spec defines this as 0x5A, implementation deviates! +-}; +- +-#define MAX_OBJ_PCR_VALUE_SIZE 32 +-#define MAX_POLICY_BUFFER_SIZE 256 +-#define MAX_OBJ_POLICY_SIZE 47 +-#define MAX_OBJ_POLICY_TYPES 6 +-#define DEFAULT_OBJECT_POLICY_SIZE 8 +-#define OBJ_POLICY_HEADER_OFFSET 5 +-#define OBJ_POLICY_LENGTH_OFFSET 0 +-#define OBJ_POLICY_AUTHID_OFFSET 1 +-#define OBJ_POLICY_EXT_OFFSET 9 +-#define OBJ_POLICY_PCR_DATA_SIZE (4 + MAX_OBJ_PCR_VALUE_SIZE) /*4 bytes PCR Obj id + 32 bytes PCR value*/ +-#define OBJ_POLICY_AUTH_DATA_SIZE 2 +- +-#define SESSION_POLICY_LENGTH_OFFSET 0 +-#define SESSION_POLICY_AR_HEADER_OFFSET 1 +-#define DEFAULT_SESSION_POLICY_SIZE 3 +- +- +-/*below bitmaps are set according to Se050 Applet implementation +-Byte Ordering for Policy header:B1 B2 B3 B4 +-bits ordering +-b8 b7 b6 b5 b4 b3 b2 b1 +-example : B1b8 : 0x80000000 +-*/ +- +-/* Access Rules for Object Policy*/ +-#define POLICY_OBJ_FORBID_ALL 0x20000000 +-#define POLICY_OBJ_ALLOW_SIGN 0x10000000 +-#define POLICY_OBJ_ALLOW_VERIFY 0x08000000 +-#define POLICY_OBJ_ALLOW_KA 0x04000000 +-#define POLICY_OBJ_ALLOW_ENC 0x02000000 +-#define POLICY_OBJ_ALLOW_DEC 0x01000000 +-#define POLICY_OBJ_ALLOW_KDF 0x00800000 +-#define POLICY_OBJ_ALLOW_WRAP 0x00400000 +-#define POLICY_OBJ_ALLOW_READ 0x00200000 +-#define POLICY_OBJ_ALLOW_WRITE 0x00100000 +-#define POLICY_OBJ_ALLOW_GEN 0x00080000 +-#define POLICY_OBJ_ALLOW_DELETE 0x00040000 +-#define POLICY_OBJ_REQUIRE_SM 0x00020000 +-#define POLICY_OBJ_REQUIRE_PCR_VALUE 0x00010000 +-#define POLICY_OBJ_ALLOW_ATTESTATION 0x00008000 +-#define POLICY_OBJ_ALLOW_DESFIRE_AUTHENTICATION 0x00004000 +-#define POLICY_OBJ_ALLOW_DESFIRE_DUMP_SESSION_KEYS 0x00002000 +-#define POLICY_OBJ_ALLOW_IMPORT_EXPORT 0x00001000 +-#if SSS_HAVE_SE05X_VER_GTE_06_00 // 4.4 +-#define POLICY_OBJ_FORBID_DERIVED_OUTPUT 0x00000800 +-#endif +-#if SSS_HAVE_SE05X_VER_GTE_06_00 // 5.4 +-#define POLICY_OBJ_ALLOW_KDF_EXT_RANDOM 0x00000400 +-#endif +- +-/* Access Rules for Session Policy*/ +-#define POLICY_SESSION_MAX_APDU 0x8000 +-#define POLICY_SESSION_MAX_TIME 0x4000 +-#define POLICY_SESSION_ALLOW_REFRESH 0x2000 +-/**/ +- +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +- +-#endif /* FSL_SSS_SE05X_CONST_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves.h +deleted file mode 100644 +index 88787499ed..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves.h ++++ /dev/null +@@ -1,19 +0,0 @@ +-/* +-* +-* Copyright 2019,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef SE05X_ECC_CURVES_H_INC +-#define SE05X_ECC_CURVES_H_INC +- +-#include "se05x_tlv.h" +- +-#define PROCESS_ECC_CURVE(NAME) \ +- smStatus_t Se05x_API_CreateCurve_##NAME(Se05xSession_t *pSession, uint32_t obj_id) +- +-#include +- +-#undef PROCESS_ECC_CURVE +- +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_inc.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_inc.h +deleted file mode 100644 +index 636ebef120..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_inc.h ++++ /dev/null +@@ -1,268 +0,0 @@ +-/* +-* +-* Copyright 2019 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +- +-/* NIST/X9.62/SECG curve over a 192 bit prime field */ +-PROCESS_ECC_CURVE(prime192v1); +- +-/* NIST/SECG curve over a 224 bit prime field */ +-PROCESS_ECC_CURVE(secp224r1); +- +-/* NIST/SECG curve over a 384 bit prime field */ +-PROCESS_ECC_CURVE(secp384r1); +- +-/* X9.62/SECG curve over a 256 bit prime field */ +-PROCESS_ECC_CURVE(prime256v1); +- +-/* NIST/SECG curve over a 521 bit prime field */ +-PROCESS_ECC_CURVE(secp521r1); +- +-/* RFC 5639 curve over a 160 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP160r1); +- +-/* RFC 5639 curve over a 160 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP160t1); +- +-/* RFC 5639 curve over a 192 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP192r1); +- +-/* RFC 5639 curve over a 192 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP192t1); +- +-/* RFC 5639 curve over a 224 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP224r1); +- +-/* RFC 5639 curve over a 224 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP224t1); +- +-/* RFC 5639 curve over a 256 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP256r1); +- +-/* RFC 5639 curve over a 256 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP256t1); +- +-/* RFC 5639 curve over a 320 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP320r1); +- +-/* RFC 5639 curve over a 320 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP320t1); +- +-/* RFC 5639 curve over a 384 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP384r1); +- +-/* RFC 5639 curve over a 384 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP384t1); +- +-/* RFC 5639 curve over a 512 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP512r1); +- +-/* RFC 5639 curve over a 512 bit prime field */ +-PROCESS_ECC_CURVE(brainpoolP512t1); +- +-/* SECG curve over a 160 bit prime field */ +-PROCESS_ECC_CURVE(secp160k1); +- +-/* SECG curve over a 192 bit prime field */ +-PROCESS_ECC_CURVE(secp192k1); +- +-/* SECG curve over a 224 bit prime field */ +-PROCESS_ECC_CURVE(secp224k1); +- +-/* SECG curve over a 256 bit prime field */ +-PROCESS_ECC_CURVE(secp256k1); +- +-/* BN curve 256 bits */ +-PROCESS_ECC_CURVE(tpm_bm_p256); +- +-#if 0 +-/* clang-format off */ +-/* SECG/WTLS curve over a 112 bit prime field */ +-PROCESS_ECC_CURVE(secp112r1); +- +-/* SECG curve over a 112 bit prime field */ +-PROCESS_ECC_CURVE(secp112r2); +- +-/* SECG curve over a 128 bit prime field */ +-PROCESS_ECC_CURVE(secp128r1); +- +-/* SECG curve over a 128 bit prime field */ +-PROCESS_ECC_CURVE(secp128r2); +- +-/* SECG curve over a 160 bit prime field */ +-PROCESS_ECC_CURVE(secp160r1); +- +-/* SECG/WTLS curve over a 160 bit prime field */ +-PROCESS_ECC_CURVE(secp160r2); +- +- +- +-/* X9.62 curve over a 192 bit prime field */ +-PROCESS_ECC_CURVE(prime192v2); +- +-/* X9.62 curve over a 192 bit prime field */ +-PROCESS_ECC_CURVE(prime192v3); +- +-/* X9.62 curve over a 239 bit prime field */ +-PROCESS_ECC_CURVE(prime239v1); +- +-/* X9.62 curve over a 239 bit prime field */ +-PROCESS_ECC_CURVE(prime239v2); +- +-/* X9.62 curve over a 239 bit prime field */ +-PROCESS_ECC_CURVE(prime239v3); +- +- +-/* SECG curve over a 113 bit binary field */ +-PROCESS_ECC_CURVE(sect113r1); +- +-/* SECG curve over a 113 bit binary field */ +-PROCESS_ECC_CURVE(sect113r2); +- +-/* SECG/WTLS curve over a 131 bit binary field */ +-PROCESS_ECC_CURVE(sect131r1); +- +-/* SECG curve over a 131 bit binary field */ +-PROCESS_ECC_CURVE(sect131r2); +- +-/* NIST/SECG/WTLS curve over a 163 bit binary field */ +-PROCESS_ECC_CURVE(sect163k1); +- +-/* SECG curve over a 163 bit binary field */ +-PROCESS_ECC_CURVE(sect163r1); +- +-/* NIST/SECG curve over a 163 bit binary field */ +-PROCESS_ECC_CURVE(sect163r2); +- +-/* SECG curve over a 193 bit binary field */ +-PROCESS_ECC_CURVE(sect193r1); +- +-/* SECG curve over a 193 bit binary field */ +-PROCESS_ECC_CURVE(sect193r2); +- +-/* NIST/SECG/WTLS curve over a 233 bit binary field */ +-PROCESS_ECC_CURVE(sect233k1); +- +-/* NIST/SECG/WTLS curve over a 233 bit binary field */ +-PROCESS_ECC_CURVE(sect233r1); +- +-/* SECG curve over a 239 bit binary field */ +-PROCESS_ECC_CURVE(sect239k1); +- +-/* NIST/SECG curve over a 283 bit binary field */ +-PROCESS_ECC_CURVE(sect283k1); +- +-/* NIST/SECG curve over a 283 bit binary field */ +-PROCESS_ECC_CURVE(sect283r1); +- +-/* NIST/SECG curve over a 409 bit binary field */ +-PROCESS_ECC_CURVE(sect409k1); +- +-/* NIST/SECG curve over a 409 bit binary field */ +-PROCESS_ECC_CURVE(sect409r1); +- +-/* NIST/SECG curve over a 571 bit binary field */ +-PROCESS_ECC_CURVE(sect571k1); +- +-/* NIST/SECG curve over a 571 bit binary field */ +-PROCESS_ECC_CURVE(sect571r1); +- +-/* X9.62 curve over a 163 bit binary field */ +-PROCESS_ECC_CURVE(c2pnb163v1); +- +-/* X9.62 curve over a 163 bit binary field */ +-PROCESS_ECC_CURVE(c2pnb163v2); +- +-/* X9.62 curve over a 163 bit binary field */ +-PROCESS_ECC_CURVE(c2pnb163v3); +- +-/* X9.62 curve over a 176 bit binary field */ +-PROCESS_ECC_CURVE(c2pnb176v1); +- +-/* X9.62 curve over a 191 bit binary field */ +-PROCESS_ECC_CURVE(c2tnb191v1); +- +-/* X9.62 curve over a 191 bit binary field */ +-PROCESS_ECC_CURVE(c2tnb191v2); +- +-/* X9.62 curve over a 191 bit binary field */ +-PROCESS_ECC_CURVE(c2tnb191v3); +- +-/* X9.62 curve over a 208 bit binary field */ +-PROCESS_ECC_CURVE(c2pnb208w1); +- +-/* X9.62 curve over a 239 bit binary field */ +-PROCESS_ECC_CURVE(c2tnb239v1); +- +-/* X9.62 curve over a 239 bit binary field */ +-PROCESS_ECC_CURVE(c2tnb239v2); +- +-/* X9.62 curve over a 239 bit binary field */ +-PROCESS_ECC_CURVE(c2tnb239v3); +- +-/* X9.62 curve over a 272 bit binary field */ +-PROCESS_ECC_CURVE(c2pnb272w1); +- +-/* X9.62 curve over a 304 bit binary field */ +-PROCESS_ECC_CURVE(c2pnb304w1); +- +-/* X9.62 curve over a 359 bit binary field */ +-PROCESS_ECC_CURVE(c2tnb359v1); +- +-/* X9.62 curve over a 368 bit binary field */ +-PROCESS_ECC_CURVE(c2pnb368w1); +- +-/* X9.62 curve over a 431 bit binary field */ +-PROCESS_ECC_CURVE(c2tnb431r1); +- +-/* WTLS curve over a 113 bit binary field */ +-PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls1); +- +-/* NIST/SECG/WTLS curve over a 163 bit binary field */ +-PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls3); +- +-/* SECG curve over a 113 bit binary field */ +-PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls4); +- +-/* X9.62 curve over a 163 bit binary field */ +-PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls5); +- +-/* SECG/WTLS curve over a 112 bit prime field */ +-PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls6); +- +-/* SECG/WTLS curve over a 160 bit prime field */ +-PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls7); +- +-/* WTLS curve over a 112 bit prime field */ +-PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls8); +- +-/* WTLS curve over a 160 bit prime field */ +-PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls9); +- +-/* NIST/SECG/WTLS curve over a 233 bit binary field */ +-PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls10); +- +-/* NIST/SECG/WTLS curve over a 233 bit binary field */ +-PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls11); +- +-/* WTLS curve over a 224 bit prime field */ +-PROCESS_ECC_CURVE(wap_wsg_idm_ecid_wtls12); +- +-/* +- IPSec/IKE/Oakley curve #3 over a 155 bit binary field. +- Not suitable for ECDSA. +- Questionable extension field! */ +-PROCESS_ECC_CURVE(Oakley_EC2N_3); +- +-/* +- IPSec/IKE/Oakley curve #4 over a 185 bit binary field. +- Not suitable for ECDSA. +- Questionable extension field! */ +-PROCESS_ECC_CURVE(Oakley_EC2N_4); +- +- +-/* clang-format on */ +- +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_values.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_values.h +deleted file mode 100644 +index c7398db669..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ecc_curves_values.h ++++ /dev/null +@@ -1,2801 +0,0 @@ +-/* +-* +-* Copyright 2018 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef SE05X_ECC_CURVES_LIST_H_INC +-#define SE05X_ECC_CURVES_LIST_H_INC +- +-/* clang-format off */ +- +-#if 0 +-/* secp112r1 : SECG/WTLS curve over a 112 bit prime field */ +-#define EC_PARAM_secp112r1_prime \ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ +- 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x8B +-#define EC_PARAM_secp112r1_a \ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ +- 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x88 +-#define EC_PARAM_secp112r1_b \ +- 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, \ +- 0xDE, 0x89, 0x11, 0x70, 0x2B, 0x22 +-#define EC_PARAM_secp112r1_x \ +- 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, \ +- 0x6B, 0x55, 0xF9, 0xC2, 0xF0, 0x98 +-#define EC_PARAM_secp112r1_y \ +- 0xA8, 0x9C, 0xE5, 0xAF, 0x87, 0x24, 0xC0, 0xA2, \ +- 0x3E, 0x0E, 0x0F, 0xF7, 0x75, 0x00 +-#define EC_PARAM_secp112r1_order \ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, \ +- 0x28, 0xDF, 0xAC, 0x65, 0x61, 0xC5 +-#endif +- +-#if 0 +-/* secp112r2 : SECG curve over a 112 bit prime field */ +-#define EC_PARAM_secp112r2_prime \ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ +- 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x8B +-#define EC_PARAM_secp112r2_a \ +- 0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, \ +- 0xAA, 0xF6, 0x5C, 0x0E, 0xF0, 0x2C +-#define EC_PARAM_secp112r2_b \ +- 0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, \ +- 0xFC, 0xC3, 0x4C, 0x85, 0xD7, 0x09 +-#define EC_PARAM_secp112r2_x \ +- 0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, \ +- 0x64, 0x9D, 0xD0, 0x92, 0x86, 0x43 +-#define EC_PARAM_secp112r2_y \ +- 0xAD, 0xCD, 0x46, 0xF5, 0x88, 0x2E, 0x37, 0x47, \ +- 0xDE, 0xF3, 0x6E, 0x95, 0x6E, 0x97 +-#define EC_PARAM_secp112r2_order \ +- 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, \ +- 0x7C, 0xA1, 0x05, 0x20, 0xD0, 0x4B +-#endif +- +-#if 0 +-/* secp128r1 : SECG curve over a 128 bit prime field */ +-#define EC_PARAM_secp128r1_prime \ +- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +-#define EC_PARAM_secp128r1_a \ +- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC +-#define EC_PARAM_secp128r1_b \ +- 0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, \ +- 0xD8, 0x24, 0x99, 0x3C, 0x2C, 0xEE, 0x5E, 0xD3 +-#define EC_PARAM_secp128r1_x \ +- 0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, \ +- 0x0C, 0x28, 0x60, 0x7C, 0xA5, 0x2C, 0x5B, 0x86 +-#define EC_PARAM_secp128r1_y \ +- 0xCF, 0x5A, 0xC8, 0x39, 0x5B, 0xAF, 0xEB, 0x13, \ +- 0xC0, 0x2D, 0xA2, 0x92, 0xDD, 0xED, 0x7A, 0x83 +-#define EC_PARAM_secp128r1_order \ +- 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, \ +- 0x75, 0xA3, 0x0D, 0x1B, 0x90, 0x38, 0xA1, 0x15 +-#endif +- +-#if 0 +-/* secp128r2 : SECG curve over a 128 bit prime field */ +-#define EC_PARAM_secp128r2_prime \ +- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +-#define EC_PARAM_secp128r2_a \ +- 0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, \ +- 0xBF, 0x59, 0xCC, 0x9B, 0xBF, 0xF9, 0xAE, 0xE1 +-#define EC_PARAM_secp128r2_b \ +- 0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, \ +- 0xDC, 0x2C, 0x65, 0x58, 0xBB, 0x6D, 0x8A, 0x5D +-#define EC_PARAM_secp128r2_x \ +- 0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, \ +- 0xE6, 0xFB, 0x32, 0xA7, 0xCD, 0xEB, 0xC1, 0x40 +-#define EC_PARAM_secp128r2_y \ +- 0x27, 0xB6, 0x91, 0x6A, 0x89, 0x4D, 0x3A, 0xEE, \ +- 0x71, 0x06, 0xFE, 0x80, 0x5F, 0xC3, 0x4B, 0x44 +-#define EC_PARAM_secp128r2_order \ +- 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ +- 0xBE, 0x00, 0x24, 0x72, 0x06, 0x13, 0xB5, 0xA3 +-#endif +- +-#if 1 +-/* secp160k1 : SECG curve over a 160 bit prime field */ +-#define EC_PARAM_secp160k1_prime \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFE, 0xFF, 0xFF, 0xAC, 0x73 +-#define EC_PARAM_secp160k1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_secp160k1_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x07 +-#define EC_PARAM_secp160k1_x \ +- 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, \ +- 0x92, 0xA4, 0x01, 0x9E, 0x76, 0x30, 0x36, 0xF4, \ +- 0xF5, 0xDD, 0x4D, 0x7E, 0xBB +-#define EC_PARAM_secp160k1_y \ +- 0x93, 0x8C, 0xF9, 0x35, 0x31, 0x8F, 0xDC, \ +- 0xED, 0x6B, 0xC2, 0x82, 0x86, 0x53, 0x17, 0x33, \ +- 0xC3, 0xF0, 0x3C, 0x4F, 0xEE +-#define EC_PARAM_secp160k1_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x01, 0xB8, 0xFA, 0x16, 0xDF, 0xAB, \ +- 0x9A, 0xCA, 0x16, 0xB6, 0xB3 +-#endif +- +-#if 0 +-/* secp160r1 : SECG curve over a 160 bit prime field */ +-#define EC_PARAM_secp160r1_prime \ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0x7F, 0xFF, 0xFF, 0xFF +-#define EC_PARAM_secp160r1_a \ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0x7F, 0xFF, 0xFF, 0xFC +-#define EC_PARAM_secp160r1_b \ +- 0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, \ +- 0x8B, 0x65, 0xAC, 0xF8, 0x9F, 0x81, 0xD4, 0xD4, \ +- 0xAD, 0xC5, 0x65, 0xFA, 0x45 +-#define EC_PARAM_secp160r1_x \ +- 0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, \ +- 0x28, 0x46, 0x64, 0x69, 0x89, 0x68, 0xC3, 0x8B, \ +- 0xB9, 0x13, 0xCB, 0xFC, 0x82 +-#define EC_PARAM_secp160r1_y \ +- 0x00, 0x23, 0xA6, 0x28, 0x55, 0x31, 0x68, 0x94, \ +- 0x7D, 0x59, 0xDC, 0xC9, 0x12, 0x04, 0x23, 0x51, \ +- 0x37, 0x7A, 0xC5, 0xFB, 0x32 +-#define EC_PARAM_secp160r1_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x01, 0xF4, 0xC8, 0xF9, 0x27, 0xAE, \ +- 0xD3, 0xCA, 0x75, 0x22, 0x57 +-#endif +- +-#if 0 +-/* secp160r2 : SECG/WTLS curve over a 160 bit prime field */ +-#define EC_PARAM_secp160r2_prime \ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFE, 0xFF, 0xFF, 0xAC, 0x73 +-#define EC_PARAM_secp160r2_a \ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFE, 0xFF, 0xFF, 0xAC, 0x70 +-#define EC_PARAM_secp160r2_b \ +- 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, \ +- 0x8B, 0xAB, 0x57, 0x27, 0x49, 0x04, 0x66, 0x4D, \ +- 0x5A, 0xF5, 0x03, 0x88, 0xBA +-#define EC_PARAM_secp160r2_x \ +- 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, \ +- 0x7E, 0x1F, 0x4F, 0xF1, 0x1B, 0x30, 0xF7, 0x19, \ +- 0x9D, 0x31, 0x44, 0xCE, 0x6D +-#define EC_PARAM_secp160r2_y \ +- 0x00, 0xFE, 0xAF, 0xFE, 0xF2, 0xE3, 0x31, 0xF2, \ +- 0x96, 0xE0, 0x71, 0xFA, 0x0D, 0xF9, 0x98, 0x2C, \ +- 0xFE, 0xA7, 0xD4, 0x3F, 0x2E +-#define EC_PARAM_secp160r2_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x35, 0x1E, 0xE7, 0x86, 0xA8, \ +- 0x18, 0xF3, 0xA1, 0xA1, 0x6B +-#endif +- +-#if 1 +-/* secp192k1 : SECG curve over a 192 bit prime field */ +-#define EC_PARAM_secp192k1_prime \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37 +-#define EC_PARAM_secp192k1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_secp192k1_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 +-#define EC_PARAM_secp192k1_x \ +- 0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, \ +- 0x26, 0xB0, 0x7D, 0x02, 0x80, 0xB7, 0xF4, 0x34, \ +- 0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D +-#define EC_PARAM_secp192k1_y \ +- 0x9B, 0x2F, 0x2F, 0x6D, 0x9C, 0x56, 0x28, 0xA7, \ +- 0x84, 0x41, 0x63, 0xD0, 0x15, 0xBE, 0x86, 0x34, \ +- 0x40, 0x82, 0xAA, 0x88, 0xD9, 0x5E, 0x2F, 0x9D +-#define EC_PARAM_secp192k1_order \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFE, 0x26, 0xF2, 0xFC, 0x17, \ +- 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D +-#endif +- +-#if 1 +-/* secp224k1 : SECG curve over a 224 bit prime field */ +-#define EC_PARAM_secp224k1_prime \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFE, 0xFF, 0xFF, 0xE5, 0x6D +-#define EC_PARAM_secp224k1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_secp224k1_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x05 +-#define EC_PARAM_secp224k1_x \ +- 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, \ +- 0xDF, 0x30, 0xFC, 0x28, 0xA1, 0x69, 0xA4, 0x67, \ +- 0xE9, 0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65, \ +- 0x0E, 0xB6, 0xB7, 0xA4, 0x5C +-#define EC_PARAM_secp224k1_y \ +- 0x7E, 0x08, 0x9F, 0xED, 0x7F, 0xBA, 0x34, \ +- 0x42, 0x82, 0xCA, 0xFB, 0xD6, 0xF7, 0xE3, 0x19, \ +- 0xF7, 0xC0, 0xB0, 0xBD, 0x59, 0xE2, 0xCA, 0x4B, \ +- 0xDB, 0x55, 0x6D, 0x61, 0xA5 +-#define EC_PARAM_secp224k1_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xDC, \ +- 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9, \ +- 0x71, 0x76, 0x9F, 0xB1, 0xF7 +-#endif +- +-#if 1 +-/* secp224r1 : NIST/SECG curve over a 224 bit prime field */ +-#define EC_PARAM_secp224r1_prime \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_secp224r1_a \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFE +-#define EC_PARAM_secp224r1_b \ +- 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, \ +- 0xF5, 0x41, 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, \ +- 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, \ +- 0x23, 0x55, 0xFF, 0xB4 +-#define EC_PARAM_secp224r1_x \ +- 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, \ +- 0x32, 0x13, 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, \ +- 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, \ +- 0x11, 0x5C, 0x1D, 0x21 +-#define EC_PARAM_secp224r1_y \ +- 0xBD, 0x37, 0x63, 0x88, 0xB5, 0xF7, 0x23, 0xFB, \ +- 0x4C, 0x22, 0xDF, 0xE6, 0xCD, 0x43, 0x75, 0xA0, \ +- 0x5A, 0x07, 0x47, 0x64, 0x44, 0xD5, 0x81, 0x99, \ +- 0x85, 0x00, 0x7E, 0x34 +-#define EC_PARAM_secp224r1_order \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, \ +- 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, \ +- 0x5C, 0x5C, 0x2A, 0x3D +-#endif +- +-#if 1 +-/* secp256k1 : SECG curve over a 256 bit prime field */ +-#define EC_PARAM_secp256k1_prime \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F +-#define EC_PARAM_secp256k1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_secp256k1_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07 +-#define EC_PARAM_secp256k1_x \ +- 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, \ +- 0x55, 0xA0, 0x62, 0x95, 0xCE, 0x87, 0x0B, 0x07, \ +- 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, \ +- 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98 +-#define EC_PARAM_secp256k1_y \ +- 0x48, 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, \ +- 0x5D, 0xA4, 0xFB, 0xFC, 0x0E, 0x11, 0x08, 0xA8, \ +- 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54, 0x19, \ +- 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, 0xB8 +-#define EC_PARAM_secp256k1_order \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ +- 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, \ +- 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 +-#endif +- +-#if 1 +-/* secp384r1 : NIST/SECG curve over a 384 bit prime field */ +-#define EC_PARAM_secp384r1_prime \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF +-#define EC_PARAM_secp384r1_a \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC +-#define EC_PARAM_secp384r1_b \ +- 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, \ +- 0x98, 0x8E, 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19, \ +- 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, \ +- 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, \ +- 0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D, \ +- 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF +-#define EC_PARAM_secp384r1_x \ +- 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, \ +- 0x8E, 0xB1, 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74, \ +- 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, \ +- 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, \ +- 0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C, \ +- 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7 +-#define EC_PARAM_secp384r1_y \ +- 0x36, 0x17, 0xDE, 0x4A, 0x96, 0x26, 0x2C, 0x6F, \ +- 0x5D, 0x9E, 0x98, 0xBF, 0x92, 0x92, 0xDC, 0x29, \ +- 0xF8, 0xF4, 0x1D, 0xBD, 0x28, 0x9A, 0x14, 0x7C, \ +- 0xE9, 0xDA, 0x31, 0x13, 0xB5, 0xF0, 0xB8, 0xC0, \ +- 0x0A, 0x60, 0xB1, 0xCE, 0x1D, 0x7E, 0x81, 0x9D, \ +- 0x7A, 0x43, 0x1D, 0x7C, 0x90, 0xEA, 0x0E, 0x5F +-#define EC_PARAM_secp384r1_order \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, \ +- 0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A, \ +- 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 +-#endif +- +-#if 1 +-/* secp521r1 : NIST/SECG curve over a 521 bit prime field */ +-#define EC_PARAM_secp521r1_prime \ +- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF +-#define EC_PARAM_secp521r1_a \ +- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFC +-#define EC_PARAM_secp521r1_b \ +- 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, \ +- 0x9A, 0x1F, 0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85, \ +- 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, \ +- 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, \ +- 0x09, 0xE1, 0x56, 0x19, 0x39, 0x51, 0xEC, 0x7E, \ +- 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, \ +- 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, \ +- 0x34, 0xF1, 0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50, \ +- 0x3F, 0x00 +-#define EC_PARAM_secp521r1_x \ +- 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, \ +- 0xE9, 0xCD, 0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95, \ +- 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, \ +- 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, \ +- 0x3D, 0xBA, 0xA1, 0x4B, 0x5E, 0x77, 0xEF, 0xE7, \ +- 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, \ +- 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, \ +- 0x42, 0x9B, 0xF9, 0x7E, 0x7E, 0x31, 0xC2, 0xE5, \ +- 0xBD, 0x66 +-#define EC_PARAM_secp521r1_y \ +- 0x01, 0x18, 0x39, 0x29, 0x6A, 0x78, 0x9A, 0x3B, \ +- 0xC0, 0x04, 0x5C, 0x8A, 0x5F, 0xB4, 0x2C, 0x7D, \ +- 0x1B, 0xD9, 0x98, 0xF5, 0x44, 0x49, 0x57, 0x9B, \ +- 0x44, 0x68, 0x17, 0xAF, 0xBD, 0x17, 0x27, 0x3E, \ +- 0x66, 0x2C, 0x97, 0xEE, 0x72, 0x99, 0x5E, 0xF4, \ +- 0x26, 0x40, 0xC5, 0x50, 0xB9, 0x01, 0x3F, 0xAD, \ +- 0x07, 0x61, 0x35, 0x3C, 0x70, 0x86, 0xA2, 0x72, \ +- 0xC2, 0x40, 0x88, 0xBE, 0x94, 0x76, 0x9F, 0xD1, \ +- 0x66, 0x50 +-#define EC_PARAM_secp521r1_order \ +- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFA, 0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, \ +- 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, \ +- 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, \ +- 0x47, 0xAE, 0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38, \ +- 0x64, 0x09 +-#endif +- +-#if 1 +-/* prime192v1 : NIST/X9.62/SECG curve over a 192 bit prime field */ +-#define EC_PARAM_prime192v1_prime \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +-#define EC_PARAM_prime192v1_a \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC +-#define EC_PARAM_prime192v1_b \ +- 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, \ +- 0x0F, 0xA7, 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49, \ +- 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1 +-#define EC_PARAM_prime192v1_x \ +- 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, \ +- 0x7C, 0xBF, 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00, \ +- 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12 +-#define EC_PARAM_prime192v1_y \ +- 0x07, 0x19, 0x2B, 0x95, 0xFF, 0xC8, 0xDA, 0x78, \ +- 0x63, 0x10, 0x11, 0xED, 0x6B, 0x24, 0xCD, 0xD5, \ +- 0x73, 0xF9, 0x77, 0xA1, 0x1E, 0x79, 0x48, 0x11 +-#define EC_PARAM_prime192v1_order \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36, \ +- 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 +-#endif +- +-#if 0 +-/* prime192v2 : X9.62 curve over a 192 bit prime field */ +-#define EC_PARAM_prime192v2_prime \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +-#define EC_PARAM_prime192v2_a \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC +-#define EC_PARAM_prime192v2_b \ +- 0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, \ +- 0xE4, 0x9C, 0x0D, 0x63, 0x64, 0xA4, 0xE5, 0x98, \ +- 0x0C, 0x39, 0x3A, 0xA2, 0x16, 0x68, 0xD9, 0x53 +-#define EC_PARAM_prime192v2_x \ +- 0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, \ +- 0xF2, 0xDE, 0x77, 0x69, 0xCF, 0xE9, 0xC9, 0x89, \ +- 0xC0, 0x72, 0xAD, 0x69, 0x6F, 0x48, 0x03, 0x4A +-#define EC_PARAM_prime192v2_y \ +- 0x65, 0x74, 0xD1, 0x1D, 0x69, 0xB6, 0xEC, 0x7A, \ +- 0x67, 0x2B, 0xB8, 0x2A, 0x08, 0x3D, 0xF2, 0xF2, \ +- 0xB0, 0x84, 0x7D, 0xE9, 0x70, 0xB2, 0xDE, 0x15 +-#define EC_PARAM_prime192v2_order \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFE, 0x5F, 0xB1, 0xA7, 0x24, \ +- 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31 +-#endif +- +-#if 0 +-/* prime192v3 : X9.62 curve over a 192 bit prime field */ +-#define EC_PARAM_prime192v3_prime \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +-#define EC_PARAM_prime192v3_a \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC +-#define EC_PARAM_prime192v3_b \ +- 0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, \ +- 0xA7, 0x42, 0x3D, 0xAE, 0xCC, 0xC9, 0x47, 0x60, \ +- 0xA7, 0xD4, 0x62, 0x25, 0x6B, 0xD5, 0x69, 0x16 +-#define EC_PARAM_prime192v3_x \ +- 0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, \ +- 0xA1, 0x78, 0x37, 0x16, 0x58, 0x8D, 0xCE, 0x2B, \ +- 0x8B, 0x4A, 0xEE, 0x8E, 0x22, 0x8F, 0x18, 0x96 +-#define EC_PARAM_prime192v3_y \ +- 0x38, 0xA9, 0x0F, 0x22, 0x63, 0x73, 0x37, 0x33, \ +- 0x4B, 0x49, 0xDC, 0xB6, 0x6A, 0x6D, 0xC8, 0xF9, \ +- 0x97, 0x8A, 0xCA, 0x76, 0x48, 0xA9, 0x43, 0xB0 +-#define EC_PARAM_prime192v3_order \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x7A, 0x62, 0xD0, 0x31, \ +- 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13 +-#endif +- +-#if 0 +-/* prime239v1 : X9.62 curve over a 239 bit prime field */ +-#define EC_PARAM_prime239v1_prime \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +-#define EC_PARAM_prime239v1_a \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC +-#define EC_PARAM_prime239v1_b \ +- 0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, \ +- 0xD0, 0xD6, 0x54, 0x92, 0x14, 0x75, 0xCA, 0x71, \ +- 0xA9, 0xDB, 0x2F, 0xB2, 0x7D, 0x1D, 0x37, 0x79, \ +- 0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A +-#define EC_PARAM_prime239v1_x \ +- 0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, \ +- 0xCC, 0x33, 0xB8, 0x64, 0x2B, 0xED, 0xF9, 0x05, \ +- 0xC3, 0xD3, 0x58, 0x57, 0x3D, 0x3F, 0x27, 0xFB, \ +- 0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF +-#define EC_PARAM_prime239v1_y \ +- 0x7D, 0xEB, 0xE8, 0xE4, 0xE9, 0x0A, 0x5D, 0xAE, \ +- 0x6E, 0x40, 0x54, 0xCA, 0x53, 0x0B, 0xA0, 0x46, \ +- 0x54, 0xB3, 0x68, 0x18, 0xCE, 0x22, 0x6B, 0x39, \ +- 0xFC, 0xCB, 0x7B, 0x02, 0xF1, 0xAE +-#define EC_PARAM_prime239v1_order \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x9E, \ +- 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1, \ +- 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B +-#endif +- +-#if 0 +-/* prime239v2 : X9.62 curve over a 239 bit prime field */ +-#define EC_PARAM_prime239v2_prime \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +-#define EC_PARAM_prime239v2_a \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC +-#define EC_PARAM_prime239v2_b \ +- 0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, \ +- 0xFE, 0xD5, 0x0D, 0x99, 0xF0, 0x24, 0x9C, 0x3F, \ +- 0xEE, 0x58, 0xB9, 0x4B, 0xA0, 0x03, 0x8C, 0x7A, \ +- 0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C +-#define EC_PARAM_prime239v2_x \ +- 0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, \ +- 0x20, 0xC9, 0x21, 0xBB, 0x5E, 0x9E, 0x26, 0x29, \ +- 0x6A, 0x3C, 0xDC, 0xF2, 0xF3, 0x57, 0x57, 0xA0, \ +- 0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7 +-#define EC_PARAM_prime239v2_y \ +- 0x5B, 0x01, 0x25, 0xE4, 0xDB, 0xEA, 0x0E, 0xC7, \ +- 0x20, 0x6D, 0xA0, 0xFC, 0x01, 0xD9, 0xB0, 0x81, \ +- 0x32, 0x9F, 0xB5, 0x55, 0xDE, 0x6E, 0xF4, 0x60, \ +- 0x23, 0x7D, 0xFF, 0x8B, 0xE4, 0xBA +-#define EC_PARAM_prime239v2_order \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0xCF, \ +- 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0, \ +- 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 +-#endif +- +-#if 0 +-/* prime239v3 : X9.62 curve over a 239 bit prime field */ +-#define EC_PARAM_prime239v3_prime \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +-#define EC_PARAM_prime239v3_a \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC +-#define EC_PARAM_prime239v3_b \ +- 0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, \ +- 0xB1, 0xF4, 0xCB, 0x03, 0xD6, 0xA7, 0x50, 0xA3, \ +- 0x0C, 0x25, 0x01, 0x02, 0xD4, 0x98, 0x87, 0x17, \ +- 0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E +-#define EC_PARAM_prime239v3_x \ +- 0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, \ +- 0xCF, 0x00, 0x5C, 0x94, 0x9A, 0xA2, 0xC6, 0xD9, \ +- 0x48, 0x53, 0xD0, 0xE6, 0x60, 0xBB, 0xF8, 0x54, \ +- 0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A +-#define EC_PARAM_prime239v3_y \ +- 0x16, 0x07, 0xE6, 0x89, 0x8F, 0x39, 0x0C, 0x06, \ +- 0xBC, 0x1D, 0x55, 0x2B, 0xAD, 0x22, 0x6F, 0x3B, \ +- 0x6F, 0xCF, 0xE4, 0x8B, 0x6E, 0x81, 0x84, 0x99, \ +- 0xAF, 0x18, 0xE3, 0xED, 0x6C, 0xF3 +-#define EC_PARAM_prime239v3_order \ +- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x97, \ +- 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C, \ +- 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 +-#endif +- +-#if 1 +-/* prime256v1 : X9.62/SECG curve over a 256 bit prime field */ +-#define EC_PARAM_prime256v1_prime \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +-#define EC_PARAM_prime256v1_a \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC +-#define EC_PARAM_prime256v1_b \ +- 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, \ +- 0xB3, 0xEB, 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC, \ +- 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, \ +- 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B +-#define EC_PARAM_prime256v1_x \ +- 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, \ +- 0xF8, 0xBC, 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2, \ +- 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, \ +- 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96 +-#define EC_PARAM_prime256v1_y \ +- 0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B, \ +- 0x8E, 0xE7, 0xEB, 0x4A, 0x7C, 0x0F, 0x9E, 0x16, \ +- 0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE, \ +- 0xCB, 0xB6, 0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5 +-#define EC_PARAM_prime256v1_order \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, \ +- 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 +-#endif +- +-#if 0 +-/* sect113r1 : SECG curve over a 113 bit binary field */ +-#define EC_PARAM_sect113r1_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 +-#define EC_PARAM_sect113r1_a \ +- 0x00, 0x30, 0x88, 0x25, 0x0C, 0xA6, 0xE7, 0xC7, \ +- 0xFE, 0x64, 0x9C, 0xE8, 0x58, 0x20, 0xF7 +-#define EC_PARAM_sect113r1_b \ +- 0x00, 0xE8, 0xBE, 0xE4, 0xD3, 0xE2, 0x26, 0x07, \ +- 0x44, 0x18, 0x8B, 0xE0, 0xE9, 0xC7, 0x23 +-#define EC_PARAM_sect113r1_x \ +- 0x00, 0x9D, 0x73, 0x61, 0x6F, 0x35, 0xF4, 0xAB, \ +- 0x14, 0x07, 0xD7, 0x35, 0x62, 0xC1, 0x0F +-#define EC_PARAM_sect113r1_y \ +- 0x00, 0xA5, 0x28, 0x30, 0x27, 0x79, 0x58, 0xEE, \ +- 0x84, 0xD1, 0x31, 0x5E, 0xD3, 0x18, 0x86 +-#define EC_PARAM_sect113r1_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0xD9, 0xCC, 0xEC, 0x8A, 0x39, 0xE5, 0x6F +-#endif +- +-#if 0 +-/* sect113r2 : SECG curve over a 113 bit binary field */ +-#define EC_PARAM_sect113r2_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 +-#define EC_PARAM_sect113r2_a \ +- 0x00, 0x68, 0x99, 0x18, 0xDB, 0xEC, 0x7E, 0x5A, \ +- 0x0D, 0xD6, 0xDF, 0xC0, 0xAA, 0x55, 0xC7 +-#define EC_PARAM_sect113r2_b \ +- 0x00, 0x95, 0xE9, 0xA9, 0xEC, 0x9B, 0x29, 0x7B, \ +- 0xD4, 0xBF, 0x36, 0xE0, 0x59, 0x18, 0x4F +-#define EC_PARAM_sect113r2_x \ +- 0x01, 0xA5, 0x7A, 0x6A, 0x7B, 0x26, 0xCA, 0x5E, \ +- 0xF5, 0x2F, 0xCD, 0xB8, 0x16, 0x47, 0x97 +-#define EC_PARAM_sect113r2_y \ +- 0x00, 0xB3, 0xAD, 0xC9, 0x4E, 0xD1, 0xFE, 0x67, \ +- 0x4C, 0x06, 0xE6, 0x95, 0xBA, 0xBA, 0x1D +-#define EC_PARAM_sect113r2_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, \ +- 0x08, 0x78, 0x9B, 0x24, 0x96, 0xAF, 0x93 +-#endif +- +-#if 0 +-/* sect131r1 : SECG/WTLS curve over a 131 bit binary field */ +-#define EC_PARAM_sect131r1_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, \ +- 0x0D +-#define EC_PARAM_sect131r1_a \ +- 0x07, 0xA1, 0x1B, 0x09, 0xA7, 0x6B, 0x56, 0x21, \ +- 0x44, 0x41, 0x8F, 0xF3, 0xFF, 0x8C, 0x25, 0x70, \ +- 0xB8 +-#define EC_PARAM_sect131r1_b \ +- 0x02, 0x17, 0xC0, 0x56, 0x10, 0x88, 0x4B, 0x63, \ +- 0xB9, 0xC6, 0xC7, 0x29, 0x16, 0x78, 0xF9, 0xD3, \ +- 0x41 +-#define EC_PARAM_sect131r1_x \ +- 0x00, 0x81, 0xBA, 0xF9, 0x1F, 0xDF, 0x98, 0x33, \ +- 0xC4, 0x0F, 0x9C, 0x18, 0x13, 0x43, 0x63, 0x83, \ +- 0x99 +-#define EC_PARAM_sect131r1_y \ +- 0x07, 0x8C, 0x6E, 0x7E, 0xA3, 0x8C, 0x00, 0x1F, \ +- 0x73, 0xC8, 0x13, 0x4B, 0x1B, 0x4E, 0xF9, 0xE1, \ +- 0x50 +-#define EC_PARAM_sect131r1_order \ +- 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x02, 0x31, 0x23, 0x95, 0x3A, 0x94, 0x64, 0xB5, \ +- 0x4D +-#endif +- +-#if 0 +-/* sect131r2 : SECG curve over a 131 bit binary field */ +-#define EC_PARAM_sect131r2_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, \ +- 0x0D +-#define EC_PARAM_sect131r2_a \ +- 0x03, 0xE5, 0xA8, 0x89, 0x19, 0xD7, 0xCA, 0xFC, \ +- 0xBF, 0x41, 0x5F, 0x07, 0xC2, 0x17, 0x65, 0x73, \ +- 0xB2 +-#define EC_PARAM_sect131r2_b \ +- 0x04, 0xB8, 0x26, 0x6A, 0x46, 0xC5, 0x56, 0x57, \ +- 0xAC, 0x73, 0x4C, 0xE3, 0x8F, 0x01, 0x8F, 0x21, \ +- 0x92 +-#define EC_PARAM_sect131r2_x \ +- 0x03, 0x56, 0xDC, 0xD8, 0xF2, 0xF9, 0x50, 0x31, \ +- 0xAD, 0x65, 0x2D, 0x23, 0x95, 0x1B, 0xB3, 0x66, \ +- 0xA8 +-#define EC_PARAM_sect131r2_y \ +- 0x06, 0x48, 0xF0, 0x6D, 0x86, 0x79, 0x40, 0xA5, \ +- 0x36, 0x6D, 0x9E, 0x26, 0x5D, 0xE9, 0xEB, 0x24, \ +- 0x0F +-#define EC_PARAM_sect131r2_order \ +- 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x01, 0x69, 0x54, 0xA2, 0x33, 0x04, 0x9B, 0xA9, \ +- 0x8F +-#endif +- +-#if 0 +-/* sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field */ +-#define EC_PARAM_sect163k1_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0xC9 +-#define EC_PARAM_sect163k1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect163k1_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect163k1_x \ +- 0x02, 0xFE, 0x13, 0xC0, 0x53, 0x7B, 0xBC, 0x11, \ +- 0xAC, 0xAA, 0x07, 0xD7, 0x93, 0xDE, 0x4E, 0x6D, \ +- 0x5E, 0x5C, 0x94, 0xEE, 0xE8 +-#define EC_PARAM_sect163k1_y \ +- 0x02, 0x89, 0x07, 0x0F, 0xB0, 0x5D, 0x38, 0xFF, \ +- 0x58, 0x32, 0x1F, 0x2E, 0x80, 0x05, 0x36, 0xD5, \ +- 0x38, 0xCC, 0xDA, 0xA3, 0xD9 +-#define EC_PARAM_sect163k1_order \ +- 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x02, 0x01, 0x08, 0xA2, 0xE0, 0xCC, \ +- 0x0D, 0x99, 0xF8, 0xA5, 0xEF +-#endif +- +-#if 0 +-/* sect163r1 : SECG curve over a 163 bit binary field */ +-#define EC_PARAM_sect163r1_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0xC9 +-#define EC_PARAM_sect163r1_a \ +- 0x07, 0xB6, 0x88, 0x2C, 0xAA, 0xEF, 0xA8, 0x4F, \ +- 0x95, 0x54, 0xFF, 0x84, 0x28, 0xBD, 0x88, 0xE2, \ +- 0x46, 0xD2, 0x78, 0x2A, 0xE2 +-#define EC_PARAM_sect163r1_b \ +- 0x07, 0x13, 0x61, 0x2D, 0xCD, 0xDC, 0xB4, 0x0A, \ +- 0xAB, 0x94, 0x6B, 0xDA, 0x29, 0xCA, 0x91, 0xF7, \ +- 0x3A, 0xF9, 0x58, 0xAF, 0xD9 +-#define EC_PARAM_sect163r1_x \ +- 0x03, 0x69, 0x97, 0x96, 0x97, 0xAB, 0x43, 0x89, \ +- 0x77, 0x89, 0x56, 0x67, 0x89, 0x56, 0x7F, 0x78, \ +- 0x7A, 0x78, 0x76, 0xA6, 0x54 +-#define EC_PARAM_sect163r1_y \ +- 0x00, 0x43, 0x5E, 0xDB, 0x42, 0xEF, 0xAF, 0xB2, \ +- 0x98, 0x9D, 0x51, 0xFE, 0xFC, 0xE3, 0xC8, 0x09, \ +- 0x88, 0xF4, 0x1F, 0xF8, 0x83 +-#define EC_PARAM_sect163r1_order \ +- 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0x48, 0xAA, 0xB6, 0x89, 0xC2, \ +- 0x9C, 0xA7, 0x10, 0x27, 0x9B +-#endif +- +-#if 0 +-/* sect163r2 : NIST/SECG curve over a 163 bit binary field */ +-#define EC_PARAM_sect163r2_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0xC9 +-#define EC_PARAM_sect163r2_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect163r2_b \ +- 0x02, 0x0A, 0x60, 0x19, 0x07, 0xB8, 0xC9, 0x53, \ +- 0xCA, 0x14, 0x81, 0xEB, 0x10, 0x51, 0x2F, 0x78, \ +- 0x74, 0x4A, 0x32, 0x05, 0xFD +-#define EC_PARAM_sect163r2_x \ +- 0x03, 0xF0, 0xEB, 0xA1, 0x62, 0x86, 0xA2, 0xD5, \ +- 0x7E, 0xA0, 0x99, 0x11, 0x68, 0xD4, 0x99, 0x46, \ +- 0x37, 0xE8, 0x34, 0x3E, 0x36 +-#define EC_PARAM_sect163r2_y \ +- 0x00, 0xD5, 0x1F, 0xBC, 0x6C, 0x71, 0xA0, 0x09, \ +- 0x4F, 0xA2, 0xCD, 0xD5, 0x45, 0xB1, 0x1C, 0x5C, \ +- 0x0C, 0x79, 0x73, 0x24, 0xF1 +-#define EC_PARAM_sect163r2_order \ +- 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x02, 0x92, 0xFE, 0x77, 0xE7, 0x0C, \ +- 0x12, 0xA4, 0x23, 0x4C, 0x33 +-#endif +- +-#if 0 +-/* sect193r1 : SECG curve over a 193 bit binary field */ +-#define EC_PARAM_sect193r1_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, \ +- 0x01 +-#define EC_PARAM_sect193r1_a \ +- 0x00, 0x17, 0x85, 0x8F, 0xEB, 0x7A, 0x98, 0x97, \ +- 0x51, 0x69, 0xE1, 0x71, 0xF7, 0x7B, 0x40, 0x87, \ +- 0xDE, 0x09, 0x8A, 0xC8, 0xA9, 0x11, 0xDF, 0x7B, \ +- 0x01 +-#define EC_PARAM_sect193r1_b \ +- 0x00, 0xFD, 0xFB, 0x49, 0xBF, 0xE6, 0xC3, 0xA8, \ +- 0x9F, 0xAC, 0xAD, 0xAA, 0x7A, 0x1E, 0x5B, 0xBC, \ +- 0x7C, 0xC1, 0xC2, 0xE5, 0xD8, 0x31, 0x47, 0x88, \ +- 0x14 +-#define EC_PARAM_sect193r1_x \ +- 0x01, 0xF4, 0x81, 0xBC, 0x5F, 0x0F, 0xF8, 0x4A, \ +- 0x74, 0xAD, 0x6C, 0xDF, 0x6F, 0xDE, 0xF4, 0xBF, \ +- 0x61, 0x79, 0x62, 0x53, 0x72, 0xD8, 0xC0, 0xC5, \ +- 0xE1 +-#define EC_PARAM_sect193r1_y \ +- 0x00, 0x25, 0xE3, 0x99, 0xF2, 0x90, 0x37, 0x12, \ +- 0xCC, 0xF3, 0xEA, 0x9E, 0x3A, 0x1A, 0xD1, 0x7F, \ +- 0xB0, 0xB3, 0x20, 0x1B, 0x6A, 0xF7, 0xCE, 0x1B, \ +- 0x05 +-#define EC_PARAM_sect193r1_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0xC7, 0xF3, 0x4A, \ +- 0x77, 0x8F, 0x44, 0x3A, 0xCC, 0x92, 0x0E, 0xBA, \ +- 0x49 +-#endif +- +-#if 0 +-/* sect193r2 : SECG curve over a 193 bit binary field */ +-#define EC_PARAM_sect193r2_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, \ +- 0x01 +-#define EC_PARAM_sect193r2_a \ +- 0x01, 0x63, 0xF3, 0x5A, 0x51, 0x37, 0xC2, 0xCE, \ +- 0x3E, 0xA6, 0xED, 0x86, 0x67, 0x19, 0x0B, 0x0B, \ +- 0xC4, 0x3E, 0xCD, 0x69, 0x97, 0x77, 0x02, 0x70, \ +- 0x9B +-#define EC_PARAM_sect193r2_b \ +- 0x00, 0xC9, 0xBB, 0x9E, 0x89, 0x27, 0xD4, 0xD6, \ +- 0x4C, 0x37, 0x7E, 0x2A, 0xB2, 0x85, 0x6A, 0x5B, \ +- 0x16, 0xE3, 0xEF, 0xB7, 0xF6, 0x1D, 0x43, 0x16, \ +- 0xAE +-#define EC_PARAM_sect193r2_x \ +- 0x00, 0xD9, 0xB6, 0x7D, 0x19, 0x2E, 0x03, 0x67, \ +- 0xC8, 0x03, 0xF3, 0x9E, 0x1A, 0x7E, 0x82, 0xCA, \ +- 0x14, 0xA6, 0x51, 0x35, 0x0A, 0xAE, 0x61, 0x7E, \ +- 0x8F +-#define EC_PARAM_sect193r2_y \ +- 0x01, 0xCE, 0x94, 0x33, 0x56, 0x07, 0xC3, 0x04, \ +- 0xAC, 0x29, 0xE7, 0xDE, 0xFB, 0xD9, 0xCA, 0x01, \ +- 0xF5, 0x96, 0xF9, 0x27, 0x22, 0x4C, 0xDE, 0xCF, \ +- 0x6C +-#define EC_PARAM_sect193r2_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x01, 0x5A, 0xAB, 0x56, \ +- 0x1B, 0x00, 0x54, 0x13, 0xCC, 0xD4, 0xEE, 0x99, \ +- 0xD5 +-#endif +- +-#if 0 +-/* sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field */ +-#define EC_PARAM_sect233k1_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect233k1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_sect233k1_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect233k1_x \ +- 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, \ +- 0x1A, 0xF1, 0x29, 0xF2, 0x2F, 0xF4, 0x14, 0x95, \ +- 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C, \ +- 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26 +-#define EC_PARAM_sect233k1_y \ +- 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, \ +- 0xF7, 0x0F, 0x55, 0x5A, 0x67, 0xC4, 0x27, 0xA8, \ +- 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0, \ +- 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3 +-#define EC_PARAM_sect233k1_order \ +- 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, \ +- 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, \ +- 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF +-#endif +- +-#if 0 +-/* sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field */ +-#define EC_PARAM_sect233r1_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect233r1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect233r1_b \ +- 0x00, 0x66, 0x64, 0x7E, 0xDE, 0x6C, 0x33, 0x2C, \ +- 0x7F, 0x8C, 0x09, 0x23, 0xBB, 0x58, 0x21, 0x3B, \ +- 0x33, 0x3B, 0x20, 0xE9, 0xCE, 0x42, 0x81, 0xFE, \ +- 0x11, 0x5F, 0x7D, 0x8F, 0x90, 0xAD +-#define EC_PARAM_sect233r1_x \ +- 0x00, 0xFA, 0xC9, 0xDF, 0xCB, 0xAC, 0x83, 0x13, \ +- 0xBB, 0x21, 0x39, 0xF1, 0xBB, 0x75, 0x5F, 0xEF, \ +- 0x65, 0xBC, 0x39, 0x1F, 0x8B, 0x36, 0xF8, 0xF8, \ +- 0xEB, 0x73, 0x71, 0xFD, 0x55, 0x8B +-#define EC_PARAM_sect233r1_y \ +- 0x01, 0x00, 0x6A, 0x08, 0xA4, 0x19, 0x03, 0x35, \ +- 0x06, 0x78, 0xE5, 0x85, 0x28, 0xBE, 0xBF, 0x8A, \ +- 0x0B, 0xEF, 0xF8, 0x67, 0xA7, 0xCA, 0x36, 0x71, \ +- 0x6F, 0x7E, 0x01, 0xF8, 0x10, 0x52 +-#define EC_PARAM_sect233r1_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, \ +- 0xE9, 0x74, 0xE7, 0x2F, 0x8A, 0x69, 0x22, 0x03, \ +- 0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7 +-#endif +- +-#if 0 +-/* sect239k1 : SECG curve over a 239 bit binary field */ +-#define EC_PARAM_sect239k1_prime \ +- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect239k1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_sect239k1_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect239k1_x \ +- 0x29, 0xA0, 0xB6, 0xA8, 0x87, 0xA9, 0x83, 0xE9, \ +- 0x73, 0x09, 0x88, 0xA6, 0x87, 0x27, 0xA8, 0xB2, \ +- 0xD1, 0x26, 0xC4, 0x4C, 0xC2, 0xCC, 0x7B, 0x2A, \ +- 0x65, 0x55, 0x19, 0x30, 0x35, 0xDC +-#define EC_PARAM_sect239k1_y \ +- 0x76, 0x31, 0x08, 0x04, 0xF1, 0x2E, 0x54, 0x9B, \ +- 0xDB, 0x01, 0x1C, 0x10, 0x30, 0x89, 0xE7, 0x35, \ +- 0x10, 0xAC, 0xB2, 0x75, 0xFC, 0x31, 0x2A, 0x5D, \ +- 0xC6, 0xB7, 0x65, 0x53, 0xF0, 0xCA +-#define EC_PARAM_sect239k1_order \ +- 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5A, \ +- 0x79, 0xFE, 0xC6, 0x7C, 0xB6, 0xE9, 0x1F, 0x1C, \ +- 0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5 +-#endif +- +-#if 0 +-/* sect283k1 : NIST/SECG curve over a 283 bit binary field */ +-#define EC_PARAM_sect283k1_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x10, 0xA1 +-#define EC_PARAM_sect283k1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_sect283k1_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect283k1_x \ +- 0x05, 0x03, 0x21, 0x3F, 0x78, 0xCA, 0x44, 0x88, \ +- 0x3F, 0x1A, 0x3B, 0x81, 0x62, 0xF1, 0x88, 0xE5, \ +- 0x53, 0xCD, 0x26, 0x5F, 0x23, 0xC1, 0x56, 0x7A, \ +- 0x16, 0x87, 0x69, 0x13, 0xB0, 0xC2, 0xAC, 0x24, \ +- 0x58, 0x49, 0x28, 0x36 +-#define EC_PARAM_sect283k1_y \ +- 0x01, 0xCC, 0xDA, 0x38, 0x0F, 0x1C, 0x9E, 0x31, \ +- 0x8D, 0x90, 0xF9, 0x5D, 0x07, 0xE5, 0x42, 0x6F, \ +- 0xE8, 0x7E, 0x45, 0xC0, 0xE8, 0x18, 0x46, 0x98, \ +- 0xE4, 0x59, 0x62, 0x36, 0x4E, 0x34, 0x11, 0x61, \ +- 0x77, 0xDD, 0x22, 0x59 +-#define EC_PARAM_sect283k1_order \ +- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xE9, 0xAE, 0x2E, 0xD0, 0x75, 0x77, \ +- 0x26, 0x5D, 0xFF, 0x7F, 0x94, 0x45, 0x1E, 0x06, \ +- 0x1E, 0x16, 0x3C, 0x61 +-#endif +- +-#if 0 +-/* sect283r1 : NIST/SECG curve over a 283 bit binary field */ +-#define EC_PARAM_sect283r1_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x10, 0xA1 +-#define EC_PARAM_sect283r1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect283r1_b \ +- 0x02, 0x7B, 0x68, 0x0A, 0xC8, 0xB8, 0x59, 0x6D, \ +- 0xA5, 0xA4, 0xAF, 0x8A, 0x19, 0xA0, 0x30, 0x3F, \ +- 0xCA, 0x97, 0xFD, 0x76, 0x45, 0x30, 0x9F, 0xA2, \ +- 0xA5, 0x81, 0x48, 0x5A, 0xF6, 0x26, 0x3E, 0x31, \ +- 0x3B, 0x79, 0xA2, 0xF5 +-#define EC_PARAM_sect283r1_x \ +- 0x05, 0xF9, 0x39, 0x25, 0x8D, 0xB7, 0xDD, 0x90, \ +- 0xE1, 0x93, 0x4F, 0x8C, 0x70, 0xB0, 0xDF, 0xEC, \ +- 0x2E, 0xED, 0x25, 0xB8, 0x55, 0x7E, 0xAC, 0x9C, \ +- 0x80, 0xE2, 0xE1, 0x98, 0xF8, 0xCD, 0xBE, 0xCD, \ +- 0x86, 0xB1, 0x20, 0x53 +-#define EC_PARAM_sect283r1_y \ +- 0x03, 0x67, 0x68, 0x54, 0xFE, 0x24, 0x14, 0x1C, \ +- 0xB9, 0x8F, 0xE6, 0xD4, 0xB2, 0x0D, 0x02, 0xB4, \ +- 0x51, 0x6F, 0xF7, 0x02, 0x35, 0x0E, 0xDD, 0xB0, \ +- 0x82, 0x67, 0x79, 0xC8, 0x13, 0xF0, 0xDF, 0x45, \ +- 0xBE, 0x81, 0x12, 0xF4 +-#define EC_PARAM_sect283r1_order \ +- 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xEF, 0x90, 0x39, 0x96, 0x60, 0xFC, \ +- 0x93, 0x8A, 0x90, 0x16, 0x5B, 0x04, 0x2A, 0x7C, \ +- 0xEF, 0xAD, 0xB3, 0x07 +-#endif +- +-#if 0 +-/* sect409k1 : NIST/SECG curve over a 409 bit binary field */ +-#define EC_PARAM_sect409k1_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect409k1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_sect409k1_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect409k1_x \ +- 0x00, 0x60, 0xF0, 0x5F, 0x65, 0x8F, 0x49, 0xC1, \ +- 0xAD, 0x3A, 0xB1, 0x89, 0x0F, 0x71, 0x84, 0x21, \ +- 0x0E, 0xFD, 0x09, 0x87, 0xE3, 0x07, 0xC8, 0x4C, \ +- 0x27, 0xAC, 0xCF, 0xB8, 0xF9, 0xF6, 0x7C, 0xC2, \ +- 0xC4, 0x60, 0x18, 0x9E, 0xB5, 0xAA, 0xAA, 0x62, \ +- 0xEE, 0x22, 0x2E, 0xB1, 0xB3, 0x55, 0x40, 0xCF, \ +- 0xE9, 0x02, 0x37, 0x46 +-#define EC_PARAM_sect409k1_y \ +- 0x01, 0xE3, 0x69, 0x05, 0x0B, 0x7C, 0x4E, 0x42, \ +- 0xAC, 0xBA, 0x1D, 0xAC, 0xBF, 0x04, 0x29, 0x9C, \ +- 0x34, 0x60, 0x78, 0x2F, 0x91, 0x8E, 0xA4, 0x27, \ +- 0xE6, 0x32, 0x51, 0x65, 0xE9, 0xEA, 0x10, 0xE3, \ +- 0xDA, 0x5F, 0x6C, 0x42, 0xE9, 0xC5, 0x52, 0x15, \ +- 0xAA, 0x9C, 0xA2, 0x7A, 0x58, 0x63, 0xEC, 0x48, \ +- 0xD8, 0xE0, 0x28, 0x6B +-#define EC_PARAM_sect409k1_order \ +- 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFE, 0x5F, 0x83, 0xB2, 0xD4, 0xEA, \ +- 0x20, 0x40, 0x0E, 0xC4, 0x55, 0x7D, 0x5E, 0xD3, \ +- 0xE3, 0xE7, 0xCA, 0x5B, 0x4B, 0x5C, 0x83, 0xB8, \ +- 0xE0, 0x1E, 0x5F, 0xCF +-#endif +- +-#if 0 +-/* sect409r1 : NIST/SECG curve over a 409 bit binary field */ +-#define EC_PARAM_sect409r1_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect409r1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect409r1_b \ +- 0x00, 0x21, 0xA5, 0xC2, 0xC8, 0xEE, 0x9F, 0xEB, \ +- 0x5C, 0x4B, 0x9A, 0x75, 0x3B, 0x7B, 0x47, 0x6B, \ +- 0x7F, 0xD6, 0x42, 0x2E, 0xF1, 0xF3, 0xDD, 0x67, \ +- 0x47, 0x61, 0xFA, 0x99, 0xD6, 0xAC, 0x27, 0xC8, \ +- 0xA9, 0xA1, 0x97, 0xB2, 0x72, 0x82, 0x2F, 0x6C, \ +- 0xD5, 0x7A, 0x55, 0xAA, 0x4F, 0x50, 0xAE, 0x31, \ +- 0x7B, 0x13, 0x54, 0x5F +-#define EC_PARAM_sect409r1_x \ +- 0x01, 0x5D, 0x48, 0x60, 0xD0, 0x88, 0xDD, 0xB3, \ +- 0x49, 0x6B, 0x0C, 0x60, 0x64, 0x75, 0x62, 0x60, \ +- 0x44, 0x1C, 0xDE, 0x4A, 0xF1, 0x77, 0x1D, 0x4D, \ +- 0xB0, 0x1F, 0xFE, 0x5B, 0x34, 0xE5, 0x97, 0x03, \ +- 0xDC, 0x25, 0x5A, 0x86, 0x8A, 0x11, 0x80, 0x51, \ +- 0x56, 0x03, 0xAE, 0xAB, 0x60, 0x79, 0x4E, 0x54, \ +- 0xBB, 0x79, 0x96, 0xA7 +-#define EC_PARAM_sect409r1_y \ +- 0x00, 0x61, 0xB1, 0xCF, 0xAB, 0x6B, 0xE5, 0xF3, \ +- 0x2B, 0xBF, 0xA7, 0x83, 0x24, 0xED, 0x10, 0x6A, \ +- 0x76, 0x36, 0xB9, 0xC5, 0xA7, 0xBD, 0x19, 0x8D, \ +- 0x01, 0x58, 0xAA, 0x4F, 0x54, 0x88, 0xD0, 0x8F, \ +- 0x38, 0x51, 0x4F, 0x1F, 0xDF, 0x4B, 0x4F, 0x40, \ +- 0xD2, 0x18, 0x1B, 0x36, 0x81, 0xC3, 0x64, 0xBA, \ +- 0x02, 0x73, 0xC7, 0x06 +-#define EC_PARAM_sect409r1_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x01, 0xE2, 0xAA, 0xD6, 0xA6, 0x12, \ +- 0xF3, 0x33, 0x07, 0xBE, 0x5F, 0xA4, 0x7C, 0x3C, \ +- 0x9E, 0x05, 0x2F, 0x83, 0x81, 0x64, 0xCD, 0x37, \ +- 0xD9, 0xA2, 0x11, 0x73 +-#endif +- +-#if 0 +-/* sect571k1 : NIST/SECG curve over a 571 bit binary field */ +-#define EC_PARAM_sect571k1_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25 +-#define EC_PARAM_sect571k1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_sect571k1_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect571k1_x \ +- 0x02, 0x6E, 0xB7, 0xA8, 0x59, 0x92, 0x3F, 0xBC, \ +- 0x82, 0x18, 0x96, 0x31, 0xF8, 0x10, 0x3F, 0xE4, \ +- 0xAC, 0x9C, 0xA2, 0x97, 0x00, 0x12, 0xD5, 0xD4, \ +- 0x60, 0x24, 0x80, 0x48, 0x01, 0x84, 0x1C, 0xA4, \ +- 0x43, 0x70, 0x95, 0x84, 0x93, 0xB2, 0x05, 0xE6, \ +- 0x47, 0xDA, 0x30, 0x4D, 0xB4, 0xCE, 0xB0, 0x8C, \ +- 0xBB, 0xD1, 0xBA, 0x39, 0x49, 0x47, 0x76, 0xFB, \ +- 0x98, 0x8B, 0x47, 0x17, 0x4D, 0xCA, 0x88, 0xC7, \ +- 0xE2, 0x94, 0x52, 0x83, 0xA0, 0x1C, 0x89, 0x72 +-#define EC_PARAM_sect571k1_y \ +- 0x03, 0x49, 0xDC, 0x80, 0x7F, 0x4F, 0xBF, 0x37, \ +- 0x4F, 0x4A, 0xEA, 0xDE, 0x3B, 0xCA, 0x95, 0x31, \ +- 0x4D, 0xD5, 0x8C, 0xEC, 0x9F, 0x30, 0x7A, 0x54, \ +- 0xFF, 0xC6, 0x1E, 0xFC, 0x00, 0x6D, 0x8A, 0x2C, \ +- 0x9D, 0x49, 0x79, 0xC0, 0xAC, 0x44, 0xAE, 0xA7, \ +- 0x4F, 0xBE, 0xBB, 0xB9, 0xF7, 0x72, 0xAE, 0xDC, \ +- 0xB6, 0x20, 0xB0, 0x1A, 0x7B, 0xA7, 0xAF, 0x1B, \ +- 0x32, 0x04, 0x30, 0xC8, 0x59, 0x19, 0x84, 0xF6, \ +- 0x01, 0xCD, 0x4C, 0x14, 0x3E, 0xF1, 0xC7, 0xA3 +-#define EC_PARAM_sect571k1_order \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x13, 0x18, 0x50, 0xE1, \ +- 0xF1, 0x9A, 0x63, 0xE4, 0xB3, 0x91, 0xA8, 0xDB, \ +- 0x91, 0x7F, 0x41, 0x38, 0xB6, 0x30, 0xD8, 0x4B, \ +- 0xE5, 0xD6, 0x39, 0x38, 0x1E, 0x91, 0xDE, 0xB4, \ +- 0x5C, 0xFE, 0x77, 0x8F, 0x63, 0x7C, 0x10, 0x01 +-#endif +- +-#if 0 +-/* sect571r1 : NIST/SECG curve over a 571 bit binary field */ +-#define EC_PARAM_sect571r1_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25 +-#define EC_PARAM_sect571r1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_sect571r1_b \ +- 0x02, 0xF4, 0x0E, 0x7E, 0x22, 0x21, 0xF2, 0x95, \ +- 0xDE, 0x29, 0x71, 0x17, 0xB7, 0xF3, 0xD6, 0x2F, \ +- 0x5C, 0x6A, 0x97, 0xFF, 0xCB, 0x8C, 0xEF, 0xF1, \ +- 0xCD, 0x6B, 0xA8, 0xCE, 0x4A, 0x9A, 0x18, 0xAD, \ +- 0x84, 0xFF, 0xAB, 0xBD, 0x8E, 0xFA, 0x59, 0x33, \ +- 0x2B, 0xE7, 0xAD, 0x67, 0x56, 0xA6, 0x6E, 0x29, \ +- 0x4A, 0xFD, 0x18, 0x5A, 0x78, 0xFF, 0x12, 0xAA, \ +- 0x52, 0x0E, 0x4D, 0xE7, 0x39, 0xBA, 0xCA, 0x0C, \ +- 0x7F, 0xFE, 0xFF, 0x7F, 0x29, 0x55, 0x72, 0x7A +-#define EC_PARAM_sect571r1_x \ +- 0x03, 0x03, 0x00, 0x1D, 0x34, 0xB8, 0x56, 0x29, \ +- 0x6C, 0x16, 0xC0, 0xD4, 0x0D, 0x3C, 0xD7, 0x75, \ +- 0x0A, 0x93, 0xD1, 0xD2, 0x95, 0x5F, 0xA8, 0x0A, \ +- 0xA5, 0xF4, 0x0F, 0xC8, 0xDB, 0x7B, 0x2A, 0xBD, \ +- 0xBD, 0xE5, 0x39, 0x50, 0xF4, 0xC0, 0xD2, 0x93, \ +- 0xCD, 0xD7, 0x11, 0xA3, 0x5B, 0x67, 0xFB, 0x14, \ +- 0x99, 0xAE, 0x60, 0x03, 0x86, 0x14, 0xF1, 0x39, \ +- 0x4A, 0xBF, 0xA3, 0xB4, 0xC8, 0x50, 0xD9, 0x27, \ +- 0xE1, 0xE7, 0x76, 0x9C, 0x8E, 0xEC, 0x2D, 0x19 +-#define EC_PARAM_sect571r1_y \ +- 0x03, 0x7B, 0xF2, 0x73, 0x42, 0xDA, 0x63, 0x9B, \ +- 0x6D, 0xCC, 0xFF, 0xFE, 0xB7, 0x3D, 0x69, 0xD7, \ +- 0x8C, 0x6C, 0x27, 0xA6, 0x00, 0x9C, 0xBB, 0xCA, \ +- 0x19, 0x80, 0xF8, 0x53, 0x39, 0x21, 0xE8, 0xA6, \ +- 0x84, 0x42, 0x3E, 0x43, 0xBA, 0xB0, 0x8A, 0x57, \ +- 0x62, 0x91, 0xAF, 0x8F, 0x46, 0x1B, 0xB2, 0xA8, \ +- 0xB3, 0x53, 0x1D, 0x2F, 0x04, 0x85, 0xC1, 0x9B, \ +- 0x16, 0xE2, 0xF1, 0x51, 0x6E, 0x23, 0xDD, 0x3C, \ +- 0x1A, 0x48, 0x27, 0xAF, 0x1B, 0x8A, 0xC1, 0x5B +-#define EC_PARAM_sect571r1_order \ +- 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xE6, 0x61, 0xCE, 0x18, \ +- 0xFF, 0x55, 0x98, 0x73, 0x08, 0x05, 0x9B, 0x18, \ +- 0x68, 0x23, 0x85, 0x1E, 0xC7, 0xDD, 0x9C, 0xA1, \ +- 0x16, 0x1D, 0xE9, 0x3D, 0x51, 0x74, 0xD6, 0x6E, \ +- 0x83, 0x82, 0xE9, 0xBB, 0x2F, 0xE8, 0x4E, 0x47 +-#endif +- +-#if 0 +-/* c2pnb163v1 : X9.62 curve over a 163 bit binary field */ +-#define EC_PARAM_c2pnb163v1_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01, 0x07 +-#define EC_PARAM_c2pnb163v1_a \ +- 0x07, 0x25, 0x46, 0xB5, 0x43, 0x52, 0x34, 0xA4, \ +- 0x22, 0xE0, 0x78, 0x96, 0x75, 0xF4, 0x32, 0xC8, \ +- 0x94, 0x35, 0xDE, 0x52, 0x42 +-#define EC_PARAM_c2pnb163v1_b \ +- 0x00, 0xC9, 0x51, 0x7D, 0x06, 0xD5, 0x24, 0x0D, \ +- 0x3C, 0xFF, 0x38, 0xC7, 0x4B, 0x20, 0xB6, 0xCD, \ +- 0x4D, 0x6F, 0x9D, 0xD4, 0xD9 +-#define EC_PARAM_c2pnb163v1_x \ +- 0x07, 0xAF, 0x69, 0x98, 0x95, 0x46, 0x10, 0x3D, \ +- 0x79, 0x32, 0x9F, 0xCC, 0x3D, 0x74, 0x88, 0x0F, \ +- 0x33, 0xBB, 0xE8, 0x03, 0xCB +-#define EC_PARAM_c2pnb163v1_y \ +- 0x01, 0xEC, 0x23, 0x21, 0x1B, 0x59, 0x66, 0xAD, \ +- 0xEA, 0x1D, 0x3F, 0x87, 0xF7, 0xEA, 0x58, 0x48, \ +- 0xAE, 0xF0, 0xB7, 0xCA, 0x9F +-#define EC_PARAM_c2pnb163v1_order \ +- 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x01, 0xE6, 0x0F, 0xC8, 0x82, 0x1C, \ +- 0xC7, 0x4D, 0xAE, 0xAF, 0xC1 +-#endif +- +-#if 0 +-/* c2pnb163v2 : X9.62 curve over a 163 bit binary field */ +-#define EC_PARAM_c2pnb163v2_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01, 0x07 +-#define EC_PARAM_c2pnb163v2_a \ +- 0x01, 0x08, 0xB3, 0x9E, 0x77, 0xC4, 0xB1, 0x08, \ +- 0xBE, 0xD9, 0x81, 0xED, 0x0E, 0x89, 0x0E, 0x11, \ +- 0x7C, 0x51, 0x1C, 0xF0, 0x72 +-#define EC_PARAM_c2pnb163v2_b \ +- 0x06, 0x67, 0xAC, 0xEB, 0x38, 0xAF, 0x4E, 0x48, \ +- 0x8C, 0x40, 0x74, 0x33, 0xFF, 0xAE, 0x4F, 0x1C, \ +- 0x81, 0x16, 0x38, 0xDF, 0x20 +-#define EC_PARAM_c2pnb163v2_x \ +- 0x00, 0x24, 0x26, 0x6E, 0x4E, 0xB5, 0x10, 0x6D, \ +- 0x0A, 0x96, 0x4D, 0x92, 0xC4, 0x86, 0x0E, 0x26, \ +- 0x71, 0xDB, 0x9B, 0x6C, 0xC5 +-#define EC_PARAM_c2pnb163v2_y \ +- 0x07, 0x9F, 0x68, 0x4D, 0xDF, 0x66, 0x84, 0xC5, \ +- 0xCD, 0x25, 0x8B, 0x38, 0x90, 0x02, 0x1B, 0x23, \ +- 0x86, 0xDF, 0xD1, 0x9F, 0xC5 +-#define EC_PARAM_c2pnb163v2_order \ +- 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFD, 0xF6, 0x4D, 0xE1, 0x15, 0x1A, \ +- 0xDB, 0xB7, 0x8F, 0x10, 0xA7 +-#endif +- +-#if 0 +-/* c2pnb163v3 : X9.62 curve over a 163 bit binary field */ +-#define EC_PARAM_c2pnb163v3_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01, 0x07 +-#define EC_PARAM_c2pnb163v3_a \ +- 0x07, 0xA5, 0x26, 0xC6, 0x3D, 0x3E, 0x25, 0xA2, \ +- 0x56, 0xA0, 0x07, 0x69, 0x9F, 0x54, 0x47, 0xE3, \ +- 0x2A, 0xE4, 0x56, 0xB5, 0x0E +-#define EC_PARAM_c2pnb163v3_b \ +- 0x03, 0xF7, 0x06, 0x17, 0x98, 0xEB, 0x99, 0xE2, \ +- 0x38, 0xFD, 0x6F, 0x1B, 0xF9, 0x5B, 0x48, 0xFE, \ +- 0xEB, 0x48, 0x54, 0x25, 0x2B +-#define EC_PARAM_c2pnb163v3_x \ +- 0x02, 0xF9, 0xF8, 0x7B, 0x7C, 0x57, 0x4D, 0x0B, \ +- 0xDE, 0xCF, 0x8A, 0x22, 0xE6, 0x52, 0x47, 0x75, \ +- 0xF9, 0x8C, 0xDE, 0xBD, 0xCB +-#define EC_PARAM_c2pnb163v3_y \ +- 0x05, 0xB9, 0x35, 0x59, 0x0C, 0x15, 0x5E, 0x17, \ +- 0xEA, 0x48, 0xEB, 0x3F, 0xF3, 0x71, 0x8B, 0x89, \ +- 0x3D, 0xF5, 0x9A, 0x05, 0xD0 +-#define EC_PARAM_c2pnb163v3_order \ +- 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFE, 0x1A, 0xEE, 0x14, 0x0F, 0x11, \ +- 0x0A, 0xFF, 0x96, 0x13, 0x09 +-#endif +- +-#if 0 +-/* c2pnb176v1 : X9.62 curve over a 176 bit binary field */ +-#define EC_PARAM_c2pnb176v1_prime \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x07 +-#define EC_PARAM_c2pnb176v1_a \ +- 0x00, 0xE4, 0xE6, 0xDB, 0x29, 0x95, 0x06, 0x5C, \ +- 0x40, 0x7D, 0x9D, 0x39, 0xB8, 0xD0, 0x96, 0x7B, \ +- 0x96, 0x70, 0x4B, 0xA8, 0xE9, 0xC9, 0x0B +-#define EC_PARAM_c2pnb176v1_b \ +- 0x00, 0x5D, 0xDA, 0x47, 0x0A, 0xBE, 0x64, 0x14, \ +- 0xDE, 0x8E, 0xC1, 0x33, 0xAE, 0x28, 0xE9, 0xBB, \ +- 0xD7, 0xFC, 0xEC, 0x0A, 0xE0, 0xFF, 0xF2 +-#define EC_PARAM_c2pnb176v1_x \ +- 0x00, 0x8D, 0x16, 0xC2, 0x86, 0x67, 0x98, 0xB6, \ +- 0x00, 0xF9, 0xF0, 0x8B, 0xB4, 0xA8, 0xE8, 0x60, \ +- 0xF3, 0x29, 0x8C, 0xE0, 0x4A, 0x57, 0x98 +-#define EC_PARAM_c2pnb176v1_y \ +- 0x00, 0x6F, 0xA4, 0x53, 0x9C, 0x2D, 0xAD, 0xDD, \ +- 0xD6, 0xBA, 0xB5, 0x16, 0x7D, 0x61, 0xB4, 0x36, \ +- 0xE1, 0xD9, 0x2B, 0xB1, 0x6A, 0x56, 0x2C +-#define EC_PARAM_c2pnb176v1_order \ +- 0x00, 0x00, 0x01, 0x00, 0x92, 0x53, 0x73, 0x97, \ +- 0xEC, 0xA4, 0xF6, 0x14, 0x57, 0x99, 0xD6, 0x2B, \ +- 0x0A, 0x19, 0xCE, 0x06, 0xFE, 0x26, 0xAD +-#endif +- +-#if 0 +-/* c2tnb191v1 : X9.62 curve over a 191 bit binary field */ +-#define EC_PARAM_c2tnb191v1_prime \ +- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 +-#define EC_PARAM_c2tnb191v1_a \ +- 0x28, 0x66, 0x53, 0x7B, 0x67, 0x67, 0x52, 0x63, \ +- 0x6A, 0x68, 0xF5, 0x65, 0x54, 0xE1, 0x26, 0x40, \ +- 0x27, 0x6B, 0x64, 0x9E, 0xF7, 0x52, 0x62, 0x67 +-#define EC_PARAM_c2tnb191v1_b \ +- 0x2E, 0x45, 0xEF, 0x57, 0x1F, 0x00, 0x78, 0x6F, \ +- 0x67, 0xB0, 0x08, 0x1B, 0x94, 0x95, 0xA3, 0xD9, \ +- 0x54, 0x62, 0xF5, 0xDE, 0x0A, 0xA1, 0x85, 0xEC +-#define EC_PARAM_c2tnb191v1_x \ +- 0x36, 0xB3, 0xDA, 0xF8, 0xA2, 0x32, 0x06, 0xF9, \ +- 0xC4, 0xF2, 0x99, 0xD7, 0xB2, 0x1A, 0x9C, 0x36, \ +- 0x91, 0x37, 0xF2, 0xC8, 0x4A, 0xE1, 0xAA, 0x0D +-#define EC_PARAM_c2tnb191v1_y \ +- 0x76, 0x5B, 0xE7, 0x34, 0x33, 0xB3, 0xF9, 0x5E, \ +- 0x33, 0x29, 0x32, 0xE7, 0x0E, 0xA2, 0x45, 0xCA, \ +- 0x24, 0x18, 0xEA, 0x0E, 0xF9, 0x80, 0x18, 0xFB +-#define EC_PARAM_c2tnb191v1_order \ +- 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x04, 0xA2, 0x0E, 0x90, \ +- 0xC3, 0x90, 0x67, 0xC8, 0x93, 0xBB, 0xB9, 0xA5 +-#endif +- +-#if 0 +-/* c2tnb191v2 : X9.62 curve over a 191 bit binary field */ +-#define EC_PARAM_c2tnb191v2_prime \ +- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 +-#define EC_PARAM_c2tnb191v2_a \ +- 0x40, 0x10, 0x28, 0x77, 0x4D, 0x77, 0x77, 0xC7, \ +- 0xB7, 0x66, 0x6D, 0x13, 0x66, 0xEA, 0x43, 0x20, \ +- 0x71, 0x27, 0x4F, 0x89, 0xFF, 0x01, 0xE7, 0x18 +-#define EC_PARAM_c2tnb191v2_b \ +- 0x06, 0x20, 0x04, 0x8D, 0x28, 0xBC, 0xBD, 0x03, \ +- 0xB6, 0x24, 0x9C, 0x99, 0x18, 0x2B, 0x7C, 0x8C, \ +- 0xD1, 0x97, 0x00, 0xC3, 0x62, 0xC4, 0x6A, 0x01 +-#define EC_PARAM_c2tnb191v2_x \ +- 0x38, 0x09, 0xB2, 0xB7, 0xCC, 0x1B, 0x28, 0xCC, \ +- 0x5A, 0x87, 0x92, 0x6A, 0xAD, 0x83, 0xFD, 0x28, \ +- 0x78, 0x9E, 0x81, 0xE2, 0xC9, 0xE3, 0xBF, 0x10 +-#define EC_PARAM_c2tnb191v2_y \ +- 0x17, 0x43, 0x43, 0x86, 0x62, 0x6D, 0x14, 0xF3, \ +- 0xDB, 0xF0, 0x17, 0x60, 0xD9, 0x21, 0x3A, 0x3E, \ +- 0x1C, 0xF3, 0x7A, 0xEC, 0x43, 0x7D, 0x66, 0x8A +-#define EC_PARAM_c2tnb191v2_order \ +- 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x50, 0x50, 0x8C, 0xB8, \ +- 0x9F, 0x65, 0x28, 0x24, 0xE0, 0x6B, 0x81, 0x73 +-#endif +- +-#if 0 +-/* c2tnb191v3 : X9.62 curve over a 191 bit binary field */ +-#define EC_PARAM_c2tnb191v3_prime \ +- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 +-#define EC_PARAM_c2tnb191v3_a \ +- 0x6C, 0x01, 0x07, 0x47, 0x56, 0x09, 0x91, 0x22, \ +- 0x22, 0x10, 0x56, 0x91, 0x1C, 0x77, 0xD7, 0x7E, \ +- 0x77, 0xA7, 0x77, 0xE7, 0xE7, 0xE7, 0x7F, 0xCB +-#define EC_PARAM_c2tnb191v3_b \ +- 0x71, 0xFE, 0x1A, 0xF9, 0x26, 0xCF, 0x84, 0x79, \ +- 0x89, 0xEF, 0xEF, 0x8D, 0xB4, 0x59, 0xF6, 0x63, \ +- 0x94, 0xD9, 0x0F, 0x32, 0xAD, 0x3F, 0x15, 0xE8 +-#define EC_PARAM_c2tnb191v3_x \ +- 0x37, 0x5D, 0x4C, 0xE2, 0x4F, 0xDE, 0x43, 0x44, \ +- 0x89, 0xDE, 0x87, 0x46, 0xE7, 0x17, 0x86, 0x01, \ +- 0x50, 0x09, 0xE6, 0x6E, 0x38, 0xA9, 0x26, 0xDD +-#define EC_PARAM_c2tnb191v3_y \ +- 0x54, 0x5A, 0x39, 0x17, 0x61, 0x96, 0x57, 0x5D, \ +- 0x98, 0x59, 0x99, 0x36, 0x6E, 0x6A, 0xD3, 0x4C, \ +- 0xE0, 0xA7, 0x7C, 0xD7, 0x12, 0x7B, 0x06, 0xBE +-#define EC_PARAM_c2tnb191v3_order \ +- 0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, \ +- 0x55, 0x55, 0x55, 0x55, 0x61, 0x0C, 0x0B, 0x19, \ +- 0x68, 0x12, 0xBF, 0xB6, 0x28, 0x8A, 0x3E, 0xA3 +-#endif +- +-#if 0 +-/* c2pnb208w1 : X9.62 curve over a 208 bit binary field */ +-#define EC_PARAM_c2pnb208w1_prime \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x07 +-#define EC_PARAM_c2pnb208w1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00 +-#define EC_PARAM_c2pnb208w1_b \ +- 0x00, 0xC8, 0x61, 0x9E, 0xD4, 0x5A, 0x62, 0xE6, \ +- 0x21, 0x2E, 0x11, 0x60, 0x34, 0x9E, 0x2B, 0xFA, \ +- 0x84, 0x44, 0x39, 0xFA, 0xFC, 0x2A, 0x3F, 0xD1, \ +- 0x63, 0x8F, 0x9E +-#define EC_PARAM_c2pnb208w1_x \ +- 0x00, 0x89, 0xFD, 0xFB, 0xE4, 0xAB, 0xE1, 0x93, \ +- 0xDF, 0x95, 0x59, 0xEC, 0xF0, 0x7A, 0xC0, 0xCE, \ +- 0x78, 0x55, 0x4E, 0x27, 0x84, 0xEB, 0x8C, 0x1E, \ +- 0xD1, 0xA5, 0x7A +-#define EC_PARAM_c2pnb208w1_y \ +- 0x00, 0x0F, 0x55, 0xB5, 0x1A, 0x06, 0xE7, 0x8E, \ +- 0x9A, 0xC3, 0x8A, 0x03, 0x5F, 0xF5, 0x20, 0xD8, \ +- 0xB0, 0x17, 0x81, 0xBE, 0xB1, 0xA6, 0xBB, 0x08, \ +- 0x61, 0x7D, 0xE3 +-#define EC_PARAM_c2pnb208w1_order \ +- 0x00, 0x00, 0x01, 0x01, 0xBA, 0xF9, 0x5C, 0x97, \ +- 0x23, 0xC5, 0x7B, 0x6C, 0x21, 0xDA, 0x2E, 0xFF, \ +- 0x2D, 0x5E, 0xD5, 0x88, 0xBD, 0xD5, 0x71, 0x7E, \ +- 0x21, 0x2F, 0x9D +-#endif +- +-#if 0 +-/* c2tnb239v1 : X9.62 curve over a 239 bit binary field */ +-#define EC_PARAM_c2tnb239v1_prime \ +- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x10, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_c2tnb239v1_a \ +- 0x32, 0x01, 0x08, 0x57, 0x07, 0x7C, 0x54, 0x31, \ +- 0x12, 0x3A, 0x46, 0xB8, 0x08, 0x90, 0x67, 0x56, \ +- 0xF5, 0x43, 0x42, 0x3E, 0x8D, 0x27, 0x87, 0x75, \ +- 0x78, 0x12, 0x57, 0x78, 0xAC, 0x76 +-#define EC_PARAM_c2tnb239v1_b \ +- 0x79, 0x04, 0x08, 0xF2, 0xEE, 0xDA, 0xF3, 0x92, \ +- 0xB0, 0x12, 0xED, 0xEF, 0xB3, 0x39, 0x2F, 0x30, \ +- 0xF4, 0x32, 0x7C, 0x0C, 0xA3, 0xF3, 0x1F, 0xC3, \ +- 0x83, 0xC4, 0x22, 0xAA, 0x8C, 0x16 +-#define EC_PARAM_c2tnb239v1_x \ +- 0x57, 0x92, 0x70, 0x98, 0xFA, 0x93, 0x2E, 0x7C, \ +- 0x0A, 0x96, 0xD3, 0xFD, 0x5B, 0x70, 0x6E, 0xF7, \ +- 0xE5, 0xF5, 0xC1, 0x56, 0xE1, 0x6B, 0x7E, 0x7C, \ +- 0x86, 0x03, 0x85, 0x52, 0xE9, 0x1D +-#define EC_PARAM_c2tnb239v1_y \ +- 0x61, 0xD8, 0xEE, 0x50, 0x77, 0xC3, 0x3F, 0xEC, \ +- 0xF6, 0xF1, 0xA1, 0x6B, 0x26, 0x8D, 0xE4, 0x69, \ +- 0xC3, 0xC7, 0x74, 0x4E, 0xA9, 0xA9, 0x71, 0x64, \ +- 0x9F, 0xC7, 0xA9, 0x61, 0x63, 0x05 +-#define EC_PARAM_c2tnb239v1_order \ +- 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F, \ +- 0x4D, 0x42, 0xFF, 0xE1, 0x49, 0x2A, 0x49, 0x93, \ +- 0xF1, 0xCA, 0xD6, 0x66, 0xE4, 0x47 +-#endif +- +-#if 0 +-/* c2tnb239v2 : X9.62 curve over a 239 bit binary field */ +-#define EC_PARAM_c2tnb239v2_prime \ +- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x10, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_c2tnb239v2_a \ +- 0x42, 0x30, 0x01, 0x77, 0x57, 0xA7, 0x67, 0xFA, \ +- 0xE4, 0x23, 0x98, 0x56, 0x9B, 0x74, 0x63, 0x25, \ +- 0xD4, 0x53, 0x13, 0xAF, 0x07, 0x66, 0x26, 0x64, \ +- 0x79, 0xB7, 0x56, 0x54, 0xE6, 0x5F +-#define EC_PARAM_c2tnb239v2_b \ +- 0x50, 0x37, 0xEA, 0x65, 0x41, 0x96, 0xCF, 0xF0, \ +- 0xCD, 0x82, 0xB2, 0xC1, 0x4A, 0x2F, 0xCF, 0x2E, \ +- 0x3F, 0xF8, 0x77, 0x52, 0x85, 0xB5, 0x45, 0x72, \ +- 0x2F, 0x03, 0xEA, 0xCD, 0xB7, 0x4B +-#define EC_PARAM_c2tnb239v2_x \ +- 0x28, 0xF9, 0xD0, 0x4E, 0x90, 0x00, 0x69, 0xC8, \ +- 0xDC, 0x47, 0xA0, 0x85, 0x34, 0xFE, 0x76, 0xD2, \ +- 0xB9, 0x00, 0xB7, 0xD7, 0xEF, 0x31, 0xF5, 0x70, \ +- 0x9F, 0x20, 0x0C, 0x4C, 0xA2, 0x05 +-#define EC_PARAM_c2tnb239v2_y \ +- 0x56, 0x67, 0x33, 0x4C, 0x45, 0xAF, 0xF3, 0xB5, \ +- 0xA0, 0x3B, 0xAD, 0x9D, 0xD7, 0x5E, 0x2C, 0x71, \ +- 0xA9, 0x93, 0x62, 0x56, 0x7D, 0x54, 0x53, 0xF7, \ +- 0xFA, 0x6E, 0x22, 0x7E, 0xC8, 0x33 +-#define EC_PARAM_c2tnb239v2_order \ +- 0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, \ +- 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3C, \ +- 0x6F, 0x28, 0x85, 0x25, 0x9C, 0x31, 0xE3, 0xFC, \ +- 0xDF, 0x15, 0x46, 0x24, 0x52, 0x2D +-#endif +- +-#if 0 +-/* c2tnb239v3 : X9.62 curve over a 239 bit binary field */ +-#define EC_PARAM_c2tnb239v3_prime \ +- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x10, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_c2tnb239v3_a \ +- 0x01, 0x23, 0x87, 0x74, 0x66, 0x6A, 0x67, 0x76, \ +- 0x6D, 0x66, 0x76, 0xF7, 0x78, 0xE6, 0x76, 0xB6, \ +- 0x69, 0x99, 0x17, 0x66, 0x66, 0xE6, 0x87, 0x66, \ +- 0x6D, 0x87, 0x66, 0xC6, 0x6A, 0x9F +-#define EC_PARAM_c2tnb239v3_b \ +- 0x6A, 0x94, 0x19, 0x77, 0xBA, 0x9F, 0x6A, 0x43, \ +- 0x51, 0x99, 0xAC, 0xFC, 0x51, 0x06, 0x7E, 0xD5, \ +- 0x87, 0xF5, 0x19, 0xC5, 0xEC, 0xB5, 0x41, 0xB8, \ +- 0xE4, 0x41, 0x11, 0xDE, 0x1D, 0x40 +-#define EC_PARAM_c2tnb239v3_x \ +- 0x70, 0xF6, 0xE9, 0xD0, 0x4D, 0x28, 0x9C, 0x4E, \ +- 0x89, 0x91, 0x3C, 0xE3, 0x53, 0x0B, 0xFD, 0xE9, \ +- 0x03, 0x97, 0x7D, 0x42, 0xB1, 0x46, 0xD5, 0x39, \ +- 0xBF, 0x1B, 0xDE, 0x4E, 0x9C, 0x92 +-#define EC_PARAM_c2tnb239v3_y \ +- 0x2E, 0x5A, 0x0E, 0xAF, 0x6E, 0x5E, 0x13, 0x05, \ +- 0xB9, 0x00, 0x4D, 0xCE, 0x5C, 0x0E, 0xD7, 0xFE, \ +- 0x59, 0xA3, 0x56, 0x08, 0xF3, 0x38, 0x37, 0xC8, \ +- 0x16, 0xD8, 0x0B, 0x79, 0xF4, 0x61 +-#define EC_PARAM_c2tnb239v3_order \ +- 0x0C, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, \ +- 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xAC, \ +- 0x49, 0x12, 0xD2, 0xD9, 0xDF, 0x90, 0x3E, 0xF9, \ +- 0x88, 0x8B, 0x8A, 0x0E, 0x4C, 0xFF +-#endif +- +-#if 0 +-/* c2pnb272w1 : X9.62 curve over a 272 bit binary field */ +-#define EC_PARAM_c2pnb272w1_prime \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x0B +-#define EC_PARAM_c2pnb272w1_a \ +- 0x00, 0x91, 0xA0, 0x91, 0xF0, 0x3B, 0x5F, 0xBA, \ +- 0x4A, 0xB2, 0xCC, 0xF4, 0x9C, 0x4E, 0xDD, 0x22, \ +- 0x0F, 0xB0, 0x28, 0x71, 0x2D, 0x42, 0xBE, 0x75, \ +- 0x2B, 0x2C, 0x40, 0x09, 0x4D, 0xBA, 0xCD, 0xB5, \ +- 0x86, 0xFB, 0x20 +-#define EC_PARAM_c2pnb272w1_b \ +- 0x00, 0x71, 0x67, 0xEF, 0xC9, 0x2B, 0xB2, 0xE3, \ +- 0xCE, 0x7C, 0x8A, 0xAA, 0xFF, 0x34, 0xE1, 0x2A, \ +- 0x9C, 0x55, 0x70, 0x03, 0xD7, 0xC7, 0x3A, 0x6F, \ +- 0xAF, 0x00, 0x3F, 0x99, 0xF6, 0xCC, 0x84, 0x82, \ +- 0xE5, 0x40, 0xF7 +-#define EC_PARAM_c2pnb272w1_x \ +- 0x00, 0x61, 0x08, 0xBA, 0xBB, 0x2C, 0xEE, 0xBC, \ +- 0xF7, 0x87, 0x05, 0x8A, 0x05, 0x6C, 0xBE, 0x0C, \ +- 0xFE, 0x62, 0x2D, 0x77, 0x23, 0xA2, 0x89, 0xE0, \ +- 0x8A, 0x07, 0xAE, 0x13, 0xEF, 0x0D, 0x10, 0xD1, \ +- 0x71, 0xDD, 0x8D +-#define EC_PARAM_c2pnb272w1_y \ +- 0x00, 0x10, 0xC7, 0x69, 0x57, 0x16, 0x85, 0x1E, \ +- 0xEF, 0x6B, 0xA7, 0xF6, 0x87, 0x2E, 0x61, 0x42, \ +- 0xFB, 0xD2, 0x41, 0xB8, 0x30, 0xFF, 0x5E, 0xFC, \ +- 0xAC, 0xEC, 0xCA, 0xB0, 0x5E, 0x02, 0x00, 0x5D, \ +- 0xDE, 0x9D, 0x23 +-#define EC_PARAM_c2pnb272w1_order \ +- 0x00, 0x00, 0x01, 0x00, 0xFA, 0xF5, 0x13, 0x54, \ +- 0xE0, 0xE3, 0x9E, 0x48, 0x92, 0xDF, 0x6E, 0x31, \ +- 0x9C, 0x72, 0xC8, 0x16, 0x16, 0x03, 0xFA, 0x45, \ +- 0xAA, 0x7B, 0x99, 0x8A, 0x16, 0x7B, 0x8F, 0x1E, \ +- 0x62, 0x95, 0x21 +-#endif +- +-#if 0 +-/* c2pnb304w1 : X9.62 curve over a 304 bit binary field */ +-#define EC_PARAM_c2pnb304w1_prime \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x07 +-#define EC_PARAM_c2pnb304w1_a \ +- 0x00, 0xFD, 0x0D, 0x69, 0x31, 0x49, 0xA1, 0x18, \ +- 0xF6, 0x51, 0xE6, 0xDC, 0xE6, 0x80, 0x20, 0x85, \ +- 0x37, 0x7E, 0x5F, 0x88, 0x2D, 0x1B, 0x51, 0x0B, \ +- 0x44, 0x16, 0x00, 0x74, 0xC1, 0x28, 0x80, 0x78, \ +- 0x36, 0x5A, 0x03, 0x96, 0xC8, 0xE6, 0x81 +-#define EC_PARAM_c2pnb304w1_b \ +- 0x00, 0xBD, 0xDB, 0x97, 0xE5, 0x55, 0xA5, 0x0A, \ +- 0x90, 0x8E, 0x43, 0xB0, 0x1C, 0x79, 0x8E, 0xA5, \ +- 0xDA, 0xA6, 0x78, 0x8F, 0x1E, 0xA2, 0x79, 0x4E, \ +- 0xFC, 0xF5, 0x71, 0x66, 0xB8, 0xC1, 0x40, 0x39, \ +- 0x60, 0x1E, 0x55, 0x82, 0x73, 0x40, 0xBE +-#define EC_PARAM_c2pnb304w1_x \ +- 0x00, 0x19, 0x7B, 0x07, 0x84, 0x5E, 0x9B, 0xE2, \ +- 0xD9, 0x6A, 0xDB, 0x0F, 0x5F, 0x3C, 0x7F, 0x2C, \ +- 0xFF, 0xBD, 0x7A, 0x3E, 0xB8, 0xB6, 0xFE, 0xC3, \ +- 0x5C, 0x7F, 0xD6, 0x7F, 0x26, 0xDD, 0xF6, 0x28, \ +- 0x5A, 0x64, 0x4F, 0x74, 0x0A, 0x26, 0x14 +-#define EC_PARAM_c2pnb304w1_y \ +- 0x00, 0xE1, 0x9F, 0xBE, 0xB7, 0x6E, 0x0D, 0xA1, \ +- 0x71, 0x51, 0x7E, 0xCF, 0x40, 0x1B, 0x50, 0x28, \ +- 0x9B, 0xF0, 0x14, 0x10, 0x32, 0x88, 0x52, 0x7A, \ +- 0x9B, 0x41, 0x6A, 0x10, 0x5E, 0x80, 0x26, 0x0B, \ +- 0x54, 0x9F, 0xDC, 0x1B, 0x92, 0xC0, 0x3B +-#define EC_PARAM_c2pnb304w1_order \ +- 0x00, 0x00, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, \ +- 0xAB, 0xAC, 0x80, 0x01, 0x01, 0xD5, 0x56, 0x57, \ +- 0x2A, 0xAB, 0xAC, 0x80, 0x01, 0x02, 0x2D, 0x5C, \ +- 0x91, 0xDD, 0x17, 0x3F, 0x8F, 0xB5, 0x61, 0xDA, \ +- 0x68, 0x99, 0x16, 0x44, 0x43, 0x05, 0x1D +-#endif +- +-#if 0 +-/* c2tnb359v1 : X9.62 curve over a 359 bit binary field */ +-#define EC_PARAM_c2tnb359v1_prime \ +- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_c2tnb359v1_a \ +- 0x56, 0x67, 0x67, 0x6A, 0x65, 0x4B, 0x20, 0x75, \ +- 0x4F, 0x35, 0x6E, 0xA9, 0x20, 0x17, 0xD9, 0x46, \ +- 0x56, 0x7C, 0x46, 0x67, 0x55, 0x56, 0xF1, 0x95, \ +- 0x56, 0xA0, 0x46, 0x16, 0xB5, 0x67, 0xD2, 0x23, \ +- 0xA5, 0xE0, 0x56, 0x56, 0xFB, 0x54, 0x90, 0x16, \ +- 0xA9, 0x66, 0x56, 0xA5, 0x57 +-#define EC_PARAM_c2tnb359v1_b \ +- 0x24, 0x72, 0xE2, 0xD0, 0x19, 0x7C, 0x49, 0x36, \ +- 0x3F, 0x1F, 0xE7, 0xF5, 0xB6, 0xDB, 0x07, 0x5D, \ +- 0x52, 0xB6, 0x94, 0x7D, 0x13, 0x5D, 0x8C, 0xA4, \ +- 0x45, 0x80, 0x5D, 0x39, 0xBC, 0x34, 0x56, 0x26, \ +- 0x08, 0x96, 0x87, 0x74, 0x2B, 0x63, 0x29, 0xE7, \ +- 0x06, 0x80, 0x23, 0x19, 0x88 +-#define EC_PARAM_c2tnb359v1_x \ +- 0x3C, 0x25, 0x8E, 0xF3, 0x04, 0x77, 0x67, 0xE7, \ +- 0xED, 0xE0, 0xF1, 0xFD, 0xAA, 0x79, 0xDA, 0xEE, \ +- 0x38, 0x41, 0x36, 0x6A, 0x13, 0x2E, 0x16, 0x3A, \ +- 0xCE, 0xD4, 0xED, 0x24, 0x01, 0xDF, 0x9C, 0x6B, \ +- 0xDC, 0xDE, 0x98, 0xE8, 0xE7, 0x07, 0xC0, 0x7A, \ +- 0x22, 0x39, 0xB1, 0xB0, 0x97 +-#define EC_PARAM_c2tnb359v1_y \ +- 0x53, 0xD7, 0xE0, 0x85, 0x29, 0x54, 0x70, 0x48, \ +- 0x12, 0x1E, 0x9C, 0x95, 0xF3, 0x79, 0x1D, 0xD8, \ +- 0x04, 0x96, 0x39, 0x48, 0xF3, 0x4F, 0xAE, 0x7B, \ +- 0xF4, 0x4E, 0xA8, 0x23, 0x65, 0xDC, 0x78, 0x68, \ +- 0xFE, 0x57, 0xE4, 0xAE, 0x2D, 0xE2, 0x11, 0x30, \ +- 0x5A, 0x40, 0x71, 0x04, 0xBD +-#define EC_PARAM_c2tnb359v1_order \ +- 0x01, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, \ +- 0xBC, 0xA1, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, \ +- 0x86, 0xBC, 0xA1, 0xAF, 0x28, 0x6B, 0xC9, 0xFB, \ +- 0x8F, 0x6B, 0x85, 0xC5, 0x56, 0x89, 0x2C, 0x20, \ +- 0xA7, 0xEB, 0x96, 0x4F, 0xE7, 0x71, 0x9E, 0x74, \ +- 0xF4, 0x90, 0x75, 0x8D, 0x3B +-#endif +- +-#if 0 +-/* c2pnb368w1 : X9.62 curve over a 368 bit binary field */ +-#define EC_PARAM_c2pnb368w1_prime \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07 +-#define EC_PARAM_c2pnb368w1_a \ +- 0x00, 0xE0, 0xD2, 0xEE, 0x25, 0x09, 0x52, 0x06, \ +- 0xF5, 0xE2, 0xA4, 0xF9, 0xED, 0x22, 0x9F, 0x1F, \ +- 0x25, 0x6E, 0x79, 0xA0, 0xE2, 0xB4, 0x55, 0x97, \ +- 0x0D, 0x8D, 0x0D, 0x86, 0x5B, 0xD9, 0x47, 0x78, \ +- 0xC5, 0x76, 0xD6, 0x2F, 0x0A, 0xB7, 0x51, 0x9C, \ +- 0xCD, 0x2A, 0x1A, 0x90, 0x6A, 0xE3, 0x0D +-#define EC_PARAM_c2pnb368w1_b \ +- 0x00, 0xFC, 0x12, 0x17, 0xD4, 0x32, 0x0A, 0x90, \ +- 0x45, 0x2C, 0x76, 0x0A, 0x58, 0xED, 0xCD, 0x30, \ +- 0xC8, 0xDD, 0x06, 0x9B, 0x3C, 0x34, 0x45, 0x38, \ +- 0x37, 0xA3, 0x4E, 0xD5, 0x0C, 0xB5, 0x49, 0x17, \ +- 0xE1, 0xC2, 0x11, 0x2D, 0x84, 0xD1, 0x64, 0xF4, \ +- 0x44, 0xF8, 0xF7, 0x47, 0x86, 0x04, 0x6A +-#define EC_PARAM_c2pnb368w1_x \ +- 0x00, 0x10, 0x85, 0xE2, 0x75, 0x53, 0x81, 0xDC, \ +- 0xCC, 0xE3, 0xC1, 0x55, 0x7A, 0xFA, 0x10, 0xC2, \ +- 0xF0, 0xC0, 0xC2, 0x82, 0x56, 0x46, 0xC5, 0xB3, \ +- 0x4A, 0x39, 0x4C, 0xBC, 0xFA, 0x8B, 0xC1, 0x6B, \ +- 0x22, 0xE7, 0xE7, 0x89, 0xE9, 0x27, 0xBE, 0x21, \ +- 0x6F, 0x02, 0xE1, 0xFB, 0x13, 0x6A, 0x5F +-#define EC_PARAM_c2pnb368w1_y \ +- 0x00, 0x7B, 0x3E, 0xB1, 0xBD, 0xDC, 0xBA, 0x62, \ +- 0xD5, 0xD8, 0xB2, 0x05, 0x9B, 0x52, 0x57, 0x97, \ +- 0xFC, 0x73, 0x82, 0x2C, 0x59, 0x05, 0x9C, 0x62, \ +- 0x3A, 0x45, 0xFF, 0x38, 0x43, 0xCE, 0xE8, 0xF8, \ +- 0x7C, 0xD1, 0x85, 0x5A, 0xDA, 0xA8, 0x1E, 0x2A, \ +- 0x07, 0x50, 0xB8, 0x0F, 0xDA, 0x23, 0x10 +-#define EC_PARAM_c2pnb368w1_order \ +- 0x00, 0x00, 0x01, 0x00, 0x90, 0x51, 0x2D, 0xA9, \ +- 0xAF, 0x72, 0xB0, 0x83, 0x49, 0xD9, 0x8A, 0x5D, \ +- 0xD4, 0xC7, 0xB0, 0x53, 0x2E, 0xCA, 0x51, 0xCE, \ +- 0x03, 0xE2, 0xD1, 0x0F, 0x3B, 0x7A, 0xC5, 0x79, \ +- 0xBD, 0x87, 0xE9, 0x09, 0xAE, 0x40, 0xA6, 0xF1, \ +- 0x31, 0xE9, 0xCF, 0xCE, 0x5B, 0xD9, 0x67 +-#endif +- +-#if 0 +-/* c2tnb431r1 : X9.62 curve over a 431 bit binary field */ +-#define EC_PARAM_c2tnb431r1_prime \ +- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_c2tnb431r1_a \ +- 0x1A, 0x82, 0x7E, 0xF0, 0x0D, 0xD6, 0xFC, 0x0E, \ +- 0x23, 0x4C, 0xAF, 0x04, 0x6C, 0x6A, 0x5D, 0x8A, \ +- 0x85, 0x39, 0x5B, 0x23, 0x6C, 0xC4, 0xAD, 0x2C, \ +- 0xF3, 0x2A, 0x0C, 0xAD, 0xBD, 0xC9, 0xDD, 0xF6, \ +- 0x20, 0xB0, 0xEB, 0x99, 0x06, 0xD0, 0x95, 0x7F, \ +- 0x6C, 0x6F, 0xEA, 0xCD, 0x61, 0x54, 0x68, 0xDF, \ +- 0x10, 0x4D, 0xE2, 0x96, 0xCD, 0x8F +-#define EC_PARAM_c2tnb431r1_b \ +- 0x10, 0xD9, 0xB4, 0xA3, 0xD9, 0x04, 0x7D, 0x8B, \ +- 0x15, 0x43, 0x59, 0xAB, 0xFB, 0x1B, 0x7F, 0x54, \ +- 0x85, 0xB0, 0x4C, 0xEB, 0x86, 0x82, 0x37, 0xDD, \ +- 0xC9, 0xDE, 0xDA, 0x98, 0x2A, 0x67, 0x9A, 0x5A, \ +- 0x91, 0x9B, 0x62, 0x6D, 0x4E, 0x50, 0xA8, 0xDD, \ +- 0x73, 0x1B, 0x10, 0x7A, 0x99, 0x62, 0x38, 0x1F, \ +- 0xB5, 0xD8, 0x07, 0xBF, 0x26, 0x18 +-#define EC_PARAM_c2tnb431r1_x \ +- 0x12, 0x0F, 0xC0, 0x5D, 0x3C, 0x67, 0xA9, 0x9D, \ +- 0xE1, 0x61, 0xD2, 0xF4, 0x09, 0x26, 0x22, 0xFE, \ +- 0xCA, 0x70, 0x1B, 0xE4, 0xF5, 0x0F, 0x47, 0x58, \ +- 0x71, 0x4E, 0x8A, 0x87, 0xBB, 0xF2, 0xA6, 0x58, \ +- 0xEF, 0x8C, 0x21, 0xE7, 0xC5, 0xEF, 0xE9, 0x65, \ +- 0x36, 0x1F, 0x6C, 0x29, 0x99, 0xC0, 0xC2, 0x47, \ +- 0xB0, 0xDB, 0xD7, 0x0C, 0xE6, 0xB7 +-#define EC_PARAM_c2tnb431r1_y \ +- 0x20, 0xD0, 0xAF, 0x89, 0x03, 0xA9, 0x6F, 0x8D, \ +- 0x5F, 0xA2, 0xC2, 0x55, 0x74, 0x5D, 0x3C, 0x45, \ +- 0x1B, 0x30, 0x2C, 0x93, 0x46, 0xD9, 0xB7, 0xE4, \ +- 0x85, 0xE7, 0xBC, 0xE4, 0x1F, 0x6B, 0x59, 0x1F, \ +- 0x3E, 0x8F, 0x6A, 0xDD, 0xCB, 0xB0, 0xBC, 0x4C, \ +- 0x2F, 0x94, 0x7A, 0x7D, 0xE1, 0xA8, 0x9B, 0x62, \ +- 0x5D, 0x6A, 0x59, 0x8B, 0x37, 0x60 +-#define EC_PARAM_c2tnb431r1_order \ +- 0x00, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, \ +- 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, \ +- 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, \ +- 0x34, 0x03, 0x40, 0x34, 0x03, 0x23, 0xC3, 0x13, \ +- 0xFA, 0xB5, 0x05, 0x89, 0x70, 0x3B, 0x5E, 0xC6, \ +- 0x8D, 0x35, 0x87, 0xFE, 0xC6, 0x0D, 0x16, 0x1C, \ +- 0xC1, 0x49, 0xC1, 0xAD, 0x4A, 0x91 +-#endif +- +-#if 0 +-/* wap-wsg-idm-ecid-wtls1 : WTLS curve over a 113 bit binary field */ +-#define EC_PARAM_wap_wsg_idm_ecid_wtls1_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls1_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls1_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls1_x \ +- 0x01, 0x66, 0x79, 0x79, 0xA4, 0x0B, 0xA4, 0x97, \ +- 0xE5, 0xD5, 0xC2, 0x70, 0x78, 0x06, 0x17 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls1_y \ +- 0x00, 0xF4, 0x4B, 0x4A, 0xF1, 0xEC, 0xC2, 0x63, \ +- 0x0E, 0x08, 0x78, 0x5C, 0xEB, 0xCC, 0x15 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls1_order \ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFD, 0xBF, 0x91, 0xAF, 0x6D, 0xEA, 0x73 +-#endif +- +-#if 0 +-/* wap-wsg-idm-ecid-wtls3 : NIST/SECG/WTLS curve over a 163 bit binary field */ +-#define EC_PARAM_wap_wsg_idm_ecid_wtls3_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0xC9 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls3_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls3_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls3_x \ +- 0x02, 0xFE, 0x13, 0xC0, 0x53, 0x7B, 0xBC, 0x11, \ +- 0xAC, 0xAA, 0x07, 0xD7, 0x93, 0xDE, 0x4E, 0x6D, \ +- 0x5E, 0x5C, 0x94, 0xEE, 0xE8 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls3_y \ +- 0x02, 0x89, 0x07, 0x0F, 0xB0, 0x5D, 0x38, 0xFF, \ +- 0x58, 0x32, 0x1F, 0x2E, 0x80, 0x05, 0x36, 0xD5, \ +- 0x38, 0xCC, 0xDA, 0xA3, 0xD9 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls3_order \ +- 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x02, 0x01, 0x08, 0xA2, 0xE0, 0xCC, \ +- 0x0D, 0x99, 0xF8, 0xA5, 0xEF +-#endif +- +-#if 0 +-/* wap-wsg-idm-ecid-wtls4 : SECG curve over a 113 bit binary field */ +-#define EC_PARAM_wap_wsg_idm_ecid_wtls4_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls4_a \ +- 0x00, 0x30, 0x88, 0x25, 0x0C, 0xA6, 0xE7, 0xC7, \ +- 0xFE, 0x64, 0x9C, 0xE8, 0x58, 0x20, 0xF7 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls4_b \ +- 0x00, 0xE8, 0xBE, 0xE4, 0xD3, 0xE2, 0x26, 0x07, \ +- 0x44, 0x18, 0x8B, 0xE0, 0xE9, 0xC7, 0x23 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls4_x \ +- 0x00, 0x9D, 0x73, 0x61, 0x6F, 0x35, 0xF4, 0xAB, \ +- 0x14, 0x07, 0xD7, 0x35, 0x62, 0xC1, 0x0F +-#define EC_PARAM_wap_wsg_idm_ecid_wtls4_y \ +- 0x00, 0xA5, 0x28, 0x30, 0x27, 0x79, 0x58, 0xEE, \ +- 0x84, 0xD1, 0x31, 0x5E, 0xD3, 0x18, 0x86 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls4_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0xD9, 0xCC, 0xEC, 0x8A, 0x39, 0xE5, 0x6F +-#endif +- +-#if 0 +-/* wap-wsg-idm-ecid-wtls5 : X9.62 curve over a 163 bit binary field */ +-#define EC_PARAM_wap_wsg_idm_ecid_wtls5_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01, 0x07 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls5_a \ +- 0x07, 0x25, 0x46, 0xB5, 0x43, 0x52, 0x34, 0xA4, \ +- 0x22, 0xE0, 0x78, 0x96, 0x75, 0xF4, 0x32, 0xC8, \ +- 0x94, 0x35, 0xDE, 0x52, 0x42 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls5_b \ +- 0x00, 0xC9, 0x51, 0x7D, 0x06, 0xD5, 0x24, 0x0D, \ +- 0x3C, 0xFF, 0x38, 0xC7, 0x4B, 0x20, 0xB6, 0xCD, \ +- 0x4D, 0x6F, 0x9D, 0xD4, 0xD9 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls5_x \ +- 0x07, 0xAF, 0x69, 0x98, 0x95, 0x46, 0x10, 0x3D, \ +- 0x79, 0x32, 0x9F, 0xCC, 0x3D, 0x74, 0x88, 0x0F, \ +- 0x33, 0xBB, 0xE8, 0x03, 0xCB +-#define EC_PARAM_wap_wsg_idm_ecid_wtls5_y \ +- 0x01, 0xEC, 0x23, 0x21, 0x1B, 0x59, 0x66, 0xAD, \ +- 0xEA, 0x1D, 0x3F, 0x87, 0xF7, 0xEA, 0x58, 0x48, \ +- 0xAE, 0xF0, 0xB7, 0xCA, 0x9F +-#define EC_PARAM_wap_wsg_idm_ecid_wtls5_order \ +- 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x01, 0xE6, 0x0F, 0xC8, 0x82, 0x1C, \ +- 0xC7, 0x4D, 0xAE, 0xAF, 0xC1 +-#endif +- +-#if 0 +-/* wap-wsg-idm-ecid-wtls6 : SECG/WTLS curve over a 112 bit prime field */ +-#define EC_PARAM_wap_wsg_idm_ecid_wtls6_prime \ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ +- 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x8B +-#define EC_PARAM_wap_wsg_idm_ecid_wtls6_a \ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, \ +- 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x88 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls6_b \ +- 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, \ +- 0xDE, 0x89, 0x11, 0x70, 0x2B, 0x22 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls6_x \ +- 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, \ +- 0x6B, 0x55, 0xF9, 0xC2, 0xF0, 0x98 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls6_y \ +- 0xA8, 0x9C, 0xE5, 0xAF, 0x87, 0x24, 0xC0, 0xA2, \ +- 0x3E, 0x0E, 0x0F, 0xF7, 0x75, 0x00 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls6_order \ +- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, \ +- 0x28, 0xDF, 0xAC, 0x65, 0x61, 0xC5 +-#endif +- +-#if 0 +-/* wap-wsg-idm-ecid-wtls7 : SECG/WTLS curve over a 160 bit prime field */ +-#define EC_PARAM_wap_wsg_idm_ecid_wtls7_prime \ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFE, 0xFF, 0xFF, 0xAC, 0x73 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls7_a \ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFE, 0xFF, 0xFF, 0xAC, 0x70 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls7_b \ +- 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, \ +- 0x8B, 0xAB, 0x57, 0x27, 0x49, 0x04, 0x66, 0x4D, \ +- 0x5A, 0xF5, 0x03, 0x88, 0xBA +-#define EC_PARAM_wap_wsg_idm_ecid_wtls7_x \ +- 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, \ +- 0x7E, 0x1F, 0x4F, 0xF1, 0x1B, 0x30, 0xF7, 0x19, \ +- 0x9D, 0x31, 0x44, 0xCE, 0x6D +-#define EC_PARAM_wap_wsg_idm_ecid_wtls7_y \ +- 0x00, 0xFE, 0xAF, 0xFE, 0xF2, 0xE3, 0x31, 0xF2, \ +- 0x96, 0xE0, 0x71, 0xFA, 0x0D, 0xF9, 0x98, 0x2C, \ +- 0xFE, 0xA7, 0xD4, 0x3F, 0x2E +-#define EC_PARAM_wap_wsg_idm_ecid_wtls7_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x35, 0x1E, 0xE7, 0x86, 0xA8, \ +- 0x18, 0xF3, 0xA1, 0xA1, 0x6B +-#endif +- +-#if 0 +-/* wap-wsg-idm-ecid-wtls8 : WTLS curve over a 112 bit prime field */ +-#define EC_PARAM_wap_wsg_idm_ecid_wtls8_prime \ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xE7 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls8_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls8_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls8_x \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls8_y \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls8_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, \ +- 0xEC, 0xEA, 0x55, 0x1A, 0xD8, 0x37, 0xE9 +-#endif +- +-#if 0 +-/* wap-wsg-idm-ecid-wtls9 : WTLS curve over a 160 bit prime field */ +-#define EC_PARAM_wap_wsg_idm_ecid_wtls9_prime \ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFC, 0x80, 0x8F +-#define EC_PARAM_wap_wsg_idm_ecid_wtls9_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls9_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x03 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls9_x \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls9_y \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x02 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls9_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x01, 0xCD, 0xC9, 0x8A, 0xE0, 0xE2, \ +- 0xDE, 0x57, 0x4A, 0xBF, 0x33 +-#endif +- +-#if 0 +-/* wap-wsg-idm-ecid-wtls10 : NIST/SECG/WTLS curve over a 233 bit binary field */ +-#define EC_PARAM_wap_wsg_idm_ecid_wtls10_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls10_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls10_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls10_x \ +- 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, \ +- 0x1A, 0xF1, 0x29, 0xF2, 0x2F, 0xF4, 0x14, 0x95, \ +- 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C, \ +- 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls10_y \ +- 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, \ +- 0xF7, 0x0F, 0x55, 0x5A, 0x67, 0xC4, 0x27, 0xA8, \ +- 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0, \ +- 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls10_order \ +- 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, \ +- 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, \ +- 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF +-#endif +- +-#if 0 +-/* wap-wsg-idm-ecid-wtls11 : NIST/SECG/WTLS curve over a 233 bit binary field */ +-#define EC_PARAM_wap_wsg_idm_ecid_wtls11_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls11_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls11_b \ +- 0x00, 0x66, 0x64, 0x7E, 0xDE, 0x6C, 0x33, 0x2C, \ +- 0x7F, 0x8C, 0x09, 0x23, 0xBB, 0x58, 0x21, 0x3B, \ +- 0x33, 0x3B, 0x20, 0xE9, 0xCE, 0x42, 0x81, 0xFE, \ +- 0x11, 0x5F, 0x7D, 0x8F, 0x90, 0xAD +-#define EC_PARAM_wap_wsg_idm_ecid_wtls11_x \ +- 0x00, 0xFA, 0xC9, 0xDF, 0xCB, 0xAC, 0x83, 0x13, \ +- 0xBB, 0x21, 0x39, 0xF1, 0xBB, 0x75, 0x5F, 0xEF, \ +- 0x65, 0xBC, 0x39, 0x1F, 0x8B, 0x36, 0xF8, 0xF8, \ +- 0xEB, 0x73, 0x71, 0xFD, 0x55, 0x8B +-#define EC_PARAM_wap_wsg_idm_ecid_wtls11_y \ +- 0x01, 0x00, 0x6A, 0x08, 0xA4, 0x19, 0x03, 0x35, \ +- 0x06, 0x78, 0xE5, 0x85, 0x28, 0xBE, 0xBF, 0x8A, \ +- 0x0B, 0xEF, 0xF8, 0x67, 0xA7, 0xCA, 0x36, 0x71, \ +- 0x6F, 0x7E, 0x01, 0xF8, 0x10, 0x52 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls11_order \ +- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, \ +- 0xE9, 0x74, 0xE7, 0x2F, 0x8A, 0x69, 0x22, 0x03, \ +- 0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7 +-#endif +- +-#if 0 +-/* wap-wsg-idm-ecid-wtls12 : WTLS curve over a 224 bit prime field */ +-#define EC_PARAM_wap_wsg_idm_ecid_wtls12_prime \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls12_a \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFE +-#define EC_PARAM_wap_wsg_idm_ecid_wtls12_b \ +- 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, \ +- 0xF5, 0x41, 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, \ +- 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, \ +- 0x23, 0x55, 0xFF, 0xB4 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls12_x \ +- 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, \ +- 0x32, 0x13, 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, \ +- 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, \ +- 0x11, 0x5C, 0x1D, 0x21 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls12_y \ +- 0xBD, 0x37, 0x63, 0x88, 0xB5, 0xF7, 0x23, 0xFB, \ +- 0x4C, 0x22, 0xDF, 0xE6, 0xCD, 0x43, 0x75, 0xA0, \ +- 0x5A, 0x07, 0x47, 0x64, 0x44, 0xD5, 0x81, 0x99, \ +- 0x85, 0x00, 0x7E, 0x34 +-#define EC_PARAM_wap_wsg_idm_ecid_wtls12_order \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, \ +- 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, \ +- 0x5C, 0x5C, 0x2A, 0x3D +-#endif +- +-#if 0 +-/* Oakley-EC2N-3 : +- IPSec/IKE/Oakley curve #3 over a 155 bit binary field. +- Not suitable for ECDSA. +- Questionable extension field! */ +-#define EC_PARAM_Oakley_EC2N_3_prime \ +- 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_Oakley_EC2N_3_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_Oakley_EC2N_3_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x07, 0x33, 0x8F +-#define EC_PARAM_Oakley_EC2N_3_x \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x7B +-#define EC_PARAM_Oakley_EC2N_3_y \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x01, 0xC8 +-#define EC_PARAM_Oakley_EC2N_3_order \ +- 0x02, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, \ +- 0xAA, 0xAA, 0xC7, 0xF3, 0xC7, 0x88, 0x1B, 0xD0, \ +- 0x86, 0x8F, 0xA8, 0x6C +-#endif +- +-#if 0 +-/* Oakley-EC2N-4 : +- IPSec/IKE/Oakley curve #4 over a 185 bit binary field. +- Not suitable for ECDSA. +- Questionable extension field! */ +-#define EC_PARAM_Oakley_EC2N_4_prime \ +- 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_Oakley_EC2N_4_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_Oakley_EC2N_4_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1E, 0xE9 +-#define EC_PARAM_Oakley_EC2N_4_x \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18 +-#define EC_PARAM_Oakley_EC2N_4_y \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D +-#define EC_PARAM_Oakley_EC2N_4_order \ +- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xED, 0xF9, 0x7C, 0x44, \ +- 0xDB, 0x9F, 0x24, 0x20, 0xBA, 0xFC, 0xA7, 0x5E +-#endif +- +-#if 1 +-/* brainpoolP160r1 : RFC 5639 curve over a 160 bit prime field */ +-#define EC_PARAM_brainpoolP160r1_prime \ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ +- 0x60, 0xDF, 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, \ +- 0x95, 0x15, 0x62, 0x0F +-#define EC_PARAM_brainpoolP160r1_a \ +- 0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, \ +- 0xE2, 0xBE, 0x61, 0xBA, 0xDA, 0x74, 0x5D, 0x97, \ +- 0xE8, 0xF7, 0xC3, 0x00 +-#define EC_PARAM_brainpoolP160r1_b \ +- 0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, \ +- 0x13, 0x4F, 0xAA, 0x2D, 0xBD, 0xEC, 0x95, 0xC8, \ +- 0xD8, 0x67, 0x5E, 0x58 +-#define EC_PARAM_brainpoolP160r1_x \ +- 0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, \ +- 0x62, 0x93, 0x8C, 0x46, 0x31, 0xEB, 0x5A, 0xF7, \ +- 0xBD, 0xBC, 0xDB, 0xC3 +-#define EC_PARAM_brainpoolP160r1_y \ +- 0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, \ +- 0x38, 0xF9, 0x47, 0x41, 0x66, 0x9C, 0x97, 0x63, \ +- 0x16, 0xDA, 0x63, 0x21 +-#define EC_PARAM_brainpoolP160r1_order \ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ +- 0x60, 0xDF, 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40, \ +- 0x9E, 0x60, 0xFC, 0x09 +-#endif +- +-#if 1 +-/* brainpoolP160t1 : RFC 5639 curve over a 160 bit prime field */ +-#define EC_PARAM_brainpoolP160t1_prime \ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ +- 0x60, 0xDF, 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, \ +- 0x95, 0x15, 0x62, 0x0F +-#define EC_PARAM_brainpoolP160t1_a \ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ +- 0x60, 0xDF, 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, \ +- 0x95, 0x15, 0x62, 0x0C +-#define EC_PARAM_brainpoolP160t1_b \ +- 0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, \ +- 0x51, 0xED, 0x2C, 0x4D, 0x7D, 0xAA, 0x7A, 0x0B, \ +- 0x5C, 0x55, 0xF3, 0x80 +-#define EC_PARAM_brainpoolP160t1_x \ +- 0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, \ +- 0x39, 0x7E, 0x64, 0xBA, 0xEB, 0x05, 0xAC, 0xC2, \ +- 0x65, 0xFF, 0x23, 0x78 +-#define EC_PARAM_brainpoolP160t1_y \ +- 0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, \ +- 0xF0, 0x99, 0x1B, 0x84, 0x24, 0x43, 0x77, 0x21, \ +- 0x52, 0xC9, 0xE0, 0xAD +-#define EC_PARAM_brainpoolP160t1_order \ +- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, \ +- 0x60, 0xDF, 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40, \ +- 0x9E, 0x60, 0xFC, 0x09 +-#endif +- +-#if 1 +-/* brainpoolP192r1 : RFC 5639 curve over a 192 bit prime field */ +-#define EC_PARAM_brainpoolP192r1_prime \ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ +- 0xA7, 0xA3, 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, \ +- 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97 +-#define EC_PARAM_brainpoolP192r1_a \ +- 0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, \ +- 0x9C, 0x39, 0xC0, 0x31, 0xFE, 0x86, 0x85, 0xC1, \ +- 0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF +-#define EC_PARAM_brainpoolP192r1_b \ +- 0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, \ +- 0xDC, 0x72, 0x1D, 0x04, 0x4F, 0x44, 0x96, 0xBC, \ +- 0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9 +-#define EC_PARAM_brainpoolP192r1_x \ +- 0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, \ +- 0x53, 0xB0, 0x33, 0xC5, 0x6C, 0xB0, 0xF0, 0x90, \ +- 0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6 +-#define EC_PARAM_brainpoolP192r1_y \ +- 0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, \ +- 0x8B, 0x5F, 0x48, 0x28, 0xC1, 0x49, 0x00, 0x02, \ +- 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F +-#define EC_PARAM_brainpoolP192r1_order \ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ +- 0xA7, 0xA3, 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B, \ +- 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 +-#endif +- +-#if 1 +-/* brainpoolP192t1 : RFC 5639 curve over a 192 bit prime field */ +-#define EC_PARAM_brainpoolP192t1_prime \ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ +- 0xA7, 0xA3, 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, \ +- 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97 +-#define EC_PARAM_brainpoolP192t1_a \ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ +- 0xA7, 0xA3, 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, \ +- 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x94 +-#define EC_PARAM_brainpoolP192t1_b \ +- 0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, \ +- 0x68, 0xF9, 0xDE, 0xB4, 0x3B, 0x35, 0xBE, 0xC2, \ +- 0xFB, 0x68, 0x54, 0x2E, 0x27, 0x89, 0x7B, 0x79 +-#define EC_PARAM_brainpoolP192t1_x \ +- 0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, \ +- 0x28, 0x2E, 0x1F, 0xE7, 0xBB, 0xF4, 0x3F, 0xA7, \ +- 0x2C, 0x44, 0x6A, 0xF6, 0xF4, 0x61, 0x81, 0x29 +-#define EC_PARAM_brainpoolP192t1_y \ +- 0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, \ +- 0x90, 0x2A, 0xB5, 0xCA, 0x44, 0x9D, 0x00, 0x84, \ +- 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9 +-#define EC_PARAM_brainpoolP192t1_order \ +- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, \ +- 0xA7, 0xA3, 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B, \ +- 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 +-#endif +- +-#if 1 +-/* brainpoolP224r1 : RFC 5639 curve over a 224 bit prime field */ +-#define EC_PARAM_brainpoolP224r1_prime \ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ +- 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, \ +- 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, \ +- 0x7E, 0xC8, 0xC0, 0xFF +-#define EC_PARAM_brainpoolP224r1_a \ +- 0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, \ +- 0x29, 0x98, 0x03, 0xA6, 0xC1, 0x53, 0x0B, 0x51, \ +- 0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59, \ +- 0xCA, 0xD2, 0x9F, 0x43 +-#define EC_PARAM_brainpoolP224r1_b \ +- 0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, \ +- 0x87, 0x07, 0x13, 0xB1, 0xA9, 0x23, 0x69, 0xE3, \ +- 0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72, \ +- 0x38, 0x6C, 0x40, 0x0B +-#define EC_PARAM_brainpoolP224r1_x \ +- 0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, \ +- 0x34, 0x08, 0x23, 0xB2, 0xA8, 0x7D, 0xC6, 0x8C, \ +- 0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD, \ +- 0xEE, 0x12, 0xC0, 0x7D +-#define EC_PARAM_brainpoolP224r1_y \ +- 0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, \ +- 0x24, 0xC6, 0xB8, 0x9E, 0x4E, 0xCD, 0xAC, 0x24, \ +- 0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3, \ +- 0x76, 0x14, 0x02, 0xCD +-#define EC_PARAM_brainpoolP224r1_order \ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ +- 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, \ +- 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, \ +- 0xA5, 0xA7, 0x93, 0x9F +-#endif +- +-#if 1 +-/* brainpoolP224t1 : RFC 5639 curve over a 224 bit prime field */ +-#define EC_PARAM_brainpoolP224t1_prime \ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ +- 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, \ +- 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, \ +- 0x7E, 0xC8, 0xC0, 0xFF +-#define EC_PARAM_brainpoolP224t1_a \ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ +- 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, \ +- 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, \ +- 0x7E, 0xC8, 0xC0, 0xFC +-#define EC_PARAM_brainpoolP224t1_b \ +- 0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, \ +- 0xEF, 0x27, 0x1B, 0xF6, 0x0C, 0xED, 0x1E, 0xD2, \ +- 0x0D, 0xA1, 0x4C, 0x08, 0xB3, 0xBB, 0x64, 0xF1, \ +- 0x8A, 0x60, 0x88, 0x8D +-#define EC_PARAM_brainpoolP224t1_x \ +- 0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, \ +- 0x96, 0x42, 0x4E, 0x7F, 0xFE, 0x14, 0x76, 0x2E, \ +- 0xCB, 0x49, 0xF8, 0x92, 0x8A, 0xC0, 0xC7, 0x60, \ +- 0x29, 0xB4, 0xD5, 0x80 +-#define EC_PARAM_brainpoolP224t1_y \ +- 0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, \ +- 0xD2, 0x3F, 0x3F, 0x4D, 0x7C, 0x0D, 0x4B, 0x1E, \ +- 0x41, 0xC8, 0xCC, 0x0D, 0x1C, 0x6A, 0xBD, 0x5F, \ +- 0x1A, 0x46, 0xDB, 0x4C +-#define EC_PARAM_brainpoolP224t1_order \ +- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, \ +- 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, \ +- 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, \ +- 0xA5, 0xA7, 0x93, 0x9F +-#endif +- +-#if 1 +-/* brainpoolP256r1 : RFC 5639 curve over a 256 bit prime field */ +-#define EC_PARAM_brainpoolP256r1_prime \ +- 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ +- 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, \ +- 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, \ +- 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77 +-#define EC_PARAM_brainpoolP256r1_a \ +- 0x7D, 0x5A, 0x09, 0x75, 0xFC, 0x2C, 0x30, 0x57, \ +- 0xEE, 0xF6, 0x75, 0x30, 0x41, 0x7A, 0xFF, 0xE7, \ +- 0xFB, 0x80, 0x55, 0xC1, 0x26, 0xDC, 0x5C, 0x6C, \ +- 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9 +-#define EC_PARAM_brainpoolP256r1_b \ +- 0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, \ +- 0xF3, 0x30, 0xB5, 0xD9, 0xBB, 0xD7, 0x7C, 0xBF, \ +- 0x95, 0x84, 0x16, 0x29, 0x5C, 0xF7, 0xE1, 0xCE, \ +- 0x6B, 0xCC, 0xDC, 0x18, 0xFF, 0x8C, 0x07, 0xB6 +-#define EC_PARAM_brainpoolP256r1_x \ +- 0x8B, 0xD2, 0xAE, 0xB9, 0xCB, 0x7E, 0x57, 0xCB, \ +- 0x2C, 0x4B, 0x48, 0x2F, 0xFC, 0x81, 0xB7, 0xAF, \ +- 0xB9, 0xDE, 0x27, 0xE1, 0xE3, 0xBD, 0x23, 0xC2, \ +- 0x3A, 0x44, 0x53, 0xBD, 0x9A, 0xCE, 0x32, 0x62 +-#define EC_PARAM_brainpoolP256r1_y \ +- 0x54, 0x7E, 0xF8, 0x35, 0xC3, 0xDA, 0xC4, 0xFD, \ +- 0x97, 0xF8, 0x46, 0x1A, 0x14, 0x61, 0x1D, 0xC9, \ +- 0xC2, 0x77, 0x45, 0x13, 0x2D, 0xED, 0x8E, 0x54, \ +- 0x5C, 0x1D, 0x54, 0xC7, 0x2F, 0x04, 0x69, 0x97 +-#define EC_PARAM_brainpoolP256r1_order \ +- 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ +- 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, \ +- 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7, \ +- 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7 +-#endif +- +-#if 1 +-/* brainpoolP256t1 : RFC 5639 curve over a 256 bit prime field */ +-#define EC_PARAM_brainpoolP256t1_prime \ +- 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ +- 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, \ +- 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, \ +- 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77 +-#define EC_PARAM_brainpoolP256t1_a \ +- 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ +- 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, \ +- 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, \ +- 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x74 +-#define EC_PARAM_brainpoolP256t1_b \ +- 0x66, 0x2C, 0x61, 0xC4, 0x30, 0xD8, 0x4E, 0xA4, \ +- 0xFE, 0x66, 0xA7, 0x73, 0x3D, 0x0B, 0x76, 0xB7, \ +- 0xBF, 0x93, 0xEB, 0xC4, 0xAF, 0x2F, 0x49, 0x25, \ +- 0x6A, 0xE5, 0x81, 0x01, 0xFE, 0xE9, 0x2B, 0x04 +-#define EC_PARAM_brainpoolP256t1_x \ +- 0xA3, 0xE8, 0xEB, 0x3C, 0xC1, 0xCF, 0xE7, 0xB7, \ +- 0x73, 0x22, 0x13, 0xB2, 0x3A, 0x65, 0x61, 0x49, \ +- 0xAF, 0xA1, 0x42, 0xC4, 0x7A, 0xAF, 0xBC, 0x2B, \ +- 0x79, 0xA1, 0x91, 0x56, 0x2E, 0x13, 0x05, 0xF4 +-#define EC_PARAM_brainpoolP256t1_y \ +- 0x2D, 0x99, 0x6C, 0x82, 0x34, 0x39, 0xC5, 0x6D, \ +- 0x7F, 0x7B, 0x22, 0xE1, 0x46, 0x44, 0x41, 0x7E, \ +- 0x69, 0xBC, 0xB6, 0xDE, 0x39, 0xD0, 0x27, 0x00, \ +- 0x1D, 0xAB, 0xE8, 0xF3, 0x5B, 0x25, 0xC9, 0xBE +-#define EC_PARAM_brainpoolP256t1_order \ +- 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, \ +- 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, \ +- 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7, \ +- 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7 +-#endif +- +-#if 1 +-/* brainpoolP320r1 : RFC 5639 curve over a 320 bit prime field */ +-#define EC_PARAM_brainpoolP320r1_prime \ +- 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ +- 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ +- 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, \ +- 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, \ +- 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27 +-#define EC_PARAM_brainpoolP320r1_a \ +- 0x3E, 0xE3, 0x0B, 0x56, 0x8F, 0xBA, 0xB0, 0xF8, \ +- 0x83, 0xCC, 0xEB, 0xD4, 0x6D, 0x3F, 0x3B, 0xB8, \ +- 0xA2, 0xA7, 0x35, 0x13, 0xF5, 0xEB, 0x79, 0xDA, \ +- 0x66, 0x19, 0x0E, 0xB0, 0x85, 0xFF, 0xA9, 0xF4, \ +- 0x92, 0xF3, 0x75, 0xA9, 0x7D, 0x86, 0x0E, 0xB4 +-#define EC_PARAM_brainpoolP320r1_b \ +- 0x52, 0x08, 0x83, 0x94, 0x9D, 0xFD, 0xBC, 0x42, \ +- 0xD3, 0xAD, 0x19, 0x86, 0x40, 0x68, 0x8A, 0x6F, \ +- 0xE1, 0x3F, 0x41, 0x34, 0x95, 0x54, 0xB4, 0x9A, \ +- 0xCC, 0x31, 0xDC, 0xCD, 0x88, 0x45, 0x39, 0x81, \ +- 0x6F, 0x5E, 0xB4, 0xAC, 0x8F, 0xB1, 0xF1, 0xA6 +-#define EC_PARAM_brainpoolP320r1_x \ +- 0x43, 0xBD, 0x7E, 0x9A, 0xFB, 0x53, 0xD8, 0xB8, \ +- 0x52, 0x89, 0xBC, 0xC4, 0x8E, 0xE5, 0xBF, 0xE6, \ +- 0xF2, 0x01, 0x37, 0xD1, 0x0A, 0x08, 0x7E, 0xB6, \ +- 0xE7, 0x87, 0x1E, 0x2A, 0x10, 0xA5, 0x99, 0xC7, \ +- 0x10, 0xAF, 0x8D, 0x0D, 0x39, 0xE2, 0x06, 0x11 +-#define EC_PARAM_brainpoolP320r1_y \ +- 0x14, 0xFD, 0xD0, 0x55, 0x45, 0xEC, 0x1C, 0xC8, \ +- 0xAB, 0x40, 0x93, 0x24, 0x7F, 0x77, 0x27, 0x5E, \ +- 0x07, 0x43, 0xFF, 0xED, 0x11, 0x71, 0x82, 0xEA, \ +- 0xA9, 0xC7, 0x78, 0x77, 0xAA, 0xAC, 0x6A, 0xC7, \ +- 0xD3, 0x52, 0x45, 0xD1, 0x69, 0x2E, 0x8E, 0xE1 +-#define EC_PARAM_brainpoolP320r1_order \ +- 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ +- 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ +- 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3, \ +- 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, \ +- 0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11 +-#endif +- +-#if 1 +-/* brainpoolP320t1 : RFC 5639 curve over a 320 bit prime field */ +-#define EC_PARAM_brainpoolP320t1_prime \ +- 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ +- 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ +- 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, \ +- 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, \ +- 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27 +-#define EC_PARAM_brainpoolP320t1_a \ +- 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ +- 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ +- 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, \ +- 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, \ +- 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x24 +-#define EC_PARAM_brainpoolP320t1_b \ +- 0xA7, 0xF5, 0x61, 0xE0, 0x38, 0xEB, 0x1E, 0xD5, \ +- 0x60, 0xB3, 0xD1, 0x47, 0xDB, 0x78, 0x20, 0x13, \ +- 0x06, 0x4C, 0x19, 0xF2, 0x7E, 0xD2, 0x7C, 0x67, \ +- 0x80, 0xAA, 0xF7, 0x7F, 0xB8, 0xA5, 0x47, 0xCE, \ +- 0xB5, 0xB4, 0xFE, 0xF4, 0x22, 0x34, 0x03, 0x53 +-#define EC_PARAM_brainpoolP320t1_x \ +- 0x92, 0x5B, 0xE9, 0xFB, 0x01, 0xAF, 0xC6, 0xFB, \ +- 0x4D, 0x3E, 0x7D, 0x49, 0x90, 0x01, 0x0F, 0x81, \ +- 0x34, 0x08, 0xAB, 0x10, 0x6C, 0x4F, 0x09, 0xCB, \ +- 0x7E, 0xE0, 0x78, 0x68, 0xCC, 0x13, 0x6F, 0xFF, \ +- 0x33, 0x57, 0xF6, 0x24, 0xA2, 0x1B, 0xED, 0x52 +-#define EC_PARAM_brainpoolP320t1_y \ +- 0x63, 0xBA, 0x3A, 0x7A, 0x27, 0x48, 0x3E, 0xBF, \ +- 0x66, 0x71, 0xDB, 0xEF, 0x7A, 0xBB, 0x30, 0xEB, \ +- 0xEE, 0x08, 0x4E, 0x58, 0xA0, 0xB0, 0x77, 0xAD, \ +- 0x42, 0xA5, 0xA0, 0x98, 0x9D, 0x1E, 0xE7, 0x1B, \ +- 0x1B, 0x9B, 0xC0, 0x45, 0x5F, 0xB0, 0xD2, 0xC3 +-#define EC_PARAM_brainpoolP320t1_order \ +- 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, \ +- 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, \ +- 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3, \ +- 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, \ +- 0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11 +-#endif +- +-#if 1 +-/* brainpoolP384r1 : RFC 5639 curve over a 384 bit prime field */ +-#define EC_PARAM_brainpoolP384r1_prime \ +- 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ +- 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ +- 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, \ +- 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, \ +- 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, \ +- 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53 +-#define EC_PARAM_brainpoolP384r1_a \ +- 0x7B, 0xC3, 0x82, 0xC6, 0x3D, 0x8C, 0x15, 0x0C, \ +- 0x3C, 0x72, 0x08, 0x0A, 0xCE, 0x05, 0xAF, 0xA0, \ +- 0xC2, 0xBE, 0xA2, 0x8E, 0x4F, 0xB2, 0x27, 0x87, \ +- 0x13, 0x91, 0x65, 0xEF, 0xBA, 0x91, 0xF9, 0x0F, \ +- 0x8A, 0xA5, 0x81, 0x4A, 0x50, 0x3A, 0xD4, 0xEB, \ +- 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26 +-#define EC_PARAM_brainpoolP384r1_b \ +- 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, \ +- 0x8B, 0x39, 0xB5, 0x54, 0x16, 0xF0, 0x44, 0x7C, \ +- 0x2F, 0xB7, 0x7D, 0xE1, 0x07, 0xDC, 0xD2, 0xA6, \ +- 0x2E, 0x88, 0x0E, 0xA5, 0x3E, 0xEB, 0x62, 0xD5, \ +- 0x7C, 0xB4, 0x39, 0x02, 0x95, 0xDB, 0xC9, 0x94, \ +- 0x3A, 0xB7, 0x86, 0x96, 0xFA, 0x50, 0x4C, 0x11 +-#define EC_PARAM_brainpoolP384r1_x \ +- 0x1D, 0x1C, 0x64, 0xF0, 0x68, 0xCF, 0x45, 0xFF, \ +- 0xA2, 0xA6, 0x3A, 0x81, 0xB7, 0xC1, 0x3F, 0x6B, \ +- 0x88, 0x47, 0xA3, 0xE7, 0x7E, 0xF1, 0x4F, 0xE3, \ +- 0xDB, 0x7F, 0xCA, 0xFE, 0x0C, 0xBD, 0x10, 0xE8, \ +- 0xE8, 0x26, 0xE0, 0x34, 0x36, 0xD6, 0x46, 0xAA, \ +- 0xEF, 0x87, 0xB2, 0xE2, 0x47, 0xD4, 0xAF, 0x1E +-#define EC_PARAM_brainpoolP384r1_y \ +- 0x8A, 0xBE, 0x1D, 0x75, 0x20, 0xF9, 0xC2, 0xA4, \ +- 0x5C, 0xB1, 0xEB, 0x8E, 0x95, 0xCF, 0xD5, 0x52, \ +- 0x62, 0xB7, 0x0B, 0x29, 0xFE, 0xEC, 0x58, 0x64, \ +- 0xE1, 0x9C, 0x05, 0x4F, 0xF9, 0x91, 0x29, 0x28, \ +- 0x0E, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11, \ +- 0x42, 0x82, 0x03, 0x41, 0x26, 0x3C, 0x53, 0x15 +-#define EC_PARAM_brainpoolP384r1_order \ +- 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ +- 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ +- 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, \ +- 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, \ +- 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, \ +- 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 +-#endif +- +-#if 1 +-/* brainpoolP384t1 : RFC 5639 curve over a 384 bit prime field */ +-#define EC_PARAM_brainpoolP384t1_prime \ +- 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ +- 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ +- 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, \ +- 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, \ +- 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, \ +- 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53 +-#define EC_PARAM_brainpoolP384t1_a \ +- 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ +- 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ +- 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, \ +- 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, \ +- 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, \ +- 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x50 +-#define EC_PARAM_brainpoolP384t1_b \ +- 0x7F, 0x51, 0x9E, 0xAD, 0xA7, 0xBD, 0xA8, 0x1B, \ +- 0xD8, 0x26, 0xDB, 0xA6, 0x47, 0x91, 0x0F, 0x8C, \ +- 0x4B, 0x93, 0x46, 0xED, 0x8C, 0xCD, 0xC6, 0x4E, \ +- 0x4B, 0x1A, 0xBD, 0x11, 0x75, 0x6D, 0xCE, 0x1D, \ +- 0x20, 0x74, 0xAA, 0x26, 0x3B, 0x88, 0x80, 0x5C, \ +- 0xED, 0x70, 0x35, 0x5A, 0x33, 0xB4, 0x71, 0xEE +-#define EC_PARAM_brainpoolP384t1_x \ +- 0x18, 0xDE, 0x98, 0xB0, 0x2D, 0xB9, 0xA3, 0x06, \ +- 0xF2, 0xAF, 0xCD, 0x72, 0x35, 0xF7, 0x2A, 0x81, \ +- 0x9B, 0x80, 0xAB, 0x12, 0xEB, 0xD6, 0x53, 0x17, \ +- 0x24, 0x76, 0xFE, 0xCD, 0x46, 0x2A, 0xAB, 0xFF, \ +- 0xC4, 0xFF, 0x19, 0x1B, 0x94, 0x6A, 0x5F, 0x54, \ +- 0xD8, 0xD0, 0xAA, 0x2F, 0x41, 0x88, 0x08, 0xCC +-#define EC_PARAM_brainpoolP384t1_y \ +- 0x25, 0xAB, 0x05, 0x69, 0x62, 0xD3, 0x06, 0x51, \ +- 0xA1, 0x14, 0xAF, 0xD2, 0x75, 0x5A, 0xD3, 0x36, \ +- 0x74, 0x7F, 0x93, 0x47, 0x5B, 0x7A, 0x1F, 0xCA, \ +- 0x3B, 0x88, 0xF2, 0xB6, 0xA2, 0x08, 0xCC, 0xFE, \ +- 0x46, 0x94, 0x08, 0x58, 0x4D, 0xC2, 0xB2, 0x91, \ +- 0x26, 0x75, 0xBF, 0x5B, 0x9E, 0x58, 0x29, 0x28 +-#define EC_PARAM_brainpoolP384t1_order \ +- 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, \ +- 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, \ +- 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, \ +- 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, \ +- 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, \ +- 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 +-#endif +- +-#if 1 +-/* brainpoolP512r1 : RFC 5639 curve over a 512 bit prime field */ +-#define EC_PARAM_brainpoolP512r1_prime \ +- 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ +- 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ +- 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ +- 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, \ +- 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, \ +- 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, \ +- 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, \ +- 0x28, 0xAA, 0x60, 0x56, 0x58, 0x3A, 0x48, 0xF3 +-#define EC_PARAM_brainpoolP512r1_a \ +- 0x78, 0x30, 0xA3, 0x31, 0x8B, 0x60, 0x3B, 0x89, \ +- 0xE2, 0x32, 0x71, 0x45, 0xAC, 0x23, 0x4C, 0xC5, \ +- 0x94, 0xCB, 0xDD, 0x8D, 0x3D, 0xF9, 0x16, 0x10, \ +- 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC, \ +- 0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1, \ +- 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5, \ +- 0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, \ +- 0xE7, 0xC1, 0xAC, 0x4D, 0x77, 0xFC, 0x94, 0xCA +-#define EC_PARAM_brainpoolP512r1_b \ +- 0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, \ +- 0xEA, 0x98, 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A, \ +- 0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9, \ +- 0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, 0x17, 0xA7, \ +- 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D, \ +- 0x77, 0xFC, 0x94, 0xCA, 0xDC, 0x08, 0x3E, 0x67, \ +- 0x98, 0x40, 0x50, 0xB7, 0x5E, 0xBA, 0xE5, 0xDD, \ +- 0x28, 0x09, 0xBD, 0x63, 0x80, 0x16, 0xF7, 0x23 +-#define EC_PARAM_brainpoolP512r1_x \ +- 0x81, 0xAE, 0xE4, 0xBD, 0xD8, 0x2E, 0xD9, 0x64, \ +- 0x5A, 0x21, 0x32, 0x2E, 0x9C, 0x4C, 0x6A, 0x93, \ +- 0x85, 0xED, 0x9F, 0x70, 0xB5, 0xD9, 0x16, 0xC1, \ +- 0xB4, 0x3B, 0x62, 0xEE, 0xF4, 0xD0, 0x09, 0x8E, \ +- 0xFF, 0x3B, 0x1F, 0x78, 0xE2, 0xD0, 0xD4, 0x8D, \ +- 0x50, 0xD1, 0x68, 0x7B, 0x93, 0xB9, 0x7D, 0x5F, \ +- 0x7C, 0x6D, 0x50, 0x47, 0x40, 0x6A, 0x5E, 0x68, \ +- 0x8B, 0x35, 0x22, 0x09, 0xBC, 0xB9, 0xF8, 0x22 +-#define EC_PARAM_brainpoolP512r1_y \ +- 0x7D, 0xDE, 0x38, 0x5D, 0x56, 0x63, 0x32, 0xEC, \ +- 0xC0, 0xEA, 0xBF, 0xA9, 0xCF, 0x78, 0x22, 0xFD, \ +- 0xF2, 0x09, 0xF7, 0x00, 0x24, 0xA5, 0x7B, 0x1A, \ +- 0xA0, 0x00, 0xC5, 0x5B, 0x88, 0x1F, 0x81, 0x11, \ +- 0xB2, 0xDC, 0xDE, 0x49, 0x4A, 0x5F, 0x48, 0x5E, \ +- 0x5B, 0xCA, 0x4B, 0xD8, 0x8A, 0x27, 0x63, 0xAE, \ +- 0xD1, 0xCA, 0x2B, 0x2F, 0xA8, 0xF0, 0x54, 0x06, \ +- 0x78, 0xCD, 0x1E, 0x0F, 0x3A, 0xD8, 0x08, 0x92 +-#define EC_PARAM_brainpoolP512r1_order \ +- 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ +- 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ +- 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ +- 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, \ +- 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, \ +- 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, \ +- 0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, \ +- 0xB5, 0x87, 0x96, 0x82, 0x9C, 0xA9, 0x00, 0x69 +-#endif +- +-#if 1 +-/* brainpoolP512t1 : RFC 5639 curve over a 512 bit prime field */ +-#define EC_PARAM_brainpoolP512t1_prime \ +- 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ +- 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ +- 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ +- 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, \ +- 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, \ +- 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, \ +- 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, \ +- 0x28, 0xAA, 0x60, 0x56, 0x58, 0x3A, 0x48, 0xF3 +-#define EC_PARAM_brainpoolP512t1_a \ +- 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ +- 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ +- 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ +- 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, \ +- 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, \ +- 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, \ +- 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, \ +- 0x28, 0xAA, 0x60, 0x56, 0x58, 0x3A, 0x48, 0xF0 +-#define EC_PARAM_brainpoolP512t1_b \ +- 0x7C, 0xBB, 0xBC, 0xF9, 0x44, 0x1C, 0xFA, 0xB7, \ +- 0x6E, 0x18, 0x90, 0xE4, 0x68, 0x84, 0xEA, 0xE3, \ +- 0x21, 0xF7, 0x0C, 0x0B, 0xCB, 0x49, 0x81, 0x52, \ +- 0x78, 0x97, 0x50, 0x4B, 0xEC, 0x3E, 0x36, 0xA6, \ +- 0x2B, 0xCD, 0xFA, 0x23, 0x04, 0x97, 0x65, 0x40, \ +- 0xF6, 0x45, 0x00, 0x85, 0xF2, 0xDA, 0xE1, 0x45, \ +- 0xC2, 0x25, 0x53, 0xB4, 0x65, 0x76, 0x36, 0x89, \ +- 0x18, 0x0E, 0xA2, 0x57, 0x18, 0x67, 0x42, 0x3E +-#define EC_PARAM_brainpoolP512t1_x \ +- 0x64, 0x0E, 0xCE, 0x5C, 0x12, 0x78, 0x87, 0x17, \ +- 0xB9, 0xC1, 0xBA, 0x06, 0xCB, 0xC2, 0xA6, 0xFE, \ +- 0xBA, 0x85, 0x84, 0x24, 0x58, 0xC5, 0x6D, 0xDE, \ +- 0x9D, 0xB1, 0x75, 0x8D, 0x39, 0xC0, 0x31, 0x3D, \ +- 0x82, 0xBA, 0x51, 0x73, 0x5C, 0xDB, 0x3E, 0xA4, \ +- 0x99, 0xAA, 0x77, 0xA7, 0xD6, 0x94, 0x3A, 0x64, \ +- 0xF7, 0xA3, 0xF2, 0x5F, 0xE2, 0x6F, 0x06, 0xB5, \ +- 0x1B, 0xAA, 0x26, 0x96, 0xFA, 0x90, 0x35, 0xDA +-#define EC_PARAM_brainpoolP512t1_y \ +- 0x5B, 0x53, 0x4B, 0xD5, 0x95, 0xF5, 0xAF, 0x0F, \ +- 0xA2, 0xC8, 0x92, 0x37, 0x6C, 0x84, 0xAC, 0xE1, \ +- 0xBB, 0x4E, 0x30, 0x19, 0xB7, 0x16, 0x34, 0xC0, \ +- 0x11, 0x31, 0x15, 0x9C, 0xAE, 0x03, 0xCE, 0xE9, \ +- 0xD9, 0x93, 0x21, 0x84, 0xBE, 0xEF, 0x21, 0x6B, \ +- 0xD7, 0x1D, 0xF2, 0xDA, 0xDF, 0x86, 0xA6, 0x27, \ +- 0x30, 0x6E, 0xCF, 0xF9, 0x6D, 0xBB, 0x8B, 0xAC, \ +- 0xE1, 0x98, 0xB6, 0x1E, 0x00, 0xF8, 0xB3, 0x32 +-#define EC_PARAM_brainpoolP512t1_order \ +- 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, \ +- 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, \ +- 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, \ +- 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, \ +- 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, \ +- 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, \ +- 0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, \ +- 0xB5, 0x87, 0x96, 0x82, 0x9C, 0xA9, 0x00, 0x69 +-#endif +- +-#if 1 +-/* TPM_BM_P256 : TPM_BM_P256 curve over a 256 bit */ +-#define EC_PARAM_tpm_bm_p256_prime \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, \ +- 0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9F, \ +- 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98, 0x0A, 0x82, \ +- 0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x13 +-#define EC_PARAM_tpm_bm_p256_a \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +-#define EC_PARAM_tpm_bm_p256_b \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 +-#define EC_PARAM_tpm_bm_p256_x \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 +-#define EC_PARAM_tpm_bm_p256_y \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 +-#define EC_PARAM_tpm_bm_p256_order \ +- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, \ +- 0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9E, \ +- 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x99, 0x92, 0x1A, \ +- 0xF6, 0x2D, 0x53, 0x6C, 0xD1, 0x0B, 0x50, 0x0D +-#endif +- +-/* clang-format on */ +-#endif /* SE05X_ECC_CURVES_LIST_H_INC */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_enums.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_enums.h +deleted file mode 100644 +index cb0191c918..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_enums.h ++++ /dev/null +@@ -1,1030 +0,0 @@ +-/* +-* +-* Copyright 2019,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-/** @file */ +- +-#ifndef SE05x_ENUMS_H +-#define SE05x_ENUMS_H +- +-#include +- +- +-/* + more or less machine Generated */ +- +-/** Reserved idendntifiers of the Applet */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_AppletResID_NA = 0, +- /** An authentication object which allows the user to switch +- * LockState of the applet. The LockState defines whether the +- * applet is transport locked or not. */ +- kSE05x_AppletResID_TRANSPORT = 0x7FFF0200, +- /** A device unique NIST P-256 key pair which contains SK.SE.ECKA +- * and PK.SE.ECKA in ECKey session context. */ +- kSE05x_AppletResID_KP_ECKEY_USER = 0x7FFF0201, +- /** A device unique NIST P-256 key pair which contains SK.SE.ECKA +- * and PK.SE.ECKA in ECKey session context; A constant card +- * challenge (all zeroes) is applicable. */ +- kSE05x_AppletResID_KP_ECKEY_IMPORT = 0x7FFF0202, +- /* Reserved Key @ location 0x7FFF0203 */ +- /** An authentication object which allows the user to change the +- applet variant. */ +- kSE05x_AppletResID_FEATURE = 0x7FFF0204, +- /** An authentication object which allows the user to delete all +- objects, except trust provisioned by NXP objects. */ +- kSE05x_AppletResID_FACTORY_RESET = 0x7FFF0205, +- /** A BinaryFile Secure Object which holds the device unique +- * ID. This file cannot be overwritten or deleted. */ +- kSE05x_AppletResID_UNIQUE_ID = 0x7FFF0206, +- /** An authentication object which allows the user to change the +- * platform SCP requirements, i.e. make platform SCP mandatory or +- * not, using SetPlatformSCPRequest. Mandatory means full security, +- * i.e. command & response MAC and encryption. Only SCP03 will be +- * sufficient. */ +- kSE05x_AppletResID_PLATFORM_SCP = 0x7FFF0207, +- /** An authentication object which grants access to the I2C master +- * feature. If the credential is not present, access to I2C master +- * is allowed in general. Otherwise, a session using this +- * credential shall be established and I2CM commands shall be sent +- * within this session. */ +- kSE05x_AppletResID_I2CM_ACCESS = 0x7FFF0208, +- /** An authentication object which grants access to the +- * SetLockState command */ +- kSE05x_AppletResID_RESTRICT = 0x7FFF020A, +- +-} SE05x_AppletResID_t; +- +-/** Mapping of 2 byte return code */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_SW12_NA = 0, +- /** No Error */ +- kSE05x_SW12_NO_ERROR = 0x9000, +- /** Conditions not satisfied */ +- kSE05x_SW12_CONDITIONS_NOT_SATISFIED = 0x6985, +- /** Security status not satisfied. */ +- kSE05x_SW12_SECURITY_STATUS = 0x6982, +- /** Wrong data provided. */ +- kSE05x_SW12_WRONG_DATA = 0x6A80, +- /** Data invalid - policy set invalid for the given object */ +- kSE05x_SW12_DATA_INVALID = 0x6984, +- /** Command not allowed - access denied based on object policy */ +- kSE05x_SW12_COMMAND_NOT_ALLOWED = 0x6986, +-} SE05x_SW12_t; +- +-/** Values for INS in ISO7816 APDU */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_INS_NA = 0, +- /** 3 MSBit for instruction characteristics. */ +- kSE05x_INS_MASK_INS_CHAR = 0xE0, +- /** 5 LSBit for instruction */ +- kSE05x_INS_MASK_INSTRUCTION = 0x1F, +- +- /** Mask for transient object creation, can only be combined with INS_WRITE. */ +- kSE05x_INS_TRANSIENT = 0x80, +- /** Mask for authentication object creation, can only be combined with INS_WRITE */ +- kSE05x_INS_AUTH_OBJECT = 0x40, +- /** Mask for getting attestation data. */ +- kSE05x_INS_ATTEST = 0x20, +- +- /** Write or create a persistent object. */ +- kSE05x_INS_WRITE = 0x01, +- /** Read the object */ +- kSE05x_INS_READ = 0x02, +- /** Perform Security Operation */ +- kSE05x_INS_CRYPTO = 0x03, +- /** General operation */ +- kSE05x_INS_MGMT = 0x04, +- /** Process session command */ +- kSE05x_INS_PROCESS = 0x05, +-} SE05x_INS_t; +- +-/** Values for P1 in ISO7816 APDU */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_P1_NA = 0, +- /** Highest bit not used */ +- kSE05x_P1_UNUSED = 0x80, +- /** 2 MSBit for key type */ +- kSE05x_P1_MASK_KEY_TYPE = 0x60, +- /** 5 LSBit for credential type */ +- kSE05x_P1_MASK_CRED_TYPE = 0x1F, +- +- /** Key pair (private key + public key) */ +- kSE05x_P1_KEY_PAIR = 0x60, +- /** Private key */ +- kSE05x_P1_PRIVATE = 0x40, +- /** Public key */ +- kSE05x_P1_PUBLIC = 0x20, +- +- kSE05x_P1_DEFAULT = 0x00, +- kSE05x_P1_EC = 0x01, +- kSE05x_P1_RSA = 0x02, +- kSE05x_P1_AES = 0x03, +- kSE05x_P1_DES = 0x04, +- kSE05x_P1_HMAC = 0x05, +- kSE05x_P1_BINARY = 0x06, +- kSE05x_P1_UserID = 0x07, +- kSE05x_P1_COUNTER = 0x08, +- kSE05x_P1_PCR = 0x09, +- kSE05x_P1_CURVE = 0x0B, +- kSE05x_P1_SIGNATURE = 0x0C, +- kSE05x_P1_MAC = 0x0D, +- kSE05x_P1_CIPHER = 0x0E, +- kSE05x_P1_TLS = 0x0F, +- kSE05x_P1_CRYPTO_OBJ = 0x10, +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- /** Applet >= 4.4 */ +- kSE05x_P1_AEAD = 0x11, +- /** Applet >= 4.4 */ +- kSE05x_P1_AEAD_SP800_38D = 0x12, +-#endif /* SSS_HAVE_SE05X_VER_GTE_06_00 */ +-} SE05x_P1_t; +- +-/** Values for P2 in ISO7816 APDU */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_P2_DEFAULT = 0x00, +- kSE05x_P2_GENERATE = 0x03, +- kSE05x_P2_CREATE = 0x04, +- kSE05x_P2_SIZE = 0x07, +- kSE05x_P2_SIGN = 0x09, +- kSE05x_P2_VERIFY = 0x0A, +- kSE05x_P2_INIT = 0x0B, +- kSE05x_P2_UPDATE = 0x0C, +- kSE05x_P2_FINAL = 0x0D, +- kSE05x_P2_ONESHOT = 0x0E, +- kSE05x_P2_DH = 0x0F, +- kSE05x_P2_DIVERSIFY = 0x10, +- // kSE05x_P2_AUTH_PART1 = 0x11, +- kSE05x_P2_AUTH_FIRST_PART2 = 0x12, +- kSE05x_P2_AUTH_NONFIRST_PART2 = 0x13, +- kSE05x_P2_DUMP_KEY = 0x14, +- kSE05x_P2_CHANGE_KEY_PART1 = 0x15, +- kSE05x_P2_CHANGE_KEY_PART2 = 0x16, +- kSE05x_P2_KILL_AUTH = 0x17, +- kSE05x_P2_IMPORT = 0x18, +- kSE05x_P2_EXPORT = 0x19, +- kSE05x_P2_SESSION_CREATE = 0x1B, +- kSE05x_P2_SESSION_CLOSE = 0x1C, +- kSE05x_P2_SESSION_REFRESH = 0x1E, +- kSE05x_P2_SESSION_POLICY = 0x1F, +- kSE05x_P2_VERSION = 0x20, +- kSE05x_P2_VERSION_EXT = 0x21, +- kSE05x_P2_MEMORY = 0x22, +- kSE05x_P2_LIST = 0x25, +- kSE05x_P2_TYPE = 0x26, +- kSE05x_P2_EXIST = 0x27, +- kSE05x_P2_DELETE_OBJECT = 0x28, +- kSE05x_P2_DELETE_ALL = 0x2A, +- kSE05x_P2_SESSION_UserID = 0x2C, +- kSE05x_P2_HKDF = 0x2D, +- kSE05x_P2_PBKDF = 0x2E, +- /* Applet >= 4.4 */ +- kSE05x_P2_HKDF_EXPAND_ONLY = 0x2F, +- kSE05x_P2_I2CM = 0x30, +- kSE05x_P2_I2CM_ATTESTED = 0x31, +- kSE05x_P2_MAC = 0x32, +- kSE05x_P2_UNLOCK_CHALLENGE = 0x33, +- kSE05x_P2_CURVE_LIST = 0x34, +- kSE05x_P2_SIGN_ECDAA = 0x35, +- kSE05x_P2_ID = 0x36, +- kSE05x_P2_ENCRYPT_ONESHOT = 0x37, +- kSE05x_P2_DECRYPT_ONESHOT = 0x38, +- kSE05x_P2_ATTEST = 0x3A, +- kSE05x_P2_ATTRIBUTES = 0x3B, +- kSE05x_P2_CPLC = 0x3C, +- kSE05x_P2_TIME = 0x3D, +- kSE05x_P2_TRANSPORT = 0x3E, +- kSE05x_P2_VARIANT = 0x3F, +- kSE05x_P2_PARAM = 0x40, +- kSE05x_P2_DELETE_CURVE = 0x41, +- kSE05x_P2_ENCRYPT = 0x42, +- kSE05x_P2_DECRYPT = 0x43, +- kSE05x_P2_VALIDATE = 0x44, +- kSE05x_P2_GENERATE_ONESHOT = 0x45, +- kSE05x_P2_VALIDATE_ONESHOT = 0x46, +- kSE05x_P2_CRYPTO_LIST = 0x47, +- kSE05x_P2_RANDOM = 0x49, +- kSE05x_P2_TLS_PMS = 0x4A, +- kSE05x_P2_TLS_PRF_CLI_HELLO = 0x4B, +- kSE05x_P2_TLS_PRF_SRV_HELLO = 0x4C, +- kSE05x_P2_TLS_PRF_CLI_RND = 0x4D, +- kSE05x_P2_TLS_PRF_SRV_RND = 0x4E, +- kSE05x_P2_TLS_PRF_BOTH = 0x5A, +- kSE05x_P2_RAW = 0x4F, +- kSE05x_P2_IMPORT_EXT = 0x51, +- kSE05x_P2_SCP = 0x52, +- kSE05x_P2_AUTH_FIRST_PART1 = 0x53, +- kSE05x_P2_AUTH_NONFIRST_PART1 = 0x54, +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- kSE05x_P2_CM_COMMAND = 0x55, +- kSE05x_P2_MODE_OF_OPERATION = 0x56, +- kSE05x_P2_RESTRICT = 0x57, +- kSE05x_P2_SANITY = 0x58, +- kSE05x_P2_DH_REVERSE = 0x59, +- kSE05x_P2_READ_STATE = 0x5B +-#endif +-} SE05x_P2_t; +- +- +-/** Data for available memory */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_MemoryType_NA = 0, +- /** Persistent memory */ +- kSE05x_MemoryType_PERSISTENT = 0x01, +- /** Transient memory, clear on reset */ +- kSE05x_MemoryType_TRANSIENT_RESET = 0x02, +- /** Transient memory, clear on deselect */ +- kSE05x_MemoryType_TRANSIENT_DESELECT = 0x03, +-} SE05x_MemoryType_t; +- +-/** Where was this object originated */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_Origin_NA = 0, +- /** Generated outside the module. */ +- kSE05x_Origin_EXTERNAL = 0x01, +- /** Generated inside the module. */ +- kSE05x_Origin_INTERNAL = 0x02, +- /** Trust provisioned by NXP */ +- kSE05x_Origin_PROVISIONED = 0x03, +-} SE05x_Origin_t; +- +-/** Different TAG Values to talk to SE05X IoT Applet */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_TAG_NA = 0, +- kSE05x_TAG_SESSION_ID = 0x10, +- kSE05x_TAG_POLICY = 0x11, +- kSE05x_TAG_MAX_ATTEMPTS = 0x12, +- kSE05x_TAG_IMPORT_AUTH_DATA = 0x13, +- kSE05x_TAG_IMPORT_AUTH_KEY_ID = 0x14, +- kSE05x_TAG_POLICY_CHECK = 0x15, +- kSE05x_TAG_1 = 0x41, +- kSE05x_TAG_2 = 0x42, +- kSE05x_TAG_3 = 0x43, +- kSE05x_TAG_4 = 0x44, +- kSE05x_TAG_5 = 0x45, +- kSE05x_TAG_6 = 0x46, +- kSE05x_TAG_7 = 0x47, +- kSE05x_TAG_8 = 0x48, +- kSE05x_TAG_9 = 0x49, +- kSE05x_TAG_10 = 0x4A, +- kSE05x_TAG_11 = 0x4B, +- kSE05x_GP_TAG_CONTRL_REF_PARM = 0xA6, +- kSE05x_GP_TAG_AID = 0x4F, +- kSE05x_GP_TAG_KEY_TYPE = 0x80, +- kSE05x_GP_TAG_KEY_LEN = 0x81, +- kSE05x_GP_TAG_GET_DATA = 0x83, +- kSE05x_GP_TAG_DR_SE = 0x85, +- kSE05x_GP_TAG_RECEIPT = 0x86, +- kSE05x_GP_TAG_SCP_PARMS = 0x90, +-} SE05x_TAG_t; +- +-#ifndef __DOXYGEN__ +-#define kSE05x_TAG_GP_CONTRL_REF_PARM kSE05x_GP_TAG_CONTRL_REF_PARM +-#endif +- +-/** Different signature algorithms for EC */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_ECSignatureAlgo_NA = 0, +- /** NOT SUPPORTED */ +- kSE05x_ECSignatureAlgo_PLAIN = 0x09, +- kSE05x_ECSignatureAlgo_SHA = 0x11, +- kSE05x_ECSignatureAlgo_SHA_224 = 0x25, +- kSE05x_ECSignatureAlgo_SHA_256 = 0x21, +- kSE05x_ECSignatureAlgo_SHA_384 = 0x22, +- kSE05x_ECSignatureAlgo_SHA_512 = 0x26, +-} SE05x_ECSignatureAlgo_t; +- +-/** Different signature algorithms for ED */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_EDSignatureAlgo_NA = 0, +- /** Message input must be plain Data. Pure EDDSA algorithm */ +- kSE05x_EDSignatureAlgo_ED25519PURE_SHA_512 = 0xA3, +-} SE05x_EDSignatureAlgo_t; +- +-/** Different signature algorithms for ECDAA */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_ECDAASignatureAlgo_NA = 0, +- /** Message input must be pre-hashed (using SHA256) */ +- kSE05x_ECDAASignatureAlgo_ECDAA = 0xF4, +-} SE05x_ECDAASignatureAlgo_t; +- +-/** Different signature algorithms for RSA */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_RSASignatureAlgo_NA = 0, +- /** RFC8017: RSASSA-PSS */ +- kSE05x_RSASignatureAlgo_SHA1_PKCS1_PSS = 0x15, +- /** RFC8017: RSASSA-PSS */ +- kSE05x_RSASignatureAlgo_SHA224_PKCS1_PSS = 0x2B, +- /** RFC8017: RSASSA-PSS */ +- kSE05x_RSASignatureAlgo_SHA256_PKCS1_PSS = 0x2C, +- /** RFC8017: RSASSA-PSS */ +- kSE05x_RSASignatureAlgo_SHA384_PKCS1_PSS = 0x2D, +- /** RFC8017: RSASSA-PSS */ +- kSE05x_RSASignatureAlgo_SHA512_PKCS1_PSS = 0x2E, +- /** RFC8017: RSASSA-PKCS1-v1_5 */ +- kSE05x_RSASignatureAlgo_SHA1_PKCS1 = 0x0A, +- /** RFC8017: RSASSA-PKCS1-v1_5 */ +- kSE05x_RSASignatureAlgo_SHA_224_PKCS1 = 0x27, +- /** RFC8017: RSASSA-PKCS1-v1_5 */ +- kSE05x_RSASignatureAlgo_SHA_256_PKCS1 = 0x28, +- /** RFC8017: RSASSA-PKCS1-v1_5 */ +- kSE05x_RSASignatureAlgo_SHA_384_PKCS1 = 0x29, +- /** RFC8017: RSASSA-PKCS1-v1_5 */ +- kSE05x_RSASignatureAlgo_SHA_512_PKCS1 = 0x2A, +-} SE05x_RSASignatureAlgo_t; +- +-/** Different encryption/decryption algorithms for RSA */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_RSAEncryptionAlgo_NA = 0, +- /** Plain RSA, padding required on host. */ +- kSE05x_RSAEncryptionAlgo_NO_PAD = 0x0C, +- /** RFC8017: RSAES-PKCS1-v1_5 */ +- kSE05x_RSAEncryptionAlgo_PKCS1 = 0x0A, +- /** RFC8017: RSAES-OAEP */ +- kSE05x_RSAEncryptionAlgo_PKCS1_OAEP = 0x0F, +-} SE05x_RSAEncryptionAlgo_t; +- +-/** Size of RSA Key Objects */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_RSABitLength_NA = 0, +- kSE05x_RSABitLength_512 = 512, +- kSE05x_RSABitLength_1024 = 1024, +- kSE05x_RSABitLength_1152 = 1152, +- kSE05x_RSABitLength_2048 = 2048, +- kSE05x_RSABitLength_3072 = 3072, +- kSE05x_RSABitLength_4096 = 4096, +-} SE05x_RSABitLength_t; +- +-/** Part of the RSA Key Objects */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_RSAKeyComponent_NA = 0xFF, +- /** Modulus */ +- kSE05x_RSAKeyComponent_MOD = 0x00, +- /** Public key exponent */ +- kSE05x_RSAKeyComponent_PUB_EXP = 0x01, +- /** Private key exponent */ +- kSE05x_RSAKeyComponent_PRIV_EXP = 0x02, +- /** CRT component p */ +- kSE05x_RSAKeyComponent_P = 0x03, +- /** CRT component q */ +- kSE05x_RSAKeyComponent_Q = 0x04, +- /** CRT component dp */ +- kSE05x_RSAKeyComponent_DP = 0x05, +- /** CRT component dq */ +- kSE05x_RSAKeyComponent_DQ = 0x06, +- /** CRT component q_inv */ +- kSE05x_RSAKeyComponent_INVQ = 0x07, +-} SE05x_RSAKeyComponent_t; +- +-/** Hashing/Digest algorithms */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_DigestMode_NA = 0, +- kSE05x_DigestMode_NO_HASH = 0x00, +- kSE05x_DigestMode_SHA = 0x01, +- /** Not supported */ +- kSE05x_DigestMode_SHA224 = 0x07, +- kSE05x_DigestMode_SHA256 = 0x04, +- kSE05x_DigestMode_SHA384 = 0x05, +- kSE05x_DigestMode_SHA512 = 0x06, +-} SE05x_DigestMode_t; +- +-/** HMAC/CMAC Algorithms */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_MACAlgo_NA = 0, +- kSE05x_MACAlgo_HMAC_SHA1 = 0x18, +- kSE05x_MACAlgo_HMAC_SHA256 = 0x19, +- kSE05x_MACAlgo_HMAC_SHA384 = 0x1A, +- kSE05x_MACAlgo_HMAC_SHA512 = 0x1B, +- kSE05x_MACAlgo_CMAC_128 = 0x31, +-} SE05x_MACAlgo_t; +- +-/** AEAD Algorithms */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_AeadAlgo_NA = 0, +- kSE05x_AeadGCMAlgo = 0xB0, +- kSE05x_AeadGCM_IVAlgo = 0xF3, +- kSE05x_AeadCCMAlgo = 0xF4, +-} SE05x_AeadAlgo_t; +- +-/** HKDF Mode */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_HkdfMode_NA = 0x00, +- kSE05x_HkdfMode_ExtractExpand = 0x01, +- kSE05x_HkdfMode_ExpandOnly = 0x02, +-} SE05x_HkdfMode_t; +- +-/** ECC Curve Identifiers */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_ECCurve_NA = 0x00, +- kSE05x_ECCurve_NIST_P192 = 0x01, +- kSE05x_ECCurve_NIST_P224 = 0x02, +- kSE05x_ECCurve_NIST_P256 = 0x03, +- kSE05x_ECCurve_NIST_P384 = 0x04, +- kSE05x_ECCurve_NIST_P521 = 0x05, +- kSE05x_ECCurve_Brainpool160 = 0x06, +- kSE05x_ECCurve_Brainpool192 = 0x07, +- kSE05x_ECCurve_Brainpool224 = 0x08, +- kSE05x_ECCurve_Brainpool256 = 0x09, +- kSE05x_ECCurve_Brainpool320 = 0x0A, +- kSE05x_ECCurve_Brainpool384 = 0x0B, +- kSE05x_ECCurve_Brainpool512 = 0x0C, +- kSE05x_ECCurve_Secp160k1 = 0x0D, +- kSE05x_ECCurve_Secp192k1 = 0x0E, +- kSE05x_ECCurve_Secp224k1 = 0x0F, +- kSE05x_ECCurve_Secp256k1 = 0x10, +- kSE05x_ECCurve_TPM_ECC_BN_P256 = 0x11, +- /** Not Weierstrass */ +- kSE05x_ECCurve_ECC_ED_25519 = 0x40, +- kSE05x_ECCurve_ECC_MONT_DH_25519 = 0x41, +- /** Not Weierstrass */ +- kSE05x_ECCurve_ECC_MONT_DH_448 = 0x43, +-} SE05x_ECCurve_t; +- +-#ifndef __DOXYGEN__ +- +-/** Same as kSE05x_ECCurve_TPM_ECC_BN_P256 */ +-#define kSE05x_ECCurve_RESERVED_ID_ECC_ED_25519 kSE05x_ECCurve_ECC_ED_25519 +-#define kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_25519 kSE05x_ECCurve_ECC_MONT_DH_25519 +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-#define kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_448 kSE05x_ECCurve_ECC_MONT_DH_448 +-#endif +-#define kSE05x_ECCurve_Total_Weierstrass_Curves kSE05x_ECCurve_TPM_ECC_BN_P256 +-#endif +- +-/** Parameters while setting the curve */ +-typedef enum +-{ /** Invalid */ +- kSE05x_ECCurveParam_NA = 0, +- kSE05x_ECCurveParam_PARAM_A = 0x01, +- kSE05x_ECCurveParam_PARAM_B = 0x02, +- kSE05x_ECCurveParam_PARAM_G = 0x04, +- kSE05x_ECCurveParam_PARAM_N = 0x08, +- kSE05x_ECCurveParam_PARAM_PRIME = 0x10, +-} SE05x_ECCurveParam_t; +- +-/** Symmetric cipher modes */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_CipherMode_NA = 0, +- /** Typically using DESKey identifiers */ +- kSE05x_CipherMode_DES_CBC_NOPAD = 0x01, +- /** Typically using DESKey identifiers */ +- kSE05x_CipherMode_DES_CBC_ISO9797_M1 = 0x02, +- /** Typically using DESKey identifiers */ +- kSE05x_CipherMode_DES_CBC_ISO9797_M2 = 0x03, +- /** NOT SUPPORTED */ +- kSE05x_CipherMode_DES_CBC_PKCS5 = 0x04, +- /** Typically using DESKey identifiers */ +- kSE05x_CipherMode_DES_ECB_NOPAD = 0x05, +- /** NOT SUPPORTED */ +- kSE05x_CipherMode_DES_ECB_ISO9797_M1 = 0x06, +- /** NOT SUPPORTED */ +- kSE05x_CipherMode_DES_ECB_ISO9797_M2 = 0x07, +- /** NOT SUPPORTED */ +- kSE05x_CipherMode_DES_ECB_PKCS5 = 0x08, +- /** Typically using AESKey identifiers */ +- kSE05x_CipherMode_AES_ECB_NOPAD = 0x0E, +- /** Typically using AESKey identifiers */ +- kSE05x_CipherMode_AES_CBC_NOPAD = 0x0D, +- /** Typically using AESKey identifiers */ +- kSE05x_CipherMode_AES_CBC_ISO9797_M1 = 0x16, +- /** Typically using AESKey identifiers */ +- kSE05x_CipherMode_AES_CBC_ISO9797_M2 = 0x17, +- /** NOT SUPPORTED */ +- kSE05x_CipherMode_AES_CBC_PKCS5 = 0x18, +- /** Typically using AEAD GCM mode */ +- kSE05x_CipherMode_AES_GCM = 0xB0, +- /** Typically using AESKey identifiers */ +- kSE05x_CipherMode_AES_CTR = 0xF0, +- /** Typically using AEAD GCM with internal IV Gen */ +- kSE05x_CipherMode_AES_GCM_INT_IV = 0xF3, +- /** Typically using AEAD CCM mode */ +- kSE05x_CipherMode_AES_CCM = 0xF4, +-} SE05x_CipherMode_t; +- +-/** Features which are available / enabled in the Applet */ +-typedef enum { +- /** Invalid */ +- kSE05x_AppletConfig_NA = 0, +- /** Use of curve TPM_ECC_BN_P256 */ +- kSE05x_AppletConfig_ECDAA = 0x0001, +- /** EC DSA and DH support */ +- kSE05x_AppletConfig_ECDSA_ECDH_ECDHE = 0x0002, +- /** Use of curve RESERVED_ID_ECC_ED_25519 */ +- kSE05x_AppletConfig_EDDSA = 0x0004, +- /** Use of curve RESERVED_ID_ECC_MONT_DH_25519 */ +- kSE05x_AppletConfig_DH_MONT = 0x0008, +- /** Writing HMACKey objects */ +- kSE05x_AppletConfig_HMAC = 0x0010, +- /** Writing RSAKey objects */ +- kSE05x_AppletConfig_RSA_PLAIN = 0x0020, +- /** Writing RSAKey objects */ +- kSE05x_AppletConfig_RSA_CRT = 0x0040, +- /** Writing AESKey objects */ +- kSE05x_AppletConfig_AES = 0x0080, +- /** Writing DESKey objects */ +- kSE05x_AppletConfig_DES = 0x0100, +- /** PBKDF2 */ +- kSE05x_AppletConfig_PBKDF = 0x0200, +- /** TLS Handshake support commands (see 4.16) in APDU Spec*/ +- kSE05x_AppletConfig_TLS = 0x0400, +- /** Mifare DESFire support (see 4.15) in APDU Spec*/ +- kSE05x_AppletConfig_MIFARE = 0x0800, +- /** RFU1 */ +- kSE05x_AppletConfig_RFU1 = 0x1000, +- /** I2C Master support (see 4.17) in APDU Spec*/ +- kSE05x_AppletConfig_I2CM = 0x2000, +- /** RFU2 */ +- kSE05x_AppletConfig_RFU2 = 0x4000, +-} SE05x_AppletConfig_t; +- +-/** Transient / Persistent lock */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_LockIndicator_NA = 0, +- kSE05x_LockIndicator_TRANSIENT_LOCK = 0x01, +- kSE05x_LockIndicator_PERSISTENT_LOCK = 0x02, +-} SE05x_LockIndicator_t; +- +-/** +- * Applet >= 4.4 +- * +- * See @ref Se05x_API_DisableObjCreation */ +-typedef enum +-{ +- kSE05x_RestrictMode_NA = 0, +- kSE05x_RestrictMode_RESTRICT_NEW = 0x01, +- kSE05x_RestrictMode_RESTRICT_ALL = 0x02, +-} SE05x_RestrictMode_t; +- +-/** +- * Lock the sample (until unlocked ) +- */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_LockState_NA = 0, +- kSE05x_LockState_LOCKED = 0x01, +- // kSE05x_LockState_UNLOCKED = Any except 0x01, +-} SE05x_LockState_t; +- +-/** Cryptographic context for operation */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_CryptoContext_NA = 0, +- /** For DigestInit/DigestUpdate/DigestFinal */ +- kSE05x_CryptoContext_DIGEST = 0x01, +- /** For CipherInit/CipherUpdate/CipherFinal */ +- kSE05x_CryptoContext_CIPHER = 0x02, +- /** For MACInit/MACUpdate/MACFinal */ +- kSE05x_CryptoContext_SIGNATURE = 0x03, +- /** For AEADInit/AEADUpdate/AEADFinal */ +- kSE05x_CryptoContext_AEAD = 0x04, +-} SE05x_CryptoContext_t; +- +-/** Result of operations */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_Result_NA = 0, +- kSE05x_Result_SUCCESS = 0x01, +- kSE05x_Result_FAILURE = 0x02, +-} SE05x_Result_t; +- +-/** Whether object is transient or persistent */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_TransientIndicator_NA = 0, +- kSE05x_TransientIndicator_PERSISTENT = 0x01, +- kSE05x_TransientIndicator_TRANSIENT = 0x02, +-} SE05x_TransientIndicator_t; +- +-/** Whether object attribute is set */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_SetIndicator_NA = 0, +- kSE05x_SetIndicator_NOT_SET = 0x01, +- kSE05x_SetIndicator_SET = 0x02, +-} SE05x_SetIndicator_t; +- +-/** When there are more entries yet to be fetched from few of the APIs */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_MoreIndicator_NA = 0, +- /** No more data available */ +- kSE05x_MoreIndicator_NO_MORE = 0x01, +- /** More data available */ +- kSE05x_MoreIndicator_MORE = 0x02, +-} SE05x_MoreIndicator_t; +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-/** Health check */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_HealthCheckMode_NA = 0, +- /** Performs all on-demand self-tests. Can only be done when +- * the module is in FIPS mode. When the test fails, the chip +- * goes into TERMINATED state. */ +- kSE05x_HealthCheckMode_FIPS = 0xF906, +- /** Performs ROM integrity checks. When the test fails, the chip +- * triggers the attack counter and the chip will reset. */ +- kSE05x_HealthCheckMode_CODE_SIGNATURE = 0xFE01, +- /** Performs flash integrity tests. When the test fails, the chip +- * triggers the attack counter and the chip will reset. */ +- kSE05x_HealthCheckMode_DYNAMIC_FLASH_INTEGRITY = 0xFD02, +- /** Performs tests on the active shield protection of the +- * hardware. When the test fails, the chip triggers the attack +- * counter and the chip will reset. */ +- kSE05x_HealthCheckMode_SHIELDING = 0xFB04, +- /** Performs self-tests on hardware sensors and reports the +- * status. */ +- kSE05x_HealthCheckMode_SENSOR = 0xFA05, +- /** Performs self-tests on the hardware registers. When the test +- * fails, the chip triggers the attack counter and the chip will +- * reset. */ +- kSE05x_HealthCheckMode_SFR_CHECK = 0xFC03, +-} SE05x_HealthCheckMode_t; +-#endif +- +-/** Mandate platform SCP or not */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_PlatformSCPRequest_NA = 0, +- /** Platform SCP is required (full enc & MAC) */ +- kSE05x_PlatformSCPRequest_REQUIRED = 0x01, +- /** No platform SCP required. */ +- kSE05x_PlatformSCPRequest_NOT_REQUIRED = 0x02, +-} SE05x_PlatformSCPRequest_t; +- +-/** Crypto object identifiers */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_CryptoObject_NA = 0, +- kSE05x_CryptoObject_DIGEST_SHA, +- kSE05x_CryptoObject_DIGEST_SHA224, +- kSE05x_CryptoObject_DIGEST_SHA256, +- kSE05x_CryptoObject_DIGEST_SHA384, +- kSE05x_CryptoObject_DIGEST_SHA512, +- kSE05x_CryptoObject_DES_CBC_NOPAD, +- kSE05x_CryptoObject_DES_CBC_ISO9797_M1, +- kSE05x_CryptoObject_DES_CBC_ISO9797_M2, +- kSE05x_CryptoObject_DES_CBC_PKCS5, +- kSE05x_CryptoObject_DES_ECB_NOPAD, +- kSE05x_CryptoObject_DES_ECB_ISO9797_M1, +- kSE05x_CryptoObject_DES_ECB_ISO9797_M2, +- kSE05x_CryptoObject_DES_ECB_PKCS5, +- kSE05x_CryptoObject_AES_ECB_NOPAD, +- kSE05x_CryptoObject_AES_CBC_NOPAD, +- kSE05x_CryptoObject_AES_CBC_ISO9797_M1, +- kSE05x_CryptoObject_AES_CBC_ISO9797_M2, +- kSE05x_CryptoObject_AES_CBC_PKCS5, +- kSE05x_CryptoObject_AES_CTR, +- kSE05x_CryptoObject_HMAC_SHA1, +- kSE05x_CryptoObject_HMAC_SHA256, +- kSE05x_CryptoObject_HMAC_SHA384, +- kSE05x_CryptoObject_HMAC_SHA512, +- kSE05x_CryptoObject_CMAC_128, +- kSE05x_CryptoObject_AES_GCM, +- kSE05x_CryptoObject_AES_GCM_INT_IV, +- kSE05x_CryptoObject_AES_CCM, +-} SE05x_CryptoObject_t; +- +-/** @copydoc SE05x_CryptoObject_t */ +-#define SE05x_CryptoObjectID_t SE05x_CryptoObject_t +- +-/** Maximum number of session supported by SE050 */ +-#define SE050_MAX_NUMBER_OF_SESSIONS 2 +-/** Maximum number of session supported by SE050 */ +-#define SE050_OBJECT_IDENTIFIER_SIZE 4 +-/** How many bytes can be used for buffer for I2C Master interface */ +-#define SE050_MAX_I2CM_COMMAND_LENGTH 255 +-/** +- * the maximum APDU payload length will be smaller, depending on which protocol applies, etc. +- */ +-#define SE050_MAX_APDU_PAYLOAD_LENGTH 892 +-//#define SE050_DEFAULT_MAX_ATTEMPTS 10 +- +-/** 3 MSBit for instruction characteristics. */ +-#define SE050_INS_MASK_INS_CHAR 0xE0 +-/** 5 LSBit for instruction */ +-#define SE050_INS_MASK_INSTRUCTION 0x1F +- +-/** Type of Object */ +-typedef enum +-{ +- /** */ +- kSE05x_SecObjTyp_EC_KEY_PAIR = 0x01, +- /** */ +- kSE05x_SecObjTyp_EC_PRIV_KEY = 0x02, +- /** */ +- kSE05x_SecObjTyp_EC_PUB_KEY = 0x03, +- /** */ +- kSE05x_SecObjTyp_RSA_KEY_PAIR = 0x04, +- /** */ +- kSE05x_SecObjTyp_RSA_KEY_PAIR_CRT = 0x05, +- /** */ +- kSE05x_SecObjTyp_RSA_PRIV_KEY = 0x06, +- /** */ +- kSE05x_SecObjTyp_RSA_PRIV_KEY_CRT = 0x07, +- /** */ +- kSE05x_SecObjTyp_RSA_PUB_KEY = 0x08, +- /** */ +- kSE05x_SecObjTyp_AES_KEY = 0x09, +- /** */ +- kSE05x_SecObjTyp_DES_KEY = 0x0A, +- /** */ +- kSE05x_SecObjTyp_BINARY_FILE = 0x0B, +- /** */ +- kSE05x_SecObjTyp_UserID = 0x0C, +- /** */ +- kSE05x_SecObjTyp_COUNTER = 0x0D, +- /** */ +- kSE05x_SecObjTyp_PCR = 0x0F, +- /** */ +- kSE05x_SecObjTyp_CURVE = 0x10, +- /** */ +- kSE05x_SecObjTyp_HMAC_KEY = 0x11, +-} SE05x_SecObjTyp_t; +- +-/** @copydoc SE05x_SecObjTyp_t */ +-typedef SE05x_SecObjTyp_t SE05x_SecureObjectType_t; +- +-/** Type of memory. Used when we query available free size */ +-typedef enum +-{ +- /** Transient memory, clear on reset */ +- kSE05x_MemTyp_TRANSIENT_RESET = 0x01, +- /** Transient memory, clear on deselect */ +- kSE05x_MemTyp_TRANSIENT_DESELECT = 0x02, +- /** Persistent memory */ +- kSE05x_MemTyp_PERSISTENT = 0x03, +-} SE05x_MemTyp_t; +- +-/** Algorithms for RSA Signature */ +-typedef enum +-{ +- /** Invalid */ +- kSE05x_RSASignAlgo_NA = 0, +- /** RFC8017: RSASSA-PSS */ +- kSE05x_RSASignAlgo_SHA1_PKCS1_PSS = 0x15, +- /** RFC8017: RSASSA-PSS */ +- kSE05x_RSASignAlgo_SHA224_PKCS1_PSS = 0x2B, +- /** RFC8017: RSASSA-PSS */ +- kSE05x_RSASignAlgo_SHA256_PKCS1_PSS = 0x2C, +- /** RFC8017: RSASSA-PSS */ +- kSE05x_RSASignAlgo_SHA384_PKCS1_PSS = 0x2D, +- /** RFC8017: RSASSA-PSS */ +- kSE05x_RSASignAlgo_SHA512_PKCS1_PSS = 0x2E, +- /** RFC8017: RSASSA-PKCS1-v1_5 */ +- kSE05x_RSASignAlgo_SHA_224_PKCS1 = 0x27, +- /** RFC8017: RSASSA-PKCS1-v1_5 */ +- kSE05x_RSASignAlgo_SHA_256_PKCS1 = 0x28, +- /** RFC8017: RSASSA-PKCS1-v1_5 */ +- kSE05x_RSASignAlgo_SHA_384_PKCS1 = 0x29, +- /** RFC8017: RSASSA-PKCS1-v1_5 */ +- kSE05x_RSASignAlgo_SHA_512_PKCS1 = 0x2A, +-} SE05x_RSASignAlgo_t; +- +-// typedef enum +-// { +-// /** Plain RSA, padding required on host. */ +-// kSE05x_RSAEncrAlgo_NO_PAD = 0x0C, +-// * RFC8017: RSAES-PKCS1-v1_5 +-// kSE05x_RSAEncrAlgo_PKCS1 = 0x0A, +-// /** RFC8017: RSAES-OAEP */ +-// kSE05x_RSAEncrAlgo_PKCS1_OAEP = 0x0F, +-// } SE05x_RSAEncrAlgo_t; +- +-/** Public part of RSA Keys */ +-typedef enum +-{ +- kSE05x_RSAPubKeyComp_NA = 0, +- kSE05x_RSAPubKeyComp_MOD = kSE05x_RSAKeyComponent_MOD, +- kSE05x_RSAPubKeyComp_PUB_EXP = kSE05x_RSAKeyComponent_PUB_EXP, +-} SE05x_RSAPubKeyComp_t; +- +-/** Cyrpto module subtype */ +-typedef union { +- /** In case it's digest */ +- SE05x_DigestMode_t digest; +- /** In case it's cipher */ +- SE05x_CipherMode_t cipher; +- /** In case it's mac */ +- SE05x_MACAlgo_t mac; +- /** In case it's aead */ +- SE05x_AeadAlgo_t aead; +- /** Accessing 8 bit value for APDUs */ +- uint8_t union_8bit; +-} SE05x_CryptoModeSubType_t; +- +-/** @addtogroup se050_i2cm +- * +- * @{ +- */ +-/** @brief I2C Master micro operation */ +-typedef enum +-{ +- kSE05x_TAG_I2CM_Config = 0x01, +- kSE05x_TAG_I2CM_Write = 0x03, +- kSE05x_TAG_I2CM_Read = 0x04, +-} SE05x_I2CM_TAG_t; +- +-/*! +-*@} +-*/ /* end of se050_i2cm */ +- +-/** Whether key is transient of persistent */ +-typedef enum +-{ +- kSE05x_TransientType_Persistent = 0, +- kSE05x_TransientType_Transient = kSE05x_INS_TRANSIENT, +-} SE05x_TransientType_t; +- +-/** Part of the asymmetric key */ +-typedef enum +-{ +- kSE05x_KeyPart_NA = kSE05x_P1_DEFAULT, +- /** Key pair (private key + public key) */ +- kSE05x_KeyPart_Pair = kSE05x_P1_KEY_PAIR, +- /** Private key */ +- kSE05x_KeyPart_Private = kSE05x_P1_PRIVATE, +- /** Public key */ +- kSE05x_KeyPart_Public = kSE05x_P1_PUBLIC, +-} SE05x_KeyPart_t; +- +-/** Cipher Operation. +- * +- * Encrypt or decrypt */ +-typedef enum +-{ +- kSE05x_Cipher_Oper_NA = 0, +- kSE05x_Cipher_Oper_Encrypt = kSE05x_P2_ENCRYPT, +- kSE05x_Cipher_Oper_Decrypt = kSE05x_P2_DECRYPT, +-} SE05x_Cipher_Oper_t; +- +-/** One Shot operations helper */ +-typedef enum +-{ +- kSE05x_Cipher_Oper_OneShot_NA = 0, +- kSE05x_Cipher_Oper_OneShot_Encrypt = kSE05x_P2_ENCRYPT_ONESHOT, +- kSE05x_Cipher_Oper_OneShot_Decrypt = kSE05x_P2_DECRYPT_ONESHOT, +-} SE05x_Cipher_Oper_OneShot_t; +- +-/** MAC operations */ +-typedef enum +-{ +- kSE05x_Mac_Oper_NA = 0, +- kSE05x_Mac_Oper_Generate = kSE05x_P2_GENERATE, +- kSE05x_Mac_Oper_Validate = kSE05x_P2_VALIDATE, +-} SE05x_Mac_Oper_t; +- +-/** In case the read is attested */ +-typedef enum +-{ +- kSE05x_AttestationType_None = 0, +- kSE05x_AttestationType_AUTH = kSE05x_INS_AUTH_OBJECT, +-} SE05x_AttestationType_t; +- +-/** Symmetric keys */ +-typedef enum +-{ +- kSE05x_SymmKeyType_NA = 0, +- kSE05x_SymmKeyType_AES = kSE05x_P1_AES, +- kSE05x_SymmKeyType_DES = kSE05x_P1_DES, +- kSE05x_SymmKeyType_HMAC = kSE05x_P1_HMAC, +- kSE05x_SymmKeyType_CMAC = kSE05x_P1_AES, +-} SE05x_SymmKeyType_t; +- +-/** @copydoc SE05x_AppletConfig_t */ +-typedef SE05x_AppletConfig_t SE05x_Variant_t; +- +-/** TLS Perform PRF */ +-typedef enum +-{ +- kSE05x_TLS_PRF_NA = 0, +- kSE05x_TLS_PRF_CLI_HELLO = kSE05x_P2_TLS_PRF_CLI_HELLO, +- kSE05x_TLS_PRF_SRV_HELLO = kSE05x_P2_TLS_PRF_SRV_HELLO, +- kSE05x_TLS_PRF_CLI_RND = kSE05x_P2_TLS_PRF_CLI_RND, +- kSE05x_TLS_PRF_SRV_RND = kSE05x_P2_TLS_PRF_SRV_RND, +- kSE05x_TLS_PRF_BOTH = kSE05x_P2_TLS_PRF_BOTH, +-} SE05x_TLSPerformPRFType_t; +- +-/** Attestation */ +-typedef enum +-{ +- kSE05x_AttestationAlgo_NA = 0, +- kSE05x_AttestationAlgo_EC_PLAIN = kSE05x_ECSignatureAlgo_PLAIN, +- kSE05x_AttestationAlgo_EC_SHA = kSE05x_ECSignatureAlgo_SHA, +- kSE05x_AttestationAlgo_EC_SHA_224 = kSE05x_ECSignatureAlgo_SHA_224, +- kSE05x_AttestationAlgo_EC_SHA_256 = kSE05x_ECSignatureAlgo_SHA_256, +- kSE05x_AttestationAlgo_EC_SHA_384 = kSE05x_ECSignatureAlgo_SHA_384, +- kSE05x_AttestationAlgo_EC_SHA_512 = kSE05x_ECSignatureAlgo_SHA_512, +- kSE05x_AttestationAlgo_ED25519PURE_SHA_512 = kSE05x_EDSignatureAlgo_ED25519PURE_SHA_512, +- kSE05x_AttestationAlgo_ECDAA = kSE05x_ECDAASignatureAlgo_ECDAA, +- kSE05x_AttestationAlgo_RSA_SHA1_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA1_PKCS1_PSS, +- kSE05x_AttestationAlgo_RSA_SHA224_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA224_PKCS1_PSS, +- kSE05x_AttestationAlgo_RSA_SHA256_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA256_PKCS1_PSS, +- kSE05x_AttestationAlgo_RSA_SHA384_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA384_PKCS1_PSS, +- kSE05x_AttestationAlgo_RSA_SHA512_PKCS1_PSS = kSE05x_RSASignatureAlgo_SHA512_PKCS1_PSS, +- kSE05x_AttestationAlgo_RSA_SHA_224_PKCS1 = kSE05x_RSASignatureAlgo_SHA_224_PKCS1, +- kSE05x_AttestationAlgo_RSA_SHA_256_PKCS1 = kSE05x_RSASignatureAlgo_SHA_256_PKCS1, +- kSE05x_AttestationAlgo_RSA_SHA_384_PKCS1 = kSE05x_RSASignatureAlgo_SHA_384_PKCS1, +- kSE05x_AttestationAlgo_RSA_SHA_512_PKCS1 = kSE05x_RSASignatureAlgo_SHA_512_PKCS1, +- +-} SE05x_AttestationAlgo_t; +- +-/** RSA Key format */ +-typedef enum +-{ +- kSE05x_RSAKeyFormat_CRT = kSE05x_P2_DEFAULT, +- kSE05x_RSAKeyFormat_RAW = kSE05x_P2_RAW, +-} SE05x_RSAKeyFormat_t; +- +-/** @copydoc SE05x_MACAlgo_t */ +-typedef SE05x_MACAlgo_t SE05x_MacOperation_t; +- +-/** SE05X's key IDs */ +-typedef uint32_t SE05x_KeyID_t; +-/** Case when there is no KEK */ +-#define SE05x_KeyID_KEK_NONE 0 +- +-/** [Optional: if the authentication key is the same as the key to be replaced, this TAG should not be present]. */ +-#define SE05x_KeyID_MFDF_NONE 0 +- +-/** SE05X key's max attempts */ +-typedef uint16_t SE05x_MaxAttemps_t; +-/** Fall back to applet default */ +-#define SE05x_MaxAttemps_UNLIMITED 0 +-/** Identify in code that this is not an AUTH object and hence not applicable */ +-#define SE05x_MaxAttemps_NA 0 +- +-/** When we want to read with attestation */ +-#define kSE05x_INS_READ_With_Attestation (kSE05x_INS_READ | kSE05x_INS_ATTEST) +- +-/** When we want to read I2CM Data with attestation */ +-#define kSE05x_INS_I2CM_Attestation (kSE05x_INS_CRYPTO | kSE05x_INS_ATTEST) +- +-#ifndef __DOXYGEN__ +-/* RSA Helper Macros to make code little more readable */ +-#define SE05X_RSA_NO_p /* Skip */ NULL, 0 +-#define SE05X_RSA_NO_q /* Skip */ NULL, 0 +-#define SE05X_RSA_NO_dp /* Skip */ NULL, 0 +-#define SE05X_RSA_NO_dq /* Skip */ NULL, 0 +-#define SE05X_RSA_NO_qInv /* Skip */ NULL, 0 +-#define SE05X_RSA_NO_pubExp /* Skip */ NULL, 0 +-#define SE05X_RSA_NO_priv /* Skip */ NULL, 0 +-#define SE05X_RSA_NO_pubMod /* Skip */ NULL, 0 +-#endif // __DOXYGEN__ +- +- +-#endif /* SE05x_ENUMS_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ftr.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ftr.h +deleted file mode 100644 +index 95ac4a2eee..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_ftr.h ++++ /dev/null +@@ -1,36 +0,0 @@ +-/* +-* +-* Copyright 2019,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef SE05X_FTR_H +-#define SE05X_FTR_H +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_APPLET_SE05X_IOT +- +-#include +- +-/** @def SE05X_FTR_8BIT_CURVE_ID +- * +- * Curve IDs are 8bit wide. Else, the follow same 32 bit +- * namespace. +- */ +- +-#if APPLET_SE050_VER_MAJOR_MINOR > 10002u +-#define SE05X_FTR_8BIT_CURVE_ID (1) +-#define SE05X_FTR_32BIT_CURVE_ID (0) +-#else +-#define SE05X_FTR_8BIT_CURVE_ID (0) +-#define SE05X_FTR_32BIT_CURVE_ID (1) +-#endif /* APPLET_SE050_VER_MAJOR_MINOR > 10002u */ +- +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +- +-#endif /* SE05X_FTR_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_tlv.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_tlv.h +deleted file mode 100644 +index 3c2158ac8e..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/se05x_tlv.h ++++ /dev/null +@@ -1,370 +0,0 @@ +-/* +-* +-* Copyright 2019,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef SE05X_TLV_H_INC +-#define SE05X_TLV_H_INC +- +-#include +-#include +- +- +-#include "nxLog.h" +-#include "nxScp03_Types.h" +-//#include +- +-// #define VERBOSE_APDU_LOGS 1 +- +- +-#define kSE05x_CLA 0x80 +- +-typedef enum +-{ +- SM_NOT_OK = 0xFFFF, +- SM_OK = 0x9000, +- SM_ERR_CONDITIONS_OF_USE_NOT_SATISFIED = 0x6985, +- SM_ERR_ACCESS_DENIED_BASED_ON_POLICY = 0x6986, +-} smStatus_t; +- +- +-typedef enum +-{ +- CRED_DEFAULT = 0x00, +- CRED_EC = 0x01, +- CRED_RSA = 0x02, +- CRED_AES = 0x03, +- CRED_DES = 0x04, +- CRED_BINARY = 0x05, +- CRED_PIN = 0x06, +- CRED_COUNTER = 0x07, +- CRED_PCR = 0x08, +- CRED_OBJECT = 0x09, +- +- CRED_PUB_EC, +- CRED_PUB_RSA +-} eSE05xType_t; +- +- +-typedef struct +-{ +- uint8_t *se05xTxBuf; +- size_t se05xTxBufLen; +- size_t ws_LC; // With Session LC +- size_t ws_LCW; // With Session LC Width 1 or 3 bytes +- uint8_t *wsSe05x_cmd; // WithSession SE05X command +- size_t wsSe05x_cmdLen; // WithSession SE05X command Length +- size_t wsSe05x_tag1Len; // WithSession SE05X Tag1 len +- size_t wsSe05x_tag1W; // WithSession SE05X Tag1 Width +- uint8_t *wsSe05x_tag1Cmd; // WithSession SE05X Tag1 Command Data +- size_t wsSe05x_tag1CmdLen; // WithSession SE05X Tag1 Command Data Len +- const tlvHeader_t *se05xCmd_hdr; // SE05x Command Header +- size_t se05xCmdLC; // SE05x Command LC +- size_t se05xCmdLCW; // SE05x Command LC width +- uint8_t *se05xCmd; // SE05x Command +- size_t se05xCmdLen; // SE05x Command Length +- uint8_t *dataToMac; +- size_t dataToMacLen; +-} Se05xApdu_t; +- +-struct Se05xSession; +-struct _sss_se05x_tunnel_context; +- +-typedef struct Se05xSession +-{ +- uint8_t value[8]; +- uint8_t hasSession : 1; +- SE_AuthType_t authType; +- /** Meta Funciton +- * +- * Internall first calls fp_Transform +- * Then calls fp_RawTXn +- * Then calls fp_DeCrypt +- */ +- smStatus_t(*fp_TXn)(struct Se05xSession * pSession, +- const tlvHeader_t *hdr, uint8_t *cmdBuf, size_t cmdBufLen, uint8_t *rsp, size_t *rspLen, uint8_t hasle); +- +- /** API called by fp_TXn. Helps handle UserID/Applet/ECKey to transform buffer. +- * +- * But this API never sends any data out over any communication link. */ +- smStatus_t(*fp_Transform)(struct Se05xSession * pSession, +- /** IN */ +- const tlvHeader_t *inHdr, +- /** IN */ +- uint8_t *inCmdBuf, +- /** IN */ +- size_t inCmdBufLen, +- /** OUT: +- * For Session less, +- * For Platform SCP this will be copy of, inHDR, with outHdr[0] = outHdr[0] | 0x04 +- * For Plain Session: Same as inHDR +- * +- * For With Session: +- * This will be with TLV Header for Wrapped Session Command +- */ +- tlvHeader_t *outHdr, +- /** OUT: For Session less, this will be copy of inCmdBuf +- * +- * For session based impelementation, this will have +- * TAG=Session, L=8,V=Session,TAG=TAG1,L=inCmdBufLen,inCmdBuf */ +- uint8_t * pTxBuf, +- /** IN,OUT: */ +- size_t * pTxBufLen, +- /** IN */ +- uint8_t hasle); +- +- /* API called by fp_TXn. Helps handle Applet/Fast SCP to decrypt buffer. +- * +- * But this API never reads any data */ +- smStatus_t(*fp_DeCrypt)(struct Se05xSession * pSession, +- size_t prevCmdBufLen, +- uint8_t *pInRxBuf, +- size_t *pInRxBufLen, +- uint8_t hasle); +-#if SSS_HAVE_APPLET_SE05X_IOT +- /* It's either a minimal/single implemntation that calls smCom_TransceiveRaw() +- * +- * if pTunnelCtx is Null, directly call smCom_TransceiveRaw() +- * +- * Or an API part of tunnel ctx that can do PlatformSCP */ +- smStatus_t (*fp_RawTXn)(void *conn_ctx, +- struct _sss_se05x_tunnel_context *pChannelCtx, +- SE_AuthType_t currAuth, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rsp, +- size_t *rspLen, +- uint8_t hasle); +- +- struct _sss_se05x_tunnel_context * pChannelCtx; +-#endif +-#if SSS_HAVE_SE +- smStatus_t(*fp_Transmit)( +- SE_AuthType_t currAuth, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rsp, +- size_t *rspLen, +- uint8_t hasle); +-#endif +- NXSCP03_DynCtx_t *pdynScp03Ctx; +- +- /**Connection data context */ +- void *conn_ctx; +-} Se05xSession_t; +- +- +-typedef struct +-{ +- uint8_t *value; +- size_t value_len; +-} Se05xPolicy_t; +- +-typedef struct +-{ +- uint8_t ts[12]; +-} SE05x_TimeStamp_t; +- +-typedef struct +-{ +- uint8_t features[30]; +-} SE05x_ExtendedFeatures_t; +- +-typedef struct +-{ +- SE05x_Variant_t variant; +- SE05x_ExtendedFeatures_t *extended_features; +-} Se05x_AppletFeatures_t; +- +-typedef Se05x_AppletFeatures_t *pSe05xAppletFeatures_t; +-typedef Se05xSession_t *pSe05xSession_t; +-typedef Se05xPolicy_t *pSe05xPolicy_t; +- +-#if VERBOSE_APDU_LOGS +-#define DO_LOG_V(TAG, DESCRIPTION, VALUE) nLog("APDU", NX_LEVEL_DEBUG, #TAG " [" DESCRIPTION "] = 0x%X", VALUE); +-#define DO_LOG_A(TAG, DESCRIPTION, ARRAY, ARRAY_LEN) \ +- nLog_au8("APDU", NX_LEVEL_DEBUG, #TAG " [" DESCRIPTION "]", ARRAY, ARRAY_LEN); +-#else +-#define DO_LOG_V(TAG, DESCRIPTION, VALUE) +-#define DO_LOG_A(TAG, DESCRIPTION, ARRAY, ARRAY_LEN) +-#endif +- +-#define TLVSET_Se05xSession(DESCRIPTION, PBUF, PBUFLEN, TAG, SESSIONID) \ +- TLVSET_u8buf(DESCRIPTION, PBUF, PBUFLEN, TAG, SESSIONID->value, sizeof(SESSIONID->value)) +- +-#define TLVSET_Se05xPolicy(DESCRIPTION, PBUF, PBUFLEN, TAG, POLICY) \ +- tlvSet_Se05xPolicy(DESCRIPTION, PBUF, PBUFLEN, TAG, POLICY) +- +-#define TLVSET_U8(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ +- tlvSet_U8(PBUF, PBUFLEN, TAG, VALUE); \ +- DO_LOG_V(TAG, DESCRIPTION, VALUE) +- +-#define TLVSET_U16(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ +- tlvSet_U16(PBUF, PBUFLEN, TAG, VALUE); \ +- DO_LOG_V(TAG, DESCRIPTION, VALUE) +- +-#define TLVSET_U16Optional(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ +- tlvSet_U16Optional(PBUF, PBUFLEN, TAG, VALUE); \ +- DO_LOG_V(TAG, DESCRIPTION, VALUE) +- +-#define TLVSET_U32(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ +- tlvSet_U32(PBUF, PBUFLEN, TAG, VALUE); \ +- DO_LOG_V(TAG, DESCRIPTION, VALUE) +- +-#define TLVSET_U64_SIZE(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE,SIZE) \ +- tlvSet_U64_size(PBUF, PBUFLEN, TAG, VALUE,SIZE); \ +- DO_LOG_V(TAG, DESCRIPTION, VALUE) +- +-#define TLVSET_KeyID(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ +- tlvSet_KeyID(PBUF, PBUFLEN, TAG, VALUE); \ +- DO_LOG_V(TAG, DESCRIPTION, VALUE) +- +-#define TLVSET_MaxAttemps(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ +- tlvSet_MaxAttemps(PBUF, PBUFLEN, TAG, VALUE); \ +- DO_LOG_V(TAG, DESCRIPTION, VALUE) +- +-#define TLVSET_AttestationAlgo TLVSET_U8 +-#define TLVSET_CipherMode TLVSET_U8 +- +-#define TLVSET_ECCurve(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ +- tlvSet_ECCurve(PBUF, PBUFLEN, TAG, VALUE); \ +- DO_LOG_V(TAG, DESCRIPTION, VALUE) +- +-#define TLVSET_ECCurveParam TLVSET_U8 +-#define TLVSET_ECDAASignatureAlgo TLVSET_U8 +-#define TLVSET_ECSignatureAlgo TLVSET_U8 +-#define TLVSET_EDSignatureAlgo TLVSET_U8 +-#define TLVSET_MacOperation TLVSET_U8 +-#define TLVSET_RSAEncryptionAlgo TLVSET_U8 +-#define TLVSET_RSAKeyComponent TLVSET_U8 +-#define TLVSET_RSASignatureAlgo TLVSET_U8 +-#define TLVSET_DigestMode TLVSET_U8 +-#define TLVSET_Variant tlvSet_u8buf_features +-#define TLVSET_RSAPubKeyComp TLVSET_U8 +-#define TLVSET_PlatformSCPRequest TLVSET_U8 +-#define TLVSET_MemoryType TLVSET_U8 +- +-#define TLVSET_CryptoContext TLVSET_U8 +-#define TLVSET_CryptoModeSubType(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) \ +- TLVSET_U8(DESCRIPTION, PBUF, PBUFLEN, TAG, ((VALUE).union_8bit)) +- +-#define TLVSET_CryptoObjectID TLVSET_U16 +- +-// #define TLVSET_pVoid(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) (0) +-// #define tlvGet_pVoid(DESCRIPTION, PBUF, PBUFLEN, TAG, VALUE) (0) +- +-#define TLVSET_u8buf(DESCRIPTION, PBUF, PBUFLEN, TAG, CMD, CMDLEN) \ +- tlvSet_u8buf(PBUF, PBUFLEN, TAG, CMD, CMDLEN); \ +- DO_LOG_A(TAG, DESCRIPTION, CMD, CMDLEN) +- +-#define TLVSET_u8bufOptional(DESCRIPTION, PBUF, PBUFLEN, TAG, CMD, CMDLEN) \ +- tlvSet_u8bufOptional(PBUF, PBUFLEN, TAG, CMD, CMDLEN); \ +- DO_LOG_A(TAG, DESCRIPTION, CMD, CMDLEN) +- +-#define TLVSET_u8bufOptional_ByteShift(DESCRIPTION, PBUF, PBUFLEN, TAG, CMD, CMDLEN) \ +- tlvSet_u8bufOptional_ByteShift(PBUF, PBUFLEN, TAG, CMD, CMDLEN); \ +- DO_LOG_A(TAG, DESCRIPTION, CMD, CMDLEN) +- +- +-#define TLVSET_u8buf_I2CM(DESCRIPTION, PBUF, PBUFLEN, TAG, CMD, CMDLEN) \ +- tlvSet_u8buf_I2CM(PBUF, PBUFLEN, TAG, CMD, CMDLEN); \ +- DO_LOG_A(TAG, DESCRIPTION, CMD, CMDLEN) +- +- +-int tlvSet_U8(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint8_t value); +-int tlvSet_U16(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint16_t value); +-int tlvSet_U16Optional(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint16_t value); +-int tlvSet_U32(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint32_t value); +-int tlvSet_U64_size(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint64_t value,uint16_t size); +-int tlvSet_u8buf(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, const uint8_t *cmd, size_t cmdLen); +-int tlvSet_u8bufOptional(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, const uint8_t *cmd, size_t cmdLen); +-/* Same as tlvSet_u8bufOptional, but some time, Most Significant Byte needs to be shifted and Plus by 1 */ +-int tlvSet_u8bufOptional_ByteShift(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, const uint8_t *cmd, size_t cmdLen); +-int tlvSet_Se05xPolicy(const char *description, uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, Se05xPolicy_t *policy); +-int tlvSet_KeyID(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint32_t keyID); +-int tlvSet_MaxAttemps(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint16_t maxAttemps); +-int tlvSet_ECCurve(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, SE05x_ECCurve_t value); +-int tlvSet_u8buf_features(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, pSe05xAppletFeatures_t appletVariant); +- +-int tlvGet_U8(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint8_t *pRsp); +-int tlvGet_U16(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint16_t *pRsp); +-int tlvGet_U32(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint32_t *pRsp); +- +-int tlvGet_u8buf(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint8_t *rsp, size_t *pRspLen); +-int tlvGet_ValueIndex(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag); +-int tlvGet_Se05xSession( +- uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, pSe05xSession_t *pSessionId); +-int tlvGet_TimeStamp(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, SE05x_TimeStamp_t *pTs); +- +-int tlvSet_u8buf_I2CM(uint8_t **buf, size_t *bufLen, SE05x_I2CM_TAG_t tag, const uint8_t *cmd, size_t cmdLen); +- +-int tlvGet_SecureObjectType(uint8_t *buf, size_t *pBufIndex, size_t bufLen, SE05x_TAG_t tag, SE05x_SecObjTyp_t *pType); +- +-int tlvGet_Result(uint8_t *buf, size_t *pBufIndex, size_t bufLen, SE05x_TAG_t tag, SE05x_Result_t *presult); +- +- +- +-smStatus_t se05x_Transform(struct Se05xSession *pSession, +- const tlvHeader_t *hdr, +- uint8_t *cmdApduBuf, +- const size_t cmdApduBufLen, +- tlvHeader_t *out_hdr, +- uint8_t *txBuf, +- size_t *ptxBufLen, +- uint8_t hasle); +- +-smStatus_t se05x_Transform_scp(struct Se05xSession *pSession, +- const tlvHeader_t *hdr, +- uint8_t *cmdApduBuf, +- const size_t cmdApduBufLen, +- tlvHeader_t *outhdr, +- uint8_t *txBuf, +- size_t *ptxBufLen, +- uint8_t hasle); +- +-smStatus_t se05x_DeCrypt(struct Se05xSession *pSessionCtx, +- size_t cmd_cmacLen, +- uint8_t *rsp, +- size_t *rspLength, +- uint8_t hasle); +- +-smStatus_t DoAPDUTxRx_s_Case2(Se05xSession_t *pSessionCtx, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rspBuf, +- size_t *pRspBufLen); +- +-smStatus_t DoAPDUTx_s_Case3(Se05xSession_t *pSessionCtx, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen); +- +-smStatus_t DoAPDUTxRx_s_Case4(Se05xSession_t *pSessionCtx, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rspBuf, +- size_t *pRspBufLen); +- +-smStatus_t DoAPDUTxRx_s_Case4_ext(Se05xSession_t *pSessionCtx, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rspBuf, +- size_t *pRspBufLen); +- +-smStatus_t DoAPDUTxRx(Se05xSession_t *pSessionCtx, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rspBuf, +- size_t *pRspBufLen); +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-smStatus_t Se05x_API_I2CM_Send( +- pSe05xSession_t sessionId, const uint8_t *buffer, size_t bufferLen, uint8_t *result, size_t *presultLen); +-#endif +-#endif // !SE05X_TLV_H_INC +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/sm_const.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/sm_const.h +deleted file mode 100644 +index 7beb37cfa5..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc/sm_const.h ++++ /dev/null +@@ -1,123 +0,0 @@ +-/* +-* +-* Copyright 2016,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef _A71CH_CONST_H_ +-#define _A71CH_CONST_H_ +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_A71CH && (!(SSS_HAVE_A71CH_SIM)) +-# define APPLET_NAME "a71ch" // 0x61.37.31.63.68 +-# define APPLET_NAME_LEN (sizeof(APPLET_NAME) - 1) +-# define SE_NAME "A71CH" +-#endif +-#if SSS_HAVE_LOOPBACK +-# define APPLET_NAME \ +- { 0xD2, 0x76, 0x00, 0x00, 0x85, 0x54, 0x65, 0x73, \ +- 0x74, 0x01, 0x01 } //echo applet +-# define APPLET_NAME_LEN (11) +-# define SE_NAME "LoopBack" +-#endif +-#if SSS_HAVE_A71CL +-# define APPLET_NAME \ +- { 0xA0, 0x00, 0x00, 0x00, 0x41, 0x6C, 0x69, 0x59, \ +- 0x75, 0x6E, 0x2E, 0x49, 0x44, 0x32, 0x01}// "Ali Yun" +-# define APPLET_NAME_LEN (15) +-# define SE_NAME "A71CL" +-#endif +- +-#if SSS_HAVE_SE050_L +-# define APPLET_NAME \ +-{ 0xA0, 0x00, 0x00, 0x00, 0x41, 0x6C, 0x69, 0x59, \ +- 0x75, 0x6E, 0x2E, 0x49, 0x44, 0x32 \ +-}// "Ali Yun" +- +- +-# define APPLET_NAME_LEN (14) +-# define SE_NAME "SE050_L" +-#endif +- +-#if SSS_HAVE_A71CH_SIM +-# define APPLET_NAME \ +- {0xa0, 0x00, 0x00, 0x03, 0x96, 0x54, 0x53, 0x00, \ +- 0x00, 0x00, 0x01, 0x03, 0x00, 0x00, 0x00, 0x00} +-# define APPLET_NAME_LEN (16) +-# define SE_NAME "SE050:EAR:CH" +-#endif +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-# define APPLET_NAME \ +- {0xa0, 0x00, 0x00, 0x03, 0x96, 0x54, 0x53, 0x00, \ +- 0x00, 0x00, 0x01, 0x03, 0x00, 0x00, 0x00, 0x00} +-# define APPLET_NAME_LEN (16) +- +-# define SSD_NAME \ +- { 0xD2, 0x76, 0x00, 0x00, 0x85, 0x30, 0x4A, 0x43, 0x4F, 0x90, 0x03} +-#endif +- +-#if SSS_HAVE_SE05X_A +-# define SE_NAME "SE050:A" +-#endif +-#if SSS_HAVE_SE05X_B +-# define SE_NAME "SE050:B" +-#endif +-#if SSS_HAVE_SE05X_C +-# define SE_NAME "SE050:C" +-#endif +- +-#define A71CH_KEY_PAIR_MAX_A 2 //!< Maximum amount of ECC key pairs that can be stored in A71CH (A device) +-#define A71CH_PUBLIC_KEY_MAX_A 2 //!< Maximum amount of ECC public keys that can be stored in A71CH (A device) +-#define A71CH_SYM_KEY_MAX_A 4 //!< Maximum amount of Symmetric keys that can be stored in A71CH (A device) +-#define A71CH_KEY_PAIR_MAX_B 4 //!< Maximum amount of ECC key pairs that can be stored in A71CH (B device) +-#define A71CH_PUBLIC_KEY_MAX_B 3 //!< Maximum amount of ECC public keys that can be stored in A71CH (B device) +-#define A71CH_SYM_KEY_MAX_B 8 //!< Maximum amount of Symmetric keys that can be stored in A71CH (A device) +-#define A71CH_COUNTER_MAX 2 //!< Maximum amount of monotonic counters that can be stored in A71CH (A&B) +- +-// We cover two A71CH product variants that differ in the amount of credentials that can be stored. +-// These two variants are referred to (in this example source code) as +-// - TYPE_A (or simply A) - which is the device with lesser storage +-// - TYPE_B (or simply B) - which is the device with more storage +-// As the example source code depends on the amount of credentials that can be stored +-// the ::A71CH_DEVICE_TYPE define must be used to select between either variant at compile time. +-#define A71CH_DEVICE_TYPE_A (0x41) //!< Symbolic constant to represent the Initial A71CH device +-#define A71CH_DEVICE_TYPE_B (0x42) //!< Synbolic constant to represent the A71CH device with more storage +-#define A71CH_DEVICE_TYPE A71CH_DEVICE_TYPE_B //!< Indicate the credential storage capabilities of the A71CH +- +- +-/** @def A71CH_KEY_PAIR_MAX +- * Maximum ECC Key Pairs in the Secure module */ +-/** @def A71CH_PUBLIC_KEY_MAX +- * Maximum ECC Public Keys in the Secure module */ +-/** @def A71CH_SYM_KEY_MAX +- * Maximum ECC Symmetric Keys in the Secure module */ +-/** @def A71CH_GP_STORAGE_SIZE +- * Maximum General Purpose Storage in the Secure module */ +- +-#if A71CH_DEVICE_TYPE == A71CH_DEVICE_TYPE_A +-//!< Effective value used in examples +-# define A71CH_KEY_PAIR_MAX A71CH_KEY_PAIR_MAX_A +-# define A71CH_PUBLIC_KEY_MAX A71CH_PUBLIC_KEY_MAX_A +-# define A71CH_SYM_KEY_MAX A71CH_SYM_KEY_MAX_A +-# define A71CH_GP_STORAGE_SIZE A71CH_GP_STORAGE_SIZE_A +-#else +-# define A71CH_KEY_PAIR_MAX A71CH_KEY_PAIR_MAX_B +-# define A71CH_PUBLIC_KEY_MAX A71CH_PUBLIC_KEY_MAX_B +-# define A71CH_SYM_KEY_MAX A71CH_SYM_KEY_MAX_B +-# define A71CH_GP_STORAGE_SIZE A71CH_GP_STORAGE_SIZE_B +-#endif +- +-#ifdef __cplusplus +-} +-#endif +-#endif //_A71CHCONSTL_H_ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.c +deleted file mode 100644 +index 62af6070f6..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.c ++++ /dev/null +@@ -1,87 +0,0 @@ +-/* +-* +-* Copyright 2016,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#include +-#include +-#include +- +-#include "global_platf.h" +-#include "smCom.h" +- +-#include "scp.h" +-#include "sm_apdu.h" +-#include "sm_errors.h" +- +-#include "nxLog_hostLib.h" +-#include "nxEnsure.h" +- +-/** +- * Send a select command to the card manager +- * +- * \param[in] appletName Pointer to a buffer containing the applet name. +- * \param[in] appletNameLen Length of the applet name. +- * \param[out] responseData Pointer to a buffer that will contain response data (excluding status word). +- * \param[in,out] responseDataLen IN: size of pResponse buffer passed as argument; OUT: Length of response data retrieved +- * +- * \retval ::SW_OK Upon successfull execution +- */ +-U16 GP_Select(void *conn_ctx, const U8 *appletName, U16 appletNameLen, U8 *responseData, U16 *responseDataLen) +-{ +- U16 rv = ERR_COMM_ERROR; +- U32 u32RXLen = *responseDataLen; +- +- uint8_t tx_buf[MAX_APDU_BUF_LENGTH]; +- uint16_t tx_len; +- +- ENSURE_OR_GO_CLEANUP(NULL != responseData); +- ENSURE_OR_GO_CLEANUP(0 != responseDataLen); +- ENSURE_OR_GO_CLEANUP(appletNameLen < 255); +- /* cla+ins+p1+p2+lc+appletNameLen+le */ +- ENSURE_OR_GO_CLEANUP(sizeof(tx_buf) > (6 + appletNameLen)); +- +- tx_buf[0] = CLA_ISO7816; +- tx_buf[1] = INS_GP_SELECT; +- tx_buf[2] = 4; +- tx_buf[3] = 0; +- +- tx_len = 0 /* for indentation */ +- + 1 /* CLA */ +- + 1 /* INS */ +- + 1 /* P1 */ +- + 1 /* P2 */; +- if (appletNameLen > 0) { +- tx_buf[4] = (uint8_t)appletNameLen; // We have done ENSURE_OR_GO_CLEANUP(appletNameLen < 255); +- tx_len = tx_len + 1 /* Lc */ +- + appletNameLen /* Payload */ +- + 1 /* Le */; +- memcpy(&tx_buf[5], appletName, appletNameLen); +- } +- else { +- tx_len = tx_len /* for indentation */ +- + 0 /* No Lc */ +- + 1 /* Le */; +- } +- tx_buf[tx_len - 1] = 0; /* Le */ +- +- // apdu_t * pApdu = (apdu_t *) &apdu; +- // U8 isOk = 0x00; +- +- // pApdu->cla = CLA_ISO7816; +- // pApdu->ins = INS_GP_SELECT; +- // pApdu->p1 = 0x04; +- // pApdu->p2 = 0x00; +- +- rv = smCom_TransceiveRaw(conn_ctx, tx_buf, tx_len, responseData, &u32RXLen); +- if (rv == SW_OK && u32RXLen >= 2) { +- *responseDataLen = u32RXLen - 2; +- rv = responseData[u32RXLen - 2]; +- rv <<= 8; +- rv |= responseData[u32RXLen - 1]; +- } +- +-cleanup: +- return rv; +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.h +deleted file mode 100644 +index 9e358d4255..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/global_platf.h ++++ /dev/null +@@ -1,28 +0,0 @@ +-/* +-* +-* Copyright 2016,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef _GLOBAL_PLATF_ +-#define _GLOBAL_PLATF_ +- +-#include "sm_types.h" +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#define CLA_ISO7816 (0x00) //!< ISO7816-4 defined CLA byte +- +-#define INS_GP_INITIALIZE_UPDATE (0x50) //!< Global platform defined instruction +-#define INS_GP_EXTERNAL_AUTHENTICATE (0x82) //!< Global platform defined instruction +-#define INS_GP_SELECT (0xA4) //!< Global platform defined instruction +-#define INS_GP_PUT_KEY (0xD8) //!< Global platform defined instruction +- +-U16 GP_Select(void *conn_ctx, const U8 *appletName, U16 appletNameLen, U8 *response, U16 *responseLen); +-U16 GP_GetCLAppletVersion(U8 *appletVersion, U16 *verionLength); +-#ifdef __cplusplus +-} +-#endif +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.c +deleted file mode 100644 +index c5e9c5a357..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.c ++++ /dev/null +@@ -1,880 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * +- * @par Description +- * This file implements the high-level APDU handling of the SM module. +- * @par History +- * 1.0 31-march-2014 : Initial version +- * 1.1 10-april-2019 : Removed compile time choice 'USE_MALLOC_FOR_APDU_BUFFER' +- * +- *****************************************************************************/ +-#include +-#include +-#include +-#include +- +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#include "sm_apdu.h" +-// #include "ax_api.h" +-#include "scp.h" +-#include "nxLog_hostLib.h" +-#include "nxEnsure.h" +- +-static void ReserveLc(apdu_t * pApdu); +-static void SetLc(apdu_t * pApdu, U16 lc); +-static void AddLe(apdu_t * pApdu, U16 le); +- +-#if SSS_HAVE_A71CH_SIM +-/* Send session ID in trans-receive */ +-static U8 session_Tlv[7]; +-static U8 gEnableEnc = 0; +-#endif +- +-static U8 sharedApduBuffer[MAX_APDU_BUF_LENGTH]; +- +-#ifdef TGT_A71CH +-#if ( (APDU_HEADER_LENGTH + APDU_STD_MAX_DATA + 1) >= MAX_APDU_BUF_LENGTH ) +-#error "Ensure MAX_APDU_BUF_LENGTH is big enough" +-#endif +-#endif // TGT_A71CH +- +-/** +- * Associates a memory buffer with the APDU buffer. +- * +- * By default (determined at compile time) the buffer is not allocated with each call, but a reference +- * is made to a static data structure. +- * +- * \param[in,out] pApdu APDU buffer +- * \returns always returns 0 +- */ +-U8 AllocateAPDUBuffer(apdu_t *pApdu) +-{ +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- // In case of e.g. TGT_A7, pApdu is pointing to a structure defined on the stack +- // so pApdu->pBuf contains random data +- pApdu->pBuf = sharedApduBuffer; +- +-exit: +- return 0; +-} +- +-/** +- * Clears the previously referenced APDU buffer. +- * +- * In case the buffer was effectively malloc'd by ::AllocateAPDUBuffer it will also be freed. +- * +- * \param[in,out] pApdu APDU buffer +- * \return Always returns 0 +- */ +-U8 FreeAPDUBuffer(apdu_t * pApdu) +-{ +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- +- if (pApdu->pBuf) +- { +- U16 nClear = (pApdu->rxlen > MAX_APDU_BUF_LENGTH) ? MAX_APDU_BUF_LENGTH : pApdu->rxlen; +- memset(pApdu->pBuf, 0, nClear); +- pApdu->pBuf = 0; +- } +- +-exit: +- return 0; +-} +- +-/** +- * Sets up the command APDU header. +- * \param[in,out] pApdu APDU buffer +- * \param[in] extendedLength Indicates if command/response have extended length. Either ::USE_STANDARD_APDU_LEN or ::USE_EXTENDED_APDU_LEN +- * \return offset in APDU buffer after the header +- */ +-U8 SetApduHeader(apdu_t * pApdu, U8 extendedLength) +-{ +- U8 ret = 0; +- // pApdu->edc = eEdc_NoErrorDetection; +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- +- pApdu->pBuf[0] = pApdu->cla; +- pApdu->pBuf[1] = pApdu->ins; +- pApdu->pBuf[2] = pApdu->p1; +- pApdu->pBuf[3] = pApdu->p2; +- +- pApdu->extendedLength = extendedLength; +- pApdu->hasData = false; +- pApdu->lcLength = 0; +- pApdu->lc = 0; +- pApdu->hasLe = false; +- +- // No LC yet +- pApdu->offset = APDU_OFFSET_LC; +- +- // adapt length +- pApdu->buflen = pApdu->offset; +- +- // Set rxlen to default value +- pApdu->rxlen = 0; +- +- ret = (U8)(pApdu->offset); +-exit: +- return ret; +-} +- +-#if SSS_HAVE_A71CH_SIM +-/** +- * Creates session TLV from session ID. Session ID is retrieved as response to auth command. +- * \param[in] sessionId +- */ +-void set_SessionId_Tlv(U32 sessionId) +-{ +- session_Tlv[0] = 0xBE; +- session_Tlv[1] = 0xBE; +- session_Tlv[2] = 0x04; +- session_Tlv[3] = (U8)(sessionId >> 24); +- session_Tlv[4] = (U8)(sessionId >> 16); +- session_Tlv[5] = (U8)(sessionId >> 8); +- session_Tlv[6] = (U8)(sessionId >> 0); +- gEnableEnc = sessionId !=0 ? 1:0; +-} +-#endif +- +-/** +- * In the final stage before sending the APDU cmd one needs to update the values of lc (and le). +- * \param[in,out] pApdu APDU buffer +- * \param[in] lc +- */ +-void smApduAdaptLc(apdu_t *pApdu, U16 lc) +-{ +- SetLc(pApdu, lc); +-} +- +-/** +- * In the final stage before sending the APDU cmd one needs to update the values of le (and lc). +- * \param[in,out] pApdu APDU buffer +- * \param[in] le +- */ +-void smApduAdaptLe(apdu_t *pApdu, U16 le) +-{ +- AddLe(pApdu, le); +-} +- +-/** +- * In the final stage before sending the APDU cmd one needs to update the values of lc and le. +- * \param[in,out] pApdu APDU buffer +- * \param[in] lc +- * \param[in] le +- */ +-void smApduAdaptLcLe(apdu_t *pApdu, U16 lc, U16 le) +-{ +- SetLc(pApdu, lc); +- AddLe(pApdu, le); +-} +- +-/** +- * Reserves bytes for the LC in the command APDU and updated the pApdu data structure to match. +- * Must be called once in case the APDU cmd has a command data section. +- * \pre pApdu->hasData has been set. +- * \param[in,out] pApdu APDU buffer +- */ +-static void ReserveLc(apdu_t * pApdu) +-{ +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- +- pApdu->lcLength = 0; +- +- ENSURE_OR_GO_EXIT(pApdu->hasData != 0); +- +- if (pApdu->extendedLength) { +- pApdu->lcLength = 3; +- } +- else { +- pApdu->lcLength = 1; +- } +- +- pApdu->offset += pApdu->lcLength; +- pApdu->buflen += pApdu->lcLength; +-exit: +- return; +-} +- +-/** +- * Sets the LC value in the command APDU. +- * @pre ReserveLc(...) has been called or there is no command data section +- * @param[in,out] pApdu APDU buffer +- * @param[in] lc LC value to be set +- */ +-static void SetLc(apdu_t * pApdu, U16 lc) +-{ +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- ENSURE_OR_GO_EXIT((pApdu->lcLength != 0) || (pApdu->hasData == 0)); +- +- // NOTE: +- // pApdu->lcLength was set to its proper value in a call to ReserveLc(...) +- +- if (pApdu->hasData) { +- if (pApdu->extendedLength) { +- pApdu->lc = lc; +- // pApdu->lcLength = 3; +- pApdu->pBuf[APDU_OFFSET_LC] = 0x00; +- pApdu->pBuf[APDU_OFFSET_LC + 1] = (U8)(lc >> 8); +- pApdu->pBuf[APDU_OFFSET_LC + 2] = (U8)(lc & 0xFF); +- } +- else { +- pApdu->lc = lc; +- // pApdu->lcLength = 1; +- pApdu->pBuf[APDU_OFFSET_LC] = (U8)(lc & 0xFF); +- } +- } +- else { +- pApdu->lcLength = 0; +- } +-exit: +- return; +-} +- +-/** +- * Adds the LE value to the command APDU. +- * @param pApdu [IN/OUT] APDU buffer +- * @param le [IN] LE +- * @return +- */ +-static void AddLe(apdu_t * pApdu, U16 le) +-{ +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- +- pApdu->hasLe = true; +- pApdu->le = le; +- +- if (pApdu->extendedLength) { +- if (pApdu->hasData) { +- ENSURE_OR_GO_EXIT( (pApdu->offset + 1) < MAX_APDU_BUF_LENGTH); +- pApdu->pBuf[pApdu->offset] = (U8)(le >> 8); +- pApdu->pBuf[pApdu->offset + 1] = (U8)(le & 0xFF); +- pApdu->leLength = 2; +- } +- else { +- ENSURE_OR_GO_EXIT( (pApdu->offset + 2) < MAX_APDU_BUF_LENGTH); +- pApdu->pBuf[pApdu->offset] = 0x00; +- pApdu->pBuf[pApdu->offset + 1] = (U8)(le >> 8); +- pApdu->pBuf[pApdu->offset + 2] = (U8)(le & 0xFF); +- pApdu->leLength = 3; +- } +- } +- else { +- // regular length +- ENSURE_OR_GO_EXIT(pApdu->offset < MAX_APDU_BUF_LENGTH); +- pApdu->pBuf[pApdu->offset] = (U8)(le & 0xFF); +- pApdu->leLength = 1; +- } +- +- pApdu->offset += pApdu->leLength; +- pApdu->buflen += pApdu->leLength; +-exit: +- return; +-} +- +- +-#if 0 +-/** +- * @function AddTlvItem +- * @description Adds a Tag-Length-Value structure to the command APDU. +- * @param pApdu [IN/OUT] APDU buffer. +- * @param tag [IN] tag; either a 1-byte tag or a 2-byte tag +- * @param dataLength [IN] length of the Value +- * @param pValue [IN] Value +- * @return SW_OK or ERR_BUF_TOO_SMALL +- */ +-U16 AddTlvItem(apdu_t * pApdu, U16 tag, U16 dataLength, const U8 *pValue) +-{ +- U8 msbTag = tag >> 8; +- U8 lsbTag = tag & 0xff; +- +- // If this is the first tag added to the buffer, we needs to ensure +- // the correct offset is used writing the data. This depends on +- // whether the APDU is a standard or an extended APDU. +- if (pApdu->hasData == 0) +- { +- pApdu->hasData = 1; +- ReserveLc(pApdu); +- } +- +- // Ensure no buffer overflow will occur before writing any data to buffer +- { +- U32 xtraData = 0; +- U32 u32_Offset = (U32)(pApdu->offset); +- +- xtraData = 1; +- // Tag +- if (msbTag != 0x00) +- { +- // 2-byte tag +- xtraData++; +- } +- +- // Length +- if (dataLength <= 0x7f) +- { +- // 1-byte length +- xtraData++; +- } +- else if (dataLength <= 0xff) +- { +- // 2-byte length +- xtraData += 2; +- } +- else +- { +- // 3-byte length +- xtraData += 3; +- } +- xtraData += dataLength; +- +- // Can we still add 'xtraData' to internal buffer without buffer overwrite? +- if ( (u32_Offset + xtraData) > MAX_APDU_BUF_LENGTH) +- { +- // Bufferflow would occur +- return ERR_BUF_TOO_SMALL; +- } +- } +- +- // Tag +- if (msbTag != 0x00) +- { +- // 2-byte tag +- pApdu->pBuf[pApdu->offset++] = msbTag; +- } +- pApdu->pBuf[pApdu->offset++] = lsbTag; +- +- // Length +- if (dataLength <= 0x7f) +- { +- // 1-byte length +- pApdu->pBuf[pApdu->offset++] = (U8) dataLength; +- pApdu->lc += 2 + dataLength; +- } +- else if (dataLength <= 0xff) +- { +- // 2-byte length +- pApdu->pBuf[pApdu->offset++] = 0x81; +- pApdu->pBuf[pApdu->offset++] = (U8) dataLength; +- pApdu->lc += 3 + dataLength; +- } +- else +- { +- // 3-byte length +- pApdu->pBuf[pApdu->offset++] = 0x82; +- pApdu->pBuf[pApdu->offset++] = dataLength >> 8; +- pApdu->pBuf[pApdu->offset++] = dataLength & 0xff; +- pApdu->lc += 4 + dataLength; +- } +- +- // Value +- memcpy(&pApdu->pBuf[pApdu->offset], pValue, dataLength); +- pApdu->offset += dataLength; +- +- // adapt length +- pApdu->buflen = pApdu->offset; +- +- return SW_OK; +-} +- +-/** +- * AddStdCmdData +- * \deprecated Use ::smApduAppendCmdData instead +- */ +-U16 AddStdCmdData(apdu_t * pApdu, U16 dataLen, const U8 *data) +-{ +- +- pApdu->hasData = 1; +- ReserveLc(pApdu); +- +- pApdu->lc += dataLen; +- +- // Value +- memcpy(&pApdu->pBuf[pApdu->offset], data, dataLen); +- pApdu->offset += dataLen; +- +- // adapt length +- pApdu->buflen = pApdu->offset; +- +- return pApdu->offset; +-} +- +-/** +- * @function ParseResponse +- * @description Parses a received Tag-Length-Value structure (response APDU). +- * @param pApdu [IN] APDU buffer +- * @param expectedTag [IN] expected tag; either a 1-byte tag or a 2-byte tag +- * @param pLen [IN,OUT] IN: size of buffer provided; OUT: length of the received Value +- * @param pValue [OUT] received Value +- * @return status +- */ +-U16 ParseResponse(apdu_t *pApdu, U16 expectedTag, U16 *pLen, U8 *pValue) +-{ +- U16 tag = 0; +- U16 rv = ERR_GENERAL_ERROR; +- int foundTag = 0; +- U16 bufferLen = *pLen; +- +- *pLen = 0; +- +- if (pApdu->rxlen < 2) /* minimum: 2 byte for response */ +- { +- return ERR_GENERAL_ERROR; +- } +- else +- { +- /* check status returned is okay */ +- if ((pApdu->pBuf[pApdu->rxlen - 2] != 0x90) || (pApdu->pBuf[pApdu->rxlen - 1] != 0x00)) +- { +- return ERR_GENERAL_ERROR; +- } +- else // response okay +- { +- pApdu->offset = 0; +- +- do +- { +- U16 len = 0; +- +- // Ensure we don't parse beyond the APDU Response Data +- if (pApdu->offset >= (pApdu->rxlen -2)) { break; } +- +- /* get the tag (see ISO 7816-4 annex D); limited to max 2 bytes */ +- if ((pApdu->pBuf[pApdu->offset] & 0x1F) != 0x1F) /* 1 byte tag only */ +- { +- tag = (pApdu->pBuf[pApdu->offset] & 0x00FF); +- pApdu->offset += 1; +- } +- else /* tag consists out of 2 bytes */ +- { +- tag = (pApdu->pBuf[pApdu->offset] << 8) + pApdu->pBuf[pApdu->offset + 1]; +- pApdu->offset += 2; +- } +- +- // Ensure we don't parse beyond the APDU Response Data +- if (pApdu->offset >= (pApdu->rxlen -2)) { break; } +- +- // tag is OK +- /* get the length (see ISO 7816-4 annex D) */ +- if ((pApdu->pBuf[pApdu->offset] & 0x80) != 0x80) +- { +- /* 1 byte length */ +- len = (pApdu->pBuf[pApdu->offset++] & 0x00FF); +- } +- else +- { +- /* length consists of 2 or 3 bytes */ +- +- U8 additionalBytesForLength = (pApdu->pBuf[pApdu->offset++] & 0x7F); +- +- if (additionalBytesForLength == 1) +- { +- len = pApdu->pBuf[pApdu->offset]; +- pApdu->offset += 1; +- } +- else if (additionalBytesForLength == 2) +- { +- len = (pApdu->pBuf[pApdu->offset] << 8) + pApdu->pBuf[pApdu->offset + 1]; +- pApdu->offset += 2; +- } +- else +- { +- return ERR_GENERAL_ERROR; +- } +- } +- +- // Ensure we don't parse beyond the APDU Response Data +- if (pApdu->offset >= (pApdu->rxlen -2)) { break; } +- +- if (tag == expectedTag) +- { +- // copy the value +- if ( (len > 0) && (bufferLen >= len) ) +- { +- *pLen = len; +- memcpy(pValue, &pApdu->pBuf[pApdu->offset], *pLen); +- rv = SW_OK; +- foundTag = 1; +- break; +- } +- else +- { +- rv = ERR_BUF_TOO_SMALL; +- break; +- } +- } +- +- // update the offset +- pApdu->offset += len; +- } while (!foundTag); +- } +- } +- +- return rv; +-} +- +-#endif // TGT_A71CH +- +-/** +- * Add or append data to the body of a command APDU. +- * WARNING: +- * - Bufferoverflow fix not applied for SSS_HAVE_A71CH_SIM +- * WARNING for non-TGT_A71CH cases : +- * - TGT_A71CL: This function must only be called once in case pApdu->txHasChkSum is set +- */ +-U16 smApduAppendCmdData(apdu_t *pApdu, const U8 *data, U16 dataLen) +-{ +- U16 rv = ERR_GENERAL_ERROR; +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- ENSURE_OR_GO_EXIT(data != NULL); +-#ifdef TGT_A71CH +- // The maximum amount of data payload depends on (whichever is smaller) +- // - STD-APDU (MAX=255 byte) / EXTENDED-APDU (MAX=65536 byte) +- // - size of pApdu->pBuf (MAX_APDU_BUF_LENGTH) +- // Standard Length APDU's: +- // There is a pre-processor macro in place that ensures 'pApdu->pBuf' is of sufficient size +- // Extended Length APDU's (not used by A71CH): +- // APDU payload restricted by buffersize of 'pApdu->pBuf' +- U16 maxPayload_noLe; +- +- if (pApdu->extendedLength) { +- maxPayload_noLe = MAX_APDU_BUF_LENGTH - EXT_CASE4_APDU_OVERHEAD; +- } +- else { +- maxPayload_noLe = APDU_HEADER_LENGTH + APDU_STD_MAX_DATA; +- } +-#endif // TGT_A71CH +- +-#ifdef TGT_A71CL +- U16 maxPayload_noLe; +- +- maxPayload_noLe = MAX_APDU_BUF_LENGTH - EXT_CASE4_APDU_OVERHEAD; +- if (pApdu->txHasChkSum == 1) { +- maxPayload_noLe -= pApdu->txChkSumLength; +- } +-#endif // TGT_A71CL +- +- // If this is the first commmand data section added to the buffer, we needs to ensure +- // the correct offset is used writing the data. This depends on +- // whether the APDU is a standard or an extended APDU. +- if (pApdu->hasData == 0) +- { +- pApdu->hasData = 1; +- ReserveLc(pApdu); +- } +- +-#if SSS_HAVE_A71CH_SIM +- if (gEnableEnc) +- { +- pApdu->lc += (dataLen + sizeof(session_Tlv)); +- //add SessionId_Tlv +- memcpy(&pApdu->pBuf[pApdu->offset], session_Tlv, sizeof(session_Tlv)); +- pApdu->offset += sizeof(session_Tlv); +- } +- else +-#endif // SSS_HAVE_A71CH_SIM +- { +- pApdu->lc += dataLen; +- } +- +-#ifdef TGT_A71CL +- /* add for cl */ +- if (pApdu->txHasChkSum == 1) { +- pApdu->lc += pApdu->txChkSumLength; +- pApdu->pBuf[pApdu->offset - 1] = (U8)pApdu->lc; +- } +-#endif // TGT_A71CL +- +- // Value +-#if defined(TGT_A71CH) || defined(TGT_A71CL) +- if (dataLen <= (maxPayload_noLe - pApdu->offset)) +- { +- memcpy(&pApdu->pBuf[pApdu->offset], data, dataLen); +- pApdu->offset += dataLen; +- } +- else +- { +- return ERR_INTERNAL_BUF_TOO_SMALL; +- } +-#else // defined(TGT_A71CH) || defined(TGT_A71CL) +- memcpy(&pApdu->pBuf[pApdu->offset], data, dataLen); +- pApdu->offset += dataLen; +-#endif // defined(TGT_A71CH) || defined(TGT_A71CL) +- +- // adapt length +- pApdu->buflen = pApdu->offset; +- +- rv = pApdu->offset; +-exit: +- return rv; +-} +- +-/** +- * Gets the Status Word from the APDU. +- * @param[in] pApdu Pointer to the APDU. +- * @param[in,out] pIsOk IN: Pointer to the error indicator, allowed to be NULL; OUT: Points to '1' in case SW is 0x9000 +- * @return Status Word or ::ERR_COMM_ERROR +- */ +-U16 smGetSw(apdu_t *pApdu, U8 *pIsOk) +-{ +- U16 sw = ERR_API_ERROR; +- U16 offset; +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- ENSURE_OR_GO_EXIT(pIsOk != NULL); +- +- if (pApdu->rxlen >= 2) +- { +- offset = pApdu->rxlen - 2; +- sw = (pApdu->pBuf[offset] << 8) + pApdu->pBuf[offset + 1]; +- +- if (sw == SW_OK) +- { +- *pIsOk = 1; +- } +- else +- { +- *pIsOk = 0; +- } +- } +- else +- { +- sw = ERR_COMM_ERROR; +- *pIsOk = 0; +- +- } +-exit: +- return sw; +-} +- +-/** +- * verify crc checksum. +- * \param[in] pApdu APDU buffer +- * \param[in] dataLen data length to be use for crc caluate +- * \return offset in APDU buffer after the header +- */ +-#if defined(TGT_A71CL) +-static U8 smVerifyCrc(apdu_t *pApdu, U16 dataLen) +-{ +- U16 crc = 0; +- U16 recvCrc = 0; +- +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- //FIXME: Where is the definition for below function? +- //crc = CL_CalCRC(&pApdu->pBuf[pApdu->offset], (U32)dataLen, 0xFFFF); +- recvCrc = *(U16*)&pApdu->pBuf[pApdu->offset + dataLen]; +- if (crc != recvCrc) { +- return 0; +- } else { +- return 1; +- } +-exit: +- return 0; +-} +-#endif +-/** +- * Retrieve the response data of the APDU response, in case the status word matches ::SW_OK +- */ +-U16 smApduGetResponseBody(apdu_t *pApdu, U8 *buf, U16 *bufLen) +-{ +- U16 tailInfoLen = 2; +- U16 rv = ERR_GENERAL_ERROR; +- +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- if (pApdu->rxlen < 2) /* minimum: 2 byte for response */ +- { +- *bufLen = 0; +- return ERR_GENERAL_ERROR; +- } +- else +- { +- /* check status returned is okay */ +- if (((pApdu->pBuf[pApdu->rxlen - 2] != 0x90) || (pApdu->pBuf[pApdu->rxlen - 1] != 0x00)) && +- (pApdu->pBuf[pApdu->rxlen -2] != 0x63) && +- (pApdu->pBuf[pApdu->rxlen - 2] != 0x95)) { +- *bufLen = 0; +- return ERR_GENERAL_ERROR; +- } +- else // response okay +- { +- pApdu->offset = 0; +-#if defined(TGT_A71CL) +- if (pApdu->rxHasChkSum == 1) { +- tailInfoLen += pApdu->rxChkSumLength; +- } +-#endif +- if ((pApdu->rxlen - tailInfoLen) > *bufLen) +- { +- *bufLen = 0; +- return ERR_BUF_TOO_SMALL; +- } +- else +- { +- *bufLen = pApdu->rxlen - tailInfoLen; +-#if defined(TGT_A71CL) +- if (pApdu->rxHasChkSum == 1) { +- if (smVerifyCrc(pApdu, *bufLen)) { +- memcpy(buf, &(pApdu->pBuf[pApdu->offset]), *bufLen); +- } else { +- return ERR_CRC_CHKSUM_VERIFY; +- } +- } +- else +-#endif +- { +- if (*bufLen) { +- memcpy(buf, &(pApdu->pBuf[pApdu->offset]), *bufLen); +- } +- } +- } +- } +- } +- +- rv = SW_OK; +-exit: +- return rv; +-} +- +-#ifdef TGT_A71CL +- +-/** +- * In the final stage before sending the APDU cmd one needs to update checksum value. +- * \param[in,out] pApdu APDU buffer +- * \param[in] chksum +- */ +-U16 smApduAdaptChkSum(apdu_t *pApdu, U16 chkSum) +-{ +- U16 rv = ERR_GENERAL_ERROR; +- // assert(pApdu->txHasChkSum == 1); +- // U16 tmpchkSum = (chkSum >> 8)|(chkSum << 8); +- +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- if (pApdu->txHasChkSum) { +- memcpy(&pApdu->pBuf[pApdu->offset], &chkSum, pApdu->txChkSumLength); +- } +- pApdu->buflen += pApdu->txChkSumLength; +- pApdu->offset += pApdu->txChkSumLength; +- +- rv = pApdu->offset; +-exit: +- return rv; +-} +-#endif +- +-bool smApduGetArrayBytes(char *str, size_t *len, uint8_t *buffer, size_t buffer_len) +-{ +- if ((strlen(str) % 2) != 0) { +- LOG_E("Invalid length"); +- return false; +- } +- +- *len = strlen(str) / 2; +- if (buffer_len < *len) +- { +- LOG_E("Insufficient buffer size\n"); +- *len = 0; +- return false; +- } +- char *pos = str; +- for (size_t count = 0; count < *len; count++) { +- if (sscanf(pos, "%2hhx", &buffer[count]) < 1) { +- *len = 0; +- return false; +- } +- pos += 2; +- } +- return true; +-} +- +-bool smApduGetTxRxCase(uint8_t *apdu, size_t apduLen, size_t* data_offset, size_t *dataLen, apduTxRx_case_t *apdu_case) +-{ +- *data_offset = 0; +- *dataLen = 0; +- *apdu_case = APDU_TXRX_CASE_INVALID; +- //Invalid apdu +- if (apduLen < 4) +- { +- LOG_E("Wrong APDU format\n"); +- return false; +- } +- +- //Case 1 +- if (apduLen == 4) +- { +- *apdu_case = APDU_TXRX_CASE_1; +- return true; +- } +- //Case 2S +- else if (apduLen == 5) +- { +- *apdu_case = APDU_TXRX_CASE_2; +- return true; +- } +- else +- { +- size_t byte5 = apdu[4] & 0xFF; +- if (byte5 != 0x0) +- { +- if (apduLen == 5 + byte5) +- { +- //case 3S +- *apdu_case = APDU_TXRX_CASE_3; +- *data_offset = 5; +- *dataLen = byte5; +- } +- else if (apduLen == 6 + byte5) +- { +- //case 4S +- *apdu_case = APDU_TXRX_CASE_4; +- *data_offset = 5; +- *dataLen = byte5; +- } +- else +- { +- LOG_E("Wrong APDU format\n"); +- return false; +- } +- } +- else if (apduLen == 7) +- { +- //case 2E +- *apdu_case = APDU_TXRX_CASE_2E; +- } +- else if (apduLen < 7) +- { +- LOG_E("Wrong APDU format\n"); +- return false; +- } +- else +- { +- size_t len = ((apdu[5] << (1 * 8)) & 0xFF00) + ((apdu[6] << (0 * 8)) & 0x00FF); +- if (apduLen == 7 + len) { +- //case 3E +- *apdu_case = APDU_TXRX_CASE_3E; +- *data_offset = 7; +- *dataLen = len; +- } +- else if (apduLen == 9 + len) { +- //Case 4E +- *apdu_case = APDU_TXRX_CASE_4E; +- *data_offset = 7; +- *dataLen = len; +- } +- else +- { +- LOG_E("Wrong APDU format\n"); +- return false; +- } +- } +- } +- return true; +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.h +deleted file mode 100644 +index 47a739a5f7..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_apdu.h ++++ /dev/null +@@ -1,217 +0,0 @@ +-/* +- * +- * Copyright 2016 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * @par Description +- * This file defines the API of the APDU parser for AX host library. +- * @par History +- * 1.0 31-mar-2014 : Initial version +- * +- */ +- +-#ifndef _SM_APDU_H_ +-#define _SM_APDU_H_ +- +-#include "apduComm.h" +-#include "sm_types.h" +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#ifdef A71_IGNORE_PARAM_CHECK +-#error "Do not remove API parameter check" +-#endif +- +-/* ------------------------------ */ +- +-#define MAX_APDU_BUF_LENGTH (256 + 1024) // This value has not been optimized for TGT_A71CH (256+64) +- +-#define MAX_EXT_APDU_BUF_LENGTH (32769) // extended APDU Max supported Len is 0x7FFF + 2 bytes status code +- +- +-#define APDU_HEADER_LENGTH (5) +-#define APDU_EXTENDED_HEADER_LENGTH (7) +-#define EXT_CASE4_APDU_OVERHEAD (9) +-#define SCP03_OVERHEAD (24) // padding (=16) + mac (=8) +-#define RSP_APDU_STATUS_OVERHEAD (2) +-#define APDU_STD_MAX_DATA (255) +- +-// +-#ifdef TGT_A70CI +-#define TAG_SST_IDENTIFIER (0x01) +-#define TAG_SST_INDEX (0x02) +-#define TAG_ECC_PRIVATE_KEY (0x03) +-#define TAG_ECC_PUBLIC_KEY (0x04) +-#define TAG_SHARED_SECRET (0x05) +-#define TAG_RSA_PRIVATE_KEY_P (0x06) +-#define TAG_RSA_PRIVATE_KEY_Q (0x07) +-#define TAG_RSA_PRIVATE_KEY_DP (0x08) +-#define TAG_RSA_PRIVATE_KEY_DQ (0x09) +-#define TAG_RSA_PRIVATE_KEY_IPQ (0x0A) +-#define TAG_PUBLIC_KEY (0x0B) +-#define TAG_AES_KEY (0x0C) +-#define TAG_AUTH_PUBLIC_KEY_ID (0x0D) +-#define TAG_CONTEXT (0x0F) +-#define TAG_DIRECTION (0x10) +-#define TAG_IV (0x11) +-#define TAG_INPUT_DATA (0x12) +-#define TAG_OUTPUT_DATA (0x13) +-#define TAG_AUTHENTICATION_DATA (0x14) +-#define TAG_GMAC_DATA (0x15) +-#define TAG_GMAC_LENGTH (0x16) +-#define TAG_KEYWRAP_ALGO (0x17) +-#define TAG_HASH (0x18) +-#define TAG_SIGNATURE (0x19) +-#define TAG_VERIFICATION (0x1A) +-#define TAG_CERTIFICATE (0x1B) +-#define TAG_SIZE (0x1C) +-#define TAG_SALT (0x1E) +-#elif defined(TGT_A70CM) +-#define TAG_DLMS_SECURITY_BYTE (0x00) +-#define TAG_SST_IDENTIFIER (0x01) +-#define TAG_SST_INDEX (0x02) +-#define TAG_ECC_PRIVATE_KEY (0x03) +-#define TAG_ECC_PUBLIC_KEY (0x04) +-#define TAG_SHARED_SECRET (0x05) +-#define TAG_RSA_PRIVATE_KEY_P (0x06) +-#define TAG_RSA_PRIVATE_KEY_Q (0x07) +-#define TAG_RSA_PRIVATE_KEY_DP (0x08) +-#define TAG_RSA_PRIVATE_KEY_DQ (0x09) +-#define TAG_RSA_PRIVATE_KEY_IPQ (0x0A) +-#define TAG_RSA_PUBLIC_KEY_MOD (0x0B) +-#define TAG_AES_KEY (0x0C) +-#define TAG_WRAPPED_AES_KEY (0x0D) +-#define TAG_CONTEXT (0x0E) +-#define TAG_DIRECTION (0x0F) +-#define TAG_IV (0x10) +-#define TAG_INPUT_DATA (0x11) +-#define TAG_OUTPUT_DATA (0x12) +-#define TAG_AUTHENTICATION_DATA (0x13) +-#define TAG_GMAC_DATA (0x14) +-#define TAG_GMAC_LENGTH (0x15) +-#define TAG_KEYWRAP_ALGO (0x16) +-#define TAG_HASH (0x17) +-#define TAG_SIGNATURE (0x18) +-#define TAG_DLMS_AK_INDEX (0x19) +-#define TAG_VERIFICATION (0x1A) +-#define TAG_CERTIFICATE (0x1B) +-#define TAG_OFFSET (0x1C) +-#define TAG_SIZE (0x1D) +-#define TAG_SST_WRAPPING_KEY_INDEX (0x1E) +-#else // +-/// @cond not_relevant_for_A71ch & A71cl +-#define TAG_DLMS_SECURITY_BYTE (0x00) +-#define TAG_SST_IDENTIFIER (0x01) +-#define TAG_SST_INDEX (0x02) +-#define TAG_ECC_PRIVATE_KEY (0x03) +-#define TAG_ECC_PUBLIC_KEY (0x04) +-#define TAG_SHARED_SECRET (0x05) +-#define TAG_RSA_PRIVATE_KEY_P (0x06) +-#define TAG_RSA_PRIVATE_KEY_Q (0x07) +-#define TAG_RSA_PRIVATE_KEY_DP (0x08) +-#define TAG_RSA_PRIVATE_KEY_DQ (0x09) +-#define TAG_SST_IDENTIFIER2 (0x0A) +-#define TAG_SST_INDEX2 (0x0B) +-#define TAG_AES_KEY (0x0C) +-#define TAG_WRAPPED_AES_KEY (0x0D) +-#define TAG_CONTEXT (0x0E) +-#define TAG_DIRECTION (0x0F) +-#define TAG_IV (0x10) +-#define TAG_INPUT_DATA (0x11) +-#define TAG_OUTPUT_DATA (0x12) +-#define TAG_AUTHENTICATION_DATA (0x13) +-#define TAG_GMAC_DATA (0x14) +-#define TAG_GMAC_LENGTH (0x15) +-#define TAG_KEYWRAP_ALGO (0x16) +-#define TAG_HASH (0x17) +-#define TAG_SIGNATURE (0x18) +-#define TAG_STATE (0x19) +-#define TAG_VERIFICATION (0x1A) +-#define TAG_CERTIFICATE (0x1B) +-#define TAG_OFFSET (0x1C) +-#define TAG_SIZE (0x1D) +-#define TAG_SST_WRAPPING_KEY_INDEX (0x1E) +-#define TAG_INTERFACE (0x1F) +-#define TAG_CHUNK_NUMBER (0x23) +-#define TAG_SCP_MIN_SEC_LEVEL (0x24) +-#define TAG_STATUS_WORD (0x25) +-/// @endcond +-#endif // TGT_A70CI +-// +- +-/* ------------------------------ */ +-#define AX_CLA (0x80) +- +-// #define SW_WARNING_FILE_DEACTIVATED (0x6283) +-// #define SW_WARNING_FILE_TERMINATED (0x6285) +- +-#define SW_WRONG_LENGTH (0x6700) //!< ISO7816-4 defined status word: Wrong Length of data +-#define SW_SECURE_MESSAGING_NOT_SUPPORTED (0x6882) //!< ISO7816-4 defined status word +-#define SW_SECURITY_STATUS_NOT_SATISFIED (0x6982) //!< ISO7816-4 defined status word +-#define SW_DATA_INVALID (0x6984) //!< ISO7816-4 defined status word +-#define SW_CONDITIONS_NOT_SATISFIED (0x6985) //!< ISO7816-4 defined status word: Conditions of use not satisfied, e.g. a command is not allowed, the provided identifier is not applicable or the index is out of range. +-#define SW_COMMAND_NOT_ALLOWED (0x6986) //!< ISO7816-4 defined status word +-#define SW_WRONG_DATA (0x6A80) //!< ISO7816-4 defined status word: Wrong data, e.g. the command does not have the right parameters or a parameter is not correct (size, structure). +-#define SW_FILE_NOT_FOUND (0x6A82) //!< ISO7816-4 defined status word +-#define SW_INCORRECT_P1P2 (0x6A86) //!< ISO7816-4 defined status word: Incorrect P1-P2 parameters +-#define SW_INS_NOT_SUPPORTED (0x6D00) //!< ISO7816-4 defined status word: INS byte not supported +-#define SW_CLA_NOT_SUPPORTED (0x6E00) //!< ISO7816-4 defined status word: CLA byte not supported +-#define SW_NO_ERROR (0x9000) //!< ISO7816-4 defined status word +- +-#define USE_STANDARD_APDU_LEN 0 //!< Create a standard length APDU. +-#define USE_EXTENDED_APDU_LEN 1 //!< Create an extended length APDU. +-#define SESSION_ID_LEN 4 +- +-U8 SetApduHeader(apdu_t * pApdu, U8 extendedLength); +-U8 AllocateAPDUBuffer(apdu_t * pApdu); +-U8 FreeAPDUBuffer(apdu_t * pApdu); +-void smApduAdaptLcLe(apdu_t *pApdu, U16 lc, U16 le); +-void smApduAdaptLc(apdu_t *pApdu, U16 lc); +-void smApduAdaptLe(apdu_t *pApdu, U16 le); +-// U16 GetStatusWord(apdu_t *pApdu); +-U16 smGetSw(apdu_t *pApdu, U8 *pIsOk); +-void set_SessionId_Tlv(U32 sessionId); +- +- +-U16 AddTlvItem(apdu_t * pApdu, U16 tag, U16 dataLength, const U8 *pValue); +-U16 ParseResponse(apdu_t * pApdu, U16 expectedTag, U16 * pLen, U8* pValue); +-U16 AddStdCmdData(apdu_t * pApdu, U16 dataLen, const U8 *data); +- +-U16 smApduGetResponseBody(apdu_t *pApdu, U8 *buf, U16 *bufLen); +-U16 smApduAppendCmdData(apdu_t * pApdu, const U8 *data, U16 dataLen); +-U16 smApduAdaptChkSum(apdu_t *pApdu, U16 chkSum); +- +-/** +- * @brief Check and convert given hex string to array of bytes to buffer. +- * +- * Memory allocation needs to be done by the caller, boundary checks on the output +- * are performed, null-termination is always added. +- * @param[in] str: The binary data to convert. +- * @param[in] buffer: buffer to which converted array to be copied. +- * @param[in] buffer_len: Size of the available buffer for sanity check. +- * @param[out] len: The length of the binary data written to buffer. +- * @return True if conversion is successful. +- */ +-bool smApduGetArrayBytes(char *str, size_t *len, uint8_t * buffer, size_t buffer_len); +- +-/** +- * @brief Parse given apdu command and return command data offset and command data length along with case-id as described in ISO/IEC FDIS 7816-3 spec. +- * +- * @param[in] apdu: Buffer containing APDU command. +- * @param[in] apduLen: The length of APDU command. +- * @param[out] data_offset: Offset of data field if present. +- * @param[out] dataLen: Length of data field (LC field value) if present. +- * @param[out] apdu_case: APDU txrx case accoring to 7816 spec. +- * @return True if APDU command has valid format. +- */ +-bool smApduGetTxRxCase(uint8_t *apdu, size_t apduLen, size_t* data_offset, size_t *dataLen, apduTxRx_case_t *apdu_case); +- +- +-#ifdef __cplusplus +-} +-#endif +-#endif //_SM_APDU_H_ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_api.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_api.h +deleted file mode 100644 +index 6fa2de7321..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_api.h ++++ /dev/null +@@ -1,119 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +-* @par Description +-* This file is the communication specific Host API of the A70CM/CI and A71CH secure module. +-* It also customizes the Generic Ax library for this specific product instance +-* @par History +-* 1.0 27-march-2014 : Initial version +-* 7-may-2017 : Unified version for A70CM, CI and A71CH +-* +-*****************************************************************************/ +-#ifndef _SM_API_ +-#define _SM_API_ +- +-#include "sm_types.h" +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#include +- +-#define AX_HOST_LIB_MAJOR (PLUGANDTRUST_HOSTLIB_VER_MAJOR) //!< Major number A71CH Host Library +-#define AX_HOST_LIB_MINOR (PLUGANDTRUST_HOSTLIB_VER_MINOR) //!< Minor (High Nibble)/Patch number (Low Nibble) of A71CH Host Library +- +-/*! +-* @addtogroup sss_sscp_a71ch +-* @{ +-*/ +- +-#define SE_CONNECT_TYPE_START 0x000 +- +-typedef enum +-{ +- kType_SE_Conn_Type_NONE = 0, +- /** Used for A71XX Family */ +- kType_SE_Conn_Type_SCII2C = SE_CONNECT_TYPE_START + 2, +- /** Used for PC/OSX for virtual COM Port */ +- kType_SE_Conn_Type_VCOM = SE_CONNECT_TYPE_START + 3, +- /** Used for Legacy JRCP V1 protocol with iMX Linux Proxy */ +- kType_SE_Conn_Type_JRCP_V1 = SE_CONNECT_TYPE_START + 4, +- /** Used for New JRCP Protocol */ +- kType_SE_Conn_Type_JRCP_V2 = SE_CONNECT_TYPE_START + 5, +- /** Used for T=1 over I2C for SE050 family */ +- kType_SE_Conn_Type_T1oI2C = SE_CONNECT_TYPE_START + 6, +- /** Used for Use NFC Interface to talk to SE */ +- kType_SE_Conn_Type_NFC = SE_CONNECT_TYPE_START + 7, +- /** Used for Use a software layer to talk to SE +- * This logicaly allows double encryption of packets +- * from same host and allows multi-tenenancy +- * +- * Channel can be deemed as "Secure Channel" where applicable. +- * +- * Or it may be a plain "arbiter" to allow plain communication from +- * multiple threads on the same application. +- */ +- kType_SE_Conn_Type_Channel = SE_CONNECT_TYPE_START + 8, +- +- kType_SE_Conn_Type_PCSC = SE_CONNECT_TYPE_START + 9, +- +- kType_SE_Conn_Type_LAST, +- kType_SE_Conn_Type_SIZE = 0x7FFF +-} SSS_Conn_Type_t; +- +-#define SELECT_APPLET 0 //!< Select predefined applet +-#define SELECT_NONE 1 //!< Don't issue a select +-#define SELECT_SSD 2 //!< Select SSD +- +-/** +- * Contains the information required to resume a connection with the Security Module. +- * Its content is only to be interpreted by the Host Library. +- * The semantics of the param1 and param2 fields depends on the link layer. +- */ +-typedef struct { +- U16 connType; +- U16 param1; //!< Useage depends on link layer +- U16 param2; //!< Useage depends on link layer +- U16 hostLibVersion; //!< MSByte contains major version (::AX_HOST_LIB_MAJOR); LSByte contains minor version of HostLib (::AX_HOST_LIB_MINOR) +- U32 appletVersion; /*!< MSByte contains major version; +- 3 leading bits of LSByte contains minor version of Applet; +- Last bit of LSByte encodes whether Applet is in Debug Mode, a '1' means 'Debug Mode' is available */ +- U16 sbVersion; //!< Expected to be 0x0000 +- U8 select; //!< Applet selection mode +-} SmCommState_t; +- +-/** \name Communication functions +- @{ */ +-U16 SM_Close(void *conn_ctx, U8 mode); +-U16 SM_Connect(void *conn_ctx, SmCommState_t *commState, U8 *atr, U16 *atrLen); +-U16 SM_ConnectWithAID(SmCommState_t *commState, U8* appletAID, U16 appletAIDLen, U8 *atr, U16 *atrLen); +-U16 SM_RjctConnect(void **conn_ctx, const char *connectString, SmCommState_t *commState, U8 *atr, U16 *atrLen); +-U16 SM_RjctConnectWithAID(const char *connectString, SmCommState_t *commState, U8* appletAID, U16 appletAIDLen, U8 *atr, U16 *atrLen); +-U16 SM_I2CConnect(void **conn_ctx, SmCommState_t *commState, U8 *atr, U16 *atrLen, const char *pConnString); +- +-U16 SM_SendAPDU(U8 *cmd, U16 cmdLen, U8 *resp, U16 *respLen); +- +-#if defined(SMCOM_JRCP_V1_AM) +-U16 SM_LockChannel(); +-U16 SM_UnlockChannel(); +-#endif +- +-#if defined(SMCOM_JRCP_V1_AM) +-#define SM_LOCK_CHANNEL() SM_LockChannel() +-#define SM_UNLOCK_CHANNEL() SM_UnlockChannel() +-#else +-#define SM_LOCK_CHANNEL() +-#define SM_UNLOCK_CHANNEL() +-#endif +- +-/** @}*/ +- +-#ifdef __cplusplus +-} +-#endif +-#endif //_SM_API_ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_connect.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_connect.c +deleted file mode 100644 +index d69f8c010a..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_connect.c ++++ /dev/null +@@ -1,655 +0,0 @@ +-/* +- * +- * Copyright 2016-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/* +-* +-* @par History +-* 1.0 1-oct-2016 : Initial version +-* +-* +-*****************************************************************************/ +-/** +-* @file sm_connect.c +-* @par Description +-* Implementation of basic communication functionality between Host and A71CH. +-* (This file was renamed from ``a71ch_com.c`` into ``sm_connect.c``.) +-*/ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#include +-#include +-#include +-#include +-#include +-#include "sm_api.h" +-#include "sm_apdu.h" +-#include "sm_errors.h" +-#include "sm_types.h" +- +-#include "nxLog_smCom.h" +-#include "nxEnsure.h" +- +-/// @cond +- +-//Also do select after opening the connection +-#define OPEN_AND_SELECT 0 +- +-/// @endcond +- +-#ifdef TDA8029_UART +-#include "smComAlpar.h" +-#include "smUart.h" +-#endif +-#if defined(SCI2C) +-#include "smComSCI2C.h" +-#endif +-#if defined(SPI) +-#include "smComSCSPI.h" +-#endif +-#if defined(PCSC) +-#include "smComPCSC.h" +-#endif +-#if defined(SMCOM_JRCP_V1) +-#include "smComSocket.h" +-#endif +-#if defined(SMCOM_JRCP_V2) +-#include "smComJRCP.h" +-#endif +-#if defined(RJCT_VCOM) +-#include "smComSerial.h" +-#endif +-#if defined(T1oI2C) +-#include "smComT1oI2C.h" +-#endif +-#if defined(SMCOM_PN7150) +-#include "smComPN7150.h" +-#endif +-#if defined(SMCOM_THREAD) +-#include "smComThread.h" +-#endif +-#if defined(SMCOM_PCSC) +-#include "smComPCSC.h" +-#endif +-#if defined(SMCOM_RC663_VCOM) +-#include "smComNxpNfcRdLib.h" +-#endif +- +-#include "global_platf.h" +- +-/// @cond Optional diagnostics functionality +-// #define FLOW_VERBOSE +-#ifdef FLOW_VERBOSE +-#define FPRINTF(...) printf(__VA_ARGS__) +-#else +-#define FPRINTF(...) +-#endif +-/// @endcond +- +-#if defined(SMCOM_JRCP_V1) || defined(SMCOM_JRCP_V2) +-static U16 getSocketParams(const char *arg, U8 *szServer, U16 szServerLen, unsigned int *port) +-{ +- // the IP address is in format a.b.c.d:port, e.g. 10.0.0.1:8080 +- int nSuccess; +- U16 rv = SW_OK; +- +- ENSURE_OR_EXIT_WITH_STATUS_ON_ERROR(strlen(arg) < szServerLen, rv, ERR_BUF_TOO_SMALL); +- +- // First attempt at parsing: server IP-address passed, sscanf will return 2 upon successfull parsing +- nSuccess = sscanf(arg, "%15[0-9.]:%5u[0-9]", szServer, (unsigned int *)port); +- +- if (nSuccess == 2) { +- return SW_OK; +- } +- else { +- // Second attempt at parsing: server name passed instead of IP-address +- unsigned int i; +- int fColonFound = 0; +- +- for (i = 0; i < strlen(arg); i++) { +- if (arg[i] == ':') { +- szServer[i] = 0; +- fColonFound = 1; +- // PRINTF("servername: %s\r\n", szServer); +- break; +- } +- else { +- szServer[i] = arg[i]; +- } +- } +- +- if ((fColonFound == 1) && (i != 0)) { +- nSuccess = sscanf(&arg[i], ":%5u[0-9]", (unsigned int *)port); +- ENSURE_OR_EXIT_WITH_STATUS_ON_ERROR(nSuccess != 1, rv, SW_OK); +- } +- } +- rv = ERR_NO_VALID_IP_PORT_PATTERN; +-exit: +- return rv; +-} +- +-/** +-* Establishes communication with the Security Module via a Remote JC Terminal Server +-* (RJCT-Server). +-* Next it will invoke ::SM_Connect and select the A71CH applet on the Secure Module +-* +-* \note Because connecting via an RJCT-server requires an extra parameter (the server IP:Port) +-* an additional function is required on top of ::SM_Connect +-* +-* @param[in,out] connectString ip:port as string +-* @param[in,out] commState +-* @param[in,out] atr +-* @param[in,out] atrLen +-* +-* @retval ::SW_OK Upon successful execution +-*/ +-U16 SM_RjctConnectSocket(void **conn_ctx, const char *connectString, SmCommState_t *commState, U8 *atr, U16 *atrLen) +-{ +- U8 szServer[128]; +- U16 szServerLen = sizeof(szServer); +- U16 rv = 0; +- unsigned int port = 0; +-#if defined(SMCOM_JRCP_V2) +- char hostname[32] = {0}; +-#endif +- +-#ifndef A71_IGNORE_PARAM_CHECK +- if ((connectString == NULL) || (commState == NULL) || (atr == NULL) || (atrLen == 0)) { +- return ERR_API_ERROR; +- } +-#endif +- +- rv = getSocketParams(connectString, szServer, szServerLen, (unsigned int *)&port); +- +-#if defined(SMCOM_JRCP_V1) +- FPRINTF("Connection to secure element over socket to %s\r\n", connectString); +- if (rv != SW_OK) { +- return rv; +- } +- // NOTE-MMA: The usage of the sss type kType_SE_Conn_Type_JRCP_V1 leads to a circular +- // dependency regarding the inclusion of header files. +- // if (commState->connType == kType_SE_Conn_Type_JRCP_V1) { +- rv = smComSocket_Open(conn_ctx, szServer, (U16)port, atr, atrLen); +- // } +- +-#endif +-#if defined(SMCOM_JRCP_V2) +- if (commState->connType == kType_SE_Conn_Type_JRCP_V2) { +- if (sizeof(hostname) < strlen(connectString)) { +- return ERR_API_ERROR; +- } +- strncpy(hostname, connectString, strlen(connectString)); +- rv = smComJRCP_Open(conn_ctx, strtok(hostname, ":"), port); +- } +- +-#endif +- if (rv != SMCOM_OK) { +- LOG_E("Error on smComSocket_Open: 0x%04X\r\n", rv); +- return rv; +- } +- +- if (conn_ctx == NULL) { +- rv = SM_Connect(NULL, commState, atr, atrLen); +- } +- else { +- rv = SM_Connect(*conn_ctx, commState, atr, atrLen); +- } +- +- return rv; +-} +-#endif /* defined(SMCOM_JRCP_V1) || defined (SMCOM_JRCP_V2) */ +- +-#ifdef RJCT_VCOM +-U16 SM_RjctConnectVCOM(void **conn_ctx, const char *connectString, SmCommState_t *commState, U8 *atr, U16 *atrLen) +-{ +- U32 status; +- +-#ifndef A71_IGNORE_PARAM_CHECK +- if ((connectString == NULL) || (commState == NULL) || (atr == NULL) || (atrLen == 0)) { +- return ERR_API_ERROR; +- } +-#endif +- +- status = smComVCom_Open(conn_ctx, connectString); +- +- if (status == 0) { +- if (conn_ctx == NULL) { +- status = smComVCom_GetATR(NULL, atr, atrLen); +- if (status == 0) { +- status = (U16)SM_Connect(NULL, commState, atr, atrLen); +- if (status != SMCOM_OK) { +- SM_Close(NULL, 0); +- } +- } +- else { +- SM_Close(NULL, 0); +- } +- } +- else { +- status = smComVCom_GetATR(*conn_ctx, atr, atrLen); +- if (status == 0) { +- status = (U16)SM_Connect(*conn_ctx, commState, atr, atrLen); +- } +- else { +- SM_Close(NULL, 0); +- } +- } +- } +- else { +- *atrLen = 0; +- } +- +- return (U16)status; +-} +-#endif // RJCT_VCOM +- +-#ifdef SMCOM_RC663_VCOM +-U16 SM_RjctConnectNxpNfcRdLib(void **conn_ctx, const char *connectString, SmCommState_t *commState, U8 *atr, U16 *atrLen) +-{ +- U32 status; +- +- if ((connectString == NULL) || (commState == NULL) || (atr == NULL) || (atrLen == 0)) { +- return ERR_API_ERROR; +- } +- +- status = smComNxpNfcRdLib_OpenVCOM(conn_ctx, connectString); +- +- if (status == 0) { +- status = (U16)SM_Connect(conn_ctx, commState, atr, atrLen); +- } +- else { +- *atrLen = 0; +- } +- if (status == SMCOM_OK) { +- *atrLen = 0; +- } +- +- return (U16)status; +-} +-#endif +- +-#ifdef SMCOM_PCSC +-U16 SM_RjctConnectPCSC(void **conn_ctx, const char *connectString, SmCommState_t *commState, U8 *atr, U16 *atrLen) +-{ +- U32 status = SMCOM_OK; +- +-#ifndef A71_IGNORE_PARAM_CHECK +- if ( //(connectString == NULL) || +- (commState == NULL) || (atr == NULL) || (atrLen == 0)) { +- return ERR_API_ERROR; +- } +-#endif +- +- status = smComPCSC_Open(connectString); +- +- if (status == SMCOM_OK) { +- if (conn_ctx == NULL) { +- status = (U16)SM_Connect(NULL, commState, atr, atrLen); +- } +- else { +- status = (U16)SM_Connect(*conn_ctx, commState, atr, atrLen); +- } +- } +- else { +- *atrLen = 0; +- } +- +- return (U16)status; +-} +-#endif // RJCT_VCOM +- +-U16 SM_RjctConnect(void **conn_ctx, const char *connectString, SmCommState_t *commState, U8 *atr, U16 *atrLen) +-{ +-#if RJCT_VCOM || SMCOM_JRCP_V1 || SMCOM_JRCP_V2 || SMCOM_RC663_VCOM +- bool is_socket = FALSE; +- bool is_vcom = FALSE; +- AX_UNUSED_ARG(is_socket); +- AX_UNUSED_ARG(is_vcom); +-#endif +- +-#if RJCT_VCOM || SMCOM_RC663_VCOM +- if (NULL == connectString) { +- is_vcom = FALSE; +- } +- else if (0 == strncmp("COM", connectString, sizeof("COM") - 1)) { +- is_vcom = TRUE; +- } +- else if (0 == strncmp("\\\\.\\COM", connectString, sizeof("\\\\.\\COM") - 1)) { +- is_vcom = TRUE; +- } +- else if (0 == strncmp("/tty/", connectString, sizeof("/tty/") - 1)) { +- is_vcom = TRUE; +- } +- else if (0 == strncmp("/dev/tty", connectString, sizeof("/dev/tty") - 1)) { +- is_vcom = TRUE; +- } +-#endif +-#if SMCOM_JRCP_V1 || SMCOM_JRCP_V2 +- if (NULL == connectString) { +- LOG_W("connectString is NULL. Aborting."); +- return ERR_NO_VALID_IP_PORT_PATTERN; +- } +- if (NULL != strchr(connectString, ':')) { +- is_socket = TRUE; +- } +-#endif +-#if RJCT_VCOM +- if (is_vcom) { +- return SM_RjctConnectVCOM(conn_ctx, connectString, commState, atr, atrLen); +- } +- else { +- LOG_W("Build is compiled for VCOM. connectString='%s' does not look like COMPort",connectString); +- LOG_W("e.g. connectString are COM3, \\\\.\\COM5, /dev/tty.usbmodem1432301, etc."); +- } +-#endif +-#if SMCOM_RC663_VCOM +- if (is_vcom) { +- return SM_RjctConnectNxpNfcRdLib(conn_ctx, connectString, commState, atr, atrLen); +- } +- else { +- LOG_W("Build is compiled for RC663_VCOM. connectString='%s' does not look like COMPort",connectString); +- LOG_W("e.g. connectString are COM3, \\\\.\\COM5, /dev/tty.usbmodem1432301, etc."); +- } +-#endif +-#if SMCOM_JRCP_V1 || SMCOM_JRCP_V2 +- if (is_socket) { +- return SM_RjctConnectSocket(conn_ctx, connectString, commState, atr, atrLen); +- } +-#endif +-#if SMCOM_PCSC +- if (NULL != commState) { +- return SM_RjctConnectPCSC(conn_ctx, connectString, commState, atr, atrLen); +- } +-#endif +- LOG_W( +- "Can not use connectString='%s' in the current build configuration.\n\tPlease select correct smCom interface " +- "and re-compile!\n", +- connectString); +- return ERR_NO_VALID_IP_PORT_PATTERN; +-} +- +-#if defined(SMCOM_JRCP_V1) || defined(SMCOM_JRCP_V2) || defined(RJCT_VCOM) || \ +- defined(SMCOM_PCSC) +-#else +-U16 SM_I2CConnect(void **conn_ctx, SmCommState_t *commState, U8 *atr, U16 *atrLen, const char *pConnString) +-{ +- U16 status = SMCOM_COM_FAILED; +-#if defined(T1oI2C) +- status = smComT1oI2C_Init(conn_ctx, pConnString); +-#elif defined (SCI2C) +- status = smComSCI2C_Init(conn_ctx, pConnString); +-#endif +- if (status != SMCOM_OK) { +- return status; +- } +- if (conn_ctx == NULL) { +- return SM_Connect(NULL, commState, atr, atrLen); +- } +- else { +- return SM_Connect(*conn_ctx, commState, atr, atrLen); +- } +-} +-#endif +- +-/** +-* Establishes the communication with the Security Module (SM) at the link level and +-* selects the A71CH applet on the SM. The physical communication layer used (e.g. I2C) +-* is determined at compilation time. +-* +-* @param[in,out] commState +-* @param[in,out] atr +-* @param[in,out] atrLen +-* +-* @retval ::SW_OK Upon successful execution +-*/ +-U16 SM_Connect(void *conn_ctx, SmCommState_t *commState, U8 *atr, U16 *atrLen) +-{ +- U16 sw = SW_OK; +-#if !defined(IPC) +- +-#ifdef APPLET_NAME +- unsigned char appletName[] = APPLET_NAME; +-#endif // APPLET_NAME +-#ifdef SSD_NAME +- unsigned char ssdName[] = SSD_NAME; +-#endif +- U16 selectResponseDataLen = 0; +- U8 selectResponseData[256] = {0}; +- U16 uartBR = 0; +- U16 t1BR = 0; +-#endif +-#ifdef TDA8029_UART +- U32 status = 0; +-#endif +- +-#ifndef A71_IGNORE_PARAM_CHECK +- ENSURE_OR_EXIT_WITH_STATUS_ON_ERROR(((commState != NULL) && (atr != NULL) && (atrLen != 0)), sw, ERR_API_ERROR) +-#endif +- +-#ifdef TDA8029_UART +- if ((*atrLen) <= 33) +- return ERR_API_ERROR; +- +- smComAlpar_Init(); +- status = smComAlpar_AtrT1Configure(ALPAR_T1_BAUDRATE_MAX, atr, atrLen, &uartBR, &t1BR); +- if (status != SMCOM_ALPAR_OK) { +- commState->param1 = 0; +- commState->param2 = 0; +- FPRINTF("smComAlpar_AtrT1Configure failed: 0x%08X\r\n", status); +- return ERR_CONNECT_LINK_FAILED; +- } +-#elif defined SMCOM_PN7150 +- sw = smComPN7150_Open(0, 0x00, atr, atrLen); +-#elif defined(SCI2C) +- sw = smComSCI2C_Open(conn_ctx, ESTABLISH_SCI2C, 0x00, atr, atrLen); +-#elif defined(SPI) +- smComSCSPI_Init(ESTABLISH_SCI2C, 0x00, atr, atrLen); +-#elif defined(T1oI2C) +- sw = smComT1oI2C_Open(conn_ctx, ESE_MODE_NORMAL, 0x00, atr, atrLen); +-#elif defined(SMCOM_JRCP_V1) || defined(SMCOM_JRCP_V2) || defined(PCSC) || defined(SMCOM_PCSC) +- if (atrLen != NULL) +- *atrLen = 0; +- AX_UNUSED_ARG(atr); +- AX_UNUSED_ARG(atrLen); +-#elif defined(RJCT_VCOM) +-#elif defined(SMCOM_THREAD) +- sw = smComThread_Open(atr, atrLen); +-#endif // TDA8029_UART +- +-#if !defined(IPC) +- commState->param1 = t1BR; +- commState->param2 = uartBR; +- commState->hostLibVersion = (AX_HOST_LIB_MAJOR << 8) + AX_HOST_LIB_MINOR; +- commState->appletVersion = 0xFFFF; +- commState->sbVersion = 0xFFFF; +- +-#ifdef APPLET_NAME +- if (sw == SMCOM_OK) { +- selectResponseDataLen = sizeof(selectResponseData); +- /* CARD */ +- if (commState->select == SELECT_NONE) { +- /* Use Case just Connect to SE (smCom) and no kind of applet selection */ +- sw = SMCOM_OK; +- selectResponseDataLen = 0; +- } +- else if (commState->select == SELECT_SSD) { +-#ifdef SSD_NAME +- /* Rotate keys Use Case Connect to SE and Select SSD */ +- /* Select SSD */ +- sw = GP_Select(conn_ctx, (U8 *)&ssdName, sizeof(ssdName), selectResponseData, &selectResponseDataLen); +-#else +- sw = SMCOM_COM_FAILED; +-#endif +- } +- else +- { +-#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM || SSS_HAVE_A71CL +- /* Select card manager */ +- GP_Select(conn_ctx, (U8 *)&appletName, 0, selectResponseData, &selectResponseDataLen); +- selectResponseDataLen = sizeof(selectResponseData); +-#endif +- /* Select the applet */ +- sw = GP_Select(conn_ctx, (U8 *)&appletName, APPLET_NAME_LEN, selectResponseData, &selectResponseDataLen); +- } +- +- if (sw == SW_FILE_NOT_FOUND) { +- // Applet can not be selected (most likely it is simply not installed) +- LOG_E("Can not select Applet=%s'", SE_NAME); +- LOG_MAU8_E("Failed (SW_FILE_NOT_FOUND) selecting Applet. ", appletName, APPLET_NAME_LEN); +- return sw; +- } +- else if (sw != SW_OK) { +- LOG_E("SM_CONNECT Failed."); +- sw = ERR_CONNECT_SELECT_FAILED; +- } +- else { +-#ifdef FLOW_VERBOSE +- if (selectResponseDataLen > 0) { +- LOG_MAU8_I("selectResponseData", selectResponseData, selectResponseDataLen); +- } +-#endif // FLOW_VERBOSE +-#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM +- if (selectResponseDataLen >= 2) { +- commState->appletVersion = (selectResponseData[0] << 8) + selectResponseData[1]; +- if (selectResponseDataLen == 4) { +- commState->sbVersion = (selectResponseData[2] << 8) + selectResponseData[3]; +- } +- else if (selectResponseDataLen == 2) { +- commState->sbVersion = 0x0000; +- } +- } +- else { +- sw = ERR_CONNECT_SELECT_FAILED; +- } +-#elif SSS_HAVE_A71CL +- if (selectResponseDataLen == 0) { +- commState->appletVersion = 0; +- commState->sbVersion = 0x0000; +- } +-#endif // SSS_HAVE_A71CH / SSS_HAVE_A71CL +-#if SSS_HAVE_SE05X +- if (selectResponseDataLen == 5 || selectResponseDataLen == 4 || selectResponseDataLen == 7) { +- // 2.2.4 returns 4 bytes, 2.2.4.[A,B,C] +- // 2.3.0 returns 5 bytes, 2.3.0.[v1].[v2] +- // 2.5.3 returns 7 bytes, +- commState->appletVersion = 0; +- commState->appletVersion |= selectResponseData[0]; +- commState->appletVersion <<= 8; +- commState->appletVersion |= selectResponseData[1]; +- commState->appletVersion <<= 8; +- commState->appletVersion |= selectResponseData[2]; +- commState->appletVersion <<= 8; +- // commState->appletVersion |= selectResponseData[3]; +- commState->sbVersion = 0x0000; +- } +- else { +- } +-#endif // SSS_HAVE_SE05X +- } +- } +-#endif /* Applet Name*/ +-#endif // !defined(IPC) +-exit: +- return sw; +-} +- +-/** +- * Closes the communication with the Security Module +- * A new connection can be established by calling ::SM_Connect +- * +- * @param[in] mode Specific information that may be required on the link layer +- * +- * @retval ::SW_OK Upon successful execution +- */ +-U16 SM_Close(void *conn_ctx, U8 mode) +-{ +- U16 sw = SW_OK; +- +-#if defined(SCI2C) +- sw = smComSCI2C_Close(mode); +-#endif +-#if defined(SPI) +- sw = smComSCSPI_Close(mode); +-#endif +-#if defined(PCSC) +- sw = smComPCSC_Close(mode); +-#endif +-#if defined(T1oI2C) +- sw = smComT1oI2C_Close(conn_ctx, mode); +-#endif +-#if defined(SMCOM_JRCP_V1) +- AX_UNUSED_ARG(mode); +- sw = smComSocket_Close(); +-#endif +-#if defined(SMCOM_JRCP_V2) +- AX_UNUSED_ARG(mode); +- sw = smComJRCP_Close(conn_ctx, mode); +-#endif +-#if defined(RJCT_VCOM) +- AX_UNUSED_ARG(mode); +- sw = smComVCom_Close(conn_ctx); +-#endif +-#if defined(SMCOM_THREAD) +- AX_UNUSED_ARG(mode); +- sw = smComThread_Close(); +-#endif +-#if defined(SMCOM_RC663_VCOM) +- AX_UNUSED_ARG(mode); +- smComNxpNfcRdLib_Close(); +-#endif +- smCom_DeInit(); +- +- return sw; +-} +- +-/** +- * Sends the command APDU to the Secure Module and retrieves the response APDU. +- * The latter consists of the concatenation of the response data (possibly none) and the status word (2 bytes). +- * +- * The command APDU and response APDU are not interpreted by the host library. +- * +- * The command/response APDU sizes must lay within the APDU size limitations +- * +- * @param[in] cmd command APDU +- * @param[in] cmdLen length (in byte) of \p cmd +- * @param[in,out] resp response APDU (response data || response status word) +- * @param[in,out] respLen IN: Length of resp buffer (\p resp) provided; OUT: effective length of response retrieved. +- * +- * @retval ::SW_OK Upon successful execution +- */ +-U16 SM_SendAPDU(U8 *cmd, U16 cmdLen, U8 *resp, U16 *respLen) +-{ +- U32 status = 0; +- U32 respLenLocal; +- +-#ifndef A71_IGNORE_PARAM_CHECK +- ENSURE_OR_RETURN_ON_ERROR(((cmd != NULL) && (resp != NULL) && (respLen != NULL)), ERR_API_ERROR); +-#endif +- +- respLenLocal = *respLen; +- +- status = smCom_TransceiveRaw(NULL, cmd, cmdLen, resp, &respLenLocal); +- *respLen = (U16)respLenLocal; +- +- return (U16)status; +-} +- +- +-#if defined(SMCOM_JRCP_V1_AM) +-U16 SM_LockChannel() +-{ +- return smComSocket_LockChannel(); +-} +- +-U16 SM_UnlockChannel() +-{ +- return smComSocket_UnlockChannel(); +-} +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.c +deleted file mode 100644 +index a917089347..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.c ++++ /dev/null +@@ -1,74 +0,0 @@ +-/* +- * +- * Copyright 2016 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +-* @par Description +-* This file implements generic APDU response evaluation. +-* @par History +-* 1.0 20-feb-2012 : Initial version +-* +-*****************************************************************************/ +- +-#include +-#include +- +-#include "scp.h" +-#include "sm_apdu.h" +-#include "sm_errors.h" +-#include "nxLog_hostLib.h" +-#include "nxEnsure.h" +- +-/** +-* Returns the status word of a response APDU when no response data is expected. +-* @param[in] pApdu Pointer to the APDU. +-* @retval ::ERR_WRONG_RESPONSE In case the response contains more than only the status word +-* @returns status word (in case the response is 2 byte long) +-*/ +-U16 CheckNoResponseData(apdu_t * pApdu) +-{ +- U16 rv = ERR_GENERAL_ERROR; +- U8 isOk = 0x00; +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- +- if (pApdu->rxlen != 2) +- { +- // printf("%d: pApdu->rxlen = %d", __LINE__, pApdu->rxlen); +- rv = ERR_WRONG_RESPONSE; +- } +- else +- { +- // printBytestring("CheckNoResponseData", pApdu->pBuf, pApdu->rxlen); +- rv = smGetSw(pApdu, &isOk); +- } +- +-exit: +- return rv; +-} +- +-/** +-* Returns the status word of a response APDU when no response data is expected. +-* @param[in] rawResponse Pointer to the raw response +-* @param[in] rawResponseLen Length of \p rawResponse +-* @retval ::ERR_WRONG_RESPONSE In case the response contains more than only the status word +-* @returns status word (in case the response is 2 byte long) +-*/ +-U16 CheckNoResponseDataRaw(U8 *rawResponse, U16 rawResponseLen) +-{ +- U16 rv = ERR_GENERAL_ERROR; +- ENSURE_OR_GO_EXIT(rawResponse != NULL); +- +- if (rawResponseLen != 2) +- { +- rv = ERR_WRONG_RESPONSE; +- } +- else +- { +- rv = (rawResponse[0] << 8) + rawResponse[1]; +- } +- +-exit: +- return rv; +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.h +deleted file mode 100644 +index b5ba47077a..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_errors.h ++++ /dev/null +@@ -1,31 +0,0 @@ +-/* +- * +- * Copyright 2016 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * +- * @par Description +- * This file provides an interface to generic APDU response evaluation. +- * @par History +- * 1.0 20-feb-2012 : Initial version +- * +- */ +- +-#ifndef _SM_ERRORS_ +-#define _SM_ERRORS_ +- +-#include "apduComm.h" +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-U16 CheckNoResponseData(apdu_t * pApdu); +-U16 CheckNoResponseDataRaw(U8 *rawResponse, U16 rawResponseLen); +- +-#ifdef __cplusplus +-} +-#endif +-#endif //_SM_ERRORS_ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_printf.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_printf.c +deleted file mode 100644 +index cdefce11dc..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_printf.c ++++ /dev/null +@@ -1,32 +0,0 @@ +-/* +- * +- * Copyright 2016 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#include +-#include +- +-#include "sm_printf.h" +- +- +- +-#define MAX_SER_BUF_SIZE (1024) +- +-void sm_printf(uint8_t dev, const char * format, ...) +-{ +- uint8_t buffer[MAX_SER_BUF_SIZE + 1]; +- va_list vArgs; +- +- //dev = dev; // avoids warning; dev can be used to determine output channel +- +- va_start(vArgs, format); +-#if defined(_WIN32) && defined(_MSC_VER) +- vsnprintf_s((char *)buffer, MAX_SER_BUF_SIZE, MAX_SER_BUF_SIZE, (char const *)format, vArgs); +-#else +- vsnprintf((char *)buffer, MAX_SER_BUF_SIZE, (char const *)format, vArgs); +-#endif +- va_end(vArgs); +- +- PRINTF("%s", buffer); +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_types.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_types.h +deleted file mode 100644 +index 56220f1b02..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra/sm_types.h ++++ /dev/null +@@ -1,163 +0,0 @@ +-/* +- * +- * Copyright 2016-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * @par Description +- * This file defines A7-series specific types +- * @par History +- * 1.0 20-feb-2012 : Initial version +- * +- */ +- +-#ifndef _SM_TYPES_H_ +-#define _SM_TYPES_H_ +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#if defined(__GNUC__) || defined(__arm__) || defined(__ICCARM__) +-#include +-#include +-#include +-#endif /* __GNUC__ || __arm__ || iccarm */ +- +-#if defined(__ICCARM__) +-#include "stddef.h" +-#endif /* __ICCARM__ */ +- +-#if defined(_MSC_VER) && _MSC_VER >= 1600 +-#include +-#if _MSC_VER >= 1800 +-#include +-#endif +-#endif /* _MSC_VER */ +- +-typedef uint8_t U8; +-typedef uint16_t U16; +-typedef uint32_t U32; +- +-typedef int8_t S8; +-typedef int16_t S16; +-typedef int32_t S32; +- +-#if !defined(__cplusplus) && !defined(__GNUC__) && !defined(__arm__) && !defined(__ICCARM__) +-#ifdef _MSC_VER +-#if _MSC_VER < 1600 +-typedef unsigned char bool; // C++ and GCC has bool. +-#define false(0) +-#define true(1) +-#endif //_MSC_VER < 1600 +-#else // _MSC_VER +-typedef unsigned char bool; // C++ and GCC has bool. +-#endif +-#endif /* bool */ +- +-#ifndef FALSE +-#define FALSE false +-#endif +- +-#ifndef TRUE +-#define TRUE true +-#endif +- +-/** @define AX_EMBEDDED Plaform is embedded like Kinetis / LPC / i.MX RT / Freedom Series */ +-#if defined(FREEDOM) || defined(IMX_RT) || defined(CPU_LPC54018) || defined(LPC_55x) || defined(QN9090DK6) +-#define AX_EMBEDDED 1 +-#elif defined(AX_EMBEDDED) +-/* OK */ +-#else +-#define AX_EMBEDDED 0 +-#endif +- +-/** +- * Identification of ECC curve. Not all turnkey solutions cover all these ECC curves. +- */ +-typedef enum +-{ +- ECCCurve_NIST_P192 = 0x01, +- ECCCurve_NIST_P224 = 0x02, +- ECCCurve_NIST_P256 = 0x03, /**< NIST Curve with 256 bits */ +- ECCCurve_BrainPoolP192r1 = 0x04, +- ECCCurve_BrainPoolP224r1 = 0x05, +- ECCCurve_BrainPoolP256r1 = 0x06 +-} ECCCurve_t; +- +-/** +- * Identification of hash algorithm +- */ +-typedef enum +-{ +- HASHAlgo_SHA1 = 0x01, +- HASHAlgo_SHA256 = 0x02 +-} HASHAlgo_t; +- +-typedef U16 SM_Error_t; +- +-#define AX_UNUSED_ARG(x) (void)(x) +- +-// The following defines are visible at the smCom layer +-// Because they are also used in the platform specific implementation +-// layer, they have ended up in this include file. +-// They do not belong here from a structural point of view. +-#define SMCOM_CLOSE_MODE_STD 0x00 +-#define SMCOM_CLOSE_MODE_TERMINATE 0x01 +- +-// The following is a set of predefined return values. +- +-/* Don't use +-// Protocol error codes +-#define BAD_SEQ_NUMBER 0x8000 +-#define UNAUTH_CLIENT 0x8001 +-#define SEND_ERROR 0x8002 +-#define UNKNOW_ORDER 0x8003 +-*/ +- +-/* ------------------------------ */ +-// Error/status word +-#define SW_OK (0x9000) //!< Operation successfull +- +-#define ERR_CONNECT_LINK_FAILED (0x7001) +-#define ERR_CONNECT_SELECT_FAILED (0x7002) +-#define ERR_COMM_ERROR (0x7003) //!< Generic communication error +-#define ERR_NO_VALID_IP_PORT_PATTERN (0x8000) +-#define ERR_COM_ALREADY_OPEN (0x7016) //!< Communication link is already open with device +- +-/* Range 0x701x is reserved for Error codes defined in smCom.h */ +-// #define SMCOM_SND_FAILED 0x7010 +-// #define SMCOM_RCV_FAILED 0x7011 +- +-#define ERR_MEMORY (0x7020) //!< Memory allocation error +-#define ERR_GENERAL_ERROR (0x7021) //!< Non-specific error code +-#define ERR_WRONG_RESPONSE (0x7022) //!< Semantic error discovered while parsing APDU response +-#define ERR_API_ERROR (0x7023) //!< Illegal parameter value passed to API +-#define ERR_TLV_MISSING (0x7024) //!< Specific TAG is missing from APDU response +-#define ERR_HASH_COMPARE_FAILS (0x7025) +-#define ERR_BUF_TOO_SMALL (0x7026) //!< Buffer provided is too small +-#define ERR_CRYPTO_ENGINE_FAILED \ +- (0x7027) //!< The crypto engine (implemented underneath a crypto abstraction layer) failed to provide a crypto service. +-#define ERR_PATTERN_COMPARE_FAILED (0x7028) +-#define ERR_NOT_IMPLEMENTED (0x7029) +-#define ERR_FILE_SYSTEM (0x7030) +-#define ERR_NO_PRIVATE_KEY (0x7031) +-#define ERR_IDENT_IDX_RANGE (0x7032) //!< Identifier or Index of Reference Key is out of bounds +-#define ERR_CRC_CHKSUM_VERIFY (0x7033) //!< CRC checksum verify error +-#define ERR_INTERNAL_BUF_TOO_SMALL (0x7034) //!< In A71CH PSP 1.6 this had value 0x7033. Code was already taken by A71CL +- +-#define SCP_OK (SW_OK) +-#define SCP_UNDEFINED_CHANNEL_ID (0x7041) //!< Undefined SCP channel identifier +-#define SCP_FAIL (0x7042) +-#define SCP_CARD_CRYPTOGRAM_FAILS_TO_VERIFY (0x7043) +-#define SCP_PARAMETER_ERROR (0x7044) +- +-#define SCP_RSP_MAC_FAIL (0x7050) //!< MAC on APDU response is not correct +-#define SCP_DECODE_FAIL (0x7051) //!< Encrypted Response did not decode to correctly padded plaintext +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif // _SM_TYPES_H_ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxScp/nxScp03_Com.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxScp/nxScp03_Com.c +deleted file mode 100644 +index 771fbd6705..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxScp/nxScp03_Com.c ++++ /dev/null +@@ -1,429 +0,0 @@ +-/* +-* +-* Copyright 2018,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#if defined(FLOW_VERBOSE) +-#define NX_LOG_ENABLE_SCP_DEBUG 1 +-#endif +- +-#include +-#include +-#include "smCom.h" +-#include +-#include "nxScp03_Apis.h" +-#include "nxEnsure.h" +-#include "se05x_const.h" +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-#if defined(SE05X_MAX_BUF_SIZE_CMD) && (SE05X_MAX_BUF_SIZE_CMD != 1024) +-# error "Expect hard coded for SE05X_MAX_BUF_SIZE_CMD = 1024" +-#endif +-#define NX_SCP03_MAX_BUFFER_SIZE 0x400 /* 0x400 = 1024 */ +-#else +-#if defined(SE05X_MAX_BUF_SIZE_CMD) && (SE05X_MAX_BUF_SIZE_CMD != 892) +-# error "Expect hard coded for SE05X_MAX_BUF_SIZE_CMD = 892" +-#endif +-#define NX_SCP03_MAX_BUFFER_SIZE 0x380 /* 0x380 = 896 */ +-#endif +-/* ************************************************************************** */ +-/* Functions : Private function declaration */ +-/* ************************************************************************** */ +-/** +-* To Apply Encryption on Plain Data +-*/ +- +-static void nxSCP03_PadCommandAPDU(uint8_t *cmdBuf, size_t *pCmdBufLen); +-/** +-* To Maintain chaining of Sent commands +-*/ +-static sss_status_t nxSCP03_Calculate_CommandICV(NXSCP03_DynCtx_t *pdySCP03SessCtx, uint8_t *pIcv); +- +- +-/** +-* To Maintain chaining of Receive commands +-*/ +-static sss_status_t nxpSCP03_Get_ResponseICV(NXSCP03_DynCtx_t *pdySCP03SessCtx, uint8_t *pIcv, bool hasCmd); +-/** +-* To check plain data +-*/ +-static uint16_t nxpSCP03_RestoreSw_RAPDU( +- uint8_t *rspBuf, size_t *pRspBufLen, uint8_t *plaintextResponse, size_t plaintextRespLen, uint8_t *sw); +- +-/** +-* Decrement counter block for ICV calculation +-*/ +-static void nxpSCP03_Dec_CommandCounter(uint8_t *pCtrblock); +- +-sss_status_t nxSCP03_Encrypt_CommandAPDU(NXSCP03_DynCtx_t *pdySCP03SessCtx, uint8_t *cmdBuf, size_t *pCmdBufLen) +-{ +- sss_status_t sss_status = kStatus_SSS_Fail; +- size_t dataLen = 0; +- +- ENSURE_OR_GO_CLEANUP(pCmdBufLen != NULL); +- LOG_D("FN: %s", __FUNCTION__); +- LOG_MAU8_D(" Input:cmdBuf", cmdBuf, *pCmdBufLen); +- +- if (*pCmdBufLen != 0) { +- sss_symmetric_t symm; +- uint8_t iv[16] = {0}; +- uint8_t *pIv = (uint8_t *)iv; +- uint8_t apduPayloadToEncrypt[NX_SCP03_MAX_BUFFER_SIZE] = {0}; +- +- /* Prior to encrypting the data, the data shall be padded as defined in section 4.1.4. +- This padding becomes part of the data field.*/ +- nxSCP03_PadCommandAPDU(cmdBuf, pCmdBufLen); +- sss_status = nxSCP03_Calculate_CommandICV(pdySCP03SessCtx, pIv); +- ENSURE_OR_GO_CLEANUP(sss_status == kStatus_SSS_Success); +- memcpy(apduPayloadToEncrypt, cmdBuf, *pCmdBufLen); +- +- sss_status = sss_host_symmetric_context_init(&symm, +- pdySCP03SessCtx->Enc.keyStore->session, +- &pdySCP03SessCtx->Enc, +- kAlgorithm_SSS_AES_CBC, +- kMode_SSS_Encrypt); +- ENSURE_OR_GO_CLEANUP(sss_status == kStatus_SSS_Success); +- dataLen = *pCmdBufLen; +- LOG_D("Encrypt CommandAPDU"); +- sss_status = sss_host_cipher_one_go(&symm, pIv, SCP_KEY_SIZE, apduPayloadToEncrypt, cmdBuf, dataLen); +- ENSURE_OR_GO_CLEANUP(sss_status == kStatus_SSS_Success); +- LOG_AU8_D(cmdBuf, dataLen); +- LOG_MAU8_D("Output: EncryptedcmdBuf", cmdBuf, dataLen); +- sss_host_symmetric_context_free(&symm); +- } +- else { +- /* Nothing to encrypt */ +- sss_status = kStatus_SSS_Success; +- } +- +- +-cleanup: +- return sss_status; +-} +- +-uint16_t nxpSCP03_Decrypt_ResponseAPDU( +- NXSCP03_DynCtx_t *pdySCP03SessCtx, size_t cmdBufLen, uint8_t *rspBuf, size_t *pRspBufLen, uint8_t hasle) +-{ +- sss_status_t sss_status = kStatus_SSS_Fail; +- uint16_t status = SCP_FAIL; +- sss_algorithm_t algorithm = kAlgorithm_SSS_CMAC_AES; +- sss_mode_t mode = kMode_SSS_Mac; +- sss_mac_t macCtx; +- uint8_t sw[SCP_GP_SW_LEN]; +- uint8_t respMac[SCP_CMAC_SIZE] = {0}; +- size_t signatureLen = sizeof(respMac); +- size_t compareoffset = 0; +- size_t macSize = SCP_CMAC_SIZE; +- uint8_t iv[SCP_IV_SIZE]; +- uint8_t *pIv = (uint8_t *)iv; +- uint8_t response[NX_SCP03_MAX_BUFFER_SIZE]; +- uint8_t plaintextResponse[NX_SCP03_MAX_BUFFER_SIZE]; +- sss_algorithm_t algorithm_aes = kAlgorithm_SSS_AES_CBC; +- sss_mode_t mode_aes = kMode_SSS_Decrypt; +- sss_symmetric_t symm; +- size_t actualRespLen = 0; +- +- ENSURE_OR_GO_EXIT(pRspBufLen != NULL); +- ENSURE_OR_GO_EXIT(pdySCP03SessCtx != NULL); +- ENSURE_OR_GO_EXIT(rspBuf != NULL); +- +- LOG_D("FN: %s", __FUNCTION__); +- LOG_MAU8_D(" Input:rspBuf", rspBuf, *pRspBufLen); +- +- +- if (*pRspBufLen >= (SCP_COMMAND_MAC_SIZE + SCP_GP_SW_LEN)) { +- memcpy(sw, &(rspBuf[*pRspBufLen - SCP_GP_SW_LEN]), SCP_GP_SW_LEN); +- +- sss_status = sss_host_mac_context_init( +- &macCtx, pdySCP03SessCtx->Rmac.keyStore->session, &pdySCP03SessCtx->Rmac, algorithm, mode); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- +- sss_status = sss_host_mac_init(&macCtx); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- +- sss_status = sss_host_mac_update(&macCtx, pdySCP03SessCtx->MCV, macSize); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- +- sss_status = sss_host_mac_update(&macCtx, rspBuf, *pRspBufLen - SCP_COMMAND_MAC_SIZE - SCP_GP_SW_LEN); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- +- sss_status = sss_host_mac_update(&macCtx, sw, SCP_GP_SW_LEN); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- +- sss_status = sss_host_mac_finish(&macCtx, respMac, &signatureLen); +- +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- LOG_MAU8_D(" Calculated RMAC :", respMac, signatureLen); +- sss_host_mac_context_free(&macCtx); +- LOG_D("Verify MAC"); +- // Do a comparison of the received and the calculated mac +- compareoffset = *pRspBufLen - SCP_COMMAND_MAC_SIZE - SCP_GP_SW_LEN; +- if (memcmp(respMac, &rspBuf[compareoffset], SCP_COMMAND_MAC_SIZE) != 0) { +- LOG_E(" RESPONSE MAC DID NOT VERIFY %04X", status); +- return status; +- } +- } +- +- LOG_D("RMAC verified successfully...Decrypt Response Data"); +- // Decrypt Response Data Field in case Reponse Mac verified OK +- if (*pRspBufLen > (SCP_COMMAND_MAC_SIZE + SCP_GP_SW_LEN)) { +- // There is data payload in response +- size_t dataLen = 0; +- memcpy(response, rspBuf, (*pRspBufLen) - (SCP_COMMAND_MAC_SIZE + SCP_GP_SW_LEN)); +- //LOG_MAU8_D(" EncResponse", response, (*pRspBufLen) - 10); +- +- memcpy(sw, &(rspBuf[*pRspBufLen - SCP_GP_SW_LEN]), SCP_GP_SW_LEN); +- LOG_MAU8_D("Status Word: ", sw, 2); +- +- // Calculate ICV to decrypt the response +- sss_status = nxpSCP03_Get_ResponseICV(pdySCP03SessCtx, pIv, cmdBufLen == 0 ? FALSE : TRUE); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- +- sss_status = sss_host_symmetric_context_init( +- &symm, pdySCP03SessCtx->Enc.keyStore->session, &pdySCP03SessCtx->Enc, algorithm_aes, mode_aes); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- +- dataLen = (*pRspBufLen) - (SCP_COMMAND_MAC_SIZE + SCP_GP_SW_LEN); +- LOG_D("Decrypt the response"); +- // Decrypt the response +- sss_status = sss_host_cipher_one_go(&symm, pIv, SCP_KEY_SIZE, response, plaintextResponse, dataLen); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- +- LOG_MAU8_D("PlainText", plaintextResponse, (*pRspBufLen) - (SCP_COMMAND_MAC_SIZE + SCP_GP_SW_LEN)); +- sss_host_symmetric_context_free(&symm); +- actualRespLen = (*pRspBufLen) - (SCP_COMMAND_MAC_SIZE + SCP_GP_SW_LEN); +- /*Remove the padding from the plaintextResponse*/ +- sss_status = kStatus_SSS_Fail; +- status = nxpSCP03_RestoreSw_RAPDU(rspBuf, pRspBufLen, plaintextResponse, actualRespLen, sw); +- if (status == SCP_OK) { +- sss_status = kStatus_SSS_Success; +- } +- } +- else if ((*pRspBufLen) == (SCP_COMMAND_MAC_SIZE + SCP_GP_SW_LEN)) { +- // There's no data payload in response +- memcpy(rspBuf, sw, SCP_GP_SW_LEN); +- *pRspBufLen = SCP_GP_SW_LEN; +- sss_status = kStatus_SSS_Success; +- } +- +- if (sss_status == kStatus_SSS_Success) { +- status = SCP_OK; +- } +- +- if (((pdySCP03SessCtx->authType == kSSS_AuthType_AESKey) || (pdySCP03SessCtx->authType == kSSS_AuthType_ECKey)) || +- ((pdySCP03SessCtx->authType == kSSS_AuthType_SCP03) && cmdBufLen > 0)) { +- status = SCP_OK; +- nxpSCP03_Inc_CommandCounter(pdySCP03SessCtx); +- } +- +-exit: +- return status; +-} +- +-static uint16_t nxpSCP03_RestoreSw_RAPDU( +- uint8_t *rspBuf, size_t *pRspBufLen, uint8_t *plaintextResponse, size_t plaintextRespLen, uint8_t *sw) +-{ +- uint16_t status = SCP_DECODE_FAIL; +- size_t i; +- int removePaddingOk = 0; +- +- i = plaintextRespLen; +- +- ENSURE_OR_GO_EXIT(pRspBufLen != NULL); +- ENSURE_OR_GO_EXIT(plaintextResponse != NULL); +- ENSURE_OR_GO_EXIT(rspBuf != NULL); +- ENSURE_OR_GO_EXIT(sw != NULL); +- +- LOG_D("FN: %s", __FUNCTION__); +- +- while ((i > 1) && (i > (plaintextRespLen - SCP_KEY_SIZE))) { +- if (plaintextResponse[i - 1] == 0x00) { +- i--; +- } +- else if (plaintextResponse[i - 1] == SCP_DATA_PAD_BYTE) { +- // We have found padding delimitor +- memcpy(&plaintextResponse[i - 1], sw, SCP_GP_SW_LEN); +- memcpy(rspBuf, plaintextResponse, i + 1); +- *pRspBufLen = (i + 1); +- removePaddingOk = 1; +- LOG_MAU8_D("PlainText+SW", rspBuf, *pRspBufLen); +- break; +- } +- else { +- // We've found a non-padding character while removing padding +- // Most likely the cipher text was not properly decoded. +- LOG_E("RAPDU Decoding failed No Padding found %04X", status); +- break; +- } +- } +- +- if (removePaddingOk == 0) { +- return status; +- } +- status = SCP_OK; +-exit: +- return status; +-} +- +-static sss_status_t nxpSCP03_Get_ResponseICV(NXSCP03_DynCtx_t *pdySCP03SessCtx, uint8_t *pIcv, bool hasCmd) +-{ +- uint8_t ivZero[SCP_IV_SIZE] = { +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; +- sss_status_t status = kStatus_SSS_Fail; +- sss_symmetric_t symm; +- size_t dataLen = 0; +- uint8_t paddedCounterBlock[SCP_IV_SIZE] = { +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; +- +- ENSURE_OR_GO_EXIT(pdySCP03SessCtx != NULL); +- LOG_D("FN: %s", __FUNCTION__); +- +- memcpy(paddedCounterBlock, pdySCP03SessCtx->cCounter, SCP_KEY_SIZE); +- if ((pdySCP03SessCtx->authType == kSSS_AuthType_SCP03) && (!hasCmd)) { +- nxpSCP03_Dec_CommandCounter(paddedCounterBlock); +- } +- paddedCounterBlock[0] = SCP_DATA_PAD_BYTE; // MSB padded with 0x80 Section 6.2.7 of SCP03 spec +- +- LOG_MAU8_D(" Input:Data", paddedCounterBlock, SCP_KEY_SIZE); +- +- status = sss_host_symmetric_context_init(&symm, +- pdySCP03SessCtx->Enc.keyStore->session, +- &pdySCP03SessCtx->Enc, +- kAlgorithm_SSS_AES_CBC, +- kMode_SSS_Encrypt); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- dataLen = SCP_KEY_SIZE; +- status = sss_host_cipher_one_go(&symm, ivZero, SCP_KEY_SIZE, paddedCounterBlock, pIcv, dataLen); +- sss_host_symmetric_context_free(&symm); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- LOG_MAU8_D(" Output:RespICV", pIcv, dataLen); +-exit: +- return status; +-} +- +-void nxpSCP03_Inc_CommandCounter(NXSCP03_DynCtx_t *pdySCP03SessCtx) +-{ +- int i = 15; +- ENSURE_OR_GO_EXIT(pdySCP03SessCtx != NULL); +- while (i > 0) { +- if (pdySCP03SessCtx->cCounter[i] < 255) { +- pdySCP03SessCtx->cCounter[i] += 1; +- break; +- } +- else { +- pdySCP03SessCtx->cCounter[i] = 0; +- i--; +- } +- } +- +- LOG_MAU8_D("Inc_CommandCounter value ", pdySCP03SessCtx->cCounter, SCP_KEY_SIZE); +-exit: +- return; +-} +- +-static void nxpSCP03_Dec_CommandCounter(uint8_t *pCtrblock) +-{ +- int i = 15; +- ENSURE_OR_GO_EXIT(pCtrblock != NULL); +- while (i > 0) { +- if (pCtrblock[i] == 0) { +- pCtrblock[i] = 0xFF; +- i--; +- } +- else { +- pCtrblock[i]--; +- break; +- } +- } +-exit: +- return; +-} +- +-sss_status_t nxpSCP03_CalculateMac_CommandAPDU( +- NXSCP03_DynCtx_t *pdySCP03SessCtx, uint8_t *pCmdBuf, size_t cmdBufLen, uint8_t *mac, size_t *macLen) +-{ +- sss_status_t sss_status = kStatus_SSS_Fail; +- sss_mac_t macCtx; +- sss_algorithm_t algorithm = kAlgorithm_SSS_CMAC_AES; +- sss_mode_t mode = kMode_SSS_Mac; +- +- ENSURE_OR_GO_EXIT(pdySCP03SessCtx != NULL); +- ENSURE_OR_GO_EXIT(mac != NULL); +- LOG_D("FN: %s", __FUNCTION__); +- LOG_MAU8_D("Input: cmdBuf", pCmdBuf, cmdBufLen); +- +- sss_status = +- sss_host_mac_context_init(&macCtx, pdySCP03SessCtx->Mac.keyStore->session, &pdySCP03SessCtx->Mac, algorithm, mode); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- +- sss_status = sss_host_mac_init(&macCtx); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- +- sss_status = sss_host_mac_update(&macCtx, pdySCP03SessCtx->MCV, SCP_KEY_SIZE); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- +- sss_status = sss_host_mac_update(&macCtx, pCmdBuf, cmdBufLen); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- +- sss_status = sss_host_mac_finish(&macCtx, mac, macLen); +- ENSURE_OR_GO_EXIT(sss_status == kStatus_SSS_Success); +- LOG_MAU8_D("Output: mac", mac, SCP_COMMAND_MAC_SIZE); +- sss_host_mac_context_free(&macCtx); +- // Store updated mcv! +- memcpy(pdySCP03SessCtx->MCV, mac, SCP_MCV_LEN); +- +-exit: +- return sss_status; +-} +- +-static sss_status_t nxSCP03_Calculate_CommandICV(NXSCP03_DynCtx_t *pdySCP03SessCtx, uint8_t *pIcv) +-{ +- uint8_t ivZero[SCP_KEY_SIZE] = { +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; +- sss_status_t status = kStatus_SSS_Fail; +- sss_symmetric_t symm; +- size_t dataLen = 0; +- +- ENSURE_OR_GO_EXIT(pdySCP03SessCtx != NULL); +- LOG_D("FN: %s", __FUNCTION__); +- +- +- status = sss_host_symmetric_context_init(&symm, +- pdySCP03SessCtx->Enc.keyStore->session, +- &pdySCP03SessCtx->Enc, +- kAlgorithm_SSS_AES_CBC, +- kMode_SSS_Encrypt); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- dataLen = SCP_KEY_SIZE; +- status = sss_host_cipher_one_go(&symm, ivZero, SCP_KEY_SIZE, pdySCP03SessCtx->cCounter, pIcv, dataLen); +- sss_host_symmetric_context_free(&symm); +- LOG_MAU8_D(" Output:", pIcv, SCP_COMMAND_MAC_SIZE); +-exit: +- return status; +-} +- +-static void nxSCP03_PadCommandAPDU(uint8_t *cmdBuf, size_t *pCmdBufLen) +-{ +- uint16_t zeroBytesToPad = 0; +- +- ENSURE_OR_GO_EXIT(pCmdBufLen != NULL); +- ENSURE_OR_GO_EXIT(cmdBuf != NULL); +- LOG_D("FN: %s", __FUNCTION__); +- LOG_MAU8_D("Input: cmdBuf", cmdBuf, *pCmdBufLen); +- // pad the payload and adjust the length of the APDU +- cmdBuf[(*pCmdBufLen)] = SCP_DATA_PAD_BYTE; +- *pCmdBufLen += 1; +- zeroBytesToPad = (SCP_KEY_SIZE - ((*pCmdBufLen) % SCP_KEY_SIZE)) % SCP_KEY_SIZE; +- +- while (zeroBytesToPad > 0) { +- cmdBuf[(*pCmdBufLen)] = 0x00; +- *pCmdBufLen += 1; +- zeroBytesToPad--; +- } +- LOG_MAU8_D("Ouput: cmdBuf", cmdBuf, *pCmdBufLen); +- +-exit: +- return; +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.c +deleted file mode 100644 +index c3122bb21d..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.c ++++ /dev/null +@@ -1,390 +0,0 @@ +-/* +-* +-* Copyright 2018,2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#include +-#include +-#include +-#include +- +-#include "sm_printf.h" +- +-#if USE_RTOS +-#include "FreeRTOS.h" +-#include "semphr.h" +-#endif +- +-#if (__GNUC__ && !AX_EMBEDDED) || (USE_RTOS) || (__MBED__) +-#define USE_LOCK 1 +-#else +-#define USE_LOCK 0 +-#endif +-#if defined(_MSC_VER) +-#include +-#endif +- +-#define COLOR_RED "\033[0;31m" +-#define COLOR_GREEN "\033[0;32m" +-#define COLOR_YELLOW "\033[0;33m" +-#define COLOR_BLUE "\033[0;34m" +-#define COLOR_RESET "\033[0m" +- +-#define szCRLF "\r\n" +-#define szLF "\n" +- +-static void setColor(int level); +-static void reSetColor(void); +- +-#if defined(_MSC_VER) +-static HANDLE sStdOutConsoleHandle = INVALID_HANDLE_VALUE; +-static void msvc_setColor(int level); +-static void msvc_reSetColor(void); +-#define szEOL szLF +-#endif +- +-#if defined(__GNUC__) && !defined(__ARMCC_VERSION) +-#include +-static void ansi_setColor(int level); +-static void ansi_reSetColor(void); +-#if AX_EMBEDDED +-#define szEOL szCRLF +-#else +-#define szEOL szLF +-#endif +-#endif /* __GNUC__ && !defined(__ARMCC_VERSION) */ +- +-#ifndef szEOL +-#define szEOL szCRLF +-#endif +- +-/* Set this to do not widen the logs. +- * +- * When set to 0, and logging is verbose, it looks like this +- * +- * APDU:DEBUG:ReadECCurveList [] +- * smCom:DEBUG:Tx> (Len=4) +- * 80 02 0B 25 +- * smCom:DEBUG: (Len=4) +- * => 80 02 0B 25 +- * smCom:DEBUG: 41 82 00 11 01 01 02 01 01 01 01 01 01 01 01 01 +- * 01 01 01 01 01 90 00 +- * +- */ +-#define COMPRESSED_LOGGING_STYLE 0 +- +-/* Set this to 1 if you want colored logs with GCC based compilers */ +-#define USE_COLORED_LOGS 1 +- +-#if NX_LOG_SHORT_PREFIX +-static const char *szLevel[] = {"E", "W", "I", "D"}; +-#else +-static const char *szLevel[] = {"ERROR", "WARN ", "INFO ", "DEBUG"}; +-#endif +- +-#if AX_EMBEDDED +-#define TAB_SEPRATOR "\t" +-#else +-#define TAB_SEPRATOR " " +-#endif +- +-#if defined(SMCOM_JRCP_V2) +-#include "smCom.h" +-#endif +- +-#if USE_RTOS +-static SemaphoreHandle_t gLogginglock; +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +-#include +-/* Only for base session with os */ +-static pthread_mutex_t gLogginglock; +-#elif __MBED__ +-#include "cmsis_os2.h" +-#include "mbed_rtos_storage.h" +- static osSemaphoreId_t gLogginglock; +- static mbed_rtos_storage_semaphore_t gLogginglock_mem; +-#endif +-static void nLog_AcquireLock(); +-static void nLog_ReleaseLock(); +-#if USE_LOCK +-static uint8_t lockInitialised = false; +-#endif +-static void nLog_AcquireLock() +-{ +-#if USE_LOCK +- if (lockInitialised) { +-#if USE_RTOS +- if (xSemaphoreTake(gLogginglock, portMAX_DELAY) != pdTRUE) { +- PRINTF("Acquiring logging semaphore failed"); +- } +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +- if (pthread_mutex_lock(&gLogginglock) != 0) { +- PRINTF("Acquiring logging mutext failed"); +- } +-#elif __MBED__ +- if (osSemaphoreAcquire(gLogginglock, 0) != osOK) { +- PRINTF("Acquiring logging mutext failed\n"); +- } +-#endif +- } +-#endif +-} +- +-static void nLog_ReleaseLock() +-{ +-#if USE_LOCK +- if (lockInitialised) { +-#if USE_RTOS +- if (xSemaphoreGive(gLogginglock) != pdTRUE) { +- PRINTF("Releasing logging semaphore failed"); +- } +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +- if (pthread_mutex_unlock(&gLogginglock) != 0) { +- PRINTF("Releasing logging semaphore failed"); +- } +-#elif __MBED__ +- if (osSemaphoreRelease(gLogginglock) != osOK) { +- PRINTF("Releasing logging semaphore failed\n"); +- } +-#endif +- } +-#endif +-} +- +-uint8_t nLog_Init() +-{ +-#if USE_LOCK +-#if USE_RTOS +- gLogginglock = xSemaphoreCreateMutex(); +- if (gLogginglock == NULL) { +- PRINTF("xSemaphoreCreateMutex failed"); +- return 1; +- } +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +- if (pthread_mutex_init(&gLogginglock, NULL) != 0) { +- PRINTF("pthread_mutex_init failed"); +- return 1; +- } +-#elif __MBED__ +- osSemaphoreAttr_t attr; +- attr.name = NULL; +- attr.attr_bits = 0; +- attr.cb_mem = &gLogginglock_mem; +- attr.cb_size = sizeof gLogginglock_mem; +- gLogginglock = osSemaphoreNew(1, 0, &attr); +- if (gLogginglock == NULL) { +- PRINTF("xSemaphoreCreateMutex failed"); +- return 1; +- } +-#endif +- lockInitialised = true; +-#endif +- return 0; +-} +- +-void nLog_DeInit() +-{ +-#if USE_LOCK +-#if USE_RTOS +- if (gLogginglock != NULL) { +- vSemaphoreDelete(gLogginglock); +- gLogginglock = NULL; +- } +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +- pthread_mutex_destroy(&gLogginglock); +-#elif __MBED__ +- if (gLogginglock != NULL) { +- osSemaphoreRelease(gLogginglock); +- gLogginglock = NULL; +- } +-#endif +- lockInitialised = false; +-#endif +-} +- +-/* Used for scenarios other than LPC55S_NS */ +-void nLog(const char *comp, int level, const char *format, ...) +-{ +- nLog_AcquireLock(); +- setColor(level); +- PRINTF("%-6s:%s:", comp, szLevel[level-1]); +- if (format == NULL) { +- /* Nothing */ +-#ifdef SMCOM_JRCP_V2 +- smCom_Echo(NULL, comp, szLevel[level-1], ""); +-#endif // SMCOM_JRCP_V2 +- } +- else if (format[0] == '\0') { +- /* Nothing */ +-#ifdef SMCOM_JRCP_V2 +- smCom_Echo(NULL, comp, szLevel[level-1], ""); +-#endif // SMCOM_JRCP_V2 +- } +- else { +- char buffer[256]; +- size_t size_buff = sizeof(buffer) / sizeof(buffer[0]) - 1; +- va_list vArgs; +- va_start(vArgs, format); +- vsnprintf(buffer, size_buff, format, vArgs); +- va_end(vArgs); +- PRINTF("%s", buffer); +-#ifdef SMCOM_JRCP_V2 +- smCom_Echo(NULL, comp, szLevel[level-1], buffer); +-#endif // SMCOM_JRCP_V2 +- } +- reSetColor(); +- PRINTF(szEOL); +- nLog_ReleaseLock(); +-} +- +-void nLog_au8(const char *comp, int level, const char *message, const unsigned char *array, size_t array_len) +-{ +- size_t i; +- nLog_AcquireLock(); +- setColor(level); +- PRINTF("%-6s:%s:%s (Len=%" PRId32 ")", comp, szLevel[level-1], message, (int32_t)array_len); +- for (i = 0; i < array_len; i++) { +- if (0 == (i % 16)) { +- PRINTF(szEOL); +- if (0 == i) { +-#if COMPRESSED_LOGGING_STYLE +- PRINTF("=>"); +-#endif +- PRINTF(TAB_SEPRATOR); +- } +- else { +- PRINTF(TAB_SEPRATOR); +- } +- } +-#if !COMPRESSED_LOGGING_STYLE +- if (0 == (i % 4)) { +- PRINTF(TAB_SEPRATOR); +- } +-#endif +- PRINTF("%02X ", array[i]); +- } +- reSetColor(); +- PRINTF(szEOL); +- nLog_ReleaseLock(); +-} +- +-static void setColor(int level) +-{ +-#if defined(_MSC_VER) +- msvc_setColor(level); +-#endif +-#if defined(__GNUC__) && !defined(__ARMCC_VERSION) +- ansi_setColor(level); +-#endif +-} +- +-static void reSetColor(void) +-{ +-#if defined(_MSC_VER) +- msvc_reSetColor(); +-#endif +-#if defined(__GNUC__) && !defined(__ARMCC_VERSION) +- ansi_reSetColor(); +-#endif +-} +- +-#if defined(_MSC_VER) && USE_COLORED_LOGS +-static void msvc_setColor(int level) +-{ +-#if USE_COLORED_LOGS +- WORD wAttributes = 0; +- if (sStdOutConsoleHandle == INVALID_HANDLE_VALUE) { +- sStdOutConsoleHandle = GetStdHandle(STD_OUTPUT_HANDLE); +- } +- switch (level) { +- case NX_LEVEL_ERROR: +- wAttributes = FOREGROUND_RED | FOREGROUND_INTENSITY; +- break; +- case NX_LEVEL_WARN: +- wAttributes = FOREGROUND_RED | FOREGROUND_BLUE | FOREGROUND_INTENSITY; +- break; +- case NX_LEVEL_INFO: +- wAttributes = FOREGROUND_GREEN; +- break; +- case NX_LEVEL_DEBUG: +- /* As of now put color here. All normal printfs would be in WHITE +- * Later, remove this color. +- */ +- wAttributes = FOREGROUND_RED | FOREGROUND_GREEN; +- break; +- default: +- wAttributes = FOREGROUND_BLUE | FOREGROUND_GREEN | FOREGROUND_RED; +- } +- SetConsoleTextAttribute(sStdOutConsoleHandle, wAttributes); +-#endif // USE_COLORED_LOGS +-} +- +-static void msvc_reSetColor() +-{ +-#if USE_COLORED_LOGS +- msvc_setColor(-1 /* default */); +-#endif // USE_COLORED_LOGS +-} +-#endif +- +-#if defined(__GNUC__) && !defined(__ARMCC_VERSION) +-static void ansi_setColor(int level) +-{ +-#if USE_COLORED_LOGS +-#if !AX_EMBEDDED +- if (!isatty(fileno(stdout))) { +- return; +- } +-#endif +- +- switch (level) { +- case NX_LEVEL_ERROR: +- PRINTF(COLOR_RED); +- break; +- case NX_LEVEL_WARN: +- PRINTF(COLOR_YELLOW); +- break; +- case NX_LEVEL_INFO: +- PRINTF(COLOR_BLUE); +- break; +- case NX_LEVEL_DEBUG: +- /* As of now put color here. All normal printfs would be in WHITE +- * Later, remove this color. +- */ +- PRINTF(COLOR_GREEN); +- break; +- default: +- PRINTF(COLOR_RESET); +- } +-#endif // USE_COLORED_LOGS +-} +- +-static void ansi_reSetColor() +-{ +-#if USE_COLORED_LOGS +-#if !AX_EMBEDDED +- if (!isatty(fileno(stdout))) { +- return; +- } +-#endif +- PRINTF(COLOR_RESET); +-#endif // USE_COLORED_LOGS +-} +-#endif +- +-#ifdef __cplusplus +-} +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.h +deleted file mode 100644 +index a520a5704e..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog.h ++++ /dev/null +@@ -1,107 +0,0 @@ +-/* +-* +-* Copyright 2018 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef NX_LOG_H +-#define NX_LOG_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-/* +- * +- * Overview +- * ========================================== +- * +- * These set of files help control logging levels in +- * the applicaiton. +- * +- * The overall idea is to +- * - Control logging at mutiple levels +- * - Fine gain control of logging +- * - Easy for the devleoper to add log messages +- * - Easy for the devleoper to add/remove log components +- * - Focus on embedded systems +- * +- * +- * Control logging at mutiple levels +- * ========================================== +- * +- * Each component can log one of the following levels. +- * DEBUG - For the developer. Too much verbsity. +- * INFO - General Information. Easy for end user to keep track what is happening. +- * WARN - Some error occured, but can be handled +- * ERROR - Some erro roccured, but no nice way to handle +- * +- * For each level, the logging APIs, LOG_D, LOG_I, LOG_W, LOG_E are available. +- * +- * +- * Fine gain control of logging +- * ========================================== +- * +- * Each component get's its own logging file. +- * e.g. nxLog_SSS.h for SSS Layer, nxLog_UseCase.h for use cases. +- * SSS Layer and UseCase layer's source files include these individual files +- * and with that they can control logging level. +- * +- * Common `nxLog_Config.h` can control the logging levels, +- * or individual source files can control their logging levels. +- * +- * Easy for the devleoper to add log messages +- * ========================================== +- * +- * Within the source code, only include the file for the given component, e.g. `nxLog_SSS.h`. +- * And only call LOG_D, LOG_E, etc. within that file. +- * +- * +- * Easy for the devleoper to add/remove log components +- * =========================================================================== +- * +- * When not required, the files like `nxLog_SSS.h` can be deleted. And when needed +- * the script nxLog_Gen.py can be run: +- * +- * python nxLog_Gen.py +- * +- * +- * Focus on embedded systems +- * =========================================================================== +- * +- * Do not take loging level information at run time, but at compile time. +- * This enables to reduce the code size. +- * +- * +- **/ +- +-#include +-#include +- +-#define NX_LEVEL_DEBUG 4 +-#define NX_LEVEL_INFO 3 +-#define NX_LEVEL_WARN 2 +-#define NX_LEVEL_ERROR 1 +- +-#define NX_LOG_D +-#define NX_LOG_I +-#define NX_LOG_W +-#define NX_LOG_E +- +-/* +- * Initialised the multithreading locks if running on Native or FreeRtos. +- * If running on system where mutex or semaphore is not available, return +- * success without doing anything. +- */ +-uint8_t nLog_Init(); +-void nLog_DeInit(); +- +-void nLog(const char *comp, int level, const char *format, ...); +- +-void nLog_au8(const char *comp, int level, const char *message, const unsigned char *array, size_t array_len); +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_App.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_App.h +deleted file mode 100644 +index c2ad1f90b5..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_App.h ++++ /dev/null +@@ -1,183 +0,0 @@ +-/* +-* +-* Copyright 2018 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef NX_LOG_APP_H +-#define NX_LOG_APP_H +- +-#include +- +-/* ############################################################ */ +-/* ## AUTO Generated ########################################## */ +-/* ############################################################ */ +- +-/* Default configuration file */ +-#include +- +-/* clang-format off */ +- +-/* Check if we are double defining these macros */ +-#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) +-/* This should not happen. The only reason this could happn is double inclusion of different log files. */ +-# error "LOG_ macro already defined" +-#endif /* LOG_E */ +- +-/* Enable/Set log levels for 'App' - start */ +-/* If source file, or nxLog_Config.h has not set it, set these defines +- * +- * Do not #undef these values, rather set to 0/1. This way we can +- * jump to definition and avoid plain-old-text-search to jump to +- * undef. */ +- +-#ifndef NX_LOG_ENABLE_APP_DEBUG +-# define NX_LOG_ENABLE_APP_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) +-#endif +-#ifndef NX_LOG_ENABLE_APP_INFO +-# define NX_LOG_ENABLE_APP_INFO (NX_LOG_ENABLE_APP_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) +-#endif +-#ifndef NX_LOG_ENABLE_APP_WARN +-# define NX_LOG_ENABLE_APP_WARN (NX_LOG_ENABLE_APP_INFO + NX_LOG_ENABLE_DEFAULT_WARN) +-#endif +-#ifndef NX_LOG_ENABLE_APP_ERROR +-# define NX_LOG_ENABLE_APP_ERROR (NX_LOG_ENABLE_APP_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) +-#endif +- +-/* Enable/Set log levels for 'App' - end */ +- +-#if NX_LOG_ENABLE_APP_DEBUG +-# define LOG_DEBUG_ENABLED 1 +-# define LOG_D(format, ...) \ +- nLog("App", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) +-# define LOG_X8_D(VALUE) \ +- nLog("App", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_D(VALUE) \ +- nLog("App", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_D(VALUE) \ +- nLog("App", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_D(VALUE) \ +- nLog("App", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_D(VALUE) \ +- nLog("App", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_D(VALUE) \ +- nLog("App", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_D(ARRAY,LEN) \ +- nLog_au8("App", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ +- nLog_au8("App", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_DEBUG_ENABLED 0 +-# define LOG_D(...) +-# define LOG_X8_D(VALUE) +-# define LOG_U8_D(VALUE) +-# define LOG_X16_D(VALUE) +-# define LOG_U16_D(VALUE) +-# define LOG_X32_D(VALUE) +-# define LOG_U32_D(VALUE) +-# define LOG_AU8_D(ARRAY, LEN) +-# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_APP_INFO +-# define LOG_INFO_ENABLED 1 +-# define LOG_I(format, ...) \ +- nLog("App", NX_LEVEL_INFO, format, ##__VA_ARGS__) +-# define LOG_X8_I(VALUE) \ +- nLog("App", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_I(VALUE) \ +- nLog("App", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_I(VALUE) \ +- nLog("App", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_I(VALUE) \ +- nLog("App", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_I(VALUE) \ +- nLog("App", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_I(VALUE) \ +- nLog("App", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_I(ARRAY,LEN) \ +- nLog_au8("App", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ +- nLog_au8("App", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_INFO_ENABLED 0 +-# define LOG_I(...) +-# define LOG_X8_I(VALUE) +-# define LOG_U8_I(VALUE) +-# define LOG_X16_I(VALUE) +-# define LOG_U16_I(VALUE) +-# define LOG_X32_I(VALUE) +-# define LOG_U32_I(VALUE) +-# define LOG_AU8_I(ARRAY, LEN) +-# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_APP_WARN +-# define LOG_WARN_ENABLED 1 +-# define LOG_W(format, ...) \ +- nLog("App", NX_LEVEL_WARN, format, ##__VA_ARGS__) +-# define LOG_X8_W(VALUE) \ +- nLog("App", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_W(VALUE) \ +- nLog("App", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_W(VALUE) \ +- nLog("App", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_W(VALUE) \ +- nLog("App", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_W(VALUE) \ +- nLog("App", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_W(VALUE) \ +- nLog("App", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_W(ARRAY,LEN) \ +- nLog_au8("App", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ +- nLog_au8("App", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_WARN_ENABLED 0 +-# define LOG_W(...) +-# define LOG_X8_W(VALUE) +-# define LOG_U8_W(VALUE) +-# define LOG_X16_W(VALUE) +-# define LOG_U16_W(VALUE) +-# define LOG_X32_W(VALUE) +-# define LOG_U32_W(VALUE) +-# define LOG_AU8_W(ARRAY, LEN) +-# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_APP_ERROR +-# define LOG_ERROR_ENABLED 1 +-# define LOG_E(format, ...) \ +- nLog("App", NX_LEVEL_ERROR, format, ##__VA_ARGS__) +-# define LOG_X8_E(VALUE) \ +- nLog("App", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_E(VALUE) \ +- nLog("App", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_E(VALUE) \ +- nLog("App", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_E(VALUE) \ +- nLog("App", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_E(VALUE) \ +- nLog("App", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_E(VALUE) \ +- nLog("App", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_E(ARRAY,LEN) \ +- nLog_au8("App", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ +- nLog_au8("App", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_ERROR_ENABLED 0 +-# define LOG_E(...) +-# define LOG_X8_E(VALUE) +-# define LOG_U8_E(VALUE) +-# define LOG_X16_E(VALUE) +-# define LOG_U16_E(VALUE) +-# define LOG_X32_E(VALUE) +-# define LOG_U32_E(VALUE) +-# define LOG_AU8_E(ARRAY, LEN) +-# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) +-#endif +- +-/* clang-format on */ +- +-#endif /* NX_LOG_APP_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_DefaultConfig.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_DefaultConfig.h +deleted file mode 100644 +index 1b0cee9dea..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_DefaultConfig.h ++++ /dev/null +@@ -1,44 +0,0 @@ +-/* +- * +- * Copyright 2018 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef NX_LOG_DEFAULT_CONFIG_H +-#define NX_LOG_DEFAULT_CONFIG_H +- +-/* See Plug & Trust Middleware Docuemntation --> stack --> Logging +- for more information */ +- +-/* +- * - 1 => Enable Debug level logging - for all. +- * - 0 => Disable Debug level logging. This has to be +- * enabled individually by other logging +- * header/source files */ +-#define NX_LOG_ENABLE_DEFAULT_DEBUG 1 +- +-/* Same as NX_LOG_ENABLE_DEFAULT_DEBUG but for Info Level */ +-#define NX_LOG_ENABLE_DEFAULT_INFO 1 +- +-/* Same as NX_LOG_ENABLE_DEFAULT_DEBUG but for Warn Level */ +-#define NX_LOG_ENABLE_DEFAULT_WARN 1 +- +-/* Same as NX_LOG_ENABLE_DEFAULT_DEBUG but for Error Level. +- * Ideally, this shoudl alwasy be kept enabled */ +-#define NX_LOG_ENABLE_DEFAULT_ERROR 1 +- +- +-/* Release - retail build */ +-#ifdef FLOW_SILENT +-#undef NX_LOG_ENABLE_DEFAULT_DEBUG +-#undef NX_LOG_ENABLE_DEFAULT_INFO +-#undef NX_LOG_ENABLE_DEFAULT_WARN +-#undef NX_LOG_ENABLE_DEFAULT_ERROR +- +-#define NX_LOG_ENABLE_DEFAULT_DEBUG 0 +-#define NX_LOG_ENABLE_DEFAULT_INFO 0 +-#define NX_LOG_ENABLE_DEFAULT_WARN 0 +-#define NX_LOG_ENABLE_DEFAULT_ERROR 0 +-#endif +- +-#endif /* NX_LOG_DEFAULT_CONFIG_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_hostLib.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_hostLib.h +deleted file mode 100644 +index 65e68a3b96..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_hostLib.h ++++ /dev/null +@@ -1,183 +0,0 @@ +-/* +- * +- * Copyright 2018 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef NX_LOG_HOSTLIB_H +-#define NX_LOG_HOSTLIB_H +- +-#include +- +-/* ############################################################ */ +-/* ## AUTO Generated ########################################## */ +-/* ############################################################ */ +- +-/* Default configuration file */ +-#include +- +-/* clang-format off */ +- +-/* Check if we are double defining these macros */ +-#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) +-/* This should not happen. The only reason this could happn is double inclusion of different log files. */ +-# error "LOG_ macro already defined" +-#endif /* LOG_E */ +- +-/* Enable/Set log levels for 'hostLib' - start */ +-/* If source file, or nxLog_Config.h has not set it, set these defines +- * +- * Do not #undef these values, rather set to 0/1. This way we can +- * jump to definition and avoid plain-old-text-search to jump to +- * undef. */ +- +-#ifndef NX_LOG_ENABLE_HOSTLIB_DEBUG +-# define NX_LOG_ENABLE_HOSTLIB_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) +-#endif +-#ifndef NX_LOG_ENABLE_HOSTLIB_INFO +-# define NX_LOG_ENABLE_HOSTLIB_INFO (NX_LOG_ENABLE_HOSTLIB_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) +-#endif +-#ifndef NX_LOG_ENABLE_HOSTLIB_WARN +-# define NX_LOG_ENABLE_HOSTLIB_WARN (NX_LOG_ENABLE_HOSTLIB_INFO + NX_LOG_ENABLE_DEFAULT_WARN) +-#endif +-#ifndef NX_LOG_ENABLE_HOSTLIB_ERROR +-# define NX_LOG_ENABLE_HOSTLIB_ERROR (NX_LOG_ENABLE_HOSTLIB_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) +-#endif +- +-/* Enable/Set log levels for 'hostLib' - end */ +- +-#if NX_LOG_ENABLE_HOSTLIB_DEBUG +-# define LOG_DEBUG_ENABLED 1 +-# define LOG_D(format, ...) \ +- nLog("hostLib", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) +-# define LOG_X8_D(VALUE) \ +- nLog("hostLib", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_D(VALUE) \ +- nLog("hostLib", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_D(VALUE) \ +- nLog("hostLib", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_D(VALUE) \ +- nLog("hostLib", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_D(VALUE) \ +- nLog("hostLib", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_D(VALUE) \ +- nLog("hostLib", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_D(ARRAY,LEN) \ +- nLog_au8("hostLib", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ +- nLog_au8("hostLib", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_DEBUG_ENABLED 0 +-# define LOG_D(...) +-# define LOG_X8_D(VALUE) +-# define LOG_U8_D(VALUE) +-# define LOG_X16_D(VALUE) +-# define LOG_U16_D(VALUE) +-# define LOG_X32_D(VALUE) +-# define LOG_U32_D(VALUE) +-# define LOG_AU8_D(ARRAY, LEN) +-# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_HOSTLIB_INFO +-# define LOG_INFO_ENABLED 1 +-# define LOG_I(format, ...) \ +- nLog("hostLib", NX_LEVEL_INFO, format, ##__VA_ARGS__) +-# define LOG_X8_I(VALUE) \ +- nLog("hostLib", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_I(VALUE) \ +- nLog("hostLib", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_I(VALUE) \ +- nLog("hostLib", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_I(VALUE) \ +- nLog("hostLib", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_I(VALUE) \ +- nLog("hostLib", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_I(VALUE) \ +- nLog("hostLib", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_I(ARRAY,LEN) \ +- nLog_au8("hostLib", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ +- nLog_au8("hostLib", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_INFO_ENABLED 0 +-# define LOG_I(...) +-# define LOG_X8_I(VALUE) +-# define LOG_U8_I(VALUE) +-# define LOG_X16_I(VALUE) +-# define LOG_U16_I(VALUE) +-# define LOG_X32_I(VALUE) +-# define LOG_U32_I(VALUE) +-# define LOG_AU8_I(ARRAY, LEN) +-# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_HOSTLIB_WARN +-# define LOG_WARN_ENABLED 1 +-# define LOG_W(format, ...) \ +- nLog("hostLib", NX_LEVEL_WARN, format, ##__VA_ARGS__) +-# define LOG_X8_W(VALUE) \ +- nLog("hostLib", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_W(VALUE) \ +- nLog("hostLib", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_W(VALUE) \ +- nLog("hostLib", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_W(VALUE) \ +- nLog("hostLib", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_W(VALUE) \ +- nLog("hostLib", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_W(VALUE) \ +- nLog("hostLib", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_W(ARRAY,LEN) \ +- nLog_au8("hostLib", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ +- nLog_au8("hostLib", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_WARN_ENABLED 0 +-# define LOG_W(...) +-# define LOG_X8_W(VALUE) +-# define LOG_U8_W(VALUE) +-# define LOG_X16_W(VALUE) +-# define LOG_U16_W(VALUE) +-# define LOG_X32_W(VALUE) +-# define LOG_U32_W(VALUE) +-# define LOG_AU8_W(ARRAY, LEN) +-# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_HOSTLIB_ERROR +-# define LOG_ERROR_ENABLED 1 +-# define LOG_E(format, ...) \ +- nLog("hostLib", NX_LEVEL_ERROR, format, ##__VA_ARGS__) +-# define LOG_X8_E(VALUE) \ +- nLog("hostLib", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_E(VALUE) \ +- nLog("hostLib", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_E(VALUE) \ +- nLog("hostLib", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_E(VALUE) \ +- nLog("hostLib", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_E(VALUE) \ +- nLog("hostLib", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_E(VALUE) \ +- nLog("hostLib", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_E(ARRAY,LEN) \ +- nLog_au8("hostLib", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ +- nLog_au8("hostLib", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_ERROR_ENABLED 0 +-# define LOG_E(...) +-# define LOG_X8_E(VALUE) +-# define LOG_U8_E(VALUE) +-# define LOG_X16_E(VALUE) +-# define LOG_U16_E(VALUE) +-# define LOG_X32_E(VALUE) +-# define LOG_U32_E(VALUE) +-# define LOG_AU8_E(ARRAY, LEN) +-# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) +-#endif +- +-/* clang-format on */ +- +-#endif /* NX_LOG_HOSTLIB_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_mbedtls.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_mbedtls.h +deleted file mode 100644 +index cd866fc9c3..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_mbedtls.h ++++ /dev/null +@@ -1,183 +0,0 @@ +-/* +- * +- * Copyright 2018 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef NX_LOG_MBEDTLS_H +-#define NX_LOG_MBEDTLS_H +- +-#include +- +-/* ############################################################ */ +-/* ## AUTO Generated ########################################## */ +-/* ############################################################ */ +- +-/* Default configuration file */ +-#include +- +-/* clang-format off */ +- +-/* Check if we are double defining these macros */ +-#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) +-/* This should not happen. The only reason this could happn is double inclusion of different log files. */ +-# error "LOG_ macro already defined" +-#endif /* LOG_E */ +- +-/* Enable/Set log levels for 'mbedtls' - start */ +-/* If source file, or nxLog_Config.h has not set it, set these defines +- * +- * Do not #undef these values, rather set to 0/1. This way we can +- * jump to definition and avoid plain-old-text-search to jump to +- * undef. */ +- +-#ifndef NX_LOG_ENABLE_MBEDTLS_DEBUG +-# define NX_LOG_ENABLE_MBEDTLS_DEBUG (NX_LOG_ENABLE_SSS_DEBUG) +-#endif +-#ifndef NX_LOG_ENABLE_MBEDTLS_INFO +-# define NX_LOG_ENABLE_MBEDTLS_INFO (NX_LOG_ENABLE_MBEDTLS_DEBUG + NX_LOG_ENABLE_SSS_INFO) +-#endif +-#ifndef NX_LOG_ENABLE_MBEDTLS_WARN +-# define NX_LOG_ENABLE_MBEDTLS_WARN (NX_LOG_ENABLE_MBEDTLS_INFO + NX_LOG_ENABLE_SSS_WARN) +-#endif +-#ifndef NX_LOG_ENABLE_MBEDTLS_ERROR +-# define NX_LOG_ENABLE_MBEDTLS_ERROR (NX_LOG_ENABLE_MBEDTLS_WARN + NX_LOG_ENABLE_SSS_ERROR) +-#endif +- +-/* Enable/Set log levels for 'mbedtls' - end */ +- +-#if NX_LOG_ENABLE_MBEDTLS_DEBUG +-# define LOG_DEBUG_ENABLED 1 +-# define LOG_D(format, ...) \ +- nLog("mbedtls", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) +-# define LOG_X8_D(VALUE) \ +- nLog("mbedtls", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_D(VALUE) \ +- nLog("mbedtls", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_D(VALUE) \ +- nLog("mbedtls", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_D(VALUE) \ +- nLog("mbedtls", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_D(VALUE) \ +- nLog("mbedtls", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_D(VALUE) \ +- nLog("mbedtls", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_D(ARRAY,LEN) \ +- nLog_au8("mbedtls", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ +- nLog_au8("mbedtls", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_DEBUG_ENABLED 0 +-# define LOG_D(...) +-# define LOG_X8_D(VALUE) +-# define LOG_U8_D(VALUE) +-# define LOG_X16_D(VALUE) +-# define LOG_U16_D(VALUE) +-# define LOG_X32_D(VALUE) +-# define LOG_U32_D(VALUE) +-# define LOG_AU8_D(ARRAY, LEN) +-# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_MBEDTLS_INFO +-# define LOG_INFO_ENABLED 1 +-# define LOG_I(format, ...) \ +- nLog("mbedtls", NX_LEVEL_INFO, format, ##__VA_ARGS__) +-# define LOG_X8_I(VALUE) \ +- nLog("mbedtls", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_I(VALUE) \ +- nLog("mbedtls", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_I(VALUE) \ +- nLog("mbedtls", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_I(VALUE) \ +- nLog("mbedtls", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_I(VALUE) \ +- nLog("mbedtls", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_I(VALUE) \ +- nLog("mbedtls", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_I(ARRAY,LEN) \ +- nLog_au8("mbedtls", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ +- nLog_au8("mbedtls", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_INFO_ENABLED 0 +-# define LOG_I(...) +-# define LOG_X8_I(VALUE) +-# define LOG_U8_I(VALUE) +-# define LOG_X16_I(VALUE) +-# define LOG_U16_I(VALUE) +-# define LOG_X32_I(VALUE) +-# define LOG_U32_I(VALUE) +-# define LOG_AU8_I(ARRAY, LEN) +-# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_MBEDTLS_WARN +-# define LOG_WARN_ENABLED 1 +-# define LOG_W(format, ...) \ +- nLog("mbedtls", NX_LEVEL_WARN, format, ##__VA_ARGS__) +-# define LOG_X8_W(VALUE) \ +- nLog("mbedtls", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_W(VALUE) \ +- nLog("mbedtls", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_W(VALUE) \ +- nLog("mbedtls", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_W(VALUE) \ +- nLog("mbedtls", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_W(VALUE) \ +- nLog("mbedtls", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_W(VALUE) \ +- nLog("mbedtls", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_W(ARRAY,LEN) \ +- nLog_au8("mbedtls", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ +- nLog_au8("mbedtls", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_WARN_ENABLED 0 +-# define LOG_W(...) +-# define LOG_X8_W(VALUE) +-# define LOG_U8_W(VALUE) +-# define LOG_X16_W(VALUE) +-# define LOG_U16_W(VALUE) +-# define LOG_X32_W(VALUE) +-# define LOG_U32_W(VALUE) +-# define LOG_AU8_W(ARRAY, LEN) +-# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_MBEDTLS_ERROR +-# define LOG_ERROR_ENABLED 1 +-# define LOG_E(format, ...) \ +- nLog("mbedtls", NX_LEVEL_ERROR, format, ##__VA_ARGS__) +-# define LOG_X8_E(VALUE) \ +- nLog("mbedtls", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_E(VALUE) \ +- nLog("mbedtls", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_E(VALUE) \ +- nLog("mbedtls", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_E(VALUE) \ +- nLog("mbedtls", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_E(VALUE) \ +- nLog("mbedtls", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_E(VALUE) \ +- nLog("mbedtls", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_E(ARRAY,LEN) \ +- nLog_au8("mbedtls", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ +- nLog_au8("mbedtls", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_ERROR_ENABLED 0 +-# define LOG_E(...) +-# define LOG_X8_E(VALUE) +-# define LOG_U8_E(VALUE) +-# define LOG_X16_E(VALUE) +-# define LOG_U16_E(VALUE) +-# define LOG_X32_E(VALUE) +-# define LOG_U32_E(VALUE) +-# define LOG_AU8_E(ARRAY, LEN) +-# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) +-#endif +- +-/* clang-format on */ +- +-#endif /* NX_LOG_MBEDTLS_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_scp.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_scp.h +deleted file mode 100644 +index c8bc4f2ada..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_scp.h ++++ /dev/null +@@ -1,183 +0,0 @@ +-/* +- * +- * Copyright 2018 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef NX_LOG_SCP_H +-#define NX_LOG_SCP_H +- +-#include +- +-/* ############################################################ */ +-/* ## AUTO Generated ########################################## */ +-/* ############################################################ */ +- +-/* Default configuration file */ +-#include +- +-/* clang-format off */ +- +-/* Check if we are double defining these macros */ +-#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) +-/* This should not happen. The only reason this could happn is double inclusion of different log files. */ +-# error "LOG_ macro already defined" +-#endif /* LOG_E */ +- +-/* Enable/Set log levels for 'scp' - start */ +-/* If source file, or nxLog_Config.h has not set it, set these defines +- * +- * Do not #undef these values, rather set to 0/1. This way we can +- * jump to definition and avoid plain-old-text-search to jump to +- * undef. */ +- +-#ifndef NX_LOG_ENABLE_SCP_DEBUG +-# define NX_LOG_ENABLE_SCP_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) +-#endif +-#ifndef NX_LOG_ENABLE_SCP_INFO +-# define NX_LOG_ENABLE_SCP_INFO (NX_LOG_ENABLE_SCP_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) +-#endif +-#ifndef NX_LOG_ENABLE_SCP_WARN +-# define NX_LOG_ENABLE_SCP_WARN (NX_LOG_ENABLE_SCP_INFO + NX_LOG_ENABLE_DEFAULT_WARN) +-#endif +-#ifndef NX_LOG_ENABLE_SCP_ERROR +-# define NX_LOG_ENABLE_SCP_ERROR (NX_LOG_ENABLE_SCP_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) +-#endif +- +-/* Enable/Set log levels for 'scp' - end */ +- +-#if NX_LOG_ENABLE_SCP_DEBUG +-# define LOG_DEBUG_ENABLED 1 +-# define LOG_D(format, ...) \ +- nLog("scp", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) +-# define LOG_X8_D(VALUE) \ +- nLog("scp", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_D(VALUE) \ +- nLog("scp", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_D(VALUE) \ +- nLog("scp", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_D(VALUE) \ +- nLog("scp", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_D(VALUE) \ +- nLog("scp", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_D(VALUE) \ +- nLog("scp", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_D(ARRAY,LEN) \ +- nLog_au8("scp", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ +- nLog_au8("scp", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_DEBUG_ENABLED 0 +-# define LOG_D(...) +-# define LOG_X8_D(VALUE) +-# define LOG_U8_D(VALUE) +-# define LOG_X16_D(VALUE) +-# define LOG_U16_D(VALUE) +-# define LOG_X32_D(VALUE) +-# define LOG_U32_D(VALUE) +-# define LOG_AU8_D(ARRAY, LEN) +-# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_SCP_INFO +-# define LOG_INFO_ENABLED 1 +-# define LOG_I(format, ...) \ +- nLog("scp", NX_LEVEL_INFO, format, ##__VA_ARGS__) +-# define LOG_X8_I(VALUE) \ +- nLog("scp", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_I(VALUE) \ +- nLog("scp", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_I(VALUE) \ +- nLog("scp", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_I(VALUE) \ +- nLog("scp", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_I(VALUE) \ +- nLog("scp", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_I(VALUE) \ +- nLog("scp", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_I(ARRAY,LEN) \ +- nLog_au8("scp", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ +- nLog_au8("scp", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_INFO_ENABLED 0 +-# define LOG_I(...) +-# define LOG_X8_I(VALUE) +-# define LOG_U8_I(VALUE) +-# define LOG_X16_I(VALUE) +-# define LOG_U16_I(VALUE) +-# define LOG_X32_I(VALUE) +-# define LOG_U32_I(VALUE) +-# define LOG_AU8_I(ARRAY, LEN) +-# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_SCP_WARN +-# define LOG_WARN_ENABLED 1 +-# define LOG_W(format, ...) \ +- nLog("scp", NX_LEVEL_WARN, format, ##__VA_ARGS__) +-# define LOG_X8_W(VALUE) \ +- nLog("scp", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_W(VALUE) \ +- nLog("scp", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_W(VALUE) \ +- nLog("scp", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_W(VALUE) \ +- nLog("scp", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_W(VALUE) \ +- nLog("scp", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_W(VALUE) \ +- nLog("scp", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_W(ARRAY,LEN) \ +- nLog_au8("scp", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ +- nLog_au8("scp", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_WARN_ENABLED 0 +-# define LOG_W(...) +-# define LOG_X8_W(VALUE) +-# define LOG_U8_W(VALUE) +-# define LOG_X16_W(VALUE) +-# define LOG_U16_W(VALUE) +-# define LOG_X32_W(VALUE) +-# define LOG_U32_W(VALUE) +-# define LOG_AU8_W(ARRAY, LEN) +-# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_SCP_ERROR +-# define LOG_ERROR_ENABLED 1 +-# define LOG_E(format, ...) \ +- nLog("scp", NX_LEVEL_ERROR, format, ##__VA_ARGS__) +-# define LOG_X8_E(VALUE) \ +- nLog("scp", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_E(VALUE) \ +- nLog("scp", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_E(VALUE) \ +- nLog("scp", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_E(VALUE) \ +- nLog("scp", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_E(VALUE) \ +- nLog("scp", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_E(VALUE) \ +- nLog("scp", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_E(ARRAY,LEN) \ +- nLog_au8("scp", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ +- nLog_au8("scp", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_ERROR_ENABLED 0 +-# define LOG_E(...) +-# define LOG_X8_E(VALUE) +-# define LOG_U8_E(VALUE) +-# define LOG_X16_E(VALUE) +-# define LOG_U16_E(VALUE) +-# define LOG_X32_E(VALUE) +-# define LOG_U32_E(VALUE) +-# define LOG_AU8_E(ARRAY, LEN) +-# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) +-#endif +- +-/* clang-format on */ +- +-#endif /* NX_LOG_SCP_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_smCom.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_smCom.h +deleted file mode 100644 +index 7d42451a1c..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_smCom.h ++++ /dev/null +@@ -1,183 +0,0 @@ +-/* +- * +- * Copyright 2018 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef NX_LOG_SMCOM_H +-#define NX_LOG_SMCOM_H +- +-#include +- +-/* ############################################################ */ +-/* ## AUTO Generated ########################################## */ +-/* ############################################################ */ +- +-/* Default configuration file */ +-#include +- +-/* clang-format off */ +- +-/* Check if we are double defining these macros */ +-#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) +-/* This should not happen. The only reason this could happn is double inclusion of different log files. */ +-# error "LOG_ macro already defined" +-#endif /* LOG_E */ +- +-/* Enable/Set log levels for 'smCom' - start */ +-/* If source file, or nxLog_Config.h has not set it, set these defines +- * +- * Do not #undef these values, rather set to 0/1. This way we can +- * jump to definition and avoid plain-old-text-search to jump to +- * undef. */ +- +-#ifndef NX_LOG_ENABLE_SMCOM_DEBUG +-# define NX_LOG_ENABLE_SMCOM_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) +-#endif +-#ifndef NX_LOG_ENABLE_SMCOM_INFO +-# define NX_LOG_ENABLE_SMCOM_INFO (NX_LOG_ENABLE_SMCOM_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) +-#endif +-#ifndef NX_LOG_ENABLE_SMCOM_WARN +-# define NX_LOG_ENABLE_SMCOM_WARN (NX_LOG_ENABLE_SMCOM_INFO + NX_LOG_ENABLE_DEFAULT_WARN) +-#endif +-#ifndef NX_LOG_ENABLE_SMCOM_ERROR +-# define NX_LOG_ENABLE_SMCOM_ERROR (NX_LOG_ENABLE_SMCOM_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) +-#endif +- +-/* Enable/Set log levels for 'smCom' - end */ +- +-#if NX_LOG_ENABLE_SMCOM_DEBUG +-# define LOG_DEBUG_ENABLED 1 +-# define LOG_D(format, ...) \ +- nLog("smCom", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) +-# define LOG_X8_D(VALUE) \ +- nLog("smCom", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_D(VALUE) \ +- nLog("smCom", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_D(VALUE) \ +- nLog("smCom", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_D(VALUE) \ +- nLog("smCom", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_D(VALUE) \ +- nLog("smCom", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_D(VALUE) \ +- nLog("smCom", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_D(ARRAY,LEN) \ +- nLog_au8("smCom", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ +- nLog_au8("smCom", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_DEBUG_ENABLED 0 +-# define LOG_D(...) +-# define LOG_X8_D(VALUE) +-# define LOG_U8_D(VALUE) +-# define LOG_X16_D(VALUE) +-# define LOG_U16_D(VALUE) +-# define LOG_X32_D(VALUE) +-# define LOG_U32_D(VALUE) +-# define LOG_AU8_D(ARRAY, LEN) +-# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_SMCOM_INFO +-# define LOG_INFO_ENABLED 1 +-# define LOG_I(format, ...) \ +- nLog("smCom", NX_LEVEL_INFO, format, ##__VA_ARGS__) +-# define LOG_X8_I(VALUE) \ +- nLog("smCom", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_I(VALUE) \ +- nLog("smCom", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_I(VALUE) \ +- nLog("smCom", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_I(VALUE) \ +- nLog("smCom", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_I(VALUE) \ +- nLog("smCom", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_I(VALUE) \ +- nLog("smCom", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_I(ARRAY,LEN) \ +- nLog_au8("smCom", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ +- nLog_au8("smCom", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_INFO_ENABLED 0 +-# define LOG_I(...) +-# define LOG_X8_I(VALUE) +-# define LOG_U8_I(VALUE) +-# define LOG_X16_I(VALUE) +-# define LOG_U16_I(VALUE) +-# define LOG_X32_I(VALUE) +-# define LOG_U32_I(VALUE) +-# define LOG_AU8_I(ARRAY, LEN) +-# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_SMCOM_WARN +-# define LOG_WARN_ENABLED 1 +-# define LOG_W(format, ...) \ +- nLog("smCom", NX_LEVEL_WARN, format, ##__VA_ARGS__) +-# define LOG_X8_W(VALUE) \ +- nLog("smCom", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_W(VALUE) \ +- nLog("smCom", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_W(VALUE) \ +- nLog("smCom", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_W(VALUE) \ +- nLog("smCom", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_W(VALUE) \ +- nLog("smCom", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_W(VALUE) \ +- nLog("smCom", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_W(ARRAY,LEN) \ +- nLog_au8("smCom", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ +- nLog_au8("smCom", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_WARN_ENABLED 0 +-# define LOG_W(...) +-# define LOG_X8_W(VALUE) +-# define LOG_U8_W(VALUE) +-# define LOG_X16_W(VALUE) +-# define LOG_U16_W(VALUE) +-# define LOG_X32_W(VALUE) +-# define LOG_U32_W(VALUE) +-# define LOG_AU8_W(ARRAY, LEN) +-# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_SMCOM_ERROR +-# define LOG_ERROR_ENABLED 1 +-# define LOG_E(format, ...) \ +- nLog("smCom", NX_LEVEL_ERROR, format, ##__VA_ARGS__) +-# define LOG_X8_E(VALUE) \ +- nLog("smCom", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_E(VALUE) \ +- nLog("smCom", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_E(VALUE) \ +- nLog("smCom", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_E(VALUE) \ +- nLog("smCom", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_E(VALUE) \ +- nLog("smCom", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_E(VALUE) \ +- nLog("smCom", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_E(ARRAY,LEN) \ +- nLog_au8("smCom", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ +- nLog_au8("smCom", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_ERROR_ENABLED 0 +-# define LOG_E(...) +-# define LOG_X8_E(VALUE) +-# define LOG_U8_E(VALUE) +-# define LOG_X16_E(VALUE) +-# define LOG_U16_E(VALUE) +-# define LOG_X32_E(VALUE) +-# define LOG_U32_E(VALUE) +-# define LOG_AU8_E(ARRAY, LEN) +-# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) +-#endif +- +-/* clang-format on */ +- +-#endif /* NX_LOG_SMCOM_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_sss.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_sss.h +deleted file mode 100644 +index fb61c1fdc4..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog/nxLog_sss.h ++++ /dev/null +@@ -1,183 +0,0 @@ +-/* +- * +- * Copyright 2018 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef NX_LOG_SSS_H +-#define NX_LOG_SSS_H +- +-#include +- +-/* ############################################################ */ +-/* ## AUTO Generated ########################################## */ +-/* ############################################################ */ +- +-/* Default configuration file */ +-#include +- +-/* clang-format off */ +- +-/* Check if we are double defining these macros */ +-#if defined(LOG_D) || defined(LOG_I) || defined(LOG_W) || defined(LOG_E) +-/* This should not happen. The only reason this could happn is double inclusion of different log files. */ +-# error "LOG_ macro already defined" +-#endif /* LOG_E */ +- +-/* Enable/Set log levels for 'sss' - start */ +-/* If source file, or nxLog_Config.h has not set it, set these defines +- * +- * Do not #undef these values, rather set to 0/1. This way we can +- * jump to definition and avoid plain-old-text-search to jump to +- * undef. */ +- +-#ifndef NX_LOG_ENABLE_SSS_DEBUG +-# define NX_LOG_ENABLE_SSS_DEBUG (NX_LOG_ENABLE_DEFAULT_DEBUG) +-#endif +-#ifndef NX_LOG_ENABLE_SSS_INFO +-# define NX_LOG_ENABLE_SSS_INFO (NX_LOG_ENABLE_SSS_DEBUG + NX_LOG_ENABLE_DEFAULT_INFO) +-#endif +-#ifndef NX_LOG_ENABLE_SSS_WARN +-# define NX_LOG_ENABLE_SSS_WARN (NX_LOG_ENABLE_SSS_INFO + NX_LOG_ENABLE_DEFAULT_WARN) +-#endif +-#ifndef NX_LOG_ENABLE_SSS_ERROR +-# define NX_LOG_ENABLE_SSS_ERROR (NX_LOG_ENABLE_SSS_WARN + NX_LOG_ENABLE_DEFAULT_ERROR) +-#endif +- +-/* Enable/Set log levels for 'sss' - end */ +- +-#if NX_LOG_ENABLE_SSS_DEBUG +-# define LOG_DEBUG_ENABLED 1 +-# define LOG_D(format, ...) \ +- nLog("sss", NX_LEVEL_DEBUG, format, ##__VA_ARGS__) +-# define LOG_X8_D(VALUE) \ +- nLog("sss", NX_LEVEL_DEBUG, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_D(VALUE) \ +- nLog("sss", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_D(VALUE) \ +- nLog("sss", NX_LEVEL_DEBUG, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_D(VALUE) \ +- nLog("sss", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_D(VALUE) \ +- nLog("sss", NX_LEVEL_DEBUG, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_D(VALUE) \ +- nLog("sss", NX_LEVEL_DEBUG, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_D(ARRAY,LEN) \ +- nLog_au8("sss", NX_LEVEL_DEBUG, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_D(MESSAGE, ARRAY,LEN) \ +- nLog_au8("sss", NX_LEVEL_DEBUG, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_DEBUG_ENABLED 0 +-# define LOG_D(...) +-# define LOG_X8_D(VALUE) +-# define LOG_U8_D(VALUE) +-# define LOG_X16_D(VALUE) +-# define LOG_U16_D(VALUE) +-# define LOG_X32_D(VALUE) +-# define LOG_U32_D(VALUE) +-# define LOG_AU8_D(ARRAY, LEN) +-# define LOG_MAU8_D(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_SSS_INFO +-# define LOG_INFO_ENABLED 1 +-# define LOG_I(format, ...) \ +- nLog("sss", NX_LEVEL_INFO, format, ##__VA_ARGS__) +-# define LOG_X8_I(VALUE) \ +- nLog("sss", NX_LEVEL_INFO, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_I(VALUE) \ +- nLog("sss", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_I(VALUE) \ +- nLog("sss", NX_LEVEL_INFO, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_I(VALUE) \ +- nLog("sss", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_I(VALUE) \ +- nLog("sss", NX_LEVEL_INFO, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_I(VALUE) \ +- nLog("sss", NX_LEVEL_INFO, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_I(ARRAY,LEN) \ +- nLog_au8("sss", NX_LEVEL_INFO, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_I(MESSAGE, ARRAY,LEN) \ +- nLog_au8("sss", NX_LEVEL_INFO, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_INFO_ENABLED 0 +-# define LOG_I(...) +-# define LOG_X8_I(VALUE) +-# define LOG_U8_I(VALUE) +-# define LOG_X16_I(VALUE) +-# define LOG_U16_I(VALUE) +-# define LOG_X32_I(VALUE) +-# define LOG_U32_I(VALUE) +-# define LOG_AU8_I(ARRAY, LEN) +-# define LOG_MAU8_I(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_SSS_WARN +-# define LOG_WARN_ENABLED 1 +-# define LOG_W(format, ...) \ +- nLog("sss", NX_LEVEL_WARN, format, ##__VA_ARGS__) +-# define LOG_X8_W(VALUE) \ +- nLog("sss", NX_LEVEL_WARN, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_W(VALUE) \ +- nLog("sss", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_W(VALUE) \ +- nLog("sss", NX_LEVEL_WARN, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_W(VALUE) \ +- nLog("sss", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_W(VALUE) \ +- nLog("sss", NX_LEVEL_WARN, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_W(VALUE) \ +- nLog("sss", NX_LEVEL_WARN, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_W(ARRAY,LEN) \ +- nLog_au8("sss", NX_LEVEL_WARN, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_W(MESSAGE, ARRAY,LEN) \ +- nLog_au8("sss", NX_LEVEL_WARN, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_WARN_ENABLED 0 +-# define LOG_W(...) +-# define LOG_X8_W(VALUE) +-# define LOG_U8_W(VALUE) +-# define LOG_X16_W(VALUE) +-# define LOG_U16_W(VALUE) +-# define LOG_X32_W(VALUE) +-# define LOG_U32_W(VALUE) +-# define LOG_AU8_W(ARRAY, LEN) +-# define LOG_MAU8_W(MESSAGE, ARRAY, LEN) +-#endif +- +-#if NX_LOG_ENABLE_SSS_ERROR +-# define LOG_ERROR_ENABLED 1 +-# define LOG_E(format, ...) \ +- nLog("sss", NX_LEVEL_ERROR, format, ##__VA_ARGS__) +-# define LOG_X8_E(VALUE) \ +- nLog("sss", NX_LEVEL_ERROR, "%s=0x%02X",#VALUE, VALUE) +-# define LOG_U8_E(VALUE) \ +- nLog("sss", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_X16_E(VALUE) \ +- nLog("sss", NX_LEVEL_ERROR, "%s=0x%04X",#VALUE, VALUE) +-# define LOG_U16_E(VALUE) \ +- nLog("sss", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_X32_E(VALUE) \ +- nLog("sss", NX_LEVEL_ERROR, "%s=0x%08X",#VALUE, VALUE) +-# define LOG_U32_E(VALUE) \ +- nLog("sss", NX_LEVEL_ERROR, "%s=%u",#VALUE, VALUE) +-# define LOG_AU8_E(ARRAY,LEN) \ +- nLog_au8("sss", NX_LEVEL_ERROR, #ARRAY, ARRAY, LEN) +-# define LOG_MAU8_E(MESSAGE, ARRAY,LEN) \ +- nLog_au8("sss", NX_LEVEL_ERROR, MESSAGE, ARRAY, LEN) +-#else +-# define LOG_ERROR_ENABLED 0 +-# define LOG_E(...) +-# define LOG_X8_E(VALUE) +-# define LOG_U8_E(VALUE) +-# define LOG_X16_E(VALUE) +-# define LOG_U16_E(VALUE) +-# define LOG_X32_E(VALUE) +-# define LOG_U32_E(VALUE) +-# define LOG_AU8_E(ARRAY, LEN) +-# define LOG_MAU8_E(MESSAGE, ARRAY, LEN) +-#endif +- +-/* clang-format on */ +- +-#endif /* NX_LOG_SSS_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseStatus.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseStatus.h +deleted file mode 100644 +index b14761df9a..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseStatus.h ++++ /dev/null +@@ -1,421 +0,0 @@ +-/* +- * Copyright 2010-2014,2018-2019 NXP +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-/* +- * ESE Status Values - Function Return Codes +- */ +- +-#ifndef PHESESTATUS_H +-#define PHESESTATUS_H +- +-#include "phEseTypes.h" +- +-/* Internally required by PHESESTVAL. */ +-#define PHESESTSHL8 (8U) +-/* Required by PHESESTVAL. */ +-#define PHESESTBLOWER ((ESESTATUS)(0x00FFU)) +- +-/* +- * ESE Status Composition Macro +- * +- * This is the macro which must be used to compose status values. +- * +- * phEseCompID Component ID, as defined in phEseCompId.h . +- * phEseStatus Status values, as defined in phEseStatus.h . +- * +- * The macro is not required for the ESESTATUS_SUCCESS value. +- * This is the only return value to be used directly. +- * For all other values it shall be used in assignment and conditional statements, e.g.: +- * ESESTATUS status = PHESESTVAL(phEseCompID, phEseStatus); ... +- * if (status == PHESESTVAL(phEseCompID, phEseStatus)) ... +- */ +-#define PHESESTVAL(phEseCompID, phEseStatus) \ +- ( ((phEseStatus) == (ESESTATUS_SUCCESS)) ? (ESESTATUS_SUCCESS) : \ +- ( (((ESESTATUS)(phEseStatus)) & (PHESESTBLOWER)) | \ +- (((uint16_t)(phEseCompID)) << (PHESESTSHL8)) ) ) +- +-/* +- * PHESESTATUS +- * Get grp_retval from Status Code +- */ +-#define PHESESTATUS(phEseStatus) ((phEseStatus) & 0x00FFU) +-#define PHESECID(phEseStatus) (((phEseStatus) & 0xFF00U)>>8) +- +-/* +- * Status Codes +- * +- * Generic Status codes for the ESE components. Combined with the Component ID +- * they build the value (status) returned by each function. +- * Example: +- * grp_comp_id "Component ID" - e.g. 0x10, plus +- * status code as listed in this file - e.g. 0x03 +- * result in a status value of 0x0003. +- */ +- +-/* +- * The function indicates successful completion +- */ +-#define ESESTATUS_SUCCESS (0x0000) +- +-/* +- * The function indicates successful completion +- */ +-#define ESESTATUS_OK (ESESTATUS_SUCCESS) +- +-/* +- * At least one parameter could not be properly interpreted +- */ +-#define ESESTATUS_INVALID_PARAMETER (0x0001) +- +-/* +- * Invalid buffer provided by application +- * */ +-#define ESESTATUS_INVALID_BUFFER (0x0002) +- +-/* +- * The buffer provided by the caller is too small +- */ +-#define ESESTATUS_BUFFER_TOO_SMALL (0x0003) +- +-/* +- * Invalid class byte provided by application +- * */ +-#define ESESTATUS_INVALID_CLA (0x0004) +- +-/* +- * Invalid command pdu type provided by application +- * */ +-#define ESESTATUS_INVALID_CPDU_TYPE (0x0005) +- +-/* +- * Invalid command LE type provided by application +- * */ +-#define ESESTATUS_INVALID_LE_TYPE (0x0007) +- +-/* +- * Device specifier/handle value is invalid for the operation +- */ +-#define ESESTATUS_INVALID_DEVICE (0x0006) +- +-/* +- * The function executed successfully but could have returned +- * more information than space provided by the caller +- */ +-#define ESESTATUS_MORE_FRAME (0x0008) +- +-/* +- * No response from the remote device received: Time-out +- */ +-#define ESESTATUS_LAST_FRAME (0x0009) +- +-/* +- * CRC Error during data transaction with the device +- */ +-#define ESESTATUS_CRC_ERROR (0x000A) +- +-/* +- * SOF Error during data transaction with the device +- */ +-#define ESESTATUS_SOF_ERROR (0x000B) +- +-/* +- * Not enough resources Memory, Timer etc(e.g. allocation failed.) +- */ +-#define ESESTATUS_INSUFFICIENT_RESOURCES (0x000C) +- +-/* +- * A non-blocking function returns this immediately to indicate +- * that an internal operation is in progress +- */ +-#define ESESTATUS_PENDING (0x000D) +- +-/* +- * A board communication error occurred +- * (e.g. Configuration went wrong) +- */ +-#define ESESTATUS_BOARD_COMMUNICATION_ERROR (0x000F) +- +-/* +- * Invalid State of the particular state machine +- */ +-#define ESESTATUS_INVALID_STATE (0x0011) +- +- +-/* +- * This Layer is Not initialized, hence initialization required. +- */ +-#define ESESTATUS_NOT_INITIALISED (0x0031) +- +- +-/* +- * The Layer is already initialized, hence initialization repeated. +- */ +-#define ESESTATUS_ALREADY_INITIALISED (0x0032) +- +- +-/* +- * Feature not supported +- */ +-#define ESESTATUS_FEATURE_NOT_SUPPORTED (0x0033) +- +-/* +- * Parity Error +- */ +-#define ESESTATUS_PARITY_ERROR (0x0034) +- +- +-/* The Registration command has failed because the user wants to register on +- * an element for which he is already registered +- */ +-#define ESESTATUS_ALREADY_REGISTERED (0x0035) +- +-/* Chained frame is being sent */ +-#define ESESTATUS_CHAINED_FRAME (0x0036) +- +-/* +- * Single frame is sent +- */ +-#define ESESTATUS_SINGLE_FRAME (0x0037) +- +-/* +- * A DESELECT event has occurred +- */ +-#define ESESTATUS_DESELECTED (0x0038) +- +-/* +- * A RELEASE event has occurred +- */ +-#define ESESTATUS_RELEASED (0x0039) +- +-/* +- * The operation is currently not possible or not allowed +- */ +-#define ESESTATUS_NOT_ALLOWED (0x003A) +- +-/* +- * Other indicaated error sent by JCOP. +- */ +-#define ESESTATUS_OTHER_ERROR (0x003C) +-/* +- * The system is busy with the firmware download operation. +- */ +-#define ESESTATUS_DWNLD_BUSY (0x006E) +- +-/* +- * The system is busy with the previous operation. +- */ +-#define ESESTATUS_BUSY (0x006F) +- +- +-/* NDEF Mapping error codes */ +- +-/* The remote device (type) is not valid for this request. */ +-#define ESESTATUS_INVALID_REMOTE_DEVICE (0x001D) +- +-/* Read operation failed */ +-#define ESESTATUS_READ_FAILED (0x0014) +- +-/* +- * Write operation failed +- */ +-#define ESESTATUS_WRITE_FAILED (0x0015) +- +- +-/* Non Ndef Compliant */ +-#define ESESTATUS_NO_NDEF_SUPPORT (0x0016) +- +-/* resend the frame with seq_counter 0*/ +-#define ESESTATUS_RESET_SEQ_COUNTER_FRAME_RESEND (0x001A) +- +-/* Incorrect number of bytes received from the card*/ +-#define ESESTATUS_INVALID_RECEIVE_LENGTH (0x001B) +- +-/* The data format/composition is not understood/correct. */ +-#define ESESTATUS_INVALID_FORMAT (0x001C) +- +- +-/* There is not sufficient storage available. */ +-#define ESESTATUS_INSUFFICIENT_STORAGE (0x001F) +- +-/* The last command would be re-sent */ +-#define ESESTATUS_FRAME_RESEND (0x0023) +- +-/* The write timeout error */ +-#define ESESTATUS_WRITE_TIMEOUT (0x0024) +- +-/* +- * Response Time out for the control message(ESEC not responded) +- */ +-#define ESESTATUS_RESPONSE_TIMEOUT (0x0025) +- +-/* +- * Resend the last R Frame +- */ +-#define ESESTATUS_FRAME_RESEND_R_FRAME (0x0026) +- +-/* +- * Send next chained frame +- */ +-#define ESESTATUS_SEND_NEXT_FRAME (0x0027) +- +-/* +- * Protocol revovery started +- */ +-#define ESESTATUS_REVOCERY_STARTED (0x0028) +- +-/* +- * Single Target Detected +- */ +-#define ESESTATUS_SEND_R_FRAME (0x0029) +- +-/* +- * Resend the RNAK +- */ +- +-#define ESESTATUS_FRAME_RESEND_RNAK (0x0030) +- +-/* +- * Resend the last R Frame +- */ +-#define ESESTATUS_FRAME_SEND_R_FRAME (0x003B) +- +-/* +- * Unknown error Status Codes +- */ +-#define ESESTATUS_UNKNOWN_ERROR (0x00FE) +- +-/* +- * Status code for failure +- */ +-#define ESESTATUS_FAILED (0x00FF) +- +-/* +- * The function/command has been aborted +- */ +-#define ESESTATUS_CMD_ABORTED (0x0002) +- +-/* +- * No target found after poll +- */ +-#define ESESTATUS_NO_TARGET_FOUND (0x000A) +- +-/* Attempt to disconnect a not connected remote device. */ +-#define ESESTATUS_NO_DEVICE_CONNECTED (0x000B) +- +- +-/* requesting a resynchronization */ +-#define ESESTATUS_RESYNCH_REQ (0x000E) +- +-/* +- * acknowledging resynchronization +- */ +-#define ESESTATUS_RESYNCH_RES (0x0010) +- +-/* +- * S-block offering a maximum size of the information field +- */ +-#define ESESTATUS_IFS_REQ (0x001E) +- +-/* S-block offering a maximum size of the information field */ +-#define ESESTATUS_IFS_RES (0x0017) +- +-/* S-block requesting a chain abortion */ +-#define ESESTATUS_ABORT_REQ (0x00F0) +- +- +-/*S-block acknowledging the chain abortion*/ +-#define ESESTATUS_ABORT_RES (0x00F2) +- +- +-/* S-block requesting a waiting time extension*/ +-#define ESESTATUS_WTX_REQ (0x00F5) +- +-/* S-block acknowledging the waiting time extension */ +-#define ESESTATUS_WTX_RES (0x00F6) +- +-/* S-block interface reset request */ +-#define ESESTATUS_RESET_REQ (0x00F7) +- +-/* S-block interface reset response */ +-#define ESESTATUS_RESET_RES (0x00F8) +- +-/* S-block requesting a end of apdu transfer*/ +-#define ESESTATUS_END_APDU_REQ (0x00F9) +- +-/* S-block acknowledging end of apdu transfer*/ +-#define ESESTATUS_END_APDU_RES (0x00FA) +- +-/* +- * Shutdown in progress, cannot handle the request at this time. +- */ +-#define ESESTATUS_SHUTDOWN (0x0091) +- +-/* +- * Target is no more in RF field +- */ +-#define ESESTATUS_TARGET_LOST (0x0092) +- +-/* +- * Request is rejected +- */ +-#define ESESTATUS_REJECTED (0x0093) +- +-/* +- * Target is not connected +- */ +-#define ESESTATUS_TARGET_NOT_CONNECTED (0x0094) +- +-/* +- * Invalid handle for the operation +- */ +-#define ESESTATUS_INVALID_HANDLE (0x0095) +- +-/* +- * Process aborted +- */ +-#define ESESTATUS_ABORTED (0x0096) +- +-/* +- * Requested command is not supported +- */ +-#define ESESTATUS_COMMAND_NOT_SUPPORTED (0x0097) +- +-/* +- * Tag is not NDEF compilant +- */ +-#define ESESTATUS_NON_NDEF_COMPLIANT (0x0098) +- +-/* +- * Not enough memory available to complete the requested operation +- */ +-#define ESESTATUS_NOT_ENOUGH_MEMORY (0x001F) +- +-/* +- * Indicates incoming connection +- */ +-#define ESESTATUS_INCOMING_CONNECTION (0x0045) +- +-/* +- * Indicates Connection was successful +- */ +-#define ESESTATUS_CONNECTION_SUCCESS (0x0046) +- +-/* +- * Indicates Connection failed +- */ +-#define ESESTATUS_CONNECTION_FAILED (0x0047) +- +-#endif /* PHESESTATUS_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseTypes.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseTypes.h +deleted file mode 100644 +index 6a511644b5..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phEseTypes.h ++++ /dev/null +@@ -1,31 +0,0 @@ +-/* +- * Copyright 2010-2014,2018-2019 NXP +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-#ifndef PHESETYPES_H +-#define PHESETYPES_H +-#include +-#include +-#include +-#include +- +-typedef uint8_t utf8_t; /* UTF8 Character String */ +-typedef uint8_t bool_t; /* boolean data type */ +-typedef uint16_t ESESTATUS; /* Return values */ +-#define STATIC static +- +-#define UNUSED(X) (void)X; +- +-#endif /* PHESETYPES_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.c +deleted file mode 100644 +index 5f375185d2..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.c ++++ /dev/null +@@ -1,202 +0,0 @@ +-/* +- * Copyright 2010-2014,2018-2020 NXP +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-/* +- * DAL i2c port implementation for linux +- * +- * Project: Trusted ESE Linux +- * +- */ +-#include +-#include +-#include +-#include +-#include +-#include "i2c_a7.h" +- +-#ifdef FLOW_VERBOSE +-#define NX_LOG_ENABLE_SMCOM_DEBUG 1 +-#endif +- +-#include "nxLog_smCom.h" +-#include "sm_timer.h" +- +-#include "se05x_apis.h" +-#if defined(Android) || defined(LINUX) +-#include +-#include +-#include +-#include +-#endif +- +-#include +- +-#define MAX_RETRY_CNT 10 +- +-/******************************************************************************* +-** +-** Function phPalEse_i2c_close +-** +-** Description Closes PN547 device +-** +-** param[in] pDevHandle - device handle +-** +-** Returns None +-** +-*******************************************************************************/ +-void phPalEse_i2c_close(void *pDevHandle) +-{ +-#ifdef Android +- if (NULL != pDevHandle) { +- close((intptr_t)pDevHandle); +- } +-#endif +- axI2CTerm(pDevHandle, 0); +- pDevHandle = NULL; +- +- return; +-} +- +-/******************************************************************************* +-** +-** Function phPalEse_i2c_open_and_configure +-** +-** Description Open and configure pn547 device +-** +-** param[in] pConfig - hardware information +-** +-** Returns ESE status: +-** ESESTATUS_SUCCESS - open_and_configure operation success +-** ESESTATUS_INVALID_DEVICE - device open operation failure +-** +-*******************************************************************************/ +-ESESTATUS phPalEse_i2c_open_and_configure(pphPalEse_Config_t pConfig) +-{ +- void *conn_ctx = NULL; +- int retryCnt = 0; +- int i2c_ret = 0; +- +- LOG_D("%s Opening port", __FUNCTION__); +- /* open port */ +- /*Disable as interface reset happens on every session open*/ +- //se05x_ic_reset(); +-retry: +- i2c_ret = axI2CInit(&conn_ctx, (const char *)pConfig->pDevName); +- if (i2c_ret != I2C_OK) { +- LOG_E("%s Failed retry ", __FUNCTION__); +- if (i2c_ret == I2C_BUSY) { +- retryCnt++; +- LOG_E("Retry open eSE driver, retry cnt : %d ", retryCnt); +- if (retryCnt < MAX_RETRY_CNT) { +- sm_sleep(ESE_POLL_DELAY_MS); +- goto retry; +- } +- } +- LOG_E("I2C init Failed: retval %x ", i2c_ret); +- pConfig->pDevHandle = NULL; +- return ESESTATUS_INVALID_DEVICE; +- } +- LOG_D("I2C driver Initialized :: fd = [%d] ", i2c_ret); +- pConfig->pDevHandle = conn_ctx; +- return ESESTATUS_SUCCESS; +-} +- +-/******************************************************************************* +-** +-** Function phPalEse_i2c_read +-** +-** Description Reads requested number of bytes from pn547 device into given buffer +-** +-** param[in] pDevHandle - valid device handle +-** param[in] pBuffer - buffer for read data +-** param[in] nNbBytesToRead - number of bytes requested to be read +-** +-** Returns numRead - number of successfully read bytes +-** -1 - read operation failure +-** +-*******************************************************************************/ +-int phPalEse_i2c_read(void *pDevHandle, uint8_t *pBuffer, int nNbBytesToRead) +-{ +- int ret = -1, retryCount = 0; +- ; +- int numRead = 0; +- LOG_D("%s Read Requested %d bytes ", __FUNCTION__, nNbBytesToRead); +- sm_sleep(ESE_POLL_DELAY_MS); +- while (numRead != nNbBytesToRead) { +- ret = axI2CRead(pDevHandle, I2C_BUS_0, SMCOM_I2C_ADDRESS, pBuffer, nNbBytesToRead); +- if (ret != I2C_OK) { +- LOG_D("_i2c_read() error : %d ", ret); +- if ((ret == I2C_NACK_ON_ADDRESS) && (retryCount < MAX_RETRY_COUNT)) { +- retryCount++; +- /* 1ms delay to give ESE polling delay */ +- /*i2c driver back off delay is providing 1ms wait time so ignoring waiting time at this level*/ +- sm_sleep(ESE_POLL_DELAY_MS); +- LOG_D("_i2c_read() failed. Going to retry, counter:%d !", retryCount); +- continue; +- } +- return -1; +- } +- else { +- numRead = nNbBytesToRead; +- break; +- } +- } +- return numRead; +-} +- +-/******************************************************************************* +-** +-** Function phPalEse_i2c_write +-** +-** Description Writes requested number of bytes from given buffer into pn547 device +-** +-** param[in] pDevHandle - valid device handle +-** param[in] pBuffer - buffer for read data +-** param[in] nNbBytesToWrite - number of bytes requested to be written +-** +-** Returns numWrote - number of successfully written bytes +-** -1 - write operation failure +-** +-*******************************************************************************/ +-int phPalEse_i2c_write(void *pDevHandle, uint8_t *pBuffer, int nNbBytesToWrite) +-{ +- int ret = I2C_OK, retryCount = 0; +- int numWrote = 0; +- pBuffer[0] = 0x5A; //Recovery if stack forgot to add NAD byte. +- do { +- /* 1ms delay to give ESE polling delay */ +- sm_sleep(ESE_POLL_DELAY_MS); +- ret = axI2CWrite(pDevHandle, I2C_BUS_0, SMCOM_I2C_ADDRESS, pBuffer, nNbBytesToWrite); +- if (ret != I2C_OK) { +- LOG_D("_i2c_write() error : %d ", ret); +- if ((ret == I2C_NACK_ON_ADDRESS) && (retryCount < MAX_RETRY_COUNT)) { +- retryCount++; +- /* 1ms delay to give ESE polling delay */ +- /*i2c driver back off delay is providing 1ms wait time so ignoring waiting time at this level*/ +- sm_sleep(ESE_POLL_DELAY_MS); +- LOG_D("_i2c_write() failed. Going to retry, counter:%d !", retryCount); +- continue; +- } +- return -1; +- } +- else { +- numWrote = nNbBytesToWrite; +- sm_sleep(ESE_POLL_DELAY_MS); +- break; +- } +- } while (ret != I2C_OK); +- return numWrote; +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h +deleted file mode 100644 +index 8b44bc7d69..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEsePal_i2c.h ++++ /dev/null +@@ -1,110 +0,0 @@ +-/* +- * Copyright 2010-2014,2018-2020 NXP +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +- /** +- * \addtogroup eSe_PAL_I2C +- * \brief PAL I2C port implementation for linux +- * @{ */ +-#ifndef _PHNXPESE_PAL_I2C_H +-#define _PHNXPESE_PAL_I2C_H +- +-/* Basic type definitions */ +-#include +- +- +-/*! +- * \brief ESE Poll timeout (min 1 miliseconds) +- */ +-#define ESE_POLL_DELAY_MS (1) +-/*! +- * \brief ESE Poll timeout. +- * As Max WTX timeout is 1sec, select ESE_NAD_POLLING_MAX count in such a way that WTX request frm SE is not skiped +- * select target value is 2 sec. +- * +- * Note: Here ESE_NAD_POLLING_MAX is depend on platform, If i2c driver does not have backoff delay implemented, +- * then set ESE_NAD_POLLING_MAX value to >=300 +- * +- */ +-#if AX_EMBEDDED //back off delay is implemented for AX_EMBEDDED devices +- /*TODO:semslite need more than 20 polling count right now max is set to 60 as 46 was the max sof counter observed +- SIMW-2927*/ +-#if defined(LPC_55x) +- #define ESE_NAD_POLLING_MAX (2*250) +- #else +- #define ESE_NAD_POLLING_MAX (2*30) +-#endif +-#else +- #define ESE_NAD_POLLING_MAX (2*250) +-#endif +-/*! +- * \brief Max retry count for Write +- */ +-#define MAX_RETRY_COUNT 3 +- +-/*! +- * \brief ESE wakeup delay in case of write error retry +- */ +-#define WAKE_UP_DELAY_MS 5 //5 ms +-/*! +- * \brief ESE wakeup delay in case of write error retry +- */ +-#define NAD_POLLING_SCALER 1 +-/*! +- * \brief ESE wakeup delay in case of write error retry +- */ +-#define CHAINED_PKT_SCALER 1 +-/*! +- * \brief This function is used to set slave address of ESE +- * +- */ +-// #define I2C_MASTER_SLAVE_ADDR_7BIT (0x90U >> 1) //slve bit address is 20U but driver do right shift so set to 40U +-#define SMCOM_I2C_ADDRESS (0x90) +- +-/*! +- * \ingroup eSe_PAL_I2C +- * +- * \brief PAL Configuration exposed to upper layer. +- */ +-typedef struct phPalEse_Config +-{ +- int8_t *pDevName; +- /*!< Port name connected to ESE +- * +- * Platform specific canonical device name to which ESE is connected. +- * +- * e.g. On Linux based systems this would be /dev/p73 +- */ +- +- int8_t DeviceAddress; +- /*!< I2C Address of SE connected +- */ +- +- uint32_t dwBaudRate; +- /*!< Communication speed between DH and ESE +- * +- * This is the baudrate of the bus for communication between DH and ESE +- */ +- +- void *pDevHandle; +- /*!< Device handle output */ +-} phPalEse_Config_t,*pphPalEse_Config_t; /* pointer to phPalEse_Config_t */ +- +-void phPalEse_i2c_close(void *pDevHandle); +-ESESTATUS phPalEse_i2c_open_and_configure(pphPalEse_Config_t pConfig); +-int phPalEse_i2c_read(void *pDevHandle, uint8_t * pBuffer, int nNbBytesToRead); +-int phPalEse_i2c_write(void *pDevHandle,uint8_t * pBuffer, int nNbBytesToWrite); +-/** @} */ +-#endif /* _PHNXPESE_PAL_I2C_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.c +deleted file mode 100644 +index b6d167c71a..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.c ++++ /dev/null +@@ -1,1697 +0,0 @@ +-/* +- * Copyright 2012-2014,2018-2020 NXP +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +-#include +-#include +-#include +-#include "sm_types.h" +-#include "sm_timer.h" +- +-#ifdef FLOW_VERBOSE +-#define NX_LOG_ENABLE_SMCOM_DEBUG 1 +-#endif +- +-#include "nxLog_smCom.h" +-#include "nxEnsure.h" +- +-/** +- * \addtogroup ISO7816-3_protocol_lib +- * +- * @{ */ +- +-phNxpEseProto7816_t phNxpEseProto7816_3_Var; +- +-/****************************************************************************** +-\section Introduction Introduction +- +- * This module provide the 7816-3 protocol level implementation for ESE +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_SendRawFrame(void* conn_ctx, uint32_t data_len, uint8_t *p_data); +-static bool_t phNxpEseProto7816_GetRawFrame(void* conn_ctx, uint32_t *data_len, uint8_t **pp_data); +-static uint16_t phNxpEseProto7816_ComputeCRC(unsigned char *p_buff, uint32_t offset, +- uint32_t length); +-static bool_t phNxpEseProto7816_CheckCRC(uint32_t data_len, uint8_t *p_data); +-static bool_t phNxpEseProto7816_SendSFrame(void* conn_ctx, sFrameInfo_t sFrameData); +-static bool_t phNxpEseProto7816_SendIframe(void* conn_ctx, iFrameInfo_t iFrameData); +-static bool_t phNxpEseProto7816_sendRframe(void* conn_ctx, rFrameTypes_t rFrameType); +-static bool_t phNxpEseProto7816_SetFirstIframeContxt(void); +-static bool_t phNxpEseProto7816_SetNextIframeContxt(void); +-static bool_t phNxpEseProro7816_SaveRxframeData(uint8_t *p_data, uint32_t data_len); +-static bool_t phNxpEseProto7816_ResetRecovery(void); +-static bool_t phNxpEseProto7816_RecoverySteps(void); +-static bool_t phNxpEseProto7816_DecodeFrame(uint8_t *p_data, uint32_t data_len); +-static bool_t phNxpEseProto7816_ProcessResponse(void* conn_ctx); +-static bool_t TransceiveProcess(void* conn_ctx); +-static bool_t phNxpEseProto7816_RSync(void* conn_ctx); +- +-/****************************************************************************** +- * Function phNxpEseProto7816_SendRawFrame +- * +- * Description This internal function is called send the data to ESE +- * +- * param[in] uint32_t: number of bytes to be written +- * param[in] uint8_t : data buffer +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_SendRawFrame(void* conn_ctx, uint32_t data_len, uint8_t *p_data) +-{ +- ESESTATUS status = ESESTATUS_FAILED; +- status = phNxpEse_WriteFrame(conn_ctx, data_len, p_data); +- if (ESESTATUS_SUCCESS != status) +- { +- LOG_E("%s Error phNxpEse_WriteFrame ", __FUNCTION__); +- } +- +- return (status == ESESTATUS_SUCCESS)?TRUE : FALSE; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_GetRawFrame +- * +- * Description This internal function is called read the data from the ESE +- * +- * param[out] uint32_t: number of bytes read +- * param[out] uint8_t : Read data from ESE +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_GetRawFrame(void* conn_ctx, uint32_t *data_len, uint8_t **pp_data) +-{ +- bool_t bStatus = FALSE; +- ESESTATUS status = ESESTATUS_FAILED; +- +- status = phNxpEse_read(conn_ctx, data_len, pp_data); +- if (ESESTATUS_SUCCESS != status) +- { +- LOG_E("%s phNxpEse_read failed , status : 0x%x ", __FUNCTION__, status); +- } +- else +- { +- bStatus = TRUE; +- } +- return bStatus; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_ComputeCRC +- * +- * Description This internal function is called compute the CRC +- * +- * param[in] unsigned char: data buffer +- * param[in] uint32_t : offset from which CRC to be calculated +- * param[in] uint32_t : total length of frame +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-static uint16_t phNxpEseProto7816_ComputeCRC(unsigned char *p_buff, uint32_t offset, +- uint32_t length) +-{ +- uint16_t CAL_CRC = 0xFFFF, CRC = 0x0000; +- uint32_t i = 0; +- +- ENSURE_OR_GO_EXIT(p_buff != NULL); +- for (i = offset; i < length; i++) +- { +- CAL_CRC ^= p_buff[i]; +- for (int bit = 8; bit > 0; --bit) +- { +- if ((CAL_CRC & 0x0001) == 0x0001) +- { +- CAL_CRC = (unsigned short)((CAL_CRC >> 1) ^ 0x8408); +- } +- else +- { +- CAL_CRC >>= 1; +- } +- } +- +- } +- CAL_CRC ^=0xFFFF; +-#if defined(T1oI2C_UM11225) +- CRC = ((CAL_CRC & 0xFF) << 8) | ((CAL_CRC >> 8) & 0xFF); +-#elif defined(T1oI2C_GP1_0) +- CRC = CAL_CRC; +-#endif +-exit: +- return (uint16_t) CRC; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_CheckCRC +- * +- * Description This internal function is called compute and compare the +- * received CRC of the received data +- * +- * param[in] uint32_t : frame length +- * param[in] uint8_t: data buffer +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_CheckCRC(uint32_t data_len, uint8_t *p_data) +-{ +- bool_t status = FALSE; +- uint16_t calc_crc = 0; +- uint16_t recv_crc = 0; +- +- ENSURE_OR_GO_EXIT(p_data != NULL); +- status = TRUE; +- +- recv_crc = p_data[data_len - 2] <<8 | p_data[data_len - 1] ; //combine 2 byte CRC +- +- /* calculate the CRC after excluding Recieved CRC */ +- /* CRC calculation includes NAD byte, so offset is set to 0 */ +- calc_crc = phNxpEseProto7816_ComputeCRC(p_data, 0, (data_len -2)); +- LOG_D("Received CRC:0x%x Calculated CRC:0x%x ", recv_crc, calc_crc); +- if (recv_crc != calc_crc) +- { +- status = FALSE; +- LOG_E("%s CRC failed ", __FUNCTION__); +- } +-exit: +- return status; +-} +- +-/****************************************************************************** +- * Function getMaxSupportedSendIFrameSize +- * +- * Description This internal function is called to get the max supported +- * I-frame size +- * +- * param[in] void +- * +- * Returns IFSC_SIZE_SEND +- * +- ******************************************************************************/ +-uint8_t getMaxSupportedSendIFrameSize(void) +-{ +- return IFSC_SIZE_SEND ; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_SendSFrame +- * +- * Description This internal function is called to send S-frame with all +- * updated 7816-3 headers +- * +- * param[in] sFrameInfo_t: Info about S frame +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_SendSFrame(void* conn_ctx, sFrameInfo_t sFrameData) +-{ +- bool_t status = ESESTATUS_FAILED; +- uint32_t frame_len = 0; +- uint8_t p_framebuff[7] = {0}; +- uint8_t pcb_byte = 0; +- sFrameInfo_t sframeData = sFrameData; +- uint16_t calc_crc=0; +- /* This update is helpful in-case a R-NACK is transmitted from the MW */ +- phNxpEseProto7816_3_Var.lastSentNonErrorframeType = SFRAME; +- switch(sframeData.sFrameType) +- { +- case RESYNCH_REQ: +- frame_len = (PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN); +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] = 0; +-#if defined(T1oI2C_GP1_0) +- /* T =1 GP block format LEN field is of 2 byte*/ +- p_framebuff[PH_PROPTO_7816_LEN_LOWER_OFFSET] = 0; +-#endif +- p_framebuff[PH_PROPTO_7816_INF_BYTE_OFFSET] = 0x00; +- +- pcb_byte |= PH_PROTO_7816_S_BLOCK_REQ; /* PCB */ +- pcb_byte |= PH_PROTO_7816_S_RESYNCH; +- break; +-#if defined(T1oI2C_UM11225) +- case INTF_RESET_REQ: +- frame_len = (PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN); +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] = 0; +- p_framebuff[PH_PROPTO_7816_INF_BYTE_OFFSET] = 0x00; +- +- pcb_byte |= PH_PROTO_7816_S_BLOCK_REQ; /* PCB */ +- pcb_byte |= PH_PROTO_7816_S_RESET; +- break; +- case PROP_END_APDU_REQ: +- frame_len = (PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN); +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] = 0; +- p_framebuff[PH_PROPTO_7816_INF_BYTE_OFFSET] = 0x00; +- +- pcb_byte |= PH_PROTO_7816_S_BLOCK_REQ; /* PCB */ +- pcb_byte |= PH_PROTO_7816_S_END_OF_APDU; +- break; +- case ATR_REQ: +- frame_len = (PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN); +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] = 0; +- p_framebuff[PH_PROPTO_7816_INF_BYTE_OFFSET] = 0x00; +- +- pcb_byte |= PH_PROTO_7816_S_BLOCK_REQ; /* PCB */ +- pcb_byte |= PH_PROTO_7816_S_GET_ATR; +- break; +-#endif +- case WTX_RSP: +- frame_len = (PH_PROTO_7816_HEADER_LEN + 1 + PH_PROTO_7816_CRC_LEN); +-#if defined(T1oI2C_UM11225) +- /* T =1 UM11225 SE050 block format LEN field is of 2 byte*/ +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] = 0x01; +-#elif defined(T1oI2C_GP1_0) +- /* T =1 GP block format LEN field is of 2 byte*/ +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] = 0x00; +- p_framebuff[PH_PROPTO_7816_LEN_LOWER_OFFSET] = 0x01; +-#endif +- p_framebuff[PH_PROPTO_7816_INF_BYTE_OFFSET] = 0x01; +- +- pcb_byte |= PH_PROTO_7816_S_BLOCK_RSP; +- pcb_byte |= PH_PROTO_7816_S_WTX; +- break; +-#if defined(T1oI2C_UM11225) +- case CHIP_RESET_REQ: +- frame_len = (PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN); +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] = 0; +- p_framebuff[PH_PROPTO_7816_INF_BYTE_OFFSET] = 0x00; +- +- pcb_byte |= PH_PROTO_7816_S_BLOCK_REQ; /* PCB */ +- pcb_byte |= PH_PROTO_7816_S_CHIP_RST; +- break; +-#endif +-#if defined(T1oI2C_GP1_0) +- case SWR_REQ: +- frame_len = (PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN); +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] = 0; +- p_framebuff[PH_PROPTO_7816_LEN_LOWER_OFFSET] = 0; +- p_framebuff[PH_PROPTO_7816_INF_BYTE_OFFSET] = 0x00; +- +- pcb_byte |= PH_PROTO_7816_S_BLOCK_REQ; /* PCB */ +- pcb_byte |= PH_PROTO_7816_S_SWR; +- break; +- case RELEASE_REQ: +- frame_len = (PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN); +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] = 0; +- p_framebuff[PH_PROPTO_7816_LEN_LOWER_OFFSET] = 0; +- p_framebuff[PH_PROPTO_7816_INF_BYTE_OFFSET] = 0x00; +- +- pcb_byte |= PH_PROTO_7816_S_BLOCK_REQ; /* PCB */ +- pcb_byte |= PH_PROTO_7816_S_RELEASE; +- break; +- case CIP_REQ: +- frame_len = (PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN); +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] = 0; +- p_framebuff[PH_PROPTO_7816_LEN_LOWER_OFFSET] = 0; +- p_framebuff[PH_PROPTO_7816_INF_BYTE_OFFSET] = 0x00; +- +- pcb_byte |= PH_PROTO_7816_S_BLOCK_REQ; /* PCB */ +- pcb_byte |= PH_PROTO_7816_S_GET_CIP; +- break; +- case COLD_RESET_REQ: +- frame_len = (PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN); +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] = 0; +- p_framebuff[PH_PROPTO_7816_LEN_LOWER_OFFSET] = 0; +- p_framebuff[PH_PROPTO_7816_INF_BYTE_OFFSET] = 0x00; +- +- pcb_byte |= PH_PROTO_7816_S_BLOCK_REQ; /* PCB */ +- pcb_byte |= PH_PROTO_7816_S_COLD_RST; +- break; +-#endif +- default: +- LOG_E(" %s :Invalid S-block",__FUNCTION__); +- return status; +- } +- +- /* frame the packet */ +- p_framebuff[PH_PROPTO_7816_NAD_OFFSET] = 0x5A; /* NAD Byte */ +- p_framebuff[PH_PROPTO_7816_PCB_OFFSET] = pcb_byte; /* PCB */ +- +- calc_crc = phNxpEseProto7816_ComputeCRC(p_framebuff, 0,(frame_len - 2)); +- p_framebuff[frame_len - 2] = (calc_crc >> 8) & 0xFF; +- p_framebuff[frame_len - 1] = calc_crc & 0xFF; +- LOG_D("S-Frame PCB: %x ", p_framebuff[PH_PROPTO_7816_PCB_OFFSET]); +- status = phNxpEseProto7816_SendRawFrame(conn_ctx, frame_len, p_framebuff); +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_sendRframe +- * +- * Description This internal function is called to send R-frame with all +- * updated 7816-3 headers +- * +- * param[in] sFrameInfo_t: Info about R frame +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_sendRframe(void* conn_ctx, rFrameTypes_t rFrameType) +-{ +- bool_t status = FALSE; +-#if defined(T1oI2C_UM11225) +- uint8_t recv_ack[5]= {0x5A,0x80,0x00,0x00,0x00}; +-#elif defined(T1oI2C_GP1_0) +- uint8_t recv_ack[6]= {0x5A,0x80,0x00,0x00,0x00,0x00}; +-#endif +- uint16_t calc_crc=0; +- iFrameInfo_t *pRx_lastRcvdIframeInfo = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx.lastRcvdIframeInfo; +- rFrameInfo_t *pNextTx_RframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.RframeInfo; +- if(RNACK == rFrameType) /* R-NACK */ +- { +- switch(pNextTx_RframeInfo->errCode) +- { +- case PARITY_ERROR: +- recv_ack[PH_PROPTO_7816_PCB_OFFSET] |= (0x01 & 0xFF); +- break; +- +- case OTHER_ERROR: +- recv_ack[PH_PROPTO_7816_PCB_OFFSET] |= (0x02 & 0xFF); +- break; +- +- case SOF_MISSED_ERROR: +- case UNDEFINED_ERROR: +- recv_ack[PH_PROPTO_7816_PCB_OFFSET] |= (0x03 & 0xFF); +- break; +- +- default: +- break; +- } +- } +- else /* R-ACK*/ +- { +- /* This update is helpful in-case a R-NACK is transmitted from the MW */ +- phNxpEseProto7816_3_Var.lastSentNonErrorframeType = RFRAME; +- } +- +- recv_ack[PH_PROPTO_7816_PCB_OFFSET] |= ((pRx_lastRcvdIframeInfo->seqNo ^ 1) << 4); +- LOG_D("%s recv_ack[PH_PROPTO_7816_PCB_OFFSET]:0x%x ", __FUNCTION__, recv_ack[PH_PROPTO_7816_PCB_OFFSET]); +- calc_crc = phNxpEseProto7816_ComputeCRC(recv_ack, 0x00, (sizeof(recv_ack) -2)); +- +- recv_ack[(sizeof(recv_ack) -2)] = (calc_crc >> 8) & 0xFF; +- recv_ack[(sizeof(recv_ack) -1)] = calc_crc &0xFF ; +- status = phNxpEseProto7816_SendRawFrame(conn_ctx, sizeof(recv_ack), recv_ack); +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_SendIframe +- * +- * Description This internal function is called to send I-frame with all +- * updated 7816-3 headers +- * +- * param[in] sFrameInfo_t: Info about I frame +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_SendIframe(void* conn_ctx, iFrameInfo_t iFrameData) +-{ +- bool_t status = FALSE; +- uint32_t frame_len = 0; +- uint8_t p_framebuff[MAX_DATA_LEN]; +- uint8_t pcb_byte = 0; +- uint16_t calc_crc = 0; +- iFrameInfo_t *pNextTx_IframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.IframeInfo; +- +- if (0 == iFrameData.sendDataLen) +- { +- LOG_E("%s Line: [%d] I frame Len is 0, INVALID ",__FUNCTION__,__LINE__); +- return FALSE; +- } +- /* This update is helpful in-case a R-NACK is transmitted from the MW */ +- phNxpEseProto7816_3_Var.lastSentNonErrorframeType = IFRAME; +- frame_len = (iFrameData.sendDataLen+ PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN); +- +- /* frame the packet */ +- p_framebuff[PH_PROPTO_7816_NAD_OFFSET] = SEND_PACKET_SOF; /* NAD Byte */ +- +- if (iFrameData.isChained) +- { +- /* make B6 (M) bit high */ +- pcb_byte |= PH_PROTO_7816_CHAINING; +- } +- +- /* Update the send seq no */ +- pcb_byte |= (pNextTx_IframeInfo->seqNo << 6); +- +- /* store the pcb byte */ +- p_framebuff[PH_PROPTO_7816_PCB_OFFSET] = pcb_byte; +-#if defined(T1oI2C_UM11225) +- /* store I frame length */ +- /* for T1oI2C_UM11225 LEN field is of 1 byte*/ +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] =iFrameData.sendDataLen; +-#elif defined(T1oI2C_GP1_0) +- /* store I frame length */ +- /* for T1oI2C_GP1_0 LEN field is of 2 byte*/ +- p_framebuff[PH_PROPTO_7816_LEN_UPPER_OFFSET] =(((uint16_t)iFrameData.sendDataLen) >> 8 & 0xff); +- p_framebuff[PH_PROPTO_7816_LEN_LOWER_OFFSET] =(((uint16_t)iFrameData.sendDataLen) & 0xff); +-#endif +- /* store I frame */ +- phNxpEse_memcpy(&(p_framebuff[PH_PROPTO_7816_INF_BYTE_OFFSET]), iFrameData.p_data + iFrameData.dataOffset, iFrameData.sendDataLen); +- calc_crc = phNxpEseProto7816_ComputeCRC(p_framebuff, 0, (frame_len - 2)); +- +- p_framebuff[frame_len - 2] = (calc_crc >> 8) & 0xff; +- p_framebuff[frame_len - 1] = calc_crc & 0xff; +- status = phNxpEseProto7816_SendRawFrame(conn_ctx, frame_len, p_framebuff); +- +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_SetFirstIframeContxt +- * +- * Description This internal function is called to set the context for next I-frame. +- * Not applicable for the first I-frame of the transceive +- * +- * param[in] void +- * +- * Returns Always return TRUE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_SetFirstIframeContxt(void) +-{ +- phNxpEseRx_Cntx_t *pRx_EseCntx = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx; +- iFrameInfo_t *pNextTx_IframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.IframeInfo; +- iFrameInfo_t *pLastTx_IframeInfo = &phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.IframeInfo; +- +- pNextTx_IframeInfo->dataOffset = 0; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType = IFRAME; +- pNextTx_IframeInfo->seqNo = pLastTx_IframeInfo->seqNo ^ 1; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_IFRAME; +- pRx_EseCntx->pRsp->len = 0; +- if (pNextTx_IframeInfo->totalDataLen > pNextTx_IframeInfo->maxDataLen) { +- pNextTx_IframeInfo->isChained = TRUE; +- pNextTx_IframeInfo->sendDataLen = pNextTx_IframeInfo->maxDataLen; +- pNextTx_IframeInfo->totalDataLen = pNextTx_IframeInfo->totalDataLen - pNextTx_IframeInfo->maxDataLen; +- } +- else +- { +- pNextTx_IframeInfo->sendDataLen = pNextTx_IframeInfo->totalDataLen; +- pNextTx_IframeInfo->isChained = FALSE; +- } +- LOG_D("I-Frame Data Len: %ld Seq. no:%d ", pNextTx_IframeInfo->sendDataLen, pNextTx_IframeInfo->seqNo); +- return TRUE; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_SetNextIframeContxt +- * +- * Description This internal function is called to set the context for next I-frame. +- * Not applicable for the first I-frame of the transceive +- * +- * param[in] void +- * +- * Returns Always return TRUE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_SetNextIframeContxt(void) +-{ +- iFrameInfo_t *pNextTx_IframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.IframeInfo; +- iFrameInfo_t *pLastTx_IframeInfo = &phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.IframeInfo; +- +- /* Expecting to reach here only after first of chained I-frame is sent and before the last chained is sent */ +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType = IFRAME; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_IFRAME; +- +- pNextTx_IframeInfo->seqNo = pLastTx_IframeInfo->seqNo ^ 1; +- pNextTx_IframeInfo->dataOffset = pLastTx_IframeInfo->dataOffset + pLastTx_IframeInfo->maxDataLen; +- pNextTx_IframeInfo->p_data = pLastTx_IframeInfo->p_data; +- pNextTx_IframeInfo->maxDataLen = pLastTx_IframeInfo->maxDataLen; +- +- //if chained +- if (pLastTx_IframeInfo->totalDataLen > pLastTx_IframeInfo->maxDataLen) { +- LOG_D("%s Process Chained Frame ",__FUNCTION__); +- pNextTx_IframeInfo->isChained = TRUE; +- pNextTx_IframeInfo->sendDataLen = pLastTx_IframeInfo->maxDataLen; +- pNextTx_IframeInfo->totalDataLen = pLastTx_IframeInfo->totalDataLen - pLastTx_IframeInfo->maxDataLen; +- } +- else +- { +- pNextTx_IframeInfo->isChained = FALSE; +- pNextTx_IframeInfo->sendDataLen = pLastTx_IframeInfo->totalDataLen; +- } +- LOG_D("I-Frame Data Len: %ld ", pNextTx_IframeInfo->sendDataLen); +- return TRUE; +-} +- +-/****************************************************************************** +- * Function phNxpEseProro7816_SaveRxframeData +- * +- * Description This internal function is called to save recv frame data +- * +- * param[in] uint8_t: data buffer +- * param[in] uint32_t: buffer length +- * +- * Returns Always return TRUE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProro7816_SaveRxframeData(uint8_t *p_data, uint32_t data_len) +-{ +- uint32_t offset = 0; +- phNxpEseRx_Cntx_t *pRx_EseCntx = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx; +- LOG_D("Data[0]=0x%x len=%ld Data[%ld]=0x%x Data[%ld]=0x%x ", p_data[0], data_len,data_len-1, p_data[data_len-2],p_data[data_len-1]); +- if (pRx_EseCntx->pRsp != NULL) { +- offset = pRx_EseCntx->pRsp->len; +- phNxpEse_memcpy((pRx_EseCntx->pRsp->p_data + offset), p_data, data_len); +- pRx_EseCntx->pRsp->len += data_len; +- return TRUE; +- } +- else { +- LOG_E("Unsolicited response"); +- return FALSE; +- } +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_ResetRecovery +- * +- * Description This internal function is called to do reset the recovery pareameters +- * +- * param[in] void +- * +- * Returns Always return TRUE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_ResetRecovery(void) +-{ +- phNxpEseProto7816_3_Var.recoveryCounter = 0; +- return TRUE; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_RecoverySteps +- * +- * Description This internal function is called when 7816-3 stack failed to recover +- * after PH_PROTO_7816_FRAME_RETRY_COUNT, and the interface has to be +- * recovered +- * +- * param[in] void +- * +- * Returns Always return TRUE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_RecoverySteps(void) +-{ +- sFrameInfo_t *pRx_lastRcvdSframeInfo = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx.lastRcvdSframeInfo; +- sFrameInfo_t *pNextTx_SframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.SframeInfo; +- +- if(phNxpEseProto7816_3_Var.recoveryCounter <= PH_PROTO_7816_FRAME_RETRY_COUNT) +- { +-#if defined(T1oI2C_UM11225) +- pRx_lastRcvdSframeInfo->sFrameType = INTF_RESET_REQ; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = INTF_RESET_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_INTF_RST; +-#elif defined(T1oI2C_GP1_0) +- pRx_lastRcvdSframeInfo->sFrameType = SWR_REQ; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = SWR_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_SWR; +-#endif +- } +- else +- { /* If recovery fails */ +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- } +- return TRUE; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_DecodeSFrameData +- * +- * Description This internal function is to decode S-frame payload. +- * +- * param[in] uint8_t; data buffer +- * +- * Returns void +- * +- ******************************************************************************/ +-static void phNxpEseProto7816_DecodeSFrameData(uint8_t *p_data) +-{ +- uint8_t maxSframeLen = 0, frameOffset = 0; +- +- ENSURE_OR_GO_EXIT(p_data != NULL); +-#if defined(T1oI2C_UM11225) +- frameOffset = PH_PROPTO_7816_LEN_UPPER_OFFSET; +-#elif defined(T1oI2C_GP1_0) +- /* current GP implementation support max payload of 0x00FE, so considering lower offset */ +- frameOffset = PH_PROPTO_7816_LEN_LOWER_OFFSET; +-#endif +- maxSframeLen = p_data[frameOffset] + frameOffset; /* to be in sync with offset which starts from index 0 */ +- while(maxSframeLen > frameOffset) +- { +- frameOffset += 1; /* To get the Type (TLV) */ +- LOG_D("%s frameoffset=%d value=0x%x ", __FUNCTION__, frameOffset, p_data[frameOffset]); +- frameOffset += p_data[frameOffset + 1]; /* Goto the end of current marker */ +- +- } +-exit: +- return; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_DecodeFrame +- * +- * Description This internal function is used to +- * 1. Identify the received frame +- * 2. If the received frame is I-frame with expected sequence number, store it or else send R-NACK +- 3. If the received frame is R-frame, +- 3.1 R-ACK with expected seq. number: Send the next chained I-frame +- 3.2 R-ACK with different sequence number: Sebd the R-Nack +- 3.3 R-NACK: Re-send the last frame +- 4. If the received frame is S-frame, send back the correct S-frame response. +- * +- * param[in] uint8_t : data buffer +- * param[in] uint32_t : buffer length +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_DecodeFrame(uint8_t *p_data, uint32_t data_len) +-{ +- bool_t status = TRUE; +- uint8_t pcb; +- phNxpEseProto7816_PCB_bits_t pcb_bits; +- iFrameInfo_t *pRx_lastRcvdIframeInfo = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx.lastRcvdIframeInfo; +- rFrameInfo_t *pNextTx_RframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.RframeInfo; +- sFrameInfo_t *pNextTx_SframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.SframeInfo; +- iFrameInfo_t *pLastTx_IframeInfo = &phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.IframeInfo; +- sFrameInfo_t *pLastTx_SframeInfo = &phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.SframeInfo; +- rFrameInfo_t *pRx_lastRcvdRframeInfo = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx.lastRcvdRframeInfo; +- sFrameInfo_t *pRx_lastRcvdSframeInfo = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx.lastRcvdSframeInfo; +- +- LOG_D("Retry Counter = %d ", phNxpEseProto7816_3_Var.recoveryCounter); +- +- ENSURE_OR_GO_EXIT(p_data != NULL); +- +- pcb = p_data[PH_PROPTO_7816_PCB_OFFSET]; +- phNxpEse_memset(&pcb_bits, 0x00, sizeof(phNxpEseProto7816_PCB_bits_t)); +- phNxpEse_memcpy(&pcb_bits, &pcb, sizeof(uint8_t)); +- +- if (0x00 == pcb_bits.msb) /* I-FRAME decoded should come here */ +- { +- LOG_D("%s I-Frame Received ", __FUNCTION__); +- phNxpEseProto7816_3_Var.wtx_counter = 0; +- phNxpEseProto7816_3_Var.phNxpEseRx_Cntx.lastRcvdFrameType = IFRAME ; +- if (pRx_lastRcvdIframeInfo->seqNo != pcb_bits.bit7) // != pcb_bits->bit7) +- { +- LOG_D("%s I-Frame lastRcvdIframeInfo.seqNo:0x%x ", __FUNCTION__, pcb_bits.bit7); +- phNxpEseProto7816_ResetRecovery(); +- pRx_lastRcvdIframeInfo->seqNo = 0x00; +- pRx_lastRcvdIframeInfo->seqNo |= pcb_bits.bit7; +- +- if (pcb_bits.bit6) +- { +- pRx_lastRcvdIframeInfo->isChained = TRUE; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType = RFRAME; +- pNextTx_RframeInfo->errCode = NO_ERROR; +- phNxpEseProro7816_SaveRxframeData(&p_data[PH_PROPTO_7816_INF_BYTE_OFFSET], data_len - PH_PROTO_7816_INF_FILED); +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_R_ACK ; +- } +- else +- { +- pRx_lastRcvdIframeInfo->isChained = FALSE; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- phNxpEseProro7816_SaveRxframeData(&p_data[PH_PROPTO_7816_INF_BYTE_OFFSET], data_len - PH_PROTO_7816_INF_FILED); +- } +- } +- else +- { +- sm_sleep(DELAY_ERROR_RECOVERY/1000); +- if(phNxpEseProto7816_3_Var.recoveryCounter < PH_PROTO_7816_FRAME_RETRY_COUNT) +- { +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType = RFRAME; +- pNextTx_RframeInfo->errCode = OTHER_ERROR; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_R_NACK ; +- phNxpEseProto7816_3_Var.recoveryCounter++; +- } +- else +- { +- phNxpEseProto7816_RecoverySteps(); +- phNxpEseProto7816_3_Var.recoveryCounter++; +- } +- } +- } +- else if ((0x01 == pcb_bits.msb) && (0x00 == pcb_bits.bit7)) /* R-FRAME decoded should come here */ +- { +- LOG_D("%s R-Frame Received", __FUNCTION__); +- phNxpEseProto7816_3_Var.wtx_counter = 0; +- phNxpEseProto7816_3_Var.phNxpEseRx_Cntx.lastRcvdFrameType = RFRAME; +- pRx_lastRcvdRframeInfo->seqNo = 0; // = 0; +- pRx_lastRcvdRframeInfo->seqNo |= pcb_bits.bit5; +- +- if ((pcb_bits.lsb == 0x00) && (pcb_bits.bit2 == 0x00)) +- { +- pRx_lastRcvdRframeInfo->errCode = NO_ERROR; +- phNxpEseProto7816_ResetRecovery(); +- if (pRx_lastRcvdRframeInfo->seqNo != pLastTx_IframeInfo->seqNo) { +- phNxpEseProto7816_SetNextIframeContxt(); +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_IFRAME; +- } +- +- } /* Error handling 1 : Parity error */ +- else if (((pcb_bits.lsb == 0x01) && (pcb_bits.bit2 == 0x00)) || +- /* Error handling 2: Other indicated error */ +- ((pcb_bits.lsb == 0x00) && (pcb_bits.bit2 == 0x01))) +- { +- sm_sleep(DELAY_ERROR_RECOVERY/1000); +- if((pcb_bits.lsb == 0x00) && (pcb_bits.bit2 == 0x01)) +- pRx_lastRcvdRframeInfo->errCode = OTHER_ERROR; +- else +- pRx_lastRcvdRframeInfo->errCode = PARITY_ERROR; +- if(phNxpEseProto7816_3_Var.recoveryCounter < PH_PROTO_7816_FRAME_RETRY_COUNT) +- { +- if(phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.FrameType == IFRAME) +- { +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx = phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_IFRAME; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType = IFRAME; +- } +- else if(phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.FrameType == RFRAME) +- { +- /* Usecase to reach the below case: +- I-frame sent first, followed by R-NACK and we receive a R-NACK with +- last sent I-frame sequence number*/ +- if ((pRx_lastRcvdRframeInfo->seqNo == pLastTx_IframeInfo->seqNo) && +- (phNxpEseProto7816_3_Var.lastSentNonErrorframeType == IFRAME)) { +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx = phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_IFRAME; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType = IFRAME; +- } +- /* Usecase to reach the below case: +- R-frame sent first, followed by R-NACK and we receive a R-NACK with +- next expected I-frame sequence number*/ +- else if ((pRx_lastRcvdRframeInfo->seqNo != pLastTx_IframeInfo->seqNo) && +- (phNxpEseProto7816_3_Var.lastSentNonErrorframeType == RFRAME)) { +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType = RFRAME; +- pNextTx_RframeInfo->errCode = NO_ERROR; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_R_ACK ; +- } +- /* Usecase to reach the below case: +- I-frame sent first, followed by R-NACK and we receive a R-NACK with +- next expected I-frame sequence number + all the other unexpected scenarios */ +- else +- { +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= RFRAME; +- pNextTx_RframeInfo->errCode = OTHER_ERROR; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_R_NACK ; +- } +- } +- else if(phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.FrameType == SFRAME) +- { +- /* Copy the last S frame sent */ +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx = phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx; +- } +- phNxpEseProto7816_3_Var.recoveryCounter++; +- } +- else +- { +- phNxpEseProto7816_RecoverySteps(); +- phNxpEseProto7816_3_Var.recoveryCounter++; +- } +- //resend previously send I frame +- } +- /* Error handling 3 */ +- else if ((pcb_bits.lsb == 0x01) && (pcb_bits.bit2 == 0x01)) +- { +- sm_sleep(DELAY_ERROR_RECOVERY/1000); +- if(phNxpEseProto7816_3_Var.recoveryCounter < PH_PROTO_7816_FRAME_RETRY_COUNT) +- { +- pRx_lastRcvdRframeInfo->errCode = SOF_MISSED_ERROR; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx = phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx; +- phNxpEseProto7816_3_Var.recoveryCounter++; +- } +- else +- { +- phNxpEseProto7816_RecoverySteps(); +- phNxpEseProto7816_3_Var.recoveryCounter++; +- } +- } +- } +- else if ((0x01 == pcb_bits.msb) && (0x01 == pcb_bits.bit7)) /* S-FRAME decoded should come here */ +- { +- LOG_D("%s S-Frame Received ", __FUNCTION__); +- int32_t frameType = (int32_t)(pcb & 0x3F); /*discard upper 2 bits */ +- phNxpEseProto7816_3_Var.phNxpEseRx_Cntx.lastRcvdFrameType = SFRAME; +- if(frameType!=WTX_REQ) +- { +- phNxpEseProto7816_3_Var.wtx_counter = 0; +- } +- switch(frameType) +- { +- case RESYNCH_RSP: +- pRx_lastRcvdSframeInfo->sFrameType = RESYNCH_RSP; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= UNKNOWN; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- break; +- case IFSC_RES: +- pRx_lastRcvdSframeInfo->sFrameType = IFSC_RES; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= UNKNOWN; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE ; +- break; +- case ABORT_RES: +- pRx_lastRcvdSframeInfo->sFrameType = ABORT_RES; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= UNKNOWN; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE ; +- break; +- case WTX_REQ: +- phNxpEseProto7816_3_Var.wtx_counter++; +- LOG_D("%s Wtx_counter value - %lu ", __FUNCTION__, phNxpEseProto7816_3_Var.wtx_counter); +- LOG_D("%s Wtx_counter wtx_counter_limit - %lu ", __FUNCTION__, phNxpEseProto7816_3_Var.wtx_counter_limit); +- /* Previous sent frame is some S-frame but not WTX response S-frame */ +- if (pLastTx_SframeInfo->sFrameType != WTX_RSP && +- phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.FrameType == +- SFRAME) { /* Goto recovery if it keep coming here for more than recovery counter max. value */ +- if(phNxpEseProto7816_3_Var.recoveryCounter < PH_PROTO_7816_FRAME_RETRY_COUNT) +- { /* Re-transmitting the previous sent S-frame */ +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx = phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx; +- phNxpEseProto7816_3_Var.recoveryCounter++; +- } +- else +- { +- phNxpEseProto7816_RecoverySteps(); +- phNxpEseProto7816_3_Var.recoveryCounter++; +- } +- } +- else +- { /* Checking for WTX counter with max. allowed WTX count */ +- if(phNxpEseProto7816_3_Var.wtx_counter == phNxpEseProto7816_3_Var.wtx_counter_limit) +- { +-#if defined(T1oI2C_UM11225) +- phNxpEseProto7816_3_Var.wtx_counter = 0; +- pRx_lastRcvdSframeInfo->sFrameType = INTF_RESET_REQ; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = INTF_RESET_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_INTF_RST; +- LOG_E("%s Interface Reset to eSE wtx count reached!!! ", __FUNCTION__); +-#elif defined(T1oI2C_GP1_0) +- phNxpEseProto7816_3_Var.wtx_counter = 0; +- pRx_lastRcvdSframeInfo->sFrameType = SWR_REQ; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = SWR_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_SWR; +- LOG_E("%s Software Reset to eSE wtx count reached!!! ", __FUNCTION__); +-#endif +- } +- else +- { +- sm_sleep(DELAY_ERROR_RECOVERY/1000); +- pRx_lastRcvdSframeInfo->sFrameType = WTX_REQ; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = WTX_RSP; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_WTX_RSP ; +- } +- } +- break; +-#if defined(T1oI2C_UM11225) +- case INTF_RESET_RSP: +- if(p_data[PH_PROPTO_7816_FRAME_LENGTH_OFFSET] > 0) +- phNxpEseProto7816_DecodeSFrameData(p_data); +- phNxpEseProro7816_SaveRxframeData(&p_data[PH_PROPTO_7816_INF_BYTE_OFFSET], data_len - PH_PROTO_7816_INF_FILED); +- if(phNxpEseProto7816_3_Var.recoveryCounter > PH_PROTO_7816_FRAME_RETRY_COUNT){ +- /*Max recovery counter reached, send failure to APDU layer */ +- LOG_E("%s Max retry count reached!!! ", __FUNCTION__); +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- status = FALSE; +- } +- else{ +- phNxpEseProto7816_ResetProtoParams(); +- pRx_lastRcvdSframeInfo->sFrameType = INTF_RESET_RSP; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= UNKNOWN; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- } +- break; +- case PROP_END_APDU_RSP: +- pRx_lastRcvdSframeInfo->sFrameType = PROP_END_APDU_RSP; +- if(p_data[PH_PROPTO_7816_FRAME_LENGTH_OFFSET] > 0) +- phNxpEseProto7816_DecodeSFrameData(p_data); +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= UNKNOWN; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- break; +- case ATR_RES: +- pRx_lastRcvdSframeInfo->sFrameType = ATR_RES; +- if(p_data[PH_PROPTO_7816_FRAME_LENGTH_OFFSET] > 0) +- phNxpEseProto7816_DecodeSFrameData(p_data); +- phNxpEseProro7816_SaveRxframeData(&p_data[PH_PROPTO_7816_INF_BYTE_OFFSET], data_len - PH_PROTO_7816_INF_FILED); +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= UNKNOWN; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- break; +- case CHIP_RESET_RES: +- pRx_lastRcvdSframeInfo->sFrameType = CHIP_RESET_RES; +- if(p_data[PH_PROPTO_7816_FRAME_LENGTH_OFFSET] > 0) +- phNxpEseProto7816_DecodeSFrameData(p_data); +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= UNKNOWN; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- break; +-#endif +-#if defined(T1oI2C_GP1_0) +- case SWR_RSP: +- if(p_data[PH_PROPTO_7816_FRAME_LENGTH_OFFSET] > 0) +- phNxpEseProto7816_DecodeSFrameData(p_data); +- if(phNxpEseProto7816_3_Var.recoveryCounter > PH_PROTO_7816_FRAME_RETRY_COUNT){ +- /*Max recovery counter reached, send failure to APDU layer */ +- LOG_E("%s Max retry count reached!!! ", __FUNCTION__); +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- status = FALSE; +- } +- else{ +- phNxpEseProto7816_ResetProtoParams(); +- pRx_lastRcvdSframeInfo->sFrameType = SWR_RSP; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= UNKNOWN; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- } +- break; +- case RELEASE_RES: +- pRx_lastRcvdSframeInfo->sFrameType = RELEASE_RES; +- if(p_data[PH_PROPTO_7816_FRAME_LENGTH_OFFSET] > 0) +- phNxpEseProto7816_DecodeSFrameData(p_data); +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= UNKNOWN; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- break; +- case CIP_RES: +- pRx_lastRcvdSframeInfo->sFrameType = CIP_RES; +- if(p_data[PH_PROPTO_7816_FRAME_LENGTH_OFFSET] > 0) +- phNxpEseProto7816_DecodeSFrameData(p_data); +- phNxpEseProro7816_SaveRxframeData(&p_data[PH_PROPTO_7816_INF_BYTE_OFFSET], data_len - PH_PROTO_7816_INF_FILED); +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= UNKNOWN; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- break; +- case COLD_RESET_RES: +- pRx_lastRcvdSframeInfo->sFrameType = COLD_RESET_RES; +- if(p_data[PH_PROPTO_7816_FRAME_LENGTH_OFFSET] > 0) +- phNxpEseProto7816_DecodeSFrameData(p_data); +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= UNKNOWN; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- break; +-#endif +- default: +- LOG_E("%s Wrong S-Frame Received ", __FUNCTION__); +- break; +- } +- } +- else +- { +- LOG_E("%s Wrong-Frame Received ", __FUNCTION__); +- } +-exit: +- return status ; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_ProcessResponse +- * +- * Description This internal function is used to +- * 1. Check the CRC +- * 2. Initiate decoding of received frame of data. +- * +- * param[in] void +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_ProcessResponse(void* conn_ctx) +-{ +- uint32_t data_len = 0; +- uint8_t *p_data = NULL; +- bool_t status = FALSE; +- bool_t checkCrcPass = TRUE; +- iFrameInfo_t *pRx_lastRcvdIframeInfo = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx.lastRcvdIframeInfo; +- rFrameInfo_t *pNextTx_RframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.RframeInfo; +- sFrameInfo_t *pLastTx_SframeInfo = &phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.SframeInfo; +- +- status = phNxpEseProto7816_GetRawFrame(conn_ctx, &data_len, &p_data); +- LOG_D("%s p_data ----> %p len ----> 0x%lx ", __FUNCTION__,p_data, data_len); +- if(TRUE == status) +- { +- /* Resetting the timeout counter */ +- phNxpEseProto7816_3_Var.timeoutCounter = PH_PROTO_7816_VALUE_ZERO; +- /* CRC check followed */ +- checkCrcPass = phNxpEseProto7816_CheckCRC(data_len, p_data); +- if(checkCrcPass == TRUE) +- { +- /* Resetting the RNACK retry counter */ +- phNxpEseProto7816_3_Var.rnack_retry_counter = PH_PROTO_7816_VALUE_ZERO; +- status = phNxpEseProto7816_DecodeFrame(p_data, data_len); +- } +- else +- { +- LOG_E("%s CRC Check failed ", __FUNCTION__); +- if(phNxpEseProto7816_3_Var.rnack_retry_counter < phNxpEseProto7816_3_Var.rnack_retry_limit) +- { +- phNxpEseProto7816_3_Var.phNxpEseRx_Cntx.lastRcvdFrameType = INVALID ; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= RFRAME; +- pNextTx_RframeInfo->errCode = PARITY_ERROR; +- pNextTx_RframeInfo->seqNo = (!pRx_lastRcvdIframeInfo->seqNo) << 4; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_R_NACK ; +- phNxpEseProto7816_3_Var.rnack_retry_counter++; +- } +- else +- { +- phNxpEseProto7816_3_Var.rnack_retry_counter = PH_PROTO_7816_VALUE_ZERO; +- /* Re-transmission failed completely, Going to exit */ +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- phNxpEseProto7816_3_Var.timeoutCounter = PH_PROTO_7816_VALUE_ZERO; +- status = FALSE; +- } +- } +- } +- else +- { +- LOG_E("%s phNxpEseProto7816_GetRawFrame failed starting recovery", __FUNCTION__); +- if ((SFRAME == phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.FrameType) && +- ((WTX_RSP == pLastTx_SframeInfo->sFrameType) || (RESYNCH_RSP == pLastTx_SframeInfo->sFrameType))) { +- if(phNxpEseProto7816_3_Var.rnack_retry_counter < phNxpEseProto7816_3_Var.rnack_retry_limit) +- { +- phNxpEse_clearReadBuffer(conn_ctx); +- phNxpEseProto7816_3_Var.phNxpEseRx_Cntx.lastRcvdFrameType = INVALID ; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= RFRAME; +- pNextTx_RframeInfo->errCode = OTHER_ERROR; +- pNextTx_RframeInfo->seqNo = (!pRx_lastRcvdIframeInfo->seqNo) << 4; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_R_NACK ; +- phNxpEseProto7816_3_Var.rnack_retry_counter++; +- } +- else +- { +- LOG_E("%s Recovery failed completely, Going to exit ", __FUNCTION__); +- phNxpEseProto7816_3_Var.rnack_retry_counter = PH_PROTO_7816_VALUE_ZERO; +- /* Recovery failed completely, Going to exit */ +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- phNxpEseProto7816_3_Var.timeoutCounter = PH_PROTO_7816_VALUE_ZERO; +- } +- } +- /*ISO7816-3 Rule 7.1 Implementation*/ +- else if (IFRAME == phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.FrameType) +- { +- if(phNxpEseProto7816_3_Var.rnack_retry_counter < phNxpEseProto7816_3_Var.rnack_retry_limit) +- { +- phNxpEse_clearReadBuffer(conn_ctx); +- phNxpEseProto7816_3_Var.phNxpEseRx_Cntx.lastRcvdFrameType = INVALID ; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= RFRAME; +- pNextTx_RframeInfo->errCode = PARITY_ERROR; +- pNextTx_RframeInfo->seqNo = (!pRx_lastRcvdIframeInfo->seqNo) << 4; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_R_NACK ; +- phNxpEseProto7816_3_Var.rnack_retry_counter++; +- } +- else +- { +- LOG_E("%s Recovery failed completely, Going to exit ", __FUNCTION__); +- phNxpEseProto7816_3_Var.rnack_retry_counter = PH_PROTO_7816_VALUE_ZERO; +- /* Recovery failed completely, Going to exit */ +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- phNxpEseProto7816_3_Var.timeoutCounter = PH_PROTO_7816_VALUE_ZERO; +- } +- } +- else +- { +- sm_sleep(DELAY_ERROR_RECOVERY/1000); +- /* re transmit the frame */ +- if(phNxpEseProto7816_3_Var.timeoutCounter < PH_PROTO_7816_TIMEOUT_RETRY_COUNT) +- { +- phNxpEseProto7816_3_Var.timeoutCounter++; +- LOG_E("%s re-transmitting the previous frame ", __FUNCTION__); +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx = phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx ; +- } +- else +- { +- /* Recovery failed completely, Going to exit */ +- LOG_E("%s Recovery failed completely, Going to exit ", __FUNCTION__); +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- phNxpEseProto7816_3_Var.timeoutCounter = PH_PROTO_7816_VALUE_ZERO; +- } +- } +- } +- return status; +-} +- +-/****************************************************************************** +- * Function TransceiveProcess +- * +- * Description This internal function is used to +- * 1. Send the raw data received from application after computing CRC +- * 2. Receive the the response data from ESE, decode, process and +- * store the data. +- * +- * param[in] void +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-static bool_t TransceiveProcess(void* conn_ctx) +-{ +- bool_t status = FALSE; +- sFrameInfo_t sFrameInfo; +- sFrameInfo.sFrameType = INVALID_REQ_RES; +- +- sFrameInfo.sFrameType = INVALID_REQ_RES; +- +- while(phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState != IDLE_STATE) +- { +- LOG_D("%s nextTransceiveState %x ", __FUNCTION__, phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState); +- switch(phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState) +- { +- case SEND_IFRAME: +- status = phNxpEseProto7816_SendIframe(conn_ctx, phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.IframeInfo); +- break; +- case SEND_R_ACK: +- status = phNxpEseProto7816_sendRframe(conn_ctx, RACK); +- break; +- case SEND_R_NACK: +- status = phNxpEseProto7816_sendRframe(conn_ctx, RNACK); +- break; +- case SEND_S_RSYNC: +- sFrameInfo.sFrameType = RESYNCH_REQ; +- status = phNxpEseProto7816_SendSFrame(conn_ctx, sFrameInfo); +- break; +- case SEND_S_WTX_RSP: +- sFrameInfo.sFrameType = WTX_RSP; +- status = phNxpEseProto7816_SendSFrame(conn_ctx, sFrameInfo); +- break; +-#if defined(T1oI2C_UM11225) +- case SEND_S_CHIP_RST: +- sFrameInfo.sFrameType = CHIP_RESET_REQ; +- status = phNxpEseProto7816_SendSFrame(conn_ctx, sFrameInfo); +- break; +- case SEND_S_INTF_RST: +- sFrameInfo.sFrameType = INTF_RESET_REQ; +- status = phNxpEseProto7816_SendSFrame(conn_ctx, sFrameInfo); +- break; +- case SEND_S_EOS: +- sFrameInfo.sFrameType = PROP_END_APDU_REQ; +- status = phNxpEseProto7816_SendSFrame(conn_ctx, sFrameInfo); +- break; +- case SEND_S_ATR: +- sFrameInfo.sFrameType = ATR_REQ; +- status = phNxpEseProto7816_SendSFrame(conn_ctx, sFrameInfo); +- break; +-#elif defined(T1oI2C_GP1_0) +- case SEND_S_CIP: +- sFrameInfo.sFrameType = CIP_REQ; +- status = phNxpEseProto7816_SendSFrame(conn_ctx, sFrameInfo); +- break; +- case SEND_S_SWR: +- sFrameInfo.sFrameType = SWR_REQ; +- status = phNxpEseProto7816_SendSFrame(conn_ctx, sFrameInfo); +- break; +- case SEND_S_RELEASE: +- sFrameInfo.sFrameType = RELEASE_REQ; +- status = phNxpEseProto7816_SendSFrame(conn_ctx, sFrameInfo); +- break; +- case SEND_S_COLD_RST: +- sFrameInfo.sFrameType = COLD_RESET_REQ; +- status = phNxpEseProto7816_SendSFrame(conn_ctx, sFrameInfo); +- break; +-#else +-#error Either T1oI2C_UM11225 or T1oI2C_GP1_0 must be defined. +-#endif +- default: +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- break; +- } +- if(TRUE == status) +- { +- phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx = phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx; +- status = phNxpEseProto7816_ProcessResponse(conn_ctx); +- } +- else +- { +- LOG_E("%s Transceive send failed, going to recovery! ", __FUNCTION__); +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- } +- }; +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_Transceive +- * +- * Description This function is used to +- * 1. Send the raw data received from application after computing CRC +- * 2. Receive the the response data from ESE, decode, process and +- * store the data. +- * 3. Get the final complete data and sent back to application +- * +- * param[in] phNxpEse_data: Command to ESE C-APDU +- * param[out] phNxpEse_data: Response from ESE R-APDU +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-bool_t phNxpEseProto7816_Transceive(void* conn_ctx, phNxpEse_data *pCmd, phNxpEse_data *pRsp) +-{ +- bool_t status = FALSE; +- uint32_t reqDataLen = 0; +- phNxpEseRx_Cntx_t *pRx_EseCntx = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx; +- iFrameInfo_t *pNextTx_IframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.IframeInfo; +- +- LOG_D("Enter %s ", __FUNCTION__); +- if((NULL == pCmd) || (NULL == pRsp) || +- (phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState != PH_NXP_ESE_PROTO_7816_IDLE)) +- return status; +- reqDataLen = pRsp->len; +- /* Updating the transceive information to the protocol stack */ +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_TRANSCEIVE; +- pNextTx_IframeInfo->p_data = pCmd->p_data; +- pNextTx_IframeInfo->totalDataLen = pCmd->len; +- pRx_EseCntx->pRsp = pRsp; +- LOG_D("Transceive data ptr 0x%p len:%ld ", pCmd->p_data, pCmd->len); +- phNxpEseProto7816_SetFirstIframeContxt(); +- status = TransceiveProcess(conn_ctx); +- if(FALSE == status) +- { +- /* ESE hard reset to be done */ +- LOG_E("%s Transceive failed, hard reset to proceed ",__FUNCTION__); +- } +- else if(pRsp->len > reqDataLen ) +- { +- LOG_W("Need '%d' bytes. Got '%d' to copy.", pRsp->len, reqDataLen); +- pRsp->len = 0; +- status = FALSE; +- } +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_IDLE; +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_RSync +- * +- * Description This function is used to send the RSync command +- * +- * param[in] void +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-static bool_t phNxpEseProto7816_RSync(void* conn_ctx) +-{ +- bool_t status = FALSE; +- sFrameInfo_t *pNextTx_SframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.SframeInfo; +- +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_TRANSCEIVE; +- /* send the end of session s-frame */ +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = RESYNCH_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_RSYNC; +- status = TransceiveProcess(conn_ctx); +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_IDLE; +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_ResetProtoParams +- * +- * Description This function is used to reset the 7816 protocol stack instance +- * +- * param[in] void +- * +- * Returns Always return TRUE. +- * +- ******************************************************************************/ +-bool_t phNxpEseProto7816_ResetProtoParams(void) +-{ +- unsigned long int tmpWTXCountlimit = PH_PROTO_7816_VALUE_ZERO; +- unsigned long int tmpRNACKCountlimit = PH_PROTO_7816_VALUE_ZERO; +- phNxpEseRx_Cntx_t *pRx_EseCntx = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx; +- iFrameInfo_t *pNextTx_IframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.IframeInfo; +- iFrameInfo_t *pLastTx_IframeInfo = &phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.IframeInfo; +- +- tmpWTXCountlimit = phNxpEseProto7816_3_Var.wtx_counter_limit; +- tmpRNACKCountlimit = phNxpEseProto7816_3_Var.rnack_retry_limit; +- phNxpEse_memset(&phNxpEseProto7816_3_Var, PH_PROTO_7816_VALUE_ZERO, sizeof(phNxpEseProto7816_t)); +- phNxpEseProto7816_3_Var.wtx_counter_limit = tmpWTXCountlimit; +- phNxpEseProto7816_3_Var.rnack_retry_limit = tmpRNACKCountlimit; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_IDLE; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = IDLE_STATE; +- pRx_EseCntx->lastRcvdFrameType = INVALID; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType = INVALID; +- pNextTx_IframeInfo->maxDataLen = IFSC_SIZE_SEND; +- pNextTx_IframeInfo->p_data = NULL; +- phNxpEseProto7816_3_Var.phNxpEseLastTx_Cntx.FrameType = INVALID; +- pLastTx_IframeInfo->maxDataLen = IFSC_SIZE_SEND; +- pLastTx_IframeInfo->p_data = NULL; +- /* Initialized with sequence number of the last I-frame sent */ +- pNextTx_IframeInfo->seqNo = PH_PROTO_7816_VALUE_ONE; +- /* Initialized with sequence number of the last I-frame received */ +- pRx_EseCntx->lastRcvdIframeInfo.seqNo = PH_PROTO_7816_VALUE_ONE; +- /* Initialized with sequence number of the last I-frame received */ +- pLastTx_IframeInfo->seqNo = PH_PROTO_7816_VALUE_ONE; +- phNxpEseProto7816_3_Var.recoveryCounter = PH_PROTO_7816_VALUE_ZERO; +- phNxpEseProto7816_3_Var.timeoutCounter = PH_PROTO_7816_VALUE_ZERO; +- phNxpEseProto7816_3_Var.wtx_counter = PH_PROTO_7816_VALUE_ZERO; +- /* This update is helpful in-case a R-NACK is transmitted from the MW */ +- phNxpEseProto7816_3_Var.lastSentNonErrorframeType = UNKNOWN; +- phNxpEseProto7816_3_Var.rnack_retry_counter = PH_PROTO_7816_VALUE_ZERO; +- pRx_EseCntx->pRsp = NULL; +- return TRUE; +-} +- +- +-/****************************************************************************** +- * Function phNxpEseProto7816_Reset +- * +- * Description This function is used to reset the 7816 protocol stack instance +- * +- * param[in] void +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-bool_t phNxpEseProto7816_Reset(void) +-{ +- bool_t status = FALSE; +- /* Resetting host protocol instance */ +- status = phNxpEseProto7816_ResetProtoParams(); +- /* Resynchronising ESE protocol instance */ +- //status = phNxpEseProto7816_RSync(); +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_Open +- * +- * Description This function is used to open the 7816 protocol stack instance +- * +- * param[in] phNxpEseProto7816InitParam_t: ESE communication mode +- * param[out] phNxpEse_data: ATR Response from ESE +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-bool_t phNxpEseProto7816_Open(void* conn_ctx, phNxpEseProto7816InitParam_t initParam, phNxpEse_data *AtrRsp) +-{ +- bool_t status = FALSE; +- phNxpEseRx_Cntx_t *pRx_EseCntx = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx; +- status = phNxpEseProto7816_ResetProtoParams(); +- LOG_D("%s: First open completed", __FUNCTION__); +- /* Update WTX max. limit */ +- phNxpEseProto7816_3_Var.wtx_counter_limit = initParam.wtx_counter_limit; +- phNxpEseProto7816_3_Var.rnack_retry_limit = initParam.rnack_retry_limit; +- /*Intialise the buffers before hand so that we are able to receive data +- if RSync goes to recovery handling*/ +- pRx_EseCntx->pRsp = AtrRsp; +- pRx_EseCntx->pRsp->len = 0; +- if(initParam.interfaceReset) /* Do interface reset */ +- { +- /*After power ON , initialization state takes 5ms after which slave enters active +- state where slave can exchange data with the master */ +- sm_sleep(WAKE_UP_DELAY_MS); +- phNxpEse_clearReadBuffer(conn_ctx); +-#if defined(T1oI2C_UM11225) +- /* Interface Reset respond with ATR*/ +- status = phNxpEseProto7816_RSync(conn_ctx); +- if(status == TRUE) +- { +- status = phNxpEseProto7816_GetAtr(conn_ctx, AtrRsp); +- } +- +-#elif defined(T1oI2C_GP1_0) +- /* For GP soft reset does not respond with CIP so master should send CIP req. seperatly */ +- status = phNxpEseProto7816_RSync(conn_ctx); +- if(status == TRUE) +- { +- status = phNxpEseProto7816_GetCip(conn_ctx, AtrRsp); +- } +-#endif +- } +- else /* Do R-Sync */ +- { +- status = phNxpEseProto7816_RSync(conn_ctx); +- } +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_Close +- * +- * Description This function is used to close the 7816 protocol stack instance +- * +- * param[in] void +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-bool_t phNxpEseProto7816_Close(void* conn_ctx) +-{ +- sFrameInfo_t *pNextTx_SframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.SframeInfo; +- bool_t status = FALSE; +- /*Explicitly Initilising to NULL as the Application layer does not intend to receive a response*/ +- phNxpEseRx_Cntx_t *pRx_EseCntx = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx; +- pRx_EseCntx->pRsp = NULL; +- +- if(phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState != PH_NXP_ESE_PROTO_7816_IDLE) +- return status; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_DEINIT; +- phNxpEseProto7816_3_Var.recoveryCounter = 0; +- phNxpEseProto7816_3_Var.wtx_counter = 0; +-#if defined(T1oI2C_UM11225) +- /* send the end of session s-frame */ +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = PROP_END_APDU_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_EOS; +-#elif defined(T1oI2C_GP1_0) +- /* send the release request s-frame */ +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = RELEASE_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_RELEASE; +-#endif +- status = TransceiveProcess(conn_ctx); +- if(FALSE == status) +- { +- /* reset all the structures */ +- LOG_E("%s TransceiveProcess failed ", __FUNCTION__); +- } +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_IDLE; +- return status; +-} +- +-#if defined(T1oI2C_UM11225) +-/****************************************************************************** +- * Function phNxpEseProto7816_IntfReset +- * +- * Description This function is used to reset just the current interface +- and get the ATR response on successful reset +- * +- * param[in] phNxpEse_data: ATR response from ESE +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-bool_t phNxpEseProto7816_IntfReset(void* conn_ctx, phNxpEse_data *AtrRsp) +-{ +- bool_t status = FALSE; +- sFrameInfo_t *pNextTx_SframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.SframeInfo; +- phNxpEseRx_Cntx_t *pRx_EseCntx = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx; +- +- ENSURE_OR_GO_EXIT(AtrRsp != NULL); +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_TRANSCEIVE; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = INTF_RESET_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_INTF_RST; +- pRx_EseCntx->pRsp = AtrRsp; +- pRx_EseCntx->pRsp->len = 0; +- phNxpEse_clearReadBuffer(conn_ctx); +- status = TransceiveProcess(conn_ctx); +- if(FALSE == status) +- { +- /* reset all the structures */ +- LOG_E("%s TransceiveProcess failed ", __FUNCTION__); +- } +- +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_IDLE; +-exit: +- return status ; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_ChipReset +- * +- * Description This function is used to reset just the current interface +- * +- * param[in] void +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-bool_t phNxpEseProto7816_ChipReset(void* conn_ctx) +-{ +- bool_t status = FALSE; +- sFrameInfo_t *pNextTx_SframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.SframeInfo; +- +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_TRANSCEIVE; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = CHIP_RESET_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_CHIP_RST; +- status = TransceiveProcess(conn_ctx); +- if(FALSE == status) +- { +- /* reset all the structures */ +- LOG_E("%s TransceiveProcess failed ", __FUNCTION__); +- } +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_IDLE; +- return status ; +-} +-#endif +- +-#if defined(T1oI2C_GP1_0) +-/****************************************************************************** +- * Function phNxpEseProto7816_SoftReset +- * +- * Description This function is used only for T1oI2C GP to reset just the current interface +- * +- * param[in] void +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-bool_t phNxpEseProto7816_SoftReset(void* conn_ctx) +-{ +- bool_t status = FALSE; +- sFrameInfo_t *pNextTx_SframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.SframeInfo; +- +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_TRANSCEIVE; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = SWR_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_SWR; +- phNxpEse_clearReadBuffer(conn_ctx); +- status = TransceiveProcess(conn_ctx); +- if(FALSE == status) +- { +- /* reset all the structures */ +- LOG_E("%s TransceiveProcess failed ", __FUNCTION__); +- } +- +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_IDLE; +- return status ; +-} +- +-/****************************************************************************** +- * Function phNxpEseProto7816_ColdReset +- * +- * Description This function is used to reset just the current interface +- * +- * param[in] void +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-bool_t phNxpEseProto7816_ColdReset(void* conn_ctx) +-{ +- bool_t status = FALSE; +- sFrameInfo_t *pNextTx_SframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.SframeInfo; +- +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_TRANSCEIVE; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = COLD_RESET_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_COLD_RST; +- status = TransceiveProcess(conn_ctx); +- if(FALSE == status) +- { +- /* reset all the structures */ +- LOG_E("%s TransceiveProcess failed ", __FUNCTION__); +- } +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_IDLE; +- return status ; +-} +-#endif +-/****************************************************************************** +- * Function phNxpEseProto7816_SetIfscSize +- * +- * Description This function is used to set the max T=1 data send size +- * +- * param[in] uint16_t IFSC_Size +- * +- * Returns Always return TRUE (1). +- * +- ******************************************************************************/ +-bool_t phNxpEseProto7816_SetIfscSize(uint16_t IFSC_Size) +-{ +- iFrameInfo_t *pNextTx_IframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.IframeInfo; +- pNextTx_IframeInfo->maxDataLen = IFSC_Size; +- return TRUE; +-} +- +- +-#if defined(T1oI2C_UM11225) +-/****************************************************************************** +- * Function phNxpEseProto7816_GetAtr +- * +- * Description This function is used to reset just the current interface +- * +- * param[in] phNxpEse_data : ATR response from ESE +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-bool_t phNxpEseProto7816_GetAtr(void* conn_ctx, phNxpEse_data *pRsp) +-{ +- bool_t status = FALSE; +- sFrameInfo_t *pNextTx_SframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.SframeInfo; +- phNxpEseRx_Cntx_t *pRx_EseCntx = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx; +- +- ENSURE_OR_GO_EXIT(pRsp != NULL); +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_TRANSCEIVE; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = ATR_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_ATR; +- pRx_EseCntx->pRsp = pRsp; +- pRx_EseCntx->pRsp->len = 0; +- status = TransceiveProcess(conn_ctx); +- if(FALSE == status) +- { +- /* reset all the structures */ +- LOG_E("%s TransceiveProcess failed ", __FUNCTION__); +- } +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_IDLE; +-exit: +- return status ; +-} +-#endif +- +-#if defined(T1oI2C_GP1_0) +-/****************************************************************************** +- * Function phNxpEseProto7816_GetCip +- * +- * Description This function is used only by T1oI2c GP to get CIP response +- * +- * param[in] phNxpEse_data : CIP response from ESE +- * +- * Returns On success return TRUE or else FALSE. +- * +- ******************************************************************************/ +-bool_t phNxpEseProto7816_GetCip(void* conn_ctx, phNxpEse_data *pRsp) +-{ +- bool_t status = FALSE; +- phNxpEseRx_Cntx_t *pRx_EseCntx = &phNxpEseProto7816_3_Var.phNxpEseRx_Cntx; +- sFrameInfo_t *pNextTx_SframeInfo = &phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.SframeInfo; +- +- ENSURE_OR_GO_EXIT(pRsp != NULL); +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_TRANSCEIVE; +- phNxpEseProto7816_3_Var.phNxpEseNextTx_Cntx.FrameType= SFRAME; +- pNextTx_SframeInfo->sFrameType = CIP_REQ; +- phNxpEseProto7816_3_Var.phNxpEseProto7816_nextTransceiveState = SEND_S_CIP; +- pRx_EseCntx->pRsp = pRsp; +- pRx_EseCntx->pRsp->len = 0; +- status = TransceiveProcess(conn_ctx); +- if(FALSE == status) +- { +- /* reset all the structures */ +- LOG_E("%s TransceiveProcess failed ", __FUNCTION__); +- } +- +- phNxpEseProto7816_3_Var.phNxpEseProto7816_CurrentState = PH_NXP_ESE_PROTO_7816_IDLE; +-exit: +- return status ; +-} +-#endif +-/** @} */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.h +deleted file mode 100644 +index ccfd00e87c..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEseProto7816_3.h ++++ /dev/null +@@ -1,443 +0,0 @@ +-/* +- * Copyright 2010-2014,2018-2020 NXP +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +-#ifndef _PHNXPESEPROTO7816_3_H_ +-#define _PHNXPESEPROTO7816_3_H_ +-#include +- +- +-/** +- * \addtogroup ISO7816-3_protocol_lib +- * \brief 7816-3 PROTOCOL STACK +- * @{ */ +- +-/********************* Definitions and structures *****************************/ +- +-/*! +- * \brief S-Frame types used in 7816-3 protocol stack +- */ +-typedef enum sFrameTypes { +- RESYNCH_REQ = 0x00,/*!< Re-synchronisation request between host and ESE */ +- RESYNCH_RSP = 0x20,/*!< Re-synchronisation response between host and ESE */ +- IFSC_REQ = 0x01,/*!< IFSC size request */ +- IFSC_RES = 0x21,/*!< IFSC size response */ +- ABORT_REQ = 0x02,/*!< Abort request */ +- ABORT_RES = 0x22,/*!< Abort response */ +- WTX_REQ = 0x03,/*!< WTX request */ +- WTX_RSP = 0x23,/*!< WTX response */ +-#if defined(T1oI2C_UM11225) +- INTF_RESET_REQ = 0x0F,/*!< Interface reset request */ +- INTF_RESET_RSP = 0x2F,/*!< Interface reset response */ +- PROP_END_APDU_REQ = 0x05,/*!< Proprietary Enf of APDU request */ +- PROP_END_APDU_RSP = 0x25,/*!< Proprietary Enf of APDU response */ +- CHIP_RESET_REQ = 0x06, /*chip reset request*/ +- CHIP_RESET_RES = 0x26, /*chip reset response*/ +- ATR_REQ = 0x07, /* get ATR request*/ +- ATR_RES = 0x27, /*get ATR response*/ +-#elif defined(T1oI2C_GP1_0) +- SWR_REQ = 0x0F,/*!< Software reset request */ +- SWR_RSP = 0x2F,/*!< Software reset response */ +- COLD_RESET_REQ = 0x1E, /*cold reset request*/ +- COLD_RESET_RES = 0x3E, /*cold reset response*/ +- RELEASE_REQ = 0x06, /* Release request*/ +- RELEASE_RES = 0x26, /* Release response*/ +- CIP_REQ = 0x04,/*!< Get CIP request */ +- CIP_RES = 0x24,/*!< Get CIP response */ +-#endif +- INVALID_REQ_RES /*!< Invalid request */ +- } sFrameTypes_t; +- +-/*! +- * \brief R-Frame types used in 7816-3 protocol stack +- */ +-typedef enum rFrameTypes +-{ +- RACK = 0x01, /*!< R-frame Acknowledgement frame indicator */ +- RNACK = 0x02 /*!< R-frame Negative-Acknowledgement frame indicator */ +-}rFrameTypes_t; +- +-/*! +- * \brief R-Frame error types used 7816-3 protocol stack +- */ +-typedef enum rFrameErrorTypes +-{ +- NO_ERROR, /*!< R-frame received with success */ +- PARITY_ERROR, /*!< R-frame received with parity error */ +- OTHER_ERROR, /*!< R-frame received with Other error */ +- SOF_MISSED_ERROR, /*!< R-frame received with frame missing error */ +- UNDEFINED_ERROR /*!< R-frame received with some undefined error */ +-}rFrameErrorTypes_t; +- +-/*! +- * \brief Frame types used in 7816-3 protocol stack +- */ +-typedef enum phNxpEseProto7816_FrameTypes +-{ +- IFRAME,/*!< Frame type: I-frame */ +- SFRAME,/*!< Frame type: S-frame */ +- RFRAME,/*!< Frame type: R-frame */ +- INVALID,/*!< Frame type: Invalid */ +- UNKNOWN /*!< Frame type: Unknown */ +-}phNxpEseProto7816_FrameTypes_t; +- +-/*! +- * \brief 7816-3 protocol stack states +- */ +-typedef enum phNxpEseProto7816_State +-{ +- PH_NXP_ESE_PROTO_7816_IDLE,/*!< 7816-3 protocol state: IDLE */ +- PH_NXP_ESE_PROTO_7816_TRANSCEIVE,/*!< 7816-3 protocol state: TRANSCEIVE going on */ +- PH_NXP_ESE_PROTO_7816_DEINIT /*!< 7816-3 protocol state: DeInit going on */ +-}phNxpEseProto7816_State_t; +- +-/*! +- * \brief 7816-3 protocol transceive states +- */ +-typedef enum phNxpEseProto7816_TransceiveStates +-{ +- IDLE_STATE, /*!< 7816-3 protocol transceive state: IDLE */ +- SEND_IFRAME, /*!< 7816-3 protocol transceive state: I-frame to be sent */ +- SEND_R_NACK, /*!< 7816-3 protocol transceive state: R-NACK frame to be sent */ +- SEND_R_ACK, /*!< 7816-3 protocol transceive state: R-ACK frame to be sent */ +- SEND_S_RSYNC, /*!< 7816-3 protocol transceive state: S-frame re-synchronisation command to be sent */ +-#if defined(T1oI2C_UM11225) +- SEND_S_INTF_RST, /*!< 7816-3 protocol transceive state: S-frame interface reset command to be sent */ +- SEND_S_EOS, /*!< 7816-3 protocol transceive state: S-frame end of session command to be sent */ +- SEND_S_ATR, /*!< 7816-3 protocol transceive state: S-frame ATR command to be sent */ +- SEND_S_CHIP_RST, /*!< 7816-3 protocol transceive state: S-frame chip reset command to be sent */ +-#elif defined(T1oI2C_GP1_0) +- SEND_S_SWR, /*!< 7816-3 protocol transceive state: S-frame Software reset command to be sent */ +- SEND_S_RELEASE, /*!< 7816-3 protocol transceive state: S-frame RELEASE command to be sent */ +- SEND_S_CIP, /*!< 7816-3 protocol transceive state: S-frame CIP command to be sent */ +- SEND_S_COLD_RST, /*!< 7816-3 protocol transceive state: S-frame cold reset command to be sent */ +-#endif +- SEND_S_WTX_REQ, /*!< 7816-3 protocol transceive state: S-frame WTX command to be sent */ +- SEND_S_WTX_RSP, /*!< 7816-3 protocol transceive state: S-frame WTX response to be sent */ +- +-}phNxpEseProto7816_TransceiveStates_t; +- +-/*! +- * \brief I-frame information structure for ISO 7816-3 +- * +- * This structure holds the information of I-frame used for sending +- * and receiving the frame packet. +- * +- */ +-typedef struct iFrameInfo +-{ +- bool_t isChained; /*!< I-frame: Indicates if more frames to follow in the same data packet or not */ +- uint8_t *p_data; /*!< I-frame: Actual data (Information field (INF)) */ +- uint8_t seqNo; /*!< I-frame: Sequence number of the I-frame */ +- uint32_t maxDataLen; /*!< I-frame: Maximum data length to be allowed in a single I-frame */ +- uint32_t dataOffset; /*!< I-frame: Offset to the actual data(INF) for the current frame of the packet */ +- uint32_t totalDataLen; /*!< I-frame: Total data left in the packet, used to set the chained flag/calculating offset */ +- uint32_t sendDataLen; /*!< I-frame: the length of the I-frame actual data */ +-}iFrameInfo_t; +- +-/*! +- * \brief S-frame information structure for ISO 7816-3 +- * +- * This structure holds the information of S-frame used for sending +- * and receiving the frame packet. +- * +- */ +-typedef struct sFrameInfo +-{ +- sFrameTypes_t sFrameType;/*!< S-frame: Type of S-frame cmd/rsp */ +-}sFrameInfo_t; +- +-/*! +- * \brief R-frame information structure for ISO 7816-3 +- * +- * This structure holds the information of R-frame used for sending +- * and receiving the frame packet. +- * +- */ +-typedef struct rFrameInfo +-{ +- uint8_t seqNo; /*!< R-frame: Sequence number of the expected I-frame */ +- rFrameErrorTypes_t errCode; /*!< R-frame: Error type */ +-}rFrameInfo_t; +- +-/*! +- * \brief Next/Last Tx information structure holding transceive data +- * +- * This structure holds the information of the next/last sent +- * I-frame/R-frame/S-frame depending on the frame type +- * +- */ +-typedef struct phNxpEseProto7816_NextTx_Info +-{ +- //union { +- iFrameInfo_t +- IframeInfo; /*!< Information of the I-frame to be send next or the last sent I-frame depending on the frame type */ +- rFrameInfo_t +- RframeInfo; /*!< Information of the R-frame to be send next or the last sent R-frame depending on the frame type */ +- sFrameInfo_t +- SframeInfo; /*!< Information of the S-frame to be send next or the last sent S-frame depending on the frame type */ +- //} f; +- phNxpEseProto7816_FrameTypes_t FrameType; /*!< Frame (I/R/S frames) type to be sent next */ +-}phNxpEseProto7816_NextTx_Info_t; +- +-/*! +- * \brief Last sent Tx ransceive data +- * +- * This structure holds the information of the last sent +- * I-frame/R-frame/S-frame +- * +- */ +-typedef phNxpEseProto7816_NextTx_Info_t phNxpEseProto7816_LastTx_Info_t; +- +-/*! +- * \brief Last Rx information structure holding transceive data +- * +- * This structure holds the information of the next/last sent +- * I-frame/R-frame/S-frame +- * +- */ +-typedef struct phNxpEseRx_Cntx +-{ +- iFrameInfo_t lastRcvdIframeInfo; /*!< I-frame: Last received frame */ +- rFrameInfo_t lastRcvdRframeInfo; /*!< R-frame: Last received frame */ +- sFrameInfo_t lastRcvdSframeInfo; /*!< S-frame: Last received frame */ +- phNxpEseProto7816_FrameTypes_t lastRcvdFrameType; /*!< Last received frame type */ +- phNxpEse_data *pRsp; +-}phNxpEseRx_Cntx_t; +- +-/*! +- * \brief 7816-3 protocol stack context structure +- * +- * This structure holds the complete information of the +- * 7816-3 protocol stack context +- * +- */ +-typedef struct phNxpEseProto7816 +-{ +- phNxpEseProto7816_LastTx_Info_t phNxpEseLastTx_Cntx; /*!< Last transmitted frame information */ +- phNxpEseProto7816_NextTx_Info_t phNxpEseNextTx_Cntx; /*!< Next frame to be transmitted */ +- phNxpEseRx_Cntx_t phNxpEseRx_Cntx; /*!< Last received frame information */ +- phNxpEseProto7816_TransceiveStates_t phNxpEseProto7816_nextTransceiveState; /*!< Next Transceive state. It determines the next +- action to be done from host */ +- phNxpEseProto7816_State_t phNxpEseProto7816_CurrentState;/*!< Current protocol stack state */ +- uint8_t recoveryCounter; /*!< Keeps track of number of error recovery done. Stack exits after it reaches max. count */ +- unsigned long int wtx_counter_limit; /*!< Max. WTX counter limit */ +- unsigned long int wtx_counter; /*!< WTX count tracker */ +- uint8_t timeoutCounter; /*!< Keeps track of number of timeout happened. Stack exits after it reaches max. count */ +- phNxpEseProto7816_FrameTypes_t lastSentNonErrorframeType; /*!< Copy of the last sent non-error frame type: R-ACK, S-frame, I-frame */ +- unsigned long int rnack_retry_limit; +- unsigned long int rnack_retry_counter; +-}phNxpEseProto7816_t; +- +-/*! +- * \brief 7816-3 protocol stack init params +- * +- * This structure holds the parameters to be passed to open 7816-3 protocl stack instance +- * +- */ +-typedef struct phNxpEseProto7816InitParam +-{ +- unsigned long int wtx_counter_limit; /*!< WTX count limit */ +- bool_t interfaceReset; /*!< INTF reset required or not>*/ +- unsigned long int rnack_retry_limit; +-}phNxpEseProto7816InitParam_t; +- +-/*! +- * \brief 7816-3 protocol PCB bit level structure +- * +- * This structure holds the bit level information of PCB byte +- * as per 7816-3 protocol +- * +- */ +-typedef struct phNxpEseProto7816_PCB_bits { +- uint8_t lsb :1; /*!< PCB: lsb */ +- uint8_t bit2 :1; /*!< PCB: bit2 */ +- uint8_t bit3 :1; /*!< PCB: bit3 */ +- uint8_t bit4 :1; /*!< PCB: bit4 */ +- uint8_t bit5 :1; /*!< PCB: bit5 */ +- uint8_t bit6 :1; /*!< PCB: bit6 */ +- uint8_t bit7 :1; /*!< PCB: bit7 */ +- uint8_t msb :1; /*!< PCB: msb */ +-}phNxpEseProto7816_PCB_bits_t; +- +-/*! +- * \brief 7816_3 protocol stack instance +- */ +-//phNxpEseProto7816_t phNxpEseProto7816_3_Var; +- +-/*! +- * \brief Max. size of the frame that can be sent +- */ +-#define IFSC_SIZE_SEND 254 +-/*! +- * \brief Delay to be used before sending the next frame, after error reported by ESE +- */ +-#define DELAY_ERROR_RECOVERY 3500 +-/*! +- * \brief 7816-3 protocol frame header length +- */ +-#if defined(T1oI2C_UM11225) +- #define PH_PROTO_7816_HEADER_LEN 0x03 // LEN field is 1 byte +-#elif defined(T1oI2C_GP1_0) +- #define PH_PROTO_7816_HEADER_LEN 0x04 // LEN field is 2 byte +-#endif +-/*! +- * \brief 7816-3 protocol frame CRC length +- */ +-#define PH_PROTO_7816_CRC_LEN 0x02 +-/*! +- * \brief 7816-3 Chaining flag bit for masking +- */ +-#define PH_PROTO_7816_CHAINING 0x20 +-/*! +- * \brief 7816-3 frame length offset +- */ +-#define PH_PROPTO_7816_FRAME_LENGTH_OFFSET 0x02 +-/*! +- * \brief 7816-3 S-block request command mask +- */ +-#define PH_PROTO_7816_S_BLOCK_REQ 0xC0 +-/*! +- * \brief 7816-3 S-block response mask +- */ +-#define PH_PROTO_7816_S_BLOCK_RSP 0xE0 +-/*! +- * \brief 7816-3 S-block reset command mask +- */ +-#define PH_PROTO_7816_S_RESET 0x0F +-/*! +- * \brief 7816-3 S-block End of APDU cmd mask +- */ +-#define PH_PROTO_7816_S_END_OF_APDU 0x05 +-/*! +- * \brief 7816-3 S-block WTX mask +- */ +-#define PH_PROTO_7816_S_WTX 0x03 +-/*! +- * \brief 7816-3 S-block re-sync mask +- */ +-#define PH_PROTO_7816_S_RESYNCH 0x00 +-/*! +- * \brief 7816-3 protocol max. error retry counter +- */ +-#define PH_PROTO_7816_FRAME_RETRY_COUNT 10 +-/*! +- * \brief 7816-3 protocol max. WTX default count +- */ +-#define PH_PROTO_WTX_DEFAULT_COUNT 500 +-/*! +- * \brief 7816-3 protocol max. timeout retry count +- */ +-#define PH_PROTO_7816_TIMEOUT_RETRY_COUNT 1 +-/*! +- * \brief 7816-3 to represent magic number zero +- */ +-#define PH_PROTO_7816_VALUE_ZERO 0x00 +-/*! +- * \brief 7816-3 to represent magic number one +- */ +-#define PH_PROTO_7816_VALUE_ONE 0x01 +-/*! +- * \brief 7816-3 for max retry for CRC error +- */ +-#define MAX_RNACK_RETRY_LIMIT 0x02 +-/*! +- * \brief 7816-3 S-block chip reset mask +- */ +-#if defined(T1oI2C_UM11225) +-#define PH_PROTO_7816_S_CHIP_RST 0x06 +-#elif defined(T1oI2C_GP1_0) +-#define PH_PROTO_7816_S_COLD_RST 0x1E +-#endif +-/*! +- * \brief 7816-3 S-block get atr mask +- */ +-#define PH_PROTO_7816_S_GET_ATR 0x07 +-/*! +- * \brief 7816-3 S-block software reset mask +- */ +-#define PH_PROTO_7816_S_SWR 0x0F +-/*! +- * \brief 7816-3 S-block release cmd mask +- */ +-#define PH_PROTO_7816_S_RELEASE 0x06 +-/*! +- * \brief 7816-3 S-block get CIP cmd mask +- */ +-#define PH_PROTO_7816_S_GET_CIP 0x04 +- +-/* T=1 protocol Block format for T1oI2C UM11225_SE050 +- ___________________________________________________________________________________________________ +-| Prologue Filed (Mandatory) | Information Field (Optional)| Epilogue Filed (Mandatory) | +-|________________________________________|_____________________________|____________________________| +-|NAD(1 byte) | PCB(1 byte) | LEN(1 byte) | INF(LEN bytes) | CRC(2 bytes) | | +-|____________|_____________|_____________|_____________________________|____________________________| | +-*/ +- +-/* T=1 protocol Block format for T1oI2C GP +- ___________________________________________________________________________________________________ +-| Prologue Filed (Mandatory) | Information Field (Optional)| Epilogue Filed (Mandatory) | +-|________________________________________|_____________________________|____________________________| +-|NAD(1 byte) | PCB(1 byte) | LEN(2 byte) | INF(LEN bytes) | CRC(2 bytes) | | +-|____________|_____________|_____________|_____________________________|____________________________| | +-*/ +- +-#define PH_PROPTO_7816_NAD_OFFSET 0 +-#define PH_PROPTO_7816_PCB_OFFSET 1 +-#define PH_PROPTO_7816_LEN_UPPER_OFFSET 2 +-#define PH_PROPTO_7816_LEN_LOWER_OFFSET 3 /* for GP lower byte will be a part of T=1 protocol frame*/ +-#define PH_PROPTO_7816_INF_BYTE_OFFSET (PH_PROTO_7816_HEADER_LEN) +- +- +- +-/*! +- * \brief Start of frame marker +- * \ communication Direction NAD value +- * \ SE host to SE 0x5A +- * \ SE to SE host 0xA5 +- * \ eUICC host to Euicc 0x4B +- * \ eUICC to eUICC host 0xB4 +- */ +-#define SEND_PACKET_SOF 0x5A +-/*! +- * \Retrieve Information Filed from 7816-3 T=1 protocol frame +- * NAD -1 byte +- * PCB -1 byte +- * LEN -(1 or 3 bytes for UM11225_SE050) & (2 bytes for GP) +- * CRC16 -2 bytes +- */ +-#define PH_PROTO_7816_INF_FILED (PH_PROTO_7816_HEADER_LEN + PH_PROTO_7816_CRC_LEN) +-/* +- * APIs exposed from the 7816-3 protocol layer +- */ +- +-#if defined(T1oI2C_UM11225) +-bool_t phNxpEseProto7816_IntfReset(void* conn_ctx, phNxpEse_data *AtrRsp); +-bool_t phNxpEseProto7816_GetAtr(void* conn_ctx, phNxpEse_data *pRsp); +-bool_t phNxpEseProto7816_ChipReset(void* conn_ctx); +-#endif +-bool_t phNxpEseProto7816_Close(void* conn_ctx); +-bool_t phNxpEseProto7816_Open(void* conn_ctx, phNxpEseProto7816InitParam_t initParam , phNxpEse_data *AtrRsp); +-bool_t phNxpEseProto7816_Transceive(void* conn_ctx, phNxpEse_data *pCmd, phNxpEse_data *pRsp); +-bool_t phNxpEseProto7816_Reset(void); +-bool_t phNxpEseProto7816_SetIfscSize(uint16_t IFSC_Size); +-bool_t phNxpEseProto7816_ResetProtoParams(void); +-#if defined(T1oI2C_GP1_0) +-bool_t phNxpEseProto7816_SoftReset(void* conn_ctx); +-bool_t phNxpEseProto7816_GetCip(void* conn_ctx, phNxpEse_data *pRsp); +-bool_t phNxpEseProto7816_ColdReset(void* conn_ctx); +-#endif +-uint8_t getMaxSupportedSendIFrameSize(void); +-/** @} */ +-#endif /* _PHNXPESEPROTO7816_3_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.c +deleted file mode 100644 +index beb535004a..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.c ++++ /dev/null +@@ -1,766 +0,0 @@ +-/* +- * Copyright 2012-2014,2018-2020 NXP +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +-#include +-#include +-#include +-#include "sm_types.h" +-#include "sm_timer.h" +-#include +- +-#ifdef FLOW_VERBOSE +-#define NX_LOG_ENABLE_SMCOM_DEBUG 1 +-#endif +- +-#include "nxLog_smCom.h" +-#include "nxEnsure.h" +- +-#if defined(USE_RTOS) && USE_RTOS == 1 +-#include "FreeRTOSConfig.h" +-#include "FreeRTOS.h" +-#endif +- +-#define RECIEVE_PACKET_SOF 0xA5 +-#define CHAINED_PACKET_WITHSEQN 0x60 +-#define CHAINED_PACKET_WITHOUTSEQN 0x20 +-static int phNxpEse_readPacket(void* conn_ctx, void *pDevHandle, uint8_t * pBuffer, int nNbBytesToRead); +-static int poll_sof_chained_delay = 0; +- +-/*********************** Global Variables *************************************/ +- +-/* ESE Context structure */ +-phNxpEse_Context_t gnxpese_ctxt; +- +-/****************************************************************************** +- * Function phNxpEse_init +- * +- * Description This function is called by smCom during the +- * initialization of the ESE. It initializes protocol stack instance variable +- * +- * param[in] connection context +- * param[in] phNxpEse_initParams: ESE communication mode +- * param[out] phNxpEse_data: ATR Response from ESE +- * +- * Returns This function return ESESTATUS_SUCCES (0) in case of success +- * In case of failure returns other failure value. +- * +- ******************************************************************************/ +-ESESTATUS phNxpEse_init(void *conn_ctx, phNxpEse_initParams initParams, phNxpEse_data *AtrRsp) +-{ +- ESESTATUS wConfigStatus = ESESTATUS_SUCCESS; +- phNxpEse_Context_t* nxpese_ctxt = (conn_ctx == NULL) ? &gnxpese_ctxt : (phNxpEse_Context_t*)conn_ctx; +- bool_t status = FALSE; +- phNxpEseProto7816InitParam_t protoInitParam; +- phNxpEse_memset(&protoInitParam, 0x00, sizeof(phNxpEseProto7816InitParam_t)); +- protoInitParam.rnack_retry_limit = MAX_RNACK_RETRY_LIMIT; +- protoInitParam.wtx_counter_limit = PH_PROTO_WTX_DEFAULT_COUNT; +- +- if (ESE_MODE_NORMAL == initParams.initMode) /* TZ/Normal wired mode should come here*/ +- { +- protoInitParam.interfaceReset = TRUE; +- } +- else +- { +- protoInitParam.interfaceReset = FALSE; +- /*RFU*/ +- } +- +- /* T=1 Protocol layer open */ +- status = phNxpEseProto7816_Open((void*)nxpese_ctxt, protoInitParam , AtrRsp); +- if(FALSE == status) +- { +- wConfigStatus = ESESTATUS_FAILED; +- LOG_E("phNxpEseProto7816_Open failed "); +- } +- return wConfigStatus; +-} +- +-/****************************************************************************** +- * Function phNxpEse_open +- * +- * Description This function is called by smCom during the +- * initialization of the ESE. It opens the physical connection +- * with ESE and initializes the protocol stack +- * +- * param[in] Pointer to connection context +- * param[in] phNxpEse_initParams: ESE communication mode +- * +- * Returns This function return ESESTATUS_SUCCES (0) in case of success +- * In case of failure returns other failure value. +- * +- ******************************************************************************/ +-ESESTATUS phNxpEse_open(void **conn_ctx, phNxpEse_initParams initParams, const char *pConnString) +-{ +- phPalEse_Config_t tPalConfig; +- phNxpEse_Context_t *pnxpese_ctxt = NULL; +- ESESTATUS wConfigStatus = ESESTATUS_SUCCESS; +- +- if (conn_ctx == NULL) { +- pnxpese_ctxt = &gnxpese_ctxt; +- } +- else { +- pnxpese_ctxt = (phNxpEse_Context_t*)phNxpEse_memalloc(sizeof(phNxpEse_Context_t)); +- phNxpEse_memset(pnxpese_ctxt, 0, sizeof(phNxpEse_Context_t)); +- *conn_ctx = pnxpese_ctxt; +- } +- +- /*When I2C channel is already opened return status as FAILED*/ +- if(pnxpese_ctxt->EseLibStatus != ESE_STATUS_CLOSE) +- { +- LOG_E(" Session already opened"); +- return ESESTATUS_BUSY; +- } +- +- phNxpEse_memset(pnxpese_ctxt, 0x00, sizeof(phNxpEse_Context_t)); +- phNxpEse_memset(&tPalConfig, 0x00, sizeof(tPalConfig)); +- +- tPalConfig.pDevName = (int8_t *)pConnString; //"/dev/p73"; /*RFU*/ +- /* Initialize PAL layer */ +- wConfigStatus = phPalEse_i2c_open_and_configure(&tPalConfig); +- if (wConfigStatus != ESESTATUS_SUCCESS) +- { +- LOG_E("phPalEse_Init Failed"); +- goto clean_and_return; +- } +- /* Copying device handle to ESE Lib context*/ +- pnxpese_ctxt->pDevHandle = tPalConfig.pDevHandle; +- /* STATUS_OPEN */ +- pnxpese_ctxt->EseLibStatus = ESE_STATUS_OPEN; +- phNxpEse_memcpy(&pnxpese_ctxt->initParams, &initParams, sizeof(phNxpEse_initParams)); +- return wConfigStatus; +- +- clean_and_return: +- if (NULL != pnxpese_ctxt->pDevHandle) +- { +- phPalEse_i2c_close(pnxpese_ctxt->pDevHandle); +- phNxpEse_memset (pnxpese_ctxt, 0x00, sizeof (phNxpEse_Context_t)); +- } +- pnxpese_ctxt->EseLibStatus = ESE_STATUS_CLOSE; +- return ESESTATUS_FAILED; +-} +- +-/****************************************************************************** +- * Function phNxpEse_Transceive +- * +- * Description This function validate ESE state & C-APDU data before sending +- * it to 7816 protocol +- * +- * param[in] connection context +- * param[in] phNxpEse_data: Command to ESE C-APDU +- * param[out] phNxpEse_data: Response from ESE R-APDU +- * +- * Returns On Success ESESTATUS_SUCCESS else proper error code +- * +- ******************************************************************************/ +-ESESTATUS phNxpEse_Transceive(void* conn_ctx, phNxpEse_data *pCmd, phNxpEse_data *pRsp) +-{ +- ESESTATUS status = ESESTATUS_FAILED; +- bool_t bStatus = FALSE; +- phNxpEse_Context_t* nxpese_ctxt = (conn_ctx == NULL) ? &gnxpese_ctxt : (phNxpEse_Context_t*)conn_ctx; +- +- if((NULL == pCmd) || (NULL == pRsp)) +- return ESESTATUS_INVALID_PARAMETER; +- +- if ((pCmd->len == 0) || pCmd->p_data == NULL ) +- { +- LOG_E(" phNxpEse_Transceive - Invalid Parameter no data"); +- return ESESTATUS_INVALID_PARAMETER; +- } +- else if ((ESE_STATUS_CLOSE == nxpese_ctxt->EseLibStatus)) +- { +- LOG_E(" %s ESE Not Initialized ", __FUNCTION__); +- return ESESTATUS_NOT_INITIALISED; +- } +- else if ((ESE_STATUS_BUSY == nxpese_ctxt->EseLibStatus)) +- { +- LOG_E(" %s ESE - BUSY ", __FUNCTION__); +- return ESESTATUS_BUSY; +- } +- else +- { +- nxpese_ctxt->EseLibStatus = ESE_STATUS_BUSY; +- bStatus = phNxpEseProto7816_Transceive((void*)nxpese_ctxt, pCmd, pRsp); +- if(TRUE == bStatus) +- { +- status = ESESTATUS_SUCCESS; +- } +- else +- { +- status = ESESTATUS_FAILED; +- } +- +- if (ESESTATUS_SUCCESS != status) +- { +- LOG_E(" %s phNxpEseProto7816_Transceive- Failed ", __FUNCTION__); +- } +- if (nxpese_ctxt->EseLibStatus != ESE_STATUS_CLOSE) { +- nxpese_ctxt->EseLibStatus = ESE_STATUS_IDLE; +- } +- +- LOG_D(" %s Exit status 0x%x ", __FUNCTION__, status); +- return status; +- } +-} +- +-/****************************************************************************** +- * Function phNxpEse_reset +- * +- * Description This function reset the ESE interface and free all +- * +- * param[in] connection context +- * +- * Returns It returns ESESTATUS_SUCCESS (0) if the operation is successful else +- * ESESTATUS_FAILED(1) +- ******************************************************************************/ +-ESESTATUS phNxpEse_reset(void* conn_ctx) +-{ +- ESESTATUS status = ESESTATUS_FAILED; +- phNxpEse_Context_t* nxpese_ctxt = (conn_ctx == NULL) ? &gnxpese_ctxt : (phNxpEse_Context_t*)conn_ctx; +- //bool_t bStatus = phNxpEseProto7816_IntfReset(&AtrRsp); +- status = phNxpEse_chipReset((void*)nxpese_ctxt); +- if (status != ESESTATUS_SUCCESS) +- { +- LOG_E("phNxpEse_reset Failed"); +- } +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEse_EndOfApdu +- * +- * Description This function is used to send S-frame to indicate END_OF_APDU +- * +- * param[in] connection context +- * +- * Returns It returns ESESTATUS_SUCCESS (0) if the operation is successful else +- * ESESTATUS_FAILED(1) +- * +- ******************************************************************************/ +-ESESTATUS phNxpEse_EndOfApdu(void* conn_ctx) +-{ +- ESESTATUS status = ESESTATUS_SUCCESS; +- phNxpEse_Context_t* nxpese_ctxt = (conn_ctx == NULL) ? &gnxpese_ctxt : (phNxpEse_Context_t*)conn_ctx; +- bool_t bStatus = phNxpEseProto7816_Close((void*)nxpese_ctxt); +- if(!bStatus) +- status = ESESTATUS_FAILED; +- return status; +-} +- +- +-/****************************************************************************** +- * Function phNxpEse_chipReset +- * +- * Description This function is used to reset the ESE. +- * +- * param[in] connection context +- * +- * Returns On Success ESESTATUS_SUCCESS (0) else ESESTATUS_FAILED (1). +- * +- ******************************************************************************/ +-ESESTATUS phNxpEse_chipReset(void* conn_ctx) +-{ +- ESESTATUS status = ESESTATUS_SUCCESS; +- bool_t bStatus = FALSE; +- phNxpEse_Context_t* nxpese_ctxt = (conn_ctx == NULL) ? &gnxpese_ctxt : (phNxpEse_Context_t*)conn_ctx; +- bStatus = phNxpEseProto7816_Reset(); +- if(!bStatus) +- { +- status = ESESTATUS_FAILED; +- LOG_E("phNxpEseProto7816_Reset Failed"); +- } +-#if defined(T1oI2C_UM11225) +- bStatus = phNxpEseProto7816_ChipReset((void*)nxpese_ctxt); +-#elif defined(T1oI2C_GP1_0) +- bStatus = phNxpEseProto7816_ColdReset((void*)nxpese_ctxt); +-#endif +- if (bStatus != TRUE) +- { +- LOG_E("phNxpEse_chipReset Failed"); +- } +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEse_deInit +- * +- * Description This function de-initializes all the ESE protocol params +- * +- * param[in] connection context +- * +- * Returns On Success ESESTATUS_SUCCESS (0) else ESESTATUS_FAILED (1). +- * +- ******************************************************************************/ +-ESESTATUS phNxpEse_deInit(void* conn_ctx) +-{ +- ESESTATUS status = ESESTATUS_SUCCESS; +- //bool_t bStatus = FALSE; +- phNxpEse_Context_t* nxpese_ctxt = (conn_ctx == NULL) ? &gnxpese_ctxt : (phNxpEse_Context_t*)conn_ctx; +- /*bStatus = phNxpEseProto7816_ResetProtoParams(); +- if(!bStatus) +- { +- status = ESESTATUS_FAILED; +- }*/ +- phPalEse_i2c_close(nxpese_ctxt->pDevHandle); +- phNxpEse_memset (nxpese_ctxt, 0x00, sizeof (*nxpese_ctxt)); +- //status= phNxpEse_close(); +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEse_close +- * +- * Description This function close the ESE interface and free all +- * resources. +- * +- * param[in] connection context +- * +- * Returns On Success ESESTATUS_SUCCESS else proper error code. +- * +- ******************************************************************************/ +-ESESTATUS phNxpEse_close(void* conn_ctx) +-{ +- ESESTATUS status = ESESTATUS_SUCCESS; +- phNxpEse_Context_t* nxpese_ctxt = (conn_ctx == NULL) ? &gnxpese_ctxt : (phNxpEse_Context_t*)conn_ctx; +- +- if ((ESE_STATUS_CLOSE == nxpese_ctxt->EseLibStatus)) +- { +- LOG_E(" %s ESE Not Initialized previously ", __FUNCTION__); +- return ESESTATUS_NOT_INITIALISED; +- } +- +- phPalEse_i2c_close(nxpese_ctxt->pDevHandle); +- phNxpEse_memset (nxpese_ctxt, 0x00, sizeof (*nxpese_ctxt)); +- LOG_D("phNxpEse_close - ESE Context deinit completed"); +- /* Return success always */ +- if(conn_ctx != NULL){ +- /*free the memory allocated during phNxpEse_open*/ +- phNxpEse_free(conn_ctx); +- } +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEse_clearReadBuffer +- * +- * Description This function read out complete data from SE FIFO read buffer +- * interface (e.g. I2C) using the driver interface. +- * Just to make sure that if host is unable to read complete data +- * during previous transaction +- * +- * param[in] void*: connection context +- * +- * Returns void +- * +- ******************************************************************************/ +-void phNxpEse_clearReadBuffer(void* conn_ctx) +-{ +- int ret = -1; +- uint8_t readBuf[MAX_DATA_LEN]; +- phNxpEse_Context_t* nxpese_ctxt = (conn_ctx == NULL) ? &gnxpese_ctxt : (phNxpEse_Context_t*)conn_ctx; +- +- LOG_D("%s Enter ..", __FUNCTION__); +- +- ret = phPalEse_i2c_read(nxpese_ctxt->pDevHandle, readBuf, MAX_DATA_LEN); +- if(ret < 0) +- { +- /* Do nothing as nothing to read*/ +- } +- else +- { +- LOG_W("Previous transaction buffer is now cleard"); +- LOG_MAU8_D("RAW Rx<",readBuf,ret ); +- } +- return; +-} +- +- +-/****************************************************************************** +- * Function phNxpEse_read +- * +- * Description This function read the data from ESE through physical +- * interface (e.g. I2C) using the driver interface. +- * +- * param[in] void*: connection context +- * param[out] uint32_t: number of bytes read +- * param[out] uint8_t : Read data from ESE +- * +- * Returns It returns ESESTATUS_SUCCESS (0) if read successful else +- * ESESTATUS_FAILED(1) +- * +- ******************************************************************************/ +-ESESTATUS phNxpEse_read(void* conn_ctx, uint32_t *data_len, uint8_t **pp_data) +-{ +- ESESTATUS status = ESESTATUS_FAILED; +- int ret = -1; +- phNxpEse_Context_t* nxpese_ctxt = (conn_ctx == NULL) ? &gnxpese_ctxt : (phNxpEse_Context_t*)conn_ctx; +- +- LOG_D("%s Enter ..", __FUNCTION__); +- +- ENSURE_OR_GO_EXIT(data_len != NULL); +- ENSURE_OR_GO_EXIT(pp_data != NULL); +- +- ret = phNxpEse_readPacket((void*)nxpese_ctxt, nxpese_ctxt->pDevHandle, nxpese_ctxt->p_read_buff, MAX_DATA_LEN); +- if(ret < 0) +- { +- LOG_E("PAL Read status error status = %x", status); +- status = ESESTATUS_FAILED; +- } +- else +- { +- LOG_MAU8_D("RAW Rx<",nxpese_ctxt->p_read_buff,ret ); +- *data_len = ret; +- *pp_data = nxpese_ctxt->p_read_buff; +- status = ESESTATUS_SUCCESS; +- } +-exit: +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEse_readPacket +- * +- * Description This function Reads requested number of bytes from +- * ESE device into given buffer. +- * +- * param[in] void*: connection context +- * param[in] void: ESE Context +- * param[in] uint8_t: pointer to read buffer +- * param[in] int : MAX bytes to read +- * +- * Returns ret - number of successfully read bytes +- * -1 - read operation failure +- * +- ******************************************************************************/ +-static int phNxpEse_readPacket(void* conn_ctx, void *pDevHandle, uint8_t * pBuffer, int nNbBytesToRead) +-{ +- int ret = -1; +- int sof_counter = 0;/* one read may take 1 ms*/ +- int total_count = 0 ,numBytesToRead=0, headerIndex=0; +- phNxpEse_Context_t* nxpese_ctxt = (conn_ctx == NULL) ? &gnxpese_ctxt : (phNxpEse_Context_t*)conn_ctx; +- +- ENSURE_OR_GO_EXIT(pBuffer != NULL); +- memset(pBuffer,0,nNbBytesToRead); +- do +- { +- sof_counter++; +- ret = -1; +- sm_sleep(ESE_POLL_DELAY_MS); /* 1ms delay to give ESE polling delay */ +- ret = phPalEse_i2c_read(pDevHandle, pBuffer, 2); /*read NAD PCB byte first*/ +- if (ret < 0) +- { +- /*Polling for read on i2c, hence Debug log*/ +- LOG_D("_i2c_read() [HDR]errno : %x ret : %X", errno, ret); +- } +- if(pBuffer[0] == RECIEVE_PACKET_SOF) +- { +- /* Read the HEADR of Two bytes*/ +- LOG_D("%s Read HDR", __FUNCTION__); +- pBuffer[0] = RECIEVE_PACKET_SOF; +-#if defined(T1oI2C_UM11225) +- numBytesToRead = 1; +-#elif defined(T1oI2C_GP1_0) +- numBytesToRead = 2; +-#endif +- headerIndex = 1; +- break; +- } +- if(pBuffer[1] == RECIEVE_PACKET_SOF) +- { +- /* Read the HEADR of Two bytes*/ +- LOG_D("%s Read HDR", __FUNCTION__); +- pBuffer[0] = RECIEVE_PACKET_SOF; +-#if defined(T1oI2C_UM11225) +- numBytesToRead = 2; +-#elif defined(T1oI2C_GP1_0) +- numBytesToRead = 3; +-#endif +- headerIndex = 0; +- break; +- } +- /*if host writes invalid frame and host and SE are out of sync*/ +- if((pBuffer[0] == 0x00)&&((pBuffer[1] == 0x82)||(pBuffer[1] == 0x92))) +- { +- LOG_W("%s Recieved NAD byte 0x%x ",__FUNCTION__,pBuffer[0]); +- LOG_W("%s NAD error, clearing the read buffer ", __FUNCTION__); +- /*retry to get all data*/ +-#if defined(T1oI2C_UM11225) +- numBytesToRead = 1; +-#elif defined(T1oI2C_GP1_0) +- numBytesToRead = 2; +-#endif +- headerIndex = 1; +- ret = phPalEse_i2c_read(pDevHandle, &pBuffer[1+headerIndex], numBytesToRead); +-#if defined(T1oI2C_UM11225) +- total_count = 3; +- nNbBytesToRead = pBuffer[2]; +-#elif defined(T1oI2C_GP1_0) +- total_count = 4; +- nNbBytesToRead = (pBuffer[2] << 8 & 0xFF) | (pBuffer[3] & 0xFF) ; +-#endif +- /* Read the Complete data + two byte CRC*/ +- ret = phPalEse_i2c_read(pDevHandle, &pBuffer[PH_PROTO_7816_HEADER_LEN], (nNbBytesToRead+PH_PROTO_7816_CRC_LEN)); +- if (ret < 0) +- { +- LOG_D("_i2c_read() [HDR]errno : %x ret : %X", errno, ret); +- ret = -1; +- } +- else +- { +- ret = (total_count + (nNbBytesToRead + PH_PROTO_7816_CRC_LEN)); +- } +- break; +- } +- /*If it is Chained packet wait for 1 ms*/ +- if(poll_sof_chained_delay == 1) +- { +- LOG_D("%s Chained Pkt, delay read %dms",__FUNCTION__,ESE_POLL_DELAY_MS * CHAINED_PKT_SCALER); +- sm_sleep(ESE_POLL_DELAY_MS); +- } +- else +- { +- LOG_D("%s Normal Pkt, delay read %dms",__FUNCTION__,ESE_POLL_DELAY_MS * NAD_POLLING_SCALER); +- sm_sleep(ESE_POLL_DELAY_MS); +- } +- } while ((sof_counter < ESE_NAD_POLLING_MAX) && (nxpese_ctxt->EseLibStatus!= ESE_STATUS_CLOSE)); +- if((pBuffer[0] == RECIEVE_PACKET_SOF) && (ret > 0)) +- { +- LOG_D("%s SOF FOUND", __FUNCTION__); +- /* Read the HEADR of one/Two bytes based on how two bytes read A5 PCB or 00 A5*/ +- ret = phPalEse_i2c_read(pDevHandle, &pBuffer[1+headerIndex], numBytesToRead); +- if (ret < 0) +- { +- LOG_D("_i2c_read() [HDR]errno : %x ret : %X", errno, ret); +- } +- if((pBuffer[1] == CHAINED_PACKET_WITHOUTSEQN) || (pBuffer[1] == CHAINED_PACKET_WITHSEQN)) +- { +- poll_sof_chained_delay = 1; +- LOG_D("poll_sof_chained_delay value is %d ", poll_sof_chained_delay); +- } +- else +- { +- poll_sof_chained_delay = 0; +- LOG_D("poll_sof_chained_delay value is %d ", poll_sof_chained_delay); +- } +-#if defined(T1oI2C_UM11225) +- total_count = 3; +- nNbBytesToRead = pBuffer[2]; +-#elif defined(T1oI2C_GP1_0) +- total_count = 4; +- nNbBytesToRead = (pBuffer[2] << 8 & 0xFF) | (pBuffer[3] & 0xFF) ; +-#endif +- /* Read the Complete data + two byte CRC*/ +- ret = phPalEse_i2c_read(pDevHandle, &pBuffer[PH_PROTO_7816_HEADER_LEN], (nNbBytesToRead+PH_PROTO_7816_CRC_LEN)); +- if (ret < 0) +- { +- LOG_D("_i2c_read() [HDR]errno : %x ret : %X", errno, ret); +- ret = -1; +- } +- else +- { +- ret = (total_count + (nNbBytesToRead+PH_PROTO_7816_CRC_LEN)); +- } +- } +- else +- { +- ret=-1; +- } +-exit: +- return ret; +-} +-/****************************************************************************** +- * Function phNxpEse_WriteFrame +- * +- * Description This function writes the data to ESE. +- * It waits till write callback provide the result of write +- * process. +- * +- * param[in] void*: connection context +- * param[in] uint32_t: number of bytes to be written +- * param[in] uint8_t : data buffer +- * +- * Returns It returns ESESTATUS_SUCCESS (0) if write successful else +- * ESESTATUS_FAILED(1) +- * +- ******************************************************************************/ +-ESESTATUS phNxpEse_WriteFrame(void* conn_ctx, uint32_t data_len, const uint8_t *p_data) +-{ +- ESESTATUS status = ESESTATUS_INVALID_PARAMETER; +- int32_t dwNoBytesWrRd = 0; +- phNxpEse_Context_t* nxpese_ctxt = (conn_ctx == NULL) ? &gnxpese_ctxt : (phNxpEse_Context_t*)conn_ctx; +- +- /* Create local copy of cmd_data */ +- LOG_D("%s Enter ..", __FUNCTION__); +- phNxpEse_memcpy(nxpese_ctxt->p_cmd_data, p_data, data_len); +- nxpese_ctxt->cmd_len = data_len; +- if(nxpese_ctxt->EseLibStatus != ESE_STATUS_CLOSE) +- { +- dwNoBytesWrRd = phPalEse_i2c_write(nxpese_ctxt->pDevHandle, +- nxpese_ctxt->p_cmd_data, +- nxpese_ctxt->cmd_len +- ); +- if (-1 == dwNoBytesWrRd) +- { +- LOG_E(" - Error in I2C Write....."); +- status = ESESTATUS_FAILED; +- } +- else if (-2 == dwNoBytesWrRd) +- { +- status = ESESTATUS_INVALID_STATE; +- } +- else +- { +- status = ESESTATUS_SUCCESS; +- LOG_MAU8_D("RAW Tx>",nxpese_ctxt->p_cmd_data, nxpese_ctxt->cmd_len ); +- } +- } +- else +- status = ESESTATUS_INVALID_STATE; +- return status; +-} +- +-/****************************************************************************** +- * Function phNxpEse_setIfsc +- * +- * Description This function sets the IFSC size to 240/254 support JCOP OS Update. +- * +- * param[in] uint16_t IFSC_Size +- * +- * Returns Always return ESESTATUS_SUCCESS (0). +- * +- ******************************************************************************/ +-ESESTATUS phNxpEse_setIfsc(uint16_t IFSC_Size) +-{ +- /*SET the IFSC size to 240 bytes*/ +- phNxpEseProto7816_SetIfscSize(IFSC_Size); +- return ESESTATUS_SUCCESS; +-} +- +-/****************************************************************************** +- * Function phNxpEse_memset +- * +- * Description This function updates destination buffer with val +- * data in len size +- * +- * param[in] buff - Array to be udpated +- * param[in] val - value to be updated +- * param[in] len - length of array to be updated +- * +- * Returns Always return ESESTATUS_SUCCESS (0). +- * +- ******************************************************************************/ +-void* phNxpEse_memset(void *buff, int val, size_t len) +-{ +- return memset(buff, val, len); +-} +- +-/****************************************************************************** +- * Function phNxpEse_memcpy +- * +- * Description This function copies source buffer to destination buffer +- * data in len size +- * +- * param[in] dest - Destination array to be updated +- * param[in] src - Source array to be updated +- * param[in] len - length of array to be updated +- * +- * Returns Return pointer to allocated memory location. +- * +- ******************************************************************************/ +-void* phNxpEse_memcpy(void *dest, const void *src, size_t len) +-{ +- return memcpy(dest, src, len); +-} +- +-/****************************************************************************** +- * Function phNxpEse_Memalloc +- * +- * Description This function allocation memory +- * +- * param[in] uint32_t size +- * +- * Returns Return pointer to allocated memory or NULL. +- * +- ******************************************************************************/ +-void *phNxpEse_memalloc(uint32_t size) +-{ +- return SSS_MALLOC(size); +-} +- +- +-/****************************************************************************** +- * Function phNxpEse_free +- * +- * Description This function de-allocation memory +- * +- * param[in] ptr - Address pointer to previous allocation +- * +- * Returns void. +- * +- ******************************************************************************/ +-void phNxpEse_free(void* ptr) +-{ +- ENSURE_OR_GO_EXIT(ptr != NULL); +- SSS_FREE(ptr); +-exit: +- return; +-} +- +-#if defined(T1oI2C_UM11225) +-/****************************************************************************** +- * Function phNxpEse_getAtr +- * +- * Description This function get ATR from ESE. +- * +- * param[out] phNxpEse_data: Response from ESE +- * +- * Returns On Success ESESTATUS_SUCCESS else ESESTATUS_FAILED. +- * +- ******************************************************************************/ +-ESESTATUS phNxpEse_getAtr(void* conn_ctx, phNxpEse_data *pRsp) +-{ +- bool_t status = FALSE; +- status =phNxpEseProto7816_GetAtr(conn_ctx, pRsp); +- if (status == FALSE) +- { +- LOG_E("%s Get ATR Failed ", __FUNCTION__); +- return ESESTATUS_FAILED; +- } +- return ESESTATUS_SUCCESS; +-} +-#endif +- +-#if defined(T1oI2C_GP1_0) +-/****************************************************************************** +- * Function phNxpEse_getCip +- * +- * Description This function get CIP from ESE. +- * +- * param[out] phNxpEse_data: Response from ESE +- * +- * Returns On Success ESESTATUS_SUCCESS else ESESTATUS_FAILED. +- * +- ******************************************************************************/ +-ESESTATUS phNxpEse_getCip(void* conn_ctx, phNxpEse_data *pRsp) +-{ +- bool_t status = FALSE; +- status =phNxpEseProto7816_GetCip(conn_ctx, pRsp); +- if (status == FALSE) +- { +- LOG_E("%s Get CIP Failed ", __FUNCTION__); +- return ESESTATUS_FAILED; +- } +- return ESESTATUS_SUCCESS; +-} +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.h +deleted file mode 100644 +index 6b8e2025bc..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Api.h ++++ /dev/null +@@ -1,70 +0,0 @@ +-/* +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-/** +- * +- * \brief ESE Lib layer interface to application +- * @{ */ +- +-#ifndef _PHNXPESE_API_H_ +-#define _PHNXPESE_API_H_ +- +-#include +-#include +-#include +-#include "smComT1oI2C.h" +- +-#include "phEseStatus.h" +- +-/** +- * +- * \brief Ese data buffer +- * +- */ +-typedef struct phNxpEse_data +-{ +- uint32_t len; /*!< length of the buffer */ +- uint8_t *p_data; /*!< pointer to a buffer */ +-} phNxpEse_data; +- +- +-/** +- * +- * \brief Ese library init parameters to be set while calling phNxpEse_init +- * +- */ +-typedef struct phNxpEse_initParams +-{ +- phNxpEse_initMode initMode; /*!< Ese communication mode */ +-} phNxpEse_initParams; +- +- +-ESESTATUS phNxpEse_init(void *conn_ctx, phNxpEse_initParams initParams, phNxpEse_data *AtrRsp); +-ESESTATUS phNxpEse_open(void **conn_ctx, phNxpEse_initParams initParams, const char *pConnString); +-ESESTATUS phNxpEse_Transceive(void* conn_ctx, phNxpEse_data *pCmd, phNxpEse_data *pRsp); +-ESESTATUS phNxpEse_deInit(void* conn_ctx); +-ESESTATUS phNxpEse_close(void* conn_ctx); +-ESESTATUS phNxpEse_reset(void* conn_ctx); +-ESESTATUS phNxpEse_chipReset(void* conn_ctx); +-ESESTATUS phNxpEse_setIfsc(uint16_t IFSC_Size); +-ESESTATUS phNxpEse_EndOfApdu(void* conn_ctx); +-void* phNxpEse_memset(void *buff, int val, size_t len); +-void* phNxpEse_memcpy(void *dest, const void *src, size_t len); +-void *phNxpEse_memalloc(uint32_t size); +-void phNxpEse_free(void* ptr); +-ESESTATUS phNxpEse_getAtr(void* conn_ctx, phNxpEse_data *pRsp); +-ESESTATUS phNxpEse_getCip(void* conn_ctx, phNxpEse_data *pRsp); +-/** @} */ +-#endif /* _PHNXPESE_API_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Internal.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Internal.h +deleted file mode 100644 +index cea3c0c4bc..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C/phNxpEse_Internal.h ++++ /dev/null +@@ -1,54 +0,0 @@ +-/* +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +-#ifndef _PHNXPESE_INTERNAL_H_ +-#define _PHNXPESE_INTERNAL_H_ +- +-#include +-#include +- +-#ifdef T1oI2C_UM1225_SE050 +-/* MW version 02.13.00 onwards */ +-# error Do not define T1oI2C_UM1225_SE050, define T1oI2C_UM11225 instead. +-#endif +- +-/********************* Definitions and structures *****************************/ +- +-typedef enum +-{ +- ESE_STATUS_CLOSE = 0x00, +- ESE_STATUS_BUSY, +- ESE_STATUS_RECOVERY, +- ESE_STATUS_IDLE, +- ESE_STATUS_OPEN, +-} phNxpEse_LibStatus; +- +-/* I2C Control structure */ +-typedef struct phNxpEse_Context +-{ +- phNxpEse_LibStatus EseLibStatus; /* Indicate if Ese Lib is open or closed */ +- void *pDevHandle; +- +- uint8_t p_read_buff[MAX_DATA_LEN]; +- uint16_t cmd_len; +- uint8_t p_cmd_data[MAX_DATA_LEN]; +- phNxpEse_initParams initParams; +-} phNxpEse_Context_t; +- +- +-ESESTATUS phNxpEse_WriteFrame(void* conn_ctx, uint32_t data_len, const uint8_t *p_data); +-ESESTATUS phNxpEse_read(void* conn_ctx, uint32_t *data_len, uint8_t **pp_data); +-void phNxpEse_clearReadBuffer(void* conn_ctx); +- +-#endif /* _PHNXPESE_INTERNAL_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/apduComm.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/apduComm.h +deleted file mode 100644 +index b87c5d4009..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/apduComm.h ++++ /dev/null +@@ -1,65 +0,0 @@ +-/* +- * +- * Copyright 2016 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef _APDUCOMM_H_ +-#define _APDUCOMM_H_ +- +-#include "sm_types.h" +-/// @cond +-#define APDU_OFFSET_CLA (0) +-#define APDU_OFFSET_INS (1) +-#define APDU_OFFSET_P1 (2) +-#define APDU_OFFSET_P2 (3) +-/// @endcond +-#define APDU_OFFSET_LC (4) //!< Zero index based offset into the APDU of the LC field. +- +-/** +- * Contains APDU exchanged between Host and Secure Modulde. +- */ +-typedef struct +-{ +- U8 cla; +- U8 ins; +- U8 p1; +- U8 p2; +- U8* pBuf; +- U16 buflen; +- U16 rxlen; +- U8 extendedLength; +- U8 hasData; +- U16 lc; +- U8 lcLength; +- U8 hasLe; +- U16 le; +- U8 leLength; +- U16 offset; +- +-#ifdef TGT_A71CL +- U8 txHasChkSum; +- U16 txChkSum; +- U16 txChkSumLength; +- U8 rxHasChkSum; +- U16 rxChkSum; +- U16 rxChkSumLength; +-#endif +- +-} apdu_t; +- +-/** +- * Contains APDU TxRx case as described in ISO/IEC FDIS 7816-3 spec. +- */ +-typedef enum +-{ +- APDU_TXRX_CASE_1 = 0x00, +- APDU_TXRX_CASE_2 = 0x01, +- APDU_TXRX_CASE_2E = 0x02, +- APDU_TXRX_CASE_3 = 0x03, +- APDU_TXRX_CASE_3E = 0x04, +- APDU_TXRX_CASE_4 = 0x05, +- APDU_TXRX_CASE_4E = 0x06, +- APDU_TXRX_CASE_INVALID = 0xFF, +-} apduTxRx_case_t; +-#endif //_APDUCOMM_H_ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.c +deleted file mode 100644 +index f7dfc1943c..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.c ++++ /dev/null +@@ -1,204 +0,0 @@ +-/* +- * +- * Copyright 2016-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * @par Description +- * Implements installable communication layer to exchange APDU's between Host and Secure Module. +- * Allows the top half of the Host Library to be independent of the actual interconnect +- * between Host and Secure Module +- */ +-#include +-#include "smCom.h" +-#include "nxLog_smCom.h" +- +-#if USE_RTOS +-#include "FreeRTOS.h" +-#include "semphr.h" +-#endif +- +-#if defined(SMCOM_JRCP_V2) +-#include "smComJRCP.h" +-#endif +- +-#if USE_RTOS +- static SemaphoreHandle_t gSmComlock; +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +-#include +- /* Only for base session with os */ +- static pthread_mutex_t gSmComlock; +-#elif __MBED__ +-#include "cmsis_os2.h" +-#include "mbed_rtos_storage.h" +- static osSemaphoreId_t gSmComlock; +- static mbed_rtos_storage_semaphore_t gSmComlock_mem; +-#endif +- +-#if (__GNUC__ && !AX_EMBEDDED) || (USE_RTOS) || (__MBED__) +-#define USE_LOCK 1 +-#else +-#define USE_LOCK 0 +-#endif +- +-#if USE_RTOS +-#define LOCK_TXN() \ +- LOG_D("Trying to Acquire Lock"); \ +- if (xSemaphoreTake(gSmComlock, portMAX_DELAY) == pdTRUE) \ +- LOG_D("LOCK Acquired"); \ +- else \ +- LOG_D("LOCK Acquisition failed"); +-#define UNLOCK_TXN() \ +- LOG_D("Trying to Released Lock"); \ +- if (xSemaphoreGive(gSmComlock) == pdTRUE) \ +- LOG_D("LOCK Released"); \ +- else \ +- LOG_D("LOCK Releasing failed"); +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +-#define LOCK_TXN() \ +- LOG_D("Trying to Acquire Lock thread: %ld", pthread_self()); \ +- pthread_mutex_lock(&gSmComlock); \ +- LOG_D("LOCK Acquired by thread: %ld", pthread_self()); +- +-#define UNLOCK_TXN() \ +- LOG_D("Trying to Released Lock by thread: %ld", pthread_self()); \ +- pthread_mutex_unlock(&gSmComlock); \ +- LOG_D("LOCK Released by thread: %ld", pthread_self()); +-#elif __MBED__ +-#define LOCK_TXN() \ +- LOG_D("Trying to Acquire Lock"); \ +- if (osSemaphoreAcquire(gSmComlock, 0) == osOK) \ +- LOG_D("LOCK Acquired"); \ +- else \ +- LOG_D("LOCK Acquisition failed"); +-#define UNLOCK_TXN() \ +- LOG_D("Trying to Released Lock"); \ +- if (osSemaphoreRelease(gSmComlock) == osOK) \ +- LOG_D("LOCK Released"); \ +- else \ +- LOG_D("LOCK Releasing failed"); +-#else +-#define LOCK_TXN() LOG_D("no lock mode"); +-#define UNLOCK_TXN() LOG_D("no lock mode"); +-#endif +- +-static ApduTransceiveFunction_t pSmCom_Transceive = NULL; +-static ApduTransceiveRawFunction_t pSmCom_TransceiveRaw = NULL; +- +-/** +- * Install interconnect and protocol specific implementation of APDU transfer functions. +- * +- */ +-U16 smCom_Init(ApduTransceiveFunction_t pTransceive, ApduTransceiveRawFunction_t pTransceiveRaw) +-{ +- U16 ret = SMCOM_COM_INIT_FAILED; +-#if USE_RTOS +- gSmComlock = xSemaphoreCreateMutex(); +- if (gSmComlock == NULL) { +- LOG_E("\n xSemaphoreCreateMutex failed"); +- return ret; +- } +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +- if (pthread_mutex_init(&gSmComlock, NULL) != 0) +- { +- LOG_E("\n mutex init has failed"); +- return ret; +- } +-#elif __MBED__ +- osSemaphoreAttr_t attr; +- attr.name = NULL; +- attr.attr_bits = 0; +- attr.cb_mem = &gSmComlock_mem; +- attr.cb_size = sizeof gSmComlock_mem; +- gSmComlock = osSemaphoreNew(1, 0, &attr); +- if (gSmComlock == NULL) { +- LOG_E("\n xSemaphoreCreateMutex failed"); +- return 1; +- } +-#endif +- pSmCom_Transceive = pTransceive; +- pSmCom_TransceiveRaw = pTransceiveRaw; +- ret = SMCOM_OK; +- return ret; +-} +- +-void smCom_DeInit(void) +-{ +-#if USE_RTOS +- if (gSmComlock != NULL) { +- vSemaphoreDelete(gSmComlock); +- gSmComlock = NULL; +- } +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +- pthread_mutex_destroy(&gSmComlock); +-#elif __MBED__ +- if (gSmComlock != NULL) { +- osSemaphoreRelease(gSmComlock); +- gSmComlock = NULL; +- } +-#endif +- pSmCom_Transceive = NULL; +- pSmCom_TransceiveRaw = NULL; +-} +- +-/** +- * Exchanges APDU without interpreting the message exchanged +- * +- * @param[in,out] pApdu apdu_t datastructure +- * +- * @retval ::SMCOM_OK Operation successful +- * @retval ::SMCOM_SND_FAILED Send Failed +- * @retval ::SMCOM_RCV_FAILED Receive Failed +- */ +-U32 smCom_Transceive(void *conn_ctx, apdu_t * pApdu) +-{ +- U32 ret = SMCOM_NO_PRIOR_INIT; +- if (pSmCom_Transceive != NULL) +- { +- LOCK_TXN(); +- ret = pSmCom_Transceive(conn_ctx, pApdu); +- UNLOCK_TXN(); +- } +- return ret; +-} +- +-/** +- * Exchanges APDU without interpreting the message exchanged +- * +- * @param[in] pTx Command to be sent to secure module +- * @param[in] txLen Length of command to be sent +- * @param[in,out] pRx IN: Buffer to contain response; OUT: Response received from secure module +- * @param[in,out] pRxLen IN: [TBD]; OUT: Length of response received +- * +- * @retval ::SMCOM_OK Operation successful +- * @retval ::SMCOM_SND_FAILED Send Failed +- * @retval ::SMCOM_RCV_FAILED Receive Failed +- */ +-U32 smCom_TransceiveRaw(void *conn_ctx, U8 * pTx, U16 txLen, U8 * pRx, U32 * pRxLen) +-{ +- U32 ret = SMCOM_NO_PRIOR_INIT; +- if (pSmCom_TransceiveRaw != NULL) +- { +- LOCK_TXN(); +- ret = pSmCom_TransceiveRaw(conn_ctx, pTx, txLen, pRx, pRxLen); +- UNLOCK_TXN(); +- } +- return ret; +-} +- +-#if defined(SMCOM_JRCP_V2) +-void smCom_Echo(void *conn_ctx, const char *comp, const char *level, const char *buffer) +-{ +-#if USE_LOCK +- /* If this function is called before smcom init +- then Lock fails, return without echo */ +- if (pSmCom_TransceiveRaw == NULL) { +- return; +- } +-#endif +- LOCK_TXN(); +- smComJRCP_Echo(conn_ctx, comp, level, buffer); +- UNLOCK_TXN(); +-} +-#endif +\ No newline at end of file +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.h +deleted file mode 100644 +index 797d5b1a0e..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smCom.h ++++ /dev/null +@@ -1,49 +0,0 @@ +-/* +- * +- * Copyright 2016-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * @par Description +- * Interface of installable communication layer to exchange APDU's between Host and Secure Module. +- */ +- +-#ifndef _SCCOM_H_ +-#define _SCCOM_H_ +- +-#include "sm_types.h" +-#include "apduComm.h" +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#define SMCOM_OK 0x9000 //!< Communication successful +-#define SMCOM_SND_FAILED 0x7010 //!< Communication failed while sending data +-#define SMCOM_RCV_FAILED 0x7011 //!< Communication failed while receiving data +-#define SMCOM_COM_FAILED 0x7012 //!< Cannot open communication link with ax device +-#define SMCOM_PROTOCOL_FAILED 0x7013 //!< APDU exchange protocol failed to be established successfully +-#define SMCOM_NO_ATR 0x7014 //!< No ATR can be retrieved +-#define SMCOM_NO_PRIOR_INIT 0x7015 //!< The callbacks doing the actual transfer have not been installed +-#define SMCOM_COM_ALREADY_OPEN 0x7016 //!< Communication link is already open with device +-#define SMCOM_COM_INIT_FAILED 0x7017 //!< Communication init failed +- +- +-/* ------------------------------------------------------------------------- */ +-typedef U32 (*ApduTransceiveFunction_t) (void* conn_ctx, apdu_t * pAdpu); +-typedef U32 (*ApduTransceiveRawFunction_t) (void* conn_ctx, U8 * pTx, U16 txLen, U8 * pRx, U32 * pRxLen); +- +-U16 smCom_Init(ApduTransceiveFunction_t pTransceive, ApduTransceiveRawFunction_t pTransceiveRaw); +-void smCom_DeInit(void); +-U32 smCom_Transceive(void *conn_ctx, apdu_t *pApdu); +-U32 smCom_TransceiveRaw(void *conn_ctx, U8 *pTx, U16 txLen, U8 *pRx, U32 *pRxLen); +- +-#if defined(SMCOM_JRCP_V2) +-void smCom_Echo(void *conn_ctx, const char *comp, const char *level, const char *buffer); +-#endif +- +-#ifdef __cplusplus +-} +-#endif +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.c +deleted file mode 100644 +index c16c51d8ae..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.c ++++ /dev/null +@@ -1,200 +0,0 @@ +-/* +- * +- * Copyright 2016-2018,2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * @par Description +- * This file implements the SmCom T1oI2C communication layer. +- * +- *****************************************************************************/ +- +-#ifdef T1oI2C +- +-#include +- +-#include "smComT1oI2C.h" +-#include "phNxpEse_Api.h" +-#include "phNxpEseProto7816_3.h" +- +-#include "i2c_a7.h" +-#include "sm_printf.h" +-#include "phEseStatus.h" +-#include "sm_apdu.h" +- +-#ifdef FLOW_VERBOSE +-#define NX_LOG_ENABLE_SMCOM_DEBUG 1 +-#else +-//#define NX_LOG_ENABLE_SMCOM_DEBUG 1 +-#endif +- +-#include "nxLog_smCom.h" +-#include "nxEnsure.h" +- +-static U32 smComT1oI2C_Transceive(void* conn_ctx, apdu_t * pApdu); +-static U32 smComT1oI2C_TransceiveRaw(void* conn_ctx, U8 * pTx, U16 txLen, U8 * pRx, U32 * pRxLen); +-U16 smComT1oI2C_AnswerToReset(void* conn_ctx, U8 *T1oI2Catr, U16 *T1oI2CatrLen); +- +-U16 smComT1oI2C_Close(void *conn_ctx, U8 mode) +-{ +- ESESTATUS status; +- if (conn_ctx) { +- status=phNxpEse_EndOfApdu(conn_ctx); +- //status=phNxpEse_chipReset(); +- if(status ==ESESTATUS_SUCCESS) +- { +- status = phNxpEse_close(conn_ctx); +- if(status != ESESTATUS_SUCCESS) +- { +- LOG_E("Failed to close ESE interface and free all resources "); +- return SMCOM_COM_FAILED; +- } +- } +- else +- { +- LOG_E("Failed to close session "); +- return SMCOM_COM_FAILED; +- } +- } +- else { +- LOG_W("Invalid conn_ctx"); +- } +- return SMCOM_OK; +-} +- +- +-U16 smComT1oI2C_Init(void **conn_ctx, const char *pConnString) +-{ +- ESESTATUS ret; +- phNxpEse_initParams initParams; +- initParams.initMode = ESE_MODE_NORMAL; +- +- if(conn_ctx != NULL) { +- *conn_ctx = NULL; +- } +- ret = phNxpEse_open(conn_ctx, initParams, pConnString); +- if (ret != ESESTATUS_SUCCESS) +- { +- LOG_E(" Failed to create physical connection with ESE "); +- return SMCOM_COM_FAILED; +- } +- return SMCOM_OK; +-} +- +-U16 smComT1oI2C_Open(void *conn_ctx, U8 mode, U8 seqCnt, U8 *T1oI2Catr, U16 *T1oI2CatrLen) +-{ +- ESESTATUS ret; +- phNxpEse_data AtrRsp; +- phNxpEse_initParams initParams; +- initParams.initMode = ESE_MODE_NORMAL; +- AtrRsp.len = *T1oI2CatrLen; +- AtrRsp.p_data = T1oI2Catr; +- +- if (conn_ctx == NULL) { +- // Connection context is stored in global variable contained in phNxpEse_Api.c +- smComT1oI2C_Init(NULL, NULL); +- } +- +- ret=phNxpEse_init(conn_ctx, initParams, &AtrRsp); +- if (ret != ESESTATUS_SUCCESS) +- { +- *T1oI2CatrLen=0; +- LOG_E(" Failed to Open session "); +- return SMCOM_COM_FAILED; +- } +- else +- { +- *T1oI2CatrLen = AtrRsp.len ; /*Retrive INF FIELD*/ +- } +- return smCom_Init(&smComT1oI2C_Transceive, &smComT1oI2C_TransceiveRaw); +-} +- +-static U32 smComT1oI2C_Transceive(void* conn_ctx, apdu_t * pApdu) +-{ +- U32 respLen= MAX_APDU_BUF_LENGTH; +- U32 retCode = SMCOM_COM_FAILED; +- +- ENSURE_OR_GO_EXIT(pApdu != NULL); +- +- retCode = smComT1oI2C_TransceiveRaw(conn_ctx, (U8 *)pApdu->pBuf, pApdu->buflen, pApdu->pBuf, &respLen); +- pApdu->rxlen = (U16)respLen; +-exit: +- return retCode; +-} +- +-static U32 smComT1oI2C_TransceiveRaw(void* conn_ctx, U8 * pTx, U16 txLen, U8 * pRx, U32 * pRxLen) +-{ +- phNxpEse_data pCmdTrans; +- phNxpEse_data pRspTrans={0}; +- ESESTATUS txnStatus; +- +- pCmdTrans.len = txLen; +- pCmdTrans.p_data = pTx; +- +- pRspTrans.len = *pRxLen; +- pRspTrans.p_data = pRx; +- +- LOG_MAU8_D("APDU Tx>", pTx, txLen); +- txnStatus = phNxpEse_Transceive(conn_ctx, &pCmdTrans, &pRspTrans); +- if ( txnStatus == ESESTATUS_SUCCESS ) +- { +- *pRxLen = pRspTrans.len; +- LOG_MAU8_D("APDU Rx<", pRx, pRspTrans.len); +- } +- else +- { +- *pRxLen = 0; +- LOG_E(" Transcive Failed "); +- return SMCOM_SND_FAILED; +- } +- +- return SMCOM_OK; +-} +- +-U16 smComT1oI2C_AnswerToReset(void* conn_ctx, U8 *T1oI2Catr, U16 *T1oI2CatrLen) +-{ +- phNxpEse_data pRsp= {0}; +- ESESTATUS txnStatus; +- U16 status = SMCOM_NO_ATR; +- +- ENSURE_OR_GO_EXIT(T1oI2Catr != NULL); +- ENSURE_OR_GO_EXIT(T1oI2CatrLen != NULL); +-#if defined(T1oI2C_UM11225) +- txnStatus= phNxpEse_getAtr(conn_ctx, &pRsp); +-#elif defined(T1oI2C_GP1_0) +- txnStatus= phNxpEse_getCip(conn_ctx, &pRsp); +-#endif +- if(txnStatus == ESESTATUS_SUCCESS) +- { +- *T1oI2CatrLen = pRsp.len; +- if (pRsp.len > 0) { +- memcpy(T1oI2Catr, pRsp.p_data, pRsp.len); +- status = SMCOM_OK; +- } +- else { +- LOG_E(" ATR/CIP Length is improper!!!"); +- } +- } +- else +- { +- *T1oI2CatrLen = 0; +- LOG_E(" Failed to Retrieve ATR/CIP status "); +- } +-exit: +- return status; +-} +- +-U16 smComT1oI2C_ComReset(void* conn_ctx) +-{ +- ESESTATUS status = ESESTATUS_SUCCESS; +- status = phNxpEse_deInit(conn_ctx); +- if(status !=ESESTATUS_SUCCESS) +- { +- LOG_E("Failed to Reset 7816 protocol instance "); +- return SMCOM_COM_FAILED; +- } +- return SMCOM_OK; +-} +- +-#endif /* T1oI2C */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.h +deleted file mode 100644 +index 6def7131b7..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/smComT1oI2C.h ++++ /dev/null +@@ -1,71 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * @par Description +- * This file provides the API of the SmCom T1oI2C communication layer. +- * +- *****************************************************************************/ +- +-#ifndef _SMCOMT1OI2C_H_ +-#define _SMCOMT1OI2C_H_ +- +-#include "smCom.h" +- +-/** +- * \ingroup spi_libese +- * \brief Ese Channel mode +- * +- */ +-typedef enum +-{ +- ESE_MODE_NORMAL = 0, /*!< All wired transaction other OSU */ +- ESE_MODE_OSU /*!< Jcop Os update mode */ +-} phNxpEse_initMode; +- +-#if defined(__cplusplus) +-extern "C" { +-#endif +- +-/** +- * closes the T=1 o I2C communication layer. +- * @param conn_ctx connection context +- * @param mode Ese Communication mode either +- * ESE_MODE_NORMAL: All wired transaction other OSU or +- * ESE_MODE_OSU :Jcop Os update mode +- * @return +- */ +-U16 smComT1oI2C_Close(void *conn_ctx, U8 mode); +- +-/** +- * @param conn_ctx connection context +- * Reset the T=1 o protocol instance. +- * @return +- */ +-U16 smComT1oI2C_ComReset(void *conn_ctx); +- +-/** +- * Initializes or resumes the T=1 o I2C communication layer. +- * @param conn_ctx IN: connection context +- * @param mode Ese Communication mode either ESE_MODE_NORMAL: All wired transaction other OSU or ESE_MODE_OSU :Jcop Os update mode +- * @param T1oI2Catr IN: Pointer to buffer to contain SCI2C_ATR value +- * @param T1oI2CatrLen IN: Size of buffer provided; OUT: Actual length of atr retrieved +- * @return +- */ +-U16 smComT1oI2C_Open(void *conn_ctx, U8 mode, U8 seqCnt, U8 *T1oI2Catr, U16 *T1oI2CatrLen); +- +-/** +-* Open I2C device. +-* @param conn_ctx IN: pointer connection context +-* @param pConnParam IN: I2C address +-* @return +-*/ +-U16 smComT1oI2C_Init(void **conn_ctx, const char *pConnString); +- +-#if defined(__cplusplus) +-} +-#endif +-#endif /* _SMCOMT1OI2C_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/mbedtls/src/ecdh_alt.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/mbedtls/src/ecdh_alt.c +deleted file mode 100644 +index af6f5d57de..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/mbedtls/src/ecdh_alt.c ++++ /dev/null +@@ -1,710 +0,0 @@ +-/* +- * Elliptic curve Diffie-Hellman +- * +- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved +- * Copyright (C) 2017-2018,2020, NXP +- * SPDX-License-Identifier: Apache-2.0 +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); you may +- * not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- * +- * This file is part of mbed TLS (https://tls.mbed.org) +- */ +- +-/* +- * References: +- * +- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg +- * RFC 4492 +- */ +- +-#if !defined(MBEDTLS_CONFIG_FILE) +-#include "mbedtls/config.h" +-#else +-#include MBEDTLS_CONFIG_FILE +-#endif +- +-#if defined(MBEDTLS_ECDH_C) +-#if defined(MBEDTLS_ECDH_ALT) +-#include "mbedtls/ecdh.h" +-#include "mbedtls/platform_util.h" +- +-#include +- +-/* Parameter validation macros based on platform_util.h */ +-#define ECDH_VALIDATE_RET( cond ) \ +- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) +-#define ECDH_VALIDATE( cond ) \ +- MBEDTLS_INTERNAL_VALIDATE( cond ) +- +-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +-typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; +-#endif +- +-#if 0 +-static mbedtls_ecp_group_id mbedtls_ecdh_grp_id( +- const mbedtls_ecdh_context *ctx ) +-{ +-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +- return( ctx->grp.id ); +-#else +- return( ctx->grp_id ); +-#endif +-} +-#endif +- +-#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) +-/* +- * Generate public key (restartable version) +- * +- * Note: this internal function relies on its caller preserving the value of +- * the output parameter 'd' across continuation calls. This would not be +- * acceptable for a public function but is OK here as we control call sites. +- */ +-int ecdh_gen_public_restartable_o( mbedtls_ecp_group *grp, +- mbedtls_mpi *d, mbedtls_ecp_point *Q, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- mbedtls_ecp_restart_ctx *rs_ctx ) +-{ +- int ret; +- +- /* If multiplication is in progress, we already generated a privkey */ +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx == NULL || rs_ctx->rsm == NULL ) +-#endif +- MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); +- +- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G, +- f_rng, p_rng, rs_ctx ) ); +- +-cleanup: +- return( ret ); +-} +- +-/* +- * Generate public key +- */ +-int mbedtls_ecdh_gen_public_o( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng ) +-{ +- ECDH_VALIDATE_RET( grp != NULL ); +- ECDH_VALIDATE_RET( d != NULL ); +- ECDH_VALIDATE_RET( Q != NULL ); +- ECDH_VALIDATE_RET( f_rng != NULL ); +- return( ecdh_gen_public_restartable_o( grp, d, Q, f_rng, p_rng, NULL ) ); +-} +-#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */ +- +-#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) +-/* +- * Compute shared secret (SEC1 3.3.1) +- */ +-int ecdh_compute_shared_restartable_o( mbedtls_ecp_group *grp, +- mbedtls_mpi *z, +- const mbedtls_ecp_point *Q, const mbedtls_mpi *d, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- mbedtls_ecp_restart_ctx *rs_ctx ) +-{ +- int ret; +- mbedtls_ecp_point P; +- +- mbedtls_ecp_point_init( &P ); +- +- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &P, d, Q, +- f_rng, p_rng, rs_ctx ) ); +- +- if( mbedtls_ecp_is_zero( &P ) ) +- { +- ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- goto cleanup; +- } +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.X ) ); +- +-cleanup: +- mbedtls_ecp_point_free( &P ); +- +- return( ret ); +-} +- +-/* +- * Compute shared secret (SEC1 3.3.1) +- */ +-int mbedtls_ecdh_compute_shared_o( mbedtls_ecp_group *grp, mbedtls_mpi *z, +- const mbedtls_ecp_point *Q, const mbedtls_mpi *d, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng ) +-{ +- ECDH_VALIDATE_RET( grp != NULL ); +- ECDH_VALIDATE_RET( Q != NULL ); +- ECDH_VALIDATE_RET( d != NULL ); +- ECDH_VALIDATE_RET( z != NULL ); +- return( ecdh_compute_shared_restartable_o( grp, z, Q, d, +- f_rng, p_rng, NULL ) ); +-} +-#endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ +- +-static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx ) +-{ +- mbedtls_ecp_group_init( &ctx->grp ); +- mbedtls_mpi_init( &ctx->d ); +- mbedtls_ecp_point_init( &ctx->Q ); +- mbedtls_ecp_point_init( &ctx->Qp ); +- mbedtls_mpi_init( &ctx->z ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- mbedtls_ecp_restart_init( &ctx->rs ); +-#endif +-} +- +-/* +- * Initialize context +- */ +-void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) +-{ +- ECDH_VALIDATE( ctx != NULL ); +- +-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +- ecdh_init_internal( ctx ); +- mbedtls_ecp_point_init( &ctx->Vi ); +- mbedtls_ecp_point_init( &ctx->Vf ); +- mbedtls_mpi_init( &ctx->_d ); +-#else +- memset( ctx, 0, sizeof( mbedtls_ecdh_context ) ); +- +- ctx->var = MBEDTLS_ECDH_VARIANT_NONE; +-#endif +- ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- ctx->restart_enabled = 0; +-#endif +-} +- +-static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx, +- mbedtls_ecp_group_id grp_id ) +-{ +- int ret; +- +- ret = mbedtls_ecp_group_load( &ctx->grp, grp_id ); +- if( ret != 0 ) +- { +- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); +- } +- +- return( 0 ); +-} +- +-/* +- * Setup context +- */ +-int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) +-{ +- ECDH_VALIDATE_RET( ctx != NULL ); +- +-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +- return( ecdh_setup_internal( ctx, grp_id ) ); +-#else +- switch( grp_id ) +- { +- default: +- ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; +- ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; +- ctx->grp_id = grp_id; +- ecdh_init_internal( &ctx->ctx.mbed_ecdh ); +- return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) ); +- } +-#endif +-} +- +-static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx ) +-{ +- mbedtls_ecp_group_free( &ctx->grp ); +- mbedtls_mpi_free( &ctx->d ); +- mbedtls_ecp_point_free( &ctx->Q ); +- mbedtls_ecp_point_free( &ctx->Qp ); +- mbedtls_mpi_free( &ctx->z ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- mbedtls_ecp_restart_free( &ctx->rs ); +-#endif +-} +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +-/* +- * Enable restartable operations for context +- */ +-void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ) +-{ +- ECDH_VALIDATE( ctx != NULL ); +- +- ctx->restart_enabled = 1; +-} +-#endif +- +-/* +- * Free context +- */ +-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) +-{ +- if( ctx == NULL ) +- return; +- +-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +- mbedtls_ecp_point_free( &ctx->Vi ); +- mbedtls_ecp_point_free( &ctx->Vf ); +- mbedtls_mpi_free( &ctx->_d ); +- ecdh_free_internal( ctx ); +-#else +- switch( ctx->var ) +- { +- case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: +- ecdh_free_internal( &ctx->ctx.mbed_ecdh ); +- break; +- default: +- break; +- } +- +- ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; +- ctx->var = MBEDTLS_ECDH_VARIANT_NONE; +- ctx->grp_id = MBEDTLS_ECP_DP_NONE; +-#endif +-} +- +-static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx, +- size_t *olen, int point_format, +- unsigned char *buf, size_t blen, +- int (*f_rng)(void *, +- unsigned char *, +- size_t), +- void *p_rng, +- int restart_enabled ) +-{ +- int ret; +- size_t grp_len, pt_len; +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- mbedtls_ecp_restart_ctx *rs_ctx = NULL; +-#endif +- +- if( ctx->grp.pbits == 0 ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( restart_enabled ) +- rs_ctx = &ctx->rs; +-#else +- (void) restart_enabled; +-#endif +- +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, +- f_rng, p_rng, rs_ctx ) ) != 0 ) +- return( ret ); +-#else +- if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, +- f_rng, p_rng ) ) != 0 ) +- return( ret ); +-#endif /* MBEDTLS_ECP_RESTARTABLE */ +- +- if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, +- blen ) ) != 0 ) +- return( ret ); +- +- buf += grp_len; +- blen -= grp_len; +- +- if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, +- &pt_len, buf, blen ) ) != 0 ) +- return( ret ); +- +- *olen = grp_len + pt_len; +- return( 0 ); +-} +- +-/* +- * Setup and write the ServerKeyExhange parameters (RFC 4492) +- * struct { +- * ECParameters curve_params; +- * ECPoint public; +- * } ServerECDHParams; +- */ +-int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, +- unsigned char *buf, size_t blen, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng ) +-{ +- int restart_enabled = 0; +- ECDH_VALIDATE_RET( ctx != NULL ); +- ECDH_VALIDATE_RET( olen != NULL ); +- ECDH_VALIDATE_RET( buf != NULL ); +- ECDH_VALIDATE_RET( f_rng != NULL ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- restart_enabled = ctx->restart_enabled; +-#else +- (void) restart_enabled; +-#endif +- +-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +- return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen, +- f_rng, p_rng, restart_enabled ) ); +-#else +- switch( ctx->var ) +- { +- case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: +- return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen, +- ctx->point_format, buf, blen, +- f_rng, p_rng, +- restart_enabled ) ); +- default: +- return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- } +-#endif +-} +- +-static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx, +- const unsigned char **buf, +- const unsigned char *end ) +-{ +- return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, +- end - *buf ) ); +-} +- +-/* +- * Read the ServerKeyExhange parameters (RFC 4492) +- * struct { +- * ECParameters curve_params; +- * ECPoint public; +- * } ServerECDHParams; +- */ +-int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, +- const unsigned char **buf, +- const unsigned char *end ) +-{ +- int ret; +- mbedtls_ecp_group_id grp_id; +- ECDH_VALIDATE_RET( ctx != NULL ); +- ECDH_VALIDATE_RET( buf != NULL ); +- ECDH_VALIDATE_RET( *buf != NULL ); +- ECDH_VALIDATE_RET( end != NULL ); +- +- if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) ) +- != 0 ) +- return( ret ); +- +- if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 ) +- return( ret ); +- +-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +- return( ecdh_read_params_internal( ctx, buf, end ) ); +-#else +- switch( ctx->var ) +- { +- case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: +- return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh, +- buf, end ) ); +- default: +- return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- } +-#endif +-} +- +-int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx, +- const mbedtls_ecp_keypair *key, +- mbedtls_ecdh_side side ); +- +-int ecdh_get_params_internal_o( mbedtls_ecdh_context_mbed *ctx, +- const mbedtls_ecp_keypair *key, +- mbedtls_ecdh_side side ) +-{ +- int ret; +- +- /* If it's not our key, just import the public part as Qp */ +- if( side == MBEDTLS_ECDH_THEIRS ) +- return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) ); +- +- /* Our key: import public (as Q) and private parts */ +- if( side != MBEDTLS_ECDH_OURS ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- if( ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 || +- ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ) +- return( ret ); +- +- return( 0 ); +-} +- +-/* +- * Get parameters from a keypair +- */ +-#if 0 +-int mbedtls_ecdh_get_params_o( mbedtls_ecdh_context *ctx, +- const mbedtls_ecp_keypair *key, +- mbedtls_ecdh_side side ) +-{ +- int ret; +- ECDH_VALIDATE_RET( ctx != NULL ); +- ECDH_VALIDATE_RET( key != NULL ); +- ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS || +- side == MBEDTLS_ECDH_THEIRS ); +- +- if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE ) +- { +- /* This is the first call to get_params(). Set up the context +- * for use with the group. */ +- if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 ) +- return( ret ); +- } +- else +- { +- /* This is not the first call to get_params(). Check that the +- * current key's group is the same as the context's, which was set +- * from the first key's group. */ +- if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- } +- +-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +- return( ecdh_get_params_internal( ctx, key, side ) ); +-#else +- switch( ctx->var ) +- { +- case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: +- return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh, +- key, side ) ); +- default: +- return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- } +-#endif +-} +-#else +-int mbedtls_ecdh_get_params_o(mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, +- mbedtls_ecdh_side side) +-{ +- int ret; +- +- if ((ret = mbedtls_ecp_group_copy(&ctx->grp, &key->grp)) != 0) +- return(ret); +- +- /* If it's not our key, just import the public part as Qp */ +- if (side == MBEDTLS_ECDH_THEIRS) +- return(mbedtls_ecp_copy(&ctx->Qp, &key->Q)); +- +- /* Our key: import public (as Q) and private parts */ +- if (side != MBEDTLS_ECDH_OURS) +- return(MBEDTLS_ERR_ECP_BAD_INPUT_DATA); +- +- if ((ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0 || +- (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0) +- return(ret); +- +- return(0); +-} +-#endif +-static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx, +- size_t *olen, int point_format, +- unsigned char *buf, size_t blen, +- int (*f_rng)(void *, +- unsigned char *, +- size_t), +- void *p_rng, +- int restart_enabled ) +-{ +- int ret; +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- mbedtls_ecp_restart_ctx *rs_ctx = NULL; +-#endif +- +- if( ctx->grp.pbits == 0 ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( restart_enabled ) +- rs_ctx = &ctx->rs; +-#else +- (void) restart_enabled; +-#endif +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, +- f_rng, p_rng, rs_ctx ) ) != 0 ) +- return( ret ); +-#else +- if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, +- f_rng, p_rng ) ) != 0 ) +- return( ret ); +-#endif /* MBEDTLS_ECP_RESTARTABLE */ +- +- return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, olen, +- buf, blen ); +-} +- +-/* +- * Setup and export the client public value +- */ +-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, +- unsigned char *buf, size_t blen, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng ) +-{ +- int restart_enabled = 0; +- ECDH_VALIDATE_RET( ctx != NULL ); +- ECDH_VALIDATE_RET( olen != NULL ); +- ECDH_VALIDATE_RET( buf != NULL ); +- ECDH_VALIDATE_RET( f_rng != NULL ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- restart_enabled = ctx->restart_enabled; +-#endif +- +-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +- return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen, +- f_rng, p_rng, restart_enabled ) ); +-#else +- switch( ctx->var ) +- { +- case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: +- return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen, +- ctx->point_format, buf, blen, +- f_rng, p_rng, +- restart_enabled ) ); +- default: +- return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- } +-#endif +-} +- +-static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx, +- const unsigned char *buf, size_t blen ) +-{ +- int ret; +- const unsigned char *p = buf; +- +- if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, +- blen ) ) != 0 ) +- return( ret ); +- +- if( (size_t)( p - buf ) != blen ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- return( 0 ); +-} +- +-/* +- * Parse and import the client's public value +- */ +-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, +- const unsigned char *buf, size_t blen ) +-{ +- ECDH_VALIDATE_RET( ctx != NULL ); +- ECDH_VALIDATE_RET( buf != NULL ); +- +-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +- return( ecdh_read_public_internal( ctx, buf, blen ) ); +-#else +- switch( ctx->var ) +- { +- case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: +- return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh, +- buf, blen ) ); +- default: +- return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- } +-#endif +-} +- +-static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx, +- size_t *olen, unsigned char *buf, +- size_t blen, +- int (*f_rng)(void *, +- unsigned char *, +- size_t), +- void *p_rng, +- int restart_enabled ) +-{ +- int ret; +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- mbedtls_ecp_restart_ctx *rs_ctx = NULL; +-#endif +- +- if( ctx == NULL || ctx->grp.pbits == 0 ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( restart_enabled ) +- rs_ctx = &ctx->rs; +-#else +- (void) restart_enabled; +-#endif +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp, +- &ctx->d, f_rng, p_rng, +- rs_ctx ) ) != 0 ) +- { +- return( ret ); +- } +-#else +- if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, +- &ctx->d, f_rng, p_rng ) ) != 0 ) +- { +- return( ret ); +- } +-#endif /* MBEDTLS_ECP_RESTARTABLE */ +- +- if( mbedtls_mpi_size( &ctx->z ) > blen ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- *olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 ); +- return mbedtls_mpi_write_binary( &ctx->z, buf, *olen ); +-} +- +-/* +- * Derive and export the shared secret +- */ +-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, +- unsigned char *buf, size_t blen, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng ) +-{ +- int restart_enabled = 0; +- ECDH_VALIDATE_RET( ctx != NULL ); +- ECDH_VALIDATE_RET( olen != NULL ); +- ECDH_VALIDATE_RET( buf != NULL ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- restart_enabled = ctx->restart_enabled; +-#endif +- +-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +- return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng, +- restart_enabled ) ); +-#else +- switch( ctx->var ) +- { +- case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: +- return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf, +- blen, f_rng, p_rng, +- restart_enabled ) ); +- default: +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- } +-#endif +-} +- +- +- +-#endif /*#if defined(MBEDTLS_ECDH_ALT) */ +-#endif /* MBEDTLS_ECDH_C */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/mbedtls/src/rsa_alt.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/mbedtls/src/rsa_alt.c +deleted file mode 100644 +index 72be4a536c..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/mbedtls/src/rsa_alt.c ++++ /dev/null +@@ -1,2376 +0,0 @@ +-/* +- * The RSA public-key cryptosystem +- * +- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved +- * Copyright (C) 2019, NXP, All Rights Reserved +- * SPDX-License-Identifier: Apache-2.0 +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); you may +- * not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- * +- * This file is part of mbed TLS (https://tls.mbed.org) +- */ +- +-/* +- * The following sources were referenced in the design of this implementation +- * of the RSA algorithm: +- * +- * [1] A method for obtaining digital signatures and public-key cryptosystems +- * R Rivest, A Shamir, and L Adleman +- * http://people.csail.mit.edu/rivest/pubs.html#RSA78 +- * +- * [2] Handbook of Applied Cryptography - 1997, Chapter 8 +- * Menezes, van Oorschot and Vanstone +- * +- * [3] Malware Guard Extension: Using SGX to Conceal Cache Attacks +- * Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice and +- * Stefan Mangard +- * https://arxiv.org/abs/1702.08719v2 +- * +- */ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if !defined(MBEDTLS_CONFIG_FILE) +-#include "mbedtls/config.h" +-#else +-#include MBEDTLS_CONFIG_FILE +-#endif +- +-#if defined(MBEDTLS_RSA_C) +- +-#include "mbedtls/rsa.h" +-#include "mbedtls/rsa_internal.h" +-#include "mbedtls/oid.h" +-#include "mbedtls/platform_util.h" +- +-#include +- +-#if defined(MBEDTLS_RSA_ALT) +- +-#if SSS_HAVE_ALT_SSS +-# include "sss_mbedtls.h" +-#else +-# include "ax_mbedtls.h" +-#endif +- +-#if defined(MBEDTLS_PKCS1_V21) +-#include "mbedtls/md.h" +-#endif +- +-#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__) +-#include +-#endif +- +-#if defined(MBEDTLS_PLATFORM_C) +-#include "mbedtls/platform.h" +-#else +-#include +-#define mbedtls_printf printf +-#define mbedtls_calloc calloc +-#define mbedtls_free free +-#endif +- +-#if defined(MBEDTLS_PKCS1_V15) +-/* constant-time buffer comparison */ +-static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) +-{ +- size_t i; +- const unsigned char *A = (const unsigned char *) a; +- const unsigned char *B = (const unsigned char *) b; +- unsigned char diff = 0; +- +- for( i = 0; i < n; i++ ) +- diff |= A[i] ^ B[i]; +- +- return( diff ); +-} +-#endif /* MBEDTLS_PKCS1_V15 */ +- +-int mbedtls_rsa_import( mbedtls_rsa_context *ctx, +- const mbedtls_mpi *N, +- const mbedtls_mpi *P, const mbedtls_mpi *Q, +- const mbedtls_mpi *D, const mbedtls_mpi *E ) +-{ +- int ret; +- +- if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) || +- ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) || +- ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) || +- ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) || +- ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) ) +- { +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); +- } +- +- if( N != NULL ) +- ctx->len = mbedtls_mpi_size( &ctx->N ); +- +- return( 0 ); +-} +- +-int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, +- unsigned char const *N, size_t N_len, +- unsigned char const *P, size_t P_len, +- unsigned char const *Q, size_t Q_len, +- unsigned char const *D, size_t D_len, +- unsigned char const *E, size_t E_len ) +-{ +- int ret = 0; +- +- if( N != NULL ) +- { +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) ); +- ctx->len = mbedtls_mpi_size( &ctx->N ); +- } +- +- if( P != NULL ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) ); +- +- if( Q != NULL ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) ); +- +- if( D != NULL ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) ); +- +- if( E != NULL ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) ); +- +-cleanup: +- +- if( ret != 0 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); +- +- return( 0 ); +-} +- +-/* +- * Checks whether the context fields are set in such a way +- * that the RSA primitives will be able to execute without error. +- * It does *not* make guarantees for consistency of the parameters. +- */ +-static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, +- int blinding_needed ) +-{ +-#if !defined(MBEDTLS_RSA_NO_CRT) +- /* blinding_needed is only used for NO_CRT to decide whether +- * P,Q need to be present or not. */ +- ((void) blinding_needed); +-#endif +- +- if( ctx->len != mbedtls_mpi_size( &ctx->N ) || +- ctx->len > MBEDTLS_MPI_MAX_SIZE ) +- { +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- } +- +- /* +- * 1. Modular exponentiation needs positive, odd moduli. +- */ +- +- /* Modular exponentiation wrt. N is always used for +- * RSA public key operations. */ +- if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 || +- mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 ) +- { +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- } +- +-#if !defined(MBEDTLS_RSA_NO_CRT) +- /* Modular exponentiation for P and Q is only +- * used for private key operations and if CRT +- * is used. */ +- if( is_priv && +- ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || +- mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 || +- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 || +- mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0 ) ) +- { +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- } +-#endif /* !MBEDTLS_RSA_NO_CRT */ +- +- /* +- * 2. Exponents must be positive +- */ +- +- /* Always need E for public key operations */ +- if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +-#if defined(MBEDTLS_RSA_NO_CRT) +- /* For private key operations, use D or DP & DQ +- * as (unblinded) exponents. */ +- if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +-#else +- if( is_priv && +- ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 || +- mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0 ) ) +- { +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- } +-#endif /* MBEDTLS_RSA_NO_CRT */ +- +- /* Blinding shouldn't make exponents negative either, +- * so check that P, Q >= 1 if that hasn't yet been +- * done as part of 1. */ +-#if defined(MBEDTLS_RSA_NO_CRT) +- if( is_priv && blinding_needed && +- ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || +- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) ) +- { +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- } +-#endif +- +- /* It wouldn't lead to an error if it wasn't satisfied, +- * but check for QP >= 1 nonetheless. */ +-#if !defined(MBEDTLS_RSA_NO_CRT) +- if( is_priv && +- mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 ) +- { +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- } +-#endif +- +- return( 0 ); +-} +- +-int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) +-{ +- int ret = 0; +- +- const int have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 ); +- const int have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 ); +- const int have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 ); +- const int have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 ); +- const int have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 ); +- +- /* +- * Check whether provided parameters are enough +- * to deduce all others. The following incomplete +- * parameter sets for private keys are supported: +- * +- * (1) P, Q missing. +- * (2) D and potentially N missing. +- * +- */ +- +- const int n_missing = have_P && have_Q && have_D && have_E; +- const int pq_missing = have_N && !have_P && !have_Q && have_D && have_E; +- const int d_missing = have_P && have_Q && !have_D && have_E; +- const int is_pub = have_N && !have_P && !have_Q && !have_D && have_E; +- +- /* These three alternatives are mutually exclusive */ +- const int is_priv = n_missing || pq_missing || d_missing; +- +- if( !is_priv && !is_pub ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- /* +- * Step 1: Deduce N if P, Q are provided. +- */ +- +- if( !have_N && have_P && have_Q ) +- { +- if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, +- &ctx->Q ) ) != 0 ) +- { +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); +- } +- +- ctx->len = mbedtls_mpi_size( &ctx->N ); +- } +- +- /* +- * Step 2: Deduce and verify all remaining core parameters. +- */ +- +- if( pq_missing ) +- { +- ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D, +- &ctx->P, &ctx->Q ); +- if( ret != 0 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); +- +- } +- else if( d_missing ) +- { +- if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->P, +- &ctx->Q, +- &ctx->E, +- &ctx->D ) ) != 0 ) +- { +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); +- } +- } +- +- /* +- * Step 3: Deduce all additional parameters specific +- * to our current RSA implementation. +- */ +- +-#if !defined(MBEDTLS_RSA_NO_CRT) +- if( is_priv ) +- { +- ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, +- &ctx->DP, &ctx->DQ, &ctx->QP ); +- if( ret != 0 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); +- } +-#endif /* MBEDTLS_RSA_NO_CRT */ +- +- /* +- * Step 3: Basic sanity checks +- */ +- +- return( rsa_check_context( ctx, is_priv, 1 ) ); +-} +- +-int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, +- unsigned char *N, size_t N_len, +- unsigned char *P, size_t P_len, +- unsigned char *Q, size_t Q_len, +- unsigned char *D, size_t D_len, +- unsigned char *E, size_t E_len ) +-{ +- int ret = 0; +- +- /* Check if key is private or public */ +- const int is_priv = +- mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && +- mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && +- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && +- mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && +- mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; +- +- if( !is_priv ) +- { +- /* If we're trying to export private parameters for a public key, +- * something must be wrong. */ +- if( P != NULL || Q != NULL || D != NULL ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- } +- +- if( N != NULL ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, N, N_len ) ); +- +- if( P != NULL ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->P, P, P_len ) ); +- +- if( Q != NULL ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->Q, Q, Q_len ) ); +- +- if( D != NULL ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, D, D_len ) ); +- +- if( E != NULL ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, E, E_len ) ); +- +-cleanup: +- +- return( ret ); +-} +- +-int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, +- mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, +- mbedtls_mpi *D, mbedtls_mpi *E ) +-{ +- int ret; +- +- /* Check if key is private or public */ +- int is_priv = +- mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && +- mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && +- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && +- mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && +- mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; +- +- if( !is_priv ) +- { +- /* If we're trying to export private parameters for a public key, +- * something must be wrong. */ +- if( P != NULL || Q != NULL || D != NULL ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- } +- +- /* Export all requested core parameters. */ +- +- if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->N ) ) != 0 ) || +- ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->P ) ) != 0 ) || +- ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->Q ) ) != 0 ) || +- ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->D ) ) != 0 ) || +- ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->E ) ) != 0 ) ) +- { +- return( ret ); +- } +- +- return( 0 ); +-} +- +-/* +- * Export CRT parameters +- * This must also be implemented if CRT is not used, for being able to +- * write DER encoded RSA keys. The helper function mbedtls_rsa_deduce_crt +- * can be used in this case. +- */ +-int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, +- mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) +-{ +- int ret; +- +- /* Check if key is private or public */ +- int is_priv = +- mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && +- mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && +- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && +- mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && +- mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; +- +- if( !is_priv ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +-#if !defined(MBEDTLS_RSA_NO_CRT) +- /* Export all requested blinding parameters. */ +- if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) || +- ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) || +- ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) ) +- { +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); +- } +-#else +- if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, +- DP, DQ, QP ) ) != 0 ) +- { +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); +- } +-#endif +- +- return( 0 ); +-} +- +-/* +- * Initialize an RSA context +- */ +-void mbedtls_rsa_init( mbedtls_rsa_context *ctx, +- int padding, +- int hash_id ) +-{ +- memset( ctx, 0, sizeof( mbedtls_rsa_context ) ); +- +- mbedtls_rsa_set_padding( ctx, padding, hash_id ); +- +-#if defined(MBEDTLS_THREADING_C) +- mbedtls_mutex_init( &ctx->mutex ); +-#endif +-} +- +-/* +- * Set padding for an existing RSA context +- */ +-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id ) +-{ +- ctx->padding = padding; +- ctx->hash_id = hash_id; +-} +- +-/* +- * Get length in bytes of RSA modulus +- */ +- +-size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) +-{ +- return( ctx->len ); +-} +- +- +-#if defined(MBEDTLS_GENPRIME) +- +-/* +- * Generate an RSA keypair +- * +- * This generation method follows the RSA key pair generation procedure of +- * FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072. +- */ +-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- unsigned int nbits, int exponent ) +-{ +- int ret; +- mbedtls_mpi H, G, L; +- +- if( f_rng == NULL || nbits < 128 || exponent < 3 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- if( nbits % 2 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- mbedtls_mpi_init( &H ); +- mbedtls_mpi_init( &G ); +- mbedtls_mpi_init( &L ); +- +- /* +- * find primes P and Q with Q < P so that: +- * 1. |P-Q| > 2^( nbits / 2 - 100 ) +- * 2. GCD( E, (P-1)*(Q-1) ) == 1 +- * 3. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 ) +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) ); +- +- do +- { +- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0, +- f_rng, p_rng ) ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, +- f_rng, p_rng ) ); +- +- /* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) ); +- if( mbedtls_mpi_bitlen( &H ) <= ( ( nbits >= 200 ) ? ( ( nbits >> 1 ) - 99 ) : 0 ) ) +- continue; +- +- /* not required by any standards, but some users rely on the fact that P > Q */ +- if( H.s < 0 ) +- mbedtls_mpi_swap( &ctx->P, &ctx->Q ); +- +- /* Temporarily replace P,Q by P-1, Q-1 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) ); +- +- /* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); +- if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) +- continue; +- +- /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) ); +- +- if( mbedtls_mpi_bitlen( &ctx->D ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a)) +- continue; +- +- break; +- } +- while( 1 ); +- +- /* Restore P,Q */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ); +- +- ctx->len = mbedtls_mpi_size( &ctx->N ); +- +-#if !defined(MBEDTLS_RSA_NO_CRT) +- /* +- * DP = D mod (P - 1) +- * DQ = D mod (Q - 1) +- * QP = Q^-1 mod P +- */ +- MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, +- &ctx->DP, &ctx->DQ, &ctx->QP ) ); +-#endif /* MBEDTLS_RSA_NO_CRT */ +- +- /* Double-check */ +- MBEDTLS_MPI_CHK( mbedtls_rsa_check_privkey( ctx ) ); +- +-cleanup: +- +- mbedtls_mpi_free( &H ); +- mbedtls_mpi_free( &G ); +- mbedtls_mpi_free( &L ); +- +- if( ret != 0 ) +- { +- mbedtls_rsa_free( ctx ); +- return( MBEDTLS_ERR_RSA_KEY_GEN_FAILED + ret ); +- } +- +- return( 0 ); +-} +- +-#endif /* MBEDTLS_GENPRIME */ +- +-/* +- * Check a public RSA key +- */ +-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) +-{ +- if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 ) +- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); +- +- if( mbedtls_mpi_bitlen( &ctx->N ) < 128 ) +- { +- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); +- } +- +- if( mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 || +- mbedtls_mpi_bitlen( &ctx->E ) < 2 || +- mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 ) +- { +- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); +- } +- +- return( 0 ); +-} +- +-/* +- * Check for the consistency of all fields in an RSA private key context +- */ +-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) +-{ +- if( mbedtls_rsa_check_pubkey( ctx ) != 0 || +- rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 ) +- { +- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); +- } +- +- if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, +- &ctx->D, &ctx->E, NULL, NULL ) != 0 ) +- { +- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); +- } +- +-#if !defined(MBEDTLS_RSA_NO_CRT) +- else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D, +- &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 ) +- { +- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); +- } +-#endif +- +- return( 0 ); +-} +- +-/* +- * Check if contexts holding a public and private key match +- */ +-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, +- const mbedtls_rsa_context *prv ) +-{ +- if( mbedtls_rsa_check_pubkey( pub ) != 0 || +- mbedtls_rsa_check_privkey( prv ) != 0 ) +- { +- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); +- } +- +- if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 || +- mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 ) +- { +- return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); +- } +- +- return( 0 ); +-} +- +-#if !defined(MBEDTLS_RSA_PUBLIC_ALT) +-/* +- * Do an RSA public key operation +- */ +-int mbedtls_rsa_public( mbedtls_rsa_context *ctx, +- const unsigned char *input, +- unsigned char *output ) +-{ +- int ret; +- size_t olen; +- mbedtls_mpi T; +- +- if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- mbedtls_mpi_init( &T ); +- +-#if defined(MBEDTLS_THREADING_C) +- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) +- return( ret ); +-#endif +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) ); +- +- if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 ) +- { +- ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; +- goto cleanup; +- } +- +- olen = ctx->len; +- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) ); +- +-cleanup: +-#if defined(MBEDTLS_THREADING_C) +- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) +- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); +-#endif +- +- mbedtls_mpi_free( &T ); +- +- if( ret != 0 ) +- return( MBEDTLS_ERR_RSA_PUBLIC_FAILED + ret ); +- +- return( 0 ); +-} +- +-#endif /* MBEDTLS_RSA_PUBLIC_ALT */ +- +-/* +- * Generate or update blinding values, see section 10 of: +- * KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA, +- * DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer +- * Berlin Heidelberg, 1996. p. 104-113. +- */ +-static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +-{ +- int ret, count = 0; +- +- if( ctx->Vf.p != NULL ) +- { +- /* We already have blinding values, just update them by squaring */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) ); +- +- goto cleanup; +- } +- +- /* Unblinding value: Vf = random number, invertible mod N */ +- do { +- if( count++ > 10 ) +- return( MBEDTLS_ERR_RSA_RNG_FAILED ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &ctx->Vi, &ctx->Vf, &ctx->N ) ); +- } while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 ); +- +- /* Blinding value: Vi = Vf^(-e) mod N */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vf, &ctx->N ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) ); +- +- +-cleanup: +- return( ret ); +-} +- +-/* +- * Exponent blinding supposed to prevent side-channel attacks using multiple +- * traces of measurements to recover the RSA key. The more collisions are there, +- * the more bits of the key can be recovered. See [3]. +- * +- * Collecting n collisions with m bit long blinding value requires 2^(m-m/n) +- * observations on avarage. +- * +- * For example with 28 byte blinding to achieve 2 collisions the adversary has +- * to make 2^112 observations on avarage. +- * +- * (With the currently (as of 2017 April) known best algorithms breaking 2048 +- * bit RSA requires approximately as much time as trying out 2^112 random keys. +- * Thus in this sense with 28 byte blinding the security is not reduced by +- * side-channel attacks like the one in [3]) +- * +- * This countermeasure does not help if the key recovery is possible with a +- * single trace. +- */ +-#define RSA_EXPONENT_BLINDING 28 +- +-/* +- * Do an RSA private key operation +- */ +-int mbedtls_rsa_private( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- const unsigned char *input, +- unsigned char *output ) +-{ +- int ret; +- size_t olen; +- +- /* Temporary holding the result */ +- mbedtls_mpi T; +- +- /* Temporaries holding P-1, Q-1 and the +- * exponent blinding factor, respectively. */ +- mbedtls_mpi P1, Q1, R; +- +-#if !defined(MBEDTLS_RSA_NO_CRT) +- /* Temporaries holding the results mod p resp. mod q. */ +- mbedtls_mpi TP, TQ; +- +- /* Temporaries holding the blinded exponents for +- * the mod p resp. mod q computation (if used). */ +- mbedtls_mpi DP_blind, DQ_blind; +- +- /* Pointers to actual exponents to be used - either the unblinded +- * or the blinded ones, depending on the presence of a PRNG. */ +- mbedtls_mpi *DP = &ctx->DP; +- mbedtls_mpi *DQ = &ctx->DQ; +-#else +- /* Temporary holding the blinded exponent (if used). */ +- mbedtls_mpi D_blind; +- +- /* Pointer to actual exponent to be used - either the unblinded +- * or the blinded one, depending on the presence of a PRNG. */ +- mbedtls_mpi *D = &ctx->D; +-#endif /* MBEDTLS_RSA_NO_CRT */ +- +- /* Temporaries holding the initial input and the double +- * checked result; should be the same in the end. */ +- mbedtls_mpi I, C; +- +- if( rsa_check_context( ctx, 1 /* private key checks */, +- f_rng != NULL /* blinding y/n */ ) != 0 ) +- { +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- } +- +-#if defined(MBEDTLS_THREADING_C) +- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) +- return( ret ); +-#endif +- +- /* MPI Initialization */ +- mbedtls_mpi_init( &T ); +- +- mbedtls_mpi_init( &P1 ); +- mbedtls_mpi_init( &Q1 ); +- mbedtls_mpi_init( &R ); +- +- if( f_rng != NULL ) +- { +-#if defined(MBEDTLS_RSA_NO_CRT) +- mbedtls_mpi_init( &D_blind ); +-#else +- mbedtls_mpi_init( &DP_blind ); +- mbedtls_mpi_init( &DQ_blind ); +-#endif +- } +- +-#if !defined(MBEDTLS_RSA_NO_CRT) +- mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ ); +-#endif +- +- mbedtls_mpi_init( &I ); +- mbedtls_mpi_init( &C ); +- +- /* End of MPI initialization */ +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) ); +- if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 ) +- { +- ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; +- goto cleanup; +- } +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) ); +- +- if( f_rng != NULL ) +- { +- /* +- * Blinding +- * T = T * Vi mod N +- */ +- MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); +- +- /* +- * Exponent blinding +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); +- +-#if defined(MBEDTLS_RSA_NO_CRT) +- /* +- * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, +- f_rng, p_rng ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) ); +- +- D = &D_blind; +-#else +- /* +- * DP_blind = ( P - 1 ) * R + DP +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, +- f_rng, p_rng ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind, +- &ctx->DP ) ); +- +- DP = &DP_blind; +- +- /* +- * DQ_blind = ( Q - 1 ) * R + DQ +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, +- f_rng, p_rng ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind, +- &ctx->DQ ) ); +- +- DQ = &DQ_blind; +-#endif /* MBEDTLS_RSA_NO_CRT */ +- } +- +-#if defined(MBEDTLS_RSA_NO_CRT) +- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) ); +-#else +- /* +- * Faster decryption using the CRT +- * +- * TP = input ^ dP mod P +- * TQ = input ^ dQ mod Q +- */ +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) ); +- +- /* +- * T = (TP - TQ) * (Q^-1 mod P) mod P +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &TP, &TQ ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->QP ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &TP, &ctx->P ) ); +- +- /* +- * T = TQ + T * Q +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->Q ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) ); +-#endif /* MBEDTLS_RSA_NO_CRT */ +- +- if( f_rng != NULL ) +- { +- /* +- * Unblind +- * T = T * Vf mod N +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); +- } +- +- /* Verify the result to prevent glitching attacks. */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, +- &ctx->N, &ctx->RN ) ); +- if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 ) +- { +- ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; +- goto cleanup; +- } +- +- olen = ctx->len; +- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) ); +- +-cleanup: +-#if defined(MBEDTLS_THREADING_C) +- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) +- return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); +-#endif +- +- mbedtls_mpi_free( &P1 ); +- mbedtls_mpi_free( &Q1 ); +- mbedtls_mpi_free( &R ); +- +- if( f_rng != NULL ) +- { +-#if defined(MBEDTLS_RSA_NO_CRT) +- mbedtls_mpi_free( &D_blind ); +-#else +- mbedtls_mpi_free( &DP_blind ); +- mbedtls_mpi_free( &DQ_blind ); +-#endif +- } +- +- mbedtls_mpi_free( &T ); +- +-#if !defined(MBEDTLS_RSA_NO_CRT) +- mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ ); +-#endif +- +- mbedtls_mpi_free( &C ); +- mbedtls_mpi_free( &I ); +- +- if( ret != 0 ) +- return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret ); +- +- return( 0 ); +-} +- +-#if defined(MBEDTLS_PKCS1_V21) +-/** +- * Generate and apply the MGF1 operation (from PKCS#1 v2.1) to a buffer. +- * +- * \param dst buffer to mask +- * \param dlen length of destination buffer +- * \param src source of the mask generation +- * \param slen length of the source buffer +- * \param md_ctx message digest context to use +- */ +-static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, +- size_t slen, mbedtls_md_context_t *md_ctx ) +-{ +- unsigned char mask[MBEDTLS_MD_MAX_SIZE]; +- unsigned char counter[4]; +- unsigned char *p; +- unsigned int hlen; +- size_t i, use_len; +- int ret = 0; +- +- memset( mask, 0, MBEDTLS_MD_MAX_SIZE ); +- memset( counter, 0, 4 ); +- +- hlen = mbedtls_md_get_size( md_ctx->md_info ); +- +- /* Generate and apply dbMask */ +- p = dst; +- +- while( dlen > 0 ) +- { +- use_len = hlen; +- if( dlen < hlen ) +- use_len = dlen; +- +- if( ( ret = mbedtls_md_starts( md_ctx ) ) != 0 ) +- goto exit; +- if( ( ret = mbedtls_md_update( md_ctx, src, slen ) ) != 0 ) +- goto exit; +- if( ( ret = mbedtls_md_update( md_ctx, counter, 4 ) ) != 0 ) +- goto exit; +- if( ( ret = mbedtls_md_finish( md_ctx, mask ) ) != 0 ) +- goto exit; +- +- for( i = 0; i < use_len; ++i ) +- *p++ ^= mask[i]; +- +- counter[3]++; +- +- dlen -= use_len; +- } +- +-exit: +- mbedtls_platform_zeroize( mask, sizeof( mask ) ); +- +- return( ret ); +-} +-#endif /* MBEDTLS_PKCS1_V21 */ +- +-#if defined(MBEDTLS_PKCS1_V21) +-/* +- * Implementation of the PKCS#1 v2.1 RSAES-OAEP-ENCRYPT function +- */ +-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, +- const unsigned char *label, size_t label_len, +- size_t ilen, +- const unsigned char *input, +- unsigned char *output ) +-{ +- size_t olen; +- int ret; +- unsigned char *p = output; +- unsigned int hlen; +- const mbedtls_md_info_t *md_info; +- mbedtls_md_context_t md_ctx; +- +- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- if( f_rng == NULL ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); +- if( md_info == NULL ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- olen = ctx->len; +- hlen = mbedtls_md_get_size( md_info ); +- +- /* first comparison checks for overflow */ +- if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- memset( output, 0, olen ); +- +- *p++ = 0; +- +- /* Generate a random octet string seed */ +- if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 ) +- return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); +- +- p += hlen; +- +- /* Construct DB */ +- if( ( ret = mbedtls_md( md_info, label, label_len, p ) ) != 0 ) +- return( ret ); +- p += hlen; +- p += olen - 2 * hlen - 2 - ilen; +- *p++ = 1; +- memcpy( p, input, ilen ); +- +- mbedtls_md_init( &md_ctx ); +- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) +- goto exit; +- +- /* maskedDB: Apply dbMask to DB */ +- if( ( ret = mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen, +- &md_ctx ) ) != 0 ) +- goto exit; +- +- /* maskedSeed: Apply seedMask to seed */ +- if( ( ret = mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, +- &md_ctx ) ) != 0 ) +- goto exit; +- +-exit: +- mbedtls_md_free( &md_ctx ); +- +- if( ret != 0 ) +- return( ret ); +- +- return( ( mode == MBEDTLS_RSA_PUBLIC ) +- ? mbedtls_rsa_public( ctx, output, output ) +- : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); +-} +-#endif /* MBEDTLS_PKCS1_V21 */ +- +-#if defined(MBEDTLS_PKCS1_V15) +-/* +- * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-ENCRYPT function +- */ +-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, size_t ilen, +- const unsigned char *input, +- unsigned char *output ) +-{ +- size_t nb_pad, olen; +- int ret; +- unsigned char *p = output; +- +- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- // We don't check p_rng because it won't be dereferenced here +- if( f_rng == NULL || input == NULL || output == NULL ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- olen = ctx->len; +- +- /* first comparison checks for overflow */ +- if( ilen + 11 < ilen || olen < ilen + 11 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- nb_pad = olen - 3 - ilen; +- +- *p++ = 0; +- if( mode == MBEDTLS_RSA_PUBLIC ) +- { +- *p++ = MBEDTLS_RSA_CRYPT; +- +- while( nb_pad-- > 0 ) +- { +- int rng_dl = 100; +- +- do { +- ret = f_rng( p_rng, p, 1 ); +- } while( *p == 0 && --rng_dl && ret == 0 ); +- +- /* Check if RNG failed to generate data */ +- if( rng_dl == 0 || ret != 0 ) +- return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); +- +- p++; +- } +- } +- else +- { +- *p++ = MBEDTLS_RSA_SIGN; +- +- while( nb_pad-- > 0 ) +- *p++ = 0xFF; +- } +- +- *p++ = 0; +- memcpy( p, input, ilen ); +- +- return( ( mode == MBEDTLS_RSA_PUBLIC ) +- ? mbedtls_rsa_public( ctx, output, output ) +- : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); +-} +-#endif /* MBEDTLS_PKCS1_V15 */ +- +-/* +- * Add the message padding, then do an RSA operation +- */ +-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, size_t ilen, +- const unsigned char *input, +- unsigned char *output ) +-{ +- switch( ctx->padding ) +- { +-#if defined(MBEDTLS_PKCS1_V15) +- case MBEDTLS_RSA_PKCS_V15: +- return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen, +- input, output ); +-#endif +- +-#if defined(MBEDTLS_PKCS1_V21) +- case MBEDTLS_RSA_PKCS_V21: +- return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0, +- ilen, input, output ); +-#endif +- +- default: +- return( MBEDTLS_ERR_RSA_INVALID_PADDING ); +- } +-} +- +-#if defined(MBEDTLS_PKCS1_V21) +-/* +- * Implementation of the PKCS#1 v2.1 RSAES-OAEP-DECRYPT function +- */ +-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, +- const unsigned char *label, size_t label_len, +- size_t *olen, +- const unsigned char *input, +- unsigned char *output, +- size_t output_max_len ) +-{ +- int ret; +- size_t ilen, i, pad_len; +- unsigned char *p, bad, pad_done; +- unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; +- unsigned char lhash[MBEDTLS_MD_MAX_SIZE]; +- unsigned int hlen; +- const mbedtls_md_info_t *md_info; +- mbedtls_md_context_t md_ctx; +- +- /* +- * Parameters sanity checks +- */ +- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- ilen = ctx->len; +- +- if( ilen < 16 || ilen > sizeof( buf ) ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); +- if( md_info == NULL ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- hlen = mbedtls_md_get_size( md_info ); +- +- // checking for integer underflow +- if( 2 * hlen + 2 > ilen ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- /* +- * RSA operation +- */ +- ret = ( mode == MBEDTLS_RSA_PUBLIC ) +- ? mbedtls_rsa_public( ctx, input, buf ) +- : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf ); +- +- if( ret != 0 ) +- goto cleanup; +- +- /* +- * Unmask data and generate lHash +- */ +- mbedtls_md_init( &md_ctx ); +- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) +- { +- mbedtls_md_free( &md_ctx ); +- goto cleanup; +- } +- +- /* seed: Apply seedMask to maskedSeed */ +- if( ( ret = mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1, +- &md_ctx ) ) != 0 || +- /* DB: Apply dbMask to maskedDB */ +- ( ret = mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, +- &md_ctx ) ) != 0 ) +- { +- mbedtls_md_free( &md_ctx ); +- goto cleanup; +- } +- +- mbedtls_md_free( &md_ctx ); +- +- /* Generate lHash */ +- if( ( ret = mbedtls_md( md_info, label, label_len, lhash ) ) != 0 ) +- goto cleanup; +- +- /* +- * Check contents, in "constant-time" +- */ +- p = buf; +- bad = 0; +- +- bad |= *p++; /* First byte must be 0 */ +- +- p += hlen; /* Skip seed */ +- +- /* Check lHash */ +- for( i = 0; i < hlen; i++ ) +- bad |= lhash[i] ^ *p++; +- +- /* Get zero-padding len, but always read till end of buffer +- * (minus one, for the 01 byte) */ +- pad_len = 0; +- pad_done = 0; +- for( i = 0; i < ilen - 2 * hlen - 2; i++ ) +- { +- pad_done |= p[i]; +- pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; +- } +- +- p += pad_len; +- bad |= *p++ ^ 0x01; +- +- /* +- * The only information "leaked" is whether the padding was correct or not +- * (eg, no data is copied if it was not correct). This meets the +- * recommendations in PKCS#1 v2.2: an opponent cannot distinguish between +- * the different error conditions. +- */ +- if( bad != 0 ) +- { +- ret = MBEDTLS_ERR_RSA_INVALID_PADDING; +- goto cleanup; +- } +- +- if( ilen - ( p - buf ) > output_max_len ) +- { +- ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; +- goto cleanup; +- } +- +- *olen = ilen - (p - buf); +- memcpy( output, p, *olen ); +- ret = 0; +- +-cleanup: +- mbedtls_platform_zeroize( buf, sizeof( buf ) ); +- mbedtls_platform_zeroize( lhash, sizeof( lhash ) ); +- +- return( ret ); +-} +-#endif /* MBEDTLS_PKCS1_V21 */ +- +-#if defined(MBEDTLS_PKCS1_V15) +-/* +- * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function +- */ +-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, size_t *olen, +- const unsigned char *input, +- unsigned char *output, +- size_t output_max_len) +-{ +- int ret; +- size_t ilen, pad_count = 0, i; +- unsigned char *p, bad, pad_done = 0; +- unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; +- +- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- ilen = ctx->len; +- +- if( ilen < 16 || ilen > sizeof( buf ) ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- ret = ( mode == MBEDTLS_RSA_PUBLIC ) +- ? mbedtls_rsa_public( ctx, input, buf ) +- : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf ); +- +- if( ret != 0 ) +- goto cleanup; +- +- p = buf; +- bad = 0; +- +- /* +- * Check and get padding len in "constant-time" +- */ +- bad |= *p++; /* First byte must be 0 */ +- +- /* This test does not depend on secret data */ +- if( mode == MBEDTLS_RSA_PRIVATE ) +- { +- bad |= *p++ ^ MBEDTLS_RSA_CRYPT; +- +- /* Get padding len, but always read till end of buffer +- * (minus one, for the 00 byte) */ +- for( i = 0; i < ilen - 3; i++ ) +- { +- pad_done |= ((p[i] | (unsigned char)-p[i]) >> 7) ^ 1; +- pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; +- } +- +- p += pad_count; +- bad |= *p++; /* Must be zero */ +- } +- else +- { +- bad |= *p++ ^ MBEDTLS_RSA_SIGN; +- +- /* Get padding len, but always read till end of buffer +- * (minus one, for the 00 byte) */ +- for( i = 0; i < ilen - 3; i++ ) +- { +- pad_done |= ( p[i] != 0xFF ); +- pad_count += ( pad_done == 0 ); +- } +- +- p += pad_count; +- bad |= *p++; /* Must be zero */ +- } +- +- bad |= ( pad_count < 8 ); +- +- if( bad ) +- { +- ret = MBEDTLS_ERR_RSA_INVALID_PADDING; +- goto cleanup; +- } +- +- if( ilen - ( p - buf ) > output_max_len ) +- { +- ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; +- goto cleanup; +- } +- +- *olen = ilen - (p - buf); +- memcpy( output, p, *olen ); +- ret = 0; +- +-cleanup: +- mbedtls_platform_zeroize( buf, sizeof( buf ) ); +- +- return( ret ); +-} +-#endif /* MBEDTLS_PKCS1_V15 */ +- +-/* +- * Do an RSA operation, then remove the message padding +- */ +-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, size_t *olen, +- const unsigned char *input, +- unsigned char *output, +- size_t output_max_len) +-{ +- switch( ctx->padding ) +- { +-#if defined(MBEDTLS_PKCS1_V15) +- case MBEDTLS_RSA_PKCS_V15: +- return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen, +- input, output, output_max_len ); +-#endif +- +-#if defined(MBEDTLS_PKCS1_V21) +- case MBEDTLS_RSA_PKCS_V21: +- return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0, +- olen, input, output, +- output_max_len ); +-#endif +- +- default: +- return( MBEDTLS_ERR_RSA_INVALID_PADDING ); +- } +-} +- +-#if defined(MBEDTLS_PKCS1_V21) +-/* +- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function +- */ +-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, +- mbedtls_md_type_t md_alg, +- unsigned int hashlen, +- const unsigned char *hash, +- unsigned char *sig ) +-{ +- size_t olen; +- unsigned char *p = sig; +- unsigned char salt[MBEDTLS_MD_MAX_SIZE]; +- unsigned int slen, hlen, offset = 0; +- int ret; +- size_t msb; +- const mbedtls_md_info_t *md_info; +- mbedtls_md_context_t md_ctx; +- +- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- if( f_rng == NULL ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- olen = ctx->len; +- +- if( md_alg != MBEDTLS_MD_NONE ) +- { +- /* Gather length of hash to sign */ +- md_info = mbedtls_md_info_from_type( md_alg ); +- if( md_info == NULL ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- hashlen = mbedtls_md_get_size( md_info ); +- } +- +- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); +- if( md_info == NULL ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- hlen = mbedtls_md_get_size( md_info ); +- slen = hlen; +- +- if( olen < hlen + slen + 2 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- memset( sig, 0, olen ); +- +- /* Generate salt of length slen */ +- if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 ) +- return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); +- +- /* Note: EMSA-PSS encoding is over the length of N - 1 bits */ +- msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; +- p += olen - hlen * 2 - 2; +- *p++ = 0x01; +- memcpy( p, salt, slen ); +- p += slen; +- +- mbedtls_md_init( &md_ctx ); +- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) +- goto exit; +- +- /* Generate H = Hash( M' ) */ +- if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 ) +- goto exit; +- if( ( ret = mbedtls_md_update( &md_ctx, p, 8 ) ) != 0 ) +- goto exit; +- if( ( ret = mbedtls_md_update( &md_ctx, hash, hashlen ) ) != 0 ) +- goto exit; +- if( ( ret = mbedtls_md_update( &md_ctx, salt, slen ) ) != 0 ) +- goto exit; +- if( ( ret = mbedtls_md_finish( &md_ctx, p ) ) != 0 ) +- goto exit; +- +- /* Compensate for boundary condition when applying mask */ +- if( msb % 8 == 0 ) +- offset = 1; +- +- /* maskedDB: Apply dbMask to DB */ +- if( ( ret = mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, +- &md_ctx ) ) != 0 ) +- goto exit; +- +- msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; +- sig[0] &= 0xFF >> ( olen * 8 - msb ); +- +- p += hlen; +- *p++ = 0xBC; +- +- mbedtls_platform_zeroize( salt, sizeof( salt ) ); +- +-exit: +- mbedtls_md_free( &md_ctx ); +- +- if( ret != 0 ) +- return( ret ); +- +- return( ( mode == MBEDTLS_RSA_PUBLIC ) +- ? mbedtls_rsa_public( ctx, sig, sig ) +- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) ); +-} +-#endif /* MBEDTLS_PKCS1_V21 */ +- +-#if defined(MBEDTLS_PKCS1_V15) +-/* +- * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-V1_5-SIGN function +- */ +- +-/* Construct a PKCS v1.5 encoding of a hashed message +- * +- * This is used both for signature generation and verification. +- * +- * Parameters: +- * - md_alg: Identifies the hash algorithm used to generate the given hash; +- * MBEDTLS_MD_NONE if raw data is signed. +- * - hashlen: Length of hash in case hashlen is MBEDTLS_MD_NONE. +- * - hash: Buffer containing the hashed message or the raw data. +- * - dst_len: Length of the encoded message. +- * - dst: Buffer to hold the encoded message. +- * +- * Assumptions: +- * - hash has size hashlen if md_alg == MBEDTLS_MD_NONE. +- * - hash has size corresponding to md_alg if md_alg != MBEDTLS_MD_NONE. +- * - dst points to a buffer of size at least dst_len. +- * +- */ +-static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, +- unsigned int hashlen, +- const unsigned char *hash, +- size_t dst_len, +- unsigned char *dst ) +-{ +- size_t oid_size = 0; +- size_t nb_pad = dst_len; +- unsigned char *p = dst; +- const char *oid = NULL; +- +- /* Are we signing hashed or raw data? */ +- if( md_alg != MBEDTLS_MD_NONE ) +- { +- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); +- if( md_info == NULL ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- hashlen = mbedtls_md_get_size( md_info ); +- +- /* Double-check that 8 + hashlen + oid_size can be used as a +- * 1-byte ASN.1 length encoding and that there's no overflow. */ +- if( 8 + hashlen + oid_size >= 0x80 || +- 10 + hashlen < hashlen || +- 10 + hashlen + oid_size < 10 + hashlen ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- /* +- * Static bounds check: +- * - Need 10 bytes for five tag-length pairs. +- * (Insist on 1-byte length encodings to protect against variants of +- * Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification) +- * - Need hashlen bytes for hash +- * - Need oid_size bytes for hash alg OID. +- */ +- if( nb_pad < 10 + hashlen + oid_size ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- nb_pad -= 10 + hashlen + oid_size; +- } +- else +- { +- if( nb_pad < hashlen ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- nb_pad -= hashlen; +- } +- +- /* Need space for signature header and padding delimiter (3 bytes), +- * and 8 bytes for the minimal padding */ +- if( nb_pad < 3 + 8 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- nb_pad -= 3; +- +- /* Now nb_pad is the amount of memory to be filled +- * with padding, and at least 8 bytes long. */ +- +- /* Write signature header and padding */ +- *p++ = 0; +- *p++ = MBEDTLS_RSA_SIGN; +- memset( p, 0xFF, nb_pad ); +- p += nb_pad; +- *p++ = 0; +- +- /* Are we signing raw data? */ +- if( md_alg == MBEDTLS_MD_NONE ) +- { +- memcpy( p, hash, hashlen ); +- return( 0 ); +- } +- +- /* Signing hashed data, add corresponding ASN.1 structure +- * +- * DigestInfo ::= SEQUENCE { +- * digestAlgorithm DigestAlgorithmIdentifier, +- * digest Digest } +- * DigestAlgorithmIdentifier ::= AlgorithmIdentifier +- * Digest ::= OCTET STRING +- * +- * Schematic: +- * TAG-SEQ + LEN [ TAG-SEQ + LEN [ TAG-OID + LEN [ OID ] +- * TAG-NULL + LEN [ NULL ] ] +- * TAG-OCTET + LEN [ HASH ] ] +- */ +- *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; +- *p++ = (unsigned char)( 0x08 + oid_size + hashlen ); +- *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; +- *p++ = (unsigned char)( 0x04 + oid_size ); +- *p++ = MBEDTLS_ASN1_OID; +- *p++ = (unsigned char) oid_size; +- memcpy( p, oid, oid_size ); +- p += oid_size; +- *p++ = MBEDTLS_ASN1_NULL; +- *p++ = 0x00; +- *p++ = MBEDTLS_ASN1_OCTET_STRING; +- *p++ = (unsigned char) hashlen; +- memcpy( p, hash, hashlen ); +- p += hashlen; +- +- /* Just a sanity-check, should be automatic +- * after the initial bounds check. */ +- if( p != dst + dst_len ) +- { +- mbedtls_platform_zeroize( dst, dst_len ); +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- } +- +- return( 0 ); +-} +- +-/* +- * Do an RSA operation to sign the message digest +- */ +-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, +- mbedtls_md_type_t md_alg, +- unsigned int hashlen, +- const unsigned char *hash, +- unsigned char *sig ) +-{ +- int ret; +- unsigned char *sig_try = NULL, *verif = NULL; +- +- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- /* +- * Prepare PKCS1-v1.5 encoding (padding and hash identifier) +- */ +- +- if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, +- ctx->len, sig ) ) != 0 ) +- return( ret ); +- +- /* +- * Call respective RSA primitive +- */ +- +- if( mode == MBEDTLS_RSA_PUBLIC ) +- { +- /* Skip verification on a public key operation */ +- return( mbedtls_rsa_public( ctx, sig, sig ) ); +- } +- +- /* Private key operation +- * +- * In order to prevent Lenstra's attack, make the signature in a +- * temporary buffer and check it before returning it. +- */ +- +- sig_try = mbedtls_calloc( 1, ctx->len ); +- if( sig_try == NULL ) +- return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); +- +- verif = mbedtls_calloc( 1, ctx->len ); +- if( verif == NULL ) +- { +- mbedtls_free( sig_try ); +- return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); +- } +- +- MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) ); +- MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) ); +- +- if( mbedtls_safer_memcmp( verif, sig, ctx->len ) != 0 ) +- { +- ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED; +- goto cleanup; +- } +- +- memcpy( sig, sig_try, ctx->len ); +- +-cleanup: +- mbedtls_free( sig_try ); +- mbedtls_free( verif ); +- +- return( ret ); +-} +-#endif /* MBEDTLS_PKCS1_V15 */ +- +-/* +- * Do an RSA operation to sign the message digest +- */ +-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, +- mbedtls_md_type_t md_alg, +- unsigned int hashlen, +- const unsigned char *hash, +- unsigned char *sig ) +-{ +- switch( ctx->padding ) +- { +-#if defined(MBEDTLS_PKCS1_V15) +- case MBEDTLS_RSA_PKCS_V15: +- return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg, +- hashlen, hash, sig ); +-#endif +- +-#if defined(MBEDTLS_PKCS1_V21) +- case MBEDTLS_RSA_PKCS_V21: +- return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, +- hashlen, hash, sig ); +-#endif +- +- default: +- return( MBEDTLS_ERR_RSA_INVALID_PADDING ); +- } +-} +- +-#if defined(MBEDTLS_PKCS1_V21) +-/* +- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function +- */ +-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, +- mbedtls_md_type_t md_alg, +- unsigned int hashlen, +- const unsigned char *hash, +- mbedtls_md_type_t mgf1_hash_id, +- int expected_salt_len, +- const unsigned char *sig ) +-{ +- int ret; +- size_t siglen; +- unsigned char *p; +- unsigned char *hash_start; +- unsigned char result[MBEDTLS_MD_MAX_SIZE]; +- unsigned char zeros[8]; +- unsigned int hlen; +- size_t observed_salt_len, msb; +- const mbedtls_md_info_t *md_info; +- mbedtls_md_context_t md_ctx; +- unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; +- +- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- siglen = ctx->len; +- +- if( siglen < 16 || siglen > sizeof( buf ) ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- ret = ( mode == MBEDTLS_RSA_PUBLIC ) +- ? mbedtls_rsa_public( ctx, sig, buf ) +- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf ); +- +- if( ret != 0 ) +- return( ret ); +- +- p = buf; +- +- if( buf[siglen - 1] != 0xBC ) +- return( MBEDTLS_ERR_RSA_INVALID_PADDING ); +- +- if( md_alg != MBEDTLS_MD_NONE ) +- { +- /* Gather length of hash to sign */ +- md_info = mbedtls_md_info_from_type( md_alg ); +- if( md_info == NULL ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- hashlen = mbedtls_md_get_size( md_info ); +- } +- +- md_info = mbedtls_md_info_from_type( mgf1_hash_id ); +- if( md_info == NULL ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- hlen = mbedtls_md_get_size( md_info ); +- +- memset( zeros, 0, 8 ); +- +- /* +- * Note: EMSA-PSS verification is over the length of N - 1 bits +- */ +- msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; +- +- if( buf[0] >> ( 8 - siglen * 8 + msb ) ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- /* Compensate for boundary condition when applying mask */ +- if( msb % 8 == 0 ) +- { +- p++; +- siglen -= 1; +- } +- +- if( siglen < hlen + 2 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- hash_start = p + siglen - hlen - 1; +- +- mbedtls_md_init( &md_ctx ); +- if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) +- goto exit; +- +- ret = mgf_mask( p, siglen - hlen - 1, hash_start, hlen, &md_ctx ); +- if( ret != 0 ) +- goto exit; +- +- buf[0] &= 0xFF >> ( siglen * 8 - msb ); +- +- while( p < hash_start - 1 && *p == 0 ) +- p++; +- +- if( *p++ != 0x01 ) +- { +- ret = MBEDTLS_ERR_RSA_INVALID_PADDING; +- goto exit; +- } +- +- observed_salt_len = hash_start - p; +- +- if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY && +- observed_salt_len != (size_t) expected_salt_len ) +- { +- ret = MBEDTLS_ERR_RSA_INVALID_PADDING; +- goto exit; +- } +- +- /* +- * Generate H = Hash( M' ) +- */ +- ret = mbedtls_md_starts( &md_ctx ); +- if ( ret != 0 ) +- goto exit; +- ret = mbedtls_md_update( &md_ctx, zeros, 8 ); +- if ( ret != 0 ) +- goto exit; +- ret = mbedtls_md_update( &md_ctx, hash, hashlen ); +- if ( ret != 0 ) +- goto exit; +- ret = mbedtls_md_update( &md_ctx, p, observed_salt_len ); +- if ( ret != 0 ) +- goto exit; +- ret = mbedtls_md_finish( &md_ctx, result ); +- if ( ret != 0 ) +- goto exit; +- +- if( memcmp( hash_start, result, hlen ) != 0 ) +- { +- ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; +- goto exit; +- } +- +-exit: +- mbedtls_md_free( &md_ctx ); +- +- return( ret ); +-} +- +-/* +- * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function +- */ +-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, +- mbedtls_md_type_t md_alg, +- unsigned int hashlen, +- const unsigned char *hash, +- const unsigned char *sig ) +-{ +- mbedtls_md_type_t mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE ) +- ? (mbedtls_md_type_t) ctx->hash_id +- : md_alg; +- +- return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode, +- md_alg, hashlen, hash, +- mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, +- sig ) ); +- +-} +-#endif /* MBEDTLS_PKCS1_V21 */ +- +-#if defined(MBEDTLS_PKCS1_V15) +-/* +- * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function +- */ +-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, +- mbedtls_md_type_t md_alg, +- unsigned int hashlen, +- const unsigned char *hash, +- const unsigned char *sig ) +-{ +- int ret = 0; +- const size_t sig_len = ctx->len; +- unsigned char *encoded = NULL, *encoded_expected = NULL; +- +- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) +- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +- +- /* +- * Prepare expected PKCS1 v1.5 encoding of hash. +- */ +- +- if( ( encoded = mbedtls_calloc( 1, sig_len ) ) == NULL || +- ( encoded_expected = mbedtls_calloc( 1, sig_len ) ) == NULL ) +- { +- ret = MBEDTLS_ERR_MPI_ALLOC_FAILED; +- goto cleanup; +- } +- +- if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, sig_len, +- encoded_expected ) ) != 0 ) +- goto cleanup; +- +- /* +- * Apply RSA primitive to get what should be PKCS1 encoded hash. +- */ +- +- ret = ( mode == MBEDTLS_RSA_PUBLIC ) +- ? mbedtls_rsa_public( ctx, sig, encoded ) +- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded ); +- if( ret != 0 ) +- goto cleanup; +- +- /* +- * Compare +- */ +- +- if( ( ret = mbedtls_safer_memcmp( encoded, encoded_expected, +- sig_len ) ) != 0 ) +- { +- ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; +- goto cleanup; +- } +- +-cleanup: +- +- if( encoded != NULL ) +- { +- mbedtls_platform_zeroize( encoded, sig_len ); +- mbedtls_free( encoded ); +- } +- +- if( encoded_expected != NULL ) +- { +- mbedtls_platform_zeroize( encoded_expected, sig_len ); +- mbedtls_free( encoded_expected ); +- } +- +- return( ret ); +-} +-#endif /* MBEDTLS_PKCS1_V15 */ +- +-/* +- * Do an RSA operation and check the message digest +- */ +-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- int mode, +- mbedtls_md_type_t md_alg, +- unsigned int hashlen, +- const unsigned char *hash, +- const unsigned char *sig ) +-{ +- switch( ctx->padding ) +- { +-#if defined(MBEDTLS_PKCS1_V15) +- case MBEDTLS_RSA_PKCS_V15: +- return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg, +- hashlen, hash, sig ); +-#endif +- +-#if defined(MBEDTLS_PKCS1_V21) +- case MBEDTLS_RSA_PKCS_V21: +- return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg, +- hashlen, hash, sig ); +-#endif +- +- default: +- return( MBEDTLS_ERR_RSA_INVALID_PADDING ); +- } +-} +- +-/* +- * Copy the components of an RSA key +- */ +-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) +-{ +- int ret; +- +- dst->ver = src->ver; +- dst->len = src->len; +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->E, &src->E ) ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) ); +- +-#if !defined(MBEDTLS_RSA_NO_CRT) +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) ); +-#endif +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) ); +- +- dst->padding = src->padding; +- dst->hash_id = src->hash_id; +- +-cleanup: +- if( ret != 0 ) +- mbedtls_rsa_free( dst ); +- +- return( ret ); +-} +- +-/* +- * Free the components of an RSA key +- */ +-void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) +-{ +- mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf ); +- mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D ); +- mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P ); +- mbedtls_mpi_free( &ctx->E ); mbedtls_mpi_free( &ctx->N ); +- +-#if !defined(MBEDTLS_RSA_NO_CRT) +- mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP ); +- mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ ); +- mbedtls_mpi_free( &ctx->DP ); +-#endif /* MBEDTLS_RSA_NO_CRT */ +- +-#if defined(MBEDTLS_THREADING_C) +- mbedtls_mutex_free( &ctx->mutex ); +-#endif +-} +- +-#endif /* !MBEDTLS_RSA_ALT */ +- +-#if defined(MBEDTLS_SELF_TEST) +- +-#include "mbedtls/sha1.h" +-#if 0 +-/* +- * Example RSA-1024 keypair, for test purposes +- */ +-#define KEY_LEN 128 +- +-#define RSA_N "9292758453063D803DD603D5E777D788" \ +- "8ED1D5BF35786190FA2F23EBC0848AEA" \ +- "DDA92CA6C3D80B32C4D109BE0F36D6AE" \ +- "7130B9CED7ACDF54CFC7555AC14EEBAB" \ +- "93A89813FBF3C4F8066D2D800F7C38A8" \ +- "1AE31942917403FF4946B0A83D3D3E05" \ +- "EE57C6F5F5606FB5D4BC6CD34EE0801A" \ +- "5E94BB77B07507233A0BC7BAC8F90F79" +- +-#define RSA_E "10001" +- +-#define RSA_D "24BF6185468786FDD303083D25E64EFC" \ +- "66CA472BC44D253102F8B4A9D3BFA750" \ +- "91386C0077937FE33FA3252D28855837" \ +- "AE1B484A8A9A45F7EE8C0C634F99E8CD" \ +- "DF79C5CE07EE72C7F123142198164234" \ +- "CABB724CF78B8173B9F880FC86322407" \ +- "AF1FEDFDDE2BEB674CA15F3E81A1521E" \ +- "071513A1E85B5DFA031F21ECAE91A34D" +- +-#define RSA_P "C36D0EB7FCD285223CFB5AABA5BDA3D8" \ +- "2C01CAD19EA484A87EA4377637E75500" \ +- "FCB2005C5C7DD6EC4AC023CDA285D796" \ +- "C3D9E75E1EFC42488BB4F1D13AC30A57" +- +-#define RSA_Q "C000DF51A7C77AE8D7C7370C1FF55B69" \ +- "E211C2B9E5DB1ED0BF61D0D9899620F4" \ +- "910E4168387E3C30AA1E00C339A79508" \ +- "8452DD96A9A5EA5D9DCA68DA636032AF" +-#endif +-#define PT_LEN 24 +-#define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \ +- "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD" +- +-#if defined(MBEDTLS_PKCS1_V15) +-static int myrand( void *rng_state, unsigned char *output, size_t len ) +-{ +-#if !defined(__OpenBSD__) +- size_t i; +- +- if( rng_state != NULL ) +- rng_state = NULL; +- +- for( i = 0; i < len; ++i ) +- output[i] = rand(); +-#else +- if( rng_state != NULL ) +- rng_state = NULL; +- +- arc4random_buf( output, len ); +-#endif /* !OpenBSD */ +- +- return( 0 ); +-} +-#endif /* MBEDTLS_PKCS1_V15 */ +- +-/* +- * Checkup routine +- */ +-int mbedtls_rsa_self_test( int verbose ) +-{ +- int ret = 0; +-#if defined(MBEDTLS_PKCS1_V15) +- size_t len; +- mbedtls_pk_context pk; +- mbedtls_rsa_context *rsa; +- unsigned char rsa_plaintext[PT_LEN]; +- unsigned char rsa_decrypted[PT_LEN]; +-#if defined(MBEDTLS_SHA1_C) +- unsigned char sha1sum[20]; +-#endif +-#if defined(FREESCALE_PKHA_LONG_OPERANDS_ENABLE) \ +- || (defined(FREESCALE_PKHA_INT_MAX_BYTES) && (FREESCALE_PKHA_INT_MAX_BYTES >= ((4096 / 8) * 2))) +- unsigned char rsa_ciphertext[4096 / 8]; +- const char *rsa_keys[] = { RSA_PRIVATE_KEY_1024, RSA_PRIVATE_KEY_2048, RSA_PRIVATE_KEY_4096 }; +-#elif defined(FREESCALE_PKHA_INT_MAX_BYTES) && (FREESCALE_PKHA_INT_MAX_BYTES >= ((2048 / 8) * 2)) +- unsigned char rsa_ciphertext[2048 / 8]; +- const char *rsa_keys[] = { RSA_PRIVATE_KEY_1024, RSA_PRIVATE_KEY_2048 }; +-#else +- unsigned char rsa_ciphertext[1024 / 8]; +- const char *rsa_keys[] = { RSA_PRIVATE_KEY_1024 }; +-#endif +- size_t i; +- +- for (i = 0; i < sizeof(rsa_keys) / sizeof(rsa_keys[0]); i++) +- { +- mbedtls_pk_init(&pk); +- +- if( verbose != 0 ) +- mbedtls_printf( " RSA parse key #%d : ", i + 1 ); +- +- MBEDTLS_MPI_CHK( mbedtls_pk_parse_key(&pk, (const unsigned char *)rsa_keys[i], strlen(rsa_keys[i]) + 1, NULL, 0) ); +- +- rsa = mbedtls_pk_rsa(pk); +- +- if( verbose != 0 ) +- mbedtls_printf( "passed\n\r RSA-%d key validation: ", mbedtls_pk_get_bitlen( &pk ) ); +- +- MBEDTLS_MPI_CHK( mbedtls_rsa_check_pubkey( rsa ) ); +- MBEDTLS_MPI_CHK( mbedtls_rsa_check_privkey( rsa ) ); +- +- if( verbose != 0 ) +- mbedtls_printf( "passed\n\r PKCS#1 encryption : " ); +- +- memcpy( rsa_plaintext, RSA_PT, PT_LEN ); +- +- MBEDTLS_MPI_CHK( mbedtls_rsa_pkcs1_encrypt( rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, PT_LEN, +- rsa_plaintext, rsa_ciphertext ) ); +- +- if( verbose != 0 ) +- mbedtls_printf( "passed\n\r PKCS#1 decryption : " ); +- +- MBEDTLS_MPI_CHK( mbedtls_rsa_pkcs1_decrypt( rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, &len, +- rsa_ciphertext, rsa_decrypted, +- sizeof(rsa_decrypted) ) ); +- +- MBEDTLS_MPI_CHK( memcmp( rsa_decrypted, rsa_plaintext, len ) ); +- +- if( verbose != 0 ) +- mbedtls_printf( "passed\n\r" ); +- +- #if defined(MBEDTLS_SHA1_C) +- if( verbose != 0 ) +- mbedtls_printf( " PKCS#1 data sign : " ); +- +- mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ); +- +- MBEDTLS_MPI_CHK( mbedtls_rsa_pkcs1_sign( rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, +- sha1sum, rsa_ciphertext ) ); +- +- if( verbose != 0 ) +- mbedtls_printf( "passed\n\r PKCS#1 sig. verify : " ); +- +- MBEDTLS_MPI_CHK( mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, +- sha1sum, rsa_ciphertext ) ); +- +- if( verbose != 0 ) +- mbedtls_printf( "passed\n\r" ); +- #endif /* MBEDTLS_SHA1_C */ +- +- if( verbose != 0 ) +- mbedtls_printf( "\n\r" ); +- +- cleanup: +- mbedtls_pk_free( &pk ); +- if( ret != 0 ) +- { +- if( verbose != 0 ) +- mbedtls_printf( "failed\n\r" ); +- +- return( 1 ); +- } +- #else /* MBEDTLS_PKCS1_V15 */ +- ((void) verbose); +- #endif /* MBEDTLS_PKCS1_V15 */ +- } +- +- return( 0 ); +-} +- +-#endif /* MBEDTLS_SELF_TEST */ +- +-#endif /* MBEDTLS_RSA_C */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/generic/sm_timer.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/generic/sm_timer.c +deleted file mode 100644 +index 78fbe9574c..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/generic/sm_timer.c ++++ /dev/null +@@ -1,85 +0,0 @@ +-/* +- * +- * Copyright 2017 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +-* +-* @par Description +-* This file implements implements platform independent sleep functionality +-* @par History +-* +-*****************************************************************************/ +- +-#include +-#if defined(__gnu_linux__) || defined(__clang__) +-#include +-#endif +-#include +-#include "sm_timer.h" +- +-#if defined(USE_RTOS) && USE_RTOS == 1 +-#include "FreeRTOS.h" +-#include "task.h" +-#endif +- +-#if defined(__MBED__) +-#include "mbed_thread.h" +-#include "mbed_wait_api.h" +-#endif +- +-/* initializes the system tick counter +- * return 0 on succes, 1 on failure */ +-uint32_t sm_initSleep() +-{ +- return 0; +-} +- +-#if defined(USE_RTOS) && USE_RTOS == 1 +-#ifndef MSEC_TO_TICK +-#define MSEC_TO_TICK(msec) \ +- ((((uint32_t)configTICK_RATE_HZ * (uint32_t)(msec))) / 1000L) +-#endif /* MSEC_TO_TICK */ +-#endif /* USE_RTOS */ +- +-/** +- * Implement a blocking (for the calling thread) wait for a number of milliseconds. +- */ +-void sm_sleep(uint32_t msec) +-{ +-#ifdef __OSX_AVAILABLE +- clock_t goal = msec + clock(); +- while (goal > clock()); +-#elif defined(__gnu_linux__) || defined __clang__ +- useconds_t microsec = msec*1000; +- usleep(microsec); +-#elif defined(USE_RTOS) && USE_RTOS == 1 +- vTaskDelay(1 >= pdMS_TO_TICKS(msec) ? 1 : pdMS_TO_TICKS(msec)); +-#elif defined(__MBED__) +- thread_sleep_for(msec); +-#else +- clock_t goal = msec + clock(); +- while (goal > clock()); +-#endif +-} +- +-/** +- * Implement a blocking (for the calling thread) wait for a number of microseconds +- */ +-void sm_usleep(uint32_t microsec) +-{ +-#ifdef __OSX_AVAILABLE +- // no usleep +-#elif defined(_WIN32) +- #pragma message ( "No sm_usleep implemented" ) +-#elif defined(__gnu_linux__) || defined __clang__ +- usleep(microsec); +-#elif defined(__OpenBSD__) +- #warning "No sm_usleep implemented" +-#elif defined(__MBED__) +- wait_us(microsec); +-#else +- //#warning "No sm_usleep implemented" +-#endif +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/i2c_a7.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/i2c_a7.h +deleted file mode 100644 +index dc1b720860..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/i2c_a7.h ++++ /dev/null +@@ -1,160 +0,0 @@ +-/* +- * +- * Copyright 2017-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * @par Description +- * +- * I2C API used by SCI2C & T=1 over I2C protocol implementation. +- * +- * - SCIIC / SCI2C is the protocol used by A71CH / A71CL family of secure elements. +- * +- * - T=1 over I2C is the protocol used by SE050 family of secure elements. +- * +- * - T=1 over I2C with GP is the protocol used by other secure elements. +- * +- * These APIs are to be implemented when porting the Middleware stack to a new +- * host platform. +- * +- * @note Few APIs are only required for the SCI2C protocol and few are only +- * needed for T=1 over I2C Protocol. They are marked by the defines +- * ``SCI2C`` , ``T1oI2C`` and ``T1oI2C_GP1_0`` +- * +- * # Convention of the APIs. +- * +- * +- * APIs for which a buffer is input. e.g.:: +- * +- * i2c_error_t axI2CWrite(unsigned char bus, unsigned char addr, +- * unsigned char * pTx, unsigned short txLen); +- * +- * +- * In the above case :samp:`pTx` is a buffer input. It is assumed that +- * the lengh as set in :samp:`txLen` is same as that pointed to by +- * :samp:`pTx`. This parameter is used as is and any mistake by the +- * calling/implemented API will have unpredictable errors. +- * +- * +- * APIs for which a buffer is output. e.g.:: +- * +- * i2c_error_t axI2CWriteRead(unsigned char bus, +- * unsigned char addr, +- * unsigned char *pTx, +- * unsigned short txLen, +- * unsigned char *pRx, +- * unsigned short *pRxLen); +- * +- * +- * In the above case :samp:`pRx` is a buffer output and :samp:`pRxLen` +- * is both input and output. It is assumed that the lengh as set in +- * :samp:`pRxLen` is set to the maximum as available to the pointer +- * pointed by :samp:`pRx`. This parameter is used as is and any mistake +- * by the calling/implemented API will have unpredictable errors. +- * +- * @par History +- * +- **/ +- +-#ifndef _I2C_A7_H +-#define _I2C_A7_H +- +-#include "sm_types.h" +- +-#define SCI2C_T_CMDG 180 //!< Minimum delay between stop of Wakeup command and start of subsequent command (Value in micro seconds) +- +-#define I2C_IDLE 0 +-#define I2C_STARTED 1 +-#define I2C_RESTARTED 2 +-#define I2C_REPEATED_START 3 +-#define DATA_ACK 4 +-#define DATA_NACK 5 +-#define I2C_BUSY 6 +-#define I2C_NO_DATA 7 +-#define I2C_NACK_ON_ADDRESS 8 +-#define I2C_NACK_ON_DATA 9 +-#define I2C_ARBITRATION_LOST 10 +-#define I2C_TIME_OUT 11 +-#define I2C_OK 12 +-#define I2C_FAILED 13 +- +-typedef unsigned int i2c_error_t; +-#define I2C_BUS_0 (0) +- +-#if defined(__cplusplus) +-extern "C"{ +-#endif +-/** Initialize the I2C platform HW/Driver*/ +- +-/* MAX data supported by respective protocol in single read/write*/ +-#if defined(SCI2C) +-#define MAX_DATA_LEN 270 +-#elif defined(T1oI2C) +-#define MAX_DATA_LEN 260 +-#endif +- +- +-i2c_error_t axI2CInit(void **conn_ctx, const char *pDevName); +- +-/** Terminate / de-initialize the I2C platform HW/Driver +- * +- * +- * @param[in] connection context. +- * @param[in] mode Can be either 0 or 1. +- * +- * Where applicable, and implemented a value of 0 corresponds +- * to a 'light-weight' terminate. +- * +- * In genral, this is not used for most of the porting +- * platforms and use cases. +- * +- * +- */ +-void axI2CTerm(void* conn_ctx, int mode); +- +-#if AX_EMBEDDED +-/** Smarter handling of back off logic +- * +- * When we get a NAK from SE, we back off and keep on increasing the delay for next I2C Read/Write. +- * +- * When we get an ACK from SE, we reset this back off delay. +- */ +-void axI2CResetBackoffDelay( void ); +-#endif /* FREEDOM */ +- +-#if defined(SCI2C) /* Means SCI2C SCIIC */ +-/** Write a byte. +- * +- * Needed only for SCI2C */ +-i2c_error_t axI2CWriteByte(void* conn_ctx, unsigned char bus, unsigned char addr, unsigned char * pTx); +-/** Write and read only after an ACK. +- * +- * Needed only for SCI2C */ +-i2c_error_t axI2CWriteRead(void* conn_ctx, +- unsigned char bus, +- unsigned char addr, +- unsigned char *pTx, +- unsigned short txLen, +- unsigned char *pRx, +- unsigned short *pRxLen); +-#endif +- +-#if defined(SCI2C) /* Means SCI2C SCIIC */ || defined(T1oI2C) +-/** Write a frame. +- * +- * Needed for SCI2C and T=1 over I2C */ +-i2c_error_t axI2CWrite(void* conn_ctx, unsigned char bus, unsigned char addr, unsigned char * pTx, unsigned short txLen); +-#endif +- +-#ifdef T1oI2C +-/** Read a byte. +- * +- * Needed only for T=1 over I2C */ +-i2c_error_t axI2CRead(void* conn_ctx, unsigned char bus, unsigned char addr, unsigned char * pRx, unsigned short rxLen); +-#endif /* T1oI2C */ +-#if defined(__cplusplus) +-} +-#endif +- +-#endif // _I2C_A7_H +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/se05x_apis.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/se05x_apis.h +deleted file mode 100644 +index 1c1da67dd5..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/se05x_apis.h ++++ /dev/null +@@ -1,20 +0,0 @@ +-/* +- * +- * Copyright 2018-2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef _SE05X_API_H +-#define _SE05X_API_H +- +-/* +- * Define Reset logic for reset pin on SE +- * Active high for SE050 +- */ +-#define SE_RESET_LOGIC 1 +- +-void se05x_ic_reset(void); +-void se05x_ic_power_on(void); +-void se05x_ic_power_off(void); +- +-#endif // _SE05X_API_H +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_printf.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_printf.h +deleted file mode 100644 +index eabfb652a7..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_printf.h ++++ /dev/null +@@ -1,40 +0,0 @@ +-/* +- * +- * Copyright 2016-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef _SM_PRINTF_H_ +-#define _SM_PRINTF_H_ +-#include +-#include +-#include "sm_types.h" +-#ifdef __cplusplus +-extern "C" { +-#endif +- +- +-#if AX_EMBEDDED \ +- && (!defined (__MBED__)) +-# include "fsl_debug_console.h" +-#else +-# define PRINTF printf +-# define SCANF scanf +-# define PUTCHAR putchar +-# define GETCHAR getchar +-#endif +- +-#define CONSOLE (0x01) +-#define MEMORY (0x02) +-#define LOGFILE (0x04) +-#define DBGOUT_ALL (CONSOLE|MEMORY|LOGFILE) +- +-#define DBGOUT CONSOLE +- +-void sm_printf(unsigned char dev, const char * format, ...); +-void AssertZeroAllocation(void); +- +-#ifdef __cplusplus +-} +-#endif +-#endif // _SM_PRINTF_H_ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_timer.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_timer.h +deleted file mode 100644 +index 72c3512645..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc/sm_timer.h ++++ /dev/null +@@ -1,31 +0,0 @@ +-/* +- * +- * Copyright 2016 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef _SM_TIMER_H_ +-#define _SM_TIMER_H_ +- +-#include +-#ifdef __gnu_linux__ +-#include +-#endif +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-/* Change this value to tick rate used by the controller */ +-#define TICK_RATE_HZ 1000 +-#define MS_TO_TICKS(msec) (( (msec) * (TICK_RATE_HZ) ) / (1000)) +- +-/* function used for delay loops */ +-uint32_t sm_initSleep(void); +-void sm_sleep(uint32_t msec); +-void sm_usleep(uint32_t microsec); +- +-#ifdef __cplusplus +-} +-#endif +-#endif // _SM_TIMER_H_ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/se05x_i2c.cpp b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/se05x_i2c.cpp +deleted file mode 100644 +index 07ef0db92b..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/se05x_i2c.cpp ++++ /dev/null +@@ -1,59 +0,0 @@ +-/* +- * Copyright 2022 Arduino SA +- * SPDX-License-Identifier: Apache-2.0 +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-#include "i2c_a7.h" +-#include "mbed.h" +- +-static I2C * se05x_i2c; +- +-i2c_error_t axI2CInit(void **conn_ctx, const char *pDevName) +-{ +- se05x_i2c = new I2C(MBED_CONF_TARGET_SE050_SDA, MBED_CONF_TARGET_SE050_SCL); +- if(se05x_i2c != NULL) +- { +- se05x_i2c->frequency(MBED_CONF_TARGET_SE050_I2C_FREQ); +- return I2C_OK; +- } +- return I2C_FAILED; +-} +- +-void axI2CTerm(void* conn_ctx, int mode) +-{ +- if(se05x_i2c != NULL) +- { +- delete se05x_i2c; +- } +-} +- +-i2c_error_t axI2CWrite(void* conn_ctx, unsigned char bus, unsigned char addr, unsigned char * pTx, unsigned short txLen) +-{ +- if(se05x_i2c->write(addr, (const char *)pTx, txLen)) +- { +- return I2C_FAILED; +- } +- return I2C_OK; +-} +- +-i2c_error_t axI2CRead(void* conn_ctx, unsigned char bus, unsigned char addr, unsigned char * pRx, unsigned short rxLen) +-{ +- if(se05x_i2c->read(addr, (char *)pRx, rxLen)) +- { +- return I2C_FAILED; +- } +- return I2C_OK; +-} +- +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/se05x_power.cpp b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/se05x_power.cpp +deleted file mode 100644 +index 0d7ffcac8c..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/se05x_power.cpp ++++ /dev/null +@@ -1,39 +0,0 @@ +-/* +- * Copyright 2022 Arduino SA +- * SPDX-License-Identifier: Apache-2.0 +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-#include "se05x_apis.h" +-#include "sm_timer.h" +-#include "mbed.h" +- +-static DigitalOut se05x_ic_enable(MBED_CONF_TARGET_SE050_ENA, 0); +- +-void se05x_ic_reset(void) +-{ +- se05x_ic_power_off(); +- sm_sleep(100); +- se05x_ic_power_on(); +-} +- +-void se05x_ic_power_on(void) +-{ +- se05x_ic_enable = 1; +-} +- +-void se05x_ic_power_off(void) +-{ +- se05x_ic_enable = 0; +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x/src/se05x_ECC_curves.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x/src/se05x_ECC_curves.c +deleted file mode 100644 +index 2712b35381..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x/src/se05x_ECC_curves.c ++++ /dev/null +@@ -1,72 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#include +-#include +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_SE05X && SSSFTR_SE05X_ECC +- +-#include "se05x_ecc_curves.h" +-#include "se05x_APDU.h" +- +-#include "se05x_ecc_curves_values.h" +-#ifndef ARRAY_SIZE +-#define ARRAY_SIZE(array) (sizeof(array) / (sizeof(array[0]))) +-#endif +- +-#define PROCESS_ECC_CURVE(NAME) \ +- smStatus_t Se05x_API_CreateCurve_##NAME(Se05xSession_t *pSession, uint32_t obj_id) \ +- { \ +- smStatus_t status; \ +- const uint8_t ecc_prime[] = {EC_PARAM_##NAME##_prime}; \ +- const uint8_t ecc_a[] = {EC_PARAM_##NAME##_a}; \ +- const uint8_t ecc_b[] = {EC_PARAM_##NAME##_b}; \ +- const uint8_t ecc_G[] = {0x04, EC_PARAM_##NAME##_x, EC_PARAM_##NAME##_y}; \ +- const uint8_t ecc_ordern[] = {EC_PARAM_##NAME##_order}; \ +- \ +- status = Se05x_API_CreateECCurve(pSession, (SE05x_ECCurve_t)obj_id); \ +- if (status != SM_OK) { \ +- return status; \ +- } \ +- \ +- status = Se05x_API_SetECCurveParam( \ +- pSession, (SE05x_ECCurve_t)obj_id, kSE05x_ECCurveParam_PARAM_A, ecc_a, ARRAY_SIZE(ecc_a)); \ +- if (status != SM_OK) { \ +- return status; \ +- } \ +- \ +- status = Se05x_API_SetECCurveParam( \ +- pSession, (SE05x_ECCurve_t)obj_id, kSE05x_ECCurveParam_PARAM_B, ecc_b, ARRAY_SIZE(ecc_b)); \ +- if (status != SM_OK) { \ +- return status; \ +- } \ +- \ +- status = Se05x_API_SetECCurveParam( \ +- pSession, (SE05x_ECCurve_t)obj_id, kSE05x_ECCurveParam_PARAM_G, ecc_G, ARRAY_SIZE(ecc_G)); \ +- if (status != SM_OK) { \ +- return status; \ +- } \ +- \ +- status = Se05x_API_SetECCurveParam( \ +- pSession, (SE05x_ECCurve_t)obj_id, kSE05x_ECCurveParam_PARAM_N, ecc_ordern, ARRAY_SIZE(ecc_ordern)); \ +- if (status != SM_OK) { \ +- return status; \ +- } \ +- \ +- status = Se05x_API_SetECCurveParam( \ +- pSession, (SE05x_ECCurve_t)obj_id, kSE05x_ECCurveParam_PARAM_PRIME, ecc_prime, ARRAY_SIZE(ecc_prime)); \ +- return status; \ +- } +- +-#include "se05x_ecc_curves_inc.h" +- +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x/src/se05x_mw.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x/src/se05x_mw.c +deleted file mode 100644 +index f01c86bec0..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x/src/se05x_mw.c ++++ /dev/null +@@ -1,106 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#include +-#include +-#include +-//#include +-#include +-#include +-#include +-#include "sm_const.h" +-#include "nxEnsure.h" +-#include +-// For SIMW-656 +-// #include "../../sss/ex/inc/ex_sss_objid.h" +- +-#if APPLET_SE050_VER_MAJOR_MINOR >= 20000u +- +-smStatus_t Se05x_API_DeleteAll_Iterative(pSe05xSession_t session_ctx) +-{ +- uint8_t pmore = kSE05x_MoreIndicator_NA; +- uint8_t list[1024]; +- size_t listlen = sizeof(list); +- size_t i; +- smStatus_t retStatus = SM_NOT_OK; +- uint16_t outputOffset = 0; +- do { +- retStatus = Se05x_API_ReadIDList(session_ctx, outputOffset, 0xFF, &pmore, list, &listlen); +- if (retStatus != SM_OK) { +- return retStatus; +- } +- outputOffset = (uint16_t)listlen; +- for (i = 0; i < listlen; i += 4) { +- uint32_t id = 0 | (list[i + 0] << (3 * 8)) | (list[i + 1] << (2 * 8)) | (list[i + 2] << (1 * 8)) | +- (list[i + 3] << (0 * 8)); +- if (SE05X_OBJID_SE05X_APPLET_RES_START == SE05X_OBJID_SE05X_APPLET_RES_MASK(id)) { +- LOG_D("Not erasing ObjId=0x%08X (Reserved)", id); +- /* In Reserved space */ +- } +- else if (EX_SSS_OBJID_DEMO_AUTH_START == EX_SSS_OBJID_DEMO_AUTH_MASK(id)) { +- LOG_D("Not erasing ObjId=0x%08X (Demo Auth)", id); +- /* Not reasing default authentication object */ +- } +- else if (EX_SSS_OBJID_IOT_HUB_A_START == EX_SSS_OBJID_IOT_HUB_A_MASK(id)) { +- LOG_D("Not erasing ObjId=0x%08X (IoT Hub)", id); +- /* Not reasing IoT Hub object */ +- } +- else if (!SE05X_OBJID_TP_MASK(id) && id) { +- LOG_D("Not erasing Trust Provisioned objects"); +- } +- else { +- retStatus = Se05x_API_DeleteSecureObject(session_ctx, id); +- if (retStatus != SM_OK) { +- LOG_W("Error in erasing ObjId=0x%08X (Others)", id); +- } +- } +- } +- } while (pmore == kSE05x_MoreIndicator_MORE); +-#if SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ +- retStatus = Se05x_API_ReadCryptoObjectList(session_ctx, list, &listlen); +- if (retStatus != SM_OK) { +- goto cleanup; +- } +- for (i = 0; i < listlen; i += 4) { +- uint16_t cryptoObjectId = list[i + 1] | (list[i + 0] << 8); +- SE05x_CryptoObjectID_t ecryptoObjectId = (SE05x_CryptoObjectID_t)cryptoObjectId; +- retStatus = Se05x_API_DeleteCryptoObject(session_ctx, ecryptoObjectId); +- if (retStatus != SM_OK) { +- LOG_W("Error in erasing CryptoObject=%04X", cryptoObjectId); +- } +- } +-cleanup: +-#endif +- return retStatus; +-} +- +-#endif +- +-bool Se05x_IsInValidRangeOfUID(uint32_t uid) +-{ +-#if 0 +- // For SIMW-656 +- bool retVal = TRUE; +- if (uid >= EX_SSS_OBJID_DEMO_START && uid <= EX_SSS_OBJID_DEMO_END) +- { +- retVal = FALSE; +- } +- else if (uid >= SE05X_OBJID_SE05X_APPLET_RES_START && uid <= SE05X_OBJID_SE05X_APPLET_RES_END) +- { +- retVal = FALSE; +- } +- else if (uid >= EX_SSS_OBJID_TEST_START && uid <= EX_SSS_OBJID_TEST_END) +- { +- retVal = FALSE; +- } +- if (retVal == TRUE) { +- LOG_E("Not allowing 0x%X uid", uid); +- } +- return retVal; +-#else +- return FALSE; +-#endif +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x/src/se05x_tlv.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x/src/se05x_tlv.c +deleted file mode 100644 +index d7abb74f59..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x/src/se05x_tlv.c ++++ /dev/null +@@ -1,822 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#include "se05x_tlv.h" +-#include "se05x_const.h" +-#include // memcpy +-#include +-#include +-#include "nxEnsure.h" +-#include "smCom.h" +-#include "sm_apdu.h" +- +-#ifdef FLOW_VERBOSE +-#define VERBOSE_APDU_LOGS 1 +-#else +-#define VERBOSE_APDU_LOGS 0 +-#endif +- +-#if SSS_HAVE_SE05X +-#define SE05X_TLV_BUF_SIZE_CMD SE05X_MAX_BUF_SIZE_CMD +-#define SE05X_TLV_BUF_SIZE_RSP SE05X_MAX_BUF_SIZE_RSP +-#else +-#define SE05X_TLV_BUF_SIZE_CMD 900 +-#define SE05X_TLV_BUF_SIZE_RSP 900 +-#endif +- +-int tlvSet_U8(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint8_t value) +-{ +- uint8_t *pBuf = *buf; +- const size_t size_of_tlv = 1 + 1 + 1; +- if (((*bufLen) + size_of_tlv) > SE05X_TLV_BUF_SIZE_CMD) +- return 1; +- *pBuf++ = (uint8_t)tag; +- *pBuf++ = 1; +- *pBuf++ = value; +- *buf = pBuf; +- *bufLen += size_of_tlv; +- return 0; +-} +- +-int tlvSet_U16Optional(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint16_t value) +-{ +- if (value == 0) +- return 0; +- else +- return tlvSet_U16(buf, bufLen, tag, value); +-} +- +-int tlvSet_U16(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint16_t value) +-{ +- const size_t size_of_tlv = 1 + 1 + 2; +- uint8_t *pBuf = *buf; +- if (((*bufLen) + size_of_tlv) > SE05X_TLV_BUF_SIZE_CMD) +- return 1; +- *pBuf++ = (uint8_t)tag; +- *pBuf++ = 2; +- *pBuf++ = (uint8_t)((value >> 1 * 8) & 0xFF); +- *pBuf++ = (uint8_t)((value >> 0 * 8) & 0xFF); +- *buf = pBuf; +- *bufLen += size_of_tlv; +- return 0; +-} +- +-int tlvSet_U32(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint32_t value) +-{ +- const size_t size_of_tlv = 1 + 1 + 4; +- uint8_t *pBuf = *buf; +- if (((*bufLen) + size_of_tlv) > SE05X_TLV_BUF_SIZE_CMD) +- return 1; +- *pBuf++ = (uint8_t)tag; +- *pBuf++ = 4; +- *pBuf++ = (uint8_t)((value >> 3 * 8) & 0xFF); +- *pBuf++ = (uint8_t)((value >> 2 * 8) & 0xFF); +- *pBuf++ = (uint8_t)((value >> 1 * 8) & 0xFF); +- *pBuf++ = (uint8_t)((value >> 0 * 8) & 0xFF); +- *buf = pBuf; +- *bufLen += size_of_tlv; +- return 0; +-} +- +-int tlvSet_U64_size(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint64_t value, uint16_t size) +-{ +- int8_t pos = 0; +- pos = (uint8_t)size; +- const size_t size_of_tlv = 1 + 1 + size; +- uint8_t *pBuf = *buf; +- if (((*bufLen) + size_of_tlv) > SE05X_TLV_BUF_SIZE_CMD) +- return 1; +- *pBuf++ = (uint8_t)tag; +- *pBuf++ = pos; +- pos--; +- for (; pos >= 0; pos--) { +- *pBuf++ = (uint8_t)((value >> pos * 8) & 0xFF); +- } +- *buf = pBuf; +- *bufLen += size_of_tlv; +- return 0; +-} +- +-int tlvSet_Se05xPolicy(const char *description, uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, Se05xPolicy_t *policy) +-{ +- int tlvRet = 0; +- if ((policy != NULL) && (policy->value != NULL)) { +- tlvRet = tlvSet_u8buf(buf, bufLen, tag, policy->value, policy->value_len); +-#if VERBOSE_APDU_LOGS +- nLog("APDU", NX_LEVEL_DEBUG, "kSE05x_TAG_POLICY"); +- nLog_au8("APDU", NX_LEVEL_DEBUG, description, policy->value, policy->value_len); +-#endif +- return tlvRet; +- } +- else { +-#if VERBOSE_APDU_LOGS +- nLog("APDU", NX_LEVEL_INFO, "Policy is NULL"); +-#endif +- } +- +- return tlvRet; +-} +- +-int tlvSet_ECCurve(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, SE05x_ECCurve_t value) +-{ +- int retVal = 0; +- if (value != kSE05x_ECCurve_NA) +- retVal = tlvSet_U8(buf, bufLen, tag, (uint8_t)value); +- return retVal; +-} +- +-int tlvSet_u8bufOptional(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, const uint8_t *cmd, size_t cmdLen) +-{ +- if (cmdLen == 0) +- return 0; +- else +- return tlvSet_u8buf(buf, bufLen, tag, cmd, cmdLen); +-} +- +-int tlvSet_u8bufOptional_ByteShift(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, const uint8_t *cmd, size_t cmdLen) +-{ +- int ret = 1; +- if (cmdLen == 0) { +- ret = 0; +- } +- else if (0 == (cmdLen & 1)) { +- /* LSB is 0 */ +- ret = tlvSet_u8buf(buf, bufLen, tag, cmd, cmdLen); +- } +- else { +- uint8_t localBuff[SE05X_MAX_BUF_SIZE_CMD]; +- ENSURE_OR_GO_CLEANUP((cmdLen + 1) < sizeof(localBuff)); +- localBuff[0] = '\0'; +- memcpy(localBuff + 1, cmd, cmdLen); +- ret = tlvSet_u8buf(buf, bufLen, tag, localBuff, cmdLen + 1); +- } +- +-cleanup: +- return ret; +-} +- +-int tlvSet_u8buf(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, const uint8_t *cmd, size_t cmdLen) +-{ +- uint8_t *pBuf = *buf; +- +- /* if < 0x7F +- * len = 1 byte +- * elif if < 0xFF +- * '0x81' + len == 2 Bytes +- * elif if < 0xFFFF +- * '0x82' + len_msb + len_lsb == 3 Bytes +- */ +- const size_t size_of_length = (cmdLen <= 0x7f ? 1 : (cmdLen <= 0xFf ? 2 : 3)); +- const size_t size_of_tlv = 1 + size_of_length + cmdLen; +- +- if (((*bufLen) + size_of_tlv) > SE05X_TLV_BUF_SIZE_CMD) { +- LOG_E("Not enough buffer"); +- return 1; +- } +- *pBuf++ = (uint8_t)tag; +- +- if (cmdLen <= 0x7Fu) { +- *pBuf++ = (uint8_t)cmdLen; +- } +- else if (cmdLen <= 0xFFu) { +- *pBuf++ = (uint8_t)(0x80 /* Extended */ | 0x01 /* Additional Length */); +- *pBuf++ = (uint8_t)((cmdLen >> 0 * 8) & 0xFF); +- } +- else if (cmdLen <= 0xFFFFu) { +- *pBuf++ = (uint8_t)(0x80 /* Extended */ | 0x02 /* Additional Length */); +- *pBuf++ = (uint8_t)((cmdLen >> 1 * 8) & 0xFF); +- *pBuf++ = (uint8_t)((cmdLen >> 0 * 8) & 0xFF); +- } +- else { +- return 1; +- } +- if ((cmdLen > 0) && (cmd != NULL)) { +- while (cmdLen-- > 0) { +- *pBuf++ = *cmd++; +- } +- } +- +- *bufLen += size_of_tlv; +- *buf = pBuf; +- +- return 0; +-} +- +-int tlvSet_u8buf_features(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, pSe05xAppletFeatures_t appletVariant) +-{ +- uint8_t features[32] = {0}; +- size_t features_size = 0; +- features[0] = (uint8_t)((appletVariant->variant >> 1 * 8) & 0xFF); +- features_size++; +- features[1] = (uint8_t)((appletVariant->variant >> 0 * 8) & 0xFF); +- features_size++; +- if (appletVariant->extended_features) { +- memcpy(&features[2], +- appletVariant->extended_features->features, +- sizeof(appletVariant->extended_features->features)); +- features_size += sizeof(appletVariant->extended_features->features); +- } +- +- return tlvSet_u8buf(buf, bufLen, tag, &features[0], features_size); +-} +- +-int tlvGet_U8(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint8_t *pRsp) +-{ +- int retVal = 1; +- uint8_t *pBuf = buf + (*pBufIndex); +- uint8_t got_tag = *pBuf++; +- size_t rspLen; +- +- if ((*pBufIndex) > bufLen) { +- goto cleanup; +- } +- +- if (got_tag != tag) +- goto cleanup; +- rspLen = *pBuf++; +- if (rspLen > 1) +- goto cleanup; +- *pRsp = *pBuf; +- *pBufIndex += (1 + 1 + (rspLen)); +- retVal = 0; +-cleanup: +- return retVal; +-} +- +-int tlvSet_KeyID(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint32_t keyID) +-{ +- int retVal = 0; +- if (keyID != 0) { +- retVal = tlvSet_U32(buf, bufLen, tag, keyID); +- } +- return retVal; +-} +- +-int tlvSet_MaxAttemps(uint8_t **buf, size_t *bufLen, SE05x_TAG_t tag, uint16_t maxAttemps) +-{ +- int retVal = 0; +- if (maxAttemps != 0) { +- retVal = tlvSet_U16(buf, bufLen, tag, maxAttemps); +- } +- return retVal; +-} +- +-int tlvGet_SecureObjectType(uint8_t *buf, size_t *pBufIndex, size_t bufLen, SE05x_TAG_t tag, SE05x_SecObjTyp_t *pType) +-{ +- uint8_t uType = 0; +- int retVal = tlvGet_U8(buf, pBufIndex, bufLen, tag, &uType); +- *pType = (SE05x_SecObjTyp_t)uType; +- return retVal; +-} +- +-int tlvGet_Result(uint8_t *buf, size_t *pBufIndex, size_t bufLen, SE05x_TAG_t tag, SE05x_Result_t *presult) +-{ +- uint8_t uType = 0; +- size_t uTypeLen = 1; +- int retVal = tlvGet_u8buf(buf, pBufIndex, bufLen, tag, &uType, &uTypeLen); +- *presult = (SE05x_Result_t)uType; +- return retVal; +-} +- +-int tlvGet_U16(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint16_t *pRsp) +-{ +- int retVal = 1; +- uint8_t *pBuf = buf + (*pBufIndex); +- uint8_t got_tag = *pBuf++; +- size_t rspLen; +- +- if ((*pBufIndex) > bufLen) { +- goto cleanup; +- } +- +- if (got_tag != tag) { +- goto cleanup; +- } +- rspLen = *pBuf++; +- if (rspLen > 2) { +- goto cleanup; +- } +- *pRsp = (*pBuf++) << 8; +- *pRsp |= *pBuf++; +- *pBufIndex += (1 + 1 + (rspLen)); +- retVal = 0; +-cleanup: +- return retVal; +-} +- +-//ISO 7816-4 Annex D. +-int tlvGet_u8buf(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, uint8_t *rsp, size_t *pRspLen) +-{ +- int retVal = 1; +- uint8_t *pBuf = buf + (*pBufIndex); +- uint8_t got_tag = *pBuf++; +- size_t extendedLen; +- size_t rspLen; +- //size_t len; +- +- if (rsp == NULL) { +- goto cleanup; +- } +- +- if (pRspLen == NULL) { +- goto cleanup; +- } +- +- if ((*pBufIndex) > bufLen) { +- goto cleanup; +- } +- +- if (got_tag != tag) { +- goto cleanup; +- } +- rspLen = *pBuf++; +- +- if (rspLen <= 0x7FU) { +- extendedLen = rspLen; +- *pBufIndex += (1 + 1); +- } +- else if (rspLen == 0x81) { +- extendedLen = *pBuf++; +- *pBufIndex += (1 + 1 + 1); +- } +- else if (rspLen == 0x82) { +- extendedLen = *pBuf++; +- extendedLen = (extendedLen << 8) | *pBuf++; +- *pBufIndex += (1 + 1 + 2); +- } +- else { +- goto cleanup; +- } +- +- if (extendedLen > *pRspLen) +- goto cleanup; +- if (extendedLen > bufLen) +- goto cleanup; +- +- *pRspLen = extendedLen; +- *pBufIndex += extendedLen; +- while (extendedLen-- > 0) { +- *rsp++ = *pBuf++; +- } +- retVal = 0; +-cleanup: +- if (retVal != 0) { +- if (pRspLen != NULL) { +- *pRspLen = 0; +- } +- } +- return retVal; +-} +- +-int tlvGet_ValueIndex(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag) +-{ +- int retVal = 1; +- uint8_t *pBuf = buf + (*pBufIndex); +- uint8_t got_tag = *pBuf++; +- size_t extendedLen; +- size_t rspLen; +- +- if ((*pBufIndex) > bufLen) { +- goto cleanup; +- } +- +- if (got_tag != tag) { +- goto cleanup; +- } +- rspLen = *pBuf++; +- +- if (rspLen <= 0x7FU) { +- extendedLen = rspLen; +- *pBufIndex += (1 + 1); +- } +- else if (rspLen == 0x81) { +- extendedLen = *pBuf++; +- *pBufIndex += (1 + 1 + 1); +- } +- else if (rspLen == 0x82) { +- extendedLen = *pBuf++; +- extendedLen = (extendedLen << 8) | *pBuf++; +- *pBufIndex += (1 + 1 + 2); +- } +- else { +- goto cleanup; +- } +- +- if (extendedLen > bufLen) +- goto cleanup; +- +- retVal = 0; +-cleanup: +- return retVal; +-} +- +-int tlvGet_TimeStamp(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, SE05x_TAG_t tag, SE05x_TimeStamp_t *pTs) +-{ +- size_t rspBufSize = sizeof(pTs->ts); +- return tlvGet_u8buf(buf, pBufIndex, bufLen, tag, pTs->ts, &rspBufSize); +-} +- +-smStatus_t DoAPDUTx_s_Case3(Se05xSession_t *pSessionCtx, const tlvHeader_t *hdr, uint8_t *cmdBuf, size_t cmdBufLen) +-{ +- uint8_t rxBuf[SE05X_TLV_BUF_SIZE_RSP + 2]; +- size_t rxBufLen = sizeof(rxBuf); +- smStatus_t apduStatus = SM_NOT_OK; +- if (pSessionCtx->fp_TXn == NULL) { +- apduStatus = SM_NOT_OK; +- } +- else { +- apduStatus = pSessionCtx->fp_TXn(pSessionCtx, hdr, cmdBuf, cmdBufLen, rxBuf, &rxBufLen, 0); +- } +- return apduStatus; +-} +- +-smStatus_t DoAPDUTxRx_s_Case2(Se05xSession_t *pSessionCtx, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rspBuf, +- size_t *pRspBufLen) +-{ +- smStatus_t apduStatus; +- if (pSessionCtx->fp_TXn == NULL) { +- apduStatus = SM_NOT_OK; +- } +- else { +- apduStatus = pSessionCtx->fp_TXn(pSessionCtx, hdr, cmdBuf, cmdBufLen, rspBuf, pRspBufLen, 0); +- } +- return apduStatus; +-} +- +-smStatus_t DoAPDUTxRx_s_Case4(Se05xSession_t *pSessionCtx, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rspBuf, +- size_t *pRspBufLen) +-{ +- smStatus_t apduStatus; +- if (pSessionCtx->fp_TXn == NULL) { +- apduStatus = SM_NOT_OK; +- } +- else { +- apduStatus = pSessionCtx->fp_TXn(pSessionCtx, hdr, cmdBuf, cmdBufLen, rspBuf, pRspBufLen, 0); +- } +- return apduStatus; +-} +- +-smStatus_t DoAPDUTxRx_s_Case4_ext(Se05xSession_t *pSessionCtx, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rspBuf, +- size_t *pRspBufLen) +-{ +- smStatus_t apduStatus = SM_NOT_OK; +- if (pSessionCtx->fp_TXn == NULL) { +- apduStatus = SM_NOT_OK; +- } +- else { +- apduStatus = pSessionCtx->fp_TXn(pSessionCtx, hdr, cmdBuf, cmdBufLen, rspBuf, pRspBufLen, 1); +- } +- return apduStatus; +-} +- +-smStatus_t DoAPDUTxRx( +- Se05xSession_t *pSessionCtx, uint8_t *cmdBuf, size_t cmdBufLen, uint8_t *rspBuf, size_t *pRspBufLen) +-{ +- smStatus_t apduStatus = SM_NOT_OK; +- size_t data_offset = 0; +- size_t dataLen = 0; +- apduTxRx_case_t apdu_case = APDU_TXRX_CASE_INVALID; +- +- if (smApduGetTxRxCase(cmdBuf, cmdBufLen, &data_offset, &dataLen, &apdu_case)) { +- switch (apdu_case) { +- case APDU_TXRX_CASE_1: +- case APDU_TXRX_CASE_2: +- case APDU_TXRX_CASE_2E: +- apduStatus = DoAPDUTxRx_s_Case2( +- pSessionCtx, (tlvHeader_t *)cmdBuf, cmdBuf + data_offset, dataLen, rspBuf, pRspBufLen); +- break; +- case APDU_TXRX_CASE_3: +- case APDU_TXRX_CASE_4: +- // Using case 4 here (also for case 3 apdus) to retrieve status word in response buffer. +- apduStatus = DoAPDUTxRx_s_Case4( +- pSessionCtx, (tlvHeader_t *)cmdBuf, cmdBuf + data_offset, dataLen, rspBuf, pRspBufLen); +- break; +- +- case APDU_TXRX_CASE_3E: +- case APDU_TXRX_CASE_4E: +- // Using case 4 here (also for case 3 apdus) to retrieve status word in response buffer. +- apduStatus = DoAPDUTxRx_s_Case4_ext( +- pSessionCtx, (tlvHeader_t *)cmdBuf, cmdBuf + data_offset, dataLen, rspBuf, pRspBufLen); +- break; +- default: +- LOG_E("Invalid APDU TxRX case"); +- break; +- } +- } +- return apduStatus; +-} +- +-#if SSS_HAVE_SE05X +-int tlvSet_u8buf_I2CM(uint8_t **buf, size_t *bufLen, SE05x_I2CM_TAG_t tag, const uint8_t *cmd, size_t cmdLen) +-{ +- /* if < 0x7F +- * len = 1 byte +- * elif if < 0xFF +- * '0x81' + len == 2 Bytes +- * elif if < 0xFFFF +- * '0x82' + len_msb + len_lsb == 3 Bytes +- */ +- const size_t size_of_length = 2; +- const size_t size_of_tlv = 1 + size_of_length + cmdLen; +- uint8_t *pBuf = *buf; +- if (((*bufLen) + size_of_tlv) > SE05X_I2CM_MAX_BUF_SIZE_CMD) { +- LOG_E("Not enough buffer"); +- return 1; +- } +- *pBuf++ = (uint8_t)tag; +- if (cmdLen <= 0xFFFFu) { +- *pBuf++ = (uint8_t)((cmdLen >> 1 * 8) & 0xFF); +- *pBuf++ = (uint8_t)((cmdLen >> 0 * 8) & 0xFF); +- } +- else { +- return 1; +- } +- if (cmdLen) { +- while (cmdLen-- > 0) { +- *pBuf++ = *cmd++; +- } +- *buf = pBuf; +- *bufLen += size_of_tlv; +- } +- return 0; +-} +-#endif +- +-smStatus_t se05x_Transform(struct Se05xSession *pSession, +- const tlvHeader_t *hdr, +- uint8_t *cmdApduBuf, +- const size_t cmdApduBufLen, +- tlvHeader_t *out_hdr, +- uint8_t *txBuf, +- size_t *ptxBufLen, +- uint8_t hasle) +-{ +- size_t i = 0; +- +- out_hdr->hdr[0] = hdr->hdr[0]; +- out_hdr->hdr[1] = hdr->hdr[1]; +- out_hdr->hdr[2] = hdr->hdr[2]; +- out_hdr->hdr[3] = hdr->hdr[3]; +- +- if (pSession->hasSession) { +-#if SSSFTR_SE05X_AuthECKey || SSSFTR_SE05X_AuthSession +- +- size_t SCmd_Lc = (cmdApduBufLen == 0) ? 0 : (((cmdApduBufLen < 0xFF) && !hasle) ? 1 : 3); +- +- size_t STag1_Len = 0 +- /* cla ins */ +- + 4 + SCmd_Lc + cmdApduBufLen; +- +- out_hdr->hdr[i++] = kSE05x_CLA; +- out_hdr->hdr[i++] = kSE05x_INS_PROCESS; +- out_hdr->hdr[i++] = kSE05x_P1_DEFAULT; +- out_hdr->hdr[i++] = kSE05x_P2_DEFAULT; +- +- i = 0; +- txBuf[i++] = kSE05x_TAG_SESSION_ID; +- txBuf[i++] = sizeof(pSession->value); +- memcpy(&txBuf[i], pSession->value, sizeof(pSession->value)); +- i += sizeof(pSession->value); +- txBuf[i++] = kSE05x_TAG_1; +- if (STag1_Len <= 0x7Fu) { +- txBuf[i++] = (uint8_t)STag1_Len; +- } +- else if (STag1_Len <= 0xFFu) { +- txBuf[i++] = (uint8_t)(0x80 /* Extended */ | 0x01 /* Additional Length */); +- txBuf[i++] = (uint8_t)((STag1_Len >> 0 * 8) & 0xFF); +- } +- else if (STag1_Len <= 0xFFFFu) { +- txBuf[i++] = (uint8_t)(0x80 /* Extended */ | 0x02 /* Additional Length */); +- txBuf[i++] = (uint8_t)((STag1_Len >> 8) & 0xFF); +- txBuf[i++] = (uint8_t)((STag1_Len)&0xFF); +- } +- memcpy(&txBuf[i], hdr, sizeof(*hdr)); +- i += sizeof(*hdr); +- // In case there is a payload, indicate how long it is +- // in Lc in the header. Do not include an Lc in case there +- //is no payload. +- if (cmdApduBufLen > 0) { +- // The Lc field must be extended in case the length does not fit +- // into a single byte (Note, while the standard would allow to +- // encode 0x100 as 0x00 in the Lc field, nobody who is sane in his mind +- // would actually do that). +- if ((cmdApduBufLen < 0xFF) && !hasle) { +- txBuf[i++] = (uint8_t)cmdApduBufLen; +- } +- else { +- txBuf[i++] = 0x00; +- txBuf[i++] = 0xFFu & (cmdApduBufLen >> 8); +- txBuf[i++] = 0xFFu & (cmdApduBufLen); +- } +- } +-#endif +- } +- +- if (cmdApduBufLen > 0) { +- memcpy(&txBuf[i], cmdApduBuf, cmdApduBufLen); +- i += cmdApduBufLen; +- } +- +- *ptxBufLen = i; +- return SM_OK; +-} +- +-smStatus_t se05x_DeCrypt( +- struct Se05xSession *pSessionCtx, size_t cmd_cmacLen, uint8_t *rsp, size_t *rspLength, uint8_t hasle) +-{ +- U16 rv = SM_NOT_OK; +- +- if (*rspLength >= 2) { +- rv = rsp[(*rspLength) - 2] << 8 | rsp[(*rspLength) - 1]; +- if ((rv == SM_OK) && (pSessionCtx->pdynScp03Ctx != NULL)) { +-#if SSS_HAVE_SCP_SCP03_SSS +- rv = nxpSCP03_Decrypt_ResponseAPDU(pSessionCtx->pdynScp03Ctx, cmd_cmacLen, rsp, rspLength, hasle); +-#else +- LOG_W("Decrypting without SSS_HAVE_SCP_SCP03_SSS"); +- rv = SM_NOT_OK; +-#endif +- } +-#if SSS_HAVE_SCP_SCP03_SSS +- else { /*Counter to be increament only in case of authentication is all kind of SCP +- and response is not 9000 */ +- if ((rv != SM_OK) && (pSessionCtx->pdynScp03Ctx != NULL)) { +- if (((pSessionCtx->pdynScp03Ctx->authType == kSSS_AuthType_AESKey) || +- (pSessionCtx->pdynScp03Ctx->authType == kSSS_AuthType_ECKey)) || +- ((pSessionCtx->pdynScp03Ctx->authType == kSSS_AuthType_SCP03) && (cmd_cmacLen - 8) > 0)) { +- nxpSCP03_Inc_CommandCounter(pSessionCtx->pdynScp03Ctx); +- } +- } +- } +-#endif +- } +- else { +- rv = SM_NOT_OK; +- } +- +- return rv; +-} +- +-#if SSS_HAVE_SCP_SCP03_SSS +-smStatus_t se05x_Transform_scp(struct Se05xSession *pSession, +- const tlvHeader_t *hdr, +- uint8_t *cmdApduBuf, +- const size_t cmdApduBufLen, +- tlvHeader_t *outhdr, +- uint8_t *txBuf, +- size_t *ptxBufLen, +- uint8_t hasle) +-{ +- smStatus_t apduStatus = SM_NOT_OK; +- sss_status_t sss_status = kStatus_SSS_Fail; +- uint8_t macToAdd[16]; +- size_t macLen = 16; +- size_t i = 0; +- +- Se05xApdu_t se05xApdu = {0}; +- +- se05xApdu.se05xTxBuf = txBuf; +- se05xApdu.se05xTxBufLen = *ptxBufLen; +- se05xApdu.se05xCmd_hdr = hdr; +- se05xApdu.se05xCmd = cmdApduBuf; +- se05xApdu.se05xCmdLen = cmdApduBufLen; +- +- /*Encrypt the Tx APDU */ +- sss_status = nxSCP03_Encrypt_CommandAPDU(pSession->pdynScp03Ctx, se05xApdu.se05xCmd, &(se05xApdu.se05xCmdLen)); +- ENSURE_OR_GO_CLEANUP(sss_status == kStatus_SSS_Success); +- +- if (pSession->hasSession) { +-#if SSSFTR_SE05X_AuthECKey || SSSFTR_SE05X_AuthSession +- /*With session Final wrapping handled by transcive +- * Copy the Wrapped header in the outhdr buffer */ +- outhdr->hdr[0] = kSE05x_CLA; +- outhdr->hdr[1] = kSE05x_INS_PROCESS; +- outhdr->hdr[2] = kSE05x_P1_DEFAULT; +- outhdr->hdr[3] = kSE05x_P2_DEFAULT; +- +- /* Add CMAC Length in SE05X command LC */ +- se05xApdu.se05xCmdLC = se05xApdu.se05xCmdLen + SCP_GP_IU_CARD_CRYPTOGRAM_LEN; +- se05xApdu.se05xCmdLCW = (se05xApdu.se05xCmdLC == 0) ? 0 : (((se05xApdu.se05xCmdLC < 0xFF) && !(hasle)) ? 1 : 3); +- +- se05xApdu.wsSe05x_tag1Len = sizeof(*(se05xApdu.se05xCmd_hdr)) + se05xApdu.se05xCmdLCW + se05xApdu.se05xCmdLC; +- se05xApdu.wsSe05x_tag1W = +- ((se05xApdu.wsSe05x_tag1Len <= 0x7F) ? 1 : (se05xApdu.wsSe05x_tag1Len <= 0xFF) ? 2 : 3); +- +- se05xApdu.wsSe05x_cmd = se05xApdu.se05xTxBuf; +- uint8_t *wsCmd = se05xApdu.wsSe05x_cmd; +- +- wsCmd[i++] = kSE05x_TAG_SESSION_ID; +- wsCmd[i++] = sizeof(pSession->value); +- memcpy(&wsCmd[i], pSession->value, sizeof(pSession->value)); +- i += sizeof(pSession->value); +- +- wsCmd[i++] = kSE05x_TAG_1; +- +- if (se05xApdu.wsSe05x_tag1W == 1) { +- wsCmd[i++] = (uint8_t)se05xApdu.wsSe05x_tag1Len; +- } +- else if (se05xApdu.wsSe05x_tag1W == 2) { +- wsCmd[i++] = (uint8_t)(0x80 /* Extended */ | 0x01 /* Additional Length */); +- wsCmd[i++] = (uint8_t)((se05xApdu.wsSe05x_tag1Len >> 0 * 8) & 0xFF); +- } +- else if (se05xApdu.wsSe05x_tag1W == 3) { +- wsCmd[i++] = (uint8_t)(0x80 /* Extended */ | 0x02 /* Additional Length */); +- wsCmd[i++] = (uint8_t)((se05xApdu.wsSe05x_tag1Len >> 8) & 0xFF); +- wsCmd[i++] = (uint8_t)((se05xApdu.wsSe05x_tag1Len) & 0xFF); +- } +- +- se05xApdu.wsSe05x_tag1Cmd = &wsCmd[i]; +- se05xApdu.wsSe05x_tag1CmdLen = +- sizeof(*(se05xApdu.se05xCmd_hdr)) + se05xApdu.se05xCmdLCW + se05xApdu.se05xCmdLen; +- +- memcpy(&wsCmd[i], se05xApdu.se05xCmd_hdr, sizeof(*(se05xApdu.se05xCmd_hdr))); +- /* Pad CLA byte with 0x04 to indicate use of SCP03*/ +- wsCmd[i] |= 0x04; +- i += sizeof(*(se05xApdu.se05xCmd_hdr)); +- +- // In case there is a payload, indicate how long it is +- // in Lc in the header. Do not include an Lc in case there +- //is no payload. +- if (se05xApdu.se05xCmdLCW > 0) { +- // The Lc field must be extended in case the length does not fit +- // into a single byte (Note, while the standard would allow to +- // encode 0x100 as 0x00 in the Lc field, nobody who is sane in his mind +- // would actually do that). +- if (se05xApdu.se05xCmdLCW == 1) { +- wsCmd[i++] = (uint8_t)se05xApdu.se05xCmdLC; +- } +- else { +- wsCmd[i++] = 0x00; +- wsCmd[i++] = 0xFFu & (se05xApdu.se05xCmdLC >> 8); +- wsCmd[i++] = 0xFFu & (se05xApdu.se05xCmdLC); +- } +- } +- memcpy(&wsCmd[i], se05xApdu.se05xCmd, se05xApdu.se05xCmdLen); +- i += se05xApdu.se05xCmdLen; +- se05xApdu.wsSe05x_cmdLen = i; +- se05xApdu.dataToMac = se05xApdu.wsSe05x_tag1Cmd; +- se05xApdu.dataToMacLen = se05xApdu.wsSe05x_tag1CmdLen; +-#endif +- } +- else { +- /* If there is no session create the tx buffer with SE05X command only*/ +- se05xApdu.se05xCmdLC = se05xApdu.se05xCmdLen + SCP_GP_IU_CARD_CRYPTOGRAM_LEN; +- se05xApdu.se05xCmdLCW = (se05xApdu.se05xCmdLC == 0) ? 0 : (((se05xApdu.se05xCmdLC < 0xFF) && !(hasle)) ? 1 : 3); +- +- se05xApdu.dataToMac = &txBuf[i]; /* Mac is calculated from this data */ +- se05xApdu.dataToMacLen = sizeof(*(se05xApdu.se05xCmd_hdr)) + se05xApdu.se05xCmdLCW + se05xApdu.se05xCmdLC - +- SCP_GP_IU_CARD_CRYPTOGRAM_LEN; +- +- memcpy(&txBuf[i], se05xApdu.se05xCmd_hdr, sizeof(*se05xApdu.se05xCmd_hdr)); +- txBuf[i] |= 0x4; +- i += sizeof(*se05xApdu.se05xCmd_hdr); +- +- if (se05xApdu.se05xCmdLCW > 0) { +- if (se05xApdu.se05xCmdLCW == 1) { +- txBuf[i++] = (uint8_t)se05xApdu.se05xCmdLC; +- } +- else { +- txBuf[i++] = 0x00; +- txBuf[i++] = 0xFFu & (se05xApdu.se05xCmdLC >> 8); +- txBuf[i++] = 0xFFu & (se05xApdu.se05xCmdLC); +- } +- } +- memcpy(&txBuf[i], se05xApdu.se05xCmd, se05xApdu.se05xCmdLen); +- i += se05xApdu.se05xCmdLen; +- } +- +- ///*Calculate MAC over encrypted APDU */ +- sss_status = nxpSCP03_CalculateMac_CommandAPDU( +- pSession->pdynScp03Ctx, se05xApdu.dataToMac, se05xApdu.dataToMacLen, macToAdd, &macLen); +- ENSURE_OR_GO_CLEANUP(sss_status == kStatus_SSS_Success); +- memcpy(&txBuf[i], macToAdd, SCP_GP_IU_CARD_CRYPTOGRAM_LEN); +- i += SCP_GP_IU_CARD_CRYPTOGRAM_LEN; +- +- if (!pSession->hasSession) { +- if (hasle) { +- txBuf[i++] = 0x00; +- txBuf[i++] = 0x00; +- } +- } +- se05xApdu.se05xTxBufLen = i; +- *ptxBufLen = se05xApdu.se05xTxBufLen; +- apduStatus = SM_OK; +-cleanup: +- return apduStatus; +-} +- +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_apis.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_apis.h +deleted file mode 100644 +index 02ce2e3183..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_apis.h ++++ /dev/null +@@ -1,1207 +0,0 @@ +-/* +- * +- * Copyright 2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-/* OK */ +-#else +-#error "Only with SE051 based build" +-#endif +- +-/** Se05x_API_AeadOneShot +- * +- * Authenticated encryption or decryption with associated data in one shot mode. +- * +- * The key object must be either an AES key or DES key. +- * +- * The AEADOneShot command returns the computed GMAC (when P2 equals +- * P2_ENCRYPT_ONESHOT) or indicates whether the GMAC is correct (when P2 equals +- * P2_DECRYPT_ONESHOT). The length of the GMAC is always 16 bytes when P2 equals +- * P2_ENCRYPT_ONESHOT. +- * +- * When P2 equals P2_DECRYPT_ONESHOT: +- * +- * * the minimum tag length to pass is 4 bytes. +- * +- * * when the GMAC tag is not correct, only the result will be returned, no output data will be present. +- * +- * Note: on applet v4.4.0, the maximum lengths are not yet enforced and might +- * differ from the values listed in the C-APDU. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+---------------------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +=========+===========================+================================================+ +- * | CLA | 0x80 | | +- * +---------+---------------------------+------------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +---------+---------------------------+------------------------------------------------+ +- * | P1 | P1_AEAD or P1_AEAD_INT_IV | See :cpp:type:`SE05x_P1_t` | +- * +---------+---------------------------+------------------------------------------------+ +- * | P2 | P2_ENCRYPT_ONESHOT or | See :cpp:type:`SE05x_P2_t` | +- * | | P2_DECRYPT_ONESHOT | | +- * +---------+---------------------------+------------------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+---------------------------+------------------------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte identifier of the AESKey Secure object. | +- * +---------+---------------------------+------------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte AEADMode | +- * +---------+---------------------------+------------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing input data. Maximum | +- * | | | length = 256 bytes. [Optional] | +- * +---------+---------------------------+------------------------------------------------+ +- * | | TLV[TAG_4] | Byte array containing Additional Authenticated | +- * | | | Data. Maximum length = 64 bytes. [Optional] | +- * +---------+---------------------------+------------------------------------------------+ +- * | | TLV[TAG_5] | Byte array containing an initialization vector | +- * | | | (if P1 equals P1_AEAD) or 2-byte value | +- * | | | containing the initialization vector length | +- * | | | (if P1 equals P1_AEAD_SP800_108). Maximum IV | +- * | | | length = 60 bytes. [Optional] | +- * | | | [Conditional: required when P1 equals | +- * | | | P1_AEAD_INT_IV] | +- * +---------+---------------------------+------------------------------------------------+ +- * | | TLV[TAG_6] | Byte array containing the GMAC tag to verify. | +- * | | | [Conditional: when P2 equals | +- * | | | P2_DECRYPT_ONESHOT] | +- * +---------+---------------------------+------------------------------------------------+ +- * | Le | 0x00 | Expecting return data. | +- * +---------+---------------------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+----------------------------------------------+ +- * | Value | Description | +- * +============+==============================================+ +- * | TLV[TAG_1] | Byte array containing output data. | +- * +------------+----------------------------------------------+ +- * | TLV[TAG_2] | Byte array containing tag (if P2 = | +- * | | P2_ENCRYPT_ONESHOT) or byte array containing | +- * | | Result (if P2 = P2_DECRYPT_ONESHOT) | +- * +------------+----------------------------------------------+ +- * | TLV[TAG_3] | Byte array containing the initialization | +- * | | vector (if P1 = P1_AEAD_INT_IV and P2 = | +- * | | P2_ENCRYPT_ONESHOT). | +- * +------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] objectID The object id +- * @param[in] cipherMode The cipher mode +- * @param[in] inputData The input data +- * @param[in] inputDataLen The input data length +- * @param[in] aad The aad +- * @param[in] aadLen The aad length +- * @param[in] IV The iv +- * @param[in] IVLen The iv length +- * @param tagData The tag data +- * @param tagDataLen The tag data length +- * @param outputData The output data +- * @param poutputDataLen The poutput data length +- * @param[in] operation The operation +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_AeadOneShot(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_CipherMode_t cipherMode, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *IV, +- size_t IVLen, +- uint8_t *tagData, +- size_t *tagDataLen, +- uint8_t *outputData, +- size_t *poutputDataLen, +- const SE05x_Cipher_Oper_OneShot_t operation); +- +-/** Se05x_API_AeadInit +- * +- * Initialize an authentication encryption or decryption with associated data. +- * The Crypto Object keeps the state of the AEAD operation until it's finalized +- * or deleted. Once the AEADFinal function is executed successfully, the Crypto +- * Object state returns to the state immediately after the previous AEADInit +- * function. +- * +- * When P1 equals P1_AEAD_INT_IV and P2 equals P1_ENCRYPT, TLV[TAG_5] must +- * includes the length of the initialization vector. In that case, the +- * initialization vector is generated internally and passed back in the response +- * command. When the device is in FIPS mode (see FIPS Compliance), P1 equal to +- * P1_AEAD will result in SW_CONDITIONS_NOT_SATISFIED. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+---------------------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +=========+===========================+================================================+ +- * | CLA | 0x80 | | +- * +---------+---------------------------+------------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +---------+---------------------------+------------------------------------------------+ +- * | P1 | P1_AEAD or P1_AEAD_INT_IV | See :cpp:type:`SE05x_P1_t` | +- * +---------+---------------------------+------------------------------------------------+ +- * | P2 | P2_ENCRYPT or P2_DECRYPT | See :cpp:type:`SE05x_P2_t` | +- * +---------+---------------------------+------------------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+---------------------------+------------------------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte identifier of the AESKey Secure object. | +- * +---------+---------------------------+------------------------------------------------+ +- * | | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +---------+---------------------------+------------------------------------------------+ +- * | | TLV[TAG_5] | Byte array containing the initialization | +- * | | | vector (if P1 equals P1_AEAD or P1 equals | +- * | | | P1_AEAD and P2 equals P2_DECRYPT) or 2-byte | +- * | | | value containing the initialization vector | +- * | | | length (if P1 equals P1_AEAD_INT_IV and P2 | +- * | | | equals P2_ENCRYPT) [Optional] | +- * | | | [Conditional: required when P1 equals | +- * | | | P1_AEAD_INT_IV and P2 equals P2_ENCRYPT] | +- * +---------+---------------------------+------------------------------------------------+ +- * | Le | - | | +- * +---------+---------------------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-----------------------------------------------+ +- * | Value | Description | +- * +============+===============================================+ +- * | TLV[TAG_3] | Byte array containing the used initialization | +- * | | vector. It remains valid until deselect, | +- * | | AEADInit, AEADFinal or AEADOneShot is called. | +- * | | [Conditional: Only when P1 equals | +- * | | P1_AEAD_INT_IV and P2 equals P2_ENCRYPT] | +- * +------------+-----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] objectID The object id +- * @param[in] cryptoObjectID The crypto object id +- * @param[in] pIV { parameter_description } +- * @param[in] IVLen The iv length +- * @param[in] operation The operation +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_AeadInit(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_CipherMode_t cipherMode, +- SE05x_CryptoObjectID_t cryptoObjectID, +- uint8_t *pIV, +- size_t IVLen, +- const SE05x_Cipher_Oper_t operation); +- +-/** Se05x_API_AeadCCMInit +- * +- * Initialize an authentication encryption or decryption with associated data. +- * The Crypto Object keeps the state of the AEAD operation until it's finalized +- * or deleted. Once the AEADFinal function is executed successfully, the Crypto +- * Object state returns to the state immediately after the previous AEADInit +- * function.AEAD in CCM mode. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+--------------------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +=========+==========================+================================================+ +- * | CLA | 0x80 | | +- * +---------+--------------------------+------------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +---------+--------------------------+------------------------------------------------+ +- * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | +- * +---------+--------------------------+------------------------------------------------+ +- * | P2 | P2_ENCRYPT or P2_DECRYPT | See :cpp:type:`SE05x_P2_t` | +- * +---------+--------------------------+------------------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+--------------------------+------------------------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte identifier of the AESKey Secure object. | +- * +---------+--------------------------+------------------------------------------------+ +- * | | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +---------+--------------------------+------------------------------------------------+ +- * | | TLV[TAG_5] | Byte array containing the initialization | +- * | | | vector [12 bytes until 60 bytes] or a 2-byte | +- * | | | value containing the initialization vector | +- * | | | length, depending on the AEADMode of the | +- * | | | Crypto Object. | +- * +---------+--------------------------+------------------------------------------------+ +- * | | TLV[TAG_6] | Byte array containing 2-byte AAD length. | +- * | | | [Conditional: needed if AEADMode equals | +- * | | | AES_CCM] | +- * +---------+--------------------------+------------------------------------------------+ +- * | | TLV[TAG_7] | Byte array containing 2-byte message length. | +- * | | | [Conditional: needed if AEADMode equals | +- * | | | AES_CCM] | +- * +---------+--------------------------+------------------------------------------------+ +- * | | TLV[TAG_8] | Byte array containing 2-byte tag size. | +- * | | | [Conditional: needed if AEADMode equals | +- * | | | AES_CCM]. | +- * +---------+--------------------------+------------------------------------------------+ +- * | Le | - | | +- * +---------+--------------------------+------------------------------------------------+ +- * @endrst +- * +- * +- * # R-APDU Body +- * NA +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] objectID The object id +- * @param[in] cryptoObjectID The crypto object id +- * @param[in] pIV { parameter_description } +- * @param[in] IVLen The iv length +- * @param[in] aadLen The aad length +- * @param[in] payloadLen The payloadLen length +- * @param[in] tagLen The tag length +- * @param[in] operation The operation +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_AeadCCMInit(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *pIV, +- size_t IVLen, +- size_t aadLen, +- size_t payloadLen, +- size_t tagLen, +- const SE05x_Cipher_Oper_t operation); +- +-/** +- * @brief Se05x_API_AeadCCMLastUpdate +- * +- * # Command to Applet +- * +- * @rst +- * +------------+---------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +============+===============+================================================+ +- * | CLA | 0x80 | | +- * +------------+---------------+------------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +------------+---------------+------------------------------------------------+ +- * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | +- * +------------+---------------+------------------------------------------------+ +- * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | +- * +------------+---------------+------------------------------------------------+ +- * | Lc | #(Payload) | | +- * +------------+---------------+------------------------------------------------+ +- * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +------------+---------------+------------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing input data | +- * | | | [Conditional: only when | +- * | | | TLV[TAG_4] is not present] | +- * | | | [Optional] | +- * +------------+---------------+------------------------------------------------+ +- * | Le | 0x00 | Expecting returned data. | +- * +------------+---------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * NA +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] cryptoObjectID The crypto object id +- * @param[in] pInputData The input data +- * @param[in] inputDataLen The input data length +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_AeadCCMLastUpdate( +- pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *pInputData, size_t inputDataLen); +- +-/** Se05x_API_AeadCCMFinal +- * +- * Finish a sequence of AES_CCM AEAD operations. +- * +- * # Command to Applet +- * +- * @rst +- * +------------+----------------------------------+---------------------------------+ +- * | Field | Value | Description | +- * +============+==================================+=================================+ +- * | CLA | 0x80 | | +- * +------------+----------------------------------+---------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +------------+----------------------------------+---------------------------------+ +- * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | +- * +------------+----------------------------------+---------------------------------+ +- * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | +- * +------------+----------------------------------+---------------------------------+ +- * | Lc | #(Payload) | | +- * +------------+----------------------------------+---------------------------------+ +- * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +------------+----------------------------------+---------------------------------+ +- * | TLV[TAG_6] | Byte array containing tag to | | +- * | | verify [Conditional] When the | | +- * | | mode is decrypt and verify (i.e. | | +- * | | AEADInit has been called with | | +- * | | P2 = P2_DECRYPT). | | +- * +------------+----------------------------------+---------------------------------+ +- * | Le | 0x00 | Expected returned data. | +- * +------------+----------------------------------+---------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+------------------------------------------------+ +- * | Value | Description | +- * +============+================================================+ +- * | TLV[TAG_1] | Output data | +- * | | | +- * +------------+------------------------------------------------+ +- * | TLV[TAG_2] | Byte array containing tag (if P2 = P2_ENCRYPT) | +- * | | or byte array containing Result (if P2 = | +- * | | P2_DECRYPT) | +- * +------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] cryptoObjectID The crypto object id +- * @param[out] pOutputData The output data +- * @param[out] pOutputLen The output length +- * @param tag The tag +- * @param tagLen The tag length +- * @param[in] operation The operation +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_AeadCCMFinal(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- uint8_t *pOutputData, +- size_t *pOutputLen, +- uint8_t *pTag, +- size_t *pTagLen, +- const SE05x_Cipher_Oper_t operation); +- +-/** Se05x_API_AeadUpdate_aad +- * +- * Update a Crypto Object of type CC_AEAD. +- * +- * The user either needs to send input data or Additional Authenticated Data +- * (AAD), but not both at once. +- * +- * # Command to Applet +- * +- * @rst +- * +------------+----------------------------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +============+==================================+================================================+ +- * | CLA | 0x80 | | +- * +------------+----------------------------------+------------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +------------+----------------------------------+------------------------------------------------+ +- * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | +- * +------------+----------------------------------+------------------------------------------------+ +- * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | +- * +------------+----------------------------------+------------------------------------------------+ +- * | Lc | #(Payload) | | +- * +------------+----------------------------------+------------------------------------------------+ +- * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +------------+----------------------------------+------------------------------------------------+ +- * | | TLV[TAG_4] | Byte array containing Additional Authenticated | +- * | | | Data. [Conditional: only when TLV[TAG_3] is | +- * | | | not present] [Optional] | +- * +------------+----------------------------------+------------------------------------------------+ +- * | Le | 0x00 | Expecting returned data. | +- * +------------+----------------------------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] cryptoObjectID The crypto object id +- * @param[in] pAadData The aad data +- * @param[in] aadDataLen The aad data length +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_AeadUpdate_aad( +- pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *pAadData, size_t aadDataLen); +- +-/** +- * @brief Se05x_API_AeadUpdate +- * +- * # Command to Applet +- * +- * @rst +- * +------------+---------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +============+===============+================================================+ +- * | CLA | 0x80 | | +- * +------------+---------------+------------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +------------+---------------+------------------------------------------------+ +- * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | +- * +------------+---------------+------------------------------------------------+ +- * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | +- * +------------+---------------+------------------------------------------------+ +- * | Lc | #(Payload) | | +- * +------------+---------------+------------------------------------------------+ +- * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +------------+---------------+------------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing input data | +- * | | | [Conditional: only when | +- * | | | TLV[TAG_4] is not present] | +- * | | | [Optional] | +- * +------------+---------------+------------------------------------------------+ +- * | Le | 0x00 | Expecting returned data. | +- * +------------+---------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+---------------------------------------+ +- * | Value | Description | +- * +============+=======================================+ +- * | TLV[TAG_1] | Output data [Conditional: only when | +- * | | TLV[TAG_3] is passed as input] | +- * +------------+---------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] cryptoObjectID The crypto object id +- * @param[in] pInputData The input data +- * @param[in] inputDataLen The input data length +- * @param pOutputData The output data +- * @param pOutputLen The output length +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_AeadUpdate(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *pInputData, +- size_t inputDataLen, +- uint8_t *pOutputData, +- size_t *pOutputLen); +- +-/** Se05x_API_AeadFinal +- * +- * Finish a sequence of AEAD operations. The AEADFinal command provides the +- * computed GMAC or indicates whether the GMAC is correct depending on the P2 +- * parameters passed during AEADInit. The length of the GMAC is always 16 bytes +- * when P2 equals P2_ENCRYPT. When P2 equals P2_DECRYPT, the minimum tag length +- * to pass is 4 bytes. +- * +- * # Command to Applet +- * +- * @rst +- * +------------+----------------------------------+---------------------------------+ +- * | Field | Value | Description | +- * +============+==================================+=================================+ +- * | CLA | 0x80 | | +- * +------------+----------------------------------+---------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +------------+----------------------------------+---------------------------------+ +- * | P1 | P1_AEAD | See :cpp:type:`SE05x_P1_t` | +- * +------------+----------------------------------+---------------------------------+ +- * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | +- * +------------+----------------------------------+---------------------------------+ +- * | Lc | #(Payload) | | +- * +------------+----------------------------------+---------------------------------+ +- * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +------------+----------------------------------+---------------------------------+ +- * | TLV[TAG_6] | Byte array containing tag to | | +- * | | verify [Conditional] When the | | +- * | | mode is decrypt and verify (i.e. | | +- * | | AEADInit has been called with | | +- * | | P2 = P2_DECRYPT). | | +- * +------------+----------------------------------+---------------------------------+ +- * | Le | 0x00 | Expected returned data. | +- * +------------+----------------------------------+---------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+------------------------------------------------+ +- * | Value | Description | +- * +============+================================================+ +- * | TLV[TAG_2] | Byte array containing tag (if P2 = P2_ENCRYPT) | +- * | | or byte array containing Result (if P2 = | +- * | | P2_DECRYPT) | +- * +------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] cryptoObjectID The crypto object id +- * @param tag The tag +- * @param tagLen The tag length +- * @param[in] operation The operation +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_AeadFinal(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- uint8_t *tag, +- size_t *tagLen, +- const SE05x_Cipher_Oper_t operation); +- +-/** Se05x_API_DisableObjCreation +- * +- * +- * # Command to Applet +- * +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] lockIndicator [1:kSE05x_TAG_1] +- * @param[in] restrictMode [2:kSE05x_TAG_2] +- */ +-smStatus_t Se05x_API_DisableObjCreation( +- pSe05xSession_t session_ctx, SE05x_LockIndicator_t lockIndicator, SE05x_RestrictMode_t restrictMode); +- +-/** Se05x_API_ReadObjectAttributes +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID object id [1:kSE05x_TAG_1] +- * @param[out] data [0:kSE05x_TAG_2] +- * @param[in,out] pdataLen Length for data +- */ +-smStatus_t Se05x_API_ReadObjectAttributes( +- pSe05xSession_t session_ctx, uint32_t objectID, uint8_t *data, size_t *pdataLen); +- +-/** Se05x_API_TriggerSelfTest +- * +- * Trigger a system health check for the system. When calling this command, a self-test is +- * triggered in the operating system. When the test fails, the device might not respond with +- * a R-APDU as the chip is reset. +- * If HealthCheckMode is set to HCM_FIPS, the test will only work if the device is running in +- * FIPS approved mode of operation. +- * +- * # Command to Applet +- * +- * +- * @rst +- * +------------+---------------------------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +============+=================================+================================================+ +- * | CLA | 0x80 | | +- * +------------+---------------------------------+------------------------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t`. In addition to | +- * | | | INS_CRYPTO, users can set the INS_ATTEST | +- * | | | flag. In that case, attestation applies. | +- * +------------+---------------------------------+------------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +------------+---------------------------------+------------------------------------------------+ +- * | P2 | P2_SANITY | See :cpp:type:`SE05x_P2_t` | +- * +------------+---------------------------------+------------------------------------------------+ +- * | Lc | #(Payload) | Payload length | +- * +------------+---------------------------------+------------------------------------------------+ +- * | Payload | TLV[TAG_1] | 2-byte value from HealthCheckMode | +- * +------------+---------------------------------+------------------------------------------------+ +- * | Le | 0x00 | 2-byte response + attested data (if INS_ATTEST | +- * | | | is set). | +- * +------------+---------------------------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * +- * @rst +- * +------------+------------------------------------------------+ +- * | Value | Description | +- * +============+================================================+ +- * | TLV[TAG_1] | TLV containing 1-byte Result. | +- * +------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] HealthCheckMode The health check mode +- * @param result The result of Self Test +- * +- * @return The sm status. +- */ +- +-smStatus_t Se05x_API_TriggerSelfTest( +- pSe05xSession_t session_ctx, SE05x_HealthCheckMode_t healthCheckMode, uint8_t *result); +- +-/** Se05x_API_TriggerSelfTest_W_Attst +- * +- * Trigger a system health check for the system. When calling this command, a self-test is +- * triggered in the operating system. When the test fails, the device might not respond with +- * a R-APDU as the chip is reset. +- * If HealthCheckMode is set to HCM_FIPS, the test will only work if the device is running in +- * FIPS approved mode of operation. +- * +- * # Command to Applet +- * +- * +- * @rst +- * +------------+---------------------------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +============+=================================+================================================+ +- * | CLA | 0x80 | | +- * +------------+---------------------------------+------------------------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t`. In addition to | +- * | | | INS_CRYPTO, users can set the INS_ATTEST | +- * | | | flag. In that case, attestation applies. | +- * +------------+---------------------------------+------------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +------------+---------------------------------+------------------------------------------------+ +- * | P2 | P2_SANITY | See :cpp:type:`SE05x_P2_t` | +- * +------------+---------------------------------+------------------------------------------------+ +- * | Lc | #(Payload) | Payload length | +- * +------------+---------------------------------+------------------------------------------------+ +- * | Payload | TLV[TAG_1] | 2-byte value from HealthCheckMode | +- * +------------+---------------------------------+------------------------------------------------+ +- * | TLV[TAG_5] | 4-byte attestation object | | +- * | | identifier. [Optional] | | +- * | | [Conditional: only when | | +- * | | INS_ATTEST is set] | | +- * +------------+---------------------------------+------------------------------------------------+ +- * | TLV[TAG_6] | 1-byte AttestationAlgo | | +- * | | [Optional] [Conditional: only | | +- * | | when INS_ATTEST is set] | | +- * +------------+---------------------------------+------------------------------------------------+ +- * | TLV[TAG_7] | 16-byte freshness random | | +- * | | [Optional] [Conditional: only | | +- * | | when INS_ATTEST is set] | | +- * +------------+---------------------------------+------------------------------------------------+ +- * | Le | 0x00 | 2-byte response + attested data (if INS_ATTEST | +- * | | | is set). | +- * +------------+---------------------------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * +- * @rst +- * +------------+------------------------------------------------+ +- * | Value | Description | +- * +============+================================================+ +- * | TLV[TAG_1] | TLV containing 1-byte Result. | +- * +------------+------------------------------------------------+ +- * | TLV[TAG_3] | TLV containing 12-byte timestamp | +- * | | [Conditional: only when C-APDU contains | +- * | | INS_ATTEST] | +- * +------------+------------------------------------------------+ +- * | TLV[TAG_4] | TLV containing 16-byte freshness (random) | +- * | | [Conditional: only when C-APDU contains | +- * | | INS_ATTEST] | +- * +------------+------------------------------------------------+ +- * | TLV[TAG_5] | TLV containing 18-byte chip unique ID | +- * | | [Conditional: only when C-APDU contains | +- * | | INS_ATTEST] | +- * +------------+------------------------------------------------+ +- * | TLV[TAG_6] | TLV containing signature over the concatenated | +- * | | values of TLV[TAG_1], TLV[TAG_3], TLV[TAG_4] | +- * | | and TLV[TAG_5]. [Conditional: only when | +- * | | C-APDU contains INS_ATTEST] | +- * +------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] HealthCheckMode The health check mode +- * @param[in] attestID The attest id +- * @param[in] attestAlgo The attest algorithm +- * @param[in] random The random +- * @param[in] randomLen The random length +- * @param result The result of Self Test +- * @param ptimeStamp The ptime stamp +- * @param outrandom The outrandom +- * @param poutrandomLen The poutrandom length +- * @param chipId The chip identifier +- * @param pchipIdLen The pchip identifier length +- * @param signature The signature +- * @param psignatureLen The psignature length +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_TriggerSelfTest_W_Attst(pSe05xSession_t session_ctx, +- SE05x_HealthCheckMode_t healthCheckMode, +- uint32_t attestID, +- SE05x_AttestationAlgo_t attestAlgo, +- const uint8_t *random, +- size_t randomLen, +- uint8_t *result, +- SE05x_TimeStamp_t *ptimeStamp, +- uint8_t *outrandom, +- size_t *poutrandomLen, +- uint8_t *chipId, +- size_t *pchipIdLen, +- uint8_t *signature, +- size_t *psignatureLen); +- +-/** Se05x_API_ECDHGenerateSharedSecret_InObject +- * +- * See @ref Se05x_API_ECDHGenerateSharedSecret +- * +- */ +-smStatus_t Se05x_API_ECDHGenerateSharedSecret_InObject(pSe05xSession_t session_ctx, +- uint32_t objectID, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- uint32_t sharedSecretID, +- uint8_t invertEndianness); +- +-/* +-* @param[in] session_ctx Session Context[0:kSE05x_pSession] +-* @param[in] keyPairId keyPairId[1:kSE05x_TAG_1] +-* @param[in] pskId pskId[2:kSE05x_TAG_2] +-* @param[in] hmacKeyId hmacKeyId[3:kSE05x_TAG_3] +-* @param[in] inputData inputData[4:kSE05x_TAG_4] +-* @param[in] inputDataLen Length of inputData +-* @param[in] clientVersion client version[6:kSE05x_TAG_6] +-* @param[in] clientVersionLen Length of client version +-*/ +- +-smStatus_t Se05x_API_TLSCalculateRsaPreMasterSecret(pSe05xSession_t session_ctx, +- uint32_t keyPairId, +- uint32_t pskId, +- uint32_t hmacKeyId, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *clientVersion, +- size_t clientVersionLen); +- +-/** Se05x_API_WriteRSAKey_Ver +-* +-* See @ref Se05x_API_WriteRSAKey. Also allows to set key version (4 bytes). +-* +-*/ +-smStatus_t Se05x_API_WriteRSAKey_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t size, +- const uint8_t *p, +- size_t pLen, +- const uint8_t *q, +- size_t qLen, +- const uint8_t *dp, +- size_t dpLen, +- const uint8_t *dq, +- size_t dqLen, +- const uint8_t *qInv, +- size_t qInvLen, +- const uint8_t *pubExp, +- size_t pubExpLen, +- const uint8_t *priv, +- size_t privLen, +- const uint8_t *pubMod, +- size_t pubModLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- const SE05x_RSAKeyFormat_t rsa_format, +- uint32_t version); +- +-/** Se05x_API_UpdateRSAKey_Ver +-* +-* See @ref Se05x_API_WriteRSAKey. Also allows to set key version (4 bytes). +-* Called to update the value of already existing object. If policy is passed, +-* it should match with existing policy on object. +-*/ +-smStatus_t Se05x_API_UpdateRSAKey_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t size, +- const uint8_t *p, +- size_t pLen, +- const uint8_t *q, +- size_t qLen, +- const uint8_t *dp, +- size_t dpLen, +- const uint8_t *dq, +- size_t dqLen, +- const uint8_t *qInv, +- size_t qInvLen, +- const uint8_t *pubExp, +- size_t pubExpLen, +- const uint8_t *priv, +- size_t privLen, +- const uint8_t *pubMod, +- size_t pubModLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- const SE05x_RSAKeyFormat_t rsa_format, +- uint32_t version); +- +-#define Se05x_API_WriteECKey_with_version Se05x_API_WriteECKey_Ver +-/** Se05x_API_WriteECKey_Ver +-* +-* See @ref Se05x_API_WriteECKey. Also allows to set key version (4 bytes). +-* +-*/ +-smStatus_t Se05x_API_WriteECKey_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_ECCurve_t curveID, +- const uint8_t *privKey, +- size_t privKeyLen, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- uint32_t version); +- +-/** Se05x_API_UpdateECKey_Ver +-* +-* See @ref Se05x_API_WriteECKey. Also allows to set key version (4 bytes). +-* Called to update the value of already existing object. If policy is passed, +-* it should match with existing policy on object. +-*/ +-smStatus_t Se05x_API_UpdateECKey_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_ECCurve_t curveID, +- const uint8_t *privKey, +- size_t privKeyLen, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- uint32_t version); +- +-/** Se05x_API_WriteSymmKey_Ver +-* +-* See @ref Se05x_API_WriteSymmKey. Also allows to set key version (4 bytes). +-* +-*/ +-smStatus_t Se05x_API_WriteSymmKey_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_KeyID_t kekID, +- const uint8_t *keyValue, +- size_t keyValueLen, +- const SE05x_INS_t ins_type, +- const SE05x_SymmKeyType_t type, +- uint32_t version); +- +-/** Se05x_API_UpdateSymmKey_Ver +-* +-* See @ref Se05x_API_WriteSymmKey. Also allows to set key version (4 bytes). +-* Called to update the value of already existing object. If policy is passed, +-* it should match with existing policy on object. +-*/ +-smStatus_t Se05x_API_UpdateSymmKey_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_KeyID_t kekID, +- const uint8_t *keyValue, +- size_t keyValueLen, +- const SE05x_INS_t ins_type, +- const SE05x_SymmKeyType_t type, +- uint32_t version); +- +-/** Se05x_API_WriteBinary_Ver +-* +-* See @ref Se05x_API_WriteBinary. Also allows to set key version (4 bytes). +-* +-*/ +-smStatus_t Se05x_API_WriteBinary_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t offset, +- uint16_t length, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint32_t version); +- +-/** Se05x_API_UpdateBinary_Ver +-* +-* See @ref Se05x_API_WriteBinary. Also allows to set key version (4 bytes). +-* Called to update the value of already existing object. If policy is passed, +-* it should match with existing policy on object. +-* +-*/ +-smStatus_t Se05x_API_UpdateBinary_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t offset, +- uint16_t length, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint32_t version); +- +-/** Se05x_API_ReadState +-* +-* +-* # Command to Applet +-* +-* +-* # R-APDU Body +-* +-* NA +-* +-* # R-APDU Trailer +-* +-* +-* +-* +-* @param[in] session_ctx Session Context [0:kSE05x_pSession] +-* @param[out] pstateValues [1:kSE05x_TAG_1] +-*/ +-smStatus_t Se05x_API_ReadState(pSe05xSession_t session_ctx, uint8_t *pstateValues, size_t *pstateValuesLen); +- +-/** Se05x_API_GetExtVersion +-* +-* Gets the applet extended version information. +-* +-* This will return 37-byte VersionInfo (including major, minor and patch version +-* of the applet, supported applet features and secure box version). +-* +-* # Command to Applet +-* +-* @rst +-* +-------+------------------------------+----------------------------------------------+ +-* | Field | Value | Description | +-* +=======+==============================+==============================================+ +-* | CLA | 0x80 | | +-* +-------+------------------------------+----------------------------------------------+ +-* | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +-* +-------+------------------------------+----------------------------------------------+ +-* | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +-* +-------+------------------------------+----------------------------------------------+ +-* | P2 | P2_VERSION or P2_VERSION_EXT | See :cpp:type:`SE05x_P2_t` | +-* +-------+------------------------------+----------------------------------------------+ +-* | Lc | #(Payload) | | +-* +-------+------------------------------+----------------------------------------------+ +-* | Le | 0x00 | Expecting TLV with 7-byte data (when P2 = | +-* | | | P2_VERSION) or a TLV with 37 byte data (when | +-* | | | P2= P2_VERSION_EXT). | +-* +-------+------------------------------+----------------------------------------------+ +-* @endrst +-* +-* +-* # R-APDU Body +-* +-* @rst +-* +------------+------------------------------------------------+ +-* | Value | Description | +-* +============+================================================+ +-* | TLV[TAG_1] | 7-byte :cpp:type:`VersionInfoRef` (if P2 = | +-* | | P2_VERSION) or 7-byte VersionInfo followed by | +-* | | 30 bytes extendedFeatureBits (if P2 = | +-* | | P2_VERSION_EXT) | +-* +------------+------------------------------------------------+ +-* @endrst +-* +-* # R-APDU Trailer +-* +-* @rst +-* +-------------+--------------------------------+ +-* | SW | Description | +-* +=============+================================+ +-* | SW_NO_ERROR | Data is returned successfully. | +-* +-------------+--------------------------------+ +-* @endrst +-* +-* @param[in] session_ctx The session context +-* @param pappletVersion The papplet version +-* @param appletVersionLen The applet version length +-* +-* @return The sm status. +-*/ +-smStatus_t Se05x_API_GetExtVersion(pSe05xSession_t session_ctx, uint8_t *pappletVersion, size_t *appletVersionLen); +- +-/**Se05x_API_SendCardManagerCmd +-* +-* Sends a command to the Card Manager. +-* +-* This APDU will send command to Card Manager +-* +-* # Command to Card Manager +-* +-* @rst +-* +---------+---------------+--------------------------------------+ +-* | Field | Value | Description | +-* +=========+===============+======================================+ +-* | CLA | 0x80 | | +-* +---------+---------------+--------------------------------------+ +-* | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +-* +---------+---------------+--------------------------------------+ +-* | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +-* +---------+---------------+--------------------------------------+ +-* | P2 | P2_CM_COMMAND | See :cpp:type:`SE05x_P2_t` | +-* +---------+---------------+--------------------------------------+ +-* | Lc | #(Payload) | Payload length | +-* +---------+---------------+--------------------------------------+ +-* | Payload | TLV[TAG_1] | APDU to be sent to the Card Manager. | +-* +---------+---------------+--------------------------------------+ +-* | Le | 0x00 | Expected response length | +-* +---------+---------------+--------------------------------------+ +-* @endrst +-* +-* # R-APDU Body +-* +-* @rst +-* +------------+----------------------------------------+ +-* | Value | Description | +-* +============+========================================+ +-* | TLV[TAG_1] | Byte array containing the Card Manager | +-* | | response. | +-* +------------+----------------------------------------+ +-* @endrst +-* +-* # R-APDU Trailer +-* +-* @rst +-* +-------------+--------------------------------------+ +-* | SW | Description | +-* +=============+======================================+ +-* | SW_NO_ERROR | The command is handled successfully. | +-* +-------------+--------------------------------------+ +-* @endrst +-* +-* @param[in] session_ctx The session context +-* @param[in] pCmdData The command input data +-* @param[in] cmdDataLen The command input data length +-* @param[out] pOutputData The response data +-* @param[out] pOutputDataLen The response data length +-* +-* @return The sm status. +-*/ +-smStatus_t Se05x_API_SendCardManagerCmd( +- pSe05xSession_t session_ctx, uint8_t *pCmdData, size_t cmdDataLen, uint8_t *pOutputData, size_t *pOutputDataLen); +- +-/** Se05x_API_UpdatePCR +-* +-* See @ref Se05x_API_WritePCR. +-* Called to update the value of already existing object. If policy is passed, +-* it should match with existing policy on object. +-*/ +-smStatus_t Se05x_API_UpdatePCR( +- pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t pcrID, const uint8_t *inputData, size_t inputDataLen); +- +-/** Se05x_API_UpdateCounter +-* +-* See @ref Se05x_API_SetCounterValue. +-* Called to update the value of already existing object. If policy is passed, +-* it should match with existing policy on object. +-*/ +-smStatus_t Se05x_API_UpdateCounter( +- pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t objectID, uint16_t size, uint64_t value); +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_impl.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_impl.h +deleted file mode 100644 +index ac531d92be..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_04_xx_APDU_impl.h ++++ /dev/null +@@ -1,1535 +0,0 @@ +-/* +- * Copyright 2020 NXP +- * +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#include +-#include +-#include +- +-#if defined(NONSECURE_WORLD) +-#include "veneer_printf_table.h" +-#endif +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-/* OK */ +-#else +-#error "Only with SE051 based build" +-#endif +- +-#ifndef NEWLINE +-#define NEWLINE must be already defined +-#endif +- +-smStatus_t Se05x_API_AeadOneShot(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_CipherMode_t cipherMode, +- const uint8_t *pInputData, +- size_t inputDataLen, +- const uint8_t *pAad, +- size_t aadLen, +- uint8_t *pIV, +- size_t IVLen, +- uint8_t *pTagData, +- size_t *pTagDataLen, +- uint8_t *pOutputData, +- size_t *pOutputDataLen, +- const SE05x_Cipher_Oper_OneShot_t operation) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, operation}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +- SE05x_Result_t result; +- uint16_t ivlen16 = (uint16_t)IVLen; +- size_t ivlen32 = IVLen; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "AeadOneShot []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_CipherMode("cipherMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cipherMode); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, pInputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("AdditionalData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pAad, aadLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- +- if ((cipherMode == kSE05x_CipherMode_AES_GCM) || +- ((cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV) && (operation == kSE05x_Cipher_Oper_OneShot_Decrypt))) { +- tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, pIV, IVLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- else { +- tlvRet = TLVSET_U16("IVLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, ivlen16); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- if (operation == kSE05x_Cipher_Oper_OneShot_Decrypt) { +- tlvRet = TLVSET_u8bufOptional("tag", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, pTagData, *pTagDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- if (inputDataLen != 0) { +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- if (operation == kSE05x_Cipher_Oper_OneShot_Encrypt) { +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pTagData, pTagDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- if (operation == kSE05x_Cipher_Oper_OneShot_Decrypt) { +- tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, &result); +- if (0 != tlvRet) { +- goto cleanup; +- } +- if (result != kSE05x_Result_SUCCESS) { +- goto cleanup; +- } +- } +- if ((operation == kSE05x_Cipher_Oper_OneShot_Encrypt) && (cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV)) { +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, pIV, &ivlen32); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_AeadInit(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_CipherMode_t cipherMode, +- SE05x_CryptoObjectID_t cryptoObjectID, +- uint8_t *pIV, +- size_t IVLen, +- const SE05x_Cipher_Oper_t operation) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, operation}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +- uint16_t ivlen16 = (uint16_t)IVLen; +- size_t ivlen32 = IVLen; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "AeadInit []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((cipherMode == kSE05x_CipherMode_AES_GCM) || +- ((cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV) && (operation == kSE05x_Cipher_Oper_Decrypt))) { +- tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, pIV, IVLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- else { +- tlvRet = TLVSET_U16("IVLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, ivlen16); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- if ((cipherMode == kSE05x_CipherMode_AES_GCM) || +- ((cipherMode == kSE05x_CipherMode_AES_GCM_INT_IV) && (operation == kSE05x_Cipher_Oper_Decrypt))) { +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- } +- else { +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pIV, &ivlen32); +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- } +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_AeadCCMInit(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *pIV, +- size_t IVLen, +- size_t aadLen, +- size_t payloadLen, +- size_t tagLen, +- const SE05x_Cipher_Oper_t operation) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, operation}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint16_t aadLen16 = (uint16_t)aadLen; +- uint16_t payloadLen16 = (uint16_t)payloadLen; +- uint16_t tagLen16 = (uint16_t)tagLen; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "AeadCCMInit []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, pIV, IVLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16("aadLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, aadLen16); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16("payloadLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, payloadLen16); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16("tagLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_8, tagLen16); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_AeadUpdate_aad( +- pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *pAadData, size_t aadDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_UPDATE}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "AeadUpdate_aad []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("aad", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pAadData, aadDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_AeadUpdate(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *pInputData, +- size_t inputDataLen, +- uint8_t *pOutputData, +- size_t *pOutputLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_UPDATE}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "AeadUpdate []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, pInputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_AeadCCMLastUpdate( +- pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *pInputData, size_t inputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_UPDATE}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "AeadUpdate []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, pInputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_AeadCCMFinal(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- uint8_t *pOutputData, +- size_t *pOutputLen, +- uint8_t *pTag, +- size_t *pTagLen, +- const SE05x_Cipher_Oper_t operation) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_FINAL}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +- size_t tagLen = *pTagLen; +- SE05x_Result_t result; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "AeadFinal []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- if (operation == kSE05x_Cipher_Oper_Decrypt) { +- tlvRet = TLVSET_u8bufOptional("tag", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, pTag, tagLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- if (operation == kSE05x_Cipher_Oper_Encrypt) { +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pTag, pTagLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- if (operation == kSE05x_Cipher_Oper_Decrypt) { +- tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, &result); +- if (0 != tlvRet) { +- goto cleanup; +- } +- +- if (result != kSE05x_Result_SUCCESS) { +- goto cleanup; +- } +- } +- +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_AeadFinal(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- uint8_t *pTag, +- size_t *pTagLen, +- const SE05x_Cipher_Oper_t operation) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_AEAD, kSE05x_P2_FINAL}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +- size_t tagLen = *pTagLen; +- SE05x_Result_t result; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "AeadFinal []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- if (operation == kSE05x_Cipher_Oper_Decrypt) { +- tlvRet = TLVSET_u8bufOptional("tag", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, pTag, tagLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- if (operation == kSE05x_Cipher_Oper_Encrypt) { +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pTag, pTagLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- if (operation == kSE05x_Cipher_Oper_Decrypt) { +- tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, &result); +- if (0 != tlvRet) { +- goto cleanup; +- } +- if (result != kSE05x_Result_SUCCESS) { +- goto cleanup; +- } +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DisableObjCreation( +- pSe05xSession_t session_ctx, SE05x_LockIndicator_t lockIndicator, SE05x_RestrictMode_t restrictMode) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_RESTRICT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DisableObjCreation []"); +-#endif /* VERBOSE_APDU_LOGS */ +- +- tlvRet = TLVSET_U8("lockIndicator", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, lockIndicator); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U8("restrictMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, restrictMode); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_TriggerSelfTest( +- pSe05xSession_t session_ctx, SE05x_HealthCheckMode_t healthCheckMode, uint8_t *result) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SANITY}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "TriggerSelfTest []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U16("health check mode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, healthCheckMode); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, result); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_TriggerSelfTest_W_Attst(pSe05xSession_t session_ctx, +- SE05x_HealthCheckMode_t healthCheckMode, +- uint32_t attestID, +- SE05x_AttestationAlgo_t attestAlgo, +- const uint8_t *random, +- size_t randomLen, +- uint8_t *result, +- SE05x_TimeStamp_t *ptimeStamp, +- uint8_t *outrandom, +- size_t *poutrandomLen, +- uint8_t *chipId, +- size_t *pchipIdLen, +- uint8_t *signature, +- size_t *psignatureLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT | kSE05x_INS_ATTEST, kSE05x_P1_DEFAULT, kSE05x_P2_SANITY}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "TriggerSelfTest []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U16("health check mode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, healthCheckMode); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("attestID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, attestID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U8("attestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, attestAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8buf("random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, random, randomLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, result); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, outrandom, poutrandomLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ReadObjectAttributes( +- pSe05xSession_t session_ctx, uint32_t objectID, uint8_t *data, size_t *pdataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_ATTRIBUTES}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ReadObjectAttributes []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, data, pdataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ReadObjectAttributes_W_Attst(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint32_t attestID, +- SE05x_AttestationAlgo_t attestAlgo, +- const uint8_t *random, +- size_t randomLen, +- uint8_t *data, +- size_t *pdataLen, +- SE05x_TimeStamp_t *ptimeStamp, +- uint8_t *outrandom, +- size_t *poutrandomLen, +- uint8_t *chipId, +- size_t *pchipIdLen, +- uint8_t *signature, +- size_t *psignatureLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ_With_Attestation, kSE05x_P1_DEFAULT, kSE05x_P2_ATTRIBUTES}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ReadObjectAttributes_W_Attst []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("attestID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, attestID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_AttestationAlgo("attestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, attestAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, random, randomLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, data, pdataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, outrandom, poutrandomLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ECDHGenerateSharedSecret_InObject(pSe05xSession_t session_ctx, +- uint32_t objectID, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- uint32_t sharedSecretID, +- uint8_t invertEndianness) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = { +- {kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_EC, invertEndianness == 0x01 ? kSE05x_P2_DH_REVERSE : kSE05x_P2_DH}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ECDHGenerateSharedSecret []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, pubKey, pubKeyLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("sharedSecretID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, sharedSecretID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- if (2 == rspbufLen) { +- retStatus = (rspbuf[0] << 8) | (rspbuf[1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_TLSCalculateRsaPreMasterSecret(pSe05xSession_t session_ctx, +- uint32_t keyPairId, +- uint32_t pskId, +- uint32_t hmacKeyId, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *clientVersion, +- size_t clientVersionLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_TLS, kSE05x_P2_TLS_PMS}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "TLSCalculateRsaPreMasterSecret []"); +-#endif /* VERBOSE_APDU_LOGS */ +- if (pskId != 0) { +- tlvRet = TLVSET_U32("pskId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pskId); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- tlvRet = TLVSET_U32("keyPairId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, keyPairId); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("hmacKeyId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, hmacKeyId); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("clientVersion", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, clientVersion, clientVersionLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_WriteRSAKey_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t size, +- const uint8_t *p, +- size_t pLen, +- const uint8_t *q, +- size_t qLen, +- const uint8_t *dp, +- size_t dpLen, +- const uint8_t *dq, +- size_t dqLen, +- const uint8_t *qInv, +- size_t qInvLen, +- const uint8_t *pubExp, +- size_t pubExpLen, +- const uint8_t *priv, +- size_t privLen, +- const uint8_t *pubMod, +- size_t pubModLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- const SE05x_RSAKeyFormat_t rsa_format, +- uint32_t version) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_RSA | key_part, rsa_format}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_WriteRSAKey_Ver []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("To be Checked(last 3 not pdf)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("size in bits", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, size); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("p", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, p, pLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("q", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, q, qLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("dp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, dp, dpLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("dq", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, dq, dqLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("qnv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, qInv, qInvLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("public exp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_8, pubExp, pubExpLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("priv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_9, priv, privLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("public mod", &pCmdbuf, &cmdbufLen, kSE05x_TAG_10, pubMod, pubModLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_WriteECKey_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_ECCurve_t curveID, +- const uint8_t *privKey, +- size_t privKeyLen, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- uint32_t version) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_EC | key_part, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_WriteECKey_Ver []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_ECCurve("curveID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, curveID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("privKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, privKey, privKeyLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pubKey, pubKeyLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_WriteSymmKey_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_KeyID_t kekID, +- const uint8_t *keyValue, +- size_t keyValueLen, +- const SE05x_INS_t ins_type, +- const SE05x_SymmKeyType_t type, +- uint32_t version) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, type, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_WriteSymmKey_Ver []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_KeyID("KEK id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, kekID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("key value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, keyValue, keyValueLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_WriteBinary_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t offset, +- uint16_t length, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint32_t version) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_BINARY, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_WriteBinary_Ver []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("input data", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ReadState(pSe05xSession_t session_ctx, uint8_t *pstateValues, size_t *pstateValuesLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_READ_STATE}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ReadState []"); +-#endif /* VERBOSE_APDU_LOGS */ +- retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pstateValues, pstateValuesLen); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_GetExtVersion(pSe05xSession_t session_ctx, uint8_t *pappletVersion, size_t *appletVersionLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_VERSION_EXT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "GetVersion []"); +-#endif /* VERBOSE_APDU_LOGS */ +- retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pappletVersion, appletVersionLen); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_SendCardManagerCmd( +- pSe05xSession_t session_ctx, uint8_t *pCmdData, size_t cmdDataLen, uint8_t *pOutputData, size_t *pOutputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_CM_COMMAND}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "SendCardManagerCmd []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_u8bufOptional("cmdData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pCmdData, cmdDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pOutputData, pOutputDataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_UpdateRSAKey_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t size, +- const uint8_t *p, +- size_t pLen, +- const uint8_t *q, +- size_t qLen, +- const uint8_t *dp, +- size_t dpLen, +- const uint8_t *dq, +- size_t dqLen, +- const uint8_t *qInv, +- size_t qInvLen, +- const uint8_t *pubExp, +- size_t pubExpLen, +- const uint8_t *priv, +- size_t privLen, +- const uint8_t *pubMod, +- size_t pubModLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- const SE05x_RSAKeyFormat_t rsa_format, +- uint32_t version) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_RSA | key_part, rsa_format}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdateRSAKey_Ver []"); +-#endif /* VERBOSE_APDU_LOGS */ +- /* Tag policy Check is not applicable for Generate key */ +- if (((p != NULL) && (pLen != 0)) || ((pubExp != NULL) && (pubExpLen != 0)) || ((priv != NULL) && (privLen != 0))) { +- tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("size in bits", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, size); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("p", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, p, pLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("q", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, q, qLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("dp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, dp, dpLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("dq", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, dq, dqLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("qnv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, qInv, qInvLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("public exp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_8, pubExp, pubExpLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("priv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_9, priv, privLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("public mod", &pCmdbuf, &cmdbufLen, kSE05x_TAG_10, pubMod, pubModLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_UpdateECKey_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_ECCurve_t curveID, +- const uint8_t *privKey, +- size_t privKeyLen, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- uint32_t version) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_EC | key_part, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdateECKey_Ver []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); +- if (0 != tlvRet) { +- goto cleanup; +- } +- +- /* Tag policy Check is not applicable for Generate key */ +- if (((privKey != NULL) && (privKeyLen != 0)) || ((pubKey != NULL) && (pubKeyLen != 0))) { +- tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_ECCurve("curveID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, curveID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("privKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, privKey, privKeyLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pubKey, pubKeyLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_UpdateBinary_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t offset, +- uint16_t length, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint32_t version) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_BINARY, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdateBinary_Ver []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("input data", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_UpdateSymmKey_Ver(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_KeyID_t kekID, +- const uint8_t *keyValue, +- size_t keyValueLen, +- const SE05x_INS_t ins_type, +- const SE05x_SymmKeyType_t type, +- uint32_t version) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, type, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdateSymmKey_Ver []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_KeyID("KEK id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, kekID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("key value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, keyValue, keyValueLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("version", &pCmdbuf, &cmdbufLen, kSE05x_TAG_11, version); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_UpdatePCR( +- pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t pcrID, const uint8_t *inputData, size_t inputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_PCR, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(pcrID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_UpdatePCR []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("check policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pcrID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_UpdateCounter( +- pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t objectID, uint16_t size, uint64_t value) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_COUNTER, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_CreateCounter []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("policy check", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY_CHECK, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- +- if ((size > 0) && (size <= 8)) { +- if (value != 0) { +- tlvRet = TLVSET_U64_SIZE("value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, value, size); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- } +- else { +- LOG_E("Wrong size provided"); +- goto cleanup; +- } +- +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.c +deleted file mode 100644 +index 1549fa76a1..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.c ++++ /dev/null +@@ -1,91 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#include +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#include +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_SE05X +- +-#ifdef FLOW_VERBOSE +-#define VERBOSE_APDU_LOGS 1 +-#else +-#define VERBOSE_APDU_LOGS 0 +-#endif +- +-#ifndef ARRAY_SIZE +-#define ARRAY_SIZE(array) (sizeof(array) / (sizeof(array[0]))) +-#endif +- +-#include "nxLog_hostLib.h" +- +-/* TLV APIs */ +-#include "se05x_tlv.h" +-/* Used constants */ +-#include "se05x_const.h" +- +-#include "se05x_APDU.h" +- +-/* Generated implementation */ +-#include "se05x_APDU_impl.h" +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-#include "se05x_04_xx_APDU_impl.h" +-#endif +- +-smStatus_t Se05x_API_I2CM_Send( +- pSe05xSession_t session_ctx, const uint8_t *buffer, size_t bufferLen, uint8_t *result, size_t *presultLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- const tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_I2CM}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- size_t cmdbufLen = 0; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +- +- /*tlvRet = TLVSET_Se05xSession("session identifier", &pCmdbuf, &cmdbufLen, kSE05x_TAG_SESSION_ID, session_ctx); +- if (0 != tlvRet) { +- goto cleanup; +- }*/ +- tlvRet = TLVSET_u8buf("TLV Buffer", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, buffer, bufferLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- +- LOG_AU8_D(rspbuf, rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, result, presultLen); +- if (0 != tlvRet) { //Response check is skipped to be corrected. +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +-cleanup: +- return retStatus; +-} +-#endif // SSS_HAVE_SE05X +- +-#ifdef __cplusplus +-} +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.h +deleted file mode 100644 +index b01f542166..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.h ++++ /dev/null +@@ -1,76 +0,0 @@ +-/* +- * +- * Copyright 2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file */ +- +-#ifndef SE050X_APDU_H +-#define SE050X_APDU_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#include "se05x_tlv.h" +-#include "se05x_const.h" +-#include "se05x_APDU_apis.h" +- +-/** Se05x_API_DeleteAll_Iterative +- * +- * Go through each object and delete it individually. +- * +- * This API does not use the Applet API @ref Se05x_API_DeleteAll. It +- * does not delete ALL objects and purposefully skips few objects. +- * +- * Instead, this API uses @ref Se05x_API_ReadIDList and @ref +- * Se05x_API_ReadCryptoObjectList to first fetch list of objects to host, and +- * **selectitvely** deletes. +- * +- * For e.g. It does not kill objects from: +- * - The range SE05X_OBJID_SE05X_APPLET_RES_START to +- * SE05X_OBJID_SE05X_APPLET_RES_END. This range is used by applet. +- * - The range EX_SSS_OBJID_DEMO_AUTH_START to EX_SSS_OBJID_DEMO_AUTH_END, +- * which is used by middleware DEMOS for authentication. +- * - And others. +- * +- * Kindly see the Implementation of is API Se05x_API_DeleteAll_Iterative to see +- * the list of ranges that are skipped. +- * +- * @param[in] session_ctx Session Context +- * +- * @return The status of API. +- */ +-smStatus_t Se05x_API_DeleteAll_Iterative(pSe05xSession_t session_ctx); +- +-/** +- * @brief Get the Curve ID for existing Key. +- * +- * This API is functionally same as @ref Se05x_API_GetECCurveId +- * but uses @ref SE05x_ECCurve_t as a type instead of uint8_t. +- * +- * @param[in] session_ctx The session context +- * @param[in] objectID The object id +- * @param pcurveId The pcurve identifier +- * +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_EC_CurveGetId(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_ECCurve_t *pcurveId); +- +-/** Wrapper for @ref Se05x_API_ECDHGenerateSharedSecret */ +- +-#define Se05x_API_ECGenSharedSecret Se05x_API_ECDHGenerateSharedSecret +- +-/** Wrapper for @ref Se05x_API_DigestOneShot */ +-#define Se05x_API_SHAOneShot Se05x_API_DigestOneShot +- +-// For SIMW-656 +-bool Se05x_IsInValidRangeOfUID(uint32_t uid); +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif /* SE050X_APDU_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h +deleted file mode 100644 +index ca095d260b..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_apis.h ++++ /dev/null +@@ -1,5812 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file */ +- +-#ifndef SE050X_APDU_APIS_H_INC +-#define SE050X_APDU_APIS_H_INC +- +-#include "se05x_enums.h" +-#include "se05x_tlv.h" +- +-/* Enable compilation of deprecated API Se05x_API_WritePCR +- * Deprecated from Q1 2021. +- * Support will be removed by Q1 2022 +- */ +-#define ENABLE_DEPRECATED_API_WritePCR 1 +- +-/** Se05x_API_CreateSession +- * +- * Creates a session on SE05X . +- * +- * Depending on the authentication object being referenced, a specific method of +- * authentication applies. The response needs to adhere to this authentication +- * method. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +---------+-------------------+------------------------------+ +- * | Field | Value | Description | +- * +=========+===================+==============================+ +- * | CLA | 0x80 | | +- * +---------+-------------------+------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +---------+-------------------+------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +---------+-------------------+------------------------------+ +- * | P2 | P2_SESSION_CREATE | See :cpp:type:`SE05x_P2_t` | +- * +---------+-------------------+------------------------------+ +- * | Lc | #(Payload) | Payload length. | +- * +---------+-------------------+------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte authentication object | +- * | | | identifier. | +- * +---------+-------------------+------------------------------+ +- * | Le | 0x0A | Expecting TLV with 8-byte | +- * | | | session ID. | +- * +---------+-------------------+------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+----------------------------+ +- * | Value | Description | +- * +============+============================+ +- * | TLV[TAG_1] | 8-byte session identifier. | +- * +------------+----------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * SW_NO_ERROR: +- * * The command is handled successfully. +- * +- * SW_CONDITIONS_NOT_SATISFIED: +- * * The authenticator does not exist +- * * The provided input data are incorrect. +- * * The session is invalid. +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] authObjectID auth [1:kSE05x_TAG_1] +- * @param[out] sessionId [0:kSE05x_TAG_1] +- * @param[in,out] psessionIdLen Length for sessionId +- * +- * +- */ +-smStatus_t Se05x_API_CreateSession( +- pSe05xSession_t session_ctx, uint32_t authObjectID, uint8_t *sessionId, size_t *psessionIdLen); +- +-/** Se05x_API_ExchangeSessionData +- * +- * Sets session policies for the current session. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +---------+-------------------+-----------------------------+ +- * | Field | Value | Description | +- * +=========+===================+=============================+ +- * | CLA | 0x80 or 0x84 | - | +- * +---------+-------------------+-----------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +---------+-------------------+-----------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +---------+-------------------+-----------------------------+ +- * | P2 | P2_SESSION_POLICY | See P2 | +- * +---------+-------------------+-----------------------------+ +- * | Lc | #(Payload) | Payload length. | +- * +---------+-------------------+-----------------------------+ +- * | Payload | TLV[TAG_1] | Session policies | +- * +---------+-------------------+-----------------------------+ +- * | | C-MAC | If applicable | +- * +---------+-------------------+-----------------------------+ +- * | Le | 0x00 | - | +- * +---------+-------------------+-----------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +-------+----------------------------+ +- * | Value | Description | +- * +=======+============================+ +- * | R-MAC | Optional, depending on | +- * | | established security level | +- * +-------+----------------------------+ +- * @endrst +- * +- * +- * @rst +- * +-----------------------------+------------------------+ +- * | SW | Description | +- * +=============================+========================+ +- * | SW_NO_ERROR | The command is handled | +- * | | successfully. | +- * +-----------------------------+------------------------+ +- * | SW_CONDITIONS_NOT_SATISFIED | Invalid policies | +- * +-----------------------------+------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] policy Check pdf [1:kSE05x_TAG_1] +- * +- */ +-smStatus_t Se05x_API_ExchangeSessionData(pSe05xSession_t session_ctx, pSe05xPolicy_t policy); +- +-/** Se05x_API_RefreshSession +- * +- * Refreshes a session on , the policy of the running session can be updated; the +- * rest of the session state remains. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+--------------------+-----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+====================+===============================================+ +- * | CLA | 0x80 | - | +- * +-------+--------------------+-----------------------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +-------+--------------------+-----------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+--------------------+-----------------------------------------------+ +- * | P2 | P2_SESSION_REFRESH | See :cpp:type:`SE05x_P2_t` | +- * +-------+--------------------+-----------------------------------------------+ +- * | Lc | #(Payload) | Payload length. | +- * +-------+--------------------+-----------------------------------------------+ +- * | | TLV[TAG_POLICY] | Byte array containing the policy to attach to | +- * | | | the session. [Optional] | +- * +-------+--------------------+-----------------------------------------------+ +- * | Le | - | | +- * +-------+--------------------+-----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] policy policy [1:kSE05x_TAG_POLICY] +- */ +-smStatus_t Se05x_API_RefreshSession(pSe05xSession_t session_ctx, pSe05xPolicy_t policy); +- +-/** Se05x_API_CloseSession +- * +- * Closes a running session. +- * +- * When a session is closed, it cannot be reopened. +- * +- * All session parameters are transient. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------------+-----------------------------+ +- * | Field | Value | Description | +- * +=======+==================+=============================+ +- * | CLA | 0x80 | | +- * +-------+------------------+-----------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------------+-----------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------------+-----------------------------+ +- * | P2 | P2_SESSION_CLOSE | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------------+-----------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+-------------------------------------+ +- * | SW | Description | +- * +=============+=====================================+ +- * | SW_NO_ERROR | The session is closed successfully. | +- * +-------------+-------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- */ +-smStatus_t Se05x_API_CloseSession(pSe05xSession_t session_ctx); +- +-/** Se05x_API_VerifySessionUserID +- * +- * Verifies the session user identifier (UserID) in order to allow setting up a +- * session. If the UserID is correct, the session establishment is successful; +- * otherwise the session cannot be opened (SW_CONDITIONS_NOT_SATISFIED is +- * returned). +- * +- * # Command to Applet +- * +- * @rst +- * +-------+-------------------+-----------------------------+ +- * | Field | Value | Description | +- * +=======+===================+=============================+ +- * | CLA | 0x80 | | +- * +-------+-------------------+-----------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +-------+-------------------+-----------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+-------------------+-----------------------------+ +- * | P2 | P2_SESSION_USERID | See :cpp:type:`SE05x_P2_t` | +- * +-------+-------------------+-----------------------------+ +- * | Lc | #(Payload) | Payload length. | +- * +-------+-------------------+-----------------------------+ +- * | | TLV[TAG_1] | UserID value | +- * +-------+-------------------+-----------------------------+ +- * | Le | - | | +- * +-------+-------------------+-----------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] userId userId [1:kSE05x_TAG_1] +- * @param[in] userIdLen Length of userId +- */ +-smStatus_t Se05x_API_VerifySessionUserID(pSe05xSession_t session_ctx, const uint8_t *userId, size_t userIdLen); +- +-/** Se05x_API_SetLockState +- * +- * Sets the applet transport lock (locked or unlocked). There is a Persistent +- * lock and a Transient Lock. If the Persistent lock is UNLOCKED, the device is +- * unlocked (regardless of the Transient lock). If the Persistent lock is LOCKED, +- * the device is only unlocked when the Transient lock is UNLOCKED and the device +- * will be locked again after deselect of the applet. +- * +- * Note that regardless of the lock state, the credential RESERVED_ID_TRANSPORT +- * allows access to all features. For example, it is possible to write/update +- * objects within the session opened by RESERVED_ID_TRANSPORT, even if the applet +- * is locked. +- * +- * The default TRANSIENT_LOCK state is LOCKED; there is no default +- * PERSISTENT_LOCK state (depends on product configuration). +- * +- * This command can only be used in a session that used the credential with +- * identifier RESERVED_ID_TRANSPORT as authentication object. +- * +- * @rst +- * +-----------------+----------------+-----------------------------------------------+ +- * | PERSISTENT_LOCK | TRANSIENT_LOCK | Behavior | +- * +=================+================+===============================================+ +- * | UNLOCKED | UNLOCKED | Unlocked until PERSISTENT_LOCK set to LOCKED. | +- * +-----------------+----------------+-----------------------------------------------+ +- * | UNLOCKED | LOCKED | Unlocked until PERSISTENT_LOCK set to LOCKED. | +- * +-----------------+----------------+-----------------------------------------------+ +- * | LOCKED | UNLOCKED | Unlocked until deselect or TRANSIENT_LOCK set | +- * | | | to LOCKED. | +- * +-----------------+----------------+-----------------------------------------------+ +- * | LOCKED | LOCKED | Locked until PERSISTENT_LOCK set to UNLOCKED. | +- * +-----------------+----------------+-----------------------------------------------+ +- * @endrst +- * +- * +- * # Command to Applet +- * +- * @rst +- * +---------+--------------+-------------------------------------+ +- * | Field | Value | Description | +- * +=========+==============+=====================================+ +- * | CLA | 0x80 | | +- * +---------+--------------+-------------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +---------+--------------+-------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +---------+--------------+-------------------------------------+ +- * | P2 | P2_TRANSPORT | See :cpp:type:`SE05x_P2_t` | +- * +---------+--------------+-------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+--------------+-------------------------------------+ +- * | Payload | TLV[TAG_1] | 1-byte :cpp:type:`LockIndicatorRef` | +- * +---------+--------------+-------------------------------------+ +- * | | TLV[TAG_2] | 1-byte :cpp:type:`LockStateRef` | +- * +---------+--------------+-------------------------------------+ +- * | Le | | | +- * +---------+--------------+-------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] lockIndicator lock indicator [1:kSE05x_TAG_1] +- * @param[in] lockState lock state [2:kSE05x_TAG_2] +- */ +-smStatus_t Se05x_API_SetLockState(pSe05xSession_t session_ctx, uint8_t lockIndicator, uint8_t lockState); +- +-/** Se05x_API_SetPlatformSCPRequest +- * +- * Sets the required state for platform SCP (required or not required). This is a +- * persistent state. +- * +- * If platform SCP is set to SCP_REQUIRED, any applet APDU command will be +- * refused by the applet when platform SCP is not enabled. Enabled means full +- * encryption and MAC, both on C-APDU and R-APDU. Any other level is not +- * sufficient and will not be accepted. SCP02 will not be accepted (as there is +- * no response MAC and encryption). +- * +- * If platform SCP is set to "not required," any applet APDU command will be +- * accepted by the applet. +- * +- * This command can only be used in a session that used the credential with +- * identifier RESERVED_ID_PLATFORM_SCP as authentication object. +- * +- * Note that the default state is SCP_NOT_REQUIRED. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +---------+------------+-----------------------------------------------+ +- * | Field | Value | Description | +- * +=========+============+===============================================+ +- * | CLA | 0x80 | | +- * +---------+------------+-----------------------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +---------+------------+-----------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +---------+------------+-----------------------------------------------+ +- * | P2 | P2_SCP | See :cpp:type:`SE05x_P2_t` | +- * +---------+------------+-----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+------------+-----------------------------------------------+ +- * | Payload | TLV[TAG_1] | 1-byte :cpp:type:`SE05x_PlatformSCPRequest_t` | +- * +---------+------------+-----------------------------------------------+ +- * | Le | | | +- * +---------+------------+-----------------------------------------------+ +- * @endrst +- * +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] platformSCPRequest platf scp req [1:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_SetPlatformSCPRequest(pSe05xSession_t session_ctx, SE05x_PlatformSCPRequest_t platformSCPRequest); +- +-/** Se05x_API_SetAppletFeatures +- * +- * Sets the applet features that are supported. To successfully execute this +- * command, the session must be authenticated using the RESERVED_ID_FEATURE. +- * +- * The 2-byte input value is a pre-defined AppletConfig value. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+------------+-----------------------------------------------+ +- * | Field | Value | Description | +- * +=========+============+===============================================+ +- * | CLA | 0x80 | | +- * +---------+------------+-----------------------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +---------+------------+-----------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +---------+------------+-----------------------------------------------+ +- * | P2 | P2_VARIANT | See :cpp:type:`SE05x_P2_t` | +- * +---------+------------+-----------------------------------------------+ +- * | Lc | #(Payload) | Payload length | +- * +---------+------------+-----------------------------------------------+ +- * | Payload | TLV[TAG_1] | 2-byte Variant from | +- * | | | :cpp:type:`SE05x_AppletConfig_t` | +- * +---------+------------+-----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] variant variant [1:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_SetAppletFeatures(pSe05xSession_t session_ctx, pSe05xAppletFeatures_t appletVariant); +- +-/** Se05x_API_WriteECKey +- * +- * Write or update an EC key object. +- * +- * P1KeyPart indicates the key type to be created (if the object does not yet +- * exist). +- * +- * If P1KeyPart = P1_KEY_PAIR, Private Key Value (TLV[TAG_3]) and Public Key +- * Value (TLV[TAG_4) must both be present, or both be absent. If absent, the key +- * pair is generated in the SE05X . +- * +- * If the object already exists, P1KeyPart is ignored. +- * +- * @rst +- * +---------+------------------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +=========+========================+================================================+ +- * | P1 | :cpp:type:`SE05x_P1_t` | See :cpp:type:`SE05x_P1_t` , P1KeyType | +- * | | | P1_EC | should only be set for new objects. | +- * +---------+------------------------+------------------------------------------------+ +- * | P2 | P2_DEFAULT | See P2 | +- * +---------+------------------------+------------------------------------------------+ +- * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | +- * | | | [Optional: default policy applies] | +- * | | | [Conditional - only when the object | +- * | | | identifier is not in use yet] | +- * +---------+------------------------+------------------------------------------------+ +- * | | TLV[TAG_MAX_ATTEMPTS] | 2-byte maximum number of attempts. If 0 is | +- * | | | given, this means unlimited. [Optional: | +- * | | | default unlimited] [Conditional: only when | +- * | | | the object identifier is not in use yet and | +- * | | | INS includes INS_AUTH_OBJECT; see | +- * | | | AuthenticationObjectPolicies ] | +- * +---------+------------------------+------------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte object identifier | +- * +---------+------------------------+------------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte curve identifier, see ECCurve | +- * | | | [Conditional: only when the object identifier | +- * | | | is not in use yet; ] | +- * +---------+------------------------+------------------------------------------------+ +- * | | TLV[TAG_3] | Private key value (see :cpp:type:`ECKeyRef` | +- * | | | ) [Conditional: only when the private key is | +- * | | | externally generated and P1KeyType is either | +- * | | | P1_KEY_PAIR or P1_PRIVATE] | +- * +---------+------------------------+------------------------------------------------+ +- * | | TLV[TAG_4] | Public key value (see :cpp:type:`ECKeyRef` ) | +- * | | | [Conditional: only when the public key is | +- * | | | externally generated and P1KeyType is either | +- * | | | P1_KEY_PAIR or P1_PUBLIC] | +- * +---------+------------------------+------------------------------------------------+ +- * | | TLV[TAG_11] | 4-byte version [Optional] | +- * +---------+------------------------+------------------------------------------------+ +- * @endrst +- * +- * @param[in] session_ctx The session context +- * @param[in] policy The policy +- * @param[in] maxAttempt The maximum attempt +- * @param[in] objectID The object id +- * @param[in] curveID The curve id +- * @param[in] privKey The priv key +- * @param[in] privKeyLen The priv key length +- * @param[in] pubKey The pub key +- * @param[in] pubKeyLen The pub key length +- * @param[in] ins_type The insert type +- * @param[in] key_part The key part +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_WriteECKey(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_ECCurve_t curveID, +- const uint8_t *privKey, +- size_t privKeyLen, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part); +- +-/** Se05x_API_WriteRSAKey +- * +- * Creates or writes an RSA key or a key component. +- * +- * Supported key sizes are listed in RSABitLength. Other values are not +- * supported. +- * +- * An RSA key creation requires multiple ADPUs to be sent: +- * +- * * The first APDU must contain: +- * +- * * Policy (optional, so only if non-default applies) +- * +- * * Object identifier +- * +- * * Key size +- * +- * * 1 of the key components. +- * +- * * Each next APDU must contain 1 of the key components. +- * +- * The policy applies only once all key components are set. +- * +- * Once an RSAKey object has been created, its format remains fixed and cannot +- * be updated (so CRT or raw mode, no switch possible). +- * +- * If the object already exists, P1KeyType is ignored. +- * +- * For key pairs, if no component is present (TAG_3 until TAG_9), the key pair +- * will be generated on chip; otherwise the key pair will be constructed +- * starting with the given component. +- * +- * For private keys or public keys, there should always be exactly one of the +- * tags TAG_3 until TAG_10. +- * +- * * TLV[TAG_8] and TLV[TAG_10] must only contain a value if the key pair is +- * to be set to a known value and P1KeyType is either P1_KEY_PAIR or +- * P1_PUBLIC; otherwise the value must be absent and the length must be +- * equal to 0. +- * +- * * TLV[TAG_9] must only contain a value it the key is to be set in raw mode +- * to a known value and P1KeyType is either P1_KEY_PAIR or P1_PRIVATE; +- * otherwise the value must be absent and the length must be equal to 0. +- * +- * * If TLV[TAG_3] up to TLV[TAG_10] are absent (except TLV[TAG_8]), the RSA +- * key will be generated on chip in case the object does not yet exist; +- * otherwise it will be regenerated. This only applies to RSA key pairs. +- * +- * * Keys can be set by setting the different components of a key; only 1 +- * component can be set at a time in this case. +- * +- * +- * @rst +- * +---------+-------------------------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +=========+===============================+================================================+ +- * | P1 | :cpp:type:`SE05x_KeyPart_t` | | See :cpp:type:`SE05x_P1_t` | +- * | | P1_RSA | | +- * +---------+-------------------------------+------------------------------------------------+ +- * | P2 | P2_DEFAULT or P2_RAW | See :cpp:type:`SE05x_P2_t`; P2_RAW only in | +- * | | | case P1KeyPart = P1_KEY_PAIR and TLV[TAG_3] | +- * | | | until TLV[TAG_10] is empty and the must | +- * | | | generate a raw RSA key pair; all other cases: | +- * | | | P2_DEFAULT. | +- * +---------+-------------------------------+------------------------------------------------+ +- * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | +- * | | | [Optional: default policy applies] | +- * | | | [Conditional: only when the object identifier | +- * | | | is not in use yet] | +- * +---------+-------------------------------+------------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte object identifier | +- * +---------+-------------------------------+------------------------------------------------+ +- * | | TLV[TAG_2] | 2-byte key size in bits | +- * | | | (:cpp:type:`SE05x_RSABitLength_t`) | +- * | | | [Conditional: only when the object identifier | +- * | | | is not in use yet] | +- * +---------+-------------------------------+------------------------------------------------+ +- * | | TLV[TAG_3] | P component [Conditional: only when the | +- * | | | object identifier is in CRT mode and the key | +- * | | | is generated externally and P1KeyPart is | +- * | | | either P1_KEY_PAIR or P1_PRIVATE] | +- * +---------+-------------------------------+------------------------------------------------+ +- * | | TLV[TAG_4] | Q component [Conditional: only when the | +- * | | | object identifier is in CRT mode and the key | +- * | | | is generated externally and P1KeyPart is | +- * | | | either P1_KEY_PAIR or P1_PRIVATE] | +- * +---------+-------------------------------+------------------------------------------------+ +- * | | TLV[TAG_5] | DP component [Conditional: only when the | +- * | | | object identifier is in CRT mode and the key | +- * | | | is generated externally and P1KeyPart is | +- * | | | either P1_KEY_PAIR or P1_PRIVATE] | +- * +---------+-------------------------------+------------------------------------------------+ +- * | | TLV[TAG_6] | DQ component [Conditional: only when the | +- * | | | object identifier is in CRT mode and the key | +- * | | | is generated externally and P1KeyPart is | +- * | | | either P1_KEY_PAIR or P1_PRIVATE] | +- * +---------+-------------------------------+------------------------------------------------+ +- * | | TLV[TAG_7] | INV_Q component [Conditional: only when the | +- * | | | object identifier is in CRT mode and the key | +- * | | | is generated externally and P1KeyPart is | +- * | | | either P1_KEY_PAIR or P1_PRIVATE] | +- * +---------+-------------------------------+------------------------------------------------+ +- * | | TLV[TAG_8] | Public exponent | +- * +---------+-------------------------------+------------------------------------------------+ +- * | | TLV[TAG_9] | Private Key (non-CRT mode only) | +- * +---------+-------------------------------+------------------------------------------------+ +- * | | TLV[TAG_10] | Public Key (Modulus) | +- * +---------+-------------------------------+------------------------------------------------+ +- * | | TLV[TAG_11] | 4-byte version [Optional] | +- * +---------+-------------------------------+------------------------------------------------+ +- * @endrst +- * +- * @param[in] session_ctx The session context +- * @param[in] policy The policy +- * @param[in] objectID The object id +- * @param[in] size The size +- * @param[in] p The part p +- * @param[in] pLen The p length +- * @param[in] q The quarter +- * @param[in] qLen The quarter length +- * @param[in] dp The part dp +- * @param[in] dpLen The dp length +- * @param[in] dq The part dq +- * @param[in] dqLen The dq length +- * @param[in] qInv The quarter inv +- * @param[in] qInvLen The quarter inv length +- * @param[in] pubExp The pub exponent +- * @param[in] pubExpLen The pub exponent length +- * @param[in] priv The priv +- * @param[in] privLen The priv length +- * @param[in] pubMod The pub modifier +- * @param[in] pubModLen The pub modifier length +- * @param[in] transient_type The transient type +- * @param[in] key_part The key part +- * @param[in] rsa_format The rsa format +- * +- * @return The sm status. +- */ +- +-smStatus_t Se05x_API_WriteRSAKey(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t size, +- const uint8_t *p, +- size_t pLen, +- const uint8_t *q, +- size_t qLen, +- const uint8_t *dp, +- size_t dpLen, +- const uint8_t *dq, +- size_t dqLen, +- const uint8_t *qInv, +- size_t qInvLen, +- const uint8_t *pubExp, +- size_t pubExpLen, +- const uint8_t *priv, +- size_t privLen, +- const uint8_t *pubMod, +- size_t pubModLen, +- const SE05x_INS_t transient_type, +- const SE05x_KeyPart_t key_part, +- const SE05x_RSAKeyFormat_t rsa_format); +- +-/** Se05x_API_WriteSymmKey +- * +- * Creates or writes an AES key, DES key or HMAC key, indicated by P1: +- * +- * * P1_AES +- * +- * * P1_DES +- * +- * * P1_HMAC +- * +- * Users can pass RFC3394 wrapped keys by indicating the KEK in TLV[TAG_2]. Note +- * that RFC3394 required 8-byte aligned input, so this can only be used when the +- * key has an 8-byte aligned length. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+-----------------------+-----------------------------------------------+ +- * | Field | Value | Description | +- * +=========+=======================+===============================================+ +- * | P1 | See above | See :cpp:type:`SE05x_P1_t` | +- * +---------+-----------------------+-----------------------------------------------+ +- * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | +- * +---------+-----------------------+-----------------------------------------------+ +- * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | +- * | | | [Optional: default policy applies] | +- * | | | [Conditional: only when the object identifier | +- * | | | is not in use yet] | +- * +---------+-----------------------+-----------------------------------------------+ +- * | | TLV[TAG_MAX_ATTEMPTS] | 2-byte maximum number of attempts. If 0 is | +- * | | | given, this means unlimited. [Optional: | +- * | | | default unlimited] [Conditional: only when | +- * | | | the object identifier is not in use yet and | +- * | | | INS includes INS_AUTH_OBJECT; see | +- * | | | AuthenticationObjectPolicies] | +- * +---------+-----------------------+-----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte object identifier | +- * +---------+-----------------------+-----------------------------------------------+ +- * | | TLV[TAG_2] | 4-byte KEK identifier [Conditional: only | +- * | | | when the key value is RFC3394 wrapped] | +- * +---------+-----------------------+-----------------------------------------------+ +- * | | TLV[TAG_3] | Key value, either plain or RFC3394 wrapped. | +- * +---------+-----------------------+-----------------------------------------------+ +- * | | TLV[TAG_4] | Tag length for GCM/GMAC. Will only be used if | +- * | | | the object is an AESKey. [Optional] | +- * +---------+-----------------------+-----------------------------------------------+ +- * | | TLV[TAG_11] | 4-byte version [Optional] | +- * +---------+-----------------------+-----------------------------------------------+ +- * @endrst +- * +- * @param[in] session_ctx The session context +- * @param[in] policy The policy +- * @param[in] maxAttempt The maximum attempt +- * @param[in] objectID The object id +- * @param[in] kekID The kek id +- * @param[in] keyValue The key value +- * @param[in] keyValueLen The key value length +- * @param[in] ins_type The insert type +- * @param[in] type The type +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_WriteSymmKey(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_KeyID_t kekID, +- const uint8_t *keyValue, +- size_t keyValueLen, +- const SE05x_INS_t ins_type, +- const SE05x_SymmKeyType_t type); +- +-/** Se05x_API_WriteBinary +- * +- * Creates or writes to a binary file object. Data are written to either the +- * start of the file or (if specified) to the offset passed to the function. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+-----------------+-----------------------------------------------+ +- * | Field | Value | Description | +- * +=========+=================+===============================================+ +- * | P1 | P1_BINARY | See :cpp:type:`SE05x_P1_t` | +- * +---------+-----------------+-----------------------------------------------+ +- * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | +- * +---------+-----------------+-----------------------------------------------+ +- * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | +- * | | | [Optional: default policy applies] | +- * | | | [Conditional: only when the object identifier | +- * | | | is not in use yet] | +- * +---------+-----------------+-----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte object identifier | +- * +---------+-----------------+-----------------------------------------------+ +- * | | TLV[TAG_2] | 2-byte file offset [Optional: default = 0] | +- * +---------+-----------------+-----------------------------------------------+ +- * | | TLV[TAG_3] | 2-byte file length (up to 0x7FFF). | +- * | | | [Conditional: only when the object identifier | +- * | | | is not in use yet] | +- * +---------+-----------------+-----------------------------------------------+ +- * | | TLV[TAG_4] | Data to be written [Optional: if not given, | +- * | | | TAG_3 must be filled] | +- * +---------+-----------------+-----------------------------------------------+ +- * | | TLV[TAG_11] | 4-byte version [Optional] | +- * +---------+-----------------+-----------------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] policy policy [1:kSE05x_TAG_POLICY] +- * @param[in] objectID object id [2:kSE05x_TAG_1] +- * @param[in] offset offset [3:kSE05x_TAG_2] +- * @param[in] length length [4:kSE05x_TAG_3] +- * @param[in] inputData input data [5:kSE05x_TAG_4] +- * @param[in] inputDataLen Length of inputData +- */ +- +-smStatus_t Se05x_API_WriteBinary(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t offset, +- uint16_t length, +- const uint8_t *inputData, +- size_t inputDataLen); +- +-/** Se05x_API_WriteUserID +- * +- * Creates a UserID object, setting the user identifier value. The policy defines +- * the maximum number of attempts that can be performed as comparison. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+-----------------------+-----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+=======================+===============================================+ +- * | P1 | P1_USERID | See :cpp:type:`SE05x_P1_t` | +- * +-------+-----------------------+-----------------------------------------------+ +- * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | +- * +-------+-----------------------+-----------------------------------------------+ +- * | | TLV[TAG_POLICY] | Byte array containing the object policy. | +- * | | | [Optional: default policy applies] | +- * | | | [Conditional: only when the object identifier | +- * | | | is not in use yet] | +- * +-------+-----------------------+-----------------------------------------------+ +- * | | TLV[TAG_MAX_ATTEMPTS] | 2-byte maximum number of attempts. If 0 is | +- * | | | given, this means unlimited. For pins, the | +- * | | | maximum number of attempts must be smaller | +- * | | | than 256. [Optional: default = 0] | +- * | | | [Conditional: only when the object identifier | +- * | | | is not in use yet and INS includes | +- * | | | INS_AUTH_OBJECT; see :cpp:type:`-`] | +- * +-------+-----------------------+-----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte object identifier. | +- * +-------+-----------------------+-----------------------------------------------+ +- * | | TLV[TAG_2] | Byte array containing 4 to 16 bytes user | +- * | | | identifier value. | +- * +-------+-----------------------+-----------------------------------------------+ +- * @endrst +- * +- * @param[in] session_ctx The session context +- * @param[in] policy The policy +- * @param[in] maxAttempt The maximum attempt +- * @param[in] objectID The object id +- * @param[in] userId The user identifier +- * @param[in] userIdLen The user identifier length +- * @param[in] attestation_type The attestation type +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_WriteUserID(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- const uint8_t *userId, +- size_t userIdLen, +- const SE05x_AttestationType_t attestation_type); +- +-/** Se05x_API_CreateCounter +- * +- * Creates a new counter object. +- * +- * Counters can only be incremented, not decremented. +- * +- * When a counter reaches its maximum value (e.g., 0xFFFFFFFF for a 4-byte +- * counter), they cannot be incremented again. +- * +- * An input value (TAG_3) must always have the same length as the existing +- * counter (if it exists); otherwise the command will return an error. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+-----------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +=========+=================+================================================+ +- * | P1 | P1_COUNTER | See :cpp:type:`SE05x_P1_t` | +- * +---------+-----------------+------------------------------------------------+ +- * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | +- * +---------+-----------------+------------------------------------------------+ +- * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | +- * | | | [Optional: default policy applies] | +- * | | | [Conditional: only when the object identifier | +- * | | | is not in use yet] | +- * +---------+-----------------+------------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte counter identifier. | +- * +---------+-----------------+------------------------------------------------+ +- * | | TLV[TAG_2] | 2-byte counter size (1 up to 8 bytes). | +- * | | | [Conditional: only if object doesn't exist yet | +- * | | | and TAG_3 is not given] | +- * +---------+-----------------+------------------------------------------------+ +- * | | TLV[TAG_3] | Counter value [Optional: - if object doesn't | +- * | | | exist: must be present if TAG_2 is not given. | +- * | | | - if object exists: if not present, increment | +- * | | | by 1. if present, set counter to value.] | +- * +---------+-----------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * NA +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] policy policy [1:kSE05x_TAG_POLICY] +- * @param[in] objectID object id [2:kSE05x_TAG_1] +- * @param[in] size size [3:kSE05x_TAG_2] +- */ +-smStatus_t Se05x_API_CreateCounter( +- pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t objectID, uint16_t size); +- +-/** Se05x_API_SetCounterValue +- * +- * See @ref Se05x_API_CreateCounter +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID object id [1:kSE05x_TAG_1] +- * @param[in] size size [3:kSE05x_TAG_2] +- * @param[in] value value [4:kSE05x_TAG_3] +- */ +-smStatus_t Se05x_API_SetCounterValue(pSe05xSession_t session_ctx, uint32_t objectID, uint16_t size, uint64_t value); +- +-/** Se05x_API_IncCounter +- * +- * See @ref Se05x_API_CreateCounter +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID object id [1:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_IncCounter(pSe05xSession_t session_ctx, uint32_t objectID); +- +-/** Se05x_API_WritePCR +- * +- * Creates or writes to a PCR object. +- * +- * A PCR is a hash to which data can be appended; i.e., writing data to a PCR +- * will update the value of the PCR to be the hash of all previously inserted +- * data concatenated with the new input data. +- * +- * A PCR will always use DigestMode = DIGEST_SHA256; no other configuration +- * possible. +- * +- * If TAG_2 and TAG_3 is not passed, the PCR is reset to its initial value (i.e., +- * the value set when the PCR was created). +- * +- * This reset is controlled under the POLICY_OBJ_ALLOW_DELETE policy, so users +- * that can delete the PCR can also reset the PCR to initial value. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+-----------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +=========+=================+================================================+ +- * | P1 | P1_PCR | See :cpp:type:`SE05x_P1_t` | +- * +---------+-----------------+------------------------------------------------+ +- * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | +- * +---------+-----------------+------------------------------------------------+ +- * | Payload | TLV[TAG_POLICY] | Byte array containing the object policy. | +- * | | | [Optional: default policy applies] | +- * | | | [Conditional: only when the object identifier | +- * | | | is not in use yet] | +- * +---------+-----------------+------------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte PCR identifier. | +- * +---------+-----------------+------------------------------------------------+ +- * | | TLV[TAG_2] | Initial hash value [Conditional: only when | +- * | | | the object identifier is not in use yet] | +- * +---------+-----------------+------------------------------------------------+ +- * | | TLV[TAG_3] | Data to be extended to the existing PCR. | +- * | | | [Conditional: only when the object identifier | +- * | | | is already in use] [Optional: not present if | +- * | | | a Reset is requested] | +- * +---------+-----------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] policy policy [1:kSE05x_TAG_POLICY] +- * @param[in] pcrID object id [2:kSE05x_TAG_1] +- * @param[in] initialValue initialValue [3:kSE05x_TAG_2] +- * @param[in] initialValueLen Length of initialValue +- * @param[in] inputData inputData [4:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- */ +-#if ENABLE_DEPRECATED_API_WritePCR +-smStatus_t Se05x_API_WritePCR(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t pcrID, +- const uint8_t *initialValue, +- size_t initialValueLen, +- const uint8_t *inputData, +- size_t inputDataLen); +-#endif // ENABLE_DEPRECATED_API_WritePCR +-smStatus_t Se05x_API_WritePCR_WithType(pSe05xSession_t session_ctx, +- const SE05x_INS_t ins_type, +- pSe05xPolicy_t policy, +- uint32_t pcrID, +- const uint8_t *initialValue, +- size_t initialValueLen, +- const uint8_t *inputData, +- size_t inputDataLen); +- +-/** Se05x_API_ImportObject +- * +- * Writes a serialized Secure Object to the SE05X (i.e., "import") +- * +- * # Command to Applet +- * +- * @rst +- * +---------+------------+-----------------------------------------------+ +- * | Field | Value | Description | +- * +=========+============+===============================================+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +---------+------------+-----------------------------------------------+ +- * | P2 | P2_IMPORT | See :cpp:type:`SE05x_P2_t` | +- * +---------+------------+-----------------------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte identifier. | +- * +---------+------------+-----------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSAKeyComponent_t` | +- * | | | [Conditional: only when the identifier refers | +- * | | | to an RSAKey object] | +- * +---------+------------+-----------------------------------------------+ +- * | | TLV[TAG_3] | Serialized object (encrypted). | +- * +---------+------------+-----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID object id [1:kSE05x_TAG_1] +- * @param[in] rsaKeyComp rsaKeyComp [2:kSE05x_TAG_2] +- * @param[in] serializedObject serializedObject [3:kSE05x_TAG_3] +- * @param[in] serializedObjectLen Length of serializedObject +- */ +-smStatus_t Se05x_API_ImportObject(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_RSAKeyComponent_t rsaKeyComp, +- const uint8_t *serializedObject, +- size_t serializedObjectLen); +- +-/** Se05x_API_ImportExternalObject +- * +- * Combined with the INS_IMPORT_EXTERNAL mask, enables users to send a +- * WriteSecureObject APDU (WriteECKey until WritePCR) protected by a +- * secure channel. +- * +- * Secure Objects can be imported into the SE05X through a secure channel which +- * does not require the establishment of a session. This feature is also referred +- * to single side import and can only be used to create or update objects. +- * +- * The mechanism is based on ECKey session to protect the Secure Object content +- * and is summarized in the following figure. +- * +- * External import flow +- * +- * The flow above can be summarized in the following steps: +- * +- * 1. The user obtains the SE public key for import via the to get +- * the public key from the device's key pair. Key ID 0x02 will +- * return the public key of the EC key pair with +- * RESERVED_ID_EXTERNAL_IMPORT. The response is signed by the +- * same key pair. +- * +- * 2. The user calls with input: +- * * the applet AID (e.g.A0000003965453000000010300000000) +- * +- * * the SCPparameters +- * +- * * 1-byte SCP identifier, must equal0xAB +- * +- * * 2-byte SCP parameter, must equal 0x01 followed by 1-byte +- * security level (which follows the GlobalPlatform security +- * level definition, see: . +- * +- * * key type, must be 0x88 (AES keytype) +- * +- * * key length, must be 0x10 (AES128key) +- * +- * * host public key (65-byte NIST P-256 publickey) +- * +- * * host public key curve identifier (must be 0x03 (=NIST_P256)) +- * +- * * ASN.1 signature over the TLV with tags 0xA6 and0x7F49. +- * +- * The applet will then calculate the master key by performing SHA256 +- * over a byte array containing (in order): +- * +- * * 4-byte counter value being0x00000001 +- * +- * * shared secret (ECDH calculation according [IEEE P1363] using +- * the private keyfrom RESERVED_ID_ECKEY_SESSION and the public +- * key provided as input to ECKeySessionInternalAuthenticate. The +- * length depends on the curve used (e.g. 32 byte for NIST P-256 +- * curve). +- * +- * * 16-byte random generated by the SE05X. +- * +- * * 2-byte SCP parameter, must equal 0x01 followed by 1-byte +- * security level (which follows the GlobalPlatform security level +- * definition, see: . +- * +- * * 1-byte keytype +- * +- * * 1-byte keylength +- * +- * The master key will then be the 16 MSB's of the hash output. +- * +- * Using the master key, the 3 session keys are derived by following the +- * GlobalPlatform specification to derive session keys, e.g. derivation input: +- * +- * * ENCsession key = CMAC(MK, 00000000000000000000000400008001) +- * +- * * CMACsession key = CMAC(MK, 00000000000000000000000600008001) +- * +- * * RMACsession key = CMAC(MK, 00000000000000000000000700008001) +- * +- * The Authentication Object ID needs to be passed using TAG_IMPORT_AUTH_KEY_ID, +- * followed by the Write APDU command (using tag TAG_1). +- * +- * The Write APDU command needs to be constructed as follows: +- * +- * * Encrypt the command encryption counter (starting with +- * 0x00000000000000000000000000000001) using the S_ENC key. This +- * becomes the IV for the encrypted APDU. +- * +- * * Get the APDU command payload and pad it (ISO9797 M2 padding). +- * +- * * Encrypt the payload in AES CBC mode using the S_ENC key. +- * +- * * Set the Secure Messaging bit in the CLA (0x04). +- * +- * * Concatenate the MAC chaining value with the full APDU. +- * +- * * Then calculate the MAC on this byte array and append the 8-byte +- * MAC value to the APDU. +- * +- * * Finally increment the encryption counter for the next command. +- * +- * A receipt will be generated by doing a CMAC operation on the input from tag +- * 0xA6 and 0x7F49 using the RMAC session key, +- * +- * Receipt = CMAC(RMAC session key, ) +- * +- * There is no need to establish a session; therefore, the ImportExternalObject +- * commands are always sent in the default session. The ImportExternalObject +- * commands are replayable. +- * +- * The P1 and P2 parameters shall be coded as per the intended operation. For +- * example, to import an EC Key, the P1 and P2 parameters as defined in +- * WriteECKey shall be specified. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+-----------------------------+---------------------------------------------+ +- * | Field | Value | Description | +- * +=========+=============================+=============================================+ +- * | CLA | 0x80 | | +- * +---------+-----------------------------+---------------------------------------------+ +- * | INS | INS_IMPORT_EXTERNAL | See :cpp:type:`SE05x_INS_t` | +- * +---------+-----------------------------+---------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +---------+-----------------------------+---------------------------------------------+ +- * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | +- * +---------+-----------------------------+---------------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+-----------------------------+---------------------------------------------+ +- * | Payload | TLV[TAG_IMPORT_AUTH_DATA] | Authentication data | +- * +---------+-----------------------------+---------------------------------------------+ +- * | | TLV[TAG_IMPORT_AUTH_KEY_ID] | Host public key Identifier | +- * +---------+-----------------------------+---------------------------------------------+ +- * | | TLV[TAG_1]... | Wraps a complete WriteSecureObject command, | +- * | | | protected by ECKey session secure messaging | +- * +---------+-----------------------------+---------------------------------------------+ +- * | | TLV[TAG_11] | 4-byte version [Optional] | +- * +---------+-----------------------------+---------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] ECKeydata ECKeydata [1:kSE05x_TAG_2] +- * @param[in] ECKeydataLen Length of ECKeydata +- * @param[in] serializedObject serializedObject [2:kSE05x_TAG_3] +- * @param[in] serializedObjectLen Length of serializedObject +- */ +-smStatus_t Se05x_API_ImportExternalObject(pSe05xSession_t session_ctx, +- const uint8_t *ECKeydata, +- size_t ECKeydataLen, +- const uint8_t *ECAuthKeyID, +- size_t ECAuthKeyIDLen, +- const uint8_t *serializedObject, +- size_t serializedObjectLen); +- +-/** Se05x_API_ReadObject +- * +- * Reads the content of a Secure Object. +- * +- * * If the object is a key pair, the command will return the key +- * pair's public key. +- * +- * * If the object is a public key, the command will return the public +- * key. +- * +- * * If the object is a private key or a symmetric key or a userID, +- * the command will return SW_CONDITIONS_NOT_SATISFIED. +- * +- * * If the object is a binary file, the file content is read, giving +- * the offset in TLV[TAG_2] and the length to read in +- * TLV[TAG_3]. Both TLV[TAG_2] and TLV[TAG_3] are bound together; +- * i.e.. either both tags are present, or both are absent. If both +- * are absent, the whole file content is returned. +- * +- * * If the object is a monotonic counter, the counter value is +- * returned. +- * +- * * If the object is a PCR, the PCR value is returned. +- * +- * * If TLV[TAG_4] is filled, only the modulus or public exponent of +- * an RSA key pair or RSA public key is read. It does not apply to +- * other Secure Object types. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+============+==============================================+ +- * | CLA | 0x80 | | +- * +-------+------------+----------------------------------------------+ +- * | INS | INS_READ | See :cpp:type:`SE05x_INS_t`, in addition to | +- * | | | INS_READ, users can set the INS_ATTEST flag. | +- * | | | In that case, attestation applies. | +- * +-------+------------+----------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+----------------------------------------------+ +- * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+----------------------------------------------+ +- * | Lc | #(Payload) | Payload Length. | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte object identifier | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_2] | 2-byte offset [Optional: default 0] | +- * | | | [Conditional: only when the object is a | +- * | | | BinaryFile object] | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_3] | 2-byte length [Optional: default 0] | +- * | | | [Conditional: only when the object is a | +- * | | | BinaryFile object] | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_4] | 1-byte :cpp:type:`SE05x_RSAKeyComponent_t`: | +- * | | | either RSA_COMP_MOD or RSA_COMP_PUB_EXP. | +- * | | | [Optional] [Conditional: only for RSA key | +- * | | | components] | +- * +-------+------------+----------------------------------------------+ +- * | Le | 0x00 | | +- * +-------+------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+--------------------------------------------+ +- * | Value | Description | +- * +============+============================================+ +- * | TLV[TAG_1] | Data read from the secure object. | +- * +------------+--------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | The read is done successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID object id [1:kSE05x_TAG_1] +- * @param[in] offset offset [2:kSE05x_TAG_2] +- * @param[in] length length [3:kSE05x_TAG_3] +- * @param[out] data [0:kSE05x_TAG_1] +- * @param[in,out] pdataLen Length for data +- */ +-smStatus_t Se05x_API_ReadObject( +- pSe05xSession_t session_ctx, uint32_t objectID, uint16_t offset, uint16_t length, uint8_t *data, size_t *pdataLen); +- +-/** Se05x_API_ReadObject_W_Attst +- * +- * Read with attestation. +- * +- * See @ref Se05x_API_ReadObject +- * +- * When INS_ATTEST is set in addition to INS_READ, the secure object is read with +- * attestation. In addition to the response in TLV[TAG_1], there are additional +- * tags: +- * +- * TLV[TAG_2] will hold the object attributes (see ObjectAttributes). +- * +- * TLV[TAG_3] relative timestamp when the object has been retrieved +- * +- * TLV[TAG_4] will hold freshness random data +- * +- * TLV[TAG_5] will hold the unique ID of the device. +- * +- * TLV[TAG_6] will hold the signature over all concatenated Value fields tags of +- * the response (TAG_1 until and including TAG_5). +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+============+==============================================+ +- * | CLA | 0x80 | | +- * +-------+------------+----------------------------------------------+ +- * | INS | INS_READ | See :cpp:type:`SE05x_INS_t`, in addition to | +- * | | | INS_READ, users can set the INS_ATTEST flag. | +- * | | | In that case, attestation applies. | +- * +-------+------------+----------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+----------------------------------------------+ +- * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+----------------------------------------------+ +- * | Lc | #(Payload) | Payload Length. | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte object identifier | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_2] | 2-byte offset [Optional: default 0] | +- * | | | [Conditional: only when the object is a | +- * | | | BinaryFile object] | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_3] | 2-byte length [Optional: default 0] | +- * | | | [Conditional: only when the object is a | +- * | | | BinaryFile object] | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_4] | 1-byte :cpp:type:`SE05x_RSAKeyComponent_t`: | +- * | | | either RSA_COMP_MOD or RSA_COMP_PUB_EXP. | +- * | | | [Optional] [Conditional: only for RSA key | +- * | | | components] | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_5] | 4-byte attestation object identifier. | +- * | | | [Optional] [Conditional: only when | +- * | | | INS_ATTEST is set] | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_6] | 1-byte :cpp:type:`SE05x_AttestationAlgo_t` | +- * | | | [Optional] [Conditional: only when | +- * | | | INS_ATTEST is set] | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_7] | 16-byte freshness random [Optional] | +- * | | | [Conditional: only when INS_ATTEST is set] | +- * +-------+------------+----------------------------------------------+ +- * | Le | 0x00 | | +- * +-------+------------+----------------------------------------------+ +- * @endrst +- * +- * +- * @rst +- * +------------+--------------------------------------------+ +- * | Value | Description | +- * +============+============================================+ +- * | TLV[TAG_1] | Data read from the secure object. | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_2] | (only when INS_ATTEST is set) Byte array | +- * | | containing the attributes (see | +- * | | :cpp:type:`ObjectAttributesRef`). | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_3] | (only when INS_ATTEST is set) 12-byte | +- * | | timestamp | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_4] | (only when INS_ATTEST is set) 16-byte | +- * | | freshness random | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_5] | (only when INS_ATTEST is set) 18-byte Chip | +- * | | unique ID | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_6] | (only when INS_ATTEST is set) Signature | +- * | | applied over the value of TLV[TAG_1], | +- * | | TLV[TAG_2], TLV[TAG_3], TLV[TAG_4] and | +- * | | TLV[TAG_5]. | +- * +------------+--------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+--------------------------------------------+ +- * | Value | Description | +- * +============+============================================+ +- * | TLV[TAG_1] | Data read from the secure object. | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_2] | (only when INS_ATTEST is set) Byte array | +- * | | containing the attributes (see | +- * | | :cpp:type:`ObjectAttributesRef`). | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_3] | (only when INS_ATTEST is set) 12-byte | +- * | | timestamp | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_4] | (only when INS_ATTEST is set) 16-byte | +- * | | freshness random | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_5] | (only when INS_ATTEST is set) 18-byte Chip | +- * | | unique ID | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_6] | (only when INS_ATTEST is set) Signature | +- * | | applied over the value of TLV[TAG_1], | +- * | | TLV[TAG_2], TLV[TAG_3], TLV[TAG_4] and | +- * | | TLV[TAG_5]. | +- * +------------+--------------------------------------------+ +- * @endrst +- * +- * @param[in] session_ctx The session context +- * @param[in] objectID The object id +- * @param[in] offset The offset +- * @param[in] length The length +- * @param[in] attestID The attest id +- * @param[in] attestAlgo The attest algorithm +- * @param[in] random The random +- * @param[in] randomLen The random length +- * @param data The data +- * @param pdataLen The pdata length +- * @param attribute The attribute +- * @param pattributeLen The pattribute length +- * @param ptimeStamp The ptime stamp +- * @param outrandom The outrandom +- * @param poutrandomLen The poutrandom length +- * @param chipId The chip identifier +- * @param pchipIdLen The pchip identifier length +- * @param signature The signature +- * @param psignatureLen The psignature length +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_ReadObject_W_Attst(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint16_t offset, +- uint16_t length, +- uint32_t attestID, +- SE05x_AttestationAlgo_t attestAlgo, +- const uint8_t *random, +- size_t randomLen, +- uint8_t *data, +- size_t *pdataLen, +- uint8_t *attribute, +- size_t *pattributeLen, +- SE05x_TimeStamp_t *ptimeStamp, +- uint8_t *outrandom, +- size_t *poutrandomLen, +- uint8_t *chipId, +- size_t *pchipIdLen, +- uint8_t *signature, +- size_t *psignatureLen); +- +-/** Se05x_API_ReadRSA +- * +- * See @ref Se05x_API_ReadObject +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID object id [1:kSE05x_TAG_1] +- * @param[in] offset offset [2:kSE05x_TAG_2] +- * @param[in] length length [3:kSE05x_TAG_3] +- * @param[in] rsa_key_comp rsa_key_comp [4:kSE05x_TAG_4] +- * @param[out] data [0:kSE05x_TAG_1] +- * @param[in,out] pdataLen Length for data +- */ +-smStatus_t Se05x_API_ReadRSA(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint16_t offset, +- uint16_t length, +- SE05x_RSAPubKeyComp_t rsa_key_comp, +- uint8_t *data, +- size_t *pdataLen); +- +-/** Se05x_API_ReadRSA_W_Attst +- * +- * See @ref Se05x_API_ReadObject_W_Attst +- * +- * @param[in] session_ctx The session context +- * @param[in] objectID The object id +- * @param[in] offset The offset +- * @param[in] length The length +- * @param[in] rsa_key_comp The rsa key component +- * @param[in] attestID The attest id +- * @param[in] attestAlgo The attest algorithm +- * @param[in] random The random +- * @param[in] randomLen The random length +- * @param data The data +- * @param pdataLen The pdata length +- * @param attribute The attribute +- * @param pattributeLen The pattribute length +- * @param ptimeStamp The ptime stamp +- * @param outrandom The outrandom +- * @param poutrandomLen The poutrandom length +- * @param chipId The chip identifier +- * @param pchipIdLen The pchip identifier length +- * @param signature The signature +- * @param psignatureLen The psignature length +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_ReadRSA_W_Attst(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint16_t offset, +- uint16_t length, +- SE05x_RSAPubKeyComp_t rsa_key_comp, +- uint32_t attestID, +- SE05x_AttestationAlgo_t attestAlgo, +- const uint8_t *random, +- size_t randomLen, +- uint8_t *data, +- size_t *pdataLen, +- uint8_t *attribute, +- size_t *pattributeLen, +- SE05x_TimeStamp_t *ptimeStamp, +- uint8_t *outrandom, +- size_t *poutrandomLen, +- uint8_t *chipId, +- size_t *pchipIdLen, +- uint8_t *signature, +- size_t *psignatureLen); +- +-/** Se05x_API_ReadObjectAttributes_W_Attst +- * +- * Reads the attributes of a Secure Object (without the value of the Secure +- * Object). +- * +- * Each Secure Object has a number of attributes assigned to it. These attributes +- * are listed in for Authentication Objects and in for non-Authentication +- * Objects. +- * +- * # Authentication Object attributes +- * +- * @rst +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Attribute | Size (bytes) | Description | +- * +==================================+==============+================================================+ +- * | Object identifier | 4 | See :cpp:type:`identifiersRef` | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Object type | 1 | One of SecureObjectType | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Authentication attribute | 1 | One of :cpp:type:`SetIndicatorRef` | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Object counter | 2 | Number of failed attempts for an | +- * | | | authentication object if the Maximum | +- * | | | Authentication Attempts has been set. | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Authentication object identifier | 4 | "Owner" of the secure object; i.e., the | +- * | | | identifier of the session authentication | +- * | | | object when the object has been created. | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Maximum authentication attempts | 2 | Maximum number of authentication attempts. 0 | +- * | | | means unlimited. | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Policy | Variable | Policy attached to the object | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Origin | 1 | One of :cpp:type:`OriginRef`; indicates the | +- * | | | origin of the Secure Object, either | +- * | | | externally set, internally generated or trust | +- * | | | provisioned by NXP. | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Version | 1 | The Secure Object version. Default = 0. See | +- * | | | FIPS compliance for details about versioning | +- * | | | of Secure Objects. | +- * +----------------------------------+--------------+------------------------------------------------+ +- * @endrst +- * +- * # Non-Authentication Objects +- * +- * @rst +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Attribute | Size (bytes) | Description | +- * +==================================+==============+================================================+ +- * | Object identifier | 4 | See Object identifiers | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Object type | 1 | One of SecureObjectType | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Authentication attribute | 1 | One of :cpp:type:`SetIndicatorRef` | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Tag length | 2 | Set to 0x0000, except for AESKey objects: for | +- * | | | AESKey objects, this indicates the GMAC | +- * | | | length that applies when doing AEAD | +- * | | | operations. If the value is set to 0 and AEAD | +- * | | | operations are done, the GMAC length shall be | +- * | | | 128 bit. | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Authentication object identifier | 4 | "Owner" of the secure object; i.e., the | +- * | | | identifier of the session authentication | +- * | | | object when the object has been created. | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | RFU | 2 | Set to 0x0000. | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Policy | Variable | Policy attached to the object | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Origin | 1 | One of :cpp:type:`OriginRef`; indicates the | +- * | | | origin of the Secure Object, either | +- * | | | externally set, internally generated or trust | +- * | | | provisioned by NXP. | +- * +----------------------------------+--------------+------------------------------------------------+ +- * | Version | 1 | The Secure Object version. Default = 0. See | +- * | | | FIPS compliance for details about versioning | +- * | | | of Secure Objects. | +- * +----------------------------------+--------------+------------------------------------------------+ +- * @endrst +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+---------------+-----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+===============+===============================================+ +- * | CLA | 0x80 | | +- * +-------+---------------+-----------------------------------------------+ +- * | INS | INS_READ | See :cpp:type:`SE05x_INS_t`, in addition to | +- * | | | INS_READ, users can set the INS_ATTEST flag. | +- * | | | In that case, attestation applies. | +- * +-------+---------------+-----------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+---------------+-----------------------------------------------+ +- * | P2 | P2_ATTRIBUTES | See :cpp:type:`SE05x_P2_t` | +- * +-------+---------------+-----------------------------------------------+ +- * | Lc | #(Payload) | Payload Length. | +- * +-------+---------------+-----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte object identifier | +- * +-------+---------------+-----------------------------------------------+ +- * | | TLV[TAG_5] | 4-byte attestation object identifier. | +- * | | | [Optional] [Conditional: only when | +- * | | | INS_ATTEST is set] | +- * +-------+---------------+-----------------------------------------------+ +- * | | TLV[TAG_6] | 1-byte AttestationAlgo [Optional] | +- * | | | [Conditional: only when INS_ATTEST is set] | +- * +-------+---------------+-----------------------------------------------+ +- * | | TLV[TAG_7] | 16-byte freshness random [Optional] | +- * | | | [Conditional: only when INS_ATTEST is set] | +- * +-------+---------------+-----------------------------------------------+ +- * | Le | 0x00 | | +- * +-------+---------------+-----------------------------------------------+ +- * @endrst +- * +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+--------------------------------------------+ +- * | Value | Description | +- * +============+============================================+ +- * | TLV[TAG_2] | Byte array containing the attributes (see | +- * | | Object Attributes). | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_3] | (only when INS_ATTEST is set) 12-byte | +- * | | timestamp | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_4] | (only when INS_ATTEST is set) 16-byte | +- * | | freshness random | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_5] | (only when INS_ATTEST is set) 18-byte Chip | +- * | | unique ID | +- * +------------+--------------------------------------------+ +- * | TLV[TAG_6] | (only when INS_ATTEST is set) Signature | +- * | | applied over the value of TLV[TAG_2], | +- * | | TLV[TAG_2], TLV[TAG_3], TLV[TAG_4] and | +- * | | TLV[TAG_5]. | +- * +------------+--------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | The read is done successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * @param[in] session_ctx The session context +- * @param[in] objectID The object id +- * @param[in] attestID The attest id +- * @param[in] attestAlgo The attest algorithm +- * @param[in] random The random +- * @param[in] randomLen The random length +- * @param data The data +- * @param pdataLen The pdata length +- * @param ptimeStamp The ptime stamp +- * @param outrandom The outrandom +- * @param poutrandomLen The poutrandom length +- * @param chipId The chip identifier +- * @param pchipIdLen The pchip identifier length +- * @param signature The signature +- * @param psignatureLen The psignature length +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_ReadObjectAttributes_W_Attst(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint32_t attestID, +- SE05x_AttestationAlgo_t attestAlgo, +- const uint8_t *random, +- size_t randomLen, +- uint8_t *data, +- size_t *pdataLen, +- SE05x_TimeStamp_t *ptimeStamp, +- uint8_t *outrandom, +- size_t *poutrandomLen, +- uint8_t *chipId, +- size_t *pchipIdLen, +- uint8_t *signature, +- size_t *psignatureLen); +- +-/** Se05x_API_ExportObject +- * +- * Reads a transient Secure Object from SE05X. +- * +- * Secure Objects can be serialized so the Secure Object can be represented as a +- * byte array. The byte array contains all attributes of the Secure Object, as +- * well as the value (including the secret part!) of the object. +- * +- * The purpose of the serialization is to be able to allow export and import of +- * Secure Objects. Serialized Secure Objects can be reconstructed so they can be +- * used as a (normal) Secure Object. Any operation like key or file management +- * and crypto operation can only be done on a deserialized Secure Object. +- * +- * Users can export transient Secure Objects to a non-trusted environment (e.g., +- * host controller). The object must be AESKey, DESKey, RSAKey or ECCKey. +- * +- * Exported credentials are always encrypted and MAC'ed. +- * +- * The following steps are taken: +- * +- * * The secure element holds a randomly generated persistent +- * 256-bit AES cipher and an 128-bit AES CMAC key. Both keys do +- * not require user interaction, they are internal to the SE05X . +- * +- * * A Secure Object that is identified for export is +- * serialized. This means the key value as well as all Secure +- * Object attributes are stored as byte array (see Object +- * attributes for attribute details). +- * +- * * The serialized Secure Object is encrypted using AES CBC (no +- * padding) and using the default IV. +- * +- * * A CMAC is applied to the serialized Secure Object + metadata +- * using the AES CMAC key. +- * +- * * The byte array is exported. +- * +- * An object may only be imported into the store if the SecureObject ID and type +- * are the same as the exported object. Therefore, it is not possible to import +- * if the corresponding object in the applet has been deleted. +- * +- * NOTES: +- * +- * * The exported object is not deleted automatically. +- * +- * * The timestamp has a 100msec granularity, so it is possible to +- * export multiple times with the same timestamp. The freshness +- * (user input) should avoid duplicate attestation results as the +- * user has to provide different freshness input. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+--------------------------------------------+ +- * | Field | Value | Description | +- * +=======+============+============================================+ +- * | CLA | 0x80 | | +- * +-------+------------+--------------------------------------------+ +- * | INS | INS_READ | See :cpp:type:`SE05x_INS_t`. | +- * +-------+------------+--------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+--------------------------------------------+ +- * | P2 | P2_EXPORT | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+--------------------------------------------+ +- * | Lc | #(Payload) | Payload Length. | +- * +-------+------------+--------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte object identifier | +- * +-------+------------+--------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSAKeyComponent_t` | +- * | | | (only applies to Secure Objects of type | +- * | | | RSAKey). | +- * +-------+------------+--------------------------------------------+ +- * | Le | 0x00 | | +- * +-------+------------+--------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+----------------------------------------------+ +- * | Value | Description | +- * +============+==============================================+ +- * | TLV[TAG_1] | Byte array containing exported Secure Object | +- * | | data. | +- * +------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+----------------------------------------------+ +- * | SW | Description | +- * +=============+==============================================+ +- * | SW_NO_ERROR | The file is created or updated successfully. | +- * +-------------+----------------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID object id [1:kSE05x_TAG_1] +- * @param[in] rsaKeyComp rsaKeyComp [2:kSE05x_TAG_2] +- * @param[out] data [0:kSE05x_TAG_1] +- * @param[in,out] pdataLen Length for data +- */ +-smStatus_t Se05x_API_ExportObject(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_RSAKeyComponent_t rsaKeyComp, +- uint8_t *data, +- size_t *pdataLen); +- +-/** Se05x_API_ReadType +- * +- * Get the type of a Secure Object. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+-----------------------------+ +- * | Field | Value | Description | +- * +=======+============+=============================+ +- * | CLA | 0x80 | | +- * +-------+------------+-----------------------------+ +- * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+-----------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+-----------------------------+ +- * | P2 | P2_TYPE | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+-----------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+-----------------------------+ +- * | | TLV[TAG_1] | 4-byte object identifier. | +- * +-------+------------+-----------------------------+ +- * | Le | 0x00 | | +- * +-------+------------+-----------------------------+ +- * @endrst +- * +- +- * # R-APDU Body +- * +- * @rst +- * +------------+-----------------------------------+ +- * | Value | Description | +- * +============+===================================+ +- * | TLV[TAG_1] | Type of the Secure Object: one of | +- * | | :cpp:type:`SE05x_SecObjTyp_t` | +- * +------------+-----------------------------------+ +- * | TLV[TAG_2] | :cpp:type:`TransientIndicatorRef` | +- * +------------+-----------------------------------+ +- * @endrst +- * +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] objectID The object id +- * @param ptype The ptype +- * @param pisTransient The pis transient +- * @param[in] attestation_type The attestation type +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_ReadType(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_SecureObjectType_t *ptype, +- uint8_t *pisTransient, +- const SE05x_AttestationType_t attestation_type); +- +-/** Se05x_API_ReadSize +- * +- * ReadSize +- * +- * Get the size of a Secure Object (in bytes): +- * +- * * For EC keys: the size of the curve is returned. +- * +- * * For RSA keys: the key size is returned. +- * +- * * For AES/DES/HMAC keys, the key size is returned. +- * +- * * For binary files: the file size is returned +- * +- * * For userIDs: nothing is returned (SW_CONDITIONS_NOT_SATISFIED). +- * +- * * For counters: the counter length is returned. +- * +- * * For PCR: the PCR length is returned. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+-----------------------------+ +- * | Field | Value | Description | +- * +=======+============+=============================+ +- * | CLA | 0x80 | | +- * +-------+------------+-----------------------------+ +- * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+-----------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+-----------------------------+ +- * | P2 | P2_SIZE | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+-----------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+-----------------------------+ +- * | | TLV[TAG_1] | 4-byte object identifier. | +- * +-------+------------+-----------------------------+ +- * | Le | 0x00 | | +- * +-------+------------+-----------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-----------------------------+ +- * | Value | Description | +- * +============+=============================+ +- * | TLV[TAG_1] | Byte array containing size. | +- * +------------+-----------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] objectID The object id +- * @param psize The psize +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_ReadSize(pSe05xSession_t session_ctx, uint32_t objectID, uint16_t *psize); +- +-/** Se05x_API_ReadIDList +- * +- * Get a list of present Secure Object identifiers. +- * +- * The offset in TAG_1 is an 0-based offset in the list of object. As the user +- * does not know how many objects would be returned, the offset needs to be based +- * on the return values from the previous ReadIDList. If the applet only returns +- * a part of the result, it will indicate that more identifiers are available (by +- * setting TLV[TAG_1] in the response to 0x01). The user can then retrieve the +- * next chunk of identifiers by calling ReadIDList with an offset that equals the +- * amount of identifiers listed in the previous response. +- * +- * _Example 1:_ first ReadIDList command TAG_1=0, response TAG_1=0, +- * TAG_2=complete list +- * +- * _Example 2:_ first ReadIDList command TAG_1=0, response TAG_1=1, TAG_2=first +- * chunk (m entries) second ReadIDList command TAG_1=m, response TAG_1=1, +- * TAG_2=second chunk (n entries) thirst ReadIDList command TAG_1=(m+n), response +- * TAG_1=0, TAG_2=third last chunk +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+-----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+============+===============================================+ +- * | CLA | 0x80 | | +- * +-------+------------+-----------------------------------------------+ +- * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+-----------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+-----------------------------------------------+ +- * | P2 | P2_LIST | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+-----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+-----------------------------------------------+ +- * | | TLV[TAG_1] | 2-byte offset | +- * +-------+------------+-----------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte type filter: 1 byte from | +- * | | | :cpp:type:`SE05x_SecObjTyp_t` or 0xFF for all | +- * | | | types. | +- * +-------+------------+-----------------------------------------------+ +- * | Le | 0x00 | | +- * +-------+------------+-----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-------------------------------------------+ +- * | Value | Description | +- * +============+===========================================+ +- * | TLV[TAG_1] | 1-byte :cpp:type:`MoreIndicatorRef` | +- * +------------+-------------------------------------------+ +- * | TLV[TAG_2] | Byte array containing 4-byte identifiers. | +- * +------------+-------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] outputOffset output offset [1:kSE05x_TAG_1] +- * @param[in] filter filter [2:kSE05x_TAG_2] +- * @param[out] pmore If more ids are present [0:kSE05x_TAG_1] +- * @param[out] idlist Byte array containing 4-byte identifiers [1:kSE05x_TAG_2] +- * @param[in,out] pidlistLen Length for idlist +- */ +-smStatus_t Se05x_API_ReadIDList(pSe05xSession_t session_ctx, +- uint16_t outputOffset, +- uint8_t filter, +- uint8_t *pmore, +- uint8_t *idlist, +- size_t *pidlistLen); +- +-/** Se05x_API_CheckObjectExists +- * +- * +- * Check if a Secure Object with a certain identifier exists or not. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+-------------------------------------------+ +- * | Field | Value | Description | +- * +=======+============+===========================================+ +- * | CLA | 0x80 | | +- * +-------+------------+-------------------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+-------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+-------------------------------------------+ +- * | P2 | P2_EXIST | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+-------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+-------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte existing Secure Object identifier. | +- * +-------+------------+-------------------------------------------+ +- * | Le | 0x00 | | +- * +-------+------------+-------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-----------------------------------+ +- * | Value | Description | +- * +============+===================================+ +- * | TLV[TAG_1] | 1-byte :cpp:type:`SE05x_Result_t` | +- * +------------+-----------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID object id [1:kSE05x_TAG_1] +- * @param[out] presult [0:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_CheckObjectExists(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_Result_t *presult); +- +-/** Se05x_API_DeleteSecureObject +- * +- * Deletes a Secure Object. +- * +- * If the object origin = ORIGIN_PROVISIONED, an error will be returned and the +- * object is not deleted. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------------+-------------------------------------------+ +- * | Field | Value | Description | +- * +=======+==================+===========================================+ +- * | CLA | 0x80 | | +- * +-------+------------------+-------------------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------------+-------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------------+-------------------------------------------+ +- * | P2 | P2_DELETE_OBJECT | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------------+-------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------------+-------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte existing Secure Object identifier. | +- * +-------+------------------+-------------------------------------------+ +- * | Le | - | | +- * +-------+------------------+-------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+----------------------------------------------+ +- * | SW | Description | +- * +=============+==============================================+ +- * | SW_NO_ERROR | The file is created or updated successfully. | +- * +-------------+----------------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID object id [1:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_DeleteSecureObject(pSe05xSession_t session_ctx, uint32_t objectID); +- +-/** Se05x_API_CreateECCurve +- * +- * Create an EC curve listed in ECCurve. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+-------------------------------+ +- * | Field | Value | Description | +- * +=======+============+===============================+ +- * | CLA | 0x80 | | +- * +-------+------------+-------------------------------+ +- * | INS | INS_WRITE | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+-------------------------------+ +- * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+-------------------------------+ +- * | P2 | P2_CREATE | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+-------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+-------------------------------+ +- * | | TLV[TAG_1] | 1-byte curve identifier (from | +- * | | | :cpp:type:`SE05x_ECCurve_t`). | +- * +-------+------------+-------------------------------+ +- * | Le | | | +- * +-------+------------+-------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] curveID curve id [1:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_CreateECCurve(pSe05xSession_t session_ctx, SE05x_ECCurve_t curveID); +- +-/** Se05x_API_SetECCurveParam +- * +- * Set a curve parameter. The curve must have been created first by +- * CreateEcCurve. +- * +- * All parameters must match the expected value for the listed curves. If the +- * curve parameters are not correct, the curve cannot be used. +- * +- * Users have to set all 5 curve parameters for the curve to be usable. Once all +- * curve parameters are given, the secure element will check if all parameters +- * are correct and return SW_NO_ERROR.. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+============+==============================================+ +- * | CLA | 0x80 | | +- * +-------+------------+----------------------------------------------+ +- * | INS | INS_WRITE | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+----------------------------------------------+ +- * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+----------------------------------------------+ +- * | P2 | P2_PARAM | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_1] | 1-byte curve identifier, from | +- * | | | :cpp:type:`SE05x_ECCurve_t` | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_ECCurveParam_t` | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_3] | Bytestring containing curve parameter value. | +- * +-------+------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] curveID curve id [1:kSE05x_TAG_1] +- * @param[in] ecCurveParam ecCurveParam [2:kSE05x_TAG_2] +- * @param[in] inputData inputData [3:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- */ +-smStatus_t Se05x_API_SetECCurveParam(pSe05xSession_t session_ctx, +- SE05x_ECCurve_t curveID, +- SE05x_ECCurveParam_t ecCurveParam, +- const uint8_t *inputData, +- size_t inputDataLen); +- +-/** Se05x_API_GetECCurveId +- * +- * Get the curve associated with an EC key. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +---------+------------+-----------------------------+ +- * | Field | Value | Description | +- * +=========+============+=============================+ +- * | CLA | 0x80 | | +- * +---------+------------+-----------------------------+ +- * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | +- * +---------+------------+-----------------------------+ +- * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | +- * +---------+------------+-----------------------------+ +- * | P2 | P2_ID | See :cpp:type:`SE05x_P2_t` | +- * +---------+------------+-----------------------------+ +- * | Lc | #(Payload) | | +- * +---------+------------+-----------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte identifier | +- * +---------+------------+-----------------------------+ +- * | Le | 0x00 | | +- * +---------+------------+-----------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-------------------------------+ +- * | Value | Description | +- * +============+===============================+ +- * | TLV[TAG_1] | 1-byte curve identifier (from | +- * | | :cpp:type:`SE05x_ECCurve_t`) | +- * +------------+-------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID object id [1:kSE05x_TAG_1] +- * @param[out] pcurveId [0:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_GetECCurveId(pSe05xSession_t session_ctx, uint32_t objectID, uint8_t *pcurveId); +- +-/** Se05x_API_ReadECCurveList +- * +- * Get a list of (Weierstrass) EC curves that are instantiated. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+----------+-----------------------------+ +- * | Field | Value | Description | +- * +=======+==========+=============================+ +- * | CLA | 0x80 | | +- * +-------+----------+-----------------------------+ +- * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | +- * +-------+----------+-----------------------------+ +- * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | +- * +-------+----------+-----------------------------+ +- * | P2 | P2_LIST | See :cpp:type:`SE05x_P2_t` | +- * +-------+----------+-----------------------------+ +- * | Le | 0x00 | | +- * +-------+----------+-----------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+------------------------------------------------+ +- * | Value | Description | +- * +============+================================================+ +- * | TLV[TAG_1] | Byte array listing all curve identifiers in | +- * | | :cpp:type:`SE05x_ECCurve_t` (excluding UNUSED) | +- * | | where the curve identifier < 0x40; for each | +- * | | curve, a 1-byte :cpp:type:`SetIndicatorRef` is | +- * | | returned. | +- * +------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[out] curveList [0:kSE05x_TAG_1] +- * @param[in,out] pcurveListLen Length for curveList +- */ +-smStatus_t Se05x_API_ReadECCurveList(pSe05xSession_t session_ctx, uint8_t *curveList, size_t *pcurveListLen); +- +-/** Se05x_API_DeleteECCurve +- * +- * Deletes an EC curve. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------------+-------------------------------+ +- * | Field | Value | Description | +- * +=======+==================+===============================+ +- * | CLA | 0x80 | | +- * +-------+------------------+-------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------------+-------------------------------+ +- * | P1 | P1_CURVE | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------------+-------------------------------+ +- * | P2 | P2_DELETE_OBJECT | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------------+-------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------------+-------------------------------+ +- * | | TLV[TAG_1] | 1-byte curve identifier (from | +- * | | | :cpp:type:`SE05x_ECCurve_t`) | +- * +-------+------------------+-------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] curveID curve id [1:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_DeleteECCurve(pSe05xSession_t session_ctx, SE05x_ECCurve_t curveID); +- +-/** Se05x_API_CreateCryptoObject +- * +- * Creates a Crypto Object on the SE05X . Once the Crypto Object is created, it +- * is bound to the user who created the Crypto Object. +- * +- * A CryptoObject is a 2-byte value consisting of a CryptoContext in MSB and one +- * of the following in LSB: +- * +- * * DigestMode in case CryptoContext = CC_DIGEST +- * +- * * CipherMode in case CryptoContext = CC_CIPHER +- * +- * * MACAlgo in case CryptoContext = CC_SIGNATURE +- * +- * * AEADMode in case CryptoContext = CC_AEAD +- * +- * # Command to Applet +- * +- * @rst +- * +---------+---------------+-------------------------------------------+ +- * | Field | Value | Description | +- * +=========+===============+===========================================+ +- * | CLA | 0x80 | | +- * +---------+---------------+-------------------------------------------+ +- * | INS | INS_WRITE | See :cpp:type:`SE05x_INS_t` | +- * +---------+---------------+-------------------------------------------+ +- * | P1 | P1_CRYPTO_OBJ | See :cpp:type:`SE05x_P1_t` | +- * +---------+---------------+-------------------------------------------+ +- * | P2 | P2_DEFAULT | See :cpp:type:`SE05x_P2_t` | +- * +---------+---------------+-------------------------------------------+ +- * | Lc | #(Payload) | Payload length | +- * +---------+---------------+-------------------------------------------+ +- * | Payload | TLV[TAG_1] | 2-byte Crypto Object identifier | +- * +---------+---------------+-------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_CryptoObject_t` | +- * +---------+---------------+-------------------------------------------+ +- * | | TLV[TAG_3] | 1-byte Crypto Object subtype, either from | +- * | | | :cpp:type:`DigestModeRef`, CipherMode, | +- * | | | MACAlgo (depending on TAG_2) or AEADMode. | +- * +---------+---------------+-------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+----------------------------------------------+ +- * | SW | Description | +- * +=============+==============================================+ +- * | SW_NO_ERROR | The file is created or updated successfully. | +- * +-------------+----------------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_1] +- * @param[in] cryptoContext cryptoContext [2:kSE05x_TAG_2] +- * +- * @param[in] subtype 1-byte Crypto Object subtype, either from +- * DigestMode, CipherMode or MACAlgo (depending on +- * TAG_2). [3:kSE05x_TAG_3] +- */ +-smStatus_t Se05x_API_CreateCryptoObject(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- SE05x_CryptoContext_t cryptoContext, +- SE05x_CryptoModeSubType_t subtype); +- +-/** Se05x_API_ReadCryptoObjectList +- * +- * Get the list of allocated Crypto Objects indicating the identifier, the +- * CryptoContext and the sub type of the CryptoContext. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+---------------+-----------------------------+ +- * | Field | Value | Description | +- * +=======+===============+=============================+ +- * | CLA | 0x80 | | +- * +-------+---------------+-----------------------------+ +- * | INS | INS_READ | See :cpp:type:`SE05x_INS_t` | +- * +-------+---------------+-----------------------------+ +- * | P1 | P1_CRYPTO_OBJ | See :cpp:type:`SE05x_P1_t` | +- * +-------+---------------+-----------------------------+ +- * | P2 | P2_LIST | See :cpp:type:`SE05x_P2_t` | +- * +-------+---------------+-----------------------------+ +- * | Le | 0x00 | | +- * +-------+---------------+-----------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-----------------------------------------------+ +- * | Value | Description | +- * +============+===============================================+ +- * | TLV[TAG_1] | Byte array containing a list of 2-byte Crypto | +- * | | Object identifiers, followed by 1-byte | +- * | | CryptoContext and 1-byte subtype for each | +- * | | Crypto Object (so 4 bytes for each Crypto | +- * | | Object). | +- * +------------+-----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[out] idlist If more ids are present [0:kSE05x_TAG_1] +- * @param[in,out] pidlistLen Length for idlist +- */ +-smStatus_t Se05x_API_ReadCryptoObjectList(pSe05xSession_t session_ctx, uint8_t *idlist, size_t *pidlistLen); +- +-/** Se05x_API_DeleteCryptoObject +- * +- * Deletes a Crypto Object on the SE05X . +- * +- * Note: when a Crypto Object is deleted, the memory (as mentioned in ) is de- +- * allocated, but the transient memory is only freed when de-selecting the +- * applet! +- * +- * # Command to Applet +- * +- * @rst +- * +---------+------------------+---------------------------------+ +- * | Field | Value | Description | +- * +=========+==================+=================================+ +- * | CLA | 0x80 | | +- * +---------+------------------+---------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +---------+------------------+---------------------------------+ +- * | P1 | P1_CRYPTO_OBJ | See :cpp:type:`SE05x_P1_t` | +- * +---------+------------------+---------------------------------+ +- * | P2 | P2_DELETE_OBJECT | See :cpp:type:`SE05x_P2_t` | +- * +---------+------------------+---------------------------------+ +- * | Lc | #(Payload) | Payload length | +- * +---------+------------------+---------------------------------+ +- * | Payload | TLV[TAG_1] | 2-byte Crypto Object identifier | +- * +---------+------------------+---------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+----------------------------------------------+ +- * | SW | Description | +- * +=============+==============================================+ +- * | SW_NO_ERROR | The file is created or updated successfully. | +- * +-------------+----------------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_DeleteCryptoObject(pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID); +- +-/** Se05x_API_ECDSASign +- * +- * The ECDSASign command signs external data using the indicated key pair or +- * private key. +- * +- * The ECSignatureAlgo indicates the ECDSA algorithm that is used, but the +- * hashing of data always must be done on the host. E.g., if ECSignatureAlgo = +- * SIG_ ECDSA_SHA256, the user must have applied SHA256 on the input data +- * already. +- * +- * The user must take care of providing the correct input length; i.e., the data +- * input length (TLV[TAG_3]) must match the digest indicated in the signature +- * algorithm (TLV[TAG_2]). +- * +- * In any case, the APDU payload must be smaller than MAX_APDU_PAYLOAD_LENGTH. +- * +- * This is performed according to the ECDSA algorithm as specified in [ANSI +- * X9.62]. The signature (a sequence of two integers 'r' and 's') as +- * returned in the response adheres to the ASN.1 DER encoded formatting rules for +- * integers. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+--------------+---------------------------------------------+ +- * | Field | Value | Description | +- * +=======+==============+=============================================+ +- * | CLA | 0x80 | | +- * +-------+--------------+---------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+--------------+---------------------------------------------+ +- * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | +- * +-------+--------------+---------------------------------------------+ +- * | P2 | P2_SIGN | See :cpp:type:`SE05x_P2_t` | +- * +-------+--------------+---------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+--------------+---------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte identifier of EC key pair or private | +- * | | | key. | +- * +-------+--------------+---------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte ECSignatureAlgo. | +- * +-------+--------------+---------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing input data. | +- * +-------+--------------+---------------------------------------------+ +- * | Le | 0x00 | Expecting ASN.1 signature | +- * +-------+--------------+---------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+----------------------------------+ +- * | Value | Description | +- * +============+==================================+ +- * | TLV[TAG_1] | ECDSA Signature in ASN.1 format. | +- * +------------+----------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] ecSignAlgo ecSignAlgo [2:kSE05x_TAG_2] +- * @param[in] inputData inputData [3:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[out] signature [0:kSE05x_TAG_1] +- * @param[in,out] psignatureLen Length for signature +- */ +-smStatus_t Se05x_API_ECDSASign(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_ECSignatureAlgo_t ecSignAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *signature, +- size_t *psignatureLen); +- +-/** Se05x_API_EdDSASign +- * +- * The EdDSASign command signs external data using the indicated key pair or +- * private key (using a Twisted Edwards curve). This is performed according to +- * the EdDSA algorithm as specified in [RFC8032]. +- * +- * The input data need to be the plain data (not hashed). +- * +- * The signature as returned in the response is a 64-byte array, being the +- * concatenation of the signature r and s component (without leading zeroes for +- * sign indication). +- * +- * # Command to Applet +- * +- * @rst +- * +-------+--------------+---------------------------------------------+ +- * | Field | Value | Description | +- * +=======+==============+=============================================+ +- * | CLA | 0x80 | | +- * +-------+--------------+---------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+--------------+---------------------------------------------+ +- * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | +- * +-------+--------------+---------------------------------------------+ +- * | P2 | P2_SIGN | See :cpp:type:`SE05x_P2_t` | +- * +-------+--------------+---------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+--------------+---------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte identifier of EC key pair or private | +- * | | | key. | +- * +-------+--------------+---------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte EDSignatureAlgo | +- * +-------+--------------+---------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing plain input data. | +- * +-------+--------------+---------------------------------------------+ +- * | Le | 0x00 | Expecting signature | +- * +-------+--------------+---------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+------------------------------------------+ +- * | Value | Description | +- * +============+==========================================+ +- * | TLV[TAG_1] | EdDSA Signature (r concatenated with s). | +- * +------------+------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] edSignAlgo edSignAlgo [2:kSE05x_TAG_2] +- * @param[in] inputData inputData [3:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[out] signature [0:kSE05x_TAG_1] +- * @param[in,out] psignatureLen Length for signature +- */ +-smStatus_t Se05x_API_EdDSASign(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_EDSignatureAlgo_t edSignAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *signature, +- size_t *psignatureLen); +- +-/** Se05x_API_ECDAASign +- * +- * The ECDAASign command signs external data using the indicated key pair or +- * private key. This is performed according to ECDAA. The generated signature is: +- * +- * * r = random mod n +- * +- * * s = (r + T.ds) mod n where d is the private key +- * +- * The ECDAASignatureAlgo indicates the applied algorithm. +- * +- * This APDU command should be used with a key identifier linked to +- * TPM_ECC_BN_P256 curve. +- * +- * _Note:_ The applet allows the random input to be 32 bytes of zeroes; the user +- * must take care that this is not considered as valid input. Only input in the +- * interval [1, n-1] must be considered as valid. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+--------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +=======+==============+================================================+ +- * | CLA | 0x80 | | +- * +-------+--------------+------------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+--------------+------------------------------------------------+ +- * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | +- * +-------+--------------+------------------------------------------------+ +- * | P2 | P2_SIGN | See :cpp:type:`SE05x_P2_t` | +- * +-------+--------------+------------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+--------------+------------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte identifier of EC key pair or private | +- * | | | key. | +- * +-------+--------------+------------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte ECDAASignatureAlgo | +- * +-------+--------------+------------------------------------------------+ +- * | | TLV[TAG_3] | T = 32-byte array containing hashed input | +- * | | | data. | +- * +-------+--------------+------------------------------------------------+ +- * | | TLV[TAG_4] | r = 32-byte array containing random data, must | +- * | | | be in the interval [1, n-1] where n is the | +- * | | | order of the curve. | +- * +-------+--------------+------------------------------------------------+ +- * | Le | 0x00 | Expecting signature | +- * +-------+--------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+------------------------------------------+ +- * | Value | Description | +- * +============+==========================================+ +- * | TLV[TAG_1] | ECDSA Signature (r concatenated with s). | +- * +------------+------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] ecdaaSignAlgo ecdaaSignAlgo [2:kSE05x_TAG_2] +- * @param[in] inputData inputData [3:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[in] randomData randomData [4:kSE05x_TAG_4] +- * @param[in] randomDataLen Length of randomData +- * @param[out] signature [0:kSE05x_TAG_1] +- * @param[in,out] psignatureLen Length for signature +- */ +-smStatus_t Se05x_API_ECDAASign(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_ECDAASignatureAlgo_t ecdaaSignAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *randomData, +- size_t randomDataLen, +- uint8_t *signature, +- size_t *psignatureLen); +- +-/** Se05x_API_ECDSAVerify +- * +- * The ECDSAVerify command verifies whether the signature is correct for a given +- * (hashed) data input using an EC public key or EC key pair's public key. +- * +- * The ECSignatureAlgo indicates the ECDSA algorithm that is used, but the +- * hashing of data must always be done on the host. E.g., if ECSignatureAlgo = +- * SIG_ ECDSA_SHA256, the user must have applied SHA256 on the input data +- * already. +- * +- * The key cannot be passed externally to the command directly. In case users +- * want to use the command to verify signatures using different public keys or +- * the public key value regularly changes, the user should create a transient key +- * object to which the key value is written and then the identifier of that +- * transient secure object can be used by this ECDSAVerify command. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+--------------+-----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+==============+===============================================+ +- * | CLA | 0x80 | | +- * +-------+--------------+-----------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+--------------+-----------------------------------------------+ +- * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | +- * +-------+--------------+-----------------------------------------------+ +- * | P2 | P2_VERIFY | See :cpp:type:`SE05x_P2_t` | +- * +-------+--------------+-----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+--------------+-----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte identifier of the key pair or public | +- * | | | key. | +- * +-------+--------------+-----------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte ECSignatureAlgo. | +- * +-------+--------------+-----------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing ASN.1 signature | +- * +-------+--------------+-----------------------------------------------+ +- * | | TLV[TAG_5] | Byte array containing hashed data to compare. | +- * +-------+--------------+-----------------------------------------------+ +- * | Le | 0x03 | Expecting TLV with :cpp:type:`SE05x_Result_t` | +- * +-------+--------------+-----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+--------------------------------------+ +- * | Value | Description | +- * +============+======================================+ +- * | TLV[TAG_1] | Result of the signature verification | +- * | | (:cpp:type:`SE05x_Result_t`). | +- * +------------+--------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-----------------------------+--------------------------------------+ +- * | SW | Description | +- * +=============================+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-----------------------------+--------------------------------------+ +- * | SW_CONDITIONS_NOT_SATISFIED | Incorrect data | +- * +-----------------------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] ecSignAlgo ecSignAlgo [2:kSE05x_TAG_2] +- * @param[in] inputData inputData [3:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[in] signature signature [4:kSE05x_TAG_5] +- * @param[in] signatureLen Length of signature +- * @param[out] presult [0:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_ECDSAVerify(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_ECSignatureAlgo_t ecSignAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *signature, +- size_t signatureLen, +- SE05x_Result_t *presult); +- +-/** Se05x_API_EdDSAVerify +- * +- * The EdDSAVerify command verifies whether the signature is correct for a given +- * data input (hashed using SHA512) using an EC public key or EC key pair's +- * public key. The signature needs to be given as concatenation of r and s. +- * +- * The data needs to be compared with the plain message without being hashed. +- * +- * _Note_ : See chapter 7 for correct byte order as both r and s need to be byte +- * swapped. +- * +- * This is performed according to the EdDSA algorithm as specified in [RFC8032]. +- * +- * The key cannot be passed externally to the command directly. In case users +- * want to use the command to verify signatures using different public keys or +- * the public key value regularly changes, the user should create a transient key +- * object to which the key value is written and then the identifier of that +- * transient secure object can be used by this EdDSAVerify command. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+--------------+-----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+==============+===============================================+ +- * | CLA | 0x80 | | +- * +-------+--------------+-----------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+--------------+-----------------------------------------------+ +- * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | +- * +-------+--------------+-----------------------------------------------+ +- * | P2 | P2_VERIFY | See :cpp:type:`SE05x_P2_t` | +- * +-------+--------------+-----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+--------------+-----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte identifier of the key pair or public | +- * | | | key. | +- * +-------+--------------+-----------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte :cpp:type:`EDSignatureAlgoRef`. | +- * +-------+--------------+-----------------------------------------------+ +- * | | TLV[TAG_3] | 64-byte array containing the signature | +- * | | | (concatenation of r and s). | +- * +-------+--------------+-----------------------------------------------+ +- * | | TLV[TAG_5] | Byte array containing plain data to compare. | +- * +-------+--------------+-----------------------------------------------+ +- * | Le | 0x03 | Expecting TLV with :cpp:type:`SE05x_Result_t` | +- * +-------+--------------+-----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+--------------------------------------+ +- * | Value | Description | +- * +============+======================================+ +- * | TLV[TAG_1] | Result of the signature verification | +- * | | (:cpp:type:`SE05x_Result_t`). | +- * +------------+--------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-----------------------------+--------------------------------------+ +- * | SW | Description | +- * +=============================+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-----------------------------+--------------------------------------+ +- * | SW_CONDITIONS_NOT_SATISFIED | Incorrect data | +- * +-----------------------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] edSignAlgo edSignAlgo [2:kSE05x_TAG_2] +- * @param[in] inputData inputData [3:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[in] signature signature [4:kSE05x_TAG_5] +- * @param[in] signatureLen Length of signature +- * @param[out] presult [0:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_EdDSAVerify(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_EDSignatureAlgo_t edSignAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *signature, +- size_t signatureLen, +- SE05x_Result_t *presult); +- +-/** Se05x_API_ECDHGenerateSharedSecret +- * +- * The ECDHGenerateSharedSecret command generates a shared secret ECC point on +- * the curve using an EC private key on SE05X and an external public key provided +- * by the caller. The output shared secret is returned to the caller. +- * +- * All curves from ECCurve are supported, except ECC_ED_25519. +- * +- * Note that ECDHGenerateSharedSecret commands with EC keys using curve +- * ID_ECC_MONT_DH_25519 or ID_ECC_MONT_DH_448 cause NVM write operations for each +- * call. This is not the case for the other curves. +- * +- * When CONFIG_FIPS_MODE_DISABLED is not set, this function will always return +- * SW_CONDTIONS_NOT_SATISFIED. +- * +- * The shared secret can only be received when the Secure Object containing the +- * key pair or private key (TLV[TAG_1]) does not contain the policy +- * POLICY_OBJ_FORBID_DERIVED_OUTPUT. If that is the case, the user must provide +- * TLV[TAG_7} to store the shared secret in an HMACKey object. The user is +- * responsible to assign the correct size of the HMACKey object: this must equal +- * the size of the shared secret exactly. +- * +- * On applet 4.4.0, the policy POLICY_OBJ_FORBID_DERIVED_OUTPUT is not yet +- * verified for this function. It will always be allowed. +- * +- * # Command to Applet +- * +- * @rst +- * +------------+------------------------------+----------------------------------------------+ +- * | Field | Value | Description | +- * +============+==============================+==============================================+ +- * | CLA | 0x80 | | +- * +------------+------------------------------+----------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +------------+------------------------------+----------------------------------------------+ +- * | P1 | P1_EC | See :cpp:type:`SE05x_P1_t` | +- * +------------+------------------------------+----------------------------------------------+ +- * | P2 | P2_DH | See :cpp:type:`SE05x_P2_t` | +- * +------------+------------------------------+----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +------------+------------------------------+----------------------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte identifier of the key pair or private | +- * | | | key. | +- * +------------+------------------------------+----------------------------------------------+ +- * | TLV[TAG_2] | External public key (see | | +- * | | :cpp:type:`ECKeyRef`). | | +- * +------------+------------------------------+----------------------------------------------+ +- * | TLV[TAG_7] | 4-byte HMACKey identifier to | | +- * | | store output. [Optional] | | +- * +------------+------------------------------+----------------------------------------------+ +- * | Le | 0x00 | Expected shared secret length. | +- * +------------+------------------------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+----------------------------------------------+ +- * | Value | Description | +- * +============+==============================================+ +- * | TLV[TAG_1] | The returned shared secret. [Conditional: | +- * | | only when the input does not contain | +- * | | TLV[TAG_7].} | +- * +------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] pubKey pubKey [2:kSE05x_TAG_2] +- * @param[in] pubKeyLen Length of pubKey +- * @param[out] sharedSecret [0:kSE05x_TAG_1] +- * @param[in,out] psharedSecretLen Length for sharedSecret +- */ +-smStatus_t Se05x_API_ECDHGenerateSharedSecret(pSe05xSession_t session_ctx, +- uint32_t objectID, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- uint8_t *sharedSecret, +- size_t *psharedSecretLen); +- +-/** Se05x_API_RSASign +- * +- * The RSASign command signs the input message using an RSA private key. +- * +- * @rst +- * +----------------------+-------+----------------------------+ +- * | Name | Value | Description | +- * +======================+=======+============================+ +- * | RSA_SHA1_PKCS1_PSS | 0x15 | RFC8017: RSASSA-PSS | +- * +----------------------+-------+----------------------------+ +- * | RSA_SHA224_PKCS1_PSS | 0x2B | RFC8017: RSASSA-PSS | +- * +----------------------+-------+----------------------------+ +- * | RSA_SHA256_PKCS1_PSS | 0x2C | RFC8017: RSASSA-PSS | +- * +----------------------+-------+----------------------------+ +- * | RSA_SHA384_PKCS1_PSS | 0x2D | RFC8017: RSASSA-PSS | +- * +----------------------+-------+----------------------------+ +- * | RSA_SHA512_PKCS1_PSS | 0x2E | RFC8017: RSASSA-PSS | +- * +----------------------+-------+----------------------------+ +- * | RSA_SHA1_PKCS1 | 0x0A | RFC8017: RSASSA-PKCS1-v1_5 | +- * +----------------------+-------+----------------------------+ +- * | RSA_SHA_224_PKCS1 | 0x27 | RFC8017: RSASSA-PKCS1-v1_5 | +- * +----------------------+-------+----------------------------+ +- * | RSA_SHA_256_PKCS1 | 0x28 | RFC8017: RSASSA-PKCS1-v1_5 | +- * +----------------------+-------+----------------------------+ +- * | RSA_SHA_384_PKCS1 | 0x29 | RFC8017: RSASSA-PKCS1-v1_5 | +- * +----------------------+-------+----------------------------+ +- * | RSA_SHA_512_PKCS1 | 0x2A | RFC8017: RSASSA-PKCS1-v1_5 | +- * +----------------------+-------+----------------------------+ +- * @endrst +- * +- * # Command to Applet +- * +- * @rst +- * +-------+--------------+----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+==============+==============================================+ +- * | CLA | 0x80 | | +- * +-------+--------------+----------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+--------------+----------------------------------------------+ +- * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | +- * +-------+--------------+----------------------------------------------+ +- * | P2 | P2_SIGN | See :cpp:type:`SE05x_P2_t` | +- * +-------+--------------+----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+--------------+----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte identifier of the key pair or private | +- * | | | key. | +- * +-------+--------------+----------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSASignAlgo_t` | +- * +-------+--------------+----------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing input data. | +- * +-------+--------------+----------------------------------------------+ +- * | Le | 0x00 | Expecting ASN.1 signature. | +- * +-------+--------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+--------------------------------+ +- * | Value | Description | +- * +============+================================+ +- * | TLV[TAG_1] | RSA signature in ASN.1 format. | +- * +------------+--------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] rsaSigningAlgo rsaSigningAlgo [2:kSE05x_TAG_2] +- * @param[in] inputData inputData [3:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[out] signature [0:kSE05x_TAG_1] +- * @param[in,out] psignatureLen Length for signature +- */ +-smStatus_t Se05x_API_RSASign(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_RSASignatureAlgo_t rsaSigningAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *signature, +- size_t *psignatureLen); +- +-/** Se05x_API_RSAVerify +- * +- * The RSAVerify command verifies the given signature and returns the result. +- * +- * The key cannot be passed externally to the command directly. In case users +- * want to use the command to verify signatures using different public keys or +- * the public key value regularly changes, the user should create a transient key +- * object to which the key value is written and then the identifier of that +- * transient secure object can be used by this RSAVerify command. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+--------------+---------------------------------------------+ +- * | Field | Value | Description | +- * +=========+==============+=============================================+ +- * | CLA | 0x80 | | +- * +---------+--------------+---------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +---------+--------------+---------------------------------------------+ +- * | P1 | P1_SIGNATURE | See :cpp:type:`SE05x_P1_t` | +- * +---------+--------------+---------------------------------------------+ +- * | P2 | P2_VERIFY | See :cpp:type:`SE05x_P2_t` | +- * +---------+--------------+---------------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+--------------+---------------------------------------------+ +- * | Payload | | | +- * +---------+--------------+---------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte identifier of the key pair or public | +- * | | | key. | +- * +---------+--------------+---------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSASignAlgo_t` | +- * +---------+--------------+---------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing data to be verified. | +- * +---------+--------------+---------------------------------------------+ +- * | | TLV[TAG_5] | Byte array containing ASN.1 signature. | +- * +---------+--------------+---------------------------------------------+ +- * | Le | 0x03 | Expecting Result in TLV | +- * +---------+--------------+---------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+------------------------------------------+ +- * | Value | Description | +- * +============+==========================================+ +- * | TLV[TAG_1] | :cpp:type:`SE05x_Result_t`: Verification | +- * | | result | +- * +------------+------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] rsaSigningAlgo rsaSigningAlgo [2:kSE05x_TAG_2] +- * @param[in] inputData inputData [3:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[in] signature signature [4:kSE05x_TAG_5] +- * @param[in] signatureLen Length of signature +- * @param[out] presult [0:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_RSAVerify(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_RSASignatureAlgo_t rsaSigningAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *signature, +- size_t signatureLen, +- SE05x_Result_t *presult); +- +-/** Se05x_API_RSAEncrypt +- * +- * The RSAEncrypt command encrypts data. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+--------------------+----------------------------------------------+ +- * | Field | Value | Description | +- * +=========+====================+==============================================+ +- * | CLA | 0x80 | | +- * +---------+--------------------+----------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +---------+--------------------+----------------------------------------------+ +- * | P1 | P1_RSA | See :cpp:type:`SE05x_P1_t` | +- * +---------+--------------------+----------------------------------------------+ +- * | P2 | P2_ENCRYPT_ONESHOT | See :cpp:type:`SE05x_P2_t` | +- * +---------+--------------------+----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+--------------------+----------------------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte identifier of the key pair or public | +- * | | | key. | +- * +---------+--------------------+----------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSAEncryptionAlgo_t` | +- * +---------+--------------------+----------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing data to be encrypted. | +- * +---------+--------------------+----------------------------------------------+ +- * | Le | 0x00 | Expected TLV with encrypted data. | +- * +---------+--------------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+----------------+ +- * | Value | Description | +- * +============+================+ +- * | TLV[TAG_1] | Encrypted data | +- * +------------+----------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] rsaEncryptionAlgo rsaEncryptionAlgo [2:kSE05x_TAG_2] +- * @param[in] inputData inputData [3:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[out] encryptedData [0:kSE05x_TAG_1] +- * @param[in,out] pencryptedDataLen Length for encryptedData +- */ +-smStatus_t Se05x_API_RSAEncrypt(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *encryptedData, +- size_t *pencryptedDataLen); +- +-/** Se05x_API_RSADecrypt +- * +- * The RSADecrypt command decrypts data. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +---------+--------------------+----------------------------------------------+ +- * | Field | Value | Description | +- * +=========+====================+==============================================+ +- * | CLA | 0x80 | | +- * +---------+--------------------+----------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +---------+--------------------+----------------------------------------------+ +- * | P1 | P1_RSA | See :cpp:type:`SE05x_P1_t` | +- * +---------+--------------------+----------------------------------------------+ +- * | P2 | P2_DECRYPT_ONESHOT | See :cpp:type:`SE05x_P2_t` | +- * +---------+--------------------+----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+--------------------+----------------------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte identifier of the key pair or private | +- * | | | key. | +- * +---------+--------------------+----------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_RSAEncryptionAlgo_t` | +- * +---------+--------------------+----------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing data to be decrypted. | +- * +---------+--------------------+----------------------------------------------+ +- * | Le | 0x00 | Expected TLV with decrypted data. | +- * +---------+--------------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+----------------+ +- * | Value | Description | +- * +============+================+ +- * | TLV[TAG_1] | Encrypted data | +- * +------------+----------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] rsaEncryptionAlgo rsaEncryptionAlgo [2:kSE05x_TAG_2] +- * @param[in] inputData inputData [3:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[out] decryptedData [0:kSE05x_TAG_1] +- * @param[in,out] pdecryptedDataLen Length for decryptedData +- */ +-smStatus_t Se05x_API_RSADecrypt(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *decryptedData, +- size_t *pdecryptedDataLen); +- +-/** Se05x_API_CipherInit +- * +- * Initialize a symmetric encryption or decryption. The Crypto Object keeps the +- * state of the cipher operation until it's finalized or deleted. Once the +- * CipherFinal function is executed successfully, the Crypto Object state returns +- * to the state immediately after the previous CipherInit function. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+--------------------------+--------------------------------------------+ +- * | Field | Value | Description | +- * +=========+==========================+============================================+ +- * | CLA | 0x80 | | +- * +---------+--------------------------+--------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +---------+--------------------------+--------------------------------------------+ +- * | P1 | P1_CIPHER | See :cpp:type:`SE05x_P1_t` | +- * +---------+--------------------------+--------------------------------------------+ +- * | P2 | P2_ENCRYPT or P2_DECRYPT | See :cpp:type:`SE05x_P2_t` | +- * +---------+--------------------------+--------------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+--------------------------+--------------------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte identifier of the key object. | +- * +---------+--------------------------+--------------------------------------------+ +- * | | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +---------+--------------------------+--------------------------------------------+ +- * | | TLV[TAG_4] | Initialization Vector [Optional] | +- * | | | [Conditional: only when the Crypto Object | +- * | | | type equals CC_CIPHER and subtype is not | +- * | | | including ECB] | +- * +---------+--------------------------+--------------------------------------------+ +- * | Le | - | | +- * +---------+--------------------------+--------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] cryptoObjectID cryptoObjectID [2:kSE05x_TAG_2] +- * @param[in] IV IV [3:kSE05x_TAG_4] +- * @param[in] IVLen Length of IV +- * @param[in] operation See @ref SE05x_Cipher_Oper_t +- */ +-smStatus_t Se05x_API_CipherInit(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *IV, +- size_t IVLen, +- const SE05x_Cipher_Oper_t operation); +- +-/** Se05x_API_CipherUpdate +- * +- * Update a cipher context. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +------------+----------------------------------+---------------------------------+ +- * | Field | Value | Description | +- * +============+==================================+=================================+ +- * | CLA | 0x80 | | +- * +------------+----------------------------------+---------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +------------+----------------------------------+---------------------------------+ +- * | P1 | P1_CIPHER | See :cpp:type:`SE05x_P1_t` | +- * +------------+----------------------------------+---------------------------------+ +- * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | +- * +------------+----------------------------------+---------------------------------+ +- * | Lc | #(Payload) | | +- * +------------+----------------------------------+---------------------------------+ +- * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +------------+----------------------------------+---------------------------------+ +- * | TLV[TAG_3] | Byte array containing input data | | +- * +------------+----------------------------------+---------------------------------+ +- * | Le | 0x00 | Expecting returned data. | +- * +------------+----------------------------------+---------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-------------+ +- * | Value | Description | +- * +============+=============+ +- * | TLV[TAG_1] | Output data | +- * +------------+-------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] +- * @param[in] inputData inputData [2:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[out] outputData [0:kSE05x_TAG_1] +- * @param[in,out] poutputDataLen Length for outputData +- */ +-smStatus_t Se05x_API_CipherUpdate(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *outputData, +- size_t *poutputDataLen); +- +-/** Se05x_API_CipherFinal +- * +- * Finish a sequence of cipher operations. +- * +- * # Command to Applet +- * +- * @rst +- * +------------+------------+---------------------------------+ +- * | Field | Value | Description | +- * +============+============+=================================+ +- * | CLA | 0x80 | | +- * +------------+------------+---------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +------------+------------+---------------------------------+ +- * | P1 | P1_CIPHER | See :cpp:type:`SE05x_P1_t` | +- * +------------+------------+---------------------------------+ +- * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | +- * +------------+------------+---------------------------------+ +- * | Lc | #(Payload) | | +- * +------------+------------+---------------------------------+ +- * | Payload | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +------------+------------+---------------------------------+ +- * | TLV[TAG_3] | Input data | | +- * +------------+------------+---------------------------------+ +- * | Le | 0x00 | Expected returned data. | +- * +------------+------------+---------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-------------+ +- * | Value | Description | +- * +============+=============+ +- * | TLV[TAG_1] | Output data | +- * +------------+-------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] +- * @param[in] inputData inputData [2:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[out] outputData [0:kSE05x_TAG_1] +- * @param[in,out] poutputDataLen Length for outputData +- */ +-smStatus_t Se05x_API_CipherFinal(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *outputData, +- size_t *poutputDataLen); +- +-/** +- * @brief Se05x_API_CipherOneShot +- * +- * Encrypt or decrypt data in one shot mode. +- * +- * The key object must be either an AES key or DES key. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+-----------------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +=========+=======================+================================================+ +- * | CLA | 0x80 | | +- * +---------+-----------------------+------------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +---------+-----------------------+------------------------------------------------+ +- * | P1 | P1_CIPHER | See :cpp:type:`SE05x_P1_t` | +- * +---------+-----------------------+------------------------------------------------+ +- * | P2 | P2_ENCRYPT_ONESHOT or | See :cpp:type:`SE05x_P2_t` | +- * | | P2_DECRYPT_ONESHOT | | +- * +---------+-----------------------+------------------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+-----------------------+------------------------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte identifier of the key object. | +- * +---------+-----------------------+------------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte CipherMode | +- * +---------+-----------------------+------------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing input data. | +- * +---------+-----------------------+------------------------------------------------+ +- * | | TLV[TAG_4] | Byte array containing an initialization | +- * | | | vector. [Optional] [Conditional: only when | +- * | | | the Crypto Object type equals CC_CIPHER and | +- * | | | subtype is not including ECB] | +- * +---------+-----------------------+------------------------------------------------+ +- * | Le | 0x00 | Expecting return data. | +- * +---------+-----------------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-------------+ +- * | Value | Description | +- * +============+=============+ +- * | TLV[TAG_1] | Output data | +- * +------------+-------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] objectID The object id +- * @param[in] cipherMode The cipher mode +- * @param[in] inputData The input data +- * @param[in] inputDataLen The input data length +- * @param[in] IV Initial vector +- * @param[in] IVLen The iv length +- * @param outputData The output data +- * @param poutputDataLen The poutput data length +- * @param[in] operation The operation +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_CipherOneShot(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_CipherMode_t cipherMode, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *IV, +- size_t IVLen, +- uint8_t *outputData, +- size_t *poutputDataLen, +- const SE05x_Cipher_Oper_OneShot_t operation); +- +-/** Se05x_API_MACInit +- * +- * Initiate a MAC operation. The state of the MAC operation is kept in the Crypto +- * Object until it's finalized or deleted. +- * +- * The 4-byte identifier of the key must refer to an AESKey, DESKey or HMACKey. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +---------+----------------------------+-----------------------------------+ +- * | Field | Value | Description | +- * +=========+============================+===================================+ +- * | CLA | 0x80 | | +- * +---------+----------------------------+-----------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +---------+----------------------------+-----------------------------------+ +- * | P1 | P1_MAC | See :cpp:type:`SE05x_P1_t` | +- * +---------+----------------------------+-----------------------------------+ +- * | P2 | P2_GENERATE or P2_VALIDATE | See :cpp:type:`SE05x_P2_t` | +- * +---------+----------------------------+-----------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+----------------------------+-----------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte identifier of the MAC key. | +- * +---------+----------------------------+-----------------------------------+ +- * | | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +---------+----------------------------+-----------------------------------+ +- * | Le | 0x00 | | +- * +---------+----------------------------+-----------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] cryptoObjectID cryptoObjectID [2:kSE05x_TAG_2] +- * @param[in] mac_oper The Operation +- */ +-smStatus_t Se05x_API_MACInit(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const SE05x_Mac_Oper_t mac_oper); +- +-/** Se05x_API_MACUpdate +- * +- * Update MAC +- * +- * # Command to Applet +- * +- * @rst +- * +---------+------------+-------------------------------------------+ +- * | Field | Value | Description | +- * +=========+============+===========================================+ +- * | CLA | 0x80 | | +- * +---------+------------+-------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +---------+------------+-------------------------------------------+ +- * | P1 | P1_MAC | See :cpp:type:`SE05x_P1_t` | +- * +---------+------------+-------------------------------------------+ +- * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | +- * +---------+------------+-------------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+------------+-------------------------------------------+ +- * | Payload | TLV[TAG_1] | Byte array containing data to be taken as | +- * | | | input to MAC. | +- * +---------+------------+-------------------------------------------+ +- * | | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +---------+------------+-------------------------------------------+ +- * | Le | - | | +- * +---------+------------+-------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] inputData inputData [1:kSE05x_TAG_1] +- * @param[in] inputDataLen Length of inputData +- * @param[in] cryptoObjectID cryptoObjectID [2:kSE05x_TAG_2] +- */ +-smStatus_t Se05x_API_MACUpdate( +- pSe05xSession_t session_ctx, const uint8_t *inputData, size_t inputDataLen, SE05x_CryptoObjectID_t cryptoObjectID); +- +-/** Se05x_API_MACFinal +- * +- * # Command to Applet +- * +- * @rst +- * +---------+------------+--------------------------------------------+ +- * | Field | Value | Description | +- * +=========+============+============================================+ +- * | CLA | 0x80 | | +- * +---------+------------+--------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +---------+------------+--------------------------------------------+ +- * | P1 | P1_MAC | See :cpp:type:`SE05x_P1_t` | +- * +---------+------------+--------------------------------------------+ +- * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | +- * +---------+------------+--------------------------------------------+ +- * | Payload | TLV[TAG_1] | Byte array containing data to be taken as | +- * | | | input to MAC. | +- * +---------+------------+--------------------------------------------+ +- * | | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +---------+------------+--------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing MAC to validate. | +- * | | | [Conditional: only applicable the crypto | +- * | | | object is set for validating (MACInit P2 = | +- * | | | P2_VALIDATE)] | +- * +---------+------------+--------------------------------------------+ +- * | Le | 0x00 | Expecting MAC or result. | +- * +---------+------------+--------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-----------------------------------------------+ +- * | Value | Description | +- * +============+===============================================+ +- * | TLV[TAG_1] | MAC value (when MACInit had P2 = P2_GENERATE) | +- * | | or :cpp:type:`SE05x_Result_t` (when MACInit | +- * | | had P2 = P2_VERIFY). | +- * +------------+-----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] inputData inputData [1:kSE05x_TAG_1] +- * @param[in] inputDataLen Length of inputData +- * @param[in] cryptoObjectID cryptoObjectID [2:kSE05x_TAG_2] +- * @param[in] macValidateData macValidateData [3:kSE05x_TAG_3] +- * @param[in] macValidateDataLen Length of macValidateData +- * @param[out] macValue [0:kSE05x_TAG_1] +- * @param[in,out] pmacValueLen Length for macValue +- */ +-smStatus_t Se05x_API_MACFinal(pSe05xSession_t session_ctx, +- const uint8_t *inputData, +- size_t inputDataLen, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *macValidateData, +- size_t macValidateDataLen, +- uint8_t *macValue, +- size_t *pmacValueLen); +- +-/** Se05x_API_MACOneShot_G +- * +- * Generate. See @ref Se05x_API_MACOneShot_V for Verfiication. +- * +- * Performs a MAC operation in one shot (without keeping state). +- * +- * The 4-byte identifier of the key must refer to an AESKey, DESKey or HMACKey. +- * +- * # Command to Applet +- * +- * @rst +- * +---------+------------------------+---------------------------------------------+ +- * | Field | Value | Description | +- * +=========+========================+=============================================+ +- * | CLA | 0x80 | | +- * +---------+------------------------+---------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +---------+------------------------+---------------------------------------------+ +- * | P1 | P1_MAC | See :cpp:type:`SE05x_P1_t` | +- * +---------+------------------------+---------------------------------------------+ +- * | P2 | P2_GENERATE_ONESHOT or | See :cpp:type:`SE05x_P2_t` | +- * | | P2_VALIDATE_ONESHOT | | +- * +---------+------------------------+---------------------------------------------+ +- * | Lc | #(Payload) | | +- * +---------+------------------------+---------------------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte identifier of the key object. | +- * +---------+------------------------+---------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte :cpp:type:`MACAlgoRef` | +- * +---------+------------------------+---------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing data to be taken as | +- * | | | input to MAC. | +- * +---------+------------------------+---------------------------------------------+ +- * | | TLV[TAG_5] | MAC to verify (when P2=P2_VALIDATE_ONESHOT) | +- * +---------+------------------------+---------------------------------------------+ +- * | Le | 0x00 | Expecting MAC or Result. | +- * +---------+------------------------+---------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+---------------------------------------+ +- * | Value | Description | +- * +============+=======================================+ +- * | TLV[TAG_1] | MAC value (P2=P2_GENERATE_ONESHOT) or | +- * | | :cpp:type:`SE05x_Result_t` (when | +- * | | p2=P2_VALIDATE_ONESHOT). | +- * +------------+---------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] macOperation macOperation [2:kSE05x_TAG_2] +- * @param[in] inputData inputData [3:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[out] macValue [0:kSE05x_TAG_1] +- * @param[in,out] pmacValueLen Length for macValue +- */ +-smStatus_t Se05x_API_MACOneShot_G(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint8_t macOperation, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *macValue, +- size_t *pmacValueLen); +- +-/** Se05x_API_MACOneShot_V +- * +- * Validate. See @ref Se05x_API_MACOneShot_G for Generation. +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] macOperation macOperation [2:kSE05x_TAG_2] +- * @param[in] inputData inputData [3:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[in] MAC MAC to verify (when P2=P2_VALIDATE_ONESHOT) [4:kSE05x_TAG_5] +- * @param[in] MACLen Length of MAC +- * @param[out] macValue [0:kSE05x_TAG_1] +- * @param[in,out] pmacValueLen Length for macValue +- */ +-smStatus_t Se05x_API_MACOneShot_V(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint8_t macOperation, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *MAC, +- size_t MACLen, +- uint8_t *macValue, +- size_t *pmacValueLen); +- +-/** Se05x_API_HKDF +- * +- * Note that this KDF is equal to the KDF in Feedback Mode described in [NIST +- * SP800-108] with the PRF being HMAC with SHA256 and with an 8-bit counter at +- * the end of the iteration variable. +- * +- * The full HKDF algorithm is executed, i.e. Extract-And-Expand. +- * +- * The caller must provide a salt length (0 up to 64 bytes). If salt length +- * equals 0 or salt is not provided as input, the default salt will be used. +- * +- * The output of the HKDF functions can be either: +- * +- * * send back to the caller => _precondition_ : none of the input Secure Objects -if present- shall have a policy POLICY_OBJ_FORBID_DERIVED_OUTPUT set. +- * +- * * be stored in a Secure Object => _precondition_ : the Secure Object must be created upfront and the size must exactly match the expected length. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +------------+--------------------------------+-----------------------------------+ +- * | Field | Value | Description | +- * +============+================================+===================================+ +- * | CLA | 0x80 | | +- * +------------+--------------------------------+-----------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +------------+--------------------------------+-----------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +------------+--------------------------------+-----------------------------------+ +- * | P2 | P2_HKDF | See :cpp:type:`SE05x_P2_t` | +- * +------------+--------------------------------+-----------------------------------+ +- * | Lc | #(Payload) | | +- * +------------+--------------------------------+-----------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte HMACKey identifier (= IKM) | +- * +------------+--------------------------------+-----------------------------------+ +- * | TLV[TAG_2] | 1-byte DigestMode (except | | +- * | | DIGEST_NO_HASH) | | +- * +------------+--------------------------------+-----------------------------------+ +- * | TLV[TAG_3] | Byte array (0-64 bytes) | | +- * | | containing salt. [Optional] | | +- * | | [Conditional: only when | | +- * | | TLV[TAG_6] is absent.] | | +- * +------------+--------------------------------+-----------------------------------+ +- * | TLV[TAG_4] | Info: The context and | | +- * | | information to apply (1 to 80 | | +- * | | bytes). [Optional] | | +- * +------------+--------------------------------+-----------------------------------+ +- * | TLV[TAG_5] | 2-byte requested length (L): 1 | | +- * | | up to MAX_APDU_PAYLOAD_LENGTH | | +- * +------------+--------------------------------+-----------------------------------+ +- * | TLV[TAG_6] | 4-byte HMACKey identifier | | +- * | | containing salt. [Optional] | | +- * | | [Conditional: only when | | +- * | | TLV[TAG_3] is absent] | | +- * +------------+--------------------------------+-----------------------------------+ +- * | TLV[TAG_7] | 4-byte HMACKey identifier to | | +- * | | store output. [Optional] | | +- * +------------+--------------------------------+-----------------------------------+ +- * | Le | 0x00 | | +- * +------------+--------------------------------+-----------------------------------+ +- * @endrst +- * +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+--------------------------------------------+ +- * | Value | Description | +- * +============+============================================+ +- * | TLV[TAG_1] | HKDF output. [Conditional: only when the | +- * | | input does not contain TLV[TAG-7]] | +- * +------------+--------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+------------------------------------+ +- * | SW | Description | +- * +=============+====================================+ +- * | SW_NO_ERROR | The HKDF is executed successfully. | +- * +-------------+------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] hmacID hmacID [1:kSE05x_TAG_1] +- * @param[in] digestMode digestMode [2:kSE05x_TAG_2] +- * @param[in] salt salt [3:kSE05x_TAG_3] +- * @param[in] saltLen Length of salt +- * @param[in] info info [4:kSE05x_TAG_4] +- * @param[in] infoLen Length of info +- * @param[in] deriveDataLen 2-byte requested length (L) [5:kSE05x_TAG_5] +- * @param[out] hkdfOuput [0:kSE05x_TAG_1] +- * @param[in,out] phkdfOuputLen Length for hkdfOuput +- */ +-smStatus_t Se05x_API_HKDF(pSe05xSession_t session_ctx, +- uint32_t hmacID, +- SE05x_DigestMode_t digestMode, +- const uint8_t *salt, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- uint16_t deriveDataLen, +- uint8_t *hkdfOuput, +- size_t *phkdfOuputLen); +- +-/** Se05x_API_HKDF_Extended +- * +- * Only step 2 of the algorithm is executed, i.e. Expand only. +- * +- * Using an IV as input parameter results in a FIPS compliant SP800-108 KDF in +- * Feedback Mode where K[0] is the provided IV. This KDF is then using a 8-bit +- * counter, AFTER_FIXED counter location. +- * +- * # Command to Applet +- * +- * @rst +- * +------------+--------------------------------+-----------------------------------+ +- * | Field | Value | Description | +- * +============+================================+===================================+ +- * | CLA | 0x80 | | +- * +------------+--------------------------------+-----------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +------------+--------------------------------+-----------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +------------+--------------------------------+-----------------------------------+ +- * | P2 | P2_HKDF_EXPAND_ONLY | See :cpp:type:`SE05x_P2_t` | +- * +------------+--------------------------------+-----------------------------------+ +- * | Lc | #(Payload) | | +- * +------------+--------------------------------+-----------------------------------+ +- * | Payload | TLV[TAG_1] | 4-byte HMACKey identifier (= PRK) | +- * +------------+--------------------------------+-----------------------------------+ +- * | TLV[TAG_2] | 1-byte DigestMode (except | | +- * | | DIGEST_NO_HASH) | | +- * +------------+--------------------------------+-----------------------------------+ +- * | TLV[TAG_3] | Byte array (0-64 bytes) | | +- * | | containing IV. [Optional] | | +- * | | [Conditional: only when | | +- * | | TLV[TAG_6] is absent.] | | +- * +------------+--------------------------------+-----------------------------------+ +- * | TLV[TAG_4] | Info: The context and | | +- * | | information to apply (1 to 80 | | +- * | | bytes). [Optional] | | +- * +------------+--------------------------------+-----------------------------------+ +- * | TLV[TAG_5] | 2-byte requested length (L): 1 | | +- * | | up to MAX_APDU_PAYLOAD_LENGTH | | +- * +------------+--------------------------------+-----------------------------------+ +- * | TLV[TAG_6] | 4-byte HMACKey identifier | | +- * | | containing IV. [Optional] | | +- * | | [Conditional: only when | | +- * | | TLV[TAG_3] is absent] | | +- * +------------+--------------------------------+-----------------------------------+ +- * | TLV[TAG_7] | 4-byte HMACKey identifier to | | +- * | | store output. [Optional] | | +- * +------------+--------------------------------+-----------------------------------+ +- * | Le | 0x00 | | +- * +------------+--------------------------------+-----------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+--------------------------------------------+ +- * | Value | Description | +- * +============+============================================+ +- * | TLV[TAG_1] | HKDF output. [Conditional: only when the | +- * | | input does not contain TLV[TAG-7]] | +- * +------------+--------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+------------------------------------+ +- * | SW | Description | +- * +=============+====================================+ +- * | SW_NO_ERROR | The HKDF is executed successfully. | +- * +-------------+------------------------------------+ +- * +- * +- */ +-smStatus_t Se05x_API_HKDF_Extended(pSe05xSession_t session_ctx, +- uint32_t hmacID, +- SE05x_DigestMode_t digestMode, +- SE05x_HkdfMode_t hkdfMode, +- const uint8_t *salt, +- size_t saltLen, +- uint32_t saltID, +- const uint8_t *info, +- size_t infoLen, +- uint32_t derivedKeyID, +- uint16_t deriveDataLen, +- uint8_t *hkdfOuput, +- size_t *phkdfOuputLen); +- +-/** Se05x_API_PBKDF2 +- * +- * Password Based Key Derivation Function 2 (PBKDF2) according [RFC8018]. +- * +- * The password is an input to the KDF and must be stored inside the . +- * +- * The output is returned to the host. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+============+==============================================+ +- * | CLA | 0x80 | | +- * +-------+------------+----------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+------------+----------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+----------------------------------------------+ +- * | P2 | P2_PBKDF | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte password identifier (object type must | +- * | | | be HMACKey) | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_2] | Salt (0 to 64 bytes) [Optional] | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_3] | 2-byte Iteration count: 1 up to 0x7FFF. | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_4] | 2-byte Requested length: 1 up to 512 bytes. | +- * +-------+------------+----------------------------------------------+ +- * | Le | 0x00 | Expecting derived key material. | +- * +-------+------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-------------------------------------+ +- * | Value | Description | +- * +============+=====================================+ +- * | TLV[TAG_1] | Derived key material (session key). | +- * +------------+-------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID 4-byte password identifier (object type must be HMACKey) [1:kSE05x_TAG_1] +- * @param[in] salt salt [2:kSE05x_TAG_2] +- * @param[in] saltLen Length of salt +- * @param[in] count count [3:kSE05x_TAG_3] +- * @param[in] requestedLen requestedLen [4:kSE05x_TAG_4] +- * @param[out] derivedSessionKey [0:kSE05x_TAG_1] +- * @param[in,out] pderivedSessionKeyLen Length for derivedSessionKey +- */ +-smStatus_t Se05x_API_PBKDF2(pSe05xSession_t session_ctx, +- uint32_t objectID, +- const uint8_t *salt, +- size_t saltLen, +- uint16_t count, +- uint16_t requestedLen, +- uint8_t *derivedSessionKey, +- size_t *pderivedSessionKeyLen); +- +-/** Se05x_API_DFDiversifyKey +- * +- * +- * Create a Diversified Key. Input is _divInput_ 1 up to 31 bytes. +- * +- * Note that users need to create the diversified key object before calling this +- * function. +- * +- * Both the master key and the diversified key need the policy +- * POLICY_OBJ_ALLOW_DESFIRE_AUTHENTICATION to be set. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+--------------+------------------------------------------+ +- * | Field | Value | Description | +- * +=======+==============+==========================================+ +- * | CLA | 0x80 | | +- * +-------+--------------+------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+--------------+------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+--------------+------------------------------------------+ +- * | P2 | P2_DIVERSIFY | See :cpp:type:`SE05x_P2_t` | +- * +-------+--------------+------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+--------------+------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte master key identifier. | +- * +-------+--------------+------------------------------------------+ +- * | | TLV[TAG_2] | 4-byte diversified key identifier. | +- * +-------+--------------+------------------------------------------+ +- * | | TLV[TAG_3] | Byte array containing divInput (up to 31 | +- * | | | bytes). | +- * +-------+--------------+------------------------------------------+ +- * | Le | | | +- * +-------+--------------+------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-----------------------------+--------------------------------------+ +- * | SW | Description | +- * +=============================+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-----------------------------+--------------------------------------+ +- * | SW_CONDITIONS_NOT_SATISFIED | No master key found. | +- * +-----------------------------+--------------------------------------+ +- * | | Wrong length for divInput. | +- * +-----------------------------+--------------------------------------+ +- * @endrst +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] masterKeyID masterKeyID [1:kSE05x_TAG_1] +- * @param[in] diversifiedKeyID diversifiedKeyID [2:kSE05x_TAG_2] +- * @param[in] divInputData divInputData [3:kSE05x_TAG_3] +- * @param[in] divInputDataLen Length of divInputData +- */ +-smStatus_t Se05x_API_DFDiversifyKey(pSe05xSession_t session_ctx, +- uint32_t masterKeyID, +- uint32_t diversifiedKeyID, +- const uint8_t *divInputData, +- size_t divInputDataLen); +- +-/** Se05x_API_DFAuthenticateFirstPart1 +- * +- * MIFARE DESFire support +- * +- * MIFARE DESFire EV2 Key derivation (S-mode). This is limited to AES128 keys +- * only. +- * +- * The SE05X can be used by a card reader to setup a session where the SE05X +- * stores the master key(s) and the session keys are generated and passed to the +- * host. +- * +- * The SE05X keeps an internal state of MIFARE DESFire authentication data during +- * authentication setup. This state is fully transient, so it is lost on deselect +- * of the applet. +- * +- * The MIFARE DESFire state is owned by 1 user at a time; i.e., the user who +- * calls DFAuthenticateFirstPart1 owns the MIFARE DESFire context until +- * DFAuthenticateFirstPart1 is called again or until DFKillAuthentication is +- * called. +- * +- * The SE05X can also be used to support a ChangeKey command, either supporting +- * ChangeKey or ChangeKeyEV2. To establish a correct use case, policies need to +- * be applied to the keys to indicate keys can be used for ChangeKey or not, etc. +- * (to be detailed) +- * +- * # Command to Applet +- * +- * @rst +- * +-------+---------------------+----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+=====================+==============================================+ +- * | CLA | 0x80 | | +- * +-------+---------------------+----------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+---------------------+----------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+---------------------+----------------------------------------------+ +- * | P2 | P2_AUTH_FIRST_PART1 | See :cpp:type:`SE05x_P2_t` | +- * +-------+---------------------+----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+---------------------+----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte key identifier. | +- * +-------+---------------------+----------------------------------------------+ +- * | | TLV[TAG_2] | 16-byte encrypted card challenge: E(Kx,RndB) | +- * +-------+---------------------+----------------------------------------------+ +- * | Le | 0x00 | | +- * +-------+---------------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+---------------------------------------------+ +- * | Value | Description | +- * +============+=============================================+ +- * | TLV[TAG_1] | 32-byte output data: E(Kx, RandA || RandB') | +- * +------------+---------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] inputData inputData [2:kSE05x_TAG_2] +- * @param[in] inputDataLen Length of inputData +- * @param[out] outputData [0:kSE05x_TAG_1] +- * @param[in,out] poutputDataLen Length for outputData +- */ +-smStatus_t Se05x_API_DFAuthenticateFirstPart1(pSe05xSession_t session_ctx, +- uint32_t objectID, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *outputData, +- size_t *poutputDataLen); +- +-/** Se05x_API_DFAuthenticateNonFirstPart1 +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------------------+----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+========================+==============================================+ +- * | CLA | 0x80 | | +- * +-------+------------------------+----------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+------------------------+----------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------------------+----------------------------------------------+ +- * | P2 | P2_AUTH_NONFIRST_PART1 | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------------------+----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------------------+----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte key identifier. | +- * +-------+------------------------+----------------------------------------------+ +- * | | TLV[TAG_2] | 16-byte encrypted card challenge: E(Kx,RndB) | +- * +-------+------------------------+----------------------------------------------+ +- * | Le | 0x00 | | +- * +-------+------------------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+---------------------------------------------+ +- * | Value | Description | +- * +============+=============================================+ +- * | TLV[TAG_1] | 32-byte output data: E(Kx, RandA || RandB') | +- * +------------+---------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] objectID objectID [1:kSE05x_TAG_1] +- * @param[in] inputData inputData [2:kSE05x_TAG_2] +- * @param[in] inputDataLen Length of inputData +- * @param[out] outputData [0:kSE05x_TAG_1] +- * @param[in,out] poutputDataLen Length for outputData +- */ +-smStatus_t Se05x_API_DFAuthenticateNonFirstPart1(pSe05xSession_t session_ctx, +- uint32_t objectID, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *outputData, +- size_t *poutputDataLen); +- +-/** Se05x_API_DFAuthenticateFirstPart2 +- * +- * For First part 2, the key identifier is implicitly set to the identifier used +- * for the First authentication. DFAuthenticateFirstPart1 needs to be called +- * before; otherwise an error is returned. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+---------------------+------------------------------------+ +- * | Field | Value | Description | +- * +=======+=====================+====================================+ +- * | CLA | 0x80 | | +- * +-------+---------------------+------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+---------------------+------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+---------------------+------------------------------------+ +- * | P2 | P2_AUTH_FIRST_PART2 | See :cpp:type:`SE05x_P2_t` | +- * +-------+---------------------+------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+---------------------+------------------------------------+ +- * | | TLV[TAG_1] | 32 byte input: | +- * | | | E(Kx,TI||RndA'||PDcap2||PCDcap2) | +- * +-------+---------------------+------------------------------------+ +- * | Le | 0x00 | | +- * +-------+---------------------+------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+------------------------------------------+ +- * | Value | Description | +- * +============+==========================================+ +- * | TLV[TAG_1] | 12-byte array returning PDcap2||PCDcap2. | +- * +------------+------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-----------------------------+--------------------------------------+ +- * | SW | Description | +- * +=============================+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-----------------------------+--------------------------------------+ +- * | SW_WRONG_DATA | | +- * +-----------------------------+--------------------------------------+ +- * | SW_CONDITIONS_NOT_SATISFIED | | +- * +-----------------------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] inputData inputData [1:kSE05x_TAG_1] +- * @param[in] inputDataLen Length of inputData +- * @param[out] outputData [0:kSE05x_TAG_1] +- * @param[in,out] poutputDataLen Length for outputData +- */ +-smStatus_t Se05x_API_DFAuthenticateFirstPart2(pSe05xSession_t session_ctx, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *outputData, +- size_t *poutputDataLen); +- +-/** Se05x_API_DFAuthenticateNonFirstPart2 +- * +- * For NonFirst part 2, the key identifier is implicitly set to the identifier +- * used for the NonFirst part 1 authentication. DFAuthenticateNonFirstPart1 needs +- * to be called before; otherwise an error is returned. +- * +- * If authentication fails, SW_WRONG_DATA will be returned. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------------------+----------------------------+ +- * | Field | Value | Description | +- * +=======+========================+============================+ +- * | CLA | 0x80 | | +- * +-------+------------------------+----------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+------------------------+----------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------------------+----------------------------+ +- * | P2 | P2_AUTH_NONFIRST_PART2 | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------------------+----------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------------------+----------------------------+ +- * | | TLV[TAG_1] | 16-byte E(Kx, RndA') | +- * +-------+------------------------+----------------------------+ +- * | Le | 0x00 | | +- * +-------+------------------------+----------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] inputData inputData [1:kSE05x_TAG_1] +- * @param[in] inputDataLen Length of inputData +- */ +-smStatus_t Se05x_API_DFAuthenticateNonFirstPart2( +- pSe05xSession_t session_ctx, const uint8_t *inputData, size_t inputDataLen); +- +-/** Se05x_API_DFDumpSessionKeys +- * +- * Dump the Transaction Identifier and the session keys to the host. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+-------------+-----------------------------------+ +- * | Field | Value | Description | +- * +=======+=============+===================================+ +- * | CLA | 0x80 | | +- * +-------+-------------+-----------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+-------------+-----------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+-------------+-----------------------------------+ +- * | P2 | P2_DUMP_KEY | See :cpp:type:`SE05x_P2_t` | +- * +-------+-------------+-----------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+-------------+-----------------------------------+ +- * | Le | 0x28 | Expecting TLV with 38 bytes data. | +- * +-------+-------------+-----------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+--------------------------------------+ +- * | Value | Description | +- * +============+======================================+ +- * | TLV[TAG_1] | 38 bytes: KeyID.SesAuthENCKey || | +- * | | KeyID.SesAuthMACKey || TI || Cmd-Ctr | +- * +------------+--------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[out] sessionData 38 bytes: KeyID.SesAuthENCKey || KeyID.SesAuthMACKey || TI || Cmd-Ctr [0:kSE05x_TAG_1] +- * @param[in,out] psessionDataLen Length for sessionData +- */ +-smStatus_t Se05x_API_DFDumpSessionKeys(pSe05xSession_t session_ctx, uint8_t *sessionData, size_t *psessionDataLen); +- +-/** Se05x_API_DFChangeKeyPart1 +- * +- * +- * The DFChangeKeyPart1 command is supporting the function to change keys on the +- * DESFire PICC. The command generates the cryptogram required to perform such +- * operation. +- * +- * The new key and, if used, the current (or old) key must be stored in the SE05X +- * and have the POLICY_OBJ_ALLOW_DESFIRE_AUTHENTICATION associated to execute +- * this command. This means the new PICC key must have been loaded into the SE05X +- * prior to issuing this command. +- * +- * The 1-byte key set number indicates whether DESFire ChangeKey or DESFire +- * ChangeKeyEV2 is used. When key set equals 0xFF, ChangeKey is used. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+---------------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +=======+=====================+================================================+ +- * | CLA | 0x80 | | +- * +-------+---------------------+------------------------------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+---------------------+------------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+---------------------+------------------------------------------------+ +- * | P2 | P2_CHANGE_KEY_PART1 | See :cpp:type:`SE05x_P2_t` | +- * +-------+---------------------+------------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+---------------------+------------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte identifier of the old key. [Optional: | +- * | | | if the authentication key is the same as the | +- * | | | key to be replaced, this TAG should not be | +- * | | | present]. | +- * +-------+---------------------+------------------------------------------------+ +- * | | TLV[TAG_2] | 4-byte identifier of the new key. | +- * +-------+---------------------+------------------------------------------------+ +- * | | TLV[TAG_3] | 1-byte key set number [Optional: default = | +- * | | | 0xC6] | +- * +-------+---------------------+------------------------------------------------+ +- * | | TLV[TAG_4] | 1-byte DESFire key number to be targeted. | +- * +-------+---------------------+------------------------------------------------+ +- * | | TLV[TAG_5] | 1-byte key version | +- * +-------+---------------------+------------------------------------------------+ +- * | Le | 0x00 | | +- * +-------+---------------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-----------------------------+ +- * | Value | Description | +- * +============+=============================+ +- * | TLV[TAG_1] | Cryptogram holding key data | +- * +------------+-----------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] oldObjectID oldObjectID [1:kSE05x_TAG_1] +- * @param[in] newObjectID newObjectID [2:kSE05x_TAG_2] +- * @param[in] keySetNr keySetNr [3:kSE05x_TAG_3] +- * @param[in] keyNoDESFire keyNoDESFire [4:kSE05x_TAG_4] +- * @param[in] keyVer keyVer [5:kSE05x_TAG_5] +- * @param[out] KeyData [0:kSE05x_TAG_1] +- * @param[in,out] pKeyDataLen Length for KeyData +- */ +-smStatus_t Se05x_API_DFChangeKeyPart1(pSe05xSession_t session_ctx, +- uint32_t oldObjectID, +- uint32_t newObjectID, +- uint8_t keySetNr, +- uint8_t keyNoDESFire, +- uint8_t keyVer, +- uint8_t *KeyData, +- size_t *pKeyDataLen); +- +-/** Se05x_API_DFChangeKeyPart2 +- * +- * The DFChangeKeyPart2 command verifies the MAC returned by ChangeKey or +- * ChangeKeyEV2. Note that this function only needs to be called if a MAC is +- * returned (which is not the case if the currently authenticated key is changed +- * on the DESFire card). +- * +- * # Command to Applet +- * +- * @rst +- * +-------+---------------------+----------------------------+ +- * | Field | Value | Description | +- * +=======+=====================+============================+ +- * | CLA | 0x80 | | +- * +-------+---------------------+----------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+---------------------+----------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+---------------------+----------------------------+ +- * | P2 | P2_CHANGE_KEY_PART2 | See :cpp:type:`SE05x_P2_t` | +- * +-------+---------------------+----------------------------+ +- * | Lc | #(Payload) | | +- * +-------+---------------------+----------------------------+ +- * | | TLV[TAG_1] | MAC | +- * +-------+---------------------+----------------------------+ +- * | Le | 0x00 | | +- * +-------+---------------------+----------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-----------------------------------+ +- * | Value | Description | +- * +============+===================================+ +- * | TLV[TAG_1] | 1-byte :cpp:type:`SE05x_Result_t` | +- * +------------+-----------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] MAC MAC [1:kSE05x_TAG_1] +- * @param[in] MACLen Length of MAC +- * @param[out] presult [0:kSE05x_TAG_1] +- */ +-smStatus_t Se05x_API_DFChangeKeyPart2(pSe05xSession_t session_ctx, const uint8_t *MAC, size_t MACLen, uint8_t *presult); +- +-/** Se05x_API_DFKillAuthentication +- * +- * DFKillAuthentication invalidates any authentication and clears the internal +- * DESFire state. Keys used as input (master keys or diversified keys) are not +- * touched. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+--------------+----------------------------+ +- * | Field | Value | Description | +- * +=======+==============+============================+ +- * | CLA | 0x80 | | +- * +-------+--------------+----------------------------+ +- * | INS | INS_CRYPTO | :cpp:type:`SE05x_INS_t` | +- * +-------+--------------+----------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+--------------+----------------------------+ +- * | P2 | P2_KILL_AUTH | See :cpp:type:`SE05x_P2_t` | +- * +-------+--------------+----------------------------+ +- * | Lc | #(Payload) | | +- * +-------+--------------+----------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- */ +-smStatus_t Se05x_API_DFKillAuthentication(pSe05xSession_t session_ctx); +- +-/** Se05x_API_TLSGenerateRandom +- * +- * Generates a random that is stored in the SE05X and used by TLSPerformPRF. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+-----------------------------------+ +- * | Field | Value | Description | +- * +=======+============+===================================+ +- * | CLA | 0x80 | | +- * +-------+------------+-----------------------------------+ +- * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+-----------------------------------+ +- * | P1 | P1_TLS | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+-----------------------------------+ +- * | P2 | P2_RANDOM | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+-----------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+-----------------------------------+ +- * | Le | 0x22 | Expecting TLV with 32 bytes data. | +- * +-------+------------+-----------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+----------------------+ +- * | Value | Description | +- * +============+======================+ +- * | TLV[TAG_1] | 32-byte random value | +- * +------------+----------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[out] randomValue [0:kSE05x_TAG_1] +- * @param[in,out] prandomValueLen Length for randomValue +- */ +-smStatus_t Se05x_API_TLSGenerateRandom(pSe05xSession_t session_ctx, uint8_t *randomValue, size_t *prandomValueLen); +- +-/** Se05x_API_TLSCalculatePreMasterSecret +- * +- * The command TLSCalculatePreMasterSecret will compute the pre-master secret for +- * TLS according [RFC5246]. The pre-master secret will always be stored in an +- * HMACKey object (TLV[TAG_3]). The HMACKey object must be created before; +- * otherwise the calculation of the pre-master secret will fail. +- * +- * It can use one of these algorithms: - - - - +- * +- * * PSK Key Exchange algorithm as defined in [RFC4279] +- * +- * * RSA_PSK Key Exchange algorithm as defined in [RFC4279] +- * +- * * ECDHE_PSK Key Exchange algorithm as defined in [RFC5489] +- * +- * * EC Key Exchange algorithm as defined in [RFC4492] +- * +- * * RSA Key Exchange algorithm as defined in [RFC5246] +- * +- * +- * TLV[TAG_1] needs to be an (existing) HMACKey identifier containing the pre- +- * shared Key. +- * +- * Input data in TLV[TAG_4] are: +- * +- * * An EC public key when TLV[TAG_2] refers to an EC key pair. +- * +- * * An RSA encrypted secret when TLV[TAG_2] refers to an RSA key pair. +- * +- * * Empty when TLV[TAG_2] is absent or empty. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+============+==============================================+ +- * | CLA | 0x80 | | +- * +-------+------------+----------------------------------------------+ +- * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+----------------------------------------------+ +- * | P1 | P1_TLS | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+----------------------------------------------+ +- * | P2 | P2_PMS | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte PSK identifier referring to a 16, 32, | +- * | | | 48 or 64-byte Pre Shared Key. [Optional] | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_2] | 4-byte key pair identifier. [Optional] | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_3] | 4-byte target HMACKey identifier. | +- * +-------+------------+----------------------------------------------+ +- * | | TLV[TAG_4] | Byte array containing input data. | +- * +-------+------------+----------------------------------------------+ +- * | Le | - | | +- * +-------+------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] keyPairId keyPairId [1:kSE05x_TAG_1] +- * @param[in] pskId pskId [2:kSE05x_TAG_2] +- * @param[in] hmacKeyId hmacKeyId [3:kSE05x_TAG_3] +- * @param[in] inputData inputData [4:kSE05x_TAG_4] +- * @param[in] inputDataLen Length of inputData +- */ +-smStatus_t Se05x_API_TLSCalculatePreMasterSecret(pSe05xSession_t session_ctx, +- uint32_t keyPairId, +- uint32_t pskId, +- uint32_t hmacKeyId, +- const uint8_t *inputData, +- size_t inputDataLen); +- +-/** Se05x_API_TLSPerformPRF +- * +- * The command TLSPerformPRF will compute either: +- * +- * * the master secret for TLS according [RFC5246], section 8.1 +- * +- * * key expansion data from a master secret for TLS according [RFC5246], section 6.3 +- * +- * Each time before calling this function, TLSGenerateRandom must be called. +- * Executing this function will clear the random that is stored in the SE05X . +- * +- * The function can be called as client or as server and either using the pre- +- * master secret or master secret as input, stored in an HMACKey. The input +- * length must be either 16, 32, 48 or 64 bytes. +- * +- * This results in P2 having 4 possibilities: +- * +- * * P2_TLS_PRF_CLI_HELLO: pass the clientHelloRandom to calculate a master secret, the serverHelloRandom is in SE05X , generated by TLSGenerateRandom. +- * +- * * P2_TLS_PRF_SRV_HELLO: pass the serverHelloRandom to calculate a master secret, the clientHelloRandom is in SE05X , generated by TLSGenerateRandom. +- * +- * * P2_TLS_PRF_CLI_RANDOM: pass the clientRandom to generate key expansion data, the serverRandom is in SE05X , generated by TLSGenerateRandom. +- * +- * * P2_TLS_PRF_SRV_RANDOM: pass the serverRandom to generate key expansion data, the clientRandom is in SE05X +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------------------+-----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+========================+===============================================+ +- * | CLA | 0x80 | | +- * +-------+------------------------+-----------------------------------------------+ +- * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------------------+-----------------------------------------------+ +- * | P1 | P1_TLS | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------------------+-----------------------------------------------+ +- * | P2 | See description above. | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------------------+-----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------------------+-----------------------------------------------+ +- * | | TLV[TAG_1] | 4-byte HMACKey identifier. | +- * +-------+------------------------+-----------------------------------------------+ +- * | | TLV[TAG_2] | 1-byte :cpp:type:`SE05x_DigestMode_t`, except | +- * | | | DIGEST_NO_HASH. | +- * +-------+------------------------+-----------------------------------------------+ +- * | | TLV[TAG_3] | Label (1 to 64 bytes) | +- * +-------+------------------------+-----------------------------------------------+ +- * | | TLV[TAG_4] | 32-byte random | +- * +-------+------------------------+-----------------------------------------------+ +- * | | TLV[TAG_5] | 2-byte requested length | +- * +-------+------------------------+-----------------------------------------------+ +- * | Le | 0x00 | | +- * +-------+------------------------+-----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+----------------------------------------------+ +- * | Value | Description | +- * +============+==============================================+ +- * | TLV[TAG_1] | Byte array containing requested output data. | +- * +------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] objectID The object id +- * @param[in] digestAlgo The digest algorithm +- * @param[in] label The label +- * @param[in] labelLen The label length +- * @param[in] random The random +- * @param[in] randomLen The random length +- * @param[in] reqLen The request length +- * @param outputData The output data +- * @param poutputDataLen The poutput data length +- * @param[in] tlsprf The tlsprf +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_TLSPerformPRF(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint8_t digestAlgo, +- const uint8_t *label, +- size_t labelLen, +- const uint8_t *random, +- size_t randomLen, +- uint16_t reqLen, +- uint8_t *outputData, +- size_t *poutputDataLen, +- const SE05x_TLSPerformPRFType_t tlsprf); +- +-/** Se05x_API_I2CM_ExecuteCommandSet +- * +- * Execute one or multiple I2C commands in master mode. Execution is conditional +- * to the presence of the authentication object identified by +- * RESERVED_ID_I2CM_ACCESS. If the credential is not present in the eSE, access +- * is allowed in general. Otherwise, a session shall be established before +- * executing this command. In this case, the I2CM_ExecuteCommandSet command shall +- * be sent within the mentioned session. +- * +- * The I2C command set is constructed as a sequence of instructions described in +- * with the following rules: +- * +- * * The length should be limited to MAX_I2CM_COMMAND_LENGTH. +- * +- * * The data to be read cannot exceed MAX_I2CM_COMMAND_LENGTH, including protocol overhead. +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+------------------------------------------------+ +- * | Field | Value | Description | +- * +=======+============+================================================+ +- * | CLA | 0x80 | | +- * +-------+------------+------------------------------------------------+ +- * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t`, in addition to | +- * | | | INS_CRYPTO, users can set the INS_ATTEST flag. | +- * | | | In that case, attestation applies. | +- * +-------+------------+------------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+------------------------------------------------+ +- * | P2 | P2_I2CM | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+------------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+------------------------------------------------+ +- * | | TLV[TAG_1] | Byte array containing I2C Command set as TLV | +- * | | | array. | +- * +-------+------------+------------------------------------------------+ +- * | | TLV[TAG_2] | 4-byte attestation object identifier. | +- * | | | [Optional] [Conditional: only when | +- * | | | INS_ATTEST is set] | +- * +-------+------------+------------------------------------------------+ +- * | | TLV[TAG_3] | 1-byte :cpp:type:`SE05x_AttestationAlgo_t` | +- * | | | [Optional] [Conditional: only when | +- * | | | INS_ATTEST is set] | +- * +-------+------------+------------------------------------------------+ +- * | | TLV[TAG_7] | 16-byte freshness random [Optional] | +- * | | | [Conditional: only when INS_ATTEST is set] | +- * +-------+------------+------------------------------------------------+ +- * | Le | 0x00 | Expecting TLV with return data. | +- * +-------+------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+------------------------------------------------+ +- * | Value | Description | +- * +============+================================================+ +- * | TLV[TAG_1] | Read response, a bytestring containing a | +- * | | sequence of: * CONFIGURE (0x01), | +- * | | followed by 1 byte of return code (0x5A = | +- * | | SUCCESS). * WRITE (0x03), | +- * | | followed by 1 byte of return code * | +- * | | READ (0x04), followed by - | +- * | | Length: 2 bytes in big endian encoded without | +- * | | TLV length encoding - | +- * | | Read bytes * | +- * | | 0xFF followed by the error return code in case | +- * | | of a structural error of the incoming buffer | +- * | | (too long, for example) | +- * +------------+------------------------------------------------+ +- * | TLV[TAG_3] | TLV containing 12-byte timestamp | +- * +------------+------------------------------------------------+ +- * | TLV[TAG_4] | TLV containing 16-byte freshness (random) | +- * +------------+------------------------------------------------+ +- * | TLV[TAG_5] | TLV containing 18-byte chip unique ID | +- * +------------+------------------------------------------------+ +- * | TLV[TAG_6] | TLV containing signature over the concatenated | +- * | | values of TLV[TAG_1], TLV[TAG_3], TLV[TAG_4] | +- * | | and TLV[TAG_5]. | +- * +------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] inputData The input data +- * @param[in] inputDataLen The input data length +- * @param[in] attestationID The attestation id +- * @param[in] attestationAlgo The attestation algorithm +- * @param response The response +- * @param presponseLen The presponse length +- * @param ptimeStamp The ptime stamp +- * @param freshness The freshness +- * @param pfreshnessLen The pfreshness length +- * @param chipId The chip identifier +- * @param pchipIdLen The pchip identifier length +- * @param signature The signature +- * @param psignatureLen The psignature length +- * @param randomAttst The random attst +- * @param[in] randomAttstLen The random attst length +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_I2CM_ExecuteCommandSet(pSe05xSession_t session_ctx, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint32_t attestationID, +- uint8_t attestationAlgo, +- uint8_t *response, +- size_t *presponseLen, +- SE05x_TimeStamp_t *ptimeStamp, +- uint8_t *freshness, +- size_t *pfreshnessLen, +- uint8_t *chipId, +- size_t *pchipIdLen, +- uint8_t *signature, +- size_t *psignatureLen, +- uint8_t *randomAttst, +- size_t randomAttstLen); +- +-/** Se05x_API_DigestInit +- * +- * Open a digest operation. The state of the digest operation is kept in the +- * Crypto Object until the Crypto Object is finalized or deleted. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+---------------------------------+ +- * | Field | Value | Description | +- * +=======+============+=================================+ +- * | CLA | 0x80 | | +- * +-------+------------+---------------------------------+ +- * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+---------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+---------------------------------+ +- * | P2 | P2_INIT | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+---------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+---------------------------------+ +- * | | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +-------+------------+---------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] +- */ +-smStatus_t Se05x_API_DigestInit(pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID); +- +-/** Se05x_API_DigestUpdate +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+---------------------------------+ +- * | Field | Value | Description | +- * +=======+============+=================================+ +- * | CLA | 0x80 | | +- * +-------+------------+---------------------------------+ +- * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+---------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+---------------------------------+ +- * | P2 | P2_UPDATE | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+---------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+---------------------------------+ +- * | | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +-------+------------+---------------------------------+ +- * | | TLV[TAG_3] | Data to be hashed. | +- * +-------+------------+---------------------------------+ +- * | Le | | | +- * +-------+------------+---------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------------+ +- * | SW | Description | +- * +=============+======================================+ +- * | SW_NO_ERROR | The command is handled successfully. | +- * +-------------+--------------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] +- * @param[in] inputData inputData [2:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- */ +-smStatus_t Se05x_API_DigestUpdate( +- pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *inputData, size_t inputDataLen); +- +-/** Se05x_API_DigestFinal +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+------------------------------------+ +- * | Field | Value | Description | +- * +=======+============+====================================+ +- * | CLA | 0x80 | | +- * +-------+------------+------------------------------------+ +- * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+------------------------------------+ +- * | P2 | P2_FINAL | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+------------------------------------+ +- * | | TLV[TAG_2] | 2-byte Crypto Object identifier | +- * +-------+------------+------------------------------------+ +- * | | TLV[TAG_3] | Data to be encrypted or decrypted. | +- * +-------+------------+------------------------------------+ +- * | Le | 0x00 | Expecting TLV with hash value. | +- * +-------+------------+------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-------------+ +- * | Value | Description | +- * +============+=============+ +- * | TLV[TAG_1] | CMAC value | +- * +------------+-------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+-----------------------------------+ +- * | SW | Description | +- * +=============+===================================+ +- * | SW_NO_ERROR | The hash is created successfully. | +- * +-------------+-----------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] cryptoObjectID cryptoObjectID [1:kSE05x_TAG_2] +- * @param[in] inputData inputData [2:kSE05x_TAG_3] +- * @param[in] inputDataLen Length of inputData +- * @param[out] cmacValue [0:kSE05x_TAG_1] +- * @param[in,out] pcmacValueLen Length for cmacValue +- */ +-smStatus_t Se05x_API_DigestFinal(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *cmacValue, +- size_t *pcmacValueLen); +- +-/** Se05x_API_DigestOneShot +- * +- * Performs a hash operation in one shot (without context). +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+-------------------------------------------+ +- * | Field | Value | Description | +- * +=======+============+===========================================+ +- * | CLA | 0x80 | | +- * +-------+------------+-------------------------------------------+ +- * | INS | INS_CRYPTO | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+-------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+-------------------------------------------+ +- * | P2 | P2_ONESHOT | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+-------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+-------------------------------------------+ +- * | | TLV[TAG_1] | 1-byte DigestMode (except DIGEST_NO_HASH) | +- * +-------+------------+-------------------------------------------+ +- * | | TLV[TAG_2] | Data to hash. | +- * +-------+------------+-------------------------------------------+ +- * | Le | 0x00 | TLV expecting hash value | +- * +-------+------------+-------------------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-------------+ +- * | Value | Description | +- * +============+=============+ +- * | TLV[TAG_1] | Hash value. | +- * +------------+-------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+-----------------------------------+ +- * | SW | Description | +- * +=============+===================================+ +- * | SW_NO_ERROR | The hash is created successfully. | +- * +-------------+-----------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- * @param[in] digestMode digestMode [1:kSE05x_TAG_1] +- * @param[in] inputData inputData [2:kSE05x_TAG_2] +- * @param[in] inputDataLen Length of inputData +- * @param[out] hashValue [0:kSE05x_TAG_1] +- * @param[in,out] phashValueLen Length for hashValue +- */ +-smStatus_t Se05x_API_DigestOneShot(pSe05xSession_t session_ctx, +- uint8_t digestMode, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *hashValue, +- size_t *phashValueLen); +- +-/** Se05x_API_GetVersion +- * +- * Gets the applet version information. +- * +- * This will return 7-byte VersionInfo (including major, minor and patch version +- * of the applet, supported applet features and secure box version). +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------------------------+----------------------------------------------+ +- * | Field | Value | Description | +- * +=======+==============================+==============================================+ +- * | CLA | 0x80 | | +- * +-------+------------------------------+----------------------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------------------------+----------------------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------------------------+----------------------------------------------+ +- * | P2 | P2_VERSION or P2_VERSION_EXT | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------------------------+----------------------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------------------------+----------------------------------------------+ +- * | Le | 0x00 | Expecting TLV with 7-byte data (when P2 = | +- * | | | P2_VERSION) or a TLV with 37 byte data (when | +- * | | | P2= P2_VERSION_EXT). | +- * +-------+------------------------------+----------------------------------------------+ +- * @endrst +- * +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+------------------------------------------------+ +- * | Value | Description | +- * +============+================================================+ +- * | TLV[TAG_1] | 7-byte :cpp:type:`VersionInfoRef` (if P2 = | +- * | | P2_VERSION) or 7-byte VersionInfo followed by | +- * | | 30 bytes extendedFeatureBits (if P2 = | +- * | | P2_VERSION_EXT) | +- * +------------+------------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * @param[in] session_ctx The session context +- * @param pappletVersion The papplet version +- * @param appletVersionLen The applet version length +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_GetVersion(pSe05xSession_t session_ctx, uint8_t *pappletVersion, size_t *appletVersionLen); +- +-/** Se05x_API_GetTimestamp +- * +- * Gets a monotonic counter value (time stamp) from the operating system of the +- * device (both persistent and transient part). See TimestampFunctionality for +- * details on the timestamps. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+-------------------------------+ +- * | Field | Value | Description | +- * +=======+============+===============================+ +- * | CLA | 0x80 | | +- * +-------+------------+-------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+-------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+-------------------------------+ +- * | P2 | P2_TIME | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+-------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+-------------------------------+ +- * | Le | 0x2C | Expecting TLV with timestamp. | +- * +-------+------------+-------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+-------------------------------------------+ +- * | Value | Description | +- * +============+===========================================+ +- * | TLV[TAG_1] | TLV containing a 12-byte operating system | +- * | | timestamp. | +- * +------------+-------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx The session context +- * @param ptimeStamp The ptime stamp +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_GetTimestamp(pSe05xSession_t session_ctx, SE05x_TimeStamp_t *ptimeStamp); +- +-/** Se05x_API_GetFreeMemory +- * +- * Gets the amount of free memory. MemoryType indicates the type of memory. +- * +- * The result indicates the amount of free memory. Note that behavior of the +- * function might not be fully linear and can have a granularity of 16 bytes +- * where the applet will typically report the "worst case" amount. For example, +- * when allocating 2 bytes a time, the first report will show 16 bytes being +- * allocated, which remains the same for the next 7 allocations of 2 bytes. +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+---------------------------------+ +- * | Field | Value | Description | +- * +=======+============+=================================+ +- * | CLA | 0x80 | | +- * +-------+------------+---------------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+---------------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+---------------------------------+ +- * | P2 | P2_MEMORY | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+---------------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+---------------------------------+ +- * | | TLV[TAG_1] | :cpp:type:`SE05x_MemTyp_t` | +- * +-------+------------+---------------------------------+ +- * | Le | 0x04 | Expecting TLV with 2-byte data. | +- * +-------+------------+---------------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+----------------------------------------------+ +- * | Value | Description | +- * +============+==============================================+ +- * | TLV[TAG_1] | 2 bytes indicating the amount of free memory | +- * | | of the requested memory type. 0x7FFF as | +- * | | response means at least 32768 bytes are | +- * | | available. | +- * +------------+----------------------------------------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] memoryType The memory type +- * @param pfreeMem The pfree memory +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_GetFreeMemory(pSe05xSession_t session_ctx, SE05x_MemoryType_t memoryType, uint16_t *pfreeMem); +- +-/** Se05x_API_GetRandom +- * +- * Gets random data from the SE05X . +- * +- * +- * # Command to Applet +- * +- * @rst +- * +-------+------------+-----------------------------+ +- * | Field | Value | Description | +- * +=======+============+=============================+ +- * | CLA | 0x80 | | +- * +-------+------------+-----------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +-------+------------+-----------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+------------+-----------------------------+ +- * | P2 | P2_RANDOM | See :cpp:type:`SE05x_P2_t` | +- * +-------+------------+-----------------------------+ +- * | Lc | #(Payload) | | +- * +-------+------------+-----------------------------+ +- * | | TLV[TAG_1] | 2-byte requested size. | +- * +-------+------------+-----------------------------+ +- * | Le | 0x00 | Expecting random data | +- * +-------+------------+-----------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * @rst +- * +------------+--------------+ +- * | Value | Description | +- * +============+==============+ +- * | TLV[TAG_1] | Random data. | +- * +------------+--------------+ +- * @endrst +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx The session context +- * @param[in] size The size +- * @param randomData The random data +- * @param prandomDataLen The prandom data length +- * +- * @return The sm status. +- */ +-smStatus_t Se05x_API_GetRandom(pSe05xSession_t session_ctx, uint16_t size, uint8_t *randomData, size_t *prandomDataLen); +- +-/** Se05x_API_DeleteAll +- * +- * Delete all Secure Objects, delete all curves and Crypto Objects. Secure +- * Objects that are trust provisioned by NXP are not deleted (i.e., all objects +- * that have Origin set to ORIGIN_PROVISIONED, including the objects with +- * reserved object identifiers listed in Object attributes). +- * +- * This command can only be used from sessions that are authenticated using the +- * credential with index RESERVED_ID_FACTORY_RESET. +- * +- * _Important_ : if a secure messaging session is up & running (e.g., AESKey or +- * ECKey session) and the command is sent within this session, the response of +- * the DeleteAll command will not be wrapped (i.e., not encrypted and no R-MAC), +- * so this will also break down the secure channel protocol (as the session is +- * closed by the DeleteAll command itself). +- * +- * # Command to Applet +- * +- * @rst +- * +-------+---------------+-----------------------------+ +- * | Field | Value | Description | +- * +=======+===============+=============================+ +- * | CLA | 0x80 | | +- * +-------+---------------+-----------------------------+ +- * | INS | INS_MGMT | See :cpp:type:`SE05x_INS_t` | +- * +-------+---------------+-----------------------------+ +- * | P1 | P1_DEFAULT | See :cpp:type:`SE05x_P1_t` | +- * +-------+---------------+-----------------------------+ +- * | P2 | P2_DELETE_ALL | See :cpp:type:`SE05x_P2_t` | +- * +-------+---------------+-----------------------------+ +- * | Lc | 0x00 | | +- * +-------+---------------+-----------------------------+ +- * @endrst +- * +- * # R-APDU Body +- * +- * NA +- * +- * # R-APDU Trailer +- * +- * @rst +- * +-------------+--------------------------------+ +- * | SW | Description | +- * +=============+================================+ +- * | SW_NO_ERROR | Data is returned successfully. | +- * +-------------+--------------------------------+ +- * @endrst +- * +- * +- * +- * @param[in] session_ctx Session Context [0:kSE05x_pSession] +- */ +-smStatus_t Se05x_API_DeleteAll(pSe05xSession_t session_ctx); +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-#include "se05x_04_xx_APDU_apis.h" +-#endif +- +-#endif /* SE050X_APDU_APIS_H_INC */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_impl.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_impl.h +deleted file mode 100644 +index 4717f19f7d..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx/se05x_APDU_impl.h ++++ /dev/null +@@ -1,3470 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#if defined(NONSECURE_WORLD) +-#include "veneer_printf_table.h" +-#endif +- +-#if defined(NONSECURE_WORLD) +-#define NEWLINE() DbgConsole_Printf_NSE("\r\n") +-#else +-#define NEWLINE() printf("\r\n") +-#endif +- +-smStatus_t Se05x_API_CreateSession( +- pSe05xSession_t session_ctx, uint32_t authObjectID, uint8_t *sessionId, size_t *psessionIdLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_CREATE}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "CreateSession []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("auth", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, authObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, sessionId, psessionIdLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ExchangeSessionData(pSe05xSession_t session_ctx, pSe05xPolicy_t policy) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_POLICY}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- // uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ExchangeSessionData []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("Policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_RefreshSession(pSe05xSession_t session_ctx, pSe05xPolicy_t policy) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_REFRESH}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "RefreshSession []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_CloseSession(pSe05xSession_t session_ctx) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_CLOSE}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t iCnt = 0; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "CloseSession []"); +-#endif /* VERBOSE_APDU_LOGS */ +- if (((session_ctx->value[0] || session_ctx->value[1] || session_ctx->value[2] || session_ctx->value[3] || +- session_ctx->value[4] || session_ctx->value[5] || session_ctx->value[6] || session_ctx->value[7])) && +- (session_ctx->hasSession == 1)) { +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- if (retStatus == SM_OK) { +- for (iCnt = 0; iCnt < 8; iCnt++) { +- session_ctx->value[iCnt] = 0; +- } +- session_ctx->hasSession = 0; +- } +- } +- else { +- LOG_D("CloseSession command is sent only if valid Session exists!!!"); +- } +- return retStatus; +-} +- +-smStatus_t Se05x_API_VerifySessionUserID(pSe05xSession_t session_ctx, const uint8_t *userId, size_t userIdLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SESSION_UserID}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "VerifySessionUserID []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_u8bufOptional("userId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, userId, userIdLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_SetLockState(pSe05xSession_t session_ctx, uint8_t lockIndicator, uint8_t lockState) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_TRANSPORT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "SetLockState []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U8("lock indicator", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, lockIndicator); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U8("lock state", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, lockState); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_SetPlatformSCPRequest(pSe05xSession_t session_ctx, SE05x_PlatformSCPRequest_t platformSCPRequest) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_SCP}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "SetPlatformSCPRequest []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_PlatformSCPRequest("platf scp req", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, platformSCPRequest); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_SetAppletFeatures(pSe05xSession_t session_ctx, pSe05xAppletFeatures_t appletVariant) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_VARIANT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "SetAppletFeatures []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Variant(&pCmdbuf, &cmdbufLen, kSE05x_TAG_1, appletVariant); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_WriteECKey(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_ECCurve_t curveID, +- const uint8_t *privKey, +- size_t privKeyLen, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_EC | key_part, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "WriteECKey []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_ECCurve("curveID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, curveID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("privKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, privKey, privKeyLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, pubKey, pubKeyLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_WriteRSAKey(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t size, +- const uint8_t *p, +- size_t pLen, +- const uint8_t *q, +- size_t qLen, +- const uint8_t *dp, +- size_t dpLen, +- const uint8_t *dq, +- size_t dqLen, +- const uint8_t *qInv, +- size_t qInvLen, +- const uint8_t *pubExp, +- size_t pubExpLen, +- const uint8_t *priv, +- size_t privLen, +- const uint8_t *pubMod, +- size_t pubModLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- const SE05x_RSAKeyFormat_t rsa_format) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_RSA | key_part, rsa_format}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "WriteRSAKey []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("To be Checked(last 3 not pdf)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("size in bits", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, size); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("p", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, p, pLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("q", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, q, qLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("dp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, dp, dpLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("dq", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, dq, dqLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("qnv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, qInv, qInvLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("public exp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_8, pubExp, pubExpLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("priv", &pCmdbuf, &cmdbufLen, kSE05x_TAG_9, priv, privLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional_ByteShift("public mod", &pCmdbuf, &cmdbufLen, kSE05x_TAG_10, pubMod, pubModLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_WriteSymmKey(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_KeyID_t kekID, +- const uint8_t *keyValue, +- size_t keyValueLen, +- const SE05x_INS_t ins_type, +- const SE05x_SymmKeyType_t type) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, type, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "WriteSymmKey []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_KeyID("KEK id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, kekID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("key value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, keyValue, keyValueLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_WriteBinary(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t offset, +- uint16_t length, +- const uint8_t *inputData, +- size_t inputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_BINARY, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "WriteBinary []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("input data", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_WriteUserID(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- const uint8_t *userId, +- size_t userIdLen, +- const SE05x_AttestationType_t attestation_type) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | attestation_type, kSE05x_P1_UserID, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "WriteUserID []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_MaxAttemps("maxAttempt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_MAX_ATTEMPTS, maxAttempt); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("userId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, userId, userIdLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_CreateCounter(pSe05xSession_t session_ctx, pSe05xPolicy_t policy, uint32_t objectID, uint16_t size) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_COUNTER, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "Se05x_API_CreateCounter []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- +- if (size != 0) { +- tlvRet = TLVSET_U16("size", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, size); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_SetCounterValue(pSe05xSession_t session_ctx, uint32_t objectID, uint16_t size, uint64_t value) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_COUNTER, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "SetCounterValue []"); +-#endif /* VERBOSE_APDU_LOGS */ +- +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- +- if ((size > 0) && (size <= 8)) { +- if (value != 0) { +- tlvRet = TLVSET_U64_SIZE("value", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, value, size); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- } +- else { +- LOG_E("Wrong size provided"); +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_IncCounter(pSe05xSession_t session_ctx, uint32_t objectID) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_COUNTER, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(objectID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "IncCounter []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-#if ENABLE_DEPRECATED_API_WritePCR +-smStatus_t Se05x_API_WritePCR(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t pcrID, +- const uint8_t *initialValue, +- size_t initialValueLen, +- const uint8_t *inputData, +- size_t inputDataLen) +-{ +- return Se05x_API_WritePCR_WithType( +- session_ctx, kSE05x_INS_NA, policy, pcrID, initialValue, initialValueLen, inputData, inputDataLen); +-} +-#endif // ENABLE_DEPRECATED_API_WritePCR +- +-smStatus_t Se05x_API_WritePCR_WithType(pSe05xSession_t session_ctx, +- const SE05x_INS_t ins_type, +- pSe05xPolicy_t policy, +- uint32_t pcrID, +- const uint8_t *initialValue, +- size_t initialValueLen, +- const uint8_t *inputData, +- size_t inputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE | ins_type, kSE05x_P1_PCR, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- +- if (Se05x_IsInValidRangeOfUID(pcrID)) +- return SM_NOT_OK; +- +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "WritePCR []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_Se05xPolicy("policy", &pCmdbuf, &cmdbufLen, kSE05x_TAG_POLICY, policy); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pcrID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("initialValue", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, initialValue, initialValueLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ImportObject(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_RSAKeyComponent_t rsaKeyComp, +- const uint8_t *serializedObject, +- size_t serializedObjectLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_DEFAULT, kSE05x_P2_IMPORT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ImportObject []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- if (rsaKeyComp != kSE05x_RSAKeyComponent_NA) { +- tlvRet = TLVSET_RSAKeyComponent("rsaKeyComp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaKeyComp); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- tlvRet = TLVSET_u8bufOptional( +- "serializedObject", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, serializedObject, serializedObjectLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ImportExternalObject(pSe05xSession_t session_ctx, +- const uint8_t *ECKeydata, +- size_t ECKeydataLen, +- const uint8_t *ECAuthKeyID, +- size_t ECAuthKeyIDLen, +- const uint8_t *serializedObject, +- size_t serializedObjectLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, 0x06, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ImportExternalObject []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_u8buf("AuthData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_IMPORT_AUTH_DATA, ECKeydata, ECKeydataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8buf("AuthID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_IMPORT_AUTH_KEY_ID, ECAuthKeyID, ECAuthKeyIDLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional( +- "serializedObject", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, serializedObject, serializedObjectLen); +- +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ReadObject( +- pSe05xSession_t session_ctx, uint32_t objectID, uint16_t offset, uint16_t length, uint8_t *data, size_t *pdataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ReadObject []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +- if (retStatus == SM_ERR_ACCESS_DENIED_BASED_ON_POLICY) +- LOG_W("Denied to read object %08X bases on policy.", objectID); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ReadObject_W_Attst(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint16_t offset, +- uint16_t length, +- uint32_t attestID, +- SE05x_AttestationAlgo_t attestAlgo, +- const uint8_t *random, +- size_t randomLen, +- uint8_t *data, +- size_t *pdataLen, +- uint8_t *attribute, +- size_t *pattributeLen, +- SE05x_TimeStamp_t *ptimeStamp, +- uint8_t *outrandom, +- size_t *poutrandomLen, +- uint8_t *chipId, +- size_t *pchipIdLen, +- uint8_t *signature, +- size_t *psignatureLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ_With_Attestation, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ReadObject_W_Attst []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("attestID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, attestID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_AttestationAlgo("attestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, attestAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, random, randomLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ +- if (0 != tlvRet) { +- /* Keys with no read policy will not return TAG1 */ +- //goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, attribute, pattributeLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, outrandom, poutrandomLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ReadRSA(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint16_t offset, +- uint16_t length, +- SE05x_RSAPubKeyComp_t rsa_key_comp, +- uint8_t *data, +- size_t *pdataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ReadRSA []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_RSAPubKeyComp("rsa_key_comp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, rsa_key_comp); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ReadRSA_W_Attst(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint16_t offset, +- uint16_t length, +- SE05x_RSAPubKeyComp_t rsa_key_comp, +- uint32_t attestID, +- SE05x_AttestationAlgo_t attestAlgo, +- const uint8_t *random, +- size_t randomLen, +- uint8_t *data, +- size_t *pdataLen, +- uint8_t *attribute, +- size_t *pattributeLen, +- SE05x_TimeStamp_t *ptimeStamp, +- uint8_t *outrandom, +- size_t *poutrandomLen, +- uint8_t *chipId, +- size_t *pchipIdLen, +- uint8_t *signature, +- size_t *psignatureLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ_With_Attestation, kSE05x_P1_DEFAULT, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ReadRSA_W_Attst []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, offset); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16Optional("length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, length); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_RSAPubKeyComp("rsa_key_comp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, rsa_key_comp); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("attestID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, attestID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_AttestationAlgo("attestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, attestAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, random, randomLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, attribute, pattributeLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, outrandom, poutrandomLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ExportObject( +- pSe05xSession_t session_ctx, uint32_t objectID, SE05x_RSAKeyComponent_t rsaKeyComp, uint8_t *data, size_t *pdataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_EXPORT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ExportObject []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_RSAKeyComponent("rsaKeyComp", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaKeyComp); +- if (0 != tlvRet) { +- goto cleanup; +- } +- +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, data, pdataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ReadType(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_SecureObjectType_t *ptype, +- uint8_t *pisTransient, +- const SE05x_AttestationType_t attestation_type) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ | attestation_type, kSE05x_P1_DEFAULT, kSE05x_P2_TYPE}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ReadType []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_SecureObjectType(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, ptype); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_2, pisTransient); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ReadSize(pSe05xSession_t session_ctx, uint32_t objectID, uint16_t *psize) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_SIZE}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ReadSize []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_U16(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, psize); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ReadIDList(pSe05xSession_t session_ctx, +- uint16_t outputOffset, +- uint8_t filter, +- uint8_t *pmore, +- uint8_t *idlist, +- size_t *pidlistLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_DEFAULT, kSE05x_P2_LIST}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ReadIDList []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U16("output offset", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, outputOffset); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U8("filter", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, filter); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pmore); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, +- &rspIndex, +- rspbufLen, +- kSE05x_TAG_2, +- idlist, +- pidlistLen); /* Byte array containing 4-byte identifiers */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (smStatus_t)((pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1])); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_CheckObjectExists(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_Result_t *presult) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_EXIST}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "CheckObjectExists []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DeleteSecureObject(pSe05xSession_t session_ctx, uint32_t objectID) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_DELETE_OBJECT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DeleteSecureObject []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_CreateECCurve(pSe05xSession_t session_ctx, SE05x_ECCurve_t curveID) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_CURVE, kSE05x_P2_CREATE}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "CreateECCurve []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_ECCurve("curve id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, curveID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_SetECCurveParam(pSe05xSession_t session_ctx, +- SE05x_ECCurve_t curveID, +- SE05x_ECCurveParam_t ecCurveParam, +- const uint8_t *inputData, +- size_t inputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_CURVE, kSE05x_P2_PARAM}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "SetECCurveParam []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_ECCurve("curve id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, curveID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_ECCurveParam("ecCurveParam", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, ecCurveParam); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_GetECCurveId(pSe05xSession_t session_ctx, uint32_t objectID, uint8_t *pcurveId) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_CURVE, kSE05x_P2_ID}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "GetECCurveId []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("object id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pcurveId); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ReadECCurveList(pSe05xSession_t session_ctx, uint8_t *curveList, size_t *pcurveListLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_CURVE, kSE05x_P2_LIST}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ReadECCurveList []"); +-#endif /* VERBOSE_APDU_LOGS */ +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, curveList, pcurveListLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DeleteECCurve(pSe05xSession_t session_ctx, SE05x_ECCurve_t curveID) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_CURVE, kSE05x_P2_DELETE_OBJECT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DeleteECCurve []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_ECCurve("curve id", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, curveID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_CreateCryptoObject(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- SE05x_CryptoContext_t cryptoContext, +- SE05x_CryptoModeSubType_t subtype) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_WRITE, kSE05x_P1_CRYPTO_OBJ, kSE05x_P2_DEFAULT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "CreateCryptoObject []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_CryptoContext("cryptoContext", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoContext); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_CryptoModeSubType( +- "1-byte Crypto Object subtype, either from DigestMode, CipherMode or MACAlgo (depending on TAG_2).", +- &pCmdbuf, +- &cmdbufLen, +- kSE05x_TAG_3, +- subtype); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ReadCryptoObjectList(pSe05xSession_t session_ctx, uint8_t *idlist, size_t *pidlistLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_READ, kSE05x_P1_CRYPTO_OBJ, kSE05x_P2_LIST}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ReadCryptoObjectList []"); +-#endif /* VERBOSE_APDU_LOGS */ +- retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = +- tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, idlist, pidlistLen); /* If more ids are present */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DeleteCryptoObject(pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_CRYPTO_OBJ, kSE05x_P2_DELETE_OBJECT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DeleteCryptoObject []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ECDSASign(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_ECSignatureAlgo_t ecSignAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *signature, +- size_t *psignatureLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_SIGN}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ECDSASign []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_ECSignatureAlgo("ecSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, ecSignAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, signature, psignatureLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_EdDSASign(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_EDSignatureAlgo_t edSignAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *signature, +- size_t *psignatureLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_SIGN}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "EdDSASign []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_EDSignatureAlgo("edSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, edSignAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, signature, psignatureLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ECDAASign(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_ECDAASignatureAlgo_t ecdaaSignAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *randomData, +- size_t randomDataLen, +- uint8_t *signature, +- size_t *psignatureLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_SIGN}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ECDAASign []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_ECDAASignatureAlgo("ecdaaSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, ecdaaSignAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("randomData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, randomData, randomDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, signature, psignatureLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ECDSAVerify(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_ECSignatureAlgo_t ecSignAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *signature, +- size_t signatureLen, +- SE05x_Result_t *presult) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_VERIFY}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ECDSAVerify []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_ECSignatureAlgo("ecSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, ecSignAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("signature", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, signature, signatureLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_EdDSAVerify(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_EDSignatureAlgo_t edSignAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *signature, +- size_t signatureLen, +- SE05x_Result_t *presult) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_VERIFY}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "EdDSAVerify []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_EDSignatureAlgo("edSignAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, edSignAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("signature", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, signature, signatureLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_ECDHGenerateSharedSecret(pSe05xSession_t session_ctx, +- uint32_t objectID, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- uint8_t *sharedSecret, +- size_t *psharedSecretLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_EC, kSE05x_P2_DH}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "ECDHGenerateSharedSecret []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("pubKey", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, pubKey, pubKeyLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, sharedSecret, psharedSecretLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_RSASign(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_RSASignatureAlgo_t rsaSigningAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *signature, +- size_t *psignatureLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_SIGN}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "RSASign []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_RSASignatureAlgo("rsaSigningAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaSigningAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, signature, psignatureLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_RSAVerify(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_RSASignatureAlgo_t rsaSigningAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *signature, +- size_t signatureLen, +- SE05x_Result_t *presult) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_SIGNATURE, kSE05x_P2_VERIFY}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "RSAVerify []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_RSASignatureAlgo("rsaSigningAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaSigningAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("signature", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, signature, signatureLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_Result(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_RSAEncrypt(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *encryptedData, +- size_t *pencryptedDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_RSA, kSE05x_P2_ENCRYPT_ONESHOT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "RSAEncrypt []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_RSAEncryptionAlgo("rsaEncryptionAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaEncryptionAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, encryptedData, pencryptedDataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_RSADecrypt(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *decryptedData, +- size_t *pdecryptedDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_RSA, kSE05x_P2_DECRYPT_ONESHOT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "RSADecrypt []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_RSAEncryptionAlgo("rsaEncryptionAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, rsaEncryptionAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, decryptedData, pdecryptedDataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_CipherInit(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *IV, +- size_t IVLen, +- const SE05x_Cipher_Oper_t operation) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_CIPHER, operation}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "CipherInit []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, IV, IVLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_CipherUpdate(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *outputData, +- size_t *poutputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_CIPHER, kSE05x_P2_UPDATE}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "CipherUpdate []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_CipherFinal(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *outputData, +- size_t *poutputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_CIPHER, kSE05x_P2_FINAL}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "CipherFinal []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_CipherOneShot(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_CipherMode_t cipherMode, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *IV, +- size_t IVLen, +- uint8_t *outputData, +- size_t *poutputDataLen, +- const SE05x_Cipher_Oper_OneShot_t operation) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_CIPHER, operation}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "CipherOneShot []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_CipherMode("cipherMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cipherMode); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("IV", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, IV, IVLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_MACInit(pSe05xSession_t session_ctx, +- uint32_t objectID, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const SE05x_Mac_Oper_t mac_oper) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, mac_oper}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "MACInit []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_MACUpdate( +- pSe05xSession_t session_ctx, const uint8_t *inputData, size_t inputDataLen, SE05x_CryptoObjectID_t cryptoObjectID) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, kSE05x_P2_UPDATE}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "MACUpdate []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_MACFinal(pSe05xSession_t session_ctx, +- const uint8_t *inputData, +- size_t inputDataLen, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *macValidateData, +- size_t macValidateDataLen, +- uint8_t *macValue, +- size_t *pmacValueLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, kSE05x_P2_FINAL}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "MACFinal []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional( +- "macValidateData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, macValidateData, macValidateDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, macValue, pmacValueLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_MACOneShot_G(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint8_t macOperation, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *macValue, +- size_t *pmacValueLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, kSE05x_P2_GENERATE_ONESHOT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "MACOneShot_G []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U8("macOperation", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, macOperation); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, macValue, pmacValueLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_MACOneShot_V(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint8_t macOperation, +- const uint8_t *inputData, +- size_t inputDataLen, +- const uint8_t *MAC, +- size_t MACLen, +- uint8_t *macValue, +- size_t *pmacValueLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_MAC, kSE05x_P2_VALIDATE_ONESHOT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "MACOneShot_V []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U8("macOperation", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, macOperation); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional( +- "MAC to verify (when P2=P2_VALIDATE_ONESHOT)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, MAC, MACLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, macValue, pmacValueLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_HKDF(pSe05xSession_t session_ctx, +- uint32_t hmacID, +- SE05x_DigestMode_t digestMode, +- const uint8_t *salt, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- uint16_t deriveDataLen, +- uint8_t *hkdfOuput, +- size_t *phkdfOuputLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_HKDF}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "HKDF []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("hmacID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, hmacID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_DigestMode("digestMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, digestMode); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("salt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, salt, saltLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("info", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, info, infoLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16("2-byte requested length (L)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, deriveDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, hkdfOuput, phkdfOuputLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_HKDF_Extended(pSe05xSession_t session_ctx, +- uint32_t hmacID, +- SE05x_DigestMode_t digestMode, +- SE05x_HkdfMode_t hkdfMode, +- const uint8_t *salt, +- size_t saltLen, +- uint32_t saltID, +- const uint8_t *info, +- size_t infoLen, +- uint32_t derivedKeyID, +- uint16_t deriveDataLen, +- uint8_t *hkdfOuput, +- size_t *phkdfOuputLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_HKDF}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +- hdr.hdr[3] = (hkdfMode == kSE05x_HkdfMode_ExpandOnly ? kSE05x_P2_HKDF_EXPAND_ONLY : kSE05x_P2_HKDF); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "HKDF []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("hmacID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, hmacID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_DigestMode("digestMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, digestMode); +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((salt != NULL) && (hkdfMode != kSE05x_HkdfMode_ExpandOnly)) { +- tlvRet = TLVSET_u8bufOptional("salt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, salt, saltLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- tlvRet = TLVSET_u8bufOptional("info", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, info, infoLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16("2-byte requested length (L)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, deriveDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- // Warning: TAGS must be in numerical order, so this cannot be the else statement of (salt != null) +- if ((salt == NULL) && (hkdfMode != kSE05x_HkdfMode_ExpandOnly)) { +- tlvRet = TLVSET_U32("saltID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_6, saltID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- if (hkdfOuput == NULL) { +- tlvRet = TLVSET_U32("derivedKeyID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, derivedKeyID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- if (hkdfOuput == NULL) { +- retStatus = SM_NOT_OK; +- if (2 == rspbufLen) { +- retStatus = (rspbuf[0] << 8) | (rspbuf[1]); +- } +- } +- else { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, hkdfOuput, phkdfOuputLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_PBKDF2(pSe05xSession_t session_ctx, +- uint32_t objectID, +- const uint8_t *salt, +- size_t saltLen, +- uint16_t count, +- uint16_t requestedLen, +- uint8_t *derivedSessionKey, +- size_t *pderivedSessionKeyLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_PBKDF}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "PBKDF2 []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32( +- "4-byte password identifier (object type must be HMACKey)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("salt", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, salt, saltLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16("count", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, count); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16("requestedLen", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, requestedLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = +- tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, derivedSessionKey, pderivedSessionKeyLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DFDiversifyKey(pSe05xSession_t session_ctx, +- uint32_t masterKeyID, +- uint32_t diversifiedKeyID, +- const uint8_t *divInputData, +- size_t divInputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_DIVERSIFY}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DFDiversifyKey []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("masterKeyID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, masterKeyID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("diversifiedKeyID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, diversifiedKeyID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("divInputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, divInputData, divInputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DFAuthenticateFirstPart1(pSe05xSession_t session_ctx, +- uint32_t objectID, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *outputData, +- size_t *poutputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_AUTH_FIRST_PART1}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DFAuthenticateFirstPart1 []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DFAuthenticateNonFirstPart1(pSe05xSession_t session_ctx, +- uint32_t objectID, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *outputData, +- size_t *poutputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_AUTH_NONFIRST_PART1}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DFAuthenticateFirstPart1 []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DFAuthenticateFirstPart2(pSe05xSession_t session_ctx, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *outputData, +- size_t *poutputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_AUTH_FIRST_PART2}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DFAuthenticateFirstPart2 []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DFAuthenticateNonFirstPart2( +- pSe05xSession_t session_ctx, const uint8_t *inputData, size_t inputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_AUTH_NONFIRST_PART2}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DFAuthenticateNonFirstPart2 []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DFDumpSessionKeys(pSe05xSession_t session_ctx, uint8_t *sessionData, size_t *psessionDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_DUMP_KEY}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DFDumpSessionKeys []"); +-#endif /* VERBOSE_APDU_LOGS */ +- retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, +- &rspIndex, +- rspbufLen, +- kSE05x_TAG_1, +- sessionData, +- psessionDataLen); /* 38 bytes: KeyID.SesAuthENCKey || KeyID.SesAuthMACKey || TI || Cmd-Ctr */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DFChangeKeyPart1(pSe05xSession_t session_ctx, +- uint32_t oldObjectID, +- uint32_t newObjectID, +- uint8_t keySetNr, +- uint8_t keyNoDESFire, +- uint8_t keyVer, +- uint8_t *KeyData, +- size_t *pKeyDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_CHANGE_KEY_PART1}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DFChangeKeyPart1 []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_KeyID("oldObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, oldObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("newObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, newObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U8("keySetNr", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, keySetNr); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U8("keyNoDESFire", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, keyNoDESFire); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U8("keyVer", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, keyVer); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, KeyData, pKeyDataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DFChangeKeyPart2(pSe05xSession_t session_ctx, const uint8_t *MAC, size_t MACLen, uint8_t *presult) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_CHANGE_KEY_PART2}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DFChangeKeyPart2 []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_u8bufOptional("MAC", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, MAC, MACLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_U8(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, presult); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DFKillAuthentication(pSe05xSession_t session_ctx) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_KILL_AUTH}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DFKillAuthentication []"); +-#endif /* VERBOSE_APDU_LOGS */ +- +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +- return retStatus; +-} +- +-smStatus_t Se05x_API_TLSGenerateRandom(pSe05xSession_t session_ctx, uint8_t *randomValue, size_t *prandomValueLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_TLS, kSE05x_P2_RANDOM}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "TLSGenerateRandom []"); +-#endif /* VERBOSE_APDU_LOGS */ +- retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, randomValue, prandomValueLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_TLSCalculatePreMasterSecret(pSe05xSession_t session_ctx, +- uint32_t keyPairId, +- uint32_t pskId, +- uint32_t hmacKeyId, +- const uint8_t *inputData, +- size_t inputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_TLS, kSE05x_P2_TLS_PMS}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "TLSCalculatePreMasterSecret []"); +-#endif /* VERBOSE_APDU_LOGS */ +- if (pskId != 0) { +- tlvRet = TLVSET_U32("pskId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, pskId); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- tlvRet = TLVSET_U32("keyPairId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, keyPairId); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("hmacKeyId", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, hmacKeyId); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_TLSPerformPRF(pSe05xSession_t session_ctx, +- uint32_t objectID, +- uint8_t digestAlgo, +- const uint8_t *label, +- size_t labelLen, +- const uint8_t *random, +- size_t randomLen, +- uint16_t reqLen, +- uint8_t *outputData, +- size_t *poutputDataLen, +- const SE05x_TLSPerformPRFType_t tlsprf) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_TLS, tlsprf}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "TLSPerformPRF []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U32("objectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, objectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U8("digestAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, digestAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("Label (1 to 64 bytes)", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, label, labelLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("32-byte random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_4, random, randomLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U16("2-byte requested length", &pCmdbuf, &cmdbufLen, kSE05x_TAG_5, reqLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, outputData, poutputDataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_I2CM_ExecuteCommandSet(pSe05xSession_t session_ctx, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint32_t attestationID, +- uint8_t attestationAlgo, +- uint8_t *response, +- size_t *presponseLen, +- SE05x_TimeStamp_t *ptimeStamp, +- uint8_t *freshness, +- size_t *pfreshnessLen, +- uint8_t *chipId, +- size_t *pchipIdLen, +- uint8_t *signature, +- size_t *psignatureLen, +- uint8_t *randomAttst, +- size_t randomAttstLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_I2CM_Attestation, kSE05x_P1_DEFAULT, kSE05x_P2_I2CM}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "I2CM_ExecuteCommandSet []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_u8bufOptional("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U32("attestationID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, attestationID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_U8("attestationAlgo", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, attestationAlgo); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8bufOptional("freshness random", &pCmdbuf, &cmdbufLen, kSE05x_TAG_7, randomAttst, randomAttstLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, response, presponseLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_3, ptimeStamp); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_4, freshness, pfreshnessLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_5, chipId, pchipIdLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_6, signature, psignatureLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DigestInit(pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_INIT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DigestInit []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DigestUpdate( +- pSe05xSession_t session_ctx, SE05x_CryptoObjectID_t cryptoObjectID, const uint8_t *inputData, size_t inputDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_UPDATE}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DigestUpdate []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DigestFinal(pSe05xSession_t session_ctx, +- SE05x_CryptoObjectID_t cryptoObjectID, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *cmacValue, +- size_t *pcmacValueLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_FINAL}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DigestFinal []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_CryptoObjectID("cryptoObjectID", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, cryptoObjectID); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_3, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, cmacValue, pcmacValueLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DigestOneShot(pSe05xSession_t session_ctx, +- uint8_t digestMode, +- const uint8_t *inputData, +- size_t inputDataLen, +- uint8_t *hashValue, +- size_t *phashValueLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_CRYPTO, kSE05x_P1_DEFAULT, kSE05x_P2_ONESHOT}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DigestOneShot []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U8("digestMode", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, digestMode); +- if (0 != tlvRet) { +- goto cleanup; +- } +- tlvRet = TLVSET_u8buf("inputData", &pCmdbuf, &cmdbufLen, kSE05x_TAG_2, inputData, inputDataLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, hashValue, phashValueLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_GetVersion(pSe05xSession_t session_ctx, uint8_t *pappletVersion, size_t *appletVersionLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_VERSION}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "GetVersion []"); +-#endif /* VERBOSE_APDU_LOGS */ +- retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pappletVersion, appletVersionLen); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_GetTimestamp(pSe05xSession_t session_ctx, SE05x_TimeStamp_t *ptimeStamp) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_TIME}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "GetTimestamp []"); +-#endif /* VERBOSE_APDU_LOGS */ +- retStatus = DoAPDUTxRx_s_Case2(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_TimeStamp(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, ptimeStamp); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_GetFreeMemory(pSe05xSession_t session_ctx, SE05x_MemoryType_t memoryType, uint16_t *pfreeMem) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_MEMORY}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "GetFreeMemory []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_MemoryType("memoryType", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, memoryType); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_U16(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, pfreeMem); /* - */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_GetRandom(pSe05xSession_t session_ctx, uint16_t size, uint8_t *randomData, size_t *prandomDataLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_RANDOM}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = &cmdbuf[0]; +- int tlvRet = 0; +- uint8_t rspbuf[SE05X_MAX_BUF_SIZE_RSP]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "GetRandom []"); +-#endif /* VERBOSE_APDU_LOGS */ +- tlvRet = TLVSET_U16("size", &pCmdbuf, &cmdbufLen, kSE05x_TAG_1, size); +- if (0 != tlvRet) { +- goto cleanup; +- } +- retStatus = DoAPDUTxRx_s_Case4_ext(session_ctx, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- if (retStatus == SM_OK) { +- retStatus = SM_NOT_OK; +- size_t rspIndex = 0; +- tlvRet = tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_TAG_1, randomData, prandomDataLen); /* */ +- if (0 != tlvRet) { +- goto cleanup; +- } +- if ((rspIndex + 2) == rspbufLen) { +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- } +- } +- +-cleanup: +- return retStatus; +-} +- +-smStatus_t Se05x_API_DeleteAll(pSe05xSession_t session_ctx) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- tlvHeader_t hdr = {{kSE05x_CLA, kSE05x_INS_MGMT, kSE05x_P1_DEFAULT, kSE05x_P2_DELETE_ALL}}; +- uint8_t cmdbuf[SE05X_MAX_BUF_SIZE_CMD]; +- size_t cmdbufLen = 0; +-#if VERBOSE_APDU_LOGS +- NEWLINE(); +- nLog("APDU", NX_LEVEL_DEBUG, "DeleteAll []"); +-#endif /* VERBOSE_APDU_LOGS */ +- retStatus = DoAPDUTx_s_Case3(session_ctx, &hdr, cmdbuf, cmdbufLen); +- return retStatus; +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/mbedtls_cli_srv/CMakeLists.txt b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/mbedtls_cli_srv/CMakeLists.txt +deleted file mode 100644 +index 807fd38795..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/mbedtls_cli_srv/CMakeLists.txt ++++ /dev/null +@@ -1,207 +0,0 @@ +-CMAKE_MINIMUM_REQUIRED(VERSION 3.5.0) +- +-project (ssl2_client) +- +-FILE( +- GLOB +- MBEDTLS_SOURCES +- ../ext/mbedtls/library/aes.c +- ../ext/mbedtls/library/aesni.c +- ../ext/mbedtls/library/arc4.c +- ../ext/mbedtls/library/aria.c +- ../ext/mbedtls/library/asn1parse.c +- ../ext/mbedtls/library/asn1write.c +- ../ext/mbedtls/library/base64.c +- ../ext/mbedtls/library/bignum.c +- ../ext/mbedtls/library/blowfish.c +- ../ext/mbedtls/library/camellia.c +- ../ext/mbedtls/library/ccm.c +- ../ext/mbedtls/library/certs.c +- ../ext/mbedtls/library/chacha20.c +- ../ext/mbedtls/library/chachapoly.c +- ../ext/mbedtls/library/cipher.c +- ../ext/mbedtls/library/cipher_wrap.c +- ../ext/mbedtls/library/cmac.c +- ../ext/mbedtls/library/ctr_drbg.c +- ../ext/mbedtls/library/debug.c +- ../ext/mbedtls/library/des.c +- ../ext/mbedtls/library/dhm.c +- #../ext/mbedtls/library/ecdh.c +- ../ext/mbedtls/library/ecdsa.c +- ../ext/mbedtls/library/ecjpake.c +- ../ext/mbedtls/library/ecp.c +- ../ext/mbedtls/library/ecp_curves.c +- ../ext/mbedtls/library/entropy.c +- ../ext/mbedtls/library/entropy_poll.c +- ../ext/mbedtls/library/error.c +- ../ext/mbedtls/library/gcm.c +- ../ext/mbedtls/library/havege.c +- ../ext/mbedtls/library/hkdf.c +- ../ext/mbedtls/library/hmac_drbg.c +- ../ext/mbedtls/library/md.c +- ../ext/mbedtls/library/md2.c +- ../ext/mbedtls/library/md4.c +- ../ext/mbedtls/library/md5.c +- ../ext/mbedtls/library/md_wrap.c +- ../ext/mbedtls/library/memory_buffer_alloc.c +- ../ext/mbedtls/library/net_sockets.c +- ../ext/mbedtls/library/nist_kw.c +- ../ext/mbedtls/library/oid.c +- ../ext/mbedtls/library/padlock.c +- ../ext/mbedtls/library/pem.c +- ../ext/mbedtls/library/pk.c +- ../ext/mbedtls/library/pk_wrap.c +- ../ext/mbedtls/library/pkcs11.c +- ../ext/mbedtls/library/pkcs12.c +- ../ext/mbedtls/library/pkcs5.c +- ../ext/mbedtls/library/pkparse.c +- ../ext/mbedtls/library/pkwrite.c +- ../ext/mbedtls/library/platform.c +- ../ext/mbedtls/library/platform_util.c +- ../ext/mbedtls/library/poly1305.c +- ../ext/mbedtls/library/ripemd160.c +- ../ext/mbedtls/library/rsa.c +- ../ext/mbedtls/library/rsa_internal.c +- ../ext/mbedtls/library/sha1.c +- ../ext/mbedtls/library/sha256.c +- ../ext/mbedtls/library/sha512.c +- ../ext/mbedtls/library/ssl_cache.c +- ../ext/mbedtls/library/ssl_ciphersuites.c +- ../ext/mbedtls/library/ssl_cli.c +- ../ext/mbedtls/library/ssl_cookie.c +- ../ext/mbedtls/library/ssl_srv.c +- ../ext/mbedtls/library/ssl_ticket.c +- ../ext/mbedtls/library/ssl_tls.c +- ../ext/mbedtls/library/threading.c +- ../ext/mbedtls/library/timing.c +- ../ext/mbedtls/library/version.c +- ../ext/mbedtls/library/version_features.c +- ../ext/mbedtls/library/x509.c +- ../ext/mbedtls/library/x509_create.c +- ../ext/mbedtls/library/x509_crl.c +- ../ext/mbedtls/library/x509_crt.c +- ../ext/mbedtls/library/x509_csr.c +- ../ext/mbedtls/library/x509write_crt.c +- ../ext/mbedtls/library/x509write_csr.c +- ../ext/mbedtls/library/xtea.c +- ) +- +-FILE( +- GLOB +- SE_SOURCES +- +- ../sss/ex/src/ex_sss_boot.c +- ../sss/ex/src/ex_sss_boot_connectstring.c +- ../sss/ex/src/ex_sss_se05x.c +- ../sss/ex/src/ex_sss_se05x_auth.c +- ../sss/src/*.c +- +- ../sss/src/se05x/fsl_sss_se05x_apis.c +- ../sss/src/se05x/fsl_sss_se05x_mw.c +- ../sss/src/se05x/fsl_sss_se05x_policy.c +- +- ../hostlib/hostLib/libCommon/infra/*.c +- +- ../hostlib/hostLib/libCommon/log/nxLog.c +- +- ../hostlib/hostLib/libCommon/smCom/smCom.c +- ../hostlib/hostLib/platform/rsp/se05x_reset.c +- ../hostlib/hostLib/platform/generic/sm_timer.c +- +- ../hostlib/hostLib/se05x/src/se05x_ECC_curves.c +- ../hostlib/hostLib/se05x/src/se05x_mw.c +- ../hostlib/hostLib/se05x/src/se05x_tlv.c +- ../hostlib/hostLib/se05x_03_xx_xx/se05x_APDU.c +- +- # T1oI2C files +- ../hostlib/hostLib/libCommon/smCom/smComT1oI2C.c +- ../hostlib/hostLib/libCommon/smCom/T1oI2C/*.c +- ../hostlib/hostLib/platform/linux/i2c_a7.c +- +- ##### Mbedtls Host crypto support +- ../sss/src/mbedtls/fsl_sss_mbedtls_apis.c +- ../sss/src/keystore/keystore_pc.c +- ../sss/src/keystore/keystore_cmn.c +- +- ##### Authenticated session to se05x +- #../sss/ex/src/ex_sss_scp03_auth.c +- #../sss/src/se05x/fsl_sss_se05x_eckey.c +- #../sss/src/se05x/fsl_sss_se05x_scp03.c +- #../hostlib/hostLib/libCommon/nxScp/nxScp03_Com.c +- +- ../hostlib/hostLib/mbedtls/src/ecdh_alt.c +- ../hostlib/hostLib/mbedtls/src/rsa_alt.c +- ../sss/plugin/mbedtls/ecdh_alt_ax.c +- ../sss/plugin/mbedtls/sss_mbedtls.c +- ../sss/plugin/mbedtls/sss_mbedtls_rsa.c +- +- ../sss/plugin/mbedtls/port/ksdk/ecp_curves_alt.c +- ../sss/plugin/mbedtls/port/ksdk/ecp_alt.c +-) +- +-add_executable(${PROJECT_NAME} ../sss/ex/mbedtls/ex_sss_ssl2.c ${MBEDTLS_SOURCES} ${SE_SOURCES}) +- +-FILE( +- GLOB +- INC_DIR +- ../sss/inc +- ../sss/port/default +- ../sss/ex/src +- ../sss/ex/inc +- ../hostlib/hostLib/inc +- ../hostlib/hostLib/libCommon/infra +- ../hostlib/hostLib/libCommon/smCom +- ../hostlib/hostLib/libCommon/log +- ../hostlib/hostLib/libCommon/smCom/T1oI2C +- ../hostlib/hostLib/se05x_03_xx_xx +- ../hostlib/hostLib/platform/inc +- ../hostlib/hostLib/libCommon/smCom +- ../sss/plugin/mbedtls +- ../ext/mbedtls/include +-) +- +-TARGET_INCLUDE_DIRECTORIES( +- ${PROJECT_NAME} +- PUBLIC +- ../ +- ${INC_DIR} +- ) +- +- +-TARGET_COMPILE_DEFINITIONS( +- ${PROJECT_NAME} +- PUBLIC +- MBEDTLS_CONFIG_FILE=\"sss_mbedtls_x86_config.h\" +-) +- +-ADD_DEFINITIONS(-DSSS_USE_FTR_FILE) +-ADD_DEFINITIONS(-DSMCOM_T1oI2C) +-ADD_DEFINITIONS(-DT1oI2C) +-ADD_DEFINITIONS(-DT1oI2C_UM11225) +- +- +- +-######################################################################################### +- +- +-project (ssl2_server) +- +-add_executable( ${PROJECT_NAME} +- ../ext/mbedtls/programs/ssl/ssl_server2.c +- ../ext/mbedtls/programs/ssl/query_config.c +- ${SE_SOURCES} +- ${MBEDTLS_SOURCES} +- ) +- +-TARGET_INCLUDE_DIRECTORIES( +- ${PROJECT_NAME} +- PUBLIC +- ../ +- ${INC_DIR} +- ) +- +-TARGET_COMPILE_DEFINITIONS( +- ${PROJECT_NAME} +- PUBLIC +- MBEDTLS_CONFIG_FILE=\"sss_mbedtls_x86_config.h\" +-) +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/ecc/ex_sss_ecc.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/ecc/ex_sss_ecc.c +deleted file mode 100644 +index 1a9c072d7b..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/ecc/ex_sss_ecc.c ++++ /dev/null +@@ -1,179 +0,0 @@ +-/* +- * +- * Copyright 2018,2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#if !defined(__MBED__) +- +-#include +-#include +-#include +-#include +-#include +- +-/* ************************************************************************** */ +-/* Local Defines */ +-/* ************************************************************************** */ +-#define EC_KEY_BIT_LEN 256 +-/* ************************************************************************** */ +-/* Structures and Typedefs */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* clang-format off */ +-const uint8_t keyPairData[] = { 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, +- 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, +- 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, +- 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, +- 0x01, 0x01, 0x04, 0x20, 0x78, 0xE5, 0x20, 0x6A, +- 0x08, 0xED, 0xD2, 0x52, 0x36, 0x33, 0x8A, 0x24, +- 0x84, 0xE4, 0x2F, 0x1F, 0x7D, 0x1F, 0x6D, 0x94, +- 0x37, 0xA9, 0x95, 0x86, 0xDA, 0xFC, 0xD2, 0x23, +- 0x6F, 0xA2, 0x87, 0x35, 0xA1, 0x44, 0x03, 0x42, +- 0x00, 0x04, 0xED, 0xA7, 0xE9, 0x0B, 0xF9, 0x20, +- 0xCF, 0xFB, 0x9D, 0xF6, 0xDB, 0xCE, 0xF7, 0x20, +- 0xE1, 0x23, 0x8B, 0x3C, 0xEE, 0x84, 0x86, 0xD2, +- 0x50, 0xE4, 0xDF, 0x30, 0x11, 0x50, 0x1A, 0x15, +- 0x08, 0xA6, 0x2E, 0xD7, 0x49, 0x52, 0x78, 0x63, +- 0x6E, 0x61, 0xE8, 0x5F, 0xED, 0xB0, 0x6D, 0x87, +- 0x92, 0x0A, 0x04, 0x19, 0x14, 0xFE, 0x76, 0x63, +- 0x55, 0xDF, 0xBD, 0x68, 0x61, 0x59, 0x31, 0x8E, +- 0x68, 0x7C }; +- +-const uint8_t extPubKeyData[] = { +- 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, +- 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, +- 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, +- 0x42, 0x00, 0x04, 0xED, 0xA7, 0xE9, 0x0B, 0xF9, +- 0x20, 0xCF, 0xFB, 0x9D, 0xF6, 0xDB, 0xCE, 0xF7, +- 0x20, 0xE1, 0x23, 0x8B, 0x3C, 0xEE, 0x84, 0x86, +- 0xD2, 0x50, 0xE4, 0xDF, 0x30, 0x11, 0x50, 0x1A, +- 0x15, 0x08, 0xA6, 0x2E, 0xD7, 0x49, 0x52, 0x78, +- 0x63, 0x6E, 0x61, 0xE8, 0x5F, 0xED, 0xB0, 0x6D, +- 0x87, 0x92, 0x0A, 0x04, 0x19, 0x14, 0xFE, 0x76, +- 0x63, 0x55, 0xDF, 0xBD, 0x68, 0x61, 0x59, 0x31, +- 0x8E, 0x68, 0x7C +-}; +- +-/* clang-format on */ +- +-static ex_sss_boot_ctx_t gex_sss_ecc_boot_ctx; +- +-/* ************************************************************************** */ +-/* Static function declarations */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Private Functions */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Public Functions */ +-/* ************************************************************************** */ +- +-#define EX_SSS_BOOT_PCONTEXT (&gex_sss_ecc_boot_ctx) +-#define EX_SSS_BOOT_DO_ERASE 1 +-#define EX_SSS_BOOT_EXPOSE_ARGC_ARGV 0 +- +-#include +- +-sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx) +-{ +- sss_status_t status = kStatus_SSS_Success; +- uint8_t digest[32] = "Hello World"; +- size_t digestLen; +- uint8_t signature[256] = {0}; +- size_t signatureLen; +- sss_object_t keyPair; +- sss_object_t key_pub; +- sss_asymmetric_t ctx_asymm = {0}; +- sss_asymmetric_t ctx_verify = {0}; +- +- LOG_I("Running Elliptic Curve Cryptography Example ex_sss_ecc.c"); +- +- digestLen = sizeof(digest); +- +- /* doc:start ex_sss_asymmetric-allocate-key */ +- /* Pre-requisite for Signing Part*/ +- status = sss_key_object_init(&keyPair, &pCtx->ks); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- status = sss_key_object_allocate_handle(&keyPair, +- MAKE_TEST_ID(__LINE__), +- kSSS_KeyPart_Pair, +- kSSS_CipherType_EC_NIST_P, +- sizeof(keyPairData), +- kKeyObject_Mode_Persistent); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- status = sss_key_store_set_key(&pCtx->ks, &keyPair, keyPairData, sizeof(keyPairData), EC_KEY_BIT_LEN, NULL, 0); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- /* doc:end ex_sss_asymmetric-allocate-key */ +- +- /* doc:start ex_sss_asymmetric-asym-sign */ +- status = sss_asymmetric_context_init(&ctx_asymm, &pCtx->session, &keyPair, kAlgorithm_SSS_SHA256, kMode_SSS_Sign); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- signatureLen = sizeof(signature); +- /* Do Signing */ +- LOG_I("Do Signing"); +- LOG_MAU8_I("digest", digest, digestLen); +- status = sss_asymmetric_sign_digest(&ctx_asymm, digest, digestLen, signature, &signatureLen); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- LOG_MAU8_I("signature", signature, signatureLen); +- LOG_I("Signing Successful !!!"); +- sss_asymmetric_context_free(&ctx_asymm); +- /* doc:end ex_sss_asymmetric-asym-sign */ +- +- /* Pre requiste for Verifying Part*/ +- status = sss_key_object_init(&key_pub, &pCtx->ks); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- status = sss_key_object_allocate_handle(&key_pub, +- MAKE_TEST_ID(__LINE__), +- kSSS_KeyPart_Public, +- kSSS_CipherType_EC_NIST_P, +- sizeof(extPubKeyData), +- kKeyObject_Mode_Persistent); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- status = sss_key_store_set_key(&pCtx->ks, &key_pub, extPubKeyData, sizeof(extPubKeyData), EC_KEY_BIT_LEN, NULL, 0); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- /* doc:start ex_sss_asymmetric-asym-verify */ +- status = +- sss_asymmetric_context_init(&ctx_verify, &pCtx->session, &key_pub, kAlgorithm_SSS_SHA256, kMode_SSS_Verify); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- LOG_I("Do Verify"); +- LOG_MAU8_I("digest", digest, digestLen); +- LOG_MAU8_I("signature", signature, signatureLen); +- status = sss_asymmetric_verify_digest(&ctx_verify, digest, digestLen, signature, signatureLen); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- LOG_I("Verification Successful !!!"); +- /* doc:end ex_sss_asymmetric-asym-verify */ +- +-cleanup: +- if (kStatus_SSS_Success == status) { +- LOG_I("ex_sss_ecc Example Success !!!..."); +- } +- else { +- LOG_E("ex_sss_ecc Example Failed !!!..."); +- } +- if (ctx_asymm.session != NULL) +- sss_asymmetric_context_free(&ctx_asymm); +- if (ctx_verify.session != NULL) +- sss_asymmetric_context_free(&ctx_verify); +- return status; +-} +- +-#endif //__MBED__ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_scp03_puf.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_scp03_puf.h +deleted file mode 100644 +index be9e9f1ce4..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_scp03_puf.h ++++ /dev/null +@@ -1,124 +0,0 @@ +-/* +- * +- * Copyright 2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef __EX_SCP03_PUF_H__ +-#define __EX_SCP03_PUF_H__ +- +-#if defined(SECURE_WORLD) +- +-/** +- * Activation Code to start PUF. +- * This is used only for testing purposes, actual +- * activation code should be stored in PFR and always +- * read from PFR before PUF_Start. +- * +- * AC is different for all PUFs, this code cannot be used +- * on any other board. +- */ +- +-#define ACTIVATION_CODE_TESTING_LOCAL \ +- { \ +- 0xA2, 0x7D, 0xF7, 0x38, 0x15, 0x8E, 0x1F, 0xE1, 0x8D, 0x9F, 0x45, 0x6F, 0x8A, 0x2C, 0xA5, 0x8D, 0xC2, 0x15, \ +- 0xD1, 0x9A, 0x13, 0xFA, 0xD8, 0x5E, 0x36, 0x00, 0x9A, 0xDD, 0x42, 0xB6, 0x4F, 0x6D, 0x08, 0xFB, 0x89, \ +- 0x37, 0x3C, 0x1D, 0xAF, 0xD5, 0x63, 0xE1, 0xE8, 0xC8, 0x93, 0x93, 0x5C, 0xD8, 0x49, 0xF3, 0x2D, 0xD1, \ +- 0xF9, 0x3D, 0x74, 0x97, 0x37, 0xBD, 0xC5, 0xBE, 0x04, 0x6A, 0x5E, 0xBC, 0xF3, 0x7D, 0xBD, 0xE0, 0xC6, \ +- 0x3E, 0x66, 0x5F, 0xC0, 0x5C, 0x57, 0x09, 0x57, 0x8C, 0x45, 0x30, 0x12, 0x6F, 0xFA, 0x3B, 0xDB, 0x40, \ +- 0xCE, 0xB8, 0xF2, 0x6E, 0x9B, 0xF1, 0x16, 0x74, 0x2A, 0x34, 0x7A, 0x6F, 0xB6, 0xEF, 0xA3, 0xD3, 0x8C, \ +- 0xF0, 0x03, 0xB8, 0xB8, 0x8B, 0x2F, 0x27, 0x16, 0xDD, 0xE0, 0x92, 0xC8, 0xD7, 0x4E, 0x4A, 0x44, 0xBC, \ +- 0x4D, 0x7C, 0x7E, 0xA0, 0xE7, 0x8E, 0xA3, 0x5D, 0xFB, 0x53, 0x4D, 0x67, 0x74, 0x4B, 0x65, 0x1E, 0xC1, \ +- 0x57, 0x7C, 0x67, 0xB3, 0x58, 0x42, 0x4F, 0x36, 0xF9, 0x0C, 0x77, 0x58, 0x6C, 0x9A, 0x04, 0x15, 0x0D, \ +- 0x71, 0x55, 0x3F, 0x8E, 0x69, 0x12, 0x2C, 0xFC, 0xCA, 0x80, 0xD7, 0xC7, 0x27, 0xFE, 0xEA, 0x6E, 0x7D, \ +- 0xFC, 0x84, 0x50, 0x0F, 0x00, 0x71, 0x09, 0x8F, 0x2C, 0x91, 0x57, 0xAF, 0xE7, 0xF3, 0x11, 0xA8, 0xA2, \ +- 0x76, 0xF2, 0x1D, 0x88, 0xA5, 0x2F, 0x2E, 0x09, 0x02, 0xB3, 0xC4, 0xD5, 0x1D, 0x39, 0x20, 0x3C, 0x36, \ +- 0x51, 0x19, 0x9C, 0xFB, 0xC9, 0x33, 0xD6, 0xBE, 0x93, 0xBD, 0x68, 0x6D, 0x51, 0x30, 0xA9, 0x11, 0x98, \ +- 0xAD, 0x84, 0xC5, 0x50, 0x9A, 0x7E, 0x11, 0x8E, 0x43, 0x78, 0x79, 0x3A, 0xE2, 0xF0, 0x52, 0xB8, 0xDD, \ +- 0x4E, 0xD3, 0xB8, 0xE0, 0xF9, 0xA6, 0x34, 0xF2, 0xE1, 0xA3, 0xEC, 0x92, 0x46, 0xE4, 0xAE, 0x09, 0xFB, \ +- 0x2A, 0x1F, 0x6F, 0xD0, 0x23, 0x0F, 0xE8, 0x0D, 0x52, 0x98, 0x88, 0xA3, 0x15, 0xC9, 0x01, 0x94, 0x61, \ +- 0x1D, 0xB7, 0x2F, 0x5F, 0xB2, 0x94, 0x5D, 0x01, 0x54, 0x61, 0xB1, 0xF2, 0xB6, 0xF3, 0x79, 0x22, 0x2F, \ +- 0x9C, 0x44, 0xAB, 0xD5, 0x0D, 0xC8, 0x42, 0x06, 0x03, 0x33, 0x8E, 0x52, 0xDF, 0xC8, 0xDE, 0x18, 0xF6, \ +- 0xD6, 0x73, 0x64, 0x70, 0x94, 0xC5, 0x0F, 0x64, 0x3E, 0x7E, 0x14, 0xE9, 0xF4, 0x4C, 0xF9, 0x5E, 0x5A, \ +- 0xC6, 0x39, 0xF7, 0xA9, 0x72, 0xB5, 0x08, 0x51, 0x11, 0x7A, 0xDB, 0x8A, 0x72, 0xF9, 0xF7, 0x23, 0x59, \ +- 0xAC, 0x9A, 0x61, 0x2F, 0xA6, 0xDB, 0x84, 0xBD, 0x7C, 0x7E, 0x1A, 0xEA, 0xFB, 0x6B, 0xC8, 0x5E, 0xE3, \ +- 0x04, 0xBF, 0x13, 0x05, 0xFA, 0xDA, 0xF7, 0x96, 0x91, 0x6A, 0x40, 0xA8, 0xC7, 0x77, 0xC6, 0xCB, 0xAC, \ +- 0x2C, 0xD9, 0xCD, 0x6C, 0x6D, 0xA4, 0x19, 0x50, 0x07, 0x8C, 0x72, 0xEE, 0x0F, 0x33, 0xA2, 0x48, 0x20, \ +- 0x24, 0x5E, 0x93, 0xE7, 0xC2, 0x73, 0x02, 0x00, 0x87, 0xFD, 0x11, 0x2A, 0x8F, 0x9F, 0xD9, 0xFB, 0xF7, \ +- 0xAC, 0x0D, 0x77, 0xBB, 0x1C, 0xF8, 0x55, 0xE7, 0x10, 0x05, 0x5C, 0x18, 0x23, 0x26, 0xDD, 0x60, 0xDD, \ +- 0xFF, 0xAB, 0x8D, 0x68, 0xDE, 0x7E, 0xE8, 0xB3, 0xDE, 0xA2, 0x6D, 0x35, 0x7C, 0x9B, 0x31, 0x11, 0x5E, \ +- 0xEC, 0xB5, 0x51, 0x00, 0x1C, 0x5C, 0x65, 0xA3, 0xC7, 0x35, 0xFA, 0x37, 0x1C, 0xDF, 0xD0, 0x26, 0xA0, \ +- 0x44, 0x57, 0xD4, 0xC9, 0xCE, 0xE5, 0x2B, 0xB4, 0x06, 0xF6, 0x9B, 0xE9, 0xE5, 0x66, 0x6F, 0x24, 0x30, \ +- 0xBF, 0x6D, 0x8E, 0x2E, 0xE7, 0x13, 0x94, 0x0B, 0x6F, 0x1A, 0x7A, 0x77, 0xAB, 0xD9, 0xB4, 0x2D, 0xFF, \ +- 0x4F, 0xB4, 0xC7, 0x04, 0x2E, 0xF7, 0x1B, 0xF6, 0x66, 0x2D, 0xA7, 0x59, 0x99, 0x57, 0x5F, 0x2C, 0x1A, \ +- 0x75, 0x81, 0xF3, 0xAC, 0x41, 0x7A, 0xFB, 0x47, 0xF3, 0x0E, 0xDC, 0x9E, 0xAB, 0xED, 0x18, 0xA4, 0x43, \ +- 0xCC, 0x80, 0xFB, 0x6E, 0x53, 0xD6, 0x91, 0x9F, 0x30, 0x80, 0xEA, 0x04, 0x42, 0x7B, 0x94, 0x62, 0x34, \ +- 0x25, 0xEA, 0xA4, 0x9A, 0x72, 0x9B, 0x81, 0x47, 0xA5, 0xA0, 0xE9, 0x07, 0xBB, 0x09, 0xDA, 0x4C, 0x51, \ +- 0x61, 0x00, 0xC7, 0x1E, 0x0E, 0x37, 0x7F, 0xF2, 0x2B, 0x82, 0xD0, 0xF6, 0x18, 0xFA, 0x56, 0xC7, 0x2D, \ +- 0xEB, 0x22, 0xFC, 0xDC, 0x97, 0xDF, 0x65, 0xBC, 0xB4, 0x2A, 0xB3, 0x10, 0xFF, 0xC5, 0x7A, 0x9F, 0xF8, \ +- 0xCD, 0xB9, 0x84, 0x60, 0x9E, 0x92, 0xFD, 0xF9, 0x16, 0x90, 0xB2, 0x81, 0x52, 0x7E, 0x03, 0xBC, 0x91, \ +- 0xD8, 0x9A, 0x0C, 0xC1, 0x99, 0x93, 0x42, 0x67, 0x96, 0x3C, 0x01, 0x55, 0x37, 0x86, 0xD2, 0x37, 0xE6, \ +- 0x07, 0xC8, 0x74, 0x41, 0xCD, 0x88, 0x93, 0x51, 0xBA, 0x9B, 0xB0, 0x00, 0x6D, 0x14, 0x4F, 0xD8, 0x7F, \ +- 0x77, 0x9F, 0x7E, 0x15, 0xE2, 0xA9, 0xA0, 0xC8, 0x7F, 0xD4, 0xFA, 0xCD, 0x60, 0x91, 0xA8, 0x9B, 0xB7, \ +- 0x41, 0x6E, 0x07, 0xCB, 0x21, 0xE9, 0x42, 0xC1, 0xB7, 0x6E, 0x63, 0x68, 0x90, 0x0E, 0x29, 0xBB, 0x0D, \ +- 0x83, 0x32, 0xD0, 0x71, 0x5A, 0xE1, 0xEC, 0x21, 0x0E, 0x78, 0xC6, 0x60, 0x3D, 0x78, 0xFA, 0x5C, 0xEE, \ +- 0xAC, 0x29, 0xC4, 0xE4, 0x0F, 0x92, 0x27, 0xBE, 0xD0, 0xA5, 0x1E, 0xF4, 0xDD, 0xAB, 0xB9, 0x22, 0xA0, \ +- 0x7E, 0xFE, 0x47, 0x1D, 0x62, 0x69, 0x9D, 0x8D, 0x01, 0xCF, 0x5D, 0xC1, 0xAD, 0x50, 0x61, 0x77, 0x91, \ +- 0x39, 0x0A, 0x97, 0x92, 0x92, 0x66, 0x9F, 0xE5, 0x57, 0x26, 0xD7, 0x01, 0xC3, 0xEF, 0x23, 0xCC, 0x98, \ +- 0xB9, 0x39, 0x20, 0x6D, 0xC8, 0x10, 0x2D, 0xB8, 0x18, 0x2E, 0xC2, 0x25, 0x83, 0x88, 0x2A, 0xDF, 0xC7, \ +- 0xBF, 0xBC, 0xE8, 0xA9, 0x7B, 0xD4, 0x19, 0x0E, 0xEF, 0x4E, 0xE4, 0xBA, 0x8B, 0x7C, 0xDB, 0x6A, 0x2A, \ +- 0xEA, 0xA3, 0xED, 0xDD, 0xCF, 0x00, 0x85, 0x4B, 0xA0, 0xC2, 0xBC, 0x72, 0x39, 0x3D, 0x6A, 0x5C, 0x9D, \ +- 0xDA, 0x8C, 0x1C, 0x67, 0x9A, 0xDC, 0x73, 0xF3, 0x9E, 0x2E, 0xA2, 0x0C, 0x42, 0x86, 0xE4, 0xA6, 0x3F, \ +- 0x05, 0x57, 0xD0, 0xE4, 0xA7, 0x75, 0x5B, 0xA8, 0xA4, 0xE3, 0x1A, 0x57, 0x02, 0xBD, 0xE7, 0xDA, 0x32, \ +- 0xA2, 0x69, 0xAA, 0xEC, 0xEB, 0xAF, 0x42, 0x8C, 0x72, 0xE4, 0xB1, 0x15, 0x26, 0x25, 0x7B, 0x29, 0xF8, \ +- 0x97, 0x3F, 0x12, 0x29, 0x4F, 0x0B, 0xA5, 0x2E, 0x74, 0x8F, 0xA9, 0xF4, 0xED, 0x00, 0x42, 0x73, 0x92, \ +- 0x59, 0x0B, 0xA8, 0x98, 0xF7, 0x7E, 0xE7, 0x09, 0xEE, 0xA4, 0x91, 0x2F, 0x93, 0xB7, 0x91, 0x1A, 0xBF, \ +- 0x94, 0x96, 0xF9, 0xCC, 0xA4, 0x16, 0xDA, 0x01, 0x7C, 0x1A, 0xF9, 0xC3, 0xE5, 0x8A, 0xCC, 0x96, 0x54, \ +- 0xC2, 0xDE, 0x1E, 0x04, 0x98, 0xA3, 0x6B, 0x55, 0x61, 0xB8, 0x1C, 0x57, 0x70, 0x9E, 0xAB, 0x48, 0xEA, \ +- 0xD7, 0x18, 0x0A, 0xC8, 0x45, 0xB1, 0xC8, 0x6A, 0x5A, 0xAA, 0xB6, 0xDE, 0x76, 0x76, 0x2B, 0x82, 0x45, \ +- 0x7E, 0x17, 0x83, 0x51, 0xAA, 0x13, 0xC8, 0xBF, 0x30, 0x62, 0xB9, 0xAE, 0xB7, 0x74, 0x55, 0xC7, 0x24, \ +- 0x94, 0x3C, 0x1C, 0xA5, 0x1E, 0x94, 0x70, 0x71, 0xAF, 0x29, 0x5B, 0x79, 0xF1, 0xAF, 0x31, 0x30, 0x82, \ +- 0x0F, 0x3C, 0x5A, 0x05, 0x1D, 0x88, 0x7D, 0x63, 0x4C, 0xCE, 0x7D, 0xFD, 0x07, 0x17, 0xB0, 0xC8, 0x13, \ +- 0xC4, 0x7B, 0x0F, 0xBD, 0xFC, 0x5E, 0x58, 0x14, 0xD6, 0x17, 0x10, 0x5D, 0xDB, 0x54, 0x60, 0x3C, 0x68, \ +- 0x0B, 0x54, 0x84, 0xFA, 0xAB, 0xD0, 0x02, 0xFE, 0x66, 0xB3, 0xEC, 0xDF, 0x06, 0x97, 0xC4, 0x0C, 0xDC, \ +- 0xEC, 0x4B, 0x9B, 0x6C, 0x3A, 0x04, 0x72, 0x84, 0xA0, 0x9D, 0xC2, 0x6A, 0xB5, 0x69, 0x81, 0x30, 0x57, \ +- 0x5F, 0x40, 0x81, 0x4C, 0x57, 0xA8, 0x0B, 0x41, 0x24, 0x68, 0x36, 0x8E, 0xFD, 0x2A, 0xE0, 0x69, 0xF5, \ +- 0x3E, 0x56, 0x52, 0xF4, 0x5A, 0xFF, 0xF6, 0x32, 0xC2, 0xAE, 0xF4, 0xCC, 0x88, 0xA6, 0x5F, 0xFB, 0xFB, \ +- 0x6B, 0xD1, 0xFF, 0x65, 0x31, 0xE9, 0x38, 0x1B, 0xCC, 0xA0, 0x47, 0xC0, 0x0D, 0x3C, 0x10, 0x5D, 0xB3, \ +- 0x46, 0x63, 0x2A, 0xC4, 0x74, 0xCA, 0xC4, 0x3E, 0x49, 0xEB, 0x0A, 0xE3, 0xD6, 0xF1, 0xE8, 0xF5, 0xC3, \ +- 0x9C, 0xD2, 0xE6, 0xEF, 0xCB, 0x29, 0xAF, 0x5D, 0xEA, 0x27, 0x1D, 0x8B, 0x8F, 0xEB, 0x33, 0x9E, 0x57, \ +- 0xD4, 0x55, 0xD8, 0xB0, 0x34, 0x43, 0xA4, 0xF6, 0x38, 0x8B, 0x66, 0x1E, 0x30, 0xA1, 0x7D, 0xAF, 0xC2, \ +- 0x1E, 0x6B, 0xFD, 0x73, 0x05, 0x39, 0xB5, 0x06, 0xEF, 0x93, 0x1D, 0x7A, 0xF7, 0x15, 0x74, 0x3A, 0x72, \ +- 0x06, 0x6F, 0x9F, 0xA8, 0xCF, 0x4D, 0x2A, 0x8C, 0xB4, 0x7F, 0xB9, 0x40, 0xE7, 0x2E, 0x8B, 0xC1, 0xD9, \ +- 0x84, 0xFF, 0x5E, 0x78, 0x5D, 0x6C, 0x36, 0xDC, 0xD5, 0x92, 0x94, 0x17, 0x11, 0x0E, 0xE0, 0xE2, 0xFD, \ +- 0xC0, \ +- } +- +-#define KEY_CODE_ENC \ +- { \ +- 0x00, 0x00, 0x00, 0x02, 0xE2, 0x9B, 0x12, 0x4E, 0xF2, 0xDC, 0xA8, 0xE3, 0x2D, 0x7A, 0xB3, 0x98, 0x56, 0x3E, \ +- 0x0A, 0x0F, 0x66, 0xCF, 0xB2, 0x37, 0x31, 0xBD, 0xD4, 0xD4, 0x42, 0x27, 0x73, 0x92, 0x23, 0xCC, 0xA7, \ +- 0xE7, 0x51, 0xA4, 0x99, 0x91, 0x19, 0x68, 0x74, 0x92, 0xC9, 0x9D, 0xF2, 0x9F, 0x5B, 0x6E, 0x5E, 0x81 \ +- } +- +-#define KEY_CODE_MAC \ +- { \ +- 0x00, 0x00, 0x00, 0x02, 0x81, 0x54, 0x3E, 0x5D, 0x47, 0xDE, 0x23, 0x7C, 0x00, 0x1B, 0x16, 0xBE, 0x1B, 0x05, \ +- 0xED, 0xD2, 0xD5, 0xB2, 0x4D, 0x3C, 0xD3, 0xDD, 0xD5, 0xA9, 0x40, 0x5E, 0x7D, 0x90, 0x73, 0x74, 0xDE, \ +- 0x05, 0xAC, 0x76, 0x7D, 0x87, 0xB6, 0x5E, 0x1F, 0x8E, 0xB5, 0x93, 0x53, 0x41, 0x51, 0x27, 0xE9, 0xF9 \ +- } +- +-#define KEY_CODE_DEK \ +- { \ +- 0x00, 0x00, 0x00, 0x02, 0x88, 0xE0, 0x9A, 0x2B, 0x23, 0x77, 0xC3, 0xF5, 0xEE, 0x28, 0x4F, 0x7C, 0x5B, 0xD8, \ +- 0x9C, 0xF5, 0xA8, 0xC9, 0xE4, 0xE3, 0xDC, 0x8D, 0x34, 0x3C, 0x00, 0x39, 0x7E, 0xA3, 0x35, 0x39, 0xFD, \ +- 0xD1, 0xE4, 0x8D, 0xA9, 0x8C, 0x41, 0xAF, 0x8C, 0x8D, 0x50, 0xFE, 0x63, 0x96, 0x46, 0x2E, 0x4D, 0xEB \ +- } +- +-#define EX_SSS_AUTH_SE05X_KEY_ENC KEY_CODE_ENC +-#define EX_SSS_AUTH_SE05X_KEY_MAC KEY_CODE_MAC +-#define EX_SSS_AUTH_SE05X_KEY_DEK KEY_CODE_DEK +- +-#endif // SECURE_WORLD +- +-#endif // __EX_SCP03_PUF_H__ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss.h +deleted file mode 100644 +index f967247a41..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss.h ++++ /dev/null +@@ -1,96 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef SSS_EX_INC_EX_SSS_H_ +-#define SSS_EX_INC_EX_SSS_H_ +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#include +- +-#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM +-#include +-#endif +-#if SSS_HAVE_MBEDTLS +-#include +-#endif +-#if SSS_HAVE_OPENSSL +-#include +-#endif +- +-#if SSS_HAVE_SSCP +-#include +-#endif +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +- +-#ifndef MAKE_TEST_ID +-#define MAKE_TEST_ID(ID) (0xEF000000u + ID) +-#endif /* MAKE_TEST_ID */ +- +-/* ************************************************************************** */ +-/* Structrues and Typedefs */ +-/* ************************************************************************** */ +- +-#if 0 +-typedef struct +-{ +- sss_session_t currentSession; +- +- sss_key_store_t ks; +- +- sss_sscp_session_t *sscp_session; +-#if (SSS_HAVE_A71CH) || (SSS_HAVE_A71CH_SIM) +- sss_a71ch_key_store_t *a71ch_keystore; +-#endif +- +- sscp_context_t sscp; +- sss_asymmetric_t asymVerifyCtx; +- sss_asymmetric_t asymm; +- sss_object_t keyPair; +- sss_object_t extPubkey; +- +- sss_object_t Device_Cert; +- sss_object_t Pubkey; +- sss_object_t interCaCert; +- sss_object_t interkeyPair; +- sss_object_t clientCert; +-#if SSS_HAVE_APPLET_SE05X_IOT +- sss_session_t hostSession; +- sss_key_store_t hostKs; +- sss_object_t hostKey; +-#endif +- sss_symmetric_t symm; +- sss_rng_context_t rng; +- sss_mac_t mac; +- +-} sss_ex_ctx_t; +- +-#endif +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +-// extern const char *gszA71COMPortDefault; +-// extern const char *gszA71SocketPortDefault; +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +- +-/* Entry point for each individual SSS API Based example */ +- +-#endif /* SSS_EX_INC_EX_SSS_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_auth.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_auth.h +deleted file mode 100644 +index ffd5be8b32..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_auth.h ++++ /dev/null +@@ -1,180 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef SSS_EX_INC_EX_SSS_AUTH_H_ +-#define SSS_EX_INC_EX_SSS_AUTH_H_ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#include "ex_sss_boot.h" +-#include "ex_sss_objid.h" +-#include "ex_sss_scp03_keys.h" +-#if defined(SECURE_WORLD) +-#include "ex_scp03_puf.h" +-#endif /* SECURE_WORLD */ +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +- +-/* clang-format off */ +- +-/* Used in examples and testing */ +-/* doc:start:auth-key-user-id */ +-#define EX_SSS_AUTH_SE05X_UserID_AUTH_ID kEX_SSS_ObjID_UserID_Auth +- +-#define EX_SSS_AUTH_SE05X_UserID_VALUE \ +- { \ +- 0xC0, 0x01, 0x02, 0x03, 0x04 \ +- } /* COOL 234*/ +- +-#define EX_SSS_AUTH_SE05X_UserID_VALUE2 \ +- { \ +- 0xC0, 0x01, 0x02, 0x03, 0x04, 0x05 \ +- } /* COOL 2345*/ +-/* doc:end:auth-key-user-id */ +- +-#define EX_SSS_AUTH_SE05X_NONE_AUTH_ID 0x00000000 +- +-/* doc:start:auth-key-applet-scp */ +-#define EX_SSS_AUTH_SE05X_APPLETSCP_AUTH_ID kEX_SSS_ObjID_APPLETSCP03_Auth +- +-#define EX_SSS_AUTH_SE05X_APPLETSCP_VALUE \ +- { \ +- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, \ +- 0x4B, 0x4C, 0x4D, 0x4E, 0x4F \ +- } +- +-#define EX_SSS_AUTH_SE05X_APPLETSCP_VALUE2 \ +- { 0xea, 0x62, 0x04, 0x48, 0x0b, 0xf5, 0x19, 0xf6, 0xc2, 0xb7, 0x7f, \ +- 0xba, 0x8b, 0x2d, 0x57, 0x30 \ +- } +-/* doc:end:auth-key-applet-scp */ +- +-/* Use the Platform SCP03 keys from required OEF +- * See https://www.nxp.com/docs/en/application-note/AN12436.pdf +- */ +- +-#if EXTERNAL_CUSTOMER_BUILD_CONFIGURATION +- +-#if SSS_HAVE_SE05X_VER_06_00 // Applet 6.0 +- #ifndef EX_SSS_AUTH_SE05X_KEY_ENC +- # define EX_SSS_AUTH_SE05X_KEY_ENC SSS_AUTH_SE051C2_KEY_ENC +- #endif +- #ifndef EX_SSS_AUTH_SE05X_KEY_MAC +- # define EX_SSS_AUTH_SE05X_KEY_MAC SSS_AUTH_SE051C2_KEY_MAC +- #endif +- #ifndef EX_SSS_AUTH_SE05X_KEY_DEK +- # define EX_SSS_AUTH_SE05X_KEY_DEK SSS_AUTH_SE051C2_KEY_DEK +- #endif +-#else +- #ifndef EX_SSS_AUTH_SE05X_KEY_ENC +- # define EX_SSS_AUTH_SE05X_KEY_ENC SSS_AUTH_SE050_DEVKIT_KEY_ENC +- #endif +- #ifndef EX_SSS_AUTH_SE05X_KEY_MAC +- # define EX_SSS_AUTH_SE05X_KEY_MAC SSS_AUTH_SE050_DEVKIT_KEY_MAC +- #endif +- #ifndef EX_SSS_AUTH_SE05X_KEY_DEK +- # define EX_SSS_AUTH_SE05X_KEY_DEK SSS_AUTH_SE050_DEVKIT_KEY_DEK +- #endif +-#endif +- +-#else +-/* Test / dummy keys */ +- +-#ifndef EX_SSS_AUTH_SE05X_KEY_ENC +-# define EX_SSS_AUTH_SE05X_KEY_ENC \ +- { 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x01 } +-#endif +- +-#ifndef EX_SSS_AUTH_SE05X_KEY_MAC +-# define EX_SSS_AUTH_SE05X_KEY_MAC \ +- { 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x02 } +-#endif +- +-#ifndef EX_SSS_AUTH_SE05X_KEY_DEK +-# define EX_SSS_AUTH_SE05X_KEY_DEK \ +- { 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x03 } +-#endif +- +-#endif +- +- +-#define EX_SSS_AUTH_SE05X_KEY_VERSION_NO 0x0B +- +-/* doc:start:auth-key-fast-scp-ecdsa */ +-#define EX_SSS_AUTH_SE05X_ECKEY_ECDSA_AUTH_ID kEX_SSS_objID_ECKEY_Auth +- +-#define EX_SSS_AUTH_SE05X_KEY_HOST_ECDSA_KEY \ +- { \ +- 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, \ +- 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, \ +- 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, \ +- 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, \ +- 0x01, 0x01, 0x04, 0x20, \ +- 0x6D, 0x2F, 0x43, 0x2F, 0x8A, 0x2F, 0x45, 0xEC, \ +- 0xD5, 0x82, 0x84, 0x7E, 0xC0, 0x83, 0xBB, 0xEB, \ +- 0xC2, 0x3F, 0x1D, 0xF4, 0xF0, 0xDD, 0x2A, 0x6F, \ +- 0xB8, 0x1A, 0x24, 0xE7, 0xB6, 0xD5, 0x4C, 0x7F, \ +- 0xA1, 0x44, 0x03, 0x42, 0x00, \ +- 0x04, 0x3C, 0x9E, 0x47, 0xED, 0xF0, 0x51, 0xA3, \ +- 0x58, 0x9F, 0x67, 0x30, 0x2D, 0x22, 0x56, 0x7C, \ +- 0x2E, 0x17, 0x22, 0x9E, 0x88, 0x83, 0x33, 0x8E, \ +- 0xC3, 0xB7, 0xD5, 0x27, 0xF9, 0xEE, 0x71, 0xD0, \ +- 0xA8, 0x1A, 0xAE, 0x7F, 0xE2, 0x1C, 0xAA, 0x66, \ +- 0x77, 0x78, 0x3A, 0xA8, 0x8D, 0xA6, 0xD6, 0xA8, \ +- 0xAD, 0x5E, 0xC5, 0x3B, 0x10, 0xBC, 0x0B, 0x11, \ +- 0x09, 0x44, 0x82, 0xF0, 0x4D, 0x24, 0xB5, 0xBE, \ +- 0xC4 \ +- } +- +-#define EX_SSS_AUTH_SE05X_KEY_HOST_ECDSA_KEY2 \ +- { \ +- 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, \ +- 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, \ +- 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, \ +- 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, \ +- 0x01, 0x01, 0x04, 0x20, \ +- 0x12, 0xe2, 0xd3, 0xc7, 0x31, 0xa6, 0x7c, 0x32, \ +- 0xfb, 0xd7, 0x2f, 0xa9, 0xc4, 0xbb, 0xc2, 0xd0, \ +- 0x64, 0xad, 0x50, 0x99, 0xd3, 0x3d, 0x01, 0x4b, \ +- 0x4f, 0x36, 0x90, 0x9c, 0xba, 0xab, 0xbb, 0xda, \ +- 0xA1, 0x44, 0x03, 0x42, 0x00, \ +- 0x04, 0x0d, 0x0e, 0x03, 0xdd, 0x40, 0x1e, 0x77, \ +- 0xff, 0xab, 0xa8, 0xb5, 0x79, 0xdb, 0x8a, 0xf4, \ +- 0x09, 0x7b, 0x59, 0x4e, 0xe8, 0xa0, 0xb8, 0x1c, \ +- 0xeb, 0xa8, 0x53, 0x96, 0xc6, 0x13, 0x96, 0x56, \ +- 0x13, 0x5e, 0x68, 0x75, 0xb9, 0xe9, 0x79, 0x29, \ +- 0x28, 0x8c, 0x7d, 0xa1, 0xf2, 0x78, 0x7b, 0x66, \ +- 0x86, 0xcc, 0x9e, 0x6b, 0xf6, 0x03, 0xc2, 0xfe, \ +- 0x59, 0x1b, 0xab, 0x4a, 0x40, 0x24, 0x70, 0xe4, \ +- 0x8b \ +- } +- +-/* doc:end:auth-key-fast-scp-ecdsa */ +- +-/* clang-format on */ +- +-/* ************************************************************************** */ +-/* Structrues and Typedefs */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +- +-#endif /* SSS_EX_INC_EX_SSS_AUTH_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_boot.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_boot.h +deleted file mode 100644 +index 3d6ed1b123..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_boot.h ++++ /dev/null +@@ -1,220 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file +- * +- * ex_sss_boot.h: *The purpose and scope of this file* +- * +- * Project: SecureIoTMW-Debug@appboot-top-eclipse_x86 +- * +- * $Date: Mar 10, 2019 $ +- * $Author: ing05193 $ +- * $Revision$ +- */ +- +-#ifndef SSS_EX_INC_EX_SSS_BOOT_H_ +-#define SSS_EX_INC_EX_SSS_BOOT_H_ +- +-/* ***************************************************************************************************************** +- * Includes +- * ***************************************************************************************************************** */ +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#include "ex_sss.h" +-#include "fsl_sss_api.h" +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-#include "fsl_sss_se05x_types.h" +-#endif +-#include "ex_sss_ports.h" +-#include "nxScp03_Types.h" +- +-/* ***************************************************************************************************************** +- * MACROS/Defines +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Types/Structure Declarations +- * ***************************************************************************************************************** */ +-#if SSS_HAVE_SE || SSS_HAVE_APPLET_SE05X_IOT +- +-typedef union ex_auth { +- struct +- { +- NXSCP03_StaticCtx_t ex_static; //!< .static keys data +- NXSCP03_DynCtx_t ex_dyn; //!< session keys data +- } scp03; +- struct +- { +- NXECKey03_StaticCtx_t ex_static; //!< .static keys data +- NXSCP03_DynCtx_t ex_dyn; //!< session keys data +- } eckey; +- struct +- { +- sss_object_t ex_id; +- } id; +-} ex_SE05x_authCtx_t; +-#endif +- +-typedef struct +-{ +- sss_session_t session; +- sss_key_store_t ks; +- +-#if SSS_HAVE_HOSTCRYPTO_ANY || SSS_HAVE_SSCP +- sss_session_t host_session; +-#endif +- +-#if SSS_HAVE_HOSTCRYPTO_ANY +- sss_key_store_t host_ks; +-#endif +- +-#if SSS_HAVE_APPLET_SE05X_IOT || SSS_HAVE_APPLET_LOOPBACK +- SE_Connect_Ctx_t se05x_open_ctx; +- sss_tunnel_t *pTunnel_ctx; +- ex_SE05x_authCtx_t ex_se05x_auth; +-#endif +- +-#if SSS_HAVE_SSCP +- sscp_context_t sscp_ctx; +-#endif +- +-} ex_sss_boot_ctx_t; +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-typedef struct +-{ +- sss_session_t platf_session; +- SE_Connect_Ctx_t platf_open_ctx; +- sss_session_t *phost_session; +- sss_key_store_t *phost_ks; +-#if 1 //SSS_HAVE_HOSTCRYPTO_ANY +- /* Keeping this to be consistant on binary sizes */ +- ex_SE05x_authCtx_t ex_se05x_auth; +-#endif // SSS_HAVE_HOSTCRYPTO_ANY +-} ex_sss_platf_ctx_t; +-#endif +- +-typedef struct +-{ +- sss_object_t pub_obj; +- sss_object_t obj; +- sss_object_t dev_cert; +- sss_object_t interCaCert; +- sss_key_store_t *pHost_ks; +- uint32_t client_keyPair_index; +- uint32_t client_cert_index; +-} ex_sss_cloud_ctx_t; +- +-/* ***************************************************************************************************************** +- * Extern Variables +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Function Prototypes +- * ***************************************************************************************************************** */ +- +-#if SSS_HAVE_APPLET_SE05X_IOT +- +-sss_status_t ex_sss_se05x_prepare_host(sss_session_t *host_session, +- sss_key_store_t *host_ks, +- SE05x_Connect_Ctx_t *se05x_open_ctx, +- ex_SE05x_authCtx_t *ex_se05x_authctx, +- SE_AuthType_t auth_type); +- +-/* Prepare host for multiple user sessions */ +-sss_status_t ex_sss_se05x_prepare_host_keys(sss_session_t *pHostSession, +- sss_key_store_t *pHostKs, +- SE_Connect_Ctx_t *pConnectCtx, +- ex_SE05x_authCtx_t *se05x_auth_ctx, +- uint32_t offset); +-#endif +- +-#if SSS_HAVE_SE +-sss_status_t ex_sss_se_prepare_host(sss_session_t *host_session, +- sss_key_store_t *host_ks, +- SE_Connect_Ctx_t *se05x_open_ctx, +- ex_SE05x_authCtx_t *ex_se05x_authctx, +- SE_AuthType_t auth_type); +-#endif +- +-/** The case where we connect to the cyrptogrpahic system directly. +- * +- * e.g. when running form an embedded sytem, without any choice of Port Numbers, etc. +- */ +-sss_status_t ex_sss_boot_direct(void); +- +-/** The case where we connect to the cyrptogrpahic system in-directly. +- * +- * This function is a similar to @ref ex_sss_boot_direct. +- * +- * This function expects that the last argument in argv is the +- * expected/probable port name. +- * +- * e.g. when running form PC, where we are connected +- * to secure element via a COM Port/Socket Port. In such cases, +- * taking the Port number from a Command Line Argument, +- * or Environment Variable would make sense and examples +- * would become more portable. +- * +- * @param argc count of parameters, as received by main +- * @param argv Array of argv, as received by main +- * @param[out] pPortName Possible port name +- * @return 0 if successful. +- */ +-sss_status_t ex_sss_boot_connectstring(int argc, const char *argv[], const char **pPortName); +- +-/** +- * For the case where few activities have to be performed +- * after RTOS initialization, this API would be executed +- * as an RTOS Task. +- * +- * @return +- */ +-sss_status_t ex_sss_boot_rtos(void *); +- +-/** Is this a serail port */ +-bool ex_sss_boot_isSerialPortName(const char *portName); +- +-/** Is this --help request */ +-bool ex_sss_boot_isHelp(const char *argname); +- +-/** Is this a socket port */ +-bool ex_sss_boot_isSocketPortName(const char *portName); +- +-/** Open an example session */ +-sss_status_t ex_sss_boot_open(ex_sss_boot_ctx_t *pCtx, const char *portName); +- +-/** Open an example cc session */ +-sss_status_t ex_sss_boot_open_on_id(ex_sss_boot_ctx_t *pCtx, const char *portName, const int32_t authId); +- +-/** Open an example session */ +-sss_status_t ex_sss_boot_factory_reset(ex_sss_boot_ctx_t *pCtx); +- +-/** Close an example session */ +-void ex_sss_session_close(ex_sss_boot_ctx_t *pCtx); +- +-/** Entry Point for each example */ +-sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx); +- +-#define ex_sss_kestore_and_object_init ex_sss_key_store_and_object_init +- +-sss_status_t ex_sss_key_store_and_object_init(ex_sss_boot_ctx_t *pCtx); +- +-int ex_sss_boot_rtos_init(void); +- +-#if SSS_HAVE_HOSTCRYPTO_ANY +-sss_status_t ex_sss_boot_open_host_session(ex_sss_boot_ctx_t *pCtx); +-#endif +- +-#if defined(__cplusplus) +-} +-#endif +- +-#endif /* SSS_EX_INC_EX_SSS_BOOT_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc.h +deleted file mode 100644 +index 9ce448dbb6..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc.h ++++ /dev/null +@@ -1,382 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/* Common, Re-Usable main implementation */ +-/* Include this header file only once in the application */ +- +-/* +- * Applications control the boot flow by defining these macros. +- * +- * +- * - EX_SSS_BOOT_PCONTEXT : Pointer to ex_sss_boot_ctx_t +- * This allows that boot framework do not blindly rely on +- * global variables. +- * +- * - EX_SSS_BOOT_DO_ERASE : Delete all objects on boot up if 1 +- * Few examples expect the IC is *empty*, and few examples +- * expect to work with previously provisioned/persisted data. +- * This variable allows to over-ride that behaviour. +- * +- * - EX_SSS_BOOT_EXPOSE_ARGC_ARGV : Expose ARGC & ARGV from Command +- * line to Application. +- * When running from PC/Linux/OSX, command line arguments allow +- * to choose extra command line parameters, e.g. Input/Output +- * certificate or signing/verifying data. +- * But on embedded platforms, such feature is not possible to +- * achieve. +- * +- * Optional variables: +- * +- * - EX_SSS_BOOT_RTOS_STACK_SIZE : For RTOS based system, +- * this is over-ridden and passed to RTOS based example +- * boot up. It sets value needed for new task. +- * Please note, FREE RTOS will reserve +- * EX_SSS_BOOT_RTOS_STACK_SIZE * sizeof(UBaseType_t) +- * bytes. +- * +- * - EX_SSS_BOOT_OPEN_HOST_SESSION : For examples that do not +- * need host side implementation, his allows to skip opening +- * the host session. (Host session is needed to either re-verify +- * test data at host, or for SCP03). +- * By default this is enabled. +- * +- * +- */ +- +-#if defined(FRDM_KW41Z) || defined(FRDM_K64F) || defined(IMX_RT) || defined(LPC_55x) || defined(QN9090DK6) +-#define HAVE_KSDK +-#endif +- +-#ifdef HAVE_KSDK +-#include "ex_sss_main_inc_ksdk.h" +-#endif +- +-#if defined(__linux__) && defined(T1oI2C) +-#if SSS_HAVE_APPLET_SE05X_IOT +-#include "ex_sss_main_inc_linux.h" +-#endif +-#endif +-#include /* memset */ +- +-#include "PlugAndTrust_Pkg_Ver.h" +-#include "string.h" /* memset */ +- +-#if defined(USE_RTOS) && USE_RTOS == 1 +-#ifndef INC_FREERTOS_H /* Header guard of FreeRTOS */ +-#include "FreeRTOS.h" +-#include "FreeRTOSConfig.h" +-#endif /* INC_FREERTOS_H */ +-#include "task.h" +-#include "iot_logging_task.h" +-#define LOGGING_TASK_PRIORITY (tskIDLE_PRIORITY + 1) +-#define LOGGING_TASK_STACK_SIZE (200) +-#define LOGGING_QUEUE_LENGTH (16) +-#endif +- +-#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM +-#include "ex_a71ch_scp03.h" +-#endif +- +-#ifdef EX_SSS_BOOT_PCONTEXT +-#define PCONTEXT EX_SSS_BOOT_PCONTEXT +-#else +-#define PCONTEXT (NULL) +-#endif +- +-#if !defined(EX_SSS_BOOT_DO_ERASE) +-#error EX_SSS_BOOT_DO_ERASE must be set to 0 or 1 +-#endif +- +-#if !defined(EX_SSS_BOOT_EXPOSE_ARGC_ARGV) +-#error EX_SSS_BOOT_EXPOSE_ARGC_ARGV must be set to 0 or 1 +-#endif +- +-#if EX_SSS_BOOT_EXPOSE_ARGC_ARGV +-static int gex_sss_argc; +-static const char **gex_sss_argv; +-#endif +- +-#if !defined(EX_SSS_BOOT_OPEN_HOST_SESSION) +-#define EX_SSS_BOOT_OPEN_HOST_SESSION 1 +-#endif +- +-#if !defined(EX_SSS_BOOT_RTOS_STACK_SIZE) +-#define EX_SSS_BOOT_RTOS_STACK_SIZE 8500 +-#endif +- +-#if defined(USE_RTOS) && USE_RTOS == 1 +-static TaskHandle_t gSSSExRtosTaskHandle = NULL; +-static void sss_ex_rtos_task(void *ctx); +-#if INCLUDE_uxTaskGetStackHighWaterMark +-void sss_ex_rtos_stack_size(const char *when); +-#endif // INCLUDE_uxTaskGetStackHighWaterMark +-#if (!AX_EMBEDDED) +-extern void prvMiscInitialisation(void); +-#endif +-#endif /* RTOS */ +- +-#if defined(CPU_JN518X) +-/* Allocate the memory for the heap. */ +-uint8_t __attribute__((section(".bss.$SRAM1"))) ucHeap[configTOTAL_HEAP_SIZE]; +-#endif +- +-int main(int argc, const char *argv[]) +-{ +- int ret; +- sss_status_t status = kStatus_SSS_Fail; +- const char *portName; +- +-#if EX_SSS_BOOT_EXPOSE_ARGC_ARGV +- gex_sss_argc = argc; +- gex_sss_argv = argv; +-#endif // EX_SSS_BOOT_EXPOSE_ARGC_ARGV +- +-#ifdef HAVE_KSDK +- ex_sss_main_ksdk_bm(); +-#endif // HAVE_KSDK +- +-#if defined(__linux__) && defined(T1oI2C) && SSS_HAVE_APPLET_SE05X_IOT +- ex_sss_main_linux_conf(); +-#endif // defined(__linux__) && defined(T1oI2C) && SSS_HAVE_APPLET_SE05X_IOT +- +- LOG_I(PLUGANDTRUST_PROD_NAME_VER_FULL); +- +-#ifdef EX_SSS_BOOT_PCONTEXT +- memset((EX_SSS_BOOT_PCONTEXT), 0, sizeof(*(EX_SSS_BOOT_PCONTEXT))); +-#endif // EX_SSS_BOOT_PCONTEXT +- +-#if AX_EMBEDDED +- portName = NULL; +-#else +- status = ex_sss_boot_connectstring(argc, argv, &portName); +- if (kStatus_SSS_Success != status) { +- LOG_E("ex_sss_boot_connectstring Failed"); +- goto cleanup; +- } +-#endif // AX_EMBEDDED +- +-#if defined(USE_RTOS) && USE_RTOS == 1 +-#if (!AX_EMBEDDED) && ENABLE_CLOUD_DEMOS +- prvMiscInitialisation(); +-#endif +-#endif +- +- /* Initialise Logging locks */ +- if (nLog_Init() != 0) { +- LOG_E("Lock initialisation failed"); +- } +-#if defined(EX_SSS_BOOT_SKIP_SELECT_APPLET) && (EX_SSS_BOOT_SKIP_SELECT_APPLET == 1) +- (PCONTEXT)->se05x_open_ctx.skip_select_applet = 1; +-#endif +- +-#if defined(USE_RTOS) && USE_RTOS == 1 +- if (xTaskCreate(&sss_ex_rtos_task, +- "sss_ex_rtos_task", +- EX_SSS_BOOT_RTOS_STACK_SIZE, +- (void *)portName, +- (tskIDLE_PRIORITY), +- &gSSSExRtosTaskHandle) != pdPASS) { +- LOG_E("Task creation failed!.\r\n"); +- while (1) +- ; +- } +- +- /* Run RTOS */ +- vTaskStartScheduler(); +- +-#else /* No RTOS, No Embedded */ +- +-#if !AX_EMBEDDED +- if (ex_sss_boot_isHelp(portName)) { +- memset(PCONTEXT, 0, sizeof(*PCONTEXT)); +-#if EX_SSS_BOOT_EXPOSE_ARGC_ARGV +- /* so that tool can fetchup last value */ +- gex_sss_argc++; +-#endif // EX_SSS_BOOT_EXPOSE_ARGC_ARGV +- goto before_ex_sss_entry; +- } +-#endif +- +- status = ex_sss_boot_open(PCONTEXT, portName); +- if (kStatus_SSS_Success != status) { +- LOG_E("ex_sss_session_open Failed"); +- goto cleanup; +- } +- +-#if EX_SSS_BOOT_DO_ERASE +- status = ex_sss_boot_factory_reset((PCONTEXT)); +-#endif +- +- if (kType_SSS_SubSystem_NONE == ((PCONTEXT)->session.subsystem)) { +- /* Nothing to do. Device is not opened +- * This is needed for the case when we open a generic communication +- * channel, without being specific to SE05X +- */ +- } +- else { +- status = ex_sss_key_store_and_object_init((PCONTEXT)); +- if (kStatus_SSS_Success != status) { +- LOG_E("ex_sss_key_store_and_object_init Failed"); +- goto cleanup; +- } +- } +- +-#if EX_SSS_BOOT_OPEN_HOST_SESSION && SSS_HAVE_HOSTCRYPTO_ANY +- ex_sss_boot_open_host_session((PCONTEXT)); +-#endif +- +-#if (SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM) && SSS_HAVE_A71CH_AUTH_SCP03 +- LOG_I("A71CH SCP03 add-on"); +- { +- // Variables used by calls to legacy API +- U8 sCounter[3]; +- U16 sCounterLen = sizeof(sCounter); +- U16 sw = 0; +- U8 scpKeyEncBase[SCP_KEY_SIZE]; +- U8 scpKeyMacBase[SCP_KEY_SIZE]; +- U8 scpKeyDekBase[SCP_KEY_SIZE]; +- +- LOG_I("** Establish SCP03 session: Start **"); +- status = ex_a71ch_FetchRandomScp03Keys(scpKeyEncBase, scpKeyMacBase, scpKeyDekBase); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- status = ex_a71ch_SetSeScp03Keys(scpKeyEncBase, scpKeyMacBase, scpKeyDekBase); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- LOG_I("Clear host-side SCP03 channel state"); +- DEV_ClearChannelState(); +- +- LOG_I("SCP_Authenticate()"); +- sw = SCP_Authenticate(scpKeyEncBase, scpKeyMacBase, scpKeyDekBase, SCP_KEY_SIZE, sCounter, &sCounterLen); +- status = (sw == SW_OK) ? kStatus_SSS_Success : kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(sw == SW_OK); +- LOG_I("** Establish SCP03 session: End **"); +- } +-#endif // SSS_HAVE_A71CH && SSS_HAVE_A71CH_AUTH_SCP03 +- +-#if !AX_EMBEDDED +-before_ex_sss_entry: +-#endif +- +- status = ex_sss_entry((PCONTEXT)); +- LOG_I("ex_sss Finished"); +- if (kStatus_SSS_Success != status) { +- LOG_E("ex_sss_entry Failed"); +- goto cleanup; +- } +-#endif /* No RTOS, No Embedded */ +- // Delete locks for pthreads +- nLog_DeInit(); +- goto cleanup; +- +-cleanup: +-#ifdef EX_SSS_BOOT_PCONTEXT +- ex_sss_session_close((EX_SSS_BOOT_PCONTEXT)); +-#endif +- if (kStatus_SSS_Success == status) { +- ret = 0; +-#if defined(HAVE_KSDK) && HAVE_KSDK_LED_APIS == 1 +- ex_sss_main_ksdk_success(); +-#endif +-#if defined(__linux__) && defined(T1oI2C) && SSS_HAVE_APPLET_SE05X_IOT +- ex_sss_main_linux_unconf(); +-#endif // defined(__linux__) && defined(T1oI2C) && SSS_HAVE_APPLET_SE05X_IOT +- } +- else { +- LOG_E("!ERROR! ret != 0."); +- ret = 1; +-#if defined(HAVE_KSDK) && HAVE_KSDK_LED_APIS == 1 +- ex_sss_main_ksdk_failure(); +-#endif +- } +- return ret; +-} +- +-#if defined(USE_RTOS) && USE_RTOS == 1 +-static void sss_ex_rtos_task(void *ctx) +-{ +- sss_status_t status; +- +-#if INCLUDE_uxTaskGetStackHighWaterMark +- sss_ex_rtos_stack_size("Boot"); +-#endif // INCLUDE_uxTaskGetStackHighWaterMark +- +-#if AX_EMBEDDED +- ex_sss_main_ksdk_boot_rtos_task(); +-#endif +- status = ex_sss_boot_open(PCONTEXT, (const char *)ctx); +- +- if (kStatus_SSS_Success != status) { +- LOG_E("ex_sss_session_open Failed."); +- goto exit; +- } +- +- status = ex_sss_key_store_and_object_init((PCONTEXT)); +- +- if (kStatus_SSS_Success != status) { +- LOG_E("ex_sss_key_store_and_object_init Failed"); +- goto exit; +- } +- +-#if INCLUDE_uxTaskGetStackHighWaterMark +- sss_ex_rtos_stack_size("Before:ex_sss_entry"); +-#endif // INCLUDE_uxTaskGetStackHighWaterMark +- +-#if EX_SSS_BOOT_DO_ERASE +- status = ex_sss_boot_factory_reset((PCONTEXT)); +- if (kStatus_SSS_Success != status) { +- LOG_W("ex_sss_boot_factory_reset Failed"); +- } +-#if INCLUDE_uxTaskGetStackHighWaterMark +- sss_ex_rtos_stack_size("after:erase"); +-#endif // INCLUDE_uxTaskGetStackHighWaterMark +-#endif +- +-#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM +-#if EX_SSS_BOOT_OPEN_HOST_SESSION +- ex_sss_boot_open_host_session((PCONTEXT)); +-#endif +-#endif +- +- xLoggingTaskInitialize(LOGGING_TASK_STACK_SIZE, LOGGING_TASK_PRIORITY, LOGGING_QUEUE_LENGTH); +- status = ex_sss_entry((PCONTEXT)); +- +- LOG_I("ex_sss Finished"); +- if (kStatus_SSS_Success != status) { +- LOG_E("ex_sss_entry Failed"); +- } +- +- ex_sss_session_close(PCONTEXT); +- /* Delete locks for FreeRtos*/ +- nLog_DeInit(); +-#if INCLUDE_uxTaskGetStackHighWaterMark +- sss_ex_rtos_stack_size("After:ex_sss_entry"); +-#endif // INCLUDE_uxTaskGetStackHighWaterMark +-exit: +-#if defined(_MSC_VER) || defined(__linux__) || defined(__MINGW32__) || defined(__MINGW64__) +- if (kStatus_SSS_Success == status) { +- exit(0); +- } +- else { +- exit(1); +- } +-#else +- vTaskDelete(NULL); +-#endif +-} +- +-#if INCLUDE_uxTaskGetStackHighWaterMark +-void sss_ex_rtos_stack_size(const char *when) +-{ +-#if LOG_INFO_ENABLED +- UBaseType_t stackused; +- stackused = EX_SSS_BOOT_RTOS_STACK_SIZE - uxTaskGetStackHighWaterMark(gSSSExRtosTaskHandle); +- LOG_I("STACK USED [%s] %d", when, sizeof(UBaseType_t) * stackused); +-#endif +-} +-#endif /* INCLUDE_uxTaskGetStackHighWaterMark */ +- +-#endif /* No RTOS, No Embedded */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc_linux.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc_linux.h +deleted file mode 100644 +index cd8b4002d7..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_main_inc_linux.h ++++ /dev/null +@@ -1,25 +0,0 @@ +-/* +- * +- * Copyright 2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#include "ax_reset.h" +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-void ex_sss_main_linux_conf() +-{ +- axReset_HostConfigure(); +- axReset_PowerUp(); +-} +- +-void ex_sss_main_linux_unconf() +-{ +- axReset_PowerDown(); +- axReset_HostUnconfigure(); +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_objid.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_objid.h +deleted file mode 100644 +index 5e5beb1b47..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_objid.h ++++ /dev/null +@@ -1,112 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file +- * +- * ex_sss_objid.h: Reserved Object Identifiers +- * +- * Project: SecureIoTMW-Debug@simw-top-eclipse_x86 +- * +- * $Date: Mar 27, 2019 $ +- * $Author: ing05193 $ +- * $Revision$ +- */ +- +-#ifndef SSS_EX_INC_EX_SSS_OBJID_H_ +-#define SSS_EX_INC_EX_SSS_OBJID_H_ +- +-/* ***************************************************************************************************************** +- * Includes +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * MACROS/Defines +- * ***************************************************************************************************************** */ +- +-/* clang-format off */ +-#define EX_SSS_OBJID_CUST_START 0x00000001u +-#define SE05X_OBJID_TP_MASK(X) (0xFFFFFFFC & (X)) +-#define EX_SSS_OBJID_CUST_END 0x7BFFFFFFu +- +-#define EX_SSS_OBJID_AKM_START 0x7C000000u +-#define EX_SSS_OBJID_AKM_END 0x7CFFFFFFu +- +-#define EX_SSS_OBJID_DEMO_START 0x7D000000u +-#define EX_SSS_OBJID_DEMO_SA_START 0x7D500000u +-#define EX_SSS_OBJID_DEMO_WIFI_START 0x7D51F000u +-/* doc:start:mif-kdf-start-keyid */ +-#define EX_SSS_OBJID_DEMO_MFDF_START 0x7D5DF000u +-/* doc:end:mif-kdf-start-keyid */ +-/////// EX_SSS_OBJID_DEMO_SA_END 0x7D5FFFFFu +-#define EX_SSS_OBJID_DEMO_AUTH_START 0x7DA00000u +-#define EX_SSS_OBJID_DEMO_AUTH_MASK(X) (0xFFFF0000u & (X)) +-/////// EX_SSS_OBJID_DEMO_AUTH_END 0x7DA0FFFFu +-#define EX_SSS_OBJID_DEMO_CLOUD_START 0x7DC00000u +-#define EX_SSS_OBJID_DEMO_CLOUD_IBM_START 0x7DC1B000u +-#define EX_SSS_OBJID_DEMO_CLOUD_GCP_START 0x7DC6C000u +-#define EX_SSS_OBJID_DEMO_CLOUD_AWS_START 0x7DCA5000u +-#define EX_SSS_OBJID_DEMO_CLOUD_AZURE_START 0x7DCAC000u +-/////// EX_SSS_OBJID_DEMO_CLOUD_END 0x7DCFFFFFu +-#define EX_SSS_OBJID_DEMO_END 0x7DFFFFFFu +-#define SE05X_OBJID_SE05X_APPLET_RES_START 0x7FFF0000u +-#define SE05X_OBJID_SE05X_APPLET_RES_MASK(X) \ +- (0xFFFF0000u & (X)) +-#define SE05X_OBJID_SE05X_APPLET_RES_END 0x7FFFFFFFu +- +-/* IoT Hub Managed */ +-#define SE05X_OBJID_IOT_HUB_M_START 0x80000000u +-#define SE05X_OBJID_IOT_HUB_M_END 0xEEFFFFFFu +-#define EX_SSS_OBJID_TEST_START 0xEF000000u +-#define EX_SSS_OBJID_TEST_END 0xEFFFFFFFu +- +-/* IoT Hub Access */ +-#define EX_SSS_OBJID_IOT_HUB_A_START 0xF0000000u +-#define EX_SSS_OBJID_IOT_HUB_A_MASK(X) (0xF0000000u & (X)) +- +-//Device Key and Certificate - ECC-256 +-#define EX_SSS_OBJID_TP_KEY_EC_D 0xF0000100 +-#define EX_SSS_OBJID_TP_CERT_EC_D 0xF0000101 +-//Gateway Key and Certificate - ECC-256 +-#define EX_SSS_OBJID_TP_KEY_EC_G 0xF0000102 +-#define EX_SSS_OBJID_TP_CERT_EC_G 0xF0000103 +- +-//Device Key and Certificate - RSA-2K +-#define EX_SSS_OBJID_TP_KEY_RSA2K_D 0xF0000110 +-#define EX_SSS_OBJID_TP_CERT_RSA2K_D 0xF0000111 +-//Gateway Key and Certificate - RSA-2K +-#define EX_SSS_OBJID_TP_KEY_RSA2K_G 0xF0000112 +-#define EX_SSS_OBJID_TP_CERT_RSA2K_G 0xF0000113 +-//Device Key and Certificate - RSA-4K +-#define EX_SSS_OBJID_TP_KEY_RSA4K_D 0xF0000120 +-#define EX_SSS_OBJID_TP_CERT_RSA4K_D 0xF0000121 +-//Gateway Key and Certificate - RSA-4K +-#define EX_SSS_OBJID_TP_KEY_RSA4K_G 0xF0000122 +-#define EX_SSS_OBJID_TP_CERT_RSA4K_G 0xF0000123 +- +-#define EX_SSS_OBJID_IOT_HUB_A_END 0xFFFFFFFFu +- +-/* clang-format on */ +- +-/* ***************************************************************************************************************** +- * Types/Structure Declarations +- * ***************************************************************************************************************** */ +- +-enum +-{ +- kEX_SSS_ObjID_UserID_Auth = EX_SSS_OBJID_DEMO_AUTH_START + 1, +- kEX_SSS_ObjID_APPLETSCP03_Auth, +- kEX_SSS_objID_ECKEY_Auth, +-}; +- +-/* ***************************************************************************************************************** +- * Extern Variables +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Function Prototypes +- * ***************************************************************************************************************** */ +- +-#endif /* SSS_EX_INC_EX_SSS_OBJID_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_ports.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_ports.h +deleted file mode 100644 +index ed238e7ef3..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_ports.h ++++ /dev/null +@@ -1,53 +0,0 @@ +-/* +- * +- * Copyright 2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file +- * +- * ex_sss_ports.h: Default ports being used in Examples and test cases +- * +- * $Date: Mar 10, 2019 $ +- * $Author: ing05193 $ +- * $Revision$ +- */ +- +-#ifndef SSS_EX_INC_EX_SSS_PORTS_H_ +-#define SSS_EX_INC_EX_SSS_PORTS_H_ +- +-/* ***************************************************************************************************************** +- * Includes +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * MACROS/Defines +- * ***************************************************************************************************************** */ +- +-#define EX_SSS_BOOT_SSS_PORT "EX_SSS_BOOT_SSS_PORT" +-#ifdef __linux__ +-#define EX_SSS_BOOT_SSS_COMPORT_DEFAULT "/dev/ttyACM0" +-#else +-#define EX_SSS_BOOT_SSS_COMPORT_DEFAULT "\\\\.\\COM7" +-#endif +-#define EX_SSS_BOOT_SSS_SOCKET_HOSTNAME_DEFAULT "127.0.0.1" +-#define EX_SSS_BOOT_SSS_SOCKET_PORTNUMBER_DEFAULT 8050 +-#define EX_SSS_BOOT_SSS_SOCKET_PORTSZ_DEFAULT "8050" +-#define EX_SSS_BOOT_SSS_PCSC_READER_DEFAULT "NXP SE050C v03.01.00 0" +-#define EX_SSS_BOOT_SSS_SOCKETPORT_DEFAULT \ +- EX_SSS_BOOT_SSS_SOCKET_HOSTNAME_DEFAULT \ +- ":" EX_SSS_BOOT_SSS_SOCKET_PORTSZ_DEFAULT +- +-/* ***************************************************************************************************************** +- * Types/Structure Declarations +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Extern Variables +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Function Prototypes +- * ***************************************************************************************************************** */ +- +-#endif /* SSS_EX_INC_EX_SSS_PORTS_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_scp03_keys.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_scp03_keys.h +deleted file mode 100644 +index 9e894babd7..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_scp03_keys.h ++++ /dev/null +@@ -1,75 +0,0 @@ +-/* +- * +- * Copyright 2018,2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef SSS_EX_INC_EX_SSS_SCP03_KEYS_H_ +-#define SSS_EX_INC_EX_SSS_SCP03_KEYS_H_ +- +-#include "ex_sss_tp_scp03_keys.h" +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +- +-#define EX_SSS_BOOT_SCP03_PATH_ENV "EX_SSS_BOOT_SCP03_PATH" +- +-/* Modify based on platform */ +-#if defined(ANDROID) +-/* Could be set to /data/vendor/secure_iot/ if sepolicies are in effect */ +-/* doc:start:android-scp03-path */ +-#define EX_SSS_SCP03_FILE_DIR "/data/vendor/SE05x/" +-#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt" +-/* doc:end:android-scp03-path */ +-#elif defined(__linux__) +-/* doc:start:linux-scp03-path */ +-#define EX_SSS_SCP03_FILE_DIR "/tmp/SE05X/" +-#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt" +-/* doc:end:linux-scp03-path */ +-#elif defined(_MSC_VER) +-/* doc:start:windows-scp03-path */ +-#define EX_SSS_SCP03_FILE_DIR "C:\\nxp\\SE05X\\" +-#define EX_SSS_SCP03_FILE_PATH EX_SSS_SCP03_FILE_DIR "plain_scp.txt" +-/* doc:end:windows-scp03-path */ +-#else +-/* Not defined / avialable */ +-#endif +- +-#ifdef EX_SSS_SCP03_FILE_PATH +-sss_status_t scp03_keys_from_path( +- uint8_t *penc, size_t enc_len, uint8_t *pmac, size_t mac_len, uint8_t *pdek, size_t dek_len); +-#endif +- +-#define SSS_AUTH_SE050_OEF_0004A2D0_KEY_ENC \ +- { \ +- 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x01 \ +- } +- +-#define SSS_AUTH_SE050_OEF_0004A2D0_KEY_MAC \ +- { \ +- 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x02 \ +- } +- +-#define SSS_AUTH_SE050_OEF_0004A2D0_KEY_DEK \ +- { \ +- 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0xAB, 0xCD, 0x00, 0x03 \ +- } +- +-/* ************************************************************************** */ +-/* Structrues and Typedefs */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +- +-#endif /* SSS_EX_INC_EX_SSS_SCP03_KEYS_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_tp_scp03_keys.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_tp_scp03_keys.h +deleted file mode 100644 +index 24421b7cd8..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc/ex_sss_tp_scp03_keys.h ++++ /dev/null +@@ -1,119 +0,0 @@ +-/* +- * +- * Copyright 2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef SSS_AUTH_SE050_OEF_20191211_1809_ +-#define SSS_AUTH_SE050_OEF_20191211_1809_ +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +- +-/* clang-format off */ +- +- +- +-/* See https://www.nxp.com/docs/en/application-note/AN12436.pdf */ +- +-// Variant ==> OEF ID +-// SE050A1 ==> A204 +-// SE050A2 ==> A205 +-// SE050B1 ==> A202 +-// SE050B2 ==> A203 +-// SE050C1 ==> A200 +-// SE050C2 ==> A201 +-// Development Board ==> A1F4 (DEVKIT) +- +-// SE050A1 +-#define SSS_AUTH_SE050A1_KEY_ENC \ +- {0x34, 0xae, 0x09, 0x67, 0xe3, 0x29, 0xe9, 0x51, 0x8e, 0x72, 0x65, 0xd5, 0xad, 0xcc, 0x01, 0xc2 } +-#define SSS_AUTH_SE050A1_KEY_MAC \ +- {0x52, 0xb2, 0x53, 0xca, 0xdf, 0x47, 0x2b, 0xdb, 0x3d, 0x0f, 0xb3, 0x8e, 0x09, 0x77, 0x00, 0x99 } +-#define SSS_AUTH_SE050A1_KEY_DEK \ +- {0xac, 0xc9, 0x14, 0x31, 0xfe, 0x26, 0x81, 0x1b, 0x5e, 0xcb, 0xc8, 0x45, 0x62, 0x0d, 0x83, 0x44 } +- +-// SE050A2 +-#define SSS_AUTH_SE050A2_KEY_ENC \ +- {0x46, 0xa9, 0xc4, 0x8c, 0x34, 0xef, 0xe3, 0x44, 0xa5, 0x22, 0xe6, 0x67, 0x44, 0xf8, 0x99, 0x6a } +-#define SSS_AUTH_SE050A2_KEY_MAC \ +- {0x12, 0x03, 0xff, 0x61, 0xdf, 0xbc, 0x9c, 0x86, 0x19, 0x6a, 0x22, 0x74, 0xae, 0xf4, 0xed, 0x28 } +-#define SSS_AUTH_SE050A2_KEY_DEK \ +- {0xf7, 0x56, 0x1c, 0x6f, 0x48, 0x33, 0x61, 0x19, 0xee, 0x39, 0x43, 0x9a, 0xab, 0x34, 0x09, 0x8e } +- +-// SE050B1 +-#define SSS_AUTH_SE050B1_KEY_ENC \ +- {0xd4, 0x99, 0xbc, 0x90, 0xde, 0xa5, 0x42, 0xcf, 0x78, 0xd2, 0x5e, 0x13, 0xd6, 0x4c, 0xbb, 0x1f } +-#define SSS_AUTH_SE050B1_KEY_MAC \ +- {0x08, 0x15, 0x55, 0x96, 0x43, 0xfb, 0x79, 0xeb, 0x85, 0x01, 0xa0, 0xdc, 0x83, 0x3d, 0x90, 0x1f } +-#define SSS_AUTH_SE050B1_KEY_DEK \ +- {0xbe, 0x7d, 0xdf, 0xb4, 0x06, 0xe8, 0x1a, 0xe4, 0xe9, 0x66, 0x5a, 0x9f, 0xed, 0x64, 0x26, 0x7c } +- +-// SE050B2 +-#define SSS_AUTH_SE050B2_KEY_ENC \ +- {0x5f, 0xa4, 0x3d, 0x82, 0x02, 0xd2, 0x5e, 0x9a, 0x85, 0xb1, 0xfe, 0x7e, 0x2d, 0x26, 0x47, 0x8d } +-#define SSS_AUTH_SE050B2_KEY_MAC \ +- {0x10, 0x5c, 0xea, 0x22, 0x19, 0xf5, 0x2b, 0xd1, 0x67, 0xa0, 0x74, 0x63, 0xc6, 0x93, 0x79, 0xc3 } +-#define SSS_AUTH_SE050B2_KEY_DEK \ +- {0xd7, 0x02, 0x81, 0x57, 0xf2, 0xad, 0x37, 0x2c, 0x74, 0xbe, 0x96, 0x9b, 0xcc, 0x39, 0x06, 0x27 } +- +-// SE050C1 +-#define SSS_AUTH_SE050C1_KEY_ENC \ +- {0x85, 0x2b, 0x59, 0x62, 0xe9, 0xcc, 0xe5, 0xd0, 0xbe, 0x74, 0x6b, 0x83, 0x3b, 0xcc, 0x62, 0x87 } +-#define SSS_AUTH_SE050C1_KEY_MAC \ +- {0xdb, 0x0a, 0xa3, 0x19, 0xa4, 0x08, 0x69, 0x6c, 0x8e, 0x10, 0x7a, 0xb4, 0xe3, 0xc2, 0x6b, 0x47 } +-#define SSS_AUTH_SE050C1_KEY_DEK \ +- {0x4c, 0x2f, 0x75, 0xc6, 0xa2, 0x78, 0xa4, 0xae, 0xe5, 0xc9, 0xaf, 0x7c, 0x50, 0xee, 0xa8, 0x0c } +- +-// SE050C2 +-#define SSS_AUTH_SE050C2_KEY_ENC \ +- {0xbd, 0x1d, 0xe2, 0x0a, 0x81, 0xea, 0xb2, 0xbf, 0x3b, 0x70, 0x9a, 0x9d, 0x69, 0xa3, 0x12, 0x54 } +-#define SSS_AUTH_SE050C2_KEY_MAC \ +- {0x9a, 0x76, 0x1b, 0x8d, 0xba, 0x6b, 0xed, 0xf2, 0x27, 0x41, 0xe4, 0x5d, 0x8d, 0x42, 0x36, 0xf5 } +-#define SSS_AUTH_SE050C2_KEY_DEK \ +- {0x9b, 0x99, 0x3b, 0x60, 0x0f, 0x1c, 0x64, 0xf5, 0xad, 0xc0, 0x63, 0x19, 0x2a, 0x96, 0xc9, 0x47 } +- +-// SE050_DEVKIT +-#define SSS_AUTH_SE050_DEVKIT_KEY_ENC \ +- {0x35, 0xc2, 0x56, 0x45, 0x89, 0x58, 0xa3, 0x4f, 0x61, 0x36, 0x15, 0x5f, 0x82, 0x09, 0xd6, 0xcd } +-#define SSS_AUTH_SE050_DEVKIT_KEY_MAC \ +- {0xaf, 0x17, 0x7d, 0x5d, 0xbd, 0xf7, 0xc0, 0xd5, 0xc1, 0x0a, 0x05, 0xb9, 0xf1, 0x60, 0x7f, 0x78 } +-#define SSS_AUTH_SE050_DEVKIT_KEY_DEK \ +- {0xa1, 0xbc, 0x84, 0x38, 0xbf, 0x77, 0x93, 0x5b, 0x36, 0x1a, 0x44, 0x25, 0xfe, 0x79, 0xfa, 0x29 } +- +-// SE051A2 +-#define SSS_AUTH_SE051A2_KEY_ENC \ +- { 0x84, 0x0a, 0x5d, 0x51, 0x79, 0x55, 0x11, 0xc9, 0xce, 0xf0, 0xc9, 0x6f, 0xd2, 0xcb, 0xf0, 0x41 } +-#define SSS_AUTH_SE051A2_KEY_MAC \ +- { 0x64, 0x6b, 0xc2, 0xb8, 0xc3, 0xa4, 0xd9, 0xc1, 0xfa, 0x8d, 0x71, 0x16, 0xbe, 0x04, 0xfd, 0xfe } +-#define SSS_AUTH_SE051A2_KEY_DEK \ +- { 0x03, 0xe6, 0x69, 0x9a, 0xca, 0x94, 0x26, 0xd9, 0xc3, 0x89, 0x22, 0xf8, 0x91, 0x4c, 0xe5, 0xf7 } +- +-// SE051C2 +-#define SSS_AUTH_SE051C2_KEY_ENC \ +- { 0x88, 0xdb, 0xcd, 0x65, 0x82, 0x0d, 0x2a, 0xa0, 0x6f, 0xfa, 0xb9, 0x2a, 0xa8, 0xe7, 0x93, 0x64 } +-#define SSS_AUTH_SE051C2_KEY_MAC \ +- { 0xa8, 0x64, 0x4e, 0x2a, 0x04, 0xd9, 0xe9, 0xc8, 0xc0, 0xea, 0x60, 0x86, 0x68, 0x29, 0x99, 0xe5 } +-#define SSS_AUTH_SE051C2_KEY_DEK \ +- { 0x8a, 0x38, 0x72, 0x38, 0x99, 0x88, 0x18, 0x44, 0xe2, 0xc1, 0x51, 0x3d, 0xac, 0xd9, 0xf8, 0x0d } +- +-/* clang-format on */ +- +-/* ************************************************************************** */ +-/* Structures and Typedefs */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +- +-#endif /* SSS_AUTH_SE050_OEF_20191211_1809_ */ +\ No newline at end of file +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/mbedtls/ex_sss_ssl2.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/mbedtls/ex_sss_ssl2.c +deleted file mode 100644 +index 8b6071fac7..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/mbedtls/ex_sss_ssl2.c ++++ /dev/null +@@ -1,2275 +0,0 @@ +-/* +- * SSL client with certificate authentication +- * +- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved +- * Copyright (C) 2018-2019, NXP, All Rights Reserved +- * SPDX-License-Identifier: Apache-2.0 +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); you may +- * not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- * +- * This file is part of mbed TLS (https://tls.mbed.org) +- */ +- +-/* clang-format off */ +- +-#if !defined(__MBED__) +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if !defined(MBEDTLS_CONFIG_FILE) +-#include "mbedtls/config.h" +-#else +-#include MBEDTLS_CONFIG_FILE +-#endif +- +-#if defined(MBEDTLS_PLATFORM_C) +-#include "mbedtls/platform.h" +-#else +-#include +-#include +-#define mbedtls_time time +-#define mbedtls_time_t time_t +-#define mbedtls_printf printf +-#define mbedtls_fprintf fprintf +-#define mbedtls_snprintf snprintf +-#endif +- +-#include +- +-#if !defined(MBEDTLS_ENTROPY_C) || \ +- !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ +- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C) +-int main(void) +-{ +- mbedtls_printf("MBEDTLS_ENTROPY_C and/or " +- "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " +- "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n"); +- return (0); +-} +-#else +- +-#include "mbedtls/certs.h" +-#include "mbedtls/ctr_drbg.h" +-#include "mbedtls/debug.h" +-#include "mbedtls/entropy.h" +-#include "mbedtls/error.h" +-#include "mbedtls/net_sockets.h" +-#include "mbedtls/ssl.h" +-#include "mbedtls/timing.h" +-#include "mbedtls/x509.h" +- +-#include +-#include +-#include +- +-/* +S */ +- +-#ifdef TGT_A71CH +-# include "sm_printf.h" +-#endif +- +-#if SSS_HAVE_ALT_SSS +-#include "sss_mbedtls.h" +-#if defined(MBEDTLS_ECDSA_VERIFY_ALT) +-#include "ecdsa_verify_alt.h" +-#endif +-#endif +- +-#include +-#include +-#include +- +-#if defined(SMCOM_JRCP_V2) && SSS_HAVE_SE05X_VER_GTE_06_00 +-#include "smCom.h" +-#include "smComJRCP.h" +-#include "sm_types.h" +-#endif +- +-static ex_sss_boot_ctx_t gex_sss_demo_boot_ctx; +-ex_sss_boot_ctx_t *pex_sss_demo_boot_ctx = &gex_sss_demo_boot_ctx; +-static ex_sss_cloud_ctx_t gex_sss_demo_tls_ctx; +-ex_sss_cloud_ctx_t *pex_sss_demo_tls_ctx = &gex_sss_demo_tls_ctx; +- +-#define EX_SSS_BOOT_PCONTEXT (&gex_sss_demo_boot_ctx) +-#define EX_SSS_BOOT_EXPOSE_ARGC_ARGV 1 +-#define EX_SSS_BOOT_DO_ERASE 0 +- +-#include +- +-#define SSS_PUBKEY_INDEX_CA 0x7DCCBB22 //(1u) +-#define SSS_KEYPAIR_INDEX_CLIENT_PRIVATE 0x20181001 //(2u) +-#define SSS_CERTIFICATE_INDEX 0x20181002 //(3u) +- +-/*The size of the client certificate should be checked when script is used to store it in GP storage and updated here */ +-#define SIZE_CLIENT_CERTIFICATE 2048 +-/* -S */ +- +-#define MAX_REQUEST_SIZE 20000 +-#define MAX_REQUEST_SIZE_STR "20000" +- +-#define DFL_SERVER_NAME "localhost" +-#define DFL_SERVER_ADDR NULL +-#define DFL_SERVER_PORT "4433" +-#define DFL_REQUEST_PAGE "/" +-#define DFL_REQUEST_SIZE -1 +-#define DFL_DEBUG_LEVEL 0 +-#define DFL_NBIO 0 +-#define DFL_EVENT 0 +-#define DFL_READ_TIMEOUT 0 +-#define DFL_MAX_RESEND 0 +-#define DFL_CA_FILE "" +-#define DFL_CA_PATH "" +-#define DFL_CRT_FILE "" +-#define DFL_KEY_FILE "" +-#define DFL_PSK "" +-#define DFL_PSK_IDENTITY "Client_identity" +-#define DFL_ECJPAKE_PW NULL +-#define DFL_FORCE_CIPHER 0 +-#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED +-#define DFL_ALLOW_LEGACY -2 +-#define DFL_RENEGOTIATE 0 +-#define DFL_EXCHANGES 1 +-#define DFL_MIN_VERSION -1 +-#define DFL_MAX_VERSION -1 +-#define DFL_ARC4 -1 +-#define DFL_SHA1 -1 +-#define DFL_AUTH_MODE -1 +-#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE +-#define DFL_TRUNC_HMAC -1 +-#define DFL_RECSPLIT -1 +-#define DFL_DHMLEN -1 +-#define DFL_RECONNECT 0 +-#define DFL_RECO_DELAY 0 +-#define DFL_RECONNECT_HARD 0 +-#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED +-#define DFL_ALPN_STRING NULL +-#define DFL_CURVES NULL +-#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM +-#define DFL_HS_TO_MIN 0 +-#define DFL_HS_TO_MAX 0 +-#define DFL_FALLBACK -1 +-#define DFL_EXTENDED_MS -1 +-#define DFL_ETM -1 +-#define DFL_CONNECT "" +- +-#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " +-#define GET_REQUEST_END "\r\n\r\n" +- +-#if defined(MBEDTLS_X509_CRT_PARSE_C) +-#if defined(MBEDTLS_FS_IO) +-#define USAGE_IO \ +- " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ +- " default: \"\" (pre-loaded)\n" \ +- " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \ +- " default: \"\" (pre-loaded) (overrides ca_file)\n" \ +- " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \ +- " default: \"\" (pre-loaded)\n" \ +- " key_file=%%s default: \"\" (pre-loaded)\n" \ +- +-#else +-#define USAGE_IO \ +- " No file operations available (MBEDTLS_FS_IO not defined)\n" +-#endif /* MBEDTLS_FS_IO */ +-#else +-#define USAGE_IO "" +-#endif /* MBEDTLS_X509_CRT_PARSE_C */ +- +-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +-#define USAGE_PSK \ +- " psk=%%s default: \"\" (in hex, without 0x)\n" \ +- " psk_identity=%%s default: \"Client_identity\"\n" +-#else +-#define USAGE_PSK "" +-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ +- +-#if defined(MBEDTLS_SSL_SESSION_TICKETS) +-#define USAGE_TICKETS \ +- " tickets=%%d default: 1 (enabled)\n" +-#else +-#define USAGE_TICKETS "" +-#endif /* MBEDTLS_SSL_SESSION_TICKETS */ +- +-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) +-#define USAGE_TRUNC_HMAC \ +- " trunc_hmac=%%d default: library default\n" +-#else +-#define USAGE_TRUNC_HMAC "" +-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +- +-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) +-#define USAGE_MAX_FRAG_LEN \ +- " max_frag_len=%%d default: 16384 (tls default)\n" \ +- " options: 512, 1024, 2048, 4096\n" +-#else +-#define USAGE_MAX_FRAG_LEN "" +-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ +- +-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) +-#define USAGE_RECSPLIT \ +- " recsplit=0/1 default: (library default: on)\n" +-#else +-#define USAGE_RECSPLIT +-#endif +- +-#if defined(MBEDTLS_DHM_C) +-#define USAGE_DHMLEN \ +- " dhmlen=%%d default: (library default: 1024 bits)\n" +-#else +-#define USAGE_DHMLEN +-#endif +- +-#if defined(MBEDTLS_SSL_ALPN) +-#define USAGE_ALPN \ +- " alpn=%%s default: \"\" (disabled)\n" \ +- " example: spdy/1,http/1.1\n" +-#else +-#define USAGE_ALPN "" +-#endif /* MBEDTLS_SSL_ALPN */ +- +-#if defined(MBEDTLS_ECP_C) +-#define USAGE_CURVES \ +- " curves=a,b,c,d default: \"default\" (library default)\n" \ +- " example: \"secp521r1,brainpoolP512r1\"\n" \ +- " - use \"none\" for empty list\n" \ +- " - see mbedtls_ecp_curve_list()\n" \ +- " for acceptable curve names\n" +-#else +-#define USAGE_CURVES "" +-#endif +- +-#if defined(MBEDTLS_SSL_PROTO_DTLS) +-#define USAGE_DTLS \ +- " dtls=%%d default: 0 (TLS)\n" \ +- " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \ +- " range of DTLS handshake timeouts in millisecs\n" +-#else +-#define USAGE_DTLS "" +-#endif +- +-#if defined(MBEDTLS_SSL_FALLBACK_SCSV) +-#define USAGE_FALLBACK \ +- " fallback=0/1 default: (library default: off)\n" +-#else +-#define USAGE_FALLBACK "" +-#endif +- +-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) +-#define USAGE_EMS \ +- " extended_ms=0/1 default: (library default: on)\n" +-#else +-#define USAGE_EMS "" +-#endif +- +-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +-#define USAGE_ETM \ +- " etm=0/1 default: (library default: on)\n" +-#else +-#define USAGE_ETM "" +-#endif +- +-#if defined(MBEDTLS_SSL_RENEGOTIATION) +-#define USAGE_RENEGO \ +- " renegotiation=%%d default: 0 (disabled)\n" \ +- " renegotiate=%%d default: 0 (disabled)\n" +-#else +-#define USAGE_RENEGO "" +-#endif +- +-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +-#define USAGE_ECJPAKE \ +- " ecjpake_pw=%%s default: none (disabled)\n" +-#else +-#define USAGE_ECJPAKE "" +-#endif +- +-#define USAGE \ +- "\n usage: ssl_client2 param=<>...\n" \ +- "\n acceptable parameters:\n" \ +- " server_name=%%s default: localhost\n" \ +- " server_addr=%%s default: given by name\n" \ +- " server_port=%%d default: 4433\n" \ +- " request_page=%%s default: \".\"\n" \ +- " request_size=%%d default: about 34 (basic request)\n" \ +- " (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \ +- " If 0, in the first exchange only an empty\n" \ +- " application data message is sent followed by\n" \ +- " a second non-empty message before attempting\n" \ +- " to read a response from the server\n" \ +- " debug_level=%%d default: 0 (disabled)\n" \ +- " nbio=%%d default: 0 (blocking I/O)\n" \ +- " options: 1 (non-blocking), 2 (added delays)\n" \ +- " event=%%d default: 0 (loop)\n" \ +- " options: 1 (level-triggered, implies nbio=1),\n" \ +- " read_timeout=%%d default: 0 ms (no timeout)\n" \ +- " max_resend=%%d default: 0 (no resend on timeout)\n" \ +- "\n" \ +- USAGE_DTLS \ +- "\n" \ +- " auth_mode=%%s default: (library default: none)\n" \ +- " options: none, optional, required\n" \ +- USAGE_IO \ +- "\n" \ +- USAGE_PSK \ +- USAGE_ECJPAKE \ +- "\n" \ +- " allow_legacy=%%d default: (library default: no)\n" \ +- USAGE_RENEGO \ +- " exchanges=%%d default: 1\n" \ +- " reconnect=%%d default: 0 (disabled)\n" \ +- " reco_delay=%%d default: 0 seconds\n" \ +- " reconnect_hard=%%d default: 0 (disabled)\n" \ +- USAGE_TICKETS \ +- USAGE_MAX_FRAG_LEN \ +- USAGE_TRUNC_HMAC \ +- USAGE_ALPN \ +- USAGE_FALLBACK \ +- USAGE_EMS \ +- USAGE_ETM \ +- USAGE_CURVES \ +- USAGE_RECSPLIT \ +- USAGE_DHMLEN \ +- "\n" \ +- " arc4=%%d default: (library default: 0)\n" \ +- " allow_sha1=%%d default: 0\n" \ +- " min_version=%%s default: (library default: tls1)\n" \ +- " max_version=%%s default: (library default: tls1_2)\n" \ +- " force_version=%%s default: \"\" (none)\n" \ +- " options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \ +- "\n" \ +- " force_ciphersuite= default: all enabled\n" \ +- " acceptable ciphersuite names:\n" +- +-#define ALPN_LIST_SIZE 10 +-#define CURVE_LIST_SIZE 20 +- +-/* +-* global options +-*/ +-struct options +-{ +- const char *server_name; /* hostname of the server (client only) */ +- const char *server_addr; /* address of the server (client only) */ +- const char *server_port; /* port on which the ssl service runs */ +- int debug_level; /* level of debugging */ +- int nbio; /* should I/O be blocking? */ +- int event; /* loop or event-driven IO? level or edge triggered? */ +- uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ +- int max_resend; /* DTLS times to resend on read timeout */ +- const char *request_page; /* page on server to request */ +- int request_size; /* pad request with header to requested size */ +- const char *ca_file; /* the file with the CA certificate(s) */ +- const char *ca_path; /* the path with the CA certificate(s) reside */ +- const char *crt_file; /* the file with the client certificate */ +- const char *key_file; /* the file with the client key */ +- const char *psk; /* the pre-shared key */ +- const char *psk_identity; /* the pre-shared key identity */ +- const char *ecjpake_pw; /* the EC J-PAKE password */ +- int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ +- int renegotiation; /* enable / disable renegotiation */ +- int allow_legacy; /* allow legacy renegotiation */ +- int renegotiate; /* attempt renegotiation? */ +- int renego_delay; /* delay before enforcing renegotiation */ +- int exchanges; /* number of data exchanges */ +- int min_version; /* minimum protocol version accepted */ +- int max_version; /* maximum protocol version accepted */ +- int arc4; /* flag for arc4 suites support */ +- int allow_sha1; /* flag for SHA-1 support */ +- int auth_mode; /* verify mode for connection */ +- unsigned char mfl_code; /* code for maximum fragment length */ +- int trunc_hmac; /* negotiate truncated hmac or not */ +- int recsplit; /* enable record splitting? */ +- int dhmlen; /* minimum DHM params len in bits */ +- int reconnect; /* attempt to resume session */ +- int reco_delay; /* delay in seconds before resuming session */ +- int reconnect_hard; /* unexpectedly reconnect from the same port */ +- int tickets; /* enable / disable session tickets */ +- const char *curves; /* list of supported elliptic curves */ +- const char *alpn_string; /* ALPN supported protocols */ +- int transport; /* TLS or DTLS? */ +- uint32_t hs_to_min; /* Initial value of DTLS handshake timer */ +- uint32_t hs_to_max; /* Max value of DTLS handshake timer */ +- int fallback; /* is this a fallback connection? */ +- int extended_ms; /* negotiate extended master secret? */ +- int etm; /* negotiate encrypt then mac? */ +- +-} opt; +- +-static void my_debug( void *ctx, int level, +- const char *file, int line, +- const char *str ) +-{ +- const char *p, *basename; +- +- /* Extract basename from file */ +- for (p = basename = file; *p != '\0'; p++) +- if (*p == '/' || *p == '\\') +- basename = p + 1; +- +- mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", +- basename, line, level, str ); +- fflush((FILE *)ctx); +-} +- +-/* +-* Test recv/send functions that make sure each try returns +-* WANT_READ/WANT_WRITE at least once before sucesseding +-*/ +-static int my_recv(void *ctx, unsigned char *buf, size_t len) +-{ +- static int first_try = 1; +- int ret; +- +- if( first_try ) +- { +- first_try = 0; +- return (MBEDTLS_ERR_SSL_WANT_READ); +- } +- +- ret = mbedtls_net_recv(ctx, buf, len); +- if (ret != MBEDTLS_ERR_SSL_WANT_READ) +- first_try = 1; /* Next call will be a new operation */ +- return (ret); +-} +- +- +-#ifdef _MSC_VER +-#pragma warning( disable: 4127) +-#endif +- +-static int my_send(void *ctx, const unsigned char *buf, size_t len) +-{ +- static int first_try = 1; +- int ret; +- +- if( first_try ) +- { +- first_try = 0; +- return (MBEDTLS_ERR_SSL_WANT_WRITE); +- } +- +- ret = mbedtls_net_send(ctx, buf, len); +- if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) +- first_try = 1; /* Next call will be a new operation */ +- return (ret); +-} +- +-#if defined(MBEDTLS_X509_CRT_PARSE_C) +-/* +-* Enabled if debug_level > 1 in code below +-*/ +-static int my_verify( void *data, mbedtls_x509_crt *crt, +- int depth, uint32_t *flags ) +-{ +- char buf[1024]; +- ((void)data); +- +- mbedtls_printf("\nVerify requested for (Depth %d):\n", depth); +- mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt); +- mbedtls_printf("%s", buf); +- +- if ((*flags) == 0) +- mbedtls_printf(" This certificate has no flags\n"); +- else +- { +- mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags); +- mbedtls_printf("%s\n", buf); +- } +- +- return (0); +-} +- +-static int ssl_sig_hashes_for_test[] = { +-#if defined(MBEDTLS_SHA512_C) +- MBEDTLS_MD_SHA512, +- MBEDTLS_MD_SHA384, +-#endif +-#if defined(MBEDTLS_SHA256_C) +- MBEDTLS_MD_SHA256, +- MBEDTLS_MD_SHA224, +-#endif +-#if defined(MBEDTLS_SHA1_C) +- /* Allow SHA-1 as we use it extensively in tests. */ +- MBEDTLS_MD_SHA1, +-#endif +- MBEDTLS_MD_NONE +- +-}; +-#endif /* MBEDTLS_X509_CRT_PARSE_C */ +- +-/* +- * Wait for an event from the underlying transport or the timer +- * (Used in event-driven IO mode). +- */ +-#if !defined(MBEDTLS_TIMING_C) +-int idle( mbedtls_net_context *fd, +- int idle_reason ) +-#else +-int idle( mbedtls_net_context *fd, +- mbedtls_timing_delay_context *timer, +- int idle_reason ) +-#endif +-{ +- +- int ret; +- int poll_type = 0; +- +- if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE ) +- poll_type = MBEDTLS_NET_POLL_WRITE; +- else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ ) +- poll_type = MBEDTLS_NET_POLL_READ; +-#if !defined(MBEDTLS_TIMING_C) +- else +- return( 0 ); +-#endif +- +- while( 1 ) +- { +- /* Check if timer has expired */ +-#if defined(MBEDTLS_TIMING_C) +- if( timer != NULL && +- mbedtls_timing_get_delay( timer ) == 2 ) +- { +- break; +- } +-#endif /* MBEDTLS_TIMING_C */ +- +- /* Check if underlying transport became available */ +- if( poll_type != 0 ) +- { +- ret = mbedtls_net_poll( fd, poll_type, 0 ); +- if( ret < 0 ) +- return( ret ); +- if( ret == poll_type ) +- break; +- } +- } +- +- return( 0 ); +-} +- +-sss_status_t ex_sss_entry(ex_sss_boot_ctx_t *pCtx) +-{ +- int ret = 0, len, tail_len, i, written, frags, retry_left; +- bool useKeysFromSM = true; +- int client_certificate_loaded = 0; +- sss_status_t ret_code; +- uint8_t aclient_cer[SIZE_CLIENT_CERTIFICATE] = {0}; +- +- mbedtls_net_context server_fd; +- unsigned char buf[MAX_REQUEST_SIZE + 1]; +-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +- unsigned char psk[MBEDTLS_PSK_MAX_LEN]; +- size_t psk_len = 0; +-#endif +-#if defined(MBEDTLS_SSL_ALPN) +- const char *alpn_list[ALPN_LIST_SIZE]; +-#endif +-#if defined(MBEDTLS_ECP_C) +- mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE]; +- const mbedtls_ecp_curve_info *curve_cur; +-#endif +- +- const char *pers = "ssl_client2"; +- +-#if defined(MBEDTLS_X509_CRT_PARSE_C) +- mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; +-#endif +- mbedtls_entropy_context entropy; +- mbedtls_ctr_drbg_context ctr_drbg; +- mbedtls_ssl_context ssl; +- mbedtls_ssl_config conf; +- mbedtls_ssl_session saved_session; +-#if defined(MBEDTLS_TIMING_C) +- mbedtls_timing_delay_context timer; +-#endif +-#if defined(MBEDTLS_X509_CRT_PARSE_C) +- uint32_t flags; +- mbedtls_x509_crt cacert; +- mbedtls_x509_crt clicert; +- mbedtls_pk_context pkey; +-#endif +- char *p, *q; +- const int *list; +- +-#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) /* Set public key is causing NVM writes */ +-#if defined(SMCOM_JRCP_V2) && SSS_HAVE_SE05X_VER_GTE_06_00 +- uint32_t start_nvmCount = 0; +- uint32_t end_nvmCount = 0; +-#endif +-#endif +- +- /* +- * Make sure memory references are valid. +- */ +- mbedtls_net_init( &server_fd ); +- mbedtls_ssl_init( &ssl ); +- mbedtls_ssl_config_init( &conf ); +- memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) ); +- mbedtls_ctr_drbg_init( &ctr_drbg ); +-#if defined(MBEDTLS_X509_CRT_PARSE_C) +- mbedtls_x509_crt_init( &cacert ); +- mbedtls_x509_crt_init( &clicert ); +- mbedtls_pk_init( &pkey ); +-#endif +-#if defined(MBEDTLS_SSL_ALPN) +- memset( (void * ) alpn_list, 0, sizeof( alpn_list ) ); +-#endif +- +-#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) /* Set public key is causing NVM writes */ +-#if defined(SMCOM_JRCP_V2) && SSS_HAVE_SE05X_VER_GTE_06_00 +- { +- uint32_t status = kStatus_SSS_Fail; +- sss_se05x_session_t *pSe05xSession = (sss_se05x_session_t *)&pCtx->session; +- status = smComJRCP_NvmCount(pSe05xSession->s_ctx.conn_ctx, &start_nvmCount); +- if (status == SMCOM_OK) { +- mbedtls_printf("NVM count at start : %u \n", start_nvmCount); +- } +- } +-#endif +-#endif +- if(gex_sss_argc == 0 ) +- { +- usage: +- if (ret == 0) +- ret = 1; +- +- mbedtls_printf(USAGE); +- +- list = mbedtls_ssl_list_ciphersuites(); +- while( *list ) +- { +- mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list)); +- list++; +- if (!*list) +- break; +- mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list)); +- list++; +- } +- mbedtls_printf("\n"); +- goto exit; +- } +- +- opt.server_name = DFL_SERVER_NAME; +- opt.server_addr = DFL_SERVER_ADDR; +- opt.server_port = DFL_SERVER_PORT; +- opt.debug_level = DFL_DEBUG_LEVEL; +- opt.nbio = DFL_NBIO; +- opt.event = DFL_EVENT; +- opt.read_timeout = DFL_READ_TIMEOUT; +- opt.max_resend = DFL_MAX_RESEND; +- opt.request_page = DFL_REQUEST_PAGE; +- opt.request_size = DFL_REQUEST_SIZE; +- opt.ca_file = DFL_CA_FILE; +- opt.ca_path = DFL_CA_PATH; +- opt.crt_file = DFL_CRT_FILE; +- opt.key_file = DFL_KEY_FILE; +- opt.psk = DFL_PSK; +- opt.psk_identity = DFL_PSK_IDENTITY; +- opt.ecjpake_pw = DFL_ECJPAKE_PW; +- opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; +- opt.renegotiation = DFL_RENEGOTIATION; +- opt.allow_legacy = DFL_ALLOW_LEGACY; +- opt.renegotiate = DFL_RENEGOTIATE; +- opt.exchanges = DFL_EXCHANGES; +- opt.min_version = DFL_MIN_VERSION; +- opt.max_version = DFL_MAX_VERSION; +- opt.arc4 = DFL_ARC4; +- opt.allow_sha1 = DFL_SHA1; +- opt.auth_mode = DFL_AUTH_MODE; +- opt.mfl_code = DFL_MFL_CODE; +- opt.trunc_hmac = DFL_TRUNC_HMAC; +- opt.recsplit = DFL_RECSPLIT; +- opt.dhmlen = DFL_DHMLEN; +- opt.reconnect = DFL_RECONNECT; +- opt.reco_delay = DFL_RECO_DELAY; +- opt.reconnect_hard = DFL_RECONNECT_HARD; +- opt.tickets = DFL_TICKETS; +- opt.alpn_string = DFL_ALPN_STRING; +- opt.curves = DFL_CURVES; +- opt.transport = DFL_TRANSPORT; +- opt.hs_to_min = DFL_HS_TO_MIN; +- opt.hs_to_max = DFL_HS_TO_MAX; +- opt.fallback = DFL_FALLBACK; +- opt.extended_ms = DFL_EXTENDED_MS; +- opt.etm = DFL_ETM; +- +- /* Ignore the last command line argument (used in ex_sss_main_inc.h) */ +- gex_sss_argc--; +- for (i = 1; i < gex_sss_argc; i++) +- { +- p = (char *)gex_sss_argv[i]; +- printf("%s \n", p); +- if ((q = strchr(p, '=')) == NULL) +- goto usage; +- *q++ = '\0'; +- +- if (strcmp(p, "server_name") == 0) +- opt.server_name = q; +- else if (strcmp(p, "server_addr") == 0) +- opt.server_addr = q; +- else if (strcmp(p, "server_port") == 0) +- opt.server_port = q; +- else if( strcmp( p, "dtls" ) == 0 ) +- { +- int t = atoi(q); +- if (t == 0) +- opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM; +- else if (t == 1) +- opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; +- else +- goto usage; +- } +- else if( strcmp( p, "debug_level" ) == 0 ) +- { +- opt.debug_level = atoi(q); +- if (opt.debug_level < 0 || opt.debug_level > 65535) +- goto usage; +- } +- else if( strcmp( p, "nbio" ) == 0 ) +- { +- opt.nbio = atoi(q); +- if (opt.nbio < 0 || opt.nbio > 2) +- goto usage; +- } +- else if( strcmp( p, "event" ) == 0 ) +- { +- opt.event = atoi( q ); +- if( opt.event < 0 || opt.event > 2 ) +- goto usage; +- } +- else if (strcmp(p, "read_timeout") == 0) +- opt.read_timeout = atoi(q); +- else if( strcmp( p, "max_resend" ) == 0 ) +- { +- opt.max_resend = atoi(q); +- if (opt.max_resend < 0) +- goto usage; +- } +- else if (strcmp(p, "request_page") == 0) +- opt.request_page = q; +- else if( strcmp( p, "request_size" ) == 0 ) +- { +- opt.request_size = atoi(q); +- if( opt.request_size < 0 || +- opt.request_size > MAX_REQUEST_SIZE ) +- goto usage; +- } +- else if (strcmp(p, "ca_file") == 0) +- opt.ca_file = q; +- else if (strcmp(p, "ca_path") == 0) +- opt.ca_path = q; +- else if (strcmp(p, "crt_file") == 0) +- opt.crt_file = q; +- else if (strcmp(p, "key_file") == 0) +- opt.key_file = q; +- else if (strcmp(p, "psk") == 0) +- opt.psk = q; +- else if (strcmp(p, "psk_identity") == 0) +- opt.psk_identity = q; +- else if (strcmp(p, "ecjpake_pw") == 0) +- opt.ecjpake_pw = q; +- else if( strcmp( p, "force_ciphersuite" ) == 0 ) +- { +- opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); +- +- if( opt.force_ciphersuite[0] == 0 ) +- { +- ret = 2; +- goto usage; +- } +- opt.force_ciphersuite[1] = 0; +- } +- else if( strcmp( p, "renegotiation" ) == 0 ) +- { +- opt.renegotiation = (atoi( q )) ? +- MBEDTLS_SSL_RENEGOTIATION_ENABLED : +- MBEDTLS_SSL_RENEGOTIATION_DISABLED; +- } +- else if( strcmp( p, "allow_legacy" ) == 0 ) +- { +- switch( atoi( q ) ) +- { +- case -1: +- opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; +- break; +- case 0: +- opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; +- break; +- case 1: +- opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; +- break; +- default: goto usage; +- } +- } +- else if( strcmp( p, "renegotiate" ) == 0 ) +- { +- opt.renegotiate = atoi(q); +- if (opt.renegotiate < 0 || opt.renegotiate > 1) +- goto usage; +- } +- else if( strcmp( p, "exchanges" ) == 0 ) +- { +- opt.exchanges = atoi(q); +- if (opt.exchanges < 1) +- goto usage; +- } +- else if( strcmp( p, "reconnect" ) == 0 ) +- { +- opt.reconnect = atoi(q); +- if (opt.reconnect < 0 || opt.reconnect > 2) +- goto usage; +- } +- else if( strcmp( p, "reco_delay" ) == 0 ) +- { +- opt.reco_delay = atoi(q); +- if (opt.reco_delay < 0) +- goto usage; +- } +- else if( strcmp( p, "reconnect_hard" ) == 0 ) +- { +- opt.reconnect_hard = atoi(q); +- if (opt.reconnect_hard < 0 || opt.reconnect_hard > 1) +- goto usage; +- } +- else if( strcmp( p, "tickets" ) == 0 ) +- { +- opt.tickets = atoi(q); +- if (opt.tickets < 0 || opt.tickets > 2) +- goto usage; +- } +- else if( strcmp( p, "alpn" ) == 0 ) +- { +- opt.alpn_string = q; +- } +- else if( strcmp( p, "fallback" ) == 0 ) +- { +- switch( atoi( q ) ) +- { +- case 0: opt.fallback = MBEDTLS_SSL_IS_NOT_FALLBACK; break; +- case 1: opt.fallback = MBEDTLS_SSL_IS_FALLBACK; break; +- default: goto usage; +- } +- } +- else if( strcmp( p, "extended_ms" ) == 0 ) +- { +- switch( atoi( q ) ) +- { +- case 0: +- opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; +- break; +- case 1: +- opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; +- break; +- default: goto usage; +- } +- } +- else if (strcmp(p, "curves") == 0) +- opt.curves = q; +- else if( strcmp( p, "etm" ) == 0 ) +- { +- switch( atoi( q ) ) +- { +- case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break; +- case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break; +- default: goto usage; +- } +- } +- else if( strcmp( p, "min_version" ) == 0 ) +- { +- if (strcmp(q, "ssl3") == 0) +- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0; +- else if (strcmp(q, "tls1") == 0) +- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1; +- else if( strcmp( q, "tls1_1" ) == 0 || +- strcmp( q, "dtls1" ) == 0 ) +- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; +- else if( strcmp( q, "tls1_2" ) == 0 || +- strcmp( q, "dtls1_2" ) == 0 ) +- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; +- else +- goto usage; +- } +- else if( strcmp( p, "max_version" ) == 0 ) +- { +- if (strcmp(q, "ssl3") == 0) +- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0; +- else if (strcmp(q, "tls1") == 0) +- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1; +- else if( strcmp( q, "tls1_1" ) == 0 || +- strcmp( q, "dtls1" ) == 0 ) +- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2; +- else if( strcmp( q, "tls1_2" ) == 0 || +- strcmp( q, "dtls1_2" ) == 0 ) +- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; +- else +- goto usage; +- } +- else if( strcmp( p, "arc4" ) == 0 ) +- { +- switch( atoi( q ) ) +- { +- case 0: opt.arc4 = MBEDTLS_SSL_ARC4_DISABLED; break; +- case 1: opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; break; +- default: goto usage; +- } +- } +- else if( strcmp( p, "allow_sha1" ) == 0 ) +- { +- switch( atoi( q ) ) +- { +- case 0: opt.allow_sha1 = 0; break; +- case 1: opt.allow_sha1 = 1; break; +- default: goto usage; +- } +- } +- else if( strcmp( p, "force_version" ) == 0 ) +- { +- if( strcmp( q, "ssl3" ) == 0 ) +- { +- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0; +- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0; +- } +- else if( strcmp( q, "tls1" ) == 0 ) +- { +- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1; +- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1; +- } +- else if( strcmp( q, "tls1_1" ) == 0 ) +- { +- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; +- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2; +- } +- else if( strcmp( q, "tls1_2" ) == 0 ) +- { +- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; +- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; +- } +- else if( strcmp( q, "dtls1" ) == 0 ) +- { +- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; +- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2; +- opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; +- } +- else if( strcmp( q, "dtls1_2" ) == 0 ) +- { +- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3; +- opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3; +- opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM; +- } +- else +- goto usage; +- } +- else if( strcmp( p, "auth_mode" ) == 0 ) +- { +- if (strcmp(q, "none") == 0) +- opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE; +- else if (strcmp(q, "optional") == 0) +- opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL; +- else if (strcmp(q, "required") == 0) +- opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; +- else +- goto usage; +- } +- else if( strcmp( p, "max_frag_len" ) == 0 ) +- { +- if (strcmp(q, "512") == 0) +- opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512; +- else if (strcmp(q, "1024") == 0) +- opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024; +- else if (strcmp(q, "2048") == 0) +- opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048; +- else if (strcmp(q, "4096") == 0) +- opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096; +- else +- goto usage; +- } +- else if( strcmp( p, "trunc_hmac" ) == 0 ) +- { +- switch( atoi( q ) ) +- { +- case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break; +- case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break; +- default: goto usage; +- } +- } +- else if( strcmp( p, "hs_timeout" ) == 0 ) +- { +- if ((p = strchr(q, '-')) == NULL) +- goto usage; +- *p++ = '\0'; +- opt.hs_to_min = atoi(q); +- opt.hs_to_max = atoi(p); +- if (opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min) +- goto usage; +- } +- else if( strcmp( p, "recsplit" ) == 0 ) +- { +- opt.recsplit = atoi(q); +- if (opt.recsplit < 0 || opt.recsplit > 1) +- goto usage; +- } +- else if( strcmp( p, "dhmlen" ) == 0 ) +- { +- opt.dhmlen = atoi(q); +- if (opt.dhmlen < 0) +- goto usage; +- } +- else +- goto usage; +- } +- +- /* clang-format on */ +- +- if (strcmp(opt.key_file, "none") == 0) { +- useKeysFromSM = true; +- } +- else { +- useKeysFromSM = false; +- } +- +- if (useKeysFromSM) { +- sss_status_t status; +- +- /* doc+:initialize-key-objs */ +- +- /* pex_sss_demo_tls_ctx->obj will have the private key handle */ +- status = sss_key_object_init(&pex_sss_demo_tls_ctx->obj, &pCtx->ks); +- if (status != kStatus_SSS_Success) { +- printf(" sss_key_object_init for keyPair Failed...\n"); +- return kStatus_SSS_Fail; +- } +- +- status = sss_key_object_get_handle(&pex_sss_demo_tls_ctx->obj, SSS_KEYPAIR_INDEX_CLIENT_PRIVATE); +- if (status != kStatus_SSS_Success) { +- printf(" sss_key_object_get_handle for keyPair Failed...\n"); +- return kStatus_SSS_Fail; +- } +- +- /* +- * All ecdsa verification is done using the esdsa_alt file. No need to associate the root ca pub key. +- */ +-#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) +- /* pex_sss_demo_tls_ctx->pub_obj will have the root CA public key */ +- status = sss_key_object_init(&pex_sss_demo_tls_ctx->pub_obj, &pCtx->ks); +- if (status != kStatus_SSS_Success) { +- printf(" sss_key_object_init for Pub key Failed...\n"); +- return kStatus_SSS_Fail; +- } +- +- status = sss_key_object_get_handle(&pex_sss_demo_tls_ctx->pub_obj, SSS_PUBKEY_INDEX_CA); +- if (status != kStatus_SSS_Success) { +- printf(" sss_key_object_get_handle for extPubkey Failed...\n"); +- return kStatus_SSS_Fail; +- } +-#endif +- +- /* pex_sss_demo_tls_ctx->dev_cert will have the our device certificate */ +- status = sss_key_object_init(&pex_sss_demo_tls_ctx->dev_cert, &pCtx->ks); +- if (status != kStatus_SSS_Success) { +- printf(" sss_key_object_init for Pub key Failed...\n"); +- return kStatus_SSS_Fail; +- } +- status = sss_key_object_get_handle(&pex_sss_demo_tls_ctx->dev_cert, SSS_CERTIFICATE_INDEX); +- if (status != kStatus_SSS_Success) { +- printf(" sss_key_object_get_handle for client Cert Failed...\n"); +- return kStatus_SSS_Fail; +- } +- /* doc-:initialize-key-objs */ +- } +- else { +- printf("WARNING!!!!!!!!!!!! using keys from file system"); +- } +- +- /* clang-format off */ +- +- /* Event-driven IO is incompatible with the above custom +- * receive and send functions, as the polling builds on +- * refers to the underlying net_context. */ +- if( opt.event == 1 && opt.nbio != 1 ) +- { +- mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" ); +- opt.nbio = 1; +- } +- +-#if defined(MBEDTLS_DEBUG_C) +- mbedtls_debug_set_threshold(opt.debug_level); +-#endif +- +- if( opt.force_ciphersuite[0] > 0 ) +- { +- const mbedtls_ssl_ciphersuite_t *ciphersuite_info; +- ciphersuite_info = +- mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); +- +- if (opt.max_version != -1 && +- ciphersuite_info->min_minor_ver > opt.max_version ) +- { +- mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); +- ret = 2; +- goto usage; +- } +- if (opt.min_version != -1 && +- ciphersuite_info->max_minor_ver < opt.min_version ) +- { +- mbedtls_printf("forced ciphersuite not allowed with this protocol version\n"); +- ret = 2; +- goto usage; +- } +- +- /* If the server selects a version that's not supported by +- * this suite, then there will be no common ciphersuite... */ +- if (opt.max_version == -1 || +- opt.max_version > ciphersuite_info->max_minor_ver ) +- { +- opt.max_version = ciphersuite_info->max_minor_ver; +- } +- if( opt.min_version < ciphersuite_info->min_minor_ver ) +- { +- opt.min_version = ciphersuite_info->min_minor_ver; +- /* DTLS starts with TLS 1.1 */ +- if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && +- opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2) +- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; +- } +- +- /* Enable RC4 if needed and not explicitly disabled */ +- if( ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) +- { +- if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED ) +- { +- mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n"); +- ret = 2; +- goto usage; +- } +- +- opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; +- } +- } +- +-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +- /* +- * Unhexify the pre-shared key if any is given +- */ +- if( strlen( opt.psk ) ) +- { +- unsigned char c; +- size_t j; +- +- if( strlen( opt.psk ) % 2 != 0 ) +- { +- mbedtls_printf("pre-shared key not valid hex\n"); +- goto exit; +- } +- +- psk_len = strlen(opt.psk) / 2; +- +- for( j = 0; j < strlen( opt.psk ); j += 2 ) +- { +- c = opt.psk[j]; +- if (c >= '0' && c <= '9') +- c -= '0'; +- else if (c >= 'a' && c <= 'f') +- c -= 'a' - 10; +- else if (c >= 'A' && c <= 'F') +- c -= 'A' - 10; +- else +- { +- mbedtls_printf("pre-shared key not valid hex\n"); +- goto exit; +- } +- psk[j / 2] = c << 4; +- +- c = opt.psk[j + 1]; +- if (c >= '0' && c <= '9') +- c -= '0'; +- else if (c >= 'a' && c <= 'f') +- c -= 'a' - 10; +- else if (c >= 'A' && c <= 'F') +- c -= 'A' - 10; +- else +- { +- mbedtls_printf("pre-shared key not valid hex\n"); +- goto exit; +- } +- psk[j / 2] |= c; +- } +- } +-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ +- +-#if defined(MBEDTLS_ECP_C) +- if( opt.curves != NULL ) +- { +- p = (char *)opt.curves; +- i = 0; +- +- if( strcmp( p, "none" ) == 0 ) +- { +- curve_list[0] = MBEDTLS_ECP_DP_NONE; +- } +- else if( strcmp( p, "default" ) != 0 ) +- { +- /* Leave room for a final NULL in curve list */ +- while( i < CURVE_LIST_SIZE - 1 && *p != '\0' ) +- { +- q = p; +- +- /* Terminate the current string */ +- while (*p != ',' && *p != '\0') +- p++; +- if (*p == ',') +- *p++ = '\0'; +- +- if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL ) +- { +- curve_list[i++] = curve_cur->grp_id; +- } +- else +- { +- mbedtls_printf("unknown curve %s\n", q); +- mbedtls_printf("supported curves: "); +- for (curve_cur = mbedtls_ecp_curve_list(); +- curve_cur->grp_id != MBEDTLS_ECP_DP_NONE; +- curve_cur++ ) +- { +- mbedtls_printf("%s ", curve_cur->name); +- } +- mbedtls_printf("\n"); +- goto exit; +- } +- } +- +- mbedtls_printf("Number of curves: %d\n", i); +- +- if( i == CURVE_LIST_SIZE - 1 && *p != '\0' ) +- { +- mbedtls_printf( "curves list too long, maximum %d", +- CURVE_LIST_SIZE - 1 ); +- goto exit; +- } +- +- curve_list[i] = MBEDTLS_ECP_DP_NONE; +- } +- } +-#endif /* MBEDTLS_ECP_C */ +- +-#if defined(MBEDTLS_SSL_ALPN) +- if( opt.alpn_string != NULL ) +- { +- p = (char *)opt.alpn_string; +- i = 0; +- +- /* Leave room for a final NULL in alpn_list */ +- while( i < ALPN_LIST_SIZE - 1 && *p != '\0' ) +- { +- alpn_list[i++] = p; +- +- /* Terminate the current string and move on to next one */ +- while (*p != ',' && *p != '\0') +- p++; +- if (*p == ',') +- *p++ = '\0'; +- } +- } +-#endif /* MBEDTLS_SSL_ALPN */ +- +- /* +- * 0. Initialize the RNG and the session data +- */ +- mbedtls_printf("\n . Seeding the random number generator..."); +- fflush(stdout); +- +- mbedtls_entropy_init(&entropy); +- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, +- &entropy, (const unsigned char *) pers, +- strlen( pers ) ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", +- -ret ); +- goto exit; +- } +- +- mbedtls_printf(" ok\n"); +- +-#if defined(MBEDTLS_X509_CRT_PARSE_C) +- /* +- * 1.1. Load the trusted CA +- */ +- mbedtls_printf(" . Loading the CA root certificate ..."); +- fflush(stdout); +- +-#if defined(MBEDTLS_FS_IO) +- if (strlen(opt.ca_path)) +- if (strcmp(opt.ca_path, "none") == 0) +- ret = 0; +- else +- ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path); +- else if (strlen(opt.ca_file)) +- if (strcmp(opt.ca_file, "none") == 0) +- ret = 0; +- else +- ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file); +- else +-#endif +-#if defined(MBEDTLS_CERTS_C) +- for( i = 0; mbedtls_test_cas[i] != NULL; i++ ) +- { +- ret = mbedtls_x509_crt_parse(&cacert, +- (const unsigned char *)mbedtls_test_cas[i], +- mbedtls_test_cas_len[i]); +- if (ret != 0) +- break; +- } +-#else +- { +- ret = 1; +- mbedtls_printf("MBEDTLS_CERTS_C not defined."); +- } +-#endif +- if (useKeysFromSM) { +- +-#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) +- /* doc+:use-public-key-from-se */ +- mbedtls_pk_free(&cacert.pk); +- ret = sss_mbedtls_associate_pubkey(&cacert.pk, &pex_sss_demo_tls_ctx->pub_obj); +- /* doc-:use-public-key-from-se */ +-#else +- /* doc+:ecdsa-verify-alt-set-keystore */ +- sss_mbedtls_set_sss_keystore(&pCtx->ks); +- /* doc-:ecdsa-verify-alt-set-keystore */ +-#endif +- } +- if( ret < 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +- mbedtls_printf(" ok (%d skipped)\n", ret); +- +- /* +- * 1.2. Load own certificate and private key +- * +- * (can be skipped if client authentication is not required) +- */ +- mbedtls_printf(" . Loading the client cert. and key..."); +- fflush(stdout); +- +-#if defined(MBEDTLS_FS_IO) +- if (strlen(opt.crt_file)) +- if( strcmp( opt.crt_file, "none" ) == 0 ) +- { +- +- /* doc+:load-certificate-from-se */ +- size_t KeyBitLen = SIZE_CLIENT_CERTIFICATE * 8; +- size_t KeyByteLen = SIZE_CLIENT_CERTIFICATE; +- +- ret_code = sss_key_store_get_key( +- &pCtx->ks, &pex_sss_demo_tls_ctx->dev_cert, aclient_cer, &KeyByteLen, &KeyBitLen); +- +- ret = mbedtls_x509_crt_parse_der(&clicert, +- (const unsigned char *)aclient_cer, +- sizeof(aclient_cer)); +- if ((ret_code == kStatus_SSS_Success) && (ret == 0)) { +- client_certificate_loaded = 1; +- } +- /* doc-:load-certificate-from-se */ +- } +- else +- +- ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file); +- else +-#endif +-#if defined(MBEDTLS_CERTS_C) +- ret = mbedtls_x509_crt_parse( &clicert, +- (const unsigned char *) mbedtls_test_cli_crt, +- mbedtls_test_cli_crt_len); +-#else +- { +- ret = 1; +- mbedtls_printf("MBEDTLS_CERTS_C not defined."); +- } +-#endif +- if (useKeysFromSM) { +- // for private key, we use the KEY from SE. +- mbedtls_pk_free(&clicert.pk); +- } +- if( ret != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +-#if defined(MBEDTLS_FS_IO) +- if (useKeysFromSM) { +- /* doc+:set-handle-to-use-private-key-from-se */ +- sss_mbedtls_associate_keypair(&pkey, &pex_sss_demo_tls_ctx->obj); +- /* doc-:set-handle-to-use-private-key-from-se */ +- } +- else if (strlen(opt.key_file)) +- if (strcmp(opt.key_file, "none") == 0) +- ret = 0; +- else +- ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, ""); +- else +-#endif +-#if defined(MBEDTLS_CERTS_C) +- ret = mbedtls_pk_parse_key( &pkey, +- (const unsigned char *) mbedtls_test_cli_key, +- mbedtls_test_cli_key_len, NULL, 0 ); +-#else +- { +- ret = 1; +- mbedtls_printf("MBEDTLS_CERTS_C not defined."); +- } +-#endif +- +- +- if( ret != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +- mbedtls_printf(" ok\n"); +-#endif /* MBEDTLS_X509_CRT_PARSE_C */ +- +- /* +- * 2. Start the connection +- */ +- if (opt.server_addr == NULL) +- opt.server_addr = opt.server_name; +- +- mbedtls_printf(" . Connecting to %s/%s/%s...", +- opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp", +- opt.server_addr, opt.server_port ); +- fflush(stdout); +- +- if( ( ret = mbedtls_net_connect( &server_fd, +- opt.server_addr, opt.server_port, +- opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? +- MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +- if (opt.nbio > 0) +- ret = mbedtls_net_set_nonblock(&server_fd); +- else +- ret = mbedtls_net_set_block(&server_fd); +- if( ret != 0 ) +- { +- mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +- mbedtls_printf(" ok\n"); +- +- /* +- * 3. Setup stuff +- */ +- mbedtls_printf(" . Setting up the SSL/TLS structure..."); +- fflush(stdout); +- +- if ((ret = mbedtls_ssl_config_defaults(&conf, +- MBEDTLS_SSL_IS_CLIENT, +- opt.transport, +- MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +-#if defined(MBEDTLS_X509_CRT_PARSE_C) +- /* The default algorithms profile disables SHA-1, but our tests still +- rely on it heavily. */ +- if( opt.allow_sha1 > 0 ) +- { +- crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ); +- mbedtls_ssl_conf_cert_profile(&conf, &crt_profile_for_test); +- mbedtls_ssl_conf_sig_hashes(&conf, ssl_sig_hashes_for_test); +- } +- +- if (opt.debug_level > 0) +- mbedtls_ssl_conf_verify(&conf, my_verify, NULL); +-#endif /* MBEDTLS_X509_CRT_PARSE_C */ +- +- if (opt.auth_mode != DFL_AUTH_MODE) +- mbedtls_ssl_conf_authmode(&conf, opt.auth_mode); +- +-#if defined(MBEDTLS_SSL_PROTO_DTLS) +- if (opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX) +- mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, +- opt.hs_to_max ); +-#endif /* MBEDTLS_SSL_PROTO_DTLS */ +- +-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) +- if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", +- ret ); +- goto exit; +- } +-#endif +- +-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) +- if (opt.trunc_hmac != DFL_TRUNC_HMAC) +- mbedtls_ssl_conf_truncated_hmac(&conf, opt.trunc_hmac); +-#endif +- +-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) +- if (opt.extended_ms != DFL_EXTENDED_MS) +- mbedtls_ssl_conf_extended_master_secret(&conf, opt.extended_ms); +-#endif +- +-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) +- if (opt.etm != DFL_ETM) +- mbedtls_ssl_conf_encrypt_then_mac(&conf, opt.etm); +-#endif +- +-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) +- if (opt.recsplit != DFL_RECSPLIT) +- mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit +- ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED +- : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ); +-#endif +- +-#if defined(MBEDTLS_DHM_C) +- if (opt.dhmlen != DFL_DHMLEN) +- mbedtls_ssl_conf_dhm_min_bitlen(&conf, opt.dhmlen); +-#endif +- +-#if defined(MBEDTLS_SSL_ALPN) +- if (opt.alpn_string != NULL) +- if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", +- ret ); +- goto exit; +- } +-#endif +- +- mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); +- mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); +- +- mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout); +- +-#if defined(MBEDTLS_SSL_SESSION_TICKETS) +- mbedtls_ssl_conf_session_tickets(&conf, opt.tickets); +-#endif +- +- if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) +- mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite); +- +-#if defined(MBEDTLS_ARC4_C) +- if (opt.arc4 != DFL_ARC4) +- mbedtls_ssl_conf_arc4_support(&conf, opt.arc4); +-#endif +- +- if (opt.allow_legacy != DFL_ALLOW_LEGACY) +- mbedtls_ssl_conf_legacy_renegotiation(&conf, opt.allow_legacy); +-#if defined(MBEDTLS_SSL_RENEGOTIATION) +- mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation); +-#endif +- +-#if defined(MBEDTLS_X509_CRT_PARSE_C) +- if( strcmp( opt.ca_path, "none" ) != 0 && +- strcmp( opt.ca_file, "none" ) != 0 ) +- { +- mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); +- } +- if( ( +- (strcmp( opt.crt_file, "none" ) != 0) +- || (client_certificate_loaded == 1))&& +- ((strcmp( opt.key_file, "none" ) != 0) || (useKeysFromSM )) ) +- { +- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", +- ret ); +- goto exit; +- } +- } +-#endif +- +-#if defined(MBEDTLS_ECP_C) +- if( opt.curves != NULL && +- strcmp( opt.curves, "default" ) != 0 ) +- { +- mbedtls_ssl_conf_curves(&conf, curve_list); +- } +-#endif +- +-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +- if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len, +- (const unsigned char *)opt.psk_identity, +- strlen( opt.psk_identity ) ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", +- ret ); +- goto exit; +- } +-#endif +- +- if (opt.min_version != DFL_MIN_VERSION) +- mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, +- opt.min_version ); +- +- if (opt.max_version != DFL_MAX_VERSION) +- mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, +- opt.max_version ); +- +-#if defined(MBEDTLS_SSL_FALLBACK_SCSV) +- if (opt.fallback != DFL_FALLBACK) +- mbedtls_ssl_conf_fallback(&conf, opt.fallback); +-#endif +- +- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +- if (pex_sss_demo_tls_ctx->obj.cipherType == kSSS_CipherType_EC_NIST_P || +- pex_sss_demo_tls_ctx->obj.cipherType == kSSS_CipherType_EC_NIST_K || +- pex_sss_demo_tls_ctx->obj.cipherType == kSSS_CipherType_EC_BRAINPOOL || +- pex_sss_demo_tls_ctx->obj.cipherType == kSSS_CipherType_EC_MONTGOMERY || +- pex_sss_demo_tls_ctx->obj.cipherType == kSSS_CipherType_EC_TWISTED_ED) +- { +- if (useKeysFromSM) { +- /* doc+:use-private-key-for-ecdh */ +- sss_mbedtls_associate_ecdhctx(ssl.handshake, &pex_sss_demo_tls_ctx->obj, &pCtx->host_ks); +- /* doc-:use-private-key-for-ecdh */ +- } +- } +- +-#if defined(MBEDTLS_X509_CRT_PARSE_C) +- if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", +- ret ); +- goto exit; +- } +-#endif +- +-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +- if( opt.ecjpake_pw != DFL_ECJPAKE_PW ) +- { +- if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, +- (const unsigned char *)opt.ecjpake_pw, +- strlen( opt.ecjpake_pw ) ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", +- ret ); +- goto exit; +- } +- } +-#endif +- +- if (opt.nbio == 2) +- mbedtls_ssl_set_bio(&ssl, &server_fd, my_send, my_recv, NULL); +- else +- mbedtls_ssl_set_bio( &ssl, &server_fd, +- mbedtls_net_send, mbedtls_net_recv, +- opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL); +- +-#if defined(MBEDTLS_TIMING_C) +- mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, +- mbedtls_timing_get_delay ); +-#endif +- +- mbedtls_printf(" ok\n"); +- +- /* +- * 4. Handshake +- */ +- mbedtls_printf(" . Performing the SSL/TLS handshake..."); +- fflush(stdout); +- +- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) +- { +- if( ret != MBEDTLS_ERR_SSL_WANT_READ && +- ret != MBEDTLS_ERR_SSL_WANT_WRITE ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", +- -ret ); +- if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) +- mbedtls_printf( +- " Unable to verify the server's certificate. " +- "Either it is invalid,\n" +- " or you didn't set ca_file or ca_path " +- "to an appropriate value.\n" +- " Alternatively, you may want to use " +- "auth_mode=optional for testing purposes.\n"); +- mbedtls_printf("\n"); +- goto exit; +- } +- +- /* For event-driven IO, wait for socket to become available */ +- if( opt.event == 1 /* level triggered IO */ ) +- { +-#if defined(MBEDTLS_TIMING_C) +- ret = idle( &server_fd, &timer, ret ); +-#else +- ret = idle( &server_fd, ret ); +-#endif +- if( ret != 0 ) +- goto exit; +- } +- } +- +- mbedtls_printf(" ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n", +- mbedtls_ssl_get_version( &ssl ), +- mbedtls_ssl_get_ciphersuite( &ssl ) ); +- +- if ((ret = mbedtls_ssl_get_record_expansion(&ssl)) >= 0) +- mbedtls_printf(" [ Record expansion is %d ]\n", ret); +- else +- mbedtls_printf(" [ Record expansion is unknown (compression) ]\n"); +- +-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) +- mbedtls_printf(" [ Maximum fragment length is %u ]\n", +- (unsigned int)mbedtls_ssl_get_max_frag_len(&ssl)); +-#endif +- +-#if defined(MBEDTLS_SSL_ALPN) +- if( opt.alpn_string != NULL ) +- { +- const char *alp = mbedtls_ssl_get_alpn_protocol(&ssl); +- mbedtls_printf( " [ Application Layer Protocol is %s ]\n", +- alp ? alp : "(none)" ); +- } +-#endif +- +- if( opt.reconnect != 0 ) +- { +- mbedtls_printf(" . Saving session for reuse..."); +- fflush(stdout); +- +- if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +- mbedtls_printf(" ok\n"); +- } +- +-#if defined(MBEDTLS_X509_CRT_PARSE_C) +- /* +- * 5. Verify the server certificate +- */ +- mbedtls_printf(" . Verifying peer X.509 certificate..."); +- +- if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) +- { +- char vrfy_buf[512]; +- +- mbedtls_printf(" failed\n"); +- +- mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), +- " ! ", flags ); +- +- mbedtls_printf("%s\n", vrfy_buf); +- } +- else +- mbedtls_printf(" ok\n"); +- +- if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL ) +- { +- mbedtls_printf(" . Peer certificate information ...\n"); +- mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", +- mbedtls_ssl_get_peer_cert(&ssl)); +- mbedtls_printf("%s\n", buf); +- } +-#endif /* MBEDTLS_X509_CRT_PARSE_C */ +- +-#if defined(MBEDTLS_SSL_RENEGOTIATION) +- if( opt.renegotiate ) +- { +- /* +- * Perform renegotiation (this must be done when the server is waiting +- * for input from our side). +- */ +- mbedtls_printf(" . Performing renegotiation..."); +- fflush(stdout); +- while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 ) +- { +- if (ret != MBEDTLS_ERR_SSL_WANT_READ && +- ret != MBEDTLS_ERR_SSL_WANT_WRITE ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", +- ret ); +- goto exit; +- } +- +- /* For event-driven IO, wait for socket to become available */ +- if( opt.event == 1 /* level triggered IO */ ) +- { +-#if defined(MBEDTLS_TIMING_C) +- idle( &server_fd, &timer, ret ); +-#else +- idle( &server_fd, ret ); +-#endif +- } +- +- } +- mbedtls_printf(" ok\n"); +- } +-#endif /* MBEDTLS_SSL_RENEGOTIATION */ +- +- /* +- * 6. Write the GET request +- */ +- retry_left = opt.max_resend; +-send_request: +- mbedtls_printf(" > Write to server:"); +- fflush(stdout); +- +- len = mbedtls_snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST, +- opt.request_page ); +- tail_len = (int)strlen(GET_REQUEST_END); +- +- /* Add padding to GET request to reach opt.request_size in length */ +- if (opt.request_size != DFL_REQUEST_SIZE && +- len + tail_len < opt.request_size ) +- { +- memset(buf + len, 'A', opt.request_size - len - tail_len); +- for (i = 0; i < opt.request_size - len - tail_len; i++) +- { +- *(buf + len + i) = 'A' + (i % 26); +- } +- len += opt.request_size - len - tail_len; +- } +- +- strncpy((char *)buf + len, GET_REQUEST_END, sizeof(buf) - len - 1); +- len += tail_len; +- +- /* Truncate if request size is smaller than the "natural" size */ +- if( opt.request_size != DFL_REQUEST_SIZE && +- len > opt.request_size ) +- { +- len = opt.request_size; +- +- /* Still end with \r\n unless that's really not possible */ +- if( len >= 2 ) buf[len - 2] = '\r'; +- if( len >= 1 ) buf[len - 1] = '\n'; +- } +- +- if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ) +- { +- written = 0; +- frags = 0; +- +- do +- { +- while( ( ret = mbedtls_ssl_write( &ssl, buf + written, +- len - written ) ) < 0 ) +- { +- if (ret != MBEDTLS_ERR_SSL_WANT_READ && +- ret != MBEDTLS_ERR_SSL_WANT_WRITE ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +- /* For event-driven IO, wait for socket to become available */ +- if( opt.event == 1 /* level triggered IO */ ) +- { +-#if defined(MBEDTLS_TIMING_C) +- idle( &server_fd, &timer, ret ); +-#else +- idle( &server_fd, ret ); +-#endif +- } +- } +- +- frags++; +- written += ret; +- } +- while( written < len ); +- } +- else /* Not stream, so datagram */ +- { +- while( 1 ) +- { +- ret = mbedtls_ssl_write( &ssl, buf, len ); +- +- if( ret != MBEDTLS_ERR_SSL_WANT_READ && +- ret != MBEDTLS_ERR_SSL_WANT_WRITE ) +- break; +- +- /* For event-driven IO, wait for socket to become available */ +- if( opt.event == 1 /* level triggered IO */ ) +- { +-#if defined(MBEDTLS_TIMING_C) +- idle( &server_fd, &timer, ret ); +-#else +- idle( &server_fd, ret ); +-#endif +- } +- } +- +- if( ret < 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", +- ret ); +- goto exit; +- } +- +- frags = 1; +- written = ret; +- +- if( written < len ) +- { +- mbedtls_printf( " warning\n ! request didn't fit into single datagram and " +- "was truncated to size %u", (unsigned) written ); +- } +- } +- +- buf[written] = '\0'; +- mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", +- written, frags, (char *) buf ); +- +- /* Send a non-empty request if request_size == 0 */ +- if ( len == 0 ) +- { +- opt.request_size = DFL_REQUEST_SIZE; +- goto send_request; +- } +- +- /* +- * 7. Read the HTTP response +- */ +- mbedtls_printf(" < Read from server:"); +- fflush(stdout); +- +- /* +- * TLS and DTLS need different reading styles (stream vs datagram) +- */ +- if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ) +- { +- do +- { +- len = sizeof(buf) - 1; +- memset(buf, 0, sizeof(buf)); +- ret = mbedtls_ssl_read(&ssl, buf, len); +- +- if (ret == MBEDTLS_ERR_SSL_WANT_READ || +- ret == MBEDTLS_ERR_SSL_WANT_WRITE) +- { +- /* For event-driven IO, wait for socket to become available */ +- if( opt.event == 1 /* level triggered IO */ ) +- { +-#if defined(MBEDTLS_TIMING_C) +- idle( &server_fd, &timer, ret ); +-#else +- idle( &server_fd, ret ); +-#endif +- } +- continue; +- } +- +- if( ret <= 0 ) +- { +- switch( ret ) +- { +- case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: +- mbedtls_printf(" connection was closed gracefully\n"); +- ret = 0; +- goto close_notify; +- +- case 0: +- case MBEDTLS_ERR_NET_CONN_RESET: +- mbedtls_printf(" connection was reset by peer\n"); +- ret = 0; +- goto reconnect; +- +- default: +- mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", +- -ret ); +- goto exit; +- } +- } +- +- len = ret; +- buf[len] = '\0'; +- mbedtls_printf(" %d bytes read\n\n%s", len, (char *)buf); +- +- /* End of message should be detected according to the syntax of the +- * application protocol (eg HTTP), just use a dummy test here. */ +- if( ret > 0 && buf[len-1] == '\n' ) +- { +- ret = 0; +- break; +- } +- } +- while( 1 ); +- } +- else /* Not stream, so datagram */ +- { +- len = sizeof(buf) - 1; +- memset(buf, 0, sizeof(buf)); +- +- while( 1 ) +- { +- ret = mbedtls_ssl_read( &ssl, buf, len ); +- +- if( ret != MBEDTLS_ERR_SSL_WANT_READ && +- ret != MBEDTLS_ERR_SSL_WANT_WRITE ) +- break; +- +- /* For event-driven IO, wait for socket to become available */ +- if( opt.event == 1 /* level triggered IO */ ) +- { +-#if defined(MBEDTLS_TIMING_C) +- idle( &server_fd, &timer, ret ); +-#else +- idle( &server_fd, ret ); +-#endif +- } +- } +- +- if( ret <= 0 ) +- { +- switch( ret ) +- { +- case MBEDTLS_ERR_SSL_TIMEOUT: +- mbedtls_printf(" timeout\n"); +- if (retry_left-- > 0) +- goto send_request; +- goto exit; +- +- case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: +- mbedtls_printf(" connection was closed gracefully\n"); +- ret = 0; +- goto close_notify; +- +- default: +- mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", -ret); +- goto exit; +- } +- } +- +- len = ret; +- buf[len] = '\0'; +- mbedtls_printf(" %d bytes read\n\n%s", len, (char *)buf); +- ret = 0; +- } +- +- /* +- * 7b. Simulate hard reset and reconnect from same port? +- */ +- if( opt.reconnect_hard != 0 ) +- { +- opt.reconnect_hard = 0; +- +- mbedtls_printf(" . Restarting connection from same port..."); +- fflush(stdout); +- +- if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) +- { +- if (ret != MBEDTLS_ERR_SSL_WANT_READ && +- ret != MBEDTLS_ERR_SSL_WANT_WRITE ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +- /* For event-driven IO, wait for socket to become available */ +- if( opt.event == 1 /* level triggered IO */ ) +- { +-#if defined(MBEDTLS_TIMING_C) +- idle( &server_fd, &timer, ret ); +-#else +- idle( &server_fd, ret ); +-#endif +- } +- } +- +- mbedtls_printf(" ok\n"); +- +- goto send_request; +- } +- +- /* +- * 7c. Continue doing data exchanges? +- */ +- if (--opt.exchanges > 0) +- goto send_request; +- +- /* +- * 8. Done, cleanly close the connection +- */ +-close_notify: +- mbedtls_printf(" . Closing the connection..."); +- fflush(stdout); +- +- /* No error checking, the connection might be closed already */ +- do ret = mbedtls_ssl_close_notify( &ssl ); +- while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); +- ret = 0; +- +- mbedtls_printf(" done\n"); +- +- /* +- * 9. Reconnect? +- */ +-reconnect: +- if( opt.reconnect != 0 ) +- { +- --opt.reconnect; +- +- mbedtls_net_free(&server_fd); +- +-#if defined(MBEDTLS_TIMING_C) +- if (opt.reco_delay > 0) +- mbedtls_net_usleep(1000000 * opt.reco_delay); +-#endif +- +- mbedtls_printf(" . Reconnecting with saved session..."); +- +- if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +- if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n", +- ret ); +- goto exit; +- } +- +- if( ( ret = mbedtls_net_connect( &server_fd, +- opt.server_addr, opt.server_port, +- opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? +- MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) +- { +- mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +- if (opt.nbio > 0) +- ret = mbedtls_net_set_nonblock(&server_fd); +- else +- ret = mbedtls_net_set_block(&server_fd); +- if( ret != 0 ) +- { +- mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- +- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) +- { +- if (ret != MBEDTLS_ERR_SSL_WANT_READ && +- ret != MBEDTLS_ERR_SSL_WANT_WRITE ) +- { +- mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", +- -ret ); +- goto exit; +- } +- } +- +- mbedtls_printf(" ok\n"); +- +- goto send_request; +- } +- +- /* +- * Cleanup and exit +- */ +-exit: +- +-#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) /* Set public key is causing NVM writes */ +-#if defined(SMCOM_JRCP_V2) && SSS_HAVE_SE05X_VER_GTE_06_00 +- { +- uint32_t status = kStatus_SSS_Fail; +- sss_se05x_session_t *pSe05xSession = (sss_se05x_session_t *)&pCtx->session; +- status = smComJRCP_NvmCount(pSe05xSession->s_ctx.conn_ctx, &end_nvmCount); +- if (status == SMCOM_OK) { +- mbedtls_printf("NVM count at end : %u \n", end_nvmCount); +- } +- +- /* Ignore one nvm write for rsa sign for the first time */ +- if (end_nvmCount > start_nvmCount + 1){ +- mbedtls_printf("NVM write not expected\n"); +- } +- } +-#endif +-#endif +- +-#ifdef MBEDTLS_ERROR_C +- if( ret != 0 ) +- { +- char error_buf[100]; +- mbedtls_strerror(ret, error_buf, 100); +- mbedtls_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf); +- } +-#endif +- +- mbedtls_net_free(&server_fd); +- +-#if defined(MBEDTLS_X509_CRT_PARSE_C) +- mbedtls_x509_crt_free(&clicert); +- mbedtls_x509_crt_free(&cacert); +- mbedtls_pk_free(&pkey); +-#endif +- mbedtls_ssl_session_free(&saved_session); +- mbedtls_ssl_free(&ssl); +- mbedtls_ssl_config_free(&conf); +- mbedtls_ctr_drbg_free(&ctr_drbg); +- mbedtls_entropy_free(&entropy); +- +-//#if defined(_WIN32) +-// mbedtls_printf(" + Press Enter to exit this program.\n"); +-// fflush( stdout ); getchar(); +-//#endif +- +- // Shell can not handle large exit numbers -> 1 for errors +- if (ret < 0) +- ret = kStatus_SSS_Fail; +- +- return kStatus_SSS_Success; +-} +-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && +-MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && +-MBEDTLS_CTR_DRBG_C MBEDTLS_TIMING_C */ +- +-/* clang-format on */ +-#endif //__MBED__ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot.c +deleted file mode 100644 +index 8a36a800f3..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot.c ++++ /dev/null +@@ -1,280 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file +- * +- * ex_sss_boot.c: *The purpose and scope of this file* +- * +- * Project: SecureIoTMW-Debug@appboot-top-eclipse_x86 +- * +- * $Date: Mar 10, 2019 $ +- * $Author: ing05193 $ +- * $Revision$ +- */ +- +-/* ***************************************************************************************************************** +- * Includes +- * ***************************************************************************************************************** */ +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#include "ex_sss_boot.h" +- +-#include +-#include +- +-#include "ex_sss_boot_int.h" +-#include "nxLog_App.h" +-#include "stdio.h" +-#if defined(SECURE_WORLD) +-#include "fsl_sss_lpc55s_apis.h" +-#endif +-#if SSS_HAVE_APPLET_SE05X_IOT +-#include "se05x_APDU.h" +-#endif +- +-/* ***************************************************************************************************************** +- * Internal Definitions +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Type Definitions +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Global and Static Variables +- * Total Size: NNNbytes +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Private Functions Prototypes +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Public Functions +- * ***************************************************************************************************************** */ +- +-sss_status_t ex_sss_boot_open(ex_sss_boot_ctx_t *pCtx, const char *portName) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- +-#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM +- status = ex_sss_boot_a71ch_open(pCtx, portName); +-#elif SSS_HAVE_A71CL || SSS_HAVE_SE050_L +- status = ex_sss_boot_a71cl_open(pCtx, portName); +-#elif SSS_HAVE_APPLET_SE05X_IOT +- status = ex_sss_boot_se05x_open(pCtx, portName); +-#elif SSS_HAVE_SE +- status = ex_sss_boot_se_open(pCtx, portName); +-#elif SSS_HAVE_MBEDTLS +- status = ex_sss_boot_mbedtls_open(pCtx, portName); +-#elif SSS_HAVE_OPENSSL +- status = ex_sss_boot_openssl_open(pCtx, portName); +-#endif +- return status; +-} +- +-sss_status_t ex_sss_boot_open_on_id(ex_sss_boot_ctx_t *pCtx, const char *portName, const int32_t authId) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- +-#if SSS_HAVE_APPLET_SE05X_IOT +- status = ex_sss_boot_se05x_open_on_Id(pCtx, portName, authId); +-#endif +- return status; +-} +- +-sss_status_t ex_sss_boot_factory_reset(ex_sss_boot_ctx_t *pCtx) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- +-#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM +- uint16_t ret; +- ret = HLSE_DbgReset(); +- if (ret == HLSE_SW_OK) +- status = kStatus_SSS_Success; +- +-#elif SSS_HAVE_A71CL || SSS_HAVE_SE050_L +- status = kStatus_SSS_Success; +- +-#elif SSS_HAVE_APPLET_SE05X_IOT +- smStatus_t st; +- sss_se05x_session_t *pSession = (sss_se05x_session_t *)&pCtx->session; +- st = Se05x_API_DeleteAll_Iterative(&pSession->s_ctx); +- if (st == SW_OK) +- status = kStatus_SSS_Success; +- +-#elif SSS_HAVE_MBEDTLS +- status = kStatus_SSS_Success; +-#elif SSS_HAVE_OPENSSL +- status = kStatus_SSS_Success; +-#else +- LOG_E("Select atleast one security subsystem"); +-#endif +- return status; +-} +- +-sss_status_t ex_sss_key_store_and_object_init(ex_sss_boot_ctx_t *pCtx) +-{ +- sss_status_t status; +- status = sss_key_store_context_init(&pCtx->ks, &pCtx->session); +- if (status != kStatus_SSS_Success) { +- LOG_E(" sss_key_store_context_init Failed..."); +- goto cleanup; +- } +- +- status = sss_key_store_allocate(&pCtx->ks, __LINE__); +- if (status != kStatus_SSS_Success) { +- LOG_E(" sss_key_store_allocate Failed..."); +- goto cleanup; +- } +- +-cleanup: +- return status; +-} +- +-#if ((SSS_HAVE_HOSTCRYPTO_ANY) && \ +- ((SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) || (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) || \ +- (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03))) +-static void free_auth_objects(SE_Connect_Ctx_t *pConnectCtx) +-{ +- if (pConnectCtx->auth.authType == kSSS_AuthType_ID) { +- sss_host_key_object_free(pConnectCtx->auth.ctx.idobj.pObj); +- } +- +- if (pConnectCtx->auth.authType == kSSS_AuthType_SCP03 || pConnectCtx->auth.authType == kSSS_AuthType_AESKey) { +- NXSCP03_AuthCtx_t *pSC = &pConnectCtx->auth.ctx.scp03; +- sss_host_key_object_free(&pSC->pStatic_ctx->Enc); +- sss_host_key_object_free(&pSC->pStatic_ctx->Mac); +- sss_host_key_object_free(&pSC->pStatic_ctx->Dek); +- sss_host_key_object_free(&pSC->pDyn_ctx->Enc); +- sss_host_key_object_free(&pSC->pDyn_ctx->Mac); +- sss_host_key_object_free(&pSC->pDyn_ctx->Rmac); +- } +- +- if (pConnectCtx->auth.authType == kSSS_AuthType_ECKey) { +- SE05x_AuthCtx_ECKey_t *pEC = &pConnectCtx->auth.ctx.eckey; +- sss_host_key_object_free(&pEC->pStatic_ctx->HostEcdsaObj); +- sss_host_key_object_free(&pEC->pStatic_ctx->HostEcKeypair); +- sss_host_key_object_free(&pEC->pStatic_ctx->masterSec); +- sss_host_key_object_free(&pEC->pStatic_ctx->SeEcPubKey); +- sss_host_key_object_free(&pEC->pDyn_ctx->Enc); +- sss_host_key_object_free(&pEC->pDyn_ctx->Mac); +- sss_host_key_object_free(&pEC->pDyn_ctx->Rmac); +- } +-} +-#endif /* SSS_HAVE_HOSTCRYPTO_ANY */ +- +-void ex_sss_session_close(ex_sss_boot_ctx_t *pCtx) +-{ +-#if SSS_HAVE_APPLET_SE05X_IOT || SSS_HAVE_SSCP +- if (pCtx->session.subsystem != kType_SSS_SubSystem_NONE) { +- sss_session_close(&pCtx->session); +- sss_session_delete(&pCtx->session); +- } +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-#if ((SSS_HAVE_HOSTCRYPTO_ANY) && \ +- ((SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) || (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) || \ +- (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03))) +- SE_Connect_Ctx_t *pConnectCtx = &pCtx->se05x_open_ctx; +- free_auth_objects(pConnectCtx); +-#endif /* SSS_HAVE_HOSTCRYPTO_ANY */ +- +- if (pCtx->pTunnel_ctx && pCtx->pTunnel_ctx->session) { +- if (pCtx->pTunnel_ctx->session->subsystem != kType_SSS_SubSystem_NONE) { +- sss_session_close(pCtx->pTunnel_ctx->session); +- sss_tunnel_context_free(pCtx->pTunnel_ctx); +- } +- } +- +-#if ((SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) || (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) || \ +- (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) || (SSS_HAVE_SE05X_AUTH_PLATFSCP03) || (SSS_HAVE_SE05X_AUTH_AESKEY)) +- { +- ex_SE05x_authCtx_t *pauth = &pCtx->ex_se05x_auth; +- sss_host_key_object_free(&pauth->scp03.ex_static.Enc); +- sss_host_key_object_free(&pauth->scp03.ex_static.Mac); +- sss_host_key_object_free(&pauth->scp03.ex_static.Dek); +- sss_host_key_object_free(&pauth->scp03.ex_dyn.Enc); +- sss_host_key_object_free(&pauth->scp03.ex_dyn.Mac); +- sss_host_key_object_free(&pauth->scp03.ex_dyn.Rmac); +- } +-#elif (SSS_HAVE_SE05X_AUTH_USERID) +- sss_host_key_object_free(pCtx->se05x_open_ctx.auth.ctx.idobj.pObj); +-#elif (SSS_HAVE_SE05X_AUTH_ECKEY) +- { +- ex_SE05x_authCtx_t *pauth = &pCtx->ex_se05x_auth; +- sss_host_key_object_free(&pauth->eckey.ex_static.HostEcdsaObj); +- sss_host_key_object_free(&pauth->eckey.ex_static.HostEcKeypair); +- sss_host_key_object_free(&pauth->eckey.ex_static.masterSec); +- sss_host_key_object_free(&pauth->eckey.ex_static.SeEcPubKey); +- sss_host_key_object_free(&pauth->eckey.ex_dyn.Enc); +- sss_host_key_object_free(&pauth->eckey.ex_dyn.Mac); +- sss_host_key_object_free(&pauth->eckey.ex_dyn.Rmac); +- } +-#endif /* PF SCP */ +- +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +- +-#if SSS_HAVE_HOSTCRYPTO_ANY +- if (pCtx->host_ks.session != NULL) { +- sss_host_key_store_context_free(&pCtx->host_ks); +- } +- if (pCtx->host_session.subsystem != kType_SSS_SubSystem_NONE) { +- sss_host_session_close(&pCtx->host_session); +- } +-#endif // SSS_HAVE_HOSTCRYPTO_ANY +-#endif +- +- if (pCtx->ks.session != NULL) { +- sss_key_store_context_free(&pCtx->ks); +- } +-} +- +-#if SSS_HAVE_HOSTCRYPTO_ANY +-sss_status_t ex_sss_boot_open_host_session(ex_sss_boot_ctx_t *pCtx) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- +-#if SSS_HAVE_APPLET_SE05X_IOT || SSS_HAVE_SSCP +- if (pCtx->host_ks.session == NULL) { +- status = sss_session_open(&pCtx->host_session, kType_SSS_Software, 0, kSSS_ConnectionType_Plain, NULL); +- if (kStatus_SSS_Success != status) { +- LOG_E("Failed to open mbedtls Session"); +- return status; +- } +- +- status = sss_key_store_context_init(&pCtx->host_ks, &pCtx->host_session); +- if (kStatus_SSS_Success != status) { +- LOG_E("sss_key_store_context_init failed"); +- return status; +- } +- status = sss_key_store_allocate(&pCtx->host_ks, __LINE__); +- if (kStatus_SSS_Success != status) { +- LOG_E("sss_key_store_allocate failed"); +- return status; +- } +- } +-#endif +- return status; +-} +-#endif // SSS_HAVE_HOSTCRYPTO_ANY +- +-/* ***************************************************************************************************************** +- * Private Functions +- * ***************************************************************************************************************** */ +- +-#ifdef __cplusplus +-} +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_connectstring.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_connectstring.c +deleted file mode 100644 +index 777799e724..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_connectstring.c ++++ /dev/null +@@ -1,178 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file +- * +- * ex_sss_boot_connectstring.c: *The purpose and scope of this file* +- * +- * Project: SecureIoTMW-Debug@appboot-top-eclipse_x86 +- * +- * $Date: Mar 10, 2019 $ +- * $Author: ing05193 $ +- * $Revision$ +- */ +- +-/* ***************************************************************************************************************** +- * Includes +- * ***************************************************************************************************************** */ +-#include +-#include +-#include +-#include +-#include +- +-#if defined(_MSC_VER) +-#include +-#endif +- +-/* ***************************************************************************************************************** +- * Internal Definitions +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Type Definitions +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Global and Static Variables +- * Total Size: NNNbytes +- * ***************************************************************************************************************** */ +- +-const char gszCOMPortDefault[] = EX_SSS_BOOT_SSS_COMPORT_DEFAULT; +-const char gszSocketPortDefault[] = EX_SSS_BOOT_SSS_SOCKETPORT_DEFAULT; +-const char gszReaderDefault[] = EX_SSS_BOOT_SSS_PCSC_READER_DEFAULT; +- +-/* ***************************************************************************************************************** +- * Private Functions Prototypes +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Public Functions +- * ***************************************************************************************************************** */ +- +-sss_status_t ex_sss_boot_connectstring(int argc, const char *argv[], const char **pPortName) +-{ +- const char *portName = NULL; +- sss_status_t status = kStatus_SSS_Success; +-#if defined(_WIN32) && defined(WIN32) && defined(DEBUG) +- _CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF); +- _CrtSetReportMode(_CRT_ERROR, _CRTDBG_MODE_DEBUG); +-#endif +- +-#if !AX_EMBEDDED +- bool last_is_help = FALSE; +- if (argv != NULL) { +- LOG_I("Running %s", argv[0]); +- } +- if (argc > 1 /* Alteast 1 cli argument */ +- && argv != NULL /* argv not null */ +- && argv[argc - 1] != NULL /* Last parameter exists */ +- ) { +- if (0 == strncmp("--help", argv[argc - 1], sizeof("--help"))) { +- last_is_help = TRUE; +- } +- } +- if (TRUE == last_is_help) { +- *pPortName = argv[argc - 1]; /* --help */ +- return kStatus_SSS_Success; +- } +- if (argc > 1 /* Alteast 1 cli argument */ +- && argv != NULL /* argv not null */ +- && argv[argc - 1] != NULL /* Last parameter exists */ +- && argv[argc - 1][0] != '-' /* Not something like -h / --help */ +- ) { +- portName = argv[argc - 1]; /* last entry, deemed as port name */ +- LOG_I("Using PortName='%s' (CLI)", portName); +- } +- else +-#endif +- { +- const char *portName_env = getenv(EX_SSS_BOOT_SSS_PORT); +- if (portName_env != NULL) { +- portName = portName_env; +- LOG_I("Using PortName='%s' (ENV: %s=%s)", portName, EX_SSS_BOOT_SSS_PORT, portName); +- } +- } +- +- if (portName == NULL) { +-#if RJCT_VCOM +- portName = gszCOMPortDefault; +- LOG_I("Using PortName='%s' (gszCOMPortDefault)", portName); +-#elif SMCOM_JRCP_V1 || SMCOM_JRCP_V2 +- portName = gszSocketPortDefault; +- LOG_I("Using PortName='%s' (gszSocketPortDefault)", portName); +-#elif SMCOM_PCSC +- portName = gszReaderDefault; +-#else +- status = kStatus_SSS_Success; +-#endif +- +-#if AX_EMBEDDED +- /* FINE. To be moved to boot direct */ +-#else +- LOG_I( +- "If you want to over-ride the selection, use ENV=%s or pass in " +- "command line arguments.", +- EX_SSS_BOOT_SSS_PORT); +-#endif +- } +- +- if (status == kStatus_SSS_Success && pPortName != NULL) { +- *pPortName = portName; +- } +- return status; +-} +- +-bool ex_sss_boot_isSerialPortName(const char *portName) +-{ +- bool is_vcom = FALSE; +-#if RJCT_VCOM +- if (portName == NULL) { +- is_vcom = FALSE; +- } +- else if (0 == strncmp("COM", portName, sizeof("COM") - 1)) { +- is_vcom = TRUE; +- } +- else if (0 == strncmp("\\\\.\\COM", portName, sizeof("\\\\.\\COM") - 1)) { +- is_vcom = TRUE; +- } +- else if (0 == strncmp("/tty/", portName, sizeof("/tty/") - 1)) { +- is_vcom = TRUE; +- } +- else if (0 == strncmp("/dev/tty", portName, sizeof("/dev/tty") - 1)) { +- is_vcom = TRUE; +- } +-#endif +- return is_vcom; +-} +- +-bool ex_sss_boot_isSocketPortName(const char *portName) +-{ +- bool is_socket = FALSE; +-#if SMCOM_JRCP_V1 || SMCOM_JRCP_V2 +- if (portName == NULL) { +- is_socket = FALSE; +- } +- else if (NULL != strchr(portName, ':')) { +- is_socket = TRUE; +- } +-#endif +- return is_socket; +-} +- +-bool ex_sss_boot_isHelp(const char *argname) +-{ +- bool last_is_help = FALSE; +- +- if (NULL != argname && (0 == strncmp("--help", argname, sizeof("--help")))) { +- last_is_help = TRUE; +- } +- return last_is_help; +-} +- +-/* ***************************************************************************************************************** +- * Private Functions +- * ***************************************************************************************************************** */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_int.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_int.h +deleted file mode 100644 +index f060e1244c..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_boot_int.h ++++ /dev/null +@@ -1,70 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file +- * +- * ex_sss_boot_int.h: *The purpose and scope of this file* +- * +- * Project: SecureIoTMW-Debug@appboot-top-eclipse_x86 +- * +- * $Date: Mar 10, 2019 $ +- * $Author: ing05193 $ +- * $Revision$ +- */ +- +-#ifndef SSS_EX_SRC_EX_SSS_BOOT_INT_H_ +-#define SSS_EX_SRC_EX_SSS_BOOT_INT_H_ +- +-/* ***************************************************************************************************************** +- * Includes +- * ***************************************************************************************************************** */ +-#include +- +-#include "fsl_sss_se05x_apis.h" +- +-/* ***************************************************************************************************************** +- * MACROS/Defines +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Types/Structure Declarations +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Extern Variables +- * ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +- * Function Prototypes +- * ***************************************************************************************************************** */ +-#if SSS_HAVE_SE +-sss_status_t ex_sss_boot_se_open(ex_sss_boot_ctx_t *pCtx, const char *portName); +-#endif +- +-/** Entry Point for SE050 based build */ +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-sss_status_t ex_sss_boot_se05x_open(ex_sss_boot_ctx_t *pCtx, const char *portName); +-sss_status_t ex_sss_boot_se05x_open_on_Id(ex_sss_boot_ctx_t *pCtx, const char *portName, const int32_t authID); +-#endif +- +-#if SSS_HAVE_MBEDTLS +-sss_status_t ex_sss_boot_mbedtls_open(ex_sss_boot_ctx_t *pCtx, const char *portName); +-#endif +- +-#if SSS_HAVE_OPENSSL +-sss_status_t ex_sss_boot_openssl_open(ex_sss_boot_ctx_t *pCtx, const char *portName); +-#endif +- +-#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM +-sss_status_t ex_sss_boot_a71ch_open(ex_sss_boot_ctx_t *pCtx, const char *portName); +-#endif +- +-#if SSS_HAVE_A71CL || SSS_HAVE_SE050_L +-sss_status_t ex_sss_boot_a71cl_open(ex_sss_boot_ctx_t *pCtx, const char *portName); +-#endif +- +-#endif /* SSS_EX_SRC_EX_SSS_BOOT_INT_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_scp03_auth.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_scp03_auth.c +deleted file mode 100644 +index 7651608faa..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_scp03_auth.c ++++ /dev/null +@@ -1,233 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file +-* +-* ex_sss_scp03_auth.c: *The purpose and scope of this file* +-* +-* Project: sss-doc-upstream +-* +-* $Date: Dec 12, 2019 $ +-* $Author: nxf42670 $ +-* $Revision$ +-*/ +- +-/* ***************************************************************************************************************** +-* Includes +-* ***************************************************************************************************************** */ +-#include +-#include +-#include +-#include +- +-#include "ex_sss_auth.h" +-#include "ex_sss_boot_int.h" +-#include "ex_sss_scp03_keys.h" +-#include "nxLog_App.h" +-#include "nxScp03_Types.h" +- +-/* ***************************************************************************************************************** +-* Internal Definitions +-* ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +-* Type Definitions +-* ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +-* Global and Static Variables +-* Total Size: NNNbytes +-* ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +-* Private Functions Prototypes +-* ***************************************************************************************************************** */ +- +-#ifdef EX_SSS_SCP03_FILE_PATH +- +-static sss_status_t Scp03_KeyString_to_Keybuffer(bool hasAuthKey, char *inputKey, uint8_t *auth_key, size_t key_size); +- +-static sss_status_t read_platfscp03_keys_from_file(const char *scp03_file_path, +- uint8_t *enc, +- size_t enc_len, +- uint8_t *mac, +- size_t mac_len, +- uint8_t *dek, +- size_t dek_len); +- +-#define UNSECURE_LOGGING_OF_SCP_KEYS 0 +- +-/* ***************************************************************************************************************** +-* Public Functions +-* ***************************************************************************************************************** */ +- +-sss_status_t scp03_keys_from_path( +- uint8_t *penc, size_t enc_len, uint8_t *pmac, size_t mac_len, uint8_t *pdek, size_t dek_len) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- const char *filename = EX_SSS_SCP03_FILE_PATH; +- FILE *fp = NULL; +- LOG_D("Using File: %s", filename); +- fp = fopen(filename, "rb"); +- if (fp != NULL) { +- // File exists. Get keys from file +- LOG_W("Using SCP03 keys from:'%s' (FILE=%s)", filename, EX_SSS_SCP03_FILE_PATH); +- fclose(fp); +- status = read_platfscp03_keys_from_file(filename, penc, enc_len, pmac, mac_len, pdek, dek_len); +- } +- else { +- // File does not exist. Check env variable +- const char *scp03_path_env = getenv(EX_SSS_BOOT_SCP03_PATH_ENV); +- if (scp03_path_env != NULL) { +- LOG_W("Using SCP03 keys from:'%s' (ENV=%s)", scp03_path_env, EX_SSS_BOOT_SCP03_PATH_ENV); +- status = read_platfscp03_keys_from_file(scp03_path_env, penc, enc_len, pmac, mac_len, pdek, dek_len); +- } +- else { +- LOG_I( +- "Using default PlatfSCP03 keys. " +- "You can use keys from file using ENV=%s", +- EX_SSS_BOOT_SCP03_PATH_ENV); +- } +- } +- +- if (status != kStatus_SSS_Success) { +- LOG_D("Using default keys"); +- } +- +- return status; +-} +- +-static sss_status_t read_platfscp03_keys_from_file(const char *scp03_file_path, +- uint8_t *enc, +- size_t enc_len, +- uint8_t *mac, +- size_t mac_len, +- uint8_t *dek, +- size_t dek_len) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- +- FILE *scp_file = fopen(scp03_file_path, "r"); +- if (scp_file == NULL) { +- LOG_E("Cannot open SCP file"); +- status = kStatus_SSS_Fail; +- return status; +- } +- char file_data[1024]; +- char *pdata = &file_data[0]; +- bool hasEnc = false; +- bool hasMac = false; +- bool hasDek = false; +- +- while (fgets(pdata, sizeof(file_data), scp_file)) { +- size_t i = 0, j = 0; +- +- /*Don't need leading spaces*/ +- for (i = 0; i < strlen(pdata); i++) { +- int charac = (int)pdata[i]; +- if (!isspace(charac)) { +- break; +- } +- } +- +- /*Lines beginning with '#' are comments*/ +- if (pdata[i] == '#') { +- continue; +- } +- +- /*Remove trailing comments*/ +- for (j = 0; j < strlen(pdata); j++) { +- if (pdata[j] == '#') { +- pdata[j] = '\0'; +- break; +- } +- } +- +- if (strncmp(&pdata[i], "ENC ", strlen("ENC ")) == 0) { +-#if UNSECURE_LOGGING_OF_SCP_KEYS +- LOG_I("%s", &pdata[i]); +-#endif +- status = Scp03_KeyString_to_Keybuffer(hasEnc, &pdata[i], enc, enc_len); +- if (status != kStatus_SSS_Success) { +- fclose(scp_file); +- return status; +- } +- hasEnc = true; +- } +- +- else if (!strncmp(&pdata[i], "MAC ", strlen("MAC "))) { +-#if UNSECURE_LOGGING_OF_SCP_KEYS +- LOG_I("%s", &pdata[i]); +-#endif +- status = Scp03_KeyString_to_Keybuffer(hasMac, &pdata[i], mac, mac_len); +- if (status != kStatus_SSS_Success) { +- fclose(scp_file); +- return status; +- } +- hasMac = true; +- } +- +- else if (!strncmp(&pdata[i], "DEK ", strlen("DEK "))) { +-#if UNSECURE_LOGGING_OF_SCP_KEYS +- LOG_I("%s", &pdata[i]); +-#endif +- status = Scp03_KeyString_to_Keybuffer(hasDek, &pdata[i], dek, dek_len); +- if (status != kStatus_SSS_Success) { +- fclose(scp_file); +- return status; +- } +- hasDek = true; +- } +- +- else { +- LOG_E("Unknown key type %s", &pdata[i]); +- status = kStatus_SSS_Fail; +- fclose(scp_file); +- return status; +- } +- } +- +- fclose(scp_file); +- +- return kStatus_SSS_Success; +-} +- +-static sss_status_t Scp03_KeyString_to_Keybuffer(bool hasAuthKey, char *inputKey, uint8_t *auth_key, size_t key_size) +-{ +- sss_status_t status = kStatus_SSS_Success; +- size_t j = 0; +- int charac = (int)inputKey[j]; +- if (hasAuthKey) { +- LOG_E("Duplicate Auth key value"); +- status = kStatus_SSS_Fail; +- return status; +- } +- while (!isspace(charac)) { +- j++; +- charac = (int)inputKey[j]; +- } +- while (isspace(charac)) { +- j++; +- charac = (int)inputKey[j]; +- } +- if (inputKey[j] == '\0') { +- LOG_E("Invalid Key"); +- status = kStatus_SSS_Fail; +- return status; +- } +- for (size_t count = 0; count < key_size; count++) { +- if (sscanf(&inputKey[j], "%2hhx", &auth_key[count]) != 1) { +- LOG_E("Cannot copy data"); +- status = kStatus_SSS_Fail; +- return status; +- } +- j = j + 2; +- } +- +- return status; +-} +- +-#endif //EX_SSS_SCP03_FILE_PATH +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_se05x.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_se05x.c +deleted file mode 100644 +index e7968d4697..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_se05x.c ++++ /dev/null +@@ -1,427 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include "ex_sss_boot_int.h" +-#if AX_EMBEDDED +-#include +-#endif +- +-#include "ex_sss_auth.h" +- +-/* ************************************************************************** */ +-/* Local Defines */ +-/* ************************************************************************** */ +-/* clang-format off */ +-#if SSS_HAVE_APPLET_SE05X_IOT +-const uint8_t se050Authkey[] = EX_SSS_AUTH_SE05X_UserID_VALUE; +-#endif +-/* clang-format on */ +-/* ************************************************************************** */ +-/* Structures and Typedefs */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- +-#if (SSS_HAVE_SE05X_AUTH_USERID) +-#define SSS_EX_SE05x_AUTH_MECH kSSS_AuthType_ID +-#define SSS_EX_SE05x_AUTH_ID kEX_SSS_ObjID_UserID_Auth +-#define SSS_EX_CONNECTION_TYPE kSSS_ConnectionType_Password +-#endif +- +-#if (SSS_HAVE_SE05X_AUTH_PLATFSCP03) +-#define SSS_EX_SE05x_AUTH_MECH kSSS_AuthType_SCP03 +-#define SSS_EX_CONNECTION_TYPE kSSS_ConnectionType_Encrypted +-#endif +- +-#if (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) +-#define SSS_EX_SE05x_AUTH_MECH kSSS_AuthType_SCP03 +-#define SSS_EX_SE05x_TUNN_AUTH_MECH kSSS_AuthType_ID +-#define SSS_EX_SE05x_AUTH_ID kEX_SSS_ObjID_UserID_Auth +-#define SSS_EX_CONNECTION_TYPE kSSS_ConnectionType_Encrypted +-#endif +- +-#if (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) +-#define SSS_EX_SE05x_AUTH_MECH kSSS_AuthType_SCP03 +-#define SSS_EX_SE05x_TUNN_AUTH_MECH kSSS_AuthType_AESKey +-#define SSS_EX_SE05x_AUTH_ID kEX_SSS_ObjID_APPLETSCP03_Auth +-#define SSS_EX_CONNECTION_TYPE kSSS_ConnectionType_Encrypted +-#endif +- +-#if (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) +-#define SSS_EX_SE05x_AUTH_MECH kSSS_AuthType_SCP03 +-#define SSS_EX_SE05x_TUNN_AUTH_MECH kSSS_AuthType_ECKey +-#define SSS_EX_SE05x_AUTH_ID kEX_SSS_objID_ECKEY_Auth +-#define SSS_EX_CONNECTION_TYPE kSSS_ConnectionType_Encrypted +-#endif +- +-#if (SSS_HAVE_SE05X_AUTH_AESKEY) +-#define SSS_EX_SE05x_AUTH_MECH kSSS_AuthType_AESKey +-#define SSS_EX_SE05x_AUTH_ID kEX_SSS_ObjID_APPLETSCP03_Auth +-#define SSS_EX_CONNECTION_TYPE kSSS_ConnectionType_Encrypted +-#endif +- +-#if (SSS_HAVE_SE05X_AUTH_ECKEY) +-#define SSS_EX_SE05x_AUTH_MECH kSSS_AuthType_ECKey +-#define SSS_EX_SE05x_AUTH_ID kEX_SSS_objID_ECKEY_Auth +-#define SSS_EX_CONNECTION_TYPE kSSS_ConnectionType_Encrypted +-#endif +- +-#if (SSS_HAVE_SE05X_AUTH_NONE) +-#define SSS_EX_SE05x_AUTH_MECH kSSS_AuthType_None +-#define SSS_EX_CONNECTION_TYPE kSSS_ConnectionType_Plain +-#endif +- +-#ifndef SSS_EX_SE05x_AUTH_MECH +-#define SSS_EX_SE05x_AUTH_MECH kSSS_AuthType_None +-#endif +- +-#ifndef SSS_EX_CONNECTION_TYPE +-#define SSS_EX_CONNECTION_TYPE kSSS_ConnectionType_Plain +-#endif +- +-#ifndef SSS_EX_SE05x_TUNN_AUTH_MECH +-#define SSS_EX_SE05x_TUNN_AUTH_MECH kSSS_AuthType_None +-#else +-/* Only define if using Tunnel*/ +-sss_tunnel_t gTunnel_ctx; +-ex_sss_platf_ctx_t gPlatfCtx; +-#endif +- +-/* ************************************************************************** */ +-/* Static function declarations */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Public Functions */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Private Functions */ +-/* ************************************************************************** */ +- +-sss_status_t ex_sss_boot_se05x_open(ex_sss_boot_ctx_t *pCtx, const char *portName) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- SE_Connect_Ctx_t *pConnectCtx = NULL; +- sss_session_t *pPfSession = NULL; +-#if (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) || (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) || \ +- (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) +- sss_connection_type_t connectType = kSSS_ConnectionType_Plain; +-#endif +- +-#if defined SSS_EX_SE05x_AUTH_ID +- const uint32_t auth_id = SSS_EX_SE05x_AUTH_ID; +-#endif +- +-#if (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) || (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) || \ +- (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) +- ex_sss_platf_ctx_t *pPlatfCtx = &gPlatfCtx; +- +- pCtx->pTunnel_ctx = &gTunnel_ctx; +- pPlatfCtx->phost_session = &pCtx->host_session; +- pPlatfCtx->phost_ks = &pCtx->host_ks; +- pPfSession = &pPlatfCtx->platf_session; +- pConnectCtx = &pPlatfCtx->platf_open_ctx; +- pConnectCtx->auth.ctx.scp03.pStatic_ctx = &pPlatfCtx->ex_se05x_auth.scp03.ex_static; +- pConnectCtx->auth.ctx.scp03.pDyn_ctx = &pPlatfCtx->ex_se05x_auth.scp03.ex_dyn; +- +-#else +- pPfSession = &pCtx->session; +- pConnectCtx = &pCtx->se05x_open_ctx; +-#endif +- +-#if defined(SMCOM_JRCP_V1) +- if (ex_sss_boot_isSocketPortName(portName)) { +- pConnectCtx->connType = kType_SE_Conn_Type_JRCP_V1; +- pConnectCtx->portName = portName; +- } +-#endif +- +-#if defined(SMCOM_JRCP_V2) +- if (ex_sss_boot_isSocketPortName(portName)) { +- pConnectCtx->connType = kType_SE_Conn_Type_JRCP_V2; +- pConnectCtx->portName = portName; +- } +-#endif +- +-#if defined(RJCT_VCOM) +- if (ex_sss_boot_isSerialPortName(portName)) { +- pConnectCtx->connType = kType_SE_Conn_Type_VCOM; +- pConnectCtx->portName = portName; +- } +-#endif +- +-#if defined(SCI2C) +-#error "Not a valid combination" +-#endif +- +-#if defined(T1oI2C) +- pConnectCtx->connType = kType_SE_Conn_Type_T1oI2C; +- pConnectCtx->portName = portName; +-#endif +- +-#if defined(SMCOM_PCSC) +- pConnectCtx->connType = kType_SE_Conn_Type_PCSC; +- pConnectCtx->portName = portName; +-#endif +- +-#if defined(SMCOM_PN7150) +- pConnectCtx->connType = kType_SE_Conn_Type_NFC; +- pConnectCtx->portName = NULL; +-#endif +- +-#if defined(SMCOM_RC663_VCOM) +- if (portName == NULL) { +- static const char *sszCOMPort = EX_SSS_BOOT_SSS_COMPORT_DEFAULT; +- portName = sszCOMPort; +- } +- pConnectCtx->connType = kType_SE_Conn_Type_NFC; +- pConnectCtx->portName = portName; +-#endif +- +-#if SSS_HAVE_HOSTCRYPTO_ANY +- status = ex_sss_se05x_prepare_host( +- &pCtx->host_session, &pCtx->host_ks, pConnectCtx, &pCtx->ex_se05x_auth, SSS_EX_SE05x_AUTH_MECH); +- +- if (kStatus_SSS_Success != status) { +- LOG_E("ex_sss_se05x_prepare_host failed"); +- goto cleanup; +- } +-#endif // SSS_HAVE_HOSTCRYPTO_ANY +- +- if (SSS_EX_SE05x_AUTH_MECH == kSSS_AuthType_SCP03 || SSS_EX_SE05x_AUTH_MECH == kSSS_AuthType_None) { +- status = sss_session_open(pPfSession, kType_SSS_SE_SE05x, 0, SSS_EX_CONNECTION_TYPE, pConnectCtx); +- if (kStatus_SSS_Success != status) { +- LOG_E("sss_session_open failed"); +- goto cleanup; +- } +- } +-#ifdef SSS_EX_SE05x_AUTH_ID +- else { +- status = sss_session_open(pPfSession, kType_SSS_SE_SE05x, auth_id, SSS_EX_CONNECTION_TYPE, pConnectCtx); +- if (kStatus_SSS_Success != status) { +- LOG_E("sss_session_open failed"); +- } +- } +-#else +- else { +- LOG_E("Invalid combination for boot selection"); +- status = kStatus_SSS_Fail; +- } +-#endif /* SSS_EX_SE05x_AUTH_ID */ +- +-#if (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) || (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) || \ +- (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) +- SE05x_Connect_Ctx_t *pchannlCtxt = &pCtx->se05x_open_ctx; +- pchannlCtxt->auth.authType = SSS_EX_SE05x_TUNN_AUTH_MECH; +- +- status = ex_sss_se05x_prepare_host( +- &pCtx->host_session, &pCtx->host_ks, pchannlCtxt, &pPlatfCtx->ex_se05x_auth, SSS_EX_SE05x_TUNN_AUTH_MECH); +- if (kStatus_SSS_Success != status) { +- LOG_E("ex_sss_se05x_prepare_host failed"); +- goto cleanup; +- } +- +- status = sss_tunnel_context_init(pCtx->pTunnel_ctx, pPfSession /* session */); +- if (kStatus_SSS_Success != status) { +- LOG_E("sss_tunnel_context_init failed"); +- goto cleanup; +- } +- +- pchannlCtxt->connType = kType_SE_Conn_Type_Channel; +- pchannlCtxt->tunnelCtx = pCtx->pTunnel_ctx; +- if (pchannlCtxt->auth.authType == kSSS_AuthType_ID) { +- connectType = kSSS_ConnectionType_Password; +- } +- else { +- connectType = kSSS_ConnectionType_Encrypted; +- } +- status = sss_session_open(&pCtx->session, kType_SSS_SE_SE05x, auth_id, connectType, pchannlCtxt); +- if (kStatus_SSS_Success != status) { +- LOG_E("sss_session_open failed"); +- goto cleanup; +- } +- +- ((sss_se05x_session_t *)&pCtx->session)->s_ctx.conn_ctx = ((sss_se05x_session_t *)pPfSession)->s_ctx.conn_ctx; +- +-#endif +- +-cleanup: +- return status; +-} +- +-sss_status_t ex_sss_boot_se05x_open_on_Id(ex_sss_boot_ctx_t *pCtx, const char *portName, const int32_t authID) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- SE_Connect_Ctx_t *pConnectCtx = NULL; +- sss_session_t *pPfSession = NULL; +-#if (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) || (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) || \ +- (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) +- sss_connection_type_t connectType = kSSS_ConnectionType_Plain; +-#endif +- +-#ifdef SSS_EX_SE05x_AUTH_ID +- const uint32_t auth_id = authID; +-#endif +- +-#if (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) || (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) || \ +- (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) +- ex_sss_platf_ctx_t *pPlatfCtx = &gPlatfCtx; +- +- pCtx->pTunnel_ctx = &gTunnel_ctx; +- pPlatfCtx->phost_session = &pCtx->host_session; +- pPlatfCtx->phost_ks = &pCtx->host_ks; +- pPfSession = &pPlatfCtx->platf_session; +- pConnectCtx = &pPlatfCtx->platf_open_ctx; +- pConnectCtx->auth.ctx.scp03.pStatic_ctx = &pPlatfCtx->ex_se05x_auth.scp03.ex_static; +- pConnectCtx->auth.ctx.scp03.pDyn_ctx = &pPlatfCtx->ex_se05x_auth.scp03.ex_dyn; +- +-#else +- pPfSession = &pCtx->session; +- pConnectCtx = &pCtx->se05x_open_ctx; +-#endif +- +-#if defined(SMCOM_JRCP_V1) +- if (ex_sss_boot_isSocketPortName(portName)) { +- pConnectCtx->connType = kType_SE_Conn_Type_JRCP_V1; +- pConnectCtx->portName = portName; +- } +-#endif +- +-#if defined(SMCOM_JRCP_V2) +- if (ex_sss_boot_isSocketPortName(portName)) { +- pConnectCtx->connType = kType_SE_Conn_Type_JRCP_V2; +- pConnectCtx->portName = portName; +- } +-#endif +- +-#if defined(RJCT_VCOM) +- if (ex_sss_boot_isSerialPortName(portName)) { +- pConnectCtx->connType = kType_SE_Conn_Type_VCOM; +- pConnectCtx->portName = portName; +- } +-#endif +- +-#if defined(SCI2C) +-#error "Not a valid combination" +-#endif +- +-#if defined(T1oI2C) +- pConnectCtx->connType = kType_SE_Conn_Type_T1oI2C; +- pConnectCtx->portName = portName; +-#endif +- +-#if defined(SMCOM_PCSC) +- pConnectCtx->connType = kType_SE_Conn_Type_PCSC; +- pConnectCtx->portName = portName; +-#endif +- +-#if defined(SMCOM_PN7150) +- pConnectCtx->connType = kType_SE_Conn_Type_NFC; +- pConnectCtx->portName = NULL; +-#endif +- +-#if defined(SMCOM_RC663_VCOM) +- if (portName == NULL) { +- static const char *sszCOMPort = EX_SSS_BOOT_SSS_COMPORT_DEFAULT; +- portName = sszCOMPort; +- } +- pConnectCtx->connType = kType_SE_Conn_Type_NFC; +- pConnectCtx->portName = portName; +-#endif +- +- +-#if SSS_HAVE_HOSTCRYPTO_ANY +- pConnectCtx->auth.authType = SSS_EX_SE05x_AUTH_MECH; +-#ifdef SSS_EX_SE05x_AUTH_ID +- status = +- ex_sss_se05x_prepare_host_keys(&pCtx->host_session, &pCtx->host_ks, pConnectCtx, &pCtx->ex_se05x_auth, auth_id); +-#else +- status = +- ex_sss_se05x_prepare_host_keys(&pCtx->host_session, &pCtx->host_ks, pConnectCtx, &pCtx->ex_se05x_auth, 0); +-#endif // SSS_EX_SE05x_AUTH_ID +- if (kStatus_SSS_Success != status) { +- LOG_E("ex_sss_se05x_prepare_host_keys failed"); +- goto cleanup; +- } +-#endif // SSS_HAVE_HOSTCRYPTO_ANY +- if (SSS_EX_SE05x_AUTH_MECH == kSSS_AuthType_SCP03 || SSS_EX_SE05x_AUTH_MECH == kSSS_AuthType_None) { +- status = sss_session_open(pPfSession, kType_SSS_SE_SE05x, 0, SSS_EX_CONNECTION_TYPE, pConnectCtx); +- if (kStatus_SSS_Success != status) { +- LOG_E("sss_session_open failed"); +- goto cleanup; +- } +- } +-#ifdef SSS_EX_SE05x_AUTH_ID +- else { +- status = sss_session_open(pPfSession, kType_SSS_SE_SE05x, auth_id, SSS_EX_CONNECTION_TYPE, pConnectCtx); +- if (kStatus_SSS_Success != status) { +- LOG_E("sss_session_open failed"); +- } +- } +-#else +- else { +- LOG_E("Invalid combination for boot selection"); +- status = kStatus_SSS_Fail; +- } +-#endif /* SSS_EX_SE05x_AUTH_ID */ +-#ifdef SSS_EX_SE05x_AUTH_ID +-#if (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) || (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) || \ +- (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) +- SE05x_Connect_Ctx_t *pchannlCtxt = &pCtx->se05x_open_ctx; +- pchannlCtxt->auth.authType = SSS_EX_SE05x_TUNN_AUTH_MECH; +- +- status = ex_sss_se05x_prepare_host_keys( +- &pCtx->host_session, &pCtx->host_ks, pchannlCtxt, &pPlatfCtx->ex_se05x_auth, auth_id); +- if (kStatus_SSS_Success != status) { +- LOG_E("ex_sss_se05x_prepare_host_keys failed"); +- goto cleanup; +- } +- +- status = sss_tunnel_context_init(pCtx->pTunnel_ctx, pPfSession /* session */); +- if (kStatus_SSS_Success != status) { +- LOG_E("sss_tunnel_context_init failed"); +- goto cleanup; +- } +- +- pchannlCtxt->connType = kType_SE_Conn_Type_Channel; +- pchannlCtxt->tunnelCtx = pCtx->pTunnel_ctx; +- if (pchannlCtxt->auth.authType == kSSS_AuthType_ID) { +- connectType = kSSS_ConnectionType_Password; +- } +- else { +- connectType = kSSS_ConnectionType_Encrypted; +- } +- status = sss_session_open(&pCtx->session, kType_SSS_SE_SE05x, auth_id, connectType, pchannlCtxt); +- if (kStatus_SSS_Success != status) { +- LOG_E("sss_session_open failed"); +- goto cleanup; +- } +- +- ((sss_se05x_session_t *)&pCtx->session)->s_ctx.conn_ctx = ((sss_se05x_session_t *)pPfSession)->s_ctx.conn_ctx; +- +-#endif +-#endif //SSS_EX_SE05x_AUTH_ID +- +-cleanup: +- return status; +-} +- +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_se05x_auth.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_se05x_auth.c +deleted file mode 100644 +index ea0d47f65c..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src/ex_sss_se05x_auth.c ++++ /dev/null +@@ -1,602 +0,0 @@ +-/* +- * +- * Copyright 2019-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file +-* +-* ex_sss_se050x_auth.c: *The purpose and scope of this file* +-* +-* Project: sss-doc-upstream +-* +-* $Date: Mar 10, 2019 $ +-* $Author: ing05193 $ +-* $Revision$ +-*/ +- +-/* ***************************************************************************************************************** +-* Includes +-* ***************************************************************************************************************** */ +-#include +-#include +-#include +-#include +- +-#include "ex_sss_auth.h" +-#include "ex_sss_boot_int.h" +-#include "nxLog_App.h" +-#include "nxScp03_Types.h" +-#if defined(SECURE_WORLD) +-#include "fsl_sss_lpc55s_apis.h" +-#endif +-/* ***************************************************************************************************************** +-* Internal Definitions +-* ***************************************************************************************************************** */ +- +-#define AUTH_KEY_SIZE 16 +-#define SCP03_MAX_AUTH_KEY_SIZE 52 +-/* ***************************************************************************************************************** +-* Type Definitions +-* ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +-* Global and Static Variables +-* Total Size: NNNbytes +-* ***************************************************************************************************************** */ +- +-/* ***************************************************************************************************************** +-* Private Functions Prototypes +-* ***************************************************************************************************************** */ +- +-#if SSSFTR_SE05X_AuthSession +-static sss_status_t ex_sss_se05x_prepare_host_userid( +- sss_object_t *pObj, sss_key_store_t *pKs, uint8_t *se050Authkey, size_t authKeyLen); +-#endif +- +-#if SSS_HAVE_SCP_SCP03_SSS +-static sss_status_t ex_sss_se05x_prepare_host_platformscp( +- NXSCP03_AuthCtx_t *pCtx, ex_SE05x_authCtx_t *pauthctx, sss_key_store_t *pKs); +- +-#if SSSFTR_SE05X_AuthECKey +-static sss_status_t ex_sss_se05x_prepare_host_eckey(SE05x_AuthCtx_ECKey_t *pCtx, +- ex_SE05x_authCtx_t *pauthctx, +- sss_key_store_t *pKs, +- uint8_t *hostEcdsakey, +- size_t keylen); +- +-static sss_status_t Alloc_ECKeykey_toSE05xAuthctx( +- sss_object_t *keyObject, sss_key_store_t *pKs, uint32_t keyId, sss_key_part_t keypart); +- +-#endif // SSSFTR_SE05X_AuthECKey +-#if SSSFTR_SE05X_AuthSession +-static sss_status_t ex_sss_se05x_prepare_host_AppletScp03Keys( +- NXSCP03_AuthCtx_t *pAuthCtx, ex_SE05x_authCtx_t *pauthctx, sss_key_store_t *host_k, uint8_t *authkey); +-#endif +-static sss_status_t Alloc_Scp03key_toSE05xAuthctx(sss_object_t *keyObject, sss_key_store_t *pKs, uint32_t keyId); +- +-#if SSSFTR_SE05X_AuthSession +-static sss_status_t Alloc_AppletScp03key_toSE05xAuthctx( +- sss_object_t *keyObject, uint32_t keyId, sss_key_store_t *host_ks); +-#endif // SSSFTR_SE05X_AuthSession +- +-#endif +- +-/* ***************************************************************************************************************** +-* Public Functions +-* ***************************************************************************************************************** */ +- +-#if SSS_HAVE_HOSTCRYPTO_ANY +-sss_status_t ex_sss_se05x_prepare_host(sss_session_t *host_session, +- sss_key_store_t *host_ks, +- SE_Connect_Ctx_t *se05x_open_ctx, +- ex_SE05x_authCtx_t *se05x_auth_ctx, +- SE_AuthType_t auth_type) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- +- if (host_session->subsystem == kType_SSS_SubSystem_NONE) { +- sss_type_t hostsubsystem = kType_SSS_SubSystem_NONE; +- +-#if SSS_HAVE_MBEDTLS +- hostsubsystem = kType_SSS_mbedTLS; +-#elif SSS_HAVE_OPENSSL +- hostsubsystem = kType_SSS_OpenSSL; +-#elif SSS_HAVE_HOSTCRYPTO_USER +- hostsubsystem = kType_SSS_Software; +-#endif +- +- status = sss_host_session_open(host_session, hostsubsystem, 0, kSSS_ConnectionType_Plain, NULL); +- +- if (kStatus_SSS_Success != status) { +- LOG_E("Failed to open Host Session"); +- goto cleanup; +- } +- status = sss_host_key_store_context_init(host_ks, host_session); +- if (kStatus_SSS_Success != status) { +- LOG_E("Host: sss_key_store_context_init failed"); +- goto cleanup; +- } +- status = sss_host_key_store_allocate(host_ks, __LINE__); +- if (kStatus_SSS_Success != status) { +- LOG_E("Host: sss_key_store_allocate failed"); +- goto cleanup; +- } +- } +- switch (auth_type) { +- case kSSS_AuthType_ID: { +- se05x_open_ctx->auth.ctx.idobj.pObj = &se05x_auth_ctx->id.ex_id; +-#if SSSFTR_SE05X_AuthSession +- uint8_t se050Authkey[] = EX_SSS_AUTH_SE05X_UserID_VALUE; +- size_t authKeyLen = sizeof(se050Authkey); +- status = +- ex_sss_se05x_prepare_host_userid(se05x_open_ctx->auth.ctx.idobj.pObj, host_ks, se050Authkey, authKeyLen); +-#endif +- } break; +-#if SSS_HAVE_SCP_SCP03_SSS +- case kSSS_AuthType_SCP03: +- status = ex_sss_se05x_prepare_host_platformscp(&se05x_open_ctx->auth.ctx.scp03, se05x_auth_ctx, host_ks); +- break; +-#if SSSFTR_SE05X_AuthECKey +- case kSSS_AuthType_ECKey: { +- uint8_t hostEcdsakey[] = EX_SSS_AUTH_SE05X_KEY_HOST_ECDSA_KEY; +- size_t keylen = sizeof(hostEcdsakey); +- status = ex_sss_se05x_prepare_host_eckey( +- &se05x_open_ctx->auth.ctx.eckey, se05x_auth_ctx, host_ks, hostEcdsakey, keylen); +- } break; +-#endif +- case kSSS_AuthType_AESKey: { +-#if SSSFTR_SE05X_AuthSession +- uint8_t appletkey[] = EX_SSS_AUTH_SE05X_APPLETSCP_VALUE; +- status = ex_sss_se05x_prepare_host_AppletScp03Keys( +- &se05x_open_ctx->auth.ctx.scp03, se05x_auth_ctx, host_ks, appletkey); +-#endif +- } break; +-#endif +- case kSSS_AuthType_None: +- /* Nothing to do */ +- status = kStatus_SSS_Success; +- break; +- default: +- status = kStatus_SSS_Fail; +- LOG_E("Not handled"); +- } +- +- if (kStatus_SSS_Success != status) { +- LOG_E( +- "Host: ex_sss_se05x_prepare_host_ " +- "failed", +- auth_type); +- goto cleanup; +- } +- se05x_open_ctx->auth.authType = auth_type; +- +-cleanup: +- return status; +-} +- +-/* Use this host crypto set up multiple sessions */ +-sss_status_t ex_sss_se05x_prepare_host_keys(sss_session_t *pHostSession, +- sss_key_store_t *pHostKs, +- SE_Connect_Ctx_t *pConnectCtx, +- ex_SE05x_authCtx_t *se05x_auth_ctx, +- uint32_t Id) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- sss_type_t hostsubsystem = kType_SSS_SubSystem_NONE; +- +-#if SSS_HAVE_MBEDTLS +- hostsubsystem = kType_SSS_mbedTLS; +-#elif SSS_HAVE_OPENSSL +- hostsubsystem = kType_SSS_OpenSSL; +-#elif SSS_HAVE_HOSTCRYPTO_USER +- hostsubsystem = kType_SSS_Software; +-#endif +- +- status = sss_host_session_open(pHostSession, hostsubsystem, 0, kSSS_ConnectionType_Plain, NULL); +- +- if (kStatus_SSS_Success != status) { +- LOG_E("Failed to open Host Session"); +- goto cleanup; +- } +- status = sss_host_key_store_context_init(pHostKs, pHostSession); +- if (kStatus_SSS_Success != status) { +- LOG_E("Host: sss_key_store_context_init failed"); +- goto cleanup; +- } +- status = sss_host_key_store_allocate(pHostKs, __LINE__); +- if (kStatus_SSS_Success != status) { +- LOG_E("Host: sss_key_store_allocate failed"); +- goto cleanup; +- } +- +- switch (pConnectCtx->auth.authType) { +- case kSSS_AuthType_ID: { +- pConnectCtx->auth.ctx.idobj.pObj = &se05x_auth_ctx->id.ex_id; +-#if SSSFTR_SE05X_AuthSession +- uint8_t *se050Authkey = NULL; +- size_t authKeyLen; +- uint8_t Authkey1[] = EX_SSS_AUTH_SE05X_UserID_VALUE; +- uint8_t Authkey2[] = EX_SSS_AUTH_SE05X_UserID_VALUE2; +- if (Id == kEX_SSS_ObjID_UserID_Auth) { +- authKeyLen = sizeof(Authkey1); +- se050Authkey = &Authkey1[0]; +- } +- else if (Id == kEX_SSS_ObjID_UserID_Auth + 0x10) { +- authKeyLen = sizeof(Authkey2); +- se050Authkey = &Authkey2[0]; +- } +- else { +- LOG_E("This authID is incorrect"); +- break; +- } +- status = ex_sss_se05x_prepare_host_userid(pConnectCtx->auth.ctx.idobj.pObj, pHostKs, se050Authkey, authKeyLen); +-#endif +- } break; +-#if SSS_HAVE_SCP_SCP03_SSS +- case kSSS_AuthType_SCP03: +- status = ex_sss_se05x_prepare_host_platformscp(&pConnectCtx->auth.ctx.scp03, se05x_auth_ctx, pHostKs); +- break; +-#if SSSFTR_SE05X_AuthECKey +- case kSSS_AuthType_ECKey: { +- uint8_t *hostEcdsakey = NULL; +- size_t keylen; +- uint8_t hostEcdsakey1[] = EX_SSS_AUTH_SE05X_KEY_HOST_ECDSA_KEY; +- uint8_t hostEcdsakey2[] = EX_SSS_AUTH_SE05X_KEY_HOST_ECDSA_KEY2; +- if (Id == kEX_SSS_objID_ECKEY_Auth) { +- keylen = sizeof(hostEcdsakey1); +- hostEcdsakey = &hostEcdsakey1[0]; +- } +- else if (Id == kEX_SSS_objID_ECKEY_Auth + 0x10) { +- keylen = sizeof(hostEcdsakey2); +- hostEcdsakey = &hostEcdsakey2[0]; +- } +- else { +- LOG_E("This authID is incorrect"); +- break; +- } +- status = ex_sss_se05x_prepare_host_eckey( +- &pConnectCtx->auth.ctx.eckey, se05x_auth_ctx, pHostKs, hostEcdsakey, keylen); +- } break; +-#endif +- case kSSS_AuthType_AESKey: { +-#if SSSFTR_SE05X_AuthSession +- uint8_t *appletkey = NULL; +- uint8_t appletkey1[] = EX_SSS_AUTH_SE05X_APPLETSCP_VALUE; +- uint8_t appletkey2[] = EX_SSS_AUTH_SE05X_APPLETSCP_VALUE2; +- if (Id == kEX_SSS_ObjID_APPLETSCP03_Auth) { +- appletkey = appletkey1; +- } +- else if (Id == kEX_SSS_ObjID_APPLETSCP03_Auth + 0x10) { +- appletkey = appletkey2; +- } +- else { +- LOG_E("This authID is incorrect"); +- break; +- } +- status = +- ex_sss_se05x_prepare_host_AppletScp03Keys(&pConnectCtx->auth.ctx.scp03, se05x_auth_ctx, pHostKs, appletkey); +-#endif +- } break; +-#endif +- case kSSS_AuthType_None: +- /* Nothing to do */ +- status = kStatus_SSS_Success; +- break; +- default: +- status = kStatus_SSS_Fail; +- LOG_E("Not handled"); +- } +- +- if (kStatus_SSS_Success != status) { +- goto cleanup; +- } +- +-cleanup: +- return status; +-} +- +-#endif // SSS_HAVE_HOSTCRYPTO_ANY +- +-/* ***************************************************************************************************************** +-* Private Functions +-* ***************************************************************************************************************** */ +-#if SSSFTR_SE05X_AuthSession +-static sss_status_t ex_sss_se05x_prepare_host_userid( +- sss_object_t *pObj, sss_key_store_t *pKs, uint8_t *se050Authkey, size_t authKeyLen) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- uint32_t keyId = __LINE__; +- uint8_t data[32] = { +- 0, +- }; +- size_t dataLen = sizeof(data); +- size_t keyBitLen = sizeof(data) * 8; +- +- if (pObj->keyId != keyId) { +- status = sss_host_key_object_init(pObj, pKs); +- if (status != kStatus_SSS_Success) { +- LOG_E("UserID: Key Object Init failed"); +- goto cleanup; +- } +- +- status = sss_host_key_object_allocate_handle( +- pObj, keyId, kSSS_KeyPart_Default, kSSS_CipherType_UserID, authKeyLen + 1, kKeyObject_Mode_Persistent); +- +- if (status != kStatus_SSS_Success) { +- LOG_E("UserID: Allocate failed"); +- goto cleanup; +- } +- +- status = sss_host_key_store_set_key(pObj->keyStore, pObj, se050Authkey, authKeyLen, authKeyLen * 8, NULL, 0); +- +- if (status != kStatus_SSS_Success) { +- LOG_E("UserID: Set value failed"); +- } +- } +- else { +- status = sss_host_key_store_get_key(pObj->keyStore, pObj, data, &dataLen, &keyBitLen); +- if (status == kStatus_SSS_Success) { +- if (memcmp(data, se050Authkey, authKeyLen) != 0) { +- status = kStatus_SSS_Fail; +- LOG_E("UserID: Key Value is different"); +- goto cleanup; +- } +- } +- else { +- LOG_E("UserID: Get value failed"); +- } +- } +- +-cleanup: +- return status; +-} +-#endif // SSSFTR_SE05X_AuthSession +- +-#if SSS_HAVE_SCP_SCP03_SSS +-/* Function to Set Init and Allocate static Scp03Keys and Init Allocate dynamic keys */ +-static sss_status_t ex_sss_se05x_prepare_host_platformscp( +- NXSCP03_AuthCtx_t *pAuthCtx, ex_SE05x_authCtx_t *pEx_auth, sss_key_store_t *pKs) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- uint8_t KEY_ENC[] = EX_SSS_AUTH_SE05X_KEY_ENC; +- uint8_t KEY_MAC[] = EX_SSS_AUTH_SE05X_KEY_MAC; +- uint8_t KEY_DEK[] = EX_SSS_AUTH_SE05X_KEY_DEK; +- +-#ifdef EX_SSS_SCP03_FILE_PATH +- +- uint8_t enc[AUTH_KEY_SIZE] = {0}; +- uint8_t mac[AUTH_KEY_SIZE] = {0}; +- uint8_t dek[AUTH_KEY_SIZE] = {0}; +- +- status = scp03_keys_from_path(&enc[0], sizeof(enc), &mac[0], sizeof(mac), &dek[0], sizeof(dek)); +- +- if (status == kStatus_SSS_Success) { +- memcpy(KEY_ENC, enc, sizeof(KEY_ENC)); +- memcpy(KEY_MAC, mac, sizeof(KEY_MAC)); +- memcpy(KEY_DEK, dek, sizeof(KEY_DEK)); +- } +- +-#endif // EX_SSS_SCP03_FILE_PATH +- +- pAuthCtx->pStatic_ctx = &pEx_auth->scp03.ex_static; +- pAuthCtx->pDyn_ctx = &pEx_auth->scp03.ex_dyn; +- NXSCP03_StaticCtx_t *pStatic_ctx = pAuthCtx->pStatic_ctx; +- NXSCP03_DynCtx_t *pDyn_ctx = pAuthCtx->pDyn_ctx; +- +- pStatic_ctx->keyVerNo = EX_SSS_AUTH_SE05X_KEY_VERSION_NO; +- +- /* Init Allocate ENC Static Key */ +- status = Alloc_Scp03key_toSE05xAuthctx(&pStatic_ctx->Enc, pKs, MAKE_TEST_ID(__LINE__)); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- /* Set ENC Static Key */ +- status = sss_host_key_store_set_key(pKs, &pStatic_ctx->Enc, KEY_ENC, sizeof(KEY_ENC), sizeof(KEY_ENC) * 8, NULL, 0); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- +- /* Init Allocate MAC Static Key */ +- status = Alloc_Scp03key_toSE05xAuthctx(&pStatic_ctx->Mac, pKs, MAKE_TEST_ID(__LINE__)); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- /* Set MAC Static Key */ +- status = sss_host_key_store_set_key(pKs, &pStatic_ctx->Mac, KEY_MAC, sizeof(KEY_MAC), sizeof(KEY_MAC) * 8, NULL, 0); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- +- /* Init Allocate DEK Static Key */ +- status = Alloc_Scp03key_toSE05xAuthctx(&pStatic_ctx->Dek, pKs, MAKE_TEST_ID(__LINE__)); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- /* Set DEK Static Key */ +- status = sss_host_key_store_set_key(pKs, &pStatic_ctx->Dek, KEY_DEK, sizeof(KEY_DEK), sizeof(KEY_DEK) * 8, NULL, 0); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- +- /* Init Allocate ENC Session Key */ +- status = Alloc_Scp03key_toSE05xAuthctx(&pDyn_ctx->Enc, pKs, MAKE_TEST_ID(__LINE__)); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- /* Init Allocate MAC Session Key */ +- status = Alloc_Scp03key_toSE05xAuthctx(&pDyn_ctx->Mac, pKs, MAKE_TEST_ID(__LINE__)); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- /* Init Allocate DEK Session Key */ +- status = Alloc_Scp03key_toSE05xAuthctx(&pDyn_ctx->Rmac, pKs, MAKE_TEST_ID(__LINE__)); +- return status; +-} +-#endif +- +-#if SSS_HAVE_SCP_SCP03_SSS +-static sss_status_t Alloc_Scp03key_toSE05xAuthctx(sss_object_t *keyObject, sss_key_store_t *pKs, uint32_t keyId) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- status = sss_host_key_object_init(keyObject, pKs); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- +- status = sss_host_key_object_allocate_handle(keyObject, +- keyId, +- kSSS_KeyPart_Default, +- kSSS_CipherType_AES, +- SCP03_MAX_AUTH_KEY_SIZE, +- kKeyObject_Mode_Transient); +- return status; +-} +- +-#if SSSFTR_SE05X_AuthECKey +-static sss_status_t Alloc_ECKeykey_toSE05xAuthctx( +- sss_object_t *keyObject, sss_key_store_t *pKs, uint32_t keyId, sss_key_part_t keypart) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- status = sss_host_key_object_init(keyObject, pKs); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- status = sss_host_key_object_allocate_handle( +- keyObject, keyId, keypart, kSSS_CipherType_EC_NIST_P, 256, kKeyObject_Mode_Persistent); +- return status; +-} +- +-static sss_status_t ex_sss_se05x_prepare_host_eckey(SE05x_AuthCtx_ECKey_t *pAuthCtx, +- ex_SE05x_authCtx_t *pEx_auth, +- sss_key_store_t *pKs, +- uint8_t *hostEcdsakey, +- size_t keylen) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- pAuthCtx->pStatic_ctx = &pEx_auth->eckey.ex_static; +- pAuthCtx->pDyn_ctx = &pEx_auth->eckey.ex_dyn; +- +- NXECKey03_StaticCtx_t *pStatic_ctx = pAuthCtx->pStatic_ctx; +- NXSCP03_DynCtx_t *pDyn_ctx = pAuthCtx->pDyn_ctx; +- +- /* Init allocate Host ECDSA Key pair */ +- status = Alloc_ECKeykey_toSE05xAuthctx(&pStatic_ctx->HostEcdsaObj, pKs, MAKE_TEST_ID(__LINE__), kSSS_KeyPart_Pair); +- /* Set Host ECDSA Key pair */ +- status = sss_host_key_store_set_key(pKs, &pStatic_ctx->HostEcdsaObj, hostEcdsakey, keylen, 256, NULL, 0); +- if (status == kStatus_SSS_Fail) { +- return status; +- } +- +- /* Init allocate Host ECKA Key pair */ +- status = Alloc_ECKeykey_toSE05xAuthctx(&pStatic_ctx->HostEcKeypair, pKs, MAKE_TEST_ID(__LINE__), kSSS_KeyPart_Pair); +- /* Generate Host EC Key pair */ +- status = sss_host_key_store_generate_key(pKs, &pStatic_ctx->HostEcKeypair, 256, NULL); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- +- /* Init allocate SE ECKA Public Key */ +- status = Alloc_ECKeykey_toSE05xAuthctx(&pStatic_ctx->SeEcPubKey, pKs, MAKE_TEST_ID(__LINE__), kSSS_KeyPart_Public); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- +- /* Init Allocate Master Secret */ +- status = Alloc_Scp03key_toSE05xAuthctx(&pStatic_ctx->masterSec, pKs, MAKE_TEST_ID(__LINE__)); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- +- /* Init Allocate ENC Session Key */ +- status = Alloc_Scp03key_toSE05xAuthctx(&pDyn_ctx->Enc, pKs, MAKE_TEST_ID(__LINE__)); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- /* Init Allocate MAC Session Key */ +- status = Alloc_Scp03key_toSE05xAuthctx(&pDyn_ctx->Mac, pKs, MAKE_TEST_ID(__LINE__)); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- /* Init Allocate DEK Session Key */ +- status = Alloc_Scp03key_toSE05xAuthctx(&pDyn_ctx->Rmac, pKs, MAKE_TEST_ID(__LINE__)); +- +- return status; +-} +-#endif // SSSFTR_SE05X_AuthECKey +- +-#if SSSFTR_SE05X_AuthSession +-/* Function to Set Init and Allocate static Scp03Keys and Init Allocate dynamic keys */ +-static sss_status_t ex_sss_se05x_prepare_host_AppletScp03Keys( +- NXSCP03_AuthCtx_t *pAuthCtx, ex_SE05x_authCtx_t *pEx_auth, sss_key_store_t *host_k, uint8_t *authkey) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- pAuthCtx->pStatic_ctx = &pEx_auth->scp03.ex_static; +- pAuthCtx->pDyn_ctx = &pEx_auth->scp03.ex_dyn; +- NXSCP03_StaticCtx_t *pStatic_ctx = pAuthCtx->pStatic_ctx; +- NXSCP03_DynCtx_t *pDyn_ctx = pAuthCtx->pDyn_ctx; +- +- /* Init Allocate ENC Static Key */ +- status = Alloc_AppletScp03key_toSE05xAuthctx(&pStatic_ctx->Enc, MAKE_TEST_ID(__LINE__), host_k); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- /* Set ENC Static Key */ +- status = sss_host_key_store_set_key(host_k, &pStatic_ctx->Enc, authkey, AUTH_KEY_SIZE, AUTH_KEY_SIZE * 8, NULL, 0); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- +- /* Init Allocate MAC Static Key */ +- status = Alloc_AppletScp03key_toSE05xAuthctx(&pStatic_ctx->Mac, MAKE_TEST_ID(__LINE__), host_k); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- /* Set MAC Static Key */ +- status = sss_host_key_store_set_key(host_k, &pStatic_ctx->Mac, authkey, AUTH_KEY_SIZE, AUTH_KEY_SIZE * 8, NULL, 0); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- +- /* Init Allocate DEK Static Key */ +- status = Alloc_AppletScp03key_toSE05xAuthctx(&pStatic_ctx->Dek, MAKE_TEST_ID(__LINE__), host_k); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- /* Set DEK Static Key */ +- status = sss_host_key_store_set_key(host_k, &pStatic_ctx->Dek, authkey, AUTH_KEY_SIZE, AUTH_KEY_SIZE * 8, NULL, 0); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- +- /* Init Allocate ENC Session Key */ +- status = Alloc_AppletScp03key_toSE05xAuthctx(&pDyn_ctx->Enc, MAKE_TEST_ID(__LINE__), host_k); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- /* Init Allocate MAC Session Key */ +- status = Alloc_AppletScp03key_toSE05xAuthctx(&pDyn_ctx->Mac, MAKE_TEST_ID(__LINE__), host_k); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- /* Init Allocate DEK Session Key */ +- status = Alloc_AppletScp03key_toSE05xAuthctx(&pDyn_ctx->Rmac, MAKE_TEST_ID(__LINE__), host_k); +- return status; +-} +- +-static sss_status_t Alloc_AppletScp03key_toSE05xAuthctx( +- sss_object_t *keyObject, uint32_t keyId, sss_key_store_t *host_ks) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- status = sss_host_key_object_init(keyObject, host_ks); +- if (status != kStatus_SSS_Success) { +- return status; +- } +- +- status = sss_host_key_object_allocate_handle( +- keyObject, keyId, kSSS_KeyPart_Default, kSSS_CipherType_AES, AUTH_KEY_SIZE, kKeyObject_Mode_Persistent); +- return status; +-} +-#endif // SSSFTR_SE05X_AuthSession +- +-#endif //SSS_HAVE_SCP_SCP03_SSS +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sscp.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sscp.h +deleted file mode 100644 +index bb4f10f615..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sscp.h ++++ /dev/null +@@ -1,428 +0,0 @@ +-/* +- * +- * Copyright 2018,2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +-#ifndef _FSL_SSCP_H_ +-#define _FSL_SSCP_H_ +- +-#include +-#include +-#include +- +-#include "fsl_sscp_commands.h" +- +-/*! +-@defgroup sscp Security Subsystem Communication Protocol (SSCP) +- +- # SSCP protocol description +- +- SSCP is very simple remote procedure call protocol. +- Function parameters are described by one or multiple SSCP operation descriptor(s). +- One parameter descriptor describes up to 7 function parameters as contexts, buffers, values or aggregates. +- Multiple parameter descriptors can be linked by the aggregate parameter type (kSSCP_ParamType_Aggregate). +- +- Function arguments are described as a buffer (address and size), a value (a tuple of two words), +- a context (pointer and type id) or an aggregate. +- If the parameter is the aggregate (kSSCP_ParamType_Aggregate type), then it will contain a pointer to another +- sscp_operation_t. This allows to link additional sscp_operation_t. +- +- The protocol allows for remote calling by a copy of all arguments (including buffer contents), +- that is, to remote call to a sub-system having no physical access to Host CPU memory. +- If a sub-system has access to Host CPU memory, the SSCP transport implementation can decide to transfer +- only the buffer descriptor (pointer and size) without physically transmitting the buffer content, +- as the buffer content can be accessed by the sub-system when the remote function executes. +- The same holds for the context descriptor (pointer and type id). The actual SSCP implementation +- can transfer only pointer to a sub-system, if the sub-system has the memory, where the context data +- structure is located, and if it has an application level knowledge of the context data structure +- layout (either based on the command id or the context type id). +- +- Byte length (for void* and uintptr_t) and endianess is inherited from the host CPU. +- +- # SSCP operation descriptors +- +- A remote function is invoked by transmitting a command id (unique identifier to specify a remote function), +- followed by SSCP operation descriptors ::sscp_operation_t. There is always one descriptor and optionally +- it can link another descriptor, if the number of ::sscp_operation_t params is not sufficient +- to described all function parameters. In the example below, the last params[n-1] on the left side is an aggregate +- that links secondary descriptor. +- +- @code +- command +- paramTypes +- params[0] +- ... +- params[n-1] ------------- paramTypes +- params[0] +- ... +- params[n-1] +- @endcode +- +- where n = 1, 2, ..., 7. +- +- These operation descriptors serve as an input to ::sscp_invoke_command() function. +- The serialization to the communication system is implementation specific. +- For example, implementations may decide to transfer only pointers and values (without payloads), +- because security sub-system has access to memory, so it can read and write payloads on its own during function +- execution. Other implementations may need to serialize everything to a communication bus. +- +- This implementation specific data transfer is implemented by an invoke() function. +- During implementation specific initialization of the SSCP transfer, sscp__init() function, +- a pointer to implementation specific invoke() function is stored in the sscp__context_t. +- +- @code +- sscp_mu_init(ctx, invoke = sscp_mu_invoke_command) +- ... +- ctx->invoke() +- ... +- ctx->invoke() +- ... +- sscp_deinit(ctx) +- @endcode +- +- # Example for SSCP protocol implementation with S3MU +- +- The ::sscp_invoke_command() implementation for the S3MU (Sentinel), ::sscp_mu_invoke_command(), +- builds up the serial message as follows: +- +- word 0 | word 1 | word 2 | word 3 | ... | word (n*2 + 1) +- -------|-----------|-------------|-------------|-----|--------------- +- CMD |paramTypes | params[0].a | params[0].b | ... | params[n-1].b +- +- where the n value is CMD specific and it is present in the CMD word. +- Passing this message through S3MU to the Sentinel sub-system is done by simply moving the 16 words into S3MU Tx A +- registers. +- +- # Example with the SSS API +- +- @code +- sss_status_t sss_aead_one_go(sss_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t tagLen); +- +- uint32_t cmd = kSSCP_CMD_SSS_AeadOneGo(n=6); +- +- sscp_operation_t op = (0); +- sscp_status_t status = kStatus_SSCP_Fail; +- uint32_t ret = 0; +- +- if (context->mode == Encrypt) +- { +- op.paramTypes = SSCP_OP_SET_PARAM(kSSCP_ParamType_ContextReference, +- kSSCP_ParamType_MemrefInput, +- kSSCP_ParamType_MemrefOutput, +- kSSCP_ParamType_MemrefInput, +- kSSCP_ParamType_MemrefInput, +- kSSCP_ParamType_MemrefOutput, +- kSSCP_ParamType_None); +- } +- else +- { +- op.paramTypes = SSCP_OP_SET_PARAM(kSSCP_ParamType_ContextReference, +- kSSCP_ParamType_MemrefInput, +- kSSCP_ParamType_MemrefOutput, +- kSSCP_ParamType_MemrefInput, +- kSSCP_ParamType_MemrefInput, +- kSSCP_ParamType_MemrefInput, +- kSSCP_ParamType_None); +- } +- +- ... context is an aggregate data type ... +- ... implementation specific sscp_operation_t to serialize the context data ... +- op.params[0].context.ptr = context; +- op.params[0].context.type = kSSCP_ParamContextType_SSS_Aead; +- +- ... function parameters ... +- op.params[1].memref.buffer = srcData; +- op.params[1].memref.size = size; +- +- op.params[2].memref.buffer = destData; +- op.params[2].memref.size = size; +- +- op.params[3].memref.buffer = nonce; +- op.params[3].memref.size = nonceLen; +- +- op.params[4].memref.buffer = aad; +- op.params[4].memref.size = aadLen; +- +- op.params[5].memref.buffer = tag; +- op.params[5].memref.size = tagLen; +- +- ... Serialize to the link ... +- status = context->session->sscp->invoke(context->sscpSession, cmd, &op, &ret); +- if (status != kStatus_SSCP_Success) +- { +- return kStatus_SSS_Fail; +- } +- +- return (sss_status_t)ret; +- +- @endcode +- +- # Example with the SSCP Client API +- +- @code +- SSCP_Result SSCP_InvokeCommand(SSCP_Session *sessionSSCP, +- uint32_t commandID, +- SSCP_Operation *operation, +- uint32_t *returnOrigin); +- +- +- uint32_t cmd = kSSCP_CMD_SSCP_InvokeCommand; +- +- sscp_operation_t op = {0}; +- sscp_status_t status = kStatus_SSCP_Fail; +- uint32_t ret = 0; +- +- op.paramTypes = SSCP_OP_SET_PARAM(kSSCP_ParamType_ContextReference, +- kSSCP_ParamType_ValueInput, +- kSSCP_ParamType_ContextReference, +- kSSCP_ParamType_MemrefOutput, +- kSSCP_ParamType_None, +- kSSCP_ParamType_None, +- kSSCP_ParamType_None); +- +- op.params[0].context.ptr = sessionSSCP; +- op.params[0].context.type = kSSCP_ParamContextType_SSCP_Session; +- +- op.params[1].value.a = commandID; +- op.params[1].value.b = 0; +- +- op.params[2].context.ptr = operation; +- op.params[2].context.type = kSSCP_ParamContextType_SSCP_Operation; +- +- op.params[3].memref.buffer = returnOrigin; +- op.params[3].memref.size = sizeof(*returnOrigin); +- +- @endcode +- */ +- +-/*! +- * @addtogroup sscp +- * @{ +- */ +- +-/*! @brief Maximum number of parameters to be supported in one sscp_operation_t */ +-#define SSCP_OPERATION_PARAM_COUNT (7) +- +-/*! @brief Default SSCP context is a pointer to memory. */ +-#ifndef SSCP_MAX_CONTEXT_SIZE +-#define SSCP_MAX_CONTEXT_SIZE (sizeof(void *)) +-#endif +- +-/*! @brief Set parameter types for the SSCP operation. Each param type is encoded into 4-bits bit field. */ +-#define SSCP_OP_SET_PARAM(p0, p1, p2, p3, p4, p5, p6) \ +- (((uint32_t)p0 & 0xFu)) | (((uint32_t)p1 & 0xFu) << 4u) | (((uint32_t)p2 & 0xFu) << 8u) | \ +- (((uint32_t)p3 & 0xFu) << 12u) | (((uint32_t)p4 & 0xFu) << 16u) | (((uint32_t)p5 & 0xFu) << 20u) | \ +- (((uint32_t)p6 & 0xFu) << 24u); +- +-/*! @brief Decode i-th parameter as 4-bit unsigned integer. */ +-#define SSCP_OP_GET_PARAM(i, paramTypes) ((uint32_t)((((uint32_t)paramTypes) >> i * 4) & 0xFu)) +- +-/*! @brief Data type for SSCP function return values */ +-typedef uint32_t sscp_status_t; +- +-typedef struct _sscp_context sscp_context_t; +- +-/** +- * @brief SSCP operation descriptor +- * +- */ +-typedef struct _sscp_operation sscp_operation_t; +- +-/*! @brief Typedef for a function that sends a command and associated parameters to security sub-system +- * +- * The commandID and operation content is serialized and sent over to the selected security sub-system. +- * This is implementation specific function. +- * The function can invoke both blocking and non-blocking secure functions in the selected security sub-system. +- * +- * @param context Initialized SSCP context +- * @param commandID Command - an id of a remote secure function to be invoked +- * @param op Description of function arguments as a sequence of buffers, values, context references and aggregates +- * @param ret Return code of the remote secure function (application layer return value) +- * +- * @returns Status of the operation +- * @retval kStatus_SSCP_Success A blocking command has completed or a non-blocking command has been accepted. +- * @retval kStatus_SSCP_Fail Operation failure, for example hardware fail. +- * @retval kStatus_SSCP_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-typedef sscp_status_t (*fn_sscp_invoke_command_t)( +- sscp_context_t *context, uint32_t commandID, sscp_operation_t *op, uint32_t *ret); +- +-/** +- * struct _sscp_context - SSCP context struct +- * +- * This data type is used to keep context of the SSCP link. +- * It has one mandatory member - pointer to invoke() function. +- * Otherwise it is completely implementation specific. +- * +- * @param invoke Pointer to implementation specific invoke() function +- * @param context Container for the implementation specific data. +- */ +-struct _sscp_context +-{ +- fn_sscp_invoke_command_t invoke; +- // sscp_status_t (*sscp_invoke_command)(sscp_context_t *context, uint32_t commandID, sscp_operation_t *op); +- +- /*! Implementation specific part */ +- struct +- { +- uint8_t data[SSCP_MAX_CONTEXT_SIZE]; +- } context; +-}; +- +-/** +- * struct _sscp_memref - Buffer +- * +- * This data type is used to describe a function argument as a buffer. +- * +- * @param buffer Memory address +- * @param size Length of the buffer in bytes +- */ +-typedef struct _sscp_memref +-{ +- void *buffer; +- size_t size; +-} sscp_memref_t; +- +-/** +- * struct _sscp_value - Small raw data +- * +- * This data type is used to describe a function argument as a tuple of two 32-bit values. +- * +- * @param a First 32-bit data value. +- * @param b Second 32-bit data value. +- */ +-typedef struct _sscp_value +-{ +- uint32_t a; +- uint32_t b; +-} sscp_value_t; +- +-/** +- * @brief SSCP descriptor for an aggregate +- * +- * This data type is used to link additional SSCP operation. +- * +- * @param op Pointer to sscp_operation_t. +- */ +-typedef struct _sscp_aggregate_operation +-{ +- sscp_operation_t *op; +-} sscp_aggregate_operation_t; +- +-/** +- * @brief SSCP descriptor for a context struct +- * +- * This data type is used pass context struct to SSCP by reference +- * +- * @param ptr Pointer to a data structure +- * @param type 32-bit identifier specifying context struct type +- */ +-typedef struct _sscp_context_operation +-{ +- void *ptr; +- uint32_t type; +-} sscp_context_reference_t; +- +-/** +- * @brief Data structure representing a function argument. +- * +- * Either the client uses a shared memory reference, or a small raw +- * data container. +- * +- * @param value Small raw data container +- * @param memref Memory reference +- * @param aggregate Reference to another SSCP descriptor +- * @param context Pointer to a data struct to be passed to SSCP by reference +- */ +-typedef union _sscp_parameter { +- sscp_value_t value; +- sscp_memref_t memref; +- sscp_aggregate_operation_t aggregate; +- sscp_context_reference_t context; +-} sscp_parameter_t; +- +-/** +- * @brief Data structure describing function arguments. +- * Function argument are described as a sequence of buffers, values, context references and aggregates. +- * It serves as an input to ::sscp_invoke_command(), an implementation specific serialization function. +- * +- * @param paramTypes Type of data passed. +- * @param params Array of parameters of type sscp_parameter_t. +- * +- */ +-struct _sscp_operation +-{ +- uint32_t paramTypes; +- sscp_parameter_t params[SSCP_OPERATION_PARAM_COUNT]; +-}; +- +-/** +- * @brief Enum with SSCP operation parameters. +- */ +-typedef enum _sscp_param_types +-{ +- kSSCP_ParamType_None = 0, /*! Parameter not in use */ +- kSSCP_ParamType_Aggregate = 0x1u, /*! Link to another ::sscp_operation_t */ +- kSSCP_ParamType_ContextReference, /*! Reference to a context structure - pointer and type */ +- kSSCP_ParamType_MemrefInput, /*! Reference to a memory buffer - input to remote function or service */ +- kSSCP_ParamType_MemrefOutput, /*! Reference to a memory buffer - output by remote function or service. +- Implementations shall update the size member of the ::sscp_memref_t +- with the actual number of bytes written. */ +- kSSCP_ParamType_MemrefInOut, /*! Reference to a memory buffer - input to and ouput from remote function or service +- */ +- kSSCP_ParamType_ValueInput, /*! Tuple of two 32-bit integers - input to remote function or service */ +- kSSCP_ParamType_ValueOutput, /*! Tuple of two 32-bit integers - output by remote function or service */ +-} sscp_param_types_t; +- +-/** +- * @brief Enum with return values from SSCP functions +- */ +-enum _sscp_return_values +-{ +- kStatus_SSCP_Success = 0x10203040u, +- kStatus_SSCP_Fail = 0x40302010u, +-}; +- +-/******************************************************************************* +- * API +- ******************************************************************************/ +-#if defined(__cplusplus) +-extern "C" { +-#endif +- +-/*! @brief Sends a command and associated parameters to security sub-system +- * +- * The commandID and operation content is serialized and sent over to the selected security sub-system. +- * This is implementation specific function. +- * The function can invoke both blocking and non-blocking secure functions in the selected security sub-system. +- * +- * @param context Initialized SSCP context +- * @param commandID Command - an id of a remote secure function to be invoked +- * @param op Description of function arguments as a sequence of buffers and values +- * @param ret Return code of the remote secure function (application layer return value) +- * +- * @returns Status of the operation +- * @retval kStatus_SSCP_Success A blocking command has completed or a non-blocking command has been accepted. +- * @retval kStatus_SSCP_Fail Operation failure, for example hardware fail. +- * @retval kStatus_SSCP_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sscp_status_t sscp_invoke_command(sscp_context_t *context, uint32_t commandID, sscp_operation_t *op, uint32_t *ret); +- +-#if defined(__cplusplus) +-} +-#endif +- +-/*! +- *@} +- */ /* end of sscp */ +- +-#endif /* _FSL_SSCP_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api.h +deleted file mode 100644 +index f1b71c086d..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api.h ++++ /dev/null +@@ -1,1892 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +-/** @file */ +-#ifndef _FSL_SSS_H_ +-#define _FSL_SSS_H_ +- +-#if !defined(SSS_CONFIG_FILE) +-#include "fsl_sss_config.h" +-#else +-#include SSS_CONFIG_FILE +-#endif +- +-#include +- +-#include "fsl_sss_types.h" +- +-/** Version of the SSS API */ +-#define SSS_API_VERSION (0x00000001u) +- +-/** Size of an AES Block, in bytes */ +-#define SSS_AES_BLOCK_SIZE (16u) +-/** Size of a DES Block, in bytes */ +-#define SSS_DES_BLOCK_SIZE (8u) +-/** Size of a DES Key, in bytes */ +-#define SSS_DES_KEY_SIZE (8u) +-/** Size of a DES IV, in bytes */ +-#define SSS_DES_IV_SIZE (8u) +- +-/** Status of the SSS APIs */ +-typedef enum +-{ +- /** Operation was successful */ +- kStatus_SSS_Success = 0x5a5a5a5au, +- /** Operation failed */ +- kStatus_SSS_Fail = 0x3c3c0000u, +- /** Operation not performed because some of the passed parameters +- * were found inappropriate */ +- kStatus_SSS_InvalidArgument = 0x3c3c0001u, +- /** Where the underlying sub-system *supports* multi-threading, +- * Internal status to handle simultaneous access. +- * +- * This status is not expected to be returned to higher layers. +- * */ +- kStatus_SSS_ResourceBusy = 0x3c3c0002u, +-} sss_status_t; +- +-/** Helper macro to set enum value */ +- +-#define SSS_ENUM(GROUP, INDEX) ((GROUP) | (INDEX)) +- +-/** Cryptographic sub system */ +-typedef enum +-{ +- kType_SSS_SubSystem_NONE, +- /** Software based */ +- kType_SSS_Software = SSS_ENUM(0x01 << 8, 0x00), +- kType_SSS_mbedTLS = SSS_ENUM(kType_SSS_Software, 0x01), +- kType_SSS_OpenSSL = SSS_ENUM(kType_SSS_Software, 0x02), +- /** HOST HW Based */ +- kType_SSS_HW = SSS_ENUM(0x02 << 8, 0x00), +- kType_SSS_SECO = SSS_ENUM(kType_SSS_HW, 0x01), +- /** Isolated HW */ +- kType_SSS_Isolated_HW = SSS_ENUM(0x04 << 8, 0x00), +- kType_SSS_Sentinel = SSS_ENUM(kType_SSS_Isolated_HW, 0x01), +- kType_SSS_Sentinel200 = SSS_ENUM(kType_SSS_Isolated_HW, 0x02), +- kType_SSS_Sentinel300 = SSS_ENUM(kType_SSS_Isolated_HW, 0x03), +- kType_SSS_Sentinel400 = SSS_ENUM(kType_SSS_Isolated_HW, 0x04), +- kType_SSS_Sentinel500 = SSS_ENUM(kType_SSS_Isolated_HW, 0x05), +- /** Secure Element */ +- kType_SSS_SecureElement = SSS_ENUM(0x08 << 8, 0x00), +- /** To connect to https://www.nxp.com/products/:A71CH */ +- kType_SSS_SE_A71CH = SSS_ENUM(kType_SSS_SecureElement, 0x01), +- kType_SSS_SE_A71CL = SSS_ENUM(kType_SSS_SecureElement, 0x02), +- /** To connect to https://www.nxp.com/products/:SE050 */ +- kType_SSS_SE_SE05x = SSS_ENUM(kType_SSS_SecureElement, 0x03), +- kType_SSS_SubSystem_LAST +-} sss_type_t; +- +-/** Destintion connection type */ +-typedef enum +-{ +- /* Plain => Lowest level of security requested. +- * => Probably a system with no mechanism to *identify* who +- * has opened the session from host +- * => Probably a system with Easy for man in the middle attack. +- * +- */ +- kSSS_ConnectionType_Plain, +- /* Password: +- * => Some level of user authentication/identification requested +- * => Probably a system with "static" authentication/identification. +- * => Probably same Password us always. +- * => "Password" mostly gets sent in plain over the communication layer +- * => Probably a system with replay attack possible +- */ +- kSSS_ConnectionType_Password, +- /* Encrypted: +- * Communication is guaranteed to be Encrypted. +- * For SE => This would mean highest level of authentication +- * For other system => channel would be encrypted +- * +- * In general, almost a level of security that is definitely higher than +- * Plain/Password/PIN. +- * +- * Using *Dynamic* Sessions Keys for authenticated communication. +- */ +- kSSS_ConnectionType_Encrypted +-} sss_connection_type_t; +- +-#ifndef __DOXYGEN__ +- +-#define SSS_ALGORITHM_START_AES (0x00) +-#define SSS_ALGORITHM_START_CHACHA (0x01) +-#define SSS_ALGORITHM_START_DES (0x02) +-#define SSS_ALGORITHM_START_SHA (0x03) +-#define SSS_ALGORITHM_START_MAC (0x04) +-#define SSS_ALGORITHM_START_DH (0x05) +-#define SSS_ALGORITHM_START_DSA (0x06) +-#define SSS_ALGORITHM_START_RSASSA_PKCS1_V1_5 (0x07) +-#define SSS_ALGORITHM_START_RSASSA_PKCS1_PSS_MGF1 (0x08) +-#define SSS_ALGORITHM_START_RSAES_PKCS1_OAEP (0x09) +-#define SSS_ALGORITHM_START_RSAES_PKCS1_V1_5 (0x0A) +-#define SSS_ALGORITHM_START_RSASSA_NO_PADDING (0x0B) +-#define SSS_ALGORITHM_START_ECDSA (0x0C) +-#define SSS_ALGORITHM_START_ECDAA (0x0D) +- +-/* Not available outside this file */ +-#define SSS_ENUM_ALGORITHM(GROUP, INDEX) (((SSS_ALGORITHM_START_##GROUP) << 8) | (INDEX)) +- +-#endif +- +-/** Cryptographic algorithm to be applied */ +-typedef enum /* _sss_algorithm */ +-{ +- kAlgorithm_None, +- /* AES */ +- kAlgorithm_SSS_AES_ECB = SSS_ENUM_ALGORITHM(AES, 0x01), +- kAlgorithm_SSS_AES_CBC = SSS_ENUM_ALGORITHM(AES, 0x02), +- kAlgorithm_SSS_AES_CTR = SSS_ENUM_ALGORITHM(AES, 0x03), +- kAlgorithm_SSS_AES_GCM = SSS_ENUM_ALGORITHM(AES, 0x04), +- kAlgorithm_SSS_AES_CCM = SSS_ENUM_ALGORITHM(AES, 0x05), +- kAlgorithm_SSS_AES_GCM_INT_IV = SSS_ENUM_ALGORITHM(AES, 0x06), +- /* CHACHA_POLY */ +- kAlgorithm_SSS_CHACHA_POLY = SSS_ENUM_ALGORITHM(CHACHA, 0x01), +- /* DES */ +- kAlgorithm_SSS_DES_ECB = SSS_ENUM_ALGORITHM(DES, 0x01), +- kAlgorithm_SSS_DES_CBC = SSS_ENUM_ALGORITHM(DES, 0x02), +- /* DES3 */ +- kAlgorithm_SSS_DES3_ECB = SSS_ENUM_ALGORITHM(DES, 0x03), +- kAlgorithm_SSS_DES3_CBC = SSS_ENUM_ALGORITHM(DES, 0x04), +- /* digest */ +- /* doc:start hash_algo */ +- kAlgorithm_SSS_SHA1 = SSS_ENUM_ALGORITHM(SHA, 0x01), +- kAlgorithm_SSS_SHA224 = SSS_ENUM_ALGORITHM(SHA, 0x02), +- kAlgorithm_SSS_SHA256 = SSS_ENUM_ALGORITHM(SHA, 0x03), +- kAlgorithm_SSS_SHA384 = SSS_ENUM_ALGORITHM(SHA, 0x04), +- kAlgorithm_SSS_SHA512 = SSS_ENUM_ALGORITHM(SHA, 0x05), +- /* doc:end hash_algo */ +- /* MAC */ +- kAlgorithm_SSS_CMAC_AES = SSS_ENUM_ALGORITHM(MAC, 0x01), +- kAlgorithm_SSS_HMAC_SHA1 = SSS_ENUM_ALGORITHM(MAC, 0x02), +- kAlgorithm_SSS_HMAC_SHA224 = SSS_ENUM_ALGORITHM(MAC, 0x03), +- kAlgorithm_SSS_HMAC_SHA256 = SSS_ENUM_ALGORITHM(MAC, 0x04), +- kAlgorithm_SSS_HMAC_SHA384 = SSS_ENUM_ALGORITHM(MAC, 0x05), +- kAlgorithm_SSS_HMAC_SHA512 = SSS_ENUM_ALGORITHM(MAC, 0x06), +- /* See above: +- * kAlgorithm_SSS_HMAC_SHA224 = SSS_ENUM_ALGORITHM(CHACHA, 0x01) */ +- +- /* Diffie-Helmann */ +- kAlgorithm_SSS_DH = SSS_ENUM_ALGORITHM(DH, 0x01), +- kAlgorithm_SSS_ECDH = SSS_ENUM_ALGORITHM(DH, 0x02), +- /* DSA */ +- kAlgorithm_SSS_DSA_SHA1 = SSS_ENUM_ALGORITHM(DSA, 0x01), +- kAlgorithm_SSS_DSA_SHA224 = SSS_ENUM_ALGORITHM(DSA, 0x02), +- kAlgorithm_SSS_DSA_SHA256 = SSS_ENUM_ALGORITHM(DSA, 0x03), +- +- /* RSA */ +- /* doc:start rsa_sign_algo */ +- kAlgorithm_SSS_RSASSA_PKCS1_V1_5_NO_HASH = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x01), +- kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x02), +- kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x03), +- kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x04), +- kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x05), +- kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_V1_5, 0x06), +- kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x01), +- kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x02), +- kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x03), +- kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x04), +- kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512 = SSS_ENUM_ALGORITHM(RSASSA_PKCS1_PSS_MGF1, 0x05), +- /* doc:end rsa_sign_algo */ +- +- /* doc:start rsa_enc_algo */ +- kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x01), +- kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x02), +- kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x03), +- kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x04), +- kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_OAEP, 0x05), +- kAlgorithm_SSS_RSAES_PKCS1_V1_5 = SSS_ENUM_ALGORITHM(RSAES_PKCS1_V1_5, 0x01), +- /* doc:end rsa_enc_algo */ +- +- /* doc:start rsa_sign_algo_no_padding */ +- kAlgorithm_SSS_RSASSA_NO_PADDING = SSS_ENUM_ALGORITHM(RSASSA_NO_PADDING, 0x01), +- /* doc:end rsa_sign_algo_no_padding */ +- +- /* ECDSA */ +- /* doc:start ecc_sign_algo */ +- kAlgorithm_SSS_ECDSA_SHA1 = SSS_ENUM_ALGORITHM(ECDSA, 0x01), +- kAlgorithm_SSS_ECDSA_SHA224 = SSS_ENUM_ALGORITHM(ECDSA, 0x02), +- kAlgorithm_SSS_ECDSA_SHA256 = SSS_ENUM_ALGORITHM(ECDSA, 0x03), +- kAlgorithm_SSS_ECDSA_SHA384 = SSS_ENUM_ALGORITHM(ECDSA, 0x04), +- kAlgorithm_SSS_ECDSA_SHA512 = SSS_ENUM_ALGORITHM(ECDSA, 0x05), +- /* doc:end ecc_sign_algo */ +- +- /* ECDAA */ +- /* doc:start ecc_bn_sign_algo */ +- kAlgorithm_SSS_ECDAA = SSS_ENUM_ALGORITHM(ECDAA, 0x01), +- /* doc:end ecc_bn_sign_algo */ +-} sss_algorithm_t; +- +-#undef SSS_ENUM_ALGORITHM +- +-#ifndef __DOXYGEN__ +- +-// Deprecated names for RSAES_PKCS1_OAEP algorithms +-#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA1 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1 +-#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA224 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224 +-#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA256 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256 +-#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA384 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384 +-#define kAlgorithm_SSS_RSASSA_PKCS1_OEAP_SHA512 kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512 +- +-// Deprecated names for RSAES_PKCS1_V1_5 algorithms +-#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA1 kAlgorithm_SSS_RSAES_PKCS1_V1_5 +-#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA224 kAlgorithm_SSS_RSAES_PKCS1_V1_5 +-#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA256 kAlgorithm_SSS_RSAES_PKCS1_V1_5 +-#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA384 kAlgorithm_SSS_RSAES_PKCS1_V1_5 +-#define kAlgorithm_SSS_RSAES_PKCS1_V1_5_SHA512 kAlgorithm_SSS_RSAES_PKCS1_V1_5 +- +-#endif /* __DOXYGEN__ */ +- +-/** High level algorihtmic operations. +- * +- * Augmented by @ref sss_algorithm_t +- */ +-typedef enum +-{ +- kMode_SSS_Encrypt = 1, //!< Encrypt +- kMode_SSS_Decrypt = 2, //!< Decrypt +- kMode_SSS_Sign = 3, //!< Sign +- kMode_SSS_Verify = 4, //!< Verify +- /* Compute Shared Secret. e.g. Diffie-Hellman */ +- kMode_SSS_ComputeSharedSecret = 5, +- kMode_SSS_Digest = 6, //!< Message Digest +- kMode_SSS_Mac = 7, //!< Message Authentication Code +- +- // For now, use kMode_SSS_ComputeSharedSecret for HKDF Extract and Expand +- // kMode_SSS_HKDF = 8, //!< HKDF Extract and Expand (RFC 5869) +- kMode_SSS_HKDF_ExpandOnly = 9 //!< HKDF Expand Only (RFC 5869) +-} sss_mode_t; +- +-/** +- * Permissions of an object +- */ +-typedef enum +-{ +- /** Can read (applicable) contents of the key. +- * +- * @note This is not same as @ref kAccessPermission_SSS_Use. +- * +- * Without reading, the object, the key can be used. +- */ +- kAccessPermission_SSS_Read = (1u << 0), +- /** Can change the value of an object */ +- kAccessPermission_SSS_Write = (1u << 1), +- /** Can use an object */ +- kAccessPermission_SSS_Use = (1u << 2), +- /** Can delete an object */ +- kAccessPermission_SSS_Delete = (1u << 3), +- /** Can change permissions applicable to an object */ +- kAccessPermission_SSS_ChangeAttributes = (1u << 4), +- /** Bitwise OR of all sss_access_permission. */ +- kAccessPermission_SSS_All_Permission = 0x1F, +-} sss_access_permission_t; +- +-/** +- * Persistent / Non persistent mode of a key +- */ +-typedef enum +-{ +- kKeyObject_Mode_None = 0, //!< kKeyObject_Mode_None +- /** Key object will be persisted in memory +- * and will retain it's value after a closed session +- */ +- kKeyObject_Mode_Persistent = 1, +- /** Key Object will be stored in RAM. +- * It will lose it's contents after a session is closed +- */ +- kKeyObject_Mode_Transient = 2, +-} sss_key_object_mode_t; +- +-/** Part of a key */ +-typedef enum +-{ +- kSSS_KeyPart_NONE, +- /** Applicable where we have UserID, Binary Files, +- * Certificates, Symmetric Keys, PCR, HMAC-key, counter */ +- kSSS_KeyPart_Default = 1, +- /** Public part of asymmetric key */ +- kSSS_KeyPart_Public = 2, +- /** Private only part of asymmetric key */ +- kSSS_KeyPart_Private = 3, +- /** Both, public and private part of asymmetric key */ +- kSSS_KeyPart_Pair = 4, +-} sss_key_part_t; +- +-/** For all cipher types, key bit length is provides at the time key is inserted/generated */ +-typedef enum +-{ +- kSSS_CipherType_NONE, +- kSSS_CipherType_AES = 10, +- kSSS_CipherType_DES = 12, +- +- kSSS_CipherType_CMAC = 20, +- kSSS_CipherType_HMAC = 21, +- +- kSSS_CipherType_MAC = 30, +- kSSS_CipherType_RSA = 31, /*! RSA RAW format */ +- kSSS_CipherType_RSA_CRT = 32, /*! RSA CRT format */ +- +- /* The following keys can be identified +- * solely by the *Family* and bit length +- */ +- kSSS_CipherType_EC_NIST_P = 40, /*! Keys Part of NIST-P Family */ +- kSSS_CipherType_EC_NIST_K = 41, /*! Keys Part of NIST-K Family */ +- +- /* The following keys need their full curve parameters (p,a,b,x,y,n,h) +- */ +- /** Montgomery Key, */ +- kSSS_CipherType_EC_MONTGOMERY = 50, +- /** twisted Edwards form elliptic curve public key */ +- kSSS_CipherType_EC_TWISTED_ED = 51, +- /** Brainpool form elliptic curve public key */ +- kSSS_CipherType_EC_BRAINPOOL = 52, +- /** Barreto Naehrig curve */ +- kSSS_CipherType_EC_BARRETO_NAEHRIG = 53, +- +- kSSS_CipherType_UserID = 70, +- +- /** Use kSSS_CipherType_Binary to store Certificate */ +- kSSS_CipherType_Certificate = 71, +- kSSS_CipherType_Binary = 72, +- +- kSSS_CipherType_Count = 73, +- kSSS_CipherType_PCR = 74, +- kSSS_CipherType_ReservedPin = 75, +-} sss_cipher_type_t; +- +-/** XY Co-ordinates for ECC Curves */ +-typedef struct +-{ +- /** X Point */ +- uint8_t *X; +- /** Y Point */ +- uint8_t *Y; +-} sss_ecc_point_t; +- +-/** ECC Curve Parameter */ +-typedef struct +-{ +- uint8_t *p; /**< ECC parameter P */ +- uint8_t *a; /**< ECC parameter a */ +- uint8_t *b; /**< ECC parameter b */ +- sss_ecc_point_t *G; /**< ECC parameter G */ +- uint8_t *n; /**< ECC parameter n */ +- uint8_t *h; /**< ECC parameter h */ +-} sss_eccgfp_group_t; +- +-/** +- * @addtogroup sss_session +- * @{ +- */ +- +-/** Properties of session that are U32 +- * +- * From 0 to kSSS_SessionProp_Optional_Prop_Start, +- * around 2^24 = 16777215 Properties are +- * possible. +- * +- * From 0 to kSSS_SessionProp_Optional_Prop_Start, +- * around 2^24 = 16777215 Properties are +- * possible. +- * +- */ +-typedef enum +-{ +- /** Invalid */ +- kSSS_SessionProp_u32_NA = 0, +- /** Major version */ +- kSSS_SessionProp_VerMaj, +- /** Minor Version */ +- kSSS_SessionProp_VerMin, +- /** Development Version */ +- kSSS_SessionProp_VerDev, +- +- /* Lenght of UID */ +- kSSS_SessionProp_UIDLen, +- +- /** Optional Properties Start */ +- kSSS_SessionProp_u32_Optional_Start = 0x00FFFFFFu, +- +- /** How much persistent memory is free */ +- kSSS_KeyStoreProp_FreeMem_Persistant, +- +- /** How much transient memory is free */ +- kSSS_KeyStoreProp_FreeMem_Transient, +- +- /** Proprietary Properties Start */ +- kSSS_SessionProp_u32_Proprietary_Start = 0x01FFFFFFu, +- +-} sss_session_prop_u32_t; +- +-/** Properties of session that are S32 +- * +- * From 0 to kSSS_SessionProp_Optional_Prop_Start, +- * around 2^24 = 16777215 Properties are +- * possible. +- * +- * From 0 to kSSS_SessionProp_Optional_Prop_Start, +- * around 2^24 = 16777215 Properties are +- * possible. +- * +- */ +-typedef enum +-{ +- /** Invalid */ +- kSSS_SessionProp_au8_NA = 0, +- /** Name of the product, string */ +- kSSS_SessionProp_szName, +- /** Unique Identifier */ +- kSSS_SessionProp_UID, +- +- /** Optional Properties Start */ +- kSSS_SessionProp_au8_Optional_Start = 0x00FFFFFFu, +- +- /** Proprietary Properties Start */ +- kSSS_SessionProp_au8_Proprietary_Start = 0x01FFFFFFu, +- +-} sss_session_prop_au8_t; +- +-/** @} */ +- +-/** +- * @addtogroup sss_session +- * @{ +- */ +- +-/** @brief Root session +- * +- * This is a *singleton* for each connection (physical/logical) +- * to individual cryptographic system. +- */ +-typedef struct +-{ +- /** Indicates which security subsystem is selected. +- * +- * This is set when @ref sss_session_open is successful */ +- sss_type_t subsystem; +- +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_SESSION_MAX_CONTEXT_SIZE]; +- } extension; +-} sss_session_t; +-/** @} */ +- +-/** +- * @addtogroup sss_key_store +- * @{ +- */ +- +-/** @brief Store for secure and non secure key objects within a cryptographic system. +- * +- * - A cryptographic system may have more than partitions to store such keys. +- * +- */ +-typedef struct +-{ +- /** Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_session_t *session; +- +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_KEY_STORE_MAX_CONTEXT_SIZE]; +- } extension; +-} sss_key_store_t; +- +-/** properties of a Key Store that return array */ +-typedef enum +-{ +- /** Optional Properties Start */ +- kSSS_KeyStoreProp_au8_Optional_Start = 0x00FFFFFFu, +- +-} sss_key_store_prop_au8_t; +- +-/** Entity on the other side of the tunnel */ +-typedef enum +-{ +- /** Default value */ +- kSSS_TunnelDest_None = 0, +- +- /** SE05X IoT Applet */ +- kSSS_TunnelType_Se05x_Iot_applet, +-} sss_tunnel_dest_t; +- +-/** @} */ +- +-/** +- * @addtogroup sss_key_object +- * @{ +- */ +- +-/** @brief An object (secure / non-secure) within a Key Store. +- * +- */ +-typedef struct +-{ +- /** key store holding the data and other properties */ +- sss_key_store_t *keyStore; +- /** The type/part of object is referneced from @ref sss_key_part_t */ +- uint32_t objectType; +- /** cipherType type from @ref sss_cipher_type_t */ +- uint32_t cipherType; +- /** Application specific key identifier. The keyId is kept in the key store +- * along with the key data and other properties. */ +- uint32_t keyId; +- +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_KEY_OBJECT_MAX_CONTEXT_SIZE]; +- } extension; +-} sss_object_t; +- +-/** @} */ +- +-/** +- * @addtogroup sss_crypto_symmetric +- * @{ +- */ +- +-/** @brief Typedef for the symmetric crypto context */ +-typedef struct +-{ +- /** Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_session_t *session; +- /** Key to be used for the symmetric operation */ +- sss_object_t *keyObject; +- /** Algorithm to be applied, e.g AES_ECB / CBC */ +- sss_algorithm_t algorithm; +- /** Mode of operation, e.g Encryption/Decryption */ +- sss_mode_t mode; +- +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_SYMMETRIC_MAX_CONTEXT_SIZE]; +- } extension; +-} sss_symmetric_t; +-/** @} */ +- +-/** @brief Authenticated Encryption with Additional Data +- * +- */ +-typedef struct +-{ +- /** Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_session_t *session; +- /** Key to be used for asymmetric */ +- sss_object_t *keyObject; +- /** Algorithm to be used */ +- sss_algorithm_t algorithm; +- /** High level operation (encrypt/decrypt) */ +- sss_mode_t mode; +- +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_AEAD_MAX_CONTEXT_SIZE]; +- } extension; +-} sss_aead_t; +- +-/** Message Digest operations */ +-typedef struct +-{ +- /** Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_session_t *session; +- /** Algorithm to be applied, e.g SHA1, SHA256 */ +- sss_algorithm_t algorithm; +- /** Mode of operation, e.g Sign/Verify */ +- sss_mode_t mode; +- /** Full digest length per algorithm definition. This field is initialized along with algorithm. */ +- size_t digestFullLen; +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_DIGEST_MAX_CONTEXT_SIZE]; +- } extension; +-} sss_digest_t; +- +-/** @brief Message Authentication Code +- * +- */ +-typedef struct +-{ +- /** Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_session_t *session; +- /** Key to be used for ... */ +- sss_object_t *keyObject; +- /** Algorithm to be applied, e.g. MAC/CMAC */ +- sss_algorithm_t algorithm; +- /** Mode of operation for MAC (kMode_SSS_Mac) */ +- sss_mode_t mode; +- +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_MAC_MAX_CONTEXT_SIZE]; +- } extension; +-} sss_mac_t; +- +-/** @brief Asymmetric Cryptographic operations +- * +- * e.g. RSA/ECC. +- */ +- +-typedef struct +-{ +- /** Pointer to root session */ +- sss_session_t *session; +- /** KeyObject used for Asymmetric operation */ +- sss_object_t *keyObject; +- /** Algorithm to be applied, e.g. ECDSA */ +- sss_algorithm_t algorithm; +- /** Mode of operation for the Asymmetric operation. +- * e.g. Sign/Verify/Encrypt/Decrypt */ +- sss_mode_t mode; +- +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_ASYMMETRIC_MAX_CONTEXT_SIZE]; +- } extension; +-} sss_asymmetric_t; +- +-/** Header for a IS716 APDU */ +- +-typedef struct +-{ +- /** ISO 7816 APDU Header */ +- uint8_t hdr[0 /* For Indentation */ +- + 1 /* CLA */ +- + 1 /* INS */ +- + 1 /* P1 */ +- + 1 /* P2 */ +- ]; +-} tlvHeader_t; +- +-/** Tunneling +- * +- * Used for communication via another system. +- */ +-typedef struct +-{ +- /** Pointer to the session */ +- sss_session_t *session; +- /** Tunnel to which Applet (Currently unused) */ +- uint32_t tunnelType; +- +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_TUNNEL_MAX_CONTEXT_SIZE]; +- } extension; +-} sss_tunnel_t; +- +-/** +- * @addtogroup sss_crypto_derive_key +- * @{ +- */ +- +-/** Key derivation */ +-typedef struct +-{ +- /** Pointer to the session */ +- sss_session_t *session; +- /** KeyObject used to derive key s*/ +- sss_object_t *keyObject; +- /** Algorithm to be applied, e.g. ... */ +- sss_algorithm_t algorithm; +- /** Mode of operation for .... e.g. ... */ +- sss_mode_t mode; +- +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_DERIVE_KEY_MAX_CONTEXT_SIZE]; +- } extension; +-} sss_derive_key_t; +-/** @} */ +- +-/** Random number generator context */ +-typedef struct +-{ +- /** Pointer to the session */ +- sss_session_t *session; +- +- /** Reserved memory for implementation specific extension */ +- struct +- { +- uint8_t data[SSS_RNG_MAX_CONTEXT_SIZE]; +- } context; +- +-} sss_rng_context_t; +- +-/******************************************************************************* +- * API +- ******************************************************************************/ +-#if defined(__cplusplus) +-extern "C" { +-#endif +- +-/** +- * @addtogroup sss_session +- * @{ +- */ +- +-/** +- * Same as @ref sss_session_open but to support sub systems +- * that explictily need a create before opening. +- * +- * For the sake of portabilty across various sub systems, +- * the applicaiton has to call @ref sss_session_create +- * before calling @ref sss_session_open. +- * +- * +- * @param[in,out] session Pointer to session context +- * @param[in] subsystem See @ref sss_session_open +- * @param[in] application_id See @ref sss_session_open +- * @param[in] connection_type See @ref sss_session_open +- * @param[in] connectionData See @ref sss_session_open +- */ +-sss_status_t sss_session_create(sss_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData); +- +-/** +- * @brief Open session between application and a security subsystem. +- * +- * Open virtual session between application (user context) and a +- * security subsystem and function thereof. Pointer to session +- * shall be supplied to all SSS APIs as argument. Low level SSS +- * functions can provide implementation specific behaviour based +- * on the session argument. +- * Note: sss_session_open() must not be called concurrently from +- * multiple threads. The application must ensure this. +- * +- * @param[in,out] session Session context. +- * @param[in] subsystem Indicates which security subsystem is +- * selected to be used. +- * @param[in] application_id ObjectId/AuthenticationID Connecting to: +- * - ``application_id`` == 0 => Super use / Plaform user +- * - Anything else => Authenticated user +- * @param[in] connection_type How are we connecting to the system. +- * @param[in,out] connectionData subsystem specific connection parameters. +- * +- * @return status +- */ +-sss_status_t sss_session_open(sss_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData); +- +-/** +- * @brief Get an underlying property of the crypto sub system +- * +- * This API is used to get values that are +- * numeric in nature. +- * +- * Property can be either fixed value that is +- * calculated at compile time and returned +- * directly, or it may involve some access to the +- * underlying system. +- * +- * For applicable properties see @ref sss_session_prop_u32_t +- * +- * @param[in] session Session context +- * @param[in] property Value that is part of @ref sss_session_prop_u32_t +- * @param[out] pValue +- * +- * @return +- */ +-sss_status_t sss_session_prop_get_u32(sss_session_t *session, uint32_t property, uint32_t *pValue); +- +-/** +- * @brief Get an underlying property of the crypto sub system +- * +- * This API is used to get values that are +- * numeric in nature. +- * +- * Property can be either fixed value that is +- * calculated at compile time and returned +- * directly, or it may involve some access to the +- * underlying system. +- * +- * @param[in] session Session context +- * @param[in] property Value that is part of @ref sss_session_prop_au8_t +- * @param[out] pValue Output buffer array +- * @param[in,out] pValueLen Count of values thare are/must br read +- * @return +- */ +-sss_status_t sss_session_prop_get_au8(sss_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); +- +-/** +- * @brief Close session between application and security subsystem. +- * +- * This function closes a session which has been opened with a security subsystem. +- * All commands within the session must have completed before this function can be called. +- * The implementation must do nothing if the input ``session`` parameter is NULL. +- * +- * +- * @param session Session context. +- */ +-void sss_session_close(sss_session_t *session); +- +-/** Counterpart to @ref sss_session_create +- * +- * Similar to contraint on @ref sss_session_create, application +- * may call @ref sss_session_delete to explicitly release all +- * underlying/used session specific resoures of that implementation. +- */ +-void sss_session_delete(sss_session_t *session); +- +-/** +- *@} +- */ /* end of sss_session */ +- +-/** +- * @addtogroup sss_key_store +- * @{ +- */ +- +-/** @brief Constructor for the key store context data structure. +- * +- * @param[out] keyStore Pointer to key store context. Key store context is updated on function return. +- * @param session Session context. +- */ +-sss_status_t sss_key_store_context_init(sss_key_store_t *keyStore, sss_session_t *session); +- +-/** @brief Get handle to key store. +- * If the key store already exists, nothing is allocated. +- * If the key store does not exists, new empty key store is created and initialized. +- * Key store context structure is updated with actual information. +- * +- * @param[out] keyStore Pointer to key store context. Key store context is updated on function return. +- * @param keyStoreId Implementation specific ID, can be used in case security subsystem manages multiple different +- * key stores. +- */ +-sss_status_t sss_key_store_allocate(sss_key_store_t *keyStore, uint32_t keyStoreId); +- +-/** @brief Save all cached persistent objects to persistent memory. +- */ +-sss_status_t sss_key_store_save(sss_key_store_t *keyStore); +- +-/** @brief Load from persistent memory to cached objects. +- */ +-sss_status_t sss_key_store_load(sss_key_store_t *keyStore); +- +-/** @brief This function moves data[] from memory to the destination key store. +- * +- * @param keyStore Key store context +- * @param keyObject Reference to a key and it's properties +- * @param data Data to be stored in Key. When setting ecc private key only, do not include key header. +- * @param dataLen Length of the data +- * @param keyBitLen Crypto algorithm key bit length +- * @param options Pointer to implementation specific options +- * @param optionsLen Length of the options in bytes +- * +- * @return +- */ +-sss_status_t sss_key_store_set_key(sss_key_store_t *keyStore, +- sss_object_t *keyObject, +- const uint8_t *data, +- size_t dataLen, +- size_t keyBitLen, +- void *options, +- size_t optionsLen); +- +-/** @brief This function generates key[] in the destination key store. */ +-sss_status_t sss_key_store_generate_key( +- sss_key_store_t *keyStore, sss_object_t *keyObject, size_t keyBitLen, void *options); +- +-/** @brief This function exports plain key[] from key store (if constraints and user id allows reading) */ +-sss_status_t sss_key_store_get_key( +- sss_key_store_t *keyStore, sss_object_t *keyObject, uint8_t *data, size_t *dataLen, size_t *pKeyBitLen); +- +-/** +- * @brief Access key store using one more level of encryption +- * +- * e.g. Access keys / encryption key during storage +- * +- * @param keyStore The key store +- * @param keyObject The key object that is to be used as a KEK (Key Encryption Key) +- * +- * @return The sss status. +- */ +-sss_status_t sss_key_store_open_key(sss_key_store_t *keyStore, sss_object_t *keyObject); +- +-/** +- * @brief The referenced key cannot be updated any more. +- * +- * @param keyStore The key store +- * @param keyObject The key object to be locked / frozen. +- * +- * @return The sss status. +- */ +-sss_status_t sss_key_store_freeze_key(sss_key_store_t *keyStore, sss_object_t *keyObject); +- +-/** +- * @brief Delete / destroy allocated keyObect . +- * +- * @param keyStore The key store +- * @param keyObject The key object to be deleted +- * +- * @return The sss status. +- */ +-sss_status_t sss_key_store_erase_key(sss_key_store_t *keyStore, sss_object_t *keyObject); +- +-// sss_status_t sss_key_store_clear_all(sss_key_store_t *keyStore); +- +-/** @brief Destructor for the key store context. */ +-void sss_key_store_context_free(sss_key_store_t *keyStore); +- +-/** +- *@} +- */ /* end of sss_key_store */ +- +-/** +- * @addtogroup sss_key_object +- * @{ +- */ +- +-/** @brief Constructor for a key object data structure +- * The function initializes keyObject data structure and associates it with a key store +- * in which the plain key and other attributes are stored. +- * +- * @param keyObject +- * @param keyStore +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_key_object_init(sss_object_t *keyObject, sss_key_store_t *keyStore); +- +-/** +- * @brief Allocate / pre-provision memory for new key +- * +- * This API allows underlying cryptographic subsystems to perform +- * preconditions of before creating any cryptographic key object. +- * +- * @param[in,out] keyObject The object If required, update implementation +- * defined values inside the keyObject +- * @param keyId External Key ID. Later on this may be used by +- * @ref sss_key_object_get_handle +- * @param keyPart See @ref sss_key_part_t +- * @param cipherType See @ref sss_cipher_type_t +- * @param keyByteLenMax Maximum storage this type of key may need. For +- * systems that have their own internal allocation +- * table this would help +- * @param options 0 = Persistant Key (Default) or Transient Key. +- * See sss_key_object_mode_t +- * +- * @return Status of object allocation. +- */ +-sss_status_t sss_key_object_allocate_handle(sss_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t options); /* Check if this can be made sss_key_object_mode_t */ +- +-/** +- * @brief Get handle to an existing allocated/provisioned/created Object +- * +- * See @ref sss_key_object_allocate_handle. +- * +- * After calling this API, Ideally keyObject should become equivlant +- * to as set after the calling of @ref +- * sss_key_object_allocate_handle api. +- * +- * @param keyObject The key object +- * @param[in] keyId The key identifier +- * +- * @return The sss status. +- */ +-sss_status_t sss_key_object_get_handle(sss_object_t *keyObject, uint32_t keyId); +- +-/** @brief Assign user to a key object. +- * +- * @param keyObject the object where permission restrictions are applied +- * +- * @param user Assign User id for a key object. The user is kept in the key +- * store along with the key data and other properties. +- * @param options Transient or persistent update. Allows for transient update +- * of persistent attributes. +- */ +-sss_status_t sss_key_object_set_user(sss_object_t *keyObject, uint32_t user, uint32_t options); +- +-/** @brief Assign purpose to a key object. +- * +- * @param keyObject the object where permission restrictions are applied +- * @param purpose Usage of the key. +- * @param options Transient or persistent update. Allows for transient update of persistent attributes. +- */ +-sss_status_t sss_key_object_set_purpose(sss_object_t *keyObject, sss_mode_t purpose, uint32_t options); +- +-/** @brief Assign access permissions to a key object. +- * +- * @param keyObject the object where permission restrictions are applied +- * @param access Logical OR of read, write, delete, use, change attributes defined by enum _sss_access_permission. +- * @param options Transient or persistent update. Allows for transient update of persistent attributes. +- */ +-sss_status_t sss_key_object_set_access(sss_object_t *keyObject, uint32_t access, uint32_t options); +- +-/** @brief Set elliptic curve domain parameters over Fp for a key object +- * +- * When the key object is a reference to one of ECC Private, ECC Public or ECC Pair key types, +- * this function shall be used to specify the exact domain parameters prior to using the key object +- * for ECDSA or ECDH algorithms. +- * +- * @param keyObject The destination key object +- * @param group Pointer to elliptic curve domain parameters over Fp (sextuple p,a,b,G,n,h) +- */ +-sss_status_t sss_key_object_set_eccgfp_group(sss_object_t *keyObject, sss_eccgfp_group_t *group); +- +-/** @brief get attributes */ +-sss_status_t sss_key_object_get_user(sss_object_t *keyObject, uint32_t *user); +- +-/** Check what is purpose restrictions on an object +- * +- * @param keyObject Object to be checked +- * @param purpose Know what is permitted. +- * @return +- */ +-sss_status_t sss_key_object_get_purpose(sss_object_t *keyObject, sss_mode_t *purpose); +- +-/** Check what are access restrictions on an object +- * +- * @param keyObject Object +- * @param access What is permitted +- * @return +- */ +-sss_status_t sss_key_object_get_access(sss_object_t *keyObject, uint32_t *access); +- +-/** @brief Destructor for the key object. +- * The function frees key object context. +- * +- * @param keyObject Pointer to key object context. +- */ +-void sss_key_object_free(sss_object_t *keyObject); +- +-/** +- *@} +- */ /* end of sss_key_object */ +- +-/** +- * @addtogroup sss_crypto_symmetric +- * @{ +- */ +- +-/** @brief Symmetric context init. +- * The function initializes symmetric context with initial values. +- * +- * @param context Pointer to symmetric crypto context. +- * @param session Associate SSS session with symmetric context. +- * @param keyObject Associate SSS key object with symmetric context. +- * @param algorithm One of the symmetric algorithms defined by @ref sss_algorithm_t. +- * @param mode One of the modes defined by @ref sss_mode_t. +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_symmetric_context_init(sss_symmetric_t *context, +- sss_session_t *session, +- sss_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @brief Symmetric cipher in one blocking function call. +- * The function blocks current thread until the operation completes or an error occurs. +- * +- * @param context Pointer to symmetric crypto context. +- * @param iv Buffer containing the symmetric operation Initialization Vector. +- * @param ivLen Length of the Initialization Vector in bytes. +- * @param srcData Buffer containing the input data (block aligned). +- * @param destData Buffer containing the output data. +- * @param dataLen Size of input and output data buffer in bytes. +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_cipher_one_go( +- sss_symmetric_t *context, uint8_t *iv, size_t ivLen, const uint8_t *srcData, uint8_t *destData, size_t dataLen); +- +-/** @brief Symmetric cipher init. +- * The function starts the symmetric cipher operation. +- * +- * @param context Pointer to symmetric crypto context. +- * @param iv Buffer containing the symmetric operation Initialization Vector. +- * @param ivLen Length of the Initialization Vector in bytes. +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_cipher_init(sss_symmetric_t *context, uint8_t *iv, size_t ivLen); +- +-/** @brief Symmetric cipher update. +- * Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. +- * Unless one or more calls of this function have supplied sufficient input data, no output is generated. +- * The cipher operation is finalized with a call to @ref sss_cipher_finish(). +- * +- * @param context Pointer to symmetric crypto context. +- * @param srcData Buffer containing the input data. +- * @param srcLen Length of the input data in bytes. +- * @param destData Buffer containing the output data. +- * @param[in,out] destLen Length of the output data in bytes. Buffer length on entry, reflects actual output size on +- * return. +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_cipher_update( +- sss_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @brief Symmetric cipher finalize. +- * +- * @param context Pointer to symmetric crypto context. +- * @param srcData Buffer containing final chunk of input data. +- * @param srcLen Length of final chunk of input data in bytes. +- * @param destData Buffer containing output data. +- * @param[in,out] destLen Length of output data in bytes. Buffer length on entry, reflects actual output size on +- * return. +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_cipher_finish( +- sss_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @brief Symmetric AES in Counter mode in one blocking function call. +- * The function blocks current thread until the operation completes or an error occurs. +- * +- * @param context Pointer to symmetric crypto context. +- * @param srcData Buffer containing the input data. +- * @param destData Buffer containing the output data. +- * @param size Size of source and destination data buffers in bytes. +- * @param[in,out] initialCounter Input counter (updates on return) +- * @param[out] lastEncryptedCounter Output cipher of last counter, for chained CTR calls. NULL can be passed if +- * chained calls are not used. +- * @param[out] szLeft Output number of bytes in left unused in lastEncryptedCounter block. NULL can be passed if +- * chained calls are not used. +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_cipher_crypt_ctr(sss_symmetric_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *initialCounter, +- uint8_t *lastEncryptedCounter, +- size_t *szLeft); +- +-/** @brief Symmetric context release. +- * The function frees symmetric context. +- * +- * @param context Pointer to symmetric crypto context. +- */ +-void sss_symmetric_context_free(sss_symmetric_t *context); +-/** +- *@} +- */ /* end of sss_crypto_symmetric */ +- +-/** +- * @addtogroup sss_crypto_aead +- * @{ +- */ +- +-/** @brief AEAD context init. +- * The function initializes aead context with initial values. +- * +- * @param context Pointer to aead crypto context. +- * @param session Associate SSS session with aead context. +- * @param keyObject Associate SSS key object with aead context. +- * @param algorithm One of the aead algorithms defined by @ref sss_algorithm_t. +- * @param mode One of the modes defined by @ref sss_mode_t. +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_aead_context_init( +- sss_aead_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode); +- +-/** @brief AEAD in one blocking function call. +- * The function blocks current thread until the operation completes or an error occurs. +- * +- * @param context Pointer to aead crypto context. +- * @param srcData Buffer containing the input data. +- * @param destData Buffer containing the output data. +- * @param size Size of input and output data buffer in bytes. +- * @param nonce The operation nonce or IV. +- * @param nonceLen The length of nonce in bytes. For AES-GCM it must be >= 1. For AES-CCM it must be 7, 8, 9, 10, +- * 11, 12, or 13. +- * @param aad Input additional authentication data AAD +- * @param aadLen Input size in bytes of AAD +- * @param tag Encryption: Output buffer filled with computed tag +- * Decryption: Input buffer filled with received tag +- * @param tagLen Length of the tag in bytes. +- * For AES-GCM it must be 4,8,12,13,14,15 or 16. +- * For AES-CCM it must be 4,6,8,10,12,14 or 16. +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_aead_one_go(sss_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen); +- +-/** @brief AEAD init. +- * The function starts the aead operation. +- * +- * @param context Pointer to aead crypto context. +- * @param nonce The operation nonce or IV. +- * @param nonceLen The length of nonce in bytes. For AES-GCM it must be >= 1. For AES-CCM it must be 7, 8, 9, 10, +- * 11, 12, or 13. +- * @param tagLen Length of the computed or received tag in bytes. +- * For AES-GCM it must be 4,8,12,13,14,15 or 16. +- * For AES-CCM it must be 4,6,8,10,12,14 or 16. +- * @param aadLen Input size in bytes of AAD. Used only for AES-CCM. Ignored for AES-GCM. +- * @param payloadLen Length in bytes of the payload. Used only for AES-CCM. Ignored for AES-GCM. +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_aead_init( +- sss_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); +- +-/** @brief Feeds a new chunk of the AAD. +- * Subsequent calls of this function are possible. +- * +- * @param context Pointer to aead crypto context +- * @param aadData Input buffer containing the chunk of AAD +- * @param aadDataLen Length of the AAD data in bytes. +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_aead_update_aad(sss_aead_t *context, const uint8_t *aadData, size_t aadDataLen); +- +-/** @brief AEAD data update. +- * Feeds a new chunk of the data payload. +- * Input data does not have to be a multiple of block size. Subsequent calls to this function are possible. +- * Unless one or more calls of this function have supplied sufficient input data, no output is generated. +- * The integration check is done by @ref sss_aead_finish(). Until then it is not sure if the decrypt data is +- * authentic. +- * +- * @param context Pointer to aead crypto context. +- * @param srcData Buffer containing the input data. +- * @param srcLen Length of the input data in bytes. +- * @param destData Buffer containing the output data. +- * @param[in,out] destLen Length of the output data in bytes. Buffer length on entry, reflects actual output size on +- * return. +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_aead_update( +- sss_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @brief Finalize AEAD. +- * The functions processes data that has not been processed by previous calls to sss_aead_update() as well as +- * srcData. It finalizes the AEAD operations and computes the tag (encryption) or compares the computed tag with the +- * tag supplied in the parameter (decryption). +- * +- * @param context Pointer to aead crypto context. +- * @param srcData Buffer containing final chunk of input data. +- * @param srcLen Length of final chunk of input data in bytes. +- * @param destData Buffer containing output data. +- * @param[in,out] destLen Length of output data in bytes. Buffer length on entry, reflects actual output size on +- * return. +- * @param tag Encryption: Output buffer filled with computed tag +- * Decryption: Input buffer filled with received tag +- * @param tagLen Length of the computed or received tag in bytes. +- * For AES-GCM it must be 4,8,12,13,14,15 or 16. +- * For AES-CCM it must be 4,6,8,10,12,14 or 16. +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_aead_finish(sss_aead_t *context, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen, +- uint8_t *tag, +- size_t *tagLen); +- +-/** @brief AEAD context release. +- * The function frees aead context. +- * +- * @param context Pointer to aead context. +- */ +-void sss_aead_context_free(sss_aead_t *context); +-/** +- *@} +- */ /* end of sss_crypto_aead */ +- +-/** +- * @addtogroup sss_crypto_digest +- * @{ +- */ +- +-/** @brief Digest context init. +- * The function initializes digest context with initial values. +- * +- * @param context Pointer to digest context. +- * @param session Associate SSS session with digest context. +- * @param algorithm One of the digest algorithms defined by @ref sss_algorithm_t. +- * @param mode One of the modes defined by @ref sss_mode_t. +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_digest_context_init( +- sss_digest_t *context, sss_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); +- +-/** @brief Message digest in one blocking function call. +- * The function blocks current thread until the operation completes or an error occurs. +- * +- * @param context Pointer to digest context. +- * @param message Input message +- * @param messageLen Length of the input message in bytes +- * @param digest Output message digest +- * @param digestLen Message digest byte length +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_digest_one_go( +- sss_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); +- +-/** @brief Init digest for a message. +- * The function blocks current thread until the operation completes or an error occurs. +- * +- * @param context Pointer to digest context. +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_digest_init(sss_digest_t *context); +- +-/** @brief Update digest for a message. +- * +- * The function blocks current thread until the operation completes or an error occurs. +- * +- * @param context Pointer to digest context. +- * @param message Buffer with a message chunk. +- * @param messageLen Length of the input buffer in bytes. +- * @returns Status of the operation +- * +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_digest_update(sss_digest_t *context, const uint8_t *message, size_t messageLen); +- +-/** @brief Finish digest for a message. +- * The function blocks current thread until the operation completes or an error occurs. +- * +- * @param context Pointer to digest context. +- * @param digest Output message digest +- * @param digestLen Message digest byte length +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_digest_finish(sss_digest_t *context, uint8_t *digest, size_t *digestLen); +- +-/** @brief Digest context release. +- * The function frees digest context. +- * +- * @param context Pointer to digest context. +- */ +-void sss_digest_context_free(sss_digest_t *context); +- +-/** +- *@} +- */ /* end of sss_crypto_digest */ +- +-/** +- * @addtogroup sss_crypto_mac +- * @{ +- */ +- +-/** @brief MAC context init. +- * The function initializes mac context with initial values. +- * +- * @param context Pointer to mac context. +- * @param session Associate SSS session with mac context. +- * @param keyObject Associate SSS key object with mac context. +- * @param algorithm One of the mac algorithms defined by @ref sss_algorithm_t. +- * @param mode One of the modes defined by @ref sss_mode_t. +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_mac_context_init( +- sss_mac_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode); +- +-/** @brief Message MAC in one blocking function call. +- * The function blocks current thread until the operation completes or an error occurs. +- * +- * @param context Pointer to mac context. +- * @param message Input message +- * @param messageLen Length of the input message in bytes +- * @param mac Output message MAC +- * @param macLen Computed MAC byte length +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_mac_one_go( +- sss_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); +- +-/** @brief Init mac for a message. +- * The function blocks current thread until the operation completes or an error occurs. +- * +- * @param context Pointer to mac context. +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_mac_init(sss_mac_t *context); +- +-/** @brief Update mac for a message. +- * +- * The function blocks current thread until the operation completes or an error occurs. +- * +- * @param context Pointer to mac context. +- * @param message Buffer with a message chunk. +- * @param messageLen Length of the input buffer in bytes. +- * @returns Status of the operation +- * +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_mac_update(sss_mac_t *context, const uint8_t *message, size_t messageLen); +- +-/** @brief Finish mac for a message. +- * The function blocks current thread until the operation completes or an error occurs. +- * +- * @param context Pointer to mac context. +- * @param mac Output message MAC +- * @param macLen Computed MAC byte length +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- */ +-sss_status_t sss_mac_finish(sss_mac_t *context, uint8_t *mac, size_t *macLen); +- +-/** @brief MAC context release. +- * The function frees mac context. +- * +- * @param context Pointer to mac context. +- */ +-void sss_mac_context_free(sss_mac_t *context); +-/** +- *@} +- */ /* end of sss_crypto_mac */ +- +-/** +- * @addtogroup sss_crypto_asymmetric +- * @{ +- */ +- +-/** @brief Asymmetric context init. +- * The function initializes asymmetric context with initial values. +- * +- * @param context Pointer to asymmetric crypto context. +- * @param session Associate SSS session with asymmetric context. +- * @param keyObject Associate SSS key object with asymmetric context. +- * @param algorithm One of the asymmetric algorithms defined by @ref sss_algorithm_t. +- * @param mode One of the modes defined by @ref sss_mode_t. +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_asymmetric_context_init(sss_asymmetric_t *context, +- sss_session_t *session, +- sss_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @brief Asymmetric encryption +- * The function uses asymmetric algorithm to encrypt data. Public key portion of a key pair is used for encryption. +- * +- * @param context Pointer to asymmetric context. +- * @param srcData Input buffer +- * @param srcLen Length of the input in bytes +- * @param destData Output buffer +- * @param destLen Length of the output in bytes +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_asymmetric_encrypt( +- sss_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @brief Asymmetric decryption +- * The function uses asymmetric algorithm to decrypt data. Private key portion of a key pair is used for +- * decryption. +- * +- * @param context Pointer to asymmetric context. +- * @param srcData Input buffer +- * @param srcLen Length of the input in bytes +- * @param destData Output buffer +- * @param destLen Length of the output in bytes +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_asymmetric_decrypt( +- sss_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @brief Asymmetric signature of a message digest +- * The function signs a message digest. +- * +- * @param context Pointer to asymmetric context. +- * @param digest Input buffer containing the input message digest +- * @param digestLen Length of the digest in bytes +- * @param signature Output buffer written with the signature of the digest +- * @param signatureLen Length of the signature in bytes +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_asymmetric_sign_digest( +- sss_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); +- +-/** @brief Asymmetric verify of a message digest +- * The function verifies a message digest. +- * +- * @param context Pointer to asymmetric context. +- * @param digest Input buffer containing the input message digest +- * @param digestLen Length of the digest in bytes +- * @param signature Input buffer containing the signature to verify +- * @param signatureLen Length of the signature in bytes +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_asymmetric_verify_digest( +- sss_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); +- +-/** @brief Asymmetric context release. +- * The function frees asymmetric context. +- * +- * @param context Pointer to asymmetric context. +- */ +-void sss_asymmetric_context_free(sss_asymmetric_t *context); +-/** +- *@} +- */ /* end of sss_crypto_asymmetric */ +- +-/** +- * @addtogroup sss_crypto_derive_key +- * @{ +- */ +- +-/** @brief Derive key context init. +- * The function initializes derive key context with initial values. +- * +- * @param context Pointer to derive key context. +- * @param session Associate SSS session with the derive key context. +- * @param keyObject Associate SSS key object with the derive key context. +- * @param algorithm One of the derive key algorithms defined by @ref sss_algorithm_t. +- * @param mode One of the modes defined by @ref sss_mode_t. +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_derive_key_context_init(sss_derive_key_t *context, +- sss_session_t *session, +- sss_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @brief Symmetric key derivation +- * The function cryptographically derives a key from another key. +- * For example MIFARE key derivation, PRF, HKDF-Extract. +- * +- * @deprecated Please use ::sss_derive_key_one_go instead +- * +- * @param context Pointer to derive key context. +- * @param saltData Input data buffer, typically with some random data. +- * @param saltLen Length of saltData buffer in bytes. +- * @param info Input data buffer, typically with some fixed info. +- * @param infoLen Length of info buffer in bytes. +- * @param[in,out] derivedKeyObject Reference to a derived key +- * @param deriveDataLen Requested length of output +- * @param hkdfOutput Output buffer containing key derivation output +- * @param hkdfOutputLen Output containing length of hkdfOutput +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_derive_key_go(sss_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_object_t *derivedKeyObject, +- uint16_t deriveDataLen, +- uint8_t *hkdfOutput, +- size_t *hkdfOutputLen); +- +-/** @brief Symmetric key derivation (replaces the deprecated function ::sss_derive_key_go) +- * The function cryptographically derives a key from another key. +- * For example MIFARE key derivation, PRF, HKDF-Extract-Expand, HKDF-Expand. +- * Refer to ::sss_derive_key_sobj_one_go in case the Salt is available as a key object. +- * +- * @param context Pointer to derive key context. +- * @param saltData Input data buffer, typically with some random data. +- * @param saltLen Length of saltData buffer in bytes. +- * @param info Input data buffer, typically with some fixed info. +- * @param infoLen Length of info buffer in bytes. +- * @param[in,out] derivedKeyObject Reference to a derived key +- * @param[in] deriveDataLen Expected length of derived key. +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_derive_key_one_go(sss_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_object_t *derivedKeyObject, +- uint16_t deriveDataLen); +- +-/** +- * @brief Symmetric key derivation (salt in key object) +- * Refer to ::sss_derive_key_one_go in case the salt is not available as a key object. +- * +- * @param context Pointer to derive key context +- * @param saltKeyObject Reference to salt. The salt key object must reside in the same keystore as the derive key context. +- * @param[in] info Input data buffer, typically with some fixed info. +- * @param[in] infoLen Length of info buffer in bytes. +- * @param derivedKeyObject Reference to a derived key +- * @param[in] deriveDataLen The derive data length +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_derive_key_sobj_one_go(sss_derive_key_t *context, +- sss_object_t *saltKeyObject, +- const uint8_t *info, +- size_t infoLen, +- sss_object_t *derivedKeyObject, +- uint16_t deriveDataLen); +- +-/** @brief Asymmetric key derivation Diffie-Helmann +- * The function cryptographically derives a key from another key. +- * For example Diffie-Helmann. +- * +- * @param context Pointer to derive key context. +- * @param otherPartyKeyObject Public key of the other party in the Diffie-Helmann algorithm +- * @param[in,out] derivedKeyObject Reference to a derived key +- * +- * @returns Status of the operation +- * @retval #kStatus_SSS_Success The operation has completed successfully. +- * @retval #kStatus_SSS_Fail The operation has failed. +- * @retval #kStatus_SSS_InvalidArgument One of the arguments is invalid for the function to execute. +- */ +-sss_status_t sss_derive_key_dh( +- sss_derive_key_t *context, sss_object_t *otherPartyKeyObject, sss_object_t *derivedKeyObject); +- +-/** @brief Derive key context release. +- * The function frees derive key context. +- * +- * @param context Pointer to derive key context. +- */ +-void sss_derive_key_context_free(sss_derive_key_t *context); +-/** +- *@} +- */ /* end of sss_crypto_derive_key */ +- +-/** +- * @addtogroup sss_rng +- * @{ +- */ +- +-/** +- * @brief Initialise random generator context between application and a security subsystem. +- * +- * +- * @warning API Changed +- * +- * Earlier: +- * sss_status_t sss_rng_context_init( +- * sss_session_t *session, sss_rng_context_t *context); +- * +- * Now: Parameters are swapped +- * sss_status_t sss_rng_context_init( +- * sss_rng_context_t *context, sss_session_t *session); +- * +- * @param session Session context. +- * @param context random generator context. +- * @return status +- */ +-sss_status_t sss_rng_context_init(sss_rng_context_t *context, sss_session_t *session); +- +-/** +- * @brief Generate random number. +- * +- * @param context random generator context. +- * @param random_data buffer to hold random data. +- * @param dataLen required random number length +- * @return status +- */ +-sss_status_t sss_rng_get_random(sss_rng_context_t *context, uint8_t *random_data, size_t dataLen); +- +-/** +- * @brief free random genertor context. +- * +- * @param context generator context. +- * @return status +- */ +-sss_status_t sss_rng_context_free(sss_rng_context_t *context); +- +-/** +- *@} +- */ /* end of sss_rng */ +- +-/** +- * @addtogroup sss_crypto_tunnel +- * @{ +- */ +- +-/** @brief Constructor for the tunnelling service context. +- * +- * Earlier: +- * sss_status_t sss_tunnel_context_init( +- * sss_session_t *session, sss_tunnel_t *context); +- * +- * Now: Parameters are swapped +- * sss_status_t sss_tunnel_context_init( +- * sss_tunnel_t *context, sss_session_t *session); +- * +- * @param[out] context Pointer to tunnel context. Tunnel context is updated on function return. +- * @param session Pointer to session this tunnelling service belongs to. +- */ +-sss_status_t sss_tunnel_context_init(sss_tunnel_t *context, sss_session_t *session); +- +-/** @brief Tunnelling service. +- * +- * @param[in,out] context Pointer to tunnel context. +- * @param data Pointer to data to be send to subsystem. +- * @param dataLen Length of the data in bytes. +- * @param keyObjects Objects references used by the service. +- * @param keyObjectCount Number of key references at ``keyObjects``. +- * @param tunnelType Implementation specific id of the service. +- */ +-sss_status_t sss_tunnel(sss_tunnel_t *context, +- uint8_t *data, +- size_t dataLen, +- sss_object_t *keyObjects, +- uint32_t keyObjectCount, +- uint32_t tunnelType); +- +-/** @brief Destructor for the tunnelling service context. +- * +- * @param[out] context Pointer to tunnel context. */ +-void sss_tunnel_context_free(sss_tunnel_t *context); +- +-/** +- *@} +- */ /* end of sss_crypto_channel */ +- +-/** +- * @addtogroup sss_str_log +- * @{ +- */ +- +-/** +- * @brief Returns string error code for @ref sss_status_t +- * +- * @param[in] status See @ref sss_status_t +- * +- * @return String conversion of ``status`` to String. +- */ +- +-const char *sss_status_sz(sss_status_t status); +- +-/** +-* @brief Returns string error code for @ref sss_cipher_type_t +-* +-* @param[in] status See @ref sss_cipher_type_t +-* +-* @return String conversion of ``cipher_type`` to String. +-*/ +- +-const char *sss_cipher_type_sz(sss_cipher_type_t cipher_type); +- +-/** +- *@} +- */ /* end of sss_str_log */ +- +-#if defined(__cplusplus) +-} +-#endif +- +-#endif /* _FSL_SSS_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api_ver.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api_ver.h +deleted file mode 100644 +index cdc223d1cf..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_api_ver.h ++++ /dev/null +@@ -1,64 +0,0 @@ +-/* Copyright 2019-2021 NXP +- * +- * SPDX-License-Identifier: Apache-2.0 +- * +- * +- */ +- +-#ifndef SSS_APIS_VERSION_INFO_H_INCLUDED +-#define SSS_APIS_VERSION_INFO_H_INCLUDED +- +- +-/* clang-format off */ +-#define SSS_APIS_PROD_NAME "SSS_APIs" +-#define SSS_APIS_VER_STRING_NUM "v03.06.00_20210528" +-#define SSS_APIS_PROD_NAME_VER_FULL "SSS_APIs_v03.06.00_20210528" +-#define SSS_APIS_VER_MAJOR (3u) +-#define SSS_APIS_VER_MINOR (6u) +-#define SSS_APIS_VER_DEV (0u) +- +-/* v03.06 = 30006u */ +-#define SSS_APIS_VER_MAJOR_MINOR ( 0 \ +- | (SSS_APIS_VER_MAJOR * 10000u) \ +- | (SSS_APIS_VER_MINOR)) +- +-/* v03.06.00 = 300060000ULL */ +-#define SSS_APIS_VER_MAJOR_MINOR_DEV ( 0 \ +- | (SSS_APIS_VER_MAJOR * 10000*10000u) \ +- | (SSS_APIS_VER_MINOR * 10000u) \ +- | (SSS_APIS_VER_DEV)) +- +-/* clang-format on */ +- +- +-/* Version Information: +- * Generated by: +- * scripts\version_info.py (v2019.01.17_00) +- * +- * Do not edit this file. Update: +- * sss/version_info.txt instead. +- * +- * prod_name = "SSS_APIs" +- * +- * prod_desc = "SSS APIs" +- * +- * lang_c_prefix = prod_name.upper() +- * +- * lang_namespace = "" +- * +- * v_major = "03" +- * +- * v_minor = "06" +- * +- * v_dev = "00" +- * +- * v_meta = "" +- * +- * maturity = "B" +- * +- * # +- * # 03.00.00 : Changed Enums +- * # +- */ +- +-#endif /* SSS_APIS_VERSION_INFO_H_INCLUDED */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_config.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_config.h +deleted file mode 100644 +index 6d2b9c3632..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_config.h ++++ /dev/null +@@ -1,84 +0,0 @@ +-/* +- * +- * Copyright 2018,2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef _FSL_SSS_CONFIG_H_ +-#define _FSL_SSS_CONFIG_H_ +- +-/* clang-format off */ +-#define SSS_SESSION_MAX_CONTEXT_SIZE ( 0 \ +- + (1 * sizeof(void *)) \ +- + (1 * sizeof(void *)) \ +- + (8 * sizeof(void *)) \ +- + 16) +-#define SSS_KEY_STORE_MAX_CONTEXT_SIZE ( 0 \ +- + (1 * sizeof(void *)) \ +- + (4 * sizeof(void *)) \ +- + 16) +-#define SSS_KEY_OBJECT_MAX_CONTEXT_SIZE ( 0 \ +- + (1 * sizeof(void *)) \ +- + (2 * sizeof(int)) \ +- + (4 * sizeof(void *)) \ +- + 16) +-#define SSS_SYMMETRIC_MAX_CONTEXT_SIZE ( 0 \ +- + (2 * sizeof(void *)) \ +- + (2 * sizeof(int)) \ +- + (2 * sizeof(void *)) \ +- + 16 /* Buffer in case of unaligned block cipher operations */ \ +- + 4 /* Buffer length in case of unaligned block cipher operations */ \ +- + 16) +-#define SSS_AEAD_MAX_CONTEXT_SIZE ( 0 \ +- + (5 * sizeof(void *)) \ +- + (6 * sizeof(int)) \ +- + (5 * sizeof(void *)) \ +- + 16) +-#define SSS_DIGEST_MAX_CONTEXT_SIZE ( 0 \ +- + (1 * sizeof(void *)) \ +- + (3 * sizeof(int)) \ +- + (2 * sizeof(void *)) \ +- + 16) +-#define SSS_MAC_MAX_CONTEXT_SIZE ( 0 \ +- + (2 * sizeof(void *)) \ +- + (2 * sizeof(int)) \ +- + (2 * sizeof(void *)) \ +- + 32) +-#define SSS_ASYMMETRIC_MAX_CONTEXT_SIZE ( 0 \ +- + (2 * sizeof(void *)) \ +- + (3 * sizeof(int)) \ +- + (2 * sizeof(void *)) \ +- + 16) +-#define SSS_TUNNEL_MAX_CONTEXT_SIZE ( 0 \ +- + (1 * sizeof(void *)) \ +- + (2 * sizeof(int)) \ +- + (2 * sizeof(void *)) \ +- + 16) +-#define SSS_CHANNEL_MAX_CONTEXT_SIZE ( 0 \ +- + (2 * sizeof(void *)) \ +- + 16) +-#define SSS_DERIVE_KEY_MAX_CONTEXT_SIZE ( 0 \ +- + (2 * sizeof(void *)) \ +- + (2 * sizeof(int)) \ +- + (2 * sizeof(void *)) \ +- + 16) +-#define SSS_RNG_MAX_CONTEXT_SIZE ( 0 \ +- + (1 * sizeof(void *)) \ +- + (2 * sizeof(void *)) \ +- + 16) +- +-#define SSS_CONNECT_MAX_CONTEXT_SIZE ( 0 \ +- + (4 * sizeof(void *)) \ +- + 8 \ +- ) +- +-#define SSS_AUTH_MAX_CONTEXT_SIZE ( 0 \ +- + (3 * sizeof(void *)) \ +- + 8 \ +- ) +- +-#define SSS_POLICY_COUNT_MAX (10) +- +-/* clang-format on */ +- +-#endif /* _FSL_SSS_CONFIG_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_ftr_default.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_ftr_default.h +deleted file mode 100644 +index 0113d794bc..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_ftr_default.h ++++ /dev/null +@@ -1,673 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef SSS_APIS_INC_FSL_SSS_FTR_H_ +-#define SSS_APIS_INC_FSL_SSS_FTR_H_ +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +- +-/* clang-format off */ +- +- +-/* # CMake Features : Start */ +- +- +-/** Applet : The Secure Element Applet +- * +- * You can compile host library for different Applets listed below. +- * Please note, some of these Applets may be for NXP Internal use only. +- */ +- +-/** Compiling without any Applet Support */ +-#define SSS_HAVE_APPLET_NONE 0 +- +-/** A71CH (ECC) */ +-#define SSS_HAVE_APPLET_A71CH 0 +- +-/** A71CL (RSA) */ +-#define SSS_HAVE_APPLET_A71CL 0 +- +-/** Similar to A71CH */ +-#define SSS_HAVE_APPLET_A71CH_SIM 0 +- +-/** SE050 Type A (ECC) */ +-#define SSS_HAVE_APPLET_SE05X_A 0 +- +-/** SE050 Type B (RSA) */ +-#define SSS_HAVE_APPLET_SE05X_B 0 +- +-/** SE050 (Super set of A + B) */ +-#define SSS_HAVE_APPLET_SE05X_C 1 +- +-/** SE050 (Similar to A71CL) */ +-#define SSS_HAVE_APPLET_SE05X_L 0 +- +-/** NXP Internal testing Applet */ +-#define SSS_HAVE_APPLET_LOOPBACK 0 +- +-#if (( 0 \ +- + SSS_HAVE_APPLET_NONE \ +- + SSS_HAVE_APPLET_A71CH \ +- + SSS_HAVE_APPLET_A71CL \ +- + SSS_HAVE_APPLET_A71CH_SIM \ +- + SSS_HAVE_APPLET_SE05X_A \ +- + SSS_HAVE_APPLET_SE05X_B \ +- + SSS_HAVE_APPLET_SE05X_C \ +- + SSS_HAVE_APPLET_SE05X_L \ +- + SSS_HAVE_APPLET_LOOPBACK \ +- ) > 1) +-# error "Enable only one of 'Applet'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_APPLET_NONE \ +- + SSS_HAVE_APPLET_A71CH \ +- + SSS_HAVE_APPLET_A71CL \ +- + SSS_HAVE_APPLET_A71CH_SIM \ +- + SSS_HAVE_APPLET_SE05X_A \ +- + SSS_HAVE_APPLET_SE05X_B \ +- + SSS_HAVE_APPLET_SE05X_C \ +- + SSS_HAVE_APPLET_SE05X_L \ +- + SSS_HAVE_APPLET_LOOPBACK \ +- ) == 0) +-# error "Enable at-least one of 'Applet'" +-#endif +- +- +- +-/** SE05X_Ver : SE05X Applet version. +- * +- * Selection of Applet version 03_XX enables SE050 features. +- * Selection of Applet version 06_00 enables SE051 features. +- * +- */ +- +-/** SE050 */ +-#define SSS_HAVE_SE05X_VER_03_XX 1 +- +-/** SE051 */ +-#define SSS_HAVE_SE05X_VER_06_00 0 +- +-#if (( 0 \ +- + SSS_HAVE_SE05X_VER_03_XX \ +- + SSS_HAVE_SE05X_VER_06_00 \ +- ) > 1) +-# error "Enable only one of 'SE05X_Ver'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_SE05X_VER_03_XX \ +- + SSS_HAVE_SE05X_VER_06_00 \ +- ) == 0) +-# error "Enable at-least one of 'SE05X_Ver'" +-#endif +- +- +- +-/** HostCrypto : Counterpart Crypto on Host +- * +- * What is being used as a cryptographic library on the host. +- * As of now only OpenSSL / mbedTLS is supported +- */ +- +-/** Use mbedTLS as host crypto */ +-#define SSS_HAVE_HOSTCRYPTO_MBEDTLS 1 +- +-/** Use mbed-crypto as host crypto +- * Required for ARM-PSA / TF-M */ +-#define SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO 0 +- +-/** Use OpenSSL as host crypto */ +-#define SSS_HAVE_HOSTCRYPTO_OPENSSL 0 +- +-/** User Implementation of Host Crypto +- * e.g. Files at ``sss/src/user/crypto`` have low level AES/CMAC primitives. +- * The files at ``sss/src/user`` use those primitives. +- * This becomes an example for users with their own AES Implementation +- * This then becomes integration without mbedTLS/OpenSSL for SCP03 / AESKey. +- * +- * .. note:: ECKey abstraction is not implemented/available yet. */ +-#define SSS_HAVE_HOSTCRYPTO_USER 0 +- +-/** NO Host Crypto +- * Note, this is unsecure and only provided for experimentation +- * on platforms that do not have an mbedTLS PORT +- * Many :ref:`sssftr-control` have to be disabled to have a valid build. */ +-#define SSS_HAVE_HOSTCRYPTO_NONE 0 +- +-#if (( 0 \ +- + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ +- + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ +- + SSS_HAVE_HOSTCRYPTO_OPENSSL \ +- + SSS_HAVE_HOSTCRYPTO_USER \ +- + SSS_HAVE_HOSTCRYPTO_NONE \ +- ) > 1) +-# error "Enable only one of 'HostCrypto'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ +- + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ +- + SSS_HAVE_HOSTCRYPTO_OPENSSL \ +- + SSS_HAVE_HOSTCRYPTO_USER \ +- + SSS_HAVE_HOSTCRYPTO_NONE \ +- ) == 0) +-# error "Enable at-least one of 'HostCrypto'" +-#endif +- +- +- +-/** mbedTLS_ALT : ALT Engine implementation for mbedTLS +- * +- * When set to None, mbedTLS would not use ALT Implementation to connect to / use Secure Element. +- * This needs to be set to SSS for Cloud Demos over SSS APIs +- */ +- +-/** Use SSS Layer ALT implementation */ +-#define SSS_HAVE_MBEDTLS_ALT_SSS 1 +- +-/** Legacy implementation */ +-#define SSS_HAVE_MBEDTLS_ALT_A71CH 0 +- +-/** Not using any mbedTLS_ALT +- * +- * When this is selected, cloud demos can not work with mbedTLS */ +-#define SSS_HAVE_MBEDTLS_ALT_NONE 0 +- +-#if (( 0 \ +- + SSS_HAVE_MBEDTLS_ALT_SSS \ +- + SSS_HAVE_MBEDTLS_ALT_A71CH \ +- + SSS_HAVE_MBEDTLS_ALT_NONE \ +- ) > 1) +-# error "Enable only one of 'mbedTLS_ALT'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_MBEDTLS_ALT_SSS \ +- + SSS_HAVE_MBEDTLS_ALT_A71CH \ +- + SSS_HAVE_MBEDTLS_ALT_NONE \ +- ) == 0) +-# error "Enable at-least one of 'mbedTLS_ALT'" +-#endif +- +- +- +-/** SCP : Secure Channel Protocol +- * +- * In case we enable secure channel to Secure Element, which interface to be used. +- */ +- +-/** */ +-#define SSS_HAVE_SCP_NONE 0 +- +-/** Use SSS Layer for SCP. Used for SE050 family. */ +-#define SSS_HAVE_SCP_SCP03_SSS 1 +- +-/** Use Host Crypto Layer for SCP03. Legacy implementation. Used for older demos of A71CH Family. */ +-#define SSS_HAVE_SCP_SCP03_HOSTCRYPTO 0 +- +-#if (( 0 \ +- + SSS_HAVE_SCP_NONE \ +- + SSS_HAVE_SCP_SCP03_SSS \ +- + SSS_HAVE_SCP_SCP03_HOSTCRYPTO \ +- ) > 1) +-# error "Enable only one of 'SCP'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_SCP_NONE \ +- + SSS_HAVE_SCP_SCP03_SSS \ +- + SSS_HAVE_SCP_SCP03_HOSTCRYPTO \ +- ) == 0) +-# error "Enable at-least one of 'SCP'" +-#endif +- +- +- +-/** FIPS : Enable or disable FIPS +- * +- * This selection mostly impacts tests, and generally not the actual Middleware +- */ +- +-/** NO FIPS */ +-#define SSS_HAVE_FIPS_NONE 1 +- +-/** SE050 IC FIPS */ +-#define SSS_HAVE_FIPS_SE050 0 +- +-/** FIPS 140-2 */ +-#define SSS_HAVE_FIPS_140_2 0 +- +-/** FIPS 140-3 */ +-#define SSS_HAVE_FIPS_140_3 0 +- +-#if (( 0 \ +- + SSS_HAVE_FIPS_NONE \ +- + SSS_HAVE_FIPS_SE050 \ +- + SSS_HAVE_FIPS_140_2 \ +- + SSS_HAVE_FIPS_140_3 \ +- ) > 1) +-# error "Enable only one of 'FIPS'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_FIPS_NONE \ +- + SSS_HAVE_FIPS_SE050 \ +- + SSS_HAVE_FIPS_140_2 \ +- + SSS_HAVE_FIPS_140_3 \ +- ) == 0) +-# error "Enable at-least one of 'FIPS'" +-#endif +- +- +- +-/** SBL : Enable/Disable SBL Bootable support +- * +- * This option is to enable/disable boot from SBL by switching linker address +- */ +- +-/** Not SBL bootable */ +-#define SSS_HAVE_SBL_NONE 1 +- +-/** SE050 based LPC55S SBL bootable */ +-#define SSS_HAVE_SBL_SBL_LPC55S 0 +- +-#if (( 0 \ +- + SSS_HAVE_SBL_NONE \ +- + SSS_HAVE_SBL_SBL_LPC55S \ +- ) > 1) +-# error "Enable only one of 'SBL'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_SBL_NONE \ +- + SSS_HAVE_SBL_SBL_LPC55S \ +- ) == 0) +-# error "Enable at-least one of 'SBL'" +-#endif +- +- +- +-/** SE05X_Auth : SE050 Authentication +- * +- * This settings is used by examples to connect using various options +- * to authenticate with the Applet. +- * The SE05X_Auth options can be changed for KSDK Demos and Examples. +- * To change SE05X_Auth option follow below steps. +- * Set flag ``SSS_HAVE_SCP_SCP03_SSS`` to 1 and Reset flag ``SSS_HAVE_SCP_NONE`` to 0. +- * To change SE05X_Auth option other than ``None`` and ``PlatfSCP03``, +- * execute se05x_Delete_and_test_provision.exe in order to provision the Authentication Key. +- * To change SE05X_Auth option to ``ECKey`` or ``ECKey_PlatfSCP03``, +- * Set additional flag ``SSS_HAVE_HOSTCRYPTO_ANY`` to 1. +- */ +- +-/** Use the default session (i.e. session less) login */ +-#define SSS_HAVE_SE05X_AUTH_NONE 1 +- +-/** Do User Authentication with UserID */ +-#define SSS_HAVE_SE05X_AUTH_USERID 0 +- +-/** Use Platform SCP for connection to SE */ +-#define SSS_HAVE_SE05X_AUTH_PLATFSCP03 0 +- +-/** Do User Authentication with AES Key +- * Earlier this was called AppletSCP03 */ +-#define SSS_HAVE_SE05X_AUTH_AESKEY 0 +- +-/** Do User Authentication with EC Key +- * Earlier this was called FastSCP */ +-#define SSS_HAVE_SE05X_AUTH_ECKEY 0 +- +-/** UserID and PlatfSCP03 */ +-#define SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 0 +- +-/** AESKey and PlatfSCP03 */ +-#define SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 0 +- +-/** ECKey and PlatfSCP03 */ +-#define SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 0 +- +-#if (( 0 \ +- + SSS_HAVE_SE05X_AUTH_NONE \ +- + SSS_HAVE_SE05X_AUTH_USERID \ +- + SSS_HAVE_SE05X_AUTH_PLATFSCP03 \ +- + SSS_HAVE_SE05X_AUTH_AESKEY \ +- + SSS_HAVE_SE05X_AUTH_ECKEY \ +- + SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 \ +- + SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 \ +- + SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 \ +- ) > 1) +-# error "Enable only one of 'SE05X_Auth'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_SE05X_AUTH_NONE \ +- + SSS_HAVE_SE05X_AUTH_USERID \ +- + SSS_HAVE_SE05X_AUTH_PLATFSCP03 \ +- + SSS_HAVE_SE05X_AUTH_AESKEY \ +- + SSS_HAVE_SE05X_AUTH_ECKEY \ +- + SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03 \ +- + SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03 \ +- + SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03 \ +- ) == 0) +-# error "Enable at-least one of 'SE05X_Auth'" +-#endif +- +- +- +-/** A71CH_AUTH : A71CH Authentication +- * +- * This settings is used by SSS-API based examples to connect using either plain or authenticated to the A71CH. +- */ +- +-/** Plain communication, not authenticated or encrypted */ +-#define SSS_HAVE_A71CH_AUTH_NONE 1 +- +-/** SCP03 enabled */ +-#define SSS_HAVE_A71CH_AUTH_SCP03 0 +- +-#if (( 0 \ +- + SSS_HAVE_A71CH_AUTH_NONE \ +- + SSS_HAVE_A71CH_AUTH_SCP03 \ +- ) > 1) +-# error "Enable only one of 'A71CH_AUTH'" +-#endif +- +- +-#if (( 0 \ +- + SSS_HAVE_A71CH_AUTH_NONE \ +- + SSS_HAVE_A71CH_AUTH_SCP03 \ +- ) == 0) +-# error "Enable at-least one of 'A71CH_AUTH'" +-#endif +- +- +-/* ====================================================================== * +- * == Feature selection/values ========================================== * +- * ====================================================================== */ +- +- +-/** SE05X Secure Element : Symmetric AES */ +-#define SSSFTR_SE05X_AES 1 +- +-/** SE05X Secure Element : Elliptic Curve Cryptography */ +-#define SSSFTR_SE05X_ECC 1 +- +-/** SE05X Secure Element : RSA */ +-#define SSSFTR_SE05X_RSA 1 +- +-/** SE05X Secure Element : KEY operations : SET Key */ +-#define SSSFTR_SE05X_KEY_SET 1 +- +-/** SE05X Secure Element : KEY operations : GET Key */ +-#define SSSFTR_SE05X_KEY_GET 1 +- +-/** SE05X Secure Element : Authenticate via ECKey */ +-#define SSSFTR_SE05X_AuthECKey 1 +- +-/** SE05X Secure Element : Allow creation of user/authenticated session. +- * +- * If the intended deployment only uses Platform SCP +- * Or it is a pure session less integration, this can +- * save some code size. */ +-#define SSSFTR_SE05X_AuthSession 1 +- +-/** SE05X Secure Element : Allow creation/deletion of Crypto Objects +- * +- * If disabled, new Crytpo Objects are neither created and +- * old/existing Crypto Objects are not deleted. +- * It is assumed that during provisioning phase, the required +- * Crypto Objects are pre-created or they are never going to +- * be needed. */ +-#define SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ 1 +- +-/** Software : Symmetric AES */ +-#define SSSFTR_SW_AES 1 +- +-/** Software : Elliptic Curve Cryptography */ +-#define SSSFTR_SW_ECC 1 +- +-/** Software : RSA */ +-#define SSSFTR_SW_RSA 1 +- +-/** Software : KEY operations : SET Key */ +-#define SSSFTR_SW_KEY_SET 1 +- +-/** Software : KEY operations : GET Key */ +-#define SSSFTR_SW_KEY_GET 1 +- +-/** Software : Used as a test counterpart +- * +- * e.g. Major part of the mebdTLS SSS layer is purely used for +- * testing of Secure Element implementation, and can be avoided +- * fully during many production scenarios. */ +-#define SSSFTR_SW_TESTCOUNTERPART 1 +- +-/* ====================================================================== * +- * == Computed Options ================================================== * +- * ====================================================================== */ +- +-/** Symmetric AES */ +-#define SSSFTR_AES (SSSFTR_SE05X_AES + SSSFTR_SW_AES) +-/** Elliptic Curve Cryptography */ +-#define SSSFTR_ECC (SSSFTR_SE05X_ECC + SSSFTR_SW_ECC) +-/** RSA */ +-#define SSSFTR_RSA (SSSFTR_SE05X_RSA + SSSFTR_SW_RSA) +-/** KEY operations : SET Key */ +-#define SSSFTR_KEY_SET (SSSFTR_SE05X_KEY_SET + SSSFTR_SW_KEY_SET) +-/** KEY operations : GET Key */ +-#define SSSFTR_KEY_GET (SSSFTR_SE05X_KEY_GET + SSSFTR_SW_KEY_GET) +-/** KEY operations */ +-#define SSSFTR_KEY (SSSFTR_KEY_SET + SSSFTR_KEY_GET) +-/** KEY operations */ +-#define SSSFTR_SE05X_KEY (SSSFTR_SE05X_KEY_SET + SSSFTR_SE05X_KEY_GET) +-/** KEY operations */ +-#define SSSFTR_SW_KEY (SSSFTR_SW_KEY_SET + SSSFTR_SW_KEY_GET) +- +- +-#define SSS_HAVE_APPLET \ +- (SSS_HAVE_APPLET_A71CH | SSS_HAVE_APPLET_A71CL | SSS_HAVE_APPLET_A71CH_SIM | SSS_HAVE_APPLET_SE05X_A | SSS_HAVE_APPLET_SE05X_B | SSS_HAVE_APPLET_SE05X_C | SSS_HAVE_APPLET_SE05X_L | SSS_HAVE_APPLET_LOOPBACK) +- +-#define SSS_HAVE_APPLET_SE05X_IOT \ +- (SSS_HAVE_APPLET_SE05X_A | SSS_HAVE_APPLET_SE05X_B | SSS_HAVE_APPLET_SE05X_C) +- +-#define SSS_HAVE_MBEDTLS_ALT \ +- (SSS_HAVE_MBEDTLS_ALT_SSS | SSS_HAVE_MBEDTLS_ALT_A71CH) +- +-#define SSS_HAVE_HOSTCRYPTO_ANY \ +- (SSS_HAVE_HOSTCRYPTO_MBEDTLS | SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO | SSS_HAVE_HOSTCRYPTO_OPENSSL | SSS_HAVE_HOSTCRYPTO_USER) +- +-#define SSS_HAVE_FIPS \ +- (SSS_HAVE_FIPS_SE050 | SSS_HAVE_FIPS_140_2 | SSS_HAVE_FIPS_140_3) +- +- +-/* Version checks GTE - Greater Than Or Equal To */ +-#if SSS_HAVE_APPLET_SE05X_IOT +-# if SSS_HAVE_SE05X_VER_06_00 +-# define SSS_HAVE_SE05X_VER_GTE_06_00 1 +-# define SSS_HAVE_SE05X_VER_GTE_03_XX 1 +-# endif /* SSS_HAVE_SE05X_VER_06_00 */ +-# if SSS_HAVE_SE05X_VER_03_XX +-# define SSS_HAVE_SE05X_VER_GTE_06_00 0 +-# define SSS_HAVE_SE05X_VER_GTE_03_XX 1 +-# endif /* SSS_HAVE_SE05X_VER_03_XX */ +-#else //SSS_HAVE_APPLET_SE05X_IOT +-# define SSS_HAVE_SE05X_VER_GTE_03_XX 0 +-# define SSS_HAVE_SE05X_VER_GTE_06_00 0 +-#endif // SSS_HAVE_APPLET_SE05X_IOT +-/** Deprecated items. Used here for backwards compatibility. */ +- +-#define WithApplet_SE05X (SSS_HAVE_APPLET_SE05X_IOT) +-#define WithApplet_SE050_A (SSS_HAVE_APPLET_SE05X_A) +-#define WithApplet_SE050_B (SSS_HAVE_APPLET_SE05X_B) +-#define WithApplet_SE050_C (SSS_HAVE_APPLET_SE05X_C) +-#define SSS_HAVE_SE050_A (SSS_HAVE_APPLET_SE05X_A) +-#define SSS_HAVE_SE050_B (SSS_HAVE_APPLET_SE05X_B) +-#define SSS_HAVE_SE050_C (SSS_HAVE_APPLET_SE05X_C) +-#define SSS_HAVE_SE05X (SSS_HAVE_APPLET_SE05X_IOT) +-#define SSS_HAVE_SE (SSS_HAVE_APPLET) +-#define SSS_HAVE_LOOPBACK (SSS_HAVE_APPLET_LOOPBACK) +-#define SSS_HAVE_ALT (SSS_HAVE_MBEDTLS_ALT) +-#define WithApplet_None (SSS_HAVE_APPLET_NONE) +-#define SSS_HAVE_None (SSS_HAVE_APPLET_NONE) +-#define WithApplet_A71CH (SSS_HAVE_APPLET_A71CH) +-#define SSS_HAVE_A71CH (SSS_HAVE_APPLET_A71CH) +-#define WithApplet_A71CL (SSS_HAVE_APPLET_A71CL) +-#define SSS_HAVE_A71CL (SSS_HAVE_APPLET_A71CL) +-#define WithApplet_A71CH_SIM (SSS_HAVE_APPLET_A71CH_SIM) +-#define SSS_HAVE_A71CH_SIM (SSS_HAVE_APPLET_A71CH_SIM) +-#define WithApplet_SE05X_A (SSS_HAVE_APPLET_SE05X_A) +-#define SSS_HAVE_SE05X_A (SSS_HAVE_APPLET_SE05X_A) +-#define WithApplet_SE05X_B (SSS_HAVE_APPLET_SE05X_B) +-#define SSS_HAVE_SE05X_B (SSS_HAVE_APPLET_SE05X_B) +-#define WithApplet_SE05X_C (SSS_HAVE_APPLET_SE05X_C) +-#define SSS_HAVE_SE05X_C (SSS_HAVE_APPLET_SE05X_C) +-#define WithApplet_SE05X_L (SSS_HAVE_APPLET_SE05X_L) +-#define SSS_HAVE_SE05X_L (SSS_HAVE_APPLET_SE05X_L) +-#define WithApplet_LoopBack (SSS_HAVE_APPLET_LOOPBACK) +-#define SSS_HAVE_LoopBack (SSS_HAVE_APPLET_LOOPBACK) +-#define SSS_HAVE_MBEDTLS (SSS_HAVE_HOSTCRYPTO_MBEDTLS) +-#define SSS_HAVE_MBEDCRYPTO (SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO) +-#define SSS_HAVE_OPENSSL (SSS_HAVE_HOSTCRYPTO_OPENSSL) +-#define SSS_HAVE_USER (SSS_HAVE_HOSTCRYPTO_USER) +-#define SSS_HAVE_NONE (SSS_HAVE_HOSTCRYPTO_NONE) +-#define SSS_HAVE_ALT_SSS (SSS_HAVE_MBEDTLS_ALT_SSS) +-#define SSS_HAVE_ALT_A71CH (SSS_HAVE_MBEDTLS_ALT_A71CH) +-#define SSS_HAVE_ALT_NONE (SSS_HAVE_MBEDTLS_ALT_NONE) +-#define SSS_HAVE_SE05X_Auth_None (SSS_HAVE_SE05X_AUTH_NONE) +-#define SSS_HAVE_SE05X_Auth_UserID (SSS_HAVE_SE05X_AUTH_USERID) +-#define SSS_HAVE_SE05X_Auth_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_PLATFSCP03) +-#define SSS_HAVE_SE05X_Auth_AESKey (SSS_HAVE_SE05X_AUTH_AESKEY) +-#define SSS_HAVE_SE05X_Auth_ECKey (SSS_HAVE_SE05X_AUTH_ECKEY) +-#define SSS_HAVE_SE05X_Auth_UserID_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) +-#define SSS_HAVE_SE05X_Auth_AESKey_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) +-#define SSS_HAVE_SE05X_Auth_ECKey_PlatfSCP03 (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) +- +-/* # CMake Features : END */ +- +-/* ========= Miscellaneous values : START =================== */ +- +-/* ECC Mode is available */ +-#define SSS_HAVE_ECC 1 +- +-/* RSA is available */ +-#define SSS_HAVE_RSA 1 +- +-/* TPM BARRETO_NAEHRIG Curve is enabled */ +-#define SSS_HAVE_TPM_BN 1 +- +-/* Edwards Curve is enabled */ +-#define SSS_HAVE_EC_ED 1 +- +-/* Montgomery Curve is enabled */ +-#define SSS_HAVE_EC_MONT 1 +- +-/* MIFARE DESFire is enabled */ +-#define SSS_HAVE_MIFARE_DESFIRE 1 +- +-/* PBKDF2 is enabled */ +-#define SSS_HAVE_PBKDF2 1 +- +-/* TLS handshake support on SE is enabled */ +-#define SSS_HAVE_TLS_HANDSHAKE 1 +- +-/* Import Export Key is enabled */ +-#define SSS_HAVE_IMPORT 1 +- +-/* With NXP NFC Reader Library */ +-#define SSS_HAVE_NXPNFCRDLIB 0 +- +-#define SSS_HAVE_A71XX \ +- (SSS_HAVE_APPLET_A71CH | SSS_HAVE_APPLET_A71CH_SIM) +- +-#define SSS_HAVE_SSCP (SSS_HAVE_A71XX) +- +-/* For backwards compatibility */ +-#define SSS_HAVE_TESTCOUNTERPART (SSSFTR_SW_TESTCOUNTERPART) +- +-/* ========= Miscellaneous values : END ===================== */ +- +-/* ========= Calculated values : START ====================== */ +- +-/* Should we expose, SSS APIs */ +-#define SSS_HAVE_SSS ( 0 \ +- + SSS_HAVE_SSCP \ +- + SSS_HAVE_APPLET_SE05X_IOT \ +- + SSS_HAVE_HOSTCRYPTO_OPENSSL \ +- + SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO \ +- + SSS_HAVE_HOSTCRYPTO_MBEDTLS \ +- + SSS_HAVE_HOSTCRYPTO_USER \ +- ) +- +-/* MBEDCRYPTO is superset of MBEDTLS and exposing that way */ +-#if SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO +-# undef SSS_HAVE_MBEDTLS +-# undef SSS_HAVE_HOSTCRYPTO_MBEDTLS +- +-# define SSS_HAVE_MBEDTLS 1 +-# define SSS_HAVE_HOSTCRYPTO_MBEDTLS 1 +-#endif // SSS_HAVE_HOSTCRYPTO_MBEDCRYPTO +- +-#if SSS_HAVE_HOSTCRYPTO_NONE +-# undef SSSFTR_SE05X_AuthSession +-# define SSSFTR_SE05X_AuthSession 0 +-#endif +- +-/* Montgomery curves is not supported in SE05X_A*/ +-#if SSS_HAVE_APPLET_SE05X_A +-# undef SSS_HAVE_EC_MONT +-# define SSS_HAVE_EC_MONT 0 +-/* ED is not supported in SE050_A */ +-#if SSS_HAVE_SE05X_VER_03_XX +-# undef SSS_HAVE_EC_ED +-# define SSS_HAVE_EC_ED 0 +-#endif +-#endif +- +-#if SSS_HAVE_RSA +-# define SSS_HAVE_RSA_4K 1 +-#endif +- +-#if SSS_HAVE_ECC +-# define SSS_HAVE_EC_NIST_192 1 +-# define SSS_HAVE_EC_NIST_224 1 +-# define SSS_HAVE_EC_NIST_256 1 +-# define SSS_HAVE_EC_NIST_384 1 +-# define SSS_HAVE_EC_NIST_521 1 +-# define SSS_HAVE_EC_BP 1 +-# define SSS_HAVE_EC_NIST_K 1 +-# define SSS_HAVE_ECDAA 1 +-# define SSS_HAVE_EDDSA 1 +-#if SSS_HAVE_APPLET_SE05X_A +-# undef SSS_HAVE_ECDAA +-# undef SSS_HAVE_EDDSA +-# define SSS_HAVE_ECDAA 0 +-# define SSS_HAVE_EDDSA 0 +-#endif +-#endif +- +-#if SSS_HAVE_APPLET +-#define SSS_HAVE_HASH_1 1 +-#define SSS_HAVE_HASH_224 1 +-#define SSS_HAVE_HASH_512 1 +-#endif +- +- +-/* ========= Calculated values : END ======================== */ +- +-/* clang-format on */ +- +-#endif /* SSS_APIS_INC_FSL_SSS_FTR_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_keyid_map.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_keyid_map.h +deleted file mode 100644 +index 2b9b58a1c8..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_keyid_map.h ++++ /dev/null +@@ -1,182 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/* Mapping between key id and physical key store */ +- +-#ifndef SSS_INC_KEYID_MAP_H_ +-#define SSS_INC_KEYID_MAP_H_ +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#include +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +- +-/* Physical index */ +-/* clang-format off */ +-#define K_INDEX_MASK (0xFFFFu << 0u) +-#define K_TYPE_MASK (0xFFu << 24u) +-#define K_TYPE_ECC_KP (0x01u << 24u) +-#define K_TYPE_ECC_PUB (0x02u << 24u) +-#define K_TYPE_AES (0x03u << 24u) +-#define K_TYPE_CERT (0x04u << 24u) +- +-/* Key store N Count */ +-#define KS_N_ECC_KEY_PAIRS 4 +-#define KS_N_ECC_PUB_KEYS 3 +-#define KS_N_AES_KEYS 8 +-#define KS_N_CERTIFCATES 4 +-#define KS_N_RSA_KEY_PAIRS 1 +-#define KS_N_SYM_KEYS 1 +- +-/* clang-format on */ +- +-#define KS_N_ENTIRES_CL (0 + KS_N_RSA_KEY_PAIRS + KS_N_SYM_KEYS) +- +-#define KS_N_ENTIRES (0 + KS_N_ECC_KEY_PAIRS + KS_N_ECC_PUB_KEYS + KS_N_AES_KEYS + KS_N_CERTIFCATES) +- +-#define KEYSTORE_MAGIC (0xA71C401L) +-#define KEYSTORE_VERSION (0x0004) +-/* ************************************************************************** */ +-/* Structrues and Typedefs */ +-/* ************************************************************************** */ +- +-/* Generic entry of a Key ID Mapping inside the secure element */ +-typedef struct +-{ +- /** External index */ +- uint32_t extKeyId; +- +- /* Of type sss_key_part_t +- * +- * B0,B1,B2,B3 -> Key part and B4,B5,B6,B7 -> (No of slots taken - 1) */ +- uint8_t keyPart; +- uint8_t accessPermission; +- uint8_t cipherType; /* Of type sss_cipher_type_t */ +- /** Internal index */ +- uint8_t keyIntIndex; +-} keyIdAndTypeIndexLookup_t; +- +-typedef struct _keyStoreTable_t +-{ +- /** Fixed - Unique 32bit magic number. +- * +- * In case some one over-writes we can know. */ +- uint32_t magic; +- /** Fixed - constant based on version number */ +- uint16_t version; +- /** +- * maxEntries Fixed - constant in the Layout. Should be equal to +- * KS_N_ENTIRES This will help in porting between A71CH with less memory and +- * SE050 with more memory +- */ +- uint16_t maxEntries; +- /** Dynamic entries */ +- keyIdAndTypeIndexLookup_t *entries; +-} keyStoreTable_t; +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +- +-/** +- * Initialize the File allocation table entry +- * +- * @param keystore_shadow Shadow structure (to be persisted later to EEPROM or +- * File System) +- * @param lookup_entires Mapping table +- * @param max_entries Maximum entries that the Key Store can have +- */ +-void ks_common_init_fat( +- keyStoreTable_t *keystore_shadow, keyIdAndTypeIndexLookup_t *lookup_entires, size_t max_entries); +- +-/** +- * Update the File Allocation Table for the key. +- * +- * @param[out] keystore_shadow +- * @param[in] sss_key The key object. +- * @param[in] intIndex internal index. +- * @param extId External 32bit id of the key +- * @param object_type Type of the object +- * @param intIndex Internal index of the key. +- * @param accessPermission Access (Read/write/etc.) +- * +- * @note accessPermission is not used for A71CH +- * +- * @return Fail if not able to add the entry. +- +- */ +-sss_status_t ks_common_update_fat(keyStoreTable_t *keystore_shadow, +- uint32_t extId, +- sss_key_part_t object_part, +- sss_cipher_type_t cipher_type, +- uint8_t intIndex, +- uint32_t accessPermission, +- uint16_t keyLen); +- +-/** +- * check if the internal slot is availble for the key type. +- * +- * @param[in] keystore_shadow +- * @param[in] object_type type of key Object +- * @param[out] next_free_index avialable internal index for a particular key +- * type +- * +- * @return Fail if internal index is not available. +- */ +-sss_status_t ks_common_check_available_int_index(keyStoreTable_t *keystore_shadow, +- uint8_t object_type, +- uint8_t cipher_type, +- uint16_t *next_free_index, +- uint16_t keyLen); +- +-sss_status_t ks_common_extId_to_int_index(keyStoreTable_t *keystore_shadow, uint32_t extId, uint16_t *intIndex); +-/** +- * check if the key store is valid. +- * +- * @param[in] keystore_shadow The shadow of keystore +- * @param[out] status +- * +- * @return Fail if key store is not valid +- */ +-sss_status_t isValidKeyStoreShadow(keyStoreTable_t *keystore_shadow); +-/** +-* check if the internal slot is availble for the key type. +-* +-* @param[in] keystore_shadow +-* @param[in] keyId key id for getting key object +-* @param[out] keyType type of keyobject retrieved from keyId* type +-* +-* @return Fail if keyId not found +-*/ +-sss_status_t ks_common_get_keyType_from_keyid( +- keyStoreTable_t *keystore_shadow, uint32_t keyId, uint32_t *keyType, uint32_t *cipherType); +-/** +- * remove entry from shadow keystore. +- * +- * @param[in] keystore_shadow +- * @param[in] extId key id for getting key object +- * +- * @return Fail if keyId not found +- */ +-sss_status_t ks_common_remove_fat(keyStoreTable_t *keystore_shadow, uint32_t extId); +- +-void ks_sw_fat_remove(const char *szRootPath); +-void ks_sw_fat_free(keyStoreTable_t *keystore_shadow); +-void ks_sw_fat_allocate(keyStoreTable_t **keystore_shadow); +-void ks_sw_getKeyFileName( +- char *const file_name, const size_t size, const sss_object_t *sss_key, const char *root_folder); +-sss_status_t ks_sw_fat_load(const char *szRootPath, keyStoreTable_t *pKeystore_shadow); +- +-#endif /* SSS_INC_KEYID_MAP_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_lpc55s_apis.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_lpc55s_apis.h +deleted file mode 100644 +index d9e1a05f4f..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_lpc55s_apis.h ++++ /dev/null +@@ -1,115 +0,0 @@ +-/* +- * +- * Copyright 2018,2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef __FSL_SSS_LPC55S_APIS_H__ +-#define __FSL_SSS_LPC55S_APIS_H__ +- +-#ifdef __cplusplus +-extern "C" { +-#endif /* __cplusplus */ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if defined(SECURE_WORLD) +-#if SSS_HAVE_HOSTCRYPTO_MBEDTLS +-#include +-#include +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +- +-/** @copydoc sss_session_open +- * +- */ +-sss_status_t sss_lpc55s_impl_session_open(sss_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData); +- +-/** @copydoc sss_session_close +- * +- */ +-void sss_lpc55s_impl_session_close(sss_session_t *session); +- +-/** +- * @addtogroup sss_lpc55s_impl_mac +- * @{ +- */ +-/** @copydoc sss_mac_context_init +- * +- */ +-sss_status_t sss_lpc55s_impl_mac_context_init( +- sss_mac_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode); +- +-/** @copydoc sss_mac_one_go +- * +- */ +-sss_status_t sss_lpc55s_impl_mac_one_go( +- sss_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); +- +-/** @copydoc sss_mac_context_free +- * +- */ +-void sss_lpc55s_impl_mac_context_free(sss_mac_t *context); +- +-/** Re-define sss_host_session_open to be redirected +- * from HashCrypt session open +- */ +-#ifdef sss_host_session_open +-#undef sss_host_session_open +-#define sss_host_session_open(session, subsystem, application_id, connection_type, connectionData) \ +- sss_lpc55s_impl_session_open((session), (subsystem), (application_id), (connection_type), (connectionData)) +-#endif +- +-/** Re-define sss_host_session_close to be redirected +- * from HashCrypt session open +- */ +-#ifdef sss_host_session_close +-#undef sss_host_session_close +-#define sss_host_session_close(session) sss_lpc55s_impl_session_close((session)) +-#endif +- +-/** Re-define sss_host_mac_context_init to be redirected +- * from HashCrypt MAC operations +- */ +-#ifdef sss_host_mac_context_init +-#undef sss_host_mac_context_init +-#define sss_host_mac_context_init(context, session, keyObject, algorithm, mode) \ +- sss_lpc55s_impl_mac_context_init((context), (session), (keyObject), (algorithm), (mode)) +-#endif +- +-/** Re-define sss_host_mac_one_go to be redirected +- * from HashCrypt MAC operations +- */ +-#ifdef sss_host_mac_one_go +-#undef sss_host_mac_one_go +-#define sss_host_mac_one_go(context, message, messageLen, mac, macLen) \ +- sss_lpc55s_impl_mac_one_go((context), (message), (messageLen), (mac), (macLen)) +-#endif +- +-/** Re-define sss_host_mac_context_free to be redirected +- * from HashCrypt MAC operations +- */ +-#ifdef sss_host_mac_context_free +-#undef sss_host_mac_context_free +-#define sss_host_mac_context_free(context) sss_lpc55s_impl_mac_context_free((context)) +-#endif +- +-/* clang-format on */ +-#endif /* SSS_HAVE_HOSTCRYPTO_MBEDTLS */ +-#endif /* SECURE_WORLD */ +- +-#ifdef __cplusplus +-} // extern "C" +-#endif /* __cplusplus */ +- +-#endif /* __FSL_SSS_LPC55S_APIS_H__ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_apis.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_apis.h +deleted file mode 100644 +index d077f63088..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_apis.h ++++ /dev/null +@@ -1,837 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef FSL_SSS_MBEDTLS_APIS_H +-#define FSL_SSS_MBEDTLS_APIS_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif /* __cplusplus */ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_MBEDTLS +-#include +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +-/** +- * @addtogroup sss_mbedtls_session +- * @{ +- */ +-/** @copydoc sss_session_create +- * +- */ +-sss_status_t sss_mbedtls_session_create(sss_mbedtls_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData); +- +-/** @copydoc sss_session_open +- * +- */ +-sss_status_t sss_mbedtls_session_open(sss_mbedtls_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData); +- +-/** @copydoc sss_session_prop_get_u32 +- * +- */ +-sss_status_t sss_mbedtls_session_prop_get_u32(sss_mbedtls_session_t *session, uint32_t property, uint32_t *pValue); +- +-/** @copydoc sss_session_prop_get_au8 +- * +- */ +-sss_status_t sss_mbedtls_session_prop_get_au8( +- sss_mbedtls_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); +- +-/** @copydoc sss_session_close +- * +- */ +-void sss_mbedtls_session_close(sss_mbedtls_session_t *session); +- +-/** @copydoc sss_session_delete +- * +- */ +-void sss_mbedtls_session_delete(sss_mbedtls_session_t *session); +- +-/*! @} */ /* end of : sss_mbedtls_session */ +- +-/** +- * @addtogroup sss_mbedtls_keyobj +- * @{ +- */ +-/** @copydoc sss_key_object_init +- * +- */ +-sss_status_t sss_mbedtls_key_object_init(sss_mbedtls_object_t *keyObject, sss_mbedtls_key_store_t *keyStore); +- +-/** @copydoc sss_key_object_allocate_handle +- * +- */ +-sss_status_t sss_mbedtls_key_object_allocate_handle(sss_mbedtls_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t options); +- +-/** @copydoc sss_key_object_get_handle +- * +- */ +-sss_status_t sss_mbedtls_key_object_get_handle(sss_mbedtls_object_t *keyObject, uint32_t keyId); +- +-/** @copydoc sss_key_object_set_user +- * +- */ +-sss_status_t sss_mbedtls_key_object_set_user(sss_mbedtls_object_t *keyObject, uint32_t user, uint32_t options); +- +-/** @copydoc sss_key_object_set_purpose +- * +- */ +-sss_status_t sss_mbedtls_key_object_set_purpose(sss_mbedtls_object_t *keyObject, sss_mode_t purpose, uint32_t options); +- +-/** @copydoc sss_key_object_set_access +- * +- */ +-sss_status_t sss_mbedtls_key_object_set_access(sss_mbedtls_object_t *keyObject, uint32_t access, uint32_t options); +- +-/** @copydoc sss_key_object_set_eccgfp_group +- * +- */ +-sss_status_t sss_mbedtls_key_object_set_eccgfp_group(sss_mbedtls_object_t *keyObject, sss_eccgfp_group_t *group); +- +-/** @copydoc sss_key_object_get_user +- * +- */ +-sss_status_t sss_mbedtls_key_object_get_user(sss_mbedtls_object_t *keyObject, uint32_t *user); +- +-/** @copydoc sss_key_object_get_purpose +- * +- */ +-sss_status_t sss_mbedtls_key_object_get_purpose(sss_mbedtls_object_t *keyObject, sss_mode_t *purpose); +- +-/** @copydoc sss_key_object_get_access +- * +- */ +-sss_status_t sss_mbedtls_key_object_get_access(sss_mbedtls_object_t *keyObject, uint32_t *access); +- +-/** @copydoc sss_key_object_free +- * +- */ +-void sss_mbedtls_key_object_free(sss_mbedtls_object_t *keyObject); +- +-/*! @} */ /* end of : sss_mbedtls_keyobj */ +- +-/** +- * @addtogroup sss_mbedtls_keyderive +- * @{ +- */ +-/** @copydoc sss_derive_key_context_init +- * +- */ +-sss_status_t sss_mbedtls_derive_key_context_init(sss_mbedtls_derive_key_t *context, +- sss_mbedtls_session_t *session, +- sss_mbedtls_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_derive_key_go +- * +- */ +-sss_status_t sss_mbedtls_derive_key_go(sss_mbedtls_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_mbedtls_object_t *derivedKeyObject, +- uint16_t deriveDataLen, +- uint8_t *hkdfOutput, +- size_t *hkdfOutputLen); +- +-/** @copydoc sss_derive_key_one_go +-* +-*/ +-sss_status_t sss_mbedtls_derive_key_one_go(sss_mbedtls_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_mbedtls_object_t *derivedKeyObject, +- uint16_t deriveDataLen); +- +-/** @copydoc sss_derive_key_sobj_one_go +-* +-*/ +-sss_status_t sss_mbedtls_derive_key_sobj_one_go(sss_mbedtls_derive_key_t *context, +- sss_mbedtls_object_t *saltKeyObject, +- const uint8_t *info, +- size_t infoLen, +- sss_mbedtls_object_t *derivedKeyObject, +- uint16_t deriveDataLen); +- +-/** @copydoc sss_derive_key_dh +- * +- */ +-sss_status_t sss_mbedtls_derive_key_dh(sss_mbedtls_derive_key_t *context, +- sss_mbedtls_object_t *otherPartyKeyObject, +- sss_mbedtls_object_t *derivedKeyObject); +- +-/** @copydoc sss_derive_key_context_free +- * +- */ +-void sss_mbedtls_derive_key_context_free(sss_mbedtls_derive_key_t *context); +- +-/*! @} */ /* end of : sss_mbedtls_keyderive */ +- +-/** +- * @addtogroup sss_mbedtls_keystore +- * @{ +- */ +-/** @copydoc sss_key_store_context_init +- * +- */ +-sss_status_t sss_mbedtls_key_store_context_init(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_session_t *session); +- +-/** @copydoc sss_key_store_allocate +- * +- */ +-sss_status_t sss_mbedtls_key_store_allocate(sss_mbedtls_key_store_t *keyStore, uint32_t keyStoreId); +- +-/** @copydoc sss_key_store_save +- * +- */ +-sss_status_t sss_mbedtls_key_store_save(sss_mbedtls_key_store_t *keyStore); +- +-/** @copydoc sss_key_store_load +- * +- */ +-sss_status_t sss_mbedtls_key_store_load(sss_mbedtls_key_store_t *keyStore); +- +-/** @copydoc sss_key_store_set_key +- * +- */ +-sss_status_t sss_mbedtls_key_store_set_key(sss_mbedtls_key_store_t *keyStore, +- sss_mbedtls_object_t *keyObject, +- const uint8_t *data, +- size_t dataLen, +- size_t keyBitLen, +- void *options, +- size_t optionsLen); +- +-/** @copydoc sss_key_store_generate_key +- * +- */ +-sss_status_t sss_mbedtls_key_store_generate_key( +- sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject, size_t keyBitLen, void *options); +- +-/** @copydoc sss_key_store_get_key +- * +- */ +-sss_status_t sss_mbedtls_key_store_get_key(sss_mbedtls_key_store_t *keyStore, +- sss_mbedtls_object_t *keyObject, +- uint8_t *data, +- size_t *dataLen, +- size_t *pKeyBitLen); +- +-/** @copydoc sss_key_store_open_key +- * +- */ +-sss_status_t sss_mbedtls_key_store_open_key(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject); +- +-/** @copydoc sss_key_store_freeze_key +- * +- */ +-sss_status_t sss_mbedtls_key_store_freeze_key(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject); +- +-/** @copydoc sss_key_store_erase_key +- * +- */ +-sss_status_t sss_mbedtls_key_store_erase_key(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject); +- +-/** @copydoc sss_key_store_context_free +- * +- */ +-void sss_mbedtls_key_store_context_free(sss_mbedtls_key_store_t *keyStore); +- +-/*! @} */ /* end of : sss_mbedtls_keystore */ +- +-/** +- * @addtogroup sss_mbedtls_asym +- * @{ +- */ +-/** @copydoc sss_asymmetric_context_init +- * +- */ +-sss_status_t sss_mbedtls_asymmetric_context_init(sss_mbedtls_asymmetric_t *context, +- sss_mbedtls_session_t *session, +- sss_mbedtls_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_asymmetric_encrypt +- * +- */ +-sss_status_t sss_mbedtls_asymmetric_encrypt( +- sss_mbedtls_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_asymmetric_decrypt +- * +- */ +-sss_status_t sss_mbedtls_asymmetric_decrypt( +- sss_mbedtls_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_asymmetric_sign_digest +- * +- */ +-sss_status_t sss_mbedtls_asymmetric_sign_digest( +- sss_mbedtls_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); +- +-/** @copydoc sss_asymmetric_verify_digest +- * +- */ +-sss_status_t sss_mbedtls_asymmetric_verify_digest( +- sss_mbedtls_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); +- +-/** @copydoc sss_asymmetric_context_free +- * +- */ +-void sss_mbedtls_asymmetric_context_free(sss_mbedtls_asymmetric_t *context); +- +-/*! @} */ /* end of : sss_mbedtls_asym */ +- +-/** +- * @addtogroup sss_mbedtls_symm +- * @{ +- */ +-/** @copydoc sss_symmetric_context_init +- * +- */ +-sss_status_t sss_mbedtls_symmetric_context_init(sss_mbedtls_symmetric_t *context, +- sss_mbedtls_session_t *session, +- sss_mbedtls_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_cipher_one_go +- * +- */ +-sss_status_t sss_mbedtls_cipher_one_go(sss_mbedtls_symmetric_t *context, +- uint8_t *iv, +- size_t ivLen, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t dataLen); +- +-/** @copydoc sss_cipher_init +- * +- */ +-sss_status_t sss_mbedtls_cipher_init(sss_mbedtls_symmetric_t *context, uint8_t *iv, size_t ivLen); +- +-/** @copydoc sss_cipher_update +- * +- */ +-sss_status_t sss_mbedtls_cipher_update( +- sss_mbedtls_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_cipher_finish +- * +- */ +-sss_status_t sss_mbedtls_cipher_finish( +- sss_mbedtls_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_cipher_crypt_ctr +- * +- */ +-sss_status_t sss_mbedtls_cipher_crypt_ctr(sss_mbedtls_symmetric_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *initialCounter, +- uint8_t *lastEncryptedCounter, +- size_t *szLeft); +- +-/** @copydoc sss_symmetric_context_free +- * +- */ +-void sss_mbedtls_symmetric_context_free(sss_mbedtls_symmetric_t *context); +- +-/*! @} */ /* end of : sss_mbedtls_symm */ +- +-/** +- * @addtogroup sss_mbedtls_aead +- * @{ +- */ +-/** @copydoc sss_aead_context_init +- * +- */ +-sss_status_t sss_mbedtls_aead_context_init(sss_mbedtls_aead_t *context, +- sss_mbedtls_session_t *session, +- sss_mbedtls_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_aead_one_go +- * +- */ +-sss_status_t sss_mbedtls_aead_one_go(sss_mbedtls_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen); +- +-/** @copydoc sss_aead_init +- * +- */ +-sss_status_t sss_mbedtls_aead_init( +- sss_mbedtls_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); +- +-/** @copydoc sss_aead_update_aad +- * +- */ +-sss_status_t sss_mbedtls_aead_update_aad(sss_mbedtls_aead_t *context, const uint8_t *aadData, size_t aadDataLen); +- +-/** @copydoc sss_aead_update +- * +- */ +-sss_status_t sss_mbedtls_aead_update( +- sss_mbedtls_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_aead_finish +- * +- */ +-sss_status_t sss_mbedtls_aead_finish(sss_mbedtls_aead_t *context, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen, +- uint8_t *tag, +- size_t *tagLen); +- +-/** @copydoc sss_aead_context_free +- * +- */ +-void sss_mbedtls_aead_context_free(sss_mbedtls_aead_t *context); +- +-/*! @} */ /* end of : sss_mbedtls_aead */ +- +-/** +- * @addtogroup sss_mbedtls_mac +- * @{ +- */ +-/** @copydoc sss_mac_context_init +- * +- */ +-sss_status_t sss_mbedtls_mac_context_init(sss_mbedtls_mac_t *context, +- sss_mbedtls_session_t *session, +- sss_mbedtls_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_mac_one_go +- * +- */ +-sss_status_t sss_mbedtls_mac_one_go( +- sss_mbedtls_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); +- +-/** @copydoc sss_mac_init +- * +- */ +-sss_status_t sss_mbedtls_mac_init(sss_mbedtls_mac_t *context); +- +-/** @copydoc sss_mac_update +- * +- */ +-sss_status_t sss_mbedtls_mac_update(sss_mbedtls_mac_t *context, const uint8_t *message, size_t messageLen); +- +-/** @copydoc sss_mac_finish +- * +- */ +-sss_status_t sss_mbedtls_mac_finish(sss_mbedtls_mac_t *context, uint8_t *mac, size_t *macLen); +- +-/** @copydoc sss_mac_context_free +- * +- */ +-void sss_mbedtls_mac_context_free(sss_mbedtls_mac_t *context); +- +-/*! @} */ /* end of : sss_mbedtls_mac */ +- +-/** +- * @addtogroup sss_mbedtls_md +- * @{ +- */ +-/** @copydoc sss_digest_context_init +- * +- */ +-sss_status_t sss_mbedtls_digest_context_init( +- sss_mbedtls_digest_t *context, sss_mbedtls_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); +- +-/** @copydoc sss_digest_one_go +- * +- */ +-sss_status_t sss_mbedtls_digest_one_go( +- sss_mbedtls_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); +- +-/** @copydoc sss_digest_init +- * +- */ +-sss_status_t sss_mbedtls_digest_init(sss_mbedtls_digest_t *context); +- +-/** @copydoc sss_digest_update +- * +- */ +-sss_status_t sss_mbedtls_digest_update(sss_mbedtls_digest_t *context, const uint8_t *message, size_t messageLen); +- +-/** @copydoc sss_digest_finish +- * +- */ +-sss_status_t sss_mbedtls_digest_finish(sss_mbedtls_digest_t *context, uint8_t *digest, size_t *digestLen); +- +-/** @copydoc sss_digest_context_free +- * +- */ +-void sss_mbedtls_digest_context_free(sss_mbedtls_digest_t *context); +- +-/*! @} */ /* end of : sss_mbedtls_md */ +- +-/** +- * @addtogroup sss_mbedtls_rng +- * @{ +- */ +-/** @copydoc sss_rng_context_init +- * +- */ +-sss_status_t sss_mbedtls_rng_context_init(sss_mbedtls_rng_context_t *context, sss_mbedtls_session_t *session); +- +-/** @copydoc sss_rng_get_random +- * +- */ +-sss_status_t sss_mbedtls_rng_get_random(sss_mbedtls_rng_context_t *context, uint8_t *random_data, size_t dataLen); +- +-/** @copydoc sss_rng_context_free +- * +- */ +-sss_status_t sss_mbedtls_rng_context_free(sss_mbedtls_rng_context_t *context); +- +-/*! @} */ /* end of : sss_mbedtls_rng */ +- +-/* clang-format off */ +-# if (SSS_HAVE_SSS == 1) +- /* Direct Call : session */ +-# define sss_session_create(session,subsystem,application_id,connection_type,connectionData) \ +- sss_mbedtls_session_create(((sss_mbedtls_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) +-# define sss_session_open(session,subsystem,application_id,connection_type,connectionData) \ +- sss_mbedtls_session_open(((sss_mbedtls_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) +-# define sss_session_prop_get_u32(session,property,pValue) \ +- sss_mbedtls_session_prop_get_u32(((sss_mbedtls_session_t * ) session),(property),(pValue)) +-# define sss_session_prop_get_au8(session,property,pValue,pValueLen) \ +- sss_mbedtls_session_prop_get_au8(((sss_mbedtls_session_t * ) session),(property),(pValue),(pValueLen)) +-# define sss_session_close(session) \ +- sss_mbedtls_session_close(((sss_mbedtls_session_t * ) session)) +-# define sss_session_delete(session) \ +- sss_mbedtls_session_delete(((sss_mbedtls_session_t * ) session)) +- /* Direct Call : keyobj */ +-# define sss_key_object_init(keyObject,keyStore) \ +- sss_mbedtls_key_object_init(((sss_mbedtls_object_t * ) keyObject),((sss_mbedtls_key_store_t * ) keyStore)) +-# define sss_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ +- sss_mbedtls_key_object_allocate_handle(((sss_mbedtls_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) +-# define sss_key_object_get_handle(keyObject,keyId) \ +- sss_mbedtls_key_object_get_handle(((sss_mbedtls_object_t * ) keyObject),(keyId)) +-# define sss_key_object_set_user(keyObject,user,options) \ +- sss_mbedtls_key_object_set_user(((sss_mbedtls_object_t * ) keyObject),(user),(options)) +-# define sss_key_object_set_purpose(keyObject,purpose,options) \ +- sss_mbedtls_key_object_set_purpose(((sss_mbedtls_object_t * ) keyObject),(purpose),(options)) +-# define sss_key_object_set_access(keyObject,access,options) \ +- sss_mbedtls_key_object_set_access(((sss_mbedtls_object_t * ) keyObject),(access),(options)) +-# define sss_key_object_set_eccgfp_group(keyObject,group) \ +- sss_mbedtls_key_object_set_eccgfp_group(((sss_mbedtls_object_t * ) keyObject),(group)) +-# define sss_key_object_get_user(keyObject,user) \ +- sss_mbedtls_key_object_get_user(((sss_mbedtls_object_t * ) keyObject),(user)) +-# define sss_key_object_get_purpose(keyObject,purpose) \ +- sss_mbedtls_key_object_get_purpose(((sss_mbedtls_object_t * ) keyObject),(purpose)) +-# define sss_key_object_get_access(keyObject,access) \ +- sss_mbedtls_key_object_get_access(((sss_mbedtls_object_t * ) keyObject),(access)) +-# define sss_key_object_free(keyObject) \ +- sss_mbedtls_key_object_free(((sss_mbedtls_object_t * ) keyObject)) +- /* Direct Call : keyderive */ +-# define sss_derive_key_context_init(context,session,keyObject,algorithm,mode) \ +- sss_mbedtls_derive_key_context_init(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ +- sss_mbedtls_derive_key_go(((sss_mbedtls_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_mbedtls_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) +-# define sss_derive_key_one_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen) \ +- sss_mbedtls_derive_key_one_go(((sss_mbedtls_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_mbedtls_object_t * ) derivedKeyObject),(deriveDataLen)) +-# define sss_derive_key_sobj_one_go(context,saltKeyObject,info,infoLen,derivedKeyObject,deriveDataLen) \ +- sss_mbedtls_derive_key_sobj_one_go(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_object_t * )saltKeyObject),(info),(infoLen),((sss_mbedtls_object_t * ) derivedKeyObject),(deriveDataLen)) +-# define sss_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ +- sss_mbedtls_derive_key_dh(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_object_t * ) otherPartyKeyObject),((sss_mbedtls_object_t * ) derivedKeyObject)) +-# define sss_derive_key_context_free(context) \ +- sss_mbedtls_derive_key_context_free(((sss_mbedtls_derive_key_t * ) context)) +- /* Direct Call : keystore */ +-# define sss_key_store_context_init(keyStore,session) \ +- sss_mbedtls_key_store_context_init(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_session_t * ) session)) +-# define sss_key_store_allocate(keyStore,keyStoreId) \ +- sss_mbedtls_key_store_allocate(((sss_mbedtls_key_store_t * ) keyStore),(keyStoreId)) +-# define sss_key_store_save(keyStore) \ +- sss_mbedtls_key_store_save(((sss_mbedtls_key_store_t * ) keyStore)) +-# define sss_key_store_load(keyStore) \ +- sss_mbedtls_key_store_load(((sss_mbedtls_key_store_t * ) keyStore)) +-# define sss_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ +- sss_mbedtls_key_store_set_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) +-# define sss_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ +- sss_mbedtls_key_store_generate_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(keyBitLen),(options)) +-# define sss_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ +- sss_mbedtls_key_store_get_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) +-# define sss_key_store_open_key(keyStore,keyObject) \ +- sss_mbedtls_key_store_open_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) +-# define sss_key_store_freeze_key(keyStore,keyObject) \ +- sss_mbedtls_key_store_freeze_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) +-# define sss_key_store_erase_key(keyStore,keyObject) \ +- sss_mbedtls_key_store_erase_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) +-# define sss_key_store_context_free(keyStore) \ +- sss_mbedtls_key_store_context_free(((sss_mbedtls_key_store_t * ) keyStore)) +- /* Direct Call : asym */ +-# define sss_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ +- sss_mbedtls_asymmetric_context_init(((sss_mbedtls_asymmetric_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ +- sss_mbedtls_asymmetric_encrypt(((sss_mbedtls_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ +- sss_mbedtls_asymmetric_decrypt(((sss_mbedtls_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ +- sss_mbedtls_asymmetric_sign_digest(((sss_mbedtls_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) +-# define sss_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ +- sss_mbedtls_asymmetric_verify_digest(((sss_mbedtls_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) +-# define sss_asymmetric_context_free(context) \ +- sss_mbedtls_asymmetric_context_free(((sss_mbedtls_asymmetric_t * ) context)) +- /* Direct Call : symm */ +-# define sss_symmetric_context_init(context,session,keyObject,algorithm,mode) \ +- sss_mbedtls_symmetric_context_init(((sss_mbedtls_symmetric_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ +- sss_mbedtls_cipher_one_go(((sss_mbedtls_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) +-# define sss_cipher_init(context,iv,ivLen) \ +- sss_mbedtls_cipher_init(((sss_mbedtls_symmetric_t * ) context),(iv),(ivLen)) +-# define sss_cipher_update(context,srcData,srcLen,destData,destLen) \ +- sss_mbedtls_cipher_update(((sss_mbedtls_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_cipher_finish(context,srcData,srcLen,destData,destLen) \ +- sss_mbedtls_cipher_finish(((sss_mbedtls_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ +- sss_mbedtls_cipher_crypt_ctr(((sss_mbedtls_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) +-# define sss_symmetric_context_free(context) \ +- sss_mbedtls_symmetric_context_free(((sss_mbedtls_symmetric_t * ) context)) +- /* Direct Call : aead */ +-# define sss_aead_context_init(context,session,keyObject,algorithm,mode) \ +- sss_mbedtls_aead_context_init(((sss_mbedtls_aead_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ +- sss_mbedtls_aead_one_go(((sss_mbedtls_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) +-# define sss_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ +- sss_mbedtls_aead_init(((sss_mbedtls_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) +-# define sss_aead_update_aad(context,aadData,aadDataLen) \ +- sss_mbedtls_aead_update_aad(((sss_mbedtls_aead_t * ) context),(aadData),(aadDataLen)) +-# define sss_aead_update(context,srcData,srcLen,destData,destLen) \ +- sss_mbedtls_aead_update(((sss_mbedtls_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ +- sss_mbedtls_aead_finish(((sss_mbedtls_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) +-# define sss_aead_context_free(context) \ +- sss_mbedtls_aead_context_free(((sss_mbedtls_aead_t * ) context)) +- /* Direct Call : mac */ +-# define sss_mac_context_init(context,session,keyObject,algorithm,mode) \ +- sss_mbedtls_mac_context_init(((sss_mbedtls_mac_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_mac_one_go(context,message,messageLen,mac,macLen) \ +- sss_mbedtls_mac_one_go(((sss_mbedtls_mac_t * ) context),(message),(messageLen),(mac),(macLen)) +-# define sss_mac_init(context) \ +- sss_mbedtls_mac_init(((sss_mbedtls_mac_t * ) context)) +-# define sss_mac_update(context,message,messageLen) \ +- sss_mbedtls_mac_update(((sss_mbedtls_mac_t * ) context),(message),(messageLen)) +-# define sss_mac_finish(context,mac,macLen) \ +- sss_mbedtls_mac_finish(((sss_mbedtls_mac_t * ) context),(mac),(macLen)) +-# define sss_mac_context_free(context) \ +- sss_mbedtls_mac_context_free(((sss_mbedtls_mac_t * ) context)) +- /* Direct Call : md */ +-# define sss_digest_context_init(context,session,algorithm,mode) \ +- sss_mbedtls_digest_context_init(((sss_mbedtls_digest_t * ) context),((sss_mbedtls_session_t * ) session),(algorithm),(mode)) +-# define sss_digest_one_go(context,message,messageLen,digest,digestLen) \ +- sss_mbedtls_digest_one_go(((sss_mbedtls_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) +-# define sss_digest_init(context) \ +- sss_mbedtls_digest_init(((sss_mbedtls_digest_t * ) context)) +-# define sss_digest_update(context,message,messageLen) \ +- sss_mbedtls_digest_update(((sss_mbedtls_digest_t * ) context),(message),(messageLen)) +-# define sss_digest_finish(context,digest,digestLen) \ +- sss_mbedtls_digest_finish(((sss_mbedtls_digest_t * ) context),(digest),(digestLen)) +-# define sss_digest_context_free(context) \ +- sss_mbedtls_digest_context_free(((sss_mbedtls_digest_t * ) context)) +- /* Direct Call : rng */ +-# define sss_rng_context_init(context,session) \ +- sss_mbedtls_rng_context_init(((sss_mbedtls_rng_context_t * ) context),((sss_mbedtls_session_t * ) session)) +-# define sss_rng_get_random(context,random_data,dataLen) \ +- sss_mbedtls_rng_get_random(((sss_mbedtls_rng_context_t * ) context),(random_data),(dataLen)) +-# define sss_rng_context_free(context) \ +- sss_mbedtls_rng_context_free(((sss_mbedtls_rng_context_t * ) context)) +-# endif /* (SSS_HAVE_SSS == 1) */ +-# if (SSS_HAVE_OPENSSL == 0) +- /* Host Call : session */ +-# define sss_host_session_create(session,subsystem,application_id,connection_type,connectionData) \ +- sss_mbedtls_session_create(((sss_mbedtls_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) +-# define sss_host_session_open(session,subsystem,application_id,connection_type,connectionData) \ +- sss_mbedtls_session_open(((sss_mbedtls_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) +-# define sss_host_session_prop_get_u32(session,property,pValue) \ +- sss_mbedtls_session_prop_get_u32(((sss_mbedtls_session_t * ) session),(property),(pValue)) +-# define sss_host_session_prop_get_au8(session,property,pValue,pValueLen) \ +- sss_mbedtls_session_prop_get_au8(((sss_mbedtls_session_t * ) session),(property),(pValue),(pValueLen)) +-# define sss_host_session_close(session) \ +- sss_mbedtls_session_close(((sss_mbedtls_session_t * ) session)) +-# define sss_host_session_delete(session) \ +- sss_mbedtls_session_delete(((sss_mbedtls_session_t * ) session)) +- /* Host Call : keyobj */ +-# define sss_host_key_object_init(keyObject,keyStore) \ +- sss_mbedtls_key_object_init(((sss_mbedtls_object_t * ) keyObject),((sss_mbedtls_key_store_t * ) keyStore)) +-# define sss_host_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ +- sss_mbedtls_key_object_allocate_handle(((sss_mbedtls_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) +-# define sss_host_key_object_get_handle(keyObject,keyId) \ +- sss_mbedtls_key_object_get_handle(((sss_mbedtls_object_t * ) keyObject),(keyId)) +-# define sss_host_key_object_set_user(keyObject,user,options) \ +- sss_mbedtls_key_object_set_user(((sss_mbedtls_object_t * ) keyObject),(user),(options)) +-# define sss_host_key_object_set_purpose(keyObject,purpose,options) \ +- sss_mbedtls_key_object_set_purpose(((sss_mbedtls_object_t * ) keyObject),(purpose),(options)) +-# define sss_host_key_object_set_access(keyObject,access,options) \ +- sss_mbedtls_key_object_set_access(((sss_mbedtls_object_t * ) keyObject),(access),(options)) +-# define sss_host_key_object_set_eccgfp_group(keyObject,group) \ +- sss_mbedtls_key_object_set_eccgfp_group(((sss_mbedtls_object_t * ) keyObject),(group)) +-# define sss_host_key_object_get_user(keyObject,user) \ +- sss_mbedtls_key_object_get_user(((sss_mbedtls_object_t * ) keyObject),(user)) +-# define sss_host_key_object_get_purpose(keyObject,purpose) \ +- sss_mbedtls_key_object_get_purpose(((sss_mbedtls_object_t * ) keyObject),(purpose)) +-# define sss_host_key_object_get_access(keyObject,access) \ +- sss_mbedtls_key_object_get_access(((sss_mbedtls_object_t * ) keyObject),(access)) +-# define sss_host_key_object_free(keyObject) \ +- sss_mbedtls_key_object_free(((sss_mbedtls_object_t * ) keyObject)) +- /* Host Call : keyderive */ +-# define sss_host_derive_key_context_init(context,session,keyObject,algorithm,mode) \ +- sss_mbedtls_derive_key_context_init(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ +- sss_mbedtls_derive_key_go(((sss_mbedtls_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_mbedtls_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) +-# define sss_host_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ +- sss_mbedtls_derive_key_dh(((sss_mbedtls_derive_key_t * ) context),((sss_mbedtls_object_t * ) otherPartyKeyObject),((sss_mbedtls_object_t * ) derivedKeyObject)) +-# define sss_host_derive_key_context_free(context) \ +- sss_mbedtls_derive_key_context_free(((sss_mbedtls_derive_key_t * ) context)) +- /* Host Call : keystore */ +-# define sss_host_key_store_context_init(keyStore,session) \ +- sss_mbedtls_key_store_context_init(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_session_t * ) session)) +-# define sss_host_key_store_allocate(keyStore,keyStoreId) \ +- sss_mbedtls_key_store_allocate(((sss_mbedtls_key_store_t * ) keyStore),(keyStoreId)) +-# define sss_host_key_store_save(keyStore) \ +- sss_mbedtls_key_store_save(((sss_mbedtls_key_store_t * ) keyStore)) +-# define sss_host_key_store_load(keyStore) \ +- sss_mbedtls_key_store_load(((sss_mbedtls_key_store_t * ) keyStore)) +-# define sss_host_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ +- sss_mbedtls_key_store_set_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) +-# define sss_host_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ +- sss_mbedtls_key_store_generate_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(keyBitLen),(options)) +-# define sss_host_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ +- sss_mbedtls_key_store_get_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) +-# define sss_host_key_store_open_key(keyStore,keyObject) \ +- sss_mbedtls_key_store_open_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) +-# define sss_host_key_store_freeze_key(keyStore,keyObject) \ +- sss_mbedtls_key_store_freeze_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) +-# define sss_host_key_store_erase_key(keyStore,keyObject) \ +- sss_mbedtls_key_store_erase_key(((sss_mbedtls_key_store_t * ) keyStore),((sss_mbedtls_object_t * ) keyObject)) +-# define sss_host_key_store_context_free(keyStore) \ +- sss_mbedtls_key_store_context_free(((sss_mbedtls_key_store_t * ) keyStore)) +- /* Host Call : asym */ +-# define sss_host_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ +- sss_mbedtls_asymmetric_context_init(((sss_mbedtls_asymmetric_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ +- sss_mbedtls_asymmetric_encrypt(((sss_mbedtls_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ +- sss_mbedtls_asymmetric_decrypt(((sss_mbedtls_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ +- sss_mbedtls_asymmetric_sign_digest(((sss_mbedtls_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) +-# define sss_host_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ +- sss_mbedtls_asymmetric_verify_digest(((sss_mbedtls_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) +-# define sss_host_asymmetric_context_free(context) \ +- sss_mbedtls_asymmetric_context_free(((sss_mbedtls_asymmetric_t * ) context)) +- /* Host Call : symm */ +-# define sss_host_symmetric_context_init(context,session,keyObject,algorithm,mode) \ +- sss_mbedtls_symmetric_context_init(((sss_mbedtls_symmetric_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ +- sss_mbedtls_cipher_one_go(((sss_mbedtls_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) +-# define sss_host_cipher_init(context,iv,ivLen) \ +- sss_mbedtls_cipher_init(((sss_mbedtls_symmetric_t * ) context),(iv),(ivLen)) +-# define sss_host_cipher_update(context,srcData,srcLen,destData,destLen) \ +- sss_mbedtls_cipher_update(((sss_mbedtls_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_cipher_finish(context,srcData,srcLen,destData,destLen) \ +- sss_mbedtls_cipher_finish(((sss_mbedtls_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ +- sss_mbedtls_cipher_crypt_ctr(((sss_mbedtls_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) +-# define sss_host_symmetric_context_free(context) \ +- sss_mbedtls_symmetric_context_free(((sss_mbedtls_symmetric_t * ) context)) +- /* Host Call : aead */ +-# define sss_host_aead_context_init(context,session,keyObject,algorithm,mode) \ +- sss_mbedtls_aead_context_init(((sss_mbedtls_aead_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ +- sss_mbedtls_aead_one_go(((sss_mbedtls_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) +-# define sss_host_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ +- sss_mbedtls_aead_init(((sss_mbedtls_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) +-# define sss_host_aead_update_aad(context,aadData,aadDataLen) \ +- sss_mbedtls_aead_update_aad(((sss_mbedtls_aead_t * ) context),(aadData),(aadDataLen)) +-# define sss_host_aead_update(context,srcData,srcLen,destData,destLen) \ +- sss_mbedtls_aead_update(((sss_mbedtls_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ +- sss_mbedtls_aead_finish(((sss_mbedtls_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) +-# define sss_host_aead_context_free(context) \ +- sss_mbedtls_aead_context_free(((sss_mbedtls_aead_t * ) context)) +- /* Host Call : mac */ +-# define sss_host_mac_context_init(context,session,keyObject,algorithm,mode) \ +- sss_mbedtls_mac_context_init(((sss_mbedtls_mac_t * ) context),((sss_mbedtls_session_t * ) session),((sss_mbedtls_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_mac_one_go(context,message,messageLen,mac,macLen) \ +- sss_mbedtls_mac_one_go(((sss_mbedtls_mac_t * ) context),(message),(messageLen),(mac),(macLen)) +-# define sss_host_mac_init(context) \ +- sss_mbedtls_mac_init(((sss_mbedtls_mac_t * ) context)) +-# define sss_host_mac_update(context,message,messageLen) \ +- sss_mbedtls_mac_update(((sss_mbedtls_mac_t * ) context),(message),(messageLen)) +-# define sss_host_mac_finish(context,mac,macLen) \ +- sss_mbedtls_mac_finish(((sss_mbedtls_mac_t * ) context),(mac),(macLen)) +-# define sss_host_mac_context_free(context) \ +- sss_mbedtls_mac_context_free(((sss_mbedtls_mac_t * ) context)) +- /* Host Call : md */ +-# define sss_host_digest_context_init(context,session,algorithm,mode) \ +- sss_mbedtls_digest_context_init(((sss_mbedtls_digest_t * ) context),((sss_mbedtls_session_t * ) session),(algorithm),(mode)) +-# define sss_host_digest_one_go(context,message,messageLen,digest,digestLen) \ +- sss_mbedtls_digest_one_go(((sss_mbedtls_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) +-# define sss_host_digest_init(context) \ +- sss_mbedtls_digest_init(((sss_mbedtls_digest_t * ) context)) +-# define sss_host_digest_update(context,message,messageLen) \ +- sss_mbedtls_digest_update(((sss_mbedtls_digest_t * ) context),(message),(messageLen)) +-# define sss_host_digest_finish(context,digest,digestLen) \ +- sss_mbedtls_digest_finish(((sss_mbedtls_digest_t * ) context),(digest),(digestLen)) +-# define sss_host_digest_context_free(context) \ +- sss_mbedtls_digest_context_free(((sss_mbedtls_digest_t * ) context)) +- /* Host Call : rng */ +-# define sss_host_rng_context_init(context,session) \ +- sss_mbedtls_rng_context_init(((sss_mbedtls_rng_context_t * ) context),((sss_mbedtls_session_t * ) session)) +-# define sss_host_rng_get_random(context,random_data,dataLen) \ +- sss_mbedtls_rng_get_random(((sss_mbedtls_rng_context_t * ) context),(random_data),(dataLen)) +-# define sss_host_rng_context_free(context) \ +- sss_mbedtls_rng_context_free(((sss_mbedtls_rng_context_t * ) context)) +-# endif /* (SSS_HAVE_SSS == 1) */ +-/* clang-format on */ +-#endif /* SSS_HAVE_MBEDTLS */ +-#ifdef __cplusplus +-} // extern "C" +-#endif /* __cplusplus */ +- +-#endif /* FSL_SSS_MBEDTLS_APIS_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_types.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_types.h +deleted file mode 100644 +index 1d090753a0..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_mbedtls_types.h ++++ /dev/null +@@ -1,253 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef SSS_APIS_INC_FSL_SSS_MBEDTLS_TYPES_H_ +-#define SSS_APIS_INC_FSL_SSS_MBEDTLS_TYPES_H_ +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#include +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_MBEDTLS +- +-#if !defined(MBEDTLS_CONFIG_FILE) +-#include "mbedtls/config.h" +-#else +-#include MBEDTLS_CONFIG_FILE +-#endif +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-/** +- * @addtogroup sss_sw_mbedtls +- * @{ +- */ +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +- +-#define SSS_SUBSYSTEM_TYPE_IS_MBEDTLS(subsystem) (subsystem == kType_SSS_mbedTLS) +- +-#define SSS_SESSION_TYPE_IS_MBEDTLS(session) (session && SSS_SUBSYSTEM_TYPE_IS_MBEDTLS(session->subsystem)) +- +-#define SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore) (keyStore && SSS_SESSION_TYPE_IS_MBEDTLS(keyStore->session)) +- +-#define SSS_OBJECT_TYPE_IS_MBEDTLS(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_MBEDTLS(pObject->keyStore)) +- +-#define SSS_ASYMMETRIC_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) +- +-#define SSS_DERIVE_KEY_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) +- +-#define SSS_SYMMETRIC_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) +- +-#define SSS_MAC_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) +- +-#define SSS_RNG_CONTEXT_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) +- +-#define SSS_DIGEST_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) +- +-#define SSS_AEAD_TYPE_IS_MBEDTLS(context) (context && SSS_SESSION_TYPE_IS_MBEDTLS(context->session)) +- +-/* ************************************************************************** */ +-/* Structrues and Typedefs */ +-/* ************************************************************************** */ +- +-struct _sss_mbedtls_session; +- +-typedef struct _sss_mbedtls_session +-{ +- /*! Indicates which security subsystem is selected to be used. */ +- sss_type_t subsystem; +- +- mbedtls_entropy_context *entropy; +- mbedtls_ctr_drbg_context *ctr_drbg; +- +-#ifdef MBEDTLS_FS_IO +- /* Root Path for persitant key store */ +- const char *szRootPath; +-#endif +-} sss_mbedtls_session_t; +- +-struct _sss_mbedtls_object; +- +-typedef struct _sss_mbedtls_key_store +-{ +- sss_mbedtls_session_t *session; +- +-#ifdef MBEDTLS_FS_IO +- /*! Implementation specific part */ +- struct _sss_mbedtls_object **objects; +- uint32_t max_object_count; +- +- keyStoreTable_t *keystore_shadow; +-#endif +-} sss_mbedtls_key_store_t; +- +-typedef struct _sss_mbedtls_object +-{ +- /*! key store holding the data and other properties */ +- sss_mbedtls_key_store_t *keyStore; +- /*! Object types */ +- uint32_t objectType; +- uint32_t cipherType; +- /*! Application specific key identifier. The keyId is kept in the key store +- * along with the key data and other properties. */ +- uint32_t keyId; +- +- /*! Implementation specific part */ +- /** Contents are malloced, so must be freed */ +- uint32_t contents_must_free : 1; +- /** Type of key. Persistnet/trainsient @ref sss_key_object_mode_t */ +- uint32_t keyMode : 3; +- /** Max size allocated */ +- size_t contents_max_size; +- size_t contents_size; +- size_t keyBitLen; +- uint32_t user_id; +- sss_mode_t purpose; +- sss_access_permission_t accessRights; +- /* malloced / referenced contents */ +- void *contents; +-} sss_mbedtls_object_t; +- +-typedef struct _sss_mbedtls_derive_key +-{ +- sss_mbedtls_session_t *session; +- sss_mbedtls_object_t *keyObject; +- sss_algorithm_t algorithm; /*! */ +- sss_mode_t mode; /*! */ +- +-} sss_mbedtls_derive_key_t; +- +-typedef struct _sss_mbedtls_asymmetric +-{ +- sss_mbedtls_session_t *session; +- sss_mbedtls_object_t *keyObject; +- sss_algorithm_t algorithm; /*! */ +- sss_mode_t mode; /*! */ +- +-} sss_mbedtls_asymmetric_t; +- +-typedef struct _sss_mbedtls_symmetric +-{ +- /*! Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_mbedtls_session_t *session; +- sss_mbedtls_object_t *keyObject; /*!< Reference to key and it's properties. */ +- sss_algorithm_t algorithm; /*! */ +- sss_mode_t mode; /*! */ +- mbedtls_cipher_context_t *cipher_ctx; +- uint8_t cache_data[16]; +- size_t cache_data_len; +- +-} sss_mbedtls_symmetric_t; +- +-typedef struct _sss_mbedtls_mac +-{ +- sss_mbedtls_session_t *session; +- sss_mbedtls_object_t *keyObject; /*! Reference to key and it's properties. */ +- sss_algorithm_t algorithm; /*! */ +- sss_mode_t mode; /*! */ +- +- /*! Implementation specific part */ +- mbedtls_cipher_context_t *cipher_ctx; /*For init- update -finish*/ +- mbedtls_md_context_t *HmacCtx; +-} sss_mbedtls_mac_t; +- +-typedef struct _sss_mbedtls_aead +-{ +- /*! Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_mbedtls_session_t *session; +- sss_mbedtls_object_t *keyObject; /*!< Reference to key and it's properties. */ +- sss_algorithm_t algorithm; /*!< */ +- sss_mode_t mode; /*!< */ +- +- /*! Implementation specific part */ +- mbedtls_gcm_context *gcm_ctx; /*!< Reference to gcm context. */ +- mbedtls_ccm_context *ccm_ctx; /*!< Reference to ccm context. */ +- uint8_t *pNonce; /*!< Reference to IV. */ +- size_t nonceLen; /*!< Store IV len. */ +- const uint8_t *pCcm_aad; /*!< Reference to AAD */ +- size_t ccm_aadLen; /*!< Store AAD len. */ +- uint8_t *pCcm_data; /*!< Ref to CCM data dynamic allocated.. */ +- size_t ccm_dataTotalLen; /*!< Store CCM data total len. */ +- size_t ccm_dataoffset; /*!< Store CCM data offset. */ +- uint8_t cache_data[16]; /*!< Cache for GCM data */ +- size_t cache_data_len; /*!< Store GCM Cache len*/ +-} sss_mbedtls_aead_t; +- +-typedef struct _sss_mbedtls_digest +-{ +- /*! Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_mbedtls_session_t *session; +- sss_algorithm_t algorithm; /*!< */ +- sss_mode_t mode; /*!< */ +- /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ +- size_t digestFullLen; +- /*! Implementation specific part */ +- mbedtls_md_context_t md_ctx; +-} sss_mbedtls_digest_t; +- +-typedef struct +-{ +- sss_mbedtls_session_t *session; +- +-} sss_mbedtls_rng_context_t; +- +-#define sss_mbedtls_tunnel_t sss_tunnel_t +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +- +-#ifdef MBEDTLS_FS_IO +- +-/** Store key inside persistant key store */ +-sss_status_t ks_mbedtls_store_key(const sss_mbedtls_object_t *sss_key); +- +-sss_status_t ks_mbedtls_load_key(sss_mbedtls_object_t *sss_key, keyStoreTable_t *keystore_shadow, uint32_t extKeyId); +- +-sss_status_t ks_mbedtls_remove_key(const sss_mbedtls_object_t *sss_key); +- +-sss_status_t ks_mbedtls_fat_update(sss_mbedtls_key_store_t *keyStore); +- +-#endif /* MBEDTLS_FS_IO */ +- +-/* Low Level API Key object create */ +-sss_status_t ks_mbedtls_key_object_create(sss_mbedtls_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t keyMode); +- +-/** @} */ +- +-#endif /* SSS_HAVE_MBEDTLS */ +- +-#endif /* SSS_APIS_INC_FSL_SSS_MBEDTLS_TYPES_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_apis.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_apis.h +deleted file mode 100644 +index b4e02131d2..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_apis.h ++++ /dev/null +@@ -1,839 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef FSL_SSS_OPENSSL_APIS_H +-#define FSL_SSS_OPENSSL_APIS_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif /* __cplusplus */ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_OPENSSL +-#include +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +-/** +- * @addtogroup sss_openssl_session +- * @{ +- */ +-/** @copydoc sss_session_create +- * +- */ +-sss_status_t sss_openssl_session_create(sss_openssl_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData); +- +-/** @copydoc sss_session_open +- * +- */ +-sss_status_t sss_openssl_session_open(sss_openssl_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData); +- +-/** @copydoc sss_session_prop_get_u32 +- * +- */ +-sss_status_t sss_openssl_session_prop_get_u32(sss_openssl_session_t *session, uint32_t property, uint32_t *pValue); +- +-/** @copydoc sss_session_prop_get_au8 +- * +- */ +-sss_status_t sss_openssl_session_prop_get_au8( +- sss_openssl_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); +- +-/** @copydoc sss_session_close +- * +- */ +-void sss_openssl_session_close(sss_openssl_session_t *session); +- +-/** @copydoc sss_session_delete +- * +- */ +-void sss_openssl_session_delete(sss_openssl_session_t *session); +- +-/*! @} */ /* end of : sss_openssl_session */ +- +-/** +- * @addtogroup sss_openssl_keyobj +- * @{ +- */ +-/** @copydoc sss_key_object_init +- * +- */ +-sss_status_t sss_openssl_key_object_init(sss_openssl_object_t *keyObject, sss_openssl_key_store_t *keyStore); +- +-/** @copydoc sss_key_object_allocate_handle +- * +- */ +-sss_status_t sss_openssl_key_object_allocate_handle(sss_openssl_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t options); +- +-/** @copydoc sss_key_object_get_handle +- * +- */ +-sss_status_t sss_openssl_key_object_get_handle(sss_openssl_object_t *keyObject, uint32_t keyId); +- +-/** @copydoc sss_key_object_set_user +- * +- */ +-sss_status_t sss_openssl_key_object_set_user(sss_openssl_object_t *keyObject, uint32_t user, uint32_t options); +- +-/** @copydoc sss_key_object_set_purpose +- * +- */ +-sss_status_t sss_openssl_key_object_set_purpose(sss_openssl_object_t *keyObject, sss_mode_t purpose, uint32_t options); +- +-/** @copydoc sss_key_object_set_access +- * +- */ +-sss_status_t sss_openssl_key_object_set_access(sss_openssl_object_t *keyObject, uint32_t access, uint32_t options); +- +-/** @copydoc sss_key_object_set_eccgfp_group +- * +- */ +-sss_status_t sss_openssl_key_object_set_eccgfp_group(sss_openssl_object_t *keyObject, sss_eccgfp_group_t *group); +- +-/** @copydoc sss_key_object_get_user +- * +- */ +-sss_status_t sss_openssl_key_object_get_user(sss_openssl_object_t *keyObject, uint32_t *user); +- +-/** @copydoc sss_key_object_get_purpose +- * +- */ +-sss_status_t sss_openssl_key_object_get_purpose(sss_openssl_object_t *keyObject, sss_mode_t *purpose); +- +-/** @copydoc sss_key_object_get_access +- * +- */ +-sss_status_t sss_openssl_key_object_get_access(sss_openssl_object_t *keyObject, uint32_t *access); +- +-/** @copydoc sss_key_object_free +- * +- */ +-void sss_openssl_key_object_free(sss_openssl_object_t *keyObject); +- +-/*! @} */ /* end of : sss_openssl_keyobj */ +- +-/** +- * @addtogroup sss_openssl_keyderive +- * @{ +- */ +-/** @copydoc sss_derive_key_context_init +- * +- */ +-sss_status_t sss_openssl_derive_key_context_init(sss_openssl_derive_key_t *context, +- sss_openssl_session_t *session, +- sss_openssl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_derive_key_one_go +-* +-*/ +-sss_status_t sss_openssl_derive_key_one_go(sss_openssl_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_openssl_object_t *derivedKeyObject, +- uint16_t deriveDataLen); +- +-/** @copydoc sss_derive_key_sobj_one_go +-* +-*/ +-sss_status_t sss_openssl_derive_key_sobj_one_go(sss_openssl_derive_key_t *context, +- sss_openssl_object_t *saltKeyObject, +- const uint8_t *info, +- size_t infoLen, +- sss_openssl_object_t *derivedKeyObject, +- uint16_t deriveDataLen); +- +-/** @copydoc sss_derive_key_go +- * +- */ +-sss_status_t sss_openssl_derive_key_go(sss_openssl_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_openssl_object_t *derivedKeyObject, +- uint16_t deriveDataLen, +- uint8_t *hkdfOutput, +- size_t *hkdfOutputLen); +- +-/** @copydoc sss_derive_key_dh +- * +- */ +-sss_status_t sss_openssl_derive_key_dh(sss_openssl_derive_key_t *context, +- sss_openssl_object_t *otherPartyKeyObject, +- sss_openssl_object_t *derivedKeyObject); +- +-/** @copydoc sss_derive_key_context_free +- * +- */ +-void sss_openssl_derive_key_context_free(sss_openssl_derive_key_t *context); +- +-/*! @} */ /* end of : sss_openssl_keyderive */ +- +-/** +- * @addtogroup sss_openssl_keystore +- * @{ +- */ +-/** @copydoc sss_key_store_context_init +- * +- */ +-sss_status_t sss_openssl_key_store_context_init(sss_openssl_key_store_t *keyStore, sss_openssl_session_t *session); +- +-/** @copydoc sss_key_store_allocate +- * +- */ +-sss_status_t sss_openssl_key_store_allocate(sss_openssl_key_store_t *keyStore, uint32_t keyStoreId); +- +-/** @copydoc sss_key_store_save +- * +- */ +-sss_status_t sss_openssl_key_store_save(sss_openssl_key_store_t *keyStore); +- +-/** @copydoc sss_key_store_load +- * +- */ +-sss_status_t sss_openssl_key_store_load(sss_openssl_key_store_t *keyStore); +- +-/** @copydoc sss_key_store_set_key +- * +- */ +-sss_status_t sss_openssl_key_store_set_key(sss_openssl_key_store_t *keyStore, +- sss_openssl_object_t *keyObject, +- const uint8_t *data, +- size_t dataLen, +- size_t keyBitLen, +- void *options, +- size_t optionsLen); +- +-/** @copydoc sss_key_store_generate_key +- * +- */ +-sss_status_t sss_openssl_key_store_generate_key( +- sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject, size_t keyBitLen, void *options); +- +-/** @copydoc sss_key_store_get_key +- * +- */ +-sss_status_t sss_openssl_key_store_get_key(sss_openssl_key_store_t *keyStore, +- sss_openssl_object_t *keyObject, +- uint8_t *data, +- size_t *dataLen, +- size_t *pKeyBitLen); +- +-/** @copydoc sss_key_store_open_key +- * +- */ +-sss_status_t sss_openssl_key_store_open_key(sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject); +- +-/** @copydoc sss_key_store_freeze_key +- * +- */ +-sss_status_t sss_openssl_key_store_freeze_key(sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject); +- +-/** @copydoc sss_key_store_erase_key +- * +- */ +-sss_status_t sss_openssl_key_store_erase_key(sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject); +- +-/** @copydoc sss_key_store_context_free +- * +- */ +-void sss_openssl_key_store_context_free(sss_openssl_key_store_t *keyStore); +- +-/*! @} */ /* end of : sss_openssl_keystore */ +- +-/** +- * @addtogroup sss_openssl_asym +- * @{ +- */ +-/** @copydoc sss_asymmetric_context_init +- * +- */ +-sss_status_t sss_openssl_asymmetric_context_init(sss_openssl_asymmetric_t *context, +- sss_openssl_session_t *session, +- sss_openssl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_asymmetric_encrypt +- * +- */ +-sss_status_t sss_openssl_asymmetric_encrypt( +- sss_openssl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_asymmetric_decrypt +- * +- */ +-sss_status_t sss_openssl_asymmetric_decrypt( +- sss_openssl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_asymmetric_sign_digest +- * +- */ +-sss_status_t sss_openssl_asymmetric_sign_digest( +- sss_openssl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); +- +-/** @copydoc sss_asymmetric_verify_digest +- * +- */ +-sss_status_t sss_openssl_asymmetric_verify_digest( +- sss_openssl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); +- +-/** @copydoc sss_asymmetric_context_free +- * +- */ +-void sss_openssl_asymmetric_context_free(sss_openssl_asymmetric_t *context); +- +-/*! @} */ /* end of : sss_openssl_asym */ +- +-/** +- * @addtogroup sss_openssl_symm +- * @{ +- */ +-/** @copydoc sss_symmetric_context_init +- * +- */ +-sss_status_t sss_openssl_symmetric_context_init(sss_openssl_symmetric_t *context, +- sss_openssl_session_t *session, +- sss_openssl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_cipher_one_go +- * +- */ +-sss_status_t sss_openssl_cipher_one_go(sss_openssl_symmetric_t *context, +- uint8_t *iv, +- size_t ivLen, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t dataLen); +- +-/** @copydoc sss_cipher_init +- * +- */ +-sss_status_t sss_openssl_cipher_init(sss_openssl_symmetric_t *context, uint8_t *iv, size_t ivLen); +- +-/** @copydoc sss_cipher_update +- * +- */ +-sss_status_t sss_openssl_cipher_update( +- sss_openssl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_cipher_finish +- * +- */ +-sss_status_t sss_openssl_cipher_finish( +- sss_openssl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_cipher_crypt_ctr +- * +- */ +-sss_status_t sss_openssl_cipher_crypt_ctr(sss_openssl_symmetric_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *initialCounter, +- uint8_t *lastEncryptedCounter, +- size_t *szLeft); +- +-/** @copydoc sss_symmetric_context_free +- * +- */ +-void sss_openssl_symmetric_context_free(sss_openssl_symmetric_t *context); +- +-/*! @} */ /* end of : sss_openssl_symm */ +- +-/** +- * @addtogroup sss_openssl_aead +- * @{ +- */ +-/** @copydoc sss_aead_context_init +- * +- */ +-sss_status_t sss_openssl_aead_context_init(sss_openssl_aead_t *context, +- sss_openssl_session_t *session, +- sss_openssl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_aead_one_go +- * +- */ +-sss_status_t sss_openssl_aead_one_go(sss_openssl_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen); +- +-/** @copydoc sss_aead_init +- * +- */ +-sss_status_t sss_openssl_aead_init( +- sss_openssl_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); +- +-/** @copydoc sss_aead_update_aad +- * +- */ +-sss_status_t sss_openssl_aead_update_aad(sss_openssl_aead_t *context, const uint8_t *aadData, size_t aadDataLen); +- +-/** @copydoc sss_aead_update +- * +- */ +-sss_status_t sss_openssl_aead_update( +- sss_openssl_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_aead_finish +- * +- */ +-sss_status_t sss_openssl_aead_finish(sss_openssl_aead_t *context, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen, +- uint8_t *tag, +- size_t *tagLen); +- +-/** @copydoc sss_aead_context_free +- * +- */ +-void sss_openssl_aead_context_free(sss_openssl_aead_t *context); +- +-/*! @} */ /* end of : sss_openssl_aead */ +- +-/** +- * @addtogroup sss_openssl_mac +- * @{ +- */ +-/** @copydoc sss_mac_context_init +- * +- */ +-sss_status_t sss_openssl_mac_context_init(sss_openssl_mac_t *context, +- sss_openssl_session_t *session, +- sss_openssl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_mac_one_go +- * +- */ +-sss_status_t sss_openssl_mac_one_go( +- sss_openssl_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); +- +-/** @copydoc sss_mac_init +- * +- */ +-sss_status_t sss_openssl_mac_init(sss_openssl_mac_t *context); +- +-/** @copydoc sss_mac_update +- * +- */ +-sss_status_t sss_openssl_mac_update(sss_openssl_mac_t *context, const uint8_t *message, size_t messageLen); +- +-/** @copydoc sss_mac_finish +- * +- */ +-sss_status_t sss_openssl_mac_finish(sss_openssl_mac_t *context, uint8_t *mac, size_t *macLen); +- +-/** @copydoc sss_mac_context_free +- * +- */ +-void sss_openssl_mac_context_free(sss_openssl_mac_t *context); +- +-/*! @} */ /* end of : sss_openssl_mac */ +- +-/** +- * @addtogroup sss_openssl_md +- * @{ +- */ +-/** @copydoc sss_digest_context_init +- * +- */ +-sss_status_t sss_openssl_digest_context_init( +- sss_openssl_digest_t *context, sss_openssl_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); +- +-/** @copydoc sss_digest_one_go +- * +- */ +-sss_status_t sss_openssl_digest_one_go( +- sss_openssl_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); +- +-/** @copydoc sss_digest_init +- * +- */ +-sss_status_t sss_openssl_digest_init(sss_openssl_digest_t *context); +- +-/** @copydoc sss_digest_update +- * +- */ +-sss_status_t sss_openssl_digest_update(sss_openssl_digest_t *context, const uint8_t *message, size_t messageLen); +- +-/** @copydoc sss_digest_finish +- * +- */ +-sss_status_t sss_openssl_digest_finish(sss_openssl_digest_t *context, uint8_t *digest, size_t *digestLen); +- +-/** @copydoc sss_digest_context_free +- * +- */ +-void sss_openssl_digest_context_free(sss_openssl_digest_t *context); +- +-/*! @} */ /* end of : sss_openssl_md */ +- +-/** +- * @addtogroup sss_openssl_rng +- * @{ +- */ +-/** @copydoc sss_rng_context_init +- * +- */ +-sss_status_t sss_openssl_rng_context_init(sss_openssl_rng_context_t *context, sss_openssl_session_t *session); +- +-/** @copydoc sss_rng_get_random +- * +- */ +-sss_status_t sss_openssl_rng_get_random(sss_openssl_rng_context_t *context, uint8_t *random_data, size_t dataLen); +- +-/** @copydoc sss_rng_context_free +- * +- */ +-sss_status_t sss_openssl_rng_context_free(sss_openssl_rng_context_t *context); +- +-/*! @} */ /* end of : sss_openssl_rng */ +- +-/* clang-format off */ +-# if (SSS_HAVE_SSS == 1) +- /* Direct Call : session */ +-# define sss_session_create(session,subsystem,application_id,connection_type,connectionData) \ +- sss_openssl_session_create(((sss_openssl_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) +-# define sss_session_open(session,subsystem,application_id,connection_type,connectionData) \ +- sss_openssl_session_open(((sss_openssl_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) +-# define sss_session_prop_get_u32(session,property,pValue) \ +- sss_openssl_session_prop_get_u32(((sss_openssl_session_t * ) session),(property),(pValue)) +-# define sss_session_prop_get_au8(session,property,pValue,pValueLen) \ +- sss_openssl_session_prop_get_au8(((sss_openssl_session_t * ) session),(property),(pValue),(pValueLen)) +-# define sss_session_close(session) \ +- sss_openssl_session_close(((sss_openssl_session_t * ) session)) +-# define sss_session_delete(session) \ +- sss_openssl_session_delete(((sss_openssl_session_t * ) session)) +- /* Direct Call : keyobj */ +-# define sss_key_object_init(keyObject,keyStore) \ +- sss_openssl_key_object_init(((sss_openssl_object_t * ) keyObject),((sss_openssl_key_store_t * ) keyStore)) +-# define sss_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ +- sss_openssl_key_object_allocate_handle(((sss_openssl_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) +-# define sss_key_object_get_handle(keyObject,keyId) \ +- sss_openssl_key_object_get_handle(((sss_openssl_object_t * ) keyObject),(keyId)) +-# define sss_key_object_set_user(keyObject,user,options) \ +- sss_openssl_key_object_set_user(((sss_openssl_object_t * ) keyObject),(user),(options)) +-# define sss_key_object_set_purpose(keyObject,purpose,options) \ +- sss_openssl_key_object_set_purpose(((sss_openssl_object_t * ) keyObject),(purpose),(options)) +-# define sss_key_object_set_access(keyObject,access,options) \ +- sss_openssl_key_object_set_access(((sss_openssl_object_t * ) keyObject),(access),(options)) +-# define sss_key_object_set_eccgfp_group(keyObject,group) \ +- sss_openssl_key_object_set_eccgfp_group(((sss_openssl_object_t * ) keyObject),(group)) +-# define sss_key_object_get_user(keyObject,user) \ +- sss_openssl_key_object_get_user(((sss_openssl_object_t * ) keyObject),(user)) +-# define sss_key_object_get_purpose(keyObject,purpose) \ +- sss_openssl_key_object_get_purpose(((sss_openssl_object_t * ) keyObject),(purpose)) +-# define sss_key_object_get_access(keyObject,access) \ +- sss_openssl_key_object_get_access(((sss_openssl_object_t * ) keyObject),(access)) +-# define sss_key_object_free(keyObject) \ +- sss_openssl_key_object_free(((sss_openssl_object_t * ) keyObject)) +- /* Direct Call : keyderive */ +-# define sss_derive_key_context_init(context,session,keyObject,algorithm,mode) \ +- sss_openssl_derive_key_context_init(((sss_openssl_derive_key_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_derive_key_one_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen) \ +- sss_openssl_derive_key_one_go(((sss_openssl_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen)) +-# define sss_derive_key_sobj_one_go(context,saltKeyObject,info,infoLen,derivedKeyObject,deriveDataLen) \ +- sss_openssl_derive_key_sobj_one_go(((sss_openssl_derive_key_t * ) context),((sss_openssl_object_t *)saltKeyObject),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen)) +-# define sss_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ +- sss_openssl_derive_key_go(((sss_openssl_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) +-# define sss_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ +- sss_openssl_derive_key_dh(((sss_openssl_derive_key_t * ) context),((sss_openssl_object_t * ) otherPartyKeyObject),((sss_openssl_object_t * ) derivedKeyObject)) +-# define sss_derive_key_context_free(context) \ +- sss_openssl_derive_key_context_free(((sss_openssl_derive_key_t * ) context)) +- /* Direct Call : keystore */ +-# define sss_key_store_context_init(keyStore,session) \ +- sss_openssl_key_store_context_init(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_session_t * ) session)) +-# define sss_key_store_allocate(keyStore,keyStoreId) \ +- sss_openssl_key_store_allocate(((sss_openssl_key_store_t * ) keyStore),(keyStoreId)) +-# define sss_key_store_save(keyStore) \ +- sss_openssl_key_store_save(((sss_openssl_key_store_t * ) keyStore)) +-# define sss_key_store_load(keyStore) \ +- sss_openssl_key_store_load(((sss_openssl_key_store_t * ) keyStore)) +-# define sss_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ +- sss_openssl_key_store_set_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) +-# define sss_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ +- sss_openssl_key_store_generate_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(keyBitLen),(options)) +-# define sss_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ +- sss_openssl_key_store_get_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) +-# define sss_key_store_open_key(keyStore,keyObject) \ +- sss_openssl_key_store_open_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) +-# define sss_key_store_freeze_key(keyStore,keyObject) \ +- sss_openssl_key_store_freeze_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) +-# define sss_key_store_erase_key(keyStore,keyObject) \ +- sss_openssl_key_store_erase_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) +-# define sss_key_store_context_free(keyStore) \ +- sss_openssl_key_store_context_free(((sss_openssl_key_store_t * ) keyStore)) +- /* Direct Call : asym */ +-# define sss_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ +- sss_openssl_asymmetric_context_init(((sss_openssl_asymmetric_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ +- sss_openssl_asymmetric_encrypt(((sss_openssl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ +- sss_openssl_asymmetric_decrypt(((sss_openssl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ +- sss_openssl_asymmetric_sign_digest(((sss_openssl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) +-# define sss_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ +- sss_openssl_asymmetric_verify_digest(((sss_openssl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) +-# define sss_asymmetric_context_free(context) \ +- sss_openssl_asymmetric_context_free(((sss_openssl_asymmetric_t * ) context)) +- /* Direct Call : symm */ +-# define sss_symmetric_context_init(context,session,keyObject,algorithm,mode) \ +- sss_openssl_symmetric_context_init(((sss_openssl_symmetric_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ +- sss_openssl_cipher_one_go(((sss_openssl_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) +-# define sss_cipher_init(context,iv,ivLen) \ +- sss_openssl_cipher_init(((sss_openssl_symmetric_t * ) context),(iv),(ivLen)) +-# define sss_cipher_update(context,srcData,srcLen,destData,destLen) \ +- sss_openssl_cipher_update(((sss_openssl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_cipher_finish(context,srcData,srcLen,destData,destLen) \ +- sss_openssl_cipher_finish(((sss_openssl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ +- sss_openssl_cipher_crypt_ctr(((sss_openssl_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) +-# define sss_symmetric_context_free(context) \ +- sss_openssl_symmetric_context_free(((sss_openssl_symmetric_t * ) context)) +- /* Direct Call : aead */ +-# define sss_aead_context_init(context,session,keyObject,algorithm,mode) \ +- sss_openssl_aead_context_init(((sss_openssl_aead_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ +- sss_openssl_aead_one_go(((sss_openssl_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) +-# define sss_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ +- sss_openssl_aead_init(((sss_openssl_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) +-# define sss_aead_update_aad(context,aadData,aadDataLen) \ +- sss_openssl_aead_update_aad(((sss_openssl_aead_t * ) context),(aadData),(aadDataLen)) +-# define sss_aead_update(context,srcData,srcLen,destData,destLen) \ +- sss_openssl_aead_update(((sss_openssl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ +- sss_openssl_aead_finish(((sss_openssl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) +-# define sss_aead_context_free(context) \ +- sss_openssl_aead_context_free(((sss_openssl_aead_t * ) context)) +- /* Direct Call : mac */ +-# define sss_mac_context_init(context,session,keyObject,algorithm,mode) \ +- sss_openssl_mac_context_init(((sss_openssl_mac_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_mac_one_go(context,message,messageLen,mac,macLen) \ +- sss_openssl_mac_one_go(((sss_openssl_mac_t * ) context),(message),(messageLen),(mac),(macLen)) +-# define sss_mac_init(context) \ +- sss_openssl_mac_init(((sss_openssl_mac_t * ) context)) +-# define sss_mac_update(context,message,messageLen) \ +- sss_openssl_mac_update(((sss_openssl_mac_t * ) context),(message),(messageLen)) +-# define sss_mac_finish(context,mac,macLen) \ +- sss_openssl_mac_finish(((sss_openssl_mac_t * ) context),(mac),(macLen)) +-# define sss_mac_context_free(context) \ +- sss_openssl_mac_context_free(((sss_openssl_mac_t * ) context)) +- /* Direct Call : md */ +-# define sss_digest_context_init(context,session,algorithm,mode) \ +- sss_openssl_digest_context_init(((sss_openssl_digest_t * ) context),((sss_openssl_session_t * ) session),(algorithm),(mode)) +-# define sss_digest_one_go(context,message,messageLen,digest,digestLen) \ +- sss_openssl_digest_one_go(((sss_openssl_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) +-# define sss_digest_init(context) \ +- sss_openssl_digest_init(((sss_openssl_digest_t * ) context)) +-# define sss_digest_update(context,message,messageLen) \ +- sss_openssl_digest_update(((sss_openssl_digest_t * ) context),(message),(messageLen)) +-# define sss_digest_finish(context,digest,digestLen) \ +- sss_openssl_digest_finish(((sss_openssl_digest_t * ) context),(digest),(digestLen)) +-# define sss_digest_context_free(context) \ +- sss_openssl_digest_context_free(((sss_openssl_digest_t * ) context)) +- /* Direct Call : rng */ +-# define sss_rng_context_init(context,session) \ +- sss_openssl_rng_context_init(((sss_openssl_rng_context_t * ) context),((sss_openssl_session_t * ) session)) +-# define sss_rng_get_random(context,random_data,dataLen) \ +- sss_openssl_rng_get_random(((sss_openssl_rng_context_t * ) context),(random_data),(dataLen)) +-# define sss_rng_context_free(context) \ +- sss_openssl_rng_context_free(((sss_openssl_rng_context_t * ) context)) +-# endif /* (SSS_HAVE_SSS == 1) */ +-# if (SSS_HAVE_MBEDTLS == 0) +- /* Host Call : session */ +-# define sss_host_session_create(session,subsystem,application_id,connection_type,connectionData) \ +- sss_openssl_session_create(((sss_openssl_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) +-# define sss_host_session_open(session,subsystem,application_id,connection_type,connectionData) \ +- sss_openssl_session_open(((sss_openssl_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) +-# define sss_host_session_prop_get_u32(session,property,pValue) \ +- sss_openssl_session_prop_get_u32(((sss_openssl_session_t * ) session),(property),(pValue)) +-# define sss_host_session_prop_get_au8(session,property,pValue,pValueLen) \ +- sss_openssl_session_prop_get_au8(((sss_openssl_session_t * ) session),(property),(pValue),(pValueLen)) +-# define sss_host_session_close(session) \ +- sss_openssl_session_close(((sss_openssl_session_t * ) session)) +-# define sss_host_session_delete(session) \ +- sss_openssl_session_delete(((sss_openssl_session_t * ) session)) +- /* Host Call : keyobj */ +-# define sss_host_key_object_init(keyObject,keyStore) \ +- sss_openssl_key_object_init(((sss_openssl_object_t * ) keyObject),((sss_openssl_key_store_t * ) keyStore)) +-# define sss_host_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ +- sss_openssl_key_object_allocate_handle(((sss_openssl_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) +-# define sss_host_key_object_get_handle(keyObject,keyId) \ +- sss_openssl_key_object_get_handle(((sss_openssl_object_t * ) keyObject),(keyId)) +-# define sss_host_key_object_set_user(keyObject,user,options) \ +- sss_openssl_key_object_set_user(((sss_openssl_object_t * ) keyObject),(user),(options)) +-# define sss_host_key_object_set_purpose(keyObject,purpose,options) \ +- sss_openssl_key_object_set_purpose(((sss_openssl_object_t * ) keyObject),(purpose),(options)) +-# define sss_host_key_object_set_access(keyObject,access,options) \ +- sss_openssl_key_object_set_access(((sss_openssl_object_t * ) keyObject),(access),(options)) +-# define sss_host_key_object_set_eccgfp_group(keyObject,group) \ +- sss_openssl_key_object_set_eccgfp_group(((sss_openssl_object_t * ) keyObject),(group)) +-# define sss_host_key_object_get_user(keyObject,user) \ +- sss_openssl_key_object_get_user(((sss_openssl_object_t * ) keyObject),(user)) +-# define sss_host_key_object_get_purpose(keyObject,purpose) \ +- sss_openssl_key_object_get_purpose(((sss_openssl_object_t * ) keyObject),(purpose)) +-# define sss_host_key_object_get_access(keyObject,access) \ +- sss_openssl_key_object_get_access(((sss_openssl_object_t * ) keyObject),(access)) +-# define sss_host_key_object_free(keyObject) \ +- sss_openssl_key_object_free(((sss_openssl_object_t * ) keyObject)) +- /* Host Call : keyderive */ +-# define sss_host_derive_key_context_init(context,session,keyObject,algorithm,mode) \ +- sss_openssl_derive_key_context_init(((sss_openssl_derive_key_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_derive_key_one_go(context,saltData,saltLen,saltKeyObject,info,infoLen,derivedKeyObject,deriveDataLen) \ +- sss_openssl_derive_key_go(((sss_openssl_derive_key_t * ) context),(saltData),(saltLen),((sss_openssl_object_t *)saltKeyObject),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen)) +-# define sss_host_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ +- sss_openssl_derive_key_go(((sss_openssl_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_openssl_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) +-# define sss_host_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ +- sss_openssl_derive_key_dh(((sss_openssl_derive_key_t * ) context),((sss_openssl_object_t * ) otherPartyKeyObject),((sss_openssl_object_t * ) derivedKeyObject)) +-# define sss_host_derive_key_context_free(context) \ +- sss_openssl_derive_key_context_free(((sss_openssl_derive_key_t * ) context)) +- /* Host Call : keystore */ +-# define sss_host_key_store_context_init(keyStore,session) \ +- sss_openssl_key_store_context_init(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_session_t * ) session)) +-# define sss_host_key_store_allocate(keyStore,keyStoreId) \ +- sss_openssl_key_store_allocate(((sss_openssl_key_store_t * ) keyStore),(keyStoreId)) +-# define sss_host_key_store_save(keyStore) \ +- sss_openssl_key_store_save(((sss_openssl_key_store_t * ) keyStore)) +-# define sss_host_key_store_load(keyStore) \ +- sss_openssl_key_store_load(((sss_openssl_key_store_t * ) keyStore)) +-# define sss_host_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ +- sss_openssl_key_store_set_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) +-# define sss_host_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ +- sss_openssl_key_store_generate_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(keyBitLen),(options)) +-# define sss_host_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ +- sss_openssl_key_store_get_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) +-# define sss_host_key_store_open_key(keyStore,keyObject) \ +- sss_openssl_key_store_open_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) +-# define sss_host_key_store_freeze_key(keyStore,keyObject) \ +- sss_openssl_key_store_freeze_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) +-# define sss_host_key_store_erase_key(keyStore,keyObject) \ +- sss_openssl_key_store_erase_key(((sss_openssl_key_store_t * ) keyStore),((sss_openssl_object_t * ) keyObject)) +-# define sss_host_key_store_context_free(keyStore) \ +- sss_openssl_key_store_context_free(((sss_openssl_key_store_t * ) keyStore)) +- /* Host Call : asym */ +-# define sss_host_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ +- sss_openssl_asymmetric_context_init(((sss_openssl_asymmetric_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ +- sss_openssl_asymmetric_encrypt(((sss_openssl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ +- sss_openssl_asymmetric_decrypt(((sss_openssl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ +- sss_openssl_asymmetric_sign_digest(((sss_openssl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) +-# define sss_host_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ +- sss_openssl_asymmetric_verify_digest(((sss_openssl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) +-# define sss_host_asymmetric_context_free(context) \ +- sss_openssl_asymmetric_context_free(((sss_openssl_asymmetric_t * ) context)) +- /* Host Call : symm */ +-# define sss_host_symmetric_context_init(context,session,keyObject,algorithm,mode) \ +- sss_openssl_symmetric_context_init(((sss_openssl_symmetric_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ +- sss_openssl_cipher_one_go(((sss_openssl_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) +-# define sss_host_cipher_init(context,iv,ivLen) \ +- sss_openssl_cipher_init(((sss_openssl_symmetric_t * ) context),(iv),(ivLen)) +-# define sss_host_cipher_update(context,srcData,srcLen,destData,destLen) \ +- sss_openssl_cipher_update(((sss_openssl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_cipher_finish(context,srcData,srcLen,destData,destLen) \ +- sss_openssl_cipher_finish(((sss_openssl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ +- sss_openssl_cipher_crypt_ctr(((sss_openssl_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) +-# define sss_host_symmetric_context_free(context) \ +- sss_openssl_symmetric_context_free(((sss_openssl_symmetric_t * ) context)) +- /* Host Call : aead */ +-# define sss_host_aead_context_init(context,session,keyObject,algorithm,mode) \ +- sss_openssl_aead_context_init(((sss_openssl_aead_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ +- sss_openssl_aead_one_go(((sss_openssl_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) +-# define sss_host_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ +- sss_openssl_aead_init(((sss_openssl_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) +-# define sss_host_aead_update_aad(context,aadData,aadDataLen) \ +- sss_openssl_aead_update_aad(((sss_openssl_aead_t * ) context),(aadData),(aadDataLen)) +-# define sss_host_aead_update(context,srcData,srcLen,destData,destLen) \ +- sss_openssl_aead_update(((sss_openssl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ +- sss_openssl_aead_finish(((sss_openssl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) +-# define sss_host_aead_context_free(context) \ +- sss_openssl_aead_context_free(((sss_openssl_aead_t * ) context)) +- /* Host Call : mac */ +-# define sss_host_mac_context_init(context,session,keyObject,algorithm,mode) \ +- sss_openssl_mac_context_init(((sss_openssl_mac_t * ) context),((sss_openssl_session_t * ) session),((sss_openssl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_mac_one_go(context,message,messageLen,mac,macLen) \ +- sss_openssl_mac_one_go(((sss_openssl_mac_t * ) context),(message),(messageLen),(mac),(macLen)) +-# define sss_host_mac_init(context) \ +- sss_openssl_mac_init(((sss_openssl_mac_t * ) context)) +-# define sss_host_mac_update(context,message,messageLen) \ +- sss_openssl_mac_update(((sss_openssl_mac_t * ) context),(message),(messageLen)) +-# define sss_host_mac_finish(context,mac,macLen) \ +- sss_openssl_mac_finish(((sss_openssl_mac_t * ) context),(mac),(macLen)) +-# define sss_host_mac_context_free(context) \ +- sss_openssl_mac_context_free(((sss_openssl_mac_t * ) context)) +- /* Host Call : md */ +-# define sss_host_digest_context_init(context,session,algorithm,mode) \ +- sss_openssl_digest_context_init(((sss_openssl_digest_t * ) context),((sss_openssl_session_t * ) session),(algorithm),(mode)) +-# define sss_host_digest_one_go(context,message,messageLen,digest,digestLen) \ +- sss_openssl_digest_one_go(((sss_openssl_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) +-# define sss_host_digest_init(context) \ +- sss_openssl_digest_init(((sss_openssl_digest_t * ) context)) +-# define sss_host_digest_update(context,message,messageLen) \ +- sss_openssl_digest_update(((sss_openssl_digest_t * ) context),(message),(messageLen)) +-# define sss_host_digest_finish(context,digest,digestLen) \ +- sss_openssl_digest_finish(((sss_openssl_digest_t * ) context),(digest),(digestLen)) +-# define sss_host_digest_context_free(context) \ +- sss_openssl_digest_context_free(((sss_openssl_digest_t * ) context)) +- /* Host Call : rng */ +-# define sss_host_rng_context_init(context,session) \ +- sss_openssl_rng_context_init(((sss_openssl_rng_context_t * ) context),((sss_openssl_session_t * ) session)) +-# define sss_host_rng_get_random(context,random_data,dataLen) \ +- sss_openssl_rng_get_random(((sss_openssl_rng_context_t * ) context),(random_data),(dataLen)) +-# define sss_host_rng_context_free(context) \ +- sss_openssl_rng_context_free(((sss_openssl_rng_context_t * ) context)) +-# endif /* (SSS_HAVE_SSS == 1) */ +-/* clang-format on */ +-#endif /* SSS_HAVE_OPENSSL */ +-#ifdef __cplusplus +-} // extern "C" +-#endif /* __cplusplus */ +- +-#endif /* FSL_SSS_OPENSSL_APIS_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_types.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_types.h +deleted file mode 100644 +index f76bf5b39c..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_openssl_types.h ++++ /dev/null +@@ -1,239 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef SSS_APIS_INC_FSL_SSS_OPENSSL_TYPES_H_ +-#define SSS_APIS_INC_FSL_SSS_OPENSSL_TYPES_H_ +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#include +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_OPENSSL +- +-#include +-#include +-#include +-#include +-/** +- * @addtogroup sss_sw_openssl +- * @{ +- */ +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +- +-#define SSS_SUBSYSTEM_TYPE_IS_OPENSSL(subsystem) (subsystem == kType_SSS_OpenSSL) +- +-#define SSS_SESSION_TYPE_IS_OPENSSL(session) (session && SSS_SUBSYSTEM_TYPE_IS_OPENSSL(session->subsystem)) +- +-#define SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore) (keyStore && SSS_SESSION_TYPE_IS_OPENSSL(keyStore->session)) +- +-#define SSS_OBJECT_TYPE_IS_OPENSSL(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_OPENSSL(pObject->keyStore)) +- +-#define SSS_ASYMMETRIC_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) +- +-#define SSS_DERIVE_KEY_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) +- +-#define SSS_SYMMETRIC_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) +- +-#define SSS_MAC_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) +- +-#define SSS_RNG_CONTEXT_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) +- +-#define SSS_DIGEST_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) +- +-#define SSS_AEAD_TYPE_IS_OPENSSL(context) (context && SSS_SESSION_TYPE_IS_OPENSSL(context->session)) +- +-/* ************************************************************************** */ +-/* Structrues and Typedefs */ +-/* ************************************************************************** */ +- +-struct _sss_openssl_session; +- +-typedef struct _sss_openssl_session +-{ +- /*! Indicates which security subsystem is selected to be used. */ +- sss_type_t subsystem; +- +- /* Root Path for persitant key store */ +- const char *szRootPath; +-} sss_openssl_session_t; +- +-struct _sss_openssl_object; +- +-typedef struct _sss_openssl_key_store +-{ +- sss_openssl_session_t *session; +- +- /*! Implementation specific part */ +- struct _sss_openssl_object **objects; +- uint32_t max_object_count; +- +- keyStoreTable_t *keystore_shadow; +- +-} sss_openssl_key_store_t; +- +-typedef struct _sss_openssl_object +-{ +- /*! key store holding the data and other properties */ +- sss_openssl_key_store_t *keyStore; +- /*! Object types */ +- uint32_t objectType; +- uint32_t cipherType; +- /*! Application specific key identifier. The keyId is kept in the key store +- * along with the key data and other properties. */ +- uint32_t keyId; +- +- /*! Implementation specific part */ +- /** Contents are malloced, so must be freed */ +- uint32_t contents_must_free : 1; +- /** Type of key. Persistnet/trainsient @ref sss_key_object_mode_t */ +- uint32_t keyMode : 3; +- /** Max size allocated */ +- size_t contents_max_size; +- size_t contents_size; +- size_t keyBitLen; +- uint32_t user_id; +- sss_mode_t purpose; +- sss_access_permission_t accessRights; +- /* malloced / referenced contents */ +- void *contents; +-} sss_openssl_object_t; +- +-typedef struct _sss_openssl_derive_key +-{ +- sss_openssl_session_t *session; +- sss_openssl_object_t *keyObject; +- sss_algorithm_t algorithm; /*! */ +- sss_mode_t mode; /*! */ +- +-} sss_openssl_derive_key_t; +- +-typedef struct _sss_openssl_asymmetric +-{ +- sss_openssl_session_t *session; +- sss_openssl_object_t *keyObject; +- sss_algorithm_t algorithm; /*! */ +- sss_mode_t mode; /*! */ +- +-} sss_openssl_asymmetric_t; +- +-typedef struct _sss_openssl_symmetric +-{ +- /*! Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_openssl_session_t *session; +- sss_openssl_object_t *keyObject; /*!< Reference to key and it's properties. */ +- sss_algorithm_t algorithm; /*! */ +- sss_mode_t mode; /*! */ +- EVP_CIPHER_CTX *cipher_ctx; +- uint8_t cache_data[16]; +- size_t cache_data_len; +-} sss_openssl_symmetric_t; +- +-typedef struct +-{ +- sss_openssl_session_t *session; +- sss_openssl_object_t *keyObject; /*!< Reference to key and it's properties. */ +- sss_algorithm_t algorithm; /*! */ +- sss_mode_t mode; /*! */ +- CMAC_CTX *cmac_ctx; +- HMAC_CTX *hmac_ctx; +-} sss_openssl_mac_t; +- +-typedef struct _sss_openssl_aead +-{ +- /*! Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_openssl_session_t *session; +- sss_openssl_object_t *keyObject; /*!< Reference to key and it's properties. */ +- sss_algorithm_t algorithm; /*!< */ +- sss_mode_t mode; /*!< */ +- +- /*! Implementation specific part */ +- EVP_CIPHER_CTX *aead_ctx; /*!< Reference to aead context. */ +- uint8_t cache_data[16]; /*!< Cache for GCM data */ +- size_t cache_data_len; /*!< Store GCM Cache len*/ +- uint8_t *pCcm_data; /*!< Ref to CCM data dynamic allocated.. */ +- size_t ccm_dataTotalLen; /*!< Store CCM data total len. */ +- size_t ccm_dataoffset; /*!< Store CCM data offset. */ +- uint8_t *pCcm_tag; /*!< Reference to tag. */ +- size_t ccm_tagLen; /*!< Store tag len. */ +- const uint8_t *pCcm_aad; /*!< Reference to AAD */ +- size_t ccm_aadLen; /*!< Store AAD len. */ +- const uint8_t *pCcm_iv; /*!< Reference to IV. */ +- size_t ccm_ivLen; /*!< Store IV len. */ +-} sss_openssl_aead_t; +- +-typedef struct _sss_openssl_digest +-{ +- /*! Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_openssl_session_t *session; +- sss_algorithm_t algorithm; /*!< */ +- sss_mode_t mode; /*!< */ +- /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ +- size_t digestFullLen; +- /*! Implementation specific part */ +- EVP_MD_CTX *mdctx; +-} sss_openssl_digest_t; +- +-typedef struct +-{ +- sss_openssl_session_t *session; +-} sss_openssl_rng_context_t; +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +- +-/** Similar to @ref sss_openssl_asymmetric_sign_digest, +-* +-* but hashing/digest done by openssl +-*/ +-sss_status_t sss_openssl_asymmetric_sign( +- sss_openssl_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t *signatureLen); +- +-/** Similar to @ref sss_openssl_asymmetric_verify_digest, +-* but hashing/digest done by openssl +-* +-*/ +-sss_status_t sss_openssl_asymmetric_verify( +- sss_openssl_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t signatureLen); +- +-/** Store key inside persistant key store */ +-sss_status_t ks_openssl_store_key(const sss_openssl_object_t *sss_key); +- +-sss_status_t ks_openssl_load_key(sss_openssl_object_t *sss_key, keyStoreTable_t *keystore_shadow, uint32_t extKeyId); +- +-sss_status_t ks_openssl_fat_update(sss_openssl_key_store_t *keyStore); +- +-sss_status_t ks_openssl_remove_key(const sss_openssl_object_t *sss_key); +- +-sss_status_t sss_openssl_key_object_allocate(sss_openssl_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t keyMode); +- +-/** @} */ +- +-#endif /* SSS_HAVE_OPENSSL */ +- +-#endif /* SSS_APIS_INC_FSL_SSS_OPENSSL_TYPES_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_policy.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_policy.h +deleted file mode 100644 +index 5edff48590..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_policy.h ++++ /dev/null +@@ -1,221 +0,0 @@ +-/* +- * +- * Copyright 2019,2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +-/** @file */ +- +-#ifndef _FSL_SSS_POLICY_H_ +-#define _FSL_SSS_POLICY_H_ +- +-#if !defined(SSS_CONFIG_FILE) +-#include "fsl_sss_config.h" +-#else +-#include SSS_CONFIG_FILE +-#endif +- +-#include "fsl_sss_types.h" +-//#include +- +-/** @defgroup sss_policy Policy +- * +- * Policies to restrict and control sessions and objects. +- */ +- +-/** @addtogroup sss_policy +- * @{ */ +- +-/** Type of policy */ +-typedef enum +-{ +- /** No policy applied */ +- KPolicy_None, +- /** Policy related to session. @see sss_policy_session_u */ +- KPolicy_Session, +- /** Policy related to key. @see sss_policy_key_u */ +- KPolicy_Sym_Key, +- KPolicy_Asym_Key, +- KPolicy_UserID, +- KPolicy_File, +- KPolicy_Counter, +- KPolicy_PCR, +- KPolicy_Common, +- KPolicy_Common_PCR_Value, +-} sss_policy_type_u; +- +-/** Policy applicable to a session */ +-typedef struct +-{ +- /** Number of operations permitted in a session */ +- uint16_t maxOperationsInSession; +- /** Session can be used for this much time, in seconds */ +- uint16_t maxDurationOfSession_sec; +- /** Whether maxOperationsInSession is set. +- * This is to ensure '0 == maxOperationsInSession' does not get set +- * by middleware. */ +- uint8_t has_MaxOperationsInSession : 1; +- /** Whether maxOperationsInSession is set. +- * This is to ensure '0 == maxDurationOfSession_sec' does not get set +- * by middleware. */ +- uint8_t has_MaxDurationOfSession_sec : 1; +- /** Whether this session can be refreshed without losing context. +- * And also reset maxDurationOfSession_sec / maxOperationsInSession */ +- uint8_t allowRefresh : 1; +-} sss_policy_session_u; +- +-/** Policies applicable to Symmetric KEY */ +-typedef struct +-{ +- /** Allow signature generation */ +- uint8_t can_Sign : 1; +- /** Allow signature verification */ +- uint8_t can_Verify : 1; +- /** Allow encryption */ +- uint8_t can_Encrypt : 1; +- /** Allow decryption */ +- uint8_t can_Decrypt : 1; +- /** Allow key derivation */ +- uint8_t can_KD : 1; +- /** Allow key wrapping */ +- uint8_t can_Wrap : 1; +- /** Allow to write the object */ +- uint8_t can_Write : 1; +- /** Allow to (re)generate the object */ +- uint8_t can_Gen : 1; +- /** Allow to perform DESFire authentication */ +- uint8_t can_Desfire_Auth : 1; +- /** Allow to dump DESFire session keys */ +- uint8_t can_Desfire_Dump : 1; +- /** Allow to imported or exported */ +- uint8_t can_Import_Export : 1; +-#if 1 // SSS_HAVE_SE05X_VER_GTE_06_00 +- /** Forbid derived output */ +- uint8_t forbid_Derived_Output : 1; +-#endif +- /** Allow kdf(prf) external random */ +- uint8_t allow_kdf_ext_rnd : 1; +-} sss_policy_sym_key_u; +- +-/** Policies applicable to Asymmetric KEY */ +-typedef struct +-{ +- /** Allow signature generation */ +- uint8_t can_Sign : 1; +- /** Allow signature verification */ +- uint8_t can_Verify : 1; +- /** Allow encryption */ +- uint8_t can_Encrypt : 1; +- /** Allow decryption */ +- uint8_t can_Decrypt : 1; +- /** Allow key derivation */ +- uint8_t can_KD : 1; +- /** Allow key wrapping */ +- uint8_t can_Wrap : 1; +- /** Allow to write the object */ +- uint8_t can_Write : 1; +- /** Allow to (re)generate the object */ +- uint8_t can_Gen : 1; +- /** Allow to imported or exported */ +- uint8_t can_Import_Export : 1; +- /** Allow key agreement */ +- uint8_t can_KA : 1; +- /** Allow to read the object */ +- uint8_t can_Read : 1; +- /** Allow to attest an object */ +- uint8_t can_Attest : 1; +-#if 1 // SSS_HAVE_SE05X_VER_GTE_06_00 +- /** Forbid derived output */ +- uint8_t forbid_Derived_Output : 1; +-#endif +-} sss_policy_asym_key_u; +- +-/** All policies related to secure object type File */ +-typedef struct +-{ +- /** Allow to write the object */ +- uint8_t can_Write : 1; +- /** Allow to read the object */ +- uint8_t can_Read : 1; +-} sss_policy_file_u; +- +-/** All policies related to secure object type Counter */ +-typedef struct +-{ +- /** Allow to write the object */ +- uint8_t can_Write : 1; +- /** Allow to read the object */ +- uint8_t can_Read : 1; +-} sss_policy_counter_u; +- +-/** All policies related to secure object type PCR */ +-typedef struct +-{ +- /** Allow to write the object */ +- uint8_t can_Write : 1; +- /** Allow to read the object */ +- uint8_t can_Read : 1; +-} sss_policy_pcr_u; +- +-/** All policies related to secure object type UserID */ +-typedef struct +-{ +- /** Allow to write the object */ +- uint8_t can_Write : 1; +-} sss_policy_userid_u; +- +-/** Common Policies for all object types */ +-typedef struct +-{ +- /** Forbid all operations */ +- uint8_t forbid_All : 1; +- /** Allow to delete the object */ +- uint8_t can_Delete : 1; +- /** Require having secure messaging enabled with encryption and integrity on the command */ +- uint8_t req_Sm : 1; +-} sss_policy_common_u; +- +-/** Common PCR Value Policies for all object types */ +-typedef struct +-{ +- /** PCR object ID */ +- uint32_t pcrObjId; +- /** Expected value of the PCR */ +- uint8_t pcrExpectedValue[32]; +-} sss_policy_common_pcr_value_u; +- +-/** Unique/individual policy. +- * For any operation, you need array of sss_policy_u. +- */ +-typedef struct +-{ +- /** Secure Object Type */ +- sss_policy_type_u type; +- /** Auth ID for each Object Policy, invalid for session policy type == KPolicy_Session*/ +- uint32_t auth_obj_id; +- /** Union of applicable policies based on the type of object +- */ +- union { +- sss_policy_file_u file; +- sss_policy_counter_u counter; +- sss_policy_pcr_u pcr; +- sss_policy_sym_key_u symmkey; +- sss_policy_asym_key_u asymmkey; +- sss_policy_userid_u pin; +- sss_policy_common_u common; +- sss_policy_common_pcr_value_u common_pcr_value; +- sss_policy_session_u session; +- } policy; +-} sss_policy_u; +- +-/** An array of policies @ref sss_policy_u */ +-typedef struct +-{ +- /** Array of unique policies, this needs to be allocated based nPolicies */ +- const sss_policy_u *policies[SSS_POLICY_COUNT_MAX]; +- /** Number of policies */ +- size_t nPolicies; +-} sss_policy_t; +- +-/** @} */ +- +-#endif /* _FSL_SSS_POLICY_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_apis.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_apis.h +deleted file mode 100644 +index b0937f8f54..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_apis.h ++++ /dev/null +@@ -1,781 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file */ +- +-#ifndef FSL_SSS_SE05X_APIS_H +-#define FSL_SSS_SE05X_APIS_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif /* __cplusplus */ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-#include +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +-/** +- * @addtogroup sss_se05x_session +- * @{ +- */ +-/** @copydoc sss_session_create +- * +- */ +-sss_status_t sss_se05x_session_create(sss_se05x_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData); +- +-/** @copydoc sss_session_open +- * +- */ +-sss_status_t sss_se05x_session_open(sss_se05x_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData); +- +-/** @copydoc sss_session_prop_get_u32 +- * +- */ +-sss_status_t sss_se05x_session_prop_get_u32(sss_se05x_session_t *session, uint32_t property, uint32_t *pValue); +- +-/** @copydoc sss_session_prop_get_au8 +- * +- */ +-sss_status_t sss_se05x_session_prop_get_au8( +- sss_se05x_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); +- +-/** @copydoc sss_session_close +- * +- */ +-void sss_se05x_session_close(sss_se05x_session_t *session); +- +-/** @copydoc sss_session_delete +- * +- */ +-void sss_se05x_session_delete(sss_se05x_session_t *session); +- +-/*! @} */ /* end of : sss_se05x_session */ +- +-/** +- * @addtogroup sss_se05x_keyobj +- * @{ +- */ +-/** @copydoc sss_key_object_init +- * +- */ +-sss_status_t sss_se05x_key_object_init(sss_se05x_object_t *keyObject, sss_se05x_key_store_t *keyStore); +- +-/** @copydoc sss_key_object_allocate_handle +- * +- * On SE050, the memory get reserved only when the actual object is created and +- * hence there is no memory reservation happening in this API call. but +- * internally it checks if the object already exists or not . if the object is +- * already existing it returns a failure. +- * +- */ +-sss_status_t sss_se05x_key_object_allocate_handle(sss_se05x_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t options); +- +-/** @copydoc sss_key_object_get_handle +- * +- * On SE05X, this API uses @ref Se05x_API_ReadType and fetches +- * parameters of the API. +- * +- */ +-sss_status_t sss_se05x_key_object_get_handle(sss_se05x_object_t *keyObject, uint32_t keyId); +- +-/** Not Available for SE05X +- * +- */ +-sss_status_t sss_se05x_key_object_set_user(sss_se05x_object_t *keyObject, uint32_t user, uint32_t options); +- +-/** @copydoc sss_key_object_set_purpose +- * +- */ +-sss_status_t sss_se05x_key_object_set_purpose(sss_se05x_object_t *keyObject, sss_mode_t purpose, uint32_t options); +- +-/** Not Available for SE05X +- * +- */ +-sss_status_t sss_se05x_key_object_set_access(sss_se05x_object_t *keyObject, uint32_t access, uint32_t options); +- +-/** Not Available for SE05X +- * +- */ +-sss_status_t sss_se05x_key_object_set_eccgfp_group(sss_se05x_object_t *keyObject, sss_eccgfp_group_t *group); +- +-/** Not Available for SE05X +- * +- */ +-sss_status_t sss_se05x_key_object_get_user(sss_se05x_object_t *keyObject, uint32_t *user); +- +-/** Not Available for SE05X +- * +- */ +-sss_status_t sss_se05x_key_object_get_purpose(sss_se05x_object_t *keyObject, sss_mode_t *purpose); +- +-/** Not Available for SE05X +- * +- */ +-sss_status_t sss_se05x_key_object_get_access(sss_se05x_object_t *keyObject, uint32_t *access); +- +-/** @copydoc sss_key_object_free +- * +- * On SE050, this has no impact on physical Key Object. +- */ +-void sss_se05x_key_object_free(sss_se05x_object_t *keyObject); +- +-/*! @} */ /* end of : sss_se05x_keyobj */ +- +-/** +- * @addtogroup sss_se05x_keyderive +- * @{ +- */ +-/** @copydoc sss_derive_key_context_init +- * +- */ +-sss_status_t sss_se05x_derive_key_context_init(sss_se05x_derive_key_t *context, +- sss_se05x_session_t *session, +- sss_se05x_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_derive_key_go +- * +- */ +-sss_status_t sss_se05x_derive_key_go(sss_se05x_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_se05x_object_t *derivedKeyObject, +- uint16_t deriveDataLen, +- uint8_t *hkdfOutput, +- size_t *hkdfOutputLen); +- +-/** @copydoc sss_derive_key_one_go +- * +- */ +-sss_status_t sss_se05x_derive_key_one_go(sss_se05x_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_se05x_object_t *derivedKeyObject, +- uint16_t deriveDataLen); +- +-/** @copydoc sss_derive_key_sobj_one_go +-* +-*/ +-sss_status_t sss_se05x_derive_key_sobj_one_go(sss_se05x_derive_key_t *context, +- sss_se05x_object_t *saltKeyObject, +- const uint8_t *info, +- size_t infoLen, +- sss_se05x_object_t *derivedKeyObject, +- uint16_t deriveDataLen); +- +-/** @copydoc sss_derive_key_dh +- * +- */ +-sss_status_t sss_se05x_derive_key_dh( +- sss_se05x_derive_key_t *context, sss_se05x_object_t *otherPartyKeyObject, sss_se05x_object_t *derivedKeyObject); +- +-/** @copydoc sss_derive_key_context_free +- * +- */ +-void sss_se05x_derive_key_context_free(sss_se05x_derive_key_t *context); +- +-/*! @} */ /* end of : sss_se05x_keyderive */ +- +-/** +- * @addtogroup sss_se05x_keystore +- * @{ +- */ +-/** @copydoc sss_key_store_context_init +- * +- */ +-sss_status_t sss_se05x_key_store_context_init(sss_se05x_key_store_t *keyStore, sss_se05x_session_t *session); +- +-/** @copydoc sss_key_store_allocate +- * +- * This API does not do anything special on SE05X. +- */ +-sss_status_t sss_se05x_key_store_allocate(sss_se05x_key_store_t *keyStore, uint32_t keyStoreId); +- +-/** @copydoc sss_key_store_save +- * +- * This API does not do anything special on SE05X. +- */ +-sss_status_t sss_se05x_key_store_save(sss_se05x_key_store_t *keyStore); +- +-/** @copydoc sss_key_store_load +- * +- * This API does not do anything special on SE05X. +- */ +-sss_status_t sss_se05x_key_store_load(sss_se05x_key_store_t *keyStore); +- +-/** @copydoc sss_key_store_set_key +- * +- */ +-sss_status_t sss_se05x_key_store_set_key(sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- const uint8_t *data, +- size_t dataLen, +- size_t keyBitLen, +- void *options, +- size_t optionsLen); +- +-/** @copydoc sss_key_store_generate_key +- * +- */ +-sss_status_t sss_se05x_key_store_generate_key( +- sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, size_t keyBitLen, void *options); +- +-/** @copydoc sss_key_store_get_key +- * +- */ +-sss_status_t sss_se05x_key_store_get_key( +- sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, uint8_t *data, size_t *dataLen, size_t *pKeyBitLen); +- +-/** @copydoc sss_key_store_open_key +- * +- * In SE05X, these keys can be used as KEK encryption key +- * +- * If ``keyObject`` == NULL, then subsequent key injection does not use any KEK. +- * +- * @return The sss status. +- */ +-sss_status_t sss_se05x_key_store_open_key(sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject); +- +-/** Not available for SE05X +- * +- */ +-sss_status_t sss_se05x_key_store_freeze_key(sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject); +- +-/** @copydoc sss_key_store_erase_key +- * +- */ +-sss_status_t sss_se05x_key_store_erase_key(sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject); +- +-/** @copydoc sss_key_store_context_free +- * +- */ +-void sss_se05x_key_store_context_free(sss_se05x_key_store_t *keyStore); +- +-/** Export Key from SE050 to host +- * +- * Only Transient keys can be exported. +- */ +-sss_status_t sss_se05x_key_store_export_key( +- sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, uint8_t *key, size_t *keylen); +- +-/** Re Import previously exported SE05X key from host to the SE05X +- * +- * Only Transient keys can be imported. +- */ +-sss_status_t sss_se05x_key_store_import_key( +- sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, uint8_t *key, size_t keylen); +- +-/*! @} */ /* end of : sss_se05x_keystore */ +- +-/** +- * @addtogroup sss_se05x_asym +- * @{ +- */ +-/** @copydoc sss_asymmetric_context_init +- * +- */ +-sss_status_t sss_se05x_asymmetric_context_init(sss_se05x_asymmetric_t *context, +- sss_se05x_session_t *session, +- sss_se05x_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_asymmetric_encrypt +- * +- */ +-sss_status_t sss_se05x_asymmetric_encrypt( +- sss_se05x_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_asymmetric_decrypt +- * +- */ +-sss_status_t sss_se05x_asymmetric_decrypt( +- sss_se05x_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_asymmetric_sign_digest +- * +- */ +-sss_status_t sss_se05x_asymmetric_sign_digest( +- sss_se05x_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); +- +-/** @copydoc sss_asymmetric_verify_digest +- * +- */ +-sss_status_t sss_se05x_asymmetric_verify_digest( +- sss_se05x_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); +- +-/** @copydoc sss_asymmetric_context_free +- * +- */ +-void sss_se05x_asymmetric_context_free(sss_se05x_asymmetric_t *context); +- +-/*! @} */ /* end of : sss_se05x_asym */ +- +-/** +- * @addtogroup sss_se05x_symm +- * @{ +- */ +-/** @copydoc sss_symmetric_context_init +- * +- */ +-sss_status_t sss_se05x_symmetric_context_init(sss_se05x_symmetric_t *context, +- sss_se05x_session_t *session, +- sss_se05x_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_cipher_one_go +- * +- */ +-sss_status_t sss_se05x_cipher_one_go(sss_se05x_symmetric_t *context, +- uint8_t *iv, +- size_t ivLen, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t dataLen); +- +-/** @copydoc sss_cipher_init +- * +- */ +-sss_status_t sss_se05x_cipher_init(sss_se05x_symmetric_t *context, uint8_t *iv, size_t ivLen); +- +-/** @copydoc sss_cipher_update +- * +- */ +-sss_status_t sss_se05x_cipher_update( +- sss_se05x_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_cipher_finish +- * +- */ +-sss_status_t sss_se05x_cipher_finish( +- sss_se05x_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_cipher_crypt_ctr +- * +- */ +-sss_status_t sss_se05x_cipher_crypt_ctr(sss_se05x_symmetric_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *initialCounter, +- uint8_t *lastEncryptedCounter, +- size_t *szLeft); +- +-/** @copydoc sss_symmetric_context_free +- * +- */ +-void sss_se05x_symmetric_context_free(sss_se05x_symmetric_t *context); +- +-/*! @} */ /* end of : sss_se05x_symm */ +- +-/** +- * @addtogroup sss_se05x_aead +- * @{ +- */ +-/** @copydoc sss_aead_context_init +- * +- */ +-sss_status_t sss_se05x_aead_context_init(sss_se05x_aead_t *context, +- sss_se05x_session_t *session, +- sss_se05x_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_aead_one_go +- * +- */ +-sss_status_t sss_se05x_aead_one_go(sss_se05x_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen); +- +-/** @copydoc sss_aead_init +- * +- */ +-sss_status_t sss_se05x_aead_init( +- sss_se05x_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); +- +-/** @copydoc sss_aead_update_aad +- * +- */ +-sss_status_t sss_se05x_aead_update_aad(sss_se05x_aead_t *context, const uint8_t *aadData, size_t aadDataLen); +- +-/** @copydoc sss_aead_update +- * +- */ +-sss_status_t sss_se05x_aead_update( +- sss_se05x_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_aead_finish +- * +- */ +-sss_status_t sss_se05x_aead_finish(sss_se05x_aead_t *context, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen, +- uint8_t *tag, +- size_t *tagLen); +- +-/** @copydoc sss_aead_context_free +- * +- */ +-void sss_se05x_aead_context_free(sss_se05x_aead_t *context); +- +-/*! @} */ /* end of : sss_se05x_aead */ +- +-/** +- * @addtogroup sss_se05x_mac +- * @{ +- */ +-/** @copydoc sss_mac_context_init +- * +- */ +-sss_status_t sss_se05x_mac_context_init(sss_se05x_mac_t *context, +- sss_se05x_session_t *session, +- sss_se05x_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_mac_one_go +- * +- */ +-sss_status_t sss_se05x_mac_one_go( +- sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); +- +-/** @copydoc sss_mac_init +- * +- */ +-sss_status_t sss_se05x_mac_init(sss_se05x_mac_t *context); +- +-/** @copydoc sss_mac_update +- * +- */ +-sss_status_t sss_se05x_mac_update(sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen); +- +-/** @copydoc sss_mac_finish +- * +- */ +-sss_status_t sss_se05x_mac_finish(sss_se05x_mac_t *context, uint8_t *mac, size_t *macLen); +- +-/** @copydoc sss_mac_context_free +- * +- */ +-void sss_se05x_mac_context_free(sss_se05x_mac_t *context); +- +-/*! @} */ /* end of : sss_se05x_mac */ +- +-/** +- * @addtogroup sss_se05x_md +- * @{ +- */ +-/** @copydoc sss_digest_context_init +- * +- */ +-sss_status_t sss_se05x_digest_context_init( +- sss_se05x_digest_t *context, sss_se05x_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); +- +-/** @copydoc sss_digest_one_go +- * +- */ +-sss_status_t sss_se05x_digest_one_go( +- sss_se05x_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); +- +-/** @copydoc sss_digest_init +- * +- */ +-sss_status_t sss_se05x_digest_init(sss_se05x_digest_t *context); +- +-/** @copydoc sss_digest_update +- * +- */ +-sss_status_t sss_se05x_digest_update(sss_se05x_digest_t *context, const uint8_t *message, size_t messageLen); +- +-/** @copydoc sss_digest_finish +- * +- */ +-sss_status_t sss_se05x_digest_finish(sss_se05x_digest_t *context, uint8_t *digest, size_t *digestLen); +- +-/** @copydoc sss_digest_context_free +- * +- */ +-void sss_se05x_digest_context_free(sss_se05x_digest_t *context); +- +-/*! @} */ /* end of : sss_se05x_md */ +- +-/** +- * @addtogroup sss_se05x_rng +- * @{ +- */ +-/** @copydoc sss_rng_context_init +- * +- */ +-sss_status_t sss_se05x_rng_context_init(sss_se05x_rng_context_t *context, sss_se05x_session_t *session); +- +-/** @copydoc sss_rng_get_random +- * +- */ +-sss_status_t sss_se05x_rng_get_random(sss_se05x_rng_context_t *context, uint8_t *random_data, size_t dataLen); +- +-/** @copydoc sss_rng_context_free +- * +- */ +-sss_status_t sss_se05x_rng_context_free(sss_se05x_rng_context_t *context); +- +-/*! @} */ /* end of : sss_se05x_rng */ +- +-/** +-* @addtogroup sss_se05x_tunnel +-* @{ +-*/ +-/** @copydoc sss_tunnel_context_init +- * +- */ +-sss_status_t sss_se05x_tunnel_context_init(sss_se05x_tunnel_context_t *context, sss_se05x_session_t *session); +- +-/** @copydoc sss_tunnel_context_free +-* +-*/ +-void sss_se05x_tunnel_context_free(sss_se05x_tunnel_context_t *context); +- +-/*! @} */ /* end of : sss_se05x_tunnel */ +- +-sss_status_t sss_se05x_refresh_session(sss_se05x_session_t *session, void *connectionData); +- +-/** +- * @addtogroup sss_se05x_tunnel +- * @{ +- */ +- +-/** @copydoc sss_tunnel_context_init +- * +- */ +-sss_status_t sss_se05x_tunnel_context_init(sss_se05x_tunnel_context_t *context, sss_se05x_session_t *session); +- +-/** @copydoc sss_tunnel_t +- * +- */ +-sss_status_t sss_se05x_tunnel(sss_se05x_tunnel_context_t *context, +- uint8_t *data, +- size_t dataLen, +- sss_se05x_object_t *keyObjects, +- uint32_t keyObjectCount, +- uint32_t tunnelType); +- +-/** @copydoc sss_tunnel_context_free +- * +- */ +-void sss_se05x_tunnel_context_free(sss_se05x_tunnel_context_t *context); +- +-/*! @} */ /* end of : sss_se05x_tunnel */ +- +-/** Set features of the Applet. +- * +- * See @ref Se05x_API_SetAppletFeatures +- */ +-sss_status_t sss_se05x_set_feature( +- sss_se05x_session_t *session, SE05x_Applet_Feature_t feature, SE05x_Applet_Feature_Disable_t disable_features); +- +-SE05x_DigestMode_t se05x_get_sha_algo(sss_algorithm_t algorithm); +- +-#if SSSFTR_SE05X_ECC +-sss_status_t sss_se05x_key_store_create_curve(Se05xSession_t *pSession, uint32_t curve_id); +-#endif +- +-/* clang-format off */ +-# if (SSS_HAVE_SSS == 1) +- /* Direct Call : session */ +-# define sss_session_create(session,subsystem,application_id,connection_type,connectionData) \ +- sss_se05x_session_create(((sss_se05x_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) +-# define sss_session_open(session,subsystem,application_id,connection_type,connectionData) \ +- sss_se05x_session_open(((sss_se05x_session_t * ) session),(subsystem),(application_id),(connection_type),(connectionData)) +-# define sss_session_prop_get_u32(session,property,pValue) \ +- sss_se05x_session_prop_get_u32(((sss_se05x_session_t * ) session),(property),(pValue)) +-# define sss_session_prop_get_au8(session,property,pValue,pValueLen) \ +- sss_se05x_session_prop_get_au8(((sss_se05x_session_t * ) session),(property),(pValue),(pValueLen)) +-# define sss_session_close(session) \ +- sss_se05x_session_close(((sss_se05x_session_t * ) session)) +-# define sss_session_delete(session) \ +- sss_se05x_session_delete(((sss_se05x_session_t * ) session)) +- /* Direct Call : keyobj */ +-# define sss_key_object_init(keyObject,keyStore) \ +- sss_se05x_key_object_init(((sss_se05x_object_t * ) keyObject),((sss_se05x_key_store_t * ) keyStore)) +-# define sss_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ +- sss_se05x_key_object_allocate_handle(((sss_se05x_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) +-# define sss_key_object_get_handle(keyObject,keyId) \ +- sss_se05x_key_object_get_handle(((sss_se05x_object_t * ) keyObject),(keyId)) +-# define sss_key_object_set_user(keyObject,user,options) \ +- sss_se05x_key_object_set_user(((sss_se05x_object_t * ) keyObject),(user),(options)) +-# define sss_key_object_set_purpose(keyObject,purpose,options) \ +- sss_se05x_key_object_set_purpose(((sss_se05x_object_t * ) keyObject),(purpose),(options)) +-# define sss_key_object_set_access(keyObject,access,options) \ +- sss_se05x_key_object_set_access(((sss_se05x_object_t * ) keyObject),(access),(options)) +-# define sss_key_object_set_eccgfp_group(keyObject,group) \ +- sss_se05x_key_object_set_eccgfp_group(((sss_se05x_object_t * ) keyObject),(group)) +-# define sss_key_object_get_user(keyObject,user) \ +- sss_se05x_key_object_get_user(((sss_se05x_object_t * ) keyObject),(user)) +-# define sss_key_object_get_purpose(keyObject,purpose) \ +- sss_se05x_key_object_get_purpose(((sss_se05x_object_t * ) keyObject),(purpose)) +-# define sss_key_object_get_access(keyObject,access) \ +- sss_se05x_key_object_get_access(((sss_se05x_object_t * ) keyObject),(access)) +-# define sss_key_object_free(keyObject) \ +- sss_se05x_key_object_free(((sss_se05x_object_t * ) keyObject)) +- /* Direct Call : keyderive */ +-# define sss_derive_key_context_init(context,session,keyObject,algorithm,mode) \ +- sss_se05x_derive_key_context_init(((sss_se05x_derive_key_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ +- sss_se05x_derive_key_go(((sss_se05x_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_se05x_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) +-# define sss_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ +- sss_se05x_derive_key_dh(((sss_se05x_derive_key_t * ) context),((sss_se05x_object_t * ) otherPartyKeyObject),((sss_se05x_object_t * ) derivedKeyObject)) +-# define sss_derive_key_context_free(context) \ +- sss_se05x_derive_key_context_free(((sss_se05x_derive_key_t * ) context)) +- /* Direct Call : keystore */ +-# define sss_key_store_context_init(keyStore,session) \ +- sss_se05x_key_store_context_init(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_session_t * ) session)) +-# define sss_key_store_allocate(keyStore,keyStoreId) \ +- sss_se05x_key_store_allocate(((sss_se05x_key_store_t * ) keyStore),(keyStoreId)) +-# define sss_key_store_save(keyStore) \ +- sss_se05x_key_store_save(((sss_se05x_key_store_t * ) keyStore)) +-# define sss_key_store_load(keyStore) \ +- sss_se05x_key_store_load(((sss_se05x_key_store_t * ) keyStore)) +-# define sss_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ +- sss_se05x_key_store_set_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) +-# define sss_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ +- sss_se05x_key_store_generate_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject),(keyBitLen),(options)) +-# define sss_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ +- sss_se05x_key_store_get_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) +-# define sss_key_store_open_key(keyStore,keyObject) \ +- sss_se05x_key_store_open_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject)) +-# define sss_key_store_freeze_key(keyStore,keyObject) \ +- sss_se05x_key_store_freeze_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject)) +-# define sss_key_store_erase_key(keyStore,keyObject) \ +- sss_se05x_key_store_erase_key(((sss_se05x_key_store_t * ) keyStore),((sss_se05x_object_t * ) keyObject)) +-# define sss_key_store_context_free(keyStore) \ +- sss_se05x_key_store_context_free(((sss_se05x_key_store_t * ) keyStore)) +- /* Direct Call : asym */ +-# define sss_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ +- sss_se05x_asymmetric_context_init(((sss_se05x_asymmetric_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ +- sss_se05x_asymmetric_encrypt(((sss_se05x_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ +- sss_se05x_asymmetric_decrypt(((sss_se05x_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ +- sss_se05x_asymmetric_sign_digest(((sss_se05x_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) +-# define sss_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ +- sss_se05x_asymmetric_verify_digest(((sss_se05x_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) +-# define sss_asymmetric_context_free(context) \ +- sss_se05x_asymmetric_context_free(((sss_se05x_asymmetric_t * ) context)) +- /* Direct Call : symm */ +-# define sss_symmetric_context_init(context,session,keyObject,algorithm,mode) \ +- sss_se05x_symmetric_context_init(((sss_se05x_symmetric_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ +- sss_se05x_cipher_one_go(((sss_se05x_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) +-# define sss_cipher_init(context,iv,ivLen) \ +- sss_se05x_cipher_init(((sss_se05x_symmetric_t * ) context),(iv),(ivLen)) +-# define sss_cipher_update(context,srcData,srcLen,destData,destLen) \ +- sss_se05x_cipher_update(((sss_se05x_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_cipher_finish(context,srcData,srcLen,destData,destLen) \ +- sss_se05x_cipher_finish(((sss_se05x_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ +- sss_se05x_cipher_crypt_ctr(((sss_se05x_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) +-# define sss_symmetric_context_free(context) \ +- sss_se05x_symmetric_context_free(((sss_se05x_symmetric_t * ) context)) +- /* Direct Call : aead */ +-# define sss_aead_context_init(context,session,keyObject,algorithm,mode) \ +- sss_se05x_aead_context_init(((sss_se05x_aead_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ +- sss_se05x_aead_one_go(((sss_se05x_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) +-# define sss_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ +- sss_se05x_aead_init(((sss_se05x_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) +-# define sss_aead_update_aad(context,aadData,aadDataLen) \ +- sss_se05x_aead_update_aad(((sss_se05x_aead_t * ) context),(aadData),(aadDataLen)) +-# define sss_aead_update(context,srcData,srcLen,destData,destLen) \ +- sss_se05x_aead_update(((sss_se05x_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ +- sss_se05x_aead_finish(((sss_se05x_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) +-# define sss_aead_context_free(context) \ +- sss_se05x_aead_context_free(((sss_se05x_aead_t * ) context)) +- /* Direct Call : mac */ +-# define sss_mac_context_init(context,session,keyObject,algorithm,mode) \ +- sss_se05x_mac_context_init(((sss_se05x_mac_t * ) context),((sss_se05x_session_t * ) session),((sss_se05x_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_mac_one_go(context,message,messageLen,mac,macLen) \ +- sss_se05x_mac_one_go(((sss_se05x_mac_t * ) context),(message),(messageLen),(mac),(macLen)) +-# define sss_mac_init(context) \ +- sss_se05x_mac_init(((sss_se05x_mac_t * ) context)) +-# define sss_mac_update(context,message,messageLen) \ +- sss_se05x_mac_update(((sss_se05x_mac_t * ) context),(message),(messageLen)) +-# define sss_mac_finish(context,mac,macLen) \ +- sss_se05x_mac_finish(((sss_se05x_mac_t * ) context),(mac),(macLen)) +-# define sss_mac_context_free(context) \ +- sss_se05x_mac_context_free(((sss_se05x_mac_t * ) context)) +- /* Direct Call : md */ +-# define sss_digest_context_init(context,session,algorithm,mode) \ +- sss_se05x_digest_context_init(((sss_se05x_digest_t * ) context),((sss_se05x_session_t * ) session),(algorithm),(mode)) +-# define sss_digest_one_go(context,message,messageLen,digest,digestLen) \ +- sss_se05x_digest_one_go(((sss_se05x_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) +-# define sss_digest_init(context) \ +- sss_se05x_digest_init(((sss_se05x_digest_t * ) context)) +-# define sss_digest_update(context,message,messageLen) \ +- sss_se05x_digest_update(((sss_se05x_digest_t * ) context),(message),(messageLen)) +-# define sss_digest_finish(context,digest,digestLen) \ +- sss_se05x_digest_finish(((sss_se05x_digest_t * ) context),(digest),(digestLen)) +-# define sss_digest_context_free(context) \ +- sss_se05x_digest_context_free(((sss_se05x_digest_t * ) context)) +- /* Direct Call : rng */ +-# define sss_rng_context_init(context,session) \ +- sss_se05x_rng_context_init(((sss_se05x_rng_context_t * ) context),((sss_se05x_session_t * ) session)) +-# define sss_rng_get_random(context,random_data,dataLen) \ +- sss_se05x_rng_get_random(((sss_se05x_rng_context_t * ) context),(random_data),(dataLen)) +-# define sss_rng_context_free(context) \ +- sss_se05x_rng_context_free(((sss_se05x_rng_context_t * ) context)) +- /* Direct Call : tunnel */ +-# define sss_tunnel_context_init(context,session) \ +- sss_se05x_tunnel_context_init(((sss_se05x_tunnel_context_t * ) context),((sss_se05x_session_t * ) session)) +-# define sss_tunnel(context,data,dataLen,keyObjects,keyObjectCount,tunnelType) \ +- sss_se05x_tunnel(((sss_se05x_tunnel_context_t * ) context),(data),(dataLen),((sss_se05x_object_t * ) keyObjects),(keyObjectCount),(tunnelType)) +-# define sss_tunnel_context_free(context) \ +- sss_se05x_tunnel_context_free(((sss_se05x_tunnel_context_t * ) context)) +-# endif /* (SSS_HAVE_SSS == 1) */ +-/* clang-format on */ +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#ifdef __cplusplus +-} // extern "C" +-#endif /* __cplusplus */ +- +-#endif /* FSL_SSS_SE05X_APIS_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_policy.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_policy.h +deleted file mode 100644 +index bab222bf0e..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_policy.h ++++ /dev/null +@@ -1,51 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef FSL_SSS_SE05X_POLICY_H +-#define FSL_SSS_SE05X_POLICY_H +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-#include +-#include +-#include +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +- +-/** @brief +- * The function serializes input passed by user (array of sss_policy_t) in to +- * uin8[] policy buffer +- * +- * @param[in] Array of policies passed by user. +- * @param[out] buffer passed by user where serialized policy data is copied. +- * @param[out] buf_len passed by user where serialized policy data length is copied. +- * +- * @warning Please ensure pbuff is atleast of size MAX_POLICY_BUFFER_SIZE +- * +- */ +-sss_status_t sss_se05x_create_object_policy_buffer(sss_policy_t *policies, uint8_t *pbuff, size_t *buf_len); +-/*! @brief +- * The function serializes input passed by user (sss_policy_session_u) in to +- * uin8[] policy buffer +- * +- * @param[in] pointer to sss_policy_session_u passed by user. +- * @param[out] buffer passed by user where serialized policy data is copied. +- * @param[out] buf_len passed by user where serialized policy data length is copied. +- * +- * @warning Please ensure session_pol_buff is atleast of size MAX_POLICY_BUFFER_SIZE +- * +- */ +-sss_status_t sss_se05x_create_session_policy_buffer( +- sss_policy_session_u *session_policy, uint8_t *session_pol_buff, size_t *buf_len); +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#endif /* FSL_SSS_SE05X_POLICY_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_scp03.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_scp03.h +deleted file mode 100644 +index d15a4bdd92..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_scp03.h ++++ /dev/null +@@ -1,56 +0,0 @@ +-/* +-* +-* Copyright 2018-2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef FSL_SSS_SE05X_SCP03_H +-#define FSL_SSS_SE05X_SCP03_H +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#include "nxScp03_Const.h" +-#include "nxScp03_Types.h" +-#include "se05x_tlv.h" +-#if SSS_HAVE_MBEDTLS +-#include +-#endif +-#if SSS_HAVE_OPENSSL +-#include +-#endif +- +-/* ************************************************************************** */ +-/* Structrues and Typedefs */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +-/** +-* To send and receive encrypted communication using SCP03 +-*/ +-sss_status_t nxScp03_AuthenticateChannel(pSe05xSession_t se05xSession, NXSCP03_AuthCtx_t *authScp03); +- +-/** +-* To send and receive encrypted communication using Fast SCP +-*/ +-sss_status_t nxECKey_AuthenticateChannel(pSe05xSession_t se05xSession, SE05x_AuthCtx_ECKey_t *pAuthFScp); +- +-#ifdef __cplusplus +-} /* extern "c"*/ +-#endif +- +-#endif /* FSL_SSS_SE05X_SCP03_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_types.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_types.h +deleted file mode 100644 +index 12cb2dd9a3..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_se05x_types.h ++++ /dev/null +@@ -1,618 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef SSS_APIS_INC_FSL_SSS_SE05X_TYPES_H_ +-#define SSS_APIS_INC_FSL_SSS_SE05X_TYPES_H_ +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#include +-#include +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-#include "nxScp03_Types.h" +-#include "se05x_const.h" +-#include "se05x_tlv.h" +-#include "sm_api.h" +-#if (__GNUC__ && !AX_EMBEDDED && !__MBED__) +-#include +-/* Only for base session with os */ +-#elif __MBED__ +-#include "cmsis_os2.h" +-#include "mbed_rtos_storage.h" +-#endif +-/* FreeRTOS includes. */ +-#if USE_RTOS +-#include "FreeRTOS.h" +-#include "FreeRTOSIPConfig.h" +-#include "semphr.h" +-#include "task.h" +-#endif +- +-/*! +- * @addtogroup sss_sw_se05x +- * @{ +- */ +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_SUBSYSTEM_TYPE_IS_SE05X(subsystem) (subsystem == kType_SSS_SE_SE05x) +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_SESSION_TYPE_IS_SE05X(session) (session && SSS_SUBSYSTEM_TYPE_IS_SE05X(session->subsystem)) +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_KEY_STORE_TYPE_IS_SE05X(keyStore) (keyStore && SSS_SESSION_TYPE_IS_SE05X(keyStore->session)) +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_OBJECT_TYPE_IS_SE05X(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_SE05X(pObject->keyStore)) +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_ASYMMETRIC_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_DERIVE_KEY_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_SYMMETRIC_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_MAC_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_RNG_CONTEXT_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_DIGEST_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_AEAD_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_TUNNEL_CONTEXT_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) +- +-/** Are we using SE05X as crypto subsystem? */ +-#define SSS_TUNNEL_TYPE_IS_SE05X(context) (context && SSS_SESSION_TYPE_IS_SE05X(context->session)) +- +-/* ************************************************************************** */ +-/* Structrues and Typedefs */ +-/* ************************************************************************** */ +- +-struct _sss_se05x_session; +- +-/** @copydoc sss_tunnel_t */ +-typedef struct _sss_se05x_tunnel_context +-{ +- /** Pointer to the base SE050 SEssion */ +- struct _sss_se05x_session *se05x_session; +- /** Where exactly this tunnel terminates to */ +- sss_tunnel_dest_t tunnelDest; +-/** For systems where we potentially have multi-threaded operations, have a lock */ +-#if USE_RTOS +- SemaphoreHandle_t channelLock; +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +- pthread_mutex_t channelLock; +-#elif __MBED__ +- osSemaphoreId_t channelLock; +-#endif +-} sss_se05x_tunnel_context_t; +- +-/** @copydoc sss_session_t */ +-typedef struct _sss_se05x_session +-{ +- /** Indicates which security subsystem is selected to be used. */ +- sss_type_t subsystem; +- +- /** Connection context to SE050 */ +- +- Se05xSession_t s_ctx; +- +- /** In case connection is tunneled, context to the tunnel */ +- +- sss_se05x_tunnel_context_t *ptun_ctx; +-} sss_se05x_session_t; +- +-struct _sss_se05x_object; +- +-/** @copydoc sss_key_store_t */ +-typedef struct +-{ +- /** Pointer to the session */ +- sss_se05x_session_t *session; +- /** In case the we are using Key Wrapping while injecting the keys, pointer to key used for wrapping */ +- struct _sss_se05x_object *kekKey; +- +-} sss_se05x_key_store_t; +- +-/** @copydoc sss_object_t */ +-typedef struct _sss_se05x_object +-{ +- /** key store holding the data and other properties */ +- sss_se05x_key_store_t *keyStore; +- /** @copydoc sss_object_t::objectType */ +- uint32_t objectType; +- /** @copydoc sss_object_t::cipherType */ +- uint32_t cipherType; +- /** Application specific key identifier. The keyId is kept in the key store +- * along with the key data and other properties. */ +- uint32_t keyId; +- +- /** If this is an ECC Key, the Curve ID of the key */ +- SE05x_ECCurve_t curve_id; +- +- /** Whether this is a persistant or tansient object */ +- uint8_t isPersistant : 1; +- +-} sss_se05x_object_t; +- +-/** @copydoc sss_derive_key_t */ +-typedef struct +-{ +- /** @copydoc sss_derive_key_t::session */ +- sss_se05x_session_t *session; +- /** @copydoc sss_derive_key_t::keyObject */ +- sss_se05x_object_t *keyObject; +- /** @copydoc sss_derive_key_t::algorithm */ +- sss_algorithm_t algorithm; +- /** @copydoc sss_derive_key_t::mode */ +- sss_mode_t mode; +- +-} sss_se05x_derive_key_t; +- +-/** @copydoc sss_asymmetric_t */ +-typedef struct +-{ +- /** @copydoc sss_asymmetric_t::session */ +- sss_se05x_session_t *session; +- /** @copydoc sss_asymmetric_t::keyObject */ +- sss_se05x_object_t *keyObject; +- /** @copydoc sss_asymmetric_t::algorithm */ +- sss_algorithm_t algorithm; +- /** @copydoc sss_asymmetric_t::mode */ +- sss_mode_t mode; +- +-} sss_se05x_asymmetric_t; +- +-/** @copydoc sss_symmetric_t */ +-typedef struct +-{ +- /** Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_se05x_session_t *session; +- /** Reference to key and it's properties. */ +- sss_se05x_object_t *keyObject; +- /** @copydoc sss_symmetric_t::algorithm */ +- sss_algorithm_t algorithm; +- /** @copydoc sss_symmetric_t::mode */ +- sss_mode_t mode; +- +- /* Implementation specific part */ +- +- /** Used crypto object ID for this operation */ +- SE05x_CryptoObjectID_t cryptoObjectId; +- /** Since underlying system conly only process in fixed chunks, chache them on host +- * to complete the operation sanely */ +- uint8_t cache_data[16]; +- /** Length of bytes cached on host */ +- size_t cache_data_len; +-} sss_se05x_symmetric_t; +- +-/** @copydoc sss_mac_t */ +-typedef struct +-{ +- /** copydoc sss_mac_t::session */ +- sss_se05x_session_t *session; +- /** copydoc sss_mac_t::keyObject */ +- sss_se05x_object_t *keyObject; +- +- /** copydoc sss_mac_t::algorithm */ +- sss_algorithm_t algorithm; +- /** copydoc sss_mac_t::mode */ +- sss_mode_t mode; +- /* Implementation specific part */ +- +- /** Used crypto object ID for this operation */ +- SE05x_CryptoObjectID_t cryptoObjectId; +-} sss_se05x_mac_t; +- +-/** @copydoc sss_aead_t */ +-typedef struct +-{ +- /** @copydoc sss_aead_t::session */ +- sss_se05x_session_t *session; +- /** @copydoc sss_aead_t::keyObject */ +- sss_se05x_object_t *keyObject; +- /** @copydoc sss_aead_t::algorithm */ +- sss_algorithm_t algorithm; +- /** @copydoc sss_aead_t::mode */ +- sss_mode_t mode; +- +- /** Implementation specific part */ +- SE05x_CryptoObjectID_t cryptoObjectId; +- /** Cache in case of un-alined inputs */ +- uint8_t cache_data[16]; +- /** How much we have cached */ +- size_t cache_data_len; +-} sss_se05x_aead_t; +- +-/** @copydoc sss_digest_t */ +-typedef struct +-{ +- /** Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_se05x_session_t *session; +- /** @copydoc sss_digest_t::algorithm */ +- sss_algorithm_t algorithm; +- /** @copydoc sss_digest_t::mode */ +- sss_mode_t mode; +- /** @copydoc sss_digest_t::digestFullLen */ +- size_t digestFullLen; +- /** Implementation specific part */ +- +- SE05x_CryptoObjectID_t cryptoObjectId; +-} sss_se05x_digest_t; +- +-/** @copydoc sss_rng_context_t */ +-typedef struct +-{ +- /** @copydoc sss_rng_context_t::session */ +- sss_se05x_session_t *session; +-} sss_se05x_rng_context_t; +- +-/** SE050 Properties that can be represented as an array */ +-typedef enum +-{ +- kSSS_SE05x_SessionProp_CertUID = kSSS_SessionProp_au8_Proprietary_Start + 1, +-} sss_s05x_sesion_prop_au8_t; +- +-/** SE050 Properties that can be represented as 32bit numbers */ +-typedef enum +-{ +- kSSS_SE05x_SessionProp_CertUIDLen = kSSS_SessionProp_u32_Optional_Start + 1, +-} sss_s05x_sesion_prop_u32_t; +- +-/** deprecated : Used only for backwards compatibility */ +-#define SE05x_Connect_Ctx_t SE_Connect_Ctx_t +-/** deprecated : Used only for backwards compatibility */ +-#define se05x_auth_context_t SE_Connect_Ctx_t +- +-/** Used to enable Applet Features via ``sss_se05x_set_feature`` */ +-typedef struct +-{ +- /** Use of curve TPM_ECC_BN_P256 */ +- uint8_t AppletConfig_ECDAA : 1; +- /** EC DSA and DH support */ +- uint8_t AppletConfig_ECDSA_ECDH_ECDHE : 1; +- /** Use of curve RESERVED_ID_ECC_ED_25519 */ +- uint8_t AppletConfig_EDDSA : 1; +- /** Use of curve RESERVED_ID_ECC_MONT_DH_25519 */ +- uint8_t AppletConfig_DH_MONT : 1; +- /** Writing HMACKey objects */ +- uint8_t AppletConfig_HMAC : 1; +- /** Writing RSAKey objects */ +- uint8_t AppletConfig_RSA_PLAIN : 1; +- /** Writing RSAKey objects */ +- uint8_t AppletConfig_RSA_CRT : 1; +- /** Writing AESKey objects */ +- uint8_t AppletConfig_AES : 1; +- /** Writing DESKey objects */ +- uint8_t AppletConfig_DES : 1; +- /** PBKDF2 */ +- uint8_t AppletConfig_PBKDF : 1; +- /** TLS Handshake support commands (see 4.16) in APDU Spec*/ +- uint8_t AppletConfig_TLS : 1; +- /** Mifare DESFire support (see 4.15) in APDU Spec*/ +- uint8_t AppletConfig_MIFARE : 1; +- /** Allocated value undefined and reserved for future use */ +- uint8_t AppletConfig_RFU1 : 1; +- /** I2C Master support (see 4.17) in APDU Spec*/ +- uint8_t AppletConfig_I2CM : 1; +- /** RFU */ +- uint8_t AppletConfig_RFU21 : 1; +-} SE05x_Applet_Feature_t; +- +-/** Used to disable Applet Features via ``sss_se05x_set_feature`` */ +-typedef struct +-{ +- /** Disable feature ECDH B2b8 */ +- uint8_t EXTCFG_FORBID_ECDH : 1; +- /** Disable feature ECDAA B2b7 */ +- uint8_t EXTCFG_FORBID_ECDAA : 1; +- /** Disable feature RSA_LT_2K B6b8 */ +- uint8_t EXTCFG_FORBID_RSA_LT_2K : 1; +- /** Disable feature RSA_SHA1 B6b7 */ +- uint8_t EXTCFG_FORBID_RSA_SHA1 : 1; +- /** Disable feature AES_GCM B8b8 */ +- uint8_t EXTCFG_FORBID_AES_GCM : 1; +- /** Disable feature AES_GCM_EXT_IV B8b7 */ +- uint8_t EXTCFG_FORBID_AES_GCM_EXT_IV : 1; +- /** Disable feature HKDF_EXTRACT B10b7 */ +- uint8_t EXTCFG_FORBID_HKDF_EXTRACT : 1; +-} SE05x_Applet_Feature_Disable_t; +- +-/** Attestation data */ +-typedef struct +-{ +- /** Random used during attestation */ +- uint8_t outrandom[16]; +- /** length of outrandom */ +- size_t outrandomLen; +- /** time stamp */ +- SE05x_TimeStamp_t timeStamp; +- /** Length of timeStamp */ +- size_t timeStampLen; +- /** Uinquie ID of SE050 */ +- uint8_t chipId[SE050_MODULE_UNIQUE_ID_LEN]; +- /** Lenght of the Unique ID */ +- size_t chipIdLen; +- /** Attributes */ +- uint8_t attribute[MAX_POLICY_BUFFER_SIZE + 15]; +- /** Length of Attribute */ +- size_t attributeLen; +- /** Signature for attestation */ +- uint8_t signature[512]; +- /** Lenght of signature */ +- size_t signatureLen; +-} sss_se05x_attst_comp_data_t; +- +-/** Data to be read with attestation */ +-typedef struct +-{ +- /** Whle reading RSA Objects, modulus and public exporent get attested separately, */ +- sss_se05x_attst_comp_data_t data[SE05X_MAX_ATTST_DATA]; +- /** How many entries to attest */ +- uint8_t valid_number; +-} sss_se05x_attst_data_t; +- +-/** @} */ +- +-/** @addtogroup se050_i2cm +- * +- * @{ */ +- +-/** Types of entries in an I2CM Transaction */ +-typedef enum +-{ +- /** Do nothing */ +- kSE05x_I2CM_None = 0, +- /** Configure the address, baudrate */ +- kSE05x_I2CM_Configure, +- /** Write to I2C Slave */ +- kSE05x_I2CM_Write = 3, +- /** Read from I2C Slave */ +- kSE05x_I2CM_Read, +- +- /** Response from SE05x that there is something wrong */ +- kSE05x_I2CM_StructuralIssue = 0xFF +-} SE05x_I2CM_TLV_type_t; +- +-/** Status of I2CM Transaction */ +-typedef enum +-{ +- kSE05x_I2CM_Success = 0x5A, +- kSE05x_I2CM_I2C_Nack_Fail = 0x01, +- kSE05x_I2CM_I2C_Write_Error = 0x02, +- kSE05x_I2CM_I2C_Read_Error = 0x03, +- kSE05x_I2CM_I2C_Time_Out_Error = 0x05, +- kSE05x_I2CM_Invalid_Tag = 0x11, +- kSE05x_I2CM_Invalid_Length = 0x12, +- kSE05x_I2CM_Invalid_Length_Encode = 0x13, +- kSE05x_I2CM_I2C_Config = 0x21 +-} SE05x_I2CM_status_t; +- +-/** Additional operation on data read by I2C */ +-typedef enum +-{ +- kSE05x_Security_None = 0, +- kSE05x_Sign_Request, +- kSE05x_Sign_Enc_Request, +-} SE05x_I2CM_securityReq_t; +- +-/** Configuration for I2CM */ +-typedef enum +-{ +- kSE05x_I2CM_Baud_Rate_100Khz = 0, +- kSE05x_I2CM_Baud_Rate_400Khz, +-} SE05x_I2CM_Baud_Rate_t; +- +-/** Data Configuration for I2CM */ +-typedef struct +-{ +- /** 7 Bit address of I2C slave */ +- uint8_t I2C_addr; +- /** What baud rate */ +- SE05x_I2CM_Baud_Rate_t I2C_baudRate; +- /** return status of the config operation */ +- SE05x_I2CM_status_t status; +-} SE05x_I2CM_configData_t; +- +-/** @brief Security Configuration for I2CM */ +-typedef struct +-{ +- /** @copydoc SE05x_I2CM_securityReq_t */ +- SE05x_I2CM_securityReq_t operation; +- /** object used for the operation */ +- uint32_t keyObject; +-} SE05x_I2CM_securityData_t; +- +-/** @brief Write From I2CM to I2C Slave */ +-typedef struct +-{ +- /** How many bytes to write */ +- uint8_t writeLength; +- /** [Out] status of the operation */ +- SE05x_I2CM_status_t wrStatus; +- /** Buffer to be written */ +- uint8_t *writebuf; /* Input */ +-} SE05x_I2CM_writeData_t; +- +-/** Read to I2CM from I2C Slave */ +-typedef struct +-{ +- /** How many bytes to read */ +- uint16_t readLength; +- /** [Out] status of the operation */ +- SE05x_I2CM_status_t rdStatus; +- /** Output. rdBuf will point to Host buffer. */ +- uint8_t *rdBuf; +-} SE05x_I2CM_readData_t; +- +-/** Used to report error response, not for outgoing command */ +-typedef struct +-{ +- /** [Out] In case there is any structural issue */ +- SE05x_I2CM_status_t issueStatus; +-} SE05x_I2CM_structuralIssue_t; +- +-/** @brief Individual entry in array of TLV commands */ +-typedef union { +- /** @copydoc SE05x_I2CM_configData_t */ +- SE05x_I2CM_configData_t cfg; +- /** @copydoc SE05x_I2CM_securityData_t */ +- SE05x_I2CM_securityData_t sec; +- /** @copydoc SE05x_I2CM_writeData_t */ +- SE05x_I2CM_writeData_t w; +- /** @copydoc SE05x_I2CM_readData_t */ +- SE05x_I2CM_readData_t rd; +- /** @copydoc SE05x_I2CM_structuralIssue_t */ +- SE05x_I2CM_structuralIssue_t issue; +-} SE05x_I2CM_INS_type_t; +- +-/** Individual entry in array of TLV commands, with type +- * +- * @ref Se05x_i2c_master_txn would expect an array of these. +- */ +-typedef struct _SE05x_I2CM_cmd +-{ +- /** @copybrief SE05x_I2CM_TLV_type_t */ +- SE05x_I2CM_TLV_type_t type; +- /** @copybrief SE05x_I2CM_INS_type_t */ +- SE05x_I2CM_INS_type_t cmd; +-} SE05x_I2CM_cmd_t; +- +-/*! +- *@} +- */ /* end of se050_i2cm */ +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +- +-/** MAC Validate +- * +- */ +-sss_status_t sss_se05x_mac_validate_one_go( +- sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t macLen); +- +-/** Similar to @ref sss_se05x_asymmetric_sign_digest, +- * +- * but hashing/digest done by SE +- */ +-sss_status_t sss_se05x_asymmetric_sign( +- sss_se05x_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t *signatureLen); +- +-/** Similar to @ref sss_se05x_asymmetric_verify_digest, +- * but hashing/digest done by SE +- * +- */ +-sss_status_t sss_se05x_asymmetric_verify( +- sss_se05x_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t signatureLen); +- +-/** Read with attestation +- * +- */ +-sss_status_t sss_se05x_key_store_get_key_attst(sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- uint8_t *key, +- size_t *keylen, +- size_t *pKeyBitLen, +- sss_se05x_object_t *keyObject_attst, +- sss_algorithm_t algorithm_attst, +- uint8_t *random_attst, +- size_t randomLen_attst, +- sss_se05x_attst_data_t *attst_data); +- +-uint32_t se05x_sssKeyTypeLenToCurveId(sss_cipher_type_t keyType, size_t keyBits); +- +-/** @addtogroup se050_i2cm +- * +- * @{ +-*/ +- +-/** @brief Se05x_i2c_master_txn +-* +-* I2CM Transaction +-* +-* @param[in] sess session identifier +-* @param[in,out] cmds Array of structure type capturing a sequence of i2c master cmd/rsp transactions. +-* @param[in] cmdLen Amount of structures contained in cmds +-* +-* @pre p describes I2C master commands. +-* @post p contains execution state of I2C master commands, the I2C master commands can be overwritten to report on execution failure. +-*/ +-smStatus_t Se05x_i2c_master_txn(sss_session_t *sess, SE05x_I2CM_cmd_t *cmds, uint8_t cmdLen); +- +-/** @brief Se05x_i2c_master_attst_txn +- * +- * I2CM Read With Attestation +- * +- * @param[in] sess session identifier +- * @param[in] keyObject Keyobject which contains 4 byte attestaion KeyId +- * @param[in,out] p Array of structure type capturing a sequence of i2c master cmd/rsp transactions. +- * @param[in] random_attst 16-byte freshness random +- * @param[in] random_attstLen length of freshness random +- * @param[in] attst_algo 1 byte attestationAlgo +- * @param[out] ptimeStamp timestamp +- * @param[out] timeStampLen Length for timestamp +- * @param[out] freshness freshness (random) +- * @param[out] pfreshnessLen Length for freshness +- * @param[out] chipId unique chip Id +- * @param[out] pchipIdLen Length for chipId +- * @param[out] signature signature +- * @param[out] psignatureLen Length for signature +- * @param[in] noOftags Amount of structures contained in ``p`` +- * +- * @pre p describes I2C master commands. +- * @post p contains execution state of I2C master commands, the I2C master commands can be overwritten to report on execution failure. +- */ +-smStatus_t Se05x_i2c_master_attst_txn(sss_session_t *sess, +- sss_object_t *keyObject, +- SE05x_I2CM_cmd_t *p, +- uint8_t *random_attst, +- size_t random_attstLen, +- SE05x_AttestationAlgo_t attst_algo, +- SE05x_TimeStamp_t *ptimeStamp, +- size_t *timeStampLen, +- uint8_t *freshness, +- size_t *pfreshnessLen, +- uint8_t *chipId, +- size_t *pchipIdLen, +- uint8_t *signature, +- size_t *psignatureLen, +- uint8_t noOftags); +- +-/*! +- *@} +- */ /* end of se050_i2cm */ +- +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +- +-#endif /* SSS_APIS_INC_FSL_SSS_SE05X_TYPES_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_sscp.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_sscp.h +deleted file mode 100644 +index b80f0c3e6d..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_sscp.h ++++ /dev/null +@@ -1,717 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef _FSL_SSS_SSCP_H_ +-#define _FSL_SSS_SSCP_H_ +- +-#include "fsl_sscp.h" +-#include "fsl_sss_api.h" +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if !defined(SSS_SSCP_CONFIG_FILE) +-#include "fsl_sss_sscp_config.h" +-#else +-#include SSS_SSCP_CONFIG_FILE +-#endif +- +-#define SSS_SUBSYSTEM_TYPE_IS_SSCP(subsystem) ((subsystem == kType_SSS_SE_A71CH) || (subsystem == kType_SSS_SE_A71CL)) +- +-#define SSS_SESSION_TYPE_IS_SSCP(session) (session && SSS_SUBSYSTEM_TYPE_IS_SSCP(session->subsystem)) +- +-#define SSS_KEY_STORE_TYPE_IS_SSCP(keyStore) (keyStore && SSS_SESSION_TYPE_IS_SSCP(keyStore->session)) +- +-#define SSS_OBJECT_TYPE_IS_SSCP(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_SSCP(pObject->keyStore)) +- +-#define SSS_DERIVE_KEY_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) +- +-#define SSS_ASYMMETRIC_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) +- +-#define SSS_SYMMETRIC_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) +- +-#define SSS_MAC_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) +- +-#define SSS_RNG_CONTEXT_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) +- +-#define SSS_DIGEST_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) +- +-#define SSS_AEAD_TYPE_IS_SSCP(context) (context && SSS_SESSION_TYPE_IS_SSCP(context->session)) +- +-typedef enum +-{ +- kSSS_SSCP_SessionProp_CertUID = kSSS_SessionProp_au8_Proprietary_Start + 1, +-} sss_sscp_sesion_prop_au8_t; +- +-typedef enum +-{ +- kSSS_SSCP_SessionProp_CertUIDLen = kSSS_SessionProp_u32_Optional_Start + 1, +-} sss_sscp_sesion_prop_u32_t; +- +-typedef void (*fn_sscp_close_t)(void); +- +-typedef struct _sss_sscp_session +-{ +- /*! Indicates which security subsystem is selected to be used. */ +- sss_type_t subsystem; +- +- /*! Implementation specific part +- * This will be NULL unitl and unless we are not ready to use the sscp_context. +- */ +- sscp_context_t *sscp_context; +- /** +- * Allocated structure, not to be used directly... +- * Use only sscp_context */ +- sscp_context_t mem_sscp_ctx; +- /** session identifier */ +- uint32_t sessionId; +- /** Function pointer that can be used to close the last active session. */ +- fn_sscp_close_t fp_closeConnection; +-} sss_sscp_session_t; +- +-typedef struct _sss_sscp_key_store +-{ +- /*! Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_sscp_session_t *session; +- /*! Implementation specific part */ +- uint32_t keyStoreId; +-} sss_sscp_key_store_t; +- +-typedef struct _sss_sscp_object +-{ +- /*! key store holding the data and other properties */ +- sss_sscp_key_store_t *keyStore; +- +- uint32_t objectType; /*!< Object types */ +- uint32_t cipherType; /*!< Cipher types */ +- /*! Application specific key identifier. The keyId is kept in the key store along with the key data and other +- * properties. */ +- uint32_t keyId; +- +- void *transientObject; +- size_t transientObjectLen; +- size_t transientObjectBitLen; +- uint8_t slotId; +-} sss_sscp_object_t; +- +-/*! @brief ::sss_symmetric_t with SSCP specific information */ +-typedef struct _sss_sscp_symmetric +-{ +- /*! Virtual connection between application (user context) and +- specific security subsystem and function thereof. */ +- sss_sscp_session_t *session; +- sss_sscp_object_t *keyObject; /*!< Reference to key and it's properties. */ +- sss_algorithm_t algorithm; /*!< What eventual operation algorithm be performed */ +- sss_mode_t mode; /*!< High level operation, encrypt/decrypt/etc. */ +- uint32_t sessionId; /*!< Session identifier in case of parallel contexts */ +- /*! Implementation specific part */ +- struct +- { +- uint8_t data[SSS_SSCP_SYMMETRIC_CONTEXT_SIZE]; +- } context; +-} sss_sscp_symmetric_t; +- +-typedef struct _sss_sscp_aead +-{ +- /*! Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_sscp_session_t *session; +- sss_sscp_object_t *keyObject; /*!< Reference to key and it's properties. */ +- sss_algorithm_t algorithm; /*!< */ +- sss_mode_t mode; /*!< */ +- +- /*! Implementation specific part */ +-} sss_sscp_aead_t; +- +-typedef struct _sss_sscp_digest +-{ +- /*! Virtual connection between application (user context) and specific security subsystem and function thereof. */ +- sss_sscp_session_t *session; +- sss_algorithm_t algorithm; /*!< */ +- sss_mode_t mode; /*!< */ +- /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ +- size_t digestFullLen; +- +- /*! Implementation specific part */ +- struct +- { +- uint8_t data[SSS_SSCP_DIGEST_CONTEXT_SIZE]; +- } context; +-} sss_sscp_digest_t; +- +-typedef struct _sss_sscp_mac +-{ +- /*! Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_sscp_session_t *session; +- sss_sscp_object_t *keyObject; /*!< Reference to key and it's properties. */ +- sss_algorithm_t algorithm; /*!< */ +- sss_mode_t mode; /*!< */ +- +- /*! Implementation specific part */ +- uint32_t macFullLen; +- struct +- { +- uint8_t data[SSS_SSCP_MAC_CONTEXT_SIZE]; +- } context; +-} sss_sscp_mac_t; +- +-typedef struct _sss_sscp_asymmetric +-{ +- sss_sscp_session_t *session; +- sss_sscp_object_t *keyObject; +- sss_algorithm_t algorithm; /*!< */ +- sss_mode_t mode; /*!< */ +- size_t signatureFullLen; +- uint32_t sessionId; /*!< */ +- /*! Implementation specific part */ +-} sss_sscp_asymmetric_t; +- +-typedef struct _sss_sscp_tunnel +-{ +- sss_sscp_session_t *session; +- uint32_t tunnelType; +- uint32_t sessionId; /*!< */ +- /*! Implementation specific part */ +-} sss_sscp_tunnel_t; +- +-typedef struct _sss_sscp_derive_key +-{ +- sss_sscp_session_t *session; +- sss_sscp_object_t *keyObject; +- sss_algorithm_t algorithm; /*!< */ +- sss_mode_t mode; /*!< */ +- uint32_t sessionId; /*!< */ +- /*! Implementation specific part */ +-} sss_sscp_derive_key_t; +- +-typedef struct +-{ +- /** Context holder of session */ +- sss_sscp_session_t *session; +-} sss_sscp_rng_context_t; +- +-/******************************************************************************* +- * API +- ******************************************************************************/ +-#if defined(__cplusplus) +-extern "C" { +-#endif +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +-/** +- * @addtogroup sss_sscp_session +- * @{ +- */ +-/** @copydoc sss_session_open +- * +- */ +-sss_status_t sss_sscp_session_open(sss_sscp_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData); +- +-/** @copydoc sss_session_prop_get_u32 +- * +- */ +-sss_status_t sss_sscp_session_prop_get_u32(sss_sscp_session_t *session, uint32_t property, uint32_t *pValue); +- +-/** @copydoc sss_session_prop_get_au8 +- * +- */ +-sss_status_t sss_sscp_session_prop_get_au8( +- sss_sscp_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); +- +-/** @copydoc sss_session_close +- * +- */ +-void sss_sscp_session_close(sss_sscp_session_t *session); +- +-/*! @} */ /* end of : sss_sscp_session */ +- +-/** +- * @addtogroup sss_sscp_keyobj +- * @{ +- */ +-/** @copydoc sss_key_object_init +- * +- */ +-sss_status_t sss_sscp_key_object_init(sss_sscp_object_t *keyObject, sss_sscp_key_store_t *keyStore); +- +-/** @copydoc sss_key_object_allocate_handle +- * +- */ +-sss_status_t sss_sscp_key_object_allocate_handle(sss_sscp_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t options); +- +-/** @copydoc sss_key_object_get_handle +- * +- */ +-sss_status_t sss_sscp_key_object_get_handle(sss_sscp_object_t *keyObject, uint32_t keyId); +- +-/** @copydoc sss_key_object_set_user +- * +- */ +-sss_status_t sss_sscp_key_object_set_user(sss_sscp_object_t *keyObject, uint32_t user, uint32_t options); +- +-/** @copydoc sss_key_object_set_purpose +- * +- */ +-sss_status_t sss_sscp_key_object_set_purpose(sss_sscp_object_t *keyObject, sss_mode_t purpose, uint32_t options); +- +-/** @copydoc sss_key_object_set_access +- * +- */ +-sss_status_t sss_sscp_key_object_set_access(sss_sscp_object_t *keyObject, uint32_t access, uint32_t options); +- +-/** @copydoc sss_key_object_set_eccgfp_group +- * +- */ +-sss_status_t sss_sscp_key_object_set_eccgfp_group(sss_sscp_object_t *keyObject, sss_eccgfp_group_t *group); +- +-/** @copydoc sss_key_object_get_user +- * +- */ +-sss_status_t sss_sscp_key_object_get_user(sss_sscp_object_t *keyObject, uint32_t *user); +- +-/** @copydoc sss_key_object_get_purpose +- * +- */ +-sss_status_t sss_sscp_key_object_get_purpose(sss_sscp_object_t *keyObject, sss_mode_t *purpose); +- +-/** @copydoc sss_key_object_get_access +- * +- */ +-sss_status_t sss_sscp_key_object_get_access(sss_sscp_object_t *keyObject, uint32_t *access); +- +-/** @copydoc sss_key_object_free +- * +- */ +-void sss_sscp_key_object_free(sss_sscp_object_t *keyObject); +- +-/*! @} */ /* end of : sss_sscp_keyobj */ +- +-/** +- * @addtogroup sss_sscp_keyderive +- * @{ +- */ +-/** @copydoc sss_derive_key_context_init +- * +- */ +-sss_status_t sss_sscp_derive_key_context_init(sss_sscp_derive_key_t *context, +- sss_sscp_session_t *session, +- sss_sscp_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_derive_key_one_go +-* +-*/ +-sss_status_t sss_sscp_derive_key_one_go(sss_sscp_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_sscp_object_t *derivedKeyObject, +- uint16_t deriveDataLen); +- +-/** @copydoc sss_derive_key_sobj_one_go +-* +-*/ +-sss_status_t sss_sscp_derive_key_sobj_one_go(sss_sscp_derive_key_t *context, +- sss_sscp_object_t *saltKeyObject, +- const uint8_t *info, +- size_t infoLen, +- sss_sscp_object_t *derivedKeyObject, +- uint16_t deriveDataLen); +- +-/** @copydoc sss_derive_key_go +- * +- */ +-sss_status_t sss_sscp_derive_key_go(sss_sscp_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_sscp_object_t *derivedKeyObject, +- uint16_t deriveDataLen, +- uint8_t *hkdfOutput, +- size_t *hkdfOutputLen); +- +-/** @copydoc sss_derive_key_dh +- * +- */ +-sss_status_t sss_sscp_derive_key_dh( +- sss_sscp_derive_key_t *context, sss_sscp_object_t *otherPartyKeyObject, sss_sscp_object_t *derivedKeyObject); +- +-/** @copydoc sss_derive_key_context_free +- * +- */ +-void sss_sscp_derive_key_context_free(sss_sscp_derive_key_t *context); +- +-/*! @} */ /* end of : sss_sscp_keyderive */ +- +-/** +- * @addtogroup sss_sscp_keystore +- * @{ +- */ +-/** @copydoc sss_key_store_context_init +- * +- */ +-sss_status_t sss_sscp_key_store_context_init(sss_sscp_key_store_t *keyStore, sss_sscp_session_t *session); +- +-/** @copydoc sss_key_store_allocate +- * +- */ +-sss_status_t sss_sscp_key_store_allocate(sss_sscp_key_store_t *keyStore, uint32_t keyStoreId); +- +-/** @copydoc sss_key_store_save +- * +- */ +-sss_status_t sss_sscp_key_store_save(sss_sscp_key_store_t *keyStore); +- +-/** @copydoc sss_key_store_load +- * +- */ +-sss_status_t sss_sscp_key_store_load(sss_sscp_key_store_t *keyStore); +- +-/** @copydoc sss_key_store_set_key +- * +- */ +-sss_status_t sss_sscp_key_store_set_key(sss_sscp_key_store_t *keyStore, +- sss_sscp_object_t *keyObject, +- const uint8_t *data, +- size_t dataLen, +- size_t keyBitLen, +- void *options, +- size_t optionsLen); +- +-/** @copydoc sss_key_store_generate_key +- * +- */ +-sss_status_t sss_sscp_key_store_generate_key( +- sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject, size_t keyBitLen, void *options); +- +-/** @copydoc sss_key_store_get_key +- * +- */ +-sss_status_t sss_sscp_key_store_get_key( +- sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject, uint8_t *data, size_t *dataLen, size_t *pKeyBitLen); +- +-#if 0 +-/* To be reviewed: Purnank */ +-/** @copydoc sss_sscp_key_store_get_key_fromoffset +- * +- */ +-sss_status_t sss_sscp_key_store_get_key_fromoffset(sss_sscp_key_store_t *keyStore, +- sss_sscp_object_t *keyObject, +- uint8_t *data, +- size_t *dataLen, +- size_t *pKeyBitLen, +- uint16_t offset); +-#endif +-/** @copydoc sss_key_store_open_key +- * +- */ +-sss_status_t sss_sscp_key_store_open_key(sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject); +- +-/** @copydoc sss_key_store_freeze_key +- * +- */ +-sss_status_t sss_sscp_key_store_freeze_key(sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject); +- +-/** @copydoc sss_key_store_erase_key +- * +- */ +-sss_status_t sss_sscp_key_store_erase_key(sss_sscp_key_store_t *keyStore, sss_sscp_object_t *keyObject); +- +-/** @copydoc sss_key_store_context_free +- * +- */ +-void sss_sscp_key_store_context_free(sss_sscp_key_store_t *keyStore); +- +-/*! @} */ /* end of : sss_sscp_keystore */ +- +-/** +- * @addtogroup sss_sscp_asym +- * @{ +- */ +-/** @copydoc sss_asymmetric_context_init +- * +- */ +-sss_status_t sss_sscp_asymmetric_context_init(sss_sscp_asymmetric_t *context, +- sss_sscp_session_t *session, +- sss_sscp_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_asymmetric_encrypt +- * +- */ +-sss_status_t sss_sscp_asymmetric_encrypt( +- sss_sscp_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_asymmetric_decrypt +- * +- */ +-sss_status_t sss_sscp_asymmetric_decrypt( +- sss_sscp_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_asymmetric_sign_digest +- * +- */ +-sss_status_t sss_sscp_asymmetric_sign_digest( +- sss_sscp_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); +- +-/** @copydoc sss_asymmetric_verify_digest +- * +- */ +-sss_status_t sss_sscp_asymmetric_verify_digest( +- sss_sscp_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); +- +-/** @copydoc sss_asymmetric_context_free +- * +- */ +-void sss_sscp_asymmetric_context_free(sss_sscp_asymmetric_t *context); +- +-/*! @} */ /* end of : sss_sscp_asym */ +- +-/** +- * @addtogroup sss_sscp_symm +- * @{ +- */ +-/** @copydoc sss_symmetric_context_init +- * +- */ +-sss_status_t sss_sscp_symmetric_context_init(sss_sscp_symmetric_t *context, +- sss_sscp_session_t *session, +- sss_sscp_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_cipher_one_go +- * +- */ +-sss_status_t sss_sscp_cipher_one_go(sss_sscp_symmetric_t *context, +- uint8_t *iv, +- size_t ivLen, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t dataLen); +- +-/** @copydoc sss_cipher_init +- * +- */ +-sss_status_t sss_sscp_cipher_init(sss_sscp_symmetric_t *context, uint8_t *iv, size_t ivLen); +- +-/** @copydoc sss_cipher_update +- * +- */ +-sss_status_t sss_sscp_cipher_update( +- sss_sscp_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_cipher_finish +- * +- */ +-sss_status_t sss_sscp_cipher_finish( +- sss_sscp_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_cipher_crypt_ctr +- * +- */ +-sss_status_t sss_sscp_cipher_crypt_ctr(sss_sscp_symmetric_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *initialCounter, +- uint8_t *lastEncryptedCounter, +- size_t *szLeft); +- +-/** @copydoc sss_symmetric_context_free +- * +- */ +-void sss_sscp_symmetric_context_free(sss_sscp_symmetric_t *context); +- +-/*! @} */ /* end of : sss_sscp_symm */ +- +-/** +- * @addtogroup sss_sscp_aead +- * @{ +- */ +-/** @copydoc sss_aead_context_init +- * +- */ +-sss_status_t sss_sscp_aead_context_init(sss_sscp_aead_t *context, +- sss_sscp_session_t *session, +- sss_sscp_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_aead_one_go +- * +- */ +-sss_status_t sss_sscp_aead_one_go(sss_sscp_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen); +- +-/** @copydoc sss_aead_init +- * +- */ +-sss_status_t sss_sscp_aead_init( +- sss_sscp_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); +- +-/** @copydoc sss_aead_update_aad +- * +- */ +-sss_status_t sss_sscp_aead_update_aad(sss_sscp_aead_t *context, const uint8_t *aadData, size_t aadDataLen); +- +-/** @copydoc sss_aead_update +- * +- */ +-sss_status_t sss_sscp_aead_update( +- sss_sscp_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_aead_finish +- * +- */ +-sss_status_t sss_sscp_aead_finish(sss_sscp_aead_t *context, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen, +- uint8_t *tag, +- size_t *tagLen); +- +-/** @copydoc sss_aead_context_free +- * +- */ +-void sss_sscp_aead_context_free(sss_sscp_aead_t *context); +- +-/*! @} */ /* end of : sss_sscp_aead */ +- +-/** +- * @addtogroup sss_sscp_mac +- * @{ +- */ +-/** @copydoc sss_mac_context_init +- * +- */ +-sss_status_t sss_sscp_mac_context_init(sss_sscp_mac_t *context, +- sss_sscp_session_t *session, +- sss_sscp_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_mac_one_go +- * +- */ +-sss_status_t sss_sscp_mac_one_go( +- sss_sscp_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); +- +-/** @copydoc sss_mac_init +- * +- */ +-sss_status_t sss_sscp_mac_init(sss_sscp_mac_t *context); +- +-/** @copydoc sss_mac_update +- * +- */ +-sss_status_t sss_sscp_mac_update(sss_sscp_mac_t *context, const uint8_t *message, size_t messageLen); +- +-/** @copydoc sss_mac_finish +- * +- */ +-sss_status_t sss_sscp_mac_finish(sss_sscp_mac_t *context, uint8_t *mac, size_t *macLen); +- +-/** @copydoc sss_mac_context_free +- * +- */ +-void sss_sscp_mac_context_free(sss_sscp_mac_t *context); +- +-/*! @} */ /* end of : sss_sscp_mac */ +- +-/** +- * @addtogroup sss_sscp_md +- * @{ +- */ +-/** @copydoc sss_digest_context_init +- * +- */ +-sss_status_t sss_sscp_digest_context_init( +- sss_sscp_digest_t *context, sss_sscp_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); +- +-/** @copydoc sss_digest_one_go +- * +- */ +-sss_status_t sss_sscp_digest_one_go( +- sss_sscp_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); +- +-/** @copydoc sss_digest_init +- * +- */ +-sss_status_t sss_sscp_digest_init(sss_sscp_digest_t *context); +- +-/** @copydoc sss_digest_update +- * +- */ +-sss_status_t sss_sscp_digest_update(sss_sscp_digest_t *context, const uint8_t *message, size_t messageLen); +- +-/** @copydoc sss_digest_finish +- * +- */ +-sss_status_t sss_sscp_digest_finish(sss_sscp_digest_t *context, uint8_t *digest, size_t *digestLen); +- +-/** @copydoc sss_digest_context_free +- * +- */ +-void sss_sscp_digest_context_free(sss_sscp_digest_t *context); +- +-/*! @} */ /* end of : sss_sscp_md */ +- +-/** +- * @addtogroup sss_sscp_rng +- * @{ +- */ +-/** @copydoc sss_rng_context_init +- * +- */ +-sss_status_t sss_sscp_rng_context_init(sss_sscp_rng_context_t *context, sss_sscp_session_t *session); +- +-/** @copydoc sss_rng_get_random +- * +- */ +-sss_status_t sss_sscp_rng_get_random(sss_sscp_rng_context_t *context, uint8_t *random_data, size_t dataLen); +- +-/** @copydoc sss_rng_context_free +- * +- */ +-sss_status_t sss_sscp_rng_context_free(sss_sscp_rng_context_t *context); +- +-/*! @} */ /* end of : sss_sscp_rng */ +- +-#if defined(__cplusplus) +-} +-#endif +- +-#endif /* _FSL_SSS_SSCP_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_apis.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_apis.h +deleted file mode 100644 +index 65900ab508..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_apis.h ++++ /dev/null +@@ -1,627 +0,0 @@ +-/* +- * +- * Copyright 2018,2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef fsl_sss_user_apis_H +-#define fsl_sss_user_apis_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif /* __cplusplus */ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_HOSTCRYPTO_USER +-#include +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +-/** +- * @addtogroup sss_user_impl_session +- * @{ +- */ +-/** @copydoc sss_session_create +- * +- */ +-sss_status_t sss_user_impl_session_create(sss_user_impl_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connetion_type, +- void *connectionData); +- +-/** @copydoc sss_session_open +- * +- */ +-sss_status_t sss_user_impl_session_open(sss_user_impl_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connetion_type, +- void *connectionData); +- +-/** @copydoc sss_session_prop_get_u32 +- * +- */ +-sss_status_t sss_user_impl_session_prop_get_u32(sss_user_impl_session_t *session, uint32_t property, uint32_t *pValue); +- +-/** @copydoc sss_session_prop_get_au8 +- * +- */ +-sss_status_t sss_user_impl_session_prop_get_au8( +- sss_user_impl_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); +- +-/** @copydoc sss_session_close +- * +- */ +-void sss_user_impl_session_close(sss_user_impl_session_t *session); +- +-/** @copydoc sss_session_delete +- * +- */ +-void sss_user_impl_session_delete(sss_user_impl_session_t *session); +- +-/*! @} */ /* end of : sss_user_impl_session */ +- +-/** +- * @addtogroup sss_user_impl_keyobj +- * @{ +- */ +-/** @copydoc sss_key_object_init +- * +- */ +-sss_status_t sss_user_impl_key_object_init(sss_user_impl_object_t *keyObject, sss_user_impl_key_store_t *keyStore); +- +-/** @copydoc sss_key_object_allocate_handle +- * +- */ +-sss_status_t sss_user_impl_key_object_allocate_handle(sss_user_impl_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t options); +- +-/** @copydoc sss_key_object_get_handle +- * +- */ +-sss_status_t sss_user_impl_key_object_get_handle(sss_user_impl_object_t *keyObject, uint32_t keyId); +- +-/** @copydoc sss_key_object_set_user +- * +- */ +-sss_status_t sss_user_impl_key_object_set_user(sss_user_impl_object_t *keyObject, uint32_t user, uint32_t options); +- +-/** @copydoc sss_key_object_set_purpose +- * +- */ +-sss_status_t sss_user_impl_key_object_set_purpose( +- sss_user_impl_object_t *keyObject, sss_mode_t purpose, uint32_t options); +- +-/** @copydoc sss_key_object_set_access +- * +- */ +-sss_status_t sss_user_impl_key_object_set_access(sss_user_impl_object_t *keyObject, uint32_t access, uint32_t options); +- +-/** @copydoc sss_key_object_set_eccgfp_group +- * +- */ +-sss_status_t sss_user_impl_key_object_set_eccgfp_group(sss_user_impl_object_t *keyObject, sss_eccgfp_group_t *group); +- +-/** @copydoc sss_key_object_get_user +- * +- */ +-sss_status_t sss_user_impl_key_object_get_user(sss_user_impl_object_t *keyObject, uint32_t *user); +- +-/** @copydoc sss_key_object_get_purpose +- * +- */ +-sss_status_t sss_user_impl_key_object_get_purpose(sss_user_impl_object_t *keyObject, sss_mode_t *purpose); +- +-/** @copydoc sss_key_object_get_access +- * +- */ +-sss_status_t sss_user_impl_key_object_get_access(sss_user_impl_object_t *keyObject, uint32_t *access); +- +-/** @copydoc sss_key_object_free +- * +- */ +-void sss_user_impl_key_object_free(sss_user_impl_object_t *keyObject); +- +-/*! @} */ /* end of : sss_user_impl_keyobj */ +- +-/** +- * @addtogroup sss_user_impl_keyderive +- * @{ +- */ +-/** @copydoc sss_derive_key_context_init +- * +- */ +-sss_status_t sss_user_impl_derive_key_context_init(sss_user_impl_derive_key_t *context, +- sss_user_impl_session_t *session, +- sss_user_impl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_derive_key_go +- * +- */ +-sss_status_t sss_user_impl_derive_key_go(sss_user_impl_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_user_impl_object_t *derivedKeyObject, +- uint16_t deriveDataLen, +- uint8_t *hkdfOutput, +- size_t *hkdfOutputLen); +- +-/** @copydoc sss_derive_key_dh +- * +- */ +-sss_status_t sss_user_impl_derive_key_dh(sss_user_impl_derive_key_t *context, +- sss_user_impl_object_t *otherPartyKeyObject, +- sss_user_impl_object_t *derivedKeyObject); +- +-/** @copydoc sss_derive_key_context_free +- * +- */ +-void sss_user_impl_derive_key_context_free(sss_user_impl_derive_key_t *context); +- +-/*! @} */ /* end of : sss_user_impl_keyderive */ +- +-/** +- * @addtogroup sss_user_impl_keystore +- * @{ +- */ +-/** @copydoc sss_key_store_context_init +- * +- */ +-sss_status_t sss_user_impl_key_store_context_init( +- sss_user_impl_key_store_t *keyStore, sss_user_impl_session_t *session); +- +-/** @copydoc sss_key_store_allocate +- * +- */ +-sss_status_t sss_user_impl_key_store_allocate(sss_user_impl_key_store_t *keyStore, uint32_t keyStoreId); +- +-/** @copydoc sss_key_store_save +- * +- */ +-sss_status_t sss_user_impl_key_store_save(sss_user_impl_key_store_t *keyStore); +- +-/** @copydoc sss_key_store_load +- * +- */ +-sss_status_t sss_user_impl_key_store_load(sss_user_impl_key_store_t *keyStore); +- +-/** @copydoc sss_key_store_set_key +- * +- */ +-sss_status_t sss_user_impl_key_store_set_key(sss_user_impl_key_store_t *keyStore, +- sss_user_impl_object_t *keyObject, +- const uint8_t *data, +- size_t dataLen, +- size_t keyBitLen, +- void *options, +- size_t optionsLen); +- +-/** @copydoc sss_key_store_generate_key +- * +- */ +-sss_status_t sss_user_impl_key_store_generate_key( +- sss_user_impl_key_store_t *keyStore, sss_user_impl_object_t *keyObject, size_t keyBitLen, void *options); +- +-/** @copydoc sss_key_store_get_key +- * +- */ +-sss_status_t sss_user_impl_key_store_get_key(sss_user_impl_key_store_t *keyStore, +- sss_user_impl_object_t *keyObject, +- uint8_t *data, +- size_t *dataLen, +- size_t *pKeyBitLen); +- +-/** @copydoc sss_key_store_open_key +- * +- */ +-sss_status_t sss_user_impl_key_store_open_key(sss_user_impl_key_store_t *keyStore, sss_user_impl_object_t *keyObject); +- +-/** @copydoc sss_key_store_freeze_key +- * +- */ +-sss_status_t sss_user_impl_key_store_freeze_key(sss_user_impl_key_store_t *keyStore, sss_user_impl_object_t *keyObject); +- +-/** @copydoc sss_key_store_erase_key +- * +- */ +-sss_status_t sss_user_impl_key_store_erase_key(sss_user_impl_key_store_t *keyStore, sss_user_impl_object_t *keyObject); +- +-/** @copydoc sss_key_store_prop_get_u32 +- * +- */ +-sss_status_t sss_user_impl_key_store_prop_get_u32( +- sss_user_impl_key_store_t *session, uint32_t property, uint32_t *pValue); +- +-/** @copydoc sss_key_store_prop_get_au8 +- * +- */ +-sss_status_t sss_user_impl_key_store_prop_get_au8( +- sss_user_impl_key_store_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen); +- +-/** @copydoc sss_key_store_context_free +- * +- */ +-void sss_user_impl_key_store_context_free(sss_user_impl_key_store_t *keyStore); +- +-/*! @} */ /* end of : sss_user_impl_keystore */ +- +-/** +- * @addtogroup sss_user_impl_asym +- * @{ +- */ +-/** @copydoc sss_asymmetric_context_init +- * +- */ +-sss_status_t sss_user_impl_asymmetric_context_init(sss_user_impl_asymmetric_t *context, +- sss_user_impl_session_t *session, +- sss_user_impl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_asymmetric_encrypt +- * +- */ +-sss_status_t sss_user_impl_asymmetric_encrypt( +- sss_user_impl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_asymmetric_decrypt +- * +- */ +-sss_status_t sss_user_impl_asymmetric_decrypt( +- sss_user_impl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_asymmetric_sign_digest +- * +- */ +-sss_status_t sss_user_impl_asymmetric_sign_digest( +- sss_user_impl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen); +- +-/** @copydoc sss_asymmetric_verify_digest +- * +- */ +-sss_status_t sss_user_impl_asymmetric_verify_digest( +- sss_user_impl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen); +- +-/** @copydoc sss_asymmetric_context_free +- * +- */ +-void sss_user_impl_asymmetric_context_free(sss_user_impl_asymmetric_t *context); +- +-/*! @} */ /* end of : sss_user_impl_asym */ +- +-/** +- * @addtogroup sss_user_impl_symm +- * @{ +- */ +-/** @copydoc sss_symmetric_context_init +- * +- */ +-sss_status_t sss_user_impl_symmetric_context_init(sss_user_impl_symmetric_t *context, +- sss_user_impl_session_t *session, +- sss_user_impl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_cipher_one_go +- * +- */ +-sss_status_t sss_user_impl_cipher_one_go(sss_user_impl_symmetric_t *context, +- uint8_t *iv, +- size_t ivLen, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t dataLen); +- +-/** @copydoc sss_cipher_init +- * +- */ +-sss_status_t sss_user_impl_cipher_init(sss_user_impl_symmetric_t *context, uint8_t *iv, size_t ivLen); +- +-/** @copydoc sss_cipher_update +- * +- */ +-sss_status_t sss_user_impl_cipher_update( +- sss_user_impl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_cipher_finish +- * +- */ +-sss_status_t sss_user_impl_cipher_finish( +- sss_user_impl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen); +- +-/** @copydoc sss_cipher_crypt_ctr +- * +- */ +-sss_status_t sss_user_impl_cipher_crypt_ctr(sss_user_impl_symmetric_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *initialCounter, +- uint8_t *lastEncryptedCounter, +- size_t *szLeft); +- +-/** @copydoc sss_symmetric_context_free +- * +- */ +-void sss_user_impl_symmetric_context_free(sss_user_impl_symmetric_t *context); +- +-/*! @} */ /* end of : sss_user_impl_symm */ +- +-/** +- * @addtogroup sss_user_impl_aead +- * @{ +- */ +- +-/** +- * @addtogroup sss_user_impl_mac +- * @{ +- */ +-/** @copydoc sss_mac_context_init +- * +- */ +-sss_status_t sss_user_impl_mac_context_init(sss_user_impl_mac_t *context, +- sss_user_impl_session_t *session, +- sss_user_impl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode); +- +-/** @copydoc sss_mac_one_go +- * +- */ +-sss_status_t sss_user_impl_mac_one_go( +- sss_user_impl_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen); +- +-/** @copydoc sss_mac_init +- * +- */ +-sss_status_t sss_user_impl_mac_init(sss_user_impl_mac_t *context); +- +-/** @copydoc sss_mac_update +- * +- */ +-sss_status_t sss_user_impl_mac_update(sss_user_impl_mac_t *context, const uint8_t *message, size_t messageLen); +- +-/** @copydoc sss_mac_finish +- * +- */ +-sss_status_t sss_user_impl_mac_finish(sss_user_impl_mac_t *context, uint8_t *mac, size_t *macLen); +- +-/** @copydoc sss_mac_context_free +- * +- */ +-void sss_user_impl_mac_context_free(sss_user_impl_mac_t *context); +- +-/*! @} */ /* end of : sss_user_impl_mac */ +- +-/** +- * @addtogroup sss_user_impl_md +- * @{ +- */ +-/** @copydoc sss_digest_context_init +- * +- */ +-sss_status_t sss_user_impl_digest_context_init( +- sss_user_impl_digest_t *context, sss_user_impl_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode); +- +-/** @copydoc sss_digest_one_go +- * +- */ +-sss_status_t sss_user_impl_digest_one_go( +- sss_user_impl_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen); +- +-/** @copydoc sss_digest_init +- * +- */ +-sss_status_t sss_user_impl_digest_init(sss_user_impl_digest_t *context); +- +-/** @copydoc sss_digest_update +- * +- */ +-sss_status_t sss_user_impl_digest_update(sss_user_impl_digest_t *context, const uint8_t *message, size_t messageLen); +- +-/** @copydoc sss_digest_finish +- * +- */ +-sss_status_t sss_user_impl_digest_finish(sss_user_impl_digest_t *context, uint8_t *digest, size_t *digestLen); +- +-/** @copydoc sss_digest_context_free +- * +- */ +-void sss_user_impl_digest_context_free(sss_user_impl_digest_t *context); +- +-/*! @} */ /* end of : sss_user_impl_md */ +- +-/** +- * @addtogroup sss_user_impl_rng +- * @{ +- */ +-/** @copydoc sss_rng_context_init +- * +- */ +-sss_status_t sss_user_impl_rng_context_init(sss_user_impl_rng_context_t *context, sss_user_impl_session_t *session); +- +-/** @copydoc sss_rng_get_random +- * +- */ +-sss_status_t sss_user_impl_rng_get_random(sss_user_impl_rng_context_t *context, uint8_t *random_data, size_t dataLen); +- +-/** @copydoc sss_rng_context_free +- * +- */ +-sss_status_t sss_user_impl_rng_context_free(sss_user_impl_rng_context_t *context); +- +-/*! @} */ /* end of : sss_user_impl_rng */ +- +-/* clang-format off */ +- +- /* Host Call : session */ +-# define sss_host_session_create(session,subsystem,application_id,connetion_type,connectionData) \ +- sss_user_impl_session_create(((sss_user_impl_session_t * ) session),(subsystem),(application_id),(connetion_type),(connectionData)) +-# define sss_host_session_open(session,subsystem,application_id,connetion_type,connectionData) \ +- sss_user_impl_session_open(((sss_user_impl_session_t * ) session),(subsystem),(application_id),(connetion_type),(connectionData)) +-# define sss_host_session_prop_get_u32(session,property,pValue) \ +- sss_user_impl_session_prop_get_u32(((sss_user_impl_session_t * ) session),(property),(pValue)) +-# define sss_host_session_prop_get_au8(session,property,pValue,pValueLen) \ +- sss_user_impl_session_prop_get_au8(((sss_user_impl_session_t * ) session),(property),(pValue),(pValueLen)) +-# define sss_host_session_close(session) \ +- sss_user_impl_session_close(((sss_user_impl_session_t * ) session)) +-# define sss_host_session_delete(session) \ +- sss_user_impl_session_delete(((sss_user_impl_session_t * ) session)) +- /* Host Call : keyobj */ +-# define sss_host_key_object_init(keyObject,keyStore) \ +- sss_user_impl_key_object_init(((sss_user_impl_object_t * ) keyObject),((sss_user_impl_key_store_t * ) keyStore)) +-# define sss_host_key_object_allocate_handle(keyObject,keyId,keyPart,cipherType,keyByteLenMax,options) \ +- sss_user_impl_key_object_allocate_handle(((sss_user_impl_object_t * ) keyObject),(keyId),(keyPart),(cipherType),(keyByteLenMax),(options)) +-# define sss_host_key_object_get_handle(keyObject,keyId) \ +- sss_user_impl_key_object_get_handle(((sss_user_impl_object_t * ) keyObject),(keyId)) +-# define sss_host_key_object_set_user(keyObject,user,options) \ +- sss_user_impl_key_object_set_user(((sss_user_impl_object_t * ) keyObject),(user),(options)) +-# define sss_host_key_object_set_purpose(keyObject,purpose,options) \ +- sss_user_impl_key_object_set_purpose(((sss_user_impl_object_t * ) keyObject),(purpose),(options)) +-# define sss_host_key_object_set_access(keyObject,access,options) \ +- sss_user_impl_key_object_set_access(((sss_user_impl_object_t * ) keyObject),(access),(options)) +-# define sss_host_key_object_set_eccgfp_group(keyObject,group) \ +- sss_user_impl_key_object_set_eccgfp_group(((sss_user_impl_object_t * ) keyObject),(group)) +-# define sss_host_key_object_get_user(keyObject,user) \ +- sss_user_impl_key_object_get_user(((sss_user_impl_object_t * ) keyObject),(user)) +-# define sss_host_key_object_get_purpose(keyObject,purpose) \ +- sss_user_impl_key_object_get_purpose(((sss_user_impl_object_t * ) keyObject),(purpose)) +-# define sss_host_key_object_get_access(keyObject,access) \ +- sss_user_impl_key_object_get_access(((sss_user_impl_object_t * ) keyObject),(access)) +-# define sss_host_key_object_free(keyObject) \ +- sss_user_impl_key_object_free(((sss_user_impl_object_t * ) keyObject)) +- /* Host Call : keyderive */ +-# define sss_host_derive_key_context_init(context,session,keyObject,algorithm,mode) \ +- sss_user_impl_derive_key_context_init(((sss_user_impl_derive_key_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_derive_key_go(context,saltData,saltLen,info,infoLen,derivedKeyObject,deriveDataLen,hkdfOutput,hkdfOutputLen) \ +- sss_user_impl_derive_key_go(((sss_user_impl_derive_key_t * ) context),(saltData),(saltLen),(info),(infoLen),((sss_user_impl_object_t * ) derivedKeyObject),(deriveDataLen),(hkdfOutput),(hkdfOutputLen)) +-# define sss_host_derive_key_dh(context,otherPartyKeyObject,derivedKeyObject) \ +- sss_user_impl_derive_key_dh(((sss_user_impl_derive_key_t * ) context),((sss_user_impl_object_t * ) otherPartyKeyObject),((sss_user_impl_object_t * ) derivedKeyObject)) +-# define sss_host_derive_key_context_free(context) \ +- sss_user_impl_derive_key_context_free(((sss_user_impl_derive_key_t * ) context)) +- /* Host Call : keystore */ +-# define sss_host_key_store_context_init(keyStore,session) \ +- sss_user_impl_key_store_context_init(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_session_t * ) session)) +-# define sss_host_key_store_allocate(keyStore,keyStoreId) \ +- sss_user_impl_key_store_allocate(((sss_user_impl_key_store_t * ) keyStore),(keyStoreId)) +-# define sss_host_key_store_save(keyStore) \ +- sss_user_impl_key_store_save(((sss_user_impl_key_store_t * ) keyStore)) +-# define sss_host_key_store_load(keyStore) \ +- sss_user_impl_key_store_load(((sss_user_impl_key_store_t * ) keyStore)) +-# define sss_host_key_store_set_key(keyStore,keyObject,data,dataLen,keyBitLen,options,optionsLen) \ +- sss_user_impl_key_store_set_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject),(data),(dataLen),(keyBitLen),(options),(optionsLen)) +-# define sss_host_key_store_generate_key(keyStore,keyObject,keyBitLen,options) \ +- sss_user_impl_key_store_generate_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject),(keyBitLen),(options)) +-# define sss_host_key_store_get_key(keyStore,keyObject,data,dataLen,pKeyBitLen) \ +- sss_user_impl_key_store_get_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject),(data),(dataLen),(pKeyBitLen)) +-# define sss_host_key_store_open_key(keyStore,keyObject) \ +- sss_user_impl_key_store_open_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject)) +-# define sss_host_key_store_freeze_key(keyStore,keyObject) \ +- sss_user_impl_key_store_freeze_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject)) +-# define sss_host_key_store_erase_key(keyStore,keyObject) \ +- sss_user_impl_key_store_erase_key(((sss_user_impl_key_store_t * ) keyStore),((sss_user_impl_object_t * ) keyObject)) +-# define sss_host_key_store_prop_get_u32(session,property,pValue) \ +- sss_user_impl_key_store_prop_get_u32(((sss_user_impl_key_store_t * ) session),(property),(pValue)) +-# define sss_host_key_store_prop_get_au8(session,property,pValue,pValueLen) \ +- sss_user_impl_key_store_prop_get_au8(((sss_user_impl_key_store_t * ) session),(property),(pValue),(pValueLen)) +-# define sss_host_key_store_context_free(keyStore) \ +- sss_user_impl_key_store_context_free(((sss_user_impl_key_store_t * ) keyStore)) +- /* Host Call : asym */ +-# define sss_host_asymmetric_context_init(context,session,keyObject,algorithm,mode) \ +- sss_user_impl_asymmetric_context_init(((sss_user_impl_asymmetric_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_asymmetric_encrypt(context,srcData,srcLen,destData,destLen) \ +- sss_user_impl_asymmetric_encrypt(((sss_user_impl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_asymmetric_decrypt(context,srcData,srcLen,destData,destLen) \ +- sss_user_impl_asymmetric_decrypt(((sss_user_impl_asymmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_asymmetric_sign_digest(context,digest,digestLen,signature,signatureLen) \ +- sss_user_impl_asymmetric_sign_digest(((sss_user_impl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) +-# define sss_host_asymmetric_verify_digest(context,digest,digestLen,signature,signatureLen) \ +- sss_user_impl_asymmetric_verify_digest(((sss_user_impl_asymmetric_t * ) context),(digest),(digestLen),(signature),(signatureLen)) +-# define sss_host_asymmetric_context_free(context) \ +- sss_user_impl_asymmetric_context_free(((sss_user_impl_asymmetric_t * ) context)) +- /* Host Call : symm */ +-# define sss_host_symmetric_context_init(context,session,keyObject,algorithm,mode) \ +- sss_user_impl_symmetric_context_init(((sss_user_impl_symmetric_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_cipher_one_go(context,iv,ivLen,srcData,destData,dataLen) \ +- sss_user_impl_cipher_one_go(((sss_user_impl_symmetric_t * ) context),(iv),(ivLen),(srcData),(destData),(dataLen)) +-# define sss_host_cipher_init(context,iv,ivLen) \ +- sss_user_impl_cipher_init(((sss_user_impl_symmetric_t * ) context),(iv),(ivLen)) +-# define sss_host_cipher_update(context,srcData,srcLen,destData,destLen) \ +- sss_user_impl_cipher_update(((sss_user_impl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_cipher_finish(context,srcData,srcLen,destData,destLen) \ +- sss_user_impl_cipher_finish(((sss_user_impl_symmetric_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_cipher_crypt_ctr(context,srcData,destData,size,initialCounter,lastEncryptedCounter,szLeft) \ +- sss_user_impl_cipher_crypt_ctr(((sss_user_impl_symmetric_t * ) context),(srcData),(destData),(size),(initialCounter),(lastEncryptedCounter),(szLeft)) +-# define sss_host_symmetric_context_free(context) \ +- sss_user_impl_symmetric_context_free(((sss_user_impl_symmetric_t * ) context)) +- /* Host Call : aead */ +-# define sss_host_aead_context_init(context,session,keyObject,algorithm,mode) \ +- sss_user_impl_aead_context_init(((sss_user_impl_aead_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_aead_one_go(context,srcData,destData,size,nonce,nonceLen,aad,aadLen,tag,tagLen) \ +- sss_user_impl_aead_one_go(((sss_user_impl_aead_t * ) context),(srcData),(destData),(size),(nonce),(nonceLen),(aad),(aadLen),(tag),(tagLen)) +-# define sss_host_aead_init(context,nonce,nonceLen,tagLen,aadLen,payloadLen) \ +- sss_user_impl_aead_init(((sss_user_impl_aead_t * ) context),(nonce),(nonceLen),(tagLen),(aadLen),(payloadLen)) +-# define sss_host_aead_update_aad(context,aadData,aadDataLen) \ +- sss_user_impl_aead_update_aad(((sss_user_impl_aead_t * ) context),(aadData),(aadDataLen)) +-# define sss_host_aead_update(context,srcData,srcLen,destData,destLen) \ +- sss_user_impl_aead_update(((sss_user_impl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen)) +-# define sss_host_aead_finish(context,srcData,srcLen,destData,destLen,tag,tagLen) \ +- sss_user_impl_aead_finish(((sss_user_impl_aead_t * ) context),(srcData),(srcLen),(destData),(destLen),(tag),(tagLen)) +-# define sss_host_aead_context_free(context) \ +- sss_user_impl_aead_context_free(((sss_user_impl_aead_t * ) context)) +- /* Host Call : mac */ +-# define sss_host_mac_context_init(context,session,keyObject,algorithm,mode) \ +- sss_user_impl_mac_context_init(((sss_user_impl_mac_t * ) context),((sss_user_impl_session_t * ) session),((sss_user_impl_object_t * ) keyObject),(algorithm),(mode)) +-# define sss_host_mac_one_go(context,message,messageLen,mac,macLen) \ +- sss_user_impl_mac_one_go(((sss_user_impl_mac_t * ) context),(message),(messageLen),(mac),(macLen)) +-# define sss_host_mac_init(context) \ +- sss_user_impl_mac_init(((sss_user_impl_mac_t * ) context)) +-# define sss_host_mac_update(context,message,messageLen) \ +- sss_user_impl_mac_update(((sss_user_impl_mac_t * ) context),(message),(messageLen)) +-# define sss_host_mac_finish(context,mac,macLen) \ +- sss_user_impl_mac_finish(((sss_user_impl_mac_t * ) context),(mac),(macLen)) +-# define sss_host_mac_context_free(context) \ +- sss_user_impl_mac_context_free(((sss_user_impl_mac_t * ) context)) +- /* Host Call : md */ +-# define sss_host_digest_context_init(context,session,algorithm,mode) \ +- sss_user_impl_digest_context_init(((sss_user_impl_digest_t * ) context),((sss_user_impl_session_t * ) session),(algorithm),(mode)) +-# define sss_host_digest_one_go(context,message,messageLen,digest,digestLen) \ +- sss_user_impl_digest_one_go(((sss_user_impl_digest_t * ) context),(message),(messageLen),(digest),(digestLen)) +-# define sss_host_digest_init(context) \ +- sss_user_impl_digest_init(((sss_user_impl_digest_t * ) context)) +-# define sss_host_digest_update(context,message,messageLen) \ +- sss_user_impl_digest_update(((sss_user_impl_digest_t * ) context),(message),(messageLen)) +-# define sss_host_digest_finish(context,digest,digestLen) \ +- sss_user_impl_digest_finish(((sss_user_impl_digest_t * ) context),(digest),(digestLen)) +-# define sss_host_digest_context_free(context) \ +- sss_user_impl_digest_context_free(((sss_user_impl_digest_t * ) context)) +- /* Host Call : rng */ +-# define sss_host_rng_context_init(context,session) \ +- sss_user_impl_rng_context_init(((sss_user_impl_rng_context_t * ) context),((sss_user_impl_session_t * ) session)) +-# define sss_host_rng_get_random(context,random_data,dataLen) \ +- sss_user_impl_rng_get_random(((sss_user_impl_rng_context_t * ) context),(random_data),(dataLen)) +-# define sss_host_rng_context_free(context) \ +- sss_user_impl_rng_context_free(((sss_user_impl_rng_context_t * ) context)) +- +-/* clang-format on */ +-#endif /* SSS_HAVE_HOSTCRYPTO_USER */ +-#ifdef __cplusplus +-} // extern "C" +-#endif /* __cplusplus */ +- +-#endif /* fsl_sss_user_apis_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_types.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_types.h +deleted file mode 100644 +index 302c34e902..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_user_types.h ++++ /dev/null +@@ -1,144 +0,0 @@ +-/* +- * +- * Copyright 2018,2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef SSS_APIS_INC_fsl_sss_user_types_H_ +-#define SSS_APIS_INC_fsl_sss_user_types_H_ +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#include +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_HOSTCRYPTO_USER +- +-/** +- * @addtogroup sss_sw_host_impl +- * @{ +- */ +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +- +-#define SSS_SUBSYSTEM_TYPE_IS_HOST(subsystem) (subsystem == kType_SSS_mbedTLS) +- +-#define SSS_SESSION_TYPE_IS_HOST(session) (session && SSS_SUBSYSTEM_TYPE_IS_HOST(session->subsystem)) +- +-#define SSS_KEY_STORE_TYPE_IS_HOST(keyStore) (keyStore && SSS_SESSION_TYPE_IS_HOST(keyStore->session)) +- +-#define SSS_OBJECT_TYPE_IS_HOST(pObject) (pObject && SSS_KEY_STORE_TYPE_IS_HOST(pObject->keyStore)) +- +-#define SSS_SYMMETRIC_TYPE_IS_HOST(context) (context && SSS_SESSION_TYPE_IS_HOST(context->session)) +- +-#define SSS_RNG_CONTEXT_TYPE_IS_HOST(context) (context && SSS_SESSION_TYPE_IS_HOST(context->session)) +- +-/* ************************************************************************** */ +-/* Structrues and Typedefs */ +-/* ************************************************************************** */ +- +-struct _sss_user_impl_session; +- +-typedef struct _sss_user_impl_session +-{ +- /*! Indicates which security subsystem is selected to be used. */ +- sss_type_t subsystem; +- +-} sss_user_impl_session_t; +- +-struct _sss_user_impl_object; +- +-typedef struct _sss_user_impl_key_store +-{ +- sss_user_impl_session_t *session; +- +-} sss_user_impl_key_store_t; +- +-typedef struct _sss_user_impl_object +-{ +- /*! key store holding the data and other properties */ +- sss_user_impl_key_store_t *keyStore; +- /*! Object types */ +- uint32_t objectType; +- uint32_t cipherType; +- /*! Application specific key identifier. The keyId is kept in the key store +- * along with the key data and other properties. */ +- uint32_t keyId; +-} sss_user_impl_object_t; +- +-typedef struct _sss_user_impl_derive_key +-{ +- sss_user_impl_session_t *session; +- sss_user_impl_object_t *keyObject; +- sss_algorithm_t algorithm; /*! */ +- sss_mode_t mode; /*! */ +-} sss_user_impl_derive_key_t; +- +-typedef struct _sss_user_impl_asymmetric +-{ +- sss_user_impl_session_t *session; +- sss_user_impl_object_t *keyObject; +- sss_algorithm_t algorithm; /*! */ +- sss_mode_t mode; /*! */ +-} sss_user_impl_asymmetric_t; +- +-typedef struct _sss_user_impl_symmetric +-{ +- /*! Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_user_impl_session_t *session; +- /*** Reference to key and it's properties. */ +- sss_user_impl_object_t *keyObject; +- sss_algorithm_t algorithm; +- sss_mode_t mode; +-} sss_user_impl_symmetric_t; +- +-typedef struct _sss_user_impl_mac +-{ +- sss_user_impl_session_t *session; +- /*! Reference to key and it's properties. */ +- sss_user_impl_object_t *keyObject; +- sss_algorithm_t algorithm; /*! */ +- sss_mode_t mode; /*! */ +-} sss_user_impl_mac_t; +- +-typedef struct _sss_user_impl_digest +-{ +- /*! Virtual connection between application (user context) and specific +- * security subsystem and function thereof. */ +- sss_user_impl_session_t *session; +- sss_algorithm_t algorithm; /*!< */ +- sss_mode_t mode; /*!< */ +- /*! Full digest length per algorithm definition. This field is initialized along with algorithm. */ +- size_t digestFullLen; +- /*! Implementation specific part */ +-} sss_user_impl_digest_t; +- +-typedef struct +-{ +- sss_user_impl_session_t *session; +- +-} sss_user_impl_rng_context_t; +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +- +-/** @} */ +- +-#endif /* SSS_HAVE_HOSTCRYPTO_USER */ +- +-#endif /* SSS_APIS_INC_fsl_sss_user_types_H_ */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_asn1_der.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_asn1_der.h +deleted file mode 100644 +index ae83a08ca9..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_asn1_der.h ++++ /dev/null +@@ -1,175 +0,0 @@ +-/* +-* +-* Copyright 2018-2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#ifndef FSL_SSS_UTIL_ASN1_DER_H +-#define FSL_SSS_UTIL_ASN1_DER_H +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#include +- +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +-#define ASN_TAG_INT 0x02 +-#define ASN_TAG_SEQUENCE 0x30 +-#define ASN_TAG_BITSTRING 0x03 +-#define ASN_TAG_OCTETSTRING 0x04 +-#define ASN_TAG_OBJ_IDF 0x06 +-#define ASN_TAG_CNT_SPECIFIC 0xA1 +-#define ASN_TAG_CNT_SPECIFIC_PRIMITIVE 0x80 +-#define ASN_TAG_CRL_EXTENSIONS 0xA0 +- +-extern const uint8_t grsa1kPubHeader[]; +-extern const uint8_t grsa1152PubHeader[]; +-extern const uint8_t grsa2kPubHeader[]; +-extern const uint8_t grsa3kPubHeader[]; +-extern const uint8_t grsa4kPubHeader[]; +-extern const uint8_t gecc_der_header_nist192[]; +-extern const uint8_t gecc_der_header_nist224[]; +-extern const uint8_t gecc_der_header_nist256[]; +-extern const uint8_t gecc_der_header_nist384[]; +-extern const uint8_t gecc_der_header_nist521[]; +-extern const uint8_t gecc_der_header_160k[]; +-extern const uint8_t gecc_der_header_192k[]; +-extern const uint8_t gecc_der_header_224k[]; +-extern const uint8_t gecc_der_header_256k[]; +-extern const uint8_t gecc_der_header_bp160[]; +-extern const uint8_t gecc_der_header_bp192[]; +-extern const uint8_t gecc_der_header_bp224[]; +-extern const uint8_t gecc_der_header_bp256[]; +-extern const uint8_t gecc_der_header_bp320[]; +-extern const uint8_t gecc_der_header_bp384[]; +-extern const uint8_t gecc_der_header_bp512[]; +-extern const uint8_t gecc_der_header_mont_dh_448[]; +-extern const uint8_t gecc_der_header_mont_dh_25519[]; +-extern const uint8_t gecc_der_header_twisted_ed_25519[]; +- +-extern const size_t der_ecc_nistp192_header_len; +-extern const size_t der_ecc_nistp224_header_len; +-extern const size_t der_ecc_nistp256_header_len; +-extern const size_t der_ecc_nistp384_header_len; +-extern const size_t der_ecc_nistp521_header_len; +-extern const size_t der_ecc_160k_header_len; +-extern const size_t der_ecc_192k_header_len; +-extern const size_t der_ecc_224k_header_len; +-extern const size_t der_ecc_256k_header_len; +-extern const size_t der_ecc_bp160_header_len; +-extern const size_t der_ecc_bp192_header_len; +-extern const size_t der_ecc_bp224_header_len; +-extern const size_t der_ecc_bp256_header_len; +-extern const size_t der_ecc_bp320_header_len; +-extern const size_t der_ecc_bp384_header_len; +-extern const size_t der_ecc_bp512_header_len; +-extern const size_t der_ecc_mont_dh_448_header_len; +-extern const size_t der_ecc_mont_dh_25519_header_len; +-extern const size_t der_ecc_twisted_ed_25519_header_len; +- +-/* ************************************************************************** */ +-/* Functions */ +-/* ************************************************************************** */ +-/**/ +-sss_status_t sss_util_asn1_rsa_parse_private(const uint8_t *key, +- size_t keylen, +- sss_cipher_type_t cipher_type, +- uint8_t **modulus, +- size_t *modlen, +- uint8_t **pubExp, +- size_t *pubExplen, +- uint8_t **priExp, +- size_t *priExplen, +- uint8_t **prime1, +- size_t *prime1len, +- uint8_t **prime2, +- size_t *prime2len, +- uint8_t **exponent1, +- size_t *exponent1len, +- uint8_t **exponent2, +- size_t *exponent2len, +- uint8_t **coefficient, +- size_t *coefficientlen); +- +-sss_status_t sss_util_asn1_rsa_parse_private_allow_invalid_key(const uint8_t *key, +- size_t keylen, +- sss_cipher_type_t cipher_type, +- uint8_t **modulus, +- size_t *modlen, +- uint8_t **pubExp, +- size_t *pubExplen, +- uint8_t **priExp, +- size_t *priExplen, +- uint8_t **prime1, +- size_t *prime1len, +- uint8_t **prime2, +- size_t *prime2len, +- uint8_t **exponent1, +- size_t *exponent1len, +- uint8_t **exponent2, +- size_t *exponent2len, +- uint8_t **coefficient, +- size_t *coefficientlen); +- +-sss_status_t sss_util_asn1_rsa_parse_public_nomalloc( +- const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen); +- +-sss_status_t sss_util_asn1_rsa_parse_public_nomalloc_complete_modulus( +- const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen); +- +-sss_status_t sss_util_asn1_rsa_parse_public( +- const uint8_t *key, size_t keylen, uint8_t **modulus, size_t *modlen, uint8_t **pubExp, size_t *pubExplen); +- +-sss_status_t sss_util_asn1_rsa_get_public( +- uint8_t *key, size_t *keylen, uint8_t *modulus, size_t modlen, uint8_t *pubExp, size_t pubExplen); +- +-#if SSS_HAVE_ECDAA +-sss_status_t sss_util_asn1_ecdaa_get_signature( +- uint8_t *signature, size_t *signatureLen, uint8_t *rawSignature, size_t rawSignatureLen); +-#endif +- +-sss_status_t sss_util_asn1_get_oid_from_header(uint8_t *input, size_t inLen, uint32_t *output, uint8_t *outLen); +- +-sss_status_t sss_util_asn1_get_oid_from_sssObj(sss_object_t *pkeyObject, uint32_t *output, uint8_t *outLen); +- +-sss_status_t sss_util_pkcs8_asn1_get_ec_public_key_index( +- const uint8_t *input, size_t inLen, uint16_t *outkeyIndex, size_t *publicKeyLen); +- +-sss_status_t sss_util_pkcs8_asn1_get_ec_pair_key_index(const uint8_t *input, +- size_t inLen, +- uint16_t *pubkeyIndex, +- size_t *publicKeyLen, +- uint16_t *prvkeyIndex, +- size_t *privateKeyLen); +- +-sss_status_t sss_util_rfc8410_asn1_get_ec_pair_key_index(const uint8_t *input, +- size_t inLen, +- uint16_t *pubkeyIndex, +- size_t *publicKeyLen, +- uint16_t *prvkeyIndex, +- size_t *privateKeyLen); +- +-int asn_1_parse_tlv(uint8_t *pbuf, size_t *taglen, size_t *bufindex); +- +-sss_status_t sss_util_asn1_rsa_parse_public_nomalloc( +- const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen); +- +-sss_status_t sss_util_asn1_rsa_parse_public_nomalloc_complete_modulus( +- const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen); +- +-sss_status_t sss_util_openssl_read_pkcs12( +- const char *pkcs12_cert, const char *password, uint8_t *private_key, uint8_t *cert); +- +-sss_status_t sss_util_openssl_write_pkcs12(const char *pkcs12_cert, +- const char *password, +- const char *ref_key, +- long ref_key_length, +- const char *cert, +- long cert_length); +- +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_rsa_sign_utils.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_rsa_sign_utils.h +deleted file mode 100644 +index c78fd34b09..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc/fsl_sss_util_rsa_sign_utils.h ++++ /dev/null +@@ -1,28 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef FSL_SSS_UTIL_RSA_SIGN_H +-#define FSL_SSS_UTIL_RSA_SIGN_H +- +-uint8_t pkcs1_v15_encode( +- sss_se05x_asymmetric_t *context, const uint8_t *hash, size_t hashlen, uint8_t *out, size_t *outLen); +- +-uint8_t pkcs1_v15_encode_no_hash( +- sss_se05x_asymmetric_t *context, const uint8_t *hash, size_t hashlen, uint8_t *out, size_t *outLen); +- +-uint8_t sss_mgf_mask_func(uint8_t *dst, +- size_t dlen, +- uint8_t *src, +- size_t slen, +- sss_algorithm_t sha_algorithm, +- sss_se05x_asymmetric_t *context); +- +-uint8_t emsa_encode(sss_se05x_asymmetric_t *context, const uint8_t *hash, size_t hashlen, uint8_t *out, size_t *outLen); +- +-uint8_t emsa_decode_and_compare( +- sss_se05x_asymmetric_t *context, uint8_t *sig, size_t siglen, uint8_t *hash, size_t hashlen); +- +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdh_alt_ax.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdh_alt_ax.c +deleted file mode 100644 +index 9bcb1795f9..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdh_alt_ax.c ++++ /dev/null +@@ -1,417 +0,0 @@ +-/* +- * +- * Copyright 2017-2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * @par Description +- * Implementation of key association between NXP Secure Element and mbedtls. +- * +- *****************************************************************************/ +-#if !defined(MBEDTLS_CONFIG_FILE) +-#include "mbedtls/config.h" +-#else +-#include MBEDTLS_CONFIG_FILE +-#endif +- +-#if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_ALT) && SSS_HAVE_ALT_SSS +- +-#include +-#include +-#include +-#include +- +-#include "mbedtls/ecdh.h" +-#include "mbedtls/version.h" +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if defined(FLOW_VERBOSE) && FLOW_VERBOSE == 1 +-#include "sm_printf.h" +-#include "sm_types.h" +-#endif /* FLOW_VERBOSE */ +- +-extern int mbedtls_ecdh_gen_public_o(mbedtls_ecp_group *grp, +- mbedtls_mpi *d, +- mbedtls_ecp_point *Q, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng); +-extern int mbedtls_ecdh_compute_shared_o(mbedtls_ecp_group *grp, +- mbedtls_mpi *z, +- const mbedtls_ecp_point *Q, +- const mbedtls_mpi *d, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng); +-extern int mbedtls_ecdh_get_params_o(mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side); +- +-int get_header_and_bit_Length(int groupid, int *headerLen, int *bitLen) +-{ +- switch (groupid) { +- case MBEDTLS_ECP_DP_SECP192R1: +- if (headerLen != NULL) +- *headerLen = der_ecc_nistp192_header_len; +- if (bitLen != NULL) +- *bitLen = 192; +- break; +- case MBEDTLS_ECP_DP_SECP224R1: +- if (headerLen != NULL) +- *headerLen = der_ecc_nistp224_header_len; +- if (bitLen != NULL) +- *bitLen = 224; +- break; +- case MBEDTLS_ECP_DP_SECP256R1: +- if (headerLen != NULL) +- *headerLen = der_ecc_nistp256_header_len; +- if (bitLen != NULL) +- *bitLen = 256; +- break; +- case MBEDTLS_ECP_DP_SECP384R1: +- if (headerLen != NULL) +- *headerLen = der_ecc_nistp384_header_len; +- if (bitLen != NULL) +- *bitLen = 384; +- break; +- case MBEDTLS_ECP_DP_SECP521R1: +- if (headerLen != NULL) +- *headerLen = der_ecc_nistp521_header_len; +- if (bitLen != NULL) +- *bitLen = 521; +- break; +- case MBEDTLS_ECP_DP_BP256R1: +- if (headerLen != NULL) +- *headerLen = der_ecc_bp256_header_len; +- if (bitLen != NULL) +- *bitLen = 256; +- break; +- case MBEDTLS_ECP_DP_BP384R1: +- if (headerLen != NULL) +- *headerLen = der_ecc_bp384_header_len; +- if (bitLen != NULL) +- *bitLen = 384; +- break; +- case MBEDTLS_ECP_DP_BP512R1: +- if (headerLen != NULL) +- *headerLen = der_ecc_bp512_header_len; +- if (bitLen != NULL) +- *bitLen = 512; +- break; +- case MBEDTLS_ECP_DP_SECP192K1: +- if (headerLen != NULL) +- *headerLen = der_ecc_192k_header_len; +- if (bitLen != NULL) +- *bitLen = 192; +- break; +- case MBEDTLS_ECP_DP_SECP224K1: +- if (headerLen != NULL) +- *headerLen = der_ecc_224k_header_len; +- if (bitLen != NULL) +- *bitLen = 224; +- break; +- case MBEDTLS_ECP_DP_SECP256K1: +- if (headerLen != NULL) +- *headerLen = der_ecc_256k_header_len; +- if (bitLen != NULL) +- *bitLen = 256; +- break; +- case MBEDTLS_ECP_DP_CURVE25519: +- if (headerLen != NULL) +- *headerLen = 0; +- if (bitLen != NULL) +- *bitLen = 256; +- break; +- case MBEDTLS_ECP_DP_CURVE448: +- if (headerLen != NULL) +- *headerLen = 0; +- if (bitLen != NULL) +- *bitLen = 448; +- break; +- default: +- LOG_E("get_header_and_bit_Length: Group id not supported"); +- return 1; +- } +- +- return 0; +-} +- +-/* +- * Generate public key: simple wrapper around mbedtls_ecp_gen_keypair +- */ +-int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, +- mbedtls_mpi *d, +- mbedtls_ecp_point *Q, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- uint8_t publickey[256] = { +- 0, +- }; +- int headerLen = 0; +- size_t publickeylen = sizeof(publickey); +- size_t publickeyBitLen = publickeylen * 8; +- +- if (grp->pSSSObject == NULL) { +- return mbedtls_ecdh_gen_public_o(grp, d, Q, f_rng, p_rng); +- } +- else if (grp->pSSSObject->objectType == kSSS_KeyPart_Pair && +- (grp->pSSSObject->cipherType == kSSS_CipherType_EC_NIST_P || +- grp->pSSSObject->cipherType == kSSS_CipherType_EC_NIST_K || +- grp->pSSSObject->cipherType == kSSS_CipherType_EC_BRAINPOOL || +- grp->pSSSObject->cipherType == kSSS_CipherType_EC_MONTGOMERY || +- grp->pSSSObject->cipherType == kSSS_CipherType_EC_TWISTED_ED)) { +- if (get_header_and_bit_Length(grp->id, &headerLen, NULL)) { +- return 1; +- } +- +- mbedtls_mpi_free(d); +- status = sss_key_store_get_key( +- grp->pSSSObject->keyStore, grp->pSSSObject, publickey, &publickeylen, &publickeyBitLen); +- if (kStatus_SSS_Success == status) { +- publickeylen -= headerLen; +- return mbedtls_ecp_point_read_binary(grp, Q, &publickey[headerLen], publickeylen); +- } +- else { +- return 1; +- } +- } +- return 1; +-} +- +-/* +- * Compute shared secret (SEC1 3.3.1) +- */ +-int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, +- mbedtls_mpi *z, +- const mbedtls_ecp_point *Q, +- const mbedtls_mpi *d, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng) +-{ +- int ret = 1; +- sss_key_part_t keyType = kSSS_KeyPart_NONE; +- sss_cipher_type_t cipherType = kSSS_CipherType_NONE; +- int headerLen = 0; +- uint8_t OtherPublicKey[256]; +- size_t OtherPublickeylen = sizeof(OtherPublicKey); +- int keyBitLen = 0; +- sss_status_t status; +- sss_object_t otherPartyKeyObject; +- sss_object_t derivedKeyObject; +- sss_derive_key_t context; +- uint8_t SharedSecret[128]; +- uint16_t SharedSecretlen = sizeof(SharedSecret); +- uint8_t buf[256]; +- size_t bitLen = 500; +- size_t bufByteLen = sizeof(buf); +- sss_cipher_type_t OtherPublickeycipherType = kSSS_CipherType_NONE; +- +- if (get_header_and_bit_Length(grp->id, &headerLen, &keyBitLen)) { +- return 1; +- } +- +- if (grp->pSSSObject == NULL) { +- ret = mbedtls_ecdh_compute_shared_o(grp, z, Q, d, f_rng, p_rng); +- } +- else if (grp->pSSSObject->cipherType == kSSS_CipherType_EC_NIST_P || +- grp->pSSSObject->cipherType == kSSS_CipherType_EC_NIST_K || +- grp->pSSSObject->cipherType == kSSS_CipherType_EC_BRAINPOOL || +- grp->pSSSObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- if (0 == mbedtls_ecp_point_write_binary(grp, +- Q, +- MBEDTLS_ECP_PF_UNCOMPRESSED, +- &OtherPublickeylen, +- (OtherPublicKey + headerLen), +- sizeof(OtherPublicKey))) { +- switch (grp->id) { +- case MBEDTLS_ECP_DP_SECP192R1: +- memcpy(OtherPublicKey, gecc_der_header_nist192, der_ecc_nistp192_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_nistp192_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_NIST_P; +- break; +- case MBEDTLS_ECP_DP_SECP224R1: +- memcpy(OtherPublicKey, gecc_der_header_nist224, der_ecc_nistp224_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_nistp224_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_NIST_P; +- break; +- case MBEDTLS_ECP_DP_SECP256R1: +- memcpy(OtherPublicKey, gecc_der_header_nist256, der_ecc_nistp256_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_nistp256_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_NIST_P; +- break; +- case MBEDTLS_ECP_DP_SECP384R1: +- memcpy(OtherPublicKey, gecc_der_header_nist384, der_ecc_nistp384_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_nistp384_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_NIST_P; +- break; +- case MBEDTLS_ECP_DP_SECP521R1: +- memcpy(OtherPublicKey, gecc_der_header_nist521, der_ecc_nistp521_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_nistp521_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_NIST_P; +- break; +- case MBEDTLS_ECP_DP_BP256R1: +- memcpy(OtherPublicKey, gecc_der_header_bp256, der_ecc_bp256_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_bp256_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_BRAINPOOL; +- break; +- case MBEDTLS_ECP_DP_BP384R1: +- memcpy(OtherPublicKey, gecc_der_header_bp384, der_ecc_bp384_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_bp384_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_BRAINPOOL; +- break; +- case MBEDTLS_ECP_DP_BP512R1: +- memcpy(OtherPublicKey, gecc_der_header_bp512, der_ecc_bp512_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_bp512_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_BRAINPOOL; +- break; +- case MBEDTLS_ECP_DP_SECP192K1: +- memcpy(OtherPublicKey, gecc_der_header_192k, der_ecc_192k_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_192k_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_NIST_K; +- break; +- case MBEDTLS_ECP_DP_SECP224K1: +- memcpy(OtherPublicKey, gecc_der_header_224k, der_ecc_224k_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_224k_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_NIST_K; +- break; +- case MBEDTLS_ECP_DP_SECP256K1: +- memcpy(OtherPublicKey, gecc_der_header_256k, der_ecc_256k_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_256k_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_NIST_K; +- break; +- case MBEDTLS_ECP_DP_CURVE25519: +- memcpy(OtherPublicKey, gecc_der_header_mont_dh_25519, der_ecc_mont_dh_25519_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_mont_dh_25519_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_MONTGOMERY; +- break; +- case MBEDTLS_ECP_DP_CURVE448: +- memcpy(OtherPublicKey, gecc_der_header_mont_dh_448, der_ecc_mont_dh_448_header_len); +- OtherPublickeylen = OtherPublickeylen + der_ecc_mont_dh_448_header_len; +- OtherPublickeycipherType = kSSS_CipherType_EC_MONTGOMERY; +- break; +- default: +- return 1; +- } +- +- do { +- //For The derived shared secret init and allocate +- status = sss_key_object_init(&derivedKeyObject, grp->hostKs); +- if (status != kStatus_SSS_Success) { +- printf( +- " sss_key_object_init for derivedKeyObject " +- "Failed...\n"); +- ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- break; +- } +- +- keyType = kSSS_KeyPart_Default; +- cipherType = kSSS_CipherType_AES; +- +- status = sss_key_object_allocate_handle( +- &derivedKeyObject, (__LINE__), keyType, cipherType, SharedSecretlen, kKeyObject_Mode_Transient); +- if (status != kStatus_SSS_Success) { +- LOG_E( +- " sss_key_object_allocate_handle for derivedKeyObject " +- "Failed"); +- ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; +- break; +- } +- +- // SSCP Transient Object for the othe party public key init and allocate +- status = sss_key_object_init(&otherPartyKeyObject, grp->hostKs); +- if (status != kStatus_SSS_Success) { +- LOG_E( +- " sss_key_object_init for otherPartyKeyObject " +- "Failed"); +- ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- break; +- } +- +- status = sss_key_object_allocate_handle(&otherPartyKeyObject, +- (__LINE__), +- kSSS_KeyPart_Public, +- OtherPublickeycipherType, +- (sizeof(OtherPublicKey)), +- kKeyObject_Mode_Transient); +- if (status != kStatus_SSS_Success) { +- LOG_E( +- " sss_key_object_allocate_handle for " +- "otherPartyKeyObject Failed"); +- ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; +- break; +- } +- +- //setting the other party public key +- status = sss_key_store_set_key( +- grp->hostKs, &otherPartyKeyObject, OtherPublicKey, OtherPublickeylen, keyBitLen, NULL, 0); +- if (status != kStatus_SSS_Success) { +- LOG_E(" sss_key_store_set_key for keyPair Failed"); +- ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- break; +- } +- +- status = sss_derive_key_context_init(&context, +- grp->pSSSObject->keyStore->session, +- grp->pSSSObject, +- kAlgorithm_SSS_ECDH, +- kMode_SSS_ComputeSharedSecret); +- if (status != kStatus_SSS_Success) { +- printf(" sss_derive_key_context_init Failed...\n"); +- ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- break; +- } +- +- status = sss_derive_key_dh(&context, &otherPartyKeyObject, &derivedKeyObject); +- if (status != kStatus_SSS_Success) { +- printf(" sss_derive_key_dh Failed...\n"); +- ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- break; +- } +- +- status = sss_key_store_get_key(grp->hostKs, &derivedKeyObject, buf, &bufByteLen, &bitLen); +- if (status != kStatus_SSS_Success) { +- printf(" sss_key_store_get_key Failed...\n"); +- ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- break; +- } +- ret = mbedtls_mpi_read_binary(z, buf, bufByteLen); +- } while (0); +- sss_key_object_free(&otherPartyKeyObject); +- sss_key_object_free(&derivedKeyObject); +- } +- } +- else { +- ret = 1; //Failed +- } +- return (ret); +-} +- +-/* +- * Get parameters from a keypair +- */ +-int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side) +-{ +- int ret; +- sss_object_t *backup_type_SSS_Object = ctx->grp.pSSSObject; +- sss_key_store_t *backup_type_hostKs = ctx->grp.hostKs; +- ret = mbedtls_ecdh_get_params_o(ctx, key, side); +- ctx->grp.pSSSObject = backup_type_SSS_Object; +- ctx->grp.hostKs = backup_type_hostKs; +- return (ret); +-} +- +-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +-typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; +- +-int ecdh_get_params_internal(mbedtls_ecdh_context_mbed *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side) +-{ +- return mbedtls_ecdh_get_params(ctx, key, side); +-} +- +-#endif +- +-#endif /* defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_ALT) */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.c +deleted file mode 100644 +index e0653b97ba..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.c ++++ /dev/null +@@ -1,632 +0,0 @@ +-/* +- * Elliptic curve DSA +- * +- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved +- * SPDX-License-Identifier: Apache-2.0 +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); you may +- * not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- * +- * This file is part of mbed TLS (https://tls.mbed.org) +- */ +- +-/* +- * References: +- * +- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg +- */ +- +-#if !defined(MBEDTLS_CONFIG_FILE) +-#include "mbedtls/config.h" +-#else +-#include MBEDTLS_CONFIG_FILE +-#endif +- +-#if defined(MBEDTLS_ECDSA_C) +- +-#include +-#include "fsl_sss_util_asn1_der.h" +- +-#include "mbedtls/ecdsa.h" +-#include "mbedtls/asn1write.h" +- +-#include +- +-#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +-#include "mbedtls/hmac_drbg.h" +-#endif +- +-#if defined(MBEDTLS_PLATFORM_C) +-#include "mbedtls/platform.h" +-#else +-#include +-#define mbedtls_calloc calloc +-#define mbedtls_free free +-#endif +- +-#include "mbedtls/platform_util.h" +-#include "mbedtls/error.h" +- +-/* Parameter validation macros based on platform_util.h */ +-#define ECDSA_VALIDATE_RET(cond) MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA) +-#define ECDSA_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond) +- +-#if defined(MBEDTLS_ECDSA_VERIFY_ALT) +- +-/* Used for SSS object init */ +-static sss_key_store_t *ecdsa_verify_ssskeystore = NULL; +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- +-/* +-* Sub-context for ecdsa_verify() +-*/ +-struct mbedtls_ecdsa_restart_ver +-{ +- mbedtls_mpi u1, u2; /* intermediate values */ +- enum +- { /* what to do next? */ +- ecdsa_ver_init = 0, /* getting started */ +- ecdsa_ver_muladd, /* muladd step */ +- } state; +-}; +- +-/* +-* Init verify restart sub-context +-*/ +-static void ecdsa_restart_ver_init(mbedtls_ecdsa_restart_ver_ctx *ctx) +-{ +- mbedtls_mpi_init(&ctx->u1); +- mbedtls_mpi_init(&ctx->u2); +- ctx->state = ecdsa_ver_init; +-} +- +-/* +-* Free the components of a verify restart sub-context +-*/ +-static void ecdsa_restart_ver_free(mbedtls_ecdsa_restart_ver_ctx *ctx) +-{ +- if (ctx == NULL) +- return; +- +- mbedtls_mpi_free(&ctx->u1); +- mbedtls_mpi_free(&ctx->u2); +- +- ecdsa_restart_ver_init(ctx); +-} +- +-/* +-* Sub-context for ecdsa_sign() +-*/ +-struct mbedtls_ecdsa_restart_sig +-{ +- int sign_tries; +- int key_tries; +- mbedtls_mpi k; /* per-signature random */ +- mbedtls_mpi r; /* r value */ +- enum +- { /* what to do next? */ +- ecdsa_sig_init = 0, /* getting started */ +- ecdsa_sig_mul, /* doing ecp_mul() */ +- ecdsa_sig_modn, /* mod N computations */ +- } state; +-}; +- +-/* +-* Init verify sign sub-context +-*/ +-static void ecdsa_restart_sig_init(mbedtls_ecdsa_restart_sig_ctx *ctx) +-{ +- ctx->sign_tries = 0; +- ctx->key_tries = 0; +- mbedtls_mpi_init(&ctx->k); +- mbedtls_mpi_init(&ctx->r); +- ctx->state = ecdsa_sig_init; +-} +- +-/* +-* Free the components of a sign restart sub-context +-*/ +-static void ecdsa_restart_sig_free(mbedtls_ecdsa_restart_sig_ctx *ctx) +-{ +- if (ctx == NULL) +- return; +- +- mbedtls_mpi_free(&ctx->k); +- mbedtls_mpi_free(&ctx->r); +-} +- +-#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +-/* +-* Sub-context for ecdsa_sign_det() +-*/ +-struct mbedtls_ecdsa_restart_det +-{ +- mbedtls_hmac_drbg_context rng_ctx; /* DRBG state */ +- enum +- { /* what to do next? */ +- ecdsa_det_init = 0, /* getting started */ +- ecdsa_det_sign, /* make signature */ +- } state; +-}; +- +-/* +-* Init verify sign_det sub-context +-*/ +-static void ecdsa_restart_det_init(mbedtls_ecdsa_restart_det_ctx *ctx) +-{ +- mbedtls_hmac_drbg_init(&ctx->rng_ctx); +- ctx->state = ecdsa_det_init; +-} +- +-/* +-* Free the components of a sign_det restart sub-context +-*/ +-static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx) +-{ +- if (ctx == NULL) +- return; +- +- mbedtls_hmac_drbg_free(&ctx->rng_ctx); +- +- ecdsa_restart_det_init(ctx); +-} +-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ +- +-#define ECDSA_RS_ECP &rs_ctx->ecp +- +-/* Utility macro for checking and updating ops budget */ +-#define ECDSA_BUDGET(ops) MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, &rs_ctx->ecp, ops)); +- +-/* Call this when entering a function that needs its own sub-context */ +-#define ECDSA_RS_ENTER(SUB) \ +- do { \ +- /* reset ops count for this call if top-level */ \ +- if (rs_ctx != NULL && rs_ctx->ecp.depth++ == 0) \ +- rs_ctx->ecp.ops_done = 0; \ +- \ +- /* set up our own sub-context if needed */ \ +- if (mbedtls_ecp_restart_is_enabled() && rs_ctx != NULL && rs_ctx->SUB == NULL) { \ +- rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB)); \ +- if (rs_ctx->SUB == NULL) \ +- return (MBEDTLS_ERR_ECP_ALLOC_FAILED); \ +- \ +- ecdsa_restart_##SUB##_init(rs_ctx->SUB); \ +- } \ +- } while (0) +- +-/* Call this when leaving a function that needs its own sub-context */ +-#define ECDSA_RS_LEAVE(SUB) \ +- do { \ +- /* clear our sub-context when not in progress (done or error) */ \ +- if (rs_ctx != NULL && rs_ctx->SUB != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { \ +- ecdsa_restart_##SUB##_free(rs_ctx->SUB); \ +- mbedtls_free(rs_ctx->SUB); \ +- rs_ctx->SUB = NULL; \ +- } \ +- \ +- if (rs_ctx != NULL) \ +- rs_ctx->ecp.depth--; \ +- } while (0) +- +-#else /* MBEDTLS_ECP_RESTARTABLE */ +- +-#define ECDSA_RS_ECP NULL +- +-#define ECDSA_BUDGET(ops) /* no-op; for compatibility */ +- +-#define ECDSA_RS_ENTER(SUB) (void)rs_ctx +-#define ECDSA_RS_LEAVE(SUB) (void)rs_ctx +- +-#endif /* MBEDTLS_ECP_RESTARTABLE */ +- +-/* +-* Derive a suitable integer for group grp from a buffer of length len +-* SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3 +-*/ +-static int derive_mpi(const mbedtls_ecp_group *grp, mbedtls_mpi *x, const unsigned char *buf, size_t blen) +-{ +- int ret; +- size_t n_size = (grp->nbits + 7) / 8; +- size_t use_size = blen > n_size ? n_size : blen; +- +- MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(x, buf, use_size)); +- if (use_size * 8 > grp->nbits) +- MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(x, use_size * 8 - grp->nbits)); +- +- /* While at it, reduce modulo N */ +- if (mbedtls_mpi_cmp_mpi(x, &grp->N) >= 0) +- MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(x, x, &grp->N)); +- +-cleanup: +- return (ret); +-} +- +-/* +-* For software rollback +-*/ +-/* +-* Verify ECDSA signature of hashed message (SEC1 4.1.4) +-* Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message) +-*/ +-static int ecdsa_verify_restartable_o(mbedtls_ecp_group *grp, +- const unsigned char *buf, +- size_t blen, +- const mbedtls_ecp_point *Q, +- const mbedtls_mpi *r, +- const mbedtls_mpi *s, +- mbedtls_ecdsa_restart_ctx *rs_ctx) +-{ +- int ret; +- mbedtls_mpi e, s_inv, u1, u2; +- mbedtls_ecp_point R; +- mbedtls_mpi *pu1 = &u1, *pu2 = &u2; +- +- mbedtls_ecp_point_init(&R); +- mbedtls_mpi_init(&e); +- mbedtls_mpi_init(&s_inv); +- mbedtls_mpi_init(&u1); +- mbedtls_mpi_init(&u2); +- +- /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ +- if (grp->N.p == NULL) +- return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); +- +- ECDSA_RS_ENTER(ver); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if (rs_ctx != NULL && rs_ctx->ver != NULL) { +- /* redirect to our context */ +- pu1 = &rs_ctx->ver->u1; +- pu2 = &rs_ctx->ver->u2; +- +- /* jump to current step */ +- if (rs_ctx->ver->state == ecdsa_ver_muladd) +- goto muladd; +- } +-#endif /* MBEDTLS_ECP_RESTARTABLE */ +- +- /* +- * Step 1: make sure r and s are in range 1..n-1 +- */ +- if (mbedtls_mpi_cmp_int(r, 1) < 0 || mbedtls_mpi_cmp_mpi(r, &grp->N) >= 0 || mbedtls_mpi_cmp_int(s, 1) < 0 || +- mbedtls_mpi_cmp_mpi(s, &grp->N) >= 0) { +- ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; +- goto cleanup; +- } +- +- /* +- * Step 3: derive MPI from hashed message +- */ +- MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen)); +- +- /* +- * Step 4: u1 = e / s mod n, u2 = r / s mod n +- */ +- ECDSA_BUDGET(MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2); +- +- MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&s_inv, s, &grp->N)); +- +- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu1, &e, &s_inv)); +- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu1, pu1, &grp->N)); +- +- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu2, r, &s_inv)); +- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu2, pu2, &grp->N)); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if (rs_ctx != NULL && rs_ctx->ver != NULL) +- rs_ctx->ver->state = ecdsa_ver_muladd; +- +-muladd: +-#endif +- /* +- * Step 5: R = u1 G + u2 Q +- */ +- MBEDTLS_MPI_CHK(mbedtls_ecp_muladd_restartable(grp, &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP)); +- +- if (mbedtls_ecp_is_zero(&R)) { +- ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; +- goto cleanup; +- } +- +- /* +- * Step 6: convert xR to an integer (no-op) +- * Step 7: reduce xR mod n (gives v) +- */ +- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&R.X, &R.X, &grp->N)); +- +- /* +- * Step 8: check if v (that is, R.X) is equal to r +- */ +- if (mbedtls_mpi_cmp_mpi(&R.X, r) != 0) { +- ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; +- goto cleanup; +- } +- +-cleanup: +- mbedtls_ecp_point_free(&R); +- mbedtls_mpi_free(&e); +- mbedtls_mpi_free(&s_inv); +- mbedtls_mpi_free(&u1); +- mbedtls_mpi_free(&u2); +- +- ECDSA_RS_LEAVE(ver); +- +- return (ret); +-} +- +-/* +-* Verify ECDSA signature of hashed message +-*/ +-int mbedtls_ecdsa_verify_o(mbedtls_ecp_group *grp, +- const unsigned char *buf, +- size_t blen, +- const mbedtls_ecp_point *Q, +- const mbedtls_mpi *r, +- const mbedtls_mpi *s) +-{ +- ECDSA_VALIDATE_RET(grp != NULL); +- ECDSA_VALIDATE_RET(Q != NULL); +- ECDSA_VALIDATE_RET(r != NULL); +- ECDSA_VALIDATE_RET(s != NULL); +- ECDSA_VALIDATE_RET(buf != NULL || blen == 0); +- +- return (ecdsa_verify_restartable_o(grp, buf, blen, Q, r, s, NULL)); +-} +- +-void sss_mbedtls_set_sss_keystore(sss_key_store_t *ssskeystore) +-{ +- ecdsa_verify_ssskeystore = ssskeystore; +-} +- +-/* +- * Verify ECDSA signature of hashed message +- */ +-int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, +- const unsigned char *buf, +- size_t blen, +- const mbedtls_ecp_point *Q, +- const mbedtls_mpi *r, +- const mbedtls_mpi *s) +-{ +- int ret = 1; +- ECDSA_VALIDATE_RET(grp != NULL); +- ECDSA_VALIDATE_RET(Q != NULL); +- ECDSA_VALIDATE_RET(r != NULL); +- ECDSA_VALIDATE_RET(s != NULL); +- ECDSA_VALIDATE_RET(buf != NULL || blen == 0); +- +- if (ecdsa_verify_ssskeystore != NULL) { +- sss_cipher_type_t cipherType = kSSS_CipherType_NONE; +- sss_object_t sssKeyObject = { +- 0, +- }; +- sss_status_t status; +- size_t keyBitLen = 0; +- uint8_t publickey[170] = { +- 0, +- }; +- size_t publickeylen = 0; +- size_t rawPublickeylen = 0; +- unsigned char signature[150] = { +- 0, +- }; +- size_t sigLen = 0; +- unsigned char rs_buf[80] = { +- 0, +- }; +- size_t rs_buf_len = 0; +- sss_algorithm_t algorithm; +- sss_asymmetric_t asymVerifyCtx; +- +- /* +- * Create the signature +- * Signature = { +- * 0x30, Remaining Length, Tag, R_length, R, Tag, S_length, S } +- */ +- +- /* Set totoal length */ +- signature[sigLen++] = 0x30; +- signature[sigLen++] = (unsigned char)(4 + mbedtls_mpi_size(r) + mbedtls_mpi_size(s)); +- /* 4 ==> Tag + Lengthn + Tag + Length */ +- +- /* Set R */ +- rs_buf_len = mbedtls_mpi_size(r); +- ret = mbedtls_mpi_write_binary(r, rs_buf, rs_buf_len); +- if (ret != 0) { +- return ret; +- } +- +- signature[sigLen++] = 0x02; +- if ((rs_buf[0] & 0x80)) { +- signature[sigLen++] = (unsigned char)(rs_buf_len + 1); +- signature[sigLen++] = 0x00; +- /* Increment total length */ +- signature[1] += 1; +- } +- else { +- signature[sigLen++] = (unsigned char)rs_buf_len; +- } +- +- if ((sizeof(signature) - sigLen) < rs_buf_len) { +- return -1; +- } +- memcpy(&signature[sigLen], rs_buf, rs_buf_len); +- sigLen += rs_buf_len; +- +- /* Set S */ +- rs_buf_len = mbedtls_mpi_size(s); +- ret = mbedtls_mpi_write_binary(s, rs_buf, rs_buf_len); +- if (ret != 0) { +- return ret; +- } +- +- signature[sigLen++] = 0x02; +- if ((rs_buf[0] & 0x80)) { +- signature[sigLen++] = (unsigned char)(rs_buf_len + 1); +- signature[sigLen++] = 0x00; +- /* Increment total length */ +- signature[1] += 1; +- } +- else { +- signature[sigLen++] = (unsigned char)rs_buf_len; +- } +- +- if ((sizeof(signature) - sigLen) < rs_buf_len) { +- return -1; +- } +- memcpy(&signature[sigLen], rs_buf, rs_buf_len); +- sigLen += rs_buf_len; +- +- switch (grp->id) { +- case MBEDTLS_ECP_DP_SECP192R1: +- memcpy(publickey, gecc_der_header_nist192, der_ecc_nistp192_header_len); +- publickeylen = der_ecc_nistp192_header_len; +- cipherType = kSSS_CipherType_EC_NIST_P; +- keyBitLen = 192; +- break; +- case MBEDTLS_ECP_DP_SECP224R1: +- memcpy(publickey, gecc_der_header_nist224, der_ecc_nistp224_header_len); +- publickeylen = der_ecc_nistp224_header_len; +- cipherType = kSSS_CipherType_EC_NIST_P; +- keyBitLen = 224; +- break; +- case MBEDTLS_ECP_DP_SECP256R1: +- memcpy(publickey, gecc_der_header_nist256, der_ecc_nistp256_header_len); +- publickeylen = der_ecc_nistp256_header_len; +- cipherType = kSSS_CipherType_EC_NIST_P; +- keyBitLen = 256; +- break; +- case MBEDTLS_ECP_DP_SECP384R1: +- memcpy(publickey, gecc_der_header_nist384, der_ecc_nistp384_header_len); +- publickeylen = der_ecc_nistp384_header_len; +- cipherType = kSSS_CipherType_EC_NIST_P; +- keyBitLen = 384; +- break; +- case MBEDTLS_ECP_DP_SECP521R1: +- memcpy(publickey, gecc_der_header_nist521, der_ecc_nistp521_header_len); +- publickeylen = der_ecc_nistp521_header_len; +- cipherType = kSSS_CipherType_EC_NIST_P; +- keyBitLen = 521; +- break; +- case MBEDTLS_ECP_DP_BP256R1: +- memcpy(publickey, gecc_der_header_bp256, der_ecc_bp256_header_len); +- publickeylen = der_ecc_bp256_header_len; +- cipherType = kSSS_CipherType_EC_BRAINPOOL; +- keyBitLen = 256; +- break; +- case MBEDTLS_ECP_DP_BP384R1: +- memcpy(publickey, gecc_der_header_bp384, der_ecc_bp384_header_len); +- publickeylen = der_ecc_bp384_header_len; +- cipherType = kSSS_CipherType_EC_BRAINPOOL; +- keyBitLen = 384; +- break; +- case MBEDTLS_ECP_DP_BP512R1: +- memcpy(publickey, gecc_der_header_bp512, der_ecc_bp512_header_len); +- publickeylen = der_ecc_bp512_header_len; +- cipherType = kSSS_CipherType_EC_BRAINPOOL; +- keyBitLen = 512; +- break; +- case MBEDTLS_ECP_DP_SECP192K1: +- memcpy(publickey, gecc_der_header_192k, der_ecc_192k_header_len); +- publickeylen = der_ecc_192k_header_len; +- cipherType = kSSS_CipherType_EC_NIST_K; +- keyBitLen = 192; +- break; +- case MBEDTLS_ECP_DP_SECP224K1: +- memcpy(publickey, gecc_der_header_224k, der_ecc_224k_header_len); +- publickeylen = der_ecc_224k_header_len; +- cipherType = kSSS_CipherType_EC_NIST_K; +- keyBitLen = 224; +- break; +- case MBEDTLS_ECP_DP_SECP256K1: +- memcpy(publickey, gecc_der_header_256k, der_ecc_256k_header_len); +- publickeylen = der_ecc_256k_header_len; +- cipherType = kSSS_CipherType_EC_NIST_K; +- keyBitLen = 256; +- break; +- default: +- /* Rollback to verification on host if SE is not initialised */ +- return mbedtls_ecdsa_verify_o(grp, buf, blen, Q, r, s); +- } +- +- ret = mbedtls_ecp_point_write_binary( +- grp, Q, 0, &rawPublickeylen, &publickey[publickeylen], (sizeof(publickey) - publickeylen)); +- if (ret != 0) { +- return ret; +- } +- publickeylen += rawPublickeylen; +- +- status = sss_key_object_init(&sssKeyObject, ecdsa_verify_ssskeystore); +- if (status != kStatus_SSS_Success) { +- return 1; +- } +- +- status = sss_key_object_allocate_handle( +- &sssKeyObject, (__LINE__), kSSS_KeyPart_Public, cipherType, publickeylen, kKeyObject_Mode_Transient); +- if (status != kStatus_SSS_Success) { +- return 1; +- } +- +- status = +- sss_key_store_set_key(ecdsa_verify_ssskeystore, &sssKeyObject, publickey, publickeylen, keyBitLen, NULL, 0); +- if (status != kStatus_SSS_Success) { +- return 1; +- } +- +- switch (blen) { +- case 20: +- algorithm = kAlgorithm_SSS_SHA1; +- break; +- case 28: +- algorithm = kAlgorithm_SSS_SHA224; +- break; +- case 32: +- algorithm = kAlgorithm_SSS_SHA256; +- break; +- case 48: +- algorithm = kAlgorithm_SSS_SHA384; +- break; +- case 64: +- algorithm = kAlgorithm_SSS_SHA512; +- break; +- default: +- return 1; +- } +- +- status = sss_asymmetric_context_init( +- &asymVerifyCtx, ecdsa_verify_ssskeystore->session, &sssKeyObject, algorithm, kMode_SSS_Verify); +- if (status != kStatus_SSS_Success) { +- return 1; +- } +- +- LOG_D("Verify using sss_asymmetric_verify_digest \n"); +- status = sss_asymmetric_verify_digest(&asymVerifyCtx, (uint8_t *)buf, blen, (uint8_t *)signature, sigLen); +- if (status != kStatus_SSS_Success) { +- return 1; +- } +- +- status = sss_key_store_erase_key(ecdsa_verify_ssskeystore, &sssKeyObject); +- if (status != kStatus_SSS_Success) { +- return 1; +- } +- +- return 0; +- } +- else { +- /* Rollback to verification on host if SE is not initialised */ +- return mbedtls_ecdsa_verify_o(grp, buf, blen, Q, r, s); +- } +-} +-#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */ +- +-#endif /* MBEDTLS_ECDSA_C */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.h +deleted file mode 100644 +index 69a324a2d0..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecdsa_verify_alt.h ++++ /dev/null +@@ -1,12 +0,0 @@ +-/* +- * Copyright 2018-2020 NXP +- * +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#include "fsl_sss_api.h" +- +-/* +- * Set sss keystore for ecdsa verify +- */ +-void sss_mbedtls_set_sss_keystore(sss_key_store_t *ssskeystore); +\ No newline at end of file +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecp_alt.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecp_alt.h +deleted file mode 100644 +index 88dcf2349d..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/ecp_alt.h ++++ /dev/null +@@ -1,191 +0,0 @@ +-/** +- * \file ecp_alt.h +- * +- * \brief This file provides an API for Elliptic Curves over GF(P) (ECP). +- * +- * The use of ECP in cryptography and TLS is defined in +- * Standards for Efficient Cryptography Group (SECG): SEC1 +- * Elliptic Curve Cryptography and +- * RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites +- * for Transport Layer Security (TLS). +- * +- * RFC-2409: The Internet Key Exchange (IKE) defines ECP +- * group types. +- * +- */ +- +-/* +- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved +- * SPDX-License-Identifier: Apache-2.0 +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); you may +- * not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- * +- * This file is part of Mbed TLS (https://tls.mbed.org) +- */ +- +-#ifndef SSS_ECP_ALT_H_INCLUDED +-#define SSS_ECP_ALT_H_INCLUDED +- +-/* clang-format off */ +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#if defined(MBEDTLS_ECP_ALT) +- +-#if SSS_HAVE_ALT_SSS +-#include +-#endif +-#if SSS_HAVE_ALT_A71CH +-#include "HLSETypes.h" +-#endif +- +-/* +- * default mbed TLS elliptic curve arithmetic implementation +- * +- * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an +- * alternative implementation for the whole module and it will replace this +- * one.) +- */ +- +-/** +- * \brief The ECP group structure. +- * +- * We consider two types of curve equations: +- *
  • Short Weierstrass: y^2 = x^3 + A x + B mod P +- * (SEC1 + RFC-4492)
    • +- *
  • Montgomery: y^2 = x^3 + A x^2 + x mod P (Curve25519, +- * Curve448)
+- * In both cases, the generator (\p G) for a prime-order subgroup is fixed. +- * +- * For Short Weierstrass, this subgroup is the whole curve, and its +- * cardinality is denoted by \p N. Our code requires that \p N is an +- * odd prime as mbedtls_ecp_mul() requires an odd number, and +- * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes. +- * +- * For Montgomery curves, we do not store \p A, but (A + 2) / 4, +- * which is the quantity used in the formulas. Additionally, \p nbits is +- * not the size of \p N but the required size for private keys. +- * +- * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm. +- * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the +- * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer +- * which is congruent mod \p P to the given MPI, and is close enough to \p pbits +- * in size, so that it may be efficiently brought in the 0..P-1 range by a few +- * additions or subtractions. Therefore, it is only an approximative modular +- * reduction. It must return 0 on success and non-zero on failure. +- * +- */ +-typedef struct +-{ +- mbedtls_ecp_group_id id; /*!< An internal group identifier. */ +- mbedtls_mpi P; /*!< The prime modulus of the base field. */ +- mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For +- Montgomery curves: (A + 2) / 4. */ +- mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. +- For Montgomery curves: unused. */ +- mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ +- mbedtls_mpi N; /*!< The order of \p G. */ +- size_t pbits; /*!< The number of bits in \p P.*/ +- size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. +- For Montgomery curves: the number of bits in the +- private keys. */ +- unsigned int h; /*!< \internal 1 if the constants are static. */ +- int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction +- mod \p P (see above).*/ +- int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ +- int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ +- void *t_data; /*!< Unused. */ +- mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */ +- size_t T_size; /*!< The number of pre-computed points. */ +- +-#if SSS_HAVE_ALT_A71CH +- /** Reference to object mapped between HLSE Layer of A71CH Host library */ +- HLSE_OBJECT_HANDLE hlse_handle; +-#endif +-#if SSS_HAVE_ALT_SSS +- /** Reference to object mapped between SSS Layer */ +- sss_object_t* pSSSObject; +- sss_key_store_t* hostKs; +-#endif +-} +-mbedtls_ecp_group; +- +-/** +- * \name SECTION: Module settings +- * +- * The configuration options you can set for this module are in this section. +- * Either change them in config.h, or define them using the compiler command line. +- * \{ +- */ +- +-#if !defined(MBEDTLS_ECP_MAX_BITS) +-/** +- * The maximum size of the groups, that is, of \c N and \c P. +- */ +-#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ +-#endif +- +-#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) +-#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) +- +-#if !defined(MBEDTLS_ECP_WINDOW_SIZE) +-/* +- * Maximum "window" size used for point multiplication. +- * Default: 6. +- * Minimum value: 2. Maximum value: 7. +- * +- * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) +- * points used for point multiplication. This value is directly tied to EC +- * peak memory usage, so decreasing it by one should roughly cut memory usage +- * by two (if large curves are in use). +- * +- * Reduction in size may reduce speed, but larger curves are impacted first. +- * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): +- * w-size: 6 5 4 3 2 +- * 521 145 141 135 120 97 +- * 384 214 209 198 177 146 +- * 256 320 320 303 262 226 +- * 224 475 475 453 398 342 +- * 192 640 640 633 587 476 +- */ +-#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */ +-#endif /* MBEDTLS_ECP_WINDOW_SIZE */ +- +-#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) +-/* +- * Trade memory for speed on fixed-point multiplication. +- * +- * This speeds up repeated multiplication of the generator (that is, the +- * multiplication in ECDSA signatures, and half of the multiplications in +- * ECDSA verification and ECDHE) by a factor roughly 3 to 4. +- * +- * The cost is increasing EC peak memory usage by a factor roughly 2. +- * +- * Change this value to 0 to reduce peak memory usage. +- */ +-#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ +-#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ +- +-/* \} name SECTION: Module settings */ +- +-#endif /* MBEDTLS_ECP_ALT */ +- +-#ifdef __cplusplus +-} +-#endif +- +-/* clang-format on */ +- +-#endif /* SSS_ECP_ALT_H_INCLUDED */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/port/ksdk/ecp_alt.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/port/ksdk/ecp_alt.c +deleted file mode 100644 +index f8351b63fa..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/port/ksdk/ecp_alt.c ++++ /dev/null +@@ -1,3115 +0,0 @@ +-/* +- * Elliptic curves over GF(p): generic functions +- * +- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved +- * SPDX-License-Identifier: Apache-2.0 +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); you may +- * not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- * +- * This file is part of mbed TLS (https://tls.mbed.org) +- */ +- +-/* +- * References: +- * +- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg +- * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone +- * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf +- * RFC 4492 for the related TLS structures and constants +- * RFC 7748 for the Curve448 and Curve25519 curve definitions +- * +- * [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf +- * +- * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis +- * for elliptic curve cryptosystems. In : Cryptographic Hardware and +- * Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302. +- * +- * +- * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to +- * render ECC resistant against Side Channel Attacks. IACR Cryptology +- * ePrint Archive, 2004, vol. 2004, p. 342. +- * +- */ +- +-#if !defined(MBEDTLS_CONFIG_FILE) +-#include "mbedtls/config.h" +-#else +-#include MBEDTLS_CONFIG_FILE +-#endif +- +-/** +- * \brief Function level alternative implementation. +- * +- * The MBEDTLS_ECP_INTERNAL_ALT macro enables alternative implementations to +- * replace certain functions in this module. The alternative implementations are +- * typically hardware accelerators and need to activate the hardware before the +- * computation starts and deactivate it after it finishes. The +- * mbedtls_internal_ecp_init() and mbedtls_internal_ecp_free() functions serve +- * this purpose. +- * +- * To preserve the correct functionality the following conditions must hold: +- * +- * - The alternative implementation must be activated by +- * mbedtls_internal_ecp_init() before any of the replaceable functions is +- * called. +- * - mbedtls_internal_ecp_free() must \b only be called when the alternative +- * implementation is activated. +- * - mbedtls_internal_ecp_init() must \b not be called when the alternative +- * implementation is activated. +- * - Public functions must not return while the alternative implementation is +- * activated. +- * - Replaceable functions are guarded by \c MBEDTLS_ECP_XXX_ALT macros and +- * before calling them an \code if( mbedtls_internal_ecp_grp_capable( grp ) ) +- * \endcode ensures that the alternative implementation supports the current +- * group. +- */ +-#if defined(MBEDTLS_ECP_INTERNAL_ALT) +-#endif +-#if defined(MBEDTLS_ECP_C) +- +-#include "mbedtls/ecp.h" +-#include "mbedtls/threading.h" +-#include "mbedtls/platform_util.h" +- +-#include +- +-#if defined(MBEDTLS_ECP_ALT) +- +-#if SSS_HAVE_ALT_SSS +-# include "sss_mbedtls.h" +-#else +-//# include "ax_mbedtls.h" +-#endif +- +-/* Parameter validation macros based on platform_util.h */ +-#define ECP_VALIDATE_RET( cond ) \ +- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) +-#define ECP_VALIDATE( cond ) \ +- MBEDTLS_INTERNAL_VALIDATE( cond ) +- +-#if defined(MBEDTLS_PLATFORM_C) +-#include "mbedtls/platform.h" +-#else +-#include +-#include +-#define mbedtls_printf printf +-#define mbedtls_calloc calloc +-#define mbedtls_free free +-#endif +- +-#include "mbedtls/ecp_internal.h" +- +-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ +- !defined(inline) && !defined(__cplusplus) +-#define inline __inline +-#endif +- +-#if defined(MBEDTLS_SELF_TEST) +-/* +- * Counts of point addition and doubling, and field multiplications. +- * Used to test resistance of point multiplication to simple timing attacks. +- */ +-static unsigned long add_count, dbl_count, mul_count; +-#endif +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +-/* +- * Maximum number of "basic operations" to be done in a row. +- * +- * Default value 0 means that ECC operations will not yield. +- * Note that regardless of the value of ecp_max_ops, always at +- * least one step is performed before yielding. +- * +- * Setting ecp_max_ops=1 can be suitable for testing purposes +- * as it will interrupt computation at all possible points. +- */ +-static unsigned ecp_max_ops = 0; +- +-/* +- * Set ecp_max_ops +- */ +-void mbedtls_ecp_set_max_ops( unsigned max_ops ) +-{ +- ecp_max_ops = max_ops; +-} +- +-/* +- * Check if restart is enabled +- */ +-int mbedtls_ecp_restart_is_enabled( void ) +-{ +- return( ecp_max_ops != 0 ); +-} +- +-/* +- * Restart sub-context for ecp_mul_comb() +- */ +-struct mbedtls_ecp_restart_mul +-{ +- mbedtls_ecp_point R; /* current intermediate result */ +- size_t i; /* current index in various loops, 0 outside */ +- mbedtls_ecp_point *T; /* table for precomputed points */ +- unsigned char T_size; /* number of points in table T */ +- enum { /* what were we doing last time we returned? */ +- ecp_rsm_init = 0, /* nothing so far, dummy initial state */ +- ecp_rsm_pre_dbl, /* precompute 2^n multiples */ +- ecp_rsm_pre_norm_dbl, /* normalize precomputed 2^n multiples */ +- ecp_rsm_pre_add, /* precompute remaining points by adding */ +- ecp_rsm_pre_norm_add, /* normalize all precomputed points */ +- ecp_rsm_comb_core, /* ecp_mul_comb_core() */ +- ecp_rsm_final_norm, /* do the final normalization */ +- } state; +-}; +- +-/* +- * Init restart_mul sub-context +- */ +-static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx ) +-{ +- mbedtls_ecp_point_init( &ctx->R ); +- ctx->i = 0; +- ctx->T = NULL; +- ctx->T_size = 0; +- ctx->state = ecp_rsm_init; +-} +- +-/* +- * Free the components of a restart_mul sub-context +- */ +-static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx ) +-{ +- unsigned char i; +- +- if( ctx == NULL ) +- return; +- +- mbedtls_ecp_point_free( &ctx->R ); +- +- if( ctx->T != NULL ) +- { +- for( i = 0; i < ctx->T_size; i++ ) +- mbedtls_ecp_point_free( ctx->T + i ); +- mbedtls_free( ctx->T ); +- } +- +- ecp_restart_rsm_init( ctx ); +-} +- +-/* +- * Restart context for ecp_muladd() +- */ +-struct mbedtls_ecp_restart_muladd +-{ +- mbedtls_ecp_point mP; /* mP value */ +- mbedtls_ecp_point R; /* R intermediate result */ +- enum { /* what should we do next? */ +- ecp_rsma_mul1 = 0, /* first multiplication */ +- ecp_rsma_mul2, /* second multiplication */ +- ecp_rsma_add, /* addition */ +- ecp_rsma_norm, /* normalization */ +- } state; +-}; +- +-/* +- * Init restart_muladd sub-context +- */ +-static void ecp_restart_ma_init( mbedtls_ecp_restart_muladd_ctx *ctx ) +-{ +- mbedtls_ecp_point_init( &ctx->mP ); +- mbedtls_ecp_point_init( &ctx->R ); +- ctx->state = ecp_rsma_mul1; +-} +- +-/* +- * Free the components of a restart_muladd sub-context +- */ +-static void ecp_restart_ma_free( mbedtls_ecp_restart_muladd_ctx *ctx ) +-{ +- if( ctx == NULL ) +- return; +- +- mbedtls_ecp_point_free( &ctx->mP ); +- mbedtls_ecp_point_free( &ctx->R ); +- +- ecp_restart_ma_init( ctx ); +-} +- +-/* +- * Initialize a restart context +- */ +-void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ) +-{ +- ECP_VALIDATE( ctx != NULL ); +- ctx->ops_done = 0; +- ctx->depth = 0; +- ctx->rsm = NULL; +- ctx->ma = NULL; +-} +- +-/* +- * Free the components of a restart context +- */ +-void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) +-{ +- if( ctx == NULL ) +- return; +- +- ecp_restart_rsm_free( ctx->rsm ); +- mbedtls_free( ctx->rsm ); +- +- ecp_restart_ma_free( ctx->ma ); +- mbedtls_free( ctx->ma ); +- +- mbedtls_ecp_restart_init( ctx ); +-} +- +-/* +- * Check if we can do the next step +- */ +-int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, +- mbedtls_ecp_restart_ctx *rs_ctx, +- unsigned ops ) +-{ +- ECP_VALIDATE_RET( grp != NULL ); +- +- if( rs_ctx != NULL && ecp_max_ops != 0 ) +- { +- /* scale depending on curve size: the chosen reference is 256-bit, +- * and multiplication is quadratic. Round to the closest integer. */ +- if( grp->pbits >= 512 ) +- ops *= 4; +- else if( grp->pbits >= 384 ) +- ops *= 2; +- +- /* Avoid infinite loops: always allow first step. +- * Because of that, however, it's not generally true +- * that ops_done <= ecp_max_ops, so the check +- * ops_done > ecp_max_ops below is mandatory. */ +- if( ( rs_ctx->ops_done != 0 ) && +- ( rs_ctx->ops_done > ecp_max_ops || +- ops > ecp_max_ops - rs_ctx->ops_done ) ) +- { +- return( MBEDTLS_ERR_ECP_IN_PROGRESS ); +- } +- +- /* update running count */ +- rs_ctx->ops_done += ops; +- } +- +- return( 0 ); +-} +- +-/* Call this when entering a function that needs its own sub-context */ +-#define ECP_RS_ENTER( SUB ) do { \ +- /* reset ops count for this call if top-level */ \ +- if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) \ +- rs_ctx->ops_done = 0; \ +- \ +- /* set up our own sub-context if needed */ \ +- if( mbedtls_ecp_restart_is_enabled() && \ +- rs_ctx != NULL && rs_ctx->SUB == NULL ) \ +- { \ +- rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \ +- if( rs_ctx->SUB == NULL ) \ +- return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); \ +- \ +- ecp_restart_## SUB ##_init( rs_ctx->SUB ); \ +- } \ +-} while( 0 ) +- +-/* Call this when leaving a function that needs its own sub-context */ +-#define ECP_RS_LEAVE( SUB ) do { \ +- /* clear our sub-context when not in progress (done or error) */ \ +- if( rs_ctx != NULL && rs_ctx->SUB != NULL && \ +- ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \ +- { \ +- ecp_restart_## SUB ##_free( rs_ctx->SUB ); \ +- mbedtls_free( rs_ctx->SUB ); \ +- rs_ctx->SUB = NULL; \ +- } \ +- \ +- if( rs_ctx != NULL ) \ +- rs_ctx->depth--; \ +-} while( 0 ) +- +-#else /* MBEDTLS_ECP_RESTARTABLE */ +- +-#define ECP_RS_ENTER( sub ) (void) rs_ctx; +-#define ECP_RS_LEAVE( sub ) (void) rs_ctx; +- +-#endif /* MBEDTLS_ECP_RESTARTABLE */ +- +-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +-#define ECP_SHORTWEIERSTRASS +-#endif +- +-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +-#define ECP_MONTGOMERY +-#endif +- +-/* +- * Curve types: internal for now, might be exposed later +- */ +-typedef enum +-{ +- ECP_TYPE_NONE = 0, +- ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */ +- ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */ +-} ecp_curve_type; +- +-/* +- * List of supported curves: +- * - internal ID +- * - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2) +- * - size in bits +- * - readable name +- * +- * Curves are listed in order: largest curves first, and for a given size, +- * fastest curves first. This provides the default order for the SSL module. +- * +- * Reminder: update profiles in x509_crt.c when adding a new curves! +- */ +-static const mbedtls_ecp_curve_info ecp_supported_curves[] = +-{ +-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +- { MBEDTLS_ECP_DP_SECP521R1, 25, 521, "secp521r1" }, +-#endif +-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) +- { MBEDTLS_ECP_DP_BP512R1, 28, 512, "brainpoolP512r1" }, +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +- { MBEDTLS_ECP_DP_SECP384R1, 24, 384, "secp384r1" }, +-#endif +-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) +- { MBEDTLS_ECP_DP_BP384R1, 27, 384, "brainpoolP384r1" }, +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +- { MBEDTLS_ECP_DP_SECP256R1, 23, 256, "secp256r1" }, +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +- { MBEDTLS_ECP_DP_SECP256K1, 22, 256, "secp256k1" }, +-#endif +-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) +- { MBEDTLS_ECP_DP_BP256R1, 26, 256, "brainpoolP256r1" }, +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +- { MBEDTLS_ECP_DP_SECP224R1, 21, 224, "secp224r1" }, +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +- { MBEDTLS_ECP_DP_SECP224K1, 20, 224, "secp224k1" }, +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +- { MBEDTLS_ECP_DP_SECP192R1, 19, 192, "secp192r1" }, +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) +- { MBEDTLS_ECP_DP_SECP192K1, 18, 192, "secp192k1" }, +-#endif +- { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, +-}; +- +-#define ECP_NB_CURVES sizeof( ecp_supported_curves ) / \ +- sizeof( ecp_supported_curves[0] ) +- +-static mbedtls_ecp_group_id ecp_supported_grp_id[ECP_NB_CURVES]; +- +-/* +- * List of supported curves and associated info +- */ +-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ) +-{ +- return( ecp_supported_curves ); +-} +- +-/* +- * List of supported curves, group ID only +- */ +-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ) +-{ +- static int init_done = 0; +- +- if( ! init_done ) +- { +- size_t i = 0; +- const mbedtls_ecp_curve_info *curve_info; +- +- for( curve_info = mbedtls_ecp_curve_list(); +- curve_info->grp_id != MBEDTLS_ECP_DP_NONE; +- curve_info++ ) +- { +- ecp_supported_grp_id[i++] = curve_info->grp_id; +- } +- ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE; +- +- init_done = 1; +- } +- +- return( ecp_supported_grp_id ); +-} +- +-/* +- * Get the curve info for the internal identifier +- */ +-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ) +-{ +- const mbedtls_ecp_curve_info *curve_info; +- +- for( curve_info = mbedtls_ecp_curve_list(); +- curve_info->grp_id != MBEDTLS_ECP_DP_NONE; +- curve_info++ ) +- { +- if( curve_info->grp_id == grp_id ) +- return( curve_info ); +- } +- +- return( NULL ); +-} +- +-/* +- * Get the curve info from the TLS identifier +- */ +-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ) +-{ +- const mbedtls_ecp_curve_info *curve_info; +- +- for( curve_info = mbedtls_ecp_curve_list(); +- curve_info->grp_id != MBEDTLS_ECP_DP_NONE; +- curve_info++ ) +- { +- if( curve_info->tls_id == tls_id ) +- return( curve_info ); +- } +- +- return( NULL ); +-} +- +-/* +- * Get the curve info from the name +- */ +-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ) +-{ +- const mbedtls_ecp_curve_info *curve_info; +- +- if( name == NULL ) +- return( NULL ); +- +- for( curve_info = mbedtls_ecp_curve_list(); +- curve_info->grp_id != MBEDTLS_ECP_DP_NONE; +- curve_info++ ) +- { +- if( strcmp( curve_info->name, name ) == 0 ) +- return( curve_info ); +- } +- +- return( NULL ); +-} +- +-/* +- * Get the type of a curve +- */ +-static inline ecp_curve_type ecp_get_type( const mbedtls_ecp_group *grp ) +-{ +- if( grp->G.X.p == NULL ) +- return( ECP_TYPE_NONE ); +- +- if( grp->G.Y.p == NULL ) +- return( ECP_TYPE_MONTGOMERY ); +- else +- return( ECP_TYPE_SHORT_WEIERSTRASS ); +-} +- +-/* +- * Initialize (the components of) a point +- */ +-void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ) +-{ +- ECP_VALIDATE( pt != NULL ); +- +- mbedtls_mpi_init( &pt->X ); +- mbedtls_mpi_init( &pt->Y ); +- mbedtls_mpi_init( &pt->Z ); +-} +- +-/* +- * Initialize (the components of) a group +- */ +-void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) +-{ +- ECP_VALIDATE( grp != NULL ); +- +- grp->id = MBEDTLS_ECP_DP_NONE; +- mbedtls_mpi_init( &grp->P ); +- mbedtls_mpi_init( &grp->A ); +- mbedtls_mpi_init( &grp->B ); +- mbedtls_ecp_point_init( &grp->G ); +- mbedtls_mpi_init( &grp->N ); +- grp->pbits = 0; +- grp->nbits = 0; +- grp->h = 0; +- grp->modp = NULL; +- grp->t_pre = NULL; +- grp->t_post = NULL; +- grp->t_data = NULL; +- grp->T = NULL; +- grp->T_size = 0; +-} +- +-/* +- * Initialize (the components of) a key pair +- */ +-void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ) +-{ +- ECP_VALIDATE( key != NULL ); +- +- mbedtls_ecp_group_init( &key->grp ); +- mbedtls_mpi_init( &key->d ); +- mbedtls_ecp_point_init( &key->Q ); +-} +- +-/* +- * Unallocate (the components of) a point +- */ +-void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ) +-{ +- if( pt == NULL ) +- return; +- +- mbedtls_mpi_free( &( pt->X ) ); +- mbedtls_mpi_free( &( pt->Y ) ); +- mbedtls_mpi_free( &( pt->Z ) ); +-} +- +-/* +- * Unallocate (the components of) a group +- */ +-void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) +-{ +- size_t i; +- +- if( grp == NULL ) +- return; +- +- if( grp->h != 1 ) +- { +- mbedtls_mpi_free( &grp->P ); +- mbedtls_mpi_free( &grp->A ); +- mbedtls_mpi_free( &grp->B ); +- mbedtls_ecp_point_free( &grp->G ); +- mbedtls_mpi_free( &grp->N ); +- } +- +- if( grp->T != NULL ) +- { +- for( i = 0; i < grp->T_size; i++ ) +- mbedtls_ecp_point_free( &grp->T[i] ); +- mbedtls_free( grp->T ); +- } +- +- mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) ); +-} +- +-/* +- * Unallocate (the components of) a key pair +- */ +-void mbedtls_ecp_keypair_free_o( mbedtls_ecp_keypair *key ) +-{ +- if( key == NULL ) +- return; +- +- mbedtls_ecp_group_free( &key->grp ); +- mbedtls_mpi_free( &key->d ); +- mbedtls_ecp_point_free( &key->Q ); +-} +- +-/* +- * Secure element hostlib handling +- */ +- +-void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ) +-{ +- if( key == NULL ) +- return; +-#if SSS_HAVE_ALT_A71CH +- if ( key->grp.hlse_handle != 0 ) +- { +- key->grp.hlse_handle = 0; +- } +-#endif +- mbedtls_ecp_keypair_free_o(key); +-} +- +-/* +- * Copy the contents of a point +- */ +-int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) +-{ +- int ret; +- ECP_VALIDATE_RET( P != NULL ); +- ECP_VALIDATE_RET( Q != NULL ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Z, &Q->Z ) ); +- +-cleanup: +- return( ret ); +-} +- +-/* +- * Copy the contents of a group object +- */ +-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ) +-{ +- ECP_VALIDATE_RET( dst != NULL ); +- ECP_VALIDATE_RET( src != NULL ); +- +- return( mbedtls_ecp_group_load( dst, src->id ) ); +-} +- +-/* +- * Set point to zero +- */ +-int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ) +-{ +- int ret; +- ECP_VALIDATE_RET( pt != NULL ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) ); +- +-cleanup: +- return( ret ); +-} +- +-/* +- * Tell if a point is zero +- */ +-int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ) +-{ +- ECP_VALIDATE_RET( pt != NULL ); +- +- return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 ); +-} +- +-/* +- * Compare two points lazily +- */ +-int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, +- const mbedtls_ecp_point *Q ) +-{ +- ECP_VALIDATE_RET( P != NULL ); +- ECP_VALIDATE_RET( Q != NULL ); +- +- if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 && +- mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 && +- mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 ) +- { +- return( 0 ); +- } +- +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +-} +- +-/* +- * Import a non-zero point from ASCII strings +- */ +-int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, +- const char *x, const char *y ) +-{ +- int ret; +- ECP_VALIDATE_RET( P != NULL ); +- ECP_VALIDATE_RET( x != NULL ); +- ECP_VALIDATE_RET( y != NULL ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) ); +- +-cleanup: +- return( ret ); +-} +- +-/* +- * Export a point into unsigned binary data (SEC1 2.3.3) +- */ +-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, +- const mbedtls_ecp_point *P, +- int format, size_t *olen, +- unsigned char *buf, size_t buflen ) +-{ +- int ret = 0; +- size_t plen; +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( P != NULL ); +- ECP_VALIDATE_RET( olen != NULL ); +- ECP_VALIDATE_RET( buf != NULL ); +- ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED || +- format == MBEDTLS_ECP_PF_COMPRESSED ); +- +- /* +- * Common case: P == 0 +- */ +- if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 ) +- { +- if( buflen < 1 ) +- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); +- +- buf[0] = 0x00; +- *olen = 1; +- +- return( 0 ); +- } +- +- plen = mbedtls_mpi_size( &grp->P ); +- +- if( format == MBEDTLS_ECP_PF_UNCOMPRESSED ) +- { +- *olen = 2 * plen + 1; +- +- if( buflen < *olen ) +- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); +- +- buf[0] = 0x04; +- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) ); +- } +- else if( format == MBEDTLS_ECP_PF_COMPRESSED ) +- { +- *olen = plen + 1; +- +- if( buflen < *olen ) +- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); +- +- buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) ); +- } +- +-cleanup: +- return( ret ); +-} +- +-/* +- * Import a point from unsigned binary data (SEC1 2.3.4) +- */ +-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, +- mbedtls_ecp_point *pt, +- const unsigned char *buf, size_t ilen ) +-{ +- int ret; +- size_t plen; +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( pt != NULL ); +- ECP_VALIDATE_RET( buf != NULL ); +- +- if( ilen < 1 ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- if( buf[0] == 0x00 ) +- { +- if( ilen == 1 ) +- return( mbedtls_ecp_set_zero( pt ) ); +- else +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- } +- +- plen = mbedtls_mpi_size( &grp->P ); +- +- if( buf[0] != 0x04 ) +- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); +- +- if( ilen != 2 * plen + 1 ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y, buf + 1 + plen, plen ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) ); +- +-cleanup: +- return( ret ); +-} +- +-/* +- * Import a point from a TLS ECPoint record (RFC 4492) +- * struct { +- * opaque point <1..2^8-1>; +- * } ECPoint; +- */ +-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, +- mbedtls_ecp_point *pt, +- const unsigned char **buf, size_t buf_len ) +-{ +- unsigned char data_len; +- const unsigned char *buf_start; +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( pt != NULL ); +- ECP_VALIDATE_RET( buf != NULL ); +- ECP_VALIDATE_RET( *buf != NULL ); +- +- /* +- * We must have at least two bytes (1 for length, at least one for data) +- */ +- if( buf_len < 2 ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- data_len = *(*buf)++; +- if( data_len < 1 || data_len > buf_len - 1 ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- /* +- * Save buffer start for read_binary and update buf +- */ +- buf_start = *buf; +- *buf += data_len; +- +- return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) ); +-} +- +-/* +- * Export a point as a TLS ECPoint record (RFC 4492) +- * struct { +- * opaque point <1..2^8-1>; +- * } ECPoint; +- */ +-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, +- int format, size_t *olen, +- unsigned char *buf, size_t blen ) +-{ +- int ret; +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( pt != NULL ); +- ECP_VALIDATE_RET( olen != NULL ); +- ECP_VALIDATE_RET( buf != NULL ); +- ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED || +- format == MBEDTLS_ECP_PF_COMPRESSED ); +- +- /* +- * buffer length must be at least one, for our length byte +- */ +- if( blen < 1 ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- if( ( ret = mbedtls_ecp_point_write_binary( grp, pt, format, +- olen, buf + 1, blen - 1) ) != 0 ) +- return( ret ); +- +- /* +- * write length to the first byte and update total length +- */ +- buf[0] = (unsigned char) *olen; +- ++*olen; +- +- return( 0 ); +-} +- +-/* +- * Set a group from an ECParameters record (RFC 4492) +- */ +-int mbedtls_ecp_tls_read_group_o( mbedtls_ecp_group *grp, +- const unsigned char **buf, size_t len ) +-{ +- int ret; +- mbedtls_ecp_group_id grp_id; +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( buf != NULL ); +- ECP_VALIDATE_RET( *buf != NULL ); +- +- if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 ) +- return( ret ); +- +- return( mbedtls_ecp_group_load( grp, grp_id ) ); +-} +- +-/* +- * Use modified handling for secure element hostlib +- */ +-#if SSS_HAVE_ALT_A71CH +-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ) +-{ +- int ret; +- HLSE_OBJECT_HANDLE backup_type_ax_index; +- backup_type_ax_index = grp->hlse_handle; +- ret = mbedtls_ecp_tls_read_group_o(grp, buf, len); +- grp->hlse_handle = backup_type_ax_index; +- return ret; +-} +-#elif SSS_HAVE_ALT_SSS +-int mbedtls_ecp_tls_read_group( +- mbedtls_ecp_group *grp, const unsigned char **buf, size_t len) +-{ +- int ret; +- sss_object_t *backup_type_SSS_Object = grp->pSSSObject; +- sss_key_store_t *backup_type_hostKs = grp->hostKs; +- ret = mbedtls_ecp_tls_read_group_o(grp, buf, len); +- grp->pSSSObject = backup_type_SSS_Object; +- grp->hostKs = backup_type_hostKs; +- +- return ret; +-} +-#else +-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ) +-{ +- int ret = mbedtls_ecp_tls_read_group_o(grp, buf, len); +- return ret; +-} +-#endif +- +-/* +- * Read a group id from an ECParameters record (RFC 4492) and convert it to +- * mbedtls_ecp_group_id. +- */ +-int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, +- const unsigned char **buf, size_t len ) +-{ +- uint16_t tls_id; +- const mbedtls_ecp_curve_info *curve_info; +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( buf != NULL ); +- ECP_VALIDATE_RET( *buf != NULL ); +- +- /* +- * We expect at least three bytes (see below) +- */ +- if( len < 3 ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- /* +- * First byte is curve_type; only named_curve is handled +- */ +- if( *(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- /* +- * Next two bytes are the namedcurve value +- */ +- tls_id = *(*buf)++; +- tls_id <<= 8; +- tls_id |= *(*buf)++; +- +- if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL ) +- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); +- +- *grp = curve_info->grp_id; +- +- return( 0 ); +-} +- +-/* +- * Write the ECParameters record corresponding to a group (RFC 4492) +- */ +-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, +- unsigned char *buf, size_t blen ) +-{ +- const mbedtls_ecp_curve_info *curve_info; +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( buf != NULL ); +- ECP_VALIDATE_RET( olen != NULL ); +- +- if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- /* +- * We are going to write 3 bytes (see below) +- */ +- *olen = 3; +- if( blen < *olen ) +- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); +- +- /* +- * First byte is curve_type, always named_curve +- */ +- *buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE; +- +- /* +- * Next two bytes are the namedcurve value +- */ +- buf[0] = curve_info->tls_id >> 8; +- buf[1] = curve_info->tls_id & 0xFF; +- +- return( 0 ); +-} +- +-/* +- * Wrapper around fast quasi-modp functions, with fall-back to mbedtls_mpi_mod_mpi. +- * See the documentation of struct mbedtls_ecp_group. +- * +- * This function is in the critial loop for mbedtls_ecp_mul, so pay attention to perf. +- */ +-static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp ) +-{ +- int ret; +- +- if( grp->modp == NULL ) +- return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) ); +- +- /* N->s < 0 is a much faster test, which fails only if N is 0 */ +- if( ( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) || +- mbedtls_mpi_bitlen( N ) > 2 * grp->pbits ) +- { +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- } +- +- MBEDTLS_MPI_CHK( grp->modp( N ) ); +- +- /* N->s < 0 is a much faster test, which fails only if N is 0 */ +- while( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &grp->P ) ); +- +- while( mbedtls_mpi_cmp_mpi( N, &grp->P ) >= 0 ) +- /* we known P, N and the result are positive */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, N, &grp->P ) ); +- +-cleanup: +- return( ret ); +-} +- +-/* +- * Fast mod-p functions expect their argument to be in the 0..p^2 range. +- * +- * In order to guarantee that, we need to ensure that operands of +- * mbedtls_mpi_mul_mpi are in the 0..p range. So, after each operation we will +- * bring the result back to this range. +- * +- * The following macros are shortcuts for doing that. +- */ +- +-/* +- * Reduce a mbedtls_mpi mod p in-place, general case, to use after mbedtls_mpi_mul_mpi +- */ +-#if defined(MBEDTLS_SELF_TEST) +-#define INC_MUL_COUNT mul_count++; +-#else +-#define INC_MUL_COUNT +-#endif +- +-#define MOD_MUL( N ) \ +- do \ +- { \ +- MBEDTLS_MPI_CHK( ecp_modp( &(N), grp ) ); \ +- INC_MUL_COUNT \ +- } while( 0 ) +- +-/* +- * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi +- * N->s < 0 is a very fast test, which fails only if N is 0 +- */ +-#define MOD_SUB( N ) \ +- while( (N).s < 0 && mbedtls_mpi_cmp_int( &(N), 0 ) != 0 ) \ +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &(N), &(N), &grp->P ) ) +- +-/* +- * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_add_mpi and mbedtls_mpi_mul_int. +- * We known P, N and the result are positive, so sub_abs is correct, and +- * a bit faster. +- */ +-#define MOD_ADD( N ) \ +- while( mbedtls_mpi_cmp_mpi( &(N), &grp->P ) >= 0 ) \ +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &(N), &(N), &grp->P ) ) +- +-#if defined(ECP_SHORTWEIERSTRASS) +-/* +- * For curves in short Weierstrass form, we do all the internal operations in +- * Jacobian coordinates. +- * +- * For multiplication, we'll use a comb method with coutermeasueres against +- * SPA, hence timing attacks. +- */ +- +-/* +- * Normalize jacobian coordinates so that Z == 0 || Z == 1 (GECC 3.2.1) +- * Cost: 1N := 1I + 3M + 1S +- */ +-#if !defined(MBEDTLS_ECP_MUL_COMB_ALT) || !defined(MBEDTLS_ECP_ADD_ALT) +-static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt ) +-{ +- int ret; +- mbedtls_mpi Zi, ZZi; +- +- if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 ) +- return( 0 ); +- +-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) +- if( mbedtls_internal_ecp_grp_capable( grp ) ) +- return( mbedtls_internal_ecp_normalize_jac( grp, pt ) ); +-#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */ +- +- mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi ); +- +- /* +- * X = X / Z^2 mod p +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi, &pt->Z, &grp->P ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ZZi, &Zi, &Zi ) ); MOD_MUL( ZZi ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->X, &pt->X, &ZZi ) ); MOD_MUL( pt->X ); +- +- /* +- * Y = Y / Z^3 mod p +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y, &pt->Y, &ZZi ) ); MOD_MUL( pt->Y ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y, &pt->Y, &Zi ) ); MOD_MUL( pt->Y ); +- +- /* +- * Z = 1 +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) ); +- +-cleanup: +- +- mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi ); +- +- return( ret ); +-} +-#endif /*!MBEDTLS_ECP_MUL_COMB_ALT || !MBEDTLS_ECP_ADD_ALT */ +- +-/* +- * Normalize jacobian coordinates of an array of (pointers to) points, +- * using Montgomery's trick to perform only one inversion mod P. +- * (See for example Cohen's "A Course in Computational Algebraic Number +- * Theory", Algorithm 10.3.4.) +- * +- * Warning: fails (returning an error) if one of the points is zero! +- * This should never happen, see choice of w in ecp_mul_comb(). +- * +- * Cost: 1N(t) := 1I + (6t - 3)M + 1S +- */ +-#if !defined(MBEDTLS_ECP_MUL_COMB_ALT) +-static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, +- mbedtls_ecp_point *T[], size_t T_size ) +-{ +- int ret; +- size_t i; +- mbedtls_mpi *c, u, Zi, ZZi; +- +- if( T_size < 2 ) +- return( ecp_normalize_jac( grp, *T ) ); +- +-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) +- if( mbedtls_internal_ecp_grp_capable( grp ) ) +- return( mbedtls_internal_ecp_normalize_jac_many( grp, T, T_size ) ); +-#endif +- +- if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL ) +- return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); +- +- for( i = 0; i < T_size; i++ ) +- mbedtls_mpi_init( &c[i] ); +- +- mbedtls_mpi_init( &u ); mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi ); +- +- /* +- * c[i] = Z_0 * ... * Z_i +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &c[0], &T[0]->Z ) ); +- for( i = 1; i < T_size; i++ ) +- { +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &c[i], &c[i-1], &T[i]->Z ) ); +- MOD_MUL( c[i] ); +- } +- +- /* +- * u = 1 / (Z_0 * ... * Z_n) mod P +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[T_size-1], &grp->P ) ); +- +- for( i = T_size - 1; ; i-- ) +- { +- /* +- * Zi = 1 / Z_i mod p +- * u = 1 / (Z_0 * ... * Z_i) mod P +- */ +- if( i == 0 ) { +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Zi, &u ) ); +- } +- else +- { +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &Zi, &u, &c[i-1] ) ); MOD_MUL( Zi ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &u, &u, &T[i]->Z ) ); MOD_MUL( u ); +- } +- +- /* +- * proceed as in normalize() +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ZZi, &Zi, &Zi ) ); MOD_MUL( ZZi ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T[i]->X, &T[i]->X, &ZZi ) ); MOD_MUL( T[i]->X ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T[i]->Y, &T[i]->Y, &ZZi ) ); MOD_MUL( T[i]->Y ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T[i]->Y, &T[i]->Y, &Zi ) ); MOD_MUL( T[i]->Y ); +- +- /* +- * Post-precessing: reclaim some memory by shrinking coordinates +- * - not storing Z (always 1) +- * - shrinking other coordinates, but still keeping the same number of +- * limbs as P, as otherwise it will too likely be regrown too fast. +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->X, grp->P.n ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->Y, grp->P.n ) ); +- mbedtls_mpi_free( &T[i]->Z ); +- +- if( i == 0 ) +- break; +- } +- +-cleanup: +- +- mbedtls_mpi_free( &u ); mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi ); +- for( i = 0; i < T_size; i++ ) +- mbedtls_mpi_free( &c[i] ); +- mbedtls_free( c ); +- +- return( ret ); +-} +-#endif /*!MBEDTLS_ECP_MUL_COMB_ALT*/ +- +-/* +- * Conditional point inversion: Q -> -Q = (Q.X, -Q.Y, Q.Z) without leak. +- * "inv" must be 0 (don't invert) or 1 (invert) or the result will be invalid +- */ +-#if !defined(MBEDTLS_ECP_MUL_COMB_ALT) +-static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp, +- mbedtls_ecp_point *Q, +- unsigned char inv ) +-{ +- int ret; +- unsigned char nonzero; +- mbedtls_mpi mQY; +- +- mbedtls_mpi_init( &mQY ); +- +- /* Use the fact that -Q.Y mod P = P - Q.Y unless Q.Y == 0 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mQY, &grp->P, &Q->Y ) ); +- nonzero = mbedtls_mpi_cmp_int( &Q->Y, 0 ) != 0; +- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &Q->Y, &mQY, inv & nonzero ) ); +- +-cleanup: +- mbedtls_mpi_free( &mQY ); +- +- return( ret ); +-} +-#endif /*!MBEDTLS_ECP_MUL_COMB_ALT*/ +- +-/* +- * Point doubling R = 2 P, Jacobian coordinates +- * +- * Based on http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#doubling-dbl-1998-cmo-2 . +- * +- * We follow the variable naming fairly closely. The formula variations that trade a MUL for a SQR +- * (plus a few ADDs) aren't useful as our bignum implementation doesn't distinguish squaring. +- * +- * Standard optimizations are applied when curve parameter A is one of { 0, -3 }. +- * +- * Cost: 1D := 3M + 4S (A == 0) +- * 4M + 4S (A == -3) +- * 3M + 6S + 1a otherwise +- */ +-#if !defined(MBEDTLS_ECP_MUL_COMB_ALT) || !defined(MBEDTLS_ECP_ADD_ALT) +-static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +- const mbedtls_ecp_point *P ) +-{ +- int ret; +- mbedtls_mpi M, S, T, U; +- +-#if defined(MBEDTLS_SELF_TEST) +- dbl_count++; +-#endif +- +-#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) +- if( mbedtls_internal_ecp_grp_capable( grp ) ) +- return( mbedtls_internal_ecp_double_jac( grp, R, P ) ); +-#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */ +- +- mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U ); +- +- /* Special case for A = -3 */ +- if( grp->A.p == NULL ) +- { +- /* M = 3(X + Z^2)(X - Z^2) */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->Z, &P->Z ) ); MOD_MUL( S ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &P->X, &S ) ); MOD_ADD( T ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U, &P->X, &S ) ); MOD_SUB( U ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &T, &U ) ); MOD_MUL( S ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M ); +- } +- else +- { +- /* M = 3.X^2 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->X, &P->X ) ); MOD_MUL( S ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M ); +- +- /* Optimize away for "koblitz" curves with A = 0 */ +- if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 ) +- { +- /* M += A.Z^4 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->Z, &P->Z ) ); MOD_MUL( S ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &S, &S ) ); MOD_MUL( T ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &T, &grp->A ) ); MOD_MUL( S ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &S ) ); MOD_ADD( M ); +- } +- } +- +- /* S = 4.X.Y^2 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &P->Y, &P->Y ) ); MOD_MUL( T ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T, 1 ) ); MOD_ADD( T ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->X, &T ) ); MOD_MUL( S ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &S, 1 ) ); MOD_ADD( S ); +- +- /* U = 8.Y^4 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &U, &T, &T ) ); MOD_MUL( U ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &U, 1 ) ); MOD_ADD( U ); +- +- /* T = M^2 - 2.S */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &M, &M ) ); MOD_MUL( T ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &T, &S ) ); MOD_SUB( T ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &T, &S ) ); MOD_SUB( T ); +- +- /* S = M(S - T) - U */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S, &S, &T ) ); MOD_SUB( S ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &S, &M ) ); MOD_MUL( S ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S, &S, &U ) ); MOD_SUB( S ); +- +- /* U = 2.Y.Z */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &U, &P->Y, &P->Z ) ); MOD_MUL( U ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &U, 1 ) ); MOD_ADD( U ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &T ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &S ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &U ) ); +- +-cleanup: +- mbedtls_mpi_free( &M ); mbedtls_mpi_free( &S ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &U ); +- +- return( ret ); +-} +-#endif +- +-/* +- * Addition: R = P + Q, mixed affine-Jacobian coordinates (GECC 3.22) +- * +- * The coordinates of Q must be normalized (= affine), +- * but those of P don't need to. R is not normalized. +- * +- * Special cases: (1) P or Q is zero, (2) R is zero, (3) P == Q. +- * None of these cases can happen as intermediate step in ecp_mul_comb(): +- * - at each step, P, Q and R are multiples of the base point, the factor +- * being less than its order, so none of them is zero; +- * - Q is an odd multiple of the base point, P an even multiple, +- * due to the choice of precomputed points in the modified comb method. +- * So branches for these cases do not leak secret information. +- * +- * We accept Q->Z being unset (saving memory in tables) as meaning 1. +- * +- * Cost: 1A := 8M + 3S +- */ +-#if !defined(MBEDTLS_ECP_MUL_COMB_ALT) || !defined(MBEDTLS_ECP_ADD_ALT) +-static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +- const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) +-{ +- int ret; +- mbedtls_mpi T1, T2, T3, T4, X, Y, Z; +- +-#if defined(MBEDTLS_SELF_TEST) +- add_count++; +-#endif +- +-#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) +- if( mbedtls_internal_ecp_grp_capable( grp ) ) +- return( mbedtls_internal_ecp_add_mixed( grp, R, P, Q ) ); +-#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */ +- +- /* +- * Trivial cases: P == 0 or Q == 0 (case 1) +- */ +- if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 ) +- return( mbedtls_ecp_copy( R, Q ) ); +- +- if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 0 ) == 0 ) +- return( mbedtls_ecp_copy( R, P ) ); +- +- /* +- * Make sure Q coordinates are normalized +- */ +- if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 1 ) != 0 ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &T3 ); mbedtls_mpi_init( &T4 ); +- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &P->Z, &P->Z ) ); MOD_MUL( T1 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T2, &T1, &P->Z ) ); MOD_MUL( T2 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T1, &Q->X ) ); MOD_MUL( T1 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T2, &T2, &Q->Y ) ); MOD_MUL( T2 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T1, &T1, &P->X ) ); MOD_SUB( T1 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T2, &T2, &P->Y ) ); MOD_SUB( T2 ); +- +- /* Special cases (2) and (3) */ +- if( mbedtls_mpi_cmp_int( &T1, 0 ) == 0 ) +- { +- if( mbedtls_mpi_cmp_int( &T2, 0 ) == 0 ) +- { +- ret = ecp_double_jac( grp, R, P ); +- goto cleanup; +- } +- else +- { +- ret = mbedtls_ecp_set_zero( R ); +- goto cleanup; +- } +- } +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &Z, &P->Z, &T1 ) ); MOD_MUL( Z ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3, &T1, &T1 ) ); MOD_MUL( T3 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T4, &T3, &T1 ) ); MOD_MUL( T4 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3, &T3, &P->X ) ); MOD_MUL( T3 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T3, 2 ) ); MOD_ADD( T1 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &T2, &T2 ) ); MOD_MUL( X ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) ); MOD_SUB( X ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T4 ) ); MOD_SUB( X ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T3, &T3, &X ) ); MOD_SUB( T3 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3, &T3, &T2 ) ); MOD_MUL( T3 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T4, &T4, &P->Y ) ); MOD_MUL( T4 ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &Y, &T3, &T4 ) ); MOD_SUB( Y ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &X ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &Y ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &Z ) ); +- +-cleanup: +- +- mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 ); mbedtls_mpi_free( &T3 ); mbedtls_mpi_free( &T4 ); +- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); +- +- return( ret ); +-} +-#endif /* MBEDTLS_ECP_MUL_COMB_ALT */ +- +-/* +- * Randomize jacobian coordinates: +- * (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l +- * This is sort of the reverse operation of ecp_normalize_jac(). +- * +- * This countermeasure was first suggested in [2]. +- */ +-#if !defined(MBEDTLS_ECP_MUL_COMB_ALT) +-static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, +- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +-{ +- int ret; +- mbedtls_mpi l, ll; +- size_t p_size; +- int count = 0; +- +-#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) +- if( mbedtls_internal_ecp_grp_capable( grp ) ) +- return( mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng ) ); +-#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */ +- +- p_size = ( grp->pbits + 7 ) / 8; +- mbedtls_mpi_init( &l ); mbedtls_mpi_init( &ll ); +- +- /* Generate l such that 1 < l < p */ +- do +- { +- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); +- +- while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); +- +- if( count++ > 10 ) +- return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); +- } +- while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); +- +- /* Z = l * Z */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Z, &pt->Z, &l ) ); MOD_MUL( pt->Z ); +- +- /* X = l^2 * X */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ll, &l, &l ) ); MOD_MUL( ll ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->X, &pt->X, &ll ) ); MOD_MUL( pt->X ); +- +- /* Y = l^3 * Y */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ll, &ll, &l ) ); MOD_MUL( ll ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y, &pt->Y, &ll ) ); MOD_MUL( pt->Y ); +- +-cleanup: +- mbedtls_mpi_free( &l ); mbedtls_mpi_free( &ll ); +- +- return( ret ); +-} +-#endif /*!MBEDTLS_ECP_MUL_COMB_ALT*/ +- +-/* +- * Check and define parameters used by the comb method (see below for details) +- */ +-#if MBEDTLS_ECP_WINDOW_SIZE < 2 || MBEDTLS_ECP_WINDOW_SIZE > 7 +-#error "MBEDTLS_ECP_WINDOW_SIZE out of bounds" +-#endif +- +-/* d = ceil( n / w ) */ +-#define COMB_MAX_D ( MBEDTLS_ECP_MAX_BITS + 1 ) / 2 +- +-/* number of precomputed points */ +-#define COMB_MAX_PRE ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) +- +-/* +- * Compute the representation of m that will be used with our comb method. +- * +- * The basic comb method is described in GECC 3.44 for example. We use a +- * modified version that provides resistance to SPA by avoiding zero +- * digits in the representation as in [3]. We modify the method further by +- * requiring that all K_i be odd, which has the small cost that our +- * representation uses one more K_i, due to carries, but saves on the size of +- * the precomputed table. +- * +- * Summary of the comb method and its modifications: +- * +- * - The goal is to compute m*P for some w*d-bit integer m. +- * +- * - The basic comb method splits m into the w-bit integers +- * x[0] .. x[d-1] where x[i] consists of the bits in m whose +- * index has residue i modulo d, and computes m * P as +- * S[x[0]] + 2 * S[x[1]] + .. + 2^(d-1) S[x[d-1]], where +- * S[i_{w-1} .. i_0] := i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + i_0 P. +- * +- * - If it happens that, say, x[i+1]=0 (=> S[x[i+1]]=0), one can replace the sum by +- * .. + 2^{i-1} S[x[i-1]] - 2^i S[x[i]] + 2^{i+1} S[x[i]] + 2^{i+2} S[x[i+2]] .., +- * thereby successively converting it into a form where all summands +- * are nonzero, at the cost of negative summands. This is the basic idea of [3]. +- * +- * - More generally, even if x[i+1] != 0, we can first transform the sum as +- * .. - 2^i S[x[i]] + 2^{i+1} ( S[x[i]] + S[x[i+1]] ) + 2^{i+2} S[x[i+2]] .., +- * and then replace S[x[i]] + S[x[i+1]] = S[x[i] ^ x[i+1]] + 2 S[x[i] & x[i+1]]. +- * Performing and iterating this procedure for those x[i] that are even +- * (keeping track of carry), we can transform the original sum into one of the form +- * S[x'[0]] +- 2 S[x'[1]] +- .. +- 2^{d-1} S[x'[d-1]] + 2^d S[x'[d]] +- * with all x'[i] odd. It is therefore only necessary to know S at odd indices, +- * which is why we are only computing half of it in the first place in +- * ecp_precompute_comb and accessing it with index abs(i) / 2 in ecp_select_comb. +- * +- * - For the sake of compactness, only the seven low-order bits of x[i] +- * are used to represent its absolute value (K_i in the paper), and the msb +- * of x[i] encodes the sign (s_i in the paper): it is set if and only if +- * if s_i == -1; +- * +- * Calling conventions: +- * - x is an array of size d + 1 +- * - w is the size, ie number of teeth, of the comb, and must be between +- * 2 and 7 (in practice, between 2 and MBEDTLS_ECP_WINDOW_SIZE) +- * - m is the MPI, expected to be odd and such that bitlength(m) <= w * d +- * (the result will be incorrect if these assumptions are not satisfied) +- */ +-#if !defined(MBEDTLS_ECP_MUL_COMB_ALT) +-static void ecp_comb_recode_core( unsigned char x[], size_t d, +- unsigned char w, const mbedtls_mpi *m ) +-{ +- size_t i, j; +- unsigned char c, cc, adjust; +- +- memset( x, 0, d+1 ); +- +- /* First get the classical comb values (except for x_d = 0) */ +- for( i = 0; i < d; i++ ) +- for( j = 0; j < w; j++ ) +- x[i] |= mbedtls_mpi_get_bit( m, i + d * j ) << j; +- +- /* Now make sure x_1 .. x_d are odd */ +- c = 0; +- for( i = 1; i <= d; i++ ) +- { +- /* Add carry and update it */ +- cc = x[i] & c; +- x[i] = x[i] ^ c; +- c = cc; +- +- /* Adjust if needed, avoiding branches */ +- adjust = 1 - ( x[i] & 0x01 ); +- c |= x[i] & ( x[i-1] * adjust ); +- x[i] = x[i] ^ ( x[i-1] * adjust ); +- x[i-1] |= adjust << 7; +- } +-} +-#endif /*!MBEDTLS_ECP_MUL_COMB_ALT*/ +- +-/* +- * Precompute points for the adapted comb method +- * +- * Assumption: T must be able to hold 2^{w - 1} elements. +- * +- * Operation: If i = i_{w-1} ... i_1 is the binary representation of i, +- * sets T[i] = i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + P. +- * +- * Cost: d(w-1) D + (2^{w-1} - 1) A + 1 N(w-1) + 1 N(2^{w-1} - 1) +- * +- * Note: Even comb values (those where P would be omitted from the +- * sum defining T[i] above) are not needed in our adaption +- * the comb method. See ecp_comb_recode_core(). +- * +- * This function currently works in four steps: +- * (1) [dbl] Computation of intermediate T[i] for 2-power values of i +- * (2) [norm_dbl] Normalization of coordinates of these T[i] +- * (3) [add] Computation of all T[i] +- * (4) [norm_add] Normalization of all T[i] +- * +- * Step 1 can be interrupted but not the others; together with the final +- * coordinate normalization they are the largest steps done at once, depending +- * on the window size. Here are operation counts for P-256: +- * +- * step (2) (3) (4) +- * w = 5 142 165 208 +- * w = 4 136 77 160 +- * w = 3 130 33 136 +- * w = 2 124 11 124 +- * +- * So if ECC operations are blocking for too long even with a low max_ops +- * value, it's useful to set MBEDTLS_ECP_WINDOW_SIZE to a lower value in order +- * to minimize maximum blocking time. +- */ +-#if !defined(MBEDTLS_ECP_MUL_COMB_ALT) +-static int ecp_precompute_comb( const mbedtls_ecp_group *grp, +- mbedtls_ecp_point T[], const mbedtls_ecp_point *P, +- unsigned char w, size_t d, +- mbedtls_ecp_restart_ctx *rs_ctx ) +-{ +- int ret; +- unsigned char i; +- size_t j = 0; +- const unsigned char T_size = 1U << ( w - 1 ); +- mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL ) +- { +- if( rs_ctx->rsm->state == ecp_rsm_pre_dbl ) +- goto dbl; +- if( rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl ) +- goto norm_dbl; +- if( rs_ctx->rsm->state == ecp_rsm_pre_add ) +- goto add; +- if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add ) +- goto norm_add; +- } +-#else +- (void) rs_ctx; +-#endif +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL ) +- { +- rs_ctx->rsm->state = ecp_rsm_pre_dbl; +- +- /* initial state for the loop */ +- rs_ctx->rsm->i = 0; +- } +- +-dbl: +-#endif +- /* +- * Set T[0] = P and +- * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) +- */ +- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) +- j = rs_ctx->rsm->i; +- else +-#endif +- j = 0; +- +- for( ; j < d * ( w - 1 ); j++ ) +- { +- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL ); +- +- i = 1U << ( j / d ); +- cur = T + i; +- +- if( j % d == 0 ) +- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) ); +- +- MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); +- } +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL ) +- rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl; +- +-norm_dbl: +-#endif +- /* +- * Normalize current elements in T. As T has holes, +- * use an auxiliary array of pointers to elements in T. +- */ +- j = 0; +- for( i = 1; i < T_size; i <<= 1 ) +- TT[j++] = T + i; +- +- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 ); +- +- MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL ) +- rs_ctx->rsm->state = ecp_rsm_pre_add; +- +-add: +-#endif +- /* +- * Compute the remaining ones using the minimal number of additions +- * Be careful to update T[2^l] only after using it! +- */ +- MBEDTLS_ECP_BUDGET( ( T_size - 1 ) * MBEDTLS_ECP_OPS_ADD ); +- +- for( i = 1; i < T_size; i <<= 1 ) +- { +- j = i; +- while( j-- ) +- MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) ); +- } +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL ) +- rs_ctx->rsm->state = ecp_rsm_pre_norm_add; +- +-norm_add: +-#endif +- /* +- * Normalize final elements in T. Even though there are no holes now, we +- * still need the auxiliary array for homogeneity with the previous +- * call. Also, skip T[0] which is already normalised, being a copy of P. +- */ +- for( j = 0; j + 1 < T_size; j++ ) +- TT[j] = T + j + 1; +- +- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 ); +- +- MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); +- +-cleanup: +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL && +- ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) +- { +- if( rs_ctx->rsm->state == ecp_rsm_pre_dbl ) +- rs_ctx->rsm->i = j; +- } +-#endif +- +- return( ret ); +-} +-#endif /*!MBEDTLS_ECP_MUL_COMB_ALT*/ +- +-/* +- * Select precomputed point: R = sign(i) * T[ abs(i) / 2 ] +- * +- * See ecp_comb_recode_core() for background +- */ +-#if !defined(MBEDTLS_ECP_MUL_COMB_ALT) +-static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +- const mbedtls_ecp_point T[], unsigned char T_size, +- unsigned char i ) +-{ +- int ret; +- unsigned char ii, j; +- +- /* Ignore the "sign" bit and scale down */ +- ii = ( i & 0x7Fu ) >> 1; +- +- /* Read the whole table to thwart cache-based timing attacks */ +- for( j = 0; j < T_size; j++ ) +- { +- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->X, &T[j].X, j == ii ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) ); +- } +- +- /* Safely invert result if i is "negative" */ +- MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) ); +- +-cleanup: +- return( ret ); +-} +-#endif /*!MBEDTLS_ECP_MUL_COMB_ALT*/ +- +-/* +- * Core multiplication algorithm for the (modified) comb method. +- * This part is actually common with the basic comb method (GECC 3.44) +- * +- * Cost: d A + d D + 1 R +- */ +-#if !defined(MBEDTLS_ECP_MUL_COMB_ALT) +-static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +- const mbedtls_ecp_point T[], unsigned char T_size, +- const unsigned char x[], size_t d, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- mbedtls_ecp_restart_ctx *rs_ctx ) +-{ +- int ret; +- mbedtls_ecp_point Txi; +- size_t i; +- +- mbedtls_ecp_point_init( &Txi ); +- +-#if !defined(MBEDTLS_ECP_RESTARTABLE) +- (void) rs_ctx; +-#endif +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL && +- rs_ctx->rsm->state != ecp_rsm_comb_core ) +- { +- rs_ctx->rsm->i = 0; +- rs_ctx->rsm->state = ecp_rsm_comb_core; +- } +- +- /* new 'if' instead of nested for the sake of the 'else' branch */ +- if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) +- { +- /* restore current index (R already pointing to rs_ctx->rsm->R) */ +- i = rs_ctx->rsm->i; +- } +- else +-#endif +- { +- /* Start with a non-zero point and randomize its coordinates */ +- i = d; +- MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) ); +- if( f_rng != 0 ) +- MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); +- } +- +- while( i != 0 ) +- { +- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD ); +- --i; +- +- MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) ); +- MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, T_size, x[i] ) ); +- MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) ); +- } +- +-cleanup: +- +- mbedtls_ecp_point_free( &Txi ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL && +- ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) +- { +- rs_ctx->rsm->i = i; +- /* no need to save R, already pointing to rs_ctx->rsm->R */ +- } +-#endif +- +- return( ret ); +-} +-#endif /*!MBEDTLS_ECP_MUL_COMB_ALT*/ +- +-#if !defined(MBEDTLS_ECP_MUL_COMB_ALT) +-/* +- * Recode the scalar to get constant-time comb multiplication +- * +- * As the actual scalar recoding needs an odd scalar as a starting point, +- * this wrapper ensures that by replacing m by N - m if necessary, and +- * informs the caller that the result of multiplication will be negated. +- * +- * This works because we only support large prime order for Short Weierstrass +- * curves, so N is always odd hence either m or N - m is. +- * +- * See ecp_comb_recode_core() for background. +- */ +-static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp, +- const mbedtls_mpi *m, +- unsigned char k[COMB_MAX_D + 1], +- size_t d, +- unsigned char w, +- unsigned char *parity_trick ) +-{ +- int ret; +- mbedtls_mpi M, mm; +- +- mbedtls_mpi_init( &M ); +- mbedtls_mpi_init( &mm ); +- +- /* N is always odd (see above), just make extra sure */ +- if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- +- /* do we need the parity trick? */ +- *parity_trick = ( mbedtls_mpi_get_bit( m, 0 ) == 0 ); +- +- /* execute parity fix in constant time */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, *parity_trick ) ); +- +- /* actual scalar recoding */ +- ecp_comb_recode_core( k, d, w, &M ); +- +-cleanup: +- mbedtls_mpi_free( &mm ); +- mbedtls_mpi_free( &M ); +- +- return( ret ); +-} +- +-/* +- * Perform comb multiplication (for short Weierstrass curves) +- * once the auxiliary table has been pre-computed. +- * +- * Scalar recoding may use a parity trick that makes us compute -m * P, +- * if that is the case we'll need to recover m * P at the end. +- */ +-static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, +- mbedtls_ecp_point *R, +- const mbedtls_mpi *m, +- const mbedtls_ecp_point *T, +- unsigned char T_size, +- unsigned char w, +- size_t d, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- mbedtls_ecp_restart_ctx *rs_ctx ) +-{ +- int ret; +- unsigned char parity_trick; +- unsigned char k[COMB_MAX_D + 1]; +- mbedtls_ecp_point *RR = R; +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL ) +- { +- RR = &rs_ctx->rsm->R; +- +- if( rs_ctx->rsm->state == ecp_rsm_final_norm ) +- goto final_norm; +- } +-#endif +- +- MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, +- &parity_trick ) ); +- MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, T_size, k, d, +- f_rng, p_rng, rs_ctx ) ); +- MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL ) +- rs_ctx->rsm->state = ecp_rsm_final_norm; +- +-final_norm: +-#endif +- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); +- MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL ) +- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) ); +-#endif +- +-cleanup: +- return( ret ); +-} +- +-/* +- * Pick window size based on curve size and whether we optimize for base point +- */ +-static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, +- unsigned char p_eq_g ) +-{ +- unsigned char w; +- +- /* +- * Minimize the number of multiplications, that is minimize +- * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w ) +- * (see costs of the various parts, with 1S = 1M) +- */ +- w = grp->nbits >= 384 ? 5 : 4; +- +- /* +- * If P == G, pre-compute a bit more, since this may be re-used later. +- * Just adding one avoids upping the cost of the first mul too much, +- * and the memory cost too. +- */ +- if( p_eq_g ) +- w++; +- +- /* +- * Make sure w is within bounds. +- * (The last test is useful only for very small curves in the test suite.) +- */ +- if( w > MBEDTLS_ECP_WINDOW_SIZE ) +- w = MBEDTLS_ECP_WINDOW_SIZE; +- if( w >= grp->nbits ) +- w = 2; +- +- return( w ); +-} +- +-/* +- * Multiplication using the comb method - for curves in short Weierstrass form +- * +- * This function is mainly responsible for administrative work: +- * - managing the restart context if enabled +- * - managing the table of precomputed points (passed between the below two +- * functions): allocation, computation, ownership tranfer, freeing. +- * +- * It delegates the actual arithmetic work to: +- * ecp_precompute_comb() and ecp_mul_comb_with_precomp() +- * +- * See comments on ecp_comb_recode_core() regarding the computation strategy. +- */ +-static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +- const mbedtls_mpi *m, const mbedtls_ecp_point *P, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- mbedtls_ecp_restart_ctx *rs_ctx ) +-{ +- int ret; +- unsigned char w, p_eq_g, i; +- size_t d; +- unsigned char T_size, T_ok; +- mbedtls_ecp_point *T; +- +- ECP_RS_ENTER( rsm ); +- +- /* Is P the base point ? */ +-#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 +- p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && +- mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 ); +-#else +- p_eq_g = 0; +-#endif +- +- /* Pick window size and deduce related sizes */ +- w = ecp_pick_window_size( grp, p_eq_g ); +- T_size = 1U << ( w - 1 ); +- d = ( grp->nbits + w - 1 ) / w; +- +- /* Pre-computed table: do we have it already for the base point? */ +- if( p_eq_g && grp->T != NULL ) +- { +- /* second pointer to the same table, will be deleted on exit */ +- T = grp->T; +- T_ok = 1; +- } +- else +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- /* Pre-computed table: do we have one in progress? complete? */ +- if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL ) +- { +- /* transfer ownership of T from rsm to local function */ +- T = rs_ctx->rsm->T; +- rs_ctx->rsm->T = NULL; +- rs_ctx->rsm->T_size = 0; +- +- /* This effectively jumps to the call to mul_comb_after_precomp() */ +- T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core; +- } +- else +-#endif +- /* Allocate table if we didn't have any */ +- { +- T = mbedtls_calloc( T_size, sizeof( mbedtls_ecp_point ) ); +- if( T == NULL ) +- { +- ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; +- goto cleanup; +- } +- +- for( i = 0; i < T_size; i++ ) +- mbedtls_ecp_point_init( &T[i] ); +- +- T_ok = 0; +- } +- +- /* Compute table (or finish computing it) if not done already */ +- if( !T_ok ) +- { +- MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d, rs_ctx ) ); +- +- if( p_eq_g ) +- { +- /* almost transfer ownership of T to the group, but keep a copy of +- * the pointer to use for calling the next function more easily */ +- grp->T = T; +- grp->T_size = T_size; +- } +- } +- +- /* Actual comb multiplication using precomputed points */ +- MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m, +- T, T_size, w, d, +- f_rng, p_rng, rs_ctx ) ); +- +-cleanup: +- +- /* does T belong to the group? */ +- if( T == grp->T ) +- T = NULL; +- +- /* does T belong to the restart context? */ +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL ) +- { +- /* transfer ownership of T from local function to rsm */ +- rs_ctx->rsm->T_size = T_size; +- rs_ctx->rsm->T = T; +- T = NULL; +- } +-#endif +- +- /* did T belong to us? then let's destroy it! */ +- if( T != NULL ) +- { +- for( i = 0; i < T_size; i++ ) +- mbedtls_ecp_point_free( &T[i] ); +- mbedtls_free( T ); +- } +- +- /* don't free R while in progress in case R == P */ +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) +-#endif +- /* prevent caller from using invalid value */ +- if( ret != 0 ) +- mbedtls_ecp_point_free( R ); +- +- ECP_RS_LEAVE( rsm ); +- +- return( ret ); +-} +-#else +-int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +- const mbedtls_mpi *m, const mbedtls_ecp_point *P, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng, +- mbedtls_ecp_restart_ctx *rs_ctx ); +-#endif /*!MBEDTLS_ECP_MUL_COMB_ALT*/ +- +-#endif /* ECP_SHORTWEIERSTRASS */ +- +-#if defined(ECP_MONTGOMERY) +-/* +- * For Montgomery curves, we do all the internal arithmetic in projective +- * coordinates. Import/export of points uses only the x coordinates, which is +- * internaly represented as X / Z. +- * +- * For scalar multiplication, we'll use a Montgomery ladder. +- */ +- +-/* +- * Normalize Montgomery x/z coordinates: X = X/Z, Z = 1 +- * Cost: 1M + 1I +- */ +-static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P ) +-{ +- int ret; +- +-#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) +- if( mbedtls_internal_ecp_grp_capable( grp ) ) +- return( mbedtls_internal_ecp_normalize_mxz( grp, P ) ); +-#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &P->Z ) ); MOD_MUL( P->X ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) ); +- +-cleanup: +- return( ret ); +-} +- +-/* +- * Randomize projective x/z coordinates: +- * (X, Z) -> (l X, l Z) for random l +- * This is sort of the reverse operation of ecp_normalize_mxz(). +- * +- * This countermeasure was first suggested in [2]. +- * Cost: 2M +- */ +-static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, +- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +-{ +- int ret; +- mbedtls_mpi l; +- size_t p_size; +- int count = 0; +- +-#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) +- if( mbedtls_internal_ecp_grp_capable( grp ) ) +- return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ); +-#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ +- +- p_size = ( grp->pbits + 7 ) / 8; +- mbedtls_mpi_init( &l ); +- +- /* Generate l such that 1 < l < p */ +- do +- { +- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); +- +- while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); +- +- if( count++ > 10 ) +- return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); +- } +- while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &l ) ); MOD_MUL( P->X ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->Z, &P->Z, &l ) ); MOD_MUL( P->Z ); +- +-cleanup: +- mbedtls_mpi_free( &l ); +- +- return( ret ); +-} +- +-/* +- * Double-and-add: R = 2P, S = P + Q, with d = X(P - Q), +- * for Montgomery curves in x/z coordinates. +- * +- * http://www.hyperelliptic.org/EFD/g1p/auto-code/montgom/xz/ladder/mladd-1987-m.op3 +- * with +- * d = X1 +- * P = (X2, Z2) +- * Q = (X3, Z3) +- * R = (X4, Z4) +- * S = (X5, Z5) +- * and eliminating temporary variables tO, ..., t4. +- * +- * Cost: 5M + 4S +- */ +-static int ecp_double_add_mxz( const mbedtls_ecp_group *grp, +- mbedtls_ecp_point *R, mbedtls_ecp_point *S, +- const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q, +- const mbedtls_mpi *d ) +-{ +- int ret; +- mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB; +- +-#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) +- if( mbedtls_internal_ecp_grp_capable( grp ) ) +- return( mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d ) ); +-#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */ +- +- mbedtls_mpi_init( &A ); mbedtls_mpi_init( &AA ); mbedtls_mpi_init( &B ); +- mbedtls_mpi_init( &BB ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &C ); +- mbedtls_mpi_init( &D ); mbedtls_mpi_init( &DA ); mbedtls_mpi_init( &CB ); +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &A, &P->X, &P->Z ) ); MOD_ADD( A ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &AA, &A, &A ) ); MOD_MUL( AA ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &B, &P->X, &P->Z ) ); MOD_SUB( B ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &BB, &B, &B ) ); MOD_MUL( BB ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &E, &AA, &BB ) ); MOD_SUB( E ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &C, &Q->X, &Q->Z ) ); MOD_ADD( C ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &D, &Q->X, &Q->Z ) ); MOD_SUB( D ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DA, &D, &A ) ); MOD_MUL( DA ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &CB, &C, &B ) ); MOD_MUL( CB ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &S->X, &DA, &CB ) ); MOD_MUL( S->X ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->X, &S->X, &S->X ) ); MOD_MUL( S->X ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S->Z, &DA, &CB ) ); MOD_SUB( S->Z ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->Z, &S->Z, &S->Z ) ); MOD_MUL( S->Z ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->Z, d, &S->Z ) ); MOD_MUL( S->Z ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->X, &AA, &BB ) ); MOD_MUL( R->X ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->Z, &grp->A, &E ) ); MOD_MUL( R->Z ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &R->Z, &BB, &R->Z ) ); MOD_ADD( R->Z ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->Z, &E, &R->Z ) ); MOD_MUL( R->Z ); +- +-cleanup: +- mbedtls_mpi_free( &A ); mbedtls_mpi_free( &AA ); mbedtls_mpi_free( &B ); +- mbedtls_mpi_free( &BB ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &C ); +- mbedtls_mpi_free( &D ); mbedtls_mpi_free( &DA ); mbedtls_mpi_free( &CB ); +- +- return( ret ); +-} +- +-/* +- * Multiplication with Montgomery ladder in x/z coordinates, +- * for curves in Montgomery form +- */ +-#if !defined(MBEDTLS_ECP_MUL_MXZ_ALT) +-static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +- const mbedtls_mpi *m, const mbedtls_ecp_point *P, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng ) +-{ +- int ret; +- size_t i; +- unsigned char b; +- mbedtls_ecp_point RP; +- mbedtls_mpi PX; +- +- mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX ); +- +- /* Save PX and read from P before writing to R, in case P == R */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) ); +- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) ); +- +- /* Set R to zero in modified x/z coordinates */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->X, 1 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 0 ) ); +- mbedtls_mpi_free( &R->Y ); +- +- /* RP.X might be sligtly larger than P, so reduce it */ +- MOD_ADD( RP.X ); +- +- /* Randomize coordinates of the starting point */ +- if( f_rng != NULL ) +- MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); +- +- /* Loop invariant: R = result so far, RP = R + P */ +- i = mbedtls_mpi_bitlen( m ); /* one past the (zero-based) most significant bit */ +- while( i-- > 0 ) +- { +- b = mbedtls_mpi_get_bit( m, i ); +- /* +- * if (b) R = 2R + P else R = 2R, +- * which is: +- * if (b) double_add( RP, R, RP, R ) +- * else double_add( R, RP, R, RP ) +- * but using safe conditional swaps to avoid leaks +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) ); +- MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) ); +- } +- +- MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); +- +-cleanup: +- mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX ); +- +- return( ret ); +-} +- +-#else +-int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +- const mbedtls_mpi *m, const mbedtls_ecp_point *P, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng ); +-#endif /* MBEDTLS_ECP_MUL_MXZ_ALT */ +-#endif /* ECP_MONTGOMERY */ +- +-/* +- * Restartable multiplication R = m * P +- */ +-int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +- const mbedtls_mpi *m, const mbedtls_ecp_point *P, +- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, +- mbedtls_ecp_restart_ctx *rs_ctx ) +-{ +- int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +-#if defined(MBEDTLS_ECP_INTERNAL_ALT) +- char is_grp_capable = 0; +-#endif +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( R != NULL ); +- ECP_VALIDATE_RET( m != NULL ); +- ECP_VALIDATE_RET( P != NULL ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- /* reset ops count for this call if top-level */ +- if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) +- rs_ctx->ops_done = 0; +-#endif +- +-#if defined(MBEDTLS_ECP_INTERNAL_ALT) +- if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) +- MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); +-#endif /* MBEDTLS_ECP_INTERNAL_ALT */ +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- /* skip argument check when restarting */ +- if( rs_ctx == NULL || rs_ctx->rsm == NULL ) +-#endif +- { +- /* check_privkey is free */ +- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK ); +- +- /* Common sanity checks */ +- MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) ); +- MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); +- } +- +- ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +-#if defined(ECP_MONTGOMERY) +- if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) +- MBEDTLS_MPI_CHK( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) ); +-#endif +-#if defined(ECP_SHORTWEIERSTRASS) +- if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) +- MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) ); +-#endif +- +-cleanup: +- +-#if defined(MBEDTLS_ECP_INTERNAL_ALT) +- if( is_grp_capable ) +- mbedtls_internal_ecp_free( grp ); +-#endif /* MBEDTLS_ECP_INTERNAL_ALT */ +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL ) +- rs_ctx->depth--; +-#endif +- +- return( ret ); +-} +- +-/* +- * Multiplication R = m * P +- */ +-int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +- const mbedtls_mpi *m, const mbedtls_ecp_point *P, +- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +-{ +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( R != NULL ); +- ECP_VALIDATE_RET( m != NULL ); +- ECP_VALIDATE_RET( P != NULL ); +- return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) ); +-} +- +-#if defined(ECP_SHORTWEIERSTRASS) +-/* +- * Check that an affine point is valid as a public key, +- * short weierstrass curves (SEC1 3.2.3.1) +- */ +-static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) +-{ +- int ret; +- mbedtls_mpi YY, RHS; +- +- /* pt coordinates must be normalized for our checks */ +- if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 || +- mbedtls_mpi_cmp_int( &pt->Y, 0 ) < 0 || +- mbedtls_mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 || +- mbedtls_mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 ) +- return( MBEDTLS_ERR_ECP_INVALID_KEY ); +- +- mbedtls_mpi_init( &YY ); mbedtls_mpi_init( &RHS ); +- +- /* +- * YY = Y^2 +- * RHS = X (X^2 + A) + B = X^3 + A X + B +- */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &YY, &pt->Y, &pt->Y ) ); MOD_MUL( YY ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &RHS, &pt->X, &pt->X ) ); MOD_MUL( RHS ); +- +- /* Special case for A = -3 */ +- if( grp->A.p == NULL ) +- { +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS ); +- } +- else +- { +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &RHS, &RHS, &grp->A ) ); MOD_ADD( RHS ); +- } +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &RHS, &RHS, &pt->X ) ); MOD_MUL( RHS ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &RHS, &RHS, &grp->B ) ); MOD_ADD( RHS ); +- +- if( mbedtls_mpi_cmp_mpi( &YY, &RHS ) != 0 ) +- ret = MBEDTLS_ERR_ECP_INVALID_KEY; +- +-cleanup: +- +- mbedtls_mpi_free( &YY ); mbedtls_mpi_free( &RHS ); +- +- return( ret ); +-} +-#endif /* ECP_SHORTWEIERSTRASS */ +- +-/* +- * R = m * P with shortcuts for m == 1 and m == -1 +- * NOT constant-time - ONLY for short Weierstrass! +- */ +-#if !defined(MBEDTLS_ECP_MULADD_ALT) +-static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, +- mbedtls_ecp_point *R, +- const mbedtls_mpi *m, +- const mbedtls_ecp_point *P, +- mbedtls_ecp_restart_ctx *rs_ctx ) +-{ +- int ret; +- +- if( mbedtls_mpi_cmp_int( m, 1 ) == 0 ) +- { +- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); +- } +- else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 ) +- { +- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); +- if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) ); +- } +- else +- { +- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P, +- NULL, NULL, rs_ctx ) ); +- } +- +-cleanup: +- return( ret ); +-} +-#endif /* !MBEDTLS_ECP_MULADD_ALT */ +- +-/* +- * Addition: R = P + Q, result's coordinates normalized +- */ +-#if !defined(MBEDTLS_ECP_ADD_ALT) +-int ecp_add( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) +-{ +- int ret; +- +- if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS ) +- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); +- +- MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, P, Q ) ); +- MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) ); +- +-cleanup: +- return( ret ); +-} +-#else +-int ecp_add( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); +-#endif /* !MBEDTLS_ECP_ADD_ALT */ +- +-#if !defined(MBEDTLS_ECP_MULADD_ALT) +-/* +- * Restartable linear combination +- * NOT constant-time +- */ +-int mbedtls_ecp_muladd_restartable( +- mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +- const mbedtls_mpi *m, const mbedtls_ecp_point *P, +- const mbedtls_mpi *n, const mbedtls_ecp_point *Q, +- mbedtls_ecp_restart_ctx *rs_ctx ) +-{ +- int ret; +- mbedtls_ecp_point mP; +- mbedtls_ecp_point *pmP = &mP; +- mbedtls_ecp_point *pR = R; +-#if defined(MBEDTLS_ECP_INTERNAL_ALT) +- char is_grp_capable = 0; +-#endif +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( R != NULL ); +- ECP_VALIDATE_RET( m != NULL ); +- ECP_VALIDATE_RET( P != NULL ); +- ECP_VALIDATE_RET( n != NULL ); +- ECP_VALIDATE_RET( Q != NULL ); +- +- if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS ) +- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); +- +- mbedtls_ecp_point_init( &mP ); +- +- ECP_RS_ENTER( ma ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->ma != NULL ) +- { +- /* redirect intermediate results to restart context */ +- pmP = &rs_ctx->ma->mP; +- pR = &rs_ctx->ma->R; +- +- /* jump to next operation */ +- if( rs_ctx->ma->state == ecp_rsma_mul2 ) +- goto mul2; +- if( rs_ctx->ma->state == ecp_rsma_add ) +- goto add; +- if( rs_ctx->ma->state == ecp_rsma_norm ) +- goto norm; +- } +-#endif /* MBEDTLS_ECP_RESTARTABLE */ +- +- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) ); +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->ma != NULL ) +- rs_ctx->ma->state = ecp_rsma_mul2; +- +-mul2: +-#endif +- MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) ); +- +-#if defined(MBEDTLS_ECP_INTERNAL_ALT) +- if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) +- MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); +-#endif /* MBEDTLS_ECP_INTERNAL_ALT */ +-#if !defined(MBEDTLS_ECP_ADD_ALT) +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->ma != NULL ) +- rs_ctx->ma->state = ecp_rsma_add; +- +-add: +-#endif +- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_ADD ); +- MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) ); +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->ma != NULL ) +- rs_ctx->ma->state = ecp_rsma_norm; +- +-norm: +-#endif +- MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); +- MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) ); +- +-#if defined(MBEDTLS_ECP_RESTARTABLE) +- if( rs_ctx != NULL && rs_ctx->ma != NULL ) +- MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, pR ) ); +-#endif +- +-#else +- MBEDTLS_MPI_CHK(ecp_add(grp, R, &mP, R )); +-#endif +- +-cleanup: +-#if defined(MBEDTLS_ECP_INTERNAL_ALT) +- if( is_grp_capable ) +- mbedtls_internal_ecp_free( grp ); +-#endif /* MBEDTLS_ECP_INTERNAL_ALT */ +- +- mbedtls_ecp_point_free( &mP ); +- +- ECP_RS_LEAVE( ma ); +- +- return( ret ); +-} +- +-/* +- * Linear combination +- * NOT constant-time +- */ +-int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +- const mbedtls_mpi *m, const mbedtls_ecp_point *P, +- const mbedtls_mpi *n, const mbedtls_ecp_point *Q ) +-{ +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( R != NULL ); +- ECP_VALIDATE_RET( m != NULL ); +- ECP_VALIDATE_RET( P != NULL ); +- ECP_VALIDATE_RET( n != NULL ); +- ECP_VALIDATE_RET( Q != NULL ); +- return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) ); +-} +-#endif /* MBEDTLS_ECP_MULADD_ALT */ +- +-#if defined(ECP_MONTGOMERY) +-/* +- * Check validity of a public key for Montgomery curves with x-only schemes +- */ +-static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) +-{ +- /* [Curve25519 p. 5] Just check X is the correct number of bytes */ +- /* Allow any public value, if it's too big then we'll just reduce it mod p +- * (RFC 7748 sec. 5 para. 3). */ +- if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 ) +- return( MBEDTLS_ERR_ECP_INVALID_KEY ); +- +- return( 0 ); +-} +-#endif /* ECP_MONTGOMERY */ +- +-/* +- * Check that a point is valid as a public key +- */ +-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, +- const mbedtls_ecp_point *pt ) +-{ +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( pt != NULL ); +- +- /* Must use affine coordinates */ +- if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 ) +- return( MBEDTLS_ERR_ECP_INVALID_KEY ); +- +-#if defined(ECP_MONTGOMERY) +- if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) +- return( ecp_check_pubkey_mx( grp, pt ) ); +-#endif +-#if defined(ECP_SHORTWEIERSTRASS) +- if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) +- return( ecp_check_pubkey_sw( grp, pt ) ); +-#endif +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +-} +- +-/* +- * Check that an mbedtls_mpi is valid as a private key +- */ +-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, +- const mbedtls_mpi *d ) +-{ +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( d != NULL ); +- +-#if defined(ECP_MONTGOMERY) +- if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) +- { +- /* see RFC 7748 sec. 5 para. 5 */ +- if( mbedtls_mpi_get_bit( d, 0 ) != 0 || +- mbedtls_mpi_get_bit( d, 1 ) != 0 || +- mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */ +- return( MBEDTLS_ERR_ECP_INVALID_KEY ); +- else +- +- /* see [Curve25519] page 5 */ +- if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 ) +- return( MBEDTLS_ERR_ECP_INVALID_KEY ); +- +- return( 0 ); +- } +-#endif /* ECP_MONTGOMERY */ +-#if defined(ECP_SHORTWEIERSTRASS) +- if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) +- { +- /* see SEC1 3.2 */ +- if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || +- mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ) +- return( MBEDTLS_ERR_ECP_INVALID_KEY ); +- else +- return( 0 ); +- } +-#endif /* ECP_SHORTWEIERSTRASS */ +- +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +-} +- +-/* +- * Generate a private key +- */ +-int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, +- mbedtls_mpi *d, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng ) +-{ +- int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- size_t n_size; +- +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( d != NULL ); +- ECP_VALIDATE_RET( f_rng != NULL ); +- +- n_size = ( grp->nbits + 7 ) / 8; +- +-#if defined(ECP_MONTGOMERY) +- if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) +- { +- /* [M225] page 5 */ +- size_t b; +- +- do { +- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); +- } while( mbedtls_mpi_bitlen( d ) == 0); +- +- /* Make sure the most significant bit is nbits */ +- b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */ +- if( b > grp->nbits ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, b - grp->nbits ) ); +- else +- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) ); +- +- /* Make sure the last two bits are unset for Curve448, three bits for +- Curve25519 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) ); +- if( grp->nbits == 254 ) +- { +- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) ); +- } +- } +- else +-#endif /* ECP_MONTGOMERY */ +- +-#if defined(ECP_SHORTWEIERSTRASS) +- if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) +- { +- /* SEC1 3.2.1: Generate d such that 1 <= n < N */ +- int count = 0; +- +- /* +- * Match the procedure given in RFC 6979 (deterministic ECDSA): +- * - use the same byte ordering; +- * - keep the leftmost nbits bits of the generated octet string; +- * - try until result is in the desired range. +- * This also avoids any biais, which is especially important for ECDSA. +- */ +- do +- { +- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) ); +- +- /* +- * Each try has at worst a probability 1/2 of failing (the msb has +- * a probability 1/2 of being 0, and then the result will be < N), +- * so after 30 tries failure probability is a most 2**(-30). +- * +- * For most curves, 1 try is enough with overwhelming probability, +- * since N starts with a lot of 1s in binary, but some curves +- * such as secp224k1 are actually very close to the worst case. +- */ +- if( ++count > 30 ) +- return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); +- } +- while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || +- mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ); +- } +-#endif /* ECP_SHORTWEIERSTRASS */ +- +-cleanup: +- return( ret ); +-} +- +-/* +- * Generate a keypair with configurable base point +- */ +-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, +- const mbedtls_ecp_point *G, +- mbedtls_mpi *d, mbedtls_ecp_point *Q, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng ) +-{ +- int ret; +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( d != NULL ); +- ECP_VALIDATE_RET( G != NULL ); +- ECP_VALIDATE_RET( Q != NULL ); +- ECP_VALIDATE_RET( f_rng != NULL ); +- +- MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); +- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) ); +- +-cleanup: +- return( ret ); +-} +- +-/* +- * Generate key pair, wrapper for conventional base point +- */ +-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, +- mbedtls_mpi *d, mbedtls_ecp_point *Q, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng ) +-{ +- ECP_VALIDATE_RET( grp != NULL ); +- ECP_VALIDATE_RET( d != NULL ); +- ECP_VALIDATE_RET( Q != NULL ); +- ECP_VALIDATE_RET( f_rng != NULL ); +- +- return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) ); +-} +- +-/* +- * Generate a keypair, prettier wrapper +- */ +-int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, +- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +-{ +- int ret; +- ECP_VALIDATE_RET( key != NULL ); +- ECP_VALIDATE_RET( f_rng != NULL ); +- +- if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 ) +- return( ret ); +- +- return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) ); +-} +- +-/* +- * Check a public-private key pair +- */ +-int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ) +-{ +- int ret; +- mbedtls_ecp_point Q; +- mbedtls_ecp_group grp; +- ECP_VALIDATE_RET( pub != NULL ); +- ECP_VALIDATE_RET( prv != NULL ); +- +- if( pub->grp.id == MBEDTLS_ECP_DP_NONE || +- pub->grp.id != prv->grp.id || +- mbedtls_mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) || +- mbedtls_mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) || +- mbedtls_mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) ) +- { +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- } +- +- mbedtls_ecp_point_init( &Q ); +- mbedtls_ecp_group_init( &grp ); +- +- /* mbedtls_ecp_mul() needs a non-const group... */ +- mbedtls_ecp_group_copy( &grp, &prv->grp ); +- +- /* Also checks d is valid */ +- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) ); +- +- if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) || +- mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) || +- mbedtls_mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) ) +- { +- ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; +- goto cleanup; +- } +- +-cleanup: +- mbedtls_ecp_point_free( &Q ); +- mbedtls_ecp_group_free( &grp ); +- +- return( ret ); +-} +- +-#if defined(MBEDTLS_SELF_TEST) +- +-/* +- * Checkup routine +- */ +-int mbedtls_ecp_self_test( int verbose ) +-{ +- int ret; +- size_t i; +- mbedtls_ecp_group grp; +- mbedtls_ecp_point R, P; +- mbedtls_mpi m; +- unsigned long add_c_prev, dbl_c_prev, mul_c_prev; +- /* exponents especially adapted for secp192r1 */ +- const char *exponents[] = +- { +- "000000000000000000000000000000000000000000000001", /* one */ +- "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22830", /* N - 1 */ +- "5EA6F389A38B8BC81E767753B15AA5569E1782E30ABE7D25", /* random */ +- "400000000000000000000000000000000000000000000000", /* one and zeros */ +- "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", /* all ones */ +- "555555555555555555555555555555555555555555555555", /* 101010... */ +- }; +- +- mbedtls_ecp_group_init( &grp ); +- mbedtls_ecp_point_init( &R ); +- mbedtls_ecp_point_init( &P ); +- mbedtls_mpi_init( &m ); +- +- /* Use secp192r1 if available, or any available curve */ +-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +- MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP192R1 ) ); +-#else +- MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, mbedtls_ecp_curve_list()->grp_id ) ); +-#endif +- +- if( verbose != 0 ) +- mbedtls_printf( " ECP test #1 (constant op_count, base point G): " ); +- +- /* Do a dummy multiplication first to trigger precomputation */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &m, 2 ) ); +- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, NULL, NULL ) ); +- +- add_count = 0; +- dbl_count = 0; +- mul_count = 0; +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &m, 16, exponents[0] ) ); +- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ) ); +- +- for( i = 1; i < sizeof( exponents ) / sizeof( exponents[0] ); i++ ) +- { +- add_c_prev = add_count; +- dbl_c_prev = dbl_count; +- mul_c_prev = mul_count; +- add_count = 0; +- dbl_count = 0; +- mul_count = 0; +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &m, 16, exponents[i] ) ); +- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ) ); +- +- if( add_count != add_c_prev || +- dbl_count != dbl_c_prev || +- mul_count != mul_c_prev ) +- { +- if( verbose != 0 ) +- mbedtls_printf( "failed (%u)\n", (unsigned int) i ); +- +- ret = 1; +- goto cleanup; +- } +- } +- +- if( verbose != 0 ) +- mbedtls_printf( "passed\n" ); +- +- if( verbose != 0 ) +- mbedtls_printf( " ECP test #2 (constant op_count, other point): " ); +- /* We computed P = 2G last time, use it */ +- +- add_count = 0; +- dbl_count = 0; +- mul_count = 0; +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &m, 16, exponents[0] ) ); +- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &P, NULL, NULL ) ); +- +- for( i = 1; i < sizeof( exponents ) / sizeof( exponents[0] ); i++ ) +- { +- add_c_prev = add_count; +- dbl_c_prev = dbl_count; +- mul_c_prev = mul_count; +- add_count = 0; +- dbl_count = 0; +- mul_count = 0; +- +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &m, 16, exponents[i] ) ); +- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &P, NULL, NULL ) ); +- +- if( add_count != add_c_prev || +- dbl_count != dbl_c_prev || +- mul_count != mul_c_prev ) +- { +- if( verbose != 0 ) +- mbedtls_printf( "failed (%u)\n", (unsigned int) i ); +- +- ret = 1; +- goto cleanup; +- } +- } +- +- if( verbose != 0 ) +- mbedtls_printf( "passed\n" ); +- +-cleanup: +- +- if( ret < 0 && verbose != 0 ) +- mbedtls_printf( "Unexpected error, return code = %08X\n", ret ); +- +- mbedtls_ecp_group_free( &grp ); +- mbedtls_ecp_point_free( &R ); +- mbedtls_ecp_point_free( &P ); +- mbedtls_mpi_free( &m ); +- +- if( verbose != 0 ) +- mbedtls_printf( "\n" ); +- +- return( ret ); +-} +- +-#endif /* MBEDTLS_SELF_TEST */ +- +-#endif /* !MBEDTLS_ECP_ALT */ +- +-#endif /* MBEDTLS_ECP_C */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/port/ksdk/ecp_curves_alt.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/port/ksdk/ecp_curves_alt.c +deleted file mode 100644 +index 440b326551..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/port/ksdk/ecp_curves_alt.c ++++ /dev/null +@@ -1,1485 +0,0 @@ +-/* +- * Elliptic curves over GF(p): curve-specific data and functions +- * +- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved +- * SPDX-License-Identifier: Apache-2.0 +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); you may +- * not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- * +- * This file is part of mbed TLS (https://tls.mbed.org) +- */ +- +-#if !defined(MBEDTLS_CONFIG_FILE) +-#include "mbedtls/config.h" +-#else +-#include MBEDTLS_CONFIG_FILE +-#endif +- +-#if defined(MBEDTLS_ECP_C) +- +-#include "mbedtls/ecp.h" +- +-#include +- +-#if defined(MBEDTLS_ECP_ALT) +- +-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ +- !defined(inline) && !defined(__cplusplus) +-#define inline __inline +-#endif +- +-/* +- * Conversion macros for embedded constants: +- * build lists of mbedtls_mpi_uint's from lists of unsigned char's grouped by 8, 4 or 2 +- */ +-#if defined(MBEDTLS_HAVE_INT32) +- +-#define BYTES_TO_T_UINT_4( a, b, c, d ) \ +- ( (mbedtls_mpi_uint) a << 0 ) | \ +- ( (mbedtls_mpi_uint) b << 8 ) | \ +- ( (mbedtls_mpi_uint) c << 16 ) | \ +- ( (mbedtls_mpi_uint) d << 24 ) +- +-#define BYTES_TO_T_UINT_2( a, b ) \ +- BYTES_TO_T_UINT_4( a, b, 0, 0 ) +- +-#define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \ +- BYTES_TO_T_UINT_4( a, b, c, d ), \ +- BYTES_TO_T_UINT_4( e, f, g, h ) +- +-#else /* 64-bits */ +- +-#define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \ +- ( (mbedtls_mpi_uint) a << 0 ) | \ +- ( (mbedtls_mpi_uint) b << 8 ) | \ +- ( (mbedtls_mpi_uint) c << 16 ) | \ +- ( (mbedtls_mpi_uint) d << 24 ) | \ +- ( (mbedtls_mpi_uint) e << 32 ) | \ +- ( (mbedtls_mpi_uint) f << 40 ) | \ +- ( (mbedtls_mpi_uint) g << 48 ) | \ +- ( (mbedtls_mpi_uint) h << 56 ) +- +-#define BYTES_TO_T_UINT_4( a, b, c, d ) \ +- BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 ) +- +-#define BYTES_TO_T_UINT_2( a, b ) \ +- BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 ) +- +-#endif /* bits in mbedtls_mpi_uint */ +- +-/* +- * Note: the constants are in little-endian order +- * to be directly usable in MPIs +- */ +- +-/* +- * Domain parameters for secp192r1 +- */ +-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +-static const mbedtls_mpi_uint secp192r1_p[] = { +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-static const mbedtls_mpi_uint secp192r1_a[] = { +- BYTES_TO_T_UINT_8( 0xFC, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-static const mbedtls_mpi_uint secp192r1_b[] = { +- BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ), +- BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ), +- BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ), +-}; +-static const mbedtls_mpi_uint secp192r1_gx[] = { +- BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ), +- BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ), +- BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ), +-}; +-static const mbedtls_mpi_uint secp192r1_gy[] = { +- BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ), +- BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ), +- BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ), +-}; +-static const mbedtls_mpi_uint secp192r1_n[] = { +- BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ), +- BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ +- +-/* +- * Domain parameters for secp224r1 +- */ +-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +-static const mbedtls_mpi_uint secp224r1_p[] = { +- BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ), +- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ), +-}; +-static const mbedtls_mpi_uint secp224r1_a[] = { +- BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-static const mbedtls_mpi_uint secp224r1_b[] = { +- BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ), +- BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ), +- BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ), +- BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ), +-}; +-static const mbedtls_mpi_uint secp224r1_gx[] = { +- BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ), +- BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ), +- BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ), +- BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ), +-}; +-static const mbedtls_mpi_uint secp224r1_gy[] = { +- BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ), +- BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ), +- BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ), +- BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ), +-}; +-static const mbedtls_mpi_uint secp224r1_n[] = { +- BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ), +- BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ +- +-/* +- * Domain parameters for secp256r1 +- */ +-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +-static const mbedtls_mpi_uint secp256r1_p[] = { +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ), +- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ), +- BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-static const mbedtls_mpi_uint secp256r1_a[] = { +- BYTES_TO_T_UINT_8( 0xFC, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ), +- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ), +- BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-static const mbedtls_mpi_uint secp256r1_b[] = { +- BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ), +- BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ), +- BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ), +- BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ), +-}; +-static const mbedtls_mpi_uint secp256r1_gx[] = { +- BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ), +- BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ), +- BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ), +- BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ), +-}; +-static const mbedtls_mpi_uint secp256r1_gy[] = { +- BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ), +- BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ), +- BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ), +- BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ), +-}; +-static const mbedtls_mpi_uint secp256r1_n[] = { +- BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ), +- BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +- +-/* +- * Domain parameters for secp384r1 +- */ +-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +-static const mbedtls_mpi_uint secp384r1_p[] = { +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ), +- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-static const mbedtls_mpi_uint secp384r1_a[] = { +- BYTES_TO_T_UINT_8( 0xFC, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ), +- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-static const mbedtls_mpi_uint secp384r1_b[] = { +- BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ), +- BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ), +- BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ), +- BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ), +- BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ), +- BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ), +-}; +-static const mbedtls_mpi_uint secp384r1_gx[] = { +- BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ), +- BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ), +- BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ), +- BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ), +- BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ), +- BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ), +-}; +-static const mbedtls_mpi_uint secp384r1_gy[] = { +- BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ), +- BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ), +- BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ), +- BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ), +- BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ), +- BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ), +-}; +-static const mbedtls_mpi_uint secp384r1_n[] = { +- BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ), +- BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ), +- BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +- +-/* +- * Domain parameters for secp521r1 +- */ +-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +-static const mbedtls_mpi_uint secp521r1_p[] = { +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_2( 0xFF, 0x01 ), +-}; +-static const mbedtls_mpi_uint secp521r1_b[] = { +- BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ), +- BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ), +- BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ), +- BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ), +- BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ), +- BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ), +- BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ), +- BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ), +- BYTES_TO_T_UINT_2( 0x51, 0x00 ), +-}; +-static const mbedtls_mpi_uint secp521r1_gx[] = { +- BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ), +- BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ), +- BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ), +- BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ), +- BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ), +- BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ), +- BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ), +- BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ), +- BYTES_TO_T_UINT_2( 0xC6, 0x00 ), +-}; +-static const mbedtls_mpi_uint secp521r1_gy[] = { +- BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ), +- BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ), +- BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ), +- BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ), +- BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ), +- BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ), +- BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ), +- BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ), +- BYTES_TO_T_UINT_2( 0x18, 0x01 ), +-}; +-static const mbedtls_mpi_uint secp521r1_n[] = { +- BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ), +- BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ), +- BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ), +- BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ), +- BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_2( 0xFF, 0x01 ), +-}; +-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) +-static const mbedtls_mpi_uint secp192k1_p[] = { +- BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-static const mbedtls_mpi_uint secp192k1_a[] = { +- BYTES_TO_T_UINT_2( 0x00, 0x00 ), +-}; +-static const mbedtls_mpi_uint secp192k1_b[] = { +- BYTES_TO_T_UINT_2( 0x03, 0x00 ), +-}; +-static const mbedtls_mpi_uint secp192k1_gx[] = { +- BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ), +- BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ), +- BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ), +-}; +-static const mbedtls_mpi_uint secp192k1_gy[] = { +- BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ), +- BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ), +- BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ), +-}; +-static const mbedtls_mpi_uint secp192k1_n[] = { +- BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ), +- BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +-static const mbedtls_mpi_uint secp224k1_p[] = { +- BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-static const mbedtls_mpi_uint secp224k1_a[] = { +- BYTES_TO_T_UINT_2( 0x00, 0x00 ), +-}; +-static const mbedtls_mpi_uint secp224k1_b[] = { +- BYTES_TO_T_UINT_2( 0x05, 0x00 ), +-}; +-static const mbedtls_mpi_uint secp224k1_gx[] = { +- BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ), +- BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ), +- BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ), +- BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ), +-}; +-static const mbedtls_mpi_uint secp224k1_gy[] = { +- BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ), +- BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ), +- BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ), +- BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ), +-}; +-static const mbedtls_mpi_uint secp224k1_n[] = { +- BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ), +- BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ), +- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ), +- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ), +-}; +-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +-static const mbedtls_mpi_uint secp256k1_p[] = { +- BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-static const mbedtls_mpi_uint secp256k1_a[] = { +- BYTES_TO_T_UINT_2( 0x00, 0x00 ), +-}; +-static const mbedtls_mpi_uint secp256k1_b[] = { +- BYTES_TO_T_UINT_2( 0x07, 0x00 ), +-}; +-static const mbedtls_mpi_uint secp256k1_gx[] = { +- BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ), +- BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ), +- BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ), +- BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ), +-}; +-static const mbedtls_mpi_uint secp256k1_gy[] = { +- BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ), +- BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ), +- BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ), +- BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ), +-}; +-static const mbedtls_mpi_uint secp256k1_n[] = { +- BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ), +- BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ), +- BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), +-}; +-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ +- +-/* +- * Domain parameters for brainpoolP256r1 (RFC 5639 3.4) +- */ +-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) +-static const mbedtls_mpi_uint brainpoolP256r1_p[] = { +- BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ), +- BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ), +- BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ), +- BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ), +-}; +-static const mbedtls_mpi_uint brainpoolP256r1_a[] = { +- BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ), +- BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ), +- BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ), +- BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ), +-}; +-static const mbedtls_mpi_uint brainpoolP256r1_b[] = { +- BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ), +- BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ), +- BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ), +- BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ), +-}; +-static const mbedtls_mpi_uint brainpoolP256r1_gx[] = { +- BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ), +- BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ), +- BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ), +- BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ), +-}; +-static const mbedtls_mpi_uint brainpoolP256r1_gy[] = { +- BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ), +- BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ), +- BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ), +- BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ), +-}; +-static const mbedtls_mpi_uint brainpoolP256r1_n[] = { +- BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ), +- BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ), +- BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ), +- BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ), +-}; +-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ +- +-/* +- * Domain parameters for brainpoolP384r1 (RFC 5639 3.6) +- */ +-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) +-static const mbedtls_mpi_uint brainpoolP384r1_p[] = { +- BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ), +- BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ), +- BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ), +- BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ), +- BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ), +- BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ), +-}; +-static const mbedtls_mpi_uint brainpoolP384r1_a[] = { +- BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ), +- BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ), +- BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ), +- BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ), +- BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ), +- BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ), +-}; +-static const mbedtls_mpi_uint brainpoolP384r1_b[] = { +- BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ), +- BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ), +- BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ), +- BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ), +- BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ), +- BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ), +-}; +-static const mbedtls_mpi_uint brainpoolP384r1_gx[] = { +- BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ), +- BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ), +- BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ), +- BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ), +- BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ), +- BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ), +-}; +-static const mbedtls_mpi_uint brainpoolP384r1_gy[] = { +- BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ), +- BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ), +- BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ), +- BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ), +- BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ), +- BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ), +-}; +-static const mbedtls_mpi_uint brainpoolP384r1_n[] = { +- BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ), +- BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ), +- BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ), +- BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ), +- BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ), +- BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ), +-}; +-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ +- +-/* +- * Domain parameters for brainpoolP512r1 (RFC 5639 3.7) +- */ +-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) +-static const mbedtls_mpi_uint brainpoolP512r1_p[] = { +- BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ), +- BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ), +- BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ), +- BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ), +- BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ), +- BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ), +- BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ), +- BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ), +-}; +-static const mbedtls_mpi_uint brainpoolP512r1_a[] = { +- BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ), +- BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ), +- BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ), +- BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ), +- BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ), +- BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ), +- BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ), +- BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ), +-}; +-static const mbedtls_mpi_uint brainpoolP512r1_b[] = { +- BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ), +- BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ), +- BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ), +- BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ), +- BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ), +- BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ), +- BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ), +- BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ), +-}; +-static const mbedtls_mpi_uint brainpoolP512r1_gx[] = { +- BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ), +- BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ), +- BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ), +- BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ), +- BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ), +- BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ), +- BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ), +- BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ), +-}; +-static const mbedtls_mpi_uint brainpoolP512r1_gy[] = { +- BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ), +- BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ), +- BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ), +- BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ), +- BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ), +- BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ), +- BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ), +- BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ), +-}; +-static const mbedtls_mpi_uint brainpoolP512r1_n[] = { +- BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ), +- BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ), +- BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ), +- BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ), +- BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ), +- BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ), +- BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ), +- BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ), +-}; +-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ +- +-/* +- * Create an MPI from embedded constants +- * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint) +- */ +-static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len ) +-{ +- X->s = 1; +- X->n = len / sizeof( mbedtls_mpi_uint ); +- X->p = (mbedtls_mpi_uint *) p; +-} +- +-/* +- * Set an MPI to static value 1 +- */ +-static inline void ecp_mpi_set1( mbedtls_mpi *X ) +-{ +- static mbedtls_mpi_uint one[] = { 1 }; +- X->s = 1; +- X->n = 1; +- X->p = one; +-} +- +-/* +- * Make group available from embedded constants +- */ +-static int ecp_group_load( mbedtls_ecp_group *grp, +- const mbedtls_mpi_uint *p, size_t plen, +- const mbedtls_mpi_uint *a, size_t alen, +- const mbedtls_mpi_uint *b, size_t blen, +- const mbedtls_mpi_uint *gx, size_t gxlen, +- const mbedtls_mpi_uint *gy, size_t gylen, +- const mbedtls_mpi_uint *n, size_t nlen) +-{ +- ecp_mpi_load( &grp->P, p, plen ); +- if( a != NULL ) +- ecp_mpi_load( &grp->A, a, alen ); +- ecp_mpi_load( &grp->B, b, blen ); +- ecp_mpi_load( &grp->N, n, nlen ); +- +- ecp_mpi_load( &grp->G.X, gx, gxlen ); +- ecp_mpi_load( &grp->G.Y, gy, gylen ); +- ecp_mpi_set1( &grp->G.Z ); +- +- grp->pbits = mbedtls_mpi_bitlen( &grp->P ); +- grp->nbits = mbedtls_mpi_bitlen( &grp->N ); +- +- grp->h = 1; +- +- return( 0 ); +-} +- +-#if defined(MBEDTLS_ECP_NIST_OPTIM) +-/* Forward declarations */ +-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +-static int ecp_mod_p192( mbedtls_mpi * ); +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +-static int ecp_mod_p224( mbedtls_mpi * ); +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +-static int ecp_mod_p256( mbedtls_mpi * ); +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +-static int ecp_mod_p384( mbedtls_mpi * ); +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +-static int ecp_mod_p521( mbedtls_mpi * ); +-#endif +- +-#define NIST_MODP( P ) grp->modp = ecp_mod_ ## P; +-#else +-#define NIST_MODP( P ) +-#endif /* MBEDTLS_ECP_NIST_OPTIM */ +- +-/* Additional forward declarations */ +-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +-static int ecp_mod_p255( mbedtls_mpi * ); +-#endif +-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +-static int ecp_mod_p448( mbedtls_mpi * ); +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) +-static int ecp_mod_p192k1( mbedtls_mpi * ); +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +-static int ecp_mod_p224k1( mbedtls_mpi * ); +-#endif +-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +-static int ecp_mod_p256k1( mbedtls_mpi * ); +-#endif +- +-#define LOAD_GROUP_A( G ) ecp_group_load( grp, \ +- G ## _p, sizeof( G ## _p ), \ +- G ## _a, sizeof( G ## _a ), \ +- G ## _b, sizeof( G ## _b ), \ +- G ## _gx, sizeof( G ## _gx ), \ +- G ## _gy, sizeof( G ## _gy ), \ +- G ## _n, sizeof( G ## _n ) ) +- +-#define LOAD_GROUP( G ) ecp_group_load( grp, \ +- G ## _p, sizeof( G ## _p ), \ +- NULL, 0, \ +- G ## _b, sizeof( G ## _b ), \ +- G ## _gx, sizeof( G ## _gx ), \ +- G ## _gy, sizeof( G ## _gy ), \ +- G ## _n, sizeof( G ## _n ) ) +- +-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +-/* +- * Specialized function for creating the Curve25519 group +- */ +-static int ecp_use_curve25519( mbedtls_ecp_group *grp ) +-{ +- int ret; +- +- /* Actually ( A + 2 ) / 4 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "01DB42" ) ); +- +- /* P = 2^255 - 19 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 255 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) ); +- grp->pbits = mbedtls_mpi_bitlen( &grp->P ); +- +- /* N = 2^252 + 27742317777372353535851937790883648493 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->N, 16, +- "14DEF9DEA2F79CD65812631A5CF5D3ED" ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) ); +- +- /* Y intentionally not set, since we use x/z coordinates. +- * This is used as a marker to identify Montgomery curves! */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) ); +- mbedtls_mpi_free( &grp->G.Y ); +- +- /* Actually, the required msb for private keys */ +- grp->nbits = 254; +- +-cleanup: +- if( ret != 0 ) +- mbedtls_ecp_group_free( grp ); +- +- return( ret ); +-} +-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +-/* +- * Specialized function for creating the Curve448 group +- */ +-static int ecp_use_curve448( mbedtls_ecp_group *grp ) +-{ +- mbedtls_mpi Ns; +- int ret; +- +- mbedtls_mpi_init( &Ns ); +- +- /* Actually ( A + 2 ) / 4 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "98AA" ) ); +- +- /* P = 2^448 - 2^224 - 1 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) ); +- grp->pbits = mbedtls_mpi_bitlen( &grp->P ); +- +- /* Y intentionally not set, since we use x/z coordinates. +- * This is used as a marker to identify Montgomery curves! */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) ); +- mbedtls_mpi_free( &grp->G.Y ); +- +- /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Ns, 16, +- "8335DC163BB124B65129C96FDE933D8D723A70AADC873D6D54A7BB0D" ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) ); +- +- /* Actually, the required msb for private keys */ +- grp->nbits = 447; +- +-cleanup: +- mbedtls_mpi_free( &Ns ); +- if( ret != 0 ) +- mbedtls_ecp_group_free( grp ); +- +- return( ret ); +-} +-#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ +- +-/* +- * Set a group using well-known domain parameters +- */ +-int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ) +-{ +- mbedtls_ecp_group_free( grp ); +- +- grp->id = id; +- +- switch( id ) +- { +-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +- case MBEDTLS_ECP_DP_SECP192R1: +- NIST_MODP( p192 ); +- return( LOAD_GROUP_A( secp192r1 ) ); +-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +- case MBEDTLS_ECP_DP_SECP224R1: +- NIST_MODP( p224 ); +- return( LOAD_GROUP_A( secp224r1 ) ); +-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +- case MBEDTLS_ECP_DP_SECP256R1: +- NIST_MODP( p256 ); +- return( LOAD_GROUP_A( secp256r1 ) ); +-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +- case MBEDTLS_ECP_DP_SECP384R1: +- NIST_MODP( p384 ); +- return( LOAD_GROUP_A( secp384r1 ) ); +-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +- case MBEDTLS_ECP_DP_SECP521R1: +- NIST_MODP( p521 ); +- return( LOAD_GROUP( secp521r1 ) ); +-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) +- case MBEDTLS_ECP_DP_SECP192K1: +- grp->modp = ecp_mod_p192k1; +- return( LOAD_GROUP_A( secp192k1 ) ); +-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +- case MBEDTLS_ECP_DP_SECP224K1: +- grp->modp = ecp_mod_p224k1; +- return( LOAD_GROUP_A( secp224k1 ) ); +-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +- case MBEDTLS_ECP_DP_SECP256K1: +- grp->modp = ecp_mod_p256k1; +- return( LOAD_GROUP_A( secp256k1 ) ); +-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) +- case MBEDTLS_ECP_DP_BP256R1: +- return( LOAD_GROUP_A( brainpoolP256r1 ) ); +-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) +- case MBEDTLS_ECP_DP_BP384R1: +- return( LOAD_GROUP_A( brainpoolP384r1 ) ); +-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) +- case MBEDTLS_ECP_DP_BP512R1: +- return( LOAD_GROUP_A( brainpoolP512r1 ) ); +-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +- case MBEDTLS_ECP_DP_CURVE25519: +- grp->modp = ecp_mod_p255; +- return( ecp_use_curve25519( grp ) ); +-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +- case MBEDTLS_ECP_DP_CURVE448: +- grp->modp = ecp_mod_p448; +- return( ecp_use_curve448( grp ) ); +-#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ +- +- default: +- mbedtls_ecp_group_free( grp ); +- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); +- } +-} +- +-#if defined(MBEDTLS_ECP_NIST_OPTIM) +-/* +- * Fast reduction modulo the primes used by the NIST curves. +- * +- * These functions are critical for speed, but not needed for correct +- * operations. So, we make the choice to heavily rely on the internals of our +- * bignum library, which creates a tight coupling between these functions and +- * our MPI implementation. However, the coupling between the ECP module and +- * MPI remains loose, since these functions can be deactivated at will. +- */ +- +-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +-/* +- * Compared to the way things are presented in FIPS 186-3 D.2, +- * we proceed in columns, from right (least significant chunk) to left, +- * adding chunks to N in place, and keeping a carry for the next chunk. +- * This avoids moving things around in memory, and uselessly adding zeros, +- * compared to the more straightforward, line-oriented approach. +- * +- * For this prime we need to handle data in chunks of 64 bits. +- * Since this is always a multiple of our basic mbedtls_mpi_uint, we can +- * use a mbedtls_mpi_uint * to designate such a chunk, and small loops to handle it. +- */ +- +-/* Add 64-bit chunks (dst += src) and update carry */ +-static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry ) +-{ +- unsigned char i; +- mbedtls_mpi_uint c = 0; +- for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ ) +- { +- *dst += c; c = ( *dst < c ); +- *dst += *src; c += ( *dst < *src ); +- } +- *carry += c; +-} +- +-/* Add carry to a 64-bit chunk and update carry */ +-static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry ) +-{ +- unsigned char i; +- for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ ) +- { +- *dst += *carry; +- *carry = ( *dst < *carry ); +- } +-} +- +-#define WIDTH 8 / sizeof( mbedtls_mpi_uint ) +-#define A( i ) N->p + i * WIDTH +-#define ADD( i ) add64( p, A( i ), &c ) +-#define NEXT p += WIDTH; carry64( p, &c ) +-#define LAST p += WIDTH; *p = c; while( ++p < end ) *p = 0 +- +-/* +- * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1) +- */ +-static int ecp_mod_p192( mbedtls_mpi *N ) +-{ +- int ret; +- mbedtls_mpi_uint c = 0; +- mbedtls_mpi_uint *p, *end; +- +- /* Make sure we have enough blocks so that A(5) is legal */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, 6 * WIDTH ) ); +- +- p = N->p; +- end = p + N->n; +- +- ADD( 3 ); ADD( 5 ); NEXT; // A0 += A3 + A5 +- ADD( 3 ); ADD( 4 ); ADD( 5 ); NEXT; // A1 += A3 + A4 + A5 +- ADD( 4 ); ADD( 5 ); LAST; // A2 += A4 + A5 +- +-cleanup: +- return( ret ); +-} +- +-#undef WIDTH +-#undef A +-#undef ADD +-#undef NEXT +-#undef LAST +-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +-/* +- * The reader is advised to first understand ecp_mod_p192() since the same +- * general structure is used here, but with additional complications: +- * (1) chunks of 32 bits, and (2) subtractions. +- */ +- +-/* +- * For these primes, we need to handle data in chunks of 32 bits. +- * This makes it more complicated if we use 64 bits limbs in MPI, +- * which prevents us from using a uniform access method as for p192. +- * +- * So, we define a mini abstraction layer to access 32 bit chunks, +- * load them in 'cur' for work, and store them back from 'cur' when done. +- * +- * While at it, also define the size of N in terms of 32-bit chunks. +- */ +-#define LOAD32 cur = A( i ); +- +-#if defined(MBEDTLS_HAVE_INT32) /* 32 bit */ +- +-#define MAX32 N->n +-#define A( j ) N->p[j] +-#define STORE32 N->p[i] = cur; +- +-#else /* 64-bit */ +- +-#define MAX32 N->n * 2 +-#define A( j ) j % 2 ? (uint32_t)( N->p[j/2] >> 32 ) : (uint32_t)( N->p[j/2] ) +-#define STORE32 \ +- if( i % 2 ) { \ +- N->p[i/2] &= 0x00000000FFFFFFFF; \ +- N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ +- } else { \ +- N->p[i/2] &= 0xFFFFFFFF00000000; \ +- N->p[i/2] |= (mbedtls_mpi_uint) cur; \ +- } +- +-#endif /* sizeof( mbedtls_mpi_uint ) */ +- +-/* +- * Helpers for addition and subtraction of chunks, with signed carry. +- */ +-static inline void add32( uint32_t *dst, uint32_t src, signed char *carry ) +-{ +- *dst += src; +- *carry += ( *dst < src ); +-} +- +-static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry ) +-{ +- *carry -= ( *dst < src ); +- *dst -= src; +-} +- +-#define ADD( j ) add32( &cur, A( j ), &c ); +-#define SUB( j ) sub32( &cur, A( j ), &c ); +- +-/* +- * Helpers for the main 'loop' +- * (see fix_negative for the motivation of C) +- */ +-#define INIT( b ) \ +- int ret; \ +- signed char c = 0, cc; \ +- uint32_t cur; \ +- size_t i = 0, bits = b; \ +- mbedtls_mpi C; \ +- mbedtls_mpi_uint Cp[ b / 8 / sizeof( mbedtls_mpi_uint) + 1 ]; \ +- \ +- C.s = 1; \ +- C.n = b / 8 / sizeof( mbedtls_mpi_uint) + 1; \ +- C.p = Cp; \ +- memset( Cp, 0, C.n * sizeof( mbedtls_mpi_uint ) ); \ +- \ +- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, b * 2 / 8 / sizeof( mbedtls_mpi_uint ) ) ); \ +- LOAD32; +- +-#define NEXT \ +- STORE32; i++; LOAD32; \ +- cc = c; c = 0; \ +- if( cc < 0 ) \ +- sub32( &cur, -cc, &c ); \ +- else \ +- add32( &cur, cc, &c ); \ +- +-#define LAST \ +- STORE32; i++; \ +- cur = c > 0 ? c : 0; STORE32; \ +- cur = 0; while( ++i < MAX32 ) { STORE32; } \ +- if( c < 0 ) fix_negative( N, c, &C, bits ); +- +-/* +- * If the result is negative, we get it in the form +- * c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits' +- */ +-static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits ) +-{ +- int ret; +- +- /* C = - c * 2^(bits + 32) */ +-#if !defined(MBEDTLS_HAVE_INT64) +- ((void) bits); +-#else +- if( bits == 224 ) +- C->p[ C->n - 1 ] = ((mbedtls_mpi_uint) -c) << 32; +- else +-#endif +- C->p[ C->n - 1 ] = (mbedtls_mpi_uint) -c; +- +- /* N = - ( C - N ) */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, C, N ) ); +- N->s = -1; +- +-cleanup: +- +- return( ret ); +-} +- +-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +-/* +- * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2) +- */ +-static int ecp_mod_p224( mbedtls_mpi *N ) +-{ +- INIT( 224 ); +- +- SUB( 7 ); SUB( 11 ); NEXT; // A0 += -A7 - A11 +- SUB( 8 ); SUB( 12 ); NEXT; // A1 += -A8 - A12 +- SUB( 9 ); SUB( 13 ); NEXT; // A2 += -A9 - A13 +- SUB( 10 ); ADD( 7 ); ADD( 11 ); NEXT; // A3 += -A10 + A7 + A11 +- SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT; // A4 += -A11 + A8 + A12 +- SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT; // A5 += -A12 + A9 + A13 +- SUB( 13 ); ADD( 10 ); LAST; // A6 += -A13 + A10 +- +-cleanup: +- return( ret ); +-} +-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +-/* +- * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3) +- */ +-static int ecp_mod_p256( mbedtls_mpi *N ) +-{ +- INIT( 256 ); +- +- ADD( 8 ); ADD( 9 ); +- SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 ); NEXT; // A0 +- +- ADD( 9 ); ADD( 10 ); +- SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A1 +- +- ADD( 10 ); ADD( 11 ); +- SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A2 +- +- ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 ); +- SUB( 15 ); SUB( 8 ); SUB( 9 ); NEXT; // A3 +- +- ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 ); +- SUB( 9 ); SUB( 10 ); NEXT; // A4 +- +- ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 ); +- SUB( 10 ); SUB( 11 ); NEXT; // A5 +- +- ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 ); +- SUB( 8 ); SUB( 9 ); NEXT; // A6 +- +- ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 ); +- SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 ); LAST; // A7 +- +-cleanup: +- return( ret ); +-} +-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +-/* +- * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4) +- */ +-static int ecp_mod_p384( mbedtls_mpi *N ) +-{ +- INIT( 384 ); +- +- ADD( 12 ); ADD( 21 ); ADD( 20 ); +- SUB( 23 ); NEXT; // A0 +- +- ADD( 13 ); ADD( 22 ); ADD( 23 ); +- SUB( 12 ); SUB( 20 ); NEXT; // A2 +- +- ADD( 14 ); ADD( 23 ); +- SUB( 13 ); SUB( 21 ); NEXT; // A2 +- +- ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 ); +- SUB( 14 ); SUB( 22 ); SUB( 23 ); NEXT; // A3 +- +- ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 ); +- SUB( 15 ); SUB( 23 ); SUB( 23 ); NEXT; // A4 +- +- ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 ); +- SUB( 16 ); NEXT; // A5 +- +- ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 ); +- SUB( 17 ); NEXT; // A6 +- +- ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 ); +- SUB( 18 ); NEXT; // A7 +- +- ADD( 20 ); ADD( 17 ); ADD( 16 ); +- SUB( 19 ); NEXT; // A8 +- +- ADD( 21 ); ADD( 18 ); ADD( 17 ); +- SUB( 20 ); NEXT; // A9 +- +- ADD( 22 ); ADD( 19 ); ADD( 18 ); +- SUB( 21 ); NEXT; // A10 +- +- ADD( 23 ); ADD( 20 ); ADD( 19 ); +- SUB( 22 ); LAST; // A11 +- +-cleanup: +- return( ret ); +-} +-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +- +-#undef A +-#undef LOAD32 +-#undef STORE32 +-#undef MAX32 +-#undef INIT +-#undef NEXT +-#undef LAST +- +-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED || +- MBEDTLS_ECP_DP_SECP256R1_ENABLED || +- MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +-/* +- * Here we have an actual Mersenne prime, so things are more straightforward. +- * However, chunks are aligned on a 'weird' boundary (521 bits). +- */ +- +-/* Size of p521 in terms of mbedtls_mpi_uint */ +-#define P521_WIDTH ( 521 / 8 / sizeof( mbedtls_mpi_uint ) + 1 ) +- +-/* Bits to keep in the most significant mbedtls_mpi_uint */ +-#define P521_MASK 0x01FF +- +-/* +- * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5) +- * Write N as A1 + 2^521 A0, return A0 + A1 +- */ +-static int ecp_mod_p521( mbedtls_mpi *N ) +-{ +- int ret; +- size_t i; +- mbedtls_mpi M; +- mbedtls_mpi_uint Mp[P521_WIDTH + 1]; +- /* Worst case for the size of M is when mbedtls_mpi_uint is 16 bits: +- * we need to hold bits 513 to 1056, which is 34 limbs, that is +- * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */ +- +- if( N->n < P521_WIDTH ) +- return( 0 ); +- +- /* M = A1 */ +- M.s = 1; +- M.n = N->n - ( P521_WIDTH - 1 ); +- if( M.n > P521_WIDTH + 1 ) +- M.n = P521_WIDTH + 1; +- M.p = Mp; +- memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 521 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) ); +- +- /* N = A0 */ +- N->p[P521_WIDTH - 1] &= P521_MASK; +- for( i = P521_WIDTH; i < N->n; i++ ) +- N->p[i] = 0; +- +- /* N = A0 + A1 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); +- +-cleanup: +- return( ret ); +-} +- +-#undef P521_WIDTH +-#undef P521_MASK +-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +- +-#endif /* MBEDTLS_ECP_NIST_OPTIM */ +- +-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +- +-/* Size of p255 in terms of mbedtls_mpi_uint */ +-#define P255_WIDTH ( 255 / 8 / sizeof( mbedtls_mpi_uint ) + 1 ) +- +-/* +- * Fast quasi-reduction modulo p255 = 2^255 - 19 +- * Write N as A0 + 2^255 A1, return A0 + 19 * A1 +- */ +-static int ecp_mod_p255( mbedtls_mpi *N ) +-{ +- int ret; +- size_t i; +- mbedtls_mpi M; +- mbedtls_mpi_uint Mp[P255_WIDTH + 2]; +- +- if( N->n < P255_WIDTH ) +- return( 0 ); +- +- /* M = A1 */ +- M.s = 1; +- M.n = N->n - ( P255_WIDTH - 1 ); +- if( M.n > P255_WIDTH + 1 ) +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- M.p = Mp; +- memset( Mp, 0, sizeof Mp ); +- memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 255 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) ); +- M.n++; /* Make room for multiplication by 19 */ +- +- /* N = A0 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( N, 255, 0 ) ); +- for( i = P255_WIDTH; i < N->n; i++ ) +- N->p[i] = 0; +- +- /* N = A0 + 19 * A1 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &M, 19 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); +- +-cleanup: +- return( ret ); +-} +-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +- +-/* Size of p448 in terms of mbedtls_mpi_uint */ +-#define P448_WIDTH ( 448 / 8 / sizeof( mbedtls_mpi_uint ) ) +- +-/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */ +-#define DIV_ROUND_UP( X, Y ) ( ( ( X ) + ( Y ) - 1 ) / ( Y ) ) +-#define P224_WIDTH_MIN ( 28 / sizeof( mbedtls_mpi_uint ) ) +-#define P224_WIDTH_MAX DIV_ROUND_UP( 28, sizeof( mbedtls_mpi_uint ) ) +-#define P224_UNUSED_BITS ( ( P224_WIDTH_MAX * sizeof( mbedtls_mpi_uint ) * 8 ) - 224 ) +- +-/* +- * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1 +- * Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return +- * A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference +- * implementation of Curve448, which uses its own special 56-bit limbs rather +- * than a generic bignum library. We could squeeze some extra speed out on +- * 32-bit machines by splitting N up into 32-bit limbs and doing the +- * arithmetic using the limbs directly as we do for the NIST primes above, +- * but for 64-bit targets it should use half the number of operations if we do +- * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds. +- */ +-static int ecp_mod_p448( mbedtls_mpi *N ) +-{ +- int ret; +- size_t i; +- mbedtls_mpi M, Q; +- mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH]; +- +- if( N->n <= P448_WIDTH ) +- return( 0 ); +- +- /* M = A1 */ +- M.s = 1; +- M.n = N->n - ( P448_WIDTH ); +- if( M.n > P448_WIDTH ) +- /* Shouldn't be called with N larger than 2^896! */ +- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); +- M.p = Mp; +- memset( Mp, 0, sizeof( Mp ) ); +- memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) ); +- +- /* N = A0 */ +- for( i = P448_WIDTH; i < N->n; i++ ) +- N->p[i] = 0; +- +- /* N += A1 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) ); +- +- /* Q = B1, N += B1 */ +- Q = M; +- Q.p = Qp; +- memcpy( Qp, Mp, sizeof( Qp ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) ); +- +- /* M = (B0 + B1) * 2^224, N += M */ +- if( sizeof( mbedtls_mpi_uint ) > 4 ) +- Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS ); +- for( i = P224_WIDTH_MAX; i < M.n; ++i ) +- Mp[i] = 0; +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) ); +- M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) ); +- +-cleanup: +- return( ret ); +-} +-#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ +- defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +-/* +- * Fast quasi-reduction modulo P = 2^s - R, +- * with R about 33 bits, used by the Koblitz curves. +- * +- * Write N as A0 + 2^224 A1, return A0 + R * A1. +- * Actually do two passes, since R is big. +- */ +-#define P_KOBLITZ_MAX ( 256 / 8 / sizeof( mbedtls_mpi_uint ) ) // Max limbs in P +-#define P_KOBLITZ_R ( 8 / sizeof( mbedtls_mpi_uint ) ) // Limbs in R +-static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, +- size_t adjust, size_t shift, mbedtls_mpi_uint mask ) +-{ +- int ret; +- size_t i; +- mbedtls_mpi M, R; +- mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; +- +- if( N->n < p_limbs ) +- return( 0 ); +- +- /* Init R */ +- R.s = 1; +- R.p = Rp; +- R.n = P_KOBLITZ_R; +- +- /* Common setup for M */ +- M.s = 1; +- M.p = Mp; +- +- /* M = A1 */ +- M.n = N->n - ( p_limbs - adjust ); +- if( M.n > p_limbs + adjust ) +- M.n = p_limbs + adjust; +- memset( Mp, 0, sizeof Mp ); +- memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); +- if( shift != 0 ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); +- M.n += R.n; /* Make room for multiplication by R */ +- +- /* N = A0 */ +- if( mask != 0 ) +- N->p[p_limbs - 1] &= mask; +- for( i = p_limbs; i < N->n; i++ ) +- N->p[i] = 0; +- +- /* N = A0 + R * A1 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); +- +- /* Second pass */ +- +- /* M = A1 */ +- M.n = N->n - ( p_limbs - adjust ); +- if( M.n > p_limbs + adjust ) +- M.n = p_limbs + adjust; +- memset( Mp, 0, sizeof Mp ); +- memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); +- if( shift != 0 ) +- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); +- M.n += R.n; /* Make room for multiplication by R */ +- +- /* N = A0 */ +- if( mask != 0 ) +- N->p[p_limbs - 1] &= mask; +- for( i = p_limbs; i < N->n; i++ ) +- N->p[i] = 0; +- +- /* N = A0 + R * A1 */ +- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) ); +- MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); +- +-cleanup: +- return( ret ); +-} +-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) || +- MBEDTLS_ECP_DP_SECP224K1_ENABLED) || +- MBEDTLS_ECP_DP_SECP256K1_ENABLED) */ +- +-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) +-/* +- * Fast quasi-reduction modulo p192k1 = 2^192 - R, +- * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119 +- */ +-static int ecp_mod_p192k1( mbedtls_mpi *N ) +-{ +- static mbedtls_mpi_uint Rp[] = { +- BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) }; +- +- return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) ); +-} +-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +-/* +- * Fast quasi-reduction modulo p224k1 = 2^224 - R, +- * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93 +- */ +-static int ecp_mod_p224k1( mbedtls_mpi *N ) +-{ +- static mbedtls_mpi_uint Rp[] = { +- BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) }; +- +-#if defined(MBEDTLS_HAVE_INT64) +- return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) ); +-#else +- return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) ); +-#endif +-} +- +-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ +- +-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +-/* +- * Fast quasi-reduction modulo p256k1 = 2^256 - R, +- * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1 +- */ +-static int ecp_mod_p256k1( mbedtls_mpi *N ) +-{ +- static mbedtls_mpi_uint Rp[] = { +- BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) }; +- return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) ); +-} +-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ +- +-#endif /* !MBEDTLS_ECP_ALT */ +- +-#endif /* MBEDTLS_ECP_C */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/rsa_alt.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/rsa_alt.h +deleted file mode 100644 +index e7ba8da2b7..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/rsa_alt.h ++++ /dev/null +@@ -1,86 +0,0 @@ +-/** +- * \file rsa.h +- * +- * \brief This file provides an API for the RSA public-key cryptosystem. +- * +- * The RSA public-key cryptosystem is defined in Public-Key +- * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption +- * and Public-Key Cryptography Standards (PKCS) #1 v2.1: +- * RSA Cryptography Specifications. +- * +- */ +-/* +- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved +- * Copyright (C) 2019, NXP, All Rights Reserved +- * SPDX-License-Identifier: Apache-2.0 +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); you may +- * not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- * +- * This file is part of Mbed TLS (https://tls.mbed.org) +- */ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if !defined(MBEDTLS_CONFIG_FILE) +-#include "mbedtls/config.h" +-#else +-#include MBEDTLS_CONFIG_FILE +-#endif +- +-#if defined(MBEDTLS_RSA_ALT) +-#include +- +-typedef struct +-{ +- int ver; /*!< Always 0.*/ +- size_t len; /*!< The size of \p N in Bytes. */ +- +- mbedtls_mpi N; /*!< The public modulus. */ +- mbedtls_mpi E; /*!< The public exponent. */ +- +- mbedtls_mpi D; /*!< The private exponent. */ +- mbedtls_mpi P; /*!< The first prime factor. */ +- mbedtls_mpi Q; /*!< The second prime factor. */ +- +- mbedtls_mpi DP; /*!< D % (P - 1). */ +- mbedtls_mpi DQ; /*!< D % (Q - 1). */ +- mbedtls_mpi QP; /*!< 1 / (Q % P). */ +- +- mbedtls_mpi RN; /*!< cached R^2 mod N. */ +- +- mbedtls_mpi RP; /*!< cached R^2 mod P. */ +- mbedtls_mpi RQ; /*!< cached R^2 mod Q. */ +- +- mbedtls_mpi Vi; /*!< The cached blinding value. */ +- mbedtls_mpi Vf; /*!< The cached un-blinding value. */ +- +- int padding; /*!< Selects padding mode: +- #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and +- #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */ +- int hash_id; /*!< Hash identifier of mbedtls_md_type_t type, +- as specified in md.h for use in the MGF +- mask generating function used in the +- EME-OAEP and EMSA-PSS encodings. */ +-#if defined(MBEDTLS_THREADING_C) +- mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */ +-#endif +- +- /** Reference to object mapped between SSS Layer */ +- sss_object_t *pSSSObject; +-} mbedtls_rsa_context; +- +-#endif /* MBEDTLS_RSA_ALT */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.c +deleted file mode 100644 +index eb223c24c7..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.c ++++ /dev/null +@@ -1,508 +0,0 @@ +-/* +- * +- * Copyright 2018-2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * @par Description +- * Implementation of key association between NXP Secure Element and mbedtls. +- * @par History +- * 1.0 30-jan-2018 : Initial version +- * +- *****************************************************************************/ +- +-#if !defined(MBEDTLS_CONFIG_FILE) +-#include "mbedtls/config.h" +-#else +-#include MBEDTLS_CONFIG_FILE +-#endif +- +-#if defined(MBEDTLS_ECP_ALT) && SSS_HAVE_ALT_SSS +- +-/** @ingroup ax_mbed_tls */ +-/** @{ */ +- +-#include +-#include +-#include +- +-#include "fsl_sss_api.h" +-#include "mbedtls/pk_internal.h" +-#include "mbedtls/platform.h" +-#include "mbedtls/rsa.h" +-#include "mbedtls/ssl.h" +-#include "mbedtls/ssl_internal.h" +-#include "mbedtls/version.h" +-#include "sss_mbedtls.h" +-#if defined(FLOW_VERBOSE) && (FLOW_VERBOSE == 1) +-#define LOG_API_CALLS 1 +-#else +-#define LOG_API_CALLS 0 +-#endif /* FLOW_VERBOSE */ +- +-#ifndef LOG_API_CALLS +-#define LOG_API_CALLS 1 /* Log by default */ +-#endif +- +-extern mbedtls_pk_info_t ax_mbedtls_rsakeypair_info; +-extern mbedtls_pk_info_t ax_mbedtls_rsapubkey_info; +- +-static size_t sss_eckey_get_bitlen(const void *ctx); +-static int sss_eckey_sign(void *ctx, +- mbedtls_md_type_t md_alg, +- const unsigned char *hash, +- size_t hash_len, +- unsigned char *sig, +- size_t *sig_len, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng); +-static int sss_eckey_verify(void *ctx, +- mbedtls_md_type_t md_alg, +- const unsigned char *hash, +- size_t hash_len, +- const unsigned char *sig, +- size_t sig_len); +-static int sss_eckey_check_pair(const void *pub, const void *prv); +-static int sss_eckeypair_can_do(mbedtls_pk_type_t type); +-static int sss_ecpubkey_can_do(mbedtls_pk_type_t type); +-static void sss_eckeypair_free_func(void *ctx); +-static void sss_ecpubkey_free_func(void *ctx); +- +-static const mbedtls_pk_info_t ax_mbedtls_eckeypair_info = { +- MBEDTLS_PK_ECKEY, +- "AxEC_Keypair", +- &sss_eckey_get_bitlen, +- &sss_eckeypair_can_do, +- NULL, +- &sss_eckey_sign, +- NULL, // decrypt_func, +- NULL, // encrypt_func, +- &sss_eckey_check_pair, +- NULL, //&ax_eckey_alloc, +- &sss_eckeypair_free_func, +- NULL, //&ax_eckey_debug, +-}; +- +-static const mbedtls_pk_info_t ax_mbedtls_ecpubkey_info = { +- MBEDTLS_PK_ECKEY, +- "AxEC_pubkey", +- &sss_eckey_get_bitlen, +- &sss_ecpubkey_can_do, +- &sss_eckey_verify, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- &sss_ecpubkey_free_func, +- NULL, +-}; +- +-/* clang-format off */ +-typedef struct _object_identifiers +-{ +- uint32_t identifier[16]; +- size_t indentifier_len; +- int groupId; +- char* name; +-} object_identifiers_t; +-object_identifiers_t object_identifiers_gvar[] = { +- +- { { 1, 2, 840, 10045, 3, 1, 1 }, 7, MBEDTLS_ECP_DP_SECP192R1, "MBEDTLS_ECP_DP_SECP192R1" }, +- { { 1, 3, 132, 0, 33 }, 5, MBEDTLS_ECP_DP_SECP224R1, "MBEDTLS_ECP_DP_SECP224R1" }, +- { { 1, 2, 840, 10045, 3, 1, 7 }, 7, MBEDTLS_ECP_DP_SECP256R1, "MBEDTLS_ECP_DP_SECP256R1" }, +- { { 1, 3, 132, 0, 34 }, 5, MBEDTLS_ECP_DP_SECP384R1, "MBEDTLS_ECP_DP_SECP384R1" }, +- { { 1, 3, 132, 0, 35 }, 5, MBEDTLS_ECP_DP_SECP521R1, "MBEDTLS_ECP_DP_SECP521R1" }, +- +- { { 1, 3, 36, 3, 3, 2, 8, 1, 1, 7 }, 10, MBEDTLS_ECP_DP_BP256R1, "MBEDTLS_ECP_DP_BP256R1" }, +- { { 1, 3, 24, 3, 3, 2, 8, 1, 1, 7 }, 10, MBEDTLS_ECP_DP_BP256R1, "MBEDTLS_ECP_DP_BP256R1" }, +- { { 1, 3, 36, 3, 3, 2, 8, 1, 1, 11}, 10, MBEDTLS_ECP_DP_BP384R1, "MBEDTLS_ECP_DP_BP384R1" }, +- { { 1, 3, 36, 3, 3, 2, 8, 1, 1, 13}, 10, MBEDTLS_ECP_DP_BP512R1, "MBEDTLS_ECP_DP_BP512R1" }, +- +- { { 1, 3, 132, 0, 31 }, 5, MBEDTLS_ECP_DP_SECP192K1, "MBEDTLS_ECP_DP_SECP192K1" }, +- { { 1, 3, 132, 0, 32 }, 5, MBEDTLS_ECP_DP_SECP224K1, "MBEDTLS_ECP_DP_SECP224K1" }, +- { { 1, 3, 132, 0, 10 }, 5, MBEDTLS_ECP_DP_SECP256K1, "MBEDTLS_ECP_DP_SECP256K1" }, +- {{0,}, 0, 0}, +-}; +-/* clang-format on */ +- +-#ifdef _MSC_VER +-#pragma warning(disable : 4127) +-#endif +- +-int get_group_id(uint32_t *objectid, uint8_t objectIdLen) +-{ +- size_t i = 0, j = 0; +- int groupId = -1; +- +- while (1) { +- if (object_identifiers_gvar[i].indentifier_len == 0) { +- break; +- } +- +- if (object_identifiers_gvar[i].indentifier_len != objectIdLen) { +- i++; +- continue; +- } +- +- for (j = 0; j < object_identifiers_gvar[i].indentifier_len; j++) { +- if (object_identifiers_gvar[i].identifier[j] != objectid[j]) { +- i++; +- goto skip_oid; +- } +- } +- +- groupId = object_identifiers_gvar[i].groupId; +- LOG_I("Group id found - %s \n", object_identifiers_gvar[i].name); +- break; +- skip_oid: +- continue; +- } +- +- return groupId; +-} +- +-int sss_mbedtls_associate_keypair(mbedtls_pk_context *pkey, sss_object_t *pkeyObject) +-{ +- void *pax_ctx = NULL; +- uint32_t objectId[16] = { +- 0, +- }; +- uint8_t objectIdLen = sizeof(objectId); +- sss_status_t status = kStatus_SSS_Fail; +- +- memset(pkey, 0, sizeof(*pkey)); +- +- if (pkeyObject->cipherType == kSSS_CipherType_EC_NIST_P || pkeyObject->cipherType == kSSS_CipherType_EC_NIST_K || +- pkeyObject->cipherType == kSSS_CipherType_EC_BRAINPOOL || +- pkeyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY || +- pkeyObject->cipherType == kSSS_CipherType_EC_TWISTED_ED) { +- LOG_D("Associating ECC key-pair '0x%08X'", pkeyObject->keyId); +- +- pkey->pk_info = &ax_mbedtls_eckeypair_info; +- pax_ctx = (mbedtls_ecp_keypair *)mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair)); +- ((mbedtls_ecp_keypair *)pax_ctx)->grp.pSSSObject = pkeyObject; +- status = sss_util_asn1_get_oid_from_sssObj(pkeyObject, objectId, &objectIdLen); +- if (status != kStatus_SSS_Success) { +- if (pax_ctx != NULL) { +- mbedtls_free(pax_ctx); +- } +- return 1; +- } +- +- ((mbedtls_ecp_keypair *)pax_ctx)->grp.id = get_group_id(objectId, objectIdLen); +- if (((mbedtls_ecp_keypair *)pax_ctx)->grp.id == MBEDTLS_ECP_DP_NONE) { +- LOG_E(" sss_mbedtls_associate_keypair: Group id not found...\n"); +- if (pax_ctx != NULL) { +- mbedtls_free(pax_ctx); +- } +- return 1; +- } +- pkey->pk_ctx = pax_ctx; +- } +-#ifdef MBEDTLS_RSA_ALT +- else if (pkeyObject->cipherType == kSSS_CipherType_RSA || pkeyObject->cipherType == kSSS_CipherType_RSA_CRT) { +- uint8_t pbKey[1024]; +- size_t pbKeyBitLen = 0; +- size_t pbKeyBytetLen = sizeof(pbKey); +- uint8_t *modulus = NULL; +- size_t modlen = 0; +- uint8_t *pubExp = NULL; +- size_t pubExplen = 0; +- +- LOG_D("Associating RSA key-pair '0x%08X'", pkeyObject->keyId); +- +- pkey->pk_info = &ax_mbedtls_rsakeypair_info; +- pax_ctx = (mbedtls_rsa_context *)mbedtls_calloc(1, sizeof(mbedtls_rsa_context)); +- ((mbedtls_rsa_context *)pax_ctx)->pSSSObject = pkeyObject; +- +- status = sss_key_store_get_key(pkeyObject->keyStore, pkeyObject, pbKey, &pbKeyBytetLen, &pbKeyBitLen); +- if (status != kStatus_SSS_Success) { +- return 1; +- } +- +- status = sss_util_asn1_rsa_parse_public(pbKey, pbKeyBytetLen, &modulus, &modlen, &pubExp, &pubExplen); +- if (modulus != NULL) { +- SSS_FREE(modulus); +- modulus = NULL; +- } +- if (pubExp != NULL) { +- SSS_FREE(pubExp); +- pubExp = NULL; +- } +- if (status != kStatus_SSS_Success) { +- return 1; +- } +- +- ((mbedtls_rsa_context *)pax_ctx)->len = (modlen * 8); +- } +-#endif /* MBEDTLS_RSA_ALT */ +- else { +- return 1; +- } +- +- pkey->pk_ctx = pax_ctx; +- return 0; +-} +- +-int sss_mbedtls_associate_pubkey(mbedtls_pk_context *pkey, sss_object_t *pkeyObject) +-{ +- void *pax_ctx = NULL; +- uint32_t objectId[16] = { +- 0, +- }; +- uint8_t objectIdLen = sizeof(objectId); +- sss_status_t status = kStatus_SSS_Fail; +- +- memset(pkey, 0, sizeof(*pkey)); +- +- if (pkeyObject->cipherType == kSSS_CipherType_EC_NIST_P || pkeyObject->cipherType == kSSS_CipherType_EC_NIST_K || +- pkeyObject->cipherType == kSSS_CipherType_EC_BRAINPOOL || +- pkeyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY || +- pkeyObject->cipherType == kSSS_CipherType_EC_TWISTED_ED) { +- LOG_D("Associating ECC public key '0x%08X'", pkeyObject->keyId); +- +- pkey->pk_info = &ax_mbedtls_ecpubkey_info; +- pax_ctx = (mbedtls_ecp_keypair *)mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair)); +- ((mbedtls_ecp_keypair *)pax_ctx)->grp.pSSSObject = pkeyObject; +- +- status = sss_util_asn1_get_oid_from_sssObj(pkeyObject, objectId, &objectIdLen); +- if (status != kStatus_SSS_Success) { +- if (pax_ctx != NULL) { +- mbedtls_free(pax_ctx); +- } +- return 1; +- } +- +- ((mbedtls_ecp_keypair *)pax_ctx)->grp.id = get_group_id(objectId, objectIdLen); +- if (((mbedtls_ecp_keypair *)pax_ctx)->grp.id == MBEDTLS_ECP_DP_NONE) { +- LOG_E(" sss_mbedtls_associate_pubkey: Group id not found...\n"); +- if (pax_ctx != NULL) { +- mbedtls_free(pax_ctx); +- } +- return 1; +- } +- } +-#ifdef MBEDTLS_RSA_ALT +- else if (pkeyObject->cipherType == kSSS_CipherType_RSA || pkeyObject->cipherType == kSSS_CipherType_RSA_CRT) { +- uint8_t pbKey[1400]; +- size_t pbKeyBitLen = 0; +- size_t pbKeyBytetLen = sizeof(pbKey); +- uint8_t *modulus = NULL; +- size_t modlen = 0; +- uint8_t *pubExp = NULL; +- size_t pubExplen = 0; +- +- LOG_D("Associating RSA public key '0x%08X'", pkeyObject->keyId); +- +- pax_ctx = (mbedtls_rsa_context *)mbedtls_calloc(1, sizeof(mbedtls_rsa_context)); +- pkey->pk_ctx = pax_ctx; +- pkey->pk_info = &ax_mbedtls_rsapubkey_info; +- ((mbedtls_rsa_context *)pax_ctx)->pSSSObject = pkeyObject; +- +- status = sss_key_store_get_key(pkeyObject->keyStore, pkeyObject, pbKey, &pbKeyBytetLen, &pbKeyBitLen); +- if (status != kStatus_SSS_Success) { +- return 1; +- } +- +- status = sss_util_asn1_rsa_parse_public(pbKey, pbKeyBytetLen, &modulus, &modlen, &pubExp, &pubExplen); +- if (modulus != NULL) { +- SSS_FREE(modulus); +- modulus = NULL; +- } +- if (pubExp != NULL) { +- SSS_FREE(pubExp); +- pubExp = NULL; +- } +- if (status != kStatus_SSS_Success) { +- return 1; +- } +- +- ((mbedtls_rsa_context *)pax_ctx)->len = (modlen * 8); +- } +-#endif /* MBEDTLS_RSA_ALT */ +- else { +- return 1; +- } +- +- pkey->pk_ctx = pax_ctx; +- return 0; +-} +- +-int sss_mbedtls_associate_ecdhctx( +- mbedtls_ssl_handshake_params *handshake, sss_object_t *pSSSObject, sss_key_store_t *hostKs) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- uint32_t objectId[16] = { +- 0, +- }; +- uint8_t objectIdLen = sizeof(objectId); +- +- status = sss_util_asn1_get_oid_from_sssObj(pSSSObject, objectId, &objectIdLen); +- if (status != kStatus_SSS_Success) { +- return 1; +- } +- +- handshake->ecdh_ctx.grp.id = get_group_id(objectId, objectIdLen); +- +- handshake->ecdh_ctx.grp.pSSSObject = pSSSObject; +- handshake->ecdh_ctx.grp.hostKs = hostKs; +-#if LOG_API_CALLS > 1 +- LOG_I("Associating ECC key-pair '%d' for handshake.\r\n", key_index); +-#endif +- return 0; +-} +- +-static size_t sss_eckey_get_bitlen(const void *ctx) +-{ +- return ((64 << 1) + 1); +-} +- +-static int sss_eckey_verify(void *ctx, +- mbedtls_md_type_t md_alg, +- const unsigned char *hash, +- size_t hash_len, +- const unsigned char *sig, +- size_t sig_len) +-{ +- sss_status_t status = kStatus_SSS_Success; +- sss_asymmetric_t asymVerifyCtx; +- sss_object_t *sssObject = NULL; +- sss_algorithm_t algorithm; +- mbedtls_ecp_keypair *pax_ctx = (mbedtls_ecp_keypair *)ctx; +- +- sssObject = pax_ctx->grp.pSSSObject; +- +- switch (md_alg) { +- case MBEDTLS_MD_SHA1: +- algorithm = kAlgorithm_SSS_SHA1; +- break; +- case MBEDTLS_MD_SHA224: +- algorithm = kAlgorithm_SSS_SHA224; +- break; +- case MBEDTLS_MD_SHA256: +- algorithm = kAlgorithm_SSS_SHA256; +- break; +- case MBEDTLS_MD_SHA384: +- algorithm = kAlgorithm_SSS_SHA384; +- break; +- case MBEDTLS_MD_SHA512: +- algorithm = kAlgorithm_SSS_SHA512; +- break; +- default: +- return 1; +- } +- +- LOG_D("%s: Verify using key '0x%08X'", __FUNCTION__, pax_ctx->grp.pSSSObject->keyId); +- +- status = sss_asymmetric_context_init( +- &asymVerifyCtx, sssObject->keyStore->session, sssObject, algorithm, kMode_SSS_Verify); +- if (status != kStatus_SSS_Success) { +- LOG_E(" sss_asymmetric_context_init verify context Failed...\n"); +- return 1; +- } +- +- status = sss_asymmetric_verify_digest(&asymVerifyCtx, (uint8_t *)hash, hash_len, (uint8_t *)sig, sig_len); +- if (status != kStatus_SSS_Success) { +- LOG_E(" sss_asymmetric_verify_digest Failed...\n"); +- return 1; +- } +- +- return (0); +-} +- +-static int sss_eckey_sign(void *ctx, +- mbedtls_md_type_t md_alg, +- const unsigned char *hash, +- size_t hash_len, +- unsigned char *sig, +- size_t *sig_len, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng) +-{ +- int ret = 0; +- size_t u16_sig_len = 1024; +- sss_asymmetric_t asymVerifyCtx; +- sss_status_t status = kStatus_SSS_Success; +- sss_object_t *sssObject = NULL; +- mbedtls_ecp_keypair *pax_ctx = (mbedtls_ecp_keypair *)ctx; +- sss_algorithm_t algorithm; +- +- sssObject = pax_ctx->grp.pSSSObject; +- switch (md_alg) { +- case MBEDTLS_MD_SHA1: +- algorithm = kAlgorithm_SSS_SHA1; +- break; +- case MBEDTLS_MD_SHA224: +- algorithm = kAlgorithm_SSS_SHA224; +- break; +- case MBEDTLS_MD_SHA256: +- algorithm = kAlgorithm_SSS_SHA256; +- break; +- case MBEDTLS_MD_SHA384: +- algorithm = kAlgorithm_SSS_SHA384; +- break; +- case MBEDTLS_MD_SHA512: +- algorithm = kAlgorithm_SSS_SHA512; +- break; +- default: +- return 1; +- } +- +- status = +- sss_asymmetric_context_init(&asymVerifyCtx, sssObject->keyStore->session, sssObject, algorithm, kMode_SSS_Sign); +- if (status != kStatus_SSS_Success) { +- LOG_E(" sss_asymmetric_context_init verify context Failed...\n"); +- return 1; +- } +- +- LOG_D("%s: Signing using key '0x%08lX'", __FUNCTION__, pax_ctx->grp.pSSSObject->keyId); +- +- status = sss_asymmetric_sign_digest(&asymVerifyCtx, (uint8_t *)hash, hash_len, sig, &u16_sig_len); +- if (status != kStatus_SSS_Success) { +- LOG_W(" sss_asymmetric_sign_digest Failed...\n"); +- return 1; +- } +- +- *sig_len = u16_sig_len; +- +- return (ret); +-} +- +-static int sss_eckey_check_pair(const void *pub, const void *prv) +-{ +- return 0; +-} +- +-static int sss_eckeypair_can_do(mbedtls_pk_type_t type) +-{ +- return (type == MBEDTLS_PK_ECKEY || type == MBEDTLS_PK_ECKEY_DH || type == MBEDTLS_PK_ECDSA); +-} +- +-static int sss_ecpubkey_can_do(mbedtls_pk_type_t type) +-{ +- return (type == MBEDTLS_PK_ECKEY || type == MBEDTLS_PK_ECKEY_DH || type == MBEDTLS_PK_ECDSA); +-} +- +-static void sss_eckeypair_free_func(void *ctx) +-{ +- mbedtls_ecp_keypair *pax_ctx = (mbedtls_ecp_keypair *)ctx; +- if (pax_ctx != NULL) { +- mbedtls_free(ctx); +- } +- return; +-} +- +-static void sss_ecpubkey_free_func(void *ctx) +-{ +- mbedtls_ecp_keypair *pax_ctx = (mbedtls_ecp_keypair *)ctx; +- if (pax_ctx != NULL) { +- mbedtls_free(ctx); +- } +- return; +-} +- +-/** @} */ +- +-#endif /* MBEDTLS_ECP_ALT */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.h +deleted file mode 100644 +index a559e19005..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls.h ++++ /dev/null +@@ -1,102 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * @par Description +- * Implementation of key association between NXP Secure Element and mbedtls. +- * @par History +- * 1.0 30-jan-2018 : Initial version +- * +- *****************************************************************************/ +- +-#ifndef AX_MBEDTLS_H +-#define AX_MBEDTLS_H +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_ALT_SSS +-#include "sss_mbedtls.h" +-#else +-#include "ax_mbedtls.h" +-#endif +- +-#include +- +-#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM +-#include +-#endif +-#if SSS_HAVE_MBEDTLS +-#include +-#endif +- +-/** @ingroup ax_mbed_tls */ +-/** @{ */ +- +-#include "fsl_sss_api.h" +-#include "mbedtls/pk.h" +-#include "mbedtls/ssl.h" +- +-/** +- * @brief Associate a keypair provisioned in the secure element for +- * subsequent operations. +- * +- * @param[out] pkey Pointer to the mbedtls_pk_context which will be +- * associated with data corresponding to the key_index +- * +- * @param[in] pkeyObject The object that we are going to be use. +- * +- * @return 0 if successful, or 1 if unsuccessful +- */ +-int sss_mbedtls_associate_keypair(mbedtls_pk_context *pkey, sss_object_t *pkeyObject); +- +-/** +- * @brief Associate a pubkey provisioned in the secure element for +- * subsequent operations. +- * +- * @param[out] pkey Pointer to the mbedtls_pk_context which will be +- * associated with data corresponding to the key index +- * +- * @param[in] pkeyObject The object that we are going to be use. +- * +- * @return 0 if successful, or 1 if unsuccessful +- */ +-int sss_mbedtls_associate_pubkey(mbedtls_pk_context *pkey, sss_object_t *pkeyObject); +- +-/** +- * @brief Update ECDSA HandShake key with given inded. +- * +- * @param[in,out] handshake Pointer to the mbedtls_ssl_handshake_params which +- * will be associated with data corresponding to the +- * key index +- * +- * @param[in] pkeyObject The object that we are going to be use. +- * +- * @param[in] hostKs Keystore to host for session key. +- * +- * @return 0 if successful, or 1 if unsuccessful +- */ +- +-int sss_mbedtls_associate_ecdhctx( +- mbedtls_ssl_handshake_params *handshake, sss_object_t *pkeyObject, sss_key_store_t *hostKs); +- +-/** @} */ +- +-/** +- * \brief This function frees the components of a key pair. Original implementation +- * \param key The key pair to free. +- */ +-void mbedtls_ecp_keypair_free_o(mbedtls_ecp_keypair *key); +- +-/** +- * same as ``mbedtls_ecp_tls_read_group`` +- */ +-int mbedtls_ecp_tls_read_group_o(mbedtls_ecp_group *grp, const unsigned char **buf, size_t len); +- +-#endif /* AX_MBEDTLS_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_rsa.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_rsa.c +deleted file mode 100644 +index 989aa0eab3..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_rsa.c ++++ /dev/null +@@ -1,251 +0,0 @@ +-/* +- * +- * Copyright 2018-2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** +- * @file sss_mbedtls_rsa.c +- * +- * @par Description +- * Implementation of key association between SSS and mbedtls. +- * +- *****************************************************************************/ +- +-#if !defined(MBEDTLS_CONFIG_FILE) +-#include "mbedtls/config.h" +-#else +-#include MBEDTLS_CONFIG_FILE +-#endif +- +-/** @ingroup ax_mbed_tls */ +-/** @{ */ +- +-#if defined(MBEDTLS_RSA_ALT) +- +-#include +-#include +-#include +- +-#include "fsl_sss_api.h" +-#include "mbedtls/pk_internal.h" +-#include "mbedtls/platform.h" +-#include "mbedtls/rsa.h" +-#include "mbedtls/ssl.h" +-#include "mbedtls/ssl_internal.h" +-#include "mbedtls/version.h" +-#include "sss_mbedtls.h" +-#if defined(FLOW_VERBOSE) && (FLOW_VERBOSE == 1) +-#define LOG_API_CALLS 1 +-#else +-#define LOG_API_CALLS 0 +-#endif /* FLOW_VERBOSE */ +- +-#ifndef LOG_API_CALLS +-#define LOG_API_CALLS 1 /* Log by default */ +-#endif +- +-static size_t sss_rsakey_get_bitlen(const void *ctx); +-static int sss_rsakey_sign(void *ctx, +- mbedtls_md_type_t md_alg, +- const unsigned char *hash, +- size_t hash_len, +- unsigned char *sig, +- size_t *sig_len, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng); +-static int sss_rsakey_verify(void *ctx, +- mbedtls_md_type_t md_alg, +- const unsigned char *hash, +- size_t hash_len, +- const unsigned char *sig, +- size_t sig_len); +-static int sss_rsakey_check_pair(const void *pub, const void *prv); +-static int sss_rsakeypair_can_do(mbedtls_pk_type_t type); +-static int sss_rsapubkey_can_do(mbedtls_pk_type_t type); +-static void sss_rsakeypair_free_func(void *ctx); +-static void sss_rsapubkey_free_func(void *ctx); +- +-const mbedtls_pk_info_t ax_mbedtls_rsakeypair_info = { +- MBEDTLS_PK_RSA, +- "AxRSA_Keypair", +- &sss_rsakey_get_bitlen, +- &sss_rsakeypair_can_do, +- NULL, +- &sss_rsakey_sign, +- NULL, // decrypt_func, +- NULL, // encrypt_func, +- &sss_rsakey_check_pair, +- NULL, //&ax_rsakey_alloc, +- &sss_rsakeypair_free_func, +- NULL, //&ax_rsakey_debug, +-}; +- +-const mbedtls_pk_info_t ax_mbedtls_rsapubkey_info = { +- MBEDTLS_PK_RSA, +- "AxRSA_pubkey", +- &sss_rsakey_get_bitlen, +- &sss_rsapubkey_can_do, +- &sss_rsakey_verify, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- &sss_rsapubkey_free_func, +- NULL, +-}; +- +-static size_t sss_rsakey_get_bitlen(const void *ctx) +-{ +- mbedtls_rsa_context *pax_ctx = (mbedtls_rsa_context *)ctx; +- return pax_ctx->len; +-} +- +-static int sss_rsakey_verify(void *ctx, +- mbedtls_md_type_t md_alg, +- const unsigned char *hash, +- size_t hash_len, +- const unsigned char *sig, +- size_t sig_len) +-{ +- sss_status_t status = kStatus_SSS_Success; +- sss_asymmetric_t asymVerifyCtx; +- sss_object_t *sssObject = NULL; +- sss_algorithm_t algorithm; +- mbedtls_rsa_context *pax_ctx = (mbedtls_rsa_context *)ctx; +- +- switch (md_alg) { +- case MBEDTLS_MD_SHA1: +- algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1; +- break; +- case MBEDTLS_MD_SHA224: +- algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224; +- break; +- case MBEDTLS_MD_SHA256: +- algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256; +- break; +- case MBEDTLS_MD_SHA384: +- algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384; +- break; +- case MBEDTLS_MD_SHA512: +- algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512; +- break; +- default: +- return 1; +- } +- sssObject = (sss_object_t *)pax_ctx->pSSSObject; +- +- LOG_D("%s: Verify using key '0x%08lX'", __FUNCTION__, pax_ctx->pSSSObject->keyId); +- +- status = sss_asymmetric_context_init( +- &asymVerifyCtx, sssObject->keyStore->session, sssObject, algorithm, kMode_SSS_Verify); +- if (status != kStatus_SSS_Success) { +- LOG_E(" sss_asymmetric_context_init verify context Failed."); +- return 1; +- } +- status = sss_asymmetric_verify_digest(&asymVerifyCtx, (uint8_t *)hash, hash_len, (uint8_t *)sig, sig_len); +- if (status != kStatus_SSS_Success) { +- LOG_E(" sss_asymmetric_verify_digest Failed."); +- return 1; +- } +- +- return (0); +-} +- +-static int sss_rsakey_sign(void *ctx, +- mbedtls_md_type_t md_alg, +- const unsigned char *hash, +- size_t hash_len, +- unsigned char *sig, +- size_t *sig_len, +- int (*f_rng)(void *, unsigned char *, size_t), +- void *p_rng) +-{ +- int ret = 0; +- size_t u16_sig_len = 1024; +- sss_asymmetric_t asymVerifyCtx; +- sss_status_t status = kStatus_SSS_Success; +- sss_object_t *sssObject = NULL; +- mbedtls_rsa_context *pax_ctx = NULL; +- sss_algorithm_t algorithm; +- +- pax_ctx = (mbedtls_rsa_context *)ctx; +- sssObject = (sss_object_t *)pax_ctx->pSSSObject; +- +- switch (md_alg) { +- case MBEDTLS_MD_SHA1: +- algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1; +- break; +- case MBEDTLS_MD_SHA224: +- algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224; +- break; +- case MBEDTLS_MD_SHA256: +- algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256; +- break; +- case MBEDTLS_MD_SHA384: +- algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384; +- break; +- case MBEDTLS_MD_SHA512: +- algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512; +- break; +- default: +- return 1; +- } +- +- status = +- sss_asymmetric_context_init(&asymVerifyCtx, sssObject->keyStore->session, sssObject, algorithm, kMode_SSS_Sign); +- if (status != kStatus_SSS_Success) { +- LOG_E(" sss_asymmetric_context_init verify context Failed."); +- return 1; +- } +- +- LOG_D("%s: Signing using key '0x%08lX'", __FUNCTION__, pax_ctx->pSSSObject->keyId); +- +- status = sss_asymmetric_sign_digest(&asymVerifyCtx, (uint8_t *)hash, hash_len, sig, &u16_sig_len); +- if (status != kStatus_SSS_Success) { +- LOG_E(" sss_asymmetric_sign_digest failed."); +- return 1; +- } +- +- *sig_len = u16_sig_len; +- +- return (ret); +-} +- +-static int sss_rsakey_check_pair(const void *pub, const void *prv) +-{ +- return 0; +-} +- +-static int sss_rsakeypair_can_do(mbedtls_pk_type_t type) +-{ +- return (type == MBEDTLS_PK_RSA || type == MBEDTLS_PK_RSASSA_PSS); +-} +- +-static int sss_rsapubkey_can_do(mbedtls_pk_type_t type) +-{ +- return (type == MBEDTLS_PK_RSA || type == MBEDTLS_PK_RSASSA_PSS); +-} +- +-static void sss_rsakeypair_free_func(void *ctx) +-{ +- mbedtls_rsa_context *pax_ctx = (mbedtls_rsa_context *)ctx; +- if (pax_ctx != NULL) { +- mbedtls_free(ctx); +- } +- return; +-} +- +-static void sss_rsapubkey_free_func(void *ctx) +-{ +- mbedtls_rsa_context *pax_ctx = (mbedtls_rsa_context *)ctx; +- if (pax_ctx != NULL) { +- mbedtls_free(ctx); +- } +- return; +-} +- +-#endif /* MBEDTLS_RSA_ALT */ +- +-/** @} */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_x86_config.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_x86_config.h +deleted file mode 100644 +index a312a7970e..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls/sss_mbedtls_x86_config.h ++++ /dev/null +@@ -1,3368 +0,0 @@ +-/** +- * \file sss_mbedtls_x86_config.h +- * +- * \brief Configuration options (set of defines) +- * +- * This set of compile-time options may be used to enable +- * or disable features selectively, and reduce the global +- * memory footprint. +- */ +-/* +- * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved +- * Copyright 2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); you may +- * not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- * +- * This file is part of mbed TLS (https://tls.mbed.org) +- */ +- +-#ifndef MBEDTLS_CONFIG_X86_H +-#define MBEDTLS_CONFIG_X86_H +- +-/* clang-format off */ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#ifdef CHECK_MEMORY +- +-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +-#define _CRT_SECURE_NO_DEPRECATE 1 +-#endif +- +-#define MBEDTLS_PLATFORM_MEMORY +- +-void tstDoTraceAndFree( +- const char * szWhat, +- const char * szFunction, const unsigned int line, +- void * pWhat ); +- +-void * tstDoTraceAndCalloc( +- const char * szNUM, const char * szSize, +- const char * szFunction, const unsigned int line, +- const unsigned int num, const unsigned int size ); +- +-#define MBEDTLS_PLATFORM_FREE_MACRO(WHAT) \ +- tstDoTraceAndFree(#WHAT, __FUNCTION__, __LINE__, WHAT ) +-#define MBEDTLS_PLATFORM_CALLOC_MACRO(NUM, SIZE) \ +- tstDoTraceAndCalloc(#NUM, #SIZE, __FUNCTION__, __LINE__, NUM, SIZE ) +- +-#define MBEDTLS_MEMORY_DEBUG +-#define MBEDTLS_MEMORY_BUFFER_ALLOC_C +- +-#endif /* CHECK_MEMORY */ +- +-/** +- * \name SECTION: System support +- * +- * This section sets system specific settings. +- * \{ +- */ +- +-/** +- * \def MBEDTLS_HAVE_ASM +- * +- * The compiler has support for asm(). +- * +- * Requires support for asm() in compiler. +- * +- * Used in: +- * library/aria.c +- * library/timing.c +- * include/mbedtls/bn_mul.h +- * +- * Required by: +- * MBEDTLS_AESNI_C +- * MBEDTLS_PADLOCK_C +- * +- * Comment to disable the use of assembly code. +- */ +-#define MBEDTLS_HAVE_ASM +- +-/** +- * \def MBEDTLS_NO_UDBL_DIVISION +- * +- * The platform lacks support for double-width integer division (64-bit +- * division on a 32-bit platform, 128-bit division on a 64-bit platform). +- * +- * Used in: +- * include/mbedtls/bignum.h +- * library/bignum.c +- * +- * The bignum code uses double-width division to speed up some operations. +- * Double-width division is often implemented in software that needs to +- * be linked with the program. The presence of a double-width integer +- * type is usually detected automatically through preprocessor macros, +- * but the automatic detection cannot know whether the code needs to +- * and can be linked with an implementation of division for that type. +- * By default division is assumed to be usable if the type is present. +- * Uncomment this option to prevent the use of double-width division. +- * +- * Note that division for the native integer type is always required. +- * Furthermore, a 64-bit type is always required even on a 32-bit +- * platform, but it need not support multiplication or division. In some +- * cases it is also desirable to disable some double-width operations. For +- * example, if double-width division is implemented in software, disabling +- * it can reduce code size in some embedded targets. +- */ +-//#define MBEDTLS_NO_UDBL_DIVISION +- +-/** +- * \def MBEDTLS_NO_64BIT_MULTIPLICATION +- * +- * The platform lacks support for 32x32 -> 64-bit multiplication. +- * +- * Used in: +- * library/poly1305.c +- * +- * Some parts of the library may use multiplication of two unsigned 32-bit +- * operands with a 64-bit result in order to speed up computations. On some +- * platforms, this is not available in hardware and has to be implemented in +- * software, usually in a library provided by the toolchain. +- * +- * Sometimes it is not desirable to have to link to that library. This option +- * removes the dependency of that library on platforms that lack a hardware +- * 64-bit multiplier by embedding a software implementation in Mbed TLS. +- * +- * Note that depending on the compiler, this may decrease performance compared +- * to using the library function provided by the toolchain. +- */ +-//#define MBEDTLS_NO_64BIT_MULTIPLICATION +- +-/** +- * \def MBEDTLS_HAVE_SSE2 +- * +- * CPU supports SSE2 instruction set. +- * +- * Uncomment if the CPU supports SSE2 (IA-32 specific). +- */ +-//#define MBEDTLS_HAVE_SSE2 +- +-/** +- * \def MBEDTLS_HAVE_TIME +- * +- * System has time.h and time(). +- * The time does not need to be correct, only time differences are used, +- * by contrast with MBEDTLS_HAVE_TIME_DATE +- * +- * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT, +- * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and +- * MBEDTLS_PLATFORM_STD_TIME. +- * +- * Comment if your system does not support time functions +- */ +-#define MBEDTLS_HAVE_TIME +- +-/** +- * \def MBEDTLS_HAVE_TIME_DATE +- * +- * System has time.h, time(), and an implementation for +- * mbedtls_platform_gmtime_r() (see below). +- * The time needs to be correct (not necesarily very accurate, but at least +- * the date should be correct). This is used to verify the validity period of +- * X.509 certificates. +- * +- * Comment if your system does not have a correct clock. +- * +- * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that +- * behaves similarly to the gmtime_r() function from the C standard. Refer to +- * the documentation for mbedtls_platform_gmtime_r() for more information. +- * +- * \note It is possible to configure an implementation for +- * mbedtls_platform_gmtime_r() at compile-time by using the macro +- * MBEDTLS_PLATFORM_GMTIME_R_ALT. +- */ +-#define MBEDTLS_HAVE_TIME_DATE +- +-/** +- * \def MBEDTLS_PLATFORM_MEMORY +- * +- * Enable the memory allocation layer. +- * +- * By default mbed TLS uses the system-provided calloc() and free(). +- * This allows different allocators (self-implemented or provided) to be +- * provided to the platform abstraction layer. +- * +- * Enabling MBEDTLS_PLATFORM_MEMORY without the +- * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide +- * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and +- * free() function pointer at runtime. +- * +- * Enabling MBEDTLS_PLATFORM_MEMORY and specifying +- * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the +- * alternate function at compile time. +- * +- * Requires: MBEDTLS_PLATFORM_C +- * +- * Enable this layer to allow use of alternative memory allocators. +- */ +-//#define MBEDTLS_PLATFORM_MEMORY +- +-/** +- * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +- * +- * Do not assign standard functions in the platform layer (e.g. calloc() to +- * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) +- * +- * This makes sure there are no linking errors on platforms that do not support +- * these functions. You will HAVE to provide alternatives, either at runtime +- * via the platform_set_xxx() functions or at compile time by setting +- * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a +- * MBEDTLS_PLATFORM_XXX_MACRO. +- * +- * Requires: MBEDTLS_PLATFORM_C +- * +- * Uncomment to prevent default assignment of standard functions in the +- * platform layer. +- */ +-//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +- +-/** +- * \def MBEDTLS_PLATFORM_EXIT_ALT +- * +- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the +- * function in the platform abstraction layer. +- * +- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will +- * provide a function "mbedtls_platform_set_printf()" that allows you to set an +- * alternative printf function pointer. +- * +- * All these define require MBEDTLS_PLATFORM_C to be defined! +- * +- * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows; +- * it will be enabled automatically by check_config.h +- * +- * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as +- * MBEDTLS_PLATFORM_XXX_MACRO! +- * +- * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME +- * +- * Uncomment a macro to enable alternate implementation of specific base +- * platform function +- */ +-//#define MBEDTLS_PLATFORM_EXIT_ALT +-//#define MBEDTLS_PLATFORM_TIME_ALT +-//#define MBEDTLS_PLATFORM_FPRINTF_ALT +-//#define MBEDTLS_PLATFORM_PRINTF_ALT +-//#define MBEDTLS_PLATFORM_SNPRINTF_ALT +-//#define MBEDTLS_PLATFORM_NV_SEED_ALT +-//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT +- +-/** +- * \def MBEDTLS_DEPRECATED_WARNING +- * +- * Mark deprecated functions so that they generate a warning if used. +- * Functions deprecated in one version will usually be removed in the next +- * version. You can enable this to help you prepare the transition to a new +- * major version by making sure your code is not using these functions. +- * +- * This only works with GCC and Clang. With other compilers, you may want to +- * use MBEDTLS_DEPRECATED_REMOVED +- * +- * Uncomment to get warnings on using deprecated functions. +- */ +-//#define MBEDTLS_DEPRECATED_WARNING +- +-/** +- * \def MBEDTLS_DEPRECATED_REMOVED +- * +- * Remove deprecated functions so that they generate an error if used. +- * Functions deprecated in one version will usually be removed in the next +- * version. You can enable this to help you prepare the transition to a new +- * major version by making sure your code is not using these functions. +- * +- * Uncomment to get errors on using deprecated functions. +- */ +-//#define MBEDTLS_DEPRECATED_REMOVED +- +-/** +- * \def MBEDTLS_CHECK_PARAMS +- * +- * This configuration option controls whether the library validates more of +- * the parameters passed to it. +- * +- * When this flag is not defined, the library only attempts to validate an +- * input parameter if: (1) they may come from the outside world (such as the +- * network, the filesystem, etc.) or (2) not validating them could result in +- * internal memory errors such as overflowing a buffer controlled by the +- * library. On the other hand, it doesn't attempt to validate parameters whose +- * values are fully controlled by the application (such as pointers). +- * +- * When this flag is defined, the library additionally attempts to validate +- * parameters that are fully controlled by the application, and should always +- * be valid if the application code is fully correct and trusted. +- * +- * For example, when a function accepts as input a pointer to a buffer that may +- * contain untrusted data, and its documentation mentions that this pointer +- * must not be NULL: +- * - the pointer is checked to be non-NULL only if this option is enabled +- * - the content of the buffer is always validated +- * +- * When this flag is defined, if a library function receives a parameter that +- * is invalid, it will: +- * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a +- * call to the function mbedtls_param_failed() +- * - immediately return (with a specific error code unless the function +- * returns void and can't communicate an error). +- * +- * When defining this flag, you also need to: +- * - either provide a definition of the function mbedtls_param_failed() in +- * your application (see platform_util.h for its prototype) as the library +- * calls that function, but does not provide a default definition for it, +- * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED() +- * below if the above mechanism is not flexible enough to suit your needs. +- * See the documentation of this macro later in this file. +- * +- * Uncomment to enable validation of application-controlled parameters. +- */ +-//#define MBEDTLS_CHECK_PARAMS +- +-/* \} name SECTION: System support */ +- +-/** +- * \name SECTION: mbed TLS feature support +- * +- * This section sets support for features that are or are not needed +- * within the modules that are enabled. +- * \{ +- */ +- +-/** +- * \def MBEDTLS_TIMING_ALT +- * +- * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), +- * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() +- * +- * Only works if you have MBEDTLS_TIMING_C enabled. +- * +- * You will need to provide a header "timing_alt.h" and an implementation at +- * compile time. +- */ +-//#define MBEDTLS_TIMING_ALT +- +-/** +- * \def MBEDTLS_AES_ALT +- * +- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your +- * alternate core implementation of a symmetric crypto, an arithmetic or hash +- * module (e.g. platform specific assembly optimized implementations). Keep +- * in mind that the function prototypes should remain the same. +- * +- * This replaces the whole module. If you only want to replace one of the +- * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. +- * +- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer +- * provide the "struct mbedtls_aes_context" definition and omit the base +- * function declarations and implementations. "aes_alt.h" will be included from +- * "aes.h" to include the new function definitions. +- * +- * Uncomment a macro to enable alternate implementation of the corresponding +- * module. +- * +- * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their +- * use constitutes a security risk. If possible, we recommend +- * avoiding dependencies on them, and considering stronger message +- * digests and ciphers instead. +- * +- */ +-//#define MBEDTLS_AES_ALT +-//#define MBEDTLS_ARC4_ALT +-//#define MBEDTLS_ARIA_ALT +-//#define MBEDTLS_BLOWFISH_ALT +-//#define MBEDTLS_CAMELLIA_ALT +-//#define MBEDTLS_CCM_ALT +-//#define MBEDTLS_CHACHA20_ALT +-//#define MBEDTLS_CHACHAPOLY_ALT +-//#define MBEDTLS_CMAC_ALT +-//#define MBEDTLS_DES_ALT +-//#define MBEDTLS_DHM_ALT +-//#define MBEDTLS_ECJPAKE_ALT +-//#define MBEDTLS_GCM_ALT +-//#define MBEDTLS_NIST_KW_ALT +-//#define MBEDTLS_MD2_ALT +-//#define MBEDTLS_MD4_ALT +-//#define MBEDTLS_MD5_ALT +-//#define MBEDTLS_POLY1305_ALT +-//#define MBEDTLS_RIPEMD160_ALT +-//#define MBEDTLS_RSA_ALT +-//#define MBEDTLS_SHA1_ALT +-//#define MBEDTLS_SHA256_ALT +-//#define MBEDTLS_SHA512_ALT +-//#define MBEDTLS_XTEA_ALT +- +-/* +- * When replacing the elliptic curve module, pleace consider, that it is +- * implemented with two .c files: +- * - ecp.c +- * - ecp_curves.c +- * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT +- * macros as described above. The only difference is that you have to make sure +- * that you provide functionality for both .c files. +- */ +- +-#if defined(SSS_HAVE_ALT) && (SSS_HAVE_ALT) +-# define MBEDTLS_ECP_ALT +-# define MBEDTLS_RSA_ALT +-#endif /* SSS_HAVE_ALT */ +-//#define MBEDTLS_ECP_ALT +- +- +-/** +- * - MBEDTLS_ECDSA_VERIFY_ALT +- * To use SE for all public key ecdsa verify operation, enable MBEDTLS_ECDSA_VERIFY_ALT +- */ +- +-#if defined(SSS_HAVE_ALT) && (SSS_HAVE_ALT) +-# define MBEDTLS_ECDH_ALT +-# define MBEDTLS_ECDH_GEN_PUBLIC_ALT +-# define MBEDTLS_ECDH_COMPUTE_SHARED_ALT +-//# define MBEDTLS_ECDSA_VERIFY_ALT +-#endif /* SSS_HAVE_ALT */ +-//#define MBEDTLS_ECDH_ALT +- +-/** +- * \def MBEDTLS_MD2_PROCESS_ALT +- * +- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you +- * alternate core implementation of symmetric crypto or hash function. Keep in +- * mind that function prototypes should remain the same. +- * +- * This replaces only one function. The header file from mbed TLS is still +- * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. +- * +- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will +- * no longer provide the mbedtls_sha1_process() function, but it will still provide +- * the other function (using your mbedtls_sha1_process() function) and the definition +- * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible +- * with this definition. +- * +- * \note Because of a signature change, the core AES encryption and decryption routines are +- * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, +- * respectively. When setting up alternative implementations, these functions should +- * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt +- * must stay untouched. +- * +- * \note If you use the AES_xxx_ALT macros, then is is recommended to also set +- * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES +- * tables. +- * +- * Uncomment a macro to enable alternate implementation of the corresponding +- * function. +- * +- * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use +- * constitutes a security risk. If possible, we recommend avoiding +- * dependencies on them, and considering stronger message digests +- * and ciphers instead. +- * +- */ +-//#define MBEDTLS_MD2_PROCESS_ALT +-//#define MBEDTLS_MD4_PROCESS_ALT +-//#define MBEDTLS_MD5_PROCESS_ALT +-//#define MBEDTLS_RIPEMD160_PROCESS_ALT +-//#define MBEDTLS_SHA1_PROCESS_ALT +-//#define MBEDTLS_SHA256_PROCESS_ALT +-//#define MBEDTLS_SHA512_PROCESS_ALT +-//#define MBEDTLS_DES_SETKEY_ALT +-//#define MBEDTLS_DES_CRYPT_ECB_ALT +-//#define MBEDTLS_DES3_CRYPT_ECB_ALT +-//#define MBEDTLS_AES_SETKEY_ENC_ALT +-//#define MBEDTLS_AES_SETKEY_DEC_ALT +-//#define MBEDTLS_AES_ENCRYPT_ALT +-//#define MBEDTLS_AES_DECRYPT_ALT +-//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT +-//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT +-//#define MBEDTLS_ECDSA_VERIFY_ALT +-//#define MBEDTLS_ECDSA_SIGN_ALT +-//#define MBEDTLS_ECDSA_GENKEY_ALT +- +-/** +- * \def MBEDTLS_ECP_INTERNAL_ALT +- * +- * Expose a part of the internal interface of the Elliptic Curve Point module. +- * +- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your +- * alternative core implementation of elliptic curve arithmetic. Keep in mind +- * that function prototypes should remain the same. +- * +- * This partially replaces one function. The header file from mbed TLS is still +- * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation +- * is still present and it is used for group structures not supported by the +- * alternative. +- * +- * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT +- * and implementing the following functions: +- * unsigned char mbedtls_internal_ecp_grp_capable( +- * const mbedtls_ecp_group *grp ) +- * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ) +- * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ) +- * The mbedtls_internal_ecp_grp_capable function should return 1 if the +- * replacement functions implement arithmetic for the given group and 0 +- * otherwise. +- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are +- * called before and after each point operation and provide an opportunity to +- * implement optimized set up and tear down instructions. +- * +- * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and +- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac +- * function, but will use your mbedtls_internal_ecp_double_jac if the group is +- * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when +- * receives it as an argument). If the group is not supported then the original +- * implementation is used. The other functions and the definition of +- * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your +- * implementation of mbedtls_internal_ecp_double_jac and +- * mbedtls_internal_ecp_grp_capable must be compatible with this definition. +- * +- * Uncomment a macro to enable alternate implementation of the corresponding +- * function. +- */ +-/* Required for all the functions in this section */ +-//#define MBEDTLS_ECP_INTERNAL_ALT +-/* Support for Weierstrass curves with Jacobi representation */ +-//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT +-//#define MBEDTLS_ECP_ADD_MIXED_ALT +-//#define MBEDTLS_ECP_DOUBLE_JAC_ALT +-//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT +-//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT +-/* Support for curves with Montgomery arithmetic */ +-//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT +-//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT +-//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT +- +-/** +- * \def MBEDTLS_TEST_NULL_ENTROPY +- * +- * Enables testing and use of mbed TLS without any configured entropy sources. +- * This permits use of the library on platforms before an entropy source has +- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the +- * MBEDTLS_ENTROPY_NV_SEED switches). +- * +- * WARNING! This switch MUST be disabled in production builds, and is suitable +- * only for development. +- * Enabling the switch negates any security provided by the library. +- * +- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +- * +- */ +-//#define MBEDTLS_TEST_NULL_ENTROPY +- +-/** +- * \def MBEDTLS_ENTROPY_HARDWARE_ALT +- * +- * Uncomment this macro to let mbed TLS use your own implementation of a +- * hardware entropy collector. +- * +- * Your function must be called \c mbedtls_hardware_poll(), have the same +- * prototype as declared in entropy_poll.h, and accept NULL as first argument. +- * +- * Uncomment to use your own hardware entropy collector. +- */ +-//#define MBEDTLS_ENTROPY_HARDWARE_ALT +- +-/** +- * \def MBEDTLS_AES_ROM_TABLES +- * +- * Use precomputed AES tables stored in ROM. +- * +- * Uncomment this macro to use precomputed AES tables stored in ROM. +- * Comment this macro to generate AES tables in RAM at runtime. +- * +- * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb +- * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the +- * initialization time before the first AES operation can be performed. +- * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c +- * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded +- * performance if ROM access is slower than RAM access. +- * +- * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. +- * +- */ +-//#define MBEDTLS_AES_ROM_TABLES +- +-/** +- * \def MBEDTLS_AES_FEWER_TABLES +- * +- * Use less ROM/RAM for AES tables. +- * +- * Uncommenting this macro omits 75% of the AES tables from +- * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) +- * by computing their values on the fly during operations +- * (the tables are entry-wise rotations of one another). +- * +- * Tradeoff: Uncommenting this reduces the RAM / ROM footprint +- * by ~6kb but at the cost of more arithmetic operations during +- * runtime. Specifically, one has to compare 4 accesses within +- * different tables to 4 accesses with additional arithmetic +- * operations within the same table. The performance gain/loss +- * depends on the system and memory details. +- * +- * This option is independent of \c MBEDTLS_AES_ROM_TABLES. +- * +- */ +-//#define MBEDTLS_AES_FEWER_TABLES +- +-/** +- * \def MBEDTLS_CAMELLIA_SMALL_MEMORY +- * +- * Use less ROM for the Camellia implementation (saves about 768 bytes). +- * +- * Uncomment this macro to use less memory for Camellia. +- */ +-//#define MBEDTLS_CAMELLIA_SMALL_MEMORY +- +-/** +- * \def MBEDTLS_CIPHER_MODE_CBC +- * +- * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. +- */ +-#define MBEDTLS_CIPHER_MODE_CBC +- +-/** +- * \def MBEDTLS_CIPHER_MODE_CFB +- * +- * Enable Cipher Feedback mode (CFB) for symmetric ciphers. +- */ +-#define MBEDTLS_CIPHER_MODE_CFB +- +-/** +- * \def MBEDTLS_CIPHER_MODE_CTR +- * +- * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. +- */ +-#define MBEDTLS_CIPHER_MODE_CTR +- +-/** +- * \def MBEDTLS_CIPHER_MODE_OFB +- * +- * Enable Output Feedback mode (OFB) for symmetric ciphers. +- */ +-#define MBEDTLS_CIPHER_MODE_OFB +- +-/** +- * \def MBEDTLS_CIPHER_MODE_XTS +- * +- * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. +- */ +-#define MBEDTLS_CIPHER_MODE_XTS +- +-/** +- * \def MBEDTLS_CIPHER_NULL_CIPHER +- * +- * Enable NULL cipher. +- * Warning: Only do so when you know what you are doing. This allows for +- * encryption or channels without any security! +- * +- * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable +- * the following ciphersuites: +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA +- * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA +- * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA +- * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA +- * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 +- * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 +- * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA +- * MBEDTLS_TLS_RSA_WITH_NULL_SHA256 +- * MBEDTLS_TLS_RSA_WITH_NULL_SHA +- * MBEDTLS_TLS_RSA_WITH_NULL_MD5 +- * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 +- * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 +- * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA +- * MBEDTLS_TLS_PSK_WITH_NULL_SHA384 +- * MBEDTLS_TLS_PSK_WITH_NULL_SHA256 +- * MBEDTLS_TLS_PSK_WITH_NULL_SHA +- * +- * Uncomment this macro to enable the NULL cipher and ciphersuites +- */ +-//#define MBEDTLS_CIPHER_NULL_CIPHER +- +-/** +- * \def MBEDTLS_CIPHER_PADDING_PKCS7 +- * +- * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for +- * specific padding modes in the cipher layer with cipher modes that support +- * padding (e.g. CBC) +- * +- * If you disable all padding modes, only full blocks can be used with CBC. +- * +- * Enable padding modes in the cipher layer. +- */ +-#define MBEDTLS_CIPHER_PADDING_PKCS7 +-#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS +-#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN +-#define MBEDTLS_CIPHER_PADDING_ZEROS +- +-/** +- * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES +- * +- * Enable weak ciphersuites in SSL / TLS. +- * Warning: Only do so when you know what you are doing. This allows for +- * channels with virtually no security at all! +- * +- * This enables the following ciphersuites: +- * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA +- * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA +- * +- * Uncomment this macro to enable weak ciphersuites +- * +- * \warning DES is considered a weak cipher and its use constitutes a +- * security risk. We recommend considering stronger ciphers instead. +- */ +-//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES +- +-/** +- * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES +- * +- * Remove RC4 ciphersuites by default in SSL / TLS. +- * This flag removes the ciphersuites based on RC4 from the default list as +- * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to +- * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them +- * explicitly. +- * +- * Uncomment this macro to remove RC4 ciphersuites by default. +- */ +-#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES +- +-/** +- * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES +- * +- * Remove 3DES ciphersuites by default in SSL / TLS. +- * This flag removes the ciphersuites based on 3DES from the default list as +- * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible +- * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including +- * them explicitly. +- * +- * A man-in-the-browser attacker can recover authentication tokens sent through +- * a TLS connection using a 3DES based cipher suite (see "On the Practical +- * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan +- * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls +- * in your threat model or you are unsure, then you should keep this option +- * enabled to remove 3DES based cipher suites. +- * +- * Comment this macro to keep 3DES in the default ciphersuite list. +- */ +-#define MBEDTLS_REMOVE_3DES_CIPHERSUITES +- +-/** +- * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED +- * +- * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve +- * module. By default all supported curves are enabled. +- * +- * Comment macros to disable the curve and functions for it +- */ +-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED +-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED +-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED +-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED +-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED +-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED +-#define MBEDTLS_ECP_DP_BP256R1_ENABLED +-#define MBEDTLS_ECP_DP_BP384R1_ENABLED +-#define MBEDTLS_ECP_DP_BP512R1_ENABLED +-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +-#define MBEDTLS_ECP_DP_CURVE448_ENABLED +- +-#ifdef TGT_A71CH +-# undef MBEDTLS_ECP_DP_SECP192R1_ENABLED +-# undef MBEDTLS_ECP_DP_SECP224R1_ENABLED +-# undef MBEDTLS_ECP_DP_SECP384R1_ENABLED +-# undef MBEDTLS_ECP_DP_SECP521R1_ENABLED +-# undef MBEDTLS_ECP_DP_SECP192K1_ENABLED +-# undef MBEDTLS_ECP_DP_SECP224K1_ENABLED +-# undef MBEDTLS_ECP_DP_SECP256K1_ENABLED +-# undef MBEDTLS_ECP_DP_BP256R1_ENABLED +-# undef MBEDTLS_ECP_DP_BP384R1_ENABLED +-# undef MBEDTLS_ECP_DP_BP512R1_ENABLED +-# undef MBEDTLS_ECP_DP_CURVE25519_ENABLED +-# undef MBEDTLS_ECP_DP_CURVE448_ENABLED +-#endif +- +- +-/** +- * \def MBEDTLS_ECP_NIST_OPTIM +- * +- * Enable specific 'modulo p' routines for each NIST prime. +- * Depending on the prime and architecture, makes operations 4 to 8 times +- * faster on the corresponding curve. +- * +- * Comment this macro to disable NIST curves optimisation. +- */ +-#define MBEDTLS_ECP_NIST_OPTIM +- +-/** +- * \def MBEDTLS_ECP_RESTARTABLE +- * +- * Enable "non-blocking" ECC operations that can return early and be resumed. +- * +- * This allows various functions to pause by returning +- * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, +- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in +- * order to further progress and eventually complete their operation. This is +- * controlled through mbedtls_ecp_set_max_ops() which limits the maximum +- * number of ECC operations a function may perform before pausing; see +- * mbedtls_ecp_set_max_ops() for more information. +- * +- * This is useful in non-threaded environments if you want to avoid blocking +- * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. +- * +- * Uncomment this macro to enable restartable ECC computations. +- * +- * \note This option only works with the default software implementation of +- * elliptic curve functionality. It is incompatible with +- * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT. +- */ +-//#define MBEDTLS_ECP_RESTARTABLE +- +-/** +- * \def MBEDTLS_ECDSA_DETERMINISTIC +- * +- * Enable deterministic ECDSA (RFC 6979). +- * Standard ECDSA is "fragile" in the sense that lack of entropy when signing +- * may result in a compromise of the long-term signing key. This is avoided by +- * the deterministic variant. +- * +- * Requires: MBEDTLS_HMAC_DRBG_C +- * +- * Comment this macro to disable deterministic ECDSA. +- */ +-#define MBEDTLS_ECDSA_DETERMINISTIC +- +-/** +- * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +- * +- * Enable the PSK based ciphersuite modes in SSL / TLS. +- * +- * This enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA +- */ +-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +- +-/** +- * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +- * +- * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. +- * +- * Requires: MBEDTLS_DHM_C +- * +- * This enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA +- * +- * \warning Using DHE constitutes a security risk as it +- * is not possible to validate custom DH parameters. +- * If possible, it is recommended users should consider +- * preferring other methods of key exchange. +- * See dhm.h for more details. +- * +- */ +-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +- +-/** +- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +- * +- * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. +- * +- * Requires: MBEDTLS_ECDH_C +- * +- * This enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA +- */ +-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +- +-/** +- * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED +- * +- * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. +- * +- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, +- * MBEDTLS_X509_CRT_PARSE_C +- * +- * This enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA +- */ +-#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED +- +-/** +- * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +- * +- * Enable the RSA-only based ciphersuite modes in SSL / TLS. +- * +- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, +- * MBEDTLS_X509_CRT_PARSE_C +- * +- * This enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 +- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 +- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA +- * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA +- * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA +- * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 +- */ +-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +- +-/** +- * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +- * +- * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. +- * +- * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, +- * MBEDTLS_X509_CRT_PARSE_C +- * +- * This enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA +- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA +- * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA +- * +- * \warning Using DHE constitutes a security risk as it +- * is not possible to validate custom DH parameters. +- * If possible, it is recommended users should consider +- * preferring other methods of key exchange. +- * See dhm.h for more details. +- * +- */ +-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +- +-/** +- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +- * +- * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. +- * +- * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, +- * MBEDTLS_X509_CRT_PARSE_C +- * +- * This enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA +- */ +-#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +- +-/** +- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +- * +- * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. +- * +- * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C, +- * +- * This enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +- */ +-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +- +-/** +- * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +- * +- * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. +- * +- * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C +- * +- * This enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 +- */ +-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +- +-/** +- * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +- * +- * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. +- * +- * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C +- * +- * This enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA +- * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 +- */ +-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +- +-/** +- * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +- * +- * Enable the ECJPAKE based ciphersuite modes in SSL / TLS. +- * +- * \warning This is currently experimental. EC J-PAKE support is based on the +- * Thread v1.0.0 specification; incompatible changes to the specification +- * might still happen. For this reason, this is disabled by default. +- * +- * Requires: MBEDTLS_ECJPAKE_C +- * MBEDTLS_SHA256_C +- * MBEDTLS_ECP_DP_SECP256R1_ENABLED +- * +- * This enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 +- */ +-//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +- +-/** +- * \def MBEDTLS_PK_PARSE_EC_EXTENDED +- * +- * Enhance support for reading EC keys using variants of SEC1 not allowed by +- * RFC 5915 and RFC 5480. +- * +- * Currently this means parsing the SpecifiedECDomain choice of EC +- * parameters (only known groups are supported, not arbitrary domains, to +- * avoid validation issues). +- * +- * Disable if you only need to support RFC 5915 + 5480 key formats. +- */ +-#define MBEDTLS_PK_PARSE_EC_EXTENDED +- +-/** +- * \def MBEDTLS_ERROR_STRERROR_DUMMY +- * +- * Enable a dummy error function to make use of mbedtls_strerror() in +- * third party libraries easier when MBEDTLS_ERROR_C is disabled +- * (no effect when MBEDTLS_ERROR_C is enabled). +- * +- * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're +- * not using mbedtls_strerror() or error_strerror() in your application. +- * +- * Disable if you run into name conflicts and want to really remove the +- * mbedtls_strerror() +- */ +-#define MBEDTLS_ERROR_STRERROR_DUMMY +- +-/** +- * \def MBEDTLS_GENPRIME +- * +- * Enable the prime-number generation code. +- * +- * Requires: MBEDTLS_BIGNUM_C +- */ +-#define MBEDTLS_GENPRIME +- +-/** +- * \def MBEDTLS_FS_IO +- * +- * Enable functions that use the filesystem. +- */ +-#define MBEDTLS_FS_IO +- +-/** +- * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +- * +- * Do not add default entropy sources. These are the platform specific, +- * mbedtls_timing_hardclock and HAVEGE based poll functions. +- * +- * This is useful to have more control over the added entropy sources in an +- * application. +- * +- * Uncomment this macro to prevent loading of default entropy functions. +- */ +-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +- +-/** +- * \def MBEDTLS_NO_PLATFORM_ENTROPY +- * +- * Do not use built-in platform entropy functions. +- * This is useful if your platform does not support +- * standards like the /dev/urandom or Windows CryptoAPI. +- * +- * Uncomment this macro to disable the built-in platform entropy functions. +- */ +-//#define MBEDTLS_NO_PLATFORM_ENTROPY +- +-/** +- * \def MBEDTLS_ENTROPY_FORCE_SHA256 +- * +- * Force the entropy accumulator to use a SHA-256 accumulator instead of the +- * default SHA-512 based one (if both are available). +- * +- * Requires: MBEDTLS_SHA256_C +- * +- * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option +- * if you have performance concerns. +- * +- * This option is only useful if both MBEDTLS_SHA256_C and +- * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used. +- */ +-//#define MBEDTLS_ENTROPY_FORCE_SHA256 +- +-/** +- * \def MBEDTLS_ENTROPY_NV_SEED +- * +- * Enable the non-volatile (NV) seed file-based entropy source. +- * (Also enables the NV seed read/write functions in the platform layer) +- * +- * This is crucial (if not required) on systems that do not have a +- * cryptographic entropy source (in hardware or kernel) available. +- * +- * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C +- * +- * \note The read/write functions that are used by the entropy source are +- * determined in the platform layer, and can be modified at runtime and/or +- * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. +- * +- * \note If you use the default implementation functions that read a seedfile +- * with regular fopen(), please make sure you make a seedfile with the +- * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at +- * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from +- * and written to or you will get an entropy source error! The default +- * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE +- * bytes from the file. +- * +- * \note The entropy collector will write to the seed file before entropy is +- * given to an external source, to update it. +- */ +-//#define MBEDTLS_ENTROPY_NV_SEED +- +-/** +- * \def MBEDTLS_MEMORY_DEBUG +- * +- * Enable debugging of buffer allocator memory issues. Automatically prints +- * (to stderr) all (fatal) messages on memory allocation issues. Enables +- * function for 'debug output' of allocated memory. +- * +- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C +- * +- * Uncomment this macro to let the buffer allocator print out error messages. +- */ +-//#define MBEDTLS_MEMORY_DEBUG +- +-/** +- * \def MBEDTLS_MEMORY_BACKTRACE +- * +- * Include backtrace information with each allocated block. +- * +- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C +- * GLIBC-compatible backtrace() an backtrace_symbols() support +- * +- * Uncomment this macro to include backtrace information +- */ +-//#define MBEDTLS_MEMORY_BACKTRACE +- +-/** +- * \def MBEDTLS_PK_RSA_ALT_SUPPORT +- * +- * Support external private RSA keys (eg from a HSM) in the PK layer. +- * +- * Comment this macro to disable support for external private RSA keys. +- */ +-#define MBEDTLS_PK_RSA_ALT_SUPPORT +- +-/** +- * \def MBEDTLS_PKCS1_V15 +- * +- * Enable support for PKCS#1 v1.5 encoding. +- * +- * Requires: MBEDTLS_RSA_C +- * +- * This enables support for PKCS#1 v1.5 operations. +- */ +-#define MBEDTLS_PKCS1_V15 +- +-/** +- * \def MBEDTLS_PKCS1_V21 +- * +- * Enable support for PKCS#1 v2.1 encoding. +- * +- * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C +- * +- * This enables support for RSAES-OAEP and RSASSA-PSS operations. +- */ +-#define MBEDTLS_PKCS1_V21 +- +-/** +- * \def MBEDTLS_RSA_NO_CRT +- * +- * Do not use the Chinese Remainder Theorem +- * for the RSA private operation. +- * +- * Uncomment this macro to disable the use of CRT in RSA. +- * +- */ +-//#define MBEDTLS_RSA_NO_CRT +- +-/** +- * \def MBEDTLS_SELF_TEST +- * +- * Enable the checkup functions (*_self_test). +- */ +-//#define MBEDTLS_SELF_TEST +- +-/** +- * \def MBEDTLS_SHA256_SMALLER +- * +- * Enable an implementation of SHA-256 that has lower ROM footprint but also +- * lower performance. +- * +- * The default implementation is meant to be a reasonnable compromise between +- * performance and size. This version optimizes more aggressively for size at +- * the expense of performance. Eg on Cortex-M4 it reduces the size of +- * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about +- * 30%. +- * +- * Uncomment to enable the smaller implementation of SHA256. +- */ +-//#define MBEDTLS_SHA256_SMALLER +- +-/** +- * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES +- * +- * Enable sending of alert messages in case of encountered errors as per RFC. +- * If you choose not to send the alert messages, mbed TLS can still communicate +- * with other servers, only debugging of failures is harder. +- * +- * The advantage of not sending alert messages, is that no information is given +- * about reasons for failures thus preventing adversaries of gaining intel. +- * +- * Enable sending of all alert messages +- */ +-#define MBEDTLS_SSL_ALL_ALERT_MESSAGES +- +-/** +- * \def MBEDTLS_SSL_ASYNC_PRIVATE +- * +- * Enable asynchronous external private key operations in SSL. This allows +- * you to configure an SSL connection to call an external cryptographic +- * module to perform private key operations instead of performing the +- * operation inside the library. +- * +- */ +-//#define MBEDTLS_SSL_ASYNC_PRIVATE +- +-/** +- * \def MBEDTLS_SSL_DEBUG_ALL +- * +- * Enable the debug messages in SSL module for all issues. +- * Debug messages have been disabled in some places to prevent timing +- * attacks due to (unbalanced) debugging function calls. +- * +- * If you need all error reporting you should enable this during debugging, +- * but remove this for production servers that should log as well. +- * +- * Uncomment this macro to report all debug messages on errors introducing +- * a timing side-channel. +- * +- */ +-//#define MBEDTLS_SSL_DEBUG_ALL +- +-/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC +- * +- * Enable support for Encrypt-then-MAC, RFC 7366. +- * +- * This allows peers that both support it to use a more robust protection for +- * ciphersuites using CBC, providing deep resistance against timing attacks +- * on the padding or underlying cipher. +- * +- * This only affects CBC ciphersuites, and is useless if none is defined. +- * +- * Requires: MBEDTLS_SSL_PROTO_TLS1 or +- * MBEDTLS_SSL_PROTO_TLS1_1 or +- * MBEDTLS_SSL_PROTO_TLS1_2 +- * +- * Comment this macro to disable support for Encrypt-then-MAC +- */ +-#define MBEDTLS_SSL_ENCRYPT_THEN_MAC +- +-/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET +- * +- * Enable support for Extended Master Secret, aka Session Hash +- * (draft-ietf-tls-session-hash-02). +- * +- * This was introduced as "the proper fix" to the Triple Handshake familiy of +- * attacks, but it is recommended to always use it (even if you disable +- * renegotiation), since it actually fixes a more fundamental issue in the +- * original SSL/TLS design, and has implications beyond Triple Handshake. +- * +- * Requires: MBEDTLS_SSL_PROTO_TLS1 or +- * MBEDTLS_SSL_PROTO_TLS1_1 or +- * MBEDTLS_SSL_PROTO_TLS1_2 +- * +- * Comment this macro to disable support for Extended Master Secret. +- */ +-#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET +- +-/** +- * \def MBEDTLS_SSL_FALLBACK_SCSV +- * +- * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). +- * +- * For servers, it is recommended to always enable this, unless you support +- * only one version of TLS, or know for sure that none of your clients +- * implements a fallback strategy. +- * +- * For clients, you only need this if you're using a fallback strategy, which +- * is not recommended in the first place, unless you absolutely need it to +- * interoperate with buggy (version-intolerant) servers. +- * +- * Comment this macro to disable support for FALLBACK_SCSV +- */ +-#define MBEDTLS_SSL_FALLBACK_SCSV +- +-/** +- * \def MBEDTLS_SSL_HW_RECORD_ACCEL +- * +- * Enable hooking functions in SSL module for hardware acceleration of +- * individual records. +- * +- * Uncomment this macro to enable hooking functions. +- */ +-//#define MBEDTLS_SSL_HW_RECORD_ACCEL +- +-/** +- * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING +- * +- * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. +- * +- * This is a countermeasure to the BEAST attack, which also minimizes the risk +- * of interoperability issues compared to sending 0-length records. +- * +- * Comment this macro to disable 1/n-1 record splitting. +- */ +-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING +- +-/** +- * \def MBEDTLS_SSL_RENEGOTIATION +- * +- * Enable support for TLS renegotiation. +- * +- * The two main uses of renegotiation are (1) refresh keys on long-lived +- * connections and (2) client authentication after the initial handshake. +- * If you don't need renegotiation, it's probably better to disable it, since +- * it has been associated with security issues in the past and is easy to +- * misuse/misunderstand. +- * +- * Comment this to disable support for renegotiation. +- * +- * \note Even if this option is disabled, both client and server are aware +- * of the Renegotiation Indication Extension (RFC 5746) used to +- * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). +- * (See \c mbedtls_ssl_conf_legacy_renegotiation for the +- * configuration of this extension). +- * +- */ +-#define MBEDTLS_SSL_RENEGOTIATION +- +-/** +- * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO +- * +- * Enable support for receiving and parsing SSLv2 Client Hello messages for the +- * SSL Server module (MBEDTLS_SSL_SRV_C). +- * +- * Uncomment this macro to enable support for SSLv2 Client Hello messages. +- */ +-//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO +- +-/** +- * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE +- * +- * Pick the ciphersuite according to the client's preferences rather than ours +- * in the SSL Server module (MBEDTLS_SSL_SRV_C). +- * +- * Uncomment this macro to respect client's ciphersuite order +- */ +-//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE +- +-/** +- * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +- * +- * Enable support for RFC 6066 max_fragment_length extension in SSL. +- * +- * Comment this macro to disable support for the max_fragment_length extension +- */ +-#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +- +-/** +- * \def MBEDTLS_SSL_PROTO_SSL3 +- * +- * Enable support for SSL 3.0. +- * +- * Requires: MBEDTLS_MD5_C +- * MBEDTLS_SHA1_C +- * +- * Comment this macro to disable support for SSL 3.0 +- */ +-//#define MBEDTLS_SSL_PROTO_SSL3 +- +-/** +- * \def MBEDTLS_SSL_PROTO_TLS1 +- * +- * Enable support for TLS 1.0. +- * +- * Requires: MBEDTLS_MD5_C +- * MBEDTLS_SHA1_C +- * +- * Comment this macro to disable support for TLS 1.0 +- */ +-#define MBEDTLS_SSL_PROTO_TLS1 +- +-/** +- * \def MBEDTLS_SSL_PROTO_TLS1_1 +- * +- * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). +- * +- * Requires: MBEDTLS_MD5_C +- * MBEDTLS_SHA1_C +- * +- * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 +- */ +-#define MBEDTLS_SSL_PROTO_TLS1_1 +- +-/** +- * \def MBEDTLS_SSL_PROTO_TLS1_2 +- * +- * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). +- * +- * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C +- * (Depends on ciphersuites) +- * +- * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 +- */ +-#define MBEDTLS_SSL_PROTO_TLS1_2 +- +-/** +- * \def MBEDTLS_SSL_PROTO_DTLS +- * +- * Enable support for DTLS (all available versions). +- * +- * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, +- * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. +- * +- * Requires: MBEDTLS_SSL_PROTO_TLS1_1 +- * or MBEDTLS_SSL_PROTO_TLS1_2 +- * +- * Comment this macro to disable support for DTLS +- */ +-#define MBEDTLS_SSL_PROTO_DTLS +- +-/** +- * \def MBEDTLS_SSL_ALPN +- * +- * Enable support for RFC 7301 Application Layer Protocol Negotiation. +- * +- * Comment this macro to disable support for ALPN. +- */ +-#define MBEDTLS_SSL_ALPN +- +-/** +- * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY +- * +- * Enable support for the anti-replay mechanism in DTLS. +- * +- * Requires: MBEDTLS_SSL_TLS_C +- * MBEDTLS_SSL_PROTO_DTLS +- * +- * \warning Disabling this is often a security risk! +- * See mbedtls_ssl_conf_dtls_anti_replay() for details. +- * +- * Comment this to disable anti-replay in DTLS. +- */ +-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY +- +-/** +- * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY +- * +- * Enable support for HelloVerifyRequest on DTLS servers. +- * +- * This feature is highly recommended to prevent DTLS servers being used as +- * amplifiers in DoS attacks against other hosts. It should always be enabled +- * unless you know for sure amplification cannot be a problem in the +- * environment in which your server operates. +- * +- * \warning Disabling this can ba a security risk! (see above) +- * +- * Requires: MBEDTLS_SSL_PROTO_DTLS +- * +- * Comment this to disable support for HelloVerifyRequest. +- */ +-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY +- +-/** +- * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +- * +- * Enable server-side support for clients that reconnect from the same port. +- * +- * Some clients unexpectedly close the connection and try to reconnect using the +- * same source port. This needs special support from the server to handle the +- * new connection securely, as described in section 4.2.8 of RFC 6347. This +- * flag enables that support. +- * +- * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY +- * +- * Comment this to disable support for clients reusing the source port. +- */ +-#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +- +-/** +- * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT +- * +- * Enable support for a limit of records with bad MAC. +- * +- * See mbedtls_ssl_conf_dtls_badmac_limit(). +- * +- * Requires: MBEDTLS_SSL_PROTO_DTLS +- */ +-#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT +- +-/** +- * \def MBEDTLS_SSL_SESSION_TICKETS +- * +- * Enable support for RFC 5077 session tickets in SSL. +- * Client-side, provides full support for session tickets (maintainance of a +- * session store remains the responsibility of the application, though). +- * Server-side, you also need to provide callbacks for writing and parsing +- * tickets, including authenticated encryption and key management. Example +- * callbacks are provided by MBEDTLS_SSL_TICKET_C. +- * +- * Comment this macro to disable support for SSL session tickets +- */ +-#define MBEDTLS_SSL_SESSION_TICKETS +- +-/** +- * \def MBEDTLS_SSL_EXPORT_KEYS +- * +- * Enable support for exporting key block and master secret. +- * This is required for certain users of TLS, e.g. EAP-TLS. +- * +- * Comment this macro to disable support for key export +- */ +-#define MBEDTLS_SSL_EXPORT_KEYS +- +-/** +- * \def MBEDTLS_SSL_SERVER_NAME_INDICATION +- * +- * Enable support for RFC 6066 server name indication (SNI) in SSL. +- * +- * Requires: MBEDTLS_X509_CRT_PARSE_C +- * +- * Comment this macro to disable support for server name indication in SSL +- */ +-#define MBEDTLS_SSL_SERVER_NAME_INDICATION +- +-/** +- * \def MBEDTLS_SSL_TRUNCATED_HMAC +- * +- * Enable support for RFC 6066 truncated HMAC in SSL. +- * +- * Comment this macro to disable support for truncated HMAC in SSL +- */ +-#define MBEDTLS_SSL_TRUNCATED_HMAC +- +-/** +- * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT +- * +- * Fallback to old (pre-2.7), non-conforming implementation of the truncated +- * HMAC extension which also truncates the HMAC key. Note that this option is +- * only meant for a transitory upgrade period and is likely to be removed in +- * a future version of the library. +- * +- * \warning The old implementation is non-compliant and has a security weakness +- * (2^80 brute force attack on the HMAC key used for a single, +- * uninterrupted connection). This should only be enabled temporarily +- * when (1) the use of truncated HMAC is essential in order to save +- * bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use +- * the fixed implementation yet (pre-2.7). +- * +- * \deprecated This option is deprecated and will likely be removed in a +- * future version of Mbed TLS. +- * +- * Uncomment to fallback to old, non-compliant truncated HMAC implementation. +- * +- * Requires: MBEDTLS_SSL_TRUNCATED_HMAC +- */ +-//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT +- +-/** +- * \def MBEDTLS_THREADING_ALT +- * +- * Provide your own alternate threading implementation. +- * +- * Requires: MBEDTLS_THREADING_C +- * +- * Uncomment this to allow your own alternate threading implementation. +- */ +-//#define MBEDTLS_THREADING_ALT +- +-/** +- * \def MBEDTLS_THREADING_PTHREAD +- * +- * Enable the pthread wrapper layer for the threading layer. +- * +- * Requires: MBEDTLS_THREADING_C +- * +- * Uncomment this to enable pthread mutexes. +- */ +-//#define MBEDTLS_THREADING_PTHREAD +- +-/** +- * \def MBEDTLS_VERSION_FEATURES +- * +- * Allow run-time checking of compile-time enabled features. Thus allowing users +- * to check at run-time if the library is for instance compiled with threading +- * support via mbedtls_version_check_feature(). +- * +- * Requires: MBEDTLS_VERSION_C +- * +- * Comment this to disable run-time checking and save ROM space +- */ +-#define MBEDTLS_VERSION_FEATURES +- +-/** +- * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 +- * +- * If set, the X509 parser will not break-off when parsing an X509 certificate +- * and encountering an extension in a v1 or v2 certificate. +- * +- * Uncomment to prevent an error. +- */ +-//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 +- +-/** +- * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +- * +- * If set, the X509 parser will not break-off when parsing an X509 certificate +- * and encountering an unknown critical extension. +- * +- * \warning Depending on your PKI use, enabling this can be a security risk! +- * +- * Uncomment to prevent an error. +- */ +-//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +- +-/** +- * \def MBEDTLS_X509_CHECK_KEY_USAGE +- * +- * Enable verification of the keyUsage extension (CA and leaf certificates). +- * +- * Disabling this avoids problems with mis-issued and/or misused +- * (intermediate) CA and leaf certificates. +- * +- * \warning Depending on your PKI use, disabling this can be a security risk! +- * +- * Comment to skip keyUsage checking for both CA and leaf certificates. +- */ +-#define MBEDTLS_X509_CHECK_KEY_USAGE +- +-/** +- * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE +- * +- * Enable verification of the extendedKeyUsage extension (leaf certificates). +- * +- * Disabling this avoids problems with mis-issued and/or misused certificates. +- * +- * \warning Depending on your PKI use, disabling this can be a security risk! +- * +- * Comment to skip extendedKeyUsage checking for certificates. +- */ +-#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE +- +-/** +- * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT +- * +- * Enable parsing and verification of X.509 certificates, CRLs and CSRS +- * signed with RSASSA-PSS (aka PKCS#1 v2.1). +- * +- * Comment this macro to disallow using RSASSA-PSS in certificates. +- */ +-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT +- +-/** +- * \def MBEDTLS_ZLIB_SUPPORT +- * +- * If set, the SSL/TLS module uses ZLIB to support compression and +- * decompression of packet data. +- * +- * \warning TLS-level compression MAY REDUCE SECURITY! See for example the +- * CRIME attack. Before enabling this option, you should examine with care if +- * CRIME or similar exploits may be a applicable to your use case. +- * +- * \note Currently compression can't be used with DTLS. +- * +- * \deprecated This feature is deprecated and will be removed +- * in the next major revision of the library. +- * +- * Used in: library/ssl_tls.c +- * library/ssl_cli.c +- * library/ssl_srv.c +- * +- * This feature requires zlib library and headers to be present. +- * +- * Uncomment to enable use of ZLIB +- */ +-//#define MBEDTLS_ZLIB_SUPPORT +-/* \} name SECTION: mbed TLS feature support */ +- +-/** +- * \name SECTION: mbed TLS modules +- * +- * This section enables or disables entire modules in mbed TLS +- * \{ +- */ +- +-/** +- * \def MBEDTLS_AESNI_C +- * +- * Enable AES-NI support on x86-64. +- * +- * Module: library/aesni.c +- * Caller: library/aes.c +- * +- * Requires: MBEDTLS_HAVE_ASM +- * +- * This modules adds support for the AES-NI instructions on x86-64 +- */ +-#define MBEDTLS_AESNI_C +- +-/** +- * \def MBEDTLS_AES_C +- * +- * Enable the AES block cipher. +- * +- * Module: library/aes.c +- * Caller: library/cipher.c +- * library/pem.c +- * library/ctr_drbg.c +- * +- * This module enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 +- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA +- * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 +- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 +- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA +- * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 +- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 +- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA +- * +- * PEM_PARSE uses AES for decrypting encrypted keys. +- */ +-#define MBEDTLS_AES_C +- +-/** +- * \def MBEDTLS_ARC4_C +- * +- * Enable the ARCFOUR stream cipher. +- * +- * Module: library/arc4.c +- * Caller: library/cipher.c +- * +- * This module enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA +- * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +- * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA +- * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA +- * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA +- * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA +- * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 +- * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA +- * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA +- * +- * \warning ARC4 is considered a weak cipher and its use constitutes a +- * security risk. If possible, we recommend avoidng dependencies on +- * it, and considering stronger ciphers instead. +- * +- */ +-#define MBEDTLS_ARC4_C +- +-/** +- * \def MBEDTLS_ASN1_PARSE_C +- * +- * Enable the generic ASN1 parser. +- * +- * Module: library/asn1.c +- * Caller: library/x509.c +- * library/dhm.c +- * library/pkcs12.c +- * library/pkcs5.c +- * library/pkparse.c +- */ +-#define MBEDTLS_ASN1_PARSE_C +- +-/** +- * \def MBEDTLS_ASN1_WRITE_C +- * +- * Enable the generic ASN1 writer. +- * +- * Module: library/asn1write.c +- * Caller: library/ecdsa.c +- * library/pkwrite.c +- * library/x509_create.c +- * library/x509write_crt.c +- * library/x509write_csr.c +- */ +-#define MBEDTLS_ASN1_WRITE_C +- +-/** +- * \def MBEDTLS_BASE64_C +- * +- * Enable the Base64 module. +- * +- * Module: library/base64.c +- * Caller: library/pem.c +- * +- * This module is required for PEM support (required by X.509). +- */ +-#define MBEDTLS_BASE64_C +- +-/** +- * \def MBEDTLS_BIGNUM_C +- * +- * Enable the multi-precision integer library. +- * +- * Module: library/bignum.c +- * Caller: library/dhm.c +- * library/ecp.c +- * library/ecdsa.c +- * library/rsa.c +- * library/rsa_internal.c +- * library/ssl_tls.c +- * +- * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. +- */ +-#define MBEDTLS_BIGNUM_C +- +-/** +- * \def MBEDTLS_BLOWFISH_C +- * +- * Enable the Blowfish block cipher. +- * +- * Module: library/blowfish.c +- */ +-#define MBEDTLS_BLOWFISH_C +- +-/** +- * \def MBEDTLS_CAMELLIA_C +- * +- * Enable the Camellia block cipher. +- * +- * Module: library/camellia.c +- * Caller: library/cipher.c +- * +- * This module enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA +- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 +- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA +- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA +- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 +- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 +- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 +- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 +- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 +- */ +-#define MBEDTLS_CAMELLIA_C +- +-/** +- * \def MBEDTLS_ARIA_C +- * +- * Enable the ARIA block cipher. +- * +- * Module: library/aria.c +- * Caller: library/cipher.c +- * +- * This module enables the following ciphersuites (if other requisites are +- * enabled as well): +- * +- * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 +- * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 +- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 +- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 +- * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 +- * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 +- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 +- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 +- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 +- * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 +- * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 +- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 +- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 +- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 +- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 +- * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 +- * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 +- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 +- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 +- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 +- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 +- * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 +- */ +-//#define MBEDTLS_ARIA_C +- +-/** +- * \def MBEDTLS_CCM_C +- * +- * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. +- * +- * Module: library/ccm.c +- * +- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C +- * +- * This module enables the AES-CCM ciphersuites, if other requisites are +- * enabled as well. +- */ +-#define MBEDTLS_CCM_C +- +-/** +- * \def MBEDTLS_CERTS_C +- * +- * Enable the test certificates. +- * +- * Module: library/certs.c +- * Caller: +- * +- * This module is used for testing (ssl_client/server). +- */ +-#define MBEDTLS_CERTS_C +- +-/** +- * \def MBEDTLS_CHACHA20_C +- * +- * Enable the ChaCha20 stream cipher. +- * +- * Module: library/chacha20.c +- */ +-#define MBEDTLS_CHACHA20_C +- +-/** +- * \def MBEDTLS_CHACHAPOLY_C +- * +- * Enable the ChaCha20-Poly1305 AEAD algorithm. +- * +- * Module: library/chachapoly.c +- * +- * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C +- */ +-#define MBEDTLS_CHACHAPOLY_C +- +-/** +- * \def MBEDTLS_CIPHER_C +- * +- * Enable the generic cipher layer. +- * +- * Module: library/cipher.c +- * Caller: library/ssl_tls.c +- * +- * Uncomment to enable generic cipher wrappers. +- */ +-#define MBEDTLS_CIPHER_C +- +-/** +- * \def MBEDTLS_CMAC_C +- * +- * Enable the CMAC (Cipher-based Message Authentication Code) mode for block +- * ciphers. +- * +- * Module: library/cmac.c +- * +- * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C +- * +- */ +-#define MBEDTLS_CMAC_C +- +-/** +- * \def MBEDTLS_CTR_DRBG_C +- * +- * Enable the CTR_DRBG AES-based random generator. +- * The CTR_DRBG generator uses AES-256 by default. +- * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below. +- * +- * Module: library/ctr_drbg.c +- * Caller: +- * +- * Requires: MBEDTLS_AES_C +- * +- * This module provides the CTR_DRBG AES random number generator. +- */ +-#define MBEDTLS_CTR_DRBG_C +- +-/** +- * \def MBEDTLS_DEBUG_C +- * +- * Enable the debug functions. +- * +- * Module: library/debug.c +- * Caller: library/ssl_cli.c +- * library/ssl_srv.c +- * library/ssl_tls.c +- * +- * This module provides debugging functions. +- */ +-#define MBEDTLS_DEBUG_C +- +-/** +- * \def MBEDTLS_DES_C +- * +- * Enable the DES block cipher. +- * +- * Module: library/des.c +- * Caller: library/pem.c +- * library/cipher.c +- * +- * This module enables the following ciphersuites (if other requisites are +- * enabled as well): +- * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA +- * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA +- * +- * PEM_PARSE uses DES/3DES for decrypting encrypted keys. +- * +- * \warning DES is considered a weak cipher and its use constitutes a +- * security risk. We recommend considering stronger ciphers instead. +- */ +-#define MBEDTLS_DES_C +- +-/** +- * \def MBEDTLS_DHM_C +- * +- * Enable the Diffie-Hellman-Merkle module. +- * +- * Module: library/dhm.c +- * Caller: library/ssl_cli.c +- * library/ssl_srv.c +- * +- * This module is used by the following key exchanges: +- * DHE-RSA, DHE-PSK +- * +- * \warning Using DHE constitutes a security risk as it +- * is not possible to validate custom DH parameters. +- * If possible, it is recommended users should consider +- * preferring other methods of key exchange. +- * See dhm.h for more details. +- * +- */ +-#define MBEDTLS_DHM_C +- +-/** +- * \def MBEDTLS_ECDH_C +- * +- * Enable the elliptic curve Diffie-Hellman library. +- * +- * Module: library/ecdh.c +- * Caller: library/ssl_cli.c +- * library/ssl_srv.c +- * +- * This module is used by the following key exchanges: +- * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK +- * +- * Requires: MBEDTLS_ECP_C +- */ +-#define MBEDTLS_ECDH_C +- +-/** +- * \def MBEDTLS_ECDSA_C +- * +- * Enable the elliptic curve DSA library. +- * +- * Module: library/ecdsa.c +- * Caller: +- * +- * This module is used by the following key exchanges: +- * ECDHE-ECDSA +- * +- * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C +- */ +-#define MBEDTLS_ECDSA_C +- +-/** +- * \def MBEDTLS_ECJPAKE_C +- * +- * Enable the elliptic curve J-PAKE library. +- * +- * \warning This is currently experimental. EC J-PAKE support is based on the +- * Thread v1.0.0 specification; incompatible changes to the specification +- * might still happen. For this reason, this is disabled by default. +- * +- * Module: library/ecjpake.c +- * Caller: +- * +- * This module is used by the following key exchanges: +- * ECJPAKE +- * +- * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C +- */ +-//#define MBEDTLS_ECJPAKE_C +- +-/** +- * \def MBEDTLS_ECP_C +- * +- * Enable the elliptic curve over GF(p) library. +- * +- * Module: library/ecp.c +- * Caller: library/ecdh.c +- * library/ecdsa.c +- * library/ecjpake.c +- * +- * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED +- */ +-#define MBEDTLS_ECP_C +- +-/** +- * \def MBEDTLS_ENTROPY_C +- * +- * Enable the platform-specific entropy code. +- * +- * Module: library/entropy.c +- * Caller: +- * +- * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C +- * +- * This module provides a generic entropy pool +- */ +-#define MBEDTLS_ENTROPY_C +- +-/** +- * \def MBEDTLS_ERROR_C +- * +- * Enable error code to error string conversion. +- * +- * Module: library/error.c +- * Caller: +- * +- * This module enables mbedtls_strerror(). +- */ +-#define MBEDTLS_ERROR_C +- +-/** +- * \def MBEDTLS_GCM_C +- * +- * Enable the Galois/Counter Mode (GCM) for AES. +- * +- * Module: library/gcm.c +- * +- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C +- * +- * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other +- * requisites are enabled as well. +- */ +-#define MBEDTLS_GCM_C +- +-/** +- * \def MBEDTLS_HAVEGE_C +- * +- * Enable the HAVEGE random generator. +- * +- * Warning: the HAVEGE random generator is not suitable for virtualized +- * environments +- * +- * Warning: the HAVEGE random generator is dependent on timing and specific +- * processor traits. It is therefore not advised to use HAVEGE as +- * your applications primary random generator or primary entropy pool +- * input. As a secondary input to your entropy pool, it IS able add +- * the (limited) extra entropy it provides. +- * +- * Module: library/havege.c +- * Caller: +- * +- * Requires: MBEDTLS_TIMING_C +- * +- * Uncomment to enable the HAVEGE random generator. +- */ +-//#define MBEDTLS_HAVEGE_C +- +-/** +- * \def MBEDTLS_HKDF_C +- * +- * Enable the HKDF algorithm (RFC 5869). +- * +- * Module: library/hkdf.c +- * Caller: +- * +- * Requires: MBEDTLS_MD_C +- * +- * This module adds support for the Hashed Message Authentication Code +- * (HMAC)-based key derivation function (HKDF). +- */ +-#define MBEDTLS_HKDF_C +- +-/** +- * \def MBEDTLS_HMAC_DRBG_C +- * +- * Enable the HMAC_DRBG random generator. +- * +- * Module: library/hmac_drbg.c +- * Caller: +- * +- * Requires: MBEDTLS_MD_C +- * +- * Uncomment to enable the HMAC_DRBG random number geerator. +- */ +-#define MBEDTLS_HMAC_DRBG_C +- +-/** +- * \def MBEDTLS_NIST_KW_C +- * +- * Enable the Key Wrapping mode for 128-bit block ciphers, +- * as defined in NIST SP 800-38F. Only KW and KWP modes +- * are supported. At the moment, only AES is approved by NIST. +- * +- * Module: library/nist_kw.c +- * +- * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C +- */ +-//#define MBEDTLS_NIST_KW_C +- +-/** +- * \def MBEDTLS_MD_C +- * +- * Enable the generic message digest layer. +- * +- * Module: library/md.c +- * Caller: +- * +- * Uncomment to enable generic message digest wrappers. +- */ +-#define MBEDTLS_MD_C +- +-/** +- * \def MBEDTLS_MD2_C +- * +- * Enable the MD2 hash algorithm. +- * +- * Module: library/md2.c +- * Caller: +- * +- * Uncomment to enable support for (rare) MD2-signed X.509 certs. +- * +- * \warning MD2 is considered a weak message digest and its use constitutes a +- * security risk. If possible, we recommend avoiding dependencies on +- * it, and considering stronger message digests instead. +- * +- */ +-//#define MBEDTLS_MD2_C +- +-/** +- * \def MBEDTLS_MD4_C +- * +- * Enable the MD4 hash algorithm. +- * +- * Module: library/md4.c +- * Caller: +- * +- * Uncomment to enable support for (rare) MD4-signed X.509 certs. +- * +- * \warning MD4 is considered a weak message digest and its use constitutes a +- * security risk. If possible, we recommend avoiding dependencies on +- * it, and considering stronger message digests instead. +- * +- */ +-//#define MBEDTLS_MD4_C +- +-/** +- * \def MBEDTLS_MD5_C +- * +- * Enable the MD5 hash algorithm. +- * +- * Module: library/md5.c +- * Caller: library/md.c +- * library/pem.c +- * library/ssl_tls.c +- * +- * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2 +- * depending on the handshake parameters. Further, it is used for checking +- * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded +- * encrypted keys. +- * +- * \warning MD5 is considered a weak message digest and its use constitutes a +- * security risk. If possible, we recommend avoiding dependencies on +- * it, and considering stronger message digests instead. +- * +- */ +-#define MBEDTLS_MD5_C +- +-/** +- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C +- * +- * Enable the buffer allocator implementation that makes use of a (stack) +- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() +- * calls) +- * +- * Module: library/memory_buffer_alloc.c +- * +- * Requires: MBEDTLS_PLATFORM_C +- * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) +- * +- * Enable this module to enable the buffer memory allocator. +- */ +-//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C +- +-/** +- * \def MBEDTLS_NET_C +- * +- * Enable the TCP and UDP over IPv6/IPv4 networking routines. +- * +- * \note This module only works on POSIX/Unix (including Linux, BSD and OS X) +- * and Windows. For other platforms, you'll want to disable it, and write your +- * own networking callbacks to be passed to \c mbedtls_ssl_set_bio(). +- * +- * \note See also our Knowledge Base article about porting to a new +- * environment: +- * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS +- * +- * Module: library/net_sockets.c +- * +- * This module provides networking routines. +- */ +-#define MBEDTLS_NET_C +- +-/** +- * \def MBEDTLS_OID_C +- * +- * Enable the OID database. +- * +- * Module: library/oid.c +- * Caller: library/asn1write.c +- * library/pkcs5.c +- * library/pkparse.c +- * library/pkwrite.c +- * library/rsa.c +- * library/x509.c +- * library/x509_create.c +- * library/x509_crl.c +- * library/x509_crt.c +- * library/x509_csr.c +- * library/x509write_crt.c +- * library/x509write_csr.c +- * +- * This modules translates between OIDs and internal values. +- */ +-#define MBEDTLS_OID_C +- +-/** +- * \def MBEDTLS_PADLOCK_C +- * +- * Enable VIA Padlock support on x86. +- * +- * Module: library/padlock.c +- * Caller: library/aes.c +- * +- * Requires: MBEDTLS_HAVE_ASM +- * +- * This modules adds support for the VIA PadLock on x86. +- */ +-#define MBEDTLS_PADLOCK_C +- +-/** +- * \def MBEDTLS_PEM_PARSE_C +- * +- * Enable PEM decoding / parsing. +- * +- * Module: library/pem.c +- * Caller: library/dhm.c +- * library/pkparse.c +- * library/x509_crl.c +- * library/x509_crt.c +- * library/x509_csr.c +- * +- * Requires: MBEDTLS_BASE64_C +- * +- * This modules adds support for decoding / parsing PEM files. +- */ +-#define MBEDTLS_PEM_PARSE_C +- +-/** +- * \def MBEDTLS_PEM_WRITE_C +- * +- * Enable PEM encoding / writing. +- * +- * Module: library/pem.c +- * Caller: library/pkwrite.c +- * library/x509write_crt.c +- * library/x509write_csr.c +- * +- * Requires: MBEDTLS_BASE64_C +- * +- * This modules adds support for encoding / writing PEM files. +- */ +-#define MBEDTLS_PEM_WRITE_C +- +-/** +- * \def MBEDTLS_PK_C +- * +- * Enable the generic public (asymetric) key layer. +- * +- * Module: library/pk.c +- * Caller: library/ssl_tls.c +- * library/ssl_cli.c +- * library/ssl_srv.c +- * +- * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C +- * +- * Uncomment to enable generic public key wrappers. +- */ +-#define MBEDTLS_PK_C +- +-/** +- * \def MBEDTLS_PK_PARSE_C +- * +- * Enable the generic public (asymetric) key parser. +- * +- * Module: library/pkparse.c +- * Caller: library/x509_crt.c +- * library/x509_csr.c +- * +- * Requires: MBEDTLS_PK_C +- * +- * Uncomment to enable generic public key parse functions. +- */ +-#define MBEDTLS_PK_PARSE_C +- +-/** +- * \def MBEDTLS_PK_WRITE_C +- * +- * Enable the generic public (asymetric) key writer. +- * +- * Module: library/pkwrite.c +- * Caller: library/x509write.c +- * +- * Requires: MBEDTLS_PK_C +- * +- * Uncomment to enable generic public key write functions. +- */ +-#define MBEDTLS_PK_WRITE_C +- +-/** +- * \def MBEDTLS_PKCS5_C +- * +- * Enable PKCS#5 functions. +- * +- * Module: library/pkcs5.c +- * +- * Requires: MBEDTLS_MD_C +- * +- * This module adds support for the PKCS#5 functions. +- */ +-#define MBEDTLS_PKCS5_C +- +-/** +- * \def MBEDTLS_PKCS11_C +- * +- * Enable wrapper for PKCS#11 smartcard support. +- * +- * Module: library/pkcs11.c +- * Caller: library/pk.c +- * +- * Requires: MBEDTLS_PK_C +- * +- * This module enables SSL/TLS PKCS #11 smartcard support. +- * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) +- */ +-//#define MBEDTLS_PKCS11_C +- +-/** +- * \def MBEDTLS_PKCS12_C +- * +- * Enable PKCS#12 PBE functions. +- * Adds algorithms for parsing PKCS#8 encrypted private keys +- * +- * Module: library/pkcs12.c +- * Caller: library/pkparse.c +- * +- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C +- * Can use: MBEDTLS_ARC4_C +- * +- * This module enables PKCS#12 functions. +- */ +-#define MBEDTLS_PKCS12_C +- +-/** +- * \def MBEDTLS_PLATFORM_C +- * +- * Enable the platform abstraction layer that allows you to re-assign +- * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). +- * +- * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT +- * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned +- * above to be specified at runtime or compile time respectively. +- * +- * \note This abstraction layer must be enabled on Windows (including MSYS2) +- * as other module rely on it for a fixed snprintf implementation. +- * +- * Module: library/platform.c +- * Caller: Most other .c files +- * +- * This module enables abstraction of common (libc) functions. +- */ +-#define MBEDTLS_PLATFORM_C +- +-/** +- * \def MBEDTLS_POLY1305_C +- * +- * Enable the Poly1305 MAC algorithm. +- * +- * Module: library/poly1305.c +- * Caller: library/chachapoly.c +- */ +-#define MBEDTLS_POLY1305_C +- +-/** +- * \def MBEDTLS_RIPEMD160_C +- * +- * Enable the RIPEMD-160 hash algorithm. +- * +- * Module: library/ripemd160.c +- * Caller: library/md.c +- * +- */ +-#define MBEDTLS_RIPEMD160_C +- +-/** +- * \def MBEDTLS_RSA_C +- * +- * Enable the RSA public-key cryptosystem. +- * +- * Module: library/rsa.c +- * library/rsa_internal.c +- * Caller: library/ssl_cli.c +- * library/ssl_srv.c +- * library/ssl_tls.c +- * library/x509.c +- * +- * This module is used by the following key exchanges: +- * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK +- * +- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C +- */ +-#define MBEDTLS_RSA_C +- +-/** +- * \def MBEDTLS_SHA1_C +- * +- * Enable the SHA1 cryptographic hash algorithm. +- * +- * Module: library/sha1.c +- * Caller: library/md.c +- * library/ssl_cli.c +- * library/ssl_srv.c +- * library/ssl_tls.c +- * library/x509write_crt.c +- * +- * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 +- * depending on the handshake parameters, and for SHA1-signed certificates. +- * +- * \warning SHA-1 is considered a weak message digest and its use constitutes +- * a security risk. If possible, we recommend avoiding dependencies +- * on it, and considering stronger message digests instead. +- * +- */ +-#define MBEDTLS_SHA1_C +- +-/** +- * \def MBEDTLS_SHA256_C +- * +- * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. +- * +- * Module: library/sha256.c +- * Caller: library/entropy.c +- * library/md.c +- * library/ssl_cli.c +- * library/ssl_srv.c +- * library/ssl_tls.c +- * +- * This module adds support for SHA-224 and SHA-256. +- * This module is required for the SSL/TLS 1.2 PRF function. +- */ +-#define MBEDTLS_SHA256_C +- +-/** +- * \def MBEDTLS_SHA512_C +- * +- * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. +- * +- * Module: library/sha512.c +- * Caller: library/entropy.c +- * library/md.c +- * library/ssl_cli.c +- * library/ssl_srv.c +- * +- * This module adds support for SHA-384 and SHA-512. +- */ +-#define MBEDTLS_SHA512_C +- +-#if (SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM) +-#undef MBEDTLS_SHA512_C +-#endif +- +-/** +- * \def MBEDTLS_SSL_CACHE_C +- * +- * Enable simple SSL cache implementation. +- * +- * Module: library/ssl_cache.c +- * Caller: +- * +- * Requires: MBEDTLS_SSL_CACHE_C +- */ +-#define MBEDTLS_SSL_CACHE_C +- +-/** +- * \def MBEDTLS_SSL_COOKIE_C +- * +- * Enable basic implementation of DTLS cookies for hello verification. +- * +- * Module: library/ssl_cookie.c +- * Caller: +- */ +-#define MBEDTLS_SSL_COOKIE_C +- +-/** +- * \def MBEDTLS_SSL_TICKET_C +- * +- * Enable an implementation of TLS server-side callbacks for session tickets. +- * +- * Module: library/ssl_ticket.c +- * Caller: +- * +- * Requires: MBEDTLS_CIPHER_C +- */ +-#define MBEDTLS_SSL_TICKET_C +- +-/** +- * \def MBEDTLS_SSL_CLI_C +- * +- * Enable the SSL/TLS client code. +- * +- * Module: library/ssl_cli.c +- * Caller: +- * +- * Requires: MBEDTLS_SSL_TLS_C +- * +- * This module is required for SSL/TLS client support. +- */ +-#define MBEDTLS_SSL_CLI_C +- +-/** +- * \def MBEDTLS_SSL_SRV_C +- * +- * Enable the SSL/TLS server code. +- * +- * Module: library/ssl_srv.c +- * Caller: +- * +- * Requires: MBEDTLS_SSL_TLS_C +- * +- * This module is required for SSL/TLS server support. +- */ +-#define MBEDTLS_SSL_SRV_C +- +-/** +- * \def MBEDTLS_SSL_TLS_C +- * +- * Enable the generic SSL/TLS code. +- * +- * Module: library/ssl_tls.c +- * Caller: library/ssl_cli.c +- * library/ssl_srv.c +- * +- * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C +- * and at least one of the MBEDTLS_SSL_PROTO_XXX defines +- * +- * This module is required for SSL/TLS. +- */ +-#define MBEDTLS_SSL_TLS_C +- +-/** +- * \def MBEDTLS_THREADING_C +- * +- * Enable the threading abstraction layer. +- * By default mbed TLS assumes it is used in a non-threaded environment or that +- * contexts are not shared between threads. If you do intend to use contexts +- * between threads, you will need to enable this layer to prevent race +- * conditions. See also our Knowledge Base article about threading: +- * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading +- * +- * Module: library/threading.c +- * +- * This allows different threading implementations (self-implemented or +- * provided). +- * +- * You will have to enable either MBEDTLS_THREADING_ALT or +- * MBEDTLS_THREADING_PTHREAD. +- * +- * Enable this layer to allow use of mutexes within mbed TLS +- */ +-//#define MBEDTLS_THREADING_C +- +-/** +- * \def MBEDTLS_TIMING_C +- * +- * Enable the semi-portable timing interface. +- * +- * \note The provided implementation only works on POSIX/Unix (including Linux, +- * BSD and OS X) and Windows. On other platforms, you can either disable that +- * module and provide your own implementations of the callbacks needed by +- * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide +- * your own implementation of the whole module by setting +- * \c MBEDTLS_TIMING_ALT in the current file. +- * +- * \note See also our Knowledge Base article about porting to a new +- * environment: +- * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS +- * +- * Module: library/timing.c +- * Caller: library/havege.c +- * +- * This module is used by the HAVEGE random number generator. +- */ +-#define MBEDTLS_TIMING_C +- +-/** +- * \def MBEDTLS_VERSION_C +- * +- * Enable run-time version information. +- * +- * Module: library/version.c +- * +- * This module provides run-time version information. +- */ +-#define MBEDTLS_VERSION_C +- +-/** +- * \def MBEDTLS_X509_USE_C +- * +- * Enable X.509 core for using certificates. +- * +- * Module: library/x509.c +- * Caller: library/x509_crl.c +- * library/x509_crt.c +- * library/x509_csr.c +- * +- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, +- * MBEDTLS_PK_PARSE_C +- * +- * This module is required for the X.509 parsing modules. +- */ +-#define MBEDTLS_X509_USE_C +- +-/** +- * \def MBEDTLS_X509_CRT_PARSE_C +- * +- * Enable X.509 certificate parsing. +- * +- * Module: library/x509_crt.c +- * Caller: library/ssl_cli.c +- * library/ssl_srv.c +- * library/ssl_tls.c +- * +- * Requires: MBEDTLS_X509_USE_C +- * +- * This module is required for X.509 certificate parsing. +- */ +-#define MBEDTLS_X509_CRT_PARSE_C +- +-/** +- * \def MBEDTLS_X509_CRL_PARSE_C +- * +- * Enable X.509 CRL parsing. +- * +- * Module: library/x509_crl.c +- * Caller: library/x509_crt.c +- * +- * Requires: MBEDTLS_X509_USE_C +- * +- * This module is required for X.509 CRL parsing. +- */ +-#define MBEDTLS_X509_CRL_PARSE_C +- +-/** +- * \def MBEDTLS_X509_CSR_PARSE_C +- * +- * Enable X.509 Certificate Signing Request (CSR) parsing. +- * +- * Module: library/x509_csr.c +- * Caller: library/x509_crt_write.c +- * +- * Requires: MBEDTLS_X509_USE_C +- * +- * This module is used for reading X.509 certificate request. +- */ +-#define MBEDTLS_X509_CSR_PARSE_C +- +-/** +- * \def MBEDTLS_X509_CREATE_C +- * +- * Enable X.509 core for creating certificates. +- * +- * Module: library/x509_create.c +- * +- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C +- * +- * This module is the basis for creating X.509 certificates and CSRs. +- */ +-#define MBEDTLS_X509_CREATE_C +- +-/** +- * \def MBEDTLS_X509_CRT_WRITE_C +- * +- * Enable creating X.509 certificates. +- * +- * Module: library/x509_crt_write.c +- * +- * Requires: MBEDTLS_X509_CREATE_C +- * +- * This module is required for X.509 certificate creation. +- */ +-#define MBEDTLS_X509_CRT_WRITE_C +- +-/** +- * \def MBEDTLS_X509_CSR_WRITE_C +- * +- * Enable creating X.509 Certificate Signing Requests (CSR). +- * +- * Module: library/x509_csr_write.c +- * +- * Requires: MBEDTLS_X509_CREATE_C +- * +- * This module is required for X.509 certificate request writing. +- */ +-#define MBEDTLS_X509_CSR_WRITE_C +- +-/** +- * \def MBEDTLS_XTEA_C +- * +- * Enable the XTEA block cipher. +- * +- * Module: library/xtea.c +- * Caller: +- */ +-#define MBEDTLS_XTEA_C +- +-/* \} name SECTION: mbed TLS modules */ +- +-/** +- * \name SECTION: Module configuration options +- * +- * This section allows for the setting of module specific sizes and +- * configuration options. The default values are already present in the +- * relevant header files and should suffice for the regular use cases. +- * +- * Our advice is to enable options and change their values here +- * only if you have a good reason and know the consequences. +- * +- * Please check the respective header file for documentation on these +- * parameters (to prevent duplicate documentation). +- * \{ +- */ +- +-/* MPI / BIGNUM options */ +-//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ +-//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ +- +-/* CTR_DRBG options */ +-//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ +-//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +-//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +-//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +-//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ +-//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */ +- +-/* HMAC_DRBG options */ +-//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ +-//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ +-//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ +-//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ +- +-/* ECP options */ +-//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ +-//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ +-//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ +- +-/* Entropy options */ +-//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ +-//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ +-//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */ +- +-/* Memory buffer allocator options */ +-//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ +- +-/* Platform options */ +-//#define MBEDTLS_PLATFORM_STD_MEM_HDR /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ +-//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +-//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ +-/* Note: your snprintf must correclty zero-terminate the buffer! */ +-//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */ +- +-/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */ +-/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ +-//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +-//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */ +-//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ +-/* Note: your snprintf must correclty zero-terminate the buffer! */ +-//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ +-//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ +- +-/** +- * \brief This macro is invoked by the library when an invalid parameter +- * is detected that is only checked with MBEDTLS_CHECK_PARAMS +- * (see the documentation of that option for context). +- * +- * When you leave this undefined here, a default definition is +- * provided that invokes the function mbedtls_param_failed(), +- * which is declared in platform_util.h for the benefit of the +- * library, but that you need to define in your application. +- * +- * When you define this here, this replaces the default +- * definition in platform_util.h (which no longer declares the +- * function mbedtls_param_failed()) and it is your responsibility +- * to make sure this macro expands to something suitable (in +- * particular, that all the necessary declarations are visible +- * from within the library - you can ensure that by providing +- * them in this file next to the macro definition). +- * +- * Note that you may define this macro to expand to nothing, in +- * which case you don't have to worry about declarations or +- * definitions. However, you will then be notified about invalid +- * parameters only in non-void functions, and void function will +- * just silently return early on invalid parameters, which +- * partially negates the benefits of enabling +- * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged. +- * +- * \param cond The expression that should evaluate to true, but doesn't. +- */ +-//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) +- +-/* SSL Cache options */ +-//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ +-//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ +- +-/* SSL options */ +- +-/** \def MBEDTLS_SSL_MAX_CONTENT_LEN +- * +- * Maximum length (in bytes) of incoming and outgoing plaintext fragments. +- * +- * This determines the size of both the incoming and outgoing TLS I/O buffers +- * in such a way that both are capable of holding the specified amount of +- * plaintext data, regardless of the protection mechanism used. +- * +- * To configure incoming and outgoing I/O buffers separately, use +- * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN, +- * which overwrite the value set by this option. +- * +- * \note When using a value less than the default of 16KB on the client, it is +- * recommended to use the Maximum Fragment Length (MFL) extension to +- * inform the server about this limitation. On the server, there +- * is no supported, standardized way of informing the client about +- * restriction on the maximum size of incoming messages, and unless +- * the limitation has been communicated by other means, it is recommended +- * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN +- * while keeping the default value of 16KB for the incoming buffer. +- * +- * Uncomment to set the maximum plaintext size of both +- * incoming and outgoing I/O buffers. +- */ +-//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 +- +-/** \def MBEDTLS_SSL_IN_CONTENT_LEN +- * +- * Maximum length (in bytes) of incoming plaintext fragments. +- * +- * This determines the size of the incoming TLS I/O buffer in such a way +- * that it is capable of holding the specified amount of plaintext data, +- * regardless of the protection mechanism used. +- * +- * If this option is undefined, it inherits its value from +- * #MBEDTLS_SSL_MAX_CONTENT_LEN. +- * +- * \note When using a value less than the default of 16KB on the client, it is +- * recommended to use the Maximum Fragment Length (MFL) extension to +- * inform the server about this limitation. On the server, there +- * is no supported, standardized way of informing the client about +- * restriction on the maximum size of incoming messages, and unless +- * the limitation has been communicated by other means, it is recommended +- * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN +- * while keeping the default value of 16KB for the incoming buffer. +- * +- * Uncomment to set the maximum plaintext size of the incoming I/O buffer +- * independently of the outgoing I/O buffer. +- */ +-//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 +- +-/** \def MBEDTLS_SSL_OUT_CONTENT_LEN +- * +- * Maximum length (in bytes) of outgoing plaintext fragments. +- * +- * This determines the size of the outgoing TLS I/O buffer in such a way +- * that it is capable of holding the specified amount of plaintext data, +- * regardless of the protection mechanism used. +- * +- * If this option undefined, it inherits its value from +- * #MBEDTLS_SSL_MAX_CONTENT_LEN. +- * +- * It is possible to save RAM by setting a smaller outward buffer, while keeping +- * the default inward 16384 byte buffer to conform to the TLS specification. +- * +- * The minimum required outward buffer size is determined by the handshake +- * protocol's usage. Handshaking will fail if the outward buffer is too small. +- * The specific size requirement depends on the configured ciphers and any +- * certificate data which is sent during the handshake. +- * +- * Uncomment to set the maximum plaintext size of the outgoing I/O buffer +- * independently of the incoming I/O buffer. +- */ +-//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 +- +-/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING +- * +- * Maximum number of heap-allocated bytes for the purpose of +- * DTLS handshake message reassembly and future message buffering. +- * +- * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN +- * to account for a reassembled handshake message of maximum size, +- * together with its reassembly bitmap. +- * +- * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default) +- * should be sufficient for all practical situations as it allows +- * to reassembly a large handshake message (such as a certificate) +- * while buffering multiple smaller handshake messages. +- * +- */ +-//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768 +- +-//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ +-//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ +-//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */ +- +-/** +- * Complete list of ciphersuites to use, in order of preference. +- * +- * \warning No dependency checking is done on that field! This option can only +- * be used to restrict the set of available ciphersuites. It is your +- * responsibility to make sure the needed modules are active. +- * +- * Use this to save a few hundred bytes of ROM (default ordering of all +- * available ciphersuites) and a few to a few hundred bytes of RAM. +- * +- * The value below is only an example, not the default. +- */ +-//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +- +-/* X509 options */ +-//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ +-//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ +- +-/** +- * Allow SHA-1 in the default TLS configuration for certificate signing. +- * Without this build-time option, SHA-1 support must be activated explicitly +- * through mbedtls_ssl_conf_cert_profile. Turning on this option is not +- * recommended because of it is possible to generate SHA-1 collisions, however +- * this may be safe for legacy infrastructure where additional controls apply. +- * +- * \warning SHA-1 is considered a weak message digest and its use constitutes +- * a security risk. If possible, we recommend avoiding dependencies +- * on it, and considering stronger message digests instead. +- * +- */ +-// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES +- +-/** +- * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake +- * signature and ciphersuite selection. Without this build-time option, SHA-1 +- * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes. +- * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by +- * default. At the time of writing, there is no practical attack on the use +- * of SHA-1 in handshake signatures, hence this option is turned on by default +- * to preserve compatibility with existing peers, but the general +- * warning applies nonetheless: +- * +- * \warning SHA-1 is considered a weak message digest and its use constitutes +- * a security risk. If possible, we recommend avoiding dependencies +- * on it, and considering stronger message digests instead. +- * +- */ +-#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE +- +-/** +- * Uncomment the macro to let mbed TLS use your alternate implementation of +- * mbedtls_platform_zeroize(). This replaces the default implementation in +- * platform_util.c. +- * +- * mbedtls_platform_zeroize() is a widely used function across the library to +- * zero a block of memory. The implementation is expected to be secure in the +- * sense that it has been written to prevent the compiler from removing calls +- * to mbedtls_platform_zeroize() as part of redundant code elimination +- * optimizations. However, it is difficult to guarantee that calls to +- * mbedtls_platform_zeroize() will not be optimized by the compiler as older +- * versions of the C language standards do not provide a secure implementation +- * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to +- * configure their own implementation of mbedtls_platform_zeroize(), for +- * example by using directives specific to their compiler, features from newer +- * C standards (e.g using memset_s() in C11) or calling a secure memset() from +- * their system (e.g explicit_bzero() in BSD). +- */ +-//#define MBEDTLS_PLATFORM_ZEROIZE_ALT +- +-/** +- * Uncomment the macro to let Mbed TLS use your alternate implementation of +- * mbedtls_platform_gmtime_r(). This replaces the default implementation in +- * platform_util.c. +- * +- * gmtime() is not a thread-safe function as defined in the C standard. The +- * library will try to use safer implementations of this function, such as +- * gmtime_r() when available. However, if Mbed TLS cannot identify the target +- * system, the implementation of mbedtls_platform_gmtime_r() will default to +- * using the standard gmtime(). In this case, calls from the library to +- * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex +- * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the +- * library are also guarded with this mutex to avoid race conditions. However, +- * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will +- * unconditionally use the implementation for mbedtls_platform_gmtime_r() +- * supplied at compile time. +- */ +-//#define MBEDTLS_PLATFORM_GMTIME_R_ALT +- +-/* \} name SECTION: Customisation configuration options */ +- +-/* Target and application specific configurations +- * +- * Allow user to override any previous default. +- * +- */ +-#if defined(MBEDTLS_USER_CONFIG_FILE) +-#include MBEDTLS_USER_CONFIG_FILE +-#endif +- +-#include "mbedtls/check_config.h" +- +-/* clang-format on */ +- +-#endif /* MBEDTLS_CONFIG_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port/default/fsl_sss_types.h b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port/default/fsl_sss_types.h +deleted file mode 100644 +index 969be87673..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port/default/fsl_sss_types.h ++++ /dev/null +@@ -1,67 +0,0 @@ +-/* +- * Copyright 2018,2019 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#ifndef FSL_SSS_TYPES_H +-#define FSL_SSS_TYPES_H +- +-#include +-#include +-#include +- +-#if (__STDC__ && !__MBED__) +-#include +-#endif +- +-#ifndef FALSE +-#define FALSE false +-#endif +- +-#ifndef TRUE +-#define TRUE true +-#endif +- +-#ifndef ARRAY_SIZE +-#define ARRAY_SIZE(array) (sizeof(array) / (sizeof(array[0]))) +-#endif +- +-#if __MBED__ +-#include "mbed_assert.h" +-#define assert_static(e) MBED_ASSERT(e) +-#else +-#define assert_static(e) \ +- { \ +- char assert_static__[(e) ? 1 : -1]; \ +- assert_static__; \ +- } +-#endif +- +-/** Compile time assert */ +-#define SSS_ASSERT(condition) assert_static(condition) +- +-/*! @brief Compile time sizeof() check */ +-#define SSCP_BUILD_ASSURE(condition, msg) assert_static(condition) +- +-/* snprintf definition for MSVisualC */ +-#ifdef _MSC_VER +-#define SNPRINTF _snprintf +-#define STRNICMP _strnicmp +-#else /* _MSC_VER*/ +-#define SNPRINTF snprintf +-#define STRNICMP strncasecmp +-#endif /*_MSC_VER*/ +- +-#ifndef SSS_MALLOC +-#define SSS_MALLOC malloc +-#endif // SSS_MALLOC +- +-#ifndef SSS_FREE +-#define SSS_FREE free +-#endif // SSS_FREE +- +-#ifndef SSS_CALLOC +-#define SSS_CALLOC calloc +-#endif // SSS_CALLOC +- +-#endif /* FSL_SSS_TYPES_H */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/fsl_sss_apis.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/fsl_sss_apis.c +deleted file mode 100644 +index 083005b142..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/fsl_sss_apis.c ++++ /dev/null +@@ -1,2601 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +-#include +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_SSCP +-#include +-#endif /* SSS_HAVE_SSCP */ +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-#include +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +- +-#if SSS_HAVE_MBEDTLS +-#include +-#endif /* SSS_HAVE_MBEDTLS */ +- +-#if SSS_HAVE_OPENSSL +-#include +-#endif /* SSS_HAVE_OPENSSL */ +- +-#if defined(FLOW_VERBOSE) +-#define NX_LOG_ENABLE_SSS_DEBUG 1 +-#endif +-#include "nxLog_sss.h" +- +-#if (SSS_HAVE_SSS > 1) +- +-sss_status_t sss_session_create(sss_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData) +-{ +- if (kType_SSS_Software == subsystem) { +-#if SSS_HAVE_OPENSSL +- /* if I have openSSL */ +- subsystem = kType_SSS_OpenSSL; +-#endif +-#if SSS_HAVE_MBEDTLS +- /* if I have mbed TLS */ +- subsystem = kType_SSS_mbedTLS; +-#endif +- } +- else if (kType_SSS_SecureElement == subsystem) { +-#if SSS_HAVE_APPLET_SE05X_IOT +- subsystem = kType_SSS_SE_SE05x; +-#endif +-#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM +- subsystem = kType_SSS_SE_A71CH; +-#endif +- } +- +-#if SSS_HAVE_SSCP +- if (SSS_SUBSYSTEM_TYPE_IS_SSCP(subsystem)) { +- return kStatus_SSS_Success; /* Nothing special to be handled yet */ +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SUBSYSTEM_TYPE_IS_SE05X(subsystem)) { +- return kStatus_SSS_Success; /* Nothing special to be handled yet */ +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SUBSYSTEM_TYPE_IS_MBEDTLS(subsystem)) { +- return kStatus_SSS_Success; /* Nothing special to be handled yet */ +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SUBSYSTEM_TYPE_IS_OPENSSL(subsystem)) { +- return kStatus_SSS_Success; /* Nothing special to be handled yet */ +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_session_open(sss_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData) +-{ +- if (kType_SSS_Software == subsystem) { +-#if SSS_HAVE_OPENSSL +- /* if I have openSSL */ +- subsystem = kType_SSS_OpenSSL; +-#endif +-#if SSS_HAVE_MBEDTLS +- /* if I have mbed TLS */ +- subsystem = kType_SSS_mbedTLS; +-#endif +- } +- else if (kType_SSS_SecureElement == subsystem) { +-#if SSS_HAVE_SE +- +- subsystem = kType_SSS_SE_SE05x; +-#endif +-#if SSS_HAVE_A71CH || SSS_HAVE_A71CH_SIM +- subsystem = kType_SSS_SE_A71CH; +-#endif +- } +- +-#if SSS_HAVE_SSCP +- if (SSS_SUBSYSTEM_TYPE_IS_SSCP(subsystem)) { +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- return sss_sscp_session_open(sscp_session, subsystem, application_id, connection_type, connectionData); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SUBSYSTEM_TYPE_IS_SE05X(subsystem)) { +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- return sss_se05x_session_open(se05x_session, subsystem, application_id, connection_type, connectionData); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SUBSYSTEM_TYPE_IS_MBEDTLS(subsystem)) { +- sss_mbedtls_session_t *mbedtls_session = (sss_mbedtls_session_t *)session; +- return sss_mbedtls_session_open(mbedtls_session, subsystem, application_id, connection_type, connectionData); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SUBSYSTEM_TYPE_IS_OPENSSL(subsystem)) { +- sss_openssl_session_t *openssl_session = (sss_openssl_session_t *)session; +- return sss_openssl_session_open(openssl_session, subsystem, application_id, connection_type, connectionData); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_session_prop_get_u32(sss_session_t *session, uint32_t property, uint32_t *pValue) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- return sss_sscp_session_prop_get_u32(sscp_session, property, pValue); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- return sss_se05x_session_prop_get_u32(se05x_session, property, pValue); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SESSION_TYPE_IS_MBEDTLS(session)) { +- sss_mbedtls_session_t *mbedtls_session = (sss_mbedtls_session_t *)session; +- return sss_mbedtls_session_prop_get_u32(mbedtls_session, property, pValue); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SESSION_TYPE_IS_OPENSSL(session)) { +- sss_openssl_session_t *openssl_session = (sss_openssl_session_t *)session; +- return sss_openssl_session_prop_get_u32(openssl_session, property, pValue); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_session_prop_get_au8(sss_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- return sss_sscp_session_prop_get_au8(sscp_session, property, pValue, pValueLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- return sss_se05x_session_prop_get_au8(se05x_session, property, pValue, pValueLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SESSION_TYPE_IS_MBEDTLS(session)) { +- sss_mbedtls_session_t *mbedtls_session = (sss_mbedtls_session_t *)session; +- return sss_mbedtls_session_prop_get_au8(mbedtls_session, property, pValue, pValueLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SESSION_TYPE_IS_OPENSSL(session)) { +- sss_openssl_session_t *openssl_session = (sss_openssl_session_t *)session; +- return sss_openssl_session_prop_get_au8(openssl_session, property, pValue, pValueLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-void sss_session_close(sss_session_t *session) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- sss_sscp_session_close(sscp_session); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- sss_se05x_session_close(se05x_session); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SESSION_TYPE_IS_MBEDTLS(session)) { +- sss_mbedtls_session_t *mbedtls_session = (sss_mbedtls_session_t *)session; +- sss_mbedtls_session_close(mbedtls_session); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SESSION_TYPE_IS_OPENSSL(session)) { +- sss_openssl_session_t *openssl_session = (sss_openssl_session_t *)session; +- sss_openssl_session_close(openssl_session); +- } +-#endif /* SSS_HAVE_OPENSSL */ +-} +- +-void sss_session_delete(sss_session_t *session) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- /* Nothing special to be handled */ +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- /* Nothing special to be handled */ +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SESSION_TYPE_IS_MBEDTLS(session)) { +- /* Nothing special to be handled */ +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SESSION_TYPE_IS_OPENSSL(session)) { +- /* Nothing special to be handled */ +- } +-#endif /* SSS_HAVE_OPENSSL */ +-} +- +-sss_status_t sss_key_object_init(sss_object_t *keyObject, sss_key_store_t *keyStore) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_KEY_STORE_TYPE_IS_SSCP(keyStore)) { +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- sss_sscp_key_store_t *sscp_keyStore = (sss_sscp_key_store_t *)keyStore; +- SSS_ASSERT(sizeof(*sscp_keyObject) <= sizeof(*keyObject)); +- SSS_ASSERT(sizeof(*sscp_keyStore) <= sizeof(*keyStore)); +- return sss_sscp_key_object_init(sscp_keyObject, sscp_keyStore); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_KEY_STORE_TYPE_IS_SE05X(keyStore)) { +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- sss_se05x_key_store_t *se05x_keyStore = (sss_se05x_key_store_t *)keyStore; +- SSS_ASSERT(sizeof(*se05x_keyObject) <= sizeof(*keyObject)); +- SSS_ASSERT(sizeof(*se05x_keyStore) <= sizeof(*keyStore)); +- return sss_se05x_key_object_init(se05x_keyObject, se05x_keyStore); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore)) { +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- sss_mbedtls_key_store_t *mbedtls_keyStore = (sss_mbedtls_key_store_t *)keyStore; +- SSS_ASSERT(sizeof(*mbedtls_keyObject) <= sizeof(*keyObject)); +- SSS_ASSERT(sizeof(*mbedtls_keyStore) <= sizeof(*keyStore)); +- return sss_mbedtls_key_object_init(mbedtls_keyObject, mbedtls_keyStore); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore)) { +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- sss_openssl_key_store_t *openssl_keyStore = (sss_openssl_key_store_t *)keyStore; +- SSS_ASSERT(sizeof(*openssl_keyObject) <= sizeof(*keyObject)); +- SSS_ASSERT(sizeof(*openssl_keyStore) <= sizeof(*keyStore)); +- return sss_openssl_key_object_init(openssl_keyObject, openssl_keyStore); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_object_allocate_handle(sss_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t options) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_OBJECT_TYPE_IS_SSCP(keyObject)) { +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_object_allocate_handle(sscp_keyObject, keyId, keyPart, cipherType, keyByteLenMax, options); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT && SSSFTR_SE05X_KEY_SET +- if (SSS_OBJECT_TYPE_IS_SE05X(keyObject)) { +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_object_allocate_handle( +- se05x_keyObject, keyId, keyPart, cipherType, keyByteLenMax, options); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_OBJECT_TYPE_IS_MBEDTLS(keyObject)) { +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_object_allocate_handle( +- mbedtls_keyObject, keyId, keyPart, cipherType, keyByteLenMax, options); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_OBJECT_TYPE_IS_OPENSSL(keyObject)) { +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_object_allocate_handle( +- openssl_keyObject, keyId, keyPart, cipherType, keyByteLenMax, options); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_object_get_handle(sss_object_t *keyObject, uint32_t keyId) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_OBJECT_TYPE_IS_SSCP(keyObject)) { +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_object_get_handle(sscp_keyObject, keyId); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT && SSSFTR_SE05X_KEY_GET +- if (SSS_OBJECT_TYPE_IS_SE05X(keyObject)) { +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_object_get_handle(se05x_keyObject, keyId); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_OBJECT_TYPE_IS_MBEDTLS(keyObject)) { +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_object_get_handle(mbedtls_keyObject, keyId); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_OBJECT_TYPE_IS_OPENSSL(keyObject)) { +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_object_get_handle(openssl_keyObject, keyId); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_object_set_user(sss_object_t *keyObject, uint32_t user, uint32_t options) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_OBJECT_TYPE_IS_SSCP(keyObject)) { +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_object_set_user(sscp_keyObject, user, options); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_OBJECT_TYPE_IS_SE05X(keyObject)) { +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_object_set_user(se05x_keyObject, user, options); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_OBJECT_TYPE_IS_MBEDTLS(keyObject)) { +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_object_set_user(mbedtls_keyObject, user, options); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_OBJECT_TYPE_IS_OPENSSL(keyObject)) { +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_object_set_user(openssl_keyObject, user, options); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_object_set_purpose(sss_object_t *keyObject, sss_mode_t purpose, uint32_t options) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_OBJECT_TYPE_IS_SSCP(keyObject)) { +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_object_set_purpose(sscp_keyObject, purpose, options); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_OBJECT_TYPE_IS_SE05X(keyObject)) { +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_object_set_purpose(se05x_keyObject, purpose, options); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_OBJECT_TYPE_IS_MBEDTLS(keyObject)) { +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_object_set_purpose(mbedtls_keyObject, purpose, options); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_OBJECT_TYPE_IS_OPENSSL(keyObject)) { +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_object_set_purpose(openssl_keyObject, purpose, options); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_object_set_access(sss_object_t *keyObject, uint32_t access, uint32_t options) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_OBJECT_TYPE_IS_SSCP(keyObject)) { +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_object_set_access(sscp_keyObject, access, options); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_OBJECT_TYPE_IS_SE05X(keyObject)) { +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_object_set_access(se05x_keyObject, access, options); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_OBJECT_TYPE_IS_MBEDTLS(keyObject)) { +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_object_set_access(mbedtls_keyObject, access, options); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_OBJECT_TYPE_IS_OPENSSL(keyObject)) { +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_object_set_access(openssl_keyObject, access, options); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_object_set_eccgfp_group(sss_object_t *keyObject, sss_eccgfp_group_t *group) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_OBJECT_TYPE_IS_SSCP(keyObject)) { +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_object_set_eccgfp_group(sscp_keyObject, group); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_OBJECT_TYPE_IS_SE05X(keyObject)) { +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_object_set_eccgfp_group(se05x_keyObject, group); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_OBJECT_TYPE_IS_MBEDTLS(keyObject)) { +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_object_set_eccgfp_group(mbedtls_keyObject, group); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_OBJECT_TYPE_IS_OPENSSL(keyObject)) { +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_object_set_eccgfp_group(openssl_keyObject, group); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_object_get_user(sss_object_t *keyObject, uint32_t *user) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_OBJECT_TYPE_IS_SSCP(keyObject)) { +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_object_get_user(sscp_keyObject, user); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_OBJECT_TYPE_IS_SE05X(keyObject)) { +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_object_get_user(se05x_keyObject, user); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_OBJECT_TYPE_IS_MBEDTLS(keyObject)) { +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_object_get_user(mbedtls_keyObject, user); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_OBJECT_TYPE_IS_OPENSSL(keyObject)) { +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_object_get_user(openssl_keyObject, user); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_object_get_purpose(sss_object_t *keyObject, sss_mode_t *purpose) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_OBJECT_TYPE_IS_SSCP(keyObject)) { +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_object_get_purpose(sscp_keyObject, purpose); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_OBJECT_TYPE_IS_SE05X(keyObject)) { +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_object_get_purpose(se05x_keyObject, purpose); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_OBJECT_TYPE_IS_MBEDTLS(keyObject)) { +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_object_get_purpose(mbedtls_keyObject, purpose); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_OBJECT_TYPE_IS_OPENSSL(keyObject)) { +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_object_get_purpose(openssl_keyObject, purpose); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_object_get_access(sss_object_t *keyObject, uint32_t *access) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_OBJECT_TYPE_IS_SSCP(keyObject)) { +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_object_get_access(sscp_keyObject, access); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_OBJECT_TYPE_IS_SE05X(keyObject)) { +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_object_get_access(se05x_keyObject, access); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_OBJECT_TYPE_IS_MBEDTLS(keyObject)) { +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_object_get_access(mbedtls_keyObject, access); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_OBJECT_TYPE_IS_OPENSSL(keyObject)) { +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_object_get_access(openssl_keyObject, access); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-void sss_key_object_free(sss_object_t *keyObject) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_OBJECT_TYPE_IS_SSCP(keyObject)) { +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- sss_sscp_key_object_free(sscp_keyObject); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_OBJECT_TYPE_IS_SE05X(keyObject)) { +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- sss_se05x_key_object_free(se05x_keyObject); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_OBJECT_TYPE_IS_MBEDTLS(keyObject)) { +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- sss_mbedtls_key_object_free(mbedtls_keyObject); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_OBJECT_TYPE_IS_OPENSSL(keyObject)) { +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- sss_openssl_key_object_free(openssl_keyObject); +- } +-#endif /* SSS_HAVE_OPENSSL */ +-} +- +-sss_status_t sss_derive_key_context_init(sss_derive_key_t *context, +- sss_session_t *session, +- sss_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- sss_sscp_derive_key_t *sscp_context = (sss_sscp_derive_key_t *)context; +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- SSS_ASSERT(sizeof(*sscp_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*sscp_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*sscp_keyObject) <= sizeof(*keyObject)); +- return sss_sscp_derive_key_context_init(sscp_context, sscp_session, sscp_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- sss_se05x_derive_key_t *se05x_context = (sss_se05x_derive_key_t *)context; +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- SSS_ASSERT(sizeof(*se05x_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*se05x_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*se05x_keyObject) <= sizeof(*keyObject)); +- return sss_se05x_derive_key_context_init(se05x_context, se05x_session, se05x_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SESSION_TYPE_IS_MBEDTLS(session)) { +- sss_mbedtls_derive_key_t *mbedtls_context = (sss_mbedtls_derive_key_t *)context; +- sss_mbedtls_session_t *mbedtls_session = (sss_mbedtls_session_t *)session; +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- SSS_ASSERT(sizeof(*mbedtls_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*mbedtls_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*mbedtls_keyObject) <= sizeof(*keyObject)); +- return sss_mbedtls_derive_key_context_init( +- mbedtls_context, mbedtls_session, mbedtls_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SESSION_TYPE_IS_OPENSSL(session)) { +- sss_openssl_derive_key_t *openssl_context = (sss_openssl_derive_key_t *)context; +- sss_openssl_session_t *openssl_session = (sss_openssl_session_t *)session; +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- SSS_ASSERT(sizeof(*openssl_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*openssl_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*openssl_keyObject) <= sizeof(*keyObject)); +- return sss_openssl_derive_key_context_init( +- openssl_context, openssl_session, openssl_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_derive_key_go(sss_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_object_t *derivedKeyObject, +- uint16_t deriveDataLen, +- uint8_t *hkdfOutput, +- size_t *hkdfOutputLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_DERIVE_KEY_TYPE_IS_SSCP(context)) { +- sss_sscp_derive_key_t *sscp_context = (sss_sscp_derive_key_t *)context; +- sss_sscp_object_t *sscp_derivedKeyObject = (sss_sscp_object_t *)derivedKeyObject; +- return sss_sscp_derive_key_go(sscp_context, +- saltData, +- saltLen, +- info, +- infoLen, +- sscp_derivedKeyObject, +- deriveDataLen, +- hkdfOutput, +- hkdfOutputLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_DERIVE_KEY_TYPE_IS_SE05X(context)) { +- sss_se05x_derive_key_t *se05x_context = (sss_se05x_derive_key_t *)context; +- sss_se05x_object_t *se05x_derivedKeyObject = (sss_se05x_object_t *)derivedKeyObject; +- return sss_se05x_derive_key_go(se05x_context, +- saltData, +- saltLen, +- info, +- infoLen, +- se05x_derivedKeyObject, +- deriveDataLen, +- hkdfOutput, +- hkdfOutputLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_DERIVE_KEY_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_derive_key_t *mbedtls_context = (sss_mbedtls_derive_key_t *)context; +- sss_mbedtls_object_t *mbedtls_derivedKeyObject = (sss_mbedtls_object_t *)derivedKeyObject; +- return sss_mbedtls_derive_key_go(mbedtls_context, +- saltData, +- saltLen, +- info, +- infoLen, +- mbedtls_derivedKeyObject, +- deriveDataLen, +- hkdfOutput, +- hkdfOutputLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_DERIVE_KEY_TYPE_IS_OPENSSL(context)) { +- sss_openssl_derive_key_t *openssl_context = (sss_openssl_derive_key_t *)context; +- sss_openssl_object_t *openssl_derivedKeyObject = (sss_openssl_object_t *)derivedKeyObject; +- return sss_openssl_derive_key_go(openssl_context, +- saltData, +- saltLen, +- info, +- infoLen, +- openssl_derivedKeyObject, +- deriveDataLen, +- hkdfOutput, +- hkdfOutputLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-/* +- Salt is public information and is passed as an array. +-*/ +-sss_status_t sss_derive_key_one_go(sss_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_object_t *derivedKeyObject, +- uint16_t deriveDataLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_DERIVE_KEY_TYPE_IS_SSCP(context)) { +- sss_sscp_derive_key_t *sscp_context = (sss_sscp_derive_key_t *)context; +- sss_sscp_object_t *sscp_derivedKeyObject = (sss_sscp_object_t *)derivedKeyObject; +- return sss_sscp_derive_key_one_go( +- sscp_context, saltData, saltLen, info, infoLen, sscp_derivedKeyObject, deriveDataLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_DERIVE_KEY_TYPE_IS_SE05X(context)) { +- sss_se05x_derive_key_t *se05x_context = (sss_se05x_derive_key_t *)context; +- sss_se05x_object_t *se05x_derivedKeyObject = (sss_se05x_object_t *)derivedKeyObject; +- return sss_se05x_derive_key_one_go( +- se05x_context, saltData, saltLen, info, infoLen, se05x_derivedKeyObject, deriveDataLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_DERIVE_KEY_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_derive_key_t *mbedtls_context = (sss_mbedtls_derive_key_t *)context; +- sss_mbedtls_object_t *mbedtls_derivedKeyObject = (sss_mbedtls_object_t *)derivedKeyObject; +- return sss_mbedtls_derive_key_one_go( +- mbedtls_context, saltData, saltLen, info, infoLen, mbedtls_derivedKeyObject, deriveDataLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_DERIVE_KEY_TYPE_IS_OPENSSL(context)) { +- sss_openssl_derive_key_t *openssl_context = (sss_openssl_derive_key_t *)context; +- sss_openssl_object_t *openssl_derivedKeyObject = (sss_openssl_object_t *)derivedKeyObject; +- return sss_openssl_derive_key_one_go( +- openssl_context, saltData, saltLen, info, infoLen, openssl_derivedKeyObject, deriveDataLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_derive_key_sobj_one_go(sss_derive_key_t *context, +- sss_object_t *saltKeyObject, +- const uint8_t *info, +- size_t infoLen, +- sss_object_t *derivedKeyObject, +- uint16_t deriveDataLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_DERIVE_KEY_TYPE_IS_SSCP(context)) { +- sss_sscp_derive_key_t *sscp_context = (sss_sscp_derive_key_t *)context; +- sss_sscp_object_t *sscp_derivedKeyObject = (sss_sscp_object_t *)derivedKeyObject; +- sss_sscp_object_t *sscp_saltKeyObject = (sss_sscp_object_t *)saltKeyObject; +- return sss_sscp_derive_key_sobj_one_go( +- sscp_context, sscp_saltKeyObject, info, infoLen, sscp_derivedKeyObject, deriveDataLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_DERIVE_KEY_TYPE_IS_SE05X(context)) { +- sss_se05x_derive_key_t *se05x_context = (sss_se05x_derive_key_t *)context; +- sss_se05x_object_t *se05x_derivedKeyObject = (sss_se05x_object_t *)derivedKeyObject; +- sss_se05x_object_t *se05x_saltKeyObject = (sss_se05x_object_t *)saltKeyObject; +- return sss_se05x_derive_key_sobj_one_go( +- se05x_context, se05x_saltKeyObject, info, infoLen, se05x_derivedKeyObject, deriveDataLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_DERIVE_KEY_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_derive_key_t *mbedtls_context = (sss_mbedtls_derive_key_t *)context; +- sss_mbedtls_object_t *mbedtls_derivedKeyObject = (sss_mbedtls_object_t *)derivedKeyObject; +- sss_mbedtls_object_t *mbedtls_saltKeyObject = (sss_mbedtls_object_t *)saltKeyObject; +- return sss_mbedtls_derive_key_sobj_one_go( +- mbedtls_context, mbedtls_saltKeyObject, info, infoLen, mbedtls_derivedKeyObject, deriveDataLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_DERIVE_KEY_TYPE_IS_OPENSSL(context)) { +- sss_openssl_derive_key_t *openssl_context = (sss_openssl_derive_key_t *)context; +- sss_openssl_object_t *openssl_derivedKeyObject = (sss_openssl_object_t *)derivedKeyObject; +- sss_openssl_object_t *openssl_saltKeyObject = (sss_openssl_object_t *)saltKeyObject; +- return sss_openssl_derive_key_sobj_one_go( +- openssl_context, openssl_saltKeyObject, info, infoLen, openssl_derivedKeyObject, deriveDataLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_derive_key_dh( +- sss_derive_key_t *context, sss_object_t *otherPartyKeyObject, sss_object_t *derivedKeyObject) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_DERIVE_KEY_TYPE_IS_SSCP(context)) { +- sss_sscp_derive_key_t *sscp_context = (sss_sscp_derive_key_t *)context; +- sss_sscp_object_t *sscp_otherPartyKeyObject = (sss_sscp_object_t *)otherPartyKeyObject; +- sss_sscp_object_t *sscp_derivedKeyObject = (sss_sscp_object_t *)derivedKeyObject; +- return sss_sscp_derive_key_dh(sscp_context, sscp_otherPartyKeyObject, sscp_derivedKeyObject); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_DERIVE_KEY_TYPE_IS_SE05X(context)) { +- sss_se05x_derive_key_t *se05x_context = (sss_se05x_derive_key_t *)context; +- sss_se05x_object_t *se05x_otherPartyKeyObject = (sss_se05x_object_t *)otherPartyKeyObject; +- sss_se05x_object_t *se05x_derivedKeyObject = (sss_se05x_object_t *)derivedKeyObject; +- return sss_se05x_derive_key_dh(se05x_context, se05x_otherPartyKeyObject, se05x_derivedKeyObject); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_DERIVE_KEY_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_derive_key_t *mbedtls_context = (sss_mbedtls_derive_key_t *)context; +- sss_mbedtls_object_t *mbedtls_otherPartyKeyObject = (sss_mbedtls_object_t *)otherPartyKeyObject; +- sss_mbedtls_object_t *mbedtls_derivedKeyObject = (sss_mbedtls_object_t *)derivedKeyObject; +- return sss_mbedtls_derive_key_dh(mbedtls_context, mbedtls_otherPartyKeyObject, mbedtls_derivedKeyObject); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_DERIVE_KEY_TYPE_IS_OPENSSL(context)) { +- sss_openssl_derive_key_t *openssl_context = (sss_openssl_derive_key_t *)context; +- sss_openssl_object_t *openssl_otherPartyKeyObject = (sss_openssl_object_t *)otherPartyKeyObject; +- sss_openssl_object_t *openssl_derivedKeyObject = (sss_openssl_object_t *)derivedKeyObject; +- return sss_openssl_derive_key_dh(openssl_context, openssl_otherPartyKeyObject, openssl_derivedKeyObject); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-void sss_derive_key_context_free(sss_derive_key_t *context) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_DERIVE_KEY_TYPE_IS_SSCP(context)) { +- sss_sscp_derive_key_t *sscp_context = (sss_sscp_derive_key_t *)context; +- sss_sscp_derive_key_context_free(sscp_context); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_DERIVE_KEY_TYPE_IS_SE05X(context)) { +- sss_se05x_derive_key_t *se05x_context = (sss_se05x_derive_key_t *)context; +- sss_se05x_derive_key_context_free(se05x_context); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_DERIVE_KEY_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_derive_key_t *mbedtls_context = (sss_mbedtls_derive_key_t *)context; +- sss_mbedtls_derive_key_context_free(mbedtls_context); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_DERIVE_KEY_TYPE_IS_OPENSSL(context)) { +- sss_openssl_derive_key_t *openssl_context = (sss_openssl_derive_key_t *)context; +- sss_openssl_derive_key_context_free(openssl_context); +- } +-#endif /* SSS_HAVE_OPENSSL */ +-} +- +-sss_status_t sss_key_store_context_init(sss_key_store_t *keyStore, sss_session_t *session) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- sss_sscp_key_store_t *sscp_keyStore = (sss_sscp_key_store_t *)keyStore; +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- SSS_ASSERT(sizeof(*sscp_keyStore) <= sizeof(*keyStore)); +- SSS_ASSERT(sizeof(*sscp_session) <= sizeof(*session)); +- return sss_sscp_key_store_context_init(sscp_keyStore, sscp_session); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- sss_se05x_key_store_t *se05x_keyStore = (sss_se05x_key_store_t *)keyStore; +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- SSS_ASSERT(sizeof(*se05x_keyStore) <= sizeof(*keyStore)); +- SSS_ASSERT(sizeof(*se05x_session) <= sizeof(*session)); +- return sss_se05x_key_store_context_init(se05x_keyStore, se05x_session); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SESSION_TYPE_IS_MBEDTLS(session)) { +- sss_mbedtls_key_store_t *mbedtls_keyStore = (sss_mbedtls_key_store_t *)keyStore; +- sss_mbedtls_session_t *mbedtls_session = (sss_mbedtls_session_t *)session; +- SSS_ASSERT(sizeof(*mbedtls_keyStore) <= sizeof(*keyStore)); +- SSS_ASSERT(sizeof(*mbedtls_session) <= sizeof(*session)); +- return sss_mbedtls_key_store_context_init(mbedtls_keyStore, mbedtls_session); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SESSION_TYPE_IS_OPENSSL(session)) { +- sss_openssl_key_store_t *openssl_keyStore = (sss_openssl_key_store_t *)keyStore; +- sss_openssl_session_t *openssl_session = (sss_openssl_session_t *)session; +- SSS_ASSERT(sizeof(*openssl_keyStore) <= sizeof(*keyStore)); +- SSS_ASSERT(sizeof(*openssl_session) <= sizeof(*session)); +- return sss_openssl_key_store_context_init(openssl_keyStore, openssl_session); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_store_allocate(sss_key_store_t *keyStore, uint32_t keyStoreId) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_KEY_STORE_TYPE_IS_SSCP(keyStore)) { +- sss_sscp_key_store_t *sscp_keyStore = (sss_sscp_key_store_t *)keyStore; +- return sss_sscp_key_store_allocate(sscp_keyStore, keyStoreId); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_KEY_STORE_TYPE_IS_SE05X(keyStore)) { +- sss_se05x_key_store_t *se05x_keyStore = (sss_se05x_key_store_t *)keyStore; +- return sss_se05x_key_store_allocate(se05x_keyStore, keyStoreId); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore)) { +- sss_mbedtls_key_store_t *mbedtls_keyStore = (sss_mbedtls_key_store_t *)keyStore; +- return sss_mbedtls_key_store_allocate(mbedtls_keyStore, keyStoreId); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore)) { +- sss_openssl_key_store_t *openssl_keyStore = (sss_openssl_key_store_t *)keyStore; +- return sss_openssl_key_store_allocate(openssl_keyStore, keyStoreId); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_store_save(sss_key_store_t *keyStore) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_KEY_STORE_TYPE_IS_SSCP(keyStore)) { +- sss_sscp_key_store_t *sscp_keyStore = (sss_sscp_key_store_t *)keyStore; +- return sss_sscp_key_store_save(sscp_keyStore); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_KEY_STORE_TYPE_IS_SE05X(keyStore)) { +- sss_se05x_key_store_t *se05x_keyStore = (sss_se05x_key_store_t *)keyStore; +- return sss_se05x_key_store_save(se05x_keyStore); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore)) { +- sss_mbedtls_key_store_t *mbedtls_keyStore = (sss_mbedtls_key_store_t *)keyStore; +- return sss_mbedtls_key_store_save(mbedtls_keyStore); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore)) { +- sss_openssl_key_store_t *openssl_keyStore = (sss_openssl_key_store_t *)keyStore; +- return sss_openssl_key_store_save(openssl_keyStore); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_store_load(sss_key_store_t *keyStore) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_KEY_STORE_TYPE_IS_SSCP(keyStore)) { +- sss_sscp_key_store_t *sscp_keyStore = (sss_sscp_key_store_t *)keyStore; +- return sss_sscp_key_store_load(sscp_keyStore); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_KEY_STORE_TYPE_IS_SE05X(keyStore)) { +- sss_se05x_key_store_t *se05x_keyStore = (sss_se05x_key_store_t *)keyStore; +- return sss_se05x_key_store_load(se05x_keyStore); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore)) { +- sss_mbedtls_key_store_t *mbedtls_keyStore = (sss_mbedtls_key_store_t *)keyStore; +- return sss_mbedtls_key_store_load(mbedtls_keyStore); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore)) { +- sss_openssl_key_store_t *openssl_keyStore = (sss_openssl_key_store_t *)keyStore; +- return sss_openssl_key_store_load(openssl_keyStore); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_store_set_key(sss_key_store_t *keyStore, +- sss_object_t *keyObject, +- const uint8_t *data, +- size_t dataLen, +- size_t keyBitLen, +- void *options, +- size_t optionsLen) +-{ +- LOG_D("sss_key_store_set_key(@%08X, cipherType=%s, keyBitLen=%d)", +- keyObject->keyId, +- sss_cipher_type_sz(keyObject->cipherType), +- keyBitLen); +-#if SSS_HAVE_SSCP +- if (SSS_KEY_STORE_TYPE_IS_SSCP(keyStore)) { +- sss_sscp_key_store_t *sscp_keyStore = (sss_sscp_key_store_t *)keyStore; +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_store_set_key(sscp_keyStore, sscp_keyObject, data, dataLen, keyBitLen, options, optionsLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT && SSSFTR_SE05X_KEY_SET +- if (SSS_KEY_STORE_TYPE_IS_SE05X(keyStore)) { +- sss_se05x_key_store_t *se05x_keyStore = (sss_se05x_key_store_t *)keyStore; +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_store_set_key( +- se05x_keyStore, se05x_keyObject, data, dataLen, keyBitLen, options, optionsLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore)) { +- sss_mbedtls_key_store_t *mbedtls_keyStore = (sss_mbedtls_key_store_t *)keyStore; +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_store_set_key( +- mbedtls_keyStore, mbedtls_keyObject, data, dataLen, keyBitLen, options, optionsLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore)) { +- sss_openssl_key_store_t *openssl_keyStore = (sss_openssl_key_store_t *)keyStore; +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_store_set_key( +- openssl_keyStore, openssl_keyObject, data, dataLen, keyBitLen, options, optionsLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_store_generate_key( +- sss_key_store_t *keyStore, sss_object_t *keyObject, size_t keyBitLen, void *options) +-{ +- LOG_D("sss_key_store_generate_key(@%08X, cipherType=%s, keyBitLen=%d)", +- keyObject->keyId, +- sss_cipher_type_sz(keyObject->cipherType), +- keyBitLen); +-#if SSS_HAVE_SSCP +- if (SSS_KEY_STORE_TYPE_IS_SSCP(keyStore)) { +- sss_sscp_key_store_t *sscp_keyStore = (sss_sscp_key_store_t *)keyStore; +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_store_generate_key(sscp_keyStore, sscp_keyObject, keyBitLen, options); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_KEY_STORE_TYPE_IS_SE05X(keyStore)) { +- sss_se05x_key_store_t *se05x_keyStore = (sss_se05x_key_store_t *)keyStore; +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_store_generate_key(se05x_keyStore, se05x_keyObject, keyBitLen, options); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore)) { +- sss_mbedtls_key_store_t *mbedtls_keyStore = (sss_mbedtls_key_store_t *)keyStore; +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_store_generate_key(mbedtls_keyStore, mbedtls_keyObject, keyBitLen, options); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore)) { +- sss_openssl_key_store_t *openssl_keyStore = (sss_openssl_key_store_t *)keyStore; +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_store_generate_key(openssl_keyStore, openssl_keyObject, keyBitLen, options); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_store_get_key( +- sss_key_store_t *keyStore, sss_object_t *keyObject, uint8_t *data, size_t *dataLen, size_t *pKeyBitLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_KEY_STORE_TYPE_IS_SSCP(keyStore)) { +- sss_sscp_key_store_t *sscp_keyStore = (sss_sscp_key_store_t *)keyStore; +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_store_get_key(sscp_keyStore, sscp_keyObject, data, dataLen, pKeyBitLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT && SSSFTR_SE05X_KEY_GET +- if (SSS_KEY_STORE_TYPE_IS_SE05X(keyStore)) { +- sss_se05x_key_store_t *se05x_keyStore = (sss_se05x_key_store_t *)keyStore; +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_store_get_key(se05x_keyStore, se05x_keyObject, data, dataLen, pKeyBitLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore)) { +- sss_mbedtls_key_store_t *mbedtls_keyStore = (sss_mbedtls_key_store_t *)keyStore; +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_store_get_key(mbedtls_keyStore, mbedtls_keyObject, data, dataLen, pKeyBitLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore)) { +- sss_openssl_key_store_t *openssl_keyStore = (sss_openssl_key_store_t *)keyStore; +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_store_get_key(openssl_keyStore, openssl_keyObject, data, dataLen, pKeyBitLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_store_open_key(sss_key_store_t *keyStore, sss_object_t *keyObject) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_KEY_STORE_TYPE_IS_SSCP(keyStore)) { +- sss_sscp_key_store_t *sscp_keyStore = (sss_sscp_key_store_t *)keyStore; +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_store_open_key(sscp_keyStore, sscp_keyObject); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_KEY_STORE_TYPE_IS_SE05X(keyStore)) { +- sss_se05x_key_store_t *se05x_keyStore = (sss_se05x_key_store_t *)keyStore; +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_store_open_key(se05x_keyStore, se05x_keyObject); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore)) { +- sss_mbedtls_key_store_t *mbedtls_keyStore = (sss_mbedtls_key_store_t *)keyStore; +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_store_open_key(mbedtls_keyStore, mbedtls_keyObject); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore)) { +- sss_openssl_key_store_t *openssl_keyStore = (sss_openssl_key_store_t *)keyStore; +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_store_open_key(openssl_keyStore, openssl_keyObject); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_store_freeze_key(sss_key_store_t *keyStore, sss_object_t *keyObject) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_KEY_STORE_TYPE_IS_SSCP(keyStore)) { +- sss_sscp_key_store_t *sscp_keyStore = (sss_sscp_key_store_t *)keyStore; +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_store_freeze_key(sscp_keyStore, sscp_keyObject); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_KEY_STORE_TYPE_IS_SE05X(keyStore)) { +- sss_se05x_key_store_t *se05x_keyStore = (sss_se05x_key_store_t *)keyStore; +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_store_freeze_key(se05x_keyStore, se05x_keyObject); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore)) { +- sss_mbedtls_key_store_t *mbedtls_keyStore = (sss_mbedtls_key_store_t *)keyStore; +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_store_freeze_key(mbedtls_keyStore, mbedtls_keyObject); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore)) { +- sss_openssl_key_store_t *openssl_keyStore = (sss_openssl_key_store_t *)keyStore; +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_store_freeze_key(openssl_keyStore, openssl_keyObject); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_key_store_erase_key(sss_key_store_t *keyStore, sss_object_t *keyObject) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_KEY_STORE_TYPE_IS_SSCP(keyStore)) { +- sss_sscp_key_store_t *sscp_keyStore = (sss_sscp_key_store_t *)keyStore; +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- return sss_sscp_key_store_erase_key(sscp_keyStore, sscp_keyObject); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_KEY_STORE_TYPE_IS_SE05X(keyStore)) { +- sss_se05x_key_store_t *se05x_keyStore = (sss_se05x_key_store_t *)keyStore; +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- return sss_se05x_key_store_erase_key(se05x_keyStore, se05x_keyObject); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore)) { +- sss_mbedtls_key_store_t *mbedtls_keyStore = (sss_mbedtls_key_store_t *)keyStore; +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- return sss_mbedtls_key_store_erase_key(mbedtls_keyStore, mbedtls_keyObject); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore)) { +- sss_openssl_key_store_t *openssl_keyStore = (sss_openssl_key_store_t *)keyStore; +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- return sss_openssl_key_store_erase_key(openssl_keyStore, openssl_keyObject); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-void sss_key_store_context_free(sss_key_store_t *keyStore) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_KEY_STORE_TYPE_IS_SSCP(keyStore)) { +- sss_sscp_key_store_t *sscp_keyStore = (sss_sscp_key_store_t *)keyStore; +- sss_sscp_key_store_context_free(sscp_keyStore); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_KEY_STORE_TYPE_IS_SE05X(keyStore)) { +- sss_se05x_key_store_t *se05x_keyStore = (sss_se05x_key_store_t *)keyStore; +- sss_se05x_key_store_context_free(se05x_keyStore); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_KEY_STORE_TYPE_IS_MBEDTLS(keyStore)) { +- sss_mbedtls_key_store_t *mbedtls_keyStore = (sss_mbedtls_key_store_t *)keyStore; +- sss_mbedtls_key_store_context_free(mbedtls_keyStore); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_KEY_STORE_TYPE_IS_OPENSSL(keyStore)) { +- sss_openssl_key_store_t *openssl_keyStore = (sss_openssl_key_store_t *)keyStore; +- sss_openssl_key_store_context_free(openssl_keyStore); +- } +-#endif /* SSS_HAVE_OPENSSL */ +-} +- +-sss_status_t sss_asymmetric_context_init(sss_asymmetric_t *context, +- sss_session_t *session, +- sss_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- sss_sscp_asymmetric_t *sscp_context = (sss_sscp_asymmetric_t *)context; +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- SSS_ASSERT(sizeof(*sscp_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*sscp_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*sscp_keyObject) <= sizeof(*keyObject)); +- return sss_sscp_asymmetric_context_init(sscp_context, sscp_session, sscp_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- sss_se05x_asymmetric_t *se05x_context = (sss_se05x_asymmetric_t *)context; +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- SSS_ASSERT(sizeof(*se05x_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*se05x_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*se05x_keyObject) <= sizeof(*keyObject)); +- return sss_se05x_asymmetric_context_init(se05x_context, se05x_session, se05x_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SESSION_TYPE_IS_MBEDTLS(session)) { +- sss_mbedtls_asymmetric_t *mbedtls_context = (sss_mbedtls_asymmetric_t *)context; +- sss_mbedtls_session_t *mbedtls_session = (sss_mbedtls_session_t *)session; +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- SSS_ASSERT(sizeof(*mbedtls_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*mbedtls_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*mbedtls_keyObject) <= sizeof(*keyObject)); +- return sss_mbedtls_asymmetric_context_init( +- mbedtls_context, mbedtls_session, mbedtls_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SESSION_TYPE_IS_OPENSSL(session)) { +- sss_openssl_asymmetric_t *openssl_context = (sss_openssl_asymmetric_t *)context; +- sss_openssl_session_t *openssl_session = (sss_openssl_session_t *)session; +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- SSS_ASSERT(sizeof(*openssl_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*openssl_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*openssl_keyObject) <= sizeof(*keyObject)); +- return sss_openssl_asymmetric_context_init( +- openssl_context, openssl_session, openssl_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_asymmetric_encrypt( +- sss_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_ASYMMETRIC_TYPE_IS_SSCP(context)) { +- sss_sscp_asymmetric_t *sscp_context = (sss_sscp_asymmetric_t *)context; +- return sss_sscp_asymmetric_encrypt(sscp_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_ASYMMETRIC_TYPE_IS_SE05X(context)) { +- sss_se05x_asymmetric_t *se05x_context = (sss_se05x_asymmetric_t *)context; +- return sss_se05x_asymmetric_encrypt(se05x_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_ASYMMETRIC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_asymmetric_t *mbedtls_context = (sss_mbedtls_asymmetric_t *)context; +- return sss_mbedtls_asymmetric_encrypt(mbedtls_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_ASYMMETRIC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_asymmetric_t *openssl_context = (sss_openssl_asymmetric_t *)context; +- return sss_openssl_asymmetric_encrypt(openssl_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_asymmetric_decrypt( +- sss_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_ASYMMETRIC_TYPE_IS_SSCP(context)) { +- sss_sscp_asymmetric_t *sscp_context = (sss_sscp_asymmetric_t *)context; +- return sss_sscp_asymmetric_decrypt(sscp_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_ASYMMETRIC_TYPE_IS_SE05X(context)) { +- sss_se05x_asymmetric_t *se05x_context = (sss_se05x_asymmetric_t *)context; +- return sss_se05x_asymmetric_decrypt(se05x_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_ASYMMETRIC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_asymmetric_t *mbedtls_context = (sss_mbedtls_asymmetric_t *)context; +- return sss_mbedtls_asymmetric_decrypt(mbedtls_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_ASYMMETRIC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_asymmetric_t *openssl_context = (sss_openssl_asymmetric_t *)context; +- return sss_openssl_asymmetric_decrypt(openssl_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_asymmetric_sign_digest( +- sss_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_ASYMMETRIC_TYPE_IS_SSCP(context)) { +- sss_sscp_asymmetric_t *sscp_context = (sss_sscp_asymmetric_t *)context; +- return sss_sscp_asymmetric_sign_digest(sscp_context, digest, digestLen, signature, signatureLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_ASYMMETRIC_TYPE_IS_SE05X(context)) { +- sss_se05x_asymmetric_t *se05x_context = (sss_se05x_asymmetric_t *)context; +- return sss_se05x_asymmetric_sign_digest(se05x_context, digest, digestLen, signature, signatureLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_ASYMMETRIC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_asymmetric_t *mbedtls_context = (sss_mbedtls_asymmetric_t *)context; +- return sss_mbedtls_asymmetric_sign_digest(mbedtls_context, digest, digestLen, signature, signatureLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_ASYMMETRIC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_asymmetric_t *openssl_context = (sss_openssl_asymmetric_t *)context; +- return sss_openssl_asymmetric_sign_digest(openssl_context, digest, digestLen, signature, signatureLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_asymmetric_verify_digest( +- sss_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_ASYMMETRIC_TYPE_IS_SSCP(context)) { +- sss_sscp_asymmetric_t *sscp_context = (sss_sscp_asymmetric_t *)context; +- return sss_sscp_asymmetric_verify_digest(sscp_context, digest, digestLen, signature, signatureLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_ASYMMETRIC_TYPE_IS_SE05X(context)) { +- sss_se05x_asymmetric_t *se05x_context = (sss_se05x_asymmetric_t *)context; +- return sss_se05x_asymmetric_verify_digest(se05x_context, digest, digestLen, signature, signatureLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_ASYMMETRIC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_asymmetric_t *mbedtls_context = (sss_mbedtls_asymmetric_t *)context; +- return sss_mbedtls_asymmetric_verify_digest(mbedtls_context, digest, digestLen, signature, signatureLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_ASYMMETRIC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_asymmetric_t *openssl_context = (sss_openssl_asymmetric_t *)context; +- return sss_openssl_asymmetric_verify_digest(openssl_context, digest, digestLen, signature, signatureLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-void sss_asymmetric_context_free(sss_asymmetric_t *context) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_ASYMMETRIC_TYPE_IS_SSCP(context)) { +- sss_sscp_asymmetric_t *sscp_context = (sss_sscp_asymmetric_t *)context; +- sss_sscp_asymmetric_context_free(sscp_context); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_ASYMMETRIC_TYPE_IS_SE05X(context)) { +- sss_se05x_asymmetric_t *se05x_context = (sss_se05x_asymmetric_t *)context; +- sss_se05x_asymmetric_context_free(se05x_context); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_ASYMMETRIC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_asymmetric_t *mbedtls_context = (sss_mbedtls_asymmetric_t *)context; +- sss_mbedtls_asymmetric_context_free(mbedtls_context); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_ASYMMETRIC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_asymmetric_t *openssl_context = (sss_openssl_asymmetric_t *)context; +- sss_openssl_asymmetric_context_free(openssl_context); +- } +-#endif /* SSS_HAVE_OPENSSL */ +-} +- +-sss_status_t sss_symmetric_context_init(sss_symmetric_t *context, +- sss_session_t *session, +- sss_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- LOG_D("FN: %s", __FUNCTION__); +- LOG_D("Input:algorithm %02x", algorithm); +- LOG_D("Input:mode %02x", mode); +- +-#if SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- sss_sscp_symmetric_t *sscp_context = (sss_sscp_symmetric_t *)context; +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- SSS_ASSERT(sizeof(*sscp_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*sscp_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*sscp_keyObject) <= sizeof(*keyObject)); +- return sss_sscp_symmetric_context_init(sscp_context, sscp_session, sscp_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT && SSSFTR_SE05X_AES +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- sss_se05x_symmetric_t *se05x_context = (sss_se05x_symmetric_t *)context; +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- SSS_ASSERT(sizeof(*se05x_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*se05x_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*se05x_keyObject) <= sizeof(*keyObject)); +- return sss_se05x_symmetric_context_init(se05x_context, se05x_session, se05x_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SESSION_TYPE_IS_MBEDTLS(session)) { +- sss_mbedtls_symmetric_t *mbedtls_context = (sss_mbedtls_symmetric_t *)context; +- sss_mbedtls_session_t *mbedtls_session = (sss_mbedtls_session_t *)session; +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- SSS_ASSERT(sizeof(*mbedtls_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*mbedtls_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*mbedtls_keyObject) <= sizeof(*keyObject)); +- return sss_mbedtls_symmetric_context_init(mbedtls_context, mbedtls_session, mbedtls_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SESSION_TYPE_IS_OPENSSL(session)) { +- sss_openssl_symmetric_t *openssl_context = (sss_openssl_symmetric_t *)context; +- sss_openssl_session_t *openssl_session = (sss_openssl_session_t *)session; +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- SSS_ASSERT(sizeof(*openssl_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*openssl_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*openssl_keyObject) <= sizeof(*keyObject)); +- return sss_openssl_symmetric_context_init(openssl_context, openssl_session, openssl_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_cipher_one_go( +- sss_symmetric_t *context, uint8_t *iv, size_t ivLen, const uint8_t *srcData, uint8_t *destData, size_t dataLen) +-{ +- LOG_D("FN: %s", __FUNCTION__); +- LOG_MAU8_D(" Input: IV", iv, ivLen); +- LOG_MAU8_D(" Input: srcData", srcData, dataLen); +-#if SSS_HAVE_SSCP +- if (SSS_SYMMETRIC_TYPE_IS_SSCP(context)) { +- sss_sscp_symmetric_t *sscp_context = (sss_sscp_symmetric_t *)context; +- return sss_sscp_cipher_one_go(sscp_context, iv, ivLen, srcData, destData, dataLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT && SSSFTR_SE05X_AES +- if (SSS_SYMMETRIC_TYPE_IS_SE05X(context)) { +- sss_se05x_symmetric_t *se05x_context = (sss_se05x_symmetric_t *)context; +- return sss_se05x_cipher_one_go(se05x_context, iv, ivLen, srcData, destData, dataLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SYMMETRIC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_symmetric_t *mbedtls_context = (sss_mbedtls_symmetric_t *)context; +- return sss_mbedtls_cipher_one_go(mbedtls_context, iv, ivLen, srcData, destData, dataLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SYMMETRIC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_symmetric_t *openssl_context = (sss_openssl_symmetric_t *)context; +- return sss_openssl_cipher_one_go(openssl_context, iv, ivLen, srcData, destData, dataLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_cipher_init(sss_symmetric_t *context, uint8_t *iv, size_t ivLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SYMMETRIC_TYPE_IS_SSCP(context)) { +- sss_sscp_symmetric_t *sscp_context = (sss_sscp_symmetric_t *)context; +- SSS_ASSERT(sizeof(*sscp_context) <= sizeof(*context)); +- return sss_sscp_cipher_init(sscp_context, iv, ivLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SYMMETRIC_TYPE_IS_SE05X(context)) { +- sss_se05x_symmetric_t *se05x_context = (sss_se05x_symmetric_t *)context; +- SSS_ASSERT(sizeof(*se05x_context) <= sizeof(*context)); +- return sss_se05x_cipher_init(se05x_context, iv, ivLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SYMMETRIC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_symmetric_t *mbedtls_context = (sss_mbedtls_symmetric_t *)context; +- SSS_ASSERT(sizeof(*mbedtls_context) <= sizeof(*context)); +- return sss_mbedtls_cipher_init(mbedtls_context, iv, ivLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SYMMETRIC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_symmetric_t *openssl_context = (sss_openssl_symmetric_t *)context; +- SSS_ASSERT(sizeof(*openssl_context) <= sizeof(*context)); +- return sss_openssl_cipher_init(openssl_context, iv, ivLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_cipher_update( +- sss_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SYMMETRIC_TYPE_IS_SSCP(context)) { +- sss_sscp_symmetric_t *sscp_context = (sss_sscp_symmetric_t *)context; +- return sss_sscp_cipher_update(sscp_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SYMMETRIC_TYPE_IS_SE05X(context)) { +- sss_se05x_symmetric_t *se05x_context = (sss_se05x_symmetric_t *)context; +- return sss_se05x_cipher_update(se05x_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SYMMETRIC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_symmetric_t *mbedtls_context = (sss_mbedtls_symmetric_t *)context; +- return sss_mbedtls_cipher_update(mbedtls_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SYMMETRIC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_symmetric_t *openssl_context = (sss_openssl_symmetric_t *)context; +- return sss_openssl_cipher_update(openssl_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_cipher_finish( +- sss_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SYMMETRIC_TYPE_IS_SSCP(context)) { +- sss_sscp_symmetric_t *sscp_context = (sss_sscp_symmetric_t *)context; +- return sss_sscp_cipher_finish(sscp_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SYMMETRIC_TYPE_IS_SE05X(context)) { +- sss_se05x_symmetric_t *se05x_context = (sss_se05x_symmetric_t *)context; +- return sss_se05x_cipher_finish(se05x_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SYMMETRIC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_symmetric_t *mbedtls_context = (sss_mbedtls_symmetric_t *)context; +- return sss_mbedtls_cipher_finish(mbedtls_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SYMMETRIC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_symmetric_t *openssl_context = (sss_openssl_symmetric_t *)context; +- return sss_openssl_cipher_finish(openssl_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_cipher_crypt_ctr(sss_symmetric_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *initialCounter, +- uint8_t *lastEncryptedCounter, +- size_t *szLeft) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SYMMETRIC_TYPE_IS_SSCP(context)) { +- sss_sscp_symmetric_t *sscp_context = (sss_sscp_symmetric_t *)context; +- return sss_sscp_cipher_crypt_ctr( +- sscp_context, srcData, destData, size, initialCounter, lastEncryptedCounter, szLeft); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SYMMETRIC_TYPE_IS_SE05X(context)) { +- sss_se05x_symmetric_t *se05x_context = (sss_se05x_symmetric_t *)context; +- return sss_se05x_cipher_crypt_ctr( +- se05x_context, srcData, destData, size, initialCounter, lastEncryptedCounter, szLeft); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SYMMETRIC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_symmetric_t *mbedtls_context = (sss_mbedtls_symmetric_t *)context; +- return sss_mbedtls_cipher_crypt_ctr( +- mbedtls_context, srcData, destData, size, initialCounter, lastEncryptedCounter, szLeft); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SYMMETRIC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_symmetric_t *openssl_context = (sss_openssl_symmetric_t *)context; +- return sss_openssl_cipher_crypt_ctr( +- openssl_context, srcData, destData, size, initialCounter, lastEncryptedCounter, szLeft); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-void sss_symmetric_context_free(sss_symmetric_t *context) +-{ +- LOG_D("FN: %s", __FUNCTION__); +-#if SSS_HAVE_SSCP +- if (SSS_SYMMETRIC_TYPE_IS_SSCP(context)) { +- sss_sscp_symmetric_t *sscp_context = (sss_sscp_symmetric_t *)context; +- sss_sscp_symmetric_context_free(sscp_context); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SYMMETRIC_TYPE_IS_SE05X(context)) { +- sss_se05x_symmetric_t *se05x_context = (sss_se05x_symmetric_t *)context; +- sss_se05x_symmetric_context_free(se05x_context); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SYMMETRIC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_symmetric_t *mbedtls_context = (sss_mbedtls_symmetric_t *)context; +- sss_mbedtls_symmetric_context_free(mbedtls_context); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SYMMETRIC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_symmetric_t *openssl_context = (sss_openssl_symmetric_t *)context; +- sss_openssl_symmetric_context_free(openssl_context); +- } +-#endif /* SSS_HAVE_OPENSSL */ +-} +- +-sss_status_t sss_aead_context_init( +- sss_aead_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- sss_sscp_aead_t *sscp_context = (sss_sscp_aead_t *)context; +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- SSS_ASSERT(sizeof(*sscp_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*sscp_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*sscp_keyObject) <= sizeof(*keyObject)); +- return sss_sscp_aead_context_init(sscp_context, sscp_session, sscp_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- sss_se05x_aead_t *se05x_context = (sss_se05x_aead_t *)context; +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- SSS_ASSERT(sizeof(*se05x_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*se05x_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*se05x_keyObject) <= sizeof(*keyObject)); +- return sss_se05x_aead_context_init(se05x_context, se05x_session, se05x_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SESSION_TYPE_IS_MBEDTLS(session)) { +- sss_mbedtls_aead_t *mbedtls_context = (sss_mbedtls_aead_t *)context; +- sss_mbedtls_session_t *mbedtls_session = (sss_mbedtls_session_t *)session; +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- SSS_ASSERT(sizeof(*mbedtls_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*mbedtls_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*mbedtls_keyObject) <= sizeof(*keyObject)); +- return sss_mbedtls_aead_context_init(mbedtls_context, mbedtls_session, mbedtls_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SESSION_TYPE_IS_OPENSSL(session)) { +- sss_openssl_aead_t *openssl_context = (sss_openssl_aead_t *)context; +- sss_openssl_session_t *openssl_session = (sss_openssl_session_t *)session; +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- SSS_ASSERT(sizeof(*openssl_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*openssl_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*openssl_keyObject) <= sizeof(*keyObject)); +- return sss_openssl_aead_context_init(openssl_context, openssl_session, openssl_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_aead_one_go(sss_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_AEAD_TYPE_IS_SSCP(context)) { +- sss_sscp_aead_t *sscp_context = (sss_sscp_aead_t *)context; +- return sss_sscp_aead_one_go(sscp_context, srcData, destData, size, nonce, nonceLen, aad, aadLen, tag, tagLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_AEAD_TYPE_IS_SE05X(context)) { +- sss_se05x_aead_t *se05x_context = (sss_se05x_aead_t *)context; +- return sss_se05x_aead_one_go(se05x_context, srcData, destData, size, nonce, nonceLen, aad, aadLen, tag, tagLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_AEAD_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_aead_t *mbedtls_context = (sss_mbedtls_aead_t *)context; +- return sss_mbedtls_aead_one_go( +- mbedtls_context, srcData, destData, size, nonce, nonceLen, aad, aadLen, tag, tagLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_AEAD_TYPE_IS_OPENSSL(context)) { +- sss_openssl_aead_t *openssl_context = (sss_openssl_aead_t *)context; +- return sss_openssl_aead_one_go( +- openssl_context, srcData, destData, size, nonce, nonceLen, aad, aadLen, tag, tagLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_aead_init( +- sss_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_AEAD_TYPE_IS_SSCP(context)) { +- sss_sscp_aead_t *sscp_context = (sss_sscp_aead_t *)context; +- SSS_ASSERT(sizeof(*sscp_context) <= sizeof(*context)); +- return sss_sscp_aead_init(sscp_context, nonce, nonceLen, tagLen, aadLen, payloadLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_AEAD_TYPE_IS_SE05X(context)) { +- sss_se05x_aead_t *se05x_context = (sss_se05x_aead_t *)context; +- SSS_ASSERT(sizeof(*se05x_context) <= sizeof(*context)); +- return sss_se05x_aead_init(se05x_context, nonce, nonceLen, tagLen, aadLen, payloadLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_AEAD_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_aead_t *mbedtls_context = (sss_mbedtls_aead_t *)context; +- SSS_ASSERT(sizeof(*mbedtls_context) <= sizeof(*context)); +- return sss_mbedtls_aead_init(mbedtls_context, nonce, nonceLen, tagLen, aadLen, payloadLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_AEAD_TYPE_IS_OPENSSL(context)) { +- sss_openssl_aead_t *openssl_context = (sss_openssl_aead_t *)context; +- SSS_ASSERT(sizeof(*openssl_context) <= sizeof(*context)); +- return sss_openssl_aead_init(openssl_context, nonce, nonceLen, tagLen, aadLen, payloadLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_aead_update_aad(sss_aead_t *context, const uint8_t *aadData, size_t aadDataLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_AEAD_TYPE_IS_SSCP(context)) { +- sss_sscp_aead_t *sscp_context = (sss_sscp_aead_t *)context; +- return sss_sscp_aead_update_aad(sscp_context, aadData, aadDataLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_AEAD_TYPE_IS_SE05X(context)) { +- sss_se05x_aead_t *se05x_context = (sss_se05x_aead_t *)context; +- return sss_se05x_aead_update_aad(se05x_context, aadData, aadDataLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_AEAD_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_aead_t *mbedtls_context = (sss_mbedtls_aead_t *)context; +- return sss_mbedtls_aead_update_aad(mbedtls_context, aadData, aadDataLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_AEAD_TYPE_IS_OPENSSL(context)) { +- sss_openssl_aead_t *openssl_context = (sss_openssl_aead_t *)context; +- return sss_openssl_aead_update_aad(openssl_context, aadData, aadDataLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_aead_update( +- sss_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_AEAD_TYPE_IS_SSCP(context)) { +- sss_sscp_aead_t *sscp_context = (sss_sscp_aead_t *)context; +- return sss_sscp_aead_update(sscp_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_AEAD_TYPE_IS_SE05X(context)) { +- sss_se05x_aead_t *se05x_context = (sss_se05x_aead_t *)context; +- return sss_se05x_aead_update(se05x_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_AEAD_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_aead_t *mbedtls_context = (sss_mbedtls_aead_t *)context; +- return sss_mbedtls_aead_update(mbedtls_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_AEAD_TYPE_IS_OPENSSL(context)) { +- sss_openssl_aead_t *openssl_context = (sss_openssl_aead_t *)context; +- return sss_openssl_aead_update(openssl_context, srcData, srcLen, destData, destLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_aead_finish(sss_aead_t *context, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen, +- uint8_t *tag, +- size_t *tagLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_AEAD_TYPE_IS_SSCP(context)) { +- sss_sscp_aead_t *sscp_context = (sss_sscp_aead_t *)context; +- return sss_sscp_aead_finish(sscp_context, srcData, srcLen, destData, destLen, tag, tagLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_AEAD_TYPE_IS_SE05X(context)) { +- sss_se05x_aead_t *se05x_context = (sss_se05x_aead_t *)context; +- return sss_se05x_aead_finish(se05x_context, srcData, srcLen, destData, destLen, tag, tagLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_AEAD_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_aead_t *mbedtls_context = (sss_mbedtls_aead_t *)context; +- return sss_mbedtls_aead_finish(mbedtls_context, srcData, srcLen, destData, destLen, tag, tagLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_AEAD_TYPE_IS_OPENSSL(context)) { +- sss_openssl_aead_t *openssl_context = (sss_openssl_aead_t *)context; +- return sss_openssl_aead_finish(openssl_context, srcData, srcLen, destData, destLen, tag, tagLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-void sss_aead_context_free(sss_aead_t *context) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_AEAD_TYPE_IS_SSCP(context)) { +- sss_sscp_aead_t *sscp_context = (sss_sscp_aead_t *)context; +- sss_sscp_aead_context_free(sscp_context); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_AEAD_TYPE_IS_SE05X(context)) { +- sss_se05x_aead_t *se05x_context = (sss_se05x_aead_t *)context; +- sss_se05x_aead_context_free(se05x_context); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_AEAD_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_aead_t *mbedtls_context = (sss_mbedtls_aead_t *)context; +- sss_mbedtls_aead_context_free(mbedtls_context); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_AEAD_TYPE_IS_OPENSSL(context)) { +- sss_openssl_aead_t *openssl_context = (sss_openssl_aead_t *)context; +- sss_openssl_aead_context_free(openssl_context); +- } +-#endif /* SSS_HAVE_OPENSSL */ +-} +- +-sss_status_t sss_mac_context_init( +- sss_mac_t *context, sss_session_t *session, sss_object_t *keyObject, sss_algorithm_t algorithm, sss_mode_t mode) +-{ +- LOG_D("FN: %s", __FUNCTION__); +- LOG_D("Input:algorithm %02x", algorithm); +- LOG_D("Input:mode %02x", mode); +-#if SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- sss_sscp_mac_t *sscp_context = (sss_sscp_mac_t *)context; +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- sss_sscp_object_t *sscp_keyObject = (sss_sscp_object_t *)keyObject; +- SSS_ASSERT(sizeof(*sscp_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*sscp_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*sscp_keyObject) <= sizeof(*keyObject)); +- return sss_sscp_mac_context_init(sscp_context, sscp_session, sscp_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- sss_se05x_mac_t *se05x_context = (sss_se05x_mac_t *)context; +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- sss_se05x_object_t *se05x_keyObject = (sss_se05x_object_t *)keyObject; +- SSS_ASSERT(sizeof(*se05x_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*se05x_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*se05x_keyObject) <= sizeof(*keyObject)); +- return sss_se05x_mac_context_init(se05x_context, se05x_session, se05x_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SESSION_TYPE_IS_MBEDTLS(session)) { +- sss_mbedtls_mac_t *mbedtls_context = (sss_mbedtls_mac_t *)context; +- sss_mbedtls_session_t *mbedtls_session = (sss_mbedtls_session_t *)session; +- sss_mbedtls_object_t *mbedtls_keyObject = (sss_mbedtls_object_t *)keyObject; +- SSS_ASSERT(sizeof(*mbedtls_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*mbedtls_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*mbedtls_keyObject) <= sizeof(*keyObject)); +- return sss_mbedtls_mac_context_init(mbedtls_context, mbedtls_session, mbedtls_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SESSION_TYPE_IS_OPENSSL(session)) { +- sss_openssl_mac_t *openssl_context = (sss_openssl_mac_t *)context; +- sss_openssl_session_t *openssl_session = (sss_openssl_session_t *)session; +- sss_openssl_object_t *openssl_keyObject = (sss_openssl_object_t *)keyObject; +- SSS_ASSERT(sizeof(*openssl_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*openssl_session) <= sizeof(*session)); +- SSS_ASSERT(sizeof(*openssl_keyObject) <= sizeof(*keyObject)); +- return sss_openssl_mac_context_init(openssl_context, openssl_session, openssl_keyObject, algorithm, mode); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_mac_one_go(sss_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen) +-{ +- LOG_D("FN: %s", __FUNCTION__); +- LOG_MAU8_D(" Input: message", message, messageLen); +- //LOG_MAU8_D(" Output: mac", context, *macLen); +-#if SSS_HAVE_SSCP +- if (SSS_MAC_TYPE_IS_SSCP(context)) { +- sss_sscp_mac_t *sscp_context = (sss_sscp_mac_t *)context; +- return sss_sscp_mac_one_go(sscp_context, message, messageLen, mac, macLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_MAC_TYPE_IS_SE05X(context)) { +- sss_se05x_mac_t *se05x_context = (sss_se05x_mac_t *)context; +- return sss_se05x_mac_one_go(se05x_context, message, messageLen, mac, macLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_MAC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_mac_t *mbedtls_context = (sss_mbedtls_mac_t *)context; +- return sss_mbedtls_mac_one_go(mbedtls_context, message, messageLen, mac, macLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_MAC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_mac_t *openssl_context = (sss_openssl_mac_t *)context; +- return sss_openssl_mac_one_go(openssl_context, message, messageLen, mac, macLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_mac_init(sss_mac_t *context) +-{ +- LOG_D("FN: %s", __FUNCTION__); +-#if SSS_HAVE_SSCP +- if (SSS_MAC_TYPE_IS_SSCP(context)) { +- sss_sscp_mac_t *sscp_context = (sss_sscp_mac_t *)context; +- SSS_ASSERT(sizeof(*sscp_context) <= sizeof(*context)); +- return sss_sscp_mac_init(sscp_context); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT && SSSFTR_SE05X_AES +- if (SSS_MAC_TYPE_IS_SE05X(context)) { +- sss_se05x_mac_t *se05x_context = (sss_se05x_mac_t *)context; +- SSS_ASSERT(sizeof(*se05x_context) <= sizeof(*context)); +- return sss_se05x_mac_init(se05x_context); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_MAC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_mac_t *mbedtls_context = (sss_mbedtls_mac_t *)context; +- SSS_ASSERT(sizeof(*mbedtls_context) <= sizeof(*context)); +- return sss_mbedtls_mac_init(mbedtls_context); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_MAC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_mac_t *openssl_context = (sss_openssl_mac_t *)context; +- SSS_ASSERT(sizeof(*openssl_context) <= sizeof(*context)); +- return sss_openssl_mac_init(openssl_context); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_mac_update(sss_mac_t *context, const uint8_t *message, size_t messageLen) +-{ +- LOG_D("FN: %s", __FUNCTION__); +- LOG_MAU8_D(" Input: message", message, messageLen); +- +-#if SSS_HAVE_SSCP +- if (SSS_MAC_TYPE_IS_SSCP(context)) { +- sss_sscp_mac_t *sscp_context = (sss_sscp_mac_t *)context; +- return sss_sscp_mac_update(sscp_context, message, messageLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_MAC_TYPE_IS_SE05X(context)) { +- sss_se05x_mac_t *se05x_context = (sss_se05x_mac_t *)context; +- return sss_se05x_mac_update(se05x_context, message, messageLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_MAC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_mac_t *mbedtls_context = (sss_mbedtls_mac_t *)context; +- return sss_mbedtls_mac_update(mbedtls_context, message, messageLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_MAC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_mac_t *openssl_context = (sss_openssl_mac_t *)context; +- return sss_openssl_mac_update(openssl_context, message, messageLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_mac_finish(sss_mac_t *context, uint8_t *mac, size_t *macLen) +-{ +- LOG_D("FN: %s", __FUNCTION__); +-#if SSS_HAVE_SSCP +- if (SSS_MAC_TYPE_IS_SSCP(context)) { +- sss_sscp_mac_t *sscp_context = (sss_sscp_mac_t *)context; +- return sss_sscp_mac_finish(sscp_context, mac, macLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_MAC_TYPE_IS_SE05X(context)) { +- sss_se05x_mac_t *se05x_context = (sss_se05x_mac_t *)context; +- return sss_se05x_mac_finish(se05x_context, mac, macLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_MAC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_mac_t *mbedtls_context = (sss_mbedtls_mac_t *)context; +- return sss_mbedtls_mac_finish(mbedtls_context, mac, macLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_MAC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_mac_t *openssl_context = (sss_openssl_mac_t *)context; +- return sss_openssl_mac_finish(openssl_context, mac, macLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-void sss_mac_context_free(sss_mac_t *context) +-{ +- LOG_D("FN: %s", __FUNCTION__); +-#if SSS_HAVE_SSCP +- if (SSS_MAC_TYPE_IS_SSCP(context)) { +- sss_sscp_mac_t *sscp_context = (sss_sscp_mac_t *)context; +- sss_sscp_mac_context_free(sscp_context); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_MAC_TYPE_IS_SE05X(context)) { +- sss_se05x_mac_t *se05x_context = (sss_se05x_mac_t *)context; +- sss_se05x_mac_context_free(se05x_context); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_MAC_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_mac_t *mbedtls_context = (sss_mbedtls_mac_t *)context; +- sss_mbedtls_mac_context_free(mbedtls_context); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_MAC_TYPE_IS_OPENSSL(context)) { +- sss_openssl_mac_t *openssl_context = (sss_openssl_mac_t *)context; +- sss_openssl_mac_context_free(openssl_context); +- } +-#endif /* SSS_HAVE_OPENSSL */ +-} +- +-sss_status_t sss_digest_context_init( +- sss_digest_t *context, sss_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- sss_sscp_digest_t *sscp_context = (sss_sscp_digest_t *)context; +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- SSS_ASSERT(sizeof(*sscp_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*sscp_session) <= sizeof(*session)); +- return sss_sscp_digest_context_init(sscp_context, sscp_session, algorithm, mode); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- sss_se05x_digest_t *se05x_context = (sss_se05x_digest_t *)context; +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- SSS_ASSERT(sizeof(*se05x_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*se05x_session) <= sizeof(*session)); +- return sss_se05x_digest_context_init(se05x_context, se05x_session, algorithm, mode); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SESSION_TYPE_IS_MBEDTLS(session)) { +- sss_mbedtls_digest_t *mbedtls_context = (sss_mbedtls_digest_t *)context; +- sss_mbedtls_session_t *mbedtls_session = (sss_mbedtls_session_t *)session; +- SSS_ASSERT(sizeof(*mbedtls_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*mbedtls_session) <= sizeof(*session)); +- return sss_mbedtls_digest_context_init(mbedtls_context, mbedtls_session, algorithm, mode); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SESSION_TYPE_IS_OPENSSL(session)) { +- sss_openssl_digest_t *openssl_context = (sss_openssl_digest_t *)context; +- sss_openssl_session_t *openssl_session = (sss_openssl_session_t *)session; +- SSS_ASSERT(sizeof(*openssl_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*openssl_session) <= sizeof(*session)); +- return sss_openssl_digest_context_init(openssl_context, openssl_session, algorithm, mode); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_digest_one_go( +- sss_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_DIGEST_TYPE_IS_SSCP(context)) { +- sss_sscp_digest_t *sscp_context = (sss_sscp_digest_t *)context; +- return sss_sscp_digest_one_go(sscp_context, message, messageLen, digest, digestLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_DIGEST_TYPE_IS_SE05X(context)) { +- sss_se05x_digest_t *se05x_context = (sss_se05x_digest_t *)context; +- return sss_se05x_digest_one_go(se05x_context, message, messageLen, digest, digestLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_DIGEST_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_digest_t *mbedtls_context = (sss_mbedtls_digest_t *)context; +- return sss_mbedtls_digest_one_go(mbedtls_context, message, messageLen, digest, digestLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_DIGEST_TYPE_IS_OPENSSL(context)) { +- sss_openssl_digest_t *openssl_context = (sss_openssl_digest_t *)context; +- return sss_openssl_digest_one_go(openssl_context, message, messageLen, digest, digestLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_digest_init(sss_digest_t *context) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_DIGEST_TYPE_IS_SSCP(context)) { +- sss_sscp_digest_t *sscp_context = (sss_sscp_digest_t *)context; +- SSS_ASSERT(sizeof(*sscp_context) <= sizeof(*context)); +- return sss_sscp_digest_init(sscp_context); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_DIGEST_TYPE_IS_SE05X(context)) { +- sss_se05x_digest_t *se05x_context = (sss_se05x_digest_t *)context; +- SSS_ASSERT(sizeof(*se05x_context) <= sizeof(*context)); +- return sss_se05x_digest_init(se05x_context); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_DIGEST_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_digest_t *mbedtls_context = (sss_mbedtls_digest_t *)context; +- SSS_ASSERT(sizeof(*mbedtls_context) <= sizeof(*context)); +- return sss_mbedtls_digest_init(mbedtls_context); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_DIGEST_TYPE_IS_OPENSSL(context)) { +- sss_openssl_digest_t *openssl_context = (sss_openssl_digest_t *)context; +- SSS_ASSERT(sizeof(*openssl_context) <= sizeof(*context)); +- return sss_openssl_digest_init(openssl_context); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_digest_update(sss_digest_t *context, const uint8_t *message, size_t messageLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_DIGEST_TYPE_IS_SSCP(context)) { +- sss_sscp_digest_t *sscp_context = (sss_sscp_digest_t *)context; +- return sss_sscp_digest_update(sscp_context, message, messageLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_DIGEST_TYPE_IS_SE05X(context)) { +- sss_se05x_digest_t *se05x_context = (sss_se05x_digest_t *)context; +- return sss_se05x_digest_update(se05x_context, message, messageLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_DIGEST_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_digest_t *mbedtls_context = (sss_mbedtls_digest_t *)context; +- return sss_mbedtls_digest_update(mbedtls_context, message, messageLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_DIGEST_TYPE_IS_OPENSSL(context)) { +- sss_openssl_digest_t *openssl_context = (sss_openssl_digest_t *)context; +- return sss_openssl_digest_update(openssl_context, message, messageLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_digest_finish(sss_digest_t *context, uint8_t *digest, size_t *digestLen) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_DIGEST_TYPE_IS_SSCP(context)) { +- sss_sscp_digest_t *sscp_context = (sss_sscp_digest_t *)context; +- return sss_sscp_digest_finish(sscp_context, digest, digestLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_DIGEST_TYPE_IS_SE05X(context)) { +- sss_se05x_digest_t *se05x_context = (sss_se05x_digest_t *)context; +- return sss_se05x_digest_finish(se05x_context, digest, digestLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_DIGEST_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_digest_t *mbedtls_context = (sss_mbedtls_digest_t *)context; +- return sss_mbedtls_digest_finish(mbedtls_context, digest, digestLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_DIGEST_TYPE_IS_OPENSSL(context)) { +- sss_openssl_digest_t *openssl_context = (sss_openssl_digest_t *)context; +- return sss_openssl_digest_finish(openssl_context, digest, digestLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-void sss_digest_context_free(sss_digest_t *context) +-{ +-#if SSS_HAVE_SSCP +- if (SSS_DIGEST_TYPE_IS_SSCP(context)) { +- sss_sscp_digest_t *sscp_context = (sss_sscp_digest_t *)context; +- sss_sscp_digest_context_free(sscp_context); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_DIGEST_TYPE_IS_SE05X(context)) { +- sss_se05x_digest_t *se05x_context = (sss_se05x_digest_t *)context; +- sss_se05x_digest_context_free(se05x_context); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_DIGEST_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_digest_t *mbedtls_context = (sss_mbedtls_digest_t *)context; +- sss_mbedtls_digest_context_free(mbedtls_context); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_DIGEST_TYPE_IS_OPENSSL(context)) { +- sss_openssl_digest_t *openssl_context = (sss_openssl_digest_t *)context; +- sss_openssl_digest_context_free(openssl_context); +- } +-#endif /* SSS_HAVE_OPENSSL */ +-} +- +-sss_status_t sss_rng_context_init(sss_rng_context_t *context, sss_session_t *session) +-{ +- LOG_D("FN: %s", __FUNCTION__); +-#if SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- sss_sscp_rng_context_t *sscp_context = (sss_sscp_rng_context_t *)context; +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- SSS_ASSERT(sizeof(*sscp_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*sscp_session) <= sizeof(*session)); +- return sss_sscp_rng_context_init(sscp_context, sscp_session); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- sss_se05x_rng_context_t *se05x_context = (sss_se05x_rng_context_t *)context; +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- SSS_ASSERT(sizeof(*se05x_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*se05x_session) <= sizeof(*session)); +- return sss_se05x_rng_context_init(se05x_context, se05x_session); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_SESSION_TYPE_IS_MBEDTLS(session)) { +- sss_mbedtls_rng_context_t *mbedtls_context = (sss_mbedtls_rng_context_t *)context; +- sss_mbedtls_session_t *mbedtls_session = (sss_mbedtls_session_t *)session; +- SSS_ASSERT(sizeof(*mbedtls_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*mbedtls_session) <= sizeof(*session)); +- return sss_mbedtls_rng_context_init(mbedtls_context, mbedtls_session); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_SESSION_TYPE_IS_OPENSSL(session)) { +- sss_openssl_rng_context_t *openssl_context = (sss_openssl_rng_context_t *)context; +- sss_openssl_session_t *openssl_session = (sss_openssl_session_t *)session; +- SSS_ASSERT(sizeof(*openssl_context) <= sizeof(*context)); +- SSS_ASSERT(sizeof(*openssl_session) <= sizeof(*session)); +- return sss_openssl_rng_context_init(openssl_context, openssl_session); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_rng_get_random(sss_rng_context_t *context, uint8_t *random_data, size_t dataLen) +-{ +- LOG_D("FN: %s", __FUNCTION__); +-#if SSS_HAVE_SSCP +- if (SSS_RNG_CONTEXT_TYPE_IS_SSCP(context)) { +- sss_sscp_rng_context_t *sscp_context = (sss_sscp_rng_context_t *)context; +- return sss_sscp_rng_get_random(sscp_context, random_data, dataLen); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_RNG_CONTEXT_TYPE_IS_SE05X(context)) { +- sss_se05x_rng_context_t *se05x_context = (sss_se05x_rng_context_t *)context; +- return sss_se05x_rng_get_random(se05x_context, random_data, dataLen); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_RNG_CONTEXT_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_rng_context_t *mbedtls_context = (sss_mbedtls_rng_context_t *)context; +- return sss_mbedtls_rng_get_random(mbedtls_context, random_data, dataLen); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_RNG_CONTEXT_TYPE_IS_OPENSSL(context)) { +- sss_openssl_rng_context_t *openssl_context = (sss_openssl_rng_context_t *)context; +- return sss_openssl_rng_get_random(openssl_context, random_data, dataLen); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_rng_context_free(sss_rng_context_t *context) +-{ +- LOG_D("FN: %s", __FUNCTION__); +-#if SSS_HAVE_SSCP +- if (SSS_RNG_CONTEXT_TYPE_IS_SSCP(context)) { +- sss_sscp_rng_context_t *sscp_context = (sss_sscp_rng_context_t *)context; +- return sss_sscp_rng_context_free(sscp_context); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_RNG_CONTEXT_TYPE_IS_SE05X(context)) { +- sss_se05x_rng_context_t *se05x_context = (sss_se05x_rng_context_t *)context; +- return sss_se05x_rng_context_free(se05x_context); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- if (SSS_RNG_CONTEXT_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_rng_context_t *mbedtls_context = (sss_mbedtls_rng_context_t *)context; +- return sss_mbedtls_rng_context_free(mbedtls_context); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- if (SSS_RNG_CONTEXT_TYPE_IS_OPENSSL(context)) { +- sss_openssl_rng_context_t *openssl_context = (sss_openssl_rng_context_t *)context; +- return sss_openssl_rng_context_free(openssl_context); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_tunnel_context_init(sss_tunnel_t *context, sss_session_t *session) +-{ +-#if 0 && SSS_HAVE_SSCP +- if (SSS_SESSION_TYPE_IS_SSCP(session)) { +- sss_sscp_tunnel_t *sscp_context = (sss_sscp_tunnel_t *)context; +- sss_sscp_session_t *sscp_session = (sss_sscp_session_t *)session; +- return sss_sscp_tunnel_context_init(sscp_context, sscp_session); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_SESSION_TYPE_IS_SE05X(session)) { +- sss_se05x_tunnel_context_t *se05x_context = (sss_se05x_tunnel_context_t *)context; +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)session; +- return sss_se05x_tunnel_context_init(se05x_context, se05x_session); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- /* NA */ +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- /* NA */ +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-sss_status_t sss_tunnel(sss_tunnel_t *context, +- uint8_t *data, +- size_t dataLen, +- sss_object_t *keyObjects, +- uint32_t keyObjectCount, +- uint32_t tunnelType) +-{ +-#if 0 && SSS_HAVE_SSCP +- if (SSS_TUNNEL_TYPE_IS_SSCP(context)) { +- sss_sscp_tunnel_t *sscp_context = (sss_sscp_tunnel_t *)context; +- sss_sscp_object_t *sscp_keyObjects = (sss_sscp_object_t *)keyObjects; +- return sss_sscp_tunnel(sscp_context, +- data, +- dataLen, +- sscp_keyObjects, +- keyObjectCount, +- tunnelType); +- } +-#endif /* SSS_HAVE_SSCP */ +-#if 0 && SSS_HAVE_APPLET_SE05X_IOT +- if (SSS_TUNNEL_TYPE_IS_SE05X(context)) { +- sss_se05x_tunnel_context_t *se05x_context = (sss_se05x_tunnel_context_t *)context; +- sss_se05x_object_t *se05x_keyObjects = (sss_se05x_object_t *)keyObjects; +- return sss_se05x_tunnel(se05x_context, +- data, +- dataLen, +- se05x_keyObjects, +- keyObjectCount, +- tunnelType); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if 0 && SSS_HAVE_MBEDTLS +- if (SSS_TUNNEL_TYPE_IS_MBEDTLS(context)) { +- sss_mbedtls_tunnel_t *mbedtls_context = (sss_mbedtls_tunnel_t *)context; +- sss_mbedtls_object_t *mbedtls_keyObjects = +- (sss_mbedtls_object_t *)keyObjects; +- return sss_mbedtls_tunnel(mbedtls_context, +- data, +- dataLen, +- mbedtls_keyObjects, +- keyObjectCount, +- tunnelType); +- } +-#endif /* SSS_HAVE_MBEDTLS */ +-#if 0 && SSS_HAVE_OPENSSL +- if (SSS_TUNNEL_TYPE_IS_OPENSSL(context)) { +- sss_openssl_tunnel_t *openssl_context = (sss_openssl_tunnel_t *)context; +- sss_openssl_object_t *openssl_keyObjects = +- (sss_openssl_object_t *)keyObjects; +- return sss_openssl_tunnel(openssl_context, +- data, +- dataLen, +- openssl_keyObjects, +- keyObjectCount, +- tunnelType); +- } +-#endif /* SSS_HAVE_OPENSSL */ +- return kStatus_SSS_InvalidArgument; +-} +- +-void sss_tunnel_context_free(sss_tunnel_t *context) +-{ +-#if SSS_HAVE_SSCP +- /* NA */ +-#endif /* SSS_HAVE_SSCP */ +-#if SSS_HAVE_APPLET_SE05X_IOT +- if (/*SSS_TUNNEL_TYPE_IS_SE05X*/ (context)) { +- sss_se05x_tunnel_context_t *se05x_context = (sss_se05x_tunnel_context_t *)context; +- sss_se05x_tunnel_context_free(se05x_context); +- } +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +-#if SSS_HAVE_MBEDTLS +- /* NA */ +-#endif /* SSS_HAVE_MBEDTLS */ +-#if SSS_HAVE_OPENSSL +- /* NA */ +-#endif /* SSS_HAVE_OPENSSL */ +-} +- +-#define CASE_X_RETRUN_STR_kStatus_SSS(SUFFIX) \ +- case kStatus_SSS_##SUFFIX: \ +- return "kStatus_SSS_" #SUFFIX +- +-const char *sss_status_sz(sss_status_t status) +-{ +- switch (status) { +- CASE_X_RETRUN_STR_kStatus_SSS(Success); +- CASE_X_RETRUN_STR_kStatus_SSS(Fail); +- CASE_X_RETRUN_STR_kStatus_SSS(InvalidArgument); +- CASE_X_RETRUN_STR_kStatus_SSS(ResourceBusy); +- default: +- LOG_W("sss_status_sz status=0x%X Unknown", status); +- return "Unknown sss_status_t"; +- } +-} +- +-#define CASE_X_RETRUN_STR_kSSS_CipherType(SUFFIX) \ +- case kSSS_CipherType_##SUFFIX: \ +- return "kSSS_CipherType_" #SUFFIX +- +-const char *sss_cipher_type_sz(sss_cipher_type_t cipher_type) +-{ +- switch (cipher_type) { +- CASE_X_RETRUN_STR_kSSS_CipherType(AES); +- CASE_X_RETRUN_STR_kSSS_CipherType(DES); +- CASE_X_RETRUN_STR_kSSS_CipherType(CMAC); +- CASE_X_RETRUN_STR_kSSS_CipherType(HMAC); +- CASE_X_RETRUN_STR_kSSS_CipherType(MAC); +- CASE_X_RETRUN_STR_kSSS_CipherType(RSA); +- CASE_X_RETRUN_STR_kSSS_CipherType(RSA_CRT); +- CASE_X_RETRUN_STR_kSSS_CipherType(EC_NIST_P); +- CASE_X_RETRUN_STR_kSSS_CipherType(EC_NIST_K); +- CASE_X_RETRUN_STR_kSSS_CipherType(EC_MONTGOMERY); +- CASE_X_RETRUN_STR_kSSS_CipherType(EC_TWISTED_ED); +- CASE_X_RETRUN_STR_kSSS_CipherType(EC_BRAINPOOL); +- CASE_X_RETRUN_STR_kSSS_CipherType(EC_BARRETO_NAEHRIG); +- CASE_X_RETRUN_STR_kSSS_CipherType(UserID); +- CASE_X_RETRUN_STR_kSSS_CipherType(Certificate); +- CASE_X_RETRUN_STR_kSSS_CipherType(Binary); +- CASE_X_RETRUN_STR_kSSS_CipherType(Count); +- CASE_X_RETRUN_STR_kSSS_CipherType(PCR); +- CASE_X_RETRUN_STR_kSSS_CipherType(ReservedPin); +- default: +- LOG_W("sss_cipher_type_sz status=0x%X Unknown", cipher_type); +- return "Unknown sss_cipher_type_t"; +- } +-} +- +-#endif /* SSS_HAVE_SSS > 1 */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/fsl_sss_util_asn1_der.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/fsl_sss_util_asn1_der.c +deleted file mode 100644 +index 5c513d8551..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/fsl_sss_util_asn1_der.c ++++ /dev/null +@@ -1,1751 +0,0 @@ +-/* +-* +-* Copyright 2018-2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-#include +-#include +-#include +-#include +-#include +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-#include +-#endif +- +-#if SSS_HAVE_MBEDTLS +-#include +-#endif +- +-#if SSS_HAVE_OPENSSL +-#include +-#include +-#include +-#include +-#include +-#endif +- +-#define IS_VALID_TAG(x) \ +- (x == ASN_TAG_SEQUENCE || x == ASN_TAG_OBJ_IDF || x == ASN_TAG_BITSTRING || x == ASN_TAG_INT || \ +- x == ASN_TAG_OCTETSTRING || x == ASN_TAG_CNT_SPECIFIC || x == ASN_TAG_CRL_EXTENSIONS) ? \ +- 1 : \ +- 0 +- +-#define IS_VALID_RFC8410_TAG(x) \ +- (x == ASN_TAG_SEQUENCE || x == ASN_TAG_OBJ_IDF || x == ASN_TAG_BITSTRING || x == ASN_TAG_INT || \ +- x == ASN_TAG_OCTETSTRING || x == ASN_TAG_CNT_SPECIFIC || x == ASN_TAG_CRL_EXTENSIONS || \ +- x == (ASN_TAG_CNT_SPECIFIC_PRIMITIVE | 0x01)) ? \ +- 1 : \ +- 0 +- +-/* clang-format off */ +- +-/* RSA Header */ +-const uint8_t grsa512PubHeader[] = { +- 0x30, 0x5C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, \ +- 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, \ +- 0x00, 0x03, 0x4B, 0x00, 0x30, 0x48, 0x02 }; +- +-const uint8_t grsa1kPubHeader[] = { +- 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, \ +- 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, \ +- 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, \ +- 0x89, 0x02 }; +- +-const uint8_t grsa1152PubHeader[] = { +- 0x30, 0x81, 0xAF, 0x30, 0x0D, 0x06, 0x09, 0x2A, \ +- 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, \ +- 0x05, 0x00, 0x03, 0x81, 0x9D, 0x00, 0x30, 0x81, \ +- 0x99, 0x02 }; +- +-const uint8_t grsa2kPubHeader[] = { +- 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, \ +- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, \ +- 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, \ +- 0x30, 0x82, 0x01, 0x0A, 0x02 }; +- +-const uint8_t grsa3kPubHeader[] = { +- 0x30, 0x82, 0x01, 0xA2, 0x30, 0x0D, 0x06, 0x09, \ +- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, \ +- 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x8F, 0x00, \ +- 0x30, 0x82, 0x01, 0x8A, 0x02 }; +- +-const uint8_t grsa4kPubHeader[] = { +- 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, 0x06, 0x09, \ +- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, \ +- 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00, \ +- 0x30, 0x82, 0x02, 0x0A, 0x02 }; +- +-/* ECC Header */ +-const uint8_t gecc_der_header_nist192[] = { +- 0x30, 0x49, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, +- 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, +- 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01, 0x03, +- 0x32, 0x00, }; +- +-const uint8_t gecc_der_header_nist224[] = { +- 0x30, 0x4E, 0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, +- 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x05, 0x2B, +- 0x81, 0x04, 0x00, 0x21, 0x03, 0x3A, 0x00, }; +- +-const uint8_t gecc_der_header_nist256[] = { +- 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, +- 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, +- 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, +- 0x42, 0x00 }; +- +-const uint8_t gecc_der_header_nist384[] = { +- 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, +- 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x05, 0x2B, +- 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, }; +- +-const uint8_t gecc_der_header_nist521[] = { +- 0x30, 0x81, 0x9B, 0x30, 0x10, 0x06, 0x07, 0x2A, +- 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x05, +- 0x2B, 0x81, 0x04, 0x00, 0x23, 0x03, 0x81, 0x86, +- 0x00, }; +- +-const uint8_t gecc_der_header_160k[] = { +- 0x30, 0x3e, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, +- 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, +- 0x81, 0x04, 0x00, 0x09, 0x03, 0x2a, 0x00, }; +- +-const uint8_t gecc_der_header_192k[] = { +- 0x30, 0x46, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, +- 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, +- 0x81, 0x04, 0x00, 0x1f, 0x03, 0x32, 0x00, }; +- +-const uint8_t gecc_der_header_224k[] = { +- 0x30, 0x4e, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, +- 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, +- 0x81, 0x04, 0x00, 0x20, 0x03, 0x3a, 0x00, }; +- +-const uint8_t gecc_der_header_256k[] = { +- 0x30, 0x56, 0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, +- 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x05, 0x2B, +- 0x81, 0x04, 0x00, 0x0A, 0x03, 0x42, 0x00 }; +- +-const uint8_t gecc_der_header_bp160[] = { +- 0x30, 0x42, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, +- 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, +- 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01, +- 0x03, 0x2a, 0x00, }; +- +-const uint8_t gecc_der_header_bp192[] = { +- 0x30, 0x4a, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, +- 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, +- 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03, +- 0x03, 0x32, 0x00, }; +- +-const uint8_t gecc_der_header_bp224[] = { +- 0x30, 0x52, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, +- 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, +- 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05, +- 0x03, 0x3a, 0x00, }; +- +-const uint8_t gecc_der_header_bp256[] = { +- 0x30, 0x5a, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, +- 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, +- 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07, +- 0x03, 0x42, 0x00, }; +- +-const uint8_t gecc_der_header_bp320[] = { +- 0x30, 0x6a, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, +- 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, +- 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09, +- 0x03, 0x52, 0x00, +-}; +- +-const uint8_t gecc_der_header_bp384[] = { +- 0x30, 0x7A, 0x30, 0x14, 0x06, 0x07, 0x2A, 0x86, \ +- 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x09, 0x2B, \ +- 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B, \ +- 0x03, 0x62, 0x00, }; +- +-const uint8_t gecc_der_header_bp512[] = { +- 0x30, 0x81, 0x9B, 0x30, 0x14, 0x06, 0x07, 0x2A, +- 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x09, +- 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, +- 0x0D, 0x03, 0x81, 0x82, 0x00, }; +- +-const uint8_t gecc_der_header_mont_dh_448[] = { +- 0x30, 0x42, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, +- 0x6f, 0x03, 0x39, 0x00, }; +- +-const uint8_t gecc_der_header_mont_dh_25519[] = { +- 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, +- 0x6e, 0x03, 0x21, 0x00, }; +- +-const uint8_t gecc_der_header_twisted_ed_25519[] = { +- 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, +- 0x70, 0x03, 0x21, 0x00, }; +- +-/* clang-format on */ +- +-size_t const der_ecc_nistp192_header_len = sizeof(gecc_der_header_nist192); +-size_t const der_ecc_nistp224_header_len = sizeof(gecc_der_header_nist224); +-size_t const der_ecc_nistp256_header_len = sizeof(gecc_der_header_nist256); +-size_t const der_ecc_nistp384_header_len = sizeof(gecc_der_header_nist384); +-size_t const der_ecc_nistp521_header_len = sizeof(gecc_der_header_nist521); +-size_t const der_ecc_160k_header_len = sizeof(gecc_der_header_160k); +-size_t const der_ecc_192k_header_len = sizeof(gecc_der_header_192k); +-size_t const der_ecc_224k_header_len = sizeof(gecc_der_header_224k); +-size_t const der_ecc_256k_header_len = sizeof(gecc_der_header_256k); +-size_t const der_ecc_bp160_header_len = sizeof(gecc_der_header_bp160); +-size_t const der_ecc_bp192_header_len = sizeof(gecc_der_header_bp192); +-size_t const der_ecc_bp224_header_len = sizeof(gecc_der_header_bp224); +-size_t const der_ecc_bp256_header_len = sizeof(gecc_der_header_bp256); +-size_t const der_ecc_bp320_header_len = sizeof(gecc_der_header_bp320); +-size_t const der_ecc_bp384_header_len = sizeof(gecc_der_header_bp384); +-size_t const der_ecc_bp512_header_len = sizeof(gecc_der_header_bp512); +-size_t const der_ecc_mont_dh_448_header_len = sizeof(gecc_der_header_mont_dh_448); +-size_t const der_ecc_mont_dh_25519_header_len = sizeof(gecc_der_header_mont_dh_25519); +-size_t const der_ecc_twisted_ed_25519_header_len = sizeof(gecc_der_header_twisted_ed_25519); +- +-static int check_tag(int tag); +- +-/* ************************************************************************** */ +-/* Functions : ASN.1 Functions */ +-/* ************************************************************************** */ +- +-sss_status_t sss_util_asn1_rsa_parse_private(const uint8_t *key, +- size_t keylen, +- sss_cipher_type_t cipher_type, +- uint8_t **modulus, +- size_t *modlen, +- uint8_t **pubExp, +- size_t *pubExplen, +- uint8_t **priExp, +- size_t *priExplen, +- uint8_t **prime1, +- size_t *prime1len, +- uint8_t **prime2, +- size_t *prime2len, +- uint8_t **exponent1, +- size_t *exponent1len, +- uint8_t **exponent2, +- size_t *exponent2len, +- uint8_t **coefficient, +- size_t *coefficientlen) +-{ +- uint8_t *pBuf = (uint8_t *)key; +- size_t taglen = 0; +- size_t bufIndex = 0; +- uint8_t tag; +- int ret; +- sss_status_t status = kStatus_SSS_Fail; +- /* Parse ASN.1 Sequence */ +- /* Example: +- 0x30, 0x82, 0x02, 0x77, ;SEQUENCE +- 0x02, 0x01, ;INTEGER +- 0x00, ;Algorithm version +- 0x30, 0x0D, ;Sequence +- 0x06, 0x09, ;ObjectIdentifier +- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, +- 0x01, +- 0x05, 0x00, ;Null +- 0x04, 0x82, 0x02, 0x61, ;OctetString +- 0x30, 0x82, 0x02, 0x5D, ;Sequence +- 0x02, 0x01, 0x00, ;Integer +- 0x02, 0x81, 0x81, ;Integer - Modulus +- */ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- if (taglen != (keylen - bufIndex)) { +- LOG_E("Invlaid Key"); +- goto exit; +- } +- /* No need of algorithem Version */ +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == ASN_TAG_INT) { +- bufIndex += 3; +- } +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- tag = pBuf[bufIndex]; +- while (tag != ASN_TAG_INT) { +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); /* Private Key Header Nested TLV */ +- if (ret != 0) +- goto exit; +- if (tag == ASN_TAG_SEQUENCE && pBuf[bufIndex] != ASN_TAG_INT) +- bufIndex += taglen; +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- tag = pBuf[bufIndex]; +- } +- +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == ASN_TAG_INT && pBuf[bufIndex + 1] == 1) { +- bufIndex += 3; +- } +- /* Get the Modulus*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- if (modlen != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *modlen = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *modlen = taglen; +- ENSURE_OR_GO_EXIT(modulus != NULL); +- *modulus = SSS_MALLOC(*modlen); +- if ((*modulus != NULL) && ((*modlen) > 0)) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*modulus, pBuf + bufIndex, *modlen); +- bufIndex += *modlen; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get Public Exponent */ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- if (pubExplen != NULL) { +- *pubExplen = taglen; +- ENSURE_OR_GO_EXIT(pubExp != NULL); +- *pubExp = SSS_MALLOC(*pubExplen); +- if ((*pubExp != NULL) && ((*pubExplen) > 0)) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*pubExp, pBuf + bufIndex, *pubExplen); +- bufIndex += *pubExplen; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get Private Exponent*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- if (priExplen != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *priExplen = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *priExplen = taglen; +- ENSURE_OR_GO_EXIT(priExp != NULL); +- *priExp = SSS_MALLOC(*priExplen); +- if ((*priExp != NULL) && ((*priExplen) > 0)) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*priExp, pBuf + bufIndex, *priExplen); +- bufIndex += *priExplen; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get First prime (p)*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- if (prime1len != NULL) { +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *prime1len = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *prime1len = taglen; +- ENSURE_OR_GO_EXIT(prime1 != NULL); +- *prime1 = SSS_MALLOC(*prime1len); +- if ((*prime1 != NULL) && ((*prime1len) > 0)) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*prime1, pBuf + bufIndex, *prime1len); +- bufIndex += *prime1len; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get Second prime (q)*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- if (prime2len != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *prime2len = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *prime2len = taglen; +- ENSURE_OR_GO_EXIT(prime2 != NULL); +- *prime2 = SSS_MALLOC(*prime2len); +- if (*prime2 == NULL) { +- LOG_E("malloc failed"); +- goto exit; +- } +- if (*prime2len > 0) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*prime2, pBuf + bufIndex, *prime2len); +- bufIndex += *prime2len; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get First exponent (dP)*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- if (exponent1len != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *exponent1len = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *exponent1len = taglen; +- ENSURE_OR_GO_EXIT(exponent1 != NULL); +- *exponent1 = SSS_MALLOC(*exponent1len); +- if ((*exponent1 != NULL) && ((*exponent1len) > 0)) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*exponent1, pBuf + bufIndex, *exponent1len); +- bufIndex += *exponent1len; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get Second exponent (dQ)*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- if (exponent2len != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *exponent2len = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *exponent2len = taglen; +- ENSURE_OR_GO_EXIT(exponent2 != NULL); +- *exponent2 = SSS_MALLOC(*exponent2len); +- if (*exponent2 == NULL) { +- LOG_E("malloc failed"); +- goto exit; +- } +- if (*exponent2len > 0) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*exponent2, pBuf + bufIndex, *exponent2len); +- bufIndex += *exponent2len; +- } +- else { +- LOG_E("exponent2len improper"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get Coefficient (qinv)*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- if (coefficientlen != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *coefficientlen = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *coefficientlen = taglen; +- ENSURE_OR_GO_EXIT(coefficient != NULL); +- *coefficient = SSS_MALLOC(*coefficientlen); +- if ((*coefficient != NULL) && ((*coefficientlen) > 0)) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*coefficient, pBuf + bufIndex, *coefficientlen); +- bufIndex += *coefficientlen; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- status = kStatus_SSS_Success; +-exit: +- return status; +-} +- +-sss_status_t sss_util_asn1_rsa_parse_private_allow_invalid_key(const uint8_t *key, +- size_t keylen, +- sss_cipher_type_t cipher_type, +- uint8_t **modulus, +- size_t *modlen, +- uint8_t **pubExp, +- size_t *pubExplen, +- uint8_t **priExp, +- size_t *priExplen, +- uint8_t **prime1, +- size_t *prime1len, +- uint8_t **prime2, +- size_t *prime2len, +- uint8_t **exponent1, +- size_t *exponent1len, +- uint8_t **exponent2, +- size_t *exponent2len, +- uint8_t **coefficient, +- size_t *coefficientlen) +-{ +- uint8_t *pBuf = (uint8_t *)key; +- size_t taglen = 0; +- size_t bufIndex = 0; +- uint8_t tag; +- int ret; +- sss_status_t status = kStatus_SSS_Fail; +- /* Parse ASN.1 Sequence */ +- /* Example: +- 0x30, 0x82, 0x02, 0x77, ;SEQUENCE +- 0x02, 0x01, ;INTEGER +- 0x00, ;Algorithm version +- 0x30, 0x0D, ;Sequence +- 0x06, 0x09, ;ObjectIdentifier +- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, +- 0x01, +- 0x05, 0x00, ;Null +- 0x04, 0x82, 0x02, 0x61, ;OctetString +- 0x30, 0x82, 0x02, 0x5D, ;Sequence +- 0x02, 0x01, 0x00, ;Integer +- 0x02, 0x81, 0x81, ;Integer - Modulus +- */ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- ENSURE_OR_GO_EXIT(0 == ret); +- +- // if (taglen != (keylen - bufIndex)) { +- // LOG_E("Invlaid Key"); +- // goto exit; +- // } +- /* No need of algorithem Version */ +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == ASN_TAG_INT) { +- bufIndex += 3; +- } +- +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- tag = pBuf[bufIndex]; +- while (tag != ASN_TAG_INT) { +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); /* Private Key Head*/ +- ENSURE_OR_GO_EXIT(0 == ret); +- +- if (tag == ASN_TAG_SEQUENCE && pBuf[bufIndex] != ASN_TAG_INT) +- bufIndex += taglen; +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- tag = pBuf[bufIndex]; +- } +- +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == ASN_TAG_INT && pBuf[bufIndex + 1] == 1) { +- bufIndex += 3; +- } +- /* Get the Modulus*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- ENSURE_OR_GO_EXIT(0 == ret); +- +- if (modlen != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *modlen = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *modlen = taglen; +- ENSURE_OR_GO_EXIT(modulus != NULL); +- *modulus = SSS_MALLOC(*modlen); +- if ((*modulus != NULL) && ((*modlen) > 0)) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*modulus, pBuf + bufIndex, *modlen); +- bufIndex += *modlen; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get Public Exponent */ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- ENSURE_OR_GO_EXIT(0 == ret); +- +- if (pubExplen != NULL) { +- *pubExplen = taglen; +- ENSURE_OR_GO_EXIT(pubExp != NULL); +- *pubExp = SSS_MALLOC(*pubExplen); +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if ((*pubExp != NULL) && ((*pubExplen) > 0)) { +- memcpy(*pubExp, pBuf + bufIndex, *pubExplen); +- bufIndex += *pubExplen; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get Private Exponent*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- ENSURE_OR_GO_EXIT(0 == ret); +- +- if (priExplen != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *priExplen = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *priExplen = taglen; +- ENSURE_OR_GO_EXIT(priExp != NULL); +- *priExp = SSS_MALLOC(*priExplen); +- if ((*priExp != NULL) && ((*priExplen) > 0)) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*priExp, pBuf + bufIndex, *priExplen); +- bufIndex += *priExplen; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get First prime (p)*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- ENSURE_OR_GO_EXIT(0 == ret); +- +- if (prime1len != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *prime1len = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *prime1len = taglen; +- ENSURE_OR_GO_EXIT(prime1 != NULL); +- *prime1 = SSS_MALLOC(*prime1len); +- if ((*prime1 != NULL) && ((*prime1len) > 0)) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*prime1, pBuf + bufIndex, *prime1len); +- bufIndex += *prime1len; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get Second prime (q)*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- ENSURE_OR_GO_EXIT(0 == ret); +- +- if (prime2len != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *prime2len = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *prime2len = taglen; +- ENSURE_OR_GO_EXIT(prime2 != NULL); +- *prime2 = SSS_MALLOC(*prime2len); +- if (*prime2 == NULL) { +- LOG_E("malloc failed"); +- goto exit; +- } +- if (*prime2len > 0) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*prime2, pBuf + bufIndex, *prime2len); +- bufIndex += *prime2len; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get First exponent (dP)*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- ENSURE_OR_GO_EXIT(0 == ret); +- +- if (exponent1len != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *exponent1len = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *exponent1len = taglen; +- ENSURE_OR_GO_EXIT(exponent1 != NULL); +- *exponent1 = SSS_MALLOC(*exponent1len); +- if ((*exponent1 != NULL) && ((*exponent1len) > 0)) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*exponent1, pBuf + bufIndex, *exponent1len); +- bufIndex += *exponent1len; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get Second exponent (dQ)*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- ENSURE_OR_GO_EXIT(0 == ret); +- +- if (exponent2len != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *exponent2len = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *exponent2len = taglen; +- ENSURE_OR_GO_EXIT(exponent2 != NULL); +- *exponent2 = SSS_MALLOC(*exponent2len); +- if (*exponent2 == NULL) { +- LOG_E("malloc failed"); +- goto exit; +- } +- if (*exponent2len > 0) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*exponent2, pBuf + bufIndex, *exponent2len); +- bufIndex += *exponent2len; +- } +- else { +- LOG_E("exponent2len improper"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- /* Get Coefficient (qinv)*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- ENSURE_OR_GO_EXIT(0 == ret); +- +- if (coefficientlen != NULL) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *coefficientlen = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *coefficientlen = taglen; +- ENSURE_OR_GO_EXIT(coefficient != NULL); +- *coefficient = SSS_MALLOC(*coefficientlen); +- if ((*coefficient != NULL) && ((*coefficientlen) > 0)) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*coefficient, pBuf + bufIndex, *coefficientlen); +- bufIndex += *coefficientlen; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- } +- else +- bufIndex += taglen; +- +- status = kStatus_SSS_Success; +-exit: +- return status; +-} +- +-sss_status_t sss_util_asn1_rsa_parse_public_nomalloc( +- const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen) +-{ +- uint8_t *pBuf = (uint8_t *)key; +- size_t taglen = 0; +- size_t bufIndex = 0; +- int ret; +- sss_status_t status = kStatus_SSS_Fail; +- size_t temp_modlen = 0, temp_pubExplen = 0; +- +- if ((key == NULL) || (modulus == NULL) || (modlen == NULL) || (pubExp == NULL) || (pubExplen == NULL)) { +- goto exit; +- } +- +- //int tag = (key[1] == 0x82) ? 4 : 3; +- /* Parse Header Information +- Public Key contains 3 Sequences as header */ +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); /* ASN.1 Sequence */ +- if (ret != 0) +- goto exit; +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); /* Public Header Nested TLV */ +- if (ret != 0) +- goto exit; +- bufIndex += taglen; +- +- /* Bit-String + NULL Byte */ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- bufIndex++; +- +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); /* Sequence of interger*/ +- if (ret != 0) +- goto exit; +- /* Get the Modulus*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- temp_modlen = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- temp_modlen = taglen; +- +- if (*modlen < temp_modlen) { +- LOG_E("modulus overflow"); +- goto exit; +- } +- +- *modlen = temp_modlen; +- if ((*modlen) > 0) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(modulus, pBuf + bufIndex, *modlen); +- bufIndex += *modlen; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- +- /* Get Public Exponent */ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- temp_pubExplen = taglen; +- if (*pubExplen < temp_pubExplen) { +- LOG_E("pubExp overflow"); +- goto exit; +- } +- *pubExplen = temp_pubExplen; +- if (*pubExplen > 0) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(pubExp, pBuf + bufIndex, *pubExplen); +- bufIndex += *pubExplen; +- status = kStatus_SSS_Success; +- } +-exit: +- return status; +-} +- +-sss_status_t sss_util_asn1_rsa_parse_public_nomalloc_complete_modulus( +- const uint8_t *key, size_t keylen, uint8_t *modulus, size_t *modlen, uint8_t *pubExp, size_t *pubExplen) +-{ +- uint8_t *pBuf = (uint8_t *)key; +- size_t taglen = 0; +- size_t bufIndex = 0; +- int ret; +- sss_status_t status = kStatus_SSS_Fail; +- size_t temp_modlen = 0, temp_pubExplen = 0; +- +- if ((key == NULL) || (modulus == NULL) || (modlen == NULL) || (pubExp == NULL) || (pubExplen == NULL)) { +- goto exit; +- } +- +- //int tag = (key[1] == 0x82) ? 4 : 3; +- /* Parse Header Information +- Public Key contains 3 Sequences as header */ +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); /* ASN.1 Sequence */ +- if (ret != 0) +- goto exit; +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); /* Public Header Nested TLV */ +- if (ret != 0) +- goto exit; +- bufIndex += taglen; +- +- /* Bit-String + NULL Byte */ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- bufIndex++; +- +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); /* Sequence of interger*/ +- if (ret != 0) +- goto exit; +- /* Get the Modulus*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- temp_modlen = taglen; +- +- if (*modlen < temp_modlen) { +- LOG_E("modulus overflow"); +- goto exit; +- } +- +- *modlen = temp_modlen; +- if ((*modlen) > 0) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(modulus, pBuf + bufIndex, *modlen); +- bufIndex += *modlen; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- +- /* Get Public Exponent */ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- temp_pubExplen = taglen; +- if (*pubExplen < temp_pubExplen) { +- LOG_E("pubExp overflow"); +- goto exit; +- } +- *pubExplen = temp_pubExplen; +- if (*pubExplen > 0) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(pubExp, pBuf + bufIndex, *pubExplen); +- bufIndex += *pubExplen; +- status = kStatus_SSS_Success; +- } +-exit: +- return status; +-} +- +-sss_status_t sss_util_asn1_rsa_parse_public( +- const uint8_t *key, size_t keylen, uint8_t **modulus, size_t *modlen, uint8_t **pubExp, size_t *pubExplen) +-{ +- uint8_t *pBuf = (uint8_t *)key; +- size_t taglen = 0; +- size_t bufIndex = 0; +- int ret; +- sss_status_t status = kStatus_SSS_Fail; +- //int tag = (key[1] == 0x82) ? 4 : 3; +- /* Parse Header Information +- Public Key contains 3 Sequences as header */ +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); /* ASN.1 Sequence */ +- if (ret != 0) +- goto exit; +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); /* Public Header Nested TLV */ +- if (ret != 0) +- goto exit; +- bufIndex += taglen; +- +- /* Bit-String + NULL Byte */ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- bufIndex++; +- +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); /* Sequence of interger*/ +- if (ret != 0) +- goto exit; +- /* Get the Modulus*/ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- if (ret != 0) +- goto exit; +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- if (pBuf[bufIndex] == 0x00) { +- if (taglen) { +- *modlen = taglen - 1; /*Exclude Starting Null*/ +- bufIndex++; +- } +- else { +- goto exit; +- } +- } +- else +- *modlen = taglen; +- *modulus = SSS_MALLOC(*modlen); +- if ((*modulus != NULL) && ((*modlen) > 0)) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*modulus, pBuf + bufIndex, *modlen); +- bufIndex += *modlen; +- } +- else { +- LOG_E("Either malloc failed or improper length"); +- goto exit; +- } +- +- /* Get Public Exponent */ +- ret = asn_1_parse_tlv(pBuf, &taglen, &bufIndex); +- *pubExplen = taglen; +- *pubExp = SSS_MALLOC(*pubExplen); +- if (*pubExp == NULL) { +- LOG_E("malloc failed"); +- goto exit; +- } +- if (*pubExplen > 0) { +- ENSURE_OR_GO_EXIT(bufIndex < keylen); +- memcpy(*pubExp, pBuf + bufIndex, *pubExplen); +- bufIndex += *pubExplen; +- status = kStatus_SSS_Success; +- } +-exit: +- return status; +-} +- +-sss_status_t sss_util_asn1_rsa_get_public( +- uint8_t *key, size_t *keylen, uint8_t *modulus, size_t modlen, uint8_t *pubExp, size_t pubExplen) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- size_t pbkeylen = modlen + pubExplen + sizeof(grsa1kPubHeader) + 3 + 3; +- size_t index = 0; +- size_t intModLEn = modlen + 1; // RSA Key has null byte before moduls start +- +- ENSURE_OR_GO_EXIT(key != NULL); +- ENSURE_OR_GO_EXIT(keylen != NULL); +- ENSURE_OR_GO_EXIT(modulus != NULL); +- ENSURE_OR_GO_EXIT(pubExp != NULL); +- +- if (*keylen < pbkeylen) { +- LOG_E("Buffer not sufficient"); +- goto exit; +- } +- +- /* Copy the Public Header According to key bit len*/ +- if (modlen == 0x40) { +- memcpy(key, grsa512PubHeader, sizeof(grsa512PubHeader)); +- index += sizeof(grsa512PubHeader); +- } +- else if (modlen == 0x80) { +- memcpy(key, grsa1kPubHeader, sizeof(grsa1kPubHeader)); +- index += sizeof(grsa1kPubHeader); +- } +- else if (modlen == 0x90) { +- memcpy(key, grsa1152PubHeader, sizeof(grsa1152PubHeader)); +- index += sizeof(grsa1152PubHeader); +- } +- else if (modlen == 0x100) { +- memcpy(key, grsa2kPubHeader, sizeof(grsa2kPubHeader)); +- index += sizeof(grsa2kPubHeader); +- } +- else if (modlen == 0x180) { +- memcpy(key, grsa3kPubHeader, sizeof(grsa3kPubHeader)); +- index += sizeof(grsa3kPubHeader); +- } +- else if (modlen == 0x200) { +- memcpy(key, grsa4kPubHeader, sizeof(grsa4kPubHeader)); +- index += sizeof(grsa4kPubHeader); +- } +- +- if (intModLEn < 0x7f) +- key[index++] = (uint8_t)intModLEn; +- else if (intModLEn < 0xFF) { +- key[index++] = 0x81; +- key[index++] = (uint8_t)intModLEn; +- } +- else { +- key[index++] = 0x82; +- key[index++] = (uint8_t)(intModLEn >> 8); +- key[index++] = (uint8_t)intModLEn & 0xFF; +- } +- +- key[index++] = 0x00; // Null byte +- memcpy(key + index, modulus, modlen); +- index += modlen; +- +- /*Copy the public Exponent*/ +- key[index++] = 0x02; // tag +- key[index++] = (uint8_t)pubExplen; // length +- memcpy(key + index, pubExp, pubExplen); // value +- index += pubExplen; +- *keylen = index; +- status = kStatus_SSS_Success; +-exit: +- return status; +-} +- +-#if SSS_HAVE_ECDAA +-sss_status_t sss_util_asn1_ecdaa_get_signature( +- uint8_t *signature, size_t *signatureLen, uint8_t *rawSignature, size_t rawSignatureLen) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- size_t signAsn1Len, r_len, s_len; +- +- ENSURE_OR_GO_EXIT(signature != NULL); +- ENSURE_OR_GO_EXIT(signatureLen != NULL); +- ENSURE_OR_GO_EXIT(rawSignature != NULL); +- +- r_len = rawSignatureLen / 2; +- s_len = rawSignatureLen / 2; +- // SEQUENCE (2B) + INTEGER(2B) + INTEGER(2B) +- signAsn1Len = 6 + rawSignatureLen; +- if (*signatureLen < signAsn1Len) { +- LOG_E("ECDAA Signature buffer overflow"); +- goto exit; +- } +- +- /* +- Example: +- 30 44 ; SEQUENCE (68 Bytes) +- 02 20 ; INTEGER (32 Bytes) +- | 3d 46 28 7b 8c 6e 8c 8c 26 1c 1b 88 f2 73 b0 9a +- | 32 a6 cf 28 09 fd 6e 30 d5 a7 9f 26 37 00 8f 54 +- 02 20 ; INTEGER (32 Bytes) +- | 4e 72 23 6e a3 90 a9 a1 7b cf 5f 7a 09 d6 3a b2 +- | 17 6c 92 bb 8e 36 c0 41 98 a2 7b 90 9b 6e 8f 13 +- */ +- *signatureLen = signAsn1Len; +- if (rawSignatureLen == 0x40) { // TPM_ECC_BN_P256 +- signature[0] = 0x30; //SEQUENCE +- signature[1] = (uint8_t)(rawSignatureLen + 4); //INTEGER(2B) + INTEGER(2B) +- signature[2] = 0x02; //INTEGER +- signature[3] = (uint8_t)r_len; //lenght of r +- memcpy(&signature[4], &rawSignature[0], r_len); +- signature[3 + r_len + 1] = 0x02; //INTEGER +- signature[3 + r_len + 2] = (uint8_t)s_len; //lenght of s +- memcpy(&signature[3 + r_len + 3], &rawSignature[r_len], s_len); +- } +- else { +- LOG_E("Invalid ECDAA Signature data"); +- goto exit; +- } +- +- status = kStatus_SSS_Success; +-exit: +- return status; +-} +-#endif +- +-#if 0 +-static uint8_t *asn_1_parse_header(uint8_t *key, size_t keylen) +-{ +- uint8_t *pBuf = key; +- uint16_t taglen = 0; +- sss_status_t status = kStatus_SSS_Fail; +- int tag = (key[1] == 0x82) ? 4 : 3; +- /* Parse Header Information*/ +- pBuf = asn_1_parse_tlv(pBuf, &taglen); +- if (taglen != (keylen - tag)) +- { +- LOG_E("Invlaid Key"); +- return status; +- } +-} +-#endif +- +-int asn_1_parse_tlv(uint8_t *pbuf, size_t *taglen, size_t *bufindex) +-{ +- size_t Len; +- uint8_t *buf = pbuf + *bufindex; +- int tag; +- tag = *buf++; /*Exclude The Tag*/ +- Len = *buf++; +- int ret = 0; +- if (check_tag(tag)) { +- ret = 1; +- goto exit; +- } +- if (Len <= 0x7FU) { +- *taglen = Len; +- *bufindex += 1 + 1; +- goto exit; +- } +- else if (Len == 0x81) { +- *taglen = *buf++; +- *bufindex += 1 + 2; +- goto exit; +- } +- else if (Len == 0x82) { +- *taglen = *buf++; +- *taglen = (*taglen << 8) | (*buf++); +- *bufindex += 1 + 3; +- goto exit; +- } +- ret = 1; +-exit: +- return ret; +-} +- +-static int check_tag(int tag) +-{ +- int ret = 0; +- switch (tag) { +- case ASN_TAG_INT: +- case ASN_TAG_SEQUENCE: +- case ASN_TAG_BITSTRING: +- case ASN_TAG_OBJ_IDF: +- case ASN_TAG_OCTETSTRING: +- break; +- default: +- LOG_E("Wrong Tag parsed -- %d \n", tag); +- ret = 1; +- break; +- } +- return ret; +-} +- +-#ifdef _MSC_VER +-#pragma warning(disable : 4127) +-#endif +- +-sss_status_t sss_util_asn1_get_oid_from_header(uint8_t *input, size_t inLen, uint32_t *output, uint8_t *outLen) +-{ +- size_t i = 0; +- size_t taglen = 0; +- int objectIdCnt = 0; +- int tag = 0; +- uint8_t outBufindex = 0; +- sss_status_t status = kStatus_SSS_Fail; +- +- ENSURE_OR_GO_EXIT(input != NULL); +- ENSURE_OR_GO_EXIT(output != NULL); +- ENSURE_OR_GO_EXIT(outLen != NULL); +- +- for (;;) { +- ENSURE_OR_GO_EXIT(i < inLen); +- tag = input[i++]; +- if (tag == ASN_TAG_SEQUENCE || tag == ASN_TAG_OBJ_IDF) { +- ENSURE_OR_GO_EXIT(i < inLen); +- taglen = input[i++]; +- if (taglen == 0x81) { +- taglen = input[i]; +- i = i + 1; +- } +- else if (taglen == 0x82) { +- ENSURE_OR_GO_EXIT(i < (inLen - 1)); +- taglen = ((input[i] << (0 * 8)) & 0x00FF) + ((input[i + 1] << (1 * 8)) & 0xFF00); +- i = i + 2; +- } +- +- if (taglen > inLen) +- goto exit; +- +- if (tag == ASN_TAG_OBJ_IDF) +- objectIdCnt++; +- +- if (objectIdCnt == 2) { +- if (taglen <= 0) +- goto exit; +- ENSURE_OR_GO_EXIT(i < inLen); +- ENSURE_OR_GO_EXIT(outBufindex < (*outLen)); +- output[outBufindex++] = input[i] / 40; +- output[outBufindex++] = input[i++] % 40; +- taglen--; +- +- while (taglen--) { +- uint32_t cnt = 0; +- uint32_t temp = 0; +- do { +- ENSURE_OR_GO_EXIT(i < inLen); +- temp = temp << (7 * cnt); +- temp = temp | (input[i] & 0x7F); +- cnt++; +- } while (input[i++] > 0x7F); +- +- taglen = taglen - (cnt - 1); +- ENSURE_OR_GO_EXIT(outBufindex < (*outLen)); +- output[outBufindex++] = temp; +- } +- break; +- } +- else { +- if (tag == 0x06) { +- i = i + taglen; +- if (i > inLen) +- goto exit; +- } +- } +- } +- else { +- goto exit; +- } +- } +- +- *outLen = outBufindex; +- status = kStatus_SSS_Success; +-exit: +- return status; +-} +- +-sss_status_t sss_util_asn1_get_oid_from_sssObj(sss_object_t *pkeyObject, uint32_t *output, uint8_t *outLen) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- uint8_t pbKey[256] = {0}; +- size_t pbKeyBitLen = 0; +- size_t pbKeyBytetLen = sizeof(pbKey); +- +- ENSURE_OR_GO_EXIT(pkeyObject != NULL); +- ENSURE_OR_GO_EXIT(output != NULL); +- ENSURE_OR_GO_EXIT(outLen != NULL); +- +- status = sss_key_store_get_key(pkeyObject->keyStore, pkeyObject, pbKey, &pbKeyBytetLen, &pbKeyBitLen); +- +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_util_asn1_get_oid_from_header(pbKey, pbKeyBytetLen, output, outLen); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = kStatus_SSS_Success; +-exit: +- return status; +-} +- +-sss_status_t sss_util_pkcs8_asn1_get_ec_public_key_index( +- const uint8_t *input, size_t inLen, uint16_t *outkeyIndex, size_t *publicKeyLen) +-{ +- size_t i = 0; +- size_t taglen = 0; +- sss_status_t status = kStatus_SSS_Fail; +- uint8_t value_index = 0; +- +- ENSURE_OR_GO_EXIT(input != NULL); +- ENSURE_OR_GO_EXIT(outkeyIndex != NULL); +- ENSURE_OR_GO_EXIT(publicKeyLen != NULL); +- +- for (;;) { +- ENSURE_OR_GO_EXIT(i < inLen); +- int tag = input[i++]; +- if (IS_VALID_TAG(tag)) { +- ENSURE_OR_GO_EXIT(i < inLen); +- taglen = input[i++]; +- if (taglen == 0x81) { +- ENSURE_OR_GO_EXIT(i < inLen); +- taglen = input[i]; +- i = i + 1; +- } +- else if (taglen == 0x82) { +- ENSURE_OR_GO_EXIT(i < (inLen - 1)); +- taglen = ((input[i] << (0 * 8)) & 0x00FF) + ((input[i + 1] << (1 * 8)) & 0xFF00); +- i = i + 2; +- } +- +- if (taglen > inLen) +- goto exit; +- +- value_index = (uint8_t)i; +- +- if (tag == ASN_TAG_SEQUENCE) { +- if (i + taglen != inLen) { +- i = i + taglen; +- } +- +- continue; +- } +- +- if (tag == ASN_TAG_BITSTRING) { +- *outkeyIndex = value_index; +- *publicKeyLen = taglen; +- ENSURE_OR_GO_EXIT(value_index < inLen); +- if (input[value_index] == 0x00 || input[value_index] == 0x01) { +- *outkeyIndex = *outkeyIndex + 1; +- *publicKeyLen = *publicKeyLen - 1; +- } +- break; +- } +- } +- else { +- goto exit; +- } +- } +- +- ENSURE_OR_GO_EXIT((*outkeyIndex) < inLen); +- ENSURE_OR_GO_EXIT(((*outkeyIndex) + (*publicKeyLen)) <= inLen); +- status = kStatus_SSS_Success; +-exit: +- return status; +-} +- +-sss_status_t sss_util_pkcs8_asn1_get_ec_pair_key_index(const uint8_t *input, +- size_t inLen, +- uint16_t *pubkeyIndex, +- size_t *publicKeyLen, +- uint16_t *prvkeyIndex, +- size_t *privateKeyLen) +-{ +- size_t i = 0; +- size_t taglen = 0; +- sss_status_t status = kStatus_SSS_Fail; +- //uint8_t octate_string_start = 0; +- +- ENSURE_OR_GO_EXIT(input != NULL); +- ENSURE_OR_GO_EXIT(pubkeyIndex != NULL); +- ENSURE_OR_GO_EXIT(publicKeyLen != NULL); +- ENSURE_OR_GO_EXIT(prvkeyIndex != NULL); +- ENSURE_OR_GO_EXIT(privateKeyLen != NULL); +- +- for (;;) { +- ENSURE_OR_GO_EXIT(i < inLen); +- int tag = input[i++]; +- if (IS_VALID_TAG(tag)) { +- ENSURE_OR_GO_EXIT(i < inLen); +- taglen = input[i++]; +- if (taglen == 0x81) { +- ENSURE_OR_GO_EXIT(i < inLen); +- taglen = input[i]; +- i = i + 1; +- } +- else if (taglen == 0x82) { +- ENSURE_OR_GO_EXIT(i < (inLen - 1)); +- taglen = input[i] | input[i + 1] << 8; +- i = i + 2; +- } +- +- if (taglen > inLen) +- goto exit; +- +- if (tag == ASN_TAG_OCTETSTRING) { +- if (i + taglen == inLen) { +- continue; +- } +- else { +- *prvkeyIndex = (uint16_t)i; +- *privateKeyLen = taglen; +- } +- } +- +- if (tag == ASN_TAG_BITSTRING) { +- *pubkeyIndex = (uint16_t)i; +- *publicKeyLen = taglen; +- ENSURE_OR_GO_EXIT(i < inLen); +- if (input[i] == 0x00 || input[i] == 0x01) { +- *pubkeyIndex = *pubkeyIndex + 1; +- *publicKeyLen = *publicKeyLen - 1; +- } +- break; +- } +- +- if (i + taglen == inLen) { +- continue; +- } +- else { +- i = i + taglen; +- } +- } +- else { +- goto exit; +- } +- } +- +- ENSURE_OR_GO_EXIT((*pubkeyIndex) < inLen); +- ENSURE_OR_GO_EXIT(((*pubkeyIndex) + (*publicKeyLen)) <= inLen); +- ENSURE_OR_GO_EXIT((*prvkeyIndex) < inLen); +- ENSURE_OR_GO_EXIT(((*prvkeyIndex) + (*privateKeyLen)) <= inLen); +- status = kStatus_SSS_Success; +-exit: +- return status; +-} +- +-sss_status_t sss_util_rfc8410_asn1_get_ec_pair_key_index(const uint8_t *input, +- size_t inLen, +- uint16_t *pubkeyIndex, +- size_t *publicKeyLen, +- uint16_t *prvkeyIndex, +- size_t *privateKeyLen) +-{ +- size_t i = 0; +- size_t taglen = 0; +- sss_status_t status = kStatus_SSS_Fail; +- //uint8_t octate_string_start = 0; +- +- ENSURE_OR_GO_EXIT(input != NULL); +- ENSURE_OR_GO_EXIT(pubkeyIndex != NULL); +- ENSURE_OR_GO_EXIT(publicKeyLen != NULL); +- ENSURE_OR_GO_EXIT(prvkeyIndex != NULL); +- ENSURE_OR_GO_EXIT(privateKeyLen != NULL); +- +- for (;;) { +- ENSURE_OR_GO_EXIT(i < inLen); +- int tag = input[i++]; +- if (IS_VALID_RFC8410_TAG(tag)) { +- ENSURE_OR_GO_EXIT(i < inLen); +- taglen = input[i++]; +- if (taglen == 0x81) { +- ENSURE_OR_GO_EXIT(i < inLen); +- taglen = input[i]; +- i = i + 1; +- } +- else if (taglen == 0x82) { +- ENSURE_OR_GO_EXIT(i < (inLen - 1)); +- taglen = ((input[i] << (0 * 8)) & 0x00FF) + ((input[i + 1] << (1 * 8)) & 0xFF00); +- i = i + 2; +- } +- +- if (taglen > inLen) +- goto exit; +- +- if (tag == ASN_TAG_OCTETSTRING) { +- // With RFC8410, the private key is an Octet String packed inside an Octet String +- // Following code will only work for Lengths upto 127 byte +- ENSURE_OR_GO_EXIT(taglen >= 2); +- ENSURE_OR_GO_EXIT(ASN_TAG_OCTETSTRING == input[i]); +- ENSURE_OR_GO_EXIT(taglen - 2 == (size_t)(input[i + 1])); +- i += 2; +- taglen -= 2; +- *prvkeyIndex = (uint16_t)i; +- *privateKeyLen = taglen; +- } +- +- if (tag == (ASN_TAG_CNT_SPECIFIC_PRIMITIVE | 0x01)) { +- *pubkeyIndex = (uint16_t)i; +- *publicKeyLen = taglen; +- ENSURE_OR_GO_EXIT(i < inLen); +- if (input[i] == 0x00 || input[i] == 0x01) { +- *pubkeyIndex = *pubkeyIndex + 1; +- *publicKeyLen = *publicKeyLen - 1; +- } +- break; +- } +- +- if (i + taglen == inLen) { +- continue; +- } +- else { +- i = i + taglen; +- } +- } +- else { +- goto exit; +- } +- } +- +- ENSURE_OR_GO_EXIT((*pubkeyIndex) < inLen); +- ENSURE_OR_GO_EXIT(((*pubkeyIndex) + (*publicKeyLen)) <= inLen); +- ENSURE_OR_GO_EXIT((*prvkeyIndex) < inLen); +- ENSURE_OR_GO_EXIT(((*prvkeyIndex) + (*privateKeyLen)) <= inLen); +- status = kStatus_SSS_Success; +-exit: +- return status; +-} +- +-sss_status_t sss_util_openssl_read_pkcs12( +- const char *pkcs12_cert, const char *password, uint8_t *private_key, uint8_t *cert) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- +-#if SSS_HAVE_OPENSSL +- int status = 0; +- FILE *pkcs12_cert_file; +- PKCS12 *p12_cert; +- X509 *x509_cert; +- EVP_PKEY *p_key; +- BIO *pem_key_bio = BIO_new(BIO_s_mem()); +- BIO *cert_bio = BIO_new(BIO_s_mem()); +- STACK_OF(X509) *additional_certs = NULL; +- +- ENSURE_OR_GO_EXIT(pkcs12_cert != NULL); +- ENSURE_OR_GO_EXIT(password != NULL); +- ENSURE_OR_GO_EXIT(private_key != NULL); +- ENSURE_OR_GO_EXIT(cert != NULL); +- +- // Open PKCS12 certificate file +- pkcs12_cert_file = fopen(pkcs12_cert, "rb"); +- if (pkcs12_cert_file == NULL) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- p12_cert = d2i_PKCS12_fp(pkcs12_cert_file, NULL); +- fclose(pkcs12_cert_file); +- +- // Parse PKCS12 key and certificates to seperate pem and certificates +- status = PKCS12_parse(p12_cert, password, &p_key, &x509_cert, &additional_certs); +- if (!status) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- PKCS12_free(p12_cert); +- +- // Dump pem key to buffer +- PEM_write_bio_PrivateKey(pem_key_bio, p_key, NULL, NULL, 0, NULL, NULL); +- BIO_read(pem_key_bio, private_key, 10000); +- +- // Dump certificate to buffer +- PEM_write_bio_X509(cert_bio, x509_cert); +- BIO_read(cert_bio, cert, 20000); +- +-exit: +-#endif +- return retval; +-} +- +-sss_status_t sss_util_openssl_write_pkcs12(const char *pkcs12_cert, +- const char *password, +- const char *ref_key, +- long ref_key_length, +- const char *cert, +- long cert_length) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- +-#if SSS_HAVE_OPENSSL +- FILE *pkcs12_file; +- X509 *x509_cert = 0; +- EVP_PKEY *p_key = 0; +- PKCS12 *p12; +- BIO *pem_key_bio = BIO_new(BIO_s_mem()); +- BIO *pem_cert_bio = BIO_new(BIO_s_mem()); +- +- ENSURE_OR_GO_EXIT(pkcs12_cert != NULL); +- ENSURE_OR_GO_EXIT(password != NULL); +- ENSURE_OR_GO_EXIT(ref_key != NULL); +- ENSURE_OR_GO_EXIT(cert != NULL); +- +- // Parse Private key +- BIO_write(pem_key_bio, ref_key, ref_key_length); +- PEM_read_bio_PrivateKey(pem_key_bio, &p_key, NULL, NULL); +- if (p_key == NULL) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- BIO_write(pem_cert_bio, cert, cert_length); +- PEM_read_bio_X509(pem_cert_bio, &x509_cert, NULL, NULL); +- if (x509_cert == NULL) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Generate PKCS12 key and certificate +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- p12 = PKCS12_create((char *)password, +-#else +- p12 = PKCS12_create(password, +-#endif +- NULL, +- p_key, +- x509_cert, +- NULL, +- 0, +- 0, +- PKCS12_DEFAULT_ITER, +- 1, +- NID_key_usage); +- if (p12 == NULL) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- //write into file +- pkcs12_file = fopen(pkcs12_cert, "wb"); +- if (i2d_PKCS12_fp(pkcs12_file, p12) != 1) { +- retval = kStatus_SSS_Fail; +- } +- +- if (pkcs12_file != NULL) { +- fclose(pkcs12_file); +- } +-exit: +-#endif +- +- return retval; +-} +- +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/fsl_sss_util_rsa_sign_utils.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/fsl_sss_util_rsa_sign_utils.c +deleted file mode 100644 +index 15309bd88d..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/fsl_sss_util_rsa_sign_utils.c ++++ /dev/null +@@ -1,553 +0,0 @@ +-/* +-* The RSA public-key cryptosystem +-* +-* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved +-* Copyright 2019,2020 NXP, All Rights Reserved +-* SPDX-License-Identifier: Apache-2.0 +-* +-* Licensed under the Apache License, Version 2.0 (the "License"); you may +-* not use this file except in compliance with the License. +-* You may obtain a copy of the License at +-* +-* http://www.apache.org/licenses/LICENSE-2.0 +-* +-* Unless required by applicable law or agreed to in writing, software +-* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +-* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-* See the License for the specific language governing permissions and +-* limitations under the License. +-* +-* This file is part of mbed TLS (https://tls.mbed.org) +-*/ +- +-/* +-* The following sources were referenced in the design of this implementation +-* of the RSA algorithm: +-* +-* [1] A method for obtaining digital signatures and public-key cryptosystems +-* R Rivest, A Shamir, and L Adleman +-* http://people.csail.mit.edu/rivest/pubs.html#RSA78 +-* +-* [2] Handbook of Applied Cryptography - 1997, Chapter 8 +-* Menezes, van Oorschot and Vanstone +-* +-* [3] Malware Guard Extension: Using SGX to Conceal Cache Attacks +-* Michael Schwarz, Samuel Weiser, Daniel Gruss, Clementine Maurice and +-* Stefan Mangard +-* https://arxiv.org/abs/1702.08719v2 +-* +-*/ +- +-#include +-#include +-#include +-#include +- +-#if SSS_HAVE_APPLET_SE05X_IOT && SSSFTR_RSA +- +-#include "se05x_APDU.h" +- +-uint8_t pkcs1_v15_encode( +- sss_se05x_asymmetric_t *context, const uint8_t *hash, size_t hashlen, uint8_t *out, size_t *outLen) +-{ +- size_t oid_size = 0; +- size_t nb_pad = 0; +- unsigned char *p = out; +- /* clang-format off */ +- char oid1[16] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, }; +- /* clang-format on */ +- size_t outlength = 0; +- uint16_t key_size_bytes = 0; +- smStatus_t ret_val = SM_NOT_OK; +- +- /* Constants */ +- const uint8_t RSA_Sign = 0x01; +- const uint8_t ASN1_sequence = 0x10; +- const uint8_t ASN1_constructed = 0x20; +- const uint8_t ASN1_oid = 0x06; +- const uint8_t ASN1_null = 0x05; +- const uint8_t ASN1_octat_string = 0x04; +- +- ret_val = Se05x_API_ReadSize(&context->session->s_ctx, context->keyObject->keyId, &key_size_bytes); +- if (ret_val != SM_OK) { +- return 1; +- } +- +- outlength = key_size_bytes; +- nb_pad = outlength; +- +- switch (context->algorithm) { +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1: +- oid1[0] = 0x2b; +- oid1[1] = 0x0e; +- oid1[2] = 0x03; +- oid1[3] = 0x02; +- oid1[4] = 0x1a; +- oid_size = 5; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224: +- oid1[8] = 0x04; +- oid_size = 9; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256: +- oid1[8] = 0x01; +- oid_size = 9; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384: +- oid1[8] = 0x02; +- oid_size = 9; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512: +- oid1[8] = 0x03; +- oid_size = 9; +- break; +- default: +- return 1; +- } +- +- if (outlength < (hashlen + oid_size + 6 /* DigestInfo TLV overhead */)) { +- LOG_E("Intended encoded message length too short"); +- return 1; +- } +- +- if (*outLen < outlength) { +- LOG_E("Out buffer memory is less "); +- return 1; +- } +- *outLen = outlength; +- +- /* Double-check that 8 + hashlen + oid_size can be used as a +- * 1-byte ASN.1 length encoding and that there's no overflow. */ +- if (8 + hashlen + oid_size >= 0x80) +- return 1; +- +- /* +- * Static bounds check: +- * - Need 10 bytes for five tag-length pairs. +- * (Insist on 1-byte length encodings to protect against variants of +- * Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification) +- * - Need hashlen bytes for hash +- * - Need oid_size bytes for hash alg OID. +- */ +- if (nb_pad < 10 + hashlen + oid_size) +- return 1; +- nb_pad -= 10 + hashlen + oid_size; +- +- /* Need space for signature header and padding delimiter (3 bytes), +- * and 8 bytes for the minimal padding */ +- if (nb_pad < 3 + 8) +- return 1; +- nb_pad -= 3; +- +- /* Now nb_pad is the amount of memory to be filled +- * with padding, and at least 8 bytes long. */ +- +- /* Write signature header and padding */ +- *p++ = 0; +- *p++ = RSA_Sign; +- memset(p, 0xFF, nb_pad); +- p += nb_pad; +- *p++ = 0; +- +- /* Signing hashed data, add corresponding ASN.1 structure +- * +- * DigestInfo ::= SEQUENCE { +- * digestAlgorithm DigestAlgorithmIdentifier, +- * digest Digest } +- * DigestAlgorithmIdentifier ::= AlgorithmIdentifier +- * Digest ::= OCTET STRING +- * +- * Schematic: +- * TAG-SEQ + LEN [ TAG-SEQ + LEN [ TAG-OID + LEN [ OID ] +- * TAG-NULL + LEN [ NULL ] ] +- * TAG-OCTET + LEN [ HASH ] ] +- */ +- *p++ = ASN1_sequence | ASN1_constructed; +- *p++ = (unsigned char)(0x08 + oid_size + hashlen); +- *p++ = ASN1_sequence | ASN1_constructed; +- *p++ = (unsigned char)(0x04 + oid_size); +- *p++ = ASN1_oid; +- *p++ = (unsigned char)oid_size; +- memcpy(p, oid1, oid_size); +- p += oid_size; +- *p++ = ASN1_null; +- *p++ = 0x00; +- *p++ = ASN1_octat_string; +- *p++ = (unsigned char)hashlen; +- memcpy(p, hash, hashlen); +- p += hashlen; +- +- /* Just a sanity-check, should be automatic +- * after the initial bounds check. */ +- if (p != out + outlength) { +- memset(out, 0, outlength); +- return 1; +- } +- +- return 0; +-} +- +-uint8_t pkcs1_v15_encode_no_hash( +- sss_se05x_asymmetric_t *context, const uint8_t *hash, size_t hashlen, uint8_t *out, size_t *outLen) +-{ +- uint16_t key_size_bytes = 0; +- smStatus_t ret_val = SM_NOT_OK; +- +- ret_val = Se05x_API_ReadSize(&context->session->s_ctx, context->keyObject->keyId, &key_size_bytes); +- if (ret_val != SM_OK) { +- return 1; +- } +- +- if (hashlen > (size_t)(key_size_bytes - 11)) { +- return 1; +- } +- +- if (*outLen < key_size_bytes) { +- return 1; +- } +- +- memset(out, 0xFF, *outLen); +- out[0] = 0x00; +- out[1] = 0x01; +- out[key_size_bytes - hashlen - 1] = 0x00; +- memcpy(&out[key_size_bytes - hashlen], hash, hashlen); +- +- *outLen = key_size_bytes; +- +- return 0; +-} +- +-uint8_t sss_mgf_mask_func(uint8_t *dst, +- size_t dlen, +- uint8_t *src, +- size_t slen, +- sss_algorithm_t sha_algorithm, +- sss_se05x_asymmetric_t *context) +-{ +- uint8_t mask[64]; /* MAX - SHA512*/ +- uint8_t counter[4]; +- uint8_t *p; +- size_t i, use_len; +- uint8_t ret = 1; +- sss_status_t status = kStatus_SSS_Fail; +- sss_digest_t digest; +- size_t digestLen = 512; /* MAX - SHA512*/ +- size_t hashlength = slen; +- +- memset(mask, 0, 64); +- memset(counter, 0, 4); +- +- status = sss_digest_context_init(&digest, (sss_session_t *)context->session, sha_algorithm, kMode_SSS_Digest); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- /* Generate and apply dbMask */ +- p = dst; +- +- while (dlen > 0) { +- use_len = hashlength; +- if (dlen < hashlength) +- use_len = dlen; +- +- status = sss_digest_init(&digest); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_update(&digest, src, slen); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_update(&digest, counter, 4); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_finish(&digest, mask, &digestLen); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- for (i = 0; i < use_len; ++i) +- *p++ ^= mask[i]; +- +- counter[3]++; +- +- dlen -= use_len; +- } +- +- sss_digest_context_free(&digest); +- +- ret = 0; +- +-exit: +- return ret; +-} +- +-// Note-1: This function does not implement the full EMSA-PSS Encoding Operation operation +-// (refer to RFC 8017 Section 9.1 Figure 2), the caller MUST pass 'mHash' (= Hash(M)) as input +-// via function argument(s) hash / haslen. +-// +-// Note-2: Any hash value passed as input that does not match (in byte length) +-// the hash requested for the signature (kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHAxxx) +-// will be rejected. +-// +-uint8_t emsa_encode(sss_se05x_asymmetric_t *context, const uint8_t *hash, size_t hashlen, uint8_t *out, size_t *outLen) +-{ +- size_t outlength = 0; +- uint8_t *p = out; +- uint8_t salt[64] = { +- 0, +- }; +- uint32_t saltlength = 0; +- uint32_t hashlength = 0; +- uint32_t offset = 0; +- uint8_t ret = 1; +- size_t msb; +- sss_rng_context_t rng; +- sss_digest_t digest; +- sss_algorithm_t sha_algorithm = kAlgorithm_None; +- size_t digestLen = 512; /* MAX - SHA512*/ +- sss_status_t status = kStatus_SSS_Fail; +- uint16_t key_size_bytes = 0; +- smStatus_t ret_val = SM_NOT_OK; +- +- ret_val = Se05x_API_ReadSize(&context->session->s_ctx, context->keyObject->keyId, &key_size_bytes); +- if (ret_val != SM_OK) { +- goto exit; +- } +- +- outlength = key_size_bytes; +- +- switch (context->algorithm) { +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1: +- hashlength = 20; +- sha_algorithm = kAlgorithm_SSS_SHA1; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224: +- hashlength = 28; +- sha_algorithm = kAlgorithm_SSS_SHA224; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256: +- if (key_size_bytes <= 64) { /* RSA Key size = 512 */ +- LOG_E("SHA256 not supported with this RSA key"); +- goto exit; +- } +- hashlength = 32; +- sha_algorithm = kAlgorithm_SSS_SHA256; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384: +- if (key_size_bytes <= 64) { /* RSA Key size = 512 */ +- LOG_E("SHA384 not supported with this RSA key"); +- goto exit; +- } +- hashlength = 48; +- sha_algorithm = kAlgorithm_SSS_SHA384; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512: +- if (key_size_bytes <= 128) { /* RSA Key size = 1024 and 512 */ +- LOG_E("SHA512 not supported with this RSA key"); +- goto exit; +- } +- hashlength = 64; +- sha_algorithm = kAlgorithm_SSS_SHA512; +- break; +- default: +- goto exit; +- } +- +- if (hashlength != hashlen) { +- ret_val = SM_NOT_OK; +- goto exit; +- } +- +- saltlength = hashlength; +- *outLen = outlength; +- +- /* Generate salt of length saltlength */ +- status = sss_rng_context_init(&rng, (sss_session_t *)context->session /* session */); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_rng_get_random(&rng, salt, saltlength); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- msb = (outlength * 8) - 1; +- p += outlength - hashlength * 2 - 2; +- *p++ = 0x01; +- memcpy(p, salt, saltlength); +- p += saltlength; +- +- status = sss_digest_context_init(&digest, (sss_session_t *)context->session, sha_algorithm, kMode_SSS_Digest); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_init(&digest); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_update(&digest, p, 8); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_update(&digest, hash, hashlen); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_update(&digest, salt, saltlength); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_finish(&digest, p, &digestLen); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- sss_digest_context_free(&digest); +- +- if (msb % 8 == 0) +- offset = 1; +- +- /* Apply MGF Mask */ +- if (0 != +- sss_mgf_mask_func(out + offset, outlength - hashlength - 1 - offset, p, hashlength, sha_algorithm, context)) +- goto exit; +- +- out[0] &= 0xFF >> (outlength * 8 - msb); +- +- p += hashlength; +- *p++ = 0xBC; +- +- ret = 0; +- +-exit: +- return ret; +-} +- +-uint8_t emsa_decode_and_compare( +- sss_se05x_asymmetric_t *context, uint8_t *sig, size_t siglen, uint8_t *hash, size_t hashlen) +-{ +- uint8_t *p; +- uint8_t *hash_start; +- uint8_t result[512]; +- uint8_t ret = 1; +- uint32_t hlen; +- uint8_t zeros[8]; +- uint32_t observed_salt_len, msb; +- uint8_t buf[1024]; +- sss_algorithm_t sha_algorithm = kAlgorithm_None; +- sss_digest_t digest; +- size_t digestLen = 512; /* MAX - SHA512*/ +- sss_status_t status = kStatus_SSS_Fail; +- +- memcpy(buf, sig, siglen); +- +- switch (context->algorithm) { +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1: +- hlen = 20; +- sha_algorithm = kAlgorithm_SSS_SHA1; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224: +- hlen = 28; +- sha_algorithm = kAlgorithm_SSS_SHA224; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256: +- hlen = 32; +- sha_algorithm = kAlgorithm_SSS_SHA256; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384: +- hlen = 48; +- sha_algorithm = kAlgorithm_SSS_SHA384; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512: +- hlen = 64; +- sha_algorithm = kAlgorithm_SSS_SHA512; +- break; +- default: +- goto exit; +- } +- +- p = buf; +- +- if (buf[siglen - 1] != 0xBC) { +- goto exit; +- } +- +- memset(zeros, 0, 8); +- +- msb = (hlen * 8) - 1; +- +- if (buf[0] >> (8 - siglen * 8 + msb)) +- goto exit; +- +- if (siglen < hlen + 2) +- goto exit; +- hash_start = p + siglen - hlen - 1; +- +- if (0 != sss_mgf_mask_func(p, siglen - hlen - 1, hash_start, hlen, sha_algorithm, context)) +- goto exit; +- +- buf[0] &= 0xFF >> ((siglen * 8 - msb) % 8); +- +- while (p < hash_start - 1 && *p == 0) +- p++; +- +- if (*p++ != 0x01) { +- goto exit; +- } +- +- observed_salt_len = hash_start - p; +- +- status = sss_digest_context_init(&digest, (sss_session_t *)context->session, sha_algorithm, kMode_SSS_Digest); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_init(&digest); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_update(&digest, zeros, 8); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_update(&digest, hash, hashlen); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_update(&digest, p, observed_salt_len); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- status = sss_digest_finish(&digest, result, &digestLen); +- if (status != kStatus_SSS_Success) { +- goto exit; +- } +- +- sss_digest_context_free(&digest); +- +- if (memcmp(hash_start, result, hlen) != 0) { +- goto exit; +- } +- +- ret = 0; +- +-exit: +- return ret; +-} +- +-#endif +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/keystore/keystore_cmn.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/keystore/keystore_cmn.c +deleted file mode 100644 +index 63630467fe..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/keystore/keystore_cmn.c ++++ /dev/null +@@ -1,291 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/* Common Key store implementation between keystore_a7x and keystore_pc */ +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#include +-#include +-#include +-#include +-#include +-#include +- +-/* ************************************************************************** */ +-/* Local Defines */ +-/* ************************************************************************** */ +- +-#define KEYSTORE_MAGIC (0xA71C401L) +-#define KEYSTORE_VERSION (0x0004) +- +-/* ************************************************************************** */ +-/* Structures and Typedefs */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Static function declarations */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Public Functions */ +-/* ************************************************************************** */ +- +-void ks_common_init_fat(keyStoreTable_t *keystore_shadow, keyIdAndTypeIndexLookup_t *lookup_entires, size_t max_entries) +-{ +- memset(keystore_shadow, 0, sizeof(*keystore_shadow)); +- keystore_shadow->magic = KEYSTORE_MAGIC; +- keystore_shadow->version = KEYSTORE_VERSION; +- keystore_shadow->maxEntries = (uint16_t)max_entries; +- keystore_shadow->entries = lookup_entires; +- memset(keystore_shadow->entries, 0, sizeof(*lookup_entires) * max_entries); +-} +- +-sss_status_t ks_common_update_fat(keyStoreTable_t *keystore_shadow, +- uint32_t extId, +- sss_key_part_t key_part, +- sss_cipher_type_t cipherType, +- uint8_t intIndex, +- uint32_t accessPermission, +- uint16_t keyLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- uint32_t i; +- bool found_entry = FALSE; +- uint8_t slots_req = 1; +- uint8_t entries_written = 0; +- uint16_t keyLen_roundoff = 0; +- retval = isValidKeyStoreShadow(keystore_shadow); +- if (retval != kStatus_SSS_Success) +- goto cleanup; +- for (i = 0; i < keystore_shadow->maxEntries; i++) { +- keyIdAndTypeIndexLookup_t *keyEntry = &keystore_shadow->entries[i]; +- if (keyEntry->extKeyId == extId) { +- LOG_W("ENTRY already exists 0x%04X", extId); +- retval = kStatus_SSS_Fail; +- found_entry = TRUE; +- break; +- } +- } +- +- if (key_part == kSSS_KeyPart_Default && (cipherType == kSSS_CipherType_AES || cipherType == kSSS_CipherType_HMAC)) { +- keyLen_roundoff = ((keyLen / 16) * 16) + ((keyLen % 16) == 0 ? 0 : 16); +- slots_req = (keyLen_roundoff / 16); +- } +- +- if (!found_entry) { +- retval = kStatus_SSS_Fail; +- for (i = 0; i < keystore_shadow->maxEntries; i++) { +- keyIdAndTypeIndexLookup_t *keyEntry = &keystore_shadow->entries[i]; +- if (keyEntry->extKeyId == 0) { +- keyEntry->extKeyId = extId; +- keyEntry->keyIntIndex = intIndex; +- keyEntry->keyPart = key_part | ((slots_req - 1) << 4); +- keyEntry->cipherType = cipherType; +- //keyEntry->accessPermission = accessPermission; +- +- entries_written++; +- if (entries_written == slots_req) { +- retval = kStatus_SSS_Success; +- break; +- } +- } +- } +- } +-cleanup: +- return retval; +-} +- +-sss_status_t ks_common_remove_fat(keyStoreTable_t *keystore_shadow, uint32_t extId) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- uint32_t i; +- bool found_entry = FALSE; +- retval = isValidKeyStoreShadow(keystore_shadow); +- if (retval != kStatus_SSS_Success) +- goto cleanup; +- +- for (i = 0; i < keystore_shadow->maxEntries; i++) { +- keyIdAndTypeIndexLookup_t *keyEntry = &keystore_shadow->entries[i]; +- if (keyEntry->extKeyId == extId) { +- retval = kStatus_SSS_Success; +- memset(keyEntry, 0, sizeof(keyIdAndTypeIndexLookup_t)); +- found_entry = TRUE; +- } +- } +- if (!found_entry) { +- retval = kStatus_SSS_Fail; +- } +-cleanup: +- return retval; +-} +- +-/* ************************************************************************** */ +-/* Private Functions */ +-/* ************************************************************************** */ +- +-sss_status_t keystore_shadow_From2_To_3(keyStoreTable_t *keystore_shadow) +-{ +- int i = 0; +- for (i = 0; i < keystore_shadow->maxEntries; i++) { +- keyIdAndTypeIndexLookup_t *keyEntry = &keystore_shadow->entries[i]; +- if (keyEntry != NULL) { +- uint16_t org_keyIntIndex = (keyEntry->cipherType) | ((keyEntry->keyIntIndex) << 8); +- +- switch (keyEntry->keyPart) { +- case 0: +- continue; +- case 1: +- keyEntry->keyPart = kSSS_KeyPart_Default; +- keyEntry->cipherType = kSSS_CipherType_Certificate; +- break; +- case 2: +- keyEntry->keyPart = kSSS_KeyPart_Default; +- keyEntry->cipherType = kSSS_CipherType_AES; +- break; +- case 3: +- keyEntry->keyPart = kSSS_KeyPart_Default; +- keyEntry->cipherType = kSSS_CipherType_DES; +- break; +- case 4: +- keyEntry->keyPart = kSSS_KeyPart_Default; +- keyEntry->cipherType = kSSS_CipherType_CMAC; +- break; +-#if SSSFTR_RSA +- case 5: +- keyEntry->keyPart = kSSS_KeyPart_Public; +- keyEntry->cipherType = kSSS_CipherType_RSA_CRT; +- break; +-#endif +- case 6: +- keyEntry->keyPart = kSSS_KeyPart_Public; +- keyEntry->cipherType = kSSS_CipherType_EC_NIST_P; +- break; +- case 7: +- keyEntry->keyPart = kSSS_KeyPart_Public; +- keyEntry->cipherType = kSSS_CipherType_EC_MONTGOMERY; +- break; +- case 8: +- keyEntry->keyPart = kSSS_KeyPart_Public; +- keyEntry->cipherType = kSSS_CipherType_EC_TWISTED_ED; +- break; +-#if SSSFTR_RSA +- case 9: +- keyEntry->keyPart = kSSS_KeyPart_Private; +- keyEntry->cipherType = kSSS_CipherType_RSA_CRT; +- break; +-#endif +- case 10: +- keyEntry->keyPart = kSSS_KeyPart_Private; +- keyEntry->cipherType = kSSS_CipherType_EC_NIST_P; +- break; +- case 11: +- keyEntry->keyPart = kSSS_KeyPart_Private; +- keyEntry->cipherType = kSSS_CipherType_EC_MONTGOMERY; +- break; +- case 12: +- keyEntry->keyPart = kSSS_KeyPart_Private; +- keyEntry->cipherType = kSSS_CipherType_EC_TWISTED_ED; +- break; +-#if SSSFTR_RSA +- case 13: +- keyEntry->keyPart = kSSS_KeyPart_Pair; +- keyEntry->cipherType = kSSS_CipherType_RSA_CRT; +- break; +-#endif +- case 14: +- keyEntry->keyPart = kSSS_KeyPart_Pair; +- keyEntry->cipherType = kSSS_CipherType_EC_NIST_P; +- break; +- case 15: +- keyEntry->keyPart = kSSS_KeyPart_Pair; +- keyEntry->cipherType = kSSS_CipherType_EC_MONTGOMERY; +- break; +- case 16: +- keyEntry->keyPart = kSSS_KeyPart_Pair; +- keyEntry->cipherType = kSSS_CipherType_EC_TWISTED_ED; +- break; +- case 17: +- keyEntry->keyPart = kSSS_KeyPart_Default; +- keyEntry->cipherType = kSSS_CipherType_UserID; +- break; +- default: +- LOG_E("Error in keystore_shadow_From2_To_3"); +- return kStatus_SSS_Fail; +- } +- +- keyEntry->keyIntIndex = (uint8_t)org_keyIntIndex; +- } +- } +- +- return kStatus_SSS_Success; +-} +- +-sss_status_t keystore_shadow_From3_To_4(keyStoreTable_t *keystore_shadow) +-{ +- int i = 0; +- for (i = 0; i < keystore_shadow->maxEntries; i++) { +- keyIdAndTypeIndexLookup_t *keyEntry = &keystore_shadow->entries[i]; +- if (keyEntry != NULL) { +- switch (keyEntry->keyPart) { +- case kSSS_KeyPart_NONE: +- break; +- case kSSS_KeyPart_Default: +- if (keyEntry->cipherType == kSSS_CipherType_Certificate) { +- keyEntry->cipherType = kSSS_CipherType_Binary; +- } +- break; +- default: +- LOG_E("Error in keystore_shadow_From3_To_4"); +- return kStatus_SSS_Fail; +- } +- } +- } +- +- return kStatus_SSS_Success; +-} +- +-sss_status_t isValidKeyStoreShadow(keyStoreTable_t *keystore_shadow) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- if (keystore_shadow != NULL) { +- if (keystore_shadow->magic != KEYSTORE_MAGIC) { +- LOG_E("Mismatch.keystore_shadow->magic and KEYSTORE_MAGIC"); +- retval = kStatus_SSS_Fail; +- goto cleanup; +- } +- if (keystore_shadow->version != KEYSTORE_VERSION) { +- if (keystore_shadow->version == 0x0002) { +- retval = keystore_shadow_From2_To_3(keystore_shadow); +- retval = keystore_shadow_From3_To_4(keystore_shadow); +- } +- else if (keystore_shadow->version == 0x0003) { +- retval = keystore_shadow_From3_To_4(keystore_shadow); +- } +- else { +- LOG_E(" Version mismatch."); +- retval = kStatus_SSS_Fail; +- } +- goto cleanup; +- } +- if (keystore_shadow->maxEntries == 0) { +- LOG_E("Keystore not yet allocated"); +- retval = kStatus_SSS_Fail; +- goto cleanup; +- } +- } +- else { +- retval = kStatus_SSS_Fail; +- } +-cleanup: +- return retval; +-} +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/keystore/keystore_openssl.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/keystore/keystore_openssl.c +deleted file mode 100644 +index 8fbc6abde6..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/keystore/keystore_openssl.c ++++ /dev/null +@@ -1,224 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/* Key store in PC : For testing */ +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#include +-#include +-#include +-#include +-#include +- +-#include "nxLog_sss.h" +-#if SSS_HAVE_OPENSSL +-#include +- +-/* ************************************************************************** */ +-/* Local Defines */ +-/* ************************************************************************** */ +- +-/* File allocation table file name */ +-#define FAT_FILENAME "sss_fat.bin" +-#define MAX_FILE_NAME_SIZE 255 +- +-/* ************************************************************************** */ +-/* Structures and Typedefs */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Static function declarations */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Public Functions */ +-/* ************************************************************************** */ +- +-sss_status_t ks_openssl_load_key(sss_openssl_object_t *sss_key, keyStoreTable_t *keystore_shadow, uint32_t extKeyId) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- char file_name[MAX_FILE_NAME_SIZE]; +- FILE *fp = NULL; +- //const char *root_folder = sss_key->keyStore->session->szRootPath; +- size_t size = 0; +- uint32_t i; +- keyIdAndTypeIndexLookup_t *shadowEntry = NULL; +- EVP_PKEY *pkey = NULL; +- +- for (i = 0; i < sss_key->keyStore->max_object_count; i++) { +- if (keystore_shadow->entries[i].extKeyId == extKeyId) { +- shadowEntry = &keystore_shadow->entries[i]; +- sss_key->keyId = shadowEntry->extKeyId; +- sss_key->cipherType = shadowEntry->cipherType; +- sss_key->objectType = (shadowEntry->keyPart & 0x0F); +- ks_sw_getKeyFileName( +- file_name, sizeof(file_name), (const sss_object_t *)sss_key, sss_key->keyStore->session->szRootPath); +- retval = kStatus_SSS_Success; +- break; +- } +- } +- if (retval == kStatus_SSS_Success) { +- fp = fopen(file_name, "rb"); +- if (fp == NULL) { +- LOG_E("Can not open file"); +- retval = kStatus_SSS_Fail; +- } +- else { +- /*Buffer: max RSA key*/ +- uint8_t keyBuf[3000]; +- const uint8_t *buf_ptr = keyBuf; +- long signed_size = 0; +- fseek(fp, 0, SEEK_END); +- signed_size = ftell(fp); +- if (signed_size < 0) { +- retval = kStatus_SSS_Fail; +- fclose(fp); +- return retval; +- } +- size = (size_t)signed_size; +- fseek(fp, 0, SEEK_SET); +- if (!fread(keyBuf, size, 1, fp)) { +- LOG_E("Error in fread"); +- } +- fclose(fp); +- retval = sss_openssl_key_object_allocate(sss_key, +- shadowEntry->extKeyId, +- (shadowEntry->keyPart & 0x0F), +- shadowEntry->cipherType, +- size, +- kKeyObject_Mode_Persistent); +- if (retval == kStatus_SSS_Success) { +- switch (sss_key->cipherType) { +- case kSSS_CipherType_RSA: +- case kSSS_CipherType_RSA_CRT: { +- if (sss_key->contents != NULL) +- SSS_FREE((void *)sss_key->contents); +- if (sss_key->objectType == kSSS_KeyPart_Public) +- pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &buf_ptr, (long)size); +- else +- pkey = d2i_AutoPrivateKey(NULL, &buf_ptr, (long)size); +- +- if (pkey == NULL) +- retval = kStatus_SSS_Fail; +- else +- sss_key->contents = (void *)pkey; +- +- sss_key->keyBitLen = EVP_PKEY_bits(pkey); +- } break; +- case kSSS_CipherType_EC_NIST_P: +- case kSSS_CipherType_EC_NIST_K: +- case kSSS_CipherType_EC_BRAINPOOL: +- case kSSS_CipherType_EC_MONTGOMERY: +- case kSSS_CipherType_EC_TWISTED_ED: { +- if (sss_key->contents != NULL) +- EVP_PKEY_free((EVP_PKEY *)sss_key->contents); +- if (sss_key->objectType == kSSS_KeyPart_Public) +- pkey = d2i_PublicKey(EVP_PKEY_EC, NULL, &buf_ptr, (long)size); +- else +- pkey = d2i_AutoPrivateKey(NULL, &buf_ptr, (long)size); +- +- if (pkey == NULL) +- retval = kStatus_SSS_Fail; +- else +- sss_key->contents = (void *)pkey; +- sss_key->keyBitLen = EVP_PKEY_bits(pkey); +- } break; +- default: { +- retval = sss_openssl_key_store_set_key(sss_key->keyStore, sss_key, keyBuf, size, size * 8, NULL, 0); +- } break; +- } +- } +- } +- } +- return retval; +-} +- +-sss_status_t ks_openssl_store_key(const sss_openssl_object_t *sss_key) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- char file_name[MAX_FILE_NAME_SIZE]; +- FILE *fp = NULL; +- unsigned char *Buffer = NULL; +- ks_sw_getKeyFileName( +- file_name, sizeof(file_name), (const sss_object_t *)sss_key, sss_key->keyStore->session->szRootPath); +- fp = fopen(file_name, "wb+"); +- if (fp == NULL) { +- LOG_E("Can not open file"); +- retval = kStatus_SSS_Fail; +- } +- else { +- int len = 0; +- EVP_PKEY *pk; +- pk = (EVP_PKEY *)sss_key->contents; +- switch (sss_key->objectType) { +- case kSSS_KeyPart_Default: +- fwrite(sss_key->contents, sss_key->contents_max_size, 1, fp); +- retval = kStatus_SSS_Success; +- break; +- case kSSS_KeyPart_Pair: +- case kSSS_KeyPart_Private: +- len = i2d_PrivateKey(pk, NULL); +- if (len < 0) +- goto exit; +- //Buffer = (unsigned char *)malloc(len + 1); +- len = i2d_PrivateKey(pk, &Buffer); +- if (len < 0) +- goto exit; +- break; +- case kSSS_KeyPart_Public: +- len = i2d_PublicKey(pk, NULL); +- if (len < 0) +- goto exit; +- +- //Buffer = (unsigned char *)malloc(len + 1); +- len = i2d_PublicKey(pk, &Buffer); +- if (len < 0) +- goto exit; +- break; +- } +- if (len > 0 && retval != kStatus_SSS_Success) { +- fwrite(Buffer, len, 1, fp); +- retval = kStatus_SSS_Success; +- } +- } +-exit: +- if (fp != NULL) +- fclose(fp); +- if (Buffer != NULL) +- SSS_FREE(Buffer); +- return retval; +-} +- +-#ifdef _MSC_VER +-#define UNLINK _unlink +-#else +-#define UNLINK unlink +-#endif +- +-sss_status_t ks_openssl_remove_key(const sss_openssl_object_t *sss_key) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- char file_name[MAX_FILE_NAME_SIZE]; +- ks_sw_getKeyFileName( +- file_name, sizeof(file_name), (const sss_object_t *)sss_key, sss_key->keyStore->session->szRootPath); +- if (0 == UNLINK(file_name)) { +- retval = kStatus_SSS_Success; +- } +- return retval; +-} +- +-/* ************************************************************************** */ +-/* Private Functions */ +-/* ************************************************************************** */ +- +-#endif /* OpenSSL */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/keystore/keystore_pc.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/keystore/keystore_pc.c +deleted file mode 100644 +index 5e344549fd..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/keystore/keystore_pc.c ++++ /dev/null +@@ -1,340 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/* Key store in PC : For testing */ +- +-/* ************************************************************************** */ +-/* Includes */ +-/* ************************************************************************** */ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#include +- +-#if SSS_HAVE_MBEDTLS +-#include +-#endif +- +-#if SSS_HAVE_OPENSSL +-#include +-#endif +- +-#include +-#include +-#include +-#include +- +-#include "nxLog_sss.h" +-#include "sm_types.h" +- +-#if (defined(MBEDTLS_FS_IO) && !AX_EMBEDDED && !__MBED__) || SSS_HAVE_OPENSSL +- +-/* ************************************************************************** */ +-/* Local Defines */ +-/* ************************************************************************** */ +- +-/* File allocation table file name */ +-#define FAT_FILENAME "sss_fat.bin" +-#define MAX_FILE_NAME_SIZE 255 +- +-/* ************************************************************************** */ +-/* Structures and Typedefs */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Global Variables */ +-/* ************************************************************************** */ +- +-// keyStoreTable_t gKeyStoreShadow; +-// keyIdAndTypeIndexLookup_t gLookupEntires[KS_N_ENTIRES]; +- +-/* ************************************************************************** */ +-/* Static function declarations */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Public Functions */ +-/* ************************************************************************** */ +- +-/* For the key sss_key, what will the file name look like */ +-void ks_sw_getKeyFileName( +- char *const file_name, const size_t size, const sss_object_t *sss_key, const char *root_folder) +-{ +- uint32_t keyId = sss_key->keyId; +- uint16_t keyType = sss_key->objectType; +- uint16_t cipherType = sss_key->cipherType; +- SNPRINTF(file_name, size - 1, "%s/sss_%08X_%04d_%04d.bin", root_folder, keyId, keyType, cipherType); +-} +- +-void ks_sw_fat_allocate(keyStoreTable_t **keystore_shadow) +-{ +- keyStoreTable_t *pKeyStoreShadow = SSS_MALLOC(sizeof(keyStoreTable_t)); +- if (pKeyStoreShadow == NULL) { +- LOG_E("Error in pKeyStoreShadow mem allocation"); +- return; +- } +- keyIdAndTypeIndexLookup_t *ppLookupEntires = SSS_MALLOC(KS_N_ENTIRES * sizeof(keyIdAndTypeIndexLookup_t)); +- if (ppLookupEntires == NULL) { +- LOG_E("Error in ppLookupEntires mem allocation"); +- SSS_FREE(pKeyStoreShadow); +- return; +- } +- +- //for (int i = 0; i < KS_N_ENTIRES; i++) { +- // ppLookupEntires[i] = calloc(1, sizeof(keyIdAndTypeIndexLookup_t)); +- //} +- memset(ppLookupEntires, 0, (KS_N_ENTIRES * sizeof(keyIdAndTypeIndexLookup_t))); +- ks_common_init_fat(pKeyStoreShadow, ppLookupEntires, KS_N_ENTIRES); +- *keystore_shadow = pKeyStoreShadow; +-} +- +-void ks_sw_fat_free(keyStoreTable_t *keystore_shadow) +-{ +- if (NULL != keystore_shadow) { +- if (NULL != keystore_shadow->entries) { +- //for (int i = 0; i < keystore_shadow->maxEntries; i++) { +- // free(keystore_shadow->entries[i]); +- //} +- SSS_FREE(keystore_shadow->entries); +- } +- memset(keystore_shadow, 0, sizeof(*keystore_shadow)); +- SSS_FREE(keystore_shadow); +- } +-} +- +-void ks_sw_fat_remove(const char *szRootPath) +-{ +- char file_name[MAX_FILE_NAME_SIZE]; +- FILE *fp = NULL; +- SNPRINTF(file_name, sizeof(file_name), "%s/" FAT_FILENAME, szRootPath); +- fp = fopen(file_name, "rb"); +- if (fp == NULL) { +- /* OK. File does not exist. */ +- } +- else { +- fclose(fp); +-#ifdef _WIN32 +- _unlink(file_name); +-#else +- unlink(file_name); +-#endif +- } +-} +- +-static sss_status_t ks_sw_fat_update(keyStoreTable_t *keystore_shadow, const char *szRootPath) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- char file_name[MAX_FILE_NAME_SIZE]; +- FILE *fp = NULL; +- SNPRINTF(file_name, sizeof(file_name), "%s/" FAT_FILENAME, szRootPath); +- fp = fopen(file_name, "wb+"); +- if (fp == NULL) { +- LOG_E("Can not open the file"); +- retval = kStatus_SSS_Fail; +- } +- else { +- fseek(fp, 0, SEEK_SET); +- fwrite(keystore_shadow, sizeof(*keystore_shadow), 1, fp); +- fwrite(keystore_shadow->entries, sizeof(*keystore_shadow->entries) * keystore_shadow->maxEntries, 1, fp); +- fclose(fp); +- } +- return retval; +-} +- +-#if defined(MBEDTLS_FS_IO) +-sss_status_t ks_mbedtls_fat_update(sss_mbedtls_key_store_t *keyStore) +-{ +- return ks_sw_fat_update(keyStore->keystore_shadow, keyStore->session->szRootPath); +-} +-#endif +- +-#if SSS_HAVE_OPENSSL +-sss_status_t ks_openssl_fat_update(sss_openssl_key_store_t *keyStore) +-{ +- return ks_sw_fat_update(keyStore->keystore_shadow, keyStore->session->szRootPath); +-} +-#endif +- +-sss_status_t ks_sw_fat_load(const char *szRootPath, keyStoreTable_t *pKeystore_shadow) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- char file_name[MAX_FILE_NAME_SIZE]; +- FILE *fp = NULL; +- size_t ret; +- ENSURE_OR_GO_CLEANUP(pKeystore_shadow); +- keyStoreTable_t fileShadow; +- SNPRINTF(file_name, sizeof(file_name), "%s/" FAT_FILENAME, szRootPath); +- fp = fopen(file_name, "rb"); +- if (fp == NULL) { +- /* File did not exist, and it's OK most of the time +- * because the test code comes through this path. +- * hence return fail, but do not log any message. */ +- return kStatus_SSS_Fail; +- } +- +- ret = fread(&fileShadow, 1, sizeof(fileShadow), fp); +- if (ret > 0 && fileShadow.maxEntries == pKeystore_shadow->maxEntries && +- fileShadow.magic == pKeystore_shadow->magic && fileShadow.version == pKeystore_shadow->version) { +- ret = +- fread(pKeystore_shadow->entries, 1, sizeof(*pKeystore_shadow->entries) * pKeystore_shadow->maxEntries, fp); +- if (ret > 0) { +- retval = kStatus_SSS_Success; +- } +- } +- else { +- LOG_E("ERROR! keystore_shadow != pKeystore_shadow"); +- } +- fclose(fp); +-cleanup: +- return retval; +-} +- +-#if defined(MBEDTLS_FS_IO) +-sss_status_t ks_mbedtls_load_key(sss_mbedtls_object_t *sss_key, keyStoreTable_t *keystore_shadow, uint32_t extKeyId) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- char file_name[MAX_FILE_NAME_SIZE]; +- FILE *fp = NULL; +- //const char *root_folder = sss_key->keyStore->session->szRootPath; +- size_t size = 0; +- uint32_t i; +- keyIdAndTypeIndexLookup_t *shadowEntry = NULL; +- +- for (i = 0; i < sss_key->keyStore->max_object_count; i++) { +- if (keystore_shadow->entries[i].extKeyId == extKeyId) { +- shadowEntry = &keystore_shadow->entries[i]; +- sss_key->keyId = shadowEntry->extKeyId; +- sss_key->cipherType = shadowEntry->cipherType; +- sss_key->objectType = (shadowEntry->keyPart & 0x0F); +- +- ks_sw_getKeyFileName( +- file_name, sizeof(file_name), (const sss_object_t *)sss_key, sss_key->keyStore->session->szRootPath); +- retval = kStatus_SSS_Success; +- break; +- } +- } +- if (retval == kStatus_SSS_Success) { +- fp = fopen(file_name, "rb"); +- if (fp == NULL) { +- LOG_E("Can not open file"); +- retval = kStatus_SSS_Fail; +- } +- else { +- /* Buffer to hold max RSA Key*/ +- uint8_t *keyBuf = NULL; +- int signed_val = 0; +- fseek(fp, 0, SEEK_END); +- signed_val = ftell(fp); +- if (signed_val < 0) { +- LOG_E("File does not contain any data"); +- retval = kStatus_SSS_Fail; +- fclose(fp); +- return retval; +- } +- size = (size_t)signed_val; +- fseek(fp, 0, SEEK_SET); +- keyBuf = SSS_CALLOC(1, size); +- signed_val = (int)fread(keyBuf, size, 1, fp); +- if (signed_val < 0) { +- LOG_E("fread faild"); +- retval = kStatus_SSS_Fail; +- fclose(fp); +- if (keyBuf != NULL) { +- SSS_FREE(keyBuf); +- } +- return retval; +- } +- fclose(fp); +- retval = ks_mbedtls_key_object_create(sss_key, +- shadowEntry->extKeyId, +- (shadowEntry->keyPart & 0x0F), +- shadowEntry->cipherType, +- size, +- kKeyObject_Mode_Persistent); +- if (retval == kStatus_SSS_Success) { +- retval = sss_mbedtls_key_store_set_key( +- sss_key->keyStore, sss_key, keyBuf, size, size * 8 /* FIXME */, NULL, 0); +- } +- if (keyBuf != NULL) { +- SSS_FREE(keyBuf); +- } +- } +- } +- return retval; +-} +- +-sss_status_t ks_mbedtls_store_key(const sss_mbedtls_object_t *sss_key) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- char file_name[MAX_FILE_NAME_SIZE]; +- FILE *fp = NULL; +- ks_sw_getKeyFileName( +- file_name, sizeof(file_name), (const sss_object_t *)sss_key, sss_key->keyStore->session->szRootPath); +- fp = fopen(file_name, "wb+"); +- if (fp == NULL) { +- LOG_E(" Can not open the file"); +- retval = kStatus_SSS_Fail; +- } +- else { +- /* Buffer to hold max RSA Key*/ +- uint8_t key_buf[3000]; +- int ret = 0; +- unsigned char *c = key_buf; +- memset(key_buf, 0, sizeof(key_buf)); +- mbedtls_pk_context *pk; +- pk = (mbedtls_pk_context *)sss_key->contents; +- switch (sss_key->objectType) { +- case kSSS_KeyPart_Default: +- fwrite(sss_key->contents, sss_key->contents_max_size, 1, fp); +- retval = kStatus_SSS_Success; /* Allows to skip writing pem/der files */ +- break; +- case kSSS_KeyPart_Pair: +- case kSSS_KeyPart_Private: +- ret = mbedtls_pk_write_key_der(pk, key_buf, sizeof(key_buf)); +- break; +- case kSSS_KeyPart_Public: +- ret = mbedtls_pk_write_pubkey_der(pk, key_buf, sizeof(key_buf)); +- break; +- } +- if (ret > 0 && retval != kStatus_SSS_Success) { +- c = key_buf + sizeof(key_buf) - ret; +- fwrite(c, ret, 1, fp); +- retval = kStatus_SSS_Success; +- } +- fflush(fp); +- fclose(fp); +- } +- return retval; +-} +- +-#ifdef _MSC_VER +-#define UNLINK _unlink +-#else +-#define UNLINK unlink +-#endif +- +-sss_status_t ks_mbedtls_remove_key(const sss_mbedtls_object_t *sss_key) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- char file_name[MAX_FILE_NAME_SIZE]; +- ks_sw_getKeyFileName( +- file_name, sizeof(file_name), (const sss_object_t *)sss_key, sss_key->keyStore->session->szRootPath); +- if (0 == UNLINK(file_name)) { +- retval = kStatus_SSS_Success; +- } +- return retval; +-} +-#endif +- +-/* ************************************************************************** */ +-/* Private Functions */ +-/* ************************************************************************** */ +- +-#endif /* MBEDTLS_FS_IO */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/mbedtls/fsl_sss_mbedtls_apis.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/mbedtls/fsl_sss_mbedtls_apis.c +deleted file mode 100644 +index 20cd12d46c..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/mbedtls/fsl_sss_mbedtls_apis.c ++++ /dev/null +@@ -1,3183 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#include +- +-#define MBEDTLS_DO_LITTLE_ENDIAN +- +-#if SSS_HAVE_MBEDTLS +- +-#include +-#include +-#ifdef MBEDTLS_FS_IO +-#include +-#endif +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include +- +-// #include "../../ex/inc/ex_sss_objid.h" // Enable to test SIMW-656 +- +-#define MAX_KEY_OBJ_COUNT KS_N_ENTIRES +-#define MAX_FILE_NAME_SIZE 255 +-#define MAX_SHARED_SECRET_DERIVED_DATA 255 +-#define BEGIN_PRIVATE "-----BEGIN PRIVATE KEY-----\n" +-#define END_PRIVATE "\n-----END PRIVATE KEY-----" +-#define BEGIN_PUBLIC "-----BEGIN PUBLIC KEY-----\n" +-#define END_PUBLIC "\n-----END PUBLIC KEY-----" +- +-#define CIPHER_BLOCK_SIZE 16 +- +-/* ************************************************************************** */ +-/* Functions : Private sss mbedtls delceration */ +-/* ************************************************************************** */ +-static sss_status_t sss_mbedtls_drbg_seed(sss_mbedtls_session_t *pSession, const char *pers, size_t persLen); +- +-#if SSSFTR_SW_ECC && SSS_HAVE_TESTCOUNTERPART +-static sss_status_t sss_mbedtls_generate_ecp_key( +- mbedtls_pk_context *pkey, sss_mbedtls_session_t *pSession, size_t keyBitLen, sss_cipher_type_t key_typ); +-#endif +- +-#if SSSFTR_SW_RSA && SSS_HAVE_TESTCOUNTERPART +-static sss_status_t sss_mbedtls_generate_rsa_key( +- mbedtls_pk_context *pkey, sss_mbedtls_session_t *pSession, size_t keyBitLen); +-#endif +- +-#if SSSFTR_SW_TESTCOUNTERPART +-static sss_status_t sss_mbedtls_hkdf_extract(const mbedtls_md_info_t *md, +- const uint8_t *salt, +- size_t salt_len, +- const uint8_t *ikm, +- size_t ikm_len, +- uint8_t *prk); +- +-static sss_status_t sss_mbedtls_hkdf_expand(const mbedtls_md_info_t *md, +- const uint8_t *prk, +- size_t prk_len, +- const uint8_t *info, +- size_t info_len, +- uint8_t *okm, +- size_t okm_len); +-#endif +- +-static sss_status_t sss_mbedtls_set_key( +- sss_mbedtls_object_t *keyObject, const uint8_t *data, size_t dataLen, size_t keyBitLen); +- +-#if SSS_HAVE_TESTCOUNTERPART +-static sss_status_t sss_mbedtls_aead_ccm_finish( +- sss_mbedtls_aead_t *context, uint8_t *destData, size_t *destLen, uint8_t *tag, size_t *tagLen); +-static sss_status_t sss_mbedtls_aead_ccm_update(sss_mbedtls_aead_t *context, const uint8_t *srcData, size_t srcLen); +-#endif +-/* ************************************************************************** */ +-/* Functions : sss_mbedtls_session */ +-/* ************************************************************************** */ +- +-#ifndef MBEDTLS_CTR_DRBG_C +-#error Need MBEDTLS_CTR_DRBG_C defined +-#endif +- +-sss_status_t sss_mbedtls_session_create(sss_mbedtls_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- /* Nothing special to be handled */ +- return retval; +-} +- +-sss_status_t sss_mbedtls_session_open(sss_mbedtls_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData) +-{ +- sss_status_t retval = kStatus_SSS_InvalidArgument; +- memset(session, 0, sizeof(*session)); +- static const char pers[] = "mbedtls_session"; +- ENSURE_OR_GO_EXIT(connection_type == kSSS_ConnectionType_Plain); +- +-#ifdef MBEDTLS_FS_IO +- if (connectionData == NULL) { +- /* Nothing */ +- } +- else { +- const char *szRootPath = (const char *)connectionData; +- session->szRootPath = szRootPath; +- } +-#else +- if (connectionData != NULL) { +- /* Can't support connectionData != NULL for mbedTLS without +- * MBEDTLS_FS_IO */ +- retval = kStatus_SSS_InvalidArgument; +- goto exit; +- } +-#endif +- retval = kStatus_SSS_Fail; +- session->ctr_drbg = SSS_MALLOC(sizeof(*session->ctr_drbg)); +- ENSURE_OR_GO_EXIT(session->ctr_drbg != NULL); +- +- session->entropy = SSS_MALLOC(sizeof(*session->entropy)); +- ENSURE_OR_GO_EXIT(session->entropy != NULL); +- retval = kStatus_SSS_InvalidArgument; +- +- mbedtls_ctr_drbg_init((session->ctr_drbg)); +- mbedtls_entropy_init((session->entropy)); +- retval = sss_mbedtls_drbg_seed(session, pers, sizeof(pers) - 1); +- if (retval != kStatus_SSS_Success) { +- LOG_E("MbedTLS:DRBG Failed"); +- goto exit; +- } +- /* Success */ +- session->subsystem = subsystem; +- +-exit: +- return retval; +-} +- +-sss_status_t sss_mbedtls_session_prop_get_u32(sss_mbedtls_session_t *session, uint32_t property, uint32_t *pValue) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- /* TBU */ +- return retval; +-} +- +-sss_status_t sss_mbedtls_session_prop_get_au8( +- sss_mbedtls_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- /* TBU */ +- return retval; +-} +- +-void sss_mbedtls_session_close(sss_mbedtls_session_t *session) +-{ +- if (session->ctr_drbg != NULL) +- SSS_FREE(session->ctr_drbg); +- if (session->entropy != NULL) +- SSS_FREE(session->entropy); +- memset(session, 0, sizeof(*session)); +-} +- +-void sss_mbedtls_session_delete(sss_mbedtls_session_t *session) +-{ +- ; +-} +- +-/* End: mbedtls_session */ +- +-/* ************************************************************************** */ +-/* Functions : sss_mbedtls_keyobj */ +-/* ************************************************************************** */ +- +-sss_status_t sss_mbedtls_key_object_init(sss_mbedtls_object_t *keyObject, sss_mbedtls_key_store_t *keyStore) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyStore); +- memset(keyObject, 0, sizeof(*keyObject)); +- keyObject->keyStore = keyStore; +- retval = kStatus_SSS_Success; +-cleanup: +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_object_allocate_handle(sss_mbedtls_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t key_part, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t options) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyId != 0); +- ENSURE_OR_GO_CLEANUP(keyId != 0xFFFFFFFFu); +- +-#ifdef EX_SSS_OBJID_TEST_START +- if (keyId < EX_SSS_OBJID_TEST_START) +- return kStatus_SSS_Fail; +- if (keyId > EX_SSS_OBJID_TEST_END) +- return kStatus_SSS_Fail; +-#endif +- +- if (options != kKeyObject_Mode_Persistent && options != kKeyObject_Mode_Transient) { +- LOG_E("sss_mbedtls_key_object_allocate_handle option invalid 0x%X", options); +- retval = kStatus_SSS_Fail; +- goto cleanup; +- } +- if ((unsigned int)key_part > UINT8_MAX) { +- LOG_E(" Only objectType 8 bits wide supported"); +- retval = kStatus_SSS_Fail; +- goto cleanup; +- } +-#if defined(MBEDTLS_FS_IO) && !AX_EMBEDDED && !__MBED__ +- if (options == kKeyObject_Mode_Persistent) { +- uint32_t i; +- sss_mbedtls_object_t **ks; +- ENSURE_OR_GO_CLEANUP(keyObject->keyStore); +- ENSURE_OR_GO_CLEANUP(keyObject->keyStore->max_object_count != 0); +- retval = ks_common_update_fat( +- keyObject->keyStore->keystore_shadow, keyId, key_part, cipherType, 0, 0, (uint16_t)keyByteLenMax); +- ENSURE_OR_GO_CLEANUP(retval == kStatus_SSS_Success); +- ks = keyObject->keyStore->objects; +- retval = kStatus_SSS_Fail; +- for (i = 0; i < keyObject->keyStore->max_object_count; i++) { +- if (ks[i] == NULL) { +- ks[i] = keyObject; +- retval = ks_mbedtls_key_object_create(keyObject, keyId, key_part, cipherType, keyByteLenMax, options); +- break; +- } +- } +- } +- else +-#endif +- { +- retval = ks_mbedtls_key_object_create(keyObject, keyId, key_part, cipherType, keyByteLenMax, options); +- } +-cleanup: +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_object_get_handle(sss_mbedtls_object_t *keyObject, uint32_t keyId) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if defined(MBEDTLS_FS_IO) && !AX_EMBEDDED && !__MBED__ +- uint32_t i; +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyObject->keyStore); +- retval = kStatus_SSS_Success; +- /* If key store already has loaded this and shared this - fail */ +- for (i = 0; i < keyObject->keyStore->max_object_count; i++) { +- if (keyObject->keyStore->objects[i] != NULL && keyObject->keyStore->objects[i]->keyId == keyId) { +- /* Key Object already loaded and shared in another instance */ +- LOG_E("KeyID 0x%X already loaded / shared", keyId); +- retval = kStatus_SSS_Fail; +- break; +- } +- } +- if (retval == kStatus_SSS_Success) { +- for (i = 0; i < keyObject->keyStore->max_object_count; i++) { +- if (keyObject->keyStore->objects[i] == NULL) { +- retval = ks_mbedtls_load_key(keyObject, keyObject->keyStore->keystore_shadow, keyId); +- if (retval == kStatus_SSS_Success) { +- keyObject->keyStore->objects[i] = keyObject; +- } +- break; +- } +- } +- } +-cleanup: +-#endif +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_object_set_user(sss_mbedtls_object_t *keyObject, uint32_t user, uint32_t options) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_EXIT((keyObject->accessRights & kAccessPermission_SSS_ChangeAttributes)); +- retval = kStatus_SSS_Success; +- keyObject->user_id = user; +-exit: +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_object_set_purpose(sss_mbedtls_object_t *keyObject, sss_mode_t purpose, uint32_t options) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_EXIT((keyObject->accessRights & kAccessPermission_SSS_ChangeAttributes)); +- retval = kStatus_SSS_Success; +- keyObject->purpose = purpose; +-exit: +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_object_set_access(sss_mbedtls_object_t *keyObject, uint32_t access, uint32_t options) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_EXIT((keyObject->accessRights & kAccessPermission_SSS_ChangeAttributes)); +- retval = kStatus_SSS_Success; +- keyObject->accessRights =(sss_access_permission_t) access; +-exit: +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_object_set_eccgfp_group(sss_mbedtls_object_t *keyObject, sss_eccgfp_group_t *group) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- /* TBU */ +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_object_get_user(sss_mbedtls_object_t *keyObject, uint32_t *user) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- *user = keyObject->user_id; +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_object_get_purpose(sss_mbedtls_object_t *keyObject, sss_mode_t *purpose) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- *purpose = keyObject->purpose; +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_object_get_access(sss_mbedtls_object_t *keyObject, uint32_t *access) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- *access = keyObject->accessRights; +- return retval; +-} +- +-void sss_mbedtls_key_object_free(sss_mbedtls_object_t *keyObject) +-{ +- if (keyObject != NULL) { +-#ifdef MBEDTLS_FS_IO +- if (keyObject->keyStore != NULL && keyObject->objectType != 0) { +- unsigned int i = 0; +- for (i = 0; i < keyObject->keyStore->max_object_count; i++) { +- if (keyObject->keyStore->objects[i] == keyObject) { +- keyObject->keyStore->objects[i] = NULL; +- break; +- } +- } +- } +-#endif +- if (keyObject->contents != NULL && keyObject->contents_must_free) { +- switch (keyObject->objectType) { +- case kSSS_KeyPart_Public: +- case kSSS_KeyPart_Pair: +- case kSSS_KeyPart_Private: { +- mbedtls_pk_context *pk; +- pk = (mbedtls_pk_context *)keyObject->contents; +- mbedtls_pk_free(pk); +- SSS_FREE(pk); +- break; +- } +- default: +- SSS_FREE(keyObject->contents); +- } +- } +- memset(keyObject, 0, sizeof(*keyObject)); +- } /* if (keyObject != NULL) */ +-} +- +-/* End: mbedtls_keyobj */ +- +-/* ************************************************************************** */ +-/* Functions : sss_mbedtls_keyderive */ +-/* ************************************************************************** */ +- +-sss_status_t sss_mbedtls_derive_key_context_init(sss_mbedtls_derive_key_t *context, +- sss_mbedtls_session_t *session, +- sss_mbedtls_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SW_ECC +- ENSURE_OR_GO_CLEANUP(context); +- ENSURE_OR_GO_CLEANUP(session); +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyObject->contents); +- +- context->session = session; +- context->keyObject = keyObject; +- context->algorithm = algorithm; +- context->mode = mode; +- retval = kStatus_SSS_Success; +-cleanup: +-#endif +- return retval; +-} +- +-sss_status_t sss_mbedtls_derive_key_one_go(sss_mbedtls_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_mbedtls_object_t *derivedKeyObject, +- uint16_t deriveDataLen) +-{ +- size_t adjustedSaltLen = saltLen; +- +- if (context->mode == kMode_SSS_HKDF_ExpandOnly) { +- adjustedSaltLen = 0; +- } +- +- // The actual implementation (also used by legacy SSS API) decides +- // on the saltLen parameter to apply either HKDF_EE or HKDK_ExpandOnly (saltLen == 0) +- return sss_mbedtls_derive_key_go( +- context, saltData, adjustedSaltLen, info, infoLen, derivedKeyObject, deriveDataLen, NULL, NULL); +-} +- +-sss_status_t sss_mbedtls_derive_key_sobj_one_go(sss_mbedtls_derive_key_t *context, +- sss_mbedtls_object_t *saltKeyObject, +- const uint8_t *info, +- size_t infoLen, +- sss_mbedtls_object_t *derivedKeyObject, +- uint16_t deriveDataLen) +-{ +- uint8_t saltData[1024] = {0}; +- size_t saltLen = sizeof(saltData); +- size_t dummySize; +- sss_status_t status; +- +- // The actual implementation (also used by legacy SSS API) decides +- // on the saltLen parameter to apply either HKDF_EE or HKDK_ExpandOnly (saltLen == 0) +- if (context->mode != kMode_SSS_HKDF_ExpandOnly) { +- status = sss_mbedtls_key_store_get_key(saltKeyObject->keyStore, saltKeyObject, saltData, &saltLen, &dummySize); +- if (status != kStatus_SSS_Success) { +- return kStatus_SSS_Fail; +- } +- } +- else { +- saltLen = 0; +- } +- +- return sss_mbedtls_derive_key_go( +- context, saltData, saltLen, info, infoLen, derivedKeyObject, deriveDataLen, NULL, NULL); +-} +- +-// In HKDF Expand only mode PRK is unbounded, we set a maximum of 256 byte +-// RFC5869 Section 2.3 +-#define HKDF_PRK_MAX 256 +-sss_status_t sss_mbedtls_derive_key_go(sss_mbedtls_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_mbedtls_object_t *derivedKeyObject, +- uint16_t deriveDataLen, +- uint8_t *hkdfOutput, +- size_t *hkdfOutputLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SW_TESTCOUNTERPART +- const mbedtls_md_info_t *md = NULL; +- uint8_t *secret; +- size_t secretLen; +- secret = context->keyObject->contents; +- secretLen = context->keyObject->contents_size; +- uint8_t prk[HKDF_PRK_MAX] = { +- 0, +- }; +- size_t prk_len = 0; +- mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; +- +- switch (context->algorithm) { +- case kAlgorithm_SSS_SHA1: +- case kAlgorithm_SSS_HMAC_SHA1: +- md_alg = MBEDTLS_MD_SHA1; +- break; +- case kAlgorithm_SSS_SHA256: +- case kAlgorithm_SSS_HMAC_SHA256: +- md_alg = MBEDTLS_MD_SHA256; +- break; +- case kAlgorithm_SSS_SHA384: +- case kAlgorithm_SSS_HMAC_SHA384: +- md_alg = MBEDTLS_MD_SHA384; +- break; +- case kAlgorithm_SSS_SHA512: +- case kAlgorithm_SSS_HMAC_SHA512: +- md_alg = MBEDTLS_MD_SHA512; +- break; +- default: +- return kStatus_SSS_Fail; +- } +- +- md = mbedtls_md_info_from_type(md_alg); +- +- if (saltLen == 0) { +- /* Copy key as is */ +- if (HKDF_PRK_MAX >= secretLen) { +- memcpy(prk, secret, secretLen); +- prk_len = secretLen; +- } +- else { +- LOG_E("HKDF Expand only (mbedTLS implementation): buffer too small"); +- return kStatus_SSS_Fail; +- } +- } +- else { +- retval = sss_mbedtls_hkdf_extract(md, saltData, saltLen, secret, secretLen, prk); +- prk_len = mbedtls_md_get_size(md); +- if (retval != kStatus_SSS_Success) { +- return kStatus_SSS_Fail; +- } +- } +- +- retval = sss_mbedtls_hkdf_expand(md, prk, prk_len, info, infoLen, derivedKeyObject->contents, deriveDataLen); +- if (retval == kStatus_SSS_Success) { +- derivedKeyObject->contents_size = deriveDataLen; +- } +- +-#endif +- return retval; +-} +- +-sss_status_t sss_mbedtls_derive_key_dh(sss_mbedtls_derive_key_t *context, +- sss_mbedtls_object_t *otherPartyKeyObject, +- sss_mbedtls_object_t *derivedKeyObject) +-{ +-#if SSSFTR_SW_ECC +- sss_status_t retval = kStatus_SSS_Success; +- int ret = -1; +- mbedtls_pk_context *pKeyPrv; +- mbedtls_ecp_keypair *pEcpPrv; +- +-#if defined(MBEDTLS_ECDH_C) +- mbedtls_pk_context *pKeyExt; +- mbedtls_ecp_keypair *pEcpExt; +-#endif +- size_t keyLen = 0; +- size_t sharedSecretLen; +- size_t sharedSecretLen_Derived; +- const mbedtls_ecp_curve_info *p_curve_info = NULL; +- mbedtls_mpi rawSharedData; +- +- ENSURE_OR_GO_EXIT(otherPartyKeyObject); +- ENSURE_OR_GO_EXIT(derivedKeyObject); +- +- pKeyPrv = (mbedtls_pk_context *)context->keyObject->contents; +- pEcpPrv = mbedtls_pk_ec(*pKeyPrv); +- +-#if defined(MBEDTLS_ECDH_C) +- pKeyExt = (mbedtls_pk_context *)otherPartyKeyObject->contents; +- pEcpExt = mbedtls_pk_ec(*pKeyExt); +-#endif +- +- mbedtls_mpi_init(&rawSharedData); +- +- /* Compute the size of the shared secret */ +- if (otherPartyKeyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- if (pEcpPrv->grp.id == MBEDTLS_ECP_DP_CURVE448) { +- keyLen = 56; +- } +- else { +- keyLen = 32; +- } +- } +- else { +- p_curve_info = mbedtls_ecp_curve_info_from_grp_id(pEcpPrv->grp.id); +- if (p_curve_info != NULL) { +- keyLen = (size_t)(((p_curve_info->bit_size + 7)) / 8); +- } +- else { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +- +- sharedSecretLen = (size_t)(keyLen); +-#if defined(MBEDTLS_ECDH_C) +- ret = mbedtls_ecdh_compute_shared(&pEcpPrv->grp, +- &rawSharedData, +- &(pEcpExt->Q), +- &(pEcpPrv->d), +- mbedtls_ctr_drbg_random, +- context->session->ctr_drbg); +-#endif +- if (ret != 0) { +- LOG_E("mbedtls_ecdh_compute_shared returned -0x%04x", -ret); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- sharedSecretLen_Derived = mbedtls_mpi_size(&rawSharedData); +- if (sharedSecretLen_Derived > sharedSecretLen) { +- LOG_E("Failed: Incorrect shared key length"); +- mbedtls_mpi_free(&rawSharedData); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- derivedKeyObject->contents_size = keyLen; +- ret = mbedtls_mpi_write_binary(&rawSharedData, derivedKeyObject->contents, derivedKeyObject->contents_size); +- if (ret != 0) { +- LOG_E("Failed: unable to write shared key"); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- mbedtls_mpi_free(&rawSharedData); +-#ifdef MBEDTLS_DO_LITTLE_ENDIAN +- if (otherPartyKeyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- // Change Endianness Shared Secret in case of Montgomery Curve +- uint8_t *pVal = (uint8_t *)derivedKeyObject->contents; +- for (size_t keyValueIdx = 0; keyValueIdx < (derivedKeyObject->contents_size >> 1); keyValueIdx++) { +- uint8_t swapByte = pVal[keyValueIdx]; +- pVal[keyValueIdx] = pVal[derivedKeyObject->contents_size - 1 - keyValueIdx]; +- pVal[derivedKeyObject->contents_size - 1 - keyValueIdx] = swapByte; +- } +- } +-#endif +-exit: +- return retval; +-#else +- return kStatus_SSS_Fail; +-#endif +-} +- +-void sss_mbedtls_derive_key_context_free(sss_mbedtls_derive_key_t *context) +-{ +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: mbedtls_keyderive */ +- +-/* ************************************************************************** */ +-/* Functions : sss_mbedtls_keystore */ +-/* ************************************************************************** */ +- +-sss_status_t sss_mbedtls_key_store_context_init(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_session_t *session) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyStore); +- ENSURE_OR_GO_CLEANUP(session); +- +- memset(keyStore, 0, sizeof(*keyStore)); +- keyStore->session = session; +- retval = kStatus_SSS_Success; +-cleanup: +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_store_allocate(sss_mbedtls_key_store_t *keyStore, uint32_t keyStoreId) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyStore); +- ENSURE_OR_GO_CLEANUP(keyStore->session); +- +-#if defined(MBEDTLS_FS_IO) && !AX_EMBEDDED && !__MBED__ +- /* This function is called once per session so keystore +- object and shadow objects Should be equal to Null */ +- ENSURE_OR_GO_CLEANUP(keyStore->objects == NULL); +- ENSURE_OR_GO_CLEANUP(keyStore->keystore_shadow == NULL); +- +- keyStore->max_object_count = MAX_KEY_OBJ_COUNT; +- keyStore->objects = (sss_mbedtls_object_t **)SSS_MALLOC(MAX_KEY_OBJ_COUNT * sizeof(sss_mbedtls_object_t *)); +- ENSURE_OR_GO_CLEANUP(keyStore->objects != NULL); +- memset(keyStore->objects, 0, (MAX_KEY_OBJ_COUNT * sizeof(sss_mbedtls_object_t *))); +- ks_sw_fat_allocate(&keyStore->keystore_shadow); +- if (keyStore->session->szRootPath != NULL) { +- ks_sw_fat_load(keyStore->session->szRootPath, keyStore->keystore_shadow); +- } +- retval = kStatus_SSS_Success; +- +-#else +- retval = kStatus_SSS_Success; +-#endif +-cleanup: +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_store_save(sss_mbedtls_key_store_t *keyStore) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyStore); +- ENSURE_OR_GO_CLEANUP(keyStore->session); +- +-#if defined(MBEDTLS_FS_IO) && !AX_EMBEDDED && !__MBED__ +- ENSURE_OR_GO_CLEANUP(keyStore->session->szRootPath) +- ENSURE_OR_GO_CLEANUP(keyStore->objects) +- uint32_t i; +- for (i = 0; i < keyStore->max_object_count; i++) { +- if (NULL != keyStore->objects[i]) { +- ks_mbedtls_store_key(keyStore->objects[i]); +- } +- } +- retval = ks_mbedtls_fat_update(keyStore); +-#endif +-cleanup: +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_store_load(sss_mbedtls_key_store_t *keyStore) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyStore); +- ENSURE_OR_GO_CLEANUP(keyStore->session); +-#if defined(MBEDTLS_FS_IO) && !AX_EMBEDDED && !__MBED__ +- if (keyStore->objects == NULL) { +- sss_mbedtls_key_store_allocate(keyStore, 0); +- } +- if (keyStore->session->szRootPath) { +- if (NULL == keyStore->keystore_shadow) { +- ks_sw_fat_allocate(&keyStore->keystore_shadow); +- } +- retval = ks_sw_fat_load(keyStore->session->szRootPath, keyStore->keystore_shadow); +- keyStore->max_object_count = keyStore->keystore_shadow->maxEntries; +- } +-#endif +-cleanup: +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_store_set_key(sss_mbedtls_key_store_t *keyStore, +- sss_mbedtls_object_t *keyObject, +- const uint8_t *data, +- size_t dataLen, +- size_t keyBitLen, +- void *options, +- size_t optionsLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- //mbedtls_pk_context *pk = NULL; +- //size_t keyByteLen = keyBitLen / 8; +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyObject->contents); +- +- ENSURE_OR_GO_CLEANUP((keyObject->accessRights & kAccessPermission_SSS_Write)); +- //pk = (mbedtls_pk_context *)keyObject->contents; +- retval = sss_mbedtls_set_key(keyObject, data, dataLen, keyBitLen); +-cleanup: +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_store_generate_key( +- sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject, size_t keyBitLen, void *options) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART && (SSSFTR_SW_ECC || SSSFTR_SW_RSA) +- sss_mbedtls_session_t *pS = NULL; +- mbedtls_pk_context *pkey; +- sss_key_part_t key_part = kSSS_KeyPart_NONE; +- sss_cipher_type_t cipher_type = kSSS_CipherType_NONE; +- ENSURE_OR_GO_CLEANUP(keyStore); +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyObject->contents); /* Must be allocated in allocate handle */ +- +- pS = keyStore->session; +- key_part = keyObject->objectType; +- cipher_type = keyObject->cipherType; +- +- pkey = (mbedtls_pk_context *)keyObject->contents; +- if (key_part != kSSS_KeyPart_Pair) { +- retval = kStatus_SSS_Success; +- goto cleanup; +- } +- +- mbedtls_pk_init(pkey); +- switch (cipher_type) { +-#if SSSFTR_SW_ECC +- case kSSS_CipherType_EC_NIST_P: +- case kSSS_CipherType_EC_NIST_K: +- case kSSS_CipherType_EC_BRAINPOOL: +- case kSSS_CipherType_EC_MONTGOMERY: +- retval = sss_mbedtls_generate_ecp_key(pkey, pS, keyBitLen, cipher_type); +- break; +-#endif +-#if SSSFTR_SW_RSA +- case kSSS_CipherType_RSA: +- retval = sss_mbedtls_generate_rsa_key(pkey, pS, keyBitLen); +- break; +-#endif +- default: +- break; +- } +-cleanup: +-#endif +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_store_get_key(sss_mbedtls_key_store_t *keyStore, +- sss_mbedtls_object_t *keyObject, +- uint8_t *data, +- size_t *dataLen, +- size_t *pKeyBitLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SW_RSA || SSSFTR_SW_ECC +- mbedtls_pk_context *pk = NULL; +- int ret = -1; +- uint8_t output[1600] = {0}; +- unsigned char *c = output; +-#endif +- +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP((keyObject->accessRights & kAccessPermission_SSS_Read)); +- ENSURE_OR_GO_CLEANUP(data); +- ENSURE_OR_GO_CLEANUP(dataLen); +- +- switch (keyObject->objectType) { +- case kSSS_KeyPart_Default: +- ENSURE_OR_GO_CLEANUP(*dataLen >= keyObject->contents_size); +- memcpy(data, keyObject->contents, keyObject->contents_size); +- *dataLen = keyObject->contents_size; +- if (pKeyBitLen != NULL) { +- *pKeyBitLen = keyObject->contents_size * 8; +- } +- retval = kStatus_SSS_Success; +- break; +-#if SSSFTR_SW_RSA || SSSFTR_SW_ECC +- case kSSS_KeyPart_Public: +- case kSSS_KeyPart_Pair: +- pk = (mbedtls_pk_context *)keyObject->contents; +- if (keyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- mbedtls_ecp_keypair *pEcpPub = mbedtls_pk_ec(*pk); +- size_t pubKey_size = 0; +- size_t header_size = 0; +- +- if (pEcpPub->grp.id == MBEDTLS_ECP_DP_CURVE25519) { +- pubKey_size = 32; +- if (pKeyBitLen != NULL) { +- *pKeyBitLen = 256; +- } +- header_size = der_ecc_mont_dh_25519_header_len; +- ENSURE_OR_GO_CLEANUP(*dataLen >= (pubKey_size + header_size)); +- memcpy(data, gecc_der_header_mont_dh_25519, header_size); +- } +- else if (pEcpPub->grp.id == MBEDTLS_ECP_DP_CURVE448) { +- pubKey_size = 56; +- if (pKeyBitLen != NULL) { +- *pKeyBitLen = 448; +- } +- header_size = der_ecc_mont_dh_448_header_len; +- ENSURE_OR_GO_CLEANUP(*dataLen >= (pubKey_size + header_size)); +- memcpy(data, gecc_der_header_mont_dh_448, header_size); +- } +- else { +- LOG_E( +- "Only mont_dh_25519 (bit length 256) and mont_dh_448 (bit " +- "length 448)"); +- goto cleanup; +- } +- ret = mbedtls_mpi_write_binary(&pEcpPub->Q.X, output, pubKey_size); +- ENSURE_OR_GO_CLEANUP(0 == ret); +- *dataLen = pubKey_size + header_size; +-#ifdef MBEDTLS_DO_LITTLE_ENDIAN +- /* Reverse the public key */ +- { +- size_t i = 0; +- while (i < pubKey_size) { +- data[i + header_size] = output[pubKey_size - i - 1]; +- i++; +- } +- } +-#else +- memcpy(data, output, pubKey_size); +-#endif +- retval = kStatus_SSS_Success; +- } +- else { +- ret = mbedtls_pk_write_pubkey_der(pk, output, sizeof(output)); +- if (ret > 0) { +- if ((*dataLen) >= (size_t)ret) { +- if (pKeyBitLen != NULL) { +- *pKeyBitLen = mbedtls_pk_get_bitlen(pk); +- } +- *dataLen = ret; +- /* Data is put at end, so copy it to front of output buffer */ +- c = output + sizeof(output) - ret; +- memcpy(data, c, ret); +- retval = kStatus_SSS_Success; +- } +- } +- } +- break; +-#endif // SSSFTR_SW_RSA || SSSFTR_SW_ECC +- default: +- break; +- } +-cleanup: +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_store_open_key(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_store_freeze_key(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- return retval; +-} +- +-sss_status_t sss_mbedtls_key_store_erase_key(sss_mbedtls_key_store_t *keyStore, sss_mbedtls_object_t *keyObject) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- ENSURE_OR_GO_EXIT(keyStore); +- ENSURE_OR_GO_EXIT(keyObject); +- ENSURE_OR_GO_EXIT(keyObject->keyStore); +- +- ENSURE_OR_GO_EXIT((keyObject->accessRights & kAccessPermission_SSS_Delete)); +- +- if (keyObject->keyMode == kKeyObject_Mode_Persistent) { +-#if defined(MBEDTLS_FS_IO) && !AX_EMBEDDED && !__MBED__ +- unsigned int i = 0; +- /* first check if key exists delete key from shadow KS*/ +- retval = ks_common_remove_fat(keyObject->keyStore->keystore_shadow, keyObject->keyId); +- ENSURE_OR_GO_CLEANUP(retval == kStatus_SSS_Success); +- +- /* Update shadow keystore in file system*/ +- retval = ks_mbedtls_fat_update(keyObject->keyStore); +- ENSURE_OR_GO_CLEANUP(retval == kStatus_SSS_Success); +- +- /*Clear key object from file*/ +- retval = ks_mbedtls_remove_key(keyObject); +- +- for (i = 0; i < keyObject->keyStore->max_object_count; i++) { +- if (keyObject->keyStore->objects[i] == keyObject) { +- keyObject->keyStore->objects[i] = NULL; +- break; +- } +- } +-#endif +- } +- else { +- retval = kStatus_SSS_Success; +- } +- +-#if defined(MBEDTLS_FS_IO) && !AX_EMBEDDED && !__MBED__ +-cleanup: +-#endif +-exit: +-#endif +- return retval; +-} +- +-void sss_mbedtls_key_store_context_free(sss_mbedtls_key_store_t *keyStore) +-{ +-#if defined(MBEDTLS_FS_IO) && !AX_EMBEDDED && !__MBED__ +- if (NULL != keyStore->objects) { +- uint32_t i; +- for (i = 0; i < keyStore->max_object_count; i++) { +- if (keyStore->objects[i] != NULL) { +- //sss_mbedtls_key_object_free(keyStore->objects[i]); +- keyStore->objects[i] = NULL; +- } +- } +- SSS_FREE(keyStore->objects); +- keyStore->objects = NULL; +- } +- if (NULL != keyStore->keystore_shadow) { +- ks_sw_fat_free(keyStore->keystore_shadow); +- } +-#endif +- memset(keyStore, 0, sizeof(*keyStore)); +-} +- +-/* End: mbedtls_keystore */ +- +-/* ************************************************************************** */ +-/* Functions : sss_mbedtls_asym */ +-/* ************************************************************************** */ +- +-sss_status_t sss_mbedtls_asymmetric_context_init(sss_mbedtls_asymmetric_t *context, +- sss_mbedtls_session_t *session, +- sss_mbedtls_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SW_ECC || SSSFTR_SW_RSA +- ENSURE_OR_GO_CLEANUP(context); +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyObject->keyStore->session->subsystem == kType_SSS_mbedTLS); +- +- context->session = session; +- context->keyObject = keyObject; +- context->algorithm = algorithm; +- context->mode = mode; +- retval = kStatus_SSS_Success; +-cleanup: +-#endif +- return retval; +-} +- +-sss_status_t sss_mbedtls_asymmetric_encrypt( +- sss_mbedtls_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SW_ECC || SSSFTR_SW_RSA +- int ret; +- sss_mbedtls_object_t *keyObj = context->keyObject; +- sss_mbedtls_session_t *pS = context->session; +- mbedtls_pk_context *pKey; +- pKey = (mbedtls_pk_context *)keyObj->contents; +- sss_algorithm_t algo = context->algorithm; +- ENSURE_OR_GO_EXIT((context->keyObject->accessRights & kAccessPermission_SSS_Use)); +- retval = kStatus_SSS_Success; +- +- switch (algo) { +- case kAlgorithm_SSS_RSAES_PKCS1_V1_5: +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V15, 0); +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1: +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA1); +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224: +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA224); +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256: +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256); +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384: +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA384); +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512: +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA512); +- break; +- default: +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- ret = mbedtls_pk_encrypt(pKey, srcData, srcLen, destData, destLen, *destLen, mbedtls_ctr_drbg_random, pS->ctr_drbg); +- retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_EXIT(ret == 0); +- retval = kStatus_SSS_Success; +- +- *destLen = (mbedtls_pk_rsa(*pKey))->len; +-exit: +-#endif +- return retval; +-} +- +-sss_status_t sss_mbedtls_asymmetric_decrypt( +- sss_mbedtls_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SW_ECC || SSSFTR_SW_RSA +- int ret; +- sss_mbedtls_object_t *keyObj = context->keyObject; +- sss_mbedtls_session_t *pS = context->session; +- mbedtls_pk_context *pKey; +- sss_algorithm_t algo = context->algorithm; +- retval = kStatus_SSS_Success; +- ENSURE_OR_GO_EXIT((context->keyObject->accessRights & kAccessPermission_SSS_Use)); +- +- pKey = (mbedtls_pk_context *)keyObj->contents; +- +- switch (algo) { +- case kAlgorithm_SSS_RSAES_PKCS1_V1_5: +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V15, 0); +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1: +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA1); +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224: +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA224); +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256: +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256); +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384: +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA384); +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512: +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA512); +- break; +- default: +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- ret = mbedtls_pk_decrypt(pKey, srcData, srcLen, destData, destLen, *destLen, mbedtls_ctr_drbg_random, pS->ctr_drbg); +- +- retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_EXIT(ret == 0); +- retval = kStatus_SSS_Success; +- +-exit: +-#endif +- return retval; +-} +- +-#if SSSFTR_SW_ECC || SSSFTR_SW_RSA +-static mbedtls_md_type_t sss_mbedtls_set_padding_get_hash(sss_algorithm_t algorithm, mbedtls_pk_context *pKey) +-{ +- mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; +- switch (algorithm) { +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1: +- case kAlgorithm_SSS_SHA1: { +- md_alg = MBEDTLS_MD_SHA1; +- } break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224: +- case kAlgorithm_SSS_SHA224: { +- md_alg = MBEDTLS_MD_SHA224; +- } break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256: +- case kAlgorithm_SSS_SHA256: { +- md_alg = MBEDTLS_MD_SHA256; +- } break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384: +- case kAlgorithm_SSS_SHA384: { +- md_alg = MBEDTLS_MD_SHA384; +- } break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512: +- case kAlgorithm_SSS_SHA512: { +- md_alg = MBEDTLS_MD_SHA512; +- } break; +- default: +- md_alg = MBEDTLS_MD_NONE; +- break; +- } +- +- if (algorithm >= kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1 && +- algorithm <= kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512) { +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V21, md_alg); +- } +- else if ((algorithm >= kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1 && +- algorithm <= kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512) || +- algorithm == kAlgorithm_SSS_RSASSA_PKCS1_V1_5_NO_HASH) { +- mbedtls_rsa_set_padding(mbedtls_pk_rsa(*pKey), MBEDTLS_RSA_PKCS_V15, md_alg); +- } +- +- return md_alg; +-} +-#endif +- +-sss_status_t sss_mbedtls_asymmetric_sign_digest( +- sss_mbedtls_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SW_ECC || SSSFTR_SW_RSA +- int ret = 1; +- mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; +- sss_mbedtls_session_t *pS; +- mbedtls_pk_context *pKey; +- +- ENSURE_OR_GO_EXIT((context->keyObject->accessRights & kAccessPermission_SSS_Use)); +- +- pS = context->session; +- pKey = (mbedtls_pk_context *)context->keyObject->contents; +- +- md_alg = sss_mbedtls_set_padding_get_hash(context->algorithm, pKey); +- +- ret = mbedtls_pk_sign( +- pKey, md_alg, digest, digestLen, signature, signatureLen, mbedtls_ctr_drbg_random, pS->ctr_drbg); +- +- ENSURE_OR_GO_EXIT(ret == 0); +- +- retval = kStatus_SSS_Success; +-exit: +-#endif +- return retval; +-} +- +-sss_status_t sss_mbedtls_asymmetric_verify_digest( +- sss_mbedtls_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SW_ECC || SSSFTR_SW_RSA +- int ret = 1; +- mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; +- mbedtls_pk_context *pKey; +- +- ENSURE_OR_GO_EXIT((context->keyObject->accessRights & kAccessPermission_SSS_Use)); +- +- pKey = (mbedtls_pk_context *)context->keyObject->contents; +- +- md_alg = sss_mbedtls_set_padding_get_hash(context->algorithm, pKey); +- +- ret = mbedtls_pk_verify(pKey, md_alg, digest, digestLen, signature, signatureLen); +- +- ENSURE_OR_GO_EXIT(ret == 0); +- +- retval = kStatus_SSS_Success; +-exit: +-#endif +- return retval; +-} +- +-void sss_mbedtls_asymmetric_context_free(sss_mbedtls_asymmetric_t *context) +-{ +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: mbedtls_asym */ +- +-/* ************************************************************************** */ +-/* Functions : sss_mbedtls_symm */ +-/* ************************************************************************** */ +- +-sss_status_t sss_mbedtls_symmetric_context_init(sss_mbedtls_symmetric_t *context, +- sss_mbedtls_session_t *session, +- sss_mbedtls_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- +- context->session = session; +- context->keyObject = keyObject; +- context->algorithm = algorithm; +- context->mode = mode; +- +- return retval; +-} +- +-sss_status_t sss_mbedtls_cipher_one_go(sss_mbedtls_symmetric_t *context, +- uint8_t *iv, +- size_t ivLen, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t dataLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- mbedtls_aes_context aes_ctx; +-#if defined(MBEDTLS_DES_C) +- mbedtls_des_context des_ctx; +-#endif +- int mbedtls_ret = 1; /* Fail by default */ +- +- switch (context->algorithm) { +-#if SSS_HAVE_TESTCOUNTERPART +- case kAlgorithm_SSS_AES_ECB: +-#endif //SSS_HAVE_TESTCOUNTERPART +- case kAlgorithm_SSS_AES_CBC: +- mbedtls_aes_init(&aes_ctx); +- if (context->mode == kMode_SSS_Encrypt) { +- mbedtls_ret = mbedtls_aes_setkey_enc( +- &aes_ctx, context->keyObject->contents, (unsigned int)(context->keyObject->contents_size * 8)); +- } +- else if (context->mode == kMode_SSS_Decrypt) { +- mbedtls_ret = mbedtls_aes_setkey_dec( +- &aes_ctx, context->keyObject->contents, (unsigned int)(context->keyObject->contents_size * 8)); +- } +- break; +-#if SSS_HAVE_TESTCOUNTERPART +- case kAlgorithm_SSS_AES_CTR: { +- mbedtls_aes_init(&aes_ctx); +- mbedtls_ret = mbedtls_aes_setkey_enc( +- &aes_ctx, context->keyObject->contents, (unsigned int)(context->keyObject->contents_size * 8)); +- } break; +-#if defined(MBEDTLS_DES_C) +- case kAlgorithm_SSS_DES_CBC: +- case kAlgorithm_SSS_DES_ECB: +- case kAlgorithm_SSS_DES3_CBC: +- case kAlgorithm_SSS_DES3_ECB: +- mbedtls_des_init(&des_ctx); +- if (context->mode == kMode_SSS_Encrypt) { +- mbedtls_ret = mbedtls_des_setkey_enc(&des_ctx, context->keyObject->contents); +- } +- else if (context->mode == kMode_SSS_Decrypt) { +- mbedtls_ret = mbedtls_des_setkey_dec(&des_ctx, context->keyObject->contents); +- } +- break; +-#endif +-#endif //SSS_HAVE_TESTCOUNTERPART +- default: +- goto exit; +- } +- +- ENSURE_OR_GO_EXIT(mbedtls_ret == 0); +- +- if (context->mode == kMode_SSS_Encrypt) { +- switch (context->algorithm) { +-#if SSS_HAVE_TESTCOUNTERPART +- case kAlgorithm_SSS_AES_ECB: +- mbedtls_ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, srcData, destData); +- break; +-#endif //SSS_HAVE_TESTCOUNTERPART +- case kAlgorithm_SSS_AES_CBC: +- mbedtls_ret = mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_ENCRYPT, dataLen, iv, srcData, destData); +- break; +- case kAlgorithm_SSS_AES_CTR: { +- uint8_t stream_block[16] = { +- 0, +- }; +- size_t size_left = 0; +- mbedtls_ret = mbedtls_aes_crypt_ctr(&aes_ctx, dataLen, &size_left, iv, stream_block, srcData, destData); +- } break; +-#if defined(MBEDTLS_DES_C) +- case kAlgorithm_SSS_DES_ECB: +- mbedtls_ret = mbedtls_des_crypt_ecb(&des_ctx, srcData, destData); +- break; +- case kAlgorithm_SSS_DES_CBC: +- mbedtls_ret = mbedtls_des_crypt_cbc(&des_ctx, MBEDTLS_DES_ENCRYPT, dataLen, iv, srcData, destData); +- break; +-#endif +- default: +- break; +- } +- } +- else if (context->mode == kMode_SSS_Decrypt) { +- switch (context->algorithm) { +- case kAlgorithm_SSS_AES_CBC: +- mbedtls_ret = mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_DECRYPT, dataLen, iv, srcData, destData); +- break; +-#if SSS_HAVE_TESTCOUNTERPART +- case kAlgorithm_SSS_AES_ECB: +- mbedtls_ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_DECRYPT, srcData, destData); +- break; +- case kAlgorithm_SSS_AES_CTR: { +- uint8_t stream_block[16] = { +- 0, +- }; +- size_t size_left = 0; +- mbedtls_ret = mbedtls_aes_crypt_ctr(&aes_ctx, dataLen, &size_left, iv, stream_block, srcData, destData); +- } break; +-#endif //SSS_HAVE_TESTCOUNTERPART +-#if defined(MBEDTLS_DES_C) +- case kAlgorithm_SSS_DES_ECB: +- mbedtls_ret = mbedtls_des_crypt_ecb(&des_ctx, srcData, destData); +- break; +- case kAlgorithm_SSS_DES_CBC: +- mbedtls_ret = mbedtls_des_crypt_cbc(&des_ctx, MBEDTLS_DES_DECRYPT, dataLen, iv, srcData, destData); +- break; +-#endif +- default: +- break; +- } +- } +- else { +- goto exit; +- } +- +- ENSURE_OR_GO_EXIT(mbedtls_ret == 0); +- +- switch (context->algorithm) { +-#if SSS_HAVE_TESTCOUNTERPART +- case kAlgorithm_SSS_AES_ECB: +- case kAlgorithm_SSS_AES_CTR: +-#endif //SSS_HAVE_TESTCOUNTERPART +- case kAlgorithm_SSS_AES_CBC: +- mbedtls_aes_free(&aes_ctx); +- break; +-#if SSS_HAVE_TESTCOUNTERPART && defined(MBEDTLS_DES_C) +- case kAlgorithm_SSS_DES_CBC: +- case kAlgorithm_SSS_DES_ECB: +- case kAlgorithm_SSS_DES3_CBC: +- case kAlgorithm_SSS_DES3_ECB: +- mbedtls_des_free(&des_ctx); +- break; +-#endif //SSS_HAVE_TESTCOUNTERPART +- default: +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_mbedtls_cipher_init(sss_mbedtls_symmetric_t *context, uint8_t *iv, size_t ivLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- const mbedtls_cipher_info_t *cipher_info = NULL; +- context->cipher_ctx = (mbedtls_cipher_context_t *)SSS_MALLOC(sizeof(mbedtls_cipher_context_t)); +- ENSURE_OR_GO_EXIT(context->cipher_ctx != NULL); +- retval = kStatus_SSS_Success; +- +- if (context->algorithm == kAlgorithm_SSS_AES_ECB) { +- mbedtls_cipher_type_t cipher_type = MBEDTLS_CIPHER_NONE; +- +- switch (context->keyObject->keyBitLen) { +- case 128: +- cipher_type = MBEDTLS_CIPHER_AES_128_ECB; +- break; +- case 192: +- cipher_type = MBEDTLS_CIPHER_AES_192_ECB; +- break; +- case 256: +- cipher_type = MBEDTLS_CIPHER_AES_256_ECB; +- break; +- } +- +- if (cipher_type != MBEDTLS_CIPHER_NONE) { +- cipher_info = mbedtls_cipher_info_from_type(cipher_type); +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_AES_CBC) { +- mbedtls_cipher_type_t cipher_type = MBEDTLS_CIPHER_NONE; +- +- switch (context->keyObject->keyBitLen) { +- case 128: +- cipher_type = MBEDTLS_CIPHER_AES_128_CBC; +- break; +- case 192: +- cipher_type = MBEDTLS_CIPHER_AES_192_CBC; +- break; +- case 256: +- cipher_type = MBEDTLS_CIPHER_AES_256_CBC; +- break; +- } +- +- if (cipher_type != MBEDTLS_CIPHER_NONE) { +- cipher_info = mbedtls_cipher_info_from_type(cipher_type); +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_AES_CTR) { +- mbedtls_cipher_type_t cipher_type = MBEDTLS_CIPHER_NONE; +- +- switch (context->keyObject->keyBitLen) { +- case 128: +- cipher_type = MBEDTLS_CIPHER_AES_128_CTR; +- break; +- case 192: +- cipher_type = MBEDTLS_CIPHER_AES_192_CTR; +- break; +- case 256: +- cipher_type = MBEDTLS_CIPHER_AES_256_CTR; +- break; +- } +- +- if (cipher_type != MBEDTLS_CIPHER_NONE) { +- cipher_info = mbedtls_cipher_info_from_type(cipher_type); +- } +- } +- else { +- retval = kStatus_SSS_InvalidArgument; +- goto exit; +- } +- +- mbedtls_cipher_init(context->cipher_ctx); +- +- if (0 == mbedtls_cipher_setup(context->cipher_ctx, cipher_info)) { +- if (context->mode == kMode_SSS_Encrypt) { +- if (mbedtls_cipher_setkey(context->cipher_ctx, +- context->keyObject->contents, +- (unsigned int)(context->keyObject->contents_size * 8), +- MBEDTLS_ENCRYPT) != 0) { +- retval = kStatus_SSS_InvalidArgument; +- } +- } +- else if (context->mode == kMode_SSS_Decrypt) { +- if (mbedtls_cipher_setkey(context->cipher_ctx, +- context->keyObject->contents, +- (unsigned int)(context->keyObject->contents_size * 8), +- MBEDTLS_DECRYPT) != 0) { +- retval = kStatus_SSS_InvalidArgument; +- } +- } +- else { +- retval = kStatus_SSS_InvalidArgument; +- } +- if (retval == kStatus_SSS_Success) { +- mbedtls_cipher_set_iv(context->cipher_ctx, iv, ivLen); +- mbedtls_cipher_reset(context->cipher_ctx); +- } +- } +- +-exit: +-#endif +- return retval; +-} +- +-sss_status_t sss_mbedtls_cipher_update( +- sss_mbedtls_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- uint8_t inputData[CIPHER_BLOCK_SIZE] = { +- 0, +- }; +- size_t inputData_len = 0; +- size_t src_offset = 0; +- size_t output_offset = 0; +- size_t outBuffSize = *destLen; +- size_t blockoutLen = 0; +- int retMbedtlsVal; +- +- if ((context->cache_data_len + srcLen) < CIPHER_BLOCK_SIZE) { +- /* Insufficinet data to process . Cache the data */ +- memcpy((context->cache_data + context->cache_data_len), srcData, srcLen); +- context->cache_data_len = context->cache_data_len + srcLen; +- *destLen = 0; +- return kStatus_SSS_Success; +- } +- else { +- /* Concatenate the unprocessed and current input data*/ +- memcpy(inputData, context->cache_data, context->cache_data_len); +- inputData_len = context->cache_data_len; +- memcpy((inputData + inputData_len), srcData, (CIPHER_BLOCK_SIZE - context->cache_data_len)); +- inputData_len += (CIPHER_BLOCK_SIZE - context->cache_data_len); +- src_offset += (CIPHER_BLOCK_SIZE - context->cache_data_len); +- context->cache_data_len = 0; +- +- blockoutLen = outBuffSize; +- ENSURE_OR_GO_EXIT(blockoutLen >= inputData_len); +- retMbedtlsVal = mbedtls_cipher_update( +- context->cipher_ctx, inputData, inputData_len, (destData + output_offset), &blockoutLen); +- ENSURE_OR_GO_EXIT(retMbedtlsVal == 0); +- +- outBuffSize -= blockoutLen; +- output_offset += blockoutLen; +- +- while (srcLen - src_offset >= CIPHER_BLOCK_SIZE) { +- memcpy(inputData, (srcData + src_offset), CIPHER_BLOCK_SIZE); +- src_offset += CIPHER_BLOCK_SIZE; +- +- blockoutLen = outBuffSize; +- inputData_len = CIPHER_BLOCK_SIZE; +- ENSURE_OR_GO_EXIT(blockoutLen >= inputData_len); +- retMbedtlsVal = mbedtls_cipher_update( +- context->cipher_ctx, inputData, inputData_len, (destData + output_offset), &blockoutLen); +- ENSURE_OR_GO_EXIT(retMbedtlsVal == 0); +- +- outBuffSize -= blockoutLen; +- output_offset += blockoutLen; +- } +- +- *destLen = output_offset; +- +- /* Copy unprocessed data to cache */ +- if ((srcLen - src_offset) > 0) { +- memcpy(context->cache_data, (srcData + src_offset), (srcLen - src_offset)); +- context->cache_data_len = (srcLen - src_offset); +- } +- } +- +- retval = kStatus_SSS_Success; +-exit: +- if (retval == kStatus_SSS_Fail) { +- *destLen = 0; +- } +-#endif +- return retval; +-} +- +-sss_status_t sss_mbedtls_cipher_finish( +- sss_mbedtls_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- uint8_t srcdata_updated[2 * CIPHER_BLOCK_SIZE] = { +- 0, +- }; +- size_t srcdata_updated_len = 0; +- size_t outBuffSize = *destLen; +- size_t blockoutLen = 0; +- int retMbedtlsVal; +- uint8_t temp[16] = { +- 0, +- }; +- size_t temp_len = sizeof(temp); +- +- if (srcLen > CIPHER_BLOCK_SIZE) { +- LOG_E("srcLen cannot be grater than 16 bytes. Call update function "); +- *destLen = 0; +- goto exit; +- } +- +- if (context->cache_data_len != 0) { +- memcpy(srcdata_updated, context->cache_data, context->cache_data_len); +- srcdata_updated_len = context->cache_data_len; +- context->cache_data_len = 0; +- } +- if (srcLen != 0) { +- memcpy((srcdata_updated + srcdata_updated_len), srcData, srcLen); +- srcdata_updated_len += srcLen; +- } +- +- srcdata_updated_len = srcdata_updated_len + (CIPHER_BLOCK_SIZE - (srcdata_updated_len % 16)); +- +- if (*destLen < srcdata_updated_len) { +- LOG_E("Output buffer not sufficient"); +- goto exit; +- } +- +- if (srcdata_updated_len > 0) { +- blockoutLen = outBuffSize; +- ENSURE_OR_GO_EXIT(blockoutLen >= CIPHER_BLOCK_SIZE); +- retMbedtlsVal = +- mbedtls_cipher_update(context->cipher_ctx, srcdata_updated, CIPHER_BLOCK_SIZE, destData, &blockoutLen); +- ENSURE_OR_GO_EXIT(retMbedtlsVal == 0); +- *destLen = blockoutLen; +- outBuffSize -= blockoutLen; +- } +- +- if (srcdata_updated_len > CIPHER_BLOCK_SIZE) { +- blockoutLen = outBuffSize; +- ENSURE_OR_GO_EXIT(blockoutLen >= CIPHER_BLOCK_SIZE); +- retMbedtlsVal = mbedtls_cipher_update(context->cipher_ctx, +- srcdata_updated + CIPHER_BLOCK_SIZE, +- CIPHER_BLOCK_SIZE, +- destData + CIPHER_BLOCK_SIZE, +- &blockoutLen); +- ENSURE_OR_GO_EXIT(retMbedtlsVal == 0); +- *destLen += blockoutLen; +- } +- +- mbedtls_cipher_finish(context->cipher_ctx, temp, &temp_len); +- mbedtls_cipher_free(context->cipher_ctx); +- memset(context->cipher_ctx, 0, sizeof(*(context->cipher_ctx))); +- SSS_FREE(context->cipher_ctx); +- +- retval = kStatus_SSS_Success; +-exit: +-#endif +- return retval; +-} +- +-sss_status_t sss_mbedtls_cipher_crypt_ctr(sss_mbedtls_symmetric_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *initialCounter, +- uint8_t *lastEncryptedCounter, +- size_t *szLeft) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- mbedtls_aes_context ctx; +- int mbedtls_ret; +- +- mbedtls_aes_init(&ctx); +- +- switch (context->mode) { +- case kMode_SSS_Encrypt: +- case kMode_SSS_Decrypt: +- ENSURE_OR_GO_EXIT(context->algorithm == kAlgorithm_SSS_AES_CTR); +- +- mbedtls_ret = mbedtls_aes_setkey_enc( +- &ctx, context->keyObject->contents, (unsigned int)(context->keyObject->contents_size * 8)); +- ENSURE_OR_GO_EXIT(mbedtls_ret == 0); +- +- mbedtls_ret = +- mbedtls_aes_crypt_ctr(&ctx, size, szLeft, initialCounter, lastEncryptedCounter, srcData, destData); +- ENSURE_OR_GO_EXIT(mbedtls_ret == 0); +- break; +- default: +- //retval = MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; +- goto exit; +- } +- +- mbedtls_aes_free(&ctx); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-void sss_mbedtls_symmetric_context_free(sss_mbedtls_symmetric_t *context) +-{ +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: mbedtls_symm */ +- +-/* ************************************************************************** */ +-/* Functions : sss_mbedtls_aead */ +-/* ************************************************************************** */ +- +-sss_status_t sss_mbedtls_aead_context_init(sss_mbedtls_aead_t *context, +- sss_mbedtls_session_t *session, +- sss_mbedtls_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(context); +- ENSURE_OR_GO_CLEANUP(session); +- ENSURE_OR_GO_CLEANUP(keyObject); +- +- context->session = session; +- context->keyObject = keyObject; +- context->algorithm = algorithm; +- context->mode = mode; +- +- if (algorithm == kAlgorithm_SSS_AES_GCM) { +- context->gcm_ctx = (mbedtls_gcm_context *)SSS_MALLOC(sizeof(mbedtls_gcm_context)); +- ENSURE_OR_GO_CLEANUP(context->gcm_ctx); +- } +- else if (algorithm == kAlgorithm_SSS_AES_CCM) { +- context->ccm_ctx = (mbedtls_ccm_context *)SSS_MALLOC(sizeof(mbedtls_ccm_context)); +- ENSURE_OR_GO_CLEANUP(context->ccm_ctx); +- } +- else { +- LOG_E("Improper Algorithm passed!"); +- goto cleanup; +- } +- context->pCcm_aad = NULL; +- context->pCcm_data = NULL; +- context->pNonce = NULL; +- retval = kStatus_SSS_Success; +-cleanup: +- return retval; +-} +- +-sss_status_t sss_mbedtls_aead_one_go(sss_mbedtls_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- int ret = 1; +- size_t stagLength = *tagLen; +- if (context->algorithm == kAlgorithm_SSS_AES_GCM) { +- /* Initialize gcm context */ +- mbedtls_gcm_init(context->gcm_ctx); +- +- /* Set key to the context */ +- ret = mbedtls_gcm_setkey(context->gcm_ctx, +- MBEDTLS_CIPHER_ID_AES, +- context->keyObject->contents, +- (unsigned int)(context->keyObject->contents_size * 8)); +- ENSURE_OR_GO_CLEANUP(ret == 0); +- +- /* Check the mode and perform requested operation */ +- if (context->mode == kMode_SSS_Encrypt) { +- ret = mbedtls_gcm_crypt_and_tag(context->gcm_ctx, +- MBEDTLS_GCM_ENCRYPT, +- size, +- nonce, +- nonceLen, +- aad, +- aadLen, +- srcData, +- destData, +- stagLength, +- tag); +- } +- else { +- ret = mbedtls_gcm_auth_decrypt( +- context->gcm_ctx, size, nonce, nonceLen, aad, aadLen, tag, stagLength, srcData, destData); +- } +- } +- +- ENSURE_OR_GO_CLEANUP(ret == 0); +- *tagLen = stagLength; +- retval = kStatus_SSS_Success; +-cleanup: +- return retval; +-} +- +-sss_status_t sss_mbedtls_aead_init( +- sss_mbedtls_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(context); +- ENSURE_OR_GO_CLEANUP(nonce); +- /* Save the nonce and its length in context */ +- context->pNonce = nonce; +- context->nonceLen = nonceLen; +- context->ccm_aadLen = aadLen; +- context->ccm_dataTotalLen = payloadLen; +- if (context->algorithm == kAlgorithm_SSS_AES_CCM) { +- if (context->ccm_dataTotalLen) { +- context->pCcm_data = SSS_MALLOC(payloadLen); +- if (context->pCcm_data) { +- memset(context->pCcm_data, 0, payloadLen); +- context->ccm_dataoffset = 0; +- } +- else { +- LOG_E("malloc failed"); +- goto cleanup; +- } +- } +- } +- context->cache_data_len = 0; +- memset(context->cache_data, 0x00, sizeof(context->cache_data)); +- retval = kStatus_SSS_Success; +- +-cleanup: +- return retval; +-} +- +-sss_status_t sss_mbedtls_aead_update_aad(sss_mbedtls_aead_t *context, const uint8_t *aadData, size_t aadDataLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- int ret = 1; +- int mode = (context->mode == kMode_SSS_Encrypt) ? MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT; +- ENSURE_OR_GO_CLEANUP(context); +- if (aadDataLen > 0) { +- ENSURE_OR_GO_CLEANUP(aadData); +- } +- if (context->algorithm == kAlgorithm_SSS_AES_GCM) { +- /* Initialize gcm context */ +- mbedtls_gcm_init(context->gcm_ctx); +- +- /* Set key to the context */ +- ret = mbedtls_gcm_setkey(context->gcm_ctx, +- MBEDTLS_CIPHER_ID_AES, +- context->keyObject->contents, +- (unsigned int)(context->keyObject->contents_size * 8)); +- ENSURE_OR_GO_CLEANUP(ret == 0); +- +- /* Add aad Data */ +- ret = mbedtls_gcm_starts(context->gcm_ctx, mode, context->pNonce, context->nonceLen, aadData, aadDataLen); +- ENSURE_OR_GO_CLEANUP(ret == 0); +- } +- else if (context->algorithm == kAlgorithm_SSS_AES_CCM) { +- /* Initialize ccm context */ +- mbedtls_ccm_init(context->ccm_ctx); +- /* Set key to the context */ +- ret = mbedtls_ccm_setkey(context->ccm_ctx, +- MBEDTLS_CIPHER_ID_AES, +- context->keyObject->contents, +- (unsigned int)(context->keyObject->contents_size * 8)); +- ENSURE_OR_GO_CLEANUP(ret == 0); +- context->pCcm_aad = aadData; +- context->ccm_aadLen = aadDataLen; +- } +- retval = kStatus_SSS_Success; +-cleanup: +- return retval; +-} +- +-sss_status_t sss_mbedtls_aead_update( +- sss_mbedtls_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- uint8_t inputData[CIPHER_BLOCK_SIZE] = { +- 0, +- }; +- size_t inputData_len = 0; +- size_t src_offset = 0; +- size_t output_offset = 0; +- size_t outBuffSize = *destLen; +- size_t blockoutLen = 0; +- int ret = 1; +- if (context->algorithm == kAlgorithm_SSS_AES_CCM) { +- if ((srcData != NULL) && (srcLen > 0)) { +- retval = sss_mbedtls_aead_ccm_update(context, srcData, srcLen); +- } +- ENSURE_OR_GO_CLEANUP(retval == kStatus_SSS_Success); +- *destLen = 0; +- } +- else { +- if ((context->cache_data_len + srcLen) < CIPHER_BLOCK_SIZE) { +- /* Insufficinet data to process . Cache the data */ +- memcpy((context->cache_data + context->cache_data_len), srcData, srcLen); +- context->cache_data_len = context->cache_data_len + srcLen; +- *destLen = 0; +- return kStatus_SSS_Success; +- } +- else { +- /* Concatenate the unprocessed and current input data*/ +- memcpy(inputData, context->cache_data, context->cache_data_len); +- inputData_len = context->cache_data_len; +- memcpy((inputData + inputData_len), srcData, (CIPHER_BLOCK_SIZE - context->cache_data_len)); +- inputData_len += (CIPHER_BLOCK_SIZE - context->cache_data_len); +- src_offset += (CIPHER_BLOCK_SIZE - context->cache_data_len); +- blockoutLen = outBuffSize; +- +- /* Add Source Data */ +- ret = mbedtls_gcm_update(context->gcm_ctx, inputData_len, inputData, (destData + output_offset)); +- ENSURE_OR_GO_CLEANUP(ret == 0); +- blockoutLen = inputData_len; +- outBuffSize -= blockoutLen; +- output_offset += blockoutLen; +- +- while (srcLen - src_offset >= CIPHER_BLOCK_SIZE) { +- memcpy(inputData, (srcData + src_offset), 16); +- src_offset += CIPHER_BLOCK_SIZE; +- +- blockoutLen = outBuffSize; +- +- /* Add Source Data */ +- ret = mbedtls_gcm_update(context->gcm_ctx, inputData_len, inputData, (destData + output_offset)); +- ENSURE_OR_GO_CLEANUP(ret == 0); +- blockoutLen = inputData_len; +- outBuffSize -= blockoutLen; +- output_offset += blockoutLen; +- } +- *destLen = output_offset; +- /* Copy unprocessed data to cache */ +- memcpy(context->cache_data, (srcData + src_offset), (srcLen - src_offset)); +- context->cache_data_len = (srcLen - src_offset); +- } +- } +- retval = kStatus_SSS_Success; +-cleanup: +- if (retval == kStatus_SSS_Fail) { +- *destLen = 0; +- } +-#endif /*End of SSS_HAVE_TESTCOUNTERPART*/ +- return retval; +-} +- +-#if SSS_HAVE_TESTCOUNTERPART +-static sss_status_t sss_mbedtls_aead_ccm_update(sss_mbedtls_aead_t *context, const uint8_t *srcData, size_t srcLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- if ((context->ccm_dataoffset + srcLen) <= (context->ccm_dataTotalLen)) { +- memcpy(context->pCcm_data + context->ccm_dataoffset, srcData, srcLen); +- context->ccm_dataoffset = context->ccm_dataoffset + srcLen; +- retval = kStatus_SSS_Success; +- } +- else { +- /*Free the allocated memory in init*/ +- if (context->pCcm_data != NULL) { +- SSS_FREE(context->pCcm_data); +- context->pCcm_data = NULL; +- } +- } +- return retval; +-} +-#endif //#if SSS_HAVE_TESTCOUNTERPART +- +-sss_status_t sss_mbedtls_aead_finish(sss_mbedtls_aead_t *context, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen, +- uint8_t *tag, +- size_t *tagLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- size_t stagLen = *tagLen; +- int ret = 1; +- uint8_t srcdata_updated[2 * CIPHER_BLOCK_SIZE] = { +- 0, +- }; +- size_t srcdata_updated_len = 0; +- uint8_t *pTag = NULL; +- ENSURE_OR_GO_EXIT(context); +- if (srcLen) { +- ENSURE_OR_GO_EXIT(srcData); +- } +- ENSURE_OR_GO_EXIT(destData); +- ENSURE_OR_GO_EXIT(tag); +- ENSURE_OR_GO_EXIT(tagLen); +- if (context->algorithm == kAlgorithm_SSS_AES_CCM) { /* Check if finish has got source data */ +- if ((srcData != NULL) && (srcLen > 0)) { +- retval = sss_mbedtls_aead_ccm_update(context, srcData, srcLen); +- ENSURE_OR_GO_EXIT(retval == kStatus_SSS_Success); +- } +- retval = sss_mbedtls_aead_ccm_finish(context, destData, destLen, tag, tagLen); +- ENSURE_OR_GO_EXIT(retval == kStatus_SSS_Success); +- } +- else { +- if (srcLen > CIPHER_BLOCK_SIZE) { +- LOG_E("srcLen cannot be grater than 16 bytes. Call update function "); +- *destLen = 0; +- goto exit; +- } +- +- if (context->cache_data_len != 0) { +- memcpy(srcdata_updated, context->cache_data, context->cache_data_len); +- srcdata_updated_len = context->cache_data_len; +- } +- +- if (srcLen != 0) { +- memcpy((srcdata_updated + srcdata_updated_len), srcData, srcLen); +- srcdata_updated_len += srcLen; +- } +- +- /* Add Source Data */ +- ret = mbedtls_gcm_update(context->gcm_ctx, srcdata_updated_len, srcdata_updated, destData); +- *destLen = srcdata_updated_len; +- ENSURE_OR_GO_EXIT(ret == 0); +- +- pTag = (uint8_t *)SSS_MALLOC(*tagLen); +- ENSURE_OR_GO_EXIT(pTag); +- memset(pTag, 0, *tagLen); +- +- /* Get Tag for Enc*/ +- ret = mbedtls_gcm_finish(context->gcm_ctx, pTag, stagLen); +- ENSURE_OR_GO_EXIT(ret == 0); +- if (context->mode == kMode_SSS_Encrypt) { +- memcpy(tag, pTag, stagLen); +- } +- else { +- if (0 != memcmp(pTag, tag, stagLen)) { +- goto exit; +- } +- } +- +- *tagLen = stagLen; +- } +- retval = kStatus_SSS_Success; +- +-exit: +- if (pTag) { +- SSS_FREE(pTag); +- } +-#endif +- return retval; +-} +-#if SSS_HAVE_TESTCOUNTERPART +-static sss_status_t sss_mbedtls_aead_ccm_finish( +- sss_mbedtls_aead_t *context, uint8_t *destData, size_t *destLen, uint8_t *tag, size_t *tagLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- size_t stagLen = *tagLen; +- int ret = 1; +- /* Check the mode and perform requested operation */ +- if (context->mode == kMode_SSS_Encrypt) { +- ret = mbedtls_ccm_encrypt_and_tag(context->ccm_ctx, +- context->ccm_dataTotalLen, +- context->pNonce, +- context->nonceLen, +- context->pCcm_aad, +- context->ccm_aadLen, +- context->pCcm_data, +- destData, +- tag, +- stagLen); +- } +- else { +- ret = mbedtls_ccm_auth_decrypt(context->ccm_ctx, +- context->ccm_dataTotalLen, +- context->pNonce, +- context->nonceLen, +- context->pCcm_aad, +- context->ccm_aadLen, +- context->pCcm_data, +- destData, +- tag, +- stagLen); +- } +- ENSURE_OR_GO_EXIT(ret == 0); +- *destLen = context->ccm_dataTotalLen; +- retval = kStatus_SSS_Success; +- +-exit: +- return retval; +-} +-#endif //if SSS_HAVE_TESTCOUNTERPART +- +-void sss_mbedtls_aead_context_free(sss_mbedtls_aead_t *context) +-{ +- if (context != NULL) { +- if (context->algorithm == kAlgorithm_SSS_AES_GCM) { +- if (context->gcm_ctx != NULL) { +- mbedtls_gcm_free(context->gcm_ctx); +- SSS_FREE(context->gcm_ctx); +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_AES_CCM) { +- if (context->ccm_ctx != NULL) { +- mbedtls_ccm_free(context->ccm_ctx); +- SSS_FREE(context->ccm_ctx); +- if (context->pCcm_data != NULL) { +- SSS_FREE(context->pCcm_data); +- context->pCcm_data = NULL; +- } +- } +- } +- if (context->pCcm_aad != NULL) +- context->pCcm_aad = NULL; +- if (context->pNonce != NULL) +- context->pNonce = NULL; +- memset(context, 0, sizeof(*context)); +- } +-} +- +-/* End: mbedtls_aead */ +- +-/* ************************************************************************** */ +-/* Functions : sss_mbedtls_mac */ +-/* ************************************************************************** */ +-sss_status_t sss_mbedtls_mac_context_init(sss_mbedtls_mac_t *context, +- sss_mbedtls_session_t *session, +- sss_mbedtls_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(context); +- ENSURE_OR_GO_CLEANUP(session); +- ENSURE_OR_GO_CLEANUP(keyObject); +- +- context->session = session; +- context->keyObject = keyObject; +- context->algorithm = algorithm; +- context->mode = mode; +- context->cipher_ctx = NULL; +- +- if (context->algorithm == kAlgorithm_SSS_CMAC_AES) { +- context->cipher_ctx = (mbedtls_cipher_context_t *)SSS_MALLOC(sizeof(mbedtls_cipher_context_t)); +- ENSURE_OR_GO_CLEANUP(context->cipher_ctx); +- } +-#if SSSFTR_SW_TESTCOUNTERPART +- if (algorithm == kAlgorithm_SSS_HMAC_SHA1 || algorithm == kAlgorithm_SSS_HMAC_SHA224 || +- algorithm == kAlgorithm_SSS_HMAC_SHA256 || algorithm == kAlgorithm_SSS_HMAC_SHA384 || +- algorithm == kAlgorithm_SSS_HMAC_SHA512) { +- context->HmacCtx = (mbedtls_md_context_t *)SSS_MALLOC(sizeof(mbedtls_md_context_t)); +- ENSURE_OR_GO_CLEANUP(context->HmacCtx); +- } +-#endif +- status = kStatus_SSS_Success; +-cleanup: +- return status; +-} +- +-sss_status_t sss_mbedtls_mac_one_go( +- sss_mbedtls_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- int ret; +- const mbedtls_cipher_info_t *cipher_info; +-#if SSS_HAVE_TESTCOUNTERPART +- const mbedtls_md_info_t *md_info = NULL; +-#endif +- uint8_t *key; +- size_t keylen; +- +- ENSURE_OR_GO_CLEANUP(context); +- ENSURE_OR_GO_CLEANUP(context->keyObject->contents); +- key = context->keyObject->contents; +- keylen = context->keyObject->contents_size; +- +- if (context->algorithm == kAlgorithm_SSS_CMAC_AES) { +- mbedtls_cipher_type_t cipher_type = MBEDTLS_CIPHER_NONE; +- +- switch (keylen * 8) { +- case 128: +- cipher_type = MBEDTLS_CIPHER_AES_128_ECB; +- break; +-#if SSS_HAVE_TESTCOUNTERPART +- case 192: +- cipher_type = MBEDTLS_CIPHER_AES_192_ECB; +- break; +- case 256: +- cipher_type = MBEDTLS_CIPHER_AES_256_ECB; +- break; +-#endif +- default: +- LOG_E("key bit not supported"); +- goto cleanup; +- } +- +- cipher_info = mbedtls_cipher_info_from_type(cipher_type); +- if (cipher_info != NULL) { +- mbedtls_cipher_init(context->cipher_ctx); +- ret = mbedtls_cipher_setup(context->cipher_ctx, cipher_info); +- if (ret == 0) { +- if (ret == 0) { +-#ifdef MBEDTLS_CMAC_C +- ret = mbedtls_cipher_cmac_starts(context->cipher_ctx, key, (keylen * 8)); +- if (ret == 0) { +- ret = mbedtls_cipher_cmac_update(context->cipher_ctx, message, messageLen); +- if (ret == 0) { +- ret = mbedtls_cipher_cmac_finish(context->cipher_ctx, mac); +- if (ret == 0) { +- *macLen = context->cipher_ctx->cipher_info->block_size; +- status = kStatus_SSS_Success; +- } +- } +- } +-#endif +- } +- } +- } +- } +-#if SSS_HAVE_TESTCOUNTERPART +- else if (context->algorithm == kAlgorithm_SSS_HMAC_SHA1 || context->algorithm == kAlgorithm_SSS_HMAC_SHA224 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA256 || context->algorithm == kAlgorithm_SSS_HMAC_SHA384 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA512) { +- /*For HMAC any Key length is supported*/ +- switch (context->algorithm) { +- case kAlgorithm_SSS_HMAC_SHA1: +- md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); +- break; +- case kAlgorithm_SSS_HMAC_SHA224: +- md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA224); +- break; +- case kAlgorithm_SSS_HMAC_SHA256: +- md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); +- break; +- case kAlgorithm_SSS_HMAC_SHA384: +- md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); +- break; +- case kAlgorithm_SSS_HMAC_SHA512: +- md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); +- break; +- default: +- LOG_E("Invalid HMAC algorithm"); +- status = kStatus_SSS_Fail; +- goto cleanup; +- } +- +- if (md_info != NULL) { +- ret = mbedtls_md_hmac(md_info, key, keylen, message, messageLen, mac); +- if (ret == 0) { +- *macLen = mbedtls_md_get_size(md_info); +- status = kStatus_SSS_Success; +- } +- } +- } +-#endif //SSS_HAVE_TESTCOUNTERPART +- else { +- LOG_E("Invalid algorithm type"); +- } +-cleanup: +- return status; +-} +- +-sss_status_t sss_mbedtls_mac_init(sss_mbedtls_mac_t *context) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- int ret; +- uint8_t *key; +- size_t keylen; +- mbedtls_cipher_type_t cipher_type = MBEDTLS_CIPHER_NONE; +- +- ENSURE_OR_GO_CLEANUP(context->keyObject->contents); +- key = context->keyObject->contents; +- keylen = context->keyObject->contents_size; +- +- if (context->algorithm == kAlgorithm_SSS_CMAC_AES) { +- const mbedtls_cipher_info_t *cipher_info = NULL; +- +- switch (context->keyObject->keyBitLen) { +- case 128: +- cipher_type = MBEDTLS_CIPHER_AES_128_ECB; +- break; +-#if SSS_HAVE_TESTCOUNTERPART +- case 192: +- cipher_type = MBEDTLS_CIPHER_AES_192_ECB; +- break; +- case 256: +- cipher_type = MBEDTLS_CIPHER_AES_256_ECB; +- break; +-#endif +- default: +- LOG_E("key bit not supported"); +- goto cleanup; +- } +- +- if (cipher_type != MBEDTLS_CIPHER_NONE) { +- cipher_info = mbedtls_cipher_info_from_type(cipher_type); +- } +- +- if (cipher_info != NULL) { +- mbedtls_cipher_init(context->cipher_ctx); +- ret = mbedtls_cipher_setup(context->cipher_ctx, cipher_info); +- if (ret == 0) { +-#ifdef MBEDTLS_CMAC_C +- ret = mbedtls_cipher_cmac_starts(context->cipher_ctx, key, (keylen * 8)); +-#endif +- if (ret == 0) +- status = kStatus_SSS_Success; +- } +- } +- } +-#if SSS_HAVE_TESTCOUNTERPART +- else if (context->algorithm == kAlgorithm_SSS_HMAC_SHA1 || context->algorithm == kAlgorithm_SSS_HMAC_SHA224 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA256 || context->algorithm == kAlgorithm_SSS_HMAC_SHA384 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA512) { +- /* for HMAC any key length is supported */ +- +- const mbedtls_md_info_t *md_info = NULL; +- mbedtls_md_context_t *hmac_ctx; +- hmac_ctx = context->HmacCtx; +- mbedtls_md_init(hmac_ctx); +- +- switch (context->algorithm) { +- case kAlgorithm_SSS_HMAC_SHA1: +- md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); +- break; +- case kAlgorithm_SSS_HMAC_SHA224: +- md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA224); +- break; +- case kAlgorithm_SSS_HMAC_SHA256: +- md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); +- break; +- case kAlgorithm_SSS_HMAC_SHA384: +- md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); +- break; +- case kAlgorithm_SSS_HMAC_SHA512: +- md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); +- break; +- default: +- status = kStatus_SSS_Fail; +- goto cleanup; +- } +- +- if (md_info != NULL) { +- /* Below, third parameter '1' indicates that HMAC is to be setup*/ +- ret = mbedtls_md_setup(hmac_ctx, md_info, 1); +- if (ret == 0) { +- ret = mbedtls_md_hmac_starts(hmac_ctx, key, (keylen)); +- +- if (ret == 0) { +- status = kStatus_SSS_Success; +- } +- } +- } +- } +-#endif //SSS_HAVE_TESTCOUNTERPART +- else { +- LOG_E("invalid algorithm mode for sss_mbedtls_mac_context_init "); +- } +- +-cleanup: +- return status; +-} +- +-sss_status_t sss_mbedtls_mac_update(sss_mbedtls_mac_t *context, const uint8_t *message, size_t messageLen) +-{ +- int ret = 1; +- sss_status_t status = kStatus_SSS_InvalidArgument; +- ENSURE_OR_GO_EXIT(message != NULL); +- +- status = kStatus_SSS_Fail; +- LOG_AU8_D(message, messageLen); +- if (context->algorithm == kAlgorithm_SSS_CMAC_AES) { +-#ifdef MBEDTLS_CMAC_C +- mbedtls_cipher_context_t *ctx; +- ctx = context->cipher_ctx; +- ret = mbedtls_cipher_cmac_update(ctx, message, messageLen); +-#endif +- if (ret == 0) { +- status = kStatus_SSS_Success; +- } +- } +-#if SSSFTR_SW_TESTCOUNTERPART +- else if (context->algorithm == kAlgorithm_SSS_HMAC_SHA1 || context->algorithm == kAlgorithm_SSS_HMAC_SHA224 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA256 || context->algorithm == kAlgorithm_SSS_HMAC_SHA384 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA512) { +- mbedtls_md_context_t *hmac_ctx; +- hmac_ctx = context->HmacCtx; +- ret = mbedtls_md_hmac_update(hmac_ctx, message, messageLen); +- +- if (ret == 0) { +- status = kStatus_SSS_Success; +- } +- } +-#endif +- else { +- LOG_E("invalid algorithm mode for sss_mbedtls_mac_update"); +- } +-exit: +- return status; +-} +- +-sss_status_t sss_mbedtls_mac_finish(sss_mbedtls_mac_t *context, uint8_t *mac, size_t *macLen) +-{ +- int ret = 1; +- sss_status_t status = kStatus_SSS_InvalidArgument; +- ENSURE_OR_GO_EXIT((mac != NULL) && (macLen != NULL)); +- +- status = kStatus_SSS_Fail; +- +- if (context->algorithm == kAlgorithm_SSS_CMAC_AES) { +- mbedtls_cipher_context_t *ctx; +- ctx = context->cipher_ctx; +- +-#ifdef MBEDTLS_CMAC_C +- ret = mbedtls_cipher_cmac_finish(ctx, mac); +-#endif +- if (ret == 0) { +- *macLen = ctx->cipher_info->block_size; +- status = kStatus_SSS_Success; +- } +- } +-#if SSS_HAVE_TESTCOUNTERPART +- else if (context->algorithm == kAlgorithm_SSS_HMAC_SHA1 || context->algorithm == kAlgorithm_SSS_HMAC_SHA224 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA256 || context->algorithm == kAlgorithm_SSS_HMAC_SHA384 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA512) { +- mbedtls_md_context_t *hmacctx; +- hmacctx = context->HmacCtx; +- +- ret = mbedtls_md_hmac_finish(hmacctx, mac); +- if (ret == 0) { +- *macLen = mbedtls_md_get_size(hmacctx->md_info); +- status = kStatus_SSS_Success; +- } +- } +-#endif //SSS_HAVE_TESTCOUNTERPART +- else { +- LOG_E("Invalid algorithm type for sss_mbedtls_mac_finish"); +- } +-exit: +- return status; +-} +- +-void sss_mbedtls_mac_context_free(sss_mbedtls_mac_t *context) +-{ +- if (context != NULL) { +- if (context->cipher_ctx != NULL) { +- mbedtls_cipher_free(context->cipher_ctx); +- SSS_FREE(context->cipher_ctx); +- } +-#if SSSFTR_SW_TESTCOUNTERPART +- if (context->algorithm == kAlgorithm_SSS_HMAC_SHA1 || context->algorithm == kAlgorithm_SSS_HMAC_SHA224 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA256 || context->algorithm == kAlgorithm_SSS_HMAC_SHA384 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA512) { +- SSS_FREE(context->HmacCtx); +- } +-#endif +- memset(context, 0, sizeof(*context)); +- } +-} +- +-/* ************************************************************************** */ +-/* Functions : sss_mbedtls_md */ +-/* ************************************************************************** */ +- +-sss_status_t sss_mbedtls_digest_context_init( +- sss_mbedtls_digest_t *context, sss_mbedtls_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- ENSURE_OR_GO_CLEANUP(context); +- memset(context, 0, sizeof(*context)); +- context->session = session; +- context->algorithm = algorithm; +- context->mode = mode; +- retval = kStatus_SSS_Success; +-cleanup: +-#endif //SSS_HAVE_TESTCOUNTERPART +- return retval; +-} +- +-sss_status_t sss_mbedtls_digest_one_go( +- sss_mbedtls_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- int ret; +- const mbedtls_md_info_t *mdinfo = NULL; +- mbedtls_md_type_t md_type = MBEDTLS_MD_NONE; +- +- switch (context->algorithm) { +- case kAlgorithm_SSS_SHA1: +- md_type = MBEDTLS_MD_SHA1; +- *digestLen = 20; +- break; +- case kAlgorithm_SSS_SHA224: +- md_type = MBEDTLS_MD_SHA224; +- *digestLen = 28; +- break; +- case kAlgorithm_SSS_SHA256: +- md_type = MBEDTLS_MD_SHA256; +- *digestLen = 32; +- break; +- case kAlgorithm_SSS_SHA384: +- md_type = MBEDTLS_MD_SHA384; +- *digestLen = 48; +- break; +- case kAlgorithm_SSS_SHA512: +- md_type = MBEDTLS_MD_SHA512; +- *digestLen = 64; +- break; +- default: { +- LOG_E("Algorithm mode not suported"); +- goto exit; +- } +- } +- +- mdinfo = mbedtls_md_info_from_type(md_type); +- +- ret = mbedtls_md(mdinfo, message, messageLen, digest); +- +- if (ret != 0) { +- LOG_E("mbedtls_md failed"); +- *digestLen = 0; +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +-#endif //SSS_HAVE_TESTCOUNTERPART +- return retval; +-} +- +-sss_status_t sss_mbedtls_digest_init(sss_mbedtls_digest_t *context) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- const mbedtls_md_info_t *mdinfo = NULL; +- mbedtls_md_type_t md_type = MBEDTLS_MD_NONE; +- int ret; +- +- mbedtls_md_init(&context->md_ctx); +- +- switch (context->algorithm) { +- case kAlgorithm_SSS_SHA1: +- md_type = MBEDTLS_MD_SHA1; +- break; +- case kAlgorithm_SSS_SHA224: +- md_type = MBEDTLS_MD_SHA224; +- break; +- case kAlgorithm_SSS_SHA256: +- md_type = MBEDTLS_MD_SHA256; +- break; +- case kAlgorithm_SSS_SHA384: +- md_type = MBEDTLS_MD_SHA384; +- break; +- case kAlgorithm_SSS_SHA512: +- md_type = MBEDTLS_MD_SHA512; +- break; +- default: +- LOG_E("Algorithm mode not suported"); +- goto exit; +- } +- +- mdinfo = mbedtls_md_info_from_type(md_type); +- +- ret = mbedtls_md_init_ctx(&context->md_ctx, mdinfo); +- ENSURE_OR_GO_EXIT(ret == 0); +- +- ret = mbedtls_md_starts(&context->md_ctx); +- ENSURE_OR_GO_EXIT(ret == 0); +- +- retval = kStatus_SSS_Success; +-exit: +-#endif //SSS_HAVE_TESTCOUNTERPART +- return retval; +-} +- +-sss_status_t sss_mbedtls_digest_update(sss_mbedtls_digest_t *context, const uint8_t *message, size_t messageLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- +- int ret = mbedtls_md_update(&context->md_ctx, message, messageLen); +- ENSURE_OR_GO_EXIT(ret == 0); +- +- retval = kStatus_SSS_Success; +-exit: +-#endif //SSS_HAVE_TESTCOUNTERPART +- return retval; +-} +- +-sss_status_t sss_mbedtls_digest_finish(sss_mbedtls_digest_t *context, uint8_t *digest, size_t *digestLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- int ret; +- +- switch (context->algorithm) { +- case kAlgorithm_SSS_SHA1: +- *digestLen = 20; +- break; +- case kAlgorithm_SSS_SHA224: +- *digestLen = 28; +- break; +- case kAlgorithm_SSS_SHA256: +- *digestLen = 32; +- break; +- case kAlgorithm_SSS_SHA384: +- *digestLen = 48; +- break; +- case kAlgorithm_SSS_SHA512: +- *digestLen = 64; +- break; +- default: { +- LOG_E("Algorithm mode not suported"); +- goto exit; +- } +- } +- +- ret = mbedtls_md_finish(&context->md_ctx, digest); +- if (ret != 0) { +- LOG_E("mbedtls_md_update failed"); +- *digestLen = 0; +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +-#endif //SSS_HAVE_TESTCOUNTERPART +- return retval; +-} +- +-void sss_mbedtls_digest_context_free(sss_mbedtls_digest_t *context) +-{ +- // if (context->md_ctx) +- // mbedtls_md_free(&context->md_ctx); +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: mbedtls_md */ +- +-/* ************************************************************************** */ +-/* Functions : sss_mbedtls_rng */ +-/* ************************************************************************** */ +- +-sss_status_t sss_mbedtls_rng_context_init(sss_mbedtls_rng_context_t *context, sss_mbedtls_session_t *session) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- +- ENSURE_OR_GO_EXIT(context); +- ENSURE_OR_GO_EXIT(session); +- +- context->session = session; +- +- if (session->ctr_drbg == NULL) { +- session->ctr_drbg = SSS_MALLOC(sizeof(*session->ctr_drbg)); +- ENSURE_OR_GO_EXIT(session->ctr_drbg != NULL); +- mbedtls_ctr_drbg_init((session->ctr_drbg)); +- } +- +- if (session->entropy == NULL) { +- session->entropy = SSS_MALLOC(sizeof(*session->entropy)); +- ENSURE_OR_GO_EXIT(session->entropy != NULL); +- mbedtls_entropy_init((session->entropy)); +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_mbedtls_rng_get_random(sss_mbedtls_rng_context_t *context, uint8_t *random_data, size_t dataLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- size_t chunk = 0; +- size_t offset = 0; +- int ret = -1; +- +- while (dataLen > 0) { +- if (dataLen > MBEDTLS_CTR_DRBG_MAX_REQUEST) { +- chunk = MBEDTLS_CTR_DRBG_MAX_REQUEST; +- } +- else { +- chunk = dataLen; +- } +- +- ret = mbedtls_ctr_drbg_random(context->session->ctr_drbg, (random_data + offset), chunk); +- ENSURE_OR_GO_EXIT(ret == 0); +- +- offset += chunk; +- dataLen -= chunk; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_mbedtls_rng_context_free(sss_mbedtls_rng_context_t *context) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- memset(context, 0, sizeof(*context)); +- return retval; +-} +- +-/* End: mbedtls_rng */ +- +-/* ************************************************************************** */ +-/* Functions : Private sss mbedtls functions */ +-/* ************************************************************************** */ +- +-// FIXME: Handle data/dataLen +-static sss_status_t sss_mbedtls_set_key( +- sss_mbedtls_object_t *keyObject, const uint8_t *data, size_t dataLen, size_t keyBitLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SW_ECC || SSSFTR_SW_RSA +- size_t base64_olen; +- int ret; +- char pem_format[2048]; +-#endif +- switch (keyObject->objectType) { +- case kSSS_KeyPart_Default: +- ENSURE_OR_GO_EXIT(dataLen <= keyObject->contents_max_size); +- if (data != NULL) /* For empty certificate */ +- memcpy(keyObject->contents, data, dataLen); +- keyObject->contents_size = dataLen; +- keyObject->keyBitLen = keyBitLen; +- retval = kStatus_SSS_Success; +- break; +-#if SSSFTR_SW_ECC || SSSFTR_SW_RSA +- case kSSS_KeyPart_Private: +- case kSSS_KeyPart_Pair: { +- mbedtls_pk_context *pk = (mbedtls_pk_context *)keyObject->contents; +- if (keyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- mbedtls_ecp_keypair *pEcpPrv = NULL; +- sss_status_t asn_retval = kStatus_SSS_Fail; +- ret = mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); +- ENSURE_OR_GO_EXIT(ret == 0); +- +- pEcpPrv = mbedtls_pk_ec(*pk); +- if (keyBitLen == 256) { +- ret = mbedtls_ecp_group_load(&pEcpPrv->grp, MBEDTLS_ECP_DP_CURVE25519); +- } +- else if (keyBitLen == 448) { +- ret = mbedtls_ecp_group_load(&pEcpPrv->grp, MBEDTLS_ECP_DP_CURVE448); +- } +- else { +- ret = 1; +- } +- ENSURE_OR_GO_EXIT(ret == 0); +- +-#ifdef MBEDTLS_DO_LITTLE_ENDIAN // Reverse Endianness +- { +- size_t i = 0; +- uint16_t publicKeyIndex = 0; +- size_t publicKeyLen = 0; +- uint16_t privateKeyIndex = 0; +- size_t privateKeyLen = 0; +- uint8_t pubKeyReversed[64] = { +- 0, +- }; +- const uint8_t *pPublicKey = NULL; +- uint8_t prvKeyReversed[64] = { +- 0, +- }; +- const uint8_t *pPrivateKey = NULL; +- +- asn_retval = sss_util_rfc8410_asn1_get_ec_pair_key_index( +- data, dataLen, &publicKeyIndex, &publicKeyLen, &privateKeyIndex, &privateKeyLen); +- if (asn_retval != kStatus_SSS_Success) { +- LOG_W("error in sss_util_rfc8410_asn1_get_ec_pair_key_index"); +- goto exit; +- } +- +- while (i < publicKeyLen) { +- pubKeyReversed[i] = data[publicKeyIndex + publicKeyLen - i - 1]; +- i++; +- } +- pPublicKey = &pubKeyReversed[0]; +- +- i = 0; +- while (i < privateKeyLen) { +- prvKeyReversed[i] = data[privateKeyIndex + privateKeyLen - i - 1]; +- i++; +- } +- +- /* RFC 7748, Sec 5 Par 5*/ +- if (keyBitLen == 256) { +- prvKeyReversed[privateKeyLen - 1] = prvKeyReversed[privateKeyLen - 1] & 0xF8; +- prvKeyReversed[0] = prvKeyReversed[0] & 0x7F; +- prvKeyReversed[0] = prvKeyReversed[0] | 0x40; +- } +- else { +- prvKeyReversed[privateKeyLen - 1] = prvKeyReversed[privateKeyLen - 1] & 0xFC; +- prvKeyReversed[0] = prvKeyReversed[0] | 0x80; +- } +- +- pPrivateKey = &prvKeyReversed[0]; +- +- ret = mbedtls_mpi_read_binary(&pEcpPrv->d, pPrivateKey, privateKeyLen); +- ENSURE_OR_GO_EXIT(ret == 0); +- +- ret = mbedtls_mpi_read_binary(&pEcpPrv->Q.X, pPublicKey, publicKeyLen); +- ENSURE_OR_GO_EXIT(ret == 0); +- +- ret = mbedtls_mpi_lset(&pEcpPrv->Q.Z, 1); +- ENSURE_OR_GO_EXIT(ret == 0); +- +- retval = kStatus_SSS_Success; +- } +-#else +- ret = mbedtls_mpi_read_binary(&pEcpPrv->d, data, dataLen); +- ENSURE_OR_GO_EXIT(ret == 0); +- retval = kStatus_SSS_Success; +-#endif +- } +- else { +- ret = mbedtls_pk_parse_key(pk, data, dataLen, NULL, 0); +- (ret == 0) ? (retval = kStatus_SSS_Success) : (retval = kStatus_SSS_Fail); +- } +- } break; +- case kSSS_KeyPart_Public: { +- // Sizeof base64_format should be limited to sizeof(pem_format) minus BEGIN_PUBLIC and END_PUBLIC +- // SIMW-2696. +- uint8_t base64_format[1996]; +- mbedtls_pk_context *pk = (mbedtls_pk_context *)keyObject->contents; +- if (keyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- mbedtls_ecp_keypair *pEcpPub = NULL; +- +- ret = mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); +- ENSURE_OR_GO_EXIT(ret == 0); +- +- pEcpPub = mbedtls_pk_ec(*pk); +- if (keyBitLen == 256) { +- ret = mbedtls_ecp_group_load(&pEcpPub->grp, MBEDTLS_ECP_DP_CURVE25519); +- } +- else if (keyBitLen == 448) { +- ret = mbedtls_ecp_group_load(&pEcpPub->grp, MBEDTLS_ECP_DP_CURVE448); +- } +- else { +- ret = 1; +- } +- ENSURE_OR_GO_EXIT(ret == 0); +- +-#ifdef MBEDTLS_DO_LITTLE_ENDIAN // Reverse Endianness +- { +- size_t i = 0; +- size_t publicKeyIndex = 0; +- size_t publicKeyLen = dataLen; +- size_t nByteKey = 32; // Corresponds to kSE05x_ECCurve_ECC_MONT_DH_25519 +- uint8_t pubKeyReversed[64] = { +- 0, +- }; +- const uint8_t *pPublicKey = NULL; +-// #define TMP_ENDIAN_VERBOSE +-#ifdef TMP_ENDIAN_VERBOSE +- printf("Pub Key Before Reverse & header strip:\n"); +- for (size_t z = 0; z < publicKeyLen; z++) { +- printf("%02X.", data[publicKeyIndex + z]); +- } +- printf("\n"); +- printf("keyBitLen = %d\n", (int)keyBitLen); +-#endif +- if (keyBitLen == 256) { +- publicKeyIndex = der_ecc_mont_dh_25519_header_len; +- publicKeyLen -= der_ecc_mont_dh_25519_header_len; +- } +- else { +- nByteKey = 56; +- publicKeyIndex = der_ecc_mont_dh_448_header_len; +- publicKeyLen -= der_ecc_mont_dh_448_header_len; +- } +- +- while (i < nByteKey) { +- pubKeyReversed[i] = data[publicKeyIndex + publicKeyLen - i - 1]; +- i++; +- } +- pPublicKey = &pubKeyReversed[0]; +- +-#ifdef TMP_ENDIAN_VERBOSE +- printf("Pub Key After Reverse:\n"); +- for (size_t z = 0; z < publicKeyLen; z++) { +- printf("%02X.", pPublicKey[z]); +- } +- printf("\n"); +-#endif +- ret = mbedtls_mpi_read_binary(&pEcpPub->Q.X, pPublicKey, publicKeyLen); +- } +-#else +- ret = mbedtls_mpi_read_binary(&pEcpPub->Q.X, data, dataLen); +-#endif // Reverse Endianess +- +- (ret == 0) ? (retval = kStatus_SSS_Success) : (retval = kStatus_SSS_Fail); +- +- if (retval == kStatus_SSS_Success) { +- ret = mbedtls_mpi_lset(&pEcpPub->Q.Z, 1); +- (ret == 0) ? (retval = kStatus_SSS_Success) : (retval = kStatus_SSS_Fail); +- } +- } +- else { +- ret = mbedtls_base64_encode(base64_format, sizeof(base64_format), &base64_olen, data, dataLen); +- SNPRINTF(pem_format, sizeof(pem_format), BEGIN_PUBLIC "%s" END_PUBLIC, base64_format); +- ret = mbedtls_pk_parse_public_key(pk, (const uint8_t *)pem_format, strlen(pem_format) + 1); +- (ret == 0) ? (retval = kStatus_SSS_Success) : (retval = kStatus_SSS_Fail); +- } +- } break; +-#endif // SSSFTR_SW_ECC || SSSFTR_SW_RSA +- default: +- retval = kStatus_SSS_Fail; +- LOG_E("Key type not supported"); +- break; +- } +-exit: +- return retval; +-} +- +-static sss_status_t sss_mbedtls_drbg_seed(sss_mbedtls_session_t *pSession, const char *pers, size_t persLen) +-{ +- int ret; +- sss_status_t retval = kStatus_SSS_Fail; +- ret = mbedtls_ctr_drbg_seed( +- pSession->ctr_drbg, &mbedtls_entropy_func, pSession->entropy, (const unsigned char *)pers, persLen); +- ENSURE_OR_GO_EXIT(ret == 0); +- retval = kStatus_SSS_Success; +-exit: +- return (retval); +-} +- +-#if SSSFTR_SW_ECC && SSS_HAVE_TESTCOUNTERPART +-static mbedtls_ecp_group_id get_nist_p_group_id(size_t keyBitLen) +-{ +- mbedtls_ecp_group_id groupId = MBEDTLS_ECP_DP_NONE; +- switch (keyBitLen) { +- case 192: +- groupId = MBEDTLS_ECP_DP_SECP192R1; +- break; +- case 224: +- groupId = MBEDTLS_ECP_DP_SECP224R1; +- break; +- case 256: +- groupId = MBEDTLS_ECP_DP_SECP256R1; +- break; +- case 384: +- groupId = MBEDTLS_ECP_DP_SECP384R1; +- break; +- case 521: +- groupId = MBEDTLS_ECP_DP_SECP521R1; +- break; +- default: +- break; +- } +- return groupId; +-} +- +-static mbedtls_ecp_group_id get_bp_group_id(size_t keyBitLen) +-{ +- mbedtls_ecp_group_id groupId = MBEDTLS_ECP_DP_NONE; +- switch (keyBitLen) { +- case 256: +- groupId = MBEDTLS_ECP_DP_BP256R1; +- break; +- case 384: +- groupId = MBEDTLS_ECP_DP_BP384R1; +- break; +- case 512: +- groupId = MBEDTLS_ECP_DP_BP512R1; +- break; +- default: +- break; +- } +- return groupId; +-} +- +-static mbedtls_ecp_group_id get_nist_k_group_id(size_t keyBitLen) +-{ +- mbedtls_ecp_group_id groupId = MBEDTLS_ECP_DP_NONE; +- switch (keyBitLen) { +- case 192: +- groupId = MBEDTLS_ECP_DP_SECP192K1; +- break; +- case 224: +- groupId = MBEDTLS_ECP_DP_SECP224K1; +- break; +- case 256: +- groupId = MBEDTLS_ECP_DP_SECP256K1; +- break; +- default: +- break; +- } +- return groupId; +-} +- +-static mbedtls_ecp_group_id get_mont_group_id(size_t keyBitLen) +-{ +- mbedtls_ecp_group_id groupId = MBEDTLS_ECP_DP_NONE; +- switch (keyBitLen) { +- case 256: +- groupId = MBEDTLS_ECP_DP_CURVE25519; +- break; +- case 448: +- groupId = MBEDTLS_ECP_DP_CURVE448; +- break; +- default: +- break; +- } +- return groupId; +-} +- +-static sss_status_t sss_mbedtls_generate_ecp_key( +- mbedtls_pk_context *pkey, sss_mbedtls_session_t *pSession, size_t keyBitLen, sss_cipher_type_t cipher_typ) +-{ +- int ret; +- sss_status_t retval = kStatus_SSS_Fail; +- mbedtls_ecp_group_id groupId = MBEDTLS_ECP_DP_NONE; +- +- ret = mbedtls_pk_setup(pkey, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); +- ENSURE_OR_GO_EXIT(ret == 0); +- retval = kStatus_SSS_Success; +- +- if (cipher_typ == kSSS_CipherType_EC_NIST_P) { +- groupId = get_nist_p_group_id(keyBitLen); +- } +- else if (cipher_typ == kSSS_CipherType_EC_BRAINPOOL) { +- groupId = get_bp_group_id(keyBitLen); +- } +- else if (cipher_typ == kSSS_CipherType_EC_NIST_K) { +- groupId = get_nist_k_group_id(keyBitLen); +- } +- else if (cipher_typ == kSSS_CipherType_EC_MONTGOMERY) { +- groupId = get_mont_group_id(keyBitLen); +- } +- else { +- LOG_E(" sss_openssl_generate_ecp_key: Invalid key type "); +- } +- +- if (groupId != MBEDTLS_ECP_DP_NONE) { +- ret = mbedtls_ecp_gen_key(groupId, mbedtls_pk_ec(*pkey), mbedtls_ctr_drbg_random, pSession->ctr_drbg); +- } +- else { +- LOG_E(" Don't have support keyBitLen", keyBitLen); +- ret = 1; +- } +- +- if (ret != 0) { +- LOG_E(" mbedtls_ecp_gen_key returned -0x%04x", -ret); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +-exit: +- return retval; +-} +-#endif // SSSFTR_SW_ECC +- +-#if SSSFTR_SW_RSA && SSS_HAVE_TESTCOUNTERPART +-static sss_status_t sss_mbedtls_generate_rsa_key( +- mbedtls_pk_context *pkey, sss_mbedtls_session_t *pSession, size_t keyBitLen) +-{ +- int ret; +- sss_status_t retval = kStatus_SSS_Fail; +- +- ret = mbedtls_pk_setup(pkey, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); +- ENSURE_OR_GO_EXIT(ret == 0); +- ENSURE_OR_GO_EXIT(keyBitLen == 512 || keyBitLen == 1024 || keyBitLen == 1152 || keyBitLen == 2048 || +- keyBitLen == 3072 || keyBitLen == 4096); +- +- ret = mbedtls_rsa_gen_key( +- mbedtls_pk_rsa(*pkey), mbedtls_ctr_drbg_random, (pSession->ctr_drbg), (unsigned int)keyBitLen, 65537); +- +- ENSURE_OR_GO_EXIT(ret == 0); +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +-#endif +- +-#if SSSFTR_SW_TESTCOUNTERPART +-static sss_status_t sss_mbedtls_hkdf_expand(const mbedtls_md_info_t *md, +- const uint8_t *prk, +- size_t prk_len, +- const uint8_t *info, +- size_t info_len, +- uint8_t *okm, +- size_t okm_len) +-{ +- size_t hash_len; +- size_t N; +- size_t T_len = 0, where = 0, i, ret; +- mbedtls_md_context_t ctx; +- unsigned char T[MBEDTLS_MD_MAX_SIZE]; +- sss_status_t retval = kStatus_SSS_Success; +- +- if (okm == NULL) { +- retval = kStatus_SSS_InvalidArgument; +- goto exit; +- } +- +- hash_len = mbedtls_md_get_size(md); +- +- if (hash_len == 0) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- if (info == NULL) { +- info = (const unsigned char *)""; +- } +- +- N = okm_len / hash_len; +- +- if ((okm_len % hash_len) != 0) { +- N++; +- } +- +- if (N > 255) { +- retval = kStatus_SSS_InvalidArgument; +- goto exit; +- } +- +- mbedtls_md_init(&ctx); +- +- if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) { +- mbedtls_md_free(&ctx); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- /* Section 2.3. */ +- for (i = 1; i <= N; i++) { +- unsigned char c = (unsigned char)i; +- +- ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len) || mbedtls_md_hmac_update(&ctx, T, T_len) || +- mbedtls_md_hmac_update(&ctx, info, info_len) || +- /* The constant concatenated to the end of each T(n) is a single +- octet. */ +- mbedtls_md_hmac_update(&ctx, &c, 1) || mbedtls_md_hmac_finish(&ctx, T); +- +- if (ret != 0) { +- mbedtls_md_free(&ctx); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- memcpy(okm + where, T, (i != N) ? hash_len : (okm_len - where)); +- where += hash_len; +- T_len = hash_len; +- } +- +- mbedtls_md_free(&ctx); +-exit: +- return retval; +-} +- +-static sss_status_t sss_mbedtls_hkdf_extract( +- const mbedtls_md_info_t *md, const uint8_t *salt, size_t salt_len, const uint8_t *ikm, size_t ikm_len, uint8_t *prk) +-{ +- int hash_len; +- int ret; +- unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = {'\0'}; +- sss_status_t retval = kStatus_SSS_Success; +- +- hash_len = mbedtls_md_get_size(md); +- +- if (salt == NULL) { +- salt = null_salt; +- salt_len = hash_len; +- } +- +- ret = mbedtls_md_hmac(md, salt, salt_len, ikm, ikm_len, prk); +- if (ret != 0) { +- retval = kStatus_SSS_Fail; +- } +- return retval; +-} +-#endif // SSSFTR_SW_TESTCOUNTERPART +- +-/* Low level implementation for sss_mbedtls_key_object_allocate_handle */ +-sss_status_t ks_mbedtls_key_object_create(sss_mbedtls_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t keyMode) +-{ +- size_t size = 0; +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyObject); +- +- keyObject->keyId = keyId; +- keyObject->objectType = keyPart; +- keyObject->cipherType = cipherType; +- keyObject->contents_max_size = keyByteLenMax; +- keyObject->contents_must_free = 1; +- keyObject->keyMode = keyMode; +- /* Bitwise OR of all sss_access_permission. */ +- keyObject->accessRights = kAccessPermission_SSS_All_Permission; +- switch (keyPart) { +- case kSSS_KeyPart_Default: +- size = keyByteLenMax; +- break; +-#if SSSFTR_SW_ECC || SSSFTR_SW_RSA +- case kSSS_KeyPart_Pair: +- case kSSS_KeyPart_Private: +- case kSSS_KeyPart_Public: +- size = sizeof(mbedtls_pk_context); +- break; +-#endif // SSSFTR_SW_ECC || SSSFTR_SW_RSA +- default: +- break; +- } +- if (size != 0) { +- keyObject->contents = SSS_MALLOC(size); +- keyObject->contents_must_free = 1; +- ENSURE_OR_GO_CLEANUP(keyObject->contents); +- memset(keyObject->contents, 0, size); +- retval = kStatus_SSS_Success; +- } +- +-cleanup: +- return retval; +-} +- +-#endif /* SSS_HAVE_MBEDTLS */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/openssl/fsl_sss_openssl_apis.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/openssl/fsl_sss_openssl_apis.c +deleted file mode 100644 +index de8a94926c..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/openssl/fsl_sss_openssl_apis.c ++++ /dev/null +@@ -1,3737 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-#include +- +-#if SSS_HAVE_OPENSSL +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +-#else +-#include +-#endif +- +-#include "nxLog_sss.h" +- +-#define MAX_KEY_OBJ_COUNT KS_N_ENTIRES +-#define MAX_FILE_NAME_SIZE 255 +-#define MAX_SHARED_SECRET_DERIVED_DATA 255 +-#define BEGIN_PRIVATE "-----BEGIN PRIVATE KEY-----\n" +-#define END_PRIVATE "\n-----END PRIVATE KEY-----" +-#define BEGIN_EC_PRIVATE "-----BEGIN EC PRIVATE KEY-----\n" +-#define END_EC_PRIVATE "\n-----END EC PRIVATE KEY-----" +-#define BEGIN_PUBLIC "-----BEGIN PUBLIC KEY-----\n" +-#define END_PUBLIC "\n-----END PUBLIC KEY-----" +-#define BEGIN_RSA_PRIVATE "-----BEGIN RSA PRIVATE KEY-----\n" +-#define END_RSA_PRIVATE "\n-----END RSA PRIVATE KEY-----" +- +-#define CIPHER_BLOCK_SIZE 16 +- +-#define SSS_OPENSSL_USE_EVP_FOR_CIPHER_ONE_GO 1 +- +-#ifndef RSA_PSS_SALTLEN_DIGEST +-#define RSA_PSS_SALTLEN_DIGEST -1 +-#endif +- +-/* ************************************************************************** */ +-/* Functions : Private sss openssl delceration */ +-/* ************************************************************************** */ +-static sss_status_t sss_openssl_generate_ecp_key(sss_openssl_object_t *keyObject, size_t keyBitLen); +- +-static sss_status_t sss_openssl_generate_rsa_key(sss_openssl_object_t *keyObject, size_t keyBitLen); +- +-static sss_status_t sss_openssl_set_key( +- sss_openssl_object_t *keyObject, const uint8_t *keyBuf, size_t keyBufLen, size_t keyBitLen); +- +-static sss_status_t sss_openssl_hkdf_extract(const EVP_MD *md, +- const uint8_t *salt, +- size_t salt_len, +- const uint8_t *ikm, +- size_t ikm_len, +- uint8_t *prk, +- unsigned int *prk_len); +- +-static sss_status_t sss_openssl_hkdf_expand(const EVP_MD *md, +- const uint8_t *prk, +- size_t prk_len, +- const uint8_t *info, +- size_t info_len, +- uint8_t *okm, +- size_t okm_len); +- +-static sss_status_t sss_openssl_aead_init_ctx(sss_openssl_aead_t *context); +-static sss_status_t sss_openssl_aead_one_go_encrypt(sss_openssl_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen); +- +-static sss_status_t sss_openssl_aead_one_go_decrypt(sss_openssl_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen); +- +-static int aead_update(sss_openssl_aead_t *context, +- sss_mode_t mode, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen); +-static sss_status_t sss_openssl_aead_ccm_init( +- sss_openssl_aead_t *context, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen); +-static sss_status_t sss_openssl_aead_ccm_final( +- sss_openssl_aead_t *context, uint8_t *destData, size_t *destLen, uint8_t *tag, size_t *tagLen); +- +-static sss_status_t sss_openssl_aead_ccm_Decryptfinal(sss_openssl_aead_t *context, uint8_t *destData, size_t *destLen); +- +-static sss_status_t sss_openssl_aead_ccm_Encryptfinal(sss_openssl_aead_t *context, uint8_t *destData, size_t *destLen); +- +-static sss_status_t sss_openssl_aead_ccm_update(sss_openssl_aead_t *context, const uint8_t *srcData, size_t srcLen); +-/* ************************************************************************** */ +-/* Functions : sss_openssl_session */ +-/* ************************************************************************** */ +- +-sss_status_t sss_openssl_session_create(sss_openssl_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- /* Nothing special to be handled */ +- return retval; +-} +- +-sss_status_t sss_openssl_session_open(sss_openssl_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData) +-{ +- sss_status_t retval = kStatus_SSS_InvalidArgument; +- memset(session, 0, sizeof(*session)); +- +-#if SSS_HAVE_OPENSSL +- memset(session, 0, sizeof(*session)); +- +- OpenSSL_add_all_algorithms(); +- +- if (connectionData == NULL) { +- retval = kStatus_SSS_Success; +- session->subsystem = subsystem; +- } +- else { +- const char *szRootPath = (const char *)connectionData; +- session->szRootPath = szRootPath; +- retval = kStatus_SSS_Success; +- session->subsystem = subsystem; +- } +-#else +- if (connectionData == NULL) { +- retval = kStatus_SSS_Success; +- session->subsystem = subsystem; +- } +- else { +- /* Can't support connectionData != NULL for openssl without +- * openssl_FS_IO */ +- retval = kStatus_SSS_InvalidArgument; +- } +-#endif +- +- return retval; +-} +- +-sss_status_t sss_openssl_session_prop_get_u32(sss_openssl_session_t *session, uint32_t property, uint32_t *pValue) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- /* TBU */ +- return retval; +-} +- +-sss_status_t sss_openssl_session_prop_get_au8( +- sss_openssl_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- /* TBU */ +- return retval; +-} +- +-void sss_openssl_session_close(sss_openssl_session_t *session) +-{ +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- ERR_remove_thread_state(NULL); +-#endif +-#ifdef __linux__ +- EVP_cleanup(); +-#endif +- memset(session, 0, sizeof(*session)); +-} +- +-void sss_openssl_session_delete(sss_openssl_session_t *session) +-{ +- ; +-} +- +-/* End: openssl_session */ +- +-/* ************************************************************************** */ +-/* Functions : sss_openssl_keyobj */ +-/* ************************************************************************** */ +- +-sss_status_t sss_openssl_key_object_init(sss_openssl_object_t *keyObject, sss_openssl_key_store_t *keyStore) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyStore); +- memset(keyObject, 0, sizeof(*keyObject)); +- keyObject->keyStore = keyStore; +- retval = kStatus_SSS_Success; +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_key_object_allocate(sss_openssl_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t keyMode) +-{ +- size_t size = 0; +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyObject); +- keyObject->keyId = keyId; +- keyObject->objectType = keyPart; +- keyObject->cipherType = cipherType; +- keyObject->contents_max_size = keyByteLenMax; +- keyObject->contents_must_free = 1; +- keyObject->keyMode = keyMode; +- /* Bitwise OR of all sss_access_permission. */ +- keyObject->accessRights = kAccessPermission_SSS_All_Permission; +- switch (keyPart) { +- case kSSS_KeyPart_Default: +- size = keyByteLenMax; +- if (size != 0) { +- keyObject->contents = SSS_MALLOC(size); +- ENSURE_OR_GO_CLEANUP(keyObject->contents); +- memset(keyObject->contents, 0, size); +- retval = kStatus_SSS_Success; +- } +- break; +- case kSSS_KeyPart_Public: +- case kSSS_KeyPart_Pair: +- case kSSS_KeyPart_Private: +- /* Initialize the Generic key strucute if not done. */ +- keyObject->contents = EVP_PKEY_new(); +- retval = kStatus_SSS_Success; +- break; +- default: +- break; +- } +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_key_object_allocate_handle(sss_openssl_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t options) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyObject); +- +- if (options != kKeyObject_Mode_Persistent && options != kKeyObject_Mode_Transient) { +- LOG_E("sss_openssl_key_object_allocate_handle option invalid 0x%X", options); +- goto cleanup; +- } +- ENSURE_OR_GO_CLEANUP((size_t)keyPart < UINT8_MAX); +- if (options == kKeyObject_Mode_Persistent) { +-#ifdef SSS_HAVE_OPENSSL +- uint32_t i; +- sss_openssl_object_t **ks; +- ENSURE_OR_GO_CLEANUP(keyObject->keyStore); +- ENSURE_OR_GO_CLEANUP(keyObject->keyStore->max_object_count > 0); +- +- retval = ks_common_update_fat( +- keyObject->keyStore->keystore_shadow, keyId, keyPart, cipherType, 0, 0, (uint16_t)keyByteLenMax); +- ENSURE_OR_GO_CLEANUP(retval == kStatus_SSS_Success); +- +- ks = keyObject->keyStore->objects; +- for (i = 0; i < keyObject->keyStore->max_object_count; i++) { +- if (ks[i] == NULL) { +- ks[i] = keyObject; +- retval = sss_openssl_key_object_allocate(keyObject, keyId, keyPart, cipherType, keyByteLenMax, options); +- break; +- } +- } +-#endif +- } +- else { +- retval = sss_openssl_key_object_allocate(keyObject, keyId, keyPart, cipherType, keyByteLenMax, options); +- } +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_key_object_get_handle(sss_openssl_object_t *keyObject, uint32_t keyId) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#ifdef SSS_HAVE_OPENSSL +- uint32_t i; +- +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyObject->keyStore); +- retval = kStatus_SSS_Success; +- /* If key store already has loaded this and shared this - fail */ +- for (i = 0; i < keyObject->keyStore->max_object_count; i++) { +- if (keyObject->keyStore->objects[i] != NULL && keyObject->keyStore->objects[i]->keyId == keyId) { +- /* Key Object already loaded and shared in another instance */ +- LOG_W("KeyID 0x%X already loaded / shared", keyId); +- retval = kStatus_SSS_Fail; +- break; +- } +- } +- if (retval == kStatus_SSS_Success) { +- for (i = 0; i < keyObject->keyStore->max_object_count; i++) { +- if (keyObject->keyStore->objects[i] == NULL) { +- retval = ks_openssl_load_key(keyObject, keyObject->keyStore->keystore_shadow, keyId); +- if (retval == kStatus_SSS_Success) { +- keyObject->keyStore->objects[i] = keyObject; +- } +- break; +- } +- } +- } +-#endif +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_key_object_set_user(sss_openssl_object_t *keyObject, uint32_t user, uint32_t options) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- if (!(keyObject->accessRights & kAccessPermission_SSS_ChangeAttributes)) { +- LOG_E(" Don't have access rights to change the attributes"); +- return kStatus_SSS_Fail; +- } +- keyObject->user_id = user; +- return retval; +-} +- +-sss_status_t sss_openssl_key_object_set_purpose(sss_openssl_object_t *keyObject, sss_mode_t purpose, uint32_t options) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- if (!(keyObject->accessRights & kAccessPermission_SSS_ChangeAttributes)) { +- LOG_E(" Don't have access rights to change the attributes"); +- return kStatus_SSS_Fail; +- } +- keyObject->purpose = purpose; +- return retval; +-} +- +-sss_status_t sss_openssl_key_object_set_access(sss_openssl_object_t *keyObject, uint32_t access, uint32_t options) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- if (!(keyObject->accessRights & kAccessPermission_SSS_ChangeAttributes)) { +- LOG_E(" Don't have access rights to use the key"); +- +- return kStatus_SSS_Fail; +- } +- keyObject->accessRights = access; +- return retval; +-} +- +-sss_status_t sss_openssl_key_object_set_eccgfp_group(sss_openssl_object_t *keyObject, sss_eccgfp_group_t *group) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- /* TBU */ +- return retval; +-} +- +-sss_status_t sss_openssl_key_object_get_user(sss_openssl_object_t *keyObject, uint32_t *user) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- *user = keyObject->user_id; +- return retval; +-} +- +-sss_status_t sss_openssl_key_object_get_purpose(sss_openssl_object_t *keyObject, sss_mode_t *purpose) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- *purpose = keyObject->purpose; +- return retval; +-} +- +-sss_status_t sss_openssl_key_object_get_access(sss_openssl_object_t *keyObject, uint32_t *access) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- *access = keyObject->accessRights; +- return retval; +-} +- +-void sss_openssl_key_object_free(sss_openssl_object_t *keyObject) +-{ +- EVP_PKEY *pKey = NULL; +- RSA *pRSA = NULL; +- unsigned int i = 0; +- +- ENSURE_OR_GO_EXIT(keyObject) +- if (keyObject->keyStore != NULL && keyObject->objectType != 0) { +- for (i = 0; i < keyObject->keyStore->max_object_count; i++) { +- if (keyObject->keyStore->objects[i] == keyObject) { +- keyObject->keyStore->objects[i] = NULL; +- break; +- } +- } +- } +- +- if (keyObject->contents != NULL && keyObject->contents_must_free) { +- switch (keyObject->cipherType) { +- case kSSS_CipherType_RSA: +- pKey = (EVP_PKEY *)keyObject->contents; +- pRSA = (RSA *)EVP_PKEY_get0(pKey); +- if (pRSA) { +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- if (pRSA->references) +- pRSA->references = 0; +-#else +- /* not in 1.1 and above */ +-#endif +- } +- EVP_PKEY_free(pKey); +- break; +- case kSSS_CipherType_EC_NIST_P: +- case kSSS_CipherType_EC_NIST_K: +- case kSSS_CipherType_EC_BRAINPOOL: +- case kSSS_CipherType_EC_MONTGOMERY: +- case kSSS_CipherType_EC_TWISTED_ED: +- pKey = (EVP_PKEY *)keyObject->contents; +- EVP_PKEY_free(pKey); +- break; +- default: +- SSS_FREE(keyObject->contents); +- } +- } +- memset(keyObject, 0, sizeof(*keyObject)); +-exit: +- return; +-} +- +-/* End: openssl_keyobj */ +- +-/* ************************************************************************** */ +-/* Functions : sss_openssl_keyderive */ +-/* ************************************************************************** */ +- +-sss_status_t sss_openssl_derive_key_context_init(sss_openssl_derive_key_t *context, +- sss_openssl_session_t *session, +- sss_openssl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(context); +- ENSURE_OR_GO_CLEANUP(session); +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyObject->contents); +- +- context->session = session; +- context->keyObject = keyObject; +- context->algorithm = algorithm; +- context->mode = mode; +- retval = kStatus_SSS_Success; +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_derive_key_one_go(sss_openssl_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_openssl_object_t *derivedKeyObject, +- uint16_t deriveDataLen) +-{ +- size_t adjustedSaltLen = saltLen; +- +- if (context->mode == kMode_SSS_HKDF_ExpandOnly) { +- adjustedSaltLen = 0; +- } +- +- return sss_openssl_derive_key_go( +- context, saltData, adjustedSaltLen, info, infoLen, derivedKeyObject, deriveDataLen, NULL, NULL); +-} +- +-sss_status_t sss_openssl_derive_key_sobj_one_go(sss_openssl_derive_key_t *context, +- sss_openssl_object_t *saltKeyObject, +- const uint8_t *info, +- size_t infoLen, +- sss_openssl_object_t *derivedKeyObject, +- uint16_t deriveDataLen) +-{ +- uint8_t saltData[1024] = {0}; +- size_t saltLen = sizeof(saltData); +- size_t dummySize; +- sss_status_t status; +- +- if (context == NULL) { +- return kStatus_SSS_Fail; +- } +- +- if (context->mode != kMode_SSS_HKDF_ExpandOnly) { +- status = sss_openssl_key_store_get_key(saltKeyObject->keyStore, saltKeyObject, saltData, &saltLen, &dummySize); +- if (status != kStatus_SSS_Success) { +- return kStatus_SSS_Fail; +- } +- } +- else { +- saltLen = 0; +- } +- +- // Not yet fully implemented +- // TODO: +- // - deal with saltKeyObject +- return sss_openssl_derive_key_go( +- context, saltData, saltLen, info, infoLen, derivedKeyObject, deriveDataLen, NULL, NULL); +-} +- +-// In HKDF Expand only mode PRK is unbounded, we set a maximum of 256 byte +-// RFC5869 Section 2.3 +-#define HKDF_PRK_MAX 256 +-sss_status_t sss_openssl_derive_key_go(sss_openssl_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_openssl_object_t *derivedKeyObject, +- uint16_t deriveDataLen, +- uint8_t *hkdfOutput, +- size_t *hkdfOutputLen) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- const EVP_MD *md = NULL; +- uint8_t *secret = NULL; +- size_t secretLen = 0; +- secret = context->keyObject->contents; +- secretLen = context->keyObject->contents_size; +- uint8_t prk[HKDF_PRK_MAX]; +- unsigned int prk_len = 0; +- +- /* Initialize the MD */ +- switch (context->algorithm) { +- case kAlgorithm_SSS_SHA1: +- case kAlgorithm_SSS_HMAC_SHA1: +- md = EVP_sha1(); +- break; +- case kAlgorithm_SSS_SHA256: +- case kAlgorithm_SSS_HMAC_SHA256: +- md = EVP_sha256(); +- break; +- case kAlgorithm_SSS_SHA384: +- case kAlgorithm_SSS_HMAC_SHA384: +- md = EVP_sha384(); +- break; +- case kAlgorithm_SSS_SHA512: +- case kAlgorithm_SSS_HMAC_SHA512: +- md = EVP_sha512(); +- break; +- default: +- return kStatus_SSS_Fail; +- } +- +- if (saltLen == 0) { +- /* Copy key as is */ +- if (HKDF_PRK_MAX >= secretLen) { +- memcpy(prk, secret, secretLen); +- prk_len = secretLen; +- } +- else { +- LOG_E("HKDF Expand only (OpenSSL implementation): buffer too small"); +- return kStatus_SSS_Fail; +- } +- } +- else { +- retval = sss_openssl_hkdf_extract(md, saltData, saltLen, secret, secretLen, prk, &prk_len); +- if (retval != kStatus_SSS_Success) { +- return kStatus_SSS_Fail; +- } +- } +- +- retval = sss_openssl_hkdf_expand(md, prk, prk_len, info, infoLen, derivedKeyObject->contents, deriveDataLen); +- derivedKeyObject->contents_size = deriveDataLen; +- +- return retval; +-} +- +-sss_status_t sss_openssl_derive_key_dh(sss_openssl_derive_key_t *context, +- sss_openssl_object_t *otherPartyKeyObject, +- sss_openssl_object_t *derivedKeyObject) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- EVP_PKEY *pKeyPrv = NULL; +- EC_KEY *pEcpPrv = NULL; +- +- EVP_PKEY *pKeyExt = NULL; +- EC_KEY *pEcpExt = NULL; +- +- size_t sharedSecretLen; +- int sharedSecretLen_Derived; +- EC_GROUP *pEC_Group = NULL; +- uint8_t *secret = NULL; +- +- if (otherPartyKeyObject == NULL || derivedKeyObject == NULL) { +- return kStatus_SSS_Fail; +- } +- +- pKeyPrv = (EVP_PKEY *)context->keyObject->contents; +- pKeyExt = (EVP_PKEY *)otherPartyKeyObject->contents; +- +- if (context->keyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- EVP_PKEY_CTX *ctx; +- ctx = EVP_PKEY_CTX_new(pKeyPrv, NULL); +- if (!ctx) { +- return kStatus_SSS_Fail; +- } +- +- if (EVP_PKEY_derive_init(ctx) <= 0) { +- return kStatus_SSS_Fail; +- } +- +- if (EVP_PKEY_derive_set_peer(ctx, pKeyExt) <= 0) { +- return kStatus_SSS_Fail; +- } +- +- /* Determine buffer length */ +- if (EVP_PKEY_derive(ctx, NULL, &sharedSecretLen) <= 0) { +- return kStatus_SSS_Fail; +- } +- +- secret = (uint8_t *)SSS_MALLOC(sharedSecretLen); +- sharedSecretLen_Derived = sharedSecretLen; +- +- if (EVP_PKEY_derive(ctx, secret, &sharedSecretLen) <= 0) { +- return kStatus_SSS_Fail; +- } +- EVP_PKEY_CTX_free(ctx); +- } +- else { +- pEcpPrv = EVP_PKEY_get1_EC_KEY(pKeyPrv); +- pEcpExt = EVP_PKEY_get1_EC_KEY(pKeyExt); +- sharedSecretLen = (EC_GROUP_get_degree(EC_KEY_get0_group(pEcpExt)) + 7) / 8; +- secret = (uint8_t *)SSS_MALLOC(sharedSecretLen); +- +- sharedSecretLen_Derived = +- ECDH_compute_key(secret, sharedSecretLen, EC_KEY_get0_public_key(pEcpExt), pEcpPrv, NULL); +- } +- +- memcpy(derivedKeyObject->contents, secret, sharedSecretLen_Derived); +- derivedKeyObject->contents_size = sharedSecretLen_Derived; +- +- EC_GROUP_free(pEC_Group); +- EC_KEY_free(pEcpPrv); +- EC_KEY_free(pEcpExt); +- SSS_FREE(secret); +- return retval; +-} +- +-void sss_openssl_derive_key_context_free(sss_openssl_derive_key_t *context) +-{ +- if (context->keyObject) +- sss_openssl_key_object_free(context->keyObject); +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: openssl_keyderive */ +- +-/* ************************************************************************** */ +-/* Functions : sss_openssl_keystore */ +-/* ************************************************************************** */ +- +-sss_status_t sss_openssl_key_store_context_init(sss_openssl_key_store_t *keyStore, sss_openssl_session_t *session) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyStore); +- ENSURE_OR_GO_CLEANUP(session); +- memset(keyStore, 0, sizeof(*keyStore)); +- keyStore->session = session; +- retval = kStatus_SSS_Success; +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_key_store_allocate(sss_openssl_key_store_t *keyStore, uint32_t keyStoreId) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyStore); +- retval = kStatus_SSS_Success; +-#ifdef SSS_HAVE_OPENSSL +- if (keyStore->objects == NULL) { +- keyStore->max_object_count = MAX_KEY_OBJ_COUNT; +- keyStore->objects = (sss_openssl_object_t **)SSS_MALLOC(MAX_KEY_OBJ_COUNT * sizeof(sss_openssl_object_t *)); +- memset(keyStore->objects, 0, (MAX_KEY_OBJ_COUNT * sizeof(sss_openssl_object_t *))); +- if (NULL == keyStore->objects) { +- LOG_E("Could not allocate key store"); +- retval = kStatus_SSS_Fail; +- } +- else { +- ks_sw_fat_allocate(&keyStore->keystore_shadow); +- ks_sw_fat_load(keyStore->session->szRootPath, keyStore->keystore_shadow); +- retval = kStatus_SSS_Success; +- } +- } +- else { +- LOG_E("KeyStore already allocated"); +- retval = kStatus_SSS_Fail; +- } +-#endif +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_key_store_save(sss_openssl_key_store_t *keyStore) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyStore); +- ENSURE_OR_GO_CLEANUP(keyStore->session); +-#ifdef SSS_HAVE_OPENSSL +- ENSURE_OR_GO_CLEANUP(keyStore->session->szRootPath); +- if (NULL != keyStore->objects) { +- uint32_t i; +- for (i = 0; i < keyStore->max_object_count; i++) { +- if (NULL != keyStore->objects[i]) { +- retval = ks_openssl_store_key(keyStore->objects[i]); +- /*Check added as part of security boundry checks*/ +- ENSURE_OR_GO_CLEANUP(retval == kStatus_SSS_Success); +- } +- } +- } +- retval = ks_openssl_fat_update(keyStore); +-#endif +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_key_store_load(sss_openssl_key_store_t *keyStore) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_CLEANUP(keyStore); +- ENSURE_OR_GO_CLEANUP(keyStore->session); +-#ifdef SSS_HAVE_OPENSSL +- if (keyStore->objects == NULL) { +- retval = sss_openssl_key_store_allocate(keyStore, 0); +- /*Check added as part of security boundry checks*/ +- ENSURE_OR_GO_CLEANUP(retval == kStatus_SSS_Success); +- } +- if (keyStore->session->szRootPath) { +- if (NULL == keyStore->keystore_shadow) { +- ks_sw_fat_allocate(&keyStore->keystore_shadow); +- } +- retval = ks_sw_fat_load(keyStore->session->szRootPath, keyStore->keystore_shadow); +- keyStore->max_object_count = keyStore->keystore_shadow->maxEntries; +- } +-#endif +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_key_store_set_key(sss_openssl_key_store_t *keyStore, +- sss_openssl_object_t *keyObject, +- const uint8_t *data, +- size_t dataLen, +- size_t keyBitLen, +- void *options, +- size_t optionsLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- uint8_t opensslData[256] = { +- 0, +- }; +- size_t opensslDataLen = sizeof(opensslData); +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyObject->contents); +- if (!(keyObject->accessRights & kAccessPermission_SSS_Write)) { +- return retval; +- } +- +- if ((keyObject->objectType == kSSS_KeyPart_Pair) && (keyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY)) { +- LOG_W("OpenSSL keystore cannot handle EC_MONT keypair with public key: Removing public key"); +- ENSURE_OR_GO_CLEANUP(dataLen <= opensslDataLen); +- memcpy(opensslData, data, dataLen); +- if ((data[1] == 0x51) && (data[4] == 1)) { +- opensslData[1] -= 0x23; +- opensslData[4] = 0; +- opensslDataLen = dataLen - 0x23; +- } +- else if ((data[1] == 0x81) && (data[4] == 1)) { +- opensslData[1] -= 0x3b; +- opensslData[4] = 0; +- opensslDataLen = dataLen - 0x3b; +- } +- else { +- LOG_E("OpenSSL keystore cannot handle EC_MONT keypair with public key: Cannot remove public key"); +- opensslDataLen = dataLen; +- } +- retval = sss_openssl_set_key(keyObject, opensslData, opensslDataLen, keyBitLen); +- } +- else { +- retval = sss_openssl_set_key(keyObject, data, dataLen, keyBitLen); +- } +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_key_store_generate_key( +- sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject, size_t keyBitLen, void *options) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- +- sss_cipher_type_t cipher_type = keyObject->cipherType; +- ENSURE_OR_GO_EXIT(keyStore); +- ENSURE_OR_GO_EXIT(keyObject); +- +- switch (cipher_type) { +- case kSSS_CipherType_EC_NIST_P: +- case kSSS_CipherType_EC_NIST_K: +- case kSSS_CipherType_EC_BRAINPOOL: +- case kSSS_CipherType_EC_MONTGOMERY: +- case kSSS_CipherType_EC_TWISTED_ED: +- retval = sss_openssl_generate_ecp_key(keyObject, keyBitLen); +- break; +- case kSSS_CipherType_RSA: +- retval = sss_openssl_generate_rsa_key(keyObject, keyBitLen); +- break; +- default: +- break; +- } +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_key_store_get_key(sss_openssl_key_store_t *keyStore, +- sss_openssl_object_t *keyObject, +- uint8_t *data, +- size_t *dataLen, +- size_t *pKeyBitLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- EVP_PKEY *pk = NULL; +- int len = 0; +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyObject->contents); +- if (!(keyObject->accessRights & kAccessPermission_SSS_Read)) { +- return kStatus_SSS_Fail; +- } +- +- switch (keyObject->objectType) { +- case kSSS_KeyPart_Default: +- memcpy(data, keyObject->contents, keyObject->contents_size); +- *dataLen = keyObject->contents_size; +- break; +- case kSSS_KeyPart_Public: +- case kSSS_KeyPart_Pair: { +- pk = (EVP_PKEY *)keyObject->contents; +- len = i2d_PUBKEY(pk, &data); +- if (len < 0 || (int)(*dataLen) < len) { +- goto cleanup; +- } +- +- *dataLen = len; +- *pKeyBitLen = len * 8; +- break; +- } +- default: +- break; +- } +- +- retval = kStatus_SSS_Success; +-cleanup: +- return retval; +-} +-#if 0 +-/* To be reviewed: Purnank */ +-sss_status_t sss_openssl_key_store_get_key_fromoffset(sss_openssl_key_store_t *keyStore, +- sss_openssl_object_t *keyObject, +- uint8_t *data, +- size_t *dataLen, +- size_t *pKeyBitLen, +- uint16_t offset) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- return retval; +-} +-#endif +-sss_status_t sss_openssl_key_store_open_key(sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- return retval; +-} +- +-sss_status_t sss_openssl_key_store_freeze_key(sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- return retval; +-} +- +-sss_status_t sss_openssl_key_store_erase_key(sss_openssl_key_store_t *keyStore, sss_openssl_object_t *keyObject) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- ENSURE_OR_GO_EXIT(keyStore); +- ENSURE_OR_GO_EXIT(keyObject); +- ENSURE_OR_GO_EXIT(keyObject->keyStore); +- +- if (!(keyObject->accessRights & kAccessPermission_SSS_Delete)) { +- LOG_E("Don't have access right to delete the key"); +- return retval; +- } +- +- if (keyObject->keyMode == kKeyObject_Mode_Persistent) { +-#ifdef SSS_HAVE_OPENSSL +- unsigned int i = 0; +- /* first check if key exists delete key from shadow KS*/ +- retval = ks_common_remove_fat(keyObject->keyStore->keystore_shadow, keyObject->keyId); +- ENSURE_OR_GO_CLEANUP(retval == kStatus_SSS_Success); +- +- /* Update shadow keystore in file system*/ +- retval = ks_openssl_fat_update(keyObject->keyStore); +- ENSURE_OR_GO_CLEANUP(retval == kStatus_SSS_Success); +- +- /*Clear key object from file*/ +- retval = ks_openssl_remove_key(keyObject); +- /*Check added as part of security boundary checks*/ +- ENSURE_OR_GO_CLEANUP(retval == kStatus_SSS_Success); +- +- for (i = 0; i < keyObject->keyStore->max_object_count; i++) { +- if (keyObject->keyStore->objects[i] == keyObject) { +- keyObject->keyStore->objects[i] = NULL; +- break; +- } +- } +-#endif +- } +- else { +- retval = kStatus_SSS_Success; +- } +-#ifdef SSS_HAVE_OPENSSL +-cleanup: +-#endif +-exit: +- return retval; +-} +- +-void sss_openssl_key_store_context_free(sss_openssl_key_store_t *keyStore) +-{ +- if (NULL != keyStore->objects) { +- uint32_t i; +- for (i = 0; i < keyStore->max_object_count; i++) { +- if (keyStore->objects[i] != NULL) { +- sss_openssl_key_object_free(keyStore->objects[i]); +- keyStore->objects[i] = NULL; +- } +- } +- SSS_FREE(keyStore->objects); +- } +- +- ks_sw_fat_free(keyStore->keystore_shadow); +- memset(keyStore, 0, sizeof(*keyStore)); +-} +- +-int openssl_get_padding(sss_algorithm_t algorithm) +-{ +- int padding = 0; +- switch (algorithm) { +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1: +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224: +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256: +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384: +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512: +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_NO_HASH: +- case kAlgorithm_SSS_RSAES_PKCS1_V1_5: +- padding = RSA_PKCS1_PADDING; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512: +- padding = RSA_PKCS1_PSS_PADDING; +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1: +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224: +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256: +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384: +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512: +- padding = RSA_PKCS1_OAEP_PADDING; +- break; +- default: +- padding = RSA_PKCS1_PADDING; +- } +- return padding; +-} +- +-/* End: openssl_keystore */ +- +-/* ************************************************************************** */ +-/* Functions : sss_openssl_asym */ +-/* ************************************************************************** */ +- +-sss_status_t sss_openssl_asymmetric_context_init(sss_openssl_asymmetric_t *context, +- sss_openssl_session_t *session, +- sss_openssl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- +- ENSURE_OR_GO_CLEANUP(context); +- ENSURE_OR_GO_CLEANUP(keyObject); +- ENSURE_OR_GO_CLEANUP(keyObject->keyStore->session->subsystem == kType_SSS_OpenSSL); +- +- context->session = session; +- context->keyObject = keyObject; +- context->algorithm = algorithm; +- context->mode = mode; +- retval = kStatus_SSS_Success; +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_asymmetric_encrypt( +- sss_openssl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- int ret; +- sss_openssl_object_t *keyObj = context->keyObject; +- EVP_PKEY *pKey = NULL; +- RSA *pRSA = NULL; +- char *pErr = NULL; +- int padding = 0; +- +- if (!(context->keyObject->accessRights & kAccessPermission_SSS_Use)) { +- return kStatus_SSS_Fail; +- } +- +- /* Get the RSA Key. */ +- pKey = (EVP_PKEY *)keyObj->contents; +- pRSA = EVP_PKEY_get1_RSA(pKey); +- +- padding = openssl_get_padding(context->algorithm); +- +- /* Encrypt the mesasage. */ +- ret = RSA_public_encrypt((int)srcLen, srcData, destData, pRSA, padding); +- if (ret == -1) { +- retval = kStatus_SSS_Fail; +- ERR_load_crypto_strings(); +- pErr = SSS_MALLOC(150); +- ERR_error_string(ERR_get_error(), pErr); +- LOG_E("sss_openssl_asymmetric_encrypt"); +- goto exit; +- } +- else { +- *destLen = ret; +- } +- +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_asymmetric_decrypt( +- sss_openssl_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- int ret; +- sss_openssl_object_t *keyObj = context->keyObject; +- EVP_PKEY *pKey = NULL; +- RSA *pRSA = NULL; +- char *pErr = NULL; +- int padding = 0; +- +- if (!(context->keyObject->accessRights & kAccessPermission_SSS_Use)) { +- return kStatus_SSS_Fail; +- } +- +- /* Get the RSA Key. */ +- pKey = (EVP_PKEY *)keyObj->contents; +- pRSA = EVP_PKEY_get1_RSA(pKey); +- +- padding = openssl_get_padding(context->algorithm); +- +- /* Decrypt the mesasage. */ +- ret = RSA_private_decrypt((int)srcLen, srcData, destData, pRSA, padding); +- if (ret == -1) { +- retval = kStatus_SSS_Fail; +- ERR_load_crypto_strings(); +- pErr = SSS_MALLOC(150); +- ERR_error_string(ERR_get_error(), pErr); +- LOG_E("sss_openssl_asymmetric_encrypt"); +- goto exit; +- } +- else { +- *destLen = ret; +- } +- +-exit: +- return retval; +-} +- +-void *openssl_get_hash_ptr_set_padding(sss_algorithm_t algorithm, uint32_t cipherType, EVP_PKEY_CTX *pKey_Ctx) +-{ +- void *hashfPtr = NULL; +- switch (algorithm) { +- case kAlgorithm_SSS_SHA1: +- case kAlgorithm_SSS_ECDSA_SHA1: +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1: +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1: { +- hashfPtr = (void *)EVP_sha1(); +- } break; +- case kAlgorithm_SSS_SHA224: +- case kAlgorithm_SSS_ECDSA_SHA224: +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224: +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224: { +- hashfPtr = (void *)EVP_sha224(); +- } break; +- case kAlgorithm_SSS_SHA256: +- case kAlgorithm_SSS_ECDSA_SHA256: +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256: +- case kAlgorithm_SSS_RSAES_PKCS1_V1_5: +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256: +- case kAlgorithm_SSS_ECDAA: { +- hashfPtr = (void *)EVP_sha256(); +- } break; +- case kAlgorithm_SSS_SHA384: +- case kAlgorithm_SSS_ECDSA_SHA384: +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384: +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384: { +- hashfPtr = (void *)EVP_sha384(); +- } break; +- case kAlgorithm_SSS_SHA512: +- case kAlgorithm_SSS_ECDSA_SHA512: +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512: +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512: { +- hashfPtr = (void *)EVP_sha512(); +- } break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_NO_HASH: +- default: +- hashfPtr = NULL; +- } +- +- if (cipherType == kSSS_CipherType_RSA || cipherType == kSSS_CipherType_RSA_CRT) { +- EVP_PKEY_CTX_set_rsa_padding(pKey_Ctx, openssl_get_padding(algorithm)); +- } +- else { +- //No padding for ECC Sign +- //EVP_CIPHER_CTX_set_padding(pKey_Ctx, 0); +- } +- +- return hashfPtr; +-} +- +-sss_status_t sss_openssl_asymmetric_sign_digest( +- sss_openssl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- EVP_PKEY *pKey = NULL; +- EVP_PKEY_CTX *pKey_Ctx = NULL; +- void *hashfPtr = NULL; +- int ret = 0; +- +- if (!(context->keyObject->accessRights & kAccessPermission_SSS_Use)) { +- return kStatus_SSS_Fail; +- } +- +- pKey = (EVP_PKEY *)context->keyObject->contents; +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +-#else +- if (context->keyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- EVP_MD_CTX *pKey_md_Ctx = NULL; +- pKey_md_Ctx = (EVP_MD_CTX *)EVP_MD_CTX_create(); +- if (1 != EVP_DigestSignInit(pKey_md_Ctx, NULL, NULL, NULL, pKey)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- if (1 != EVP_DigestSign(pKey_md_Ctx, signature, signatureLen, digest, digestLen)) { +- retval = kStatus_SSS_Fail; +- } +- goto exit; +- } +-#endif +- /* Get the context from EVP_PKEY */ +- pKey_Ctx = EVP_PKEY_CTX_new(pKey, NULL); +- +- /* Init the Signing context. */ +- if (1 != EVP_PKEY_sign_init(pKey_Ctx)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- /* Set the Signing MD. */ +- hashfPtr = openssl_get_hash_ptr_set_padding(context->algorithm, context->keyObject->cipherType, pKey_Ctx); +- +- /* +- * For RSA, null hash pointer is valid, as sign with no hash is available. +- * Sign with no hash is invalid for ecc keys. +- */ +- if (context->keyObject->cipherType == kSSS_CipherType_EC_NIST_P || +- context->keyObject->cipherType == kSSS_CipherType_EC_NIST_K || +- context->keyObject->cipherType == kSSS_CipherType_EC_BRAINPOOL || +- context->keyObject->cipherType == kSSS_CipherType_EC_TWISTED_ED || +- context->keyObject->cipherType == kSSS_CipherType_EC_BARRETO_NAEHRIG) { +- ENSURE_OR_GO_EXIT(NULL != hashfPtr); +- } +- +- /* Explicitly set the salt length to match the digest size (-1) +- * #define RSA_PSS_SALTLEN_DIGEST -1, this is defined only in openssl 1.1 +- * Define it explicitly in this file. +- */ +- EVP_PKEY_CTX_set_rsa_pss_saltlen(pKey_Ctx, RSA_PSS_SALTLEN_DIGEST); +- +- if (1 != EVP_PKEY_CTX_set_signature_md(pKey_Ctx, hashfPtr)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- /* Set the Signature length to 0. */ +- *signatureLen = 0; +- +- /* Determine buffer length */ +- ret = EVP_PKEY_sign(pKey_Ctx, NULL, signatureLen, digest, digestLen); +- if (ret <= 0) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- /* Perfom Signing of the message. */ +- ret = EVP_PKEY_sign(pKey_Ctx, signature, signatureLen, digest, digestLen); +- if (ret <= 0) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +-exit: +- EVP_PKEY_CTX_free(pKey_Ctx); +- pKey_Ctx = NULL; +- return retval; +-} +- +-sss_status_t sss_openssl_asymmetric_verify_digest( +- sss_openssl_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- EVP_PKEY *pKey = NULL; +- EVP_PKEY_CTX *pKey_Ctx = NULL; +- void *hashfPtr = NULL; +- int ret = 0; +- +- if (!(context->keyObject->accessRights & kAccessPermission_SSS_Use)) { +- return kStatus_SSS_Fail; +- } +- +- pKey = (EVP_PKEY *)context->keyObject->contents; +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +-#else +- if (context->keyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- EVP_MD_CTX *pKey_md_Ctx = NULL; +- pKey_md_Ctx = (EVP_MD_CTX *)EVP_MD_CTX_create(); +- if (1 != EVP_DigestVerifyInit(pKey_md_Ctx, NULL, NULL, NULL, pKey)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- if (1 != EVP_DigestVerify(pKey_md_Ctx, signature, signatureLen, digest, digestLen)) { +- retval = kStatus_SSS_Fail; +- } +- goto exit; +- } +-#endif +- +- /* Get the context from EVP_PKEY */ +- pKey_Ctx = EVP_PKEY_CTX_new(pKey, NULL); +- +- /* Init the Verfying context. */ +- if (1 != EVP_PKEY_verify_init(pKey_Ctx)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- /* Set the Signing MD. */ +- hashfPtr = openssl_get_hash_ptr_set_padding(context->algorithm, context->keyObject->cipherType, pKey_Ctx); +- +- /* +- * For RSA, null hash pointer is valid, as sign with no hash is available. +- * Sign with no hash is invalid for ecc keys. +- */ +- if (context->keyObject->cipherType == kSSS_CipherType_EC_NIST_P || +- context->keyObject->cipherType == kSSS_CipherType_EC_NIST_K || +- context->keyObject->cipherType == kSSS_CipherType_EC_BRAINPOOL || +- context->keyObject->cipherType == kSSS_CipherType_EC_TWISTED_ED || +- context->keyObject->cipherType == kSSS_CipherType_EC_BARRETO_NAEHRIG) { +- ENSURE_OR_GO_EXIT(NULL != hashfPtr); +- } +- +- if (1 != EVP_PKEY_CTX_set_signature_md(pKey_Ctx, hashfPtr)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- /* Perfom Verification of the message. */ +- ret = EVP_PKEY_verify(pKey_Ctx, signature, signatureLen, digest, digestLen); +- if (1 != ret) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +-exit: +- EVP_PKEY_CTX_free(pKey_Ctx); +- pKey_Ctx = NULL; +- return retval; +-} +- +-sss_status_t sss_openssl_asymmetric_sign( +- sss_openssl_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +-#else +- EVP_MD_CTX *pKey_md_Ctx = NULL; +- EVP_PKEY *pKey = NULL; +- +- pKey = (EVP_PKEY *)context->keyObject->contents; +- +- if (context->keyObject->cipherType == kSSS_CipherType_EC_TWISTED_ED) { +- pKey_md_Ctx = (EVP_MD_CTX *)EVP_MD_CTX_create(); +- if (1 != EVP_DigestSignInit(pKey_md_Ctx, NULL, NULL, NULL, pKey)) { +- goto exit; +- } +- +- if (1 != EVP_DigestSign(pKey_md_Ctx, destData, destLen, srcData, srcLen)) { +- goto exit; +- } +- } +- else { +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-#endif +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_asymmetric_verify( +- sss_openssl_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t signatureLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +-#else +- EVP_MD_CTX *pKey_md_Ctx = NULL; +- EVP_PKEY *pKey = NULL; +- +- pKey = (EVP_PKEY *)context->keyObject->contents; +- +- if (context->keyObject->cipherType == kSSS_CipherType_EC_TWISTED_ED) { +- pKey_md_Ctx = (EVP_MD_CTX *)EVP_MD_CTX_create(); +- if (1 != EVP_DigestVerifyInit(pKey_md_Ctx, NULL, NULL, NULL, pKey)) { +- goto exit; +- } +- +- if (1 != EVP_DigestVerify(pKey_md_Ctx, signature, signatureLen, srcData, srcLen)) { +- goto exit; +- } +- } +- else { +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-#endif +-exit: +- return retval; +-} +- +-void sss_openssl_asymmetric_context_free(sss_openssl_asymmetric_t *context) +-{ +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: openssl_asym */ +- +-/* ************************************************************************** */ +-/* Functions : sss_openssl_symm */ +-/* ************************************************************************** */ +- +-sss_status_t sss_openssl_symmetric_context_init(sss_openssl_symmetric_t *context, +- sss_openssl_session_t *session, +- sss_openssl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- +- context->session = session; +- context->keyObject = keyObject; +- context->algorithm = algorithm; +- context->mode = mode; +- context->cache_data_len = 0; +- context->cipher_ctx = NULL; +- +- return retval; +-} +- +-sss_status_t sss_openssl_cipher_one_go(sss_openssl_symmetric_t *context, +- uint8_t *iv, +- size_t ivLen, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t dataLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if !SSS_OPENSSL_USE_EVP_FOR_CIPHER_ONE_GO +- AES_KEY AESKey; +-#endif +- DES_key_schedule schedule; +- DES_cblock DESKey; +- +-#if SSS_OPENSSL_USE_EVP_FOR_CIPHER_ONE_GO +- if (context->algorithm == kAlgorithm_SSS_AES_ECB || +- context->algorithm == kAlgorithm_SSS_AES_CBC || +- context->algorithm == kAlgorithm_SSS_AES_CTR) { +- +- sss_status_t status = kStatus_SSS_Fail; +- size_t destLen = dataLen; +- +- status = sss_openssl_cipher_init(context, iv, ivLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- status = sss_openssl_cipher_update(context, srcData, dataLen, destData, &destLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- destLen = dataLen - destLen; +- status = sss_openssl_cipher_finish(context, NULL, 0, (destData + destLen), &destLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- return kStatus_SSS_Success; +- } +-#endif +- +- switch (context->algorithm) { +-#if !SSS_OPENSSL_USE_EVP_FOR_CIPHER_ONE_GO +- case kAlgorithm_SSS_AES_ECB: +- case kAlgorithm_SSS_AES_CBC: { +- if (context->mode == kMode_SSS_Encrypt) { +- if (AES_set_encrypt_key((uint8_t *)context->keyObject->contents, +- (int)(context->keyObject->contents_size * 8), +- &AESKey) < 0) { +- retval = kStatus_SSS_Fail; +- LOG_E("Key initialization failed"); +- goto exit; +- } +- } +- else if (context->mode == kMode_SSS_Decrypt) { +- if (AES_set_decrypt_key((uint8_t *)context->keyObject->contents, +- (int)(context->keyObject->contents_size * 8), +- &AESKey) < 0) { +- retval = kStatus_SSS_Fail; +- LOG_E("Key initialization failed"); +- goto exit; +- } +- } +- } break; +- case kAlgorithm_SSS_AES_CTR: { +- if (AES_set_encrypt_key( +- (uint8_t *)context->keyObject->contents, (int)(context->keyObject->contents_size * 8), &AESKey) < 0) { +- retval = kStatus_SSS_Fail; +- LOG_E("Key initialization failed"); +- goto exit; +- } +- } break; +-#endif +- case kAlgorithm_SSS_DES_CBC: +- case kAlgorithm_SSS_DES_ECB: +- case kAlgorithm_SSS_DES3_CBC: +- case kAlgorithm_SSS_DES3_ECB: { +- memcpy(DESKey, (const char *)context->keyObject->contents, context->keyObject->contents_size); +- DES_set_key(&DESKey, &schedule); +- break; +- } +- default: +- return retval; +- } +- +- if (context->mode == kMode_SSS_Encrypt) { +- switch (context->algorithm) { +-#if !SSS_OPENSSL_USE_EVP_FOR_CIPHER_ONE_GO +- case kAlgorithm_SSS_AES_ECB: +- AES_ecb_encrypt(srcData, destData, &AESKey, AES_ENCRYPT); +- break; +- case kAlgorithm_SSS_AES_CBC: +- AES_cbc_encrypt(srcData, destData, dataLen, &AESKey, iv, AES_ENCRYPT); +- break; +- case kAlgorithm_SSS_AES_CTR: { +- unsigned char ecount_buf[16] = { +- 0, +- }; +- unsigned int num = 0; +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- AES_ctr128_encrypt(srcData, destData, dataLen, &AESKey, iv, ecount_buf, &num); +-#else +- CRYPTO_ctr128_encrypt(srcData, destData, dataLen, &AESKey, iv, ecount_buf, &num, (block128_f)AES_encrypt); +-#endif +- } break; +-#endif +- case kAlgorithm_SSS_DES_ECB: { +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- DES_ecb_encrypt((const_DES_cblock *)srcData, (DES_cblock *)destData, &schedule, DES_ENCRYPT); +-#else +- size_t rem = dataLen; +- int offset = 0; +- if (dataLen % 8 != 0) { +- LOG_E("Input should be 8 byte aligned for DES ECB"); +- return kStatus_SSS_Fail; +- } +- +- while ((rem > 0) && (rem % 8 == 0)) { +- DES_ecb_encrypt( +- (const_DES_cblock *)(srcData + offset), (DES_cblock *)(destData + offset), &schedule, DES_ENCRYPT); +- offset = offset + 8; +- rem = rem - 8; +- } +-#endif +- } break; +- case kAlgorithm_SSS_DES_CBC: +- DES_cbc_encrypt(srcData, destData, (int)dataLen, &schedule, (DES_cblock *)iv, DES_ENCRYPT); +- break; +- default: +- break; +- } +- } +- else if (context->mode == kMode_SSS_Decrypt) { +- switch (context->algorithm) { +-#if !SSS_OPENSSL_USE_EVP_FOR_CIPHER_ONE_GO +- case kAlgorithm_SSS_AES_ECB: +- AES_ecb_encrypt(srcData, destData, &AESKey, AES_DECRYPT); +- break; +- case kAlgorithm_SSS_AES_CBC: +- AES_cbc_encrypt(srcData, destData, dataLen, &AESKey, iv, AES_DECRYPT); +- break; +- case kAlgorithm_SSS_AES_CTR: { +- unsigned char ecount_buf[16] = { +- 0, +- }; +- unsigned int num = 0; +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- AES_ctr128_encrypt(srcData, destData, dataLen, &AESKey, iv, ecount_buf, &num); +-#else +- CRYPTO_ctr128_encrypt(srcData, destData, dataLen, &AESKey, iv, ecount_buf, &num, (block128_f)AES_encrypt); +-#endif +- } break; +-#endif +- case kAlgorithm_SSS_DES_ECB: { +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- DES_ecb_encrypt((const_DES_cblock *)srcData, (DES_cblock *)destData, &schedule, DES_DECRYPT); +-#else +- size_t rem = dataLen; +- int offset = 0; +- if (dataLen % 8 != 0) { +- LOG_E("Input should be 8 byte aligned for DES ECB"); +- return kStatus_SSS_Fail; +- } +- +- while ((rem > 0) && (rem % 8 == 0)) { +- DES_ecb_encrypt( +- (const_DES_cblock *)(srcData + offset), (DES_cblock *)(destData + offset), &schedule, DES_DECRYPT); +- offset = offset + 8; +- rem = rem - 8; +- } +-#endif +- } break; +- case kAlgorithm_SSS_DES_CBC: +- DES_cbc_encrypt(srcData, destData, (long)dataLen, &schedule, (DES_cblock *)iv, DES_DECRYPT); +- break; +- default: +- break; +- } +- } +- else { +- return retval; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_cipher_init(sss_openssl_symmetric_t *context, uint8_t *iv, size_t ivLen) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- const EVP_CIPHER *cipher_info = NULL; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- if (ivLen > 0){ +- ENSURE_OR_GO_EXIT(iv != NULL); +- } +- +- if (context->algorithm == kAlgorithm_SSS_AES_ECB) { +- switch (context->keyObject->keyBitLen) { +- case 128: +- cipher_info = EVP_aes_128_ecb(); +- break; +- case 192: +- cipher_info = EVP_aes_192_ecb(); +- break; +- case 256: +- cipher_info = EVP_aes_256_ecb(); +- break; +- default: +- goto exit; +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_AES_CBC) { +- switch (context->keyObject->keyBitLen) { +- case 128: +- cipher_info = EVP_aes_128_cbc(); +- break; +- case 192: +- cipher_info = EVP_aes_192_cbc(); +- break; +- case 256: +- cipher_info = EVP_aes_256_cbc(); +- break; +- default: +- goto exit; +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_AES_CTR) { +- switch (context->keyObject->keyBitLen) { +- case 128: +- cipher_info = EVP_aes_128_ctr(); +- break; +- case 192: +- cipher_info = EVP_aes_192_ctr(); +- break; +- case 256: +- cipher_info = EVP_aes_256_ctr(); +- break; +- default: +- goto exit; +- } +- } +- +- /* Create and initialise the context */ +- context->cipher_ctx = EVP_CIPHER_CTX_new(); +- if (!(context->cipher_ctx)) { +- retval = kStatus_SSS_InvalidArgument; +- LOG_E(" Cipher initialization failed "); +- goto exit; +- } +- +- if (context->mode == kMode_SSS_Encrypt) { +- /* Initialise the encryption operation. IMPORTANT - ensure you use a key +- * and IV size appropriate for your cipher +- */ +- if (1 != EVP_CipherInit(context->cipher_ctx, cipher_info, context->keyObject->contents, iv, 1)) { +- retval = kStatus_SSS_InvalidArgument; +- LOG_E("EncryptionCipher initialization failed !!!"); +- +- goto exit; +- } +- +- EVP_CIPHER_CTX_set_padding(context->cipher_ctx, 0); +- } +- else if (context->mode == kMode_SSS_Decrypt) { +- /* Initialise the encryption operation. IMPORTANT - ensure you use a key +- * and IV size appropriate for your cipher +- */ +- if (1 != EVP_CipherInit(context->cipher_ctx, cipher_info, context->keyObject->contents, iv, 0)) { +- retval = kStatus_SSS_InvalidArgument; +- LOG_E(" DecryptionCipher initialization failed"); +- goto exit; +- } +- +- EVP_CIPHER_CTX_set_padding(context->cipher_ctx, 0); +- } +- else { +- retval = kStatus_SSS_InvalidArgument; +- } +- +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_cipher_update( +- sss_openssl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- uint8_t inputData[CIPHER_BLOCK_SIZE] = { +- 0, +- }; +- size_t inputData_len = 0; +- size_t src_offset = 0; +- size_t output_offset = 0; +- size_t outBuffSize = *destLen; +- size_t blockoutLen = 0; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- if (srcLen > 0) { +- ENSURE_OR_GO_EXIT(srcData != NULL); +- } +- ENSURE_OR_GO_EXIT(destLen != NULL); +- if (*destLen > 0) { +- ENSURE_OR_GO_EXIT(destData != NULL); +- } +- +- if ((context->cache_data_len + srcLen) < CIPHER_BLOCK_SIZE) { +- /* Insufficinet data to process . Cache the data */ +- memcpy((context->cache_data + context->cache_data_len), srcData, srcLen); +- context->cache_data_len = context->cache_data_len + srcLen; +- *destLen = 0; +- return kStatus_SSS_Success; +- } +- else { +- /* Concatenate the unprocessed and current input data*/ +- memcpy(inputData, context->cache_data, context->cache_data_len); +- inputData_len = context->cache_data_len; +- memcpy((inputData + inputData_len), srcData, (CIPHER_BLOCK_SIZE - context->cache_data_len)); +- inputData_len += (CIPHER_BLOCK_SIZE - context->cache_data_len); +- src_offset += (CIPHER_BLOCK_SIZE - context->cache_data_len); +- context->cache_data_len = 0; +- +- blockoutLen = outBuffSize; +- ENSURE_OR_GO_EXIT(blockoutLen >= inputData_len); +- if (1 != +- EVP_CipherUpdate( +- context->cipher_ctx, (destData + output_offset), (int *)&blockoutLen, inputData, (int)inputData_len)) { +- goto exit; +- } +- outBuffSize -= blockoutLen; +- output_offset += blockoutLen; +- +- while (srcLen - src_offset >= CIPHER_BLOCK_SIZE) { +- memcpy(inputData, (srcData + src_offset), CIPHER_BLOCK_SIZE); +- src_offset += CIPHER_BLOCK_SIZE; +- +- blockoutLen = outBuffSize; +- inputData_len = CIPHER_BLOCK_SIZE; +- ENSURE_OR_GO_EXIT(blockoutLen >= inputData_len); +- if (1 != EVP_CipherUpdate(context->cipher_ctx, +- (destData + output_offset), +- (int *)&blockoutLen, +- inputData, +- (int)inputData_len)) { +- goto exit; +- } +- outBuffSize -= blockoutLen; +- output_offset += blockoutLen; +- } +- +- *destLen = output_offset; +- +- /* Copy unprocessed data to cache */ +- if ((srcLen - src_offset) > 0) { +- memcpy(context->cache_data, (srcData + src_offset), (srcLen - src_offset)); +- context->cache_data_len = (srcLen - src_offset); +- } +- } +- +- retval = kStatus_SSS_Success; +-exit: +- if (retval == kStatus_SSS_Fail) { +- *destLen = 0; +- } +- return retval; +-} +- +-sss_status_t sss_openssl_cipher_finish( +- sss_openssl_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- uint8_t srcdata_updated[2 * CIPHER_BLOCK_SIZE] = { +- 0, +- }; +- size_t srcdata_updated_len = 0; +- size_t outBuffSize = *destLen; +- size_t blockoutLen = 0; +- uint8_t dummyBuf[CIPHER_BLOCK_SIZE] = { +- 0, +- }; +- int dummyBufLen = sizeof(dummyBuf); +- +- ENSURE_OR_GO_EXIT(context != NULL); +- if (srcLen > 0) { +- ENSURE_OR_GO_EXIT(srcData != NULL); +- } +- ENSURE_OR_GO_EXIT(destLen != NULL); +- if (*destLen > 0) { +- ENSURE_OR_GO_EXIT(destData != NULL); +- } +- +- if (srcLen > CIPHER_BLOCK_SIZE) { +- LOG_E("srcLen cannot be grater than 16 bytes. Call update function "); +- *destLen = 0; +- goto exit; +- } +- +- if (context->cache_data_len != 0) { +- memcpy(srcdata_updated, context->cache_data, context->cache_data_len); +- srcdata_updated_len = context->cache_data_len; +- context->cache_data_len = 0; +- } +- if (srcLen != 0) { +- memcpy((srcdata_updated + srcdata_updated_len), srcData, srcLen); +- srcdata_updated_len += srcLen; +- } +- +- if (srcdata_updated_len > 0) { +- srcdata_updated_len = srcdata_updated_len + (CIPHER_BLOCK_SIZE - (srcdata_updated_len % CIPHER_BLOCK_SIZE)); +- } +- +- if (*destLen < srcdata_updated_len) { +- LOG_E("Output buffer not sufficient"); +- goto exit; +- } +- +- if (srcdata_updated_len > 0) { +- blockoutLen = outBuffSize; +- ENSURE_OR_GO_EXIT(blockoutLen >= CIPHER_BLOCK_SIZE); +- if (1 != +- EVP_CipherUpdate(context->cipher_ctx, destData, (int *)&blockoutLen, srcdata_updated, CIPHER_BLOCK_SIZE)) { +- goto exit; +- } +- *destLen = blockoutLen; +- outBuffSize -= blockoutLen; +- } +- +- if (srcdata_updated_len > CIPHER_BLOCK_SIZE) { +- blockoutLen = outBuffSize; +- ENSURE_OR_GO_EXIT(blockoutLen >= CIPHER_BLOCK_SIZE); +- if (1 != EVP_CipherUpdate(context->cipher_ctx, +- destData + CIPHER_BLOCK_SIZE, +- (int *)&blockoutLen, +- srcdata_updated + CIPHER_BLOCK_SIZE, +- CIPHER_BLOCK_SIZE)) { +- goto exit; +- } +- *destLen += blockoutLen; +- outBuffSize -= blockoutLen; +- } +- +- /* All data processed using EVP_CipherUpdate call. EVP_CipherFinal call will be dummy call. +- No encrypted/decrypted output will be generated */ +- if (1 != EVP_CipherFinal(context->cipher_ctx, dummyBuf, &dummyBufLen)) { +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_cipher_crypt_ctr(sss_openssl_symmetric_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *initialCounter, +- uint8_t *lastEncryptedCounter, +- size_t *szLeft) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- AES_KEY key; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- if (size > 0) { +- ENSURE_OR_GO_EXIT(srcData != NULL); +- ENSURE_OR_GO_EXIT(destData != NULL); +- } +- +- if (AES_set_encrypt_key( +- (uint8_t *)context->keyObject->contents, (int)(context->keyObject->contents_size * 8), &key) < 0) { +- goto exit; +- } +- +- switch (context->keyObject->keyBitLen) { +- case 128: +- case 192: +- case 256: { +- unsigned int iLeft = (unsigned int)*szLeft; +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- AES_ctr128_encrypt(srcData, destData, size, &key, initialCounter, lastEncryptedCounter, &iLeft); +-#else +- CRYPTO_ctr128_encrypt( +- srcData, destData, size, &key, initialCounter, lastEncryptedCounter, &iLeft, (block128_f)AES_encrypt); +-#endif +- *szLeft = iLeft; +- break; +- } +- default: +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-void sss_openssl_symmetric_context_free(sss_openssl_symmetric_t *context) +-{ +- if (context->cipher_ctx != NULL) { +- EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)context->cipher_ctx); +- context->cipher_ctx = NULL; +- } +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: openssl_symm */ +- +-/* ************************************************************************** */ +-/* Functions : sss_openssl_aead */ +-/* ************************************************************************** */ +- +-sss_status_t sss_openssl_aead_context_init(sss_openssl_aead_t *context, +- sss_openssl_session_t *session, +- sss_openssl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- context->session = session; +- context->keyObject = keyObject; +- context->mode = mode; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- ENSURE_OR_GO_EXIT(session != NULL); +- ENSURE_OR_GO_EXIT(keyObject != NULL); +- +- if (algorithm == kAlgorithm_SSS_AES_GCM || algorithm == kAlgorithm_SSS_AES_CCM) { +- context->algorithm = algorithm; +- } +- else { +- LOG_E("AEAD improper algorithm passed!!!"); +- goto exit; +- } +- /* Create and initialise the context */ +- context->aead_ctx = EVP_CIPHER_CTX_new(); +- ENSURE_OR_GO_EXIT(context->aead_ctx != NULL); +- context->pCcm_aad = NULL; +- context->pCcm_data = NULL; +- context->pCcm_iv = NULL; +- context->pCcm_tag = NULL; +- retval = sss_openssl_aead_init_ctx(context); +- +-exit: +- return retval; +-} +- +-static sss_status_t sss_openssl_aead_init_ctx(sss_openssl_aead_t *context) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- const EVP_CIPHER *aead_info = NULL; +- int ret = 0; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- +- if (context->algorithm == kAlgorithm_SSS_AES_GCM) { +- switch (context->keyObject->keyBitLen) { +- case 128: +- aead_info = EVP_aes_128_gcm(); +- break; +- case 192: +- aead_info = EVP_aes_192_gcm(); +- break; +- case 256: +- aead_info = EVP_aes_256_gcm(); +- break; +- default: +- LOG_E("Improper key size!"); +- goto exit; +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_AES_CCM) { +- switch (context->keyObject->keyBitLen) { +- case 128: +- aead_info = EVP_aes_128_ccm(); +- break; +- case 192: +- aead_info = EVP_aes_192_ccm(); +- break; +- case 256: +- aead_info = EVP_aes_256_ccm(); +- break; +- default: +- LOG_E("Improper key size!"); +- goto exit; +- } +- } +- if (context->mode == kMode_SSS_Encrypt) { +- /* Initialise the encryption operation. */ +- ret = EVP_EncryptInit_ex(context->aead_ctx, aead_info, NULL, NULL, NULL); +- } +- else if (context->mode == kMode_SSS_Decrypt) { +- /* Initialise the decryption operation. */ +- ret = EVP_DecryptInit_ex(context->aead_ctx, aead_info, NULL, NULL, NULL); +- } +- ENSURE_OR_GO_EXIT(ret == 1); +- retval = kStatus_SSS_Success; +- +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_aead_one_go(sss_openssl_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- int ret = 0; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- if (size > 0) { +- ENSURE_OR_GO_EXIT(srcData != NULL); +- ENSURE_OR_GO_EXIT(destData != NULL); +- } +- if(nonceLen > 0){ +- ENSURE_OR_GO_EXIT(nonce != NULL); +- } +- if(aadLen > 0){ +- ENSURE_OR_GO_EXIT(aad != NULL); +- } +- +- /* Set IV length if default 96 bits is not appropriate */ +- ret = EVP_CIPHER_CTX_ctrl(context->aead_ctx, EVP_CTRL_GCM_SET_IVLEN, nonceLen, NULL); +- ENSURE_OR_GO_EXIT(ret == 1); +- context->pCcm_data = NULL; +- +- /* Check mode do the operation requested */ +- if (context->mode == kMode_SSS_Encrypt) { +- retval = sss_openssl_aead_one_go_encrypt( +- context, srcData, destData, size, nonce, nonceLen, aad, aadLen, tag, tagLen); +- } +- else if (context->mode == kMode_SSS_Decrypt) { +- retval = sss_openssl_aead_one_go_decrypt( +- context, srcData, destData, size, nonce, nonceLen, aad, aadLen, tag, tagLen); +- } +- +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_aead_init( +- sss_openssl_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- int ret = 0; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- if (nonceLen > 0){ +- ENSURE_OR_GO_EXIT(nonce != NULL); +- } +- +- if (context->algorithm == kAlgorithm_SSS_AES_GCM) { +- ret = EVP_CIPHER_CTX_ctrl(context->aead_ctx, EVP_CTRL_GCM_SET_IVLEN, nonceLen, NULL); +- ENSURE_OR_GO_EXIT(ret == 1); +- context->cache_data_len = 0; +- memset(context->cache_data, 0x00, sizeof(context->cache_data)); +- /* Initialise key and IV */ +- { +- if (context->mode == kMode_SSS_Encrypt) { +- ret = EVP_EncryptInit_ex(context->aead_ctx, NULL, NULL, context->keyObject->contents, nonce); +- } +- else { +- ret = EVP_DecryptInit_ex(context->aead_ctx, NULL, NULL, context->keyObject->contents, nonce); +- } +- ENSURE_OR_GO_EXIT(ret == 1); +- } +- } +- if (context->algorithm == kAlgorithm_SSS_AES_CCM) { +- context->pCcm_iv = nonce; +- context->ccm_ivLen = nonceLen; +- context->ccm_tagLen = tagLen; +- context->ccm_aadLen = aadLen; +- context->ccm_dataTotalLen = payloadLen; +- if (context->ccm_dataTotalLen) { +- context->pCcm_data = SSS_MALLOC(payloadLen); +- if (context->pCcm_data) { +- memset(context->pCcm_data, 0, payloadLen); +- context->ccm_dataoffset = 0; +- } +- else { +- LOG_E("malloc failed"); +- goto exit; +- } +- } +- } +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_aead_update_aad(sss_openssl_aead_t *context, const uint8_t *aadData, size_t aadDataLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- int ret = 0; +- int len = 0; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- if (aadDataLen > 0){ +- ENSURE_OR_GO_EXIT(aadData != NULL); +- } +- +- /* Provide AAD data */ +- if (context->algorithm == kAlgorithm_SSS_AES_GCM) { +- if (context->mode == kMode_SSS_Decrypt) { +- ret = EVP_DecryptUpdate(context->aead_ctx, NULL, &len, aadData, aadDataLen); +- } +- else { +- ret = EVP_EncryptUpdate(context->aead_ctx, NULL, &len, aadData, aadDataLen); +- } +- ENSURE_OR_GO_EXIT(ret == 1); +- } +- else if (context->algorithm == kAlgorithm_SSS_AES_CCM) { +- context->pCcm_aad = aadData; +- context->ccm_aadLen = aadDataLen; +- } +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_aead_update( +- sss_openssl_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- uint8_t inputData[CIPHER_BLOCK_SIZE] = { +- 0, +- }; +- size_t inputData_len = 0; +- size_t src_offset = 0; +- size_t output_offset = 0; +- size_t outBuffSize = *destLen; +- size_t blockoutLen = 0; +- int ret = 0; +- +- ENSURE_OR_GO_CLEANUP(context != NULL); +- if (srcLen > 0) { +- ENSURE_OR_GO_CLEANUP(srcData != NULL); +- } +- ENSURE_OR_GO_CLEANUP(destLen != NULL); +- if (*destLen > 0) { +- ENSURE_OR_GO_CLEANUP(destData != NULL); +- } +- +- /*Note for OpenSSL AES_CCM Update data is called only once*/ +- if (context->algorithm == kAlgorithm_SSS_AES_CCM) { +- if ((srcData != NULL) && (srcLen > 0)) { +- retval = sss_openssl_aead_ccm_update(context, srcData, srcLen); +- } +- ENSURE_OR_GO_CLEANUP(retval == kStatus_SSS_Success); +- *destLen = 0; +- } +- else { +- if ((context->cache_data_len + srcLen) < CIPHER_BLOCK_SIZE) { +- /* Insufficinet data to process . Cache the data */ +- memcpy((context->cache_data + context->cache_data_len), srcData, srcLen); +- context->cache_data_len = context->cache_data_len + srcLen; +- *destLen = 0; +- return kStatus_SSS_Success; +- } +- else { +- /* Concatenate the unprocessed and current input data*/ +- memcpy(inputData, context->cache_data, context->cache_data_len); +- inputData_len = context->cache_data_len; +- memcpy((inputData + inputData_len), srcData, (CIPHER_BLOCK_SIZE - context->cache_data_len)); +- inputData_len += (CIPHER_BLOCK_SIZE - context->cache_data_len); +- src_offset += (CIPHER_BLOCK_SIZE - context->cache_data_len); +- blockoutLen = outBuffSize; +- +- /* Add Source Data */ +- ret = +- aead_update(context, context->mode, inputData, inputData_len, (destData + output_offset), &blockoutLen); +- ENSURE_OR_GO_CLEANUP(ret == 1); +- outBuffSize -= blockoutLen; +- output_offset += blockoutLen; +- +- while (srcLen - src_offset >= CIPHER_BLOCK_SIZE) { +- memcpy(inputData, (srcData + src_offset), 16); +- src_offset += CIPHER_BLOCK_SIZE; +- blockoutLen = outBuffSize; +- +- /* Add Source Data */ +- ret = aead_update( +- context, context->mode, inputData, inputData_len, (destData + output_offset), &blockoutLen); +- ENSURE_OR_GO_CLEANUP(ret == 1); +- +- outBuffSize -= blockoutLen; +- output_offset += blockoutLen; +- } +- *destLen = output_offset; +- /* Copy unprocessed data to cache */ +- memcpy(context->cache_data, (srcData + src_offset), (srcLen - src_offset)); +- context->cache_data_len = (srcLen - src_offset); +- } +- } +- retval = kStatus_SSS_Success; +- +-cleanup: +- if (retval == kStatus_SSS_Fail) { +- *destLen = 0; +- } +-#endif /*End of SSS_HAVE_TESTCOUNTERPART*/ +- return retval; +-} +-static sss_status_t sss_openssl_aead_ccm_update(sss_openssl_aead_t *context, const uint8_t *srcData, size_t srcLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- +- if ((context->ccm_dataoffset + srcLen) <= (context->ccm_dataTotalLen)) { +- memcpy(context->pCcm_data + context->ccm_dataoffset, srcData, srcLen); +- context->ccm_dataoffset = context->ccm_dataoffset + srcLen; +- retval = kStatus_SSS_Success; +- } +- else { +- /*Free the allocated memory in init*/ +- if (context->pCcm_data != NULL) { +- SSS_FREE(context->pCcm_data); +- context->pCcm_data = NULL; +- } +- } +- return retval; +-} +- +-static int aead_update(sss_openssl_aead_t *context, +- sss_mode_t mode, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen) +-{ +- int ret = 0; +-#if SSS_HAVE_TESTCOUNTERPART +- int len = 0; +- if (context->mode == kMode_SSS_Encrypt) { +- ret = EVP_EncryptUpdate(context->aead_ctx, destData, &len, srcData, srcLen); +- } +- else if (context->mode == kMode_SSS_Decrypt) { +- ret = EVP_DecryptUpdate(context->aead_ctx, destData, &len, srcData, srcLen); +- } +- *destLen = len; +-#endif /*SSS_HAVE_TESTCOUNTERPART*/ +- return ret; +-} +- +-sss_status_t sss_openssl_aead_finish(sss_openssl_aead_t *context, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen, +- uint8_t *tag, +- size_t *tagLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- int ret = 0; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- if (srcLen > 0){ +- ENSURE_OR_GO_EXIT(srcData != NULL); +- } +- +- uint8_t srcdata_updated[2 * CIPHER_BLOCK_SIZE] = { +- 0, +- }; +- size_t srcdata_updated_len = 0; +- int len = 0; +- if (context->algorithm == kAlgorithm_SSS_AES_CCM) { /* Check if finish has got source data */ +- if ((srcData != NULL) && (srcLen > 0)) { +- retval = sss_openssl_aead_ccm_update(context, srcData, srcLen); +- ENSURE_OR_GO_EXIT(retval == kStatus_SSS_Success); +- } +- retval = sss_openssl_aead_ccm_final(context, destData, destLen, tag, tagLen); +- } +- else { +- if (srcLen > CIPHER_BLOCK_SIZE) { +- LOG_E("srcLen cannot be grater than 16 bytes. Call update function "); +- *destLen = 0; +- goto exit; +- } +- +- if (context->cache_data_len != 0) { +- memcpy(srcdata_updated, context->cache_data, context->cache_data_len); +- srcdata_updated_len = context->cache_data_len; +- } +- +- if (srcLen != 0) { +- memcpy((srcdata_updated + srcdata_updated_len), srcData, srcLen); +- srcdata_updated_len += srcLen; +- } +- +- /* Add Source Data */ +- ret = aead_update(context, context->mode, srcdata_updated, srcdata_updated_len, destData, destLen); +- ENSURE_OR_GO_EXIT(ret == 1); +- +- if (context->mode == kMode_SSS_Encrypt) { +- ret = EVP_EncryptFinal_ex(context->aead_ctx, destData, &len); +- ENSURE_OR_GO_EXIT(ret == 1); +- (*destLen) += len; +- ret = EVP_CIPHER_CTX_ctrl(context->aead_ctx, EVP_CTRL_GCM_GET_TAG, *tagLen, tag); +- // *tagLen = EVP_CTRL_GCM_GET_TAG; +- } +- else if (context->mode == kMode_SSS_Decrypt) { +- ret = EVP_CIPHER_CTX_ctrl(context->aead_ctx, EVP_CTRL_GCM_SET_TAG, *tagLen, tag); +- ENSURE_OR_GO_EXIT(ret == 1); +- +- ret = EVP_DecryptFinal_ex(context->aead_ctx, destData + (*destLen), &len); +- ENSURE_OR_GO_EXIT(ret == 1); +- (*destLen) += len; +- } +- retval = kStatus_SSS_Success; +- } +-exit: +-#endif /*SSS_HAVE_TESTCOUNTERPART*/ +- return retval; +-} +- +-static sss_status_t sss_openssl_aead_ccm_final( +- sss_openssl_aead_t *context, uint8_t *destData, size_t *destLen, uint8_t *tag, size_t *tagLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- context->pCcm_tag = tag; +- if (context->mode == kMode_SSS_Decrypt) { +- retval = sss_openssl_aead_ccm_Decryptfinal(context, destData, destLen); +- } +- else { +- retval = sss_openssl_aead_ccm_Encryptfinal(context, destData, destLen); +- if (retval == kStatus_SSS_Success) { +- tag = context->pCcm_tag; +- *tagLen = context->ccm_tagLen; +- } +- } +- ENSURE_OR_GO_EXIT(retval == kStatus_SSS_Success); +- *destLen = context->ccm_dataTotalLen; +- retval = kStatus_SSS_Success; +-exit: +-#endif /*SSS_HAVE_TESTCOUNTERPART*/ +- return retval; +-} +- +-static sss_status_t sss_openssl_aead_ccm_Encryptfinal(sss_openssl_aead_t *context, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- int ret = 0; +- int len = 0; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- +- /*Set IV len */ +- ret = EVP_CIPHER_CTX_ctrl(context->aead_ctx, EVP_CTRL_CCM_SET_IVLEN, context->ccm_ivLen, NULL); +- ENSURE_OR_GO_EXIT(ret == 1) +- +- /* Set tag length */ +- ret = EVP_CIPHER_CTX_ctrl(context->aead_ctx, EVP_CTRL_CCM_SET_TAG, context->ccm_tagLen, NULL); +- ENSURE_OR_GO_EXIT(ret == 1) +- +- /* Initialise key and IV */ +- ret = EVP_EncryptInit_ex(context->aead_ctx, NULL, NULL, context->keyObject->contents, context->pCcm_iv); +- ENSURE_OR_GO_EXIT(ret == 1); +- /* Provide the total plain length */ +- ret = EVP_EncryptUpdate(context->aead_ctx, NULL, &len, NULL, context->ccm_dataTotalLen); +- ENSURE_OR_GO_EXIT(ret == 1); +- +- /* Provide any AAD data*/ +- ret = EVP_EncryptUpdate(context->aead_ctx, NULL, &len, context->pCcm_aad, context->ccm_aadLen); +- ENSURE_OR_GO_EXIT(ret == 1); +- +- /* Provide the message to be decrypted*/ +- ret = EVP_EncryptUpdate(context->aead_ctx, destData, &len, context->pCcm_data, context->ccm_dataTotalLen); +- ENSURE_OR_GO_EXIT(ret == 1); +- *destLen = len; +- len = 0; +- ret = EVP_CIPHER_CTX_ctrl(context->aead_ctx, EVP_CTRL_CCM_GET_TAG, context->ccm_tagLen, context->pCcm_tag); +- +- ENSURE_OR_GO_EXIT(ret == 1); +- //context->ccm_tagLen = len; +- retval = kStatus_SSS_Success; +-exit: +-#endif /*SSS_HAVE_TESTCOUNTERPART*/ +- return retval; +-} +- +-static sss_status_t sss_openssl_aead_ccm_Decryptfinal(sss_openssl_aead_t *context, uint8_t *destData, size_t *destLen) +- +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_TESTCOUNTERPART +- int ret = 0; +- int len = 0; +- int payloadlen = context->ccm_dataTotalLen; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- +- /*Set IV len */ +- ret = EVP_CIPHER_CTX_ctrl(context->aead_ctx, EVP_CTRL_CCM_SET_IVLEN, context->ccm_ivLen, NULL); +- ENSURE_OR_GO_EXIT(ret == 1) +- /* Set expected tag value. */ +- ret = EVP_CIPHER_CTX_ctrl(context->aead_ctx, EVP_CTRL_CCM_SET_TAG, context->ccm_tagLen, context->pCcm_tag); +- ENSURE_OR_GO_EXIT(ret == 1); +- /* Initialise key and IV */ +- ret = EVP_DecryptInit_ex(context->aead_ctx, NULL, NULL, context->keyObject->contents, context->pCcm_iv); +- ENSURE_OR_GO_EXIT(ret == 1); +- /* Provide the total ciphertext length */ +- ret = EVP_DecryptUpdate(context->aead_ctx, NULL, &len, NULL, payloadlen); +- ENSURE_OR_GO_EXIT(ret == 1); +- +- /* Provide any AAD data*/ +- ret = EVP_DecryptUpdate(context->aead_ctx, NULL, &len, context->pCcm_aad, context->ccm_aadLen); +- ENSURE_OR_GO_EXIT(ret == 1); +- /* Provide the message to be decrypted*/ +- ret = EVP_DecryptUpdate(context->aead_ctx, destData, &len, context->pCcm_data, context->ccm_dataTotalLen); +- ENSURE_OR_GO_EXIT(ret == 1); +- *destLen = len; +- retval = kStatus_SSS_Success; +-exit: +-#endif /*SSS_HAVE_TESTCOUNTERPART*/ +- return retval; +-} +- +-void sss_openssl_aead_context_free(sss_openssl_aead_t *context) +-{ +- if (context->aead_ctx != NULL) { +- if ((context->algorithm == kAlgorithm_SSS_AES_CCM) && (context->pCcm_data != NULL)) { +- SSS_FREE(context->pCcm_data); +- context->pCcm_data = NULL; +- } +- EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)context->aead_ctx); +- context->aead_ctx = NULL; +- } +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: openssl_aead */ +- +-/* ************************************************************************** */ +-/* Functions : sss_openssl_mac */ +-/* ************************************************************************** */ +- +-sss_status_t sss_openssl_mac_context_init(sss_openssl_mac_t *context, +- sss_openssl_session_t *session, +- sss_openssl_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- if (context != NULL) { +- if (algorithm == kAlgorithm_SSS_CMAC_AES) { +- context->cmac_ctx = CMAC_CTX_new(); +- } +- if (algorithm == kAlgorithm_SSS_HMAC_SHA1 || algorithm == kAlgorithm_SSS_HMAC_SHA224 || +- algorithm == kAlgorithm_SSS_HMAC_SHA256 || algorithm == kAlgorithm_SSS_HMAC_SHA384 || +- algorithm == kAlgorithm_SSS_HMAC_SHA512) { +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- context->hmac_ctx = SSS_MALLOC(sizeof(HMAC_CTX)); +-#else +- context->hmac_ctx = HMAC_CTX_new(); +-#endif +- if (context->hmac_ctx != NULL) { +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- HMAC_CTX_init(context->hmac_ctx); +-#endif +- } +- } +- context->session = session; +- context->keyObject = keyObject; +- context->mode = mode; +- context->algorithm = algorithm; +- retval = kStatus_SSS_Success; +- } +- +- return retval; +-} +- +-sss_status_t sss_openssl_mac_one_go( +- sss_openssl_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- int ret = 0; +- unsigned int iMacLen; +- const EVP_CIPHER *cipher_info = NULL; +- uint8_t *key; +- size_t keylen; +- +- if ((context == NULL) || (message == NULL) || (mac == NULL) || (macLen == NULL)) { +- goto cleanup; +- } +- +- if (context->keyObject->contents) { +- key = context->keyObject->contents; +- keylen = context->keyObject->contents_size; +- } +- else { +- LOG_E("KeyObject key not created"); +- goto cleanup; +- } +- +- iMacLen = (unsigned int)*macLen; +- if (context->algorithm == kAlgorithm_SSS_CMAC_AES) { +- if (context->cmac_ctx == NULL) { +- retval = kStatus_SSS_InvalidArgument; +- } +- else { +- if (!(keylen == 16 || keylen == 24 || keylen == 32)) { +- LOG_E("key bit not supported"); +- goto cleanup; +- } +- +- switch (keylen * 8) { +- case 128: +- cipher_info = EVP_aes_128_cbc(); +- break; +- case 192: +- cipher_info = EVP_aes_192_cbc(); +- break; +- case 256: +- cipher_info = EVP_aes_256_cbc(); +- break; +- } +- +- ret = CMAC_Init( +- context->cmac_ctx, context->keyObject->contents, context->keyObject->contents_size, cipher_info, NULL); +- if (ret == 1) { +- ret = CMAC_Update(context->cmac_ctx, message, messageLen); +- if (ret == 1) { +- ret = CMAC_Final(context->cmac_ctx, mac, macLen); +- if (ret == 1) { +- retval = kStatus_SSS_Success; +- } +- } +- } +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_HMAC_SHA1 || context->algorithm == kAlgorithm_SSS_HMAC_SHA224 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA256 || context->algorithm == kAlgorithm_SSS_HMAC_SHA384 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA512) { +- iMacLen = (unsigned int)*macLen; +- const EVP_MD *evp_md = NULL; +- switch (context->algorithm) { +- case kAlgorithm_SSS_HMAC_SHA1: +- evp_md = EVP_sha1(); +- break; +- case kAlgorithm_SSS_HMAC_SHA224: +- evp_md = EVP_sha224(); +- break; +- case kAlgorithm_SSS_HMAC_SHA256: +- evp_md = EVP_sha256(); +- break; +- case kAlgorithm_SSS_HMAC_SHA384: +- evp_md = EVP_sha384(); +- break; +- case kAlgorithm_SSS_HMAC_SHA512: +- evp_md = EVP_sha512(); +- break; +- default: +- LOG_E("Invalid HMAC algorithm"); +- retval = kStatus_SSS_Fail; +- goto cleanup; +- } +- +- if (NULL != HMAC(evp_md, +- context->keyObject->contents, +- (int)context->keyObject->contents_size, +- message, +- messageLen, +- mac, +- &iMacLen)) { +- retval = kStatus_SSS_Success; +- } +- *macLen = iMacLen; +- } +- +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_mac_init(sss_openssl_mac_t *context) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- const EVP_CIPHER *cipher_info = NULL; +- int ret; +- uint8_t *key; +- size_t keylen; +- +- ENSURE_OR_GO_CLEANUP(context != NULL) +- +- if (context->keyObject->contents) { +- key = context->keyObject->contents; +- keylen = context->keyObject->contents_size; +- } +- else { +- LOG_E("KeyObject key not created"); +- goto cleanup; +- } +- +- if (context->algorithm == kAlgorithm_SSS_CMAC_AES) { +- if (!(keylen == 16 || keylen == 24 || keylen == 32)) { +- LOG_E("key bit not supported"); +- goto cleanup; +- } +- +- switch (keylen * 8) { +- case 128: +- cipher_info = EVP_aes_128_cbc(); +- break; +- case 192: +- cipher_info = EVP_aes_192_cbc(); +- break; +- case 256: +- cipher_info = EVP_aes_256_cbc(); +- break; +- } +- +- if (context->cmac_ctx) { +- ret = CMAC_Init( +- context->cmac_ctx, context->keyObject->contents, context->keyObject->contents_size, cipher_info, NULL); +- if (ret == 1) { +- retval = kStatus_SSS_Success; +- } +- } +- else { +- LOG_W( +- "cipher context not allocated call " +- "sss_openssl_mac_context_init"); +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_HMAC_SHA1 || context->algorithm == kAlgorithm_SSS_HMAC_SHA224 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA256 || context->algorithm == kAlgorithm_SSS_HMAC_SHA384 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA512) { +- const EVP_MD *evp_md = NULL; +- switch (context->algorithm) { +- case kAlgorithm_SSS_HMAC_SHA1: +- evp_md = EVP_sha1(); +- break; +- case kAlgorithm_SSS_HMAC_SHA224: +- evp_md = EVP_sha224(); +- break; +- case kAlgorithm_SSS_HMAC_SHA256: +- evp_md = EVP_sha256(); +- break; +- case kAlgorithm_SSS_HMAC_SHA384: +- evp_md = EVP_sha384(); +- break; +- case kAlgorithm_SSS_HMAC_SHA512: +- evp_md = EVP_sha512(); +- break; +- default: +- LOG_E("Invalid HMAC algorithm"); +- retval = kStatus_SSS_Fail; +- goto cleanup; +- } +- +- ret = HMAC_Init_ex( +- context->hmac_ctx, context->keyObject->contents, (int)context->keyObject->contents_size, evp_md, NULL); +- if (ret == 1) { +- retval = kStatus_SSS_Success; +- } +- else { +- LOG_E( +- "cipher context not allocated, call " +- "sss_openssl_mac_context_init"); +- } +- } +- +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_mac_update(sss_openssl_mac_t *context, const uint8_t *message, size_t messageLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- int ret; +- if (message == NULL || context == NULL) { +- return kStatus_SSS_InvalidArgument; +- } +- if (context->algorithm == kAlgorithm_SSS_CMAC_AES) { +- CMAC_CTX *ctx; +- ctx = context->cmac_ctx; +- +- ret = CMAC_Update(ctx, message, messageLen); +- if (ret == 1) { +- retval = kStatus_SSS_Success; +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_HMAC_SHA1 || context->algorithm == kAlgorithm_SSS_HMAC_SHA224 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA256 || context->algorithm == kAlgorithm_SSS_HMAC_SHA384 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA512) { +- ret = HMAC_Update(context->hmac_ctx, message, messageLen); +- if (ret == 1) { +- retval = kStatus_SSS_Success; +- } +- } +- else { +- //invalid alogortihm +- } +- return retval; +-} +- +-sss_status_t sss_openssl_mac_finish(sss_openssl_mac_t *context, uint8_t *mac, size_t *macLen) +-{ +- int ret; +- sss_status_t retval = kStatus_SSS_Fail; +- if (mac == NULL || macLen == NULL || context == NULL) { +- return kStatus_SSS_InvalidArgument; +- } +- if (context->algorithm == kAlgorithm_SSS_CMAC_AES) { +- CMAC_CTX *ctx; +- ctx = context->cmac_ctx; +- +- ret = CMAC_Final(ctx, mac, macLen); +- if (ret == 1) { +- retval = kStatus_SSS_Success; +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_HMAC_SHA1 || context->algorithm == kAlgorithm_SSS_HMAC_SHA224 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA256 || context->algorithm == kAlgorithm_SSS_HMAC_SHA384 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA512) { +- unsigned int iMacLen = (unsigned int)*macLen; +- ret = HMAC_Final(context->hmac_ctx, mac, &iMacLen); +- if (ret == 1) { +- retval = kStatus_SSS_Success; +- } +- *macLen = iMacLen; +- } +- else { +- //invalid alogortihm +- } +- return retval; +-} +- +-void sss_openssl_mac_context_free(sss_openssl_mac_t *context) +-{ +- if (context != NULL) { +- //sss_openssl_key_object_free(context->keyObject); +- if (context->algorithm == kAlgorithm_SSS_HMAC_SHA1 || context->algorithm == kAlgorithm_SSS_HMAC_SHA224 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA256 || context->algorithm == kAlgorithm_SSS_HMAC_SHA384 || +- context->algorithm == kAlgorithm_SSS_HMAC_SHA512) { +- if (context->hmac_ctx != NULL) { +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- HMAC_CTX_cleanup((HMAC_CTX *)context->hmac_ctx); +- +-#else +- HMAC_CTX_free((HMAC_CTX *)context->hmac_ctx); +-#endif +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_CMAC_AES) { +- if (context->cmac_ctx != NULL) { +- CMAC_CTX_free((CMAC_CTX *)context->cmac_ctx); +- } +- } +- memset(context, 0, sizeof(*context)); +- } +-} +- +-/* End: openssl_mac */ +- +-/* ************************************************************************** */ +-/* Functions : sss_openssl_md */ +-/* ************************************************************************** */ +- +-sss_status_t sss_openssl_digest_context_init( +- sss_openssl_digest_t *context, sss_openssl_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- +- ENSURE_OR_GO_CLEANUP(context); +- context->session = session; +- context->algorithm = algorithm; +- context->mode = mode; +- retval = kStatus_SSS_Success; +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_digest_one_go( +- sss_openssl_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- int ret = 0; +- unsigned int iDigestLen = (unsigned int)*digestLen; +- +- const EVP_MD *md; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- if (messageLen > 0){ +- ENSURE_OR_GO_EXIT(message != NULL); +- } +- +- context->mdctx = EVP_MD_CTX_create(); +- if (context->mdctx == NULL) { +- LOG_E("EVP_MD_CTX_create failed"); +- goto exit; +- } +- +- switch (context->algorithm) { +- case kAlgorithm_SSS_SHA1: +- md = EVP_get_digestbyname("SHA1"); +- *digestLen = 20; +- break; +- case kAlgorithm_SSS_SHA224: +- md = EVP_get_digestbyname("SHA224"); +- *digestLen = 28; +- break; +- case kAlgorithm_SSS_SHA256: +- md = EVP_get_digestbyname("SHA256"); +- *digestLen = 32; +- break; +- case kAlgorithm_SSS_SHA384: +- md = EVP_get_digestbyname("SHA384"); +- *digestLen = 48; +- break; +- case kAlgorithm_SSS_SHA512: +- md = EVP_get_digestbyname("SHA512"); +- *digestLen = 64; +- break; +- default: +- LOG_E(" Algorithm mode not suported "); +- goto exit; +- } +- +- if (md == NULL) { +- goto exit; +- } +- +- ret = EVP_DigestInit_ex(context->mdctx, md, NULL); +- if (ret != 1) { +- LOG_E(" EVP_DigestInit_ex failed "); +- goto exit; +- } +- +- ret = EVP_DigestUpdate(context->mdctx, message, messageLen); +- if (ret != 1) { +- LOG_E(" EVP_DigestUpdate failed "); +- goto exit; +- } +- +- ret = EVP_DigestFinal_ex(context->mdctx, digest, &iDigestLen); +- if (ret != 1) { +- LOG_E(" EVP_DigestFinal_ex failed "); +- goto exit; +- } +- *digestLen = iDigestLen; +- +- EVP_MD_CTX_destroy(context->mdctx); +- context->mdctx = NULL; +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_digest_init(sss_openssl_digest_t *context) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- const EVP_MD *md; +- int ret = 0; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- +- OpenSSL_add_all_algorithms(); +- +- context->mdctx = EVP_MD_CTX_create(); +- if (context->mdctx == NULL) { +- LOG_E(" EVP_MD_CTX_create failed "); +- goto exit; +- } +- +- switch (context->algorithm) { +- case kAlgorithm_SSS_SHA1: +- md = EVP_get_digestbyname("SHA1"); +- break; +- case kAlgorithm_SSS_SHA224: +- md = EVP_get_digestbyname("SHA224"); +- break; +- case kAlgorithm_SSS_SHA256: +- md = EVP_get_digestbyname("SHA256"); +- break; +- case kAlgorithm_SSS_SHA384: +- md = EVP_get_digestbyname("SHA384"); +- break; +- case kAlgorithm_SSS_SHA512: +- md = EVP_get_digestbyname("SHA512"); +- break; +- default: +- LOG_E(" Algorithm mode not suported "); +- goto exit; +- } +- +- ret = EVP_DigestInit_ex(context->mdctx, md, NULL); +- if (ret != 1) { +- LOG_E("EVP_DigestInit_ex failed "); +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_digest_update(sss_openssl_digest_t *context, const uint8_t *message, size_t messageLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- int ret = 0; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- if (messageLen > 0){ +- ENSURE_OR_GO_EXIT(message != NULL); +- } +- +- ret = EVP_DigestUpdate(context->mdctx, message, messageLen); +- if (ret != 1) { +- LOG_E("EVP_DigestUpdate failed "); +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_digest_finish(sss_openssl_digest_t *context, uint8_t *digest, size_t *digestLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- int ret = 0; +- unsigned int iDigestLen = 0; +- +- ENSURE_OR_GO_EXIT(context != NULL); +- ENSURE_OR_GO_EXIT(digestLen != NULL); +- ENSURE_OR_GO_EXIT(digest != NULL); +- +- iDigestLen = (unsigned int)*digestLen; +- +- ret = EVP_DigestFinal_ex(context->mdctx, digest, &iDigestLen); +- if (ret != 1) { +- LOG_E("EVP_DigestFinal_ex failed "); +- goto exit; +- } +- *digestLen = iDigestLen; +- +- switch (context->algorithm) { +- case kAlgorithm_SSS_SHA1: +- *digestLen = 20; +- break; +- case kAlgorithm_SSS_SHA224: +- *digestLen = 28; +- break; +- case kAlgorithm_SSS_SHA256: +- *digestLen = 32; +- break; +- case kAlgorithm_SSS_SHA384: +- *digestLen = 48; +- break; +- case kAlgorithm_SSS_SHA512: +- *digestLen = 64; +- break; +- default: +- *digestLen = 0; +- LOG_E("Algorithm mode not suported "); +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-void sss_openssl_digest_context_free(sss_openssl_digest_t *context) +-{ +- if (NULL != context->mdctx) { +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- EVP_MD_CTX_cleanup(context->mdctx); +-#else +- EVP_MD_CTX_destroy(context->mdctx); +-#endif +- } +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: openssl_md */ +- +-/* ************************************************************************** */ +-/* Functions : sss_openssl_rng */ +-/* ************************************************************************** */ +- +-sss_status_t sss_openssl_rng_context_init(sss_openssl_rng_context_t *context, sss_openssl_session_t *session) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- +- ENSURE_OR_GO_CLEANUP(context); +- context->session = session; +- retval = kStatus_SSS_Success; +- +-cleanup: +- return retval; +-} +- +-sss_status_t sss_openssl_rng_get_random(sss_openssl_rng_context_t *context, uint8_t *random_data, size_t dataLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- +- if (random_data == NULL) { +- goto exit; +- } +- +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- if (0 == RAND_pseudo_bytes((unsigned char *)random_data, (int)dataLen)) { +- LOG_E("Error in RAND_pseudo_bytes "); +- goto exit; +- } +-#else +- if (0 == RAND_bytes((unsigned char *)random_data, (int)dataLen)) { +- LOG_E("Error in RAND_pseudo_bytes "); +- goto exit; +- } +-#endif +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_openssl_rng_context_free(sss_openssl_rng_context_t *context) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- memset(context, 0, sizeof(*context)); +- return retval; +-} +- +-/* End: openssl_rng */ +- +-/* ************************************************************************** */ +-/* Functions : Private sss openssl functions */ +-/* ************************************************************************** */ +-static sss_status_t sss_openssl_generate_ecp_key(sss_openssl_object_t *keyObject, size_t keyBitLen) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- EVP_PKEY *pKey = NULL; +- EC_KEY *pEC_Key = NULL; +- EC_GROUP *pEC_Group = NULL; +- int nid = 0; +- int ret = 0; +- +- /* Initilaize the EC Key. */ +- pEC_Key = EC_KEY_new(); +- if (pEC_Key == NULL) { +- retval = kStatus_SSS_Fail; +- LOG_E("Unable to initialize EC_Key"); +- goto exit; +- } +- +- if (keyObject->cipherType == kSSS_CipherType_EC_NIST_P) { +- switch (keyBitLen) { +- case 192: +- nid = NID_X9_62_prime192v1; +- break; +- case 224: +- nid = NID_secp224r1; +- break; +- case 256: +- nid = NID_X9_62_prime256v1; +- break; +- case 384: +- nid = NID_secp384r1; +- break; +- case 521: +- nid = NID_secp521r1; +- break; +- default: +- LOG_E("Key type EC_NIST_P not supported with key length 0x%X", keyBitLen); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +- else if (keyObject->cipherType == kSSS_CipherType_EC_BRAINPOOL) { +- switch (keyBitLen) { +- case 192: +- nid = NID_brainpoolP192r1; +- break; +- case 224: +- nid = NID_brainpoolP224r1; +- break; +- case 320: +- nid = NID_brainpoolP320r1; +- break; +- case 384: +- nid = NID_brainpoolP384r1; +- break; +- case 160: +- nid = NID_brainpoolP160r1; +- break; +- case 256: +- nid = NID_brainpoolP256r1; +- break; +- case 512: +- nid = NID_brainpoolP512r1; +- break; +- default: +- LOG_E("Key type EC_BRAINPOOL not supported with key length 0x%X", keyBitLen); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +- else if (keyObject->cipherType == kSSS_CipherType_EC_NIST_K) { +- switch (keyBitLen) { +- case 160: +- nid = NID_secp160k1; +- break; +- case 192: +- nid = NID_secp192k1; +- break; +- case 224: +- nid = NID_secp224k1; +- break; +- case 256: +- nid = NID_secp256k1; +- break; +- default: +- LOG_E("Key type EC_NIST_K not supported with key length 0x%X", keyBitLen); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +-#else +- else if (keyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- switch (keyBitLen) { +- case 256: +- nid = NID_X25519; +- break; +- case 448: +- nid = NID_X448; +- break; +- default: +- LOG_E("Key type EC_MONTGOMERY not supported with key length 0x%X", keyBitLen); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +- else if (keyObject->cipherType == kSSS_CipherType_EC_TWISTED_ED) { +- switch (keyBitLen) { +- case 256: +- nid = NID_ED25519; +- break; +- default: +- LOG_E("Key type EC_TWISTED_ED not supported with key length 0x%X", keyBitLen); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +-#endif +- else { +- LOG_E("sss_openssl_generate_ecp_key: Invalid key type "); +- } +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +-#else +- if (nid == NID_X448 || nid == NID_X25519 || nid == NID_ED25519) { +- EVP_PKEY_CTX *pCtx = EVP_PKEY_CTX_new_id(nid, NULL); +- if (1 != EVP_PKEY_keygen_init(pCtx)) { +- retval = kStatus_SSS_Fail; +- LOG_E("Unable to generate keys."); +- } +- /* Assign the EC Key to generic Key context. */ +- pKey = (EVP_PKEY *)keyObject->contents; +- if (1 != EVP_PKEY_keygen(pCtx, &pKey)) { +- retval = kStatus_SSS_Fail; +- LOG_E("Unable to generate keys."); +- } +- EVP_PKEY_CTX_free(pCtx); +- goto exit; +- } +-#endif +- +- if (nid != 0) { +- /* Get the Group by curve name. */ +- pEC_Group = EC_GROUP_new_by_curve_name(nid); +- if (pEC_Group == NULL) { +- retval = kStatus_SSS_Fail; +- LOG_E("sss_openssl_generate_ecp_key: unable to get the group."); +- goto exit; +- } +- EC_GROUP_set_asn1_flag(pEC_Group, OPENSSL_EC_NAMED_CURVE); +- +- /* Set the group to ECKey context. */ +- if (EC_KEY_set_group(pEC_Key, pEC_Group) == 0) { +- retval = kStatus_SSS_Fail; +- LOG_E("sss_openssl_generate_ecp_key: unable set the group."); +- EC_KEY_free(pEC_Key); +- pEC_Key = NULL; +- goto exit; +- } +- +- /* Generate the EC keys. */ +- ret = EC_KEY_generate_key(pEC_Key); +- if (!ret) { +- retval = kStatus_SSS_Fail; +- LOG_E("Unable to generate keys."); +- EC_KEY_free(pEC_Key); +- pEC_Key = NULL; +- goto exit; +- } +- +- /* Assign the EC Key to generic Key context. */ +- pKey = (EVP_PKEY *)keyObject->contents; +- if (!EVP_PKEY_set1_EC_KEY(pKey, pEC_Key)) { +- retval = kStatus_SSS_Fail; +- LOG_E("Unable to assigning ECC key to EVP_PKEY context."); +- EC_GROUP_free(pEC_Group); +- EC_KEY_free(pEC_Key); +- pEC_Key = NULL; +- pEC_Group = NULL; +- goto exit; +- } +- } +- else { +- LOG_E("No support for keyBitLen."); +- } +- +-exit: +- if (pEC_Group) +- EC_GROUP_free(pEC_Group); +- if (pEC_Key) +- EC_KEY_free(pEC_Key); +- return retval; +-} +- +-#ifdef _MSC_VER +-#pragma warning(disable : 4127) +-#endif +- +-static sss_status_t sss_openssl_generate_rsa_key(sss_openssl_object_t *keyObject, size_t keyBitLen) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- EVP_PKEY *pKey = NULL; +- RSA *pRSA = NULL; +- BIGNUM *pBigNum = NULL; +- char *pBuffer = NULL; +- unsigned long ulError = 0; +- +- if (keyBitLen == 512 || keyBitLen == 1024 || keyBitLen == 1152 || keyBitLen == 2048 || keyBitLen == 3072 || +- keyBitLen == 4096) { +- /* Load the error strings. */ +- ERR_load_CRYPTO_strings(); +- +- pRSA = RSA_new(); +- pBigNum = BN_new(); +- +- if (1 != BN_set_word(pBigNum, RSA_F4)) { +- retval = kStatus_SSS_Fail; +- LOG_E("sss_openssl_generate_rsa_key: BigNum creation Failed."); +- goto exit; +- } +- +- /* Generate the Keys. */ +- if (1 != RSA_generate_key_ex(pRSA, (int)keyBitLen, pBigNum, NULL)) { +- retval = kStatus_SSS_Fail; +- ulError = ERR_get_error(); +- pBuffer = (char *)ERR_error_string(ulError, (char *)pBuffer); +- LOG_E(" sss_openssl_generate_rsa_key"); +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- ERR_free_strings(); +-#endif +- BN_free(pBigNum); +- goto exit; +- } +- BN_clear_free(pBigNum); +- +- /* Assign the EC Key to generic Key context. */ +- pKey = (EVP_PKEY *)keyObject->contents; +- if (!EVP_PKEY_set1_RSA(pKey, pRSA)) { +- retval = kStatus_SSS_Fail; +- LOG_E("Unable to assigning RSA key to EVP_PKEY context."); +- BN_free(pBigNum); +- RSA_free(pRSA); +- goto exit; +- } +- } +- else { +- LOG_E("No support for keyBitLen."); +- retval = kStatus_SSS_Fail; +- } +- +-exit: +- RSA_free(pRSA); +- return retval; +-} +- +-sss_status_t openssl_convert_to_bio(sss_openssl_object_t *keyObject, char *base64_format, int base64_format_len) +-{ +- BIO *pBio_Pem = NULL; +- EVP_PKEY *pKey = NULL; +- char *pem_format = NULL; +- char *start = NULL; +- char *end = NULL; +- sss_status_t ret = kStatus_SSS_Fail; +- uint32_t objectType = keyObject->objectType; +- +- switch (objectType) { +- case kSSS_KeyPart_Public: +- start = BEGIN_PUBLIC; +- end = END_PUBLIC; +- break; +- case kSSS_KeyPart_Private: +- case kSSS_KeyPart_Pair: { +- if (keyObject->cipherType == kSSS_CipherType_RSA || keyObject->cipherType == kSSS_CipherType_RSA_CRT) { +- start = BEGIN_RSA_PRIVATE; +- end = END_RSA_PRIVATE; +- break; +- } +- else if (keyObject->cipherType == kSSS_CipherType_EC_NIST_P || +- keyObject->cipherType == kSSS_CipherType_EC_NIST_K || +- keyObject->cipherType == kSSS_CipherType_EC_BRAINPOOL || +- keyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY || +- keyObject->cipherType == kSSS_CipherType_EC_TWISTED_ED) { +- start = BEGIN_EC_PRIVATE; +- end = END_EC_PRIVATE; +- break; +- } +- else { +- goto exit; +- } +- } +- default: +- goto exit; +- } +- +- pem_format = (char *)SSS_CALLOC(1, base64_format_len + strlen(start) + strlen(end) + 1); +- /* Convert Base64 to PEM format. */ +- snprintf(pem_format, +- (strlen(base64_format) + strlen(start) + strlen(end) + 1), +- "%s" +- "%s" +- "%s", +- start, +- base64_format, +- end); +- +- /* Assign the PEM_Format to BIO. */ +- pBio_Pem = BIO_new_mem_buf(pem_format, (int)strlen(pem_format)); +- if (pBio_Pem == NULL) { +- LOG_E("Unable to assign the PEM to BIO buffer."); +- goto exit; +- } +- +- if (objectType == kSSS_KeyPart_Public) { +- /* Convert the BIO to PKEY format. */ +- pKey = PEM_read_bio_PUBKEY(pBio_Pem, NULL, NULL, NULL); +- } +- else { +- pKey = PEM_read_bio_PrivateKey(pBio_Pem, NULL, NULL, NULL); +- } +- +- if (pKey == NULL) { +- LOG_E("Unable to read the key from PEM."); +- goto exit; +- } +- +- EVP_PKEY_free((EVP_PKEY *)keyObject->contents); +- keyObject->contents = pKey; +- +- ret = kStatus_SSS_Success; +-exit: +- +- BIO_free(pBio_Pem); +- pBio_Pem = NULL; +- +- if (pem_format) +- SSS_FREE(pem_format); +- +- return ret; +-} +- +-static sss_status_t sss_openssl_set_key( +- sss_openssl_object_t *keyObject, const uint8_t *keyBuf, size_t keyBufLen, size_t keyBitLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- char *base64_format = NULL; +- BIO *pBio_Mem = NULL, *pBio_64 = NULL; +- BUF_MEM *pBufMem = NULL; +- //EVP_PKEY *pKey = NULL; +- sss_status_t ret = kStatus_SSS_Fail; +- +- if (keyObject->objectType == kSSS_KeyPart_Default) { +- if (keyBufLen > keyObject->contents_max_size) { +- LOG_E("Not enough memory for key_size."); +- goto exit; +- } +- else { +- if (keyBuf != NULL) /* For Empty Certificate */ +- memcpy(keyObject->contents, keyBuf, keyBufLen); +- keyObject->contents_size = keyBufLen; +- } +- } +- else if ((keyObject->objectType == kSSS_KeyPart_Private) || (keyObject->objectType == kSSS_KeyPart_Public) || +- (keyObject->objectType == kSSS_KeyPart_Pair)) { +- pBio_64 = BIO_new(BIO_f_base64()); +- if (pBio_64 == NULL) { +- LOG_E("Unable to initialize Base64 format."); +- goto exit; +- } +- BIO_set_flags(pBio_64, BIO_FLAGS_BASE64_NO_NL); +- //BIO_set_close(pBio_64, BIO_NOCLOSE); +- +- pBio_Mem = BIO_new(BIO_s_mem()); +- if (pBio_Mem == NULL) { +- LOG_E("Unable to initialize Base64 mem format."); +- goto exit; +- } +- //BIO_set_close(pBio_Mem, BIO_NOCLOSE); +- +- pBio_64 = BIO_push(pBio_64, pBio_Mem); +- +- BIO_write(pBio_64, keyBuf, (int)keyBufLen); +- if (pBio_64 == NULL) { +- LOG_E(" sss_openssl_set_key: key write failure."); +- goto exit; +- } +- +- if (BIO_flush(pBio_64) < 1) { +- LOG_E("sss_openssl_set_key: flushing failed."); +- goto exit; +- } +- +- BIO_get_mem_ptr(pBio_64, &pBufMem); +- base64_format = SSS_CALLOC(1, (pBufMem->length) + 1); +- memcpy(base64_format, pBufMem->data, pBufMem->length); +- base64_format[pBufMem->length] = '\0'; +- +- ret = openssl_convert_to_bio(keyObject, base64_format, (int)pBufMem->length); +- if (ret != kStatus_SSS_Success) { +- LOG_E(" sss_openssl_set_key: flushing failed."); +- goto exit; +- } +- } +- else { +- goto exit; +- } +- +- keyObject->keyBitLen = keyBitLen; +- +- retval = kStatus_SSS_Success; +-exit: +- BIO_free(pBio_Mem); +- pBio_Mem = NULL; +- +- BIO_free(pBio_64); +- pBio_64 = NULL; +- +- if (base64_format) +- SSS_FREE(base64_format); +- +- return retval; +-} +- +-static sss_status_t sss_openssl_hkdf_extract(const EVP_MD *md, +- const uint8_t *salt, +- size_t salt_len, +- const uint8_t *ikm, +- size_t ikm_len, +- uint8_t *prk, +- unsigned int *prk_len) +-{ +- int hash_len; +- unsigned char null_salt[EVP_MAX_MD_SIZE] = {'\0'}; +- sss_status_t retval = kStatus_SSS_Success; +- +- hash_len = EVP_MD_size(md); +- +- if (salt == NULL) { +- salt = null_salt; +- salt_len = hash_len; +- } +- +- unsigned int iPrkLen = *prk_len; +- if (HMAC(md, salt, (int)salt_len, ikm, (int)ikm_len, prk, &iPrkLen) == NULL) { +- retval = kStatus_SSS_Fail; +- } +- *prk_len = iPrkLen; +- +- return retval; +-} +- +-static sss_status_t sss_openssl_hkdf_expand(const EVP_MD *md, +- const uint8_t *prk, +- size_t prk_len, +- const uint8_t *info, +- size_t info_len, +- uint8_t *okm, +- size_t okm_len) +-{ +- size_t hash_len; +- size_t N; +- size_t T_len = 0, where = 0, i; +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- HMAC_CTX hmac; +-#else +- HMAC_CTX *hmac = NULL; +-#endif +- unsigned char T[EVP_MAX_MD_SIZE]; +- sss_status_t retval = kStatus_SSS_Success; +- +- if (info_len == 0 || okm_len == 0 || okm == NULL) { +- retval = kStatus_SSS_InvalidArgument; +- goto exit; +- } +- +- hash_len = EVP_MD_size(md); +- +- if (info == NULL) { +- info = (const unsigned char *)""; +- } +- +- N = okm_len / hash_len; +- +- if ((okm_len % hash_len) != 0) { +- N++; +- } +- +- if (N > 255) { +- retval = kStatus_SSS_InvalidArgument; +- goto exit; +- } +- +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- HMAC_CTX_init(&hmac); +-#else +- hmac = HMAC_CTX_new(); +- if (hmac == NULL) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +-#endif +- +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- if (!HMAC_Init_ex(&hmac, prk, (int)prk_len, md, NULL)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- /* Section 2.3. */ +- for (i = 1; i <= N; i++) { +- unsigned char c = (unsigned char)i; +- +- if (i > 1) { +- if (!HMAC_Init_ex(&hmac, NULL, 0, NULL, NULL)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- if (!HMAC_Update(&hmac, T, T_len)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +- +- if (!HMAC_Update(&hmac, info, info_len)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- if (!HMAC_Update(&hmac, &c, 1)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- if (!HMAC_Final(&hmac, T, NULL)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- memcpy(okm + where, T, (i != N) ? hash_len : (okm_len - where)); +- where += hash_len; +- T_len = hash_len; +- } +-#else +- if (!HMAC_Init_ex(hmac, prk, (int)prk_len, md, NULL)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- /* Section 2.3. */ +- for (i = 1; i <= N; i++) { +- unsigned char c = (unsigned char)i; +- +- if (i > 1) { +- if (!HMAC_Init_ex(hmac, NULL, 0, NULL, NULL)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- if (!HMAC_Update(hmac, T, T_len)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +- +- if (!HMAC_Update(hmac, info, info_len)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- if (!HMAC_Update(hmac, &c, 1)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- if (!HMAC_Final(hmac, T, NULL)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- memcpy(okm + where, T, (i != N) ? hash_len : (okm_len - where)); +- where += hash_len; +- T_len = hash_len; +- } +-#endif +- +-exit: +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +- HMAC_CTX_cleanup(&hmac); +-#else +- HMAC_CTX_free(hmac); +-#endif +- return retval; +-} +-static sss_status_t sss_openssl_aead_one_go_encrypt(sss_openssl_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- int ret = 0; +- int len = 0; +- size_t dest_len = 0; +- /* Initialise key and IV */ +- ret = EVP_EncryptInit_ex(context->aead_ctx, NULL, NULL, context->keyObject->contents, nonce); +- ENSURE_OR_GO_EXIT(ret == 1); +- if (aad != NULL) { +- /* Add AAD data.*/ +- ret = EVP_EncryptUpdate(context->aead_ctx, NULL, &len, aad, aadLen); +- ENSURE_OR_GO_EXIT(ret == 1); +- } +- if (srcData != NULL) { +- /* Encrypt plaintext */ +- ret = EVP_EncryptUpdate(context->aead_ctx, destData, &len, srcData, size); +- ENSURE_OR_GO_EXIT(ret == 1); +- dest_len = len; +- } +- +- /* Finalise the encryption */ +- ret = EVP_EncryptFinal_ex(context->aead_ctx, tag, &len); +- ENSURE_OR_GO_EXIT(ret == 1); +- +- /* Get the tag */ +- ret = EVP_CIPHER_CTX_ctrl(context->aead_ctx, EVP_CTRL_GCM_GET_TAG, EVP_CTRL_GCM_GET_TAG, tag); +- ENSURE_OR_GO_EXIT(ret == 1); +- *tagLen = EVP_CTRL_GCM_GET_TAG; +- retval = kStatus_SSS_Success; +- +-exit: +- return retval; +-} +- +-static sss_status_t sss_openssl_aead_one_go_decrypt(sss_openssl_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- int ret = 0; +- int len = 0; +- +- /* Initialise key and IV */ +- ret = EVP_DecryptInit_ex(context->aead_ctx, NULL, NULL, context->keyObject->contents, nonce); +- ENSURE_OR_GO_EXIT(ret == 1); +- +- /* Specify any AAD */ +- if (aad != NULL) { +- ret = EVP_DecryptUpdate(context->aead_ctx, NULL, &len, aad, aadLen); +- ENSURE_OR_GO_EXIT(ret == 1); +- } +- +- /* Decrypt ciphertext */ +- if (srcData != NULL) { +- ret = EVP_DecryptUpdate(context->aead_ctx, destData, &len, srcData, size); +- ENSURE_OR_GO_EXIT(ret == 1); +- } +- +- /* Set tag value. */ +- ret = EVP_CIPHER_CTX_ctrl(context->aead_ctx, EVP_CTRL_CCM_SET_TAG, 16, tag); +- ENSURE_OR_GO_EXIT(ret == 1); +- +- /* Finalise decrypt */ +- ret = EVP_DecryptFinal_ex(context->aead_ctx, destData, &len); +- ENSURE_OR_GO_EXIT(ret == 1); +- retval = kStatus_SSS_Success; +- +-exit: +- return retval; +-} +- +-#endif /* SSS_HAVE_OPENSSL */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_apis.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_apis.c +deleted file mode 100644 +index cabfdff7d3..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_apis.c ++++ /dev/null +@@ -1,7104 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file */ +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#include +-#include +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include "nxEnsure.h" +-#include "nxScp03_Apis.h" +-#include "se05x_APDU.h" +-#include "se05x_tlv.h" +-#include "smCom.h" +-#if defined(SMCOM_JRCP_V1_AM) +-#include "sm_timer.h" +-#endif +- +-#if (USE_RTOS) +-#define LOCK_TXN(lock) \ +- LOG_D("Trying to Acquire Lock"); \ +- if (xSemaphoreTake(lock, portMAX_DELAY) == pdTRUE) { \ +- LOG_D("LOCK Acquired"); \ +- } \ +- else { \ +- LOG_D("LOCK Acquisition failed"); \ +- } +-#define UNLOCK_TXN(lock) \ +- LOG_D("Trying to Released Lock"); \ +- if (xSemaphoreGive(lock) == pdTRUE) { \ +- LOG_D("LOCK Released"); \ +- } \ +- else { \ +- LOG_D("LOCK Releasing failed"); \ +- } +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +-#define LOCK_TXN(lock) \ +- LOG_D("Trying to Acquire Lock thread: %ld", pthread_self()); \ +- pthread_mutex_lock(&lock); \ +- LOG_D("LOCK Acquired by thread: %ld", pthread_self()); +- +-#define UNLOCK_TXN(lock) \ +- LOG_D("Trying to Released Lock by thread: %ld", pthread_self()); \ +- pthread_mutex_unlock(&lock); \ +- LOG_D("LOCK Released by thread: %ld", pthread_self()); +-#elif __MBED__ +-#define LOCK_TXN(lock) \ +- LOG_D("Trying to Acquire Lock"); \ +- if (osSemaphoreAcquire(lock, 0) == osOK) \ +- LOG_D("LOCK Acquired"); \ +- else \ +- LOG_D("LOCK Acquisition failed"); +-#define UNLOCK_TXN(lock) \ +- LOG_D("Trying to Released Lock"); \ +- if (osSemaphoreRelease(lock) == osOK) \ +- LOG_D("LOCK Released"); \ +- else \ +- LOG_D("LOCK Releasing failed"); +-#endif +- +-#if (__GNUC__ && !AX_EMBEDDED) || (USE_RTOS) || (__MBED__) +-#define USE_LOCK 1 +-#else +-#define USE_LOCK 0 +-#endif +- +-#if __MBED__ +-static mbed_rtos_storage_semaphore_t channelLock_mem; +-#endif +- +-static SE05x_ECSignatureAlgo_t se05x_get_ec_sign_hash_mode(sss_algorithm_t algorithm); +- +-/* Used during testing as well */ +-void get_ecc_raw_data(uint8_t *key, size_t keylen, uint8_t **key_buf, size_t *key_buflen, uint32_t curve_id); +- +-#if SSSFTR_SE05X_AuthSession +-static smStatus_t se05x_CreateVerifyUserIDSession( +- pSe05xSession_t se05xSession, const uint32_t auth_id, SE05x_AuthCtx_ID_t *pin, pSe05xPolicy_t policy); +-#endif +- +-#if SSS_HAVE_SCP_SCP03_SSS +-#if SSSFTR_SE05X_AuthECKey +-static smStatus_t se05x_CreateECKeySession( +- pSe05xSession_t se05xSession, const uint32_t auth_id, SE05x_AuthCtx_ECKey_t *pFScpCtx); +-#endif +- +-#if SSSFTR_SE05X_AuthSession +-static smStatus_t se05x_CreateVerifyAESKeySession( +- pSe05xSession_t se05xSession, const uint32_t auth_id, NXSCP03_AuthCtx_t *pAppletSCPCtx); +-#endif +-#endif +- +-static smStatus_t sss_se05x_channel_txnRaw(void *conn_ctx, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rsp, +- size_t *rspLen, +- uint8_t hasle); +-#if 0 +-static SE05x_RSASignatureAlgo_t se05x_get_rsa_sign_mode( +- sss_algorithm_t algorithm); +-#endif +- +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +-static SE05x_RSAEncryptionAlgo_t se05x_get_rsa_encrypt_mode(sss_algorithm_t algorithm); +-static SE05x_RSASignatureAlgo_t se05x_get_rsa_sign_hash_mode(sss_algorithm_t algorithm); +-#endif +-static SE05x_CipherMode_t se05x_get_cipher_mode(sss_algorithm_t algorithm); +-static SE05x_MACAlgo_t se05x_get_mac_algo(sss_algorithm_t algorithm); +-#if SSSFTR_SE05X_KEY_SET || SSSFTR_SE05X_KEY_GET +-static uint8_t CheckIfKeyIdExists(uint32_t keyId, pSe05xSession_t session_ctx); +-#endif +-static smStatus_t sss_se05x_channel_txn(void *conn_ctx, +- struct _sss_se05x_tunnel_context *pChannelCtx, +- SE_AuthType_t currAuth, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rsp, +- size_t *rspLen, +- uint8_t hasle); +- +-static smStatus_t sss_se05x_TXn(struct Se05xSession *pSession, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rsp, +- size_t *rspLen, +- uint8_t hasle); +- +-#if SSSFTR_SE05X_AuthECKey || SSSFTR_SE05X_AuthSession +-static sss_status_t sss_session_auth_open(sss_se05x_session_t *session, +- sss_type_t subsystem, +- uint32_t auth_id, +- sss_connection_type_t connection_type, +- void *connectionData); +-#endif +- +-#if SSSFTR_SE05X_RSA && SSSFTR_SE05X_KEY_SET && SSS_HAVE_RSA +-static sss_status_t sss_se05x_key_store_set_rsa_key(sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- const uint8_t *key, +- size_t keyLen, +- size_t keyBitLen, +- void *policy_buff, +- size_t policy_buff_len); +-#endif +- +-#if SSSFTR_SE05X_ECC || SSSFTR_SE05X_RSA +-static sss_status_t se05x_check_input_len(size_t inLen, sss_algorithm_t algorithm); +-#endif +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-static sss_status_t sss_se05x_aead_CCMfinish(sss_se05x_aead_t *context, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen, +- uint8_t *tag, +- size_t *tagLen); +-#endif +- +-#if SSSFTR_SE05X_ECC && SSSFTR_SE05X_KEY_SET +-static smStatus_t sss_se05x_LL_set_ec_key(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_ECCurve_t curveID, +- const uint8_t *privKey, +- size_t privKeyLen, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- SE05x_Result_t obj_exists); +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-typedef smStatus_t (*fp_Ec_KeyWrite_t)(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_ECCurve_t curveID, +- const uint8_t *privKey, +- size_t privKeyLen, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- uint32_t version); +-#endif //SSS_HAVE_SE05X_VER_GTE_06_00 +-#endif //SSSFTR_SE05X_ECC && SSSFTR_SE05X_KEY_SET +- +-#if SSSFTR_SE05X_KEY_SET +-static smStatus_t sss_se05x_LL_set_symm_key(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_KeyID_t kekID, +- const uint8_t *keyValue, +- size_t keyValueLen, +- const SE05x_INS_t ins_type, +- const SE05x_SymmKeyType_t type, +- SE05x_Result_t obj_exists); +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-typedef smStatus_t (*fp_Symm_KeyWrite_t)(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_KeyID_t kekID, +- const uint8_t *keyValue, +- size_t keyValueLen, +- const SE05x_INS_t ins_type, +- const SE05x_SymmKeyType_t type, +- uint32_t version); +-#endif //SSS_HAVE_SE05X_VER_GTE_06_00 +-#endif //SSSFTR_SE05X_AES && SSSFTR_SE05X_KEY_SET +- +-#if SSSFTR_SE05X_RSA && SSSFTR_SE05X_KEY_SET && SSS_HAVE_RSA +-static smStatus_t sss_se05x_LL_set_RSA_key(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t size, +- const uint8_t *p, +- size_t pLen, +- const uint8_t *q, +- size_t qLen, +- const uint8_t *dp, +- size_t dpLen, +- const uint8_t *dq, +- size_t dqLen, +- const uint8_t *qInv, +- size_t qInvLen, +- const uint8_t *pubExp, +- size_t pubExpLen, +- const uint8_t *priv, +- size_t privLen, +- const uint8_t *pubMod, +- size_t pubModLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- const SE05x_RSAKeyFormat_t rsa_format, +- SE05x_Result_t obj_exists); +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-typedef smStatus_t (*fp_RSA_KeyWrite_t)(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t size, +- const uint8_t *p, +- size_t pLen, +- const uint8_t *q, +- size_t qLen, +- const uint8_t *dp, +- size_t dpLen, +- const uint8_t *dq, +- size_t dqLen, +- const uint8_t *qInv, +- size_t qInvLen, +- const uint8_t *pubExp, +- size_t pubExpLen, +- const uint8_t *priv, +- size_t privLen, +- const uint8_t *pubMod, +- size_t pubModLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- const SE05x_RSAKeyFormat_t rsa_format, +- uint32_t version); +-#endif //SSS_HAVE_SE05X_VER_GTE_06_00 +-#endif //SSSFTR_SE05X_RSA && SSSFTR_SE05X_KEY_SET && SSS_HAVE_RSA +-/* ************************************************************************** */ +-/* Defines */ +-/* ************************************************************************** */ +- +-/* ************************************************************************** */ +-/* Functions : sss_se05x_session */ +-/* ************************************************************************** */ +- +-sss_status_t sss_se05x_session_create(sss_se05x_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- /* Nothing special to be handled */ +- return retval; +-} +- +-#define HEX_EXPECTED_APPLET_VERSION \ +- (0 | (APPLET_SE050_VER_MAJOR) << (8 * 3) | (APPLET_SE050_VER_MINOR) << (8 * 2) | (APPLET_SE050_VER_DEV) << (8 * 1)) +- +-#if defined(APPLET_SE050_VER_DEV_PATCH1) +-#define HEX_EXPECTED_APPLET_VERSION_PATCH1 \ +- (0 | (APPLET_SE050_VER_MAJOR) << (8 * 3) | (APPLET_SE050_VER_MINOR) << (8 * 2) | \ +- (APPLET_SE050_VER_DEV_PATCH1) << (8 * 1)) +-#endif +- +-sss_status_t sss_se05x_session_open(sss_se05x_session_t *session, +- sss_type_t subsystem, +- uint32_t application_id, +- sss_connection_type_t connection_type, +- void *connectionData) +-{ +- sss_status_t retval = kStatus_SSS_InvalidArgument; +- SE05x_Connect_Ctx_t *pAuthCtx = NULL; +- SmCommState_t CommState = {0}; +- smStatus_t status = SM_NOT_OK; +- U16 lReturn; +- pSe05xSession_t se05xSession; +-#if defined(SMCOM_JRCP_V1_AM) +- int session_open_retry_cnt = 1; +- int session_open_retry_dly = 1; //seconds +- int session_open_retry_cnt_max = 50; +- int session_open_retry_dly_max = 10; //seconds +-#endif +- +- ENSURE_OR_GO_EXIT(session); +- se05xSession = &session->s_ctx; +- +- memset(session, 0, sizeof(*session)); +- +- ENSURE_OR_GO_EXIT(connectionData); +- pAuthCtx = (SE05x_Connect_Ctx_t *)connectionData; +- +- if (pAuthCtx->connType != kType_SE_Conn_Type_Channel) { +- uint8_t atr[100]; +- uint16_t atrLen = ARRAY_SIZE(atr); +- CommState.connType = pAuthCtx->connType; +- if (1 == pAuthCtx->skip_select_applet) { +- if (pAuthCtx->auth.authType == kSSS_AuthType_None) { +- CommState.select = SELECT_NONE; +- } +- else if (pAuthCtx->auth.authType == kSSS_AuthType_SCP03) { +- CommState.select = SELECT_SSD; +- } +- } +-#if defined(SMCOM_JRCP_V1) || defined(SMCOM_JRCP_V2) || defined(RJCT_VCOM) || defined(SMCOM_PCSC) || \ +- defined(SMCOM_RC663_VCOM) +- lReturn = SM_RjctConnect(&(se05xSession->conn_ctx), pAuthCtx->portName, &CommState, atr, &atrLen); +- +- if (lReturn != SW_OK) { +- LOG_E("SM_RjctConnect Failed. Status %04X", lReturn); +- goto exit; +- } +- if (atrLen != 0) { +- LOG_AU8_I(atr, atrLen); +- } +-#else +- /* AX_EMBEDDED Or Native */ +- lReturn = SM_I2CConnect(&(se05xSession->conn_ctx), &CommState, atr, &atrLen, pAuthCtx->portName); +- if (lReturn != SW_OK) { +- LOG_E("SM_Connect Failed. Status %04X", lReturn); +- retval = kStatus_SSS_Fail; +- return retval; +- } +- if (atrLen != 0) { +- LOG_AU8_I(atr, atrLen); +- } +-#endif +- if (1 == pAuthCtx->skip_select_applet) { +- status = (smStatus_t)lReturn; +- /* Not selecting the applet, so we don't know whether it's old or new */ +- } +- else { +- if (HEX_EXPECTED_APPLET_VERSION == (0xFFFFFF00 & CommState.appletVersion)) { +- /* Fine */ +- } +-#if defined(HEX_EXPECTED_APPLET_VERSION_PATCH1) +- else if (HEX_EXPECTED_APPLET_VERSION_PATCH1 == (0xFFFFFF00 & CommState.appletVersion)) { +- /* Fine */ +- } +-#endif +- else if ((0xFFFFFF00 & CommState.appletVersion) < HEX_EXPECTED_APPLET_VERSION) { +- LOG_E("Mismatch Applet version."); +- LOG_E("Compiled for 0x%X. Got older 0x%X", +- (HEX_EXPECTED_APPLET_VERSION) >> 8, +- (CommState.appletVersion) >> 8); +- LOG_E("Aborting!!!"); +- SM_Close(se05xSession->conn_ctx, 0); +- return kStatus_SSS_Fail; +- } +- else { +- LOG_I("Newer version of Applet Found"); +- LOG_I("Compiled for 0x%X. Got newer 0x%X", +- (HEX_EXPECTED_APPLET_VERSION) >> 8, +- (CommState.appletVersion) >> 8); +- } +- } +- } +- +- if (pAuthCtx->auth.authType == kSSS_AuthType_ECKey) { +- if (CommState.appletVersion == 0) { +- /*Get Applet version from previously opened session*/ +- uint8_t appletVersion[32] = {0}; +- uint8_t versionIterator = 0; +- size_t appletVersionLen = sizeof(appletVersion); +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)pAuthCtx->tunnelCtx->session; +- status = Se05x_API_GetVersion(&se05x_session->s_ctx, appletVersion, &appletVersionLen); +- if (status != SM_OK) { +- LOG_E("Unable to retrive applet version"); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- for (versionIterator = 0; versionIterator < 3; versionIterator++) { +- CommState.appletVersion = CommState.appletVersion << 8 | appletVersion[versionIterator]; +- } +- CommState.appletVersion = CommState.appletVersion << 8; +- } +- if (CommState.appletVersion >= 0x03050000) { +- pAuthCtx->auth.ctx.eckey.pDyn_ctx->authType = kSSS_AuthType_INT_ECKey_Counter; +- } +- else { +- pAuthCtx->auth.ctx.eckey.pDyn_ctx->authType = kSSS_AuthType_ECKey; +- } +- } +- +- se05xSession->fp_TXn = &sss_se05x_TXn; +- se05xSession->fp_RawTXn = &sss_se05x_channel_txn; +- +- /* Auth type is None */ +- if (1 == pAuthCtx->skip_select_applet) { +- /* Not selecting the applet */ +- } +- else { +- if ((pAuthCtx->auth.authType == kSSS_AuthType_None) && (connection_type == kSSS_ConnectionType_Plain)) { +- LOG_W("Communication channel is Plain."); +- LOG_W("!!!Not recommended for production use.!!!"); +- se05xSession->fp_Transform = &se05x_Transform; +- se05xSession->fp_DeCrypt = &se05x_DeCrypt; +- se05xSession->authType = kSSS_AuthType_None; +- status = SM_OK; +- } +- } +- +-#if SSS_HAVE_SCP_SCP03_SSS +- /* Auth type is Platform SCP03 */ +- if ((pAuthCtx->auth.authType == kSSS_AuthType_SCP03) && (connection_type == kSSS_ConnectionType_Encrypted)) { +- se05xSession->fp_Transform = &se05x_Transform; +- se05xSession->fp_DeCrypt = &se05x_DeCrypt; +- se05xSession->authType = kSSS_AuthType_SCP03; +- retval = nxScp03_AuthenticateChannel(se05xSession, &pAuthCtx->auth.ctx.scp03); +- if (retval == kStatus_SSS_Success) { +- /* There is a differnet behaviour of Platform SCP between SE050 and future applet. +- * Here we switch make it clear. */ +- if (CommState.appletVersion >= 0x04030000) { +- pAuthCtx->auth.ctx.scp03.pDyn_ctx->authType = (uint8_t)kSSS_AuthType_AESKey; +- } +- else { +- pAuthCtx->auth.ctx.scp03.pDyn_ctx->authType = (uint8_t)kSSS_AuthType_SCP03; +- } +- /*Auth type to Platform SCP03 again as channel authentication will modify it +- to auth type None*/ +- se05xSession->authType = kSSS_AuthType_SCP03; +- se05xSession->pdynScp03Ctx = pAuthCtx->auth.ctx.scp03.pDyn_ctx; +- status = SM_OK; +- se05xSession->fp_Transform = &se05x_Transform_scp; +- } +- else { +- LOG_E("Could not set SCP03 Secure Channel"); +- } +- } +-#else +- if (pAuthCtx->auth.authType != kSSS_AuthType_None && pAuthCtx->auth.authType != kSSS_AuthType_ID) { +- LOG_E( +- "Set the SCP to SCP03_SSS in the build configuration and " +- "recompile.!"); +- } +- +-#endif +- +-#if SSSFTR_SE05X_AuthECKey || SSSFTR_SE05X_AuthSession +- if (pAuthCtx->connType == kType_SE_Conn_Type_Channel) { +- se05xSession->pChannelCtx = (struct _sss_se05x_tunnel_context *)pAuthCtx->tunnelCtx; +- } +- +- if ((application_id != 0) && +- ((connection_type == kSSS_ConnectionType_Password) || (connection_type == kSSS_ConnectionType_Encrypted))) { +- +-#if defined(SMCOM_JRCP_V1_AM) +- { +- // Overwrite session_open_retry_cnt and session_open_retry_dly from env variables +- const char *retry_cnt = NULL; +- const char *retry_dly = NULL; +- +- retry_cnt = getenv("EX_SSS_SESSION_OPEN_RETRY_CNT"); +- if (retry_cnt != NULL) { +- session_open_retry_cnt = atoi(retry_cnt); +- if (session_open_retry_cnt > session_open_retry_cnt_max) { +- session_open_retry_cnt = session_open_retry_cnt_max; +- } +- LOG_I("Session Open Retry Count ='%d' ", session_open_retry_cnt); +- } +- +- retry_dly = getenv("EX_SSS_SESSION_OPEN_RETRY_DLY"); +- if (retry_dly != NULL) { +- session_open_retry_dly = atoi(retry_dly); +- if (session_open_retry_dly < 1) { +- session_open_retry_dly = 1; +- } +- if (session_open_retry_dly > session_open_retry_dly_max) { +- session_open_retry_dly = session_open_retry_dly_max; +- } +- LOG_I("Session Open Retry Delay ='%d' ", session_open_retry_dly); +- } +- } +- +- do { +- if (session_open_retry_cnt > 0) { +- session_open_retry_cnt--; +- } +- SM_LOCK_CHANNEL(); +- retval = sss_session_auth_open(session, subsystem, application_id, connection_type, connectionData); +- SM_UNLOCK_CHANNEL(); +- if (retval == kStatus_SSS_Success) { +- break; +- } +- +- sm_sleep(session_open_retry_dly * 1000); +- +- } while (session_open_retry_cnt > 0); +-#else +- SM_LOCK_CHANNEL(); +- retval = sss_session_auth_open(session, subsystem, application_id, connection_type, connectionData); +- SM_UNLOCK_CHANNEL(); +-#endif +- +- +- if (retval == kStatus_SSS_Success) { +- status = SM_OK; +- } +- else { +- /* Check if this is not tunnel session to avoid multiple close */ +- if (pAuthCtx->connType != kType_SE_Conn_Type_Channel) { +- SM_Close(se05xSession->conn_ctx, 0); +- } +- status = SM_NOT_OK; +- } +- } +-#endif +- +- if (status == SM_OK) { +- session->subsystem = subsystem; +- retval = kStatus_SSS_Success; +- } +- else { +- memset(session, 0x00, sizeof(*session)); +- retval = kStatus_SSS_Fail; +- } +-exit: +- return retval; +-} +- +-#if SSSFTR_SE05X_AuthECKey || SSSFTR_SE05X_AuthSession +-static sss_status_t sss_session_auth_open(sss_se05x_session_t *session, +- sss_type_t subsystem, +- uint32_t auth_id, +- sss_connection_type_t connect_type, +- void *connectionData) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- void *conn_ctx = session->s_ctx.conn_ctx; +- memset(session, 0, sizeof(*session)); +- SE05x_Connect_Ctx_t *pAuthCtx; +- smStatus_t status = SM_NOT_OK; +-#if SSSFTR_SE05X_AuthSession +- Se05xPolicy_t se05x_policy; +- uint8_t *ppolicySet; +- uint8_t session_policies_buff[MAX_POLICY_BUFFER_SIZE]; +- size_t valid_policy_buff_len = 0; +-#endif +- retval = kStatus_SSS_Fail; +- pSe05xSession_t se05xSession = &session->s_ctx; +- +- /* Restore connection context */ +- se05xSession->conn_ctx = conn_ctx; +- +- ENSURE_OR_GO_EXIT(connectionData != NULL); +- pAuthCtx = (SE05x_Connect_Ctx_t *)connectionData; +- +- if ((pAuthCtx->auth.authType == kSSS_AuthType_ID) && (connect_type != kSSS_ConnectionType_Password)) { +- LOG_D("ERROR: Need both AUTHType=ID and ConnType=Password"); +- goto exit; +- } +- if (((pAuthCtx->auth.authType == kSSS_AuthType_AESKey) || (pAuthCtx->auth.authType == kSSS_AuthType_ECKey)) && +- (connect_type != kSSS_ConnectionType_Encrypted)) { +- LOG_D("ERROR: Need both AUTHType={AESKey||ECKey} and ConnType=Encrypted"); +- goto exit; +- } +- +- se05xSession->fp_TXn = &sss_se05x_TXn; +- se05xSession->fp_RawTXn = &sss_se05x_channel_txn; +- if (pAuthCtx->connType == kType_SE_Conn_Type_Channel) { +- se05xSession->pChannelCtx = (struct _sss_se05x_tunnel_context *)pAuthCtx->tunnelCtx; +- } +- +-#if SSSFTR_SE05X_AuthSession +- /*Session Policy check*/ +- if (pAuthCtx->session_policy) { +- if (kStatus_SSS_Success != sss_se05x_create_session_policy_buffer( +- pAuthCtx->session_policy, &session_policies_buff[0], &valid_policy_buff_len)) { +- goto exit; +- } +- ppolicySet = session_policies_buff; +- } +- else { +- ppolicySet = NULL; +- } +- +- se05x_policy.value = (uint8_t *)ppolicySet; +- se05x_policy.value_len = valid_policy_buff_len; +-#endif +- +- /* Auth type is Platform UserID */ +- +- if (pAuthCtx->auth.authType == kSSS_AuthType_ID) +-#if SSSFTR_SE05X_AuthSession +- { +- LOG_W("Communication channel is with UserID (But Plain)."); +- LOG_W("!!!Not recommended for production use.!!!"); +- se05xSession->fp_Transform = &se05x_Transform; +- se05xSession->fp_DeCrypt = &se05x_DeCrypt; +- +- status = se05x_CreateVerifyUserIDSession(se05xSession, auth_id, &pAuthCtx->auth.ctx.idobj, &se05x_policy); +- if (status != SM_OK) { +- se05xSession->hasSession = 1; +- se05xSession->authType = kSSS_AuthType_ID; +- } +- } +-#else +- LOG_W("User Id Support compiled out"); +- status = SM_NOT_OK; +-#endif +- +-#if SSS_HAVE_SCP_SCP03_SSS +- /* Auth type is ECKey */ +- if ((pAuthCtx->auth.authType == kSSS_AuthType_ECKey) && (auth_id != 0)) { +-#if SSSFTR_SE05X_AuthECKey && SSSFTR_SE05X_AuthSession +- se05xSession->fp_Transform = &se05x_Transform; +- se05xSession->fp_DeCrypt = &se05x_DeCrypt; +- status = se05x_CreateECKeySession(se05xSession, auth_id, &pAuthCtx->auth.ctx.eckey); +- if (status == SM_OK) { +- se05xSession->fp_Transform = &se05x_Transform_scp; +- if (se05x_policy.value_len > 0) { +- status = Se05x_API_ExchangeSessionData(se05xSession, &se05x_policy); +- } +- } +-#else +- LOG_W("ECKey Support compiled out"); +- status = SM_NOT_OK; +-#endif +- } +- /* Auth type is Applet SCP03 */ +- if ((pAuthCtx->auth.authType == kSSS_AuthType_AESKey) && (auth_id != 0)) { +-#if SSSFTR_SE05X_AuthSession +- se05xSession->fp_Transform = &se05x_Transform; +- se05xSession->fp_DeCrypt = &se05x_DeCrypt; +- status = se05x_CreateVerifyAESKeySession(se05xSession, auth_id, &pAuthCtx->auth.ctx.scp03); +- if (status == SM_OK) { +- se05xSession->fp_Transform = &se05x_Transform_scp; +- if (se05x_policy.value_len > 0) { +- status = SM_NOT_OK; +- status = Se05x_API_ExchangeSessionData(se05xSession, &se05x_policy); +- } +- } +-#else +- LOG_W("AppletSCP Support compiled out"); +- status = SM_NOT_OK; +-#endif +- } +- +-#endif +- +- if (status == SM_OK) { +- session->subsystem = subsystem; +- retval = kStatus_SSS_Success; +- } +- else { +- memset(session, 0x00, sizeof(*session)); +- retval = kStatus_SSS_Fail; +- } +- /* Restore connection context */ +- session->s_ctx.conn_ctx = conn_ctx; +- +-exit: +- return retval; +-} +- +-#endif +- +-sss_status_t sss_se05x_refresh_session(sss_se05x_session_t *session, void *connectionData) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- pSe05xSession_t se05xSession = &session->s_ctx; +- sss_policy_session_u *session_policy = (sss_policy_session_u *)connectionData; +- smStatus_t status = SM_NOT_OK; +- size_t valid_policy_buff_len = 0; +- Se05xPolicy_t se05x_policy = {0}; +- uint8_t *ppolicySet; +- uint8_t session_policies_buff[MAX_POLICY_BUFFER_SIZE]; +- +- if (session_policy) { +- if (kStatus_SSS_Success != +- sss_se05x_create_session_policy_buffer(session_policy, &session_policies_buff[0], &valid_policy_buff_len)) { +- goto exit; +- } +- ppolicySet = session_policies_buff; +- se05x_policy.value = (uint8_t *)ppolicySet; +- se05x_policy.value_len = valid_policy_buff_len; +- } +- else { +- ppolicySet = NULL; +- se05x_policy.value = NULL; +- se05x_policy.value_len = 0; +- } +- +- status = Se05x_API_RefreshSession(se05xSession, &se05x_policy); +- if (status == SM_OK) { +- retval = kStatus_SSS_Success; +- } +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_session_prop_get_u32(sss_se05x_session_t *session, uint32_t property, uint32_t *pValue) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- sss_session_prop_u32_t prop = (sss_session_prop_u32_t)property; +- sss_s05x_sesion_prop_u32_t se050xprop = (sss_s05x_sesion_prop_u32_t)property; +- +- if (pValue == NULL) { +- retval = kStatus_SSS_Fail; +- goto cleanup; +- } +- +- switch (prop) { +- case kSSS_SessionProp_VerMaj: +- *pValue = PLUGANDTRUST_HOSTLIB_VER_MAJOR; +- break; +- case kSSS_SessionProp_VerMin: +- *pValue = PLUGANDTRUST_HOSTLIB_VER_MINOR; +- break; +- case kSSS_SessionProp_VerDev: +- *pValue = PLUGANDTRUST_HOSTLIB_VER_DEV; +- break; +- case kSSS_SessionProp_UIDLen: +- *pValue = 18; +- break; +- default: +- *pValue = 0; +- retval = kStatus_SSS_Fail; +- } +- +- if (retval == kStatus_SSS_Success) +- goto cleanup; +- +- switch (se050xprop) { +- case kSSS_SE05x_SessionProp_CertUIDLen: { +- *pValue = 10; +- retval = kStatus_SSS_Success; +- } break; +- default: { +- *pValue = 0; +- retval = kStatus_SSS_Fail; +- } +- } +- +-cleanup: +- return retval; +-} +- +-sss_status_t sss_se05x_session_prop_get_au8( +- sss_se05x_session_t *session, uint32_t property, uint8_t *pValue, size_t *pValueLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- sss_session_prop_au8_t prop = (sss_session_prop_au8_t) property; +- sss_s05x_sesion_prop_au8_t se050xprop = (sss_s05x_sesion_prop_au8_t)property; +- smStatus_t sm_status = SM_NOT_OK; +- +- if (pValue == NULL || pValueLen == NULL) { +- goto cleanup; +- } +- +- switch (prop) { +- case kSSS_SessionProp_UID: +- if (*pValueLen >= 18) { +- sm_status = Se05x_API_ReadObject(&session->s_ctx, kSE05x_AppletResID_UNIQUE_ID, 0, 18, pValue, pValueLen); +- } +- else { +- LOG_D("Buffer too short"); +- } +- break; +- default:; +- } +- +- if (sm_status == SM_OK) +- goto cleanup; +- +- switch (se050xprop) { +- case kSSS_SE05x_SessionProp_CertUID: +- if (*pValueLen >= 10) { +- uint8_t uid18[SE050_MODULE_UNIQUE_ID_LEN]; +- size_t uid18Len = sizeof(uid18); +- +- sm_status = Se05x_API_ReadObject( +- &session->s_ctx, kSE05x_AppletResID_UNIQUE_ID, 0, (uint16_t)uid18Len, uid18, &uid18Len); +- if (sm_status == SM_OK) { +- int idx = 0; +-#define A71CH_UID_IC_TYPE_OFFSET 2 +-#define A71CH_UID_IC_FABRICATION_DATA_OFFSET 8 +-#define A71CH_UID_IC_SERIAL_NR_OFFSET 10 +-#define A71CH_UID_IC_BATCH_ID_OFFSET 13 +- pValue[idx++] = uid18[A71CH_UID_IC_TYPE_OFFSET]; +- pValue[idx++] = uid18[A71CH_UID_IC_TYPE_OFFSET + 1]; +- pValue[idx++] = uid18[A71CH_UID_IC_FABRICATION_DATA_OFFSET]; +- pValue[idx++] = uid18[A71CH_UID_IC_FABRICATION_DATA_OFFSET + 1]; +- pValue[idx++] = uid18[A71CH_UID_IC_SERIAL_NR_OFFSET]; +- pValue[idx++] = uid18[A71CH_UID_IC_SERIAL_NR_OFFSET + 1]; +- pValue[idx++] = uid18[A71CH_UID_IC_SERIAL_NR_OFFSET + 2]; +- pValue[idx++] = uid18[A71CH_UID_IC_BATCH_ID_OFFSET]; +- pValue[idx++] = uid18[A71CH_UID_IC_BATCH_ID_OFFSET + 1]; +- pValue[idx++] = uid18[A71CH_UID_IC_BATCH_ID_OFFSET + 2]; +- *pValueLen = 10; +- } +- } +- break; +- } +- +-cleanup: +- if (sm_status == SM_OK) +- retval = kStatus_SSS_Success; +- return retval; +-} +- +-void sss_se05x_session_close(sss_se05x_session_t *session) +-{ +- Se05x_API_CloseSession(&session->s_ctx); +- if (session->s_ctx.pChannelCtx == NULL) { +- SM_Close(session->s_ctx.conn_ctx, 0); +- } +- memset(session, 0, sizeof(*session)); +-} +- +-void sss_se05x_session_delete(sss_se05x_session_t *session) +-{ +- ; +-} +- +-/* End: se05x_session */ +- +-/* ************************************************************************** */ +-/* Functions : sss_se05x_keyobj */ +-/* ************************************************************************** */ +- +-sss_status_t sss_se05x_key_object_init(sss_se05x_object_t *keyObject, sss_se05x_key_store_t *keyStore) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- memset(keyObject, 0, sizeof(*keyObject)); +- keyObject->keyStore = keyStore; +- +- return retval; +-} +- +-sss_status_t sss_se05x_key_object_allocate_handle(sss_se05x_object_t *keyObject, +- uint32_t keyId, +- sss_key_part_t keyPart, +- sss_cipher_type_t cipherType, +- size_t keyByteLenMax, +- uint32_t options) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- smStatus_t status; +- SE05x_Result_t exists = kSE05x_Result_NA; +- keyObject->objectType = keyPart; +- keyObject->cipherType = cipherType; +- keyObject->keyId = keyId; +- if (options == kKeyObject_Mode_Persistent) +- keyObject->isPersistant = 1; +- +- status = Se05x_API_CheckObjectExists(&keyObject->keyStore->session->s_ctx, keyId, &exists); +- if (status == SM_OK) { +- if (exists == kSE05x_Result_SUCCESS) { +- LOG_W("Object id 0x%X exists", keyId); +- } +- } +- else { +- LOG_E("Couldn't check if object id 0x%X exists", keyId); +- return kStatus_SSS_Fail; +- } +- +- return retval; +-} +- +-//static sss_status_t sss_se05x_key_object_get_handle_binary( +-// sss_se05x_object_t *keyObject) { +-// sss_status_t retval = kStatus_SSS_Success; +-// keyObject->objectType = kSSS_KeyPart_Default; +-// keyObject->cipherType = kSSS_CipherType_Binary; +-// return retval; +-//} +-sss_status_t sss_se05x_key_object_get_handle(sss_se05x_object_t *keyObject, uint32_t keyId) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SE05X_KEY_GET +- SE05x_SecObjTyp_t retObjectType; +- uint8_t retTransientType; +- SE05x_ECCurve_t retCurveId; +- const SE05x_AttestationType_t attestationType = kSE05x_AttestationType_None; +- smStatus_t apiRetval; +- +- if (0 == CheckIfKeyIdExists(keyId, &keyObject->keyStore->session->s_ctx)) { +- /* Object does not exist */ +- LOG_D("keyId does not exist"); +- LOG_U32_D(keyId); +- return retval; +- } +- +- apiRetval = Se05x_API_ReadType( +- &keyObject->keyStore->session->s_ctx, keyId, &retObjectType, &retTransientType, attestationType); +- if (apiRetval == SM_OK) { +- keyObject->isPersistant = retTransientType; +- if (retObjectType >= kSE05x_SecObjTyp_EC_KEY_PAIR && retObjectType <= kSE05x_SecObjTyp_EC_PUB_KEY) { +- apiRetval = Se05x_API_EC_CurveGetId(&keyObject->keyStore->session->s_ctx, keyId, &retCurveId); +- if (apiRetval == SM_OK) { +- keyObject->curve_id = retCurveId; +- if ((retCurveId == kSE05x_ECCurve_NIST_P256) +-#if SSS_HAVE_EC_NIST_192 +- || (retCurveId == kSE05x_ECCurve_NIST_P192) +-#endif +-#if SSS_HAVE_EC_NIST_224 +- || (retCurveId == kSE05x_ECCurve_NIST_P224) +-#endif +-#if SSS_HAVE_EC_NIST_521 +- || (retCurveId == kSE05x_ECCurve_NIST_P521) +-#endif +- || (retCurveId == kSE05x_ECCurve_NIST_P384)) { +- keyObject->cipherType = kSSS_CipherType_EC_NIST_P; +- } +-#if SSS_HAVE_EC_BP +- else if ((retCurveId >= kSE05x_ECCurve_Brainpool160) && (retCurveId <= kSE05x_ECCurve_Brainpool512)) { +- keyObject->cipherType = kSSS_CipherType_EC_BRAINPOOL; +- } +-#endif +-#if SSS_HAVE_EC_NIST_K +- else if ((retCurveId >= kSE05x_ECCurve_Secp160k1) && (retCurveId <= kSE05x_ECCurve_Secp256k1)) { +- keyObject->cipherType = kSSS_CipherType_EC_NIST_K; +- } +-#endif +-#if SSS_HAVE_EC_ED +- else if (retCurveId == kSE05x_ECCurve_RESERVED_ID_ECC_ED_25519) { +- keyObject->cipherType = kSSS_CipherType_EC_TWISTED_ED; +- } +-#endif +-#if SSS_HAVE_EC_MONT +- else if (retCurveId == kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_25519) { +- keyObject->cipherType = kSSS_CipherType_EC_MONTGOMERY; +- } +-#endif +-#if SSS_HAVE_TPM_BN +- else if (retCurveId == kSE05x_ECCurve_TPM_ECC_BN_P256) { +- keyObject->cipherType = kSSS_CipherType_EC_BARRETO_NAEHRIG; +- } +-#endif +-#if SSS_HAVE_SE05X_VER_GTE_06_00 && SSS_HAVE_EC_MONT +- else if (retCurveId == kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_448) { +- keyObject->cipherType = kSSS_CipherType_EC_MONTGOMERY; +- } +-#endif +- else { +- keyObject->cipherType = kSSS_CipherType_NONE; +- return retval; +- } +- } +- else { +- LOG_E("error in Se05x_API_GetECCurveId"); +- return retval; +- } +- } +-#if SSSFTR_RSA && SSS_HAVE_RSA +- else if (retObjectType == kSE05x_SecObjTyp_RSA_KEY_PAIR_CRT) { +- keyObject->cipherType = kSSS_CipherType_RSA_CRT; +- } +- else if (retObjectType == kSE05x_SecObjTyp_RSA_PRIV_KEY_CRT) { +- keyObject->cipherType = kSSS_CipherType_RSA_CRT; +- } +- else if (retObjectType >= kSE05x_SecObjTyp_RSA_KEY_PAIR && retObjectType <= kSE05x_SecObjTyp_RSA_PUB_KEY) { +- keyObject->cipherType = kSSS_CipherType_RSA; +- } +-#endif +- else if (retObjectType == kSE05x_SecObjTyp_AES_KEY) { +- keyObject->cipherType = kSSS_CipherType_AES; +- } +- else if (retObjectType == kSE05x_SecObjTyp_DES_KEY) { +- keyObject->cipherType = kSSS_CipherType_DES; +- } +- else if (retObjectType == kSE05x_SecObjTyp_BINARY_FILE) { +- keyObject->cipherType = kSSS_CipherType_Binary; +- } +- else if (retObjectType == kSE05x_SecObjTyp_UserID) { +- keyObject->cipherType = kSSS_CipherType_UserID; +- } +- else if (retObjectType == kSE05x_SecObjTyp_COUNTER) { +- keyObject->cipherType = kSSS_CipherType_Count; +- } +- else if (retObjectType == kSE05x_SecObjTyp_PCR) { +- keyObject->cipherType = kSSS_CipherType_PCR; +- } +- else if (retObjectType == kSE05x_SecObjTyp_HMAC_KEY) { +- keyObject->cipherType = kSSS_CipherType_HMAC; +- } +- else { +- keyObject->cipherType = kSSS_CipherType_NONE; +- } +- +- switch (retObjectType) { +- case kSE05x_SecObjTyp_EC_KEY_PAIR: +-#if SSS_HAVE_RSA +- case kSE05x_SecObjTyp_RSA_KEY_PAIR: +- case kSE05x_SecObjTyp_RSA_KEY_PAIR_CRT: +-#endif +- keyObject->objectType = kSSS_KeyPart_Pair; +- break; +- case kSE05x_SecObjTyp_EC_PUB_KEY: +- case kSE05x_SecObjTyp_RSA_PUB_KEY: +- keyObject->objectType = kSSS_KeyPart_Public; +- break; +- case kSE05x_SecObjTyp_BINARY_FILE: +- case kSE05x_SecObjTyp_PCR: +- case kSE05x_SecObjTyp_AES_KEY: +- case kSE05x_SecObjTyp_DES_KEY: +- case kSE05x_SecObjTyp_HMAC_KEY: +- case kSE05x_SecObjTyp_COUNTER: +- case kSE05x_SecObjTyp_UserID: +- keyObject->objectType = kSSS_KeyPart_Default; +- break; +- default: +- keyObject->objectType = kSSS_KeyPart_NONE; +- break; +- } +- } +- else { +- LOG_E("error in Se05x_API_ReadType"); +- return retval; +- } +- +- keyObject->keyId = keyId; +- retval = kStatus_SSS_Success; +-#endif // SSSFTR_SE05X_KEY_GET +- return retval; +-} +- +-sss_status_t sss_se05x_key_object_set_user(sss_se05x_object_t *keyObject, uint32_t user, uint32_t options) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- /* Purpose / Policy is set during creation time and hence can not +- * enforced in SE050 later on */ +- LOG_W("Not supported in SE05X"); +- return retval; +-} +- +-sss_status_t sss_se05x_key_object_set_purpose(sss_se05x_object_t *keyObject, sss_mode_t purpose, uint32_t options) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- /* Purpose / Policy is set during creation time and hence can not +- * enforced in SE050 later on */ +- LOG_W("Not supported in SE05X"); +- return retval; +-} +- +-sss_status_t sss_se05x_key_object_set_access(sss_se05x_object_t *keyObject, uint32_t access, uint32_t options) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- LOG_W("Not supported in SE05X"); +- return retval; +-} +- +-sss_status_t sss_se05x_key_object_set_eccgfp_group(sss_se05x_object_t *keyObject, sss_eccgfp_group_t *group) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- LOG_W("Not supported in SE05X"); +- return retval; +-} +- +-sss_status_t sss_se05x_key_object_get_user(sss_se05x_object_t *keyObject, uint32_t *user) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- LOG_W("Not supported in SE05X"); +- return retval; +-} +- +-sss_status_t sss_se05x_key_object_get_purpose(sss_se05x_object_t *keyObject, sss_mode_t *purpose) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- LOG_W("Not supported in SE05X"); +- return retval; +-} +- +-sss_status_t sss_se05x_key_object_get_access(sss_se05x_object_t *keyObject, uint32_t *access) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- LOG_W("Not supported in SE05X"); +- return retval; +-} +- +-void sss_se05x_key_object_free(sss_se05x_object_t *keyObject) +-{ +- memset(keyObject, 0, sizeof(*keyObject)); +-} +- +-/* End: se05x_keyobj */ +- +-/* ************************************************************************** */ +-/* Functions : sss_se05x_keyderive */ +-/* ************************************************************************** */ +- +-sss_status_t sss_se05x_derive_key_context_init(sss_se05x_derive_key_t *context, +- sss_se05x_session_t *session, +- sss_se05x_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- +- context->session = session; +- context->keyObject = keyObject; +- context->algorithm = algorithm; +- context->mode = mode; +- +- return retval; +-} +- +-sss_status_t sss_se05x_derive_key_go(sss_se05x_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_se05x_object_t *derivedKeyObject, +- uint16_t deriveDataLen, +- uint8_t *hkdfOutput, +- size_t *hkdfOutputLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- uint8_t hkdfKey[SE05X_MAX_BUF_SIZE_CMD] = { +- 0, +- }; +- size_t hkdfKeyLen = sizeof(hkdfKey); +- sss_object_t *sss_derived_keyObject = (sss_object_t *)derivedKeyObject; +- SE05x_DigestMode_t digestMode; +- ENSURE_OR_GO_EXIT(context); +- ENSURE_OR_GO_EXIT(info); +- ENSURE_OR_GO_EXIT(derivedKeyObject); +- if (saltLen) { +- ENSURE_OR_GO_EXIT(saltData); +- } +- +- digestMode = se05x_get_sha_algo(context->algorithm); +- ENSURE_OR_GO_EXIT(digestMode != kSE05x_DigestMode_NA); +- +- status = Se05x_API_HKDF(&context->session->s_ctx, +- context->keyObject->keyId, +- digestMode, +- saltData, +- saltLen, +- info, +- infoLen, +- deriveDataLen, +- hkdfKey, +- &hkdfKeyLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = sss_key_store_set_key((sss_key_store_t *)derivedKeyObject->keyStore, +- sss_derived_keyObject, +- hkdfKey, +- hkdfKeyLen, +- hkdfKeyLen * 8, +- NULL, +- 0); +- ENSURE_OR_GO_EXIT(retval == kStatus_SSS_Success); +- +- retval = kStatus_SSS_Success; +-exit: +- +- return retval; +-} +- +-sss_status_t sss_se05x_derive_key_one_go(sss_se05x_derive_key_t *context, +- const uint8_t *saltData, +- size_t saltLen, +- const uint8_t *info, +- size_t infoLen, +- sss_se05x_object_t *derivedKeyObject, +- uint16_t deriveDataLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- uint8_t hkdfKey[1024] = { +- 0, +- }; +- size_t hkdfKeyLen = sizeof(hkdfKey); +- sss_object_t *sss_derived_keyObject = (sss_object_t *)derivedKeyObject; +- SE05x_DigestMode_t digestMode; +- digestMode = se05x_get_sha_algo(context->algorithm); +- uint32_t derivedKeyID = (derivedKeyObject == NULL ? 0 : derivedKeyObject->keyId); +- uint8_t *pHkdfKey = hkdfKey; +- SE05x_HkdfMode_t hkdfMode = +- (context->mode == kMode_SSS_HKDF_ExpandOnly ? kSE05x_HkdfMode_ExpandOnly : kSE05x_HkdfMode_ExtractExpand); +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- if (derivedKeyObject != NULL) { +- if (context->keyObject->keyStore == derivedKeyObject->keyStore) { +- pHkdfKey = NULL; +- } +- } +-#endif +- +- ENSURE_OR_GO_EXIT(digestMode != kSE05x_DigestMode_NA); +- +- status = Se05x_API_HKDF_Extended(&context->session->s_ctx, +- context->keyObject->keyId, +- digestMode, +- hkdfMode, +- saltData, +- saltLen, +- 0, +- info, +- infoLen, +- derivedKeyID, +- deriveDataLen, +- pHkdfKey, +- &hkdfKeyLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- if (pHkdfKey != NULL) { +- if (derivedKeyObject != NULL) { +- retval = sss_key_store_set_key((sss_key_store_t *)derivedKeyObject->keyStore, +- sss_derived_keyObject, +- hkdfKey, +- hkdfKeyLen, +- hkdfKeyLen * 8, +- NULL, +- 0); +- ENSURE_OR_GO_EXIT(retval == kStatus_SSS_Success); +- } +- } +- +- retval = kStatus_SSS_Success; +-exit: +- +- return retval; +-} +- +-sss_status_t sss_se05x_derive_key_sobj_one_go(sss_se05x_derive_key_t *context, +- sss_se05x_object_t *saltKeyObject, +- const uint8_t *info, +- size_t infoLen, +- sss_se05x_object_t *derivedKeyObject, +- uint16_t deriveDataLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- uint8_t hkdfKey[1024] = { +- 0, +- }; +- size_t hkdfKeyLen = sizeof(hkdfKey); +- sss_object_t *sss_derived_keyObject = (sss_object_t *)derivedKeyObject; +- SE05x_DigestMode_t digestMode; +- digestMode = se05x_get_sha_algo(context->algorithm); +- uint32_t saltID = (saltKeyObject == NULL ? 0 : saltKeyObject->keyId); +- uint32_t derivedKeyID = (derivedKeyObject == NULL ? 0 : derivedKeyObject->keyId); +- uint8_t *pHkdfKey = hkdfKey; +- SE05x_HkdfMode_t hkdfMode = +- (context->mode == kMode_SSS_HKDF_ExpandOnly ? kSE05x_HkdfMode_ExpandOnly : kSE05x_HkdfMode_ExtractExpand); +- +- if (saltKeyObject != NULL) { +- // Enforce that Salt is stored (securely) in the same keystore as the HMAC key. +- if (context->keyObject->keyStore != saltKeyObject->keyStore) { +- retval = kStatus_SSS_InvalidArgument; +- goto exit; +- } +- } +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- if (derivedKeyObject != NULL) { +- if (context->keyObject->keyStore == derivedKeyObject->keyStore) { +- pHkdfKey = NULL; +- } +- } +-#endif +- +- ENSURE_OR_GO_EXIT(digestMode != kSE05x_DigestMode_NA); +- +- status = Se05x_API_HKDF_Extended(&context->session->s_ctx, +- context->keyObject->keyId, +- digestMode, +- hkdfMode, +- NULL, +- 0, +- saltID, +- info, +- infoLen, +- derivedKeyID, +- deriveDataLen, +- pHkdfKey, +- &hkdfKeyLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- if (pHkdfKey != NULL) { +- if (derivedKeyObject != NULL) { +- retval = sss_key_store_set_key((sss_key_store_t *)derivedKeyObject->keyStore, +- sss_derived_keyObject, +- hkdfKey, +- hkdfKeyLen, +- hkdfKeyLen * 8, +- NULL, +- 0); +- ENSURE_OR_GO_EXIT(retval == kStatus_SSS_Success); +- } +- } +- +- retval = kStatus_SSS_Success; +-exit: +- +- return retval; +-} +- +-sss_status_t sss_se05x_derive_key_dh( +- sss_se05x_derive_key_t *context, sss_se05x_object_t *otherPartyKeyObject, sss_se05x_object_t *derivedKeyObject) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- uint8_t pubkey[256] = {0}; +- size_t pubkeylen = sizeof(pubkey); +- uint8_t sharedsecret[256]; +- size_t sharedsecretLen = sizeof(sharedsecret); +- size_t pbKeyBitLen = 0; +- uint8_t *pPublicKey = NULL; +- size_t publicKeyLen = 0; +- uint16_t publicKeyIndex = 0; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- uint8_t invertEndiannes = 0x00; +-#endif +- +- sss_object_t *sss_other_keyObject = NULL; +- sss_object_t *sss_derived_keyObject = NULL; +- ENSURE_OR_GO_EXIT(context); +- ENSURE_OR_GO_EXIT(otherPartyKeyObject); +- ENSURE_OR_GO_EXIT(derivedKeyObject); +- sss_other_keyObject = (sss_object_t *)otherPartyKeyObject; +- sss_derived_keyObject = (sss_object_t *)derivedKeyObject; +- retval = sss_key_store_get_key( +- (sss_key_store_t *)sss_other_keyObject->keyStore, sss_other_keyObject, pubkey, &pubkeylen, &pbKeyBitLen); +- ENSURE_OR_GO_EXIT(retval == kStatus_SSS_Success); +- +- switch (otherPartyKeyObject->cipherType) { +-#if SSS_HAVE_TPM_BN +- case kSSS_CipherType_EC_BARRETO_NAEHRIG: +- /* TODO: Implement asn parser */ +- publicKeyLen = pubkeylen; +- publicKeyIndex = 0; +- break; +-#endif +- default: { +- retval = sss_util_pkcs8_asn1_get_ec_public_key_index( +- (const uint8_t *)pubkey, pubkeylen, &publicKeyIndex, &publicKeyLen); +- if (retval != kStatus_SSS_Success) { +- LOG_W("error in sss_util_pkcs8_asn1_get_ec_public_key_index"); +- goto exit; +- } +- } +- } +- +-#if SSS_HAVE_EC_MONT +- // Change Endianness Public Key in case of Montgomery Curve +- { +- if (otherPartyKeyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- for (size_t keyValueIdx = 0; keyValueIdx < (publicKeyLen >> 1); keyValueIdx++) { +- uint8_t swapByte = pubkey[publicKeyIndex + keyValueIdx]; +- pubkey[publicKeyIndex + keyValueIdx] = pubkey[publicKeyIndex + publicKeyLen - 1 - keyValueIdx]; +- pubkey[publicKeyIndex + publicKeyLen - 1 - keyValueIdx] = swapByte; +- } +- } +- } +-#endif +- +- pPublicKey = &pubkey[publicKeyIndex]; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-#if SSS_HAVE_EC_MONT +- if (otherPartyKeyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- // In case of Montgomery curves we want to store the +- // shared secret using Little Endian Convention +- invertEndiannes = 0x01; +- } +-#endif +- +- if (context->keyObject->keyStore == derivedKeyObject->keyStore) { +- status = Se05x_API_ECDHGenerateSharedSecret_InObject(&context->session->s_ctx, +- context->keyObject->keyId, +- pPublicKey, +- publicKeyLen, +- derivedKeyObject->keyId, +- invertEndiannes); +- if (status != SM_OK) { +- LOG_W("error in Se05x_API_ECDHGenerateSharedSecret_InObject"); +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +- else { +-#endif +- status = Se05x_API_ECGenSharedSecret(&context->session->s_ctx, +- context->keyObject->keyId, +- pPublicKey, +- publicKeyLen, +- sharedsecret, +- &sharedsecretLen); +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +-#if SSS_HAVE_EC_MONT +- // Change Endianness Shared Secret in case of Montgomery Curve +- { +- if (otherPartyKeyObject->cipherType == kSSS_CipherType_EC_MONTGOMERY) { +- for (size_t keyValueIdx = 0; keyValueIdx < (publicKeyLen >> 1); keyValueIdx++) { +- uint8_t swapByte = sharedsecret[keyValueIdx]; +- sharedsecret[keyValueIdx] = sharedsecret[publicKeyLen - 1 - keyValueIdx]; +- sharedsecret[publicKeyLen - 1 - keyValueIdx] = swapByte; +- } +- } +- } +-#endif +- +- retval = sss_key_store_set_key((sss_key_store_t *)derivedKeyObject->keyStore, +- sss_derived_keyObject, +- sharedsecret, +- sharedsecretLen, +- sharedsecretLen * 8, +- NULL, +- 0); +- ENSURE_OR_GO_EXIT(retval == kStatus_SSS_Success); +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- } +-#endif +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-void sss_se05x_derive_key_context_free(sss_se05x_derive_key_t *context) +-{ +- ; +-} +- +-/* End: se05x_keyderive */ +- +-/* ************************************************************************** */ +-/* Functions : sss_se05x_keystore */ +-/* ************************************************************************** */ +- +-sss_status_t sss_se05x_key_store_context_init(sss_se05x_key_store_t *keyStore, sss_se05x_session_t *session) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- memset(keyStore, 0, sizeof(*keyStore)); +- keyStore->session = session; +- return retval; +-} +- +-sss_status_t sss_se05x_key_store_allocate(sss_se05x_key_store_t *keyStore, uint32_t keyStoreId) +-{ +- return kStatus_SSS_Success; +-} +- +-sss_status_t sss_se05x_key_store_save(sss_se05x_key_store_t *keyStore) +-{ +- return kStatus_SSS_Success; +-} +- +-sss_status_t sss_se05x_key_store_load(sss_se05x_key_store_t *keyStore) +-{ +- return kStatus_SSS_Success; +-} +- +-#if SSSFTR_SE05X_RSA && SSSFTR_SE05X_KEY_SET && SSS_HAVE_RSA +-static sss_status_t sss_se05x_key_store_set_rsa_key(sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- const uint8_t *key, +- size_t keyLen, +- size_t keyBitLen, +- void *policy_buff, +- size_t policy_buff_len) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- //int ret; +- uint32_t key_type = keyObject->objectType; +- Se05xPolicy_t se05x_policy; +- //SE05x_KeyPart_t key_part; +- uint8_t *rsaN = NULL, *rsaE = NULL, *rsaD = NULL; +- uint8_t *rsaP = NULL, *rsaQ = NULL, *rsaDP = NULL, *rsaDQ = NULL, *rsaQINV = NULL; +- size_t rsaNlen, rsaElen, rsaDlen; +- size_t rsaPlen, rsaQlen, rsaDPlen, rsaDQlen, rsaQINVlen; +- +- se05x_policy.value = (uint8_t *)policy_buff; +- se05x_policy.value_len = policy_buff_len; +- SE05x_INS_t transient_type; +- SE05x_RSAKeyFormat_t rsa_format; +- uint8_t IdExists = 0; +- size_t keyBitLength = 0; +- SE05x_Result_t obj_exists = kSE05x_Result_NA; +- +- /* Assign proper instruction type based on keyObject->isPersistant */ +- (keyObject->isPersistant) ? (transient_type = kSE05x_INS_NA) : (transient_type = kSE05x_INS_TRANSIENT); +- +- if (keyObject->cipherType == kSSS_CipherType_RSA) +- rsa_format = kSE05x_RSAKeyFormat_RAW; +- else if (keyObject->cipherType == kSSS_CipherType_RSA_CRT) +- rsa_format = kSE05x_RSAKeyFormat_CRT; +- else { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +-#if 0 +- if (key_type == kSSS_KeyPart_Public) +- key_part = SE05x_KeyPart_Public; +- else if (key_type == kSSS_KeyPart_Private) +- key_part = kSE05x_KeyPart_Private; +- else if (key_type == kSSS_KeyPart_Pair) +- key_part = kSE05x_KeyPart_Pair; +- else { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- /* Set the kye parameters */ +- status = Se05x_API_WriteRSAKey(&keyStore->session->s_ctx, +- &se05x_policy, +- keyObject->keyId, +- (U16)keyBitLen, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- key_part, +- rsa_format); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +-#endif +- +- if (key_type == kSSS_KeyPart_Public) { +- retval = sss_util_asn1_rsa_parse_public(key, keyLen, &rsaN, &rsaNlen, &rsaE, &rsaElen); +- ENSURE_OR_GO_EXIT(retval == kStatus_SSS_Success); +- +- IdExists = CheckIfKeyIdExists(keyObject->keyId, &keyStore->session->s_ctx); +- keyBitLength = (IdExists == 1) ? 0 : keyBitLen; +- obj_exists = (IdExists == 1) ? kSE05x_Result_SUCCESS : kSE05x_Result_FAILURE; +- +- /* Set the Public Exponent */ +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- &se05x_policy, +- keyObject->keyId, +- (U16)keyBitLength, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- rsaE, +- rsaElen, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_Public, +- rsa_format, +- obj_exists); +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- /* Set the Modulus */ +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- rsaN, +- rsaNlen, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +- else if (key_type == kSSS_KeyPart_Private) { +- if (keyObject->cipherType == kSSS_CipherType_RSA) { +- retval = sss_util_asn1_rsa_parse_private(key, +- keyLen, +- (sss_cipher_type_t)keyObject->cipherType, +- &rsaN, +- &rsaNlen, +- NULL, +- NULL, +- &rsaD, +- &rsaDlen, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL); +- if (retval != kStatus_SSS_Success) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- if ((rsaN == NULL) || (rsaD == NULL)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- IdExists = CheckIfKeyIdExists(keyObject->keyId, &keyStore->session->s_ctx); +- keyBitLength = (IdExists == 1) ? 0 : keyBitLen; +- obj_exists = (IdExists == 1) ? kSE05x_Result_SUCCESS : kSE05x_Result_FAILURE; +- +- // Set D(Private exponent) component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- &se05x_policy, +- keyObject->keyId, +- (U16)keyBitLength, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- rsaD, +- rsaDlen, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_Private, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set N(Modulus) component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- rsaN, +- rsaNlen, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +- else if (keyObject->cipherType == kSSS_CipherType_RSA_CRT) { +- retval = sss_util_asn1_rsa_parse_private(key, +- keyLen, +- (sss_cipher_type_t)keyObject->cipherType, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- &rsaP, +- &rsaPlen, +- &rsaQ, +- &rsaQlen, +- &rsaDP, +- &rsaDPlen, +- &rsaDQ, +- &rsaDQlen, +- &rsaQINV, +- &rsaQINVlen); +- if (retval != kStatus_SSS_Success) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- if ((rsaP == NULL) || (rsaQ == NULL) || (rsaDP == NULL) || (rsaDQ == NULL) || (rsaQINV == NULL)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- IdExists = CheckIfKeyIdExists(keyObject->keyId, &keyStore->session->s_ctx); +- keyBitLength = (IdExists == 1) ? 0 : keyBitLen; +- obj_exists = (IdExists == 1) ? kSE05x_Result_SUCCESS : kSE05x_Result_FAILURE; +- +- // Set P component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- &se05x_policy, +- keyObject->keyId, +- (U16)keyBitLength, +- rsaP, +- rsaPlen, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_Private, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set Q component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- rsaQ, +- rsaQlen, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set DP component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- rsaDP, +- rsaDPlen, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set DQ component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- rsaDQ, +- rsaDQlen, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set INV_Q component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- rsaQINV, +- rsaQINVlen, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +- } +- else if (key_type == kSSS_KeyPart_Pair) { +- if (keyObject->cipherType == kSSS_CipherType_RSA) { +- retval = sss_util_asn1_rsa_parse_private(key, +- keyLen, +- (sss_cipher_type_t)keyObject->cipherType, +- &rsaN, +- &rsaNlen, +- &rsaE, +- &rsaElen, +- &rsaD, +- &rsaDlen, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL); +- +- ENSURE_OR_GO_EXIT(retval == kStatus_SSS_Success); +- ENSURE_OR_EXIT_WITH_STATUS_ON_ERROR( +- !((rsaD == NULL) || (rsaE == NULL) || (rsaN == NULL)), retval, kStatus_SSS_Fail); +- +- IdExists = CheckIfKeyIdExists(keyObject->keyId, &keyStore->session->s_ctx); +- keyBitLength = (IdExists == 1) ? 0 : keyBitLen; +- obj_exists = (IdExists == 1) ? kSE05x_Result_SUCCESS : kSE05x_Result_FAILURE; +- +- // Set E(Public exponent) component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- &se05x_policy, +- keyObject->keyId, +- (U16)keyBitLength, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- rsaE, +- rsaElen, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_Pair, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set D(Private exponent) component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- rsaD, +- rsaDlen, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set N(Modulus) component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- rsaN, +- rsaNlen, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +- else if (keyObject->cipherType == kSSS_CipherType_RSA_CRT) { +- retval = sss_util_asn1_rsa_parse_private(key, +- keyLen, +- (sss_cipher_type_t)keyObject->cipherType, +- &rsaN, +- &rsaNlen, +- &rsaE, +- &rsaElen, +- NULL, +- NULL, +- &rsaP, +- &rsaPlen, +- &rsaQ, +- &rsaQlen, +- &rsaDP, +- &rsaDPlen, +- &rsaDQ, +- &rsaDQlen, +- &rsaQINV, +- &rsaQINVlen); +- ENSURE_OR_GO_EXIT(retval == kStatus_SSS_Success); +- +- if ((rsaP == NULL) || (rsaQ == NULL) || (rsaDP == NULL) || (rsaDQ == NULL) || (rsaQINV == NULL) || +- (rsaE == NULL) || (rsaN == NULL)) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- IdExists = CheckIfKeyIdExists(keyObject->keyId, &keyStore->session->s_ctx); +- keyBitLength = (IdExists == 1) ? 0 : keyBitLen; +- obj_exists = (IdExists == 1) ? kSE05x_Result_SUCCESS : kSE05x_Result_FAILURE; +- +- // Set P component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- &se05x_policy, +- keyObject->keyId, +- (U16)keyBitLength, +- rsaP, +- rsaPlen, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_Pair, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set Q component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- rsaQ, +- rsaQlen, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set DP component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- rsaDP, +- rsaDPlen, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set DQ component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- rsaDQ, +- rsaDQlen, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set INV_Q component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- rsaQINV, +- rsaQINVlen, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set E (Public exponent) component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- rsaE, +- rsaElen, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- // Set N (Modulus) component +- status = sss_se05x_LL_set_RSA_key(&keyStore->session->s_ctx, +- NULL, +- keyObject->keyId, +- 0, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- rsaN, +- rsaNlen, +- transient_type, +- kSE05x_KeyPart_NA, +- rsa_format, +- obj_exists); +- +- if (status != SM_OK) { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- } +- } +-exit: +- if (rsaN != NULL) +- SSS_FREE(rsaN); +- if (rsaE != NULL) +- SSS_FREE(rsaE); +- if (rsaD != NULL) +- SSS_FREE(rsaD); +- if (rsaP != NULL) +- SSS_FREE(rsaP); +- if (rsaQ != NULL) +- SSS_FREE(rsaQ); +- if (rsaDP != NULL) +- SSS_FREE(rsaDP); +- if (rsaDQ != NULL) +- SSS_FREE(rsaDQ); +- if (rsaQINV != NULL) +- SSS_FREE(rsaQINV); +- +- return retval; +-} +-#endif // SSSFTR_SE05X_RSA && SSSFTR_SE05X_KEY_SET && SSS_HAVE_RSA +- +-#if SSSFTR_SE05X_ECC && SSSFTR_SE05X_KEY_SET +-static sss_status_t getEccPrivPubKeyLen(uint32_t curve_id, size_t *pubKeyLen, size_t *privKeyLen) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- +- if (privKeyLen == NULL || pubKeyLen == NULL) { +- return kStatus_SSS_Fail; +- } +- +- switch (curve_id) { +-#if SSS_HAVE_EC_NIST_K || SSS_HAVE_EC_BP +-#if SSS_HAVE_EC_NIST_K +- case kSE05x_ECCurve_Secp160k1: +-#endif +-#if SSS_HAVE_EC_BP +- case kSE05x_ECCurve_Brainpool160: +-#endif +- { +- *privKeyLen = 20; +- *pubKeyLen = 41; +- } break; +-#endif // SSS_HAVE_EC_NIST_K || SSS_HAVE_EC_BP +- +-#if SSS_HAVE_EC_NIST_192 || SSS_HAVE_EC_NIST_K || SSS_HAVE_EC_BP +-#if SSS_HAVE_EC_NIST_192 +- case kSE05x_ECCurve_NIST_P192: +-#endif +-#if SSS_HAVE_EC_BP +- case kSE05x_ECCurve_Brainpool192: +-#endif +-#if SSS_HAVE_EC_NIST_K +- case kSE05x_ECCurve_Secp192k1: +-#endif +- { +- *privKeyLen = 24; +- *pubKeyLen = 49; +- } break; +-#endif // SSS_HAVE_EC_NIST_192 || SSS_HAVE_EC_NIST_K || SSS_HAVE_EC_BP +- +-#if SSS_HAVE_EC_NIST_224| SSS_HAVE_EC_NIST_K || SSS_HAVE_EC_BP +-#if SSS_HAVE_EC_NIST_224 +- case kSE05x_ECCurve_NIST_P224: +-#endif +-#if SSS_HAVE_EC_BP +- case kSE05x_ECCurve_Brainpool224: +-#endif +-#if SSS_HAVE_EC_NIST_K +- case kSE05x_ECCurve_Secp224k1: +-#endif +- { +- *privKeyLen = 28; +- *pubKeyLen = 57; +- } break; +-#endif // SSS_HAVE_EC_NIST_224| SSS_HAVE_EC_NIST_K || SSS_HAVE_EC_BP +- +- case kSE05x_ECCurve_NIST_P256: +-#if SSS_HAVE_EC_BP +- case kSE05x_ECCurve_Brainpool256: +-#endif +-#if SSS_HAVE_EC_NIST_K +- case kSE05x_ECCurve_Secp256k1: +-#endif +- { +- *privKeyLen = 32; +- *pubKeyLen = 65; +- } break; +- +-#if SSS_HAVE_EC_BP +- case kSE05x_ECCurve_Brainpool320: { +- *privKeyLen = 40; +- *pubKeyLen = 81; +- } break; +-#endif +- case kSE05x_ECCurve_NIST_P384: +-#if SSS_HAVE_EC_BP +- case kSE05x_ECCurve_Brainpool384: +-#endif +- { +- *privKeyLen = 48; +- *pubKeyLen = 97; +- } break; +- +-#if SSS_HAVE_EC_NIST_521 +- case kSE05x_ECCurve_NIST_P521: { +- *privKeyLen = 66; +- *pubKeyLen = 133; +- } break; +-#endif +- +-#if SSS_HAVE_EC_BP +- case kSE05x_ECCurve_Brainpool512: { +- *privKeyLen = 64; +- *pubKeyLen = 129; +- } break; +-#endif +- +-#if SSS_HAVE_EC_MONT || SSS_HAVE_EC_ED +-#if SSS_HAVE_EC_MONT +- case kSE05x_ECCurve_ECC_MONT_DH_25519: +-#endif +-#if SSS_HAVE_EC_ED +- case kSE05x_ECCurve_ECC_ED_25519: +-#endif +- { +- *privKeyLen = 32; +- *pubKeyLen = 32; +- } break; +-#endif // SSS_HAVE_EC_MONT || SSS_HAVE_EC_ED +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 && SSS_HAVE_EC_MONT +- case kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_448: { +- *privKeyLen = 56; +- *pubKeyLen = 56; +- } break; +-#endif +- default: { +- *privKeyLen = 0; +- *pubKeyLen = 0; +- retval = kStatus_SSS_Fail; +- } break; +- } +- +- return retval; +-} +-#endif //SSSFTR_SE05X_ECC && SSSFTR_SE05X_KEY_SET +- +-#if SSSFTR_SE05X_ECC && SSSFTR_SE05X_KEY_SET +-/* sss_se05x_create_curve_if_needed for internal to this file and for tests */ +-smStatus_t sss_se05x_create_curve_if_needed(Se05xSession_t *pSession, uint32_t curve_id) +-{ +- smStatus_t status = SM_NOT_OK; +- //uint32_t existing_curve_id = 0; +- uint8_t curveList[kSE05x_ECCurve_Total_Weierstrass_Curves] = { +- 0, +- }; +- size_t curveListLen = sizeof(curveList); +- //int i = 0; +- +-#if SSS_HAVE_EC_ED +- if (curve_id == kSE05x_ECCurve_RESERVED_ID_ECC_ED_25519) { +- /* ECC_ED_25519 is always preset */ +- return SM_OK; +- } +-#endif +- +-#if SSS_HAVE_EC_MONT +- if (curve_id == kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_25519 +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- || curve_id == kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_448 +-#endif +- ) { +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- status = Se05x_API_CreateECCurve(pSession, curve_id); +- /* If curve is already created, Se05x_API_CreateECCurve fails. Ignore this error */ +- return SM_OK; +-#else +- return SM_OK; +- /* ECC_MONT_DH_25519 and ECC_MONT_DH_448 are always present */ +-#endif +- } +-#endif // SSS_HAVE_EC_MONT +- +- status = Se05x_API_ReadECCurveList(pSession, curveList, &curveListLen); +- if (status == SM_OK) { +- if (curveList[curve_id - 1] == kSE05x_SetIndicator_SET) { +- return SM_OK; +- } +- } +- else { +- return SM_NOT_OK; +- } +- +- status = SM_NOT_OK; +- +- switch (curve_id) { +-#if SSS_HAVE_EC_NIST_192 +- case kSE05x_ECCurve_NIST_P192: +- status = Se05x_API_CreateCurve_prime192v1(pSession, curve_id); +- break; +-#endif +-#if SSS_HAVE_EC_NIST_224 +- case kSE05x_ECCurve_NIST_P224: +- status = Se05x_API_CreateCurve_secp224r1(pSession, curve_id); +- break; +-#endif +- case kSE05x_ECCurve_NIST_P256: +- status = Se05x_API_CreateCurve_prime256v1(pSession, curve_id); +- break; +- case kSE05x_ECCurve_NIST_P384: +- status = Se05x_API_CreateCurve_secp384r1(pSession, curve_id); +- break; +-#if SSS_HAVE_EC_NIST_521 +- case kSE05x_ECCurve_NIST_P521: +- status = Se05x_API_CreateCurve_secp521r1(pSession, curve_id); +- break; +-#endif +-#if SSS_HAVE_EC_BP +- case kSE05x_ECCurve_Brainpool160: +- status = Se05x_API_CreateCurve_brainpoolP160r1(pSession, curve_id); +- break; +- case kSE05x_ECCurve_Brainpool192: +- status = Se05x_API_CreateCurve_brainpoolP192r1(pSession, curve_id); +- break; +- case kSE05x_ECCurve_Brainpool224: +- status = Se05x_API_CreateCurve_brainpoolP224r1(pSession, curve_id); +- break; +- case kSE05x_ECCurve_Brainpool256: +- status = Se05x_API_CreateCurve_brainpoolP256r1(pSession, curve_id); +- break; +- case kSE05x_ECCurve_Brainpool320: +- status = Se05x_API_CreateCurve_brainpoolP320r1(pSession, curve_id); +- break; +- case kSE05x_ECCurve_Brainpool384: +- status = Se05x_API_CreateCurve_brainpoolP384r1(pSession, curve_id); +- break; +- case kSE05x_ECCurve_Brainpool512: +- status = Se05x_API_CreateCurve_brainpoolP512r1(pSession, curve_id); +- break; +-#endif +-#if SSS_HAVE_EC_NIST_K +- case kSE05x_ECCurve_Secp160k1: +- status = Se05x_API_CreateCurve_secp160k1(pSession, curve_id); +- break; +- case kSE05x_ECCurve_Secp192k1: +- status = Se05x_API_CreateCurve_secp192k1(pSession, curve_id); +- break; +- case kSE05x_ECCurve_Secp224k1: +- status = Se05x_API_CreateCurve_secp224k1(pSession, curve_id); +- break; +- case kSE05x_ECCurve_Secp256k1: +- status = Se05x_API_CreateCurve_secp256k1(pSession, curve_id); +- break; +-#endif +-#if SSS_HAVE_TPM_BN +- case kSE05x_ECCurve_TPM_ECC_BN_P256: +- status = Se05x_API_CreateCurve_tpm_bm_p256(pSession, curve_id); +- break; +-#endif +- default: +- break; +- } +- +- ENSURE_OR_GO_EXIT(status != SM_NOT_OK); +- if (status == SM_ERR_CONDITIONS_OF_USE_NOT_SATISFIED) { +- LOG_W("Allowing SM_ERR_CONDITIONS_OF_USE_NOT_SATISFIED for CreateCurve"); +- } +-exit: +- return status; +-} +-#endif // SSSFTR_SE05X_ECC && SSSFTR_SE05X_KEY_SET +- +-#if SSSFTR_SE05X_KEY_SET || SSSFTR_SE05X_KEY_GET +-static uint8_t CheckIfKeyIdExists(uint32_t keyId, pSe05xSession_t session_ctx) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- SE05x_Result_t IdExists = kSE05x_Result_NA; +- +- retStatus = Se05x_API_CheckObjectExists(session_ctx, keyId, &IdExists); +- if (retStatus == SM_OK) { +- if (IdExists == kSE05x_Result_SUCCESS) { +- LOG_D("Key Id 0x%X exists", keyId); +- return 1; +- } +- else { +- return 0; +- } +- } +- else { +- LOG_E("Error in Se05x_API_CheckObjectExists"); +- return 0; +- } +-} +-#endif +- +-#if SSSFTR_SE05X_ECC && SSSFTR_SE05X_KEY_SET +-static sss_status_t sss_se05x_key_store_set_ecc_key(sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- const uint8_t *key, +- size_t keyLen, +- size_t keyBitLen, +- void *policy_buff, +- size_t policy_buff_len) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- sss_status_t asn_retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- Se05xPolicy_t se05x_policy; +- SE05x_INS_t transient_type; +- SE05x_ECCurve_t curveId = keyObject->curve_id; +- SE05x_KeyPart_t key_part = kSE05x_KeyPart_NA; +- SE05x_Result_t exists = kSE05x_Result_NA; +- SE05x_ECCurve_t retCurveId = keyObject->curve_id; +- size_t std_pubKey_len = 0; +- size_t std_privKey_len = 0; +-#if SSS_HAVE_EC_MONT || SSS_HAVE_EC_ED +- uint8_t privKeyReversed[64] = { +- 0, +- }; +- uint8_t pubKeyReversed[64] = { +- 0, +- }; +-#endif +- +- /* Assign proper instruction type based on keyObject->isPersistant */ +- (keyObject->isPersistant) ? (transient_type = kSE05x_INS_NA) : (transient_type = kSE05x_INS_TRANSIENT); +- +- se05x_policy.value = (uint8_t *)policy_buff; +- se05x_policy.value_len = policy_buff_len; +- +- if (keyObject->curve_id == 0) { +- keyObject->curve_id = (SE05x_ECCurve_t)se05x_sssKeyTypeLenToCurveId((sss_cipher_type_t)keyObject->cipherType, keyBitLen); +- } +- +- if (keyObject->curve_id == 0) { +- goto exit; +- } +- +- status = sss_se05x_create_curve_if_needed(&keyObject->keyStore->session->s_ctx, keyObject->curve_id); +- +- if (status == SM_NOT_OK) { +- goto exit; +- } +- else if (status == SM_ERR_CONDITIONS_OF_USE_NOT_SATISFIED) { +- LOG_W("Allowing SM_ERR_CONDITIONS_OF_USE_NOT_SATISFIED for CreateCurve"); +- } +- status = Se05x_API_CheckObjectExists(&keyStore->session->s_ctx, keyObject->keyId, &exists); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- if (exists == kSE05x_Result_SUCCESS) { +- /* Check if object is of same curve id */ +- status = Se05x_API_EC_CurveGetId(&keyObject->keyStore->session->s_ctx, keyObject->keyId, &retCurveId); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- if (retCurveId == keyObject->curve_id) { +- curveId = kSE05x_ECCurve_NA; +- } +- else { +- LOG_W("Cannot overwrite object with different curve id"); +- goto exit; +- } +- +- //if (se05x_policy.value_len != 0) { +- // LOG_W("Policy + Existing Key is not a valid combination"); +- //} +- } +- else { +- curveId = keyObject->curve_id; +- } +- +- if (keyObject->objectType == kSSS_KeyPart_Pair) { +- const uint8_t *pPrivateKey = NULL; +- const uint8_t *pPublicKey = NULL; +- size_t privateKeyLen = 0; +- size_t publicKeyLen = 0; +- uint16_t privateKeyIndex = 0; +- uint16_t publicKeyIndex = 0; +- if (exists == kSE05x_Result_FAILURE) +- key_part = kSE05x_KeyPart_Pair; +- +- switch (keyObject->curve_id) { +-#if SSS_HAVE_TPM_BN +- case kSE05x_ECCurve_TPM_ECC_BN_P256: { +- LOG_I("Key pair should be paased without header"); +- /* No header included in ED and BN curve keys */ +- privateKeyIndex = 0; +- publicKeyIndex = 32; +- privateKeyLen = 32; +- publicKeyLen = 32; +- } break; +-#endif +- +- default: { +-#if SSS_HAVE_EC_MONT || SSS_HAVE_EC_ED +- if ((keyObject->curve_id == kSE05x_ECCurve_ECC_MONT_DH_25519) || +- (keyObject->curve_id == kSE05x_ECCurve_ECC_MONT_DH_448) || +- (keyObject->curve_id == kSE05x_ECCurve_ECC_ED_25519)) { +- asn_retval = sss_util_rfc8410_asn1_get_ec_pair_key_index( +- key, keyLen, &publicKeyIndex, &publicKeyLen, &privateKeyIndex, &privateKeyLen); +- if (asn_retval != kStatus_SSS_Success) { +- LOG_W("error in sss_util_rfc8410_asn1_get_ec_pair_key_index"); +- goto exit; +- } +- } +- else +-#endif // SSS_HAVE_EC_MONT || SSS_HAVE_EC_ED +- { +- asn_retval = sss_util_pkcs8_asn1_get_ec_pair_key_index( +- key, keyLen, &publicKeyIndex, &publicKeyLen, &privateKeyIndex, &privateKeyLen); +- if (asn_retval != kStatus_SSS_Success) { +- LOG_W("error in sss_util_pkcs8_asn1_get_ec_pair_key_index"); +- goto exit; +- } +- } +- +- asn_retval = getEccPrivPubKeyLen((uint32_t)keyObject->curve_id, &std_pubKey_len, &std_privKey_len); +- if (asn_retval != kStatus_SSS_Success) { +- LOG_W("error in getEccPrivPubKeyLen"); +- goto exit; +- } +- +- if (privateKeyLen != std_privKey_len) { +- if (key[privateKeyIndex] == 0) { +- privateKeyIndex++; +- privateKeyLen--; +- } +- } +- if (privateKeyLen != std_privKey_len) { +- LOG_W("error in private key length"); +- goto exit; +- } +- +- if (publicKeyLen != std_pubKey_len) { +- if (key[publicKeyIndex] == 0) { +- publicKeyIndex++; +- publicKeyLen--; +- } +- } +- if (publicKeyLen != std_pubKey_len) { +- LOG_W("error in public key length"); +- goto exit; +- } +- } +- } +- +- // Conditionally Reverse Endianness +-#if SSS_HAVE_EC_MONT || SSS_HAVE_EC_ED +- if ((keyObject->curve_id == kSE05x_ECCurve_ECC_MONT_DH_25519) || +- (keyObject->curve_id == kSE05x_ECCurve_ECC_MONT_DH_448) || +- (keyObject->curve_id == kSE05x_ECCurve_ECC_ED_25519)) { +- size_t i = 0; +- size_t nByteKey = 32; // Corresponds to kSE05x_ECCurve_ECC_MONT_DH_25519 +- +- if (keyObject->curve_id == kSE05x_ECCurve_ECC_MONT_DH_448) { +- nByteKey = 56; +- } +- +- if (keyObject->curve_id != kSE05x_ECCurve_ECC_ED_25519) { +- while (i < nByteKey) { +- privKeyReversed[i] = key[privateKeyIndex + privateKeyLen - i - 1]; +- i++; +- } +- pPrivateKey = &privKeyReversed[0]; +- } +- else { +- // SE05x expects private key to be in litte endian format +- pPrivateKey = &key[privateKeyIndex]; +- } +- i = 0; +- while (i < nByteKey) { +- pubKeyReversed[i] = key[publicKeyIndex + publicKeyLen - i - 1]; +- i++; +- } +- pPublicKey = &pubKeyReversed[0]; +- } +- else +-#endif // SSS_HAVE_EC_MONT || SSS_HAVE_EC_ED +- { +- pPrivateKey = &key[privateKeyIndex]; +- pPublicKey = &key[publicKeyIndex]; +- } +- +-#ifdef TMP_ENDIAN_VERBOSE +- { +- printf("Private Key After Reverse:\n"); +- for (size_t z = 0; z < privateKeyLen; z++) { +- printf("%02X.", pPrivateKey[z]); +- } +- printf("\n"); +- } +-#endif +- +- status = sss_se05x_LL_set_ec_key(&keyStore->session->s_ctx, +- &se05x_policy, +- SE05x_MaxAttemps_UNLIMITED, +- keyObject->keyId, +- curveId, +- pPrivateKey, +- privateKeyLen, +- pPublicKey, +- publicKeyLen, +- transient_type, +- key_part, +- exists); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- } +- else if (keyObject->objectType == kSSS_KeyPart_Public) { +- const uint8_t *pPublicKey = NULL; +- size_t publicKeyLen = 0; +- uint16_t publicKeyIndex = 0; +- if (exists == kSE05x_Result_FAILURE) +- key_part = kSE05x_KeyPart_Public; +- +- switch (keyObject->curve_id) { +-#if SSS_HAVE_TPM_BN +- case kSE05x_ECCurve_TPM_ECC_BN_P256: { +- LOG_I("Public key should be paased without header"); +- publicKeyLen = keyLen; +- } break; +-#endif +- default: { +- asn_retval = sss_util_pkcs8_asn1_get_ec_public_key_index(key, keyLen, &publicKeyIndex, &publicKeyLen); +- if (asn_retval != kStatus_SSS_Success) { +- LOG_W("error in sss_util_pkcs8_asn1_get_ec_public_key_index"); +- goto exit; +- } +- +- asn_retval = getEccPrivPubKeyLen((uint32_t)keyObject->curve_id, &std_pubKey_len, &std_privKey_len); +- if (asn_retval != kStatus_SSS_Success) { +- LOG_W("error in getEccPrivPubKeyLen"); +- goto exit; +- } +- +- if (publicKeyLen != std_pubKey_len) { +- if (key[publicKeyIndex] == 0) { +- publicKeyIndex++; +- publicKeyLen--; +- } +- } +- if (publicKeyLen != std_pubKey_len) { +- LOG_W("error in public key length"); +- goto exit; +- } +- } +- } +- +-#ifdef TMP_ENDIAN_VERBOSE +- { +- printf("Pub Key Before Reverse:\n"); +- for (size_t z = 0; z < publicKeyLen; z++) { +- printf("%02X.", key[publicKeyIndex + z]); +- } +- printf("\n"); +- } +-#endif +- +- // Conditionally Reverse Endianness +-#if SSS_HAVE_EC_MONT || SSS_HAVE_EC_ED +- if ((keyObject->curve_id == kSE05x_ECCurve_ECC_MONT_DH_25519) || +- (keyObject->curve_id == kSE05x_ECCurve_ECC_MONT_DH_448) || +- (keyObject->curve_id == kSE05x_ECCurve_ECC_ED_25519)) { +- size_t i = 0; +- size_t nByteKey = 32; // Corresponds to kSE05x_ECCurve_ECC_MONT_DH_25519 +- +- if (keyObject->curve_id == kSE05x_ECCurve_ECC_MONT_DH_448) { +- nByteKey = 56; +- } +- +- while (i < nByteKey) { +- pubKeyReversed[i] = key[publicKeyIndex + publicKeyLen - i - 1]; +- i++; +- } +- pPublicKey = &pubKeyReversed[0]; +- } +- else +-#endif // SSS_HAVE_EC_MONT || SSS_HAVE_EC_ED +- { +- pPublicKey = &key[publicKeyIndex]; +- } +- +-#ifdef TMP_ENDIAN_VERBOSE +- { +- printf("Pub Key After Reverse:\n"); +- for (size_t z = 0; z < publicKeyLen; z++) { +- printf("%02X.", pPublicKey[z]); +- } +- printf("\n"); +- } +-#endif +- +- status = sss_se05x_LL_set_ec_key(&keyStore->session->s_ctx, +- &se05x_policy, +- SE05x_MaxAttemps_NA, +- keyObject->keyId, +- curveId, +- NULL, +- 0, +- pPublicKey, +- publicKeyLen, +- transient_type, +- key_part, +- exists); +- +- ENSURE_OR_GO_EXIT(status == SM_OK); +- } +- else if (keyObject->objectType == kSSS_KeyPart_Private) { +- const uint8_t *pPrivKey = NULL; +- size_t privKeyLen = (uint16_t)keyLen; +- uint16_t privateKeyIndex = 0; +- if (exists == kSE05x_Result_FAILURE) +- key_part = kSE05x_KeyPart_Private; +- +- LOG_I("Private key should be passed without header"); +- +- switch (keyObject->curve_id) { +-#if SSS_HAVE_TPM_BN +- case kSE05x_ECCurve_TPM_ECC_BN_P256: { +- privateKeyIndex = 0; +- } break; +-#endif +-#if SSS_HAVE_SE05X_VER_GTE_06_00 && SSS_HAVE_EC_MONT +- case kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_448: { +- LOG_W( +- "Private Key injection is not supported for " +- "ECC_MONT_DH_448 curve"); +- goto exit; +- } +-#endif +- default: { +- asn_retval = getEccPrivPubKeyLen((uint32_t)keyObject->curve_id, &std_pubKey_len, &std_privKey_len); +- if (asn_retval != kStatus_SSS_Success) { +- LOG_W("error in getEccPrivPubKeyLen"); +- goto exit; +- } +- +- if (keyLen != std_privKey_len) { +- if (key[0] == 0) { +- privKeyLen = keyLen - 1; +- privateKeyIndex = 1; +- } +- } +- if (privKeyLen != std_privKey_len) { +- LOG_W("error in private key length"); +- goto exit; +- } +- } break; +- } +- +- pPrivKey = &key[privateKeyIndex]; +- +- status = sss_se05x_LL_set_ec_key(&keyStore->session->s_ctx, +- &se05x_policy, +- SE05x_MaxAttemps_NA, +- keyObject->keyId, +- curveId, +- pPrivKey, +- privKeyLen, +- NULL, +- 0, +- transient_type, +- key_part, +- exists); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- } +- else { +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +-#endif // SSSFTR_SE05X_ECC && SSSFTR_SE05X_KEY_SET +- +-#if SSSFTR_SE05X_AES && SSSFTR_SE05X_KEY_SET +-static sss_status_t sss_se05x_key_store_set_aes_key(sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- const uint8_t *key, +- size_t keyLen, +- size_t keyBitLen, +- void *policy_buff, +- size_t policy_buff_len) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- Se05xPolicy_t se05x_policy; +- SE05x_INS_t transient_type; +- SE05x_SymmKeyType_t type = kSE05x_SymmKeyType_NA; +- SE05x_KeyID_t kekID = SE05x_KeyID_KEK_NONE; +- uint8_t IdExists = 0; +- SE05x_Result_t objExists = kSE05x_Result_NA; +- +- /* Assign proper instruction type based on keyObject->isPersistant */ +- (keyObject->isPersistant) ? (transient_type = kSE05x_INS_NA) : (transient_type = kSE05x_INS_TRANSIENT); +- +- IdExists = CheckIfKeyIdExists(keyObject->keyId, &keyStore->session->s_ctx); +- objExists = (IdExists == 1) ? kSE05x_Result_SUCCESS : kSE05x_Result_FAILURE; +- +- se05x_policy.value = (uint8_t *)policy_buff; +- se05x_policy.value_len = policy_buff_len; +- +- if (keyBitLen % 8 == 0) { +- if (keyObject->cipherType == kSSS_CipherType_AES) { +- type = kSE05x_SymmKeyType_AES; +- } +- else if (keyObject->cipherType == kSSS_CipherType_CMAC) { +- type = kSE05x_SymmKeyType_CMAC; +- } +- else if (keyObject->cipherType == kSSS_CipherType_HMAC) { +- type = kSE05x_SymmKeyType_HMAC; +- } +- +- if (keyStore->kekKey != NULL) { +- kekID = keyStore->kekKey->keyId; +- } +- status = sss_se05x_LL_set_symm_key(&keyStore->session->s_ctx, +- &se05x_policy, +- SE05x_MaxAttemps_NA, +- keyObject->keyId, +- kekID, +- key, +- keyLen, +- transient_type, +- type, +- objExists); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- } +- else { +- goto exit; +- } +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +-#endif // SSSFTR_SE05X_AES && SSSFTR_SE05X_KEY_SET +- +-#if SSSFTR_SE05X_KEY_SET +-static sss_status_t sss_se05x_key_store_set_des_key(sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- const uint8_t *key, +- size_t keyLen, +- size_t keyBitLen, +- void *policy_buff, +- size_t policy_buff_len) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- Se05xPolicy_t se05x_policy; +- SE05x_INS_t transient_type; +- SE05x_KeyID_t kekID = SE05x_KeyID_KEK_NONE; +- uint8_t IdExists = 0; +- SE05x_Result_t objExists = kSE05x_Result_NA; +- +- /* Assign proper instruction type based on keyObject->isPersistant */ +- (keyObject->isPersistant) ? (transient_type = kSE05x_INS_NA) : (transient_type = kSE05x_INS_TRANSIENT); +- IdExists = CheckIfKeyIdExists(keyObject->keyId, &keyStore->session->s_ctx); +- +- objExists = (IdExists == 1) ? kSE05x_Result_SUCCESS : kSE05x_Result_FAILURE; +- se05x_policy.value = (uint8_t *)policy_buff; +- se05x_policy.value_len = policy_buff_len; +- +- if (keyStore->kekKey != NULL) { +- kekID = keyStore->kekKey->keyId; +- } +- +- status = sss_se05x_LL_set_symm_key(&keyStore->session->s_ctx, +- &se05x_policy, +- SE05x_MaxAttemps_NA, +- keyObject->keyId, +- kekID, +- key, +- keyLen, +- transient_type, +- kSE05x_SymmKeyType_DES, +- objExists); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +-#endif // SSSFTR_SE05X_KEY_SET +- +-#if 0 +-static sss_status_t sss_se05x_key_store_set_deswrapped_key( +- sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- const uint8_t *key, +- size_t keyLen, +- size_t keyBitLen, +- void *policy_buff, +- size_t policy_buff_len) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- Se05xPolicy_t se05x_policy; +- +- se05x_policy.value = (uint8_t *)policy_buff; +- se05x_policy.value_len = policy_buff_len; +- +- if (keyObject->isPersistant) { +- status = Se05x_API_DES_SetNewWrapped_P(&keyStore->session->s_ctx, +- &se05x_policy, +- keyObject->keyId, +- keyObject->kekId, +- (U16)keyBitLen, +- key, +- keyLen); +- } +- else { +- status = Se05x_API_DES_SetNewWrapped_T(&keyStore->session->s_ctx, +- &se05x_policy, +- keyObject->keyId, +- keyObject->kekId, +- (U16)keyBitLen, +- key, +- keyLen); +- } +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-#endif +- +-#if SSSFTR_SE05X_KEY_SET +-static sss_status_t sss_se05x_key_store_set_cert(sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- const uint8_t *key, +- size_t keyLen, +- size_t keyBitLen, +- void *policy_buff, +- size_t policy_buff_len) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- Se05xPolicy_t se05x_policy; +- uint16_t data_rem; +- uint16_t offset = 0; +- uint16_t fileSize = 0; +- uint8_t IdExists = 0; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- SE05x_Result_t obj_exists = kSE05x_Result_NA; +-#endif +- +- ENSURE_OR_GO_EXIT(keyLen < 0xFFFFu); +- +- IdExists = CheckIfKeyIdExists(keyObject->keyId, &keyStore->session->s_ctx); +- fileSize = (IdExists == 1) ? 0 : (uint16_t)keyLen; +- data_rem = (uint16_t)keyLen; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- obj_exists = (IdExists == 1) ? kSE05x_Result_SUCCESS : kSE05x_Result_FAILURE; +-#endif +- +- se05x_policy.value = (uint8_t *)policy_buff; +- se05x_policy.value_len = policy_buff_len; +- +- while (data_rem > 0) { +- uint16_t chunk = (data_rem > BINARY_WRITE_MAX_LEN) ? BINARY_WRITE_MAX_LEN : data_rem; +- data_rem = data_rem - chunk; +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- /* Call APIs For SE051 */ +- obj_exists = (IdExists == 1) ? kSE05x_Result_SUCCESS : kSE05x_Result_FAILURE; +- if (obj_exists == kSE05x_Result_FAILURE) { +- status = Se05x_API_WriteBinary_Ver(&keyStore->session->s_ctx, +- &se05x_policy, +- keyObject->keyId, +- offset, +- (uint16_t)fileSize, +- (key + offset), +- chunk, +- 0); +- } +- else if (obj_exists == kSE05x_Result_SUCCESS) { +- status = Se05x_API_UpdateBinary_Ver(&keyStore->session->s_ctx, +- &se05x_policy, +- keyObject->keyId, +- offset, +- (uint16_t)fileSize, +- (key + offset), +- chunk, +- 0); +- } +- else { +- LOG_E("Invalid Object exist status!!!"); +- } +-#else +- /* Call APIs For SE050 */ +- status = Se05x_API_WriteBinary(&keyStore->session->s_ctx, +- &se05x_policy, +- keyObject->keyId, +- offset, +- (uint16_t)fileSize, +- (key + offset), +- chunk); +-#endif +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- fileSize = 0; +- offset = offset + chunk; +- } +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +-#endif // SSSFTR_SE05X_KEY_SET +- +-#if 0 +-static sss_status_t sss_se05x_key_store_set_pcr( +- sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- const uint8_t *key, +- size_t keyLen, +- void *policy_buff, +- size_t policy_buff_len) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- Se05xPolicy_t se05x_policy; +- +- se05x_policy.value = (uint8_t *)policy_buff; +- se05x_policy.value_len = policy_buff_len; +- +- if (keyObject->cipherType == kSSS_CipherType_PCR) { +- status = Se05x_API_WritePCR_WithType(&keyStore->session->s_ctx, +- kSE05x_INS_NA, +- &se05x_policy, +- keyObject->keyId, +- key, +- keyLen, +- NULL, +- 0); +- } +- else if (keyObject->cipherType == kSSS_CipherType_Update_PCR) { +- status = Se05x_API_WritePCR_WithType(&keyStore->session->s_ctx, +- kSE05x_INS_NA, +- &se05x_policy, +- keyObject->keyId, +- NULL, +- 0, +- key, +- keyLen +- ); +- } +- else if (keyObject->cipherType == kSSS_CipherType_Reset_PCR) { +- status = Se05x_API_WritePCR_WithType(&keyStore->session->s_ctx, +- kSE05x_INS_NA, +- &se05x_policy, +- keyObject->keyId, +- NULL, +- 0, +- NULL, +- 0); +- } +- else +- { +- goto exit; +- } +- +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +-#endif +- +-sss_status_t sss_se05x_key_store_set_key(sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- const uint8_t *key, +- size_t keyLen, +- size_t keyBitLen, +- void *options, +- size_t optionsLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- +-#if SSSFTR_SE05X_KEY_SET +- +- sss_cipher_type_t cipher_type = kSSS_CipherType_NONE; +- sss_policy_t *policies = (sss_policy_t *)options; +- uint8_t *ppolicySet; +- size_t valid_policy_buff_len = 0; +- uint8_t policies_buff[MAX_POLICY_BUFFER_SIZE]= { 0,}; +- +- ENSURE_OR_GO_EXIT(keyStore); +- ENSURE_OR_GO_EXIT(keyObject); +- if (keyBitLen) { +- ENSURE_OR_GO_EXIT(key); +- } +- cipher_type = (sss_cipher_type_t)keyObject->cipherType; +- +- if (policies) { +- if (kStatus_SSS_Success != +- sss_se05x_create_object_policy_buffer(policies, &policies_buff[0], &valid_policy_buff_len)) { +- goto exit; +- } +- ppolicySet = policies_buff; +- } +- else { +- ppolicySet = NULL; +- } +- +- switch (cipher_type) { +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- case kSSS_CipherType_RSA: +- case kSSS_CipherType_RSA_CRT: +- if (kStatus_SSS_Success != +- sss_se05x_key_store_set_rsa_key( +- keyStore, keyObject, key, keyLen, keyBitLen, ppolicySet, valid_policy_buff_len)) { +- goto exit; +- } +- break; +-#endif +-#if SSSFTR_SE05X_ECC +- case kSSS_CipherType_EC_NIST_P: +-#if SSS_HAVE_EC_NIST_K +- case kSSS_CipherType_EC_NIST_K: +-#endif +-#if SSS_HAVE_EC_BP +- case kSSS_CipherType_EC_BRAINPOOL: +-#endif +-#if SSS_HAVE_EC_MONT +- case kSSS_CipherType_EC_MONTGOMERY: +-#endif +-#if SSS_HAVE_EC_ED +- case kSSS_CipherType_EC_TWISTED_ED: +-#endif +-#if SSS_HAVE_TPM_BN +- case kSSS_CipherType_EC_BARRETO_NAEHRIG: +-#endif +- if (kStatus_SSS_Success != +- sss_se05x_key_store_set_ecc_key( +- keyStore, keyObject, key, keyLen, keyBitLen, ppolicySet, valid_policy_buff_len)) { +- goto exit; +- } +- break; +-#endif // SSSFTR_SE05X_ECC +- case kSSS_CipherType_AES: +- if ((keyLen != 16 && keyLen != 24 && keyLen != 32 && keyLen != 40)) { +- goto exit; +- } +- /* fall through */ +- case kSSS_CipherType_CMAC: +- case kSSS_CipherType_HMAC: +-#if SSSFTR_SE05X_AES && SSSFTR_SE05X_KEY_SET +- if (kStatus_SSS_Success != +- sss_se05x_key_store_set_aes_key( +- keyStore, keyObject, key, keyLen, keyBitLen, ppolicySet, valid_policy_buff_len)) { +- goto exit; +- } +-#else +- goto exit; +-#endif +- break; +- case kSSS_CipherType_DES: +- if (kStatus_SSS_Success != +- sss_se05x_key_store_set_des_key( +- keyStore, keyObject, key, keyLen, keyBitLen, ppolicySet, valid_policy_buff_len)) { +- goto exit; +- } +- break; +- case kSSS_CipherType_Binary: +- case kSSS_CipherType_Certificate: { +- if (kStatus_SSS_Success != +- sss_se05x_key_store_set_cert( +- keyStore, keyObject, key, keyLen, keyBitLen, ppolicySet, valid_policy_buff_len)) { +- goto exit; +- } +- } break; +- default: +- goto exit; +- } +- retval = kStatus_SSS_Success; +-exit: +-#endif /* SSSFTR_SE05X_KEY_SET */ +- return retval; +-} +- +-sss_status_t sss_se05x_key_store_generate_key( +- sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, size_t keyBitLen, void *options) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- +-#if SSSFTR_SE05X_KEY_SET +- smStatus_t status = SM_NOT_OK; +- sss_policy_t *policies = (sss_policy_t *)options; +- uint8_t *ppolicySet; +- size_t valid_policy_buff_len = 0; +- Se05xPolicy_t se05x_policy; +- SE05x_INS_t transient_type; +- uint8_t IdExists = 0; +- uint8_t policies_buff[MAX_POLICY_BUFFER_SIZE]; +- ENSURE_OR_GO_EXIT(keyStore); +- ENSURE_OR_GO_EXIT(keyObject); +- +- if (policies) { +- if (kStatus_SSS_Success != +- sss_se05x_create_object_policy_buffer(policies, &policies_buff[0], &valid_policy_buff_len)) { +- goto exit; +- } +- ppolicySet = policies_buff; +- } +- else { +- ppolicySet = NULL; +- } +- se05x_policy.value = (uint8_t *)ppolicySet; +- se05x_policy.value_len = valid_policy_buff_len; +- +- /* Assign proper instruction type based on keyObject->isPersistant */ +- (keyObject->isPersistant) ? (transient_type = kSE05x_INS_NA) : (transient_type = kSE05x_INS_TRANSIENT); +- +- ENSURE_OR_GO_EXIT(keyObject->objectType == kSSS_KeyPart_Pair); +- +- switch (keyObject->cipherType) { +-#if SSSFTR_SE05X_ECC +- case kSSS_CipherType_EC_NIST_P: +-#if SSS_HAVE_EC_NIST_K +- case kSSS_CipherType_EC_NIST_K: +-#endif +-#if SSS_HAVE_EC_BP +- case kSSS_CipherType_EC_BRAINPOOL: +-#endif +-#if SSS_HAVE_EC_MONT +- case kSSS_CipherType_EC_MONTGOMERY: +-#endif +-#if SSS_HAVE_TPM_BN +- case kSSS_CipherType_EC_BARRETO_NAEHRIG: +-#endif +-#if SSS_HAVE_EC_ED +- case kSSS_CipherType_EC_TWISTED_ED: +-#endif +- { +- SE05x_ECCurve_t curve_id; +- if (keyObject->curve_id == kSE05x_ECCurve_NA) { +- keyObject->curve_id = (SE05x_ECCurve_t)se05x_sssKeyTypeLenToCurveId((sss_cipher_type_t)keyObject->cipherType, keyBitLen); +- } +- +- if (keyObject->curve_id == kSE05x_ECCurve_NA) { +- goto exit; +- } +- +- status = sss_se05x_create_curve_if_needed(&keyObject->keyStore->session->s_ctx, keyObject->curve_id); +- +- IdExists = CheckIfKeyIdExists(keyObject->keyId, &keyStore->session->s_ctx); +- curve_id = (IdExists == 1) ? kSE05x_ECCurve_NA : (SE05x_ECCurve_t)keyObject->curve_id; +- +- status = Se05x_API_WriteECKey(&keyStore->session->s_ctx, +- &se05x_policy, +- SE05x_MaxAttemps_NA, +- keyObject->keyId, +- curve_id, +- NULL, +- 0, +- NULL, +- 0, +- transient_type, +- kSE05x_KeyPart_Pair); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- break; +- } +-#endif // < SSSFTR_SE05X_ECC +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- case kSSS_CipherType_RSA: +- case kSSS_CipherType_RSA_CRT: { +- /* Hard Coded Public exponent to be 65537 */ +- //uint8_t pubexp[] = {0x01, 0x00, 0x01}; +- SE05x_KeyPart_t key_part = kSE05x_KeyPart_Pair; +- SE05x_RSAKeyFormat_t rsa_format; +- size_t keyBitLength = 0; +- if (keyObject->cipherType == kSSS_CipherType_RSA) +- rsa_format = kSE05x_RSAKeyFormat_RAW; +- else if (keyObject->cipherType == kSSS_CipherType_RSA_CRT) +- rsa_format = kSE05x_RSAKeyFormat_CRT; +- else { +- retval = kStatus_SSS_Fail; +- goto exit; +- } +- +- IdExists = CheckIfKeyIdExists(keyObject->keyId, &keyStore->session->s_ctx); +- keyBitLength = (IdExists == 1) ? 0 : keyBitLen; +- +- status = Se05x_API_WriteRSAKey(&keyStore->session->s_ctx, +- &se05x_policy, +- keyObject->keyId, +- (uint16_t)keyBitLength, +- SE05X_RSA_NO_p, +- SE05X_RSA_NO_q, +- SE05X_RSA_NO_dp, +- SE05X_RSA_NO_dq, +- SE05X_RSA_NO_qInv, +- SE05X_RSA_NO_pubExp, +- SE05X_RSA_NO_priv, +- SE05X_RSA_NO_pubMod, +- transient_type, +- key_part, +- rsa_format); +- +- ENSURE_OR_GO_EXIT(status == SM_OK); +- break; +- } +-#endif // SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- default: { +- goto exit; +- } +- } +- +- retval = kStatus_SSS_Success; +-exit: +-#endif // SSSFTR_SE05X_KEY_SET +- return retval; +-} +- +-#define ADD_DER_ECC_NISTP192_HEADER(x) ((x) + der_ecc_nistp192_header_len) +-#define REMOVE_DER_ECC_NISTP192_HEADER(x) ((x)-der_ecc_nistp192_header_len) +- +-#define ADD_DER_ECC_NISTP224_HEADER(x) ((x) + der_ecc_nistp224_header_len) +-#define REMOVE_DER_ECC_NISTP224_HEADER(x) ((x)-der_ecc_nistp224_header_len) +- +-#define ADD_DER_ECC_NISTP256_HEADER(x) ((x) + der_ecc_nistp256_header_len) +-#define REMOVE_DER_ECC_NISTP256_HEADER(x) ((x)-der_ecc_nistp256_header_len) +- +-#define ADD_DER_ECC_NISTP384_HEADER(x) ((x) + der_ecc_nistp384_header_len) +-#define REMOVE_DER_ECC_NISTP384_HEADER(x) ((x)-der_ecc_nistp384_header_len) +- +-#define ADD_DER_ECC_NISTP521_HEADER(x) ((x) + der_ecc_nistp521_header_len) +-#define REMOVE_DER_ECC_NISTP521_HEADER(x) ((x)-der_ecc_nistp521_header_len) +- +-#define ADD_DER_ECC_160K_HEADER(x) ((x) + der_ecc_160k_header_len) +-#define REMOVE_DER_ECC_160K_HEADER(x) ((x)-der_ecc_160k_header_len) +- +-#define ADD_DER_ECC_192K_HEADER(x) ((x) + der_ecc_192k_header_len) +-#define REMOVE_DER_ECC_192K_HEADER(x) ((x)-der_ecc_192k_header_len) +- +-#define ADD_DER_ECC_224K_HEADER(x) ((x) + der_ecc_224k_header_len) +-#define REMOVE_DER_ECC_224K_HEADER(x) ((x)-der_ecc_224k_header_len) +- +-#define ADD_DER_ECC_256K_HEADER(x) ((x) + der_ecc_256k_header_len) +-#define REMOVE_DER_ECC_256K_HEADER(x) ((x)-der_ecc_256k_header_len) +- +-#define ADD_DER_ECC_BP160_HEADER(x) ((x) + der_ecc_bp160_header_len) +-#define REMOVE_DER_ECC_BP160_HEADER(x) ((x)-der_ecc_bp160_header_len) +- +-#define ADD_DER_ECC_BP192_HEADER(x) ((x) + der_ecc_bp192_header_len) +-#define REMOVE_DER_ECC_BP192_HEADER(x) ((x)-der_ecc_bp192_header_len) +- +-#define ADD_DER_ECC_BP224_HEADER(x) ((x) + der_ecc_bp224_header_len) +-#define REMOVE_DER_ECC_BP224_HEADER(x) ((x)-der_ecc_bp224_header_len) +- +-#define ADD_DER_ECC_BP320_HEADER(x) ((x) + der_ecc_bp320_header_len) +-#define REMOVE_DER_ECC_BP320_HEADER(x) ((x)-der_ecc_bp320_header_len) +- +-#define ADD_DER_ECC_BP384_HEADER(x) ((x) + der_ecc_bp384_header_len) +-#define REMOVE_DER_ECC_BP384_HEADER(x) ((x)-der_ecc_bp384_header_len) +- +-#define ADD_DER_ECC_BP256_HEADER(x) ((x) + der_ecc_bp256_header_len) +-#define REMOVE_DER_ECC_BP256_HEADER(x) ((x)-der_ecc_bp256_header_len) +- +-#define ADD_DER_ECC_BP512_HEADER(x) ((x) + der_ecc_bp512_header_len) +-#define REMOVE_DER_ECC_BP512_HEADER(x) ((x)-der_ecc_bp512_header_len) +- +-#define ADD_DER_ECC_MONT_DH_448_HEADER(x) ((x) + der_ecc_mont_dh_448_header_len) +-#define REMOVE_DER_ECC_MONT_DH_448_HEADER(x) ((x)-der_ecc_mont_dh_448_header_len) +-#define ADD_DER_ECC_MONT_DH_25519_HEADER(x) ((x) + der_ecc_mont_dh_25519_header_len) +-#define REMOVE_DER_ECC_MONT_DH_25519_HEADER(x) ((x)-der_ecc_mont_dh_25519_header_len) +- +-#define ADD_DER_ECC_TWISTED_ED_25519_HEADER(x) ((x) + der_ecc_twisted_ed_25519_header_len) +-#define REMOVE_DER_ECC_TWISTED_ED_25519_HEADER(x) ((x)-der_ecc_twisted_ed_25519_header_len) +- +-#define CONVERT_BYTE(x) ((x) / 8) +-#define CONVERT_BIT(x) ((x)*8) +- +-void add_ecc_header(uint8_t *key, size_t *keylen, uint8_t **key_buf, size_t *key_buflen, uint32_t curve_id) +-{ +- if (key == NULL || key_buf == NULL || key_buflen == NULL){ +- goto exit; +- } +-#if SSSFTR_SE05X_KEY_SET +- if (curve_id == kSE05x_ECCurve_NIST_P256) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_nistp256_header_len); +- memcpy(key, gecc_der_header_nist256, der_ecc_nistp256_header_len); +- *key_buf = ADD_DER_ECC_NISTP256_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_NISTP256_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_NIST_P384) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_nistp384_header_len); +- memcpy(key, gecc_der_header_nist384, der_ecc_nistp384_header_len); +- *key_buf = ADD_DER_ECC_NISTP384_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_NISTP384_HEADER(*key_buflen); +- } +-#if SSS_HAVE_EC_NIST_192 +- else if (curve_id == kSE05x_ECCurve_NIST_P192) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_nistp192_header_len); +- memcpy(key, gecc_der_header_nist192, der_ecc_nistp192_header_len); +- *key_buf = ADD_DER_ECC_NISTP192_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_NISTP192_HEADER(*key_buflen); +- } +-#endif +-#if SSS_HAVE_EC_NIST_224 +- else if (curve_id == kSE05x_ECCurve_NIST_P224) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_nistp224_header_len); +- memcpy(key, gecc_der_header_nist224, der_ecc_nistp224_header_len); +- *key_buf = ADD_DER_ECC_NISTP224_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_NISTP224_HEADER(*key_buflen); +- } +-#endif +-#if SSS_HAVE_EC_NIST_521 +- else if (curve_id == kSE05x_ECCurve_NIST_P521) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_nistp521_header_len); +- memcpy(key, gecc_der_header_nist521, der_ecc_nistp521_header_len); +- *key_buf = ADD_DER_ECC_NISTP521_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_NISTP521_HEADER(*key_buflen); +- } +-#endif +-#if SSS_HAVE_EC_BP +- else if (curve_id == kSE05x_ECCurve_Brainpool160) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_bp160_header_len); +- memcpy(key, gecc_der_header_bp160, der_ecc_bp160_header_len); +- *key_buf = ADD_DER_ECC_BP160_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_BP160_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool192) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_bp192_header_len); +- memcpy(key, gecc_der_header_bp192, der_ecc_bp192_header_len); +- *key_buf = ADD_DER_ECC_BP192_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_BP192_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool224) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_bp224_header_len); +- memcpy(key, gecc_der_header_bp224, der_ecc_bp224_header_len); +- *key_buf = ADD_DER_ECC_BP224_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_BP224_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool320) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_bp320_header_len); +- memcpy(key, gecc_der_header_bp320, der_ecc_bp320_header_len); +- *key_buf = ADD_DER_ECC_BP320_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_BP320_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool384) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_bp384_header_len); +- memcpy(key, gecc_der_header_bp384, der_ecc_bp384_header_len); +- *key_buf = ADD_DER_ECC_BP384_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_BP384_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool256) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_bp256_header_len); +- memcpy(key, gecc_der_header_bp256, der_ecc_bp256_header_len); +- *key_buf = ADD_DER_ECC_BP256_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_BP256_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool512) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_bp512_header_len); +- memcpy(key, gecc_der_header_bp512, der_ecc_bp512_header_len); +- *key_buf = ADD_DER_ECC_BP512_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_BP512_HEADER(*key_buflen); +- } +-#endif +-#if SSS_HAVE_EC_NIST_K +- else if (curve_id == kSE05x_ECCurve_Secp256k1) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_256k_header_len); +- memcpy(key, gecc_der_header_256k, der_ecc_256k_header_len); +- *key_buf = ADD_DER_ECC_256K_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_256K_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Secp160k1) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_160k_header_len); +- memcpy(key, gecc_der_header_160k, der_ecc_160k_header_len); +- *key_buf = ADD_DER_ECC_160K_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_160K_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Secp192k1) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_192k_header_len); +- memcpy(key, gecc_der_header_192k, der_ecc_192k_header_len); +- *key_buf = ADD_DER_ECC_192K_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_192K_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Secp224k1) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_224k_header_len); +- memcpy(key, gecc_der_header_224k, der_ecc_224k_header_len); +- *key_buf = ADD_DER_ECC_224K_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_224K_HEADER(*key_buflen); +- } +-#endif +-#if SSS_HAVE_EC_MONT +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- else if (curve_id == kSE05x_ECCurve_ECC_MONT_DH_448) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_mont_dh_448_header_len); +- memcpy(key, gecc_der_header_mont_dh_448, der_ecc_mont_dh_448_header_len); +- *key_buf = ADD_DER_ECC_MONT_DH_448_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_MONT_DH_448_HEADER(*key_buflen); +- } +-#endif +- else if (curve_id == kSE05x_ECCurve_ECC_MONT_DH_25519) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_mont_dh_25519_header_len); +- memcpy(key, gecc_der_header_mont_dh_25519, der_ecc_mont_dh_25519_header_len); +- *key_buf = ADD_DER_ECC_MONT_DH_25519_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_MONT_DH_25519_HEADER(*key_buflen); +- } +-#endif // SSS_HAVE_EC_MONT +-#if SSS_HAVE_EC_ED +- else if (curve_id == kSE05x_ECCurve_ECC_ED_25519) { +- ENSURE_OR_GO_EXIT((*keylen) > der_ecc_twisted_ed_25519_header_len); +- memcpy(key, gecc_der_header_twisted_ed_25519, der_ecc_twisted_ed_25519_header_len); +- *key_buf = ADD_DER_ECC_TWISTED_ED_25519_HEADER(key); +- *key_buflen = (uint16_t)ADD_DER_ECC_TWISTED_ED_25519_HEADER(*key_buflen); +- } +-#endif +- else { +- LOG_W("Returned is not in DER Format"); +- *key_buf = key; +- *key_buflen = 0; +- } +-#endif +-exit: +- return; +-} +- +-void get_ecc_raw_data(uint8_t *key, size_t keylen, uint8_t **key_buf, size_t *key_buflen, uint32_t curve_id) +-{ +- if (key == NULL || key_buf == NULL || key_buflen == NULL){ +- goto exit; +- } +- +- if (curve_id == kSE05x_ECCurve_NIST_P256) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_nistp256_header_len); +- *key_buf = ADD_DER_ECC_NISTP256_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_NISTP256_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_NIST_P384) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_nistp384_header_len); +- *key_buf = ADD_DER_ECC_NISTP384_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_NISTP384_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_NIST_P192) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_nistp192_header_len); +- *key_buf = ADD_DER_ECC_NISTP192_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_NISTP192_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_NIST_P224) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_nistp224_header_len); +- *key_buf = ADD_DER_ECC_NISTP224_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_NISTP224_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_NIST_P521) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_nistp521_header_len); +- *key_buf = ADD_DER_ECC_NISTP521_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_NISTP521_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool160) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_bp160_header_len); +- *key_buf = ADD_DER_ECC_BP160_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_BP160_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool192) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_bp192_header_len); +- *key_buf = ADD_DER_ECC_BP192_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_BP192_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool224) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_bp224_header_len); +- *key_buf = REMOVE_DER_ECC_BP224_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_BP224_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool320) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_bp320_header_len); +- *key_buf = ADD_DER_ECC_BP320_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_BP320_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool384) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_bp384_header_len); +- *key_buf = ADD_DER_ECC_BP384_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_BP384_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool256) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_bp256_header_len); +- *key_buf = ADD_DER_ECC_BP256_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_BP256_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Brainpool512) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_bp512_header_len); +- *key_buf = ADD_DER_ECC_BP512_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_BP512_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Secp256k1) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_256k_header_len); +- *key_buf = ADD_DER_ECC_256K_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_256K_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Secp160k1) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_160k_header_len); +- *key_buf = ADD_DER_ECC_160K_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_160K_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Secp192k1) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_192k_header_len); +- *key_buf = ADD_DER_ECC_192K_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_192K_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_Secp224k1) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_224k_header_len); +- *key_buf = ADD_DER_ECC_224K_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_224K_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_ECC_ED_25519) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_twisted_ed_25519_header_len); +- *key_buf = ADD_DER_ECC_TWISTED_ED_25519_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_TWISTED_ED_25519_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_ECC_MONT_DH_25519) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_mont_dh_25519_header_len); +- *key_buf = ADD_DER_ECC_MONT_DH_25519_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_MONT_DH_25519_HEADER(*key_buflen); +- } +- else if (curve_id == kSE05x_ECCurve_ECC_MONT_DH_448) { +- ENSURE_OR_GO_EXIT(keylen > der_ecc_mont_dh_448_header_len); +- *key_buf = ADD_DER_ECC_MONT_DH_448_HEADER(key); +- *key_buflen = (uint16_t)REMOVE_DER_ECC_MONT_DH_448_HEADER(*key_buflen); +- } +- else { +- LOG_W("Returned is not in DER Format"); +- *key_buf = key; +- *key_buflen = 0; +- } +- +-exit: +- return; +-} +- +-sss_status_t sss_se05x_key_store_get_key( +- sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, uint8_t *key, size_t *keylen, size_t *pKeyBitLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- sss_cipher_type_t cipher_type = kSSS_CipherType_NONE; +- smStatus_t status = SM_NOT_OK; +- uint16_t size; +- ENSURE_OR_GO_EXIT(keyObject); +- ENSURE_OR_GO_EXIT(key); +- ENSURE_OR_GO_EXIT(keylen); +- ENSURE_OR_GO_EXIT(pKeyBitLen); +- +- cipher_type = (sss_cipher_type_t)keyObject->cipherType; +- +- switch (cipher_type) { +- case kSSS_CipherType_EC_NIST_P: +-#if SSS_HAVE_EC_NIST_K +- case kSSS_CipherType_EC_NIST_K: +-#endif +-#if SSS_HAVE_EC_BP +- case kSSS_CipherType_EC_BRAINPOOL: +-#endif +-#if SSS_HAVE_TPM_BN +- case kSSS_CipherType_EC_BARRETO_NAEHRIG: +-#endif +-#if SSS_HAVE_EC_MONT +- case kSSS_CipherType_EC_MONTGOMERY: +-#endif +-#if SSS_HAVE_EC_ED +- case kSSS_CipherType_EC_TWISTED_ED: +-#endif +- { +- uint8_t *key_buf = NULL; +- size_t key_buflen = 0; +- +- /* Return the Key length including the ECC DER Header */ +- add_ecc_header(key, keylen, &key_buf, &key_buflen, keyObject->curve_id); +- (*keylen) = (*keylen) - key_buflen; +- +- status = Se05x_API_ReadObject(&keyStore->session->s_ctx, keyObject->keyId, 0, 0, key_buf, keylen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- /* Change Endiannes. */ +-#if SSS_HAVE_TPM_BN || SSS_HAVE_EC_ED +- if ((keyObject->curve_id == kSE05x_ECCurve_ECC_MONT_DH_25519) || +- (keyObject->curve_id == kSE05x_ECCurve_ECC_MONT_DH_448) || +- (keyObject->curve_id == kSE05x_ECCurve_ECC_ED_25519)) { +- for (size_t keyValueIdx = 0; keyValueIdx < (*keylen >> 1); keyValueIdx++) { +- uint8_t swapByte = key_buf[keyValueIdx]; +- key_buf[keyValueIdx] = key_buf[*keylen - 1 - keyValueIdx]; +- key_buf[*keylen - 1 - keyValueIdx] = swapByte; +- } +- } +-#endif +- +- /* Return the Key length with header length */ +- *keylen += key_buflen; +- +- break; +- } +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- case kSSS_CipherType_RSA: +- case kSSS_CipherType_RSA_CRT: { +- uint8_t modulus[1024] = {0}; +- uint8_t exponent[4] = {0}; +- size_t modLen = sizeof(modulus); +- size_t expLen = sizeof(exponent); +- +- status = Se05x_API_ReadRSA( +- &keyStore->session->s_ctx, keyObject->keyId, 0, 0, kSE05x_RSAPubKeyComp_MOD, modulus, &modLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- status = Se05x_API_ReadRSA( +- &keyStore->session->s_ctx, keyObject->keyId, 0, 0, kSE05x_RSAPubKeyComp_PUB_EXP, exponent, &expLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- if (sss_util_asn1_rsa_get_public(key, keylen, modulus, modLen, exponent, expLen) != kStatus_SSS_Success) { +- goto exit; +- } +- } break; +-#endif // SSSFTR_SE05X_RSA && && SSS_HAVE_RSA +- case kSSS_CipherType_AES: +- status = Se05x_API_ReadObject(&keyStore->session->s_ctx, keyObject->keyId, 0, 0, key, keylen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- break; +- case kSSS_CipherType_Binary: +- case kSSS_CipherType_Certificate: { +- uint16_t rem_data = 0; +- uint16_t offset = 0; +- size_t max_buffer = 0; +- status = Se05x_API_ReadSize(&keyStore->session->s_ctx, keyObject->keyId, &size); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- if (*keylen < size) { +- LOG_E("Insufficient buffer "); +- goto exit; +- } +- +- rem_data = size; +- *keylen = size; +- while (rem_data > 0) { +- uint16_t chunk = (rem_data > BINARY_WRITE_MAX_LEN) ? BINARY_WRITE_MAX_LEN : rem_data; +- rem_data = rem_data - chunk; +- max_buffer = chunk; +- status = Se05x_API_ReadObject( +- &keyStore->session->s_ctx, keyObject->keyId, offset, chunk, (key + offset), &max_buffer); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- offset = offset + chunk; +- } +- +- } break; +- case kSSS_CipherType_DES: +- status = Se05x_API_ReadObject(&keyStore->session->s_ctx, keyObject->keyId, 0, 0, key, keylen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- break; +- case kSSS_CipherType_PCR: +- status = Se05x_API_ReadObject(&keyStore->session->s_ctx, keyObject->keyId, 0, 0, key, keylen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- break; +- case kSSS_CipherType_Count: +- status = Se05x_API_ReadObject(&keyStore->session->s_ctx, keyObject->keyId, 0, 0, key, keylen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- break; +- default: +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_key_store_get_key_attst(sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- uint8_t *key, +- size_t *keylen, +- size_t *pKeyBitLen, +- sss_se05x_object_t *keyObject_attst, +- sss_algorithm_t algorithm_attst, +- uint8_t *random_attst, +- size_t randomLen_attst, +- sss_se05x_attst_data_t *attst_data) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- sss_cipher_type_t cipher_type = (sss_cipher_type_t)keyObject->cipherType; +- smStatus_t status = SM_NOT_OK; +- uint16_t size; +- +- uint32_t attestID; +- SE05x_AttestationAlgo_t attestAlgo; +- +- attestID = keyObject_attst->keyId; +- +- switch (keyObject_attst->cipherType) { +- case kSSS_CipherType_EC_NIST_P: +-#if SSS_HAVE_EC_NIST_K +- case kSSS_CipherType_EC_NIST_K: +-#endif +-#if SSS_HAVE_EC_BP +- case kSSS_CipherType_EC_BRAINPOOL: +-#endif +- { +- SE05x_ECSignatureAlgo_t ecSignAlgo = (SE05x_ECSignatureAlgo_t)se05x_get_ec_sign_hash_mode(algorithm_attst); +- attestAlgo = (SE05x_AttestationAlgo_t)ecSignAlgo; +- } break; +- +-#if SSS_HAVE_EC_ED || SSS_HAVE_TPM_BN +- case kSSS_CipherType_EC_TWISTED_ED: +- case kSSS_CipherType_EC_BARRETO_NAEHRIG: { +- LOG_E("Attestation not supported"); +- return retval; +- } break; +-#endif +- +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- case kSSS_CipherType_RSA: +- case kSSS_CipherType_RSA_CRT: { +- SE05x_RSASignatureAlgo_t rsaSigningAlgo = se05x_get_rsa_sign_hash_mode(algorithm_attst); +- attestAlgo = (SE05x_AttestationAlgo_t)rsaSigningAlgo; +- } break; +-#endif +- default: +- goto exit; +- } +- +- switch (cipher_type) { +- case kSSS_CipherType_EC_NIST_P: +-#if SSS_HAVE_EC_NIST_K +- case kSSS_CipherType_EC_NIST_K: +-#endif +-#if SSS_HAVE_EC_BP +- case kSSS_CipherType_EC_BRAINPOOL: +-#endif +-#if SSS_HAVE_TPM_BN +- case kSSS_CipherType_EC_BARRETO_NAEHRIG: +-#endif +-#if SSS_HAVE_EC_MONT +- case kSSS_CipherType_EC_MONTGOMERY: +-#endif +-#if SSS_HAVE_EC_ED +- case kSSS_CipherType_EC_TWISTED_ED: +-#endif +- { +- uint8_t *key_buf = NULL; +- size_t key_buflen = 0; +- +- /* Return the Key length including the ECC DER Header */ +- add_ecc_header(key, keylen, &key_buf, &key_buflen, keyObject->curve_id); +- (*keylen) = (*keylen) - key_buflen; +- +- attst_data->data[0].timeStampLen = sizeof(SE05x_TimeStamp_t); +- status = Se05x_API_ReadObject_W_Attst(&keyStore->session->s_ctx, +- keyObject->keyId, +- 0, +- 0, +- attestID, +- attestAlgo, +- random_attst, +- randomLen_attst, +- key_buf, +- keylen, +- attst_data->data[0].attribute, +- &(attst_data->data[0].attributeLen), +- &(attst_data->data[0].timeStamp), +- attst_data->data[0].outrandom, +- &(attst_data->data[0].outrandomLen), +- attst_data->data[0].chipId, +- &(attst_data->data[0].chipIdLen), +- attst_data->data[0].signature, +- &(attst_data->data[0].signatureLen)); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +-#if SSS_HAVE_EC_MONT || SSS_HAVE_EC_ED +- /* Change Endiannes. */ +- if ((keyObject->curve_id == kSE05x_ECCurve_ECC_MONT_DH_25519) || +- (keyObject->curve_id == kSE05x_ECCurve_ECC_MONT_DH_448) || +- (keyObject->curve_id == kSE05x_ECCurve_ECC_ED_25519)) { +- for (size_t keyValueIdx = 0; keyValueIdx < (*keylen >> 1); keyValueIdx++) { +- uint8_t swapByte = key_buf[keyValueIdx]; +- key_buf[keyValueIdx] = key_buf[*keylen - 1 - keyValueIdx]; +- key_buf[*keylen - 1 - keyValueIdx] = swapByte; +- } +- } +-#endif +- +- attst_data->valid_number = 1; +- /* Return the Key length with header length */ +- *keylen += key_buflen; +- +- break; +- } +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- case kSSS_CipherType_RSA: +- case kSSS_CipherType_RSA_CRT: { +- uint8_t modulus[1024]; +- uint8_t exponent[4]; +- size_t modLen = sizeof(modulus); +- size_t expLen = sizeof(exponent); +- uint16_t key_size_bytes = 0; +- +- if (attestAlgo == kSE05x_AttestationAlgo_RSA_SHA_512_PKCS1 || +- attestAlgo == kSE05x_AttestationAlgo_RSA_SHA512_PKCS1_PSS) { +- status = Se05x_API_ReadSize(&keyStore->session->s_ctx, keyObject_attst->keyId, &key_size_bytes); +- if (status != SM_OK) { +- return kStatus_SSS_Fail; +- } +- +- if ((key_size_bytes * 8) == 512) { +- return kStatus_SSS_Fail; +- } +- } +- +- attst_data->data[0].timeStampLen = sizeof(SE05x_TimeStamp_t); +- status = Se05x_API_ReadRSA_W_Attst(&keyStore->session->s_ctx, +- keyObject->keyId, +- 0, +- 0, +- kSE05x_RSAPubKeyComp_MOD, +- attestID, +- attestAlgo, +- random_attst, +- randomLen_attst, +- modulus, +- &modLen, +- attst_data->data[0].attribute, +- &(attst_data->data[0].attributeLen), +- &(attst_data->data[0].timeStamp), +- attst_data->data[0].outrandom, +- &(attst_data->data[0].outrandomLen), +- attst_data->data[0].chipId, +- &(attst_data->data[0].chipIdLen), +- attst_data->data[0].signature, +- &(attst_data->data[0].signatureLen)); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- attst_data->data[1].timeStampLen = sizeof(SE05x_TimeStamp_t); +- status = Se05x_API_ReadRSA_W_Attst(&keyStore->session->s_ctx, +- keyObject->keyId, +- 0, +- 0, +- kSE05x_RSAPubKeyComp_PUB_EXP, +- attestID, +- attestAlgo, +- random_attst, +- randomLen_attst, +- exponent, +- &expLen, +- attst_data->data[1].attribute, +- &(attst_data->data[1].attributeLen), +- &(attst_data->data[1].timeStamp), +- attst_data->data[1].outrandom, +- &(attst_data->data[1].outrandomLen), +- attst_data->data[1].chipId, +- &(attst_data->data[1].chipIdLen), +- attst_data->data[1].signature, +- &(attst_data->data[1].signatureLen)); +- +- attst_data->valid_number = 2; +- +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- if (sss_util_asn1_rsa_get_public(key, keylen, modulus, modLen, exponent, expLen) != kStatus_SSS_Success) { +- goto exit; +- } +- } break; +-#endif // SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- case kSSS_CipherType_AES: +- attst_data->data[0].timeStampLen = sizeof(SE05x_TimeStamp_t); +- status = Se05x_API_ReadObject_W_Attst(&keyStore->session->s_ctx, +- keyObject->keyId, +- 0, +- 0, +- attestID, +- attestAlgo, +- random_attst, +- randomLen_attst, +- key, +- keylen, +- attst_data->data[0].attribute, +- &(attst_data->data[0].attributeLen), +- &(attst_data->data[0].timeStamp), +- attst_data->data[0].outrandom, +- &(attst_data->data[0].outrandomLen), +- attst_data->data[0].chipId, +- &(attst_data->data[0].chipIdLen), +- attst_data->data[0].signature, +- &(attst_data->data[0].signatureLen)); +- +- attst_data->valid_number = 1; +- +- ENSURE_OR_GO_EXIT(status == SM_OK); +- break; +- case kSSS_CipherType_Binary: +- case kSSS_CipherType_Certificate: { +- uint16_t rem_data = 0; +- uint16_t offset = 0; +- size_t dataLen = 0; +- // size_t signatureLen = 0; +- status = Se05x_API_ReadSize(&keyStore->session->s_ctx, keyObject->keyId, &size); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- if (*keylen < size) { +- LOG_E("Insufficient buffer "); +- goto exit; +- } +- +- rem_data = size; +- *keylen = size; +- if (size > BINARY_WRITE_MAX_LEN) { +- LOG_E("Cannot read large binary data with attestation"); +- goto exit; +- } +- // while (rem_data > 0) { +- // uint16_t chunk = (rem_data > BINARY_WRITE_MAX_LEN) ? +- // BINARY_WRITE_MAX_LEN : +- // rem_data; +- // rem_data = rem_data - chunk; +- dataLen = rem_data; +- +- // signatureLen = attst_data->data[0].signatureLen; +- attst_data->data[0].timeStampLen = sizeof(SE05x_TimeStamp_t); +- status = Se05x_API_ReadObject_W_Attst(&keyStore->session->s_ctx, +- keyObject->keyId, +- offset, +- rem_data, +- attestID, +- attestAlgo, +- random_attst, +- randomLen_attst, +- (key + 0), +- &dataLen, +- attst_data->data[0].attribute, +- &(attst_data->data[0].attributeLen), +- &(attst_data->data[0].timeStamp), +- attst_data->data[0].outrandom, +- &(attst_data->data[0].outrandomLen), +- attst_data->data[0].chipId, +- &(attst_data->data[0].chipIdLen), +- attst_data->data[0].signature, +- &attst_data->data[0].signatureLen); +- +- // attst_data->data[0].signatureLen -= signatureLen; +- // attst_data->valid_number = 1; +- +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- // offset = offset + chunk; +- // } +- } break; +- case kSSS_CipherType_DES: +- attst_data->data[0].timeStampLen = sizeof(SE05x_TimeStamp_t); +- status = Se05x_API_ReadObject_W_Attst(&keyStore->session->s_ctx, +- keyObject->keyId, +- 0, +- 0, +- attestID, +- attestAlgo, +- random_attst, +- randomLen_attst, +- key, +- keylen, +- attst_data->data[0].attribute, +- &(attst_data->data[0].attributeLen), +- &(attst_data->data[0].timeStamp), +- attst_data->data[0].outrandom, +- &(attst_data->data[0].outrandomLen), +- attst_data->data[0].chipId, +- &(attst_data->data[0].chipIdLen), +- attst_data->data[0].signature, +- &(attst_data->data[0].signatureLen)); +- +- attst_data->valid_number = 1; +- +- ENSURE_OR_GO_EXIT(status == SM_OK); +- break; +- +- case kSSS_CipherType_PCR: +- attst_data->data[0].timeStampLen = sizeof(SE05x_TimeStamp_t); +- status = Se05x_API_ReadObject_W_Attst(&keyStore->session->s_ctx, +- keyObject->keyId, +- 0, +- 0, +- attestID, +- attestAlgo, +- random_attst, +- randomLen_attst, +- key, +- keylen, +- attst_data->data[0].attribute, +- &(attst_data->data[0].attributeLen), +- &(attst_data->data[0].timeStamp), +- attst_data->data[0].outrandom, +- &(attst_data->data[0].outrandomLen), +- attst_data->data[0].chipId, +- &(attst_data->data[0].chipIdLen), +- attst_data->data[0].signature, +- &(attst_data->data[0].signatureLen)); +- +- attst_data->valid_number = 1; +- +- ENSURE_OR_GO_EXIT(status == SM_OK); +- break; +- +- case kSSS_CipherType_Count: +- attst_data->data[0].timeStampLen = sizeof(SE05x_TimeStamp_t); +- status = Se05x_API_ReadObject_W_Attst(&keyStore->session->s_ctx, +- keyObject->keyId, +- 0, +- 0, +- attestID, +- attestAlgo, +- random_attst, +- randomLen_attst, +- key, +- keylen, +- attst_data->data[0].attribute, +- &(attst_data->data[0].attributeLen), +- &(attst_data->data[0].timeStamp), +- attst_data->data[0].outrandom, +- &(attst_data->data[0].outrandomLen), +- attst_data->data[0].chipId, +- &(attst_data->data[0].chipIdLen), +- attst_data->data[0].signature, +- &(attst_data->data[0].signatureLen)); +- +- attst_data->valid_number = 1; +- +- ENSURE_OR_GO_EXIT(status == SM_OK); +- break; +- +- case kSSS_CipherType_HMAC: +- case kSSS_CipherType_CMAC: +- case kSSS_CipherType_UserID: { +- attst_data->data[0].timeStampLen = sizeof(SE05x_TimeStamp_t); +- status = Se05x_API_ReadObject_W_Attst(&keyStore->session->s_ctx, +- keyObject->keyId, +- 0, +- 0, +- attestID, +- attestAlgo, +- random_attst, +- randomLen_attst, +- key, +- keylen, +- attst_data->data[0].attribute, +- &(attst_data->data[0].attributeLen), +- &(attst_data->data[0].timeStamp), +- attst_data->data[0].outrandom, +- &(attst_data->data[0].outrandomLen), +- attst_data->data[0].chipId, +- &(attst_data->data[0].chipIdLen), +- attst_data->data[0].signature, +- &(attst_data->data[0].signatureLen)); +- +- attst_data->valid_number = 1; +- +- ENSURE_OR_GO_EXIT(status == SM_OK); +- break; +- } +- default: +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-#if 0 +-/* To be reviewed: Purnank */ +-sss_status_t sss_se05x_key_store_get_key_fromoffset(sss_se05x_key_store_t *keyStore, +- sss_se05x_object_t *keyObject, +- uint8_t *key, +- size_t *keylen, +- size_t *pKeyBitLen, +- uint16_t offset) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- sss_key_type_t key_type = keyObject->objectType; +- smStatus_t status = SM_NOT_OK; +- +- switch (key_type) { +- case kSSS_KeyType_Certificate: +- status = +- Se05x_API_FIL_BinaryReadFromOffset(&keyStore->session->s_ctx, +- keyObject->keyId, +- (uint16_t)*keylen, +- offset, +- key, +- keylen); +- if (status != SM_OK) +- goto exit; +- break; +- default: +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +-#endif +-sss_status_t sss_se05x_key_store_open_key(sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- +- if (NULL == keyObject) { +- keyStore->kekKey = NULL; +- retval = kStatus_SSS_Success; +- } +- else if (keyObject->keyStore == keyStore) { +- keyStore->kekKey = keyObject; +- retval = kStatus_SSS_Success; +- } +- else { +- LOG_W("KeyObject must be of same KeyStore."); +- } +- +- return retval; +-} +- +-sss_status_t sss_se05x_key_store_freeze_key(sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- /* Purpose / Policy is set during creation time and hence can not +- * enforced in SE050 later on */ +- return retval; +-} +- +-sss_status_t sss_se05x_key_store_erase_key(sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- ENSURE_OR_GO_EXIT(keyStore); +- ENSURE_OR_GO_EXIT(keyObject); +- +- status = Se05x_API_DeleteSecureObject(&keyStore->session->s_ctx, keyObject->keyId); +- if (SM_OK == status) { +- LOG_D("Erased Key id %X", keyObject->keyId); +- retval = kStatus_SSS_Success; +- } +- else { +- LOG_W("Could not delete Key id %X", keyObject->keyId); +- } +-exit: +- return retval; +-} +- +-void sss_se05x_key_store_context_free(sss_se05x_key_store_t *keyStore) +-{ +- memset(keyStore, 0, sizeof(*keyStore)); +-} +- +-sss_status_t sss_se05x_key_store_export_key( +- sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, uint8_t *key, size_t *keylen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- sss_cipher_type_t cipher_type = (sss_cipher_type_t)keyObject->cipherType; +- smStatus_t status = SM_NOT_OK; +- +- switch (cipher_type) { +- case kSSS_CipherType_EC_NIST_P: +-#if SSS_HAVE_EC_NIST_K +- case kSSS_CipherType_EC_NIST_K: +-#endif +-#if SSS_HAVE_EC_BP +- case kSSS_CipherType_EC_BRAINPOOL: +-#endif +-#if SSS_HAVE_TPM_BN +- case kSSS_CipherType_EC_BARRETO_NAEHRIG: +-#endif +-#if SSS_HAVE_EC_MONT +- case kSSS_CipherType_EC_MONTGOMERY: +-#endif +-#if SSS_HAVE_EC_ED +- case kSSS_CipherType_EC_TWISTED_ED: +-#endif +- case kSSS_CipherType_AES: +- case kSSS_CipherType_DES: { +- status = +- Se05x_API_ExportObject(&keyStore->session->s_ctx, keyObject->keyId, kSE05x_RSAKeyComponent_NA, key, keylen); +- if (status != SM_OK) { +- goto exit; +- } +- +- break; +- } +- +- default: +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_key_store_import_key( +- sss_se05x_key_store_t *keyStore, sss_se05x_object_t *keyObject, uint8_t *key, size_t keylen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- sss_cipher_type_t cipher_type = (sss_cipher_type_t)keyObject->cipherType; +- smStatus_t status = SM_NOT_OK; +- +- switch (cipher_type) { +- case kSSS_CipherType_EC_NIST_P: +-#if SSS_HAVE_EC_NIST_K +- case kSSS_CipherType_EC_NIST_K: +-#endif +-#if SSS_HAVE_EC_BP +- case kSSS_CipherType_EC_BRAINPOOL: +-#endif +-#if SSS_HAVE_TPM_BN +- case kSSS_CipherType_EC_BARRETO_NAEHRIG: +-#endif +-#if SSS_HAVE_EC_MONT +- case kSSS_CipherType_EC_MONTGOMERY: +-#endif +-#if SSS_HAVE_EC_ED +- case kSSS_CipherType_EC_TWISTED_ED: +-#endif +- case kSSS_CipherType_AES: +- case kSSS_CipherType_DES: { +- status = +- Se05x_API_ImportObject(&keyStore->session->s_ctx, keyObject->keyId, kSE05x_RSAKeyComponent_NA, key, keylen); +- if (status != SM_OK) { +- goto exit; +- } +- +- break; +- } +- +- default: +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-/* End: se05x_keystore */ +- +-/* ************************************************************************** */ +-/* Functions : sss_se05x_asym */ +-/* ************************************************************************** */ +- +-sss_status_t sss_se05x_asymmetric_context_init(sss_se05x_asymmetric_t *context, +- sss_se05x_session_t *session, +- sss_se05x_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- +- context->session = session; +- context->keyObject = keyObject; +- context->algorithm = algorithm; +- context->mode = mode; +- +- return retval; +-} +- +-sss_status_t sss_se05x_asymmetric_encrypt( +- sss_se05x_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- smStatus_t status = SM_NOT_OK; +- SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo = se05x_get_rsa_encrypt_mode(context->algorithm); +- status = Se05x_API_RSAEncrypt( +- &context->session->s_ctx, context->keyObject->keyId, rsaEncryptionAlgo, srcData, srcLen, destData, destLen); +- if (status == SM_OK) +- retval = kStatus_SSS_Success; +-#endif +- return retval; +-} +- +-sss_status_t sss_se05x_asymmetric_decrypt( +- sss_se05x_asymmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- smStatus_t status = SM_NOT_OK; +- +- SE05x_RSAEncryptionAlgo_t rsaEncryptionAlgo = se05x_get_rsa_encrypt_mode(context->algorithm); +- status = Se05x_API_RSADecrypt( +- &context->session->s_ctx, context->keyObject->keyId, rsaEncryptionAlgo, srcData, srcLen, destData, destLen); +- if (status == SM_OK) +- retval = kStatus_SSS_Success; +-#endif +- return retval; +-} +- +-sss_status_t sss_se05x_asymmetric_sign_digest( +- sss_se05x_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t *signatureLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- +-#if SSSFTR_SE05X_ECC || SSSFTR_SE05X_RSA +- if (kStatus_SSS_Success != se05x_check_input_len(digestLen, context->algorithm)) { +- LOG_E("Algorithm and digest length do not match"); +- return kStatus_SSS_Fail; +- } +-#endif +- +- switch (context->keyObject->cipherType) { +-#if SSSFTR_SE05X_ECC +- case kSSS_CipherType_EC_NIST_P: +-#if SSS_HAVE_EC_NIST_K +- case kSSS_CipherType_EC_NIST_K: +-#endif +-#if SSS_HAVE_EC_BP +- case kSSS_CipherType_EC_BRAINPOOL: +-#endif +- { +- SE05x_ECSignatureAlgo_t ecSignAlgo = se05x_get_ec_sign_hash_mode(context->algorithm); +- status = Se05x_API_ECDSASign(&context->session->s_ctx, +- context->keyObject->keyId, +- ecSignAlgo, +- digest, +- digestLen, +- signature, +- signatureLen); +- } break; +-#if SSS_HAVE_TPM_BN && SSS_HAVE_ECDAA +- case kSSS_CipherType_EC_BARRETO_NAEHRIG: { +- if (context->algorithm != kAlgorithm_SSS_ECDAA) { +- return kStatus_SSS_Fail; +- } +- /* clang-format off */ +- uint8_t random[32] = { +- 0x7A, 0xCB, 0x93, 0x3D, 0xBE, 0x70, 0x39, 0x9B, 0xF6, +- 0xC9, 0x2D, 0xA3, 0x3A, 0xF0, 0x1D, 0x4F, 0xB7, 0x70, +- 0xE9, 0x8C, 0x03, 0x25, 0xF4, 0x1D, 0x3E, 0xBA, 0xF8, +- 0x98, 0x6D, 0xA7, 0x12, 0xCA +- }; +- /* clang-format on */ +- uint8_t raw_signature[64]; +- size_t raw_signatureLen = sizeof(raw_signature); +- SE05x_ECDAASignatureAlgo_t ecSignAlgo = kSE05x_ECDAASignatureAlgo_ECDAA; +- sss_status_t asn_retval = kStatus_SSS_Fail; +- +- status = Se05x_API_ECDAASign(&context->session->s_ctx, +- context->keyObject->keyId, +- ecSignAlgo, +- digest, +- digestLen, +- random, +- sizeof(random), +- raw_signature, +- &raw_signatureLen); +- if (status != SM_OK) { +- LOG_E("SE050 ECDAA Sign failed"); +- return kStatus_SSS_Fail; +- } +- +- asn_retval = sss_util_asn1_ecdaa_get_signature(signature, signatureLen, raw_signature, raw_signatureLen); +- if (asn_retval != kStatus_SSS_Success) { +- LOG_E("SE050 ECDAA Sign failed"); +- return kStatus_SSS_Fail; +- } +- } break; +-#endif // SSS_HAVE_TPM_BN && SSS_HAVE_ECDAA +-#if SSS_HAVE_SE05X_VER_GTE_06_00 && SSS_HAVE_EC_MONT +- case kSSS_CipherType_EC_MONTGOMERY: { +- LOG_W( +- "Sign operation is not supported for " +- "kSSS_CipherType_EC_MONTGOMERY curve"); +- return kStatus_SSS_Fail; +- } break; +-#endif // SSS_HAVE_SE05X_VER_GTE_06_00 && SSS_HAVE_EC_MONT +-#endif //SSSFTR_SE05X_ECC +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- case kSSS_CipherType_RSA: +- case kSSS_CipherType_RSA_CRT: { +- if ((context->algorithm <= kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512) && +- (context->algorithm >= kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1)) { +- /* Perform EMSA encoding on input data and and RSA decrypt on emsa data --> RSA sign without hash */ +- /* clang-format off */ +- uint8_t emsa_data[512] = {0,}; /* MAX - SHA512*/ +- size_t emsa_len = sizeof(emsa_data); +- /* clang-format on */ +- +- if (0 != emsa_encode(context, digest, digestLen, emsa_data, &emsa_len)) { +- return kStatus_SSS_Fail; +- } +- status = Se05x_API_RSADecrypt(&context->session->s_ctx, +- context->keyObject->keyId, +- kSE05x_RSAEncryptionAlgo_NO_PAD, +- emsa_data, +- emsa_len, +- signature, +- signatureLen); +- } +- else if ((context->algorithm <= kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512) && +- (context->algorithm >= kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1)) { +- /* Perform PKCS1-v15 encoding on input data and and RSA decrypt on PKCS1-v15 data --> RSA sign without hash */ +- /* clang-format off */ +- uint8_t pkcs1v15_encode_data[512] = {0,}; /* MAX - SHA512*/ +- size_t encode_data_len = sizeof(pkcs1v15_encode_data); +- /* clang-format on */ +- +- if (0 != pkcs1_v15_encode(context, digest, digestLen, pkcs1v15_encode_data, &encode_data_len)) { +- return kStatus_SSS_Fail; +- } +- status = Se05x_API_RSADecrypt(&context->session->s_ctx, +- context->keyObject->keyId, +- kSE05x_RSAEncryptionAlgo_NO_PAD, +- pkcs1v15_encode_data, +- encode_data_len, +- signature, +- signatureLen); +- } +- else if (context->algorithm == kAlgorithm_SSS_RSASSA_PKCS1_V1_5_NO_HASH) { +- /* Perform PKCS1-v15 encoding on input data and and RSA decrypt on PKCS1-v15 data --> RSA sign without hash */ +- /* clang-format off */ +- uint8_t pkcs1v15_encode_data[512] = {0,}; /* MAX - SHA512*/ +- size_t encode_data_len = sizeof(pkcs1v15_encode_data); +- /* clang-format on */ +- +- if (0 != pkcs1_v15_encode_no_hash(context, digest, digestLen, pkcs1v15_encode_data, &encode_data_len)) { +- return kStatus_SSS_Fail; +- } +- status = Se05x_API_RSADecrypt(&context->session->s_ctx, +- context->keyObject->keyId, +- kSE05x_RSAEncryptionAlgo_NO_PAD, +- pkcs1v15_encode_data, +- encode_data_len, +- signature, +- signatureLen); +- } +- else if (context->algorithm == kAlgorithm_SSS_RSASSA_NO_PADDING) { +- uint8_t padded_data[512] = {0}; +- size_t padded_len = sizeof(padded_data); +- +- size_t parsedKeyByteLen = 0; +- uint16_t u16parsedKeyByteLen = 0; +- status = Se05x_API_ReadSize(&context->session->s_ctx, context->keyObject->keyId, &u16parsedKeyByteLen); +- parsedKeyByteLen = u16parsedKeyByteLen; +- if (status != SM_OK) { +- return kStatus_SSS_Fail; +- } +- +- if (digestLen <= parsedKeyByteLen && digestLen > 0) { +- memset(padded_data, 0x00, padded_len); +- memcpy(&padded_data[parsedKeyByteLen - digestLen], &digest[0], digestLen); +- padded_len = parsedKeyByteLen; +- } +- else { +- return kStatus_SSS_Fail; +- } +- status = Se05x_API_RSADecrypt(&context->session->s_ctx, +- context->keyObject->keyId, +- kSE05x_RSAEncryptionAlgo_NO_PAD, +- padded_data, +- padded_len, +- signature, +- signatureLen); +- } +- else { +- LOG_E("Selected padding is not supported for RSA Sign in SE050"); +- return kStatus_SSS_Fail; +- } +- } break; +-#endif // SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- default: +- break; +- } +- +- if (status == SM_OK) { +- retval = kStatus_SSS_Success; +- +-#if 0 // SSS_HAVE_MBEDTLS && SSSFTR_SE05X_ECC +- if (context->keyObject->cipherType >= kSSS_CipherType_EC_NIST_P && +- context->keyObject->cipherType < +- kSSS_CipherType_EC_BARRETO_NAEHRIG) { +- int ret; +- /* Workaround for ECDSA signiture to omit prefix zeros if asn1 +- signiutre tag (integer) length in R and S component is 20 */ +- +- size_t length = 0, bufIndex = 0; +- ret = asn_1_parse_tlv(signature, &length, &bufIndex); +- if (ret != 0) { +- retval = kStatus_SSS_Fail; +- return retval; +- } +- if (signature[bufIndex] == 0x02) /* Check for tag interger */ +- { +- LOG_AU8_D(signature, *signatureLen); +- +- int count = 0; +- uint16_t i = 0; +- /* For R and S component */ +- for (i = 0; i < 2; i++) { +- count = 0; +- ret = asn_1_parse_tlv(signature, &length, &bufIndex); +- if (ret != 0) { +- retval = kStatus_SSS_Fail; +- return retval; +- } +- if (length == 0x20) { +- size_t j = bufIndex; +- for (;; j++) { +- if (signature[j] == 0 && signature[j + 1] > 0x7F) { +- count++; +- } +- else { +- break; +- } +- } +- } +- if (count) { +- uint16_t k = 0; +- signature[bufIndex - 1] -= +- count; /* Update the tag length */ +- signature[1] -= +- count; /* Update the Sequence tag length */ +- +- for (k = 0; k < (*signatureLen - bufIndex - count); +- k++) { +- signature[bufIndex + k] = +- signature[bufIndex + count + k]; +- } +- +- *signatureLen -= count; +- } +- bufIndex += length - count; +- } +- } +- } +-#endif // SSS_HAVE_MBEDTLS && SSSFTR_SE05X_ECC +- } +- +- return retval; +-} +- +-sss_status_t sss_se05x_asymmetric_sign( +- sss_se05x_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if (SSSFTR_SE05X_RSA && SSS_HAVE_RSA) || (SSSFTR_SE05X_ECC && SSS_HAVE_EC_ED) +- smStatus_t status = SM_NOT_OK; +-#endif +- +- switch (context->keyObject->cipherType) { +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- case kSSS_CipherType_RSA: +- case kSSS_CipherType_RSA_CRT: { +- SE05x_RSASignatureAlgo_t rsaSigningAlgo = se05x_get_rsa_sign_hash_mode(context->algorithm); +- uint16_t key_size_bytes = 0; +- +- if (context->algorithm == kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512 || +- context->algorithm == kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512) { +- status = Se05x_API_ReadSize(&context->session->s_ctx, context->keyObject->keyId, &key_size_bytes); +- if (status != SM_OK) { +- return kStatus_SSS_Fail; +- } +- +- if ((key_size_bytes * 8) == 512) { +- return kStatus_SSS_Fail; +- } +- } +- +- status = Se05x_API_RSASign( +- &context->session->s_ctx, context->keyObject->keyId, rsaSigningAlgo, srcData, srcLen, destData, destLen); +- } break; +-#endif // SSSFTR_SE05X_RSA && SSS_HAVE_RSA +-#if SSSFTR_SE05X_ECC && SSS_HAVE_EC_ED +- case kSSS_CipherType_EC_TWISTED_ED: { +- if (context->algorithm == kAlgorithm_SSS_SHA512) { +- SE05x_EDSignatureAlgo_t ecSignAlgo = kSE05x_EDSignatureAlgo_ED25519PURE_SHA_512; +- status = Se05x_API_EdDSASign( +- &context->session->s_ctx, context->keyObject->keyId, ecSignAlgo, srcData, srcLen, destData, destLen); +- } +- +-#ifdef TMP_ENDIAN_VERBOSE_SIGN +- { +- printf("Signature before Reverse:\n"); +- for (size_t z = 0; z < *destLen; z++) { +- printf("%02X.", destData[z]); +- } +- printf("\n"); +- } +-#endif +- +- // Revert Endianness +- size_t offset = 0; +- +- for (size_t keyValueIdx = 0; keyValueIdx < (*destLen >> 2); keyValueIdx++) { +- uint8_t swapByte = destData[keyValueIdx]; +- destData[offset + keyValueIdx] = destData[offset + (*destLen >> 1) - 1 - keyValueIdx]; +- destData[offset + (*destLen >> 1) - 1 - keyValueIdx] = swapByte; +- } +- +- offset = *destLen >> 1; +- +- for (size_t keyValueIdx = 0; keyValueIdx < (*destLen >> 2); keyValueIdx++) { +- uint8_t swapByte = destData[offset + keyValueIdx]; +- destData[offset + keyValueIdx] = destData[offset + (*destLen >> 1) - 1 - keyValueIdx]; +- destData[offset + (*destLen >> 1) - 1 - keyValueIdx] = swapByte; +- } +- +-#ifdef TMP_ENDIAN_VERBOSE_SIGN +- { +- printf("Signature after Reverse:\n"); +- for (size_t z = 0; z < *destLen; z++) { +- printf("%02X.", destData[z]); +- } +- printf("\n"); +- } +-#endif +- +- } break; +-#endif // SSSFTR_SE05X_ECC && SSS_HAVE_EC_ED +- default: +- break; +- } +- +-#if (SSSFTR_SE05X_RSA && SSS_HAVE_RSA) || (SSSFTR_SE05X_ECC && SSS_HAVE_EC_ED) +- // status is set only in case of RSA or ED. +- if (status == SM_OK) { +- retval = kStatus_SSS_Success; +- } +-#endif +- +- return retval; +-} +- +-sss_status_t sss_se05x_asymmetric_verify_digest( +- sss_se05x_asymmetric_t *context, uint8_t *digest, size_t digestLen, uint8_t *signature, size_t signatureLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSSFTR_SE05X_ECC || SSSFTR_SE05X_RSA +- smStatus_t status = SM_NOT_OK; +- SE05x_Result_t result = kSE05x_Result_FAILURE; +-#endif // SSSFTR_SE05X_ECC || SSSFTR_SE05X_RSA +- +-#if SSSFTR_SE05X_ECC || SSSFTR_SE05X_RSA +- if (kStatus_SSS_Success != se05x_check_input_len(digestLen, context->algorithm)) { +- LOG_E("Algorithm and digest length do not match"); +- return kStatus_SSS_Fail; +- } +- +- switch (context->keyObject->cipherType) { +-#if SSSFTR_SE05X_ECC +- case kSSS_CipherType_EC_NIST_P: +-#if SSS_HAVE_EC_NIST_K +- case kSSS_CipherType_EC_NIST_K: +-#endif +-#if SSS_HAVE_EC_BP +- case kSSS_CipherType_EC_BRAINPOOL: +-#endif +- { +- SE05x_ECSignatureAlgo_t ecSignAlgo = se05x_get_ec_sign_hash_mode(context->algorithm); +- status = Se05x_API_ECDSAVerify(&context->session->s_ctx, +- context->keyObject->keyId, +- ecSignAlgo, +- digest, +- digestLen, +- signature, +- signatureLen, +- &result); +- } break; +-#if SSS_HAVE_TPM_BN +- case kSSS_CipherType_EC_BARRETO_NAEHRIG: { +- retval = kStatus_SSS_Fail; +- LOG_W("Verify not supported for BN Curve"); +- } break; +-#endif +-#if SSS_HAVE_SE05X_VER_GTE_06_00 && SSS_HAVE_EC_MONT +- case kSSS_CipherType_EC_MONTGOMERY: { +- LOG_W( +- "Verify operation is not supported for " +- "kSSS_CipherType_EC_MONTGOMERY curve"); +- return kStatus_SSS_Fail; +- } break; +-#endif // SSS_HAVE_SE05X_VER_GTE_06_00 && SSS_HAVE_EC_MONT +-#endif // SSSFTR_SE05X_ECC +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- case kSSS_CipherType_RSA: +- case kSSS_CipherType_RSA_CRT: { +- if ((context->algorithm <= kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512) && +- (context->algorithm >= kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1)) { +- /* clang-format off */ +- uint8_t dec_data[512] = { 0, }; /* MAX - SHA512*/ +- size_t dec_len = sizeof(dec_data); +- /* clang-format on */ +- +- status = Se05x_API_RSAEncrypt(&context->session->s_ctx, +- context->keyObject->keyId, +- kSE05x_RSAEncryptionAlgo_NO_PAD, +- signature, +- signatureLen, +- dec_data, +- &dec_len); +- +- if (0 == emsa_decode_and_compare(context, dec_data, dec_len, digest, digestLen)) { +- result = kSE05x_Result_SUCCESS; +- } +- } +- else if ((context->algorithm <= kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512) && +- (context->algorithm >= kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1)) { +- /* clang-format off */ +- uint8_t dec_data[512] = { 0, }; /* MAX - SHA512*/ +- size_t dec_len = sizeof(dec_data); +- uint8_t pkcs1v15_encode_data[512] = { 0, }; /* MAX - SHA512*/ +- size_t encode_data_len = sizeof(pkcs1v15_encode_data); +- /* clang-format on */ +- +- status = Se05x_API_RSAEncrypt(&context->session->s_ctx, +- context->keyObject->keyId, +- kSE05x_RSAEncryptionAlgo_NO_PAD, +- signature, +- signatureLen, +- dec_data, +- &dec_len); +- +- if (0 != pkcs1_v15_encode(context, digest, digestLen, pkcs1v15_encode_data, &encode_data_len)) { +- return kStatus_SSS_Fail; +- } +- +- if (memcmp(dec_data, pkcs1v15_encode_data, encode_data_len) == 0) { +- result = kSE05x_Result_SUCCESS; +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_RSASSA_PKCS1_V1_5_NO_HASH) { +- /* clang-format off */ +- uint8_t dec_data[512] = { 0, }; /* MAX - SHA512*/ +- size_t dec_len = sizeof(dec_data); +- uint8_t pkcs1v15_encode_data[512] = { 0, }; /* MAX - SHA512*/ +- size_t encode_data_len = sizeof(pkcs1v15_encode_data); +- /* clang-format on */ +- +- status = Se05x_API_RSAEncrypt(&context->session->s_ctx, +- context->keyObject->keyId, +- kSE05x_RSAEncryptionAlgo_NO_PAD, +- signature, +- signatureLen, +- dec_data, +- &dec_len); +- +- if (0 != pkcs1_v15_encode_no_hash(context, digest, digestLen, pkcs1v15_encode_data, &encode_data_len)) { +- return kStatus_SSS_Fail; +- } +- +- if (memcmp(dec_data, pkcs1v15_encode_data, encode_data_len) == 0) { +- result = kSE05x_Result_SUCCESS; +- } +- } +- else if (context->algorithm == kAlgorithm_SSS_RSASSA_NO_PADDING) { +- uint8_t dec_data[512] = { +- 0, +- }; /*MAX - RSA4096*/ +- size_t dec_len = sizeof(dec_data); +- +- status = Se05x_API_RSAEncrypt(&context->session->s_ctx, +- context->keyObject->keyId, +- kSE05x_RSAEncryptionAlgo_NO_PAD, +- signature, +- signatureLen, +- dec_data, +- &dec_len); +- +- uint8_t padded_data[512] = {0}; +- size_t padded_len = sizeof(padded_data); +- +- size_t parsedKeyByteLen = 0; +- uint16_t u16parsedKeyByteLen = 0; +- status = Se05x_API_ReadSize(&context->session->s_ctx, context->keyObject->keyId, &u16parsedKeyByteLen); +- parsedKeyByteLen = u16parsedKeyByteLen; +- if (status != SM_OK) { +- return kStatus_SSS_Fail; +- } +- +- if (digestLen <= parsedKeyByteLen && digestLen > 0) { +- memset(padded_data, 0x00, padded_len); +- memcpy(&padded_data[parsedKeyByteLen - digestLen], &digest[0], digestLen); +- padded_len = parsedKeyByteLen; +- } +- +- else { +- return kStatus_SSS_Fail; +- } +- +- if (memcmp(&dec_data[0], &padded_data[0], padded_len) == 0) { +- result = kSE05x_Result_SUCCESS; +- } +- } +- else { +- LOG_E("Selected padding is not supported for RSA Sign in SE050"); +- return kStatus_SSS_Fail; +- } +- +- } break; +-#endif // SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- default: +- break; +- } +-#endif // SSSFTR_SE05X_ECC || SSSFTR_SE05X_RSA +- +-#if SSSFTR_SE05X_ECC || SSSFTR_SE05X_RSA +- if (status == SM_OK) { +- if (result == kSE05x_Result_SUCCESS) { +- retval = kStatus_SSS_Success; +- } +- } +-#endif // SSSFTR_SE05X_ECC || SSSFTR_SE05X_RSA +- +- return retval; +-} +- +-sss_status_t sss_se05x_asymmetric_verify( +- sss_se05x_asymmetric_t *context, uint8_t *srcData, size_t srcLen, uint8_t *signature, size_t signatureLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if (SSSFTR_SE05X_RSA && SSS_HAVE_RSA) || (SSSFTR_SE05X_ECC && SSS_HAVE_EC_ED) +- smStatus_t status = SM_NOT_OK; +- SE05x_Result_t result = kSE05x_Result_FAILURE; +-#endif +- +- switch (context->keyObject->cipherType) { +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +- case kSSS_CipherType_RSA: +- case kSSS_CipherType_RSA_CRT: { +- SE05x_RSASignatureAlgo_t rsaSigningAlgo = se05x_get_rsa_sign_hash_mode(context->algorithm); +- uint16_t key_size_bytes = 0; +- +- if (context->algorithm == kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512 || +- context->algorithm == kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512) { +- status = Se05x_API_ReadSize(&context->session->s_ctx, context->keyObject->keyId, &key_size_bytes); +- if (status != SM_OK) { +- return kStatus_SSS_Fail; +- } +- +- if ((key_size_bytes * 8) == 512) { +- return kStatus_SSS_Fail; +- } +- } +- +- status = Se05x_API_RSAVerify(&context->session->s_ctx, +- context->keyObject->keyId, +- rsaSigningAlgo, +- srcData, +- srcLen, +- signature, +- signatureLen, +- &result); +- } break; +-#endif // SSSFTR_SE05X_RSA && SSS_HAVE_RSA +-#if SSSFTR_SE05X_ECC && SSS_HAVE_EC_ED +- case kSSS_CipherType_EC_TWISTED_ED: { +-#ifdef TMP_ENDIAN_VERBOSE +- { +- printf("Signatire before Reverse:\n"); +- for (size_t z = 0; z < signatureLen; z++) { +- printf("%02X.", signature[z]); +- } +- printf("\n"); +- } +-#endif +- +- // Revert Endianness +- size_t offset = 0; +- +- for (size_t keyValueIdx = 0; keyValueIdx < (signatureLen >> 2); keyValueIdx++) { +- uint8_t swapByte = signature[keyValueIdx]; +- signature[offset + keyValueIdx] = signature[offset + (signatureLen >> 1) - 1 - keyValueIdx]; +- signature[offset + (signatureLen >> 1) - 1 - keyValueIdx] = swapByte; +- } +- +- offset = signatureLen >> 1; +- +- for (size_t keyValueIdx = 0; keyValueIdx < (signatureLen >> 2); keyValueIdx++) { +- uint8_t swapByte = signature[offset + keyValueIdx]; +- signature[offset + keyValueIdx] = signature[offset + (signatureLen >> 1) - 1 - keyValueIdx]; +- signature[offset + (signatureLen >> 1) - 1 - keyValueIdx] = swapByte; +- } +- +-#ifdef TMP_ENDIAN_VERBOSE +- { +- printf("Signatire after Reverse:\n"); +- for (size_t z = 0; z < signatureLen; z++) { +- printf("%02X.", signature[z]); +- } +- printf("\n"); +- } +-#endif +- +- if (context->algorithm == kAlgorithm_SSS_SHA512) { +- SE05x_EDSignatureAlgo_t ecSignAlgo = kSE05x_EDSignatureAlgo_ED25519PURE_SHA_512; +- status = Se05x_API_EdDSAVerify(&context->session->s_ctx, +- context->keyObject->keyId, +- ecSignAlgo, +- srcData, +- srcLen, +- signature, +- signatureLen, +- &result); +- } +- } break; +-#endif // SSSFTR_SE05X_ECC && SSS_HAVE_EC_ED +- default: +- break; +- } +- +-#if ((SSSFTR_SE05X_RSA && SSS_HAVE_RSA) || (SSSFTR_SE05X_ECC && SSS_HAVE_EC_ED)) +- // status is set only in case of RSA or ED. +- if (status == SM_OK) { +- if (result == kSE05x_Result_SUCCESS) { +- retval = kStatus_SSS_Success; +- } +- } +-#endif +- +- return retval; +-} +- +-void sss_se05x_asymmetric_context_free(sss_se05x_asymmetric_t *context) +-{ +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: se05x_asym */ +- +-/* ************************************************************************** */ +-/* Functions : sss_se05x_symm */ +-/* ************************************************************************** */ +- +-sss_status_t sss_se05x_symmetric_context_init(sss_se05x_symmetric_t *context, +- sss_se05x_session_t *session, +- sss_se05x_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- context->session = session; +- context->keyObject = keyObject; +- context->algorithm = algorithm; +- context->mode = mode; +- context->cache_data_len = 0; +- return retval; +-} +- +-sss_status_t sss_se05x_cipher_one_go(sss_se05x_symmetric_t *context, +- uint8_t *iv, +- size_t ivLen, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t dataLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- SE05x_CipherMode_t cipherMode = se05x_get_cipher_mode(context->algorithm); +- SE05x_Cipher_Oper_OneShot_t OperType = +- (context->mode == kMode_SSS_Encrypt) ? kSE05x_Cipher_Oper_OneShot_Encrypt : kSE05x_Cipher_Oper_OneShot_Decrypt; +- +- status = Se05x_API_CipherOneShot(&context->session->s_ctx, +- context->keyObject->keyId, +- cipherMode, +- srcData, +- dataLen, +- iv, +- ivLen, +- destData, +- &dataLen, +- OperType); +- +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_cipher_init(sss_se05x_symmetric_t *context, uint8_t *iv, size_t ivLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- //size_t retdataLen = 0; +- SE05x_Cipher_Oper_t OperType = +- (context->mode == kMode_SSS_Encrypt) ? kSE05x_Cipher_Oper_Encrypt : kSE05x_Cipher_Oper_Decrypt; +- SE05x_CipherMode_t cipherMode = se05x_get_cipher_mode(context->algorithm); +- +-#if SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ +- SE05x_CryptoModeSubType_t subtype; +- uint8_t list[1024] = { +- 0, +- }; +- switch (context->algorithm) { +- case kAlgorithm_SSS_AES_ECB: +- subtype.cipher = kSE05x_CipherMode_AES_ECB_NOPAD; +- context->cryptoObjectId = kSE05x_CryptoObject_AES_ECB_NOPAD; +- break; +- case kAlgorithm_SSS_AES_CBC: +- subtype.cipher = kSE05x_CipherMode_AES_CBC_NOPAD; +- context->cryptoObjectId = kSE05x_CryptoObject_AES_CBC_NOPAD; +- break; +- case kAlgorithm_SSS_AES_CTR: +- subtype.cipher = kSE05x_CipherMode_AES_CTR; +- context->cryptoObjectId = kSE05x_CryptoObject_AES_CTR; +- break; +- case kAlgorithm_SSS_DES_ECB: +- subtype.cipher = kSE05x_CipherMode_DES_ECB_NOPAD; +- context->cryptoObjectId = kSE05x_CryptoObject_DES_ECB_NOPAD; +- break; +- case kAlgorithm_SSS_DES_CBC: +- subtype.cipher = kSE05x_CipherMode_DES_ECB_NOPAD; +- context->cryptoObjectId = kSE05x_CryptoObject_DES_CBC_NOPAD; +- break; +- default: +- return kStatus_SSS_Fail; +- } +- +- size_t listlen = sizeof(list); +- size_t i; +- uint8_t create_crypto_obj = 1; +- status = Se05x_API_ReadCryptoObjectList(&context->session->s_ctx, list, &listlen); +- for (i = 0; i < listlen; i += 4) { +- uint16_t cryptoObjectId = list[i + 1] | (list[i + 0] << 8); +- if (cryptoObjectId == context->cryptoObjectId) { +- create_crypto_obj = 0; +- } +- } +- +- if (create_crypto_obj) { +- status = Se05x_API_CreateCryptoObject( +- &context->session->s_ctx, context->cryptoObjectId, kSE05x_CryptoContext_CIPHER, subtype); +- if (status != SM_OK) { +- return kStatus_SSS_Fail; +- } +- } +-#endif +- +- if (cipherMode == kSE05x_CipherMode_AES_ECB_NOPAD) { +- ivLen = 0; +- } +- +- status = Se05x_API_CipherInit( +- &context->session->s_ctx, context->keyObject->keyId, context->cryptoObjectId, iv, ivLen, OperType); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_cipher_update( +- sss_se05x_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- uint8_t inputData[CIPHER_UPDATE_DATA_SIZE] = { +- 0, +- }; +- size_t inputData_len = 0; +- size_t src_offset = 0; +- size_t output_offset = 0; +- size_t outBuffSize = *destLen; +- size_t blockoutLen = 0; +- +- ENSURE_OR_GO_EXIT(srcData != NULL); +- ENSURE_OR_GO_EXIT(destData != NULL); +- ENSURE_OR_GO_EXIT(destLen != NULL); +- ENSURE_OR_GO_EXIT(srcLen > 0); +- +- /* Check overflow */ +- ENSURE_OR_GO_EXIT((context->cache_data_len + srcLen) >= context->cache_data_len); +- +- if ((context->cache_data_len + srcLen) < CIPHER_BLOCK_SIZE) { +- /* Insufficinet data to process . Cache the data */ +- memcpy((context->cache_data + context->cache_data_len), srcData, srcLen); +- context->cache_data_len = context->cache_data_len + srcLen; +- *destLen = 0; +- return kStatus_SSS_Success; +- } +- else { +- /* Concatenate the unprocessed and current input data*/ +- size_t total_data = srcLen + context->cache_data_len; +- const uint8_t *pSrcData = NULL; +- +- do { +- size_t data_to_copy = (total_data > CIPHER_UPDATE_DATA_SIZE) ? (CIPHER_UPDATE_DATA_SIZE) : (total_data); +- data_to_copy = data_to_copy - (data_to_copy % CIPHER_BLOCK_SIZE); +- inputData_len = 0; +- +- if (context->cache_data_len > 0) { +- memcpy(inputData, context->cache_data, context->cache_data_len); +- inputData_len = context->cache_data_len; +- data_to_copy = data_to_copy - context->cache_data_len; +- context->cache_data_len = 0; +- } +- +- if (inputData_len == 0) { +- //if cache data is 0, directly assign the address of srcData. This will avoid the memcpy on srcData +- pSrcData = (srcData + src_offset); +- } +- else { +- memcpy((inputData + inputData_len), (srcData + src_offset), data_to_copy); +- pSrcData = inputData; +- } +- +- inputData_len = inputData_len + data_to_copy; +- src_offset = src_offset + data_to_copy; +- total_data = total_data - inputData_len; +- +- blockoutLen = outBuffSize; +- ENSURE_OR_GO_EXIT(blockoutLen >= inputData_len); +- status = Se05x_API_CipherUpdate(&context->session->s_ctx, +- context->cryptoObjectId, +- pSrcData, +- inputData_len, +- (destData + output_offset), +- &blockoutLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- outBuffSize -= blockoutLen; +- output_offset += blockoutLen; +- *destLen = output_offset; +- +- } while (srcLen - src_offset >= CIPHER_BLOCK_SIZE); +- +- /* Copy unprocessed data to cache */ +- if ((srcLen - src_offset) > 0) { +- memcpy(context->cache_data, (srcData + src_offset), (srcLen - src_offset)); +- context->cache_data_len = (srcLen - src_offset); +- } +- } +- +- retval = kStatus_SSS_Success; +-exit: +- if (retval == kStatus_SSS_Fail) { +- *destLen = 0; +- } +- return retval; +-} +- +-sss_status_t sss_se05x_cipher_finish( +- sss_se05x_symmetric_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- uint8_t srcdata_updated[2 * CIPHER_BLOCK_SIZE] = { +- 0, +- }; +- size_t srcdata_updated_len = 0; +- +- if (srcLen > CIPHER_BLOCK_SIZE) { +- LOG_E("srcLen cannot be grater than 16 bytes. Call update function "); +- *destLen = 0; +- goto exit; +- } +- +- if (context->cache_data_len != 0) { +- memcpy(srcdata_updated, context->cache_data, context->cache_data_len); +- srcdata_updated_len = context->cache_data_len; +- context->cache_data_len = 0; +- } +- if (srcLen != 0) { +- memcpy((srcdata_updated + srcdata_updated_len), srcData, srcLen); +- srcdata_updated_len += srcLen; +- } +- +- if (context->algorithm == kAlgorithm_SSS_AES_ECB || context->algorithm == kAlgorithm_SSS_AES_CBC) { +- if (srcdata_updated_len > 0) { +- if (srcdata_updated_len % CIPHER_BLOCK_SIZE != 0) { +- srcdata_updated_len = srcdata_updated_len + (CIPHER_BLOCK_SIZE - (srcdata_updated_len % 16)); +- } +- } +- } +- +- if (*destLen < srcdata_updated_len) { +- LOG_E("Output buffer not sufficient"); +- goto exit; +- } +- +- status = Se05x_API_CipherFinal( +- &context->session->s_ctx, context->cryptoObjectId, srcdata_updated, srcdata_updated_len, destData, destLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_cipher_crypt_ctr(sss_se05x_symmetric_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *initialCounter, +- uint8_t *lastEncryptedCounter, +- size_t *szLeft) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- size_t outputDataLen = 128; +- SE05x_CipherMode_t cipherMode = se05x_get_cipher_mode(context->algorithm); +- SE05x_Cipher_Oper_OneShot_t OperType = +- (context->mode == kMode_SSS_Encrypt) ? kSE05x_Cipher_Oper_OneShot_Encrypt : kSE05x_Cipher_Oper_OneShot_Decrypt; +- +- status = Se05x_API_CipherOneShot(&context->session->s_ctx, +- context->keyObject->keyId, +- cipherMode, +- srcData, +- size, +- initialCounter, +- 16, +- destData, +- &outputDataLen, +- OperType); +- +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-void sss_se05x_symmetric_context_free(sss_se05x_symmetric_t *context) +-{ +-#if SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ +- smStatus_t status; +- uint8_t list[1024] = { +- 0, +- }; +- uint8_t object_exists = 0; +- size_t listlen = sizeof(list); +- +- if (context->cryptoObjectId != 0) { +- status = Se05x_API_ReadCryptoObjectList(&context->session->s_ctx, list, &listlen); +- for (size_t i = 0; i < listlen; i += 4) { +- uint16_t cryptoObjectId = list[i + 1] | (list[i + 0] << 8); +- if (cryptoObjectId == context->cryptoObjectId) { +- object_exists = 1; +- } +- } +- +- if (object_exists) { +- status = Se05x_API_DeleteCryptoObject(&context->session->s_ctx, context->cryptoObjectId); +- if (status != SM_OK) { +- LOG_D("Could not delete crypto object 0x04X", context->cryptoObjectId); +- return; +- } +- } +- } +-#endif +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: se05x_symm */ +- +-/* ************************************************************************** */ +-/* Functions : sss_se05x_aead */ +-/* ************************************************************************** */ +- +-sss_status_t sss_se05x_aead_context_init(sss_se05x_aead_t *context, +- sss_se05x_session_t *session, +- sss_se05x_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- context->session = session; +- context->keyObject = keyObject; +- if ((algorithm == kAlgorithm_SSS_AES_CCM) || (algorithm == kAlgorithm_SSS_AES_GCM) || +- (algorithm == kAlgorithm_SSS_AES_GCM_INT_IV)) { +- context->algorithm = algorithm; +- } +- else { +- LOG_E("Improper Algorithm provided!!!"); +- goto exit; +- } +- context->mode = mode; +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_aead_one_go(sss_se05x_aead_t *context, +- const uint8_t *srcData, +- uint8_t *destData, +- size_t size, +- uint8_t *nonce, +- size_t nonceLen, +- const uint8_t *aad, +- size_t aadLen, +- uint8_t *tag, +- size_t *tagLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- smStatus_t status = SM_NOT_OK; +- size_t destDataLen = size; +- SE05x_CipherMode_t cipherMode = +- (context->algorithm == kAlgorithm_SSS_AES_GCM) ? kSE05x_CipherMode_AES_GCM : kSE05x_CipherMode_AES_GCM_INT_IV; +- SE05x_Cipher_Oper_OneShot_t OperType = +- (context->mode == kMode_SSS_Encrypt) ? kSE05x_Cipher_Oper_OneShot_Encrypt : kSE05x_Cipher_Oper_OneShot_Decrypt; +- +- status = Se05x_API_AeadOneShot(&context->session->s_ctx, +- context->keyObject->keyId, +- cipherMode, +- srcData, +- size, +- aad, +- aadLen, +- nonce, +- nonceLen, +- tag, +- tagLen, +- destData, +- &destDataLen, +- OperType); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +-#endif /* SSS_HAVE_SE05X_VER_GTE_06_00 */ +- return retval; +-} +- +-sss_status_t sss_se05x_aead_init( +- sss_se05x_aead_t *context, uint8_t *nonce, size_t nonceLen, size_t tagLen, size_t aadLen, size_t payloadLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- smStatus_t status = SM_NOT_OK; +- context->cache_data_len = 0; +- SE05x_CipherMode_t cipherMode = kSE05x_CipherMode_NA; +- SE05x_Cipher_Oper_t OperType = +- (context->mode == kMode_SSS_Encrypt) ? kSE05x_Cipher_Oper_Encrypt : kSE05x_Cipher_Oper_Decrypt; +-#if SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ +- SE05x_CryptoModeSubType_t subtype; +- uint8_t list[1024] = { +- 0, +- }; +- size_t listlen = sizeof(list); +- size_t i; +- uint8_t create_crypto_obj = 1; +- +- if (context->algorithm == kAlgorithm_SSS_AES_GCM) { +- context->cryptoObjectId = kSE05x_CryptoObject_AES_GCM; +- subtype.aead = kSE05x_AeadGCMAlgo; +- } +- else if (context->algorithm == kAlgorithm_SSS_AES_GCM_INT_IV) { +- context->cryptoObjectId = kSE05x_CryptoObject_AES_GCM_INT_IV; +- subtype.aead = kSE05x_AeadGCM_IVAlgo; +- } +- else if (context->algorithm == kAlgorithm_SSS_AES_CCM) { +- context->cryptoObjectId = kSE05x_CryptoObject_AES_CCM; +- subtype.aead = kSE05x_AeadCCMAlgo; +- } +- else { +- goto exit; +- } +- status = Se05x_API_ReadCryptoObjectList(&context->session->s_ctx, list, &listlen); +- for (i = 0; i < listlen; i += 4) { +- uint16_t cryptoObjectId = list[i + 1] | (list[i + 0] << 8); +- if (cryptoObjectId == context->cryptoObjectId) { +- create_crypto_obj = 0; +- } +- } +- +- if (create_crypto_obj) { +- status = Se05x_API_CreateCryptoObject( +- &context->session->s_ctx, context->cryptoObjectId, kSE05x_CryptoContext_AEAD, subtype); +- if (status != SM_OK) { +- return kStatus_SSS_Fail; +- } +- } +- +- if (status != SM_OK) { +- LOG_W("CreateCryptoObject Failed"); +- return kStatus_SSS_Fail; +- } +-#endif +- memset(context->cache_data, 0x00, sizeof(context->cache_data)); +- if ((context->algorithm == (kAlgorithm_SSS_AES_GCM)) || (context->algorithm == (kAlgorithm_SSS_AES_GCM_INT_IV))) { +- cipherMode = (context->algorithm == kAlgorithm_SSS_AES_GCM) ? kSE05x_CipherMode_AES_GCM : +- kSE05x_CipherMode_AES_GCM_INT_IV; +- status = Se05x_API_AeadInit(&context->session->s_ctx, +- context->keyObject->keyId, +- cipherMode, +- context->cryptoObjectId, +- nonce, +- nonceLen, +- OperType); +- } +- else { +- status = Se05x_API_AeadCCMInit(&context->session->s_ctx, +- context->keyObject->keyId, +- context->cryptoObjectId, +- nonce, +- nonceLen, +- aadLen, +- payloadLen, +- tagLen, +- OperType); +- } +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +-#endif /* SSS_HAVE_SE05X_VER_GTE_06_00 */ +- return retval; +-} +- +-sss_status_t sss_se05x_aead_update_aad(sss_se05x_aead_t *context, const uint8_t *aadData, size_t aadDataLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- smStatus_t status = SM_NOT_OK; +- size_t src_offset = 0; +- if (aadDataLen > AEAD_BLOCK_SIZE) { +- while ((aadDataLen - src_offset) >= AEAD_BLOCK_SIZE) { +- /*For the subsequent blocks which are of block size 16*/ +- status = Se05x_API_AeadUpdate_aad( +- &context->session->s_ctx, context->cryptoObjectId, (aadData + src_offset), AEAD_BLOCK_SIZE); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- src_offset += AEAD_BLOCK_SIZE; +- } +- if ((aadDataLen - src_offset) > 0) { +- /*For the subsequent blocks which are yet to process*/ +- status = Se05x_API_AeadUpdate_aad( +- &context->session->s_ctx, context->cryptoObjectId, (aadData + src_offset), (aadDataLen - src_offset)); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- } +- } +- else { +- status = Se05x_API_AeadUpdate_aad(&context->session->s_ctx, context->cryptoObjectId, aadData, aadDataLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- } +- retval = kStatus_SSS_Success; +-exit: +-#endif /* SSS_HAVE_SE05X_VER_GTE_06_00 */ +- return retval; +-} +- +-sss_status_t sss_se05x_aead_update( +- sss_se05x_aead_t *context, const uint8_t *srcData, size_t srcLen, uint8_t *destData, size_t *destLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- smStatus_t status = SM_NOT_OK; +- uint8_t inputData[AEAD_BLOCK_SIZE] = { +- 0, +- }; +- size_t inputData_len = 0; +- size_t src_offset = 0; +- size_t output_offset = 0; +- size_t outBuffSize = *destLen; +- size_t blockoutLen = 0; +- +- if ((context->cache_data_len + srcLen) < AEAD_BLOCK_SIZE) { +- /* Insufficinet data to process . Cache the data */ +- memcpy((context->cache_data + context->cache_data_len), srcData, srcLen); +- context->cache_data_len = context->cache_data_len + srcLen; +- *destLen = 0; +- return kStatus_SSS_Success; +- } +- else { +- /* Concatenate the unprocessed and current input data*/ +- memcpy(inputData, context->cache_data, context->cache_data_len); +- inputData_len = context->cache_data_len; +- memcpy((inputData + inputData_len), srcData, (AEAD_BLOCK_SIZE - context->cache_data_len)); +- inputData_len += (AEAD_BLOCK_SIZE - context->cache_data_len); +- src_offset += (AEAD_BLOCK_SIZE - context->cache_data_len); +- +- blockoutLen = outBuffSize; +- status = Se05x_API_AeadUpdate(&context->session->s_ctx, +- context->cryptoObjectId, +- inputData, +- inputData_len, +- (destData + output_offset), +- &blockoutLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- outBuffSize -= blockoutLen; +- output_offset += blockoutLen; +- while ((srcLen - src_offset) >= AEAD_BLOCK_SIZE) { +- /*For the subsequent blocks which are of block size 16*/ +- memcpy(inputData, (srcData + src_offset), AEAD_BLOCK_SIZE); +- src_offset += AEAD_BLOCK_SIZE; +- blockoutLen = outBuffSize; +- +- status = Se05x_API_AeadUpdate(&context->session->s_ctx, +- context->cryptoObjectId, +- inputData, +- inputData_len, +- (destData + output_offset), +- &blockoutLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- outBuffSize -= blockoutLen; +- output_offset += blockoutLen; +- } +- *destLen = output_offset; +- /* Copy unprocessed data to cache */ +- memcpy(context->cache_data, (srcData + src_offset), (srcLen - src_offset)); +- context->cache_data_len = (srcLen - src_offset); +- } +- retval = kStatus_SSS_Success; +-exit: +- if (retval == kStatus_SSS_Fail) { +- *destLen = 0; +- } +-#endif /*SSS_HAVE_SE05X_VER_GTE_06_00*/ +- return retval; +-} +- +-sss_status_t sss_se05x_aead_finish(sss_se05x_aead_t *context, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen, +- uint8_t *tag, +- size_t *tagLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- smStatus_t status = SM_NOT_OK; +- +- SE05x_Cipher_Oper_t OperType = +- (context->mode == kMode_SSS_Encrypt) ? kSE05x_Cipher_Oper_Encrypt : kSE05x_Cipher_Oper_Decrypt; +- uint8_t srcdata_updated[2 * CIPHER_BLOCK_SIZE] = { +- 0, +- }; +- size_t srcdata_updated_len = 0; +- +- if (srcLen > CIPHER_BLOCK_SIZE) { +- LOG_E("srcLen cannot be grater than 16 bytes. Call update function "); +- *destLen = 0; +- goto exit; +- } +- +- if (context->algorithm == kAlgorithm_SSS_AES_CCM) { +- retval = sss_se05x_aead_CCMfinish(context, srcData, srcLen, destData, destLen, tag, tagLen); +- } +- else { +- if (context->cache_data_len != 0) { +- memcpy(srcdata_updated, context->cache_data, context->cache_data_len); +- srcdata_updated_len = context->cache_data_len; +- } +- if (srcLen != 0) { +- memcpy((srcdata_updated + srcdata_updated_len), srcData, srcLen); +- srcdata_updated_len += srcLen; +- } +- if (srcdata_updated_len > 0) { +- status = Se05x_API_AeadUpdate(&context->session->s_ctx, +- context->cryptoObjectId, +- srcdata_updated, +- srcdata_updated_len, +- destData, +- destLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- } +- else { +- /* This condition will occur if all data including cache is alread processed */ +- LOG_D("No Data in cache, All data are already processed"); +- *destLen = 0; +- } +- status = Se05x_API_AeadFinal(&context->session->s_ctx, context->cryptoObjectId, tag, tagLen, OperType); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- retval = kStatus_SSS_Success; +- } +-exit: +-#endif /* SSS_HAVE_SE05X_VER_GTE_06_00 */ +- return retval; +-} +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-static sss_status_t sss_se05x_aead_CCMfinish(sss_se05x_aead_t *context, +- const uint8_t *srcData, +- size_t srcLen, +- uint8_t *destData, +- size_t *destLen, +- uint8_t *tag, +- size_t *tagLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- uint8_t dataprocessed = 1; +- SE05x_Cipher_Oper_t OperType = +- (context->mode == kMode_SSS_Encrypt) ? kSE05x_Cipher_Oper_Encrypt : kSE05x_Cipher_Oper_Decrypt; +- uint8_t srcdata_updated[2 * CIPHER_BLOCK_SIZE] = { +- 0, +- }; +- size_t srcdata_updated_len = 0; +- size_t outLen = 0; +- size_t tempoutLen = 0; +- size_t destBufLen = *destLen; +- +- if (context->cache_data_len != 0) { +- memcpy(srcdata_updated, context->cache_data, context->cache_data_len); +- srcdata_updated_len = context->cache_data_len; +- } +- if (srcLen != 0) { +- memcpy((srcdata_updated + srcdata_updated_len), srcData, srcLen); +- srcdata_updated_len += srcLen; +- } +- if (srcdata_updated_len > 0) { +- if (srcdata_updated_len < CIPHER_BLOCK_SIZE) { +- status = Se05x_API_AeadCCMLastUpdate( +- &context->session->s_ctx, context->cryptoObjectId, srcdata_updated, srcdata_updated_len); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- dataprocessed = 0; +- } +- else if (srcdata_updated_len >= CIPHER_BLOCK_SIZE) { +- tempoutLen = destBufLen - outLen; +- status = Se05x_API_AeadUpdate(&context->session->s_ctx, +- context->cryptoObjectId, +- srcdata_updated, +- CIPHER_BLOCK_SIZE, +- destData, +- &tempoutLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- srcdata_updated_len = srcdata_updated_len - CIPHER_BLOCK_SIZE; +- outLen = outLen + tempoutLen; +- +- /* Put the remaining data in CCMLastUpdate if present (will always be less than CIPHER_BLOCK_SIZE) */ +- if (srcdata_updated_len) { +- status = Se05x_API_AeadCCMLastUpdate(&context->session->s_ctx, +- context->cryptoObjectId, +- srcdata_updated + CIPHER_BLOCK_SIZE, +- srcdata_updated_len); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- dataprocessed = 0; +- } +- } +- } +- else { +- /* This condition will occur if all data including +- cache is already processed just send final*/ +- dataprocessed = 1; +- } +- +- if (dataprocessed == 0) { +- /*All data is updated, lastupdate datalen < 16 o/p +- is expected here */ +- tempoutLen = destBufLen - outLen; +- status = Se05x_API_AeadCCMFinal( +- &context->session->s_ctx, context->cryptoObjectId, (destData + outLen), &tempoutLen, tag, tagLen, OperType); +- outLen = outLen + tempoutLen; +- } +- else { +- /*All data is processed no destination data*/ +- status = Se05x_API_AeadFinal(&context->session->s_ctx, context->cryptoObjectId, tag, tagLen, OperType); +- } +- ENSURE_OR_GO_EXIT(status == SM_OK); +- retval = kStatus_SSS_Success; +- *destLen = outLen; +-exit: +- return retval; +-} +-#endif /* SSS_HAVE_SE05X_VER_GTE_06_00 */ +- +-void sss_se05x_aead_context_free(sss_se05x_aead_t *context) +-{ +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +-#if SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ +- smStatus_t status; +- uint8_t list[1024] = { +- 0, +- }; +- uint8_t object_exists = 0; +- size_t listlen = sizeof(list); +- +- if (context->cryptoObjectId != 0) { +- status = Se05x_API_ReadCryptoObjectList(&context->session->s_ctx, list, &listlen); +- for (size_t i = 0; i < listlen; i += 4) { +- uint16_t cryptoObjectId = list[i + 1] | (list[i + 0] << 8); +- if (cryptoObjectId == context->cryptoObjectId) { +- object_exists = 1; +- } +- } +- if (object_exists) { +- status = Se05x_API_DeleteCryptoObject(&context->session->s_ctx, context->cryptoObjectId); +- if (status != SM_OK) { +- LOG_D("Could not delete crypto object 0x04X", context->cryptoObjectId); +- return; +- } +- } +- } +-#endif /* SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ */ +- memset(context, 0, sizeof(*context)); +-#endif /* SSS_HAVE_SE05X_VER_GTE_06_00 */ +-} +- +-/* End: se05x_aead */ +- +-/* ************************************************************************** */ +-/* Functions : sss_se05x_mac */ +-/* ************************************************************************** */ +- +-sss_status_t sss_se05x_mac_context_init(sss_se05x_mac_t *context, +- sss_se05x_session_t *session, +- sss_se05x_object_t *keyObject, +- sss_algorithm_t algorithm, +- sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- context->session = session; +- context->keyObject = keyObject; +- context->algorithm = algorithm; +- context->mode = mode; +- return retval; +-} +- +-sss_status_t sss_se05x_mac_one_go( +- sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t *macLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- +- smStatus_t status = SM_NOT_OK; +- +- SE05x_MACAlgo_t macOperation = se05x_get_mac_algo(context->algorithm); +- +- ENSURE_OR_GO_EXIT(macOperation != kSE05x_MACAlgo_NA); +- +- status = Se05x_API_MACOneShot_G( +- &context->session->s_ctx, context->keyObject->keyId, macOperation, message, messageLen, mac, macLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_mac_validate_one_go( +- sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen, uint8_t *mac, size_t macLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- SE05x_MACAlgo_t macOperation; +- SE05x_Result_t result = kSE05x_Result_FAILURE; +- size_t result_size = sizeof(result); +- +- if (context == NULL) { +- goto exit; +- } +- +- macOperation = se05x_get_mac_algo(context->algorithm); +- +- ENSURE_OR_GO_EXIT(macOperation != kSE05x_MACAlgo_NA); +- +- status = Se05x_API_MACOneShot_V(&context->session->s_ctx, +- context->keyObject->keyId, +- macOperation, +- message, +- messageLen, +- mac, +- macLen, +- (uint8_t *)&result, +- &result_size); +- +- if (status == SM_OK) { +- if (result == kSE05x_Result_SUCCESS) { +- retval = kStatus_SSS_Success; +- } +- } +- +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_mac_init(sss_se05x_mac_t *context) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +-#if SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ +- SE05x_CryptoModeSubType_t subtype; +- +- uint8_t list[1024] = { +- 0, +- }; +- size_t listlen = sizeof(list); +- size_t i; +- uint8_t create_crypto_obj = 1; +- +- SE05x_CryptoContext_t cryptoContext; +- +- switch (context->algorithm) { +- case kAlgorithm_SSS_CMAC_AES: +- subtype.mac = kSE05x_MACAlgo_CMAC_128; +- cryptoContext = kSE05x_CryptoContext_SIGNATURE; +- context->cryptoObjectId = kSE05x_CryptoObject_CMAC_128; +- break; +-#if SSS_HAVE_HASH_1 +- case kAlgorithm_SSS_HMAC_SHA1: +- subtype.mac = kSE05x_MACAlgo_HMAC_SHA1; +- cryptoContext = kSE05x_CryptoContext_SIGNATURE; +- context->cryptoObjectId = kSE05x_CryptoObject_HMAC_SHA1; +- break; +-#endif +- case kAlgorithm_SSS_HMAC_SHA256: +- subtype.mac = kSE05x_MACAlgo_HMAC_SHA256; +- cryptoContext = kSE05x_CryptoContext_SIGNATURE; +- context->cryptoObjectId = kSE05x_CryptoObject_HMAC_SHA256; +- break; +- case kAlgorithm_SSS_HMAC_SHA384: +- subtype.mac = kSE05x_MACAlgo_HMAC_SHA384; +- cryptoContext = kSE05x_CryptoContext_SIGNATURE; +- context->cryptoObjectId = kSE05x_CryptoObject_HMAC_SHA384; +- break; +-#if SSS_HAVE_HASH_512 +- case kAlgorithm_SSS_HMAC_SHA512: +- subtype.mac = kSE05x_MACAlgo_HMAC_SHA512; +- cryptoContext = kSE05x_CryptoContext_SIGNATURE; +- context->cryptoObjectId = kSE05x_CryptoObject_HMAC_SHA512; +- break; +-#endif +- default: +- return kStatus_SSS_Fail; +- } +- +- status = Se05x_API_ReadCryptoObjectList(&context->session->s_ctx, list, &listlen); +- for (i = 0; i < listlen; i += 4) { +- uint16_t cryptoObjectId = list[i + 1] | (list[i + 0] << 8); +- if (cryptoObjectId == context->cryptoObjectId) { +- create_crypto_obj = 0; +- } +- } +- +- if (create_crypto_obj) { +- status = +- Se05x_API_CreateCryptoObject(&context->session->s_ctx, context->cryptoObjectId, cryptoContext, subtype); +- if (status != SM_OK) { +- LOG_W("CreateCryptoObject Failed"); +- return kStatus_SSS_Fail; +- } +- } +-#endif +- SE05x_Mac_Oper_t operType = kSE05x_Mac_Oper_Generate; +- +- status = Se05x_API_MACInit(&context->session->s_ctx, context->keyObject->keyId, context->cryptoObjectId, operType); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_mac_update(sss_se05x_mac_t *context, const uint8_t *message, size_t messageLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- +- //SE05x_MACAlgo_t macOperation = se05x_get_mac_algo(context->algorithm); +- +- status = Se05x_API_MACUpdate(&context->session->s_ctx, message, messageLen, context->cryptoObjectId); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_mac_finish(sss_se05x_mac_t *context, uint8_t *mac, size_t *macLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- +- //SE05x_MACAlgo_t macOperation = se05x_get_mac_algo(context->algorithm); +- +- status = Se05x_API_MACFinal(&context->session->s_ctx, NULL, 0, context->cryptoObjectId, NULL, 0, mac, macLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-void sss_se05x_mac_context_free(sss_se05x_mac_t *context) +-{ +- if (context->cryptoObjectId != 0) { +- smStatus_t status = Se05x_API_DeleteCryptoObject(&context->session->s_ctx, context->cryptoObjectId); +- if (status != SM_OK) { +- LOG_D("Could not delete crypto object 0x04X", context->cryptoObjectId); +- return; +- } +- } +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: se05x_mac */ +- +-/* ************************************************************************** */ +-/* Functions : sss_se05x_md */ +-/* ************************************************************************** */ +- +-sss_status_t sss_se05x_digest_context_init( +- sss_se05x_digest_t *context, sss_se05x_session_t *session, sss_algorithm_t algorithm, sss_mode_t mode) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- context->session = session; +- context->algorithm = algorithm; +- context->mode = mode; +- return retval; +-} +- +-sss_status_t sss_se05x_digest_one_go( +- sss_se05x_digest_t *context, const uint8_t *message, size_t messageLen, uint8_t *digest, size_t *digestLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- uint8_t sha_type = se05x_get_sha_algo(context->algorithm); +- +- ENSURE_OR_GO_EXIT(sha_type != kSE05x_DigestMode_NA); +- +- status = Se05x_API_SHAOneShot(&context->session->s_ctx, sha_type, message, messageLen, digest, digestLen); +- if (status != SM_OK) { +- *digestLen = 0; +- goto exit; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_digest_init(sss_se05x_digest_t *context) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +-#if SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ +- SE05x_CryptoModeSubType_t subtype; +- uint8_t list[1024] = { +- 0, +- }; +- size_t listlen = sizeof(list); +- size_t i; +- uint8_t create_crypto_obj = 1; +- +- switch (context->algorithm) { +-#if SSS_HAVE_HASH_1 +- case kAlgorithm_SSS_SHA1: +- subtype.digest = kSE05x_DigestMode_SHA; +- context->cryptoObjectId = kSE05x_CryptoObject_DIGEST_SHA; +- break; +-#endif +-#if SSS_HAVE_HASH_224 +- case kAlgorithm_SSS_SHA224: +- subtype.digest = kSE05x_DigestMode_SHA224; +- context->cryptoObjectId = kSE05x_CryptoObject_DIGEST_SHA224; +- break; +-#endif +- case kAlgorithm_SSS_SHA256: +- subtype.digest = kSE05x_DigestMode_SHA256; +- context->cryptoObjectId = kSE05x_CryptoObject_DIGEST_SHA256; +- break; +- case kAlgorithm_SSS_SHA384: +- subtype.digest = kSE05x_DigestMode_SHA384; +- context->cryptoObjectId = kSE05x_CryptoObject_DIGEST_SHA384; +- break; +-#if SSS_HAVE_HASH_512 +- case kAlgorithm_SSS_SHA512: +- subtype.digest = kSE05x_DigestMode_SHA512; +- context->cryptoObjectId = kSE05x_CryptoObject_DIGEST_SHA512; +- break; +-#endif +- default: +- return kStatus_SSS_Fail; +- } +- +- status = Se05x_API_ReadCryptoObjectList(&context->session->s_ctx, list, &listlen); +- for (i = 0; i < listlen; i += 4) { +- uint16_t cryptoObjectId = list[i + 1] | (list[i + 0] << 8); +- if (cryptoObjectId == context->cryptoObjectId) { +- create_crypto_obj = 0; +- } +- } +- +- if (create_crypto_obj) { +- status = Se05x_API_CreateCryptoObject( +- &context->session->s_ctx, context->cryptoObjectId, kSE05x_CryptoContext_DIGEST, subtype); +- if (status != SM_OK) { +- return kStatus_SSS_Fail; +- } +- } +-#endif +- +- status = Se05x_API_DigestInit(&context->session->s_ctx, context->cryptoObjectId); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_digest_update(sss_se05x_digest_t *context, const uint8_t *message, size_t messageLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- +- status = Se05x_API_DigestUpdate(&context->session->s_ctx, context->cryptoObjectId, message, messageLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_digest_finish(sss_se05x_digest_t *context, uint8_t *digest, size_t *digestLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- +- status = Se05x_API_DigestFinal(&context->session->s_ctx, context->cryptoObjectId, NULL, 0, digest, digestLen); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-void sss_se05x_digest_context_free(sss_se05x_digest_t *context) +-{ +- if (context->cryptoObjectId != 0) { +- smStatus_t status = Se05x_API_DeleteCryptoObject(&context->session->s_ctx, context->cryptoObjectId); +- if (status != SM_OK) { +- LOG_D("Could not delete crypto object 0x04X", context->cryptoObjectId); +- return; +- } +- } +- memset(context, 0, sizeof(*context)); +-} +- +-/* End: se05x_md */ +- +-/* ************************************************************************** */ +-/* Functions : sss_se05x_rng */ +-/* ************************************************************************** */ +- +-sss_status_t sss_se05x_rng_context_init(sss_se05x_rng_context_t *context, sss_se05x_session_t *session) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- context->session = session; +- return retval; +-} +- +-sss_status_t sss_se05x_rng_get_random(sss_se05x_rng_context_t *context, uint8_t *random_data, size_t dataLen) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- size_t chunk = 0; +- size_t offset = 0; +- +- while (dataLen > 0) { +- /* TODO - Replace 512 with max rsp buffer size based on with/without SCP */ +- if (dataLen > 512) { +- chunk = 512; +- } +- else { +- chunk = dataLen; +- } +- +- status = Se05x_API_GetRandom(&context->session->s_ctx, (uint16_t)chunk, (random_data + offset), &chunk); +- ENSURE_OR_GO_EXIT(status == SM_OK); +- +- offset += chunk; +- dataLen -= chunk; +- } +- +- retval = kStatus_SSS_Success; +-exit: +- return retval; +-} +- +-sss_status_t sss_se05x_rng_context_free(sss_se05x_rng_context_t *context) +-{ +- sss_status_t retval = kStatus_SSS_Success; +- memset(context, 0, sizeof(*context)); +- return retval; +-} +-/* End: se05x_rng */ +- +-sss_status_t sss_se05x_tunnel_context_init(sss_se05x_tunnel_context_t *context, sss_se05x_session_t *session) +-{ +- context->se05x_session = session; +- sss_status_t retval = kStatus_SSS_Success; +-#if USE_RTOS +- context->channelLock = xSemaphoreCreateMutex(); +- if (context->channelLock == NULL) { +- LOG_E("xSemaphoreCreateMutex failed"); +- return kStatus_SSS_Fail; +- } +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +- if (pthread_mutex_init(&context->channelLock, NULL) != 0) { +- LOG_E("\n mutex init has failed"); +- return kStatus_SSS_Fail; +- } +- else { +- LOG_D("Mutex Init successfull"); +- } +-#elif __MBED__ +- osSemaphoreAttr_t attr; +- attr.name = NULL; +- attr.attr_bits = 0; +- attr.cb_mem = &channelLock_mem; +- attr.cb_size = sizeof channelLock_mem; +- context->channelLock = osSemaphoreNew(1, 0, &attr); +- if (context->channelLock == NULL) { +- LOG_E("xSemaphoreCreateMutex failed"); +- return kStatus_SSS_Fail; +- } +-#endif +- return retval; +-} +- +-sss_status_t sss_se05x_tunnel(sss_se05x_tunnel_context_t *context, +- uint8_t *data, +- size_t dataLen, +- sss_se05x_object_t *keyObjects, +- uint32_t keyObjectCount, +- uint32_t tunnelType) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- return retval; +-} +- +-void sss_se05x_tunnel_context_free(sss_se05x_tunnel_context_t *context) +-{ +-#if USE_RTOS +- vSemaphoreDelete(context->channelLock); +-#elif (__GNUC__ && !AX_EMBEDDED && !__MBED__) +- pthread_mutex_destroy(&context->channelLock); +-#elif __MBED__ +- osSemaphoreRelease(context->channelLock); +-#endif +- memset(context, 0, sizeof(*context)); +-} +- +-static smStatus_t sss_se05x_TXn(struct Se05xSession *pSession, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rsp, +- size_t *rspLen, +- uint8_t hasle) +-{ +- smStatus_t ret = SM_NOT_OK; +- tlvHeader_t outHdr = { +- 0, +- }; +- uint8_t txBuf[SE05X_MAX_BUF_SIZE_CMD] = { +- 0, +- }; +- size_t txBufLen = sizeof(txBuf); +- +- ret = pSession->fp_Transform(pSession, hdr, cmdBuf, cmdBufLen, &outHdr, txBuf, &txBufLen, hasle); +- ENSURE_OR_GO_EXIT(ret == SM_OK); +- ret = pSession->fp_RawTXn( +- pSession->conn_ctx, pSession->pChannelCtx, pSession->authType, &outHdr, txBuf, txBufLen, rsp, rspLen, hasle); +- +- ret = pSession->fp_DeCrypt(pSession, cmdBufLen, rsp, rspLen, hasle); +- +- ENSURE_OR_GO_EXIT(ret == SM_OK); +-exit: +- return ret; +-} +- +-static smStatus_t sss_se05x_channel_txnRaw(void *conn_ctx, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rsp, +- size_t *rspLen, +- uint8_t hasle) +-{ +- uint8_t txBuf[SE05X_MAX_BUF_SIZE_CMD] = {0}; +- size_t i = 0; +- memcpy(&txBuf[i], hdr, sizeof(*hdr)); +- smStatus_t ret = SM_NOT_OK; +- i += sizeof(*hdr); +- if (cmdBufLen > 0) { +- // The Lc field must be extended in case the length does not fit +- // into a single byte (Note, while the standard would allow to +- // encode 0x100 as 0x00 in the Lc field, nobody who is sane in his mind +- // would actually do that). +- if ((cmdBufLen < 0xFF) && !hasle) { +- txBuf[i++] = (uint8_t)cmdBufLen; +- } +- else { +- txBuf[i++] = 0x00; +- txBuf[i++] = 0xFFu & (cmdBufLen >> 8); +- txBuf[i++] = 0xFFu & (cmdBufLen); +- } +- memcpy(&txBuf[i], cmdBuf, cmdBufLen); +- i += cmdBufLen; +- } +- else { +- if (cmdBufLen == 0) { +- txBuf[i++] = 0x00; +- } +- } +- +- if (hasle) { +- txBuf[i++] = 0x00; +- txBuf[i++] = 0x00; +- } +- +- uint32_t U32rspLen = (uint32_t)*rspLen; +- ret = (smStatus_t)smCom_TransceiveRaw(conn_ctx, txBuf, (U16)i, rsp, &U32rspLen); +- *rspLen = U32rspLen; +- return ret; +-} +- +-static smStatus_t sss_se05x_channel_txn(void *conn_ctx, +- struct _sss_se05x_tunnel_context *pChannelCtx, +- SE_AuthType_t currAuth, +- const tlvHeader_t *hdr, +- uint8_t *cmdBuf, +- size_t cmdBufLen, +- uint8_t *rsp, +- size_t *rspLen, +- uint8_t hasle) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- +- if ((pChannelCtx != NULL)) { +-#if SSSFTR_SE05X_AuthECKey || SSSFTR_SE05X_AuthSession +- struct Se05xSession *se05xCtx = (struct Se05xSession *)&pChannelCtx->se05x_session->s_ctx; +- if (se05xCtx->authType == kSSS_AuthType_SCP03) { +-#if USE_LOCK +- LOCK_TXN(pChannelCtx->channelLock); +-#endif +- retStatus = se05xCtx->fp_TXn(se05xCtx, hdr, cmdBuf, cmdBufLen, rsp, rspLen, hasle); +- +-#if USE_LOCK +- UNLOCK_TXN(pChannelCtx->channelLock); +-#endif +- ENSURE_OR_GO_EXIT(retStatus == SM_OK); +- } +- else if (se05xCtx->authType == kSSS_AuthType_None) { +-#if USE_LOCK +- LOCK_TXN(pChannelCtx->channelLock); +-#endif +- retStatus = se05xCtx->fp_TXn(se05xCtx, hdr, cmdBuf, cmdBufLen, rsp, rspLen, hasle); +- +-#if USE_LOCK +- UNLOCK_TXN(pChannelCtx->channelLock); +-#endif +- ENSURE_OR_GO_EXIT(retStatus == SM_OK); +- } +- else { +- LOG_E("Invalid auth type"); +- goto exit; +- } +-#endif +- } +- else { +- if (currAuth == kSSS_AuthType_SCP03) { +- uint32_t u32rspLen = (uint32_t)*rspLen; +- retStatus = (smStatus_t)smCom_TransceiveRaw(conn_ctx, cmdBuf, (uint16_t)cmdBufLen, rsp, &u32rspLen); +- ENSURE_OR_GO_EXIT(retStatus == SM_OK); +- *rspLen = u32rspLen; +- } +- else { +- retStatus = sss_se05x_channel_txnRaw(conn_ctx, hdr, cmdBuf, cmdBufLen, rsp, rspLen, hasle); +- ENSURE_OR_GO_EXIT(retStatus == SM_OK); +- } +- } +- +-exit: +- return retStatus; +-} +- +-/* End: se05x_tunnel */ +- +-#if SSSFTR_SE05X_ECC && SSSFTR_SE05X_KEY_SET +-sss_status_t sss_se05x_key_store_create_curve(Se05xSession_t *pSession, uint32_t curve_id) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- +- status = sss_se05x_create_curve_if_needed(pSession, curve_id); +- +- if (SM_OK == status) +- retval = kStatus_SSS_Success; +- +- return retval; +-} +-#endif +- +-sss_status_t sss_se05x_set_feature( +- sss_se05x_session_t *session, SE05x_Applet_Feature_t feature, SE05x_Applet_Feature_Disable_t disable_features) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- smStatus_t status = SM_NOT_OK; +- Se05x_AppletFeatures_t applet_features = { kSE05x_AppletConfig_NA,NULL }; +- applet_features.extended_features = NULL; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- SE05x_ExtendedFeatures_t extended = {0}; +-#endif +- +- if (session == NULL) +- goto exit; +- +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- +- /** Disable feature ECDH B2b8 */ +- if (disable_features.EXTCFG_FORBID_ECDH == 1) +- extended.features[1] |= 0x80; // 8th bit +- /** Disable feature ECDAA B2b7 */ +- if (disable_features.EXTCFG_FORBID_ECDAA == 1) +- extended.features[1] |= 0x40; // 7th bit +- /** Disable feature RSA_LT_2K B6b8 */ +- if (disable_features.EXTCFG_FORBID_RSA_LT_2K == 1) +- extended.features[5] |= 0x80; // 8th bit +- /** Disable feature RSA_SHA1 B6b7 */ +- if (disable_features.EXTCFG_FORBID_RSA_SHA1 == 1) +- extended.features[5] |= 0x40; // 7th bit +- /** Disable feature AES_GCM B8b8 */ +- if (disable_features.EXTCFG_FORBID_AES_GCM == 1) +- extended.features[7] |= 0x80; // 8th bit +- /** Disable feature AES_GCM_EXT_IV B8b7 */ +- if (disable_features.EXTCFG_FORBID_AES_GCM_EXT_IV == 1) +- extended.features[7] |= 0x40; // 7th bit +- /** Disable feature HKDF_EXTRACT B10b7 */ +- if (disable_features.EXTCFG_FORBID_HKDF_EXTRACT == 1) +- extended.features[9] |= 0x40; // 7th bit +- +- applet_features.extended_features = &extended; +-#endif +- +- if (feature.AppletConfig_ECDAA == 1) +- applet_features.variant |= kSE05x_AppletConfig_ECDAA; +- else if (feature.AppletConfig_ECDSA_ECDH_ECDHE == 1) +- applet_features.variant |= kSE05x_AppletConfig_ECDSA_ECDH_ECDHE; +- else if (feature.AppletConfig_EDDSA == 1) +- applet_features.variant |= kSE05x_AppletConfig_EDDSA; +- else if (feature.AppletConfig_DH_MONT == 1) +- applet_features.variant |= kSE05x_AppletConfig_DH_MONT; +- else if (feature.AppletConfig_HMAC == 1) +- applet_features.variant |= kSE05x_AppletConfig_HMAC; +- else if (feature.AppletConfig_RSA_PLAIN == 1) +- applet_features.variant |= kSE05x_AppletConfig_RSA_PLAIN; +- else if (feature.AppletConfig_RSA_CRT == 1) +- applet_features.variant |= kSE05x_AppletConfig_RSA_CRT; +- else if (feature.AppletConfig_AES == 1) +- applet_features.variant |= kSE05x_AppletConfig_AES; +- else if (feature.AppletConfig_DES == 1) +- applet_features.variant |= kSE05x_AppletConfig_DES; +- else if (feature.AppletConfig_PBKDF == 1) +- applet_features.variant |= kSE05x_AppletConfig_PBKDF; +- else if (feature.AppletConfig_TLS == 1) +- applet_features.variant |= kSE05x_AppletConfig_TLS; +- else if (feature.AppletConfig_MIFARE == 1) +- applet_features.variant |= kSE05x_AppletConfig_MIFARE; +- else if (feature.AppletConfig_I2CM == 1) +- applet_features.variant |= kSE05x_AppletConfig_I2CM; +- else +- goto exit; +- +- status = Se05x_API_SetAppletFeatures(&session->s_ctx, &applet_features); +- +- if (status == SM_OK) { +- retval = kStatus_SSS_Success; +- } +- +-exit: +- return retval; +-} +- +-#if SSSFTR_SE05X_AuthSession +-static smStatus_t se05x_CreateVerifyUserIDSession( +- pSe05xSession_t se05xSession, const uint32_t auth_id, SE05x_AuthCtx_ID_t *userId, pSe05xPolicy_t policy) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- SE05x_Result_t exists = kSE05x_Result_FAILURE; +- smStatus_t status = SM_NOT_OK; +- size_t sessionIdLen = 8; +- uint8_t keyVal[60]; +- size_t keyValLen = sizeof(keyVal); +- size_t keyBitLen = sizeof(keyVal) * 8; +- +- /* Check if Object exists only if auth_id is non kSE05x_AppletResID_TRANSPORT */ +- /* CheckObjectExists returns 6985 SE05x if transport is Locked */ +- if (auth_id == kSE05x_AppletResID_TRANSPORT) { +- status = SM_OK; +- LOG_D("Create Session with kSE05x_AppletResID_TRANSPORT"); +- } +- else { +- status = Se05x_API_CheckObjectExists(se05xSession, auth_id, &exists); +- if (status == SM_OK && exists == kSE05x_Result_FAILURE) { +- status = SM_NOT_OK; +- LOG_E("UserID is not Provisioned!!!"); +- } +- } +- if (status == SM_OK) { +- status = Se05x_API_CreateSession(se05xSession, auth_id, se05xSession->value, &sessionIdLen); +- } +- if (status == SM_OK) { +- status = SM_NOT_OK; +- retval = sss_host_key_store_get_key(userId->pObj->keyStore, userId->pObj, keyVal, &keyValLen, &keyBitLen); +- +- if (keyValLen < 4) { +- LOG_W("User ID cannot be less than 4 bytes"); +- return SM_NOT_OK; +- } +- +- if (retval == kStatus_SSS_Success) { +- se05xSession->hasSession = 1; +- status = Se05x_API_VerifySessionUserID(se05xSession, keyVal, keyValLen); +- if (status == SM_OK) { +- if (policy->value > 0) { +- status = SM_NOT_OK; +- status = Se05x_API_ExchangeSessionData(se05xSession, policy); +- } +- } +- } +- } +- return status; +-} +-#endif +- +-#if SSS_HAVE_SCP_SCP03_SSS +-#if SSSFTR_SE05X_AuthSession +-static smStatus_t se05x_CreateVerifyAESKeySession( +- pSe05xSession_t se05xSession, const uint32_t auth_id, NXSCP03_AuthCtx_t *pAppletSCPCtx) +-{ +- SE05x_Result_t exists = kSE05x_Result_FAILURE; +- smStatus_t status = SM_NOT_OK; +- size_t sessionIdLen = 8; +- sss_status_t retval = kStatus_SSS_Fail; +- +- if (auth_id == kSE05x_AppletResID_TRANSPORT) { +- /* SKIP */ +- /* If there's a transport lock, Se05x_API_CheckObjectExists would fail. */ +- status = SM_OK; +- } +- else { +- status = Se05x_API_CheckObjectExists(se05xSession, auth_id, &exists); +- if (status == SM_OK && exists == kSE05x_Result_FAILURE) { +- status = SM_NOT_OK; +- LOG_E("Applet key is not Provisioned!!!"); +- } +- } +- if (status == SM_OK) { +- status = Se05x_API_CreateSession(se05xSession, auth_id, se05xSession->value, &sessionIdLen); +- if (status != SM_OK) { +- se05xSession->hasSession = 0; +- } +- else { +- se05xSession->hasSession = 1; +- se05xSession->authType = kSSS_AuthType_AESKey; +- retval = nxScp03_AuthenticateChannel(se05xSession, pAppletSCPCtx); +- if (retval == kStatus_SSS_Success) { +- pAppletSCPCtx->pDyn_ctx->authType = kSSS_AuthType_AESKey; +- se05xSession->pdynScp03Ctx = pAppletSCPCtx->pDyn_ctx; +- status = SM_OK; +- } +- else { +- status = SM_NOT_OK; +- } +- } +- } +- return status; +-} +-#endif +- +-#if SSSFTR_SE05X_AuthECKey +-static smStatus_t se05x_CreateECKeySession( +- pSe05xSession_t se05xSession, const uint32_t auth_id, SE05x_AuthCtx_ECKey_t *pFScpCtx) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- SE05x_Result_t exists = kSE05x_Result_FAILURE; +- smStatus_t status = SM_NOT_OK; +- size_t sessionIdLen = 8; +- +- status = Se05x_API_CheckObjectExists(se05xSession, auth_id, &exists); +- if (status == SM_OK && exists == kSE05x_Result_FAILURE) { +- status = SM_NOT_OK; +- LOG_E("SE ECDSA Public Key is not Provisioned!!!"); +- } +- if (status == SM_OK) { +- status = Se05x_API_CreateSession(se05xSession, auth_id, se05xSession->value, &sessionIdLen); +- if (status != SM_OK) { +- se05xSession->hasSession = 0; +- } +- else { +- status = SM_NOT_OK; +- se05xSession->hasSession = 1; +- retval = nxECKey_AuthenticateChannel(se05xSession, pFScpCtx); +- if (retval == kStatus_SSS_Success) { +- NXSCP03_DynCtx_t *pDyn_ctx = pFScpCtx->pDyn_ctx; +- +- pDyn_ctx->authType = se05xSession->authType = kSSS_AuthType_ECKey; +- se05xSession->pdynScp03Ctx = pFScpCtx->pDyn_ctx; +- status = SM_OK; +- } +- } +- } +- return status; +-} +-#endif /* SSSFTR_SE05X_AuthECKey */ +-#endif +- +-#if SSSFTR_SE05X_ECC || SSSFTR_SE05X_RSA +-static sss_status_t se05x_check_input_len(size_t inLen, sss_algorithm_t algorithm) +-{ +- sss_status_t retval = kStatus_SSS_Fail; +- +- switch (algorithm) { +- case kAlgorithm_SSS_SHA1: +- case kAlgorithm_SSS_ECDSA_SHA1: +-#if SSS_HAVE_RSA +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1: +-#endif +- retval = (inLen == 20) ? kStatus_SSS_Success : kStatus_SSS_Fail; +- break; +- case kAlgorithm_SSS_SHA224: +- case kAlgorithm_SSS_ECDSA_SHA224: +-#if SSS_HAVE_RSA +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224: +-#endif +- retval = (inLen == 28) ? kStatus_SSS_Success : kStatus_SSS_Fail; +- break; +- case kAlgorithm_SSS_SHA256: +-#if SSS_HAVE_ECDAA +- case kAlgorithm_SSS_ECDAA: +-#endif +- case kAlgorithm_SSS_ECDSA_SHA256: +-#if SSS_HAVE_RSA +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256: +-#endif +- retval = (inLen == 32) ? kStatus_SSS_Success : kStatus_SSS_Fail; +- break; +- case kAlgorithm_SSS_SHA384: +- case kAlgorithm_SSS_ECDSA_SHA384: +-#if SSS_HAVE_RSA +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384: +-#endif +- retval = (inLen == 48) ? kStatus_SSS_Success : kStatus_SSS_Fail; +- break; +- case kAlgorithm_SSS_SHA512: +- case kAlgorithm_SSS_ECDSA_SHA512: +-#if SSS_HAVE_RSA +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512: +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512: +-#endif +- retval = (inLen == 64) ? kStatus_SSS_Success : kStatus_SSS_Fail; +- break; +-#if SSS_HAVE_RSA +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_NO_HASH: +- case kAlgorithm_SSS_RSASSA_NO_PADDING: +- retval = kStatus_SSS_Success; +- break; +-#endif +- default: +- LOG_E("Unkown algorithm"); +- retval = kStatus_SSS_Fail; +- } +- return retval; +-} +-#endif +- +-static SE05x_ECSignatureAlgo_t se05x_get_ec_sign_hash_mode(sss_algorithm_t algorithm) +-{ +- SE05x_ECSignatureAlgo_t mode; +- switch (algorithm) { +- case kAlgorithm_SSS_SHA1: +- case kAlgorithm_SSS_ECDSA_SHA1: +- mode = kSE05x_ECSignatureAlgo_SHA; +- break; +- case kAlgorithm_SSS_SHA224: +- case kAlgorithm_SSS_ECDSA_SHA224: +- mode = kSE05x_ECSignatureAlgo_SHA_224; +- break; +- case kAlgorithm_SSS_SHA256: +- case kAlgorithm_SSS_ECDSA_SHA256: +- mode = kSE05x_ECSignatureAlgo_SHA_256; +- break; +- case kAlgorithm_SSS_SHA384: +- case kAlgorithm_SSS_ECDSA_SHA384: +- mode = kSE05x_ECSignatureAlgo_SHA_384; +- break; +- case kAlgorithm_SSS_SHA512: +- case kAlgorithm_SSS_ECDSA_SHA512: +- mode = kSE05x_ECSignatureAlgo_SHA_512; +- break; +- default: +- mode = kSE05x_ECSignatureAlgo_PLAIN; +- break; +- } +- return mode; +-} +- +-#if SSSFTR_SE05X_RSA && SSS_HAVE_RSA +-static SE05x_RSAEncryptionAlgo_t se05x_get_rsa_encrypt_mode(sss_algorithm_t algorithm) +-{ +- SE05x_RSAEncryptionAlgo_t mode; +- switch (algorithm) { +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA1: +- mode = kSE05x_RSAEncryptionAlgo_PKCS1_OAEP; +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA224: +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA256: +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA384: +- case kAlgorithm_SSS_RSAES_PKCS1_OAEP_SHA512: +- mode = kSE05x_RSAEncryptionAlgo_NA; +- break; +- case kAlgorithm_SSS_RSAES_PKCS1_V1_5: +- mode = kSE05x_RSAEncryptionAlgo_PKCS1; +- break; +- default: +- mode = kSE05x_RSAEncryptionAlgo_NO_PAD; +- break; +- } +- return mode; +-} +- +-static SE05x_RSASignatureAlgo_t se05x_get_rsa_sign_hash_mode(sss_algorithm_t algorithm) +-{ +- SE05x_RSASignatureAlgo_t mode; +- switch (algorithm) { +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1: +- mode = kSE05x_RSASignatureAlgo_SHA1_PKCS1; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224: +- mode = kSE05x_RSASignatureAlgo_SHA_224_PKCS1; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256: +- mode = kSE05x_RSASignatureAlgo_SHA_256_PKCS1; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384: +- mode = kSE05x_RSASignatureAlgo_SHA_384_PKCS1; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512: +- mode = kSE05x_RSASignatureAlgo_SHA_512_PKCS1; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA1: +- mode = kSE05x_RSASignatureAlgo_SHA1_PKCS1_PSS; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA224: +- mode = kSE05x_RSASignatureAlgo_SHA224_PKCS1_PSS; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA256: +- mode = kSE05x_RSASignatureAlgo_SHA256_PKCS1_PSS; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA384: +- mode = kSE05x_RSASignatureAlgo_SHA384_PKCS1_PSS; +- break; +- case kAlgorithm_SSS_RSASSA_PKCS1_PSS_MGF1_SHA512: +- mode = kSE05x_RSASignatureAlgo_SHA512_PKCS1_PSS; +- break; +- default: +- mode = kSE05x_RSASignatureAlgo_NA; +- } +- return mode; +-} +-#endif // SSSFTR_SE05X_RSA +- +-static SE05x_CipherMode_t se05x_get_cipher_mode(sss_algorithm_t algorithm) +-{ +- SE05x_CipherMode_t mode; +- switch (algorithm) { +- case kAlgorithm_SSS_AES_ECB: +- mode = kSE05x_CipherMode_AES_ECB_NOPAD; +- break; +- case kAlgorithm_SSS_DES_ECB: +- mode = kSE05x_CipherMode_DES_ECB_NOPAD; +- break; +- case kAlgorithm_SSS_AES_CBC: +- mode = kSE05x_CipherMode_AES_CBC_NOPAD; +- break; +- case kAlgorithm_SSS_DES_CBC: +- mode = kSE05x_CipherMode_DES_CBC_NOPAD; +- break; +- case kAlgorithm_SSS_AES_CTR: +- mode = kSE05x_CipherMode_AES_CTR; +- break; +- default: +- mode = 0; +- } +- return mode; +-} +- +-SE05x_MACAlgo_t se05x_get_mac_algo(sss_algorithm_t algorithm) +-{ +- SE05x_MACAlgo_t mode; +- switch (algorithm) { +- case kAlgorithm_SSS_CMAC_AES: +- mode = kSE05x_MACAlgo_CMAC_128; +- break; +-#if SSS_HAVE_HASH_1 +- case kAlgorithm_SSS_HMAC_SHA1: +- mode = kSE05x_MACAlgo_HMAC_SHA1; +- break; +-#endif +- case kAlgorithm_SSS_HMAC_SHA256: +- mode = kSE05x_MACAlgo_HMAC_SHA256; +- break; +- case kAlgorithm_SSS_HMAC_SHA384: +- mode = kSE05x_MACAlgo_HMAC_SHA384; +- break; +-#if SSS_HAVE_HASH_512 +- case kAlgorithm_SSS_HMAC_SHA512: +- mode = kSE05x_MACAlgo_HMAC_SHA512; +- break; +-#endif +- default: +- mode = kSE05x_MACAlgo_NA; +- } +- return mode; +-} +- +-SE05x_DigestMode_t se05x_get_sha_algo(sss_algorithm_t algorithm) +-{ +- SE05x_DigestMode_t sha_type; +- +- switch (algorithm) { +-#if SSS_HAVE_HASH_1 +- case kAlgorithm_SSS_SHA1: +- case kAlgorithm_SSS_HMAC_SHA1: +- sha_type = kSE05x_DigestMode_SHA; +- break; +-#endif +-#if SSS_HAVE_HASH_224 +- case kAlgorithm_SSS_SHA224: +- sha_type = kSE05x_DigestMode_SHA224; +- break; +-#endif +- case kAlgorithm_SSS_SHA256: +- case kAlgorithm_SSS_HMAC_SHA256: +- sha_type = kSE05x_DigestMode_SHA256; +- break; +- case kAlgorithm_SSS_SHA384: +- case kAlgorithm_SSS_HMAC_SHA384: +- sha_type = kSE05x_DigestMode_SHA384; +- break; +-#if SSS_HAVE_HASH_512 +- case kAlgorithm_SSS_SHA512: +- case kAlgorithm_SSS_HMAC_SHA512: +- sha_type = kSE05x_DigestMode_SHA512; +- break; +-#endif +- default: +- sha_type = 0x00; +- } +- +- return sha_type; +-} +-//////////////////////////////////////////////////////////////////////// +-#if SSSFTR_SE05X_ECC && SSSFTR_SE05X_KEY_SET +-static smStatus_t sss_se05x_LL_set_ec_key(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_ECCurve_t curveID, +- const uint8_t *privKey, +- size_t privKeyLen, +- const uint8_t *pubKey, +- size_t pubKeyLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- SE05x_Result_t obj_exists) +-{ +- smStatus_t status = SM_NOT_OK; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- fp_Ec_KeyWrite_t fpEcKey_Ver = NULL; +- /* Call APIs For SE051 */ +- if (obj_exists == kSE05x_Result_FAILURE) { +- fpEcKey_Ver = &Se05x_API_WriteECKey_Ver; +- } +- else if (obj_exists == kSE05x_Result_SUCCESS) { +- fpEcKey_Ver = &Se05x_API_UpdateECKey_Ver; +- } +- +- if (fpEcKey_Ver != NULL) { +- status = fpEcKey_Ver(session_ctx, +- policy, +- maxAttempt, +- objectID, +- curveID, +- privKey, +- privKeyLen, +- pubKey, +- pubKeyLen, +- ins_type, +- key_part, +- 0); +- } +- else { +- LOG_E("Invalid Object exist status!!!"); +- } +- +-#else +- /* Call APIs For SE050 */ +- status = Se05x_API_WriteECKey( +- session_ctx, policy, maxAttempt, objectID, curveID, privKey, privKeyLen, pubKey, pubKeyLen, ins_type, key_part); +-#endif +- return status; +-} +-#endif //SSSFTR_SE05X_ECC +- +-#if SSSFTR_SE05X_KEY_SET +-static smStatus_t sss_se05x_LL_set_symm_key(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- SE05x_MaxAttemps_t maxAttempt, +- uint32_t objectID, +- SE05x_KeyID_t kekID, +- const uint8_t *keyValue, +- size_t keyValueLen, +- const SE05x_INS_t ins_type, +- const SE05x_SymmKeyType_t type, +- SE05x_Result_t obj_exists) +-{ +- smStatus_t status = SM_NOT_OK; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- fp_Symm_KeyWrite_t fpSymmKey_Ver = NULL; +- /* Call APIs For SE051 */ +- if (obj_exists == kSE05x_Result_FAILURE) { +- fpSymmKey_Ver = &Se05x_API_WriteSymmKey_Ver; +- } +- else if (obj_exists == kSE05x_Result_SUCCESS) { +- fpSymmKey_Ver = &Se05x_API_UpdateSymmKey_Ver; +- } +- +- if (fpSymmKey_Ver != NULL) { +- status = (*fpSymmKey_Ver)( +- session_ctx, policy, maxAttempt, objectID, kekID, keyValue, keyValueLen, ins_type, type, 0); +- } +- else { +- LOG_E("Invalid Object exist status!!!"); +- } +-#else +- /* Call APIs For SE050 */ +- status = +- Se05x_API_WriteSymmKey(session_ctx, policy, maxAttempt, objectID, kekID, keyValue, keyValueLen, ins_type, type); +-#endif +- return status; +-} +-#endif //SSSFTR_SE05X_AES && SSSFTR_SE05X_KEY_SET +- +-#if SSSFTR_SE05X_RSA && SSSFTR_SE05X_KEY_SET && SSS_HAVE_RSA +-static smStatus_t sss_se05x_LL_set_RSA_key(pSe05xSession_t session_ctx, +- pSe05xPolicy_t policy, +- uint32_t objectID, +- uint16_t size, +- const uint8_t *p, +- size_t pLen, +- const uint8_t *q, +- size_t qLen, +- const uint8_t *dp, +- size_t dpLen, +- const uint8_t *dq, +- size_t dqLen, +- const uint8_t *qInv, +- size_t qInvLen, +- const uint8_t *pubExp, +- size_t pubExpLen, +- const uint8_t *priv, +- size_t privLen, +- const uint8_t *pubMod, +- size_t pubModLen, +- const SE05x_INS_t ins_type, +- const SE05x_KeyPart_t key_part, +- const SE05x_RSAKeyFormat_t rsa_format, +- SE05x_Result_t obj_exists) +-{ +- smStatus_t status = SM_NOT_OK; +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- fp_RSA_KeyWrite_t fpRSAKey_Ver = NULL; +- /* Call APIs For SE051 */ +- if (obj_exists == kSE05x_Result_FAILURE) { +- fpRSAKey_Ver = &Se05x_API_WriteRSAKey_Ver; +- } +- else if (obj_exists == kSE05x_Result_SUCCESS) { +- fpRSAKey_Ver = &Se05x_API_UpdateRSAKey_Ver; +- } +- +- if (fpRSAKey_Ver != NULL) { +- status = (*fpRSAKey_Ver)(session_ctx, +- policy, +- objectID, +- size, +- p, +- pLen, +- q, +- qLen, +- dp, +- dpLen, +- dq, +- dqLen, +- qInv, +- qInvLen, +- pubExp, +- pubExpLen, +- priv, +- privLen, +- pubMod, +- pubModLen, +- ins_type, +- key_part, +- rsa_format, +- 0); +- } +- else { +- LOG_E("Invalid Object exist status!!!"); +- } +-#else +- /* Call APIs For SE050 */ +- status = Se05x_API_WriteRSAKey(session_ctx, +- policy, +- objectID, +- size, +- p, +- pLen, +- q, +- qLen, +- dp, +- dpLen, +- dq, +- dqLen, +- qInv, +- qInvLen, +- pubExp, +- pubExpLen, +- priv, +- privLen, +- pubMod, +- pubModLen, +- ins_type, +- key_part, +- rsa_format); +-#endif +- return status; +-} +-#endif //SSSFTR_SE05X_RSA && SSSFTR_SE05X_KEY_SET +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_eckey.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_eckey.c +deleted file mode 100644 +index 632786dffd..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_eckey.c ++++ /dev/null +@@ -1,534 +0,0 @@ +-/* Copyright 2019,2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file */ +- +-#if defined(FLOW_VERBOSE) +-#define NX_LOG_ENABLE_SCP_DEBUG 1 +-#endif +- +-#include +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-#if SSS_HAVE_SCP_SCP03_SSS && SSSFTR_SE05X_AuthECKey +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#if SSS_HAVE_MBEDTLS +-#include "fsl_sss_mbedtls_types.h" +-#elif SSS_HAVE_OPENSSL +-#include "fsl_sss_openssl_types.h" +-#endif +- +-/* ************************************************************************** */ +-/* Functions : Private function declaration */ +-/* ************************************************************************** */ +-static sss_status_t nxECKey_InternalAuthenticate(pSe05xSession_t se05xSession, +- SE05x_AuthCtx_ECKey_t *pAuthFScp, +- uint8_t *hostEckaPubKey, +- size_t hostEckaPubKeyLen, +- uint8_t *rndData, +- size_t *rndDataLen, +- uint8_t *receipt, +- size_t *receiptLen); +- +-static sss_status_t nxECKey_calculate_master_secret( +- SE05x_AuthCtx_ECKey_t *pAuthFScp, uint8_t *rnd, size_t rndLen, uint8_t *sharedSecret, size_t sharedSecretLen); +- +-static sss_status_t nxECKey_HostLocal_CalculateSessionKeys(SE05x_AuthCtx_ECKey_t *pAuthFScp); +- +-static sss_status_t nxECKey_Calculate_Initial_Mac_Chaining_Value(SE05x_AuthCtx_ECKey_t *pAuthFScp); +- +-static sss_status_t nxECKey_Calculate_Shared_secret( +- SE05x_AuthCtx_ECKey_t *pAuthFScp, uint8_t *sharedSecret, size_t *sharedSecretLen); +- +-#define TAG_PK_SE_ECKA 0x7F49 +-#define TAG_SIG_SE_ECKA 0x5F37 +-static sss_status_t nxECKey_GetVerify_SE_Ecka_Public( +- pSe05xSession_t se05xSession, uint8_t *pSePubEcka, size_t *pSePubEckaLen); +- +-static void set_secp256r1nist_header(uint8_t *pbKey, size_t *pbKeyByteLen); +- +-int get_u8buf_2bTag(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, uint16_t tag, uint8_t *rsp, size_t *pRspLen); +- +-/* ************************************************************************** */ +-/* Functions : Function definition */ +-/* ************************************************************************** */ +- +-sss_status_t nxECKey_AuthenticateChannel(pSe05xSession_t se05xSession, SE05x_AuthCtx_ECKey_t *pAuthFScp) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- // Host public key to send to the SE for internal authenticate +- uint8_t hostEckaPub[100]; +- size_t hostEckaPubLen = sizeof(hostEckaPub); +- size_t hostEckabitLen; +- // Random bytes to retrive from SE in internal authenticate +- uint8_t drSE[20]; +- size_t drSELen = sizeof(drSE); +- uint8_t receipt[16]; +- size_t receiptLen = sizeof(receipt); +- uint8_t shsSecret[32]; +- size_t shsSecretLen = sizeof(shsSecret); +- size_t offset = 0; +- NXECKey03_StaticCtx_t *pStatic_ctx = pAuthFScp->pStatic_ctx; +- NXSCP03_DynCtx_t *pDyn_ctx = pAuthFScp->pDyn_ctx; +- uint8_t sePubkey[150] = { +- 0, +- }; // SE ECKA Public Key +- size_t sePubkeyLen = sizeof(sePubkey); +- uint8_t *pkSeEcka; +- +- /* clang-format off */ +- const uint8_t commandCounter[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; +- /* clang-format on */ +- +- /* Get the Host ephemeral key */ +- uint8_t hostPubkey[100]; +- status = sss_host_key_store_get_key( +- pStatic_ctx->HostEcKeypair.keyStore, &pStatic_ctx->HostEcKeypair, hostPubkey, &hostEckaPubLen, &hostEckabitLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- /* Get Ecc public key in the plain form required for Security Storage +- * according to GPCS Ammendment E For ECC Nist 256 key +- */ +- hostEckaPub[offset++] = GPCS_KEY_TYPE_ECC_NIST256; //Tag EC public key +- hostEckaPub[offset++] = 0x41; // public key len +- memcpy( +- hostEckaPub + offset, hostPubkey + ASN_ECC_NIST_256_HEADER_LEN, hostEckaPubLen - ASN_ECC_NIST_256_HEADER_LEN); +- offset += hostEckaPubLen - ASN_ECC_NIST_256_HEADER_LEN; +- hostEckaPub[offset++] = KEY_PARAMETER_REFERENCE_TAG; +- hostEckaPub[offset++] = KEY_PARAMETER_REFERENCE_VALUE_LEN; +- hostEckaPub[offset++] = KEY_PARAMETER_REFERENCE_VALUE; +- hostEckaPubLen = offset; +- +- /* Get SE ECKA Public Key*/ +- status = nxECKey_GetVerify_SE_Ecka_Public(se05xSession, sePubkey, &sePubkeyLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- /* Create the Key in ASN1 Der format */ +- pkSeEcka = &sePubkey[2]; // Exclude first two bytes Tag and len +- sePubkeyLen = sePubkeyLen - 2; +- set_secp256r1nist_header(pkSeEcka, &sePubkeyLen); +- sePubkeyLen = sePubkeyLen - 2; // Exclude last three bytes Key parameter tag len and value +- /*Set the key in Fast scp Host context*/ +- status = sss_host_key_store_set_key( +- pStatic_ctx->SeEcPubKey.keyStore, &pStatic_ctx->SeEcPubKey, pkSeEcka, sePubkeyLen, 256, NULL, 0); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- status = nxECKey_InternalAuthenticate( +- se05xSession, pAuthFScp, hostEckaPub, hostEckaPubLen, drSE, &drSELen, receipt, &receiptLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- /*Calculate the Shared Secret */ +- status = nxECKey_Calculate_Shared_secret(pAuthFScp, shsSecret, &shsSecretLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- /*Erase the host key pair as it is no longer needed*/ +- memset(hostEckaPub, 0, sizeof(hostEckaPub)); +- memset(hostPubkey, 0, sizeof(hostPubkey)); +- sss_key_object_free(&pStatic_ctx->HostEcKeypair); +- +- status = nxECKey_calculate_master_secret(pAuthFScp, drSE, drSELen, shsSecret, shsSecretLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- status = nxECKey_HostLocal_CalculateSessionKeys(pAuthFScp); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- /* Increment the command Encreption counter to 1*/ +- memcpy(pDyn_ctx->cCounter, commandCounter, AES_KEY_LEN_nBYTE); +- +- /* compute the initial MAC chaining value */ +- status = nxECKey_Calculate_Initial_Mac_Chaining_Value(pAuthFScp); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- pDyn_ctx->SecurityLevel = (uint8_t)SECURITY_LEVEL; +-exit: +- return status; +-} +- +-static sss_status_t nxECKey_Calculate_Initial_Mac_Chaining_Value(SE05x_AuthCtx_ECKey_t *pAuthFScp) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- uint8_t ddA[128]; +- uint16_t ddALen = sizeof(ddA); +- uint8_t iniMacChaining[AES_KEY_LEN_nBYTE]; +- uint32_t signatureLen = AES_KEY_LEN_nBYTE; +- NXECKey03_StaticCtx_t *pStatic_ctx = pAuthFScp->pStatic_ctx; +- NXSCP03_DynCtx_t *pDyn_ctx = pAuthFScp->pDyn_ctx; +- +- // Set the Derviation data +- nxScp03_setDerivationData( +- ddA, &ddALen, DATA_DERIVATION_INITIAL_MCV, DATA_DERIVATION_L_128BIT, DATA_DERIVATION_KDF_CTR, NULL, 0); +- // Calculate the Initial MCV value +- status = nxScp03_Generate_SessionKey(&pStatic_ctx->masterSec, ddA, ddALen, iniMacChaining, &signatureLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- LOG_MAU8_D("Initial MCV", iniMacChaining, AES_KEY_LEN_nBYTE); +- // Set the Initial MCV value +- memcpy(pDyn_ctx->MCV, iniMacChaining, AES_KEY_LEN_nBYTE); +-exit: +- return status; +-} +- +-static sss_status_t nxECKey_HostLocal_CalculateSessionKeys(SE05x_AuthCtx_ECKey_t *pAuthFScp) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- uint8_t ddA[128]; +- uint16_t ddALen = sizeof(ddA); +- uint8_t sessionEncKey[AES_KEY_LEN_nBYTE]; +- uint8_t sessionMacKey[AES_KEY_LEN_nBYTE]; +- uint8_t sessionRmacKey[AES_KEY_LEN_nBYTE]; +- uint32_t signatureLen = AES_KEY_LEN_nBYTE; +- NXECKey03_StaticCtx_t *pStatic_ctx = pAuthFScp->pStatic_ctx; +- NXSCP03_DynCtx_t *pDyn_ctx = pAuthFScp->pDyn_ctx; +- +- /* Generation and Creation of Session ENC SSS Key Object */ +- +- // Set the Derviation data +- nxScp03_setDerivationData( +- ddA, &ddALen, DATA_DERIVATION_SENC, DATA_DERIVATION_L_128BIT, DATA_DERIVATION_KDF_CTR, NULL, 0); +- // Calculate the Session-ENC key +- status = nxScp03_Generate_SessionKey(&pStatic_ctx->masterSec, ddA, ddALen, sessionEncKey, &signatureLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- LOG_MAU8_D("sessionEncKey", sessionEncKey, AES_KEY_LEN_nBYTE); +- // Set the Session-ENC key +- status = sss_host_key_store_set_key(pDyn_ctx->Enc.keyStore, &pDyn_ctx->Enc, sessionEncKey, 16, (16) * 8, NULL, 0); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- /* Generation and Creation of Session MAC SSS Key Object */ +- +- // Set the Derviation data +- nxScp03_setDerivationData( +- ddA, &ddALen, DATA_DERIVATION_SMAC, DATA_DERIVATION_L_128BIT, DATA_DERIVATION_KDF_CTR, NULL, 0); +- // Calculate the Session-MAC key +- status = nxScp03_Generate_SessionKey(&pStatic_ctx->masterSec, ddA, ddALen, sessionMacKey, &signatureLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- LOG_MAU8_D("sessionMacKey", sessionMacKey, AES_KEY_LEN_nBYTE); +- // Set the Session-MAC key +- status = sss_host_key_store_set_key(pDyn_ctx->Mac.keyStore, &pDyn_ctx->Mac, sessionMacKey, 16, (16) * 8, NULL, 0); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- /* Generation and Creation of Session RMAC SSS Key Object */ +- +- // Set the Derviation data +- nxScp03_setDerivationData( +- ddA, &ddALen, DATA_DERIVATION_SRMAC, DATA_DERIVATION_L_128BIT, DATA_DERIVATION_KDF_CTR, NULL, 0); +- // Calculate the Session-RMAC key +- status = nxScp03_Generate_SessionKey(&pStatic_ctx->masterSec, ddA, ddALen, sessionRmacKey, &signatureLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- LOG_MAU8_D("sessionRmacKey", sessionRmacKey, AES_KEY_LEN_nBYTE); +- // Set the Session-RMAC key +- status = +- sss_host_key_store_set_key(pDyn_ctx->Rmac.keyStore, &pDyn_ctx->Rmac, sessionRmacKey, 16, (16) * 8, NULL, 0); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +-exit: +- return status; +-} +- +-static sss_status_t nxECKey_calculate_master_secret( +- SE05x_AuthCtx_ECKey_t *pAuthFScp, uint8_t *rnd, size_t rndLen, uint8_t *sharedSecret, size_t sharedSecretLen) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- sss_digest_t md; +- uint8_t derivationInput[100] = {0}; +- uint8_t masterSk[32]; +- size_t masterSkLen = sizeof(masterSk); +- size_t derivationInputLen = 0; +- NXECKey03_StaticCtx_t *pStatic_ctx = pAuthFScp->pStatic_ctx; +- +- if (pAuthFScp->pDyn_ctx->authType == kSSS_AuthType_INT_ECKey_Counter) { +- const uint8_t kdf_counter[] = {0x00, 0x00, 0x00, 0x01}; +- memcpy(&derivationInput[derivationInputLen], kdf_counter, sizeof(kdf_counter)); +- derivationInputLen += sizeof(kdf_counter); +- } +- memcpy(&derivationInput[derivationInputLen], sharedSecret, sharedSecretLen); +- derivationInputLen += sharedSecretLen; +- memcpy(&derivationInput[derivationInputLen], rnd, rndLen); +- derivationInputLen += rndLen; +- +- derivationInput[derivationInputLen++] = SCP_CONFIG; +- derivationInput[derivationInputLen++] = SECURITY_LEVEL; +- derivationInput[derivationInputLen++] = GPCS_KEY_TYPE_AES; +- derivationInput[derivationInputLen++] = GPCS_KEY_LEN_AES; +- +- status = sss_host_digest_context_init( +- &md, pStatic_ctx->HostEcdsaObj.keyStore->session, kAlgorithm_SSS_SHA256, kMode_SSS_Digest); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- status = sss_host_digest_one_go(&md, derivationInput, derivationInputLen, masterSk, &masterSkLen); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- sss_host_digest_context_free(&md); +- masterSkLen = 16; +- LOG_MAU8_D("Master Secret", masterSk, masterSkLen); +- /*Set the Master secret as AES Key*/ +- status = sss_host_key_store_set_key( +- pStatic_ctx->masterSec.keyStore, &pStatic_ctx->masterSec, masterSk, masterSkLen, masterSkLen * 8, NULL, 0); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +-cleanup: +- return status; +-} +- +-static void set_secp256r1nist_header(uint8_t *pbKey, size_t *pbKeyByteLen) +-{ +- unsigned int i = 0; +- /* clang-format off */ +- char temp[112] = { 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, +- 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, +- 0x07, 0x03, 0x42, 0x00 }; +- /* clang-format on */ +- +- for (i = 0; i < *pbKeyByteLen; i++) { +- temp[26 + i] = pbKey[i]; +- } +- +- *pbKeyByteLen = *pbKeyByteLen + 26; +- memcpy(pbKey, temp, *pbKeyByteLen); +-} +- +-sss_status_t nxECKey_InternalAuthenticate(pSe05xSession_t se05xSession, +- SE05x_AuthCtx_ECKey_t *pAuthFScp, +- uint8_t *hostEckaPubKey, +- size_t hostEckaPubKeyLen, +- uint8_t *rndData, +- size_t *rndDataLen, +- uint8_t *receipt, +- size_t *receiptLen) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- smStatus_t retStatus = SM_NOT_OK; +- int tlvRet = 0; +- uint8_t cmdbuf[256]; +- size_t cmdbufLen = 0; +- uint8_t *pCmdbuf = NULL; +- uint8_t rspbuf[256]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +- size_t rspIndex = 0; +- sss_digest_t md; +- uint8_t md_host5F37[32]; +- size_t md_host5F37Len = sizeof(md_host5F37); +- NXECKey03_StaticCtx_t *pStatic_ctx = pAuthFScp->pStatic_ctx; +- +- const uint8_t tagEpkSeEcka[] = {0x7F, 0x49}; +- const uint8_t tagSigSeEcka[] = {0x5F, 0x37}; +- +- const tlvHeader_t hdr = {{CLA_GP_7816 | CLA_GP_SECURITY_BIT, INS_GP_INTERNAL_AUTHENTICATE, 00, 00}}; +- uint8_t scpParms[3] = {0xAB, SCP_CONFIG, SECURITY_LEVEL}; +- uint8_t appletName[APPLET_NAME_LEN] = APPLET_NAME; +- sss_asymmetric_t asym; +- uint8_t sig_host5F37[100]; +- size_t sig_host5F37Len = sizeof(sig_host5F37); +- +- size_t cntrlRefTemp_Len = 0 + 1 + 1 + APPLET_NAME_LEN /*TLV AID */ + 1 + 1 + sizeof(scpParms) /* TLV SCP Params */ + +- 1 + 1 + 1 /* TLV Keytype */ + 1 + 1 + 1 /* TLV KeyLEN */; +- +-#if NX_LOG_ENABLE_SCP_DEBUG +- nLog("APDU", NX_LEVEL_DEBUG, "ECKey Internal authenticate []"); +-#endif /* VERBOSE_APDU_LOGS */ +- cmdbuf[0] = kSE05x_TAG_GP_CONTRL_REF_PARM; // Tag Control reference template +- cmdbuf[1] = (uint8_t)cntrlRefTemp_Len; +- cmdbufLen = 2; +- pCmdbuf = &cmdbuf[2]; +- tlvRet = TLVSET_u8buf("SE05x AID", &pCmdbuf, &cmdbufLen, kSE05x_GP_TAG_AID, appletName, APPLET_NAME_LEN); +- ENSURE_OR_GO_CLEANUP(tlvRet == 0); +- tlvRet = TLVSET_u8buf("SCP parameters", &pCmdbuf, &cmdbufLen, kSE05x_GP_TAG_SCP_PARMS, scpParms, sizeof(scpParms)); +- ENSURE_OR_GO_CLEANUP(tlvRet == 0); +- tlvRet = TLVSET_U8("Key Type", &pCmdbuf, &cmdbufLen, kSE05x_GP_TAG_KEY_TYPE, GPCS_KEY_TYPE_AES); +- ENSURE_OR_GO_CLEANUP(tlvRet == 0); +- tlvRet = TLVSET_U8("Key length", &pCmdbuf, &cmdbufLen, kSE05x_GP_TAG_KEY_LEN, GPCS_KEY_LEN_AES); +- ENSURE_OR_GO_CLEANUP(tlvRet == 0); +- +- /*Put the ephemral host ECKA pub key */ +- *pCmdbuf++ = tagEpkSeEcka[0]; //Tag is 2 byte */ +- cmdbufLen++; +- *pCmdbuf++ = tagEpkSeEcka[1]; +- cmdbufLen++; +- *pCmdbuf++ = (uint8_t)hostEckaPubKeyLen; +- cmdbufLen++; +- memcpy(pCmdbuf, hostEckaPubKey, hostEckaPubKeyLen); +- cmdbufLen += hostEckaPubKeyLen; +- +- /* Get the sha256 hash of Control_refernce_template + host ECKA Pub key */ +- status = sss_host_digest_context_init( +- &md, pStatic_ctx->HostEcdsaObj.keyStore->session, kAlgorithm_SSS_SHA256, kMode_SSS_Digest); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- status = sss_host_digest_one_go(&md, cmdbuf, cmdbufLen, md_host5F37, &md_host5F37Len); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- sss_host_digest_context_free(&md); +- +- /* Get the signiture over hash*/ +- status = sss_host_asymmetric_context_init(&asym, +- pStatic_ctx->HostEcdsaObj.keyStore->session, +- &pStatic_ctx->HostEcdsaObj, +- kAlgorithm_SSS_SHA256, +- kMode_SSS_Sign); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- status = sss_host_asymmetric_sign_digest(&asym, md_host5F37, md_host5F37Len, sig_host5F37, &sig_host5F37Len); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- sss_host_asymmetric_context_free(&asym); +- +- /* Put the Control refernce template Value signiture*/ +- pCmdbuf = &cmdbuf[cmdbufLen]; +- *pCmdbuf++ = tagSigSeEcka[0]; +- cmdbufLen++; +- *pCmdbuf++ = tagSigSeEcka[1]; +- cmdbufLen++; +- *pCmdbuf++ = (uint8_t)sig_host5F37Len; +- cmdbufLen++; +- memcpy(pCmdbuf, sig_host5F37, sig_host5F37Len); +- cmdbufLen += sig_host5F37Len; +- status = kStatus_SSS_Fail; +- retStatus = DoAPDUTxRx_s_Case4(se05xSession, &hdr, cmdbuf, cmdbufLen, rspbuf, &rspbufLen); +- ENSURE_OR_GO_CLEANUP(retStatus == SM_OK); +- tlvRet = +- tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_GP_TAG_DR_SE, rndData, rndDataLen); /* Get the Random No */ +- ENSURE_OR_GO_CLEANUP(tlvRet == 0); +- tlvRet = +- tlvGet_u8buf(pRspbuf, &rspIndex, rspbufLen, kSE05x_GP_TAG_RECEIPT, receipt, receiptLen); /* Get the Receipt */ +- ENSURE_OR_GO_CLEANUP(tlvRet == 0); +- ENSURE_OR_GO_CLEANUP((rspIndex + 2) == rspbufLen); +- retStatus = (pRspbuf[rspIndex] << 8) | (pRspbuf[rspIndex + 1]); +- ENSURE_OR_GO_CLEANUP(retStatus == SM_OK); +- status = kStatus_SSS_Success; +- +-cleanup: +- return status; +-} +- +-sss_status_t nxECKey_GetVerify_SE_Ecka_Public(pSe05xSession_t se05xSession, uint8_t *pSePubEcka, size_t *pSePubEckaLen) +-{ +- smStatus_t retStatus = SM_NOT_OK; +- sss_status_t status = kStatus_SSS_Fail; +- int tlvRet = 0; +- uint8_t cmdbuf[100]; +- uint8_t rspbuf[512]; +- uint8_t *pRspbuf = &rspbuf[0]; +- size_t rspbufLen = ARRAY_SIZE(rspbuf); +- +- uint8_t sigSePubkey[100]; +- size_t sigSePubkeyLen = sizeof(sigSePubkey); +- size_t i = 0; +- +- const tlvHeader_t hdr = {{CLA_GP_7816, INS_GP_GET_DATA, P1_GP_GET_DATA, P2_GP_GET_DATA}}; +- size_t cntrlRefTemp_Len = 0 + 1 + 1 + 2; /*TLV Key */ +- +- cmdbuf[i++] = kSE05x_TAG_GP_CONTRL_REF_PARM; // Tag Control reference template +- cmdbuf[i++] = (uint8_t)cntrlRefTemp_Len; +- cmdbuf[i++] = kSE05x_GP_TAG_GET_DATA; +- cmdbuf[i++] = 0x02; +- cmdbuf[i++] = 0x00; //Key Identifier +- cmdbuf[i++] = 0x00; //Key Version Number +- +- retStatus = DoAPDUTxRx_s_Case4(se05xSession, &hdr, cmdbuf, i, rspbuf, &rspbufLen); +- ENSURE_OR_GO_CLEANUP(retStatus == SM_OK); +- +- i = 0; +- /* Get the Public Key*/ +- tlvRet = get_u8buf_2bTag(pRspbuf, &i, rspbufLen, (uint16_t)TAG_PK_SE_ECKA, pSePubEcka, pSePubEckaLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- /* Get the signiture */ +- tlvRet = get_u8buf_2bTag(pRspbuf, &i, rspbufLen, (uint16_t)TAG_SIG_SE_ECKA, sigSePubkey, &sigSePubkeyLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- +- ENSURE_OR_GO_CLEANUP((i + 2) == rspbufLen) +- retStatus = (pRspbuf[i] << 8) | (pRspbuf[i + 1]); +- ENSURE_OR_GO_CLEANUP(retStatus == SM_OK); +- status = kStatus_SSS_Success; +-cleanup: +- return status; +-} +- +-int get_u8buf_2bTag(uint8_t *buf, size_t *pBufIndex, const size_t bufLen, uint16_t tag, uint8_t *rsp, size_t *pRspLen) +-{ +- int retVal = 1; +- uint8_t *pBuf = buf + (*pBufIndex); +- uint16_t got_tag; +- got_tag = ((*pBuf++) << 8) & 0xFFFF; +- got_tag |= ((*pBuf++)) & 0xFFFF; +- size_t extendedLen; +- size_t rspLen; +- //size_t len; +- if (got_tag != tag) +- goto cleanup; +- rspLen = *pBuf++; +- +- if (rspLen <= 0x7FU) { +- extendedLen = rspLen; +- *pBufIndex += (2 + 1); +- } +- else if (rspLen == 0x81) { +- extendedLen = *pBuf++; +- *pBufIndex += (2 + 1 + 1); +- } +- else if (rspLen == 0x82) { +- extendedLen = *pBuf++; +- extendedLen = (extendedLen << 8) | *pBuf++; +- *pBufIndex += (2 + 1 + 2); +- } +- else { +- goto cleanup; +- } +- +- if (extendedLen > *pRspLen) +- goto cleanup; +- if (extendedLen > bufLen) +- goto cleanup; +- +- *pRspLen = extendedLen; +- *pBufIndex += extendedLen; +- while (extendedLen-- > 0) { +- *rsp++ = *pBuf++; +- } +- retVal = 0; +-cleanup: +- return retVal; +-} +- +-sss_status_t nxECKey_Calculate_Shared_secret( +- SE05x_AuthCtx_ECKey_t *pAuthFScp, uint8_t *sharedSecret, size_t *sharedSecretLen) +-{ +- sss_status_t status = kStatus_SSS_Fail; +- sss_derive_key_t dervCtx; +- sss_object_t shsSecret; +- +- NXECKey03_StaticCtx_t *pStatic_ctx = pAuthFScp->pStatic_ctx; +- size_t sharedSecBitLen = 0; +- +- status = sss_host_key_object_init(&shsSecret, pStatic_ctx->SeEcPubKey.keyStore); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- status = sss_host_key_object_allocate_handle( +- &shsSecret, __LINE__, kSSS_KeyPart_Default, kSSS_CipherType_AES, 32, kKeyObject_Mode_Transient); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- status = sss_host_derive_key_context_init(&dervCtx, +- pStatic_ctx->HostEcKeypair.keyStore->session, +- &pStatic_ctx->HostEcKeypair, +- kAlgorithm_SSS_ECDH, +- kMode_SSS_ComputeSharedSecret); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- status = sss_host_derive_key_dh(&dervCtx, &pStatic_ctx->SeEcPubKey, &shsSecret); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- status = +- sss_host_key_store_get_key(&shsSecret.keyStore, &shsSecret, sharedSecret, sharedSecretLen, &sharedSecBitLen); +- ENSURE_OR_GO_CLEANUP(status == kStatus_SSS_Success); +- +- LOG_MAU8_D("Shared Secret", sharedSecret, *sharedSecretLen); +- +-cleanup: +- sss_host_derive_key_context_free(&dervCtx); +- sss_host_key_object_free(&shsSecret); +- return status; +-} +-#endif /* defined SSS_HAVE_SCP_SCP03_SSS */ +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_mw.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_mw.c +deleted file mode 100644 +index b22940b21a..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_mw.c ++++ /dev/null +@@ -1,509 +0,0 @@ +-/* +- * +- * Copyright 2018-2020 NXP +- * SPDX-License-Identifier: Apache-2.0 +- */ +- +-/** @file */ +- +-#include +-#include +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-#include +-#include +-#include +-#include +-#include +- +-uint32_t se05x_sssKeyTypeLenToCurveId(sss_cipher_type_t cipherType, size_t keyBits) +-{ +- uint32_t u32_curve_id = 0; +- switch (cipherType) { +- case kSSS_CipherType_EC_NIST_P: { +- SE05x_ECCurve_t eCurveID; +- switch (keyBits) { +-#if SSS_HAVE_EC_NIST_192 +- case 192: +- eCurveID = kSE05x_ECCurve_NIST_P192; +- break; +-#endif +-#if SSS_HAVE_EC_NIST_224 +- case 224: +- eCurveID = kSE05x_ECCurve_NIST_P224; +- break; +-#endif +- case 256: +- eCurveID = kSE05x_ECCurve_NIST_P256; +- break; +- case 384: +- eCurveID = kSE05x_ECCurve_NIST_P384; +- break; +-#if SSS_HAVE_EC_NIST_192 +- case 521: +- eCurveID = kSE05x_ECCurve_NIST_P521; +- break; +-#endif +- default: +- eCurveID = kSE05x_ECCurve_NA; +- } +- u32_curve_id = (uint32_t)eCurveID; +- break; +- } +-#if SSS_HAVE_EC_BP +- case kSSS_CipherType_EC_BRAINPOOL: { +- SE05x_ECCurve_t eCurveID; +- switch (keyBits) { +- case 160: +- eCurveID = kSE05x_ECCurve_Brainpool160; +- break; +- case 192: +- eCurveID = kSE05x_ECCurve_Brainpool192; +- break; +- case 224: +- eCurveID = kSE05x_ECCurve_Brainpool224; +- break; +- case 256: +- eCurveID = kSE05x_ECCurve_Brainpool256; +- break; +- case 320: +- eCurveID = kSE05x_ECCurve_Brainpool320; +- break; +- case 384: +- eCurveID = kSE05x_ECCurve_Brainpool384; +- break; +- case 512: +- eCurveID = kSE05x_ECCurve_Brainpool512; +- break; +- default: +- eCurveID = kSE05x_ECCurve_NA; +- } +- u32_curve_id = (uint32_t)eCurveID; +- break; +- } +-#endif +-#if SSS_HAVE_EC_NIST_K +- case kSSS_CipherType_EC_NIST_K: { +- SE05x_ECCurve_t eCurveID; +- switch (keyBits) { +- case 160: +- eCurveID = kSE05x_ECCurve_Secp160k1; +- break; +- case 192: +- eCurveID = kSE05x_ECCurve_Secp192k1; +- break; +- case 224: +- eCurveID = kSE05x_ECCurve_Secp224k1; +- break; +- case 256: +- eCurveID = kSE05x_ECCurve_Secp256k1; +- break; +- default: +- eCurveID = kSE05x_ECCurve_NA; +- } +- u32_curve_id = (uint32_t)eCurveID; +- break; +- } +-#endif +-#if SSS_HAVE_EC_MONT +- case kSSS_CipherType_EC_MONTGOMERY: { +- SE05x_ECCurve_t eCurveID; +- switch (keyBits) { +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- case 448: +- eCurveID = kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_448; +- break; +-#endif +- case 256: +- eCurveID = kSE05x_ECCurve_RESERVED_ID_ECC_MONT_DH_25519; +- break; +- default: +- eCurveID = kSE05x_ECCurve_NA; +- } +- u32_curve_id = (uint32_t)eCurveID; +- break; +- } +-#endif +-#if SSS_HAVE_EC_ED +- case kSSS_CipherType_EC_TWISTED_ED: { +- SE05x_ECCurve_t eCurveID; +- switch (keyBits) { +- case 256: +- eCurveID = kSE05x_ECCurve_RESERVED_ID_ECC_ED_25519; +- break; +- default: +- eCurveID = kSE05x_ECCurve_NA; +- } +- u32_curve_id = (uint32_t)eCurveID; +- break; +- } +-#endif +-#if SSS_HAVE_TPM_BN +- case kSSS_CipherType_EC_BARRETO_NAEHRIG: { +- SE05x_ECCurve_t eCurveID; +- switch (keyBits) { +- case 256: +- eCurveID = kSE05x_ECCurve_TPM_ECC_BN_P256; +- break; +- default: +- eCurveID = kSE05x_ECCurve_NA; +- } +- u32_curve_id = (uint32_t)eCurveID; +- break; +- } +-#endif +- default: +- break; +- } +- return u32_curve_id; +-} +- +-smStatus_t Se05x_API_EC_CurveGetId(pSe05xSession_t session_ctx, uint32_t objectID, SE05x_ECCurve_t *pcurveId) +-{ +- smStatus_t ret = SM_NOT_OK; +- if (pcurveId) { +- uint8_t u8curve = 0; +- ret = Se05x_API_GetECCurveId(session_ctx, objectID, &u8curve); +- if (ret == SM_OK) { +- *pcurveId = (SE05x_ECCurve_t)u8curve; +- } +- } +- return ret; +-} +- +-smStatus_t Se05x_i2c_master_txn(sss_session_t *sess, SE05x_I2CM_cmd_t *p, uint8_t noOftags) +-{ +- smStatus_t retval = SM_NOT_OK; +- uint8_t buffer[SE05X_I2CM_MAX_BUF_SIZE_CMD] = {0}; +- size_t bufferLen = 0; +- uint8_t iCnt = 0; +- uint8_t remainingCnt = 0; +- int tlvRet = 0; +- uint8_t rspbuffer[SE05X_I2CM_MAX_BUF_SIZE_RSP] = {0}; +- size_t rspbufferLen = sizeof(rspbuffer); +- +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)sess; +- Se05xSession_t *se050session_id = NULL; +- +- uint8_t *pCmdbuf = &buffer[0]; +- const uint8_t *pSendbuf = &buffer[0]; +- size_t SendLen = 0; +- +- if (se05x_session->subsystem == kType_SSS_SE_SE05x) { +- se050session_id = &se05x_session->s_ctx; +- } +- else { +- goto cleanup; +- } +- +- for (iCnt = 0; iCnt < noOftags; iCnt++) { +- if (p[iCnt].type == kSE05x_I2CM_Configure) { +- uint8_t configBuf[2] = {0}; +- size_t configBufLen = sizeof(configBuf); +- configBuf[0] = p[iCnt].cmd.cfg.I2C_addr; +- configBuf[1] = p[iCnt].cmd.cfg.I2C_baudRate; +- tlvRet = TLVSET_u8buf_I2CM( +- "I2CM Configure", &pCmdbuf, &bufferLen, kSE05x_TAG_I2CM_Config, configBuf, configBufLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- //else if (p[iCnt].type == kSE05x_I2CM_Security) { +- //} +- else if (p[iCnt].type == kSE05x_I2CM_Write) { +- tlvRet = TLVSET_u8buf_I2CM("I2CM Write", +- &pCmdbuf, +- &bufferLen, +- kSE05x_TAG_I2CM_Write, +- p[iCnt].cmd.w.writebuf, +- p[iCnt].cmd.w.writeLength); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- else if (p[iCnt].type == kSE05x_I2CM_Read) { +- uint8_t readLenBuf[2]; +- size_t readLenBufLen = sizeof(readLenBuf); +- readLenBuf[0] = (uint8_t)(p[iCnt].cmd.rd.readLength >> 8); +- readLenBuf[1] = (uint8_t)(p[iCnt].cmd.rd.readLength); +- tlvRet = +- TLVSET_u8buf_I2CM("I2CM Read", &pCmdbuf, &bufferLen, kSE05x_TAG_I2CM_Read, readLenBuf, readLenBufLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- else { +- break; +- } +- } +- +- SendLen = bufferLen; +- retval = Se05x_API_I2CM_Send(se050session_id, pSendbuf, SendLen, rspbuffer, &rspbufferLen); +- +- if (retval == SM_OK) { +- // Walk through the result. +- // In principle the order of results matches the order the incoming commands. +- // Exception: Structural error in format incoming commands +- uint8_t *rspTag = &rspbuffer[0]; +- unsigned int rspPos = 1u; +- for (iCnt = 0; iCnt < noOftags; iCnt++) { +- if (*rspTag == kSE05x_I2CM_StructuralIssue) { +- // Modify TLV type of command to report back error +- p[iCnt].type = kSE05x_I2CM_StructuralIssue; +- p[iCnt].cmd.issue.issueStatus = rspbuffer[rspPos]; +- break; +- } +- else if (p[iCnt].type == kSE05x_I2CM_Configure) { +- // Check whether response is in expected order +- if (*rspTag != p[iCnt].type) { +- LOG_W("Response out-of-order"); +- break; +- } +- p[iCnt].cmd.cfg.status = rspbuffer[rspPos]; +- } +- //else if (p[iCnt].type == kSE05x_I2CM_Security) { +- //} +- else if (p[iCnt].type == kSE05x_I2CM_Write) { +- // Check whether response is in expected order +- if (*rspTag != p[iCnt].type) { +- LOG_W("Response out-of-order"); +- break; +- } +- p[iCnt].cmd.w.wrStatus = rspbuffer[rspPos]; +- } +- else if (p[iCnt].type == kSE05x_I2CM_Read) { +- // Check whether response is in expected order +- if (*rspTag != p[iCnt].type) { +- LOG_W("Response out-of-order"); +- break; +- } +- p[iCnt].cmd.rd.rdStatus = rspbuffer[rspPos]; +- if (p[iCnt].cmd.rd.rdStatus == kSE05x_I2CM_Success) { +- // Receiving less data than requested is not considered an error +- uint16_t reportedRead = (rspbuffer[rspPos + 1] << 8) + rspbuffer[rspPos + 2]; +- rspPos += 2; +- if (reportedRead < p[iCnt].cmd.rd.readLength) { +- LOG_W("kSE05x_I2CM_Read: Requested %d, Received %d byte", +- p[iCnt].cmd.rd.readLength, +- reportedRead); +- p[iCnt].cmd.rd.readLength = reportedRead; +- } +- // Did we receive enough data? +- if (rspbufferLen > (rspPos + p[iCnt].cmd.rd.readLength)) { +- memcpy(p[iCnt].cmd.rd.rdBuf, &rspbuffer[rspPos + 1], p[iCnt].cmd.rd.readLength); +- rspPos += p[iCnt].cmd.rd.readLength; +- } +- else { +- // TODO: Indicate we could not transfer result into buffer +- LOG_E( +- "kSE05x_I2CM_Read: Expecting more data (%d) than " +- "was received", +- p[iCnt].cmd.rd.readLength); +- break; +- } +- } +- } +- else { +- break; +- } +- // Update parsing position +- if (rspbufferLen > rspPos + 2u) { +- rspTag = &rspbuffer[rspPos + 1]; +- rspPos += 2; +- } +- } +- // If we dropped out before handling all tags, clear the tagtype of the tags +- // that were not handled +- for (remainingCnt = iCnt + 1; remainingCnt < noOftags; remainingCnt++) { +- p[remainingCnt].type = kSE05x_I2CM_None; +- } +- } +- +-cleanup: +- return retval; +-} +- +-smStatus_t Se05x_i2c_master_attst_txn(sss_session_t *sess, +- sss_object_t *keyObject, +- SE05x_I2CM_cmd_t *p, +- uint8_t *random_attst, +- size_t random_attstLen, +- SE05x_AttestationAlgo_t attst_algo, +- SE05x_TimeStamp_t *ptimeStamp, +- size_t *timeStampLen, +- uint8_t *freshness, +- size_t *pfreshnessLen, +- uint8_t *chipId, +- size_t *pchipIdLen, +- uint8_t *signature, +- size_t *psignatureLen, +- uint8_t noOftags) +-{ +- smStatus_t retval = SM_NOT_OK; +- uint8_t buffer[SE05X_I2CM_MAX_BUF_SIZE_CMD] = {0}; +- size_t bufferLen = 0; +- uint8_t iCnt = 0; +- uint8_t remainingCnt = 0; +- int tlvRet = 0; +- uint8_t rspbuffer[SE05X_I2CM_MAX_BUF_SIZE_RSP] = {0}; +- size_t rspbufferLen = sizeof(rspbuffer); +- uint32_t attestID; +- +- sss_se05x_session_t *se05x_session = (sss_se05x_session_t *)sess; +- Se05xSession_t *se050session_id = NULL; +- +- sss_se05x_object_t *keyObject_attst = (sss_se05x_object_t *)keyObject; +- attestID = keyObject_attst->keyId; +- +- uint8_t *pCmdbuf = &buffer[0]; +- const uint8_t *pSendbuf = &buffer[0]; +- size_t SendLen = 0; +- +- if (se05x_session->subsystem == kType_SSS_SE_SE05x) { +- se050session_id = &se05x_session->s_ctx; +- } +- else { +- goto cleanup; +- } +- +- for (iCnt = 0; iCnt < noOftags; iCnt++) { +- if (p[iCnt].type == kSE05x_I2CM_Configure) { +- uint8_t configBuf[2] = {0}; +- size_t configBufLen = sizeof(configBuf); +- configBuf[0] = p[iCnt].cmd.cfg.I2C_addr; +- configBuf[1] = p[iCnt].cmd.cfg.I2C_baudRate; +- tlvRet = TLVSET_u8buf_I2CM( +- "I2CM Configure", &pCmdbuf, &bufferLen, kSE05x_TAG_I2CM_Config, configBuf, configBufLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- else if (p[iCnt].type == kSE05x_I2CM_Write) { +- tlvRet = TLVSET_u8buf_I2CM("I2CM Write", +- &pCmdbuf, +- &bufferLen, +- kSE05x_TAG_I2CM_Write, +- p[iCnt].cmd.w.writebuf, +- p[iCnt].cmd.w.writeLength); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- else if (p[iCnt].type == kSE05x_I2CM_Read) { +- uint8_t readLenBuf[2]; +- size_t readLenBufLen = sizeof(readLenBuf); +- readLenBuf[0] = (uint8_t)(p[iCnt].cmd.rd.readLength >> 8); +- readLenBuf[1] = (uint8_t)(p[iCnt].cmd.rd.readLength); +- tlvRet = +- TLVSET_u8buf_I2CM("I2CM Read", &pCmdbuf, &bufferLen, kSE05x_TAG_I2CM_Read, readLenBuf, readLenBufLen); +- if (0 != tlvRet) { +- goto cleanup; +- } +- } +- else { +- break; +- } +- } +- *timeStampLen = sizeof(SE05x_TimeStamp_t); +- SendLen = bufferLen; +- retval = Se05x_API_I2CM_ExecuteCommandSet(se050session_id, +- pSendbuf, +- SendLen, +- attestID, +- attst_algo, +- rspbuffer, +- &rspbufferLen, +- ptimeStamp, +- freshness, +- pfreshnessLen, +- chipId, +- pchipIdLen, +- signature, +- psignatureLen, +- random_attst, +- random_attstLen); +- +- if (retval == SM_OK) { +- // Walk through the result. +- // In principle the order of results matches the order the incoming commands. +- // Exception: Structural error in format incoming commands +- uint8_t *rspTag = &rspbuffer[0]; +- unsigned int rspPos = 1u; +- for (iCnt = 0; iCnt < noOftags; iCnt++) { +- if (*rspTag == kSE05x_I2CM_StructuralIssue) { +- // Modify TLV type of command to report back error +- p[iCnt].type = kSE05x_I2CM_StructuralIssue; +- p[iCnt].cmd.issue.issueStatus = rspbuffer[rspPos]; +- break; +- } +- else if (p[iCnt].type == kSE05x_I2CM_Configure) { +- // Check whether response is in expected order +- if (*rspTag != p[iCnt].type) { +- LOG_W("Response out-of-order"); +- break; +- } +- p[iCnt].cmd.cfg.status = rspbuffer[rspPos]; +- } +- //else if (p[iCnt].type == kSE05x_I2CM_Security) { +- //} +- else if (p[iCnt].type == kSE05x_I2CM_Write) { +- // Check whether response is in expected order +- if (*rspTag != p[iCnt].type) { +- LOG_W("Response out-of-order"); +- break; +- } +- p[iCnt].cmd.w.wrStatus = rspbuffer[rspPos]; +- } +- else if (p[iCnt].type == kSE05x_I2CM_Read) { +- // Check whether response is in expected order +- if (*rspTag != p[iCnt].type) { +- LOG_W("Response out-of-order"); +- break; +- } +- p[iCnt].cmd.rd.rdStatus = rspbuffer[rspPos]; +- if (p[iCnt].cmd.rd.rdStatus == kSE05x_I2CM_Success) { +- // Receiving less data than requested is not considered an error +- uint16_t reportedRead = (rspbuffer[rspPos + 1] << 8) + rspbuffer[rspPos + 2]; +- rspPos += 2; +- if (reportedRead < p[iCnt].cmd.rd.readLength) { +- LOG_W("kSE05x_I2CM_Read: Requested %d, Received %d byte", +- p[iCnt].cmd.rd.readLength, +- reportedRead); +- p[iCnt].cmd.rd.readLength = reportedRead; +- } +- // Did we receive enough data? +- if (rspbufferLen > (rspPos + p[iCnt].cmd.rd.readLength)) { +- memcpy(p[iCnt].cmd.rd.rdBuf, &rspbuffer[rspPos + 1], p[iCnt].cmd.rd.readLength); +- rspPos += p[iCnt].cmd.rd.readLength; +- } +- else { +- // TODO: Indicate we could not transfer result into buffer +- LOG_E( +- "kSE05x_I2CM_Read: Expecting more data (%d) than " +- "was received", +- p[iCnt].cmd.rd.readLength); +- break; +- } +- } +- } +- else { +- break; +- } +- // Update parsing position +- if (rspbufferLen > rspPos + 2u) { +- rspTag = &rspbuffer[rspPos + 1]; +- rspPos += 2; +- } +- } +- // If we dropped out before handling all tags, clear the tagtype of the tags +- // that were not handled +- for (remainingCnt = iCnt + 1; remainingCnt < noOftags; remainingCnt++) { +- p[remainingCnt].type = kSE05x_I2CM_None; +- } +- } +- +-cleanup: +- return retval; +-} +- +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_policy.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_policy.c +deleted file mode 100644 +index 4bc6015adc..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_policy.c ++++ /dev/null +@@ -1,392 +0,0 @@ +-/* +-* +-* Copyright 2018-2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-/** @file */ +- +-#include +-#include +-#include +- +-#if SSS_HAVE_APPLET_SE05X_IOT +-#include +- +-/*Update header bit of policy based on the access rights sets in the policy +- Input:policy object of type sss_policy_sym_key_u +- Output:pbuffer pointing to policy header offset*/ +-static void sss_se05x_update_header_sym_key_policy(sss_policy_sym_key_u key_pol, uint8_t *pbuffer); +- +-/*Update header bit of policy based on the access rights sets in the policy +- Input:policy object of type sss_policy_asym_key_u +- Output:pbuffer pointing to policy header offset*/ +-static void sss_se05x_update_header_asym_key_policy(sss_policy_asym_key_u key_pol, uint8_t *pbuffer); +- +-/*Update header bit of policy based on the access rights sets in the policy +-Input:policy object of type sss_policy_common_u +-Output:pbuffer pointing to policy header offset*/ +-static void sss_se05x_update_header_common_policy(sss_policy_common_u common_pol, uint8_t *pbuffer); +- +-/*Update header bit of policy based on the access rights sets in the policy +-Input:policy object of type sss_policy_userid_u +-Output:pbuffer pointing to policy header offset*/ +-static void sss_se05x_update_header_pin_policy(sss_policy_userid_u pin_pol, uint8_t *pbuffer); +- +-/*Update header bit of policy based on the access rights sets in the policy +-Input:policy object of type sss_policy_file_u +-Output:pbuffer pointing to policy header offset*/ +-static void sss_se05x_update_header_file_policy(sss_policy_file_u file_pol, uint8_t *pbuffer); +- +-/*Update header bit of policy based on the access rights sets in the policy +-Input:policy object of type sss_policy_counter_u +-Output:pbuffer pointing to policy header offset*/ +-static void sss_se05x_update_header_counter_policy(sss_policy_counter_u counter_pol, uint8_t *pbuffer); +- +-/*Update header bit of policy based on the access rights sets in the policy +-Input:policy object of type sss_policy_pcr_u +-Output:pbuffer pointing to policy header offset +-*/ +-static void sss_se05x_update_header_pcr_policy(sss_policy_pcr_u pcr_pol, uint8_t *pbuffer); +- +-/*Update header bit of policy based on the access rights sets in the policy +-Input:policy object of type sss_policy_common_pcr_value_u +-Output:pbuffer pointing to policy header offset +-*/ +-static void sss_se05x_update_header_pcr_value_policy(sss_policy_common_pcr_value_u pcr_value_pol, uint8_t *pbuffer); +- +-static void sss_se05x_update_ext_pcr_value_policy( +- sss_policy_common_pcr_value_u pcr_value_pol, uint8_t *pbuffer, uint32_t *ext_offset); +- +-/* +-finds indices of all same auth Ids in a group of polices and returns the count +-of same auth ids with in a group of Ids, it laso copies indices in to an array passed by user +-Input: authId to be searched +- policies: array of all policies with diversified auth ids +-Output: pindices " array contains index of all input authid +-retuns :count of same auth ids with in a group of Ids +-*/ +-static int sss_se05x_find_authId_instances(uint32_t authId, uint8_t *pindices, sss_policy_t *policies); +-static void sss_se05x_copy_uint32_to_u8_array(uint32_t u32, uint8_t *pbuffer); +-static void sss_se05x_copy_uint16_to_u8_array(uint16_t u16, uint8_t *pbuffer); +- +-static void sss_se05x_update_header_sym_key_policy(sss_policy_sym_key_u key_pol, uint8_t *pbuffer) +-{ +- uint32_t header = 0; +- if (key_pol.can_Sign) { +- header |= POLICY_OBJ_ALLOW_SIGN; +- } +- if (key_pol.can_Verify) { +- header |= POLICY_OBJ_ALLOW_VERIFY; +- } +- if (key_pol.can_Encrypt) { +- header |= POLICY_OBJ_ALLOW_ENC; +- } +- if (key_pol.can_Decrypt) { +- header |= POLICY_OBJ_ALLOW_DEC; +- } +- if (key_pol.can_KD) { +- header |= POLICY_OBJ_ALLOW_KDF; +- } +- if (key_pol.can_Wrap) { +- header |= POLICY_OBJ_ALLOW_WRAP; +- } +- if (key_pol.can_Write) { +- header |= POLICY_OBJ_ALLOW_WRITE; +- } +- if (key_pol.can_Gen) { +- header |= POLICY_OBJ_ALLOW_GEN; +- } +- if (key_pol.can_Desfire_Auth) { +- header |= POLICY_OBJ_ALLOW_DESFIRE_AUTHENTICATION; +- } +- if (key_pol.can_Desfire_Dump) { +- header |= POLICY_OBJ_ALLOW_DESFIRE_DUMP_SESSION_KEYS; +- } +- if (key_pol.can_Import_Export) { +- header |= POLICY_OBJ_ALLOW_IMPORT_EXPORT; +- } +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- if (key_pol.forbid_Derived_Output) { +- header |= POLICY_OBJ_FORBID_DERIVED_OUTPUT; +- } +-#endif +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- if (key_pol.allow_kdf_ext_rnd) { +- header |= POLICY_OBJ_ALLOW_KDF_EXT_RANDOM; +- } +-#endif +- sss_se05x_copy_uint32_to_u8_array(header, pbuffer); +-} +- +-static void sss_se05x_update_header_asym_key_policy(sss_policy_asym_key_u key_pol, uint8_t *pbuffer) +-{ +- uint32_t header = 0; +- if (key_pol.can_Sign) { +- header |= POLICY_OBJ_ALLOW_SIGN; +- } +- if (key_pol.can_Verify) { +- header |= POLICY_OBJ_ALLOW_VERIFY; +- } +- if (key_pol.can_Encrypt) { +- header |= POLICY_OBJ_ALLOW_ENC; +- } +- if (key_pol.can_Decrypt) { +- header |= POLICY_OBJ_ALLOW_DEC; +- } +- if (key_pol.can_KD) { +- header |= POLICY_OBJ_ALLOW_KDF; +- } +- if (key_pol.can_Wrap) { +- header |= POLICY_OBJ_ALLOW_WRAP; +- } +- if (key_pol.can_Write) { +- header |= POLICY_OBJ_ALLOW_WRITE; +- } +- if (key_pol.can_Gen) { +- header |= POLICY_OBJ_ALLOW_GEN; +- } +- if (key_pol.can_Import_Export) { +- header |= POLICY_OBJ_ALLOW_IMPORT_EXPORT; +- } +- if (key_pol.can_KA) { +- header |= POLICY_OBJ_ALLOW_KA; +- } +- if (key_pol.can_Read) { +- header |= POLICY_OBJ_ALLOW_READ; +- } +- if (key_pol.can_Attest) { +- header |= POLICY_OBJ_ALLOW_ATTESTATION; +- } +-#if SSS_HAVE_SE05X_VER_GTE_06_00 +- if (key_pol.forbid_Derived_Output) { +- header |= POLICY_OBJ_FORBID_DERIVED_OUTPUT; +- } +-#endif +- sss_se05x_copy_uint32_to_u8_array(header, pbuffer); +-} +- +-static void sss_se05x_update_header_common_policy(sss_policy_common_u common_pol, uint8_t *pbuffer) +-{ +- uint32_t header = 0; +- if (common_pol.can_Delete) { +- header |= POLICY_OBJ_ALLOW_DELETE; +- } +- if (common_pol.forbid_All) { +- header |= POLICY_OBJ_FORBID_ALL; +- } +- if (common_pol.req_Sm) { +- header |= POLICY_OBJ_REQUIRE_SM; +- } +- sss_se05x_copy_uint32_to_u8_array(header, pbuffer); +-} +- +-static void sss_se05x_update_header_pin_policy(sss_policy_userid_u pin_pol, uint8_t *pbuffer) +-{ +- uint32_t header = 0; +- if (pin_pol.can_Write) { +- header |= POLICY_OBJ_ALLOW_WRITE; +- } +- sss_se05x_copy_uint32_to_u8_array(header, pbuffer); +-} +- +-static void sss_se05x_update_header_file_policy(sss_policy_file_u file_pol, uint8_t *pbuffer) +-{ +- uint32_t header = 0; +- if (file_pol.can_Read) { +- header |= POLICY_OBJ_ALLOW_READ; +- } +- if (file_pol.can_Write) { +- header |= POLICY_OBJ_ALLOW_WRITE; +- } +- sss_se05x_copy_uint32_to_u8_array(header, pbuffer); +-} +- +-static void sss_se05x_update_header_counter_policy(sss_policy_counter_u counter_pol, uint8_t *pbuffer) +-{ +- uint32_t header = 0; +- if (counter_pol.can_Read) { +- header |= POLICY_OBJ_ALLOW_READ; +- } +- if (counter_pol.can_Write) { +- header |= POLICY_OBJ_ALLOW_WRITE; +- } +- sss_se05x_copy_uint32_to_u8_array(header, pbuffer); +-} +- +-static void sss_se05x_update_header_pcr_policy(sss_policy_pcr_u pcr_pol, uint8_t *pbuffer) +-{ +- uint32_t header = 0; +- if (pcr_pol.can_Read) { +- header |= POLICY_OBJ_ALLOW_READ; +- } +- if (pcr_pol.can_Write) { +- header |= POLICY_OBJ_ALLOW_WRITE; +- } +- sss_se05x_copy_uint32_to_u8_array(header, pbuffer); +-} +- +-static void sss_se05x_update_header_pcr_value_policy(sss_policy_common_pcr_value_u pcr_pol, uint8_t *pbuffer) +-{ +- uint32_t header = 0; +- header |= POLICY_OBJ_REQUIRE_PCR_VALUE; +- sss_se05x_copy_uint32_to_u8_array(header, pbuffer); +-} +- +-static void sss_se05x_update_ext_pcr_value_policy( +- sss_policy_common_pcr_value_u pcr_pol, uint8_t *pbuffer, uint32_t *ext_offset) +-{ +- /*copy 4 bytes PCR Object ID*/ +- sss_se05x_copy_uint32_to_u8_array(pcr_pol.pcrObjId, pbuffer + *ext_offset); +- *ext_offset += sizeof(pcr_pol.pcrObjId); +- /*copy 32 bytes PCR value*/ +- memcpy(pbuffer + *ext_offset, pcr_pol.pcrExpectedValue, sizeof(pcr_pol.pcrExpectedValue)); +- *ext_offset += sizeof(pcr_pol.pcrExpectedValue); +-} +- +-static void sss_se05x_copy_uint32_to_u8_array(uint32_t u32, uint8_t *pbuffer) +-{ +- pbuffer[0] |= (uint8_t)((u32 >> 3 * 8) & 0xFF); +- pbuffer[1] |= (uint8_t)((u32 >> 2 * 8) & 0xFF); +- pbuffer[2] |= (uint8_t)((u32 >> 1 * 8) & 0xFF); +- pbuffer[3] |= (uint8_t)((u32 >> 0 * 8) & 0xFF); +-} +- +-static void sss_se05x_copy_uint16_to_u8_array(uint16_t u16, uint8_t *pbuffer) +-{ +- pbuffer[0] |= (uint8_t)((u16 >> 8) & 0xFF); +- pbuffer[1] |= (uint8_t)((u16)&0xFF); +-} +-static int sss_se05x_find_authId_instances(uint32_t authId, uint8_t *pindices, sss_policy_t *policies) +-{ +- int count = 0; +- for (uint32_t i = 0; i <= policies->nPolicies - 1; i++) { +- if (policies->policies[i] != NULL && policies->policies[i]->auth_obj_id == authId) { +- *pindices++ = i; +- count++; +- } +- } +- return count; +-} +- +-sss_status_t sss_se05x_create_object_policy_buffer(sss_policy_t *policies, uint8_t *pbuff, size_t *buf_len) +-{ +- uint8_t temp_buffer[MAX_OBJ_POLICY_SIZE] = {0}; +- uint8_t indexArray[MAX_OBJ_POLICY_TYPES] = {0}; +- uint8_t auth_id_count = 0; +- uint8_t policiesCopied = 0; +- uint32_t ext_offset = 0; +- uint32_t offset = 0; +- +- if ((policies == NULL) || (pbuff == NULL) || (buf_len == NULL)) +- return kStatus_SSS_InvalidArgument; +- +- if (policies->nPolicies > SSS_POLICY_COUNT_MAX) { +- return kStatus_SSS_InvalidArgument; +- } +- +- *buf_len = 0; +- /*Reinitialize policy buffer for every Secure object*/ +- memset(pbuff, 0x00, MAX_POLICY_BUFFER_SIZE); +- for (uint32_t i = 0; i < policies->nPolicies && policiesCopied < policies->nPolicies; i++) { +- if (policies->policies[i] != NULL) { +- auth_id_count = +- sss_se05x_find_authId_instances(policies->policies[i]->auth_obj_id, &indexArray[0], policies); +- /*length is initialized with default length +- will be updated when extensions are copied*/ +- temp_buffer[OBJ_POLICY_LENGTH_OFFSET] = DEFAULT_OBJECT_POLICY_SIZE; +- /* Copy Auth Id*/ +- sss_se05x_copy_uint32_to_u8_array( +- policies->policies[i]->auth_obj_id, &temp_buffer[OBJ_POLICY_AUTHID_OFFSET]); +- for (int j = 0; j < auth_id_count; j++) { +- /* Update AR Header as per object type*/ +- switch (policies->policies[indexArray[j]]->type) { +- case KPolicy_Sym_Key: +- sss_se05x_update_header_sym_key_policy( +- (policies->policies[indexArray[j]])->policy.symmkey, &temp_buffer[OBJ_POLICY_HEADER_OFFSET]); +- break; +- case KPolicy_Asym_Key: +- sss_se05x_update_header_asym_key_policy( +- (policies->policies[indexArray[j]])->policy.asymmkey, &temp_buffer[OBJ_POLICY_HEADER_OFFSET]); +- break; +- case KPolicy_Common: +- sss_se05x_update_header_common_policy( +- (policies->policies[indexArray[j]])->policy.common, &temp_buffer[OBJ_POLICY_HEADER_OFFSET]); +- break; +- case KPolicy_Common_PCR_Value: +- sss_se05x_update_header_pcr_value_policy( +- (policies->policies[indexArray[j]])->policy.common_pcr_value, +- &temp_buffer[OBJ_POLICY_HEADER_OFFSET]); +- sss_se05x_update_ext_pcr_value_policy((policies->policies[indexArray[j]])->policy.common_pcr_value, +- &temp_buffer[OBJ_POLICY_EXT_OFFSET], +- &ext_offset); +- temp_buffer[OBJ_POLICY_LENGTH_OFFSET] += OBJ_POLICY_PCR_DATA_SIZE; +- break; +- case KPolicy_File: +- sss_se05x_update_header_file_policy( +- (policies->policies[indexArray[j]])->policy.file, &temp_buffer[OBJ_POLICY_HEADER_OFFSET]); +- break; +- case KPolicy_Counter: +- sss_se05x_update_header_counter_policy( +- (policies->policies[indexArray[j]])->policy.counter, &temp_buffer[OBJ_POLICY_HEADER_OFFSET]); +- break; +- case KPolicy_PCR: +- sss_se05x_update_header_pcr_policy( +- (policies->policies[indexArray[j]])->policy.pcr, &temp_buffer[OBJ_POLICY_HEADER_OFFSET]); +- break; +- case KPolicy_UserID: +- sss_se05x_update_header_pin_policy( +- (policies->policies[indexArray[j]])->policy.pin, &temp_buffer[OBJ_POLICY_HEADER_OFFSET]); +- break; +- default: +- break; +- } +- policies->policies[indexArray[j]] = NULL; +- } +- memcpy(pbuff + offset, temp_buffer, (temp_buffer[0] + 1)); +- *buf_len += (temp_buffer[0] + 1); +- policiesCopied = policiesCopied + auth_id_count; +- offset += (temp_buffer[0] + 1); +- /* reinitialize temp buffer for a new policy*/ +- memset(&temp_buffer[0], 0x00, sizeof(temp_buffer)); +- ext_offset = 0; +- } +- } +- +- return kStatus_SSS_Success; +-} +- +-sss_status_t sss_se05x_create_session_policy_buffer( +- sss_policy_session_u *session_policy, uint8_t *session_pol_buff, size_t *buf_len) +-{ +- uint16_t session_header = 0; +- /*Reinitialize policy buffer for every Secure object*/ +- memset(session_pol_buff, 0x00, MAX_POLICY_BUFFER_SIZE); +- +- if ((session_policy == NULL) || (session_pol_buff == NULL) || (buf_len == NULL)) +- return kStatus_SSS_InvalidArgument; +- +- *buf_len = DEFAULT_SESSION_POLICY_SIZE; +- +- /*set default length*/ +- session_pol_buff[SESSION_POLICY_LENGTH_OFFSET] = DEFAULT_SESSION_POLICY_SIZE; +- if (session_policy->has_MaxOperationsInSession) { +- session_header |= POLICY_SESSION_MAX_APDU; +- sss_se05x_copy_uint16_to_u8_array(session_header, &session_pol_buff[SESSION_POLICY_AR_HEADER_OFFSET]); +- sss_se05x_copy_uint16_to_u8_array(session_policy->maxOperationsInSession, &session_pol_buff[*buf_len]); +- *buf_len += sizeof(session_policy->maxOperationsInSession); +- } +- if (session_policy->has_MaxDurationOfSession_sec) { +- session_header |= POLICY_SESSION_MAX_TIME; +- sss_se05x_copy_uint16_to_u8_array(session_header, &session_pol_buff[SESSION_POLICY_AR_HEADER_OFFSET]); +- sss_se05x_copy_uint16_to_u8_array(session_policy->maxDurationOfSession_sec, &session_pol_buff[*buf_len]); +- *buf_len += sizeof(session_policy->maxDurationOfSession_sec); +- } +- if (session_policy->allowRefresh) { +- session_header |= POLICY_SESSION_ALLOW_REFRESH; +- sss_se05x_copy_uint16_to_u8_array(session_header, &session_pol_buff[SESSION_POLICY_AR_HEADER_OFFSET]); +- } +- session_pol_buff[0] = (uint8_t)(*buf_len - 1); //Exclude Length of Policy field. +- return kStatus_SSS_Success; +-} +-#endif /* SSS_HAVE_APPLET_SE05X_IOT */ +diff --git a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_scp03.c b/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_scp03.c +deleted file mode 100644 +index 50b2affed4..0000000000 +--- a/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/src/se05x/fsl_sss_se05x_scp03.c ++++ /dev/null +@@ -1,520 +0,0 @@ +-/* +-* +-* Copyright 2018-2020 NXP +-* SPDX-License-Identifier: Apache-2.0 +-*/ +- +-/** @file */ +- +-#if defined(SSS_USE_FTR_FILE) +-#include "fsl_sss_ftr.h" +-#else +-#include "fsl_sss_ftr_default.h" +-#endif +- +-#if SSS_HAVE_APPLET_SE05X_IOT +- +-#if SSS_HAVE_HOSTCRYPTO_USER +-#include +-#endif +- +-#if defined(FLOW_VERBOSE) +-#define NX_LOG_ENABLE_SCP_DEBUG 1 +-#endif +- +-#if SSS_HAVE_HOSTCRYPTO_ANY +- +-#include +-#include +-#include +-#include +- +-#include "nxEnsure.h" +-#include "nxScp03_Apis.h" +-#include "smCom.h" +-#if defined(SECURE_WORLD) +-#include "fsl_sss_lpc55s_apis.h" +-#endif +- +-/* ************************************************************************** */ +-/* Functions : Private function declaration */ +-/* ************************************************************************** */ +- +-//#define INITIAL_HOST_CHALLANGE {0xAF,0x28,0xE1,0x16,0xD1,0x58,0x1E,0x89} +- +-/** +-* To Initiate secure channel +-*/ +-static sss_status_t nxScp03_GP_InitializeUpdate(pSe05xSession_t se05xSession, +- uint8_t *hostChallenge, +- uint16_t hostChallengeLen, +- uint8_t *keyDivData, +- uint16_t *pKeyDivDataLen, +- uint8_t *keyInfo, +- uint16_t *pKeyInfoLen, +- uint8_t *cardChallenge, +- uint16_t *pCardChallengeLen, +- uint8_t *cardCryptoGram, +- uint16_t *pCardCryptoGramLen, +- uint8_t *seqCounter, +- uint16_t *pSeqCounterLen, +- uint8_t keyVerNo); +- +-static sss_status_t nxScp03_HostLocal_CalculateSessionKeys( +- NXSCP03_AuthCtx_t *pAuthScp03, uint8_t *hostChallenge, uint8_t *cardChallenge); +- +-/** +-* To authenticate the initiated secure channel +-*/ +-static sss_status_t nxScp03_GP_ExternalAuthenticate( +- pSe05xSession_t se05xSession, sss_object_t *keyObj, uint8_t *updateMCV, uint8_t *hostCryptogram); +- +-sss_status_t nxScp03_AuthenticateChannel(pSe05xSession_t se05xSession, NXSCP03_AuthCtx_t *pAuthScp03) +-{ +-#ifdef INITIAL_HOST_CHALLANGE +- uint8_t hostChallenge[] = INITIAL_HOST_CHALLANGE; +-#else +- uint8_t hostChallenge[SCP_GP_HOST_CHALLENGE_LEN]; +- sss_rng_context_t rngctx; +-#endif +- uint8_t keyDivData[SCP_GP_IU_KEY_DIV_DATA_LEN]; +- uint16_t keyDivDataLen = sizeof(keyDivData); +- uint8_t keyInfo[SCP_GP_IU_KEY_INFO_LEN]; +- uint16_t keyInfoLen = sizeof(keyInfo); +- uint8_t cardChallenge[SCP_GP_CARD_CHALLENGE_LEN]; +- uint16_t cardChallengeLen = sizeof(cardChallenge); +- uint8_t cardCryptoGram[SCP_GP_IU_CARD_CRYPTOGRAM_LEN]; +- uint16_t cardCryptoGramLen = sizeof(cardCryptoGram); +- uint8_t seqCounter[SCP_GP_IU_SEQ_COUNTER_LEN]; +- uint16_t seqCounterLen = sizeof(seqCounter); +- uint8_t hostCryptogram[SCP_GP_IU_CARD_CRYPTOGRAM_LEN]; +- +- NXSCP03_StaticCtx_t *pStatic_ctx = pAuthScp03->pStatic_ctx; +- NXSCP03_DynCtx_t *pDyn_ctx = pAuthScp03->pDyn_ctx; +- +- /* clang-format off */ +- const uint8_t commandCounter[16] = { +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; +- /* clang-format on */ +- sss_status_t status = kStatus_SSS_Fail; +- +- if ((pStatic_ctx->Enc.keyStore == NULL) || (pStatic_ctx->Mac.keyStore == NULL) || +- (pStatic_ctx->Dek.keyStore == NULL) || (pDyn_ctx->Enc.keyStore == NULL) || (pDyn_ctx->Mac.keyStore == NULL) || +- (pDyn_ctx->Rmac.keyStore == NULL)) { +- LOG_E("nxScp03_GP_InitializeUpdate fails Invalid objects sent %04X", status); +- return status; +- } +- LOG_D("FN: %s", __FUNCTION__); +- /* Get a random host challenge */ +-#ifndef INITIAL_HOST_CHALLANGE +- status = sss_host_rng_context_init(&rngctx, pStatic_ctx->Enc.keyStore->session); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- status = sss_host_rng_get_random(&rngctx, hostChallenge, SCP_GP_HOST_CHALLENGE_LEN); +- LOG_MAU8_D(" Output: hostChallenge", hostChallenge, SCP_GP_HOST_CHALLENGE_LEN); +- +- sss_host_rng_context_free(&rngctx); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +-#endif +- +- status = nxScp03_GP_InitializeUpdate(se05xSession, +- hostChallenge, +- sizeof(hostChallenge), +- keyDivData, +- &keyDivDataLen, +- keyInfo, +- &keyInfoLen, +- cardChallenge, +- &cardChallengeLen, +- cardCryptoGram, +- &cardCryptoGramLen, +- seqCounter, +- &seqCounterLen, +- pStatic_ctx->keyVerNo); +- +- if (status != kStatus_SSS_Success) { +- LOG_E("nxScp03_GP_InitializeUpdate fails with Status %04X", status); +- return status; +- } +- +- status = nxScp03_HostLocal_CalculateSessionKeys(pAuthScp03, hostChallenge, cardChallenge); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- status = nxScp03_HostLocal_VerifyCardCryptogram(&pDyn_ctx->Mac, hostChallenge, cardChallenge, cardCryptoGram); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- LOG_MAU8_D("cardCryptoGram", cardCryptoGram, SCP_GP_IU_CARD_CRYPTOGRAM_LEN); +- +- LOG_D("CardCryptogram verified successfully...Calculate HostCryptogram"); +- status = nxScp03_HostLocal_CalculateHostCryptogram(&pDyn_ctx->Mac, hostChallenge, cardChallenge, hostCryptogram); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- LOG_AU8_D(hostCryptogram, SCP_GP_IU_CARD_CRYPTOGRAM_LEN); +- +- status = nxScp03_GP_ExternalAuthenticate(se05xSession, &pDyn_ctx->Mac, pDyn_ctx->MCV, hostCryptogram); +- if (status != kStatus_SSS_Success) { +- LOG_E("GP_ExternalAuthenticate fails with Status %04X", status); +- return status; +- } +- else { +- // At this stage we have authenticated successfully. +- status = kStatus_SSS_Success; +- pDyn_ctx->SecurityLevel = (C_MAC | C_ENC | R_MAC | R_ENC); +- memcpy(pDyn_ctx->cCounter, commandCounter, AES_KEY_LEN_nBYTE); +- LOG_D("Authentication Successful!!!"); +- } +- +-exit: +- return status; +-} +- +-static sss_status_t nxScp03_GP_ExternalAuthenticate( +- pSe05xSession_t se05xSession, sss_object_t *keyObj, uint8_t *updateMCV, uint8_t *hostCryptogram) +-{ +- smStatus_t st = SM_NOT_OK; +- uint8_t txBuf[64]; +- uint8_t macToAdd[AES_KEY_LEN_nBYTE] = {0}; +- +- sss_mac_t macCtx; +- sss_algorithm_t algorithm = kAlgorithm_SSS_CMAC_AES; +- sss_mode_t mode = kMode_SSS_Mac; +- size_t signatureLen = sizeof(macToAdd); +- sss_status_t status = kStatus_SSS_Fail; +- +- tlvHeader_t hdr = { +- {CLA_GP_7816 | CLA_GP_SECURITY_BIT, INS_GP_EXTERNAL_AUTHENTICATE, SECLVL_CDEC_RENC_CMAC_RMAC, 0x00}}; +- +- LOG_D("FN: %s", __FUNCTION__); +- LOG_MAU8_D(" Input: hostCryptogram", hostCryptogram, SCP_COMMAND_MAC_SIZE); +- +- txBuf[0] = CLA_GP_7816 | CLA_GP_SECURITY_BIT; //Set CLA Byte +- +- txBuf[1] = INS_GP_EXTERNAL_AUTHENTICATE; //Set INS Byte +- txBuf[2] = SECLVL_CDEC_RENC_CMAC_RMAC; //Set Security Level +- +- txBuf[3] = 0x00; +- txBuf[4] = 0x10; // The Lc value is set as-if the MAC has already been appended (SCP03 spec p16. Fig.6-1) +- memcpy(&txBuf[5], hostCryptogram, SCP_GP_IU_CARD_CRYPTOGRAM_LEN); +- +- LOG_D("Calculate the MAC on data"); +- // Calculate the MAC value +- status = sss_host_mac_context_init(&macCtx, keyObj->keyStore->session, keyObj, algorithm, mode); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- status = sss_host_mac_init(&macCtx); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- /* +- * For the EXTERNAL AUTHENTICATE command MAC verification, the "MAC chaining value" is set to 16 +- * bytes '00'. (SCP03 spec p16) +- */ +- memset(updateMCV, 0, SCP_MCV_LEN); +- +- status = sss_host_mac_update(&macCtx, updateMCV, AES_KEY_LEN_nBYTE); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- status = sss_host_mac_update(&macCtx, txBuf, 13); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- status = sss_host_mac_finish(&macCtx, macToAdd, &signatureLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- LOG_MAU8_D(" Output: Calculated MAC", macToAdd, SCP_COMMAND_MAC_SIZE); +- sss_host_mac_context_free(&macCtx); +- +- LOG_D("Add calculated MAC Value to cmd Data"); +- memcpy(updateMCV, macToAdd, AES_KEY_LEN_nBYTE); +- memcpy(&txBuf[5 + SCP_GP_IU_CARD_CRYPTOGRAM_LEN], macToAdd, SCP_GP_IU_CARD_CRYPTOGRAM_LEN); +- +- LOG_D("Sending GP External Authenticate Command !!!"); +- st = DoAPDUTx_s_Case3(se05xSession, &hdr, &txBuf[5], 16); +- if (st != SM_OK) { +- LOG_E("GP_ExternalAuthenticate transmit failed"); +- status = kStatus_SSS_Fail; +- } +- else { +- status = kStatus_SSS_Success; +- } +- +-exit: +- return status; +-} +- +-sss_status_t nxScp03_HostLocal_CalculateHostCryptogram( +- sss_object_t *keyObj, uint8_t *hostChallenge, uint8_t *cardChallenge, uint8_t *hostCryptogram) +-{ +- uint8_t ddA[128]; +- uint16_t ddALen = sizeof(ddA); +- uint8_t context[128]; +- uint16_t contextLen = 0; +- uint8_t hostCryptogramFullLength[AES_KEY_LEN_nBYTE] = {0}; +- uint32_t signatureLen = sizeof(hostCryptogramFullLength); +- sss_status_t status = kStatus_SSS_Fail; +- +- LOG_D("FN: %s", __FUNCTION__); +- LOG_MAU8_D(" Input:hostChallenge", hostChallenge, SCP_GP_HOST_CHALLENGE_LEN); +- LOG_MAU8_D(" Input:cardChallenge", cardChallenge, SCP_GP_CARD_CHALLENGE_LEN); +- +- memcpy(context, hostChallenge, SCP_GP_HOST_CHALLENGE_LEN); +- memcpy(&context[SCP_GP_HOST_CHALLENGE_LEN], cardChallenge, SCP_GP_CARD_CHALLENGE_LEN); +- contextLen = SCP_GP_HOST_CHALLENGE_LEN + SCP_GP_CARD_CHALLENGE_LEN; +- +- nxScp03_setDerivationData( +- ddA, &ddALen, DATA_HOST_CRYPTOGRAM, DATA_DERIVATION_L_64BIT, DATA_DERIVATION_KDF_CTR, context, contextLen); +- +- status = nxScp03_Generate_SessionKey(keyObj, ddA, ddALen, hostCryptogramFullLength, &signatureLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- LOG_MAU8_D(" Output:hostCryptogram", hostCryptogramFullLength, AES_KEY_LEN_nBYTE); +- +- // Chop of the tail of the hostCryptogramFullLength +- memcpy(hostCryptogram, hostCryptogramFullLength, SCP_GP_IU_CARD_CRYPTOGRAM_LEN); +-exit: +- return status; +-} +- +-sss_status_t nxScp03_HostLocal_VerifyCardCryptogram( +- sss_object_t *keyObj, uint8_t *hostChallenge, uint8_t *cardChallenge, uint8_t *cardCryptogram) +-{ +- uint8_t ddA[128]; +- uint16_t ddALen = sizeof(ddA); +- uint8_t context[128]; +- uint16_t contextLen = 0; +- uint8_t cardCryptogramFullLength[AES_KEY_LEN_nBYTE] = {0}; +- uint32_t signatureLen = sizeof(cardCryptogramFullLength); +- sss_status_t status = kStatus_SSS_Fail; +- +- LOG_D("FN: %s", __FUNCTION__); +- LOG_MAU8_D(" Input:hostChallenge", hostChallenge, SCP_GP_HOST_CHALLENGE_LEN); +- LOG_MAU8_D(" Input:cardChallenge", cardChallenge, SCP_GP_CARD_CHALLENGE_LEN); +- +- memcpy(context, hostChallenge, SCP_GP_HOST_CHALLENGE_LEN); +- memcpy(&context[SCP_GP_HOST_CHALLENGE_LEN], cardChallenge, SCP_GP_CARD_CHALLENGE_LEN); +- contextLen = SCP_GP_HOST_CHALLENGE_LEN + SCP_GP_CARD_CHALLENGE_LEN; +- +- nxScp03_setDerivationData( +- ddA, &ddALen, DATA_CARD_CRYPTOGRAM, DATA_DERIVATION_L_64BIT, DATA_DERIVATION_KDF_CTR, context, contextLen); +- +- status = nxScp03_Generate_SessionKey(keyObj, ddA, ddALen, cardCryptogramFullLength, &signatureLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- LOG_MAU8_D(" Output:cardCryptogram", cardCryptogramFullLength, AES_KEY_LEN_nBYTE); +- +- // Verify whether the 8 left most byte of cardCryptogramFullLength match cardCryptogram +- if (memcmp(cardCryptogramFullLength, cardCryptogram, SCP_GP_IU_CARD_CRYPTOGRAM_LEN) != 0) +- status = kStatus_SSS_Fail; +-exit: +- return status; +-} +- +-static sss_status_t nxScp03_HostLocal_CalculateSessionKeys( +- NXSCP03_AuthCtx_t *pAuthScp03, uint8_t *hostChallenge, uint8_t *cardChallenge) +-{ +- uint8_t ddA[128]; +- uint16_t ddALen = sizeof(ddA); +- uint8_t context[128]; +- uint16_t contextLen = 0; +- uint8_t sessionEncKey[AES_KEY_LEN_nBYTE]; +- uint8_t sessionMacKey[AES_KEY_LEN_nBYTE]; +- uint8_t sessionRmacKey[AES_KEY_LEN_nBYTE]; +- uint32_t signatureLen = AES_KEY_LEN_nBYTE; +- sss_status_t status = kStatus_SSS_Fail; +- NXSCP03_StaticCtx_t *pStatic_ctx = pAuthScp03->pStatic_ctx; +- NXSCP03_DynCtx_t *pDyn_ctx = pAuthScp03->pDyn_ctx; +- +- // Calculate the Derviation data +- memcpy(context, hostChallenge, SCP_GP_HOST_CHALLENGE_LEN); +- memcpy(&context[SCP_GP_HOST_CHALLENGE_LEN], cardChallenge, SCP_GP_CARD_CHALLENGE_LEN); +- contextLen = SCP_GP_HOST_CHALLENGE_LEN + SCP_GP_CARD_CHALLENGE_LEN; +- LOG_D("FN: %s", __FUNCTION__); +- LOG_MAU8_D(" Input:hostChallenge", hostChallenge, SCP_GP_HOST_CHALLENGE_LEN); +- LOG_MAU8_D(" Input:cardChallenge", cardChallenge, SCP_GP_CARD_CHALLENGE_LEN); +- +- /* Generation and Creation of Session ENC SSS Key Object */ +- +- // Set the Derviation data +- LOG_D("Set the Derviation data to generate Session ENC key"); +- nxScp03_setDerivationData( +- ddA, &ddALen, DATA_DERIVATION_SENC, DATA_DERIVATION_L_128BIT, DATA_DERIVATION_KDF_CTR, context, contextLen); +- // Calculate the Session-ENC key +- status = nxScp03_Generate_SessionKey(&pStatic_ctx->Enc, ddA, ddALen, sessionEncKey, &signatureLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- LOG_MAU8_D(" Output:sessionEncKey", sessionEncKey, AES_KEY_LEN_nBYTE); +- +- // Set the Session-ENC key +- status = sss_host_key_store_set_key(pDyn_ctx->Enc.keyStore, &pDyn_ctx->Enc, sessionEncKey, 16, (16) * 8, NULL, 0); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- /* Generation and Creation of Session MAC SSS Key Object */ +- +- // Set the Derviation data +- LOG_D("Set the Derviation data to generate Session MAC key"); +- nxScp03_setDerivationData( +- ddA, &ddALen, DATA_DERIVATION_SMAC, DATA_DERIVATION_L_128BIT, DATA_DERIVATION_KDF_CTR, context, contextLen); +- // Calculate the Session-MAC key +- status = nxScp03_Generate_SessionKey(&pStatic_ctx->Mac, ddA, ddALen, sessionMacKey, &signatureLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- LOG_MAU8_D(" Output:sessionMacKey", sessionMacKey, AES_KEY_LEN_nBYTE); +- +- // Set the Session-MAC key +- status = sss_host_key_store_set_key(pDyn_ctx->Mac.keyStore, &pDyn_ctx->Mac, sessionMacKey, 16, (16) * 8, NULL, 0); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- /* Generation and Creation of Session RMAC SSS Key Object */ +- // Set the Derviation data +- LOG_D("Set the Derviation data to generate Session RMAC key"); +- nxScp03_setDerivationData( +- ddA, &ddALen, DATA_DERIVATION_SRMAC, DATA_DERIVATION_L_128BIT, DATA_DERIVATION_KDF_CTR, context, contextLen); +- // Calculate the Session-RMAC key +- status = nxScp03_Generate_SessionKey(&pStatic_ctx->Mac, ddA, ddALen, sessionRmacKey, &signatureLen); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- LOG_MAU8_D(" Output:sessionRmacKey", sessionRmacKey, AES_KEY_LEN_nBYTE); +- +- // Set the Session-RMAC key +- status = +- sss_host_key_store_set_key(pDyn_ctx->Rmac.keyStore, &pDyn_ctx->Rmac, sessionRmacKey, 16, (16) * 8, NULL, 0); +-exit: +- return status; +-} +- +-sss_status_t nxScp03_Generate_SessionKey( +- sss_object_t *keyObj, uint8_t *inData, uint32_t inDataLen, uint8_t *outSignature, uint32_t *outSignatureLen) +-{ +- sss_mac_t macCtx; +- sss_algorithm_t algorithm = kAlgorithm_SSS_CMAC_AES; +- sss_mode_t mode = kMode_SSS_Mac; +- sss_status_t status = kStatus_SSS_Fail; +- size_t sigLen = *outSignatureLen; +- LOG_D("FN: %s", __FUNCTION__); +- LOG_MAU8_D(" Input: inData", inData, inDataLen); +- // Init MAC Context +- status = sss_host_mac_context_init(&macCtx, keyObj->keyStore->session, keyObj, algorithm, mode); +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- // Calculate Session key with MAC one go +- status = sss_host_mac_one_go(&macCtx, inData, inDataLen, outSignature, &sigLen); +- *outSignatureLen = (uint32_t)sigLen; +- ENSURE_OR_GO_EXIT(status == kStatus_SSS_Success); +- +- LOG_MAU8_D(" Output:outSignature", outSignature, *outSignatureLen); +- +- // Free MAC context +- sss_host_mac_context_free(&macCtx); +-exit: +- return status; +-} +- +-static sss_status_t nxScp03_GP_InitializeUpdate(pSe05xSession_t se05xSession, +- uint8_t *hostChallenge, +- uint16_t hostChallengeLen, +- uint8_t *keyDivData, +- uint16_t *pKeyDivDataLen, +- uint8_t *keyInfo, +- uint16_t *pKeyInfoLen, +- uint8_t *cardChallenge, +- uint16_t *pCardChallengeLen, +- uint8_t *cardCryptoGram, +- uint16_t *pCardCryptoGramLen, +- uint8_t *seqCounter, +- uint16_t *pSeqCounterLen, +- uint8_t keyVerNo) +-{ +- smStatus_t st = SM_NOT_OK; +- uint8_t response[64]; +- size_t responseLen = 64; +- uint16_t parsePos = 0; +- uint16_t sw = 0; +- uint32_t iuResponseLenSmall = SCP_GP_IU_KEY_DIV_DATA_LEN + SCP_GP_IU_KEY_INFO_LEN + SCP_GP_CARD_CHALLENGE_LEN + +- SCP_GP_IU_CARD_CRYPTOGRAM_LEN + SCP_GP_SW_LEN; +- uint32_t iuResponseLenBig = SCP_GP_IU_KEY_DIV_DATA_LEN + SCP_GP_IU_KEY_INFO_LEN + SCP_GP_CARD_CHALLENGE_LEN + +- SCP_GP_IU_CARD_CRYPTOGRAM_LEN + SCP_GP_IU_SEQ_COUNTER_LEN + SCP_GP_SW_LEN; +- sss_status_t status = kStatus_SSS_Fail; +- /* Default Key version no for applet scp is 0x00*/ +- uint8_t keyVersion = 0x00; +- if (se05xSession->authType == kSSS_AuthType_SCP03) { +- /* Key version no. for Platform SCP03 passed by user*/ +- keyVersion = keyVerNo; +- /*Initialise update and external authenticate should go with auth type None +- For Platform SCP03 as this is the authentication without session with JCOP */ +- se05xSession->authType = kSSS_AuthType_None; +- } +- +- tlvHeader_t hdr = {{CLA_GP_7816, INS_GP_INITIALIZE_UPDATE, keyVersion, 0x00}}; +- +- uint8_t cmdBuf[60]; +- ENSURE_OR_GO_CLEANUP(hostChallengeLen == SCP_GP_HOST_CHALLENGE_LEN); +- ENSURE_OR_GO_CLEANUP(*pKeyDivDataLen == SCP_GP_IU_KEY_DIV_DATA_LEN); +- ENSURE_OR_GO_CLEANUP(*pKeyInfoLen == SCP_GP_IU_KEY_INFO_LEN); +- ENSURE_OR_GO_CLEANUP(*pCardChallengeLen == SCP_GP_CARD_CHALLENGE_LEN); +- ENSURE_OR_GO_CLEANUP(*pCardCryptoGramLen == SCP_GP_IU_CARD_CRYPTOGRAM_LEN); +- +- LOG_D("FN: %s", __FUNCTION__); +- LOG_D("Input:keyVersion %02x", keyVersion); +- LOG_MAU8_D(" Input: hostChallenge", hostChallenge, hostChallengeLen); +- LOG_D("Sending GP Initialize Update Command !!!"); +- memcpy(cmdBuf, hostChallenge, hostChallengeLen); +- st = DoAPDUTxRx_s_Case4(se05xSession, &hdr, cmdBuf, hostChallengeLen, response, &responseLen); +- if (st != SM_OK) { +- LOG_E("GP_InitializeUpdate Failure on communication Link %04X", st); +- return status; +- } +- +- // Parse Response +- // The expected result length depends on random (HOST-Channel) or pseudo-random (ADMIN-Channel) challenge type. +- // The pseudo-random challenge case also includes a 3 byte sequence counter +- if ((responseLen != iuResponseLenSmall) && (responseLen != iuResponseLenBig)) { +- // Note: A response of length 2 (a proper SW) is also collapsed into return code SCP_FAIL +- LOG_E("GP_InitializeUpdate Unexpected amount of data returned"); +- return status; +- } +- +- memcpy(keyDivData, response, SCP_GP_IU_KEY_DIV_DATA_LEN); +- parsePos = SCP_GP_IU_KEY_DIV_DATA_LEN; +- memcpy(keyInfo, &(response[parsePos]), SCP_GP_IU_KEY_INFO_LEN); +- parsePos += SCP_GP_IU_KEY_INFO_LEN; +- memcpy(cardChallenge, &(response[parsePos]), SCP_GP_CARD_CHALLENGE_LEN); +- parsePos += SCP_GP_CARD_CHALLENGE_LEN; +- memcpy(cardCryptoGram, &(response[parsePos]), SCP_GP_IU_CARD_CRYPTOGRAM_LEN); +- parsePos += SCP_GP_IU_CARD_CRYPTOGRAM_LEN; +- +- // Construct Return Value +- sw = (response[responseLen - 2] << 8) + response[responseLen - 1]; +- if (sw == SM_OK) { +- LOG_MAU8_D(" Output: keyDivData", keyDivData, *pKeyDivDataLen); +- LOG_MAU8_D(" Output: keyInfo", keyInfo, *pKeyInfoLen); +- LOG_MAU8_D(" Output: cardChallenge", cardChallenge, *pCardChallengeLen); +- LOG_MAU8_D(" Output: cardCryptoGram", cardCryptoGram, *pCardCryptoGramLen); +- status = kStatus_SSS_Success; +- } +-cleanup: +- return status; +-} +- +-void nxScp03_setDerivationData(uint8_t ddA[], +- uint16_t *pDdALen, +- uint8_t ddConstant, +- uint16_t ddL, +- uint8_t iCounter, +- uint8_t *context, +- uint16_t contextLen) +-{ +- LOG_D("FN: %s", __FUNCTION__); +- LOG_D("Input:ddConstant %02x", ddConstant); +- LOG_D("Input:ddL %02x", ddL); +- LOG_D("Input:iCounter %02x", iCounter); +- LOG_MAU8_D(" Input: keyInfo", context, contextLen); +- // SCPO3 spec p9&10 +- memset(ddA, 0, DD_LABEL_LEN - 1); +- ddA[DD_LABEL_LEN - 1] = ddConstant; +- ddA[DD_LABEL_LEN] = 0x00; // Separation Indicator +- ddA[DD_LABEL_LEN + 1] = (uint8_t)(ddL >> 8); +- ddA[DD_LABEL_LEN + 2] = (uint8_t)ddL; +- ddA[DD_LABEL_LEN + 3] = iCounter; +- memcpy(&ddA[DD_LABEL_LEN + 4], context, contextLen); +- *pDdALen = DD_LABEL_LEN + 4 + contextLen; +- +- LOG_MAU8_D("Output: KeyDivData", ddA, *pDdALen); +-} +- +-#endif // SSS_HAVE_HOSTCRYPTO_ANY +- +-#endif // SSS_HAVE_APPLET_SE05X_IOT +diff --git a/targets/targets.json b/targets/targets.json +index f69cbeef40..dd2c302de5 100644 +--- a/targets/targets.json ++++ b/targets/targets.json +@@ -3655,22 +3655,6 @@ + "usb_speed": { + "help": "USE_USB_OTG_FS or USE_USB_OTG_HS or USE_USB_HS_IN_FS", + "value": "USE_USB_OTG_HS" +- }, +- "se050_ena": { +- "help": "SE050 ENA Pin", +- "value" : "PG_0" +- }, +- "se050_sda": { +- "help": "SE050 I2C SDA Pin", +- "value" : "PF_0" +- }, +- "se050_scl": { +- "help": "SE050 I2C SCL Pin", +- "value" : "PF_1" +- }, +- "se050_i2c_freq": { +- "help": "SE050 I2C bus frequency", +- "value" : "1000000" + } + }, + "overrides": { +@@ -3686,8 +3670,7 @@ + "QSPIF", + "WHD", + "4343W_FS", +- "CYW43XXX", +- "SE050" ++ "CYW43XXX" + ], + "macros_add": [ + "MBEDTLS_FS_IO", +-- +2.53.0 + diff --git a/variants/NICLA_VISION/conf/custom_mbedtls_config.h b/variants/NICLA_VISION/conf/custom_mbedtls_config.h index c2a399cc2..7b86c08e7 100644 --- a/variants/NICLA_VISION/conf/custom_mbedtls_config.h +++ b/variants/NICLA_VISION/conf/custom_mbedtls_config.h @@ -32,12 +32,6 @@ /* clang-format off */ -#if defined(SSS_USE_FTR_FILE) -#include "fsl_sss_ftr.h" -#else -#include "fsl_sss_ftr_default.h" -#endif - #ifdef CHECK_MEMORY #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) diff --git a/variants/NICLA_VISION/defines.txt b/variants/NICLA_VISION/defines.txt index 79ccdbfd8..95956f193 100644 --- a/variants/NICLA_VISION/defines.txt +++ b/variants/NICLA_VISION/defines.txt @@ -6,7 +6,6 @@ -DCOMPONENT_CYW43XXX=1 -DCOMPONENT_FLASHIAP=1 -DCOMPONENT_QSPIF=1 --DCOMPONENT_SE050=1 -DCOMPONENT_WHD=1 -DCORE_CM7 -D__CORTEX_M7 @@ -45,7 +44,7 @@ -DFLOW_SILENT -D__FPU_PRESENT=1 -D__MBED__=1 --DMBED_BUILD_TIMESTAMP=1751296054.2534025 +-DMBED_BUILD_TIMESTAMP=1776261741.9920301 -D__MBED_CMSIS_RTOS_CM -DMBED_TICKLESS -DMBEDTLS_FS_IO diff --git a/variants/NICLA_VISION/includes.txt b/variants/NICLA_VISION/includes.txt index 4bef4f58c..43eae847a 100644 --- a/variants/NICLA_VISION/includes.txt +++ b/variants/NICLA_VISION/includes.txt @@ -276,27 +276,6 @@ -iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/STM32Cube_FW/CMSIS -iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/STM32Cube_FW/STM32H7xx_HAL_Driver -iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/STM32Cube_FW/STM32H7xx_HAL_Driver/Legacy --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050 --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/inc --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/infra --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/nxlog --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/libCommon/smCom/T1oI2C --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/platform/inc --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/hostlib/hostLib/se05x_03_xx_xx --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/inc --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/ex/src --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/inc --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/plugin/mbedtls --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port --iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/COMPONENT_SE050/sss/port/default -iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/TARGET_NICLA_VISION -iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/TARGET_NICLA_VISION/COMPONENT_WHD -iwithprefixbefore/mbed/targets/TARGET_STM/TARGET_STM32H7/TARGET_STM32H747xI/TARGET_NICLA_VISION/COMPONENT_WHD/interface diff --git a/variants/NICLA_VISION/libs/libmbed.a b/variants/NICLA_VISION/libs/libmbed.a index 78b2cae39..8684f1168 100644 Binary files a/variants/NICLA_VISION/libs/libmbed.a and b/variants/NICLA_VISION/libs/libmbed.a differ diff --git a/variants/NICLA_VISION/mbed_config.h b/variants/NICLA_VISION/mbed_config.h index d4ec859a3..9f843c57c 100644 --- a/variants/NICLA_VISION/mbed_config.h +++ b/variants/NICLA_VISION/mbed_config.h @@ -387,10 +387,6 @@ #define MBED_CONF_TARGET_MPU_ROM_END 0x0fffffff // set by target:Target #define MBED_CONF_TARGET_NETWORK_DEFAULT_INTERFACE_TYPE WIFI // set by target:NICLA_VISION #define MBED_CONF_TARGET_RTC_CLOCK_SOURCE USE_RTC_CLK_LSE_OR_LSI // set by target:MCU_STM32 -#define MBED_CONF_TARGET_SE050_ENA PG_0 // set by target:NICLA_VISION -#define MBED_CONF_TARGET_SE050_I2C_FREQ 1000000 // set by target:NICLA_VISION -#define MBED_CONF_TARGET_SE050_SCL PF_1 // set by target:NICLA_VISION -#define MBED_CONF_TARGET_SE050_SDA PF_0 // set by target:NICLA_VISION #define MBED_CONF_TARGET_SYSTEM_POWER_SUPPLY PWR_LDO_SUPPLY // set by target:NICLA_VISION #define MBED_CONF_TARGET_TICKLESS_FROM_US_TICKER 0 // set by target:Target #define MBED_CONF_TARGET_USB_SPEED USE_USB_OTG_HS // set by target:NICLA_VISION