Google Git
Sign in
coral / a71ch-crypto-support / 8dc1f1434da50a4b7361d651239c1f3f4f8cc25b / . / demos / se05x / se05x_TransportAuth / se05x_TransportAuth.c
blob: dbc3a725584fd553b5d10858c22393abef0d3558 [file] [log] [blame]
/* Copyright 2020 NXP
*
* SPDX-License-Identifier: Apache-2.0
*/
#include "se05x_TransportAuth.h"
#include <nxLog_App.h>
#include <se05x_APDU.h>
/* clang-format off */
#define TRANSPORT_AES_VALUE \
{ \
'L','O','C','K','C','O','M','M','U','N','T','X','T','O','S','E', \
}
/* clang-format ON */
const uint8_t Transport_AES_value[16] = TRANSPORT_AES_VALUE;
size_t Transport_AES_valueLen = sizeof(Transport_AES_value);
//sss_object_t TransportObject = { 0 };
NXSCP03_StaticCtx_t staticCtx = { 0 };
NXSCP03_DynCtx_t dynamicCtx = { 0 };
SE_Connect_Ctx_t authTransportCtx = { 0 };
sss_status_t se05x_TA_OpenAuthSession(ex_sss_boot_ctx_t *pCtx,
sss_session_t *pTxSession,
sss_tunnel_t *ptxTunnel)
{
sss_status_t status = kStatus_SSS_Fail;
authTransportCtx.auth.ctx.scp03.pStatic_ctx = &staticCtx;
authTransportCtx.auth.ctx.scp03.pDyn_ctx = &dynamicCtx;
authTransportCtx.tunnelCtx = ptxTunnel;
ptxTunnel->session = &pCtx->session;
authTransportCtx.connType = kType_SE_Conn_Type_Channel;
authTransportCtx.portName = NULL;
authTransportCtx.auth.authType = kSSS_AuthType_AESKey;
authTransportCtx.skip_select_applet = 1;
status = sss_session_open(pTxSession, kType_SSS_SE_SE05x,
kSE05x_AppletResID_TRANSPORT,
kSSS_ConnectionType_Encrypted, &authTransportCtx);
return status;
}
sss_status_t se05x_TA_CreateHostKey(ex_sss_boot_ctx_t *pCtx)
{
sss_status_t status = kStatus_SSS_Fail;
int i;
sss_object_t * pObjects[6];
pObjects[0] = &staticCtx.Dek;
pObjects[1] = &staticCtx.Enc;
pObjects[2] = &staticCtx.Mac;
pObjects[3] = &dynamicCtx.Enc;
pObjects[4] = &dynamicCtx.Mac;
pObjects[5] = &dynamicCtx.Rmac;
for (i = 0; i < 6; i++) {
status = sss_host_key_object_init(pObjects[i], &pCtx->host_ks);
if (kStatus_SSS_Success != status) {
LOG_E("Failed sss_key_object_init ");
goto cleanup;
}
status = sss_host_key_object_allocate_handle(pObjects[i],
MAKE_TEST_ID(__LINE__),
kSSS_KeyPart_Default,
kSSS_CipherType_AES,
Transport_AES_valueLen,
kKeyObject_Mode_Transient);
if (kStatus_SSS_Success != status) {
LOG_E("Failed sss_key_object_allocate_handle");
goto cleanup;
}
}
for (i = 0; i < 3; i++) {
status = sss_host_key_store_set_key(&pCtx->host_ks,
pObjects[i],
Transport_AES_value,
Transport_AES_valueLen,
Transport_AES_valueLen * 8,
NULL,
0);
if (kStatus_SSS_Success != status) {
LOG_E("Failed sss_key_store_set_key");
goto cleanup;
}
}
status = kStatus_SSS_Success;
cleanup:
return status;
}
smStatus_t se05x_TA_CreateSETransportLockKey(Se05xSession_t *pSe05xSession)
{
smStatus_t sw_status = SM_NOT_OK;
SE05x_Result_t exists = kSE05x_Result_FAILURE;
sw_status = Se05x_API_CheckObjectExists(pSe05xSession, kSE05x_AppletResID_TRANSPORT, &exists);
if (sw_status == SM_OK && exists == kSE05x_Result_SUCCESS) {
LOG_W("kSE05x_AppletResID_TRANSPORT Object already exists");
}
if (sw_status == SM_OK && exists == kSE05x_Result_FAILURE) {
sw_status = Se05x_API_WriteSymmKey(pSe05xSession,
NULL,
SE05x_MaxAttemps_UNLIMITED,
kSE05x_AppletResID_TRANSPORT,
SE05x_KeyID_KEK_NONE,
Transport_AES_value,
Transport_AES_valueLen,
kSE05x_AttestationType_AUTH | kSE05x_TransientType_Persistent,
kSE05x_SymmKeyType_AES);
if (SM_OK != sw_status) {
LOG_E("Failed Se05x_API_WriteSymmKey");
goto cleanup;
}
}
cleanup:
return sw_status;
}