| <!DOCTYPE html> |
| <!-- |
| Copyright 2019 NXP |
| |
| This software is owned or controlled by NXP and may only be used |
| strictly in accordance with the applicable license terms. By expressly |
| accepting such terms or by downloading, installing, activating and/or |
| otherwise using the software, you are agreeing that you have read, and |
| that you agree to comply with and are bound by, such license terms. If |
| you do not agree to be bound by the applicable license terms, then you |
| may not retain, install, activate or otherwise use the software. |
| --> |
| |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| <head> |
| <meta charset="utf-8" /> |
| <title>10.1. A71CH and SSS API — Plug & Trust MW v03.00.05 documentation</title> |
| <link rel="stylesheet" href="../_static/bootstrap-sphinx.css" type="text/css" /> |
| <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> |
| <link rel="stylesheet" type="text/css" href="../_static/graphviz.css" /> |
| <script id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script> |
| <script src="../_static/jquery.js"></script> |
| <script src="../_static/underscore.js"></script> |
| <script src="../_static/doctools.js"></script> |
| <script src="../_static/language_data.js"></script> |
| <link rel="index" title="Index" href="../genindex.html" /> |
| <link rel="search" title="Search" href="../search.html" /> |
| <link rel="next" title="10.2. Miscellaneous" href="a71ch_miscellaneous.html" /> |
| <link rel="prev" title="10. A71CH" href="../a71ch.html" /> |
| <meta charset='utf-8'> |
| <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'> |
| <meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'> |
| <meta name="apple-mobile-web-app-capable" content="yes"> |
| <script type="text/javascript" src="../_static/js/jquery-1.11.0.min.js "></script> |
| <script type="text/javascript" src="../_static/js/jquery-fix.js "></script> |
| <script type="text/javascript" src="../_static/bootstrap-3.3.7/js/bootstrap.min.js "></script> |
| <script type="text/javascript" src="../_static/bootstrap-sphinx.js "></script> |
| |
| </head><body> |
| |
| <div id="navbar" class="navbar navbar-inverse navbar-default navbar-fixed-top"> |
| <div class="container"> |
| <div class="navbar-header"> |
| <!-- .btn-navbar is used as the toggle for collapsed navbar content --> |
| <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".nav-collapse"> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| </button> |
| <a class="navbar-brand" href="../toc.html"><span><img src="../_static/NXP_logo_JPG.jpg"></span> |
| MW</a> |
| <span class="navbar-text navbar-version pull-left"><b>v03.00.05</b></span> |
| </div> |
| |
| <div class="collapse navbar-collapse nav-collapse"> |
| <ul class="nav navbar-nav"> |
| |
| |
| <li class="dropdown globaltoc-container"> |
| <a role="button" |
| id="dLabelGlobalToc" |
| data-toggle="dropdown" |
| data-target="#" |
| href="../toc.html">TOC <b class="caret"></b></a> |
| <ul class="dropdown-menu globaltoc" |
| role="menu" |
| aria-labelledby="dLabelGlobalToc"><ul class="current"> |
| <li class="toctree-l1"><a class="reference internal" href="../index.html">1. NXP Plug & Trust Middleware</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../organization-of-documentation.html">1.1. Organization of Documentation</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../folder-structure.html">1.2. Folder Structure</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sw-prerequisites.html">1.3. List of Platform Prerequisites</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../changes/index.html">2. Changes</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/pending.html">2.1. Pending Refactoring items</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/pending.html#known-limitations">2.2. Known limitations</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v03_00_05.html">2.3. Release <code class="docutils literal notranslate"><span class="pre">v03.00.05</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v03_00_04.html">2.4. Release <code class="docutils literal notranslate"><span class="pre">v03.00.04</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v03_00_03.html">2.5. Release <code class="docutils literal notranslate"><span class="pre">v03.00.03</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v03_00_02.html">2.6. Release <code class="docutils literal notranslate"><span class="pre">v03.00.02</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_16_01.html">2.7. Release <code class="docutils literal notranslate"><span class="pre">v02.16.01</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_16_00.html">2.8. Release <code class="docutils literal notranslate"><span class="pre">v02.16.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_15_00.html">2.9. Release <code class="docutils literal notranslate"><span class="pre">v02.15.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_14_00.html">2.10. Release <code class="docutils literal notranslate"><span class="pre">v02.14.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html">2.11. Release <code class="docutils literal notranslate"><span class="pre">v02.12.05</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-04">2.12. Release <code class="docutils literal notranslate"><span class="pre">v02.12.04</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-03">2.13. Release <code class="docutils literal notranslate"><span class="pre">v02.12.03</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-02">2.14. Release <code class="docutils literal notranslate"><span class="pre">v02.12.02</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-01">2.15. Release <code class="docutils literal notranslate"><span class="pre">v02.12.01</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_12_00.html#release-v02-12-00">2.16. Release <code class="docutils literal notranslate"><span class="pre">v02.12.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_11_03.html">2.17. Release <code class="docutils literal notranslate"><span class="pre">v02.11.03</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_11_01.html">2.18. Internal Release <code class="docutils literal notranslate"><span class="pre">v02.11.01</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_11_00.html">2.19. Release <code class="docutils literal notranslate"><span class="pre">v02.11.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_10_00.html">2.20. Release <code class="docutils literal notranslate"><span class="pre">v02.10.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_09_00.html">2.21. Release <code class="docutils literal notranslate"><span class="pre">v02.09.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_07_00.html">2.22. Release <code class="docutils literal notranslate"><span class="pre">v02.07.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_06_00.html">2.23. Release <code class="docutils literal notranslate"><span class="pre">v02.06.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_05_00_to_v02_03_00.html">2.24. Release <code class="docutils literal notranslate"><span class="pre">v02.05.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_05_00_to_v02_03_00.html#release-v02-04-00">2.25. Release <code class="docutils literal notranslate"><span class="pre">v02.04.00</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../changes/v02_05_00_to_v02_03_00.html#release-02-03-00">2.26. Release <code class="docutils literal notranslate"><span class="pre">02.03.00</span></code></a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../stack/index.html">3. Plug & Trust MW Stack</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/features.html">3.1. Features</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/features.html#plug-trust-mw-block-diagram">3.2. Plug & Trust MW : Block Diagram</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sss-apis.html">3.3. SSS APIs</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/se05xfeatures.html">3.4. SSS APIs: SE051 vs SE050</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/param_checks.html">3.5. Parameter Check & Conventions</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/i2cm.html">3.6. I2CM / Secure Sensor</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/logging.html">3.7. Logging</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/feature-file.html">3.8. Feature File - <code class="docutils literal notranslate"><span class="pre">fsl_sss_ftr.h</span></code></a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/platf-scp-from-fs.html">3.9. Using Platform SCP Keys from File System</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/auth/auth-objects.html">3.10. Auth Objects</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/auth/auth-objects-userid.html">3.11. Auth Objects : UserID</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/auth/auth-objects-aeskey.html">3.12. Auth Objects : AESKey</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/auth/auth-objects-eckey.html">3.13. Auth Objects : ECKey</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/key-id-range.html">3.14. Key Id Range and Purpose</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/key-id-range.html#authentication-keys">3.15. Authentication Keys</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../stack/key-id-range.html#trust-provisioned-keyids">3.16. Trust provisioned KeyIDs</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sss/ex/doc/puf-scp03.html">3.17. SCP03 with PUF</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sss/doc/sss_heap_management.html">3.18. SSS Heap Management</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../building/index.html">4. Building / Compiling</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../building/windows.html">4.1. Windows Build</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../building/frdm-k64f-sdk.html">4.2. Import MCUXPresso projects from SDK</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../building/frdm-k64f-cmake.html">4.3. Freedom K64F Build (CMake - Advanced)</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../building/imx6.html">4.4. i.MX Linux Build</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../building/rpi3.html">4.5. Raspberry Pi Build</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../building/cmake.html">4.6. CMake</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../scripts/cmake_options.html">4.7. CMake Options</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../demos/index.html">5. Demo and Examples</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#demo-list">5.1. Demo List</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#sss-api-examples">5.2. SSS API Examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#cloud-demos">5.3. Cloud Demos</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#linux-specific-demos">5.4. Linux Specific Demos</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#opc-ua-example">5.5. OPC-UA Example</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#arm-psa-example">5.6. ARM PSA Example</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#se05x-examples">5.7. SE05X Examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#openssl-examples">5.8. OpenSSL Examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#tests-for-user-crypto">5.9. Tests for User Crypto</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#nxpnfcrdlib-examples">5.10. NXPNFCRDLIB examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#ease-of-use-examples">5.11. Ease-of-Use examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#semslite-examples">5.12. Semslite examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/index.html#puf-examples">5.13. PUF examples</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html">6.1. Introduction</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html#building-and-running-the-edgelock-2go-agent">6.2. Building and running the EdgeLock 2GO agent</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html#datastore-keystore">6.3. Datastore / Keystore</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html#connection-to-the-edgelock-2go-cloud-service">6.4. Connection to the EdgeLock 2GO cloud service</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/introduction.html#claim-codes">6.5. Claim Codes</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/edgelock2go_agent_apis.html">6.6. API</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../nxp_iot_agent/doc/readme_usage_examples.html">6.7. Usage Examples</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../semslite/doc/index.html">7. SEMS Lite Agent</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_overview.html">7.1. SEMS Lite Overview (Only for SE051)</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_package.html">7.2. Update Package</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_usage.html">7.3. SEMS Lite Agent Usage</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_mgmt_api.html">7.4. SEMS Lite management APIs</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_process.html">7.5. SEMS Lite Agent Package Load Process</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_api.html">7.6. APIs</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/sems_lite_known_issue.html">7.7. SEMS Lite Known Issue</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../semslite/doc/demo_update.html">7.8. SEMS Lite DEMOs</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../plugins/index.html">8. Plugins / Add-ins</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../sss/plugin/openssl/scripts/readme.html">8.1. Introduction on OpenSSL engine</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sss/plugin/mbedtls/scripts/readme.html">8.2. Introduction on mbedTLS ALT Implementation</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sss/plugin/psa/Readme.html">8.3. Platform Security Architecture</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../plugins/akm.html">8.4. Android Key master</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../sss/plugin/open62541/readme.html">8.5. Introduction on Open62541 (OPC UA stack)</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../plugins/wifiEAP/wifiEAP.html">8.6. WiFi EAP Demo with Raspberry Pi3</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../plugins/pkcs11.html">8.7. PKCS#11 Standalone Library</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../cli-tool.html">9. CLI Tool</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/introduction.html">9.1. Introduction</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/block-diagram.html">9.2. Block Diagram</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/pre-steps.html">9.3. Steps needed before running <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/running.html">9.4. Running the <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool - Windows</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/Provisioning/readme.html">9.5. CLI Provisioning</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/readme_usage_examples.html">9.6. Usage Examples</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/cli_commands_list.html">9.7. List of <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> commands</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/cli_data_format.html">9.8. CLI Data formats</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../pycli/doc/cli_object_policy.html">9.9. Object Policies Through ssscli</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/upload_se05x_using_pycli.html">9.10. Upload keys and certificates to SE05X using ssscli tool</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1 current"><a class="reference internal" href="../a71ch.html">10. A71CH</a><ul class="current"> |
| <li class="toctree-l2 current"><a class="current reference internal" href="#">10.1. A71CH and SSS API</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_miscellaneous.html">10.2. Miscellaneous</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_legacy_host_api.html">10.3. A71CH Legacy API</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_legacy_hlse_api.html">10.4. A71CH Legacy HLSE (Generic) API</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_configure_tool.html">10.5. A71CH Legacy Configure Tool</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../appendix.html">11. Appendix</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/glossary.html">11.1. Glossary</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/vcom.html">11.2. APDU Commands over VCOM</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/vs2019-setup.html">11.3. Visual Studio 2019 Setup</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/ide_mcux.html">11.4. Setting up MCUXPresso IDE</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../dev-platforms.html">11.5. Development Platforms</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/se_uid.html">11.6. How to get SE Platform Information and UID</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/version_info.html">11.7. Version Information</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../demos/Certificate_Chains/Readme.html">11.8. Certificate Chains</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/rjct_server.html">11.9. JRCP_v1 Server</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/platfscp.html">11.10. Using own Platform SCP03 Keys</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../appendix/apdu_write_to_buffer.html">11.11. Write APDU to buffer</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="../api/api_list.html">11.12. Plug & Trust MW APIs</a></li> |
| </ul> |
| </li> |
| </ul> |
| </ul> |
| </li> |
| |
| <li class="dropdown"> |
| <a role="button" |
| id="dLabelLocalToc" |
| data-toggle="dropdown" |
| data-target="#" |
| href="#">Page <b class="caret"></b></a> |
| <ul class="dropdown-menu localtoc" |
| role="menu" |
| aria-labelledby="dLabelLocalToc"><ul> |
| <li><a class="reference internal" href="#">10.1. A71CH and SSS API</a><ul> |
| <li><a class="reference internal" href="#introduction">10.1.1. Introduction</a></li> |
| <li><a class="reference internal" href="#a71ch-api-to-sss-api-mapping">10.1.2. A71CH API to SSS API mapping</a></li> |
| <li><a class="reference internal" href="#mixing-sss-api-and-a71ch-api">10.1.3. Mixing SSS API and A71CH API</a><ul> |
| <li><a class="reference internal" href="#ecc-example">10.1.3.1. ECC Example</a></li> |
| <li><a class="reference internal" href="#aes-key-wrapping-example">10.1.3.2. AES key wrapping Example</a></li> |
| </ul> |
| </li> |
| <li><a class="reference internal" href="#sss-object-identifier-to-a71ch-internal-storage-mapping">10.1.4. SSS Object Identifier to A71CH Internal storage mapping</a><ul class="simple"> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </ul> |
| </li> |
| |
| |
| |
| |
| |
| <li> |
| <a href="../a71ch.html" title="Previous Chapter: 10. A71CH"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm hidden-tablet">« 10. A71CH</span> |
| </a> |
| </li> |
| <li> |
| <a href="a71ch_miscellaneous.html" title="Next Chapter: 10.2. Miscellaneous"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm hidden-tablet">10.2. Miscellaneous »</span> |
| </a> |
| </li> |
| |
| |
| |
| |
| |
| </ul> |
| |
| |
| |
| </div> |
| </div> |
| </div> |
| |
| <div class="container"> |
| <div class="row"> |
| <div class="col-md-3"> |
| <div id="sidebar" class="bs-sidenav" role="complementary"> |
| |
| <div class="sidebar-header"> |
| <h3>Plug & Trust MW</h3> |
| </div> |
| |
| <div class="row"> |
| <ul class="current"> |
| <li class="toctree-l1"><a class="reference internal" href="../index.html">1. NXP Plug & Trust Middleware</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../changes/index.html">2. Changes</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../stack/index.html">3. Plug & Trust MW Stack</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../building/index.html">4. Building / Compiling</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../demos/index.html">5. Demo and Examples</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../semslite/doc/index.html">7. SEMS Lite Agent</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../plugins/index.html">8. Plugins / Add-ins</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../cli-tool.html">9. CLI Tool</a></li> |
| <li class="toctree-l1 current"><a class="reference internal" href="../a71ch.html">10. A71CH</a><ul class="current"> |
| <li class="toctree-l2 current"><a class="current reference internal" href="#">10.1. A71CH and SSS API</a><ul> |
| <li class="toctree-l3"><a class="reference internal" href="#introduction">10.1.1. Introduction</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#a71ch-api-to-sss-api-mapping">10.1.2. A71CH API to SSS API mapping</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#mixing-sss-api-and-a71ch-api">10.1.3. Mixing SSS API and A71CH API</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#sss-object-identifier-to-a71ch-internal-storage-mapping">10.1.4. SSS Object Identifier to A71CH Internal storage mapping</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_miscellaneous.html">10.2. Miscellaneous</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_legacy_host_api.html">10.3. A71CH Legacy API</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_legacy_hlse_api.html">10.4. A71CH Legacy HLSE (Generic) API</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="a71ch_configure_tool.html">10.5. A71CH Legacy Configure Tool</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="../appendix.html">11. Appendix</a></li> |
| </ul> |
| |
| </div> |
| <div class="row"> |
| <form class="form" action="../search.html" method="get"> |
| <div class="form-group"> |
| <label for="Search">Search:</label> |
| <input type="text" name="q" class="form-control" placeholder="Search" /> |
| </div> |
| <input type="hidden" name="check_keywords" value="yes" /> |
| <input type="hidden" name="area" value="default" /> |
| </form> |
| </div> |
| </div> |
| </div> |
| <div class="body col-md-9 content" role="main"> |
| |
| <div class="section" id="a71ch-and-sss-api"> |
| <span id="se05x-a71ch-sss"></span><h1><span class="section-number">10.1. </span>A71CH and SSS API<a class="headerlink" href="#a71ch-and-sss-api" title="Permalink to this headline">ΒΆ</a></h1> |
| <div class="section" id="introduction"> |
| <h2><span class="section-number">10.1.1. </span>Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">ΒΆ</a></h2> |
| <p>The Plug&Trust Middleware provides support for the A71CH secure element through the SSS API. |
| The full scope of the A71CH legacy API or the HLSE API is not covered by the SSS API. |
| For use cases where this applies itβs possible to use both SSS and A71CH APIβs (<a class="reference internal" href="#se05x-a71ch-combined-api"><span class="std std-ref">Mixing SSS API and A71CH API</span></a>).</p> |
| <p>The A71CH support as included in the Plug&Trust Middleware, is derived from the |
| <code class="docutils literal notranslate"><span class="pre">A71CH</span> <span class="pre">Host</span> <span class="pre">Software</span> <span class="pre">package</span></code> as available on www.nxp.com/a71ch. |
| The <code class="docutils literal notranslate"><span class="pre">hostlib</span></code> directory contains refactored code that was previously published on www.nxp.com/a71ch.</p> |
| <p>This Plug&Trust Middleware provides the following additional functionality related to the A71CH:</p> |
| <ul class="simple"> |
| <li><p>Compatibility with OpenSSL 1.1</p></li> |
| <li><p>Support for the SSS API</p></li> |
| <li><p>Cloud demos using SSS API</p></li> |
| <li><p>OpenSSL Engine using SSS API</p></li> |
| </ul> |
| <p>The following - as previously contained in the <code class="docutils literal notranslate"><span class="pre">A71CH</span> <span class="pre">Host</span> <span class="pre">Software</span> <span class="pre">package</span></code> - |
| is no longer supported:</p> |
| <ul class="simple"> |
| <li><p>Cloud demos using A71CH API (replaced by SSS API based cloud demos)</p></li> |
| </ul> |
| <p>The SW build system is based upon cmake.</p> |
| </div> |
| <div class="section" id="a71ch-api-to-sss-api-mapping"> |
| <h2><span class="section-number">10.1.2. </span>A71CH API to SSS API mapping<a class="headerlink" href="#a71ch-api-to-sss-api-mapping" title="Permalink to this headline">ΒΆ</a></h2> |
| <p>The following table provides an overview of the A71CH APIβs that can be |
| replaced by SSS APIβs. As the usage of the SSS API is conceptually different |
| from the A71CH API, there is no one-to-one replacement of API calls. |
| Please consult <a class="reference internal" href="../sss-apis.html#sss-apis"><span class="std std-ref">SSS APIs</span></a> for an introduction on using the SSS API and |
| the applicable examples in <a class="reference internal" href="../sss/ex/doc/sss-api-examples.html#sssexamples"><span class="std std-numref">Section 5.2.1</span></a> <a class="reference internal" href="../sss/ex/doc/sss-api-examples.html#sssexamples"><span class="std std-ref">SSS API Examples</span></a>.</p> |
| <p>The SSS Session concept - as applicable to A71CH - is restricted to establishing a connection between |
| Host and Secure Element. Establishing an SCP03 session is orthogonal to the Session concept.</p> |
| <p>SSS specific policies are not applicable to A71CH.</p> |
| <table class="docutils align-default"> |
| <colgroup> |
| <col style="width: 33%" /> |
| <col style="width: 33%" /> |
| <col style="width: 33%" /> |
| </colgroup> |
| <tbody> |
| <tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">A71CH</span> <span class="pre">or</span> <span class="pre">HLSE</span> <span class="pre">API</span></code></p></td> |
| <td><p><code class="docutils literal notranslate"><span class="pre">SSS</span> <span class="pre">equivalent</span> <span class="pre">available</span></code></p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p><strong>a71ch_crypto_derive</strong></p></td> |
| <td></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_HkdfExpandSymKey</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_derive_key_*</p></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_HkdfSymKey</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_derive_key_*</p></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_PskDeriveMasterSecret</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_EcdhPskDeriveMasterSecret</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_GetHmacSha256</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_mac_*</p></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_HmacSha256Init</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_mac_*</p></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_HmacSha256Update</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_mac_*</p></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_HmacSha256Final</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_mac_*</p></td> |
| </tr> |
| <tr class="row-odd"><td></td> |
| <td></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p><strong>a71ch_crypto_ecc</strong></p></td> |
| <td></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_GenerateEccKeyPair</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_key_store_generate_key</p></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_GenerateEccKeyPairWithChallenge</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_GenerateEccKeyPairWithCode</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_EccSign</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_asymmetric_sign_digest</p></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_EccNormalizedAsnSign</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_EccRestrictedSign</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_EccVerify</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_asymmetric_verify_digest</p></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_EcdhGetSharedSecret</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_derive_key_*</p></td> |
| </tr> |
| <tr class="row-odd"><td></td> |
| <td></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p><strong>a71ch_module</strong></p></td> |
| <td></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_GetCredentialInfo</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_GetModuleInfo</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_GetUniqueID</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_session_prop_get_au8</p></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_GetCertUid</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_session_prop_get_au9</p></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_GetUnlockChallenge</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_GetKeyPairChallenge</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_GetPublicKeyChallenge</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_GetRandom</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_rng_get_random</p></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_CreateClientHelloRandom</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_GetRestrictedKeyPairInfo</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_GetSha256</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_digest_one_go</p></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_Sha256Init/Update/Final</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_digest_*</p></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_InjectLock</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_LockModule</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_UnlockModule</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_SetTlsLabel</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_EccVerifyWithKey</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td></td> |
| <td></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p><strong>a71ch_sst</strong></p></td> |
| <td></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_Erase_*_WithChallenge</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_Erase_*_WithCode</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_EraseEccKeyPair</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_key_store_erase_key</p></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_EraseEccPublicKey</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_key_store_erase_key</p></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_EraseSymKey</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_Freeze_*_WithChallenge</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_Freeze_*_WithCode</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_FreezeEccKeyPair</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_key_store_freeze_key</p></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_FreezeEccPublicKey</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_key_store_freeze_key</p></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_FreezeGpData</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_FreezeSymKey</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_GetCounter</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_GetEccKeyPairUsage</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_GetEccPublicKey</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_key_store_get_key</p></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_GetGpData</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_GetPublicKeyEccKeyPair</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_key_store_get_key</p></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_IncrementCounter</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_SetConfigKey</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_SetCounter</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_SetEccKeyPair</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_key_store_set_key</p></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_SetEccPublicKey</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_key_store_set_key</p></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_SetGpData</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_SetGpDataWithLockCheck</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_SetRfc3394WrappedAesKey</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>A71_SetRfc3394WrappedConfigKey</p></td> |
| <td><p>NO</p></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>A71_SetSymKey</p></td> |
| <td><p>YES</p></td> |
| <td><p>sss_key_store_set_key</p></td> |
| </tr> |
| <tr class="row-even"><td></td> |
| <td></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p><strong>HLSE</strong></p></td> |
| <td></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>HLSE_GetObjectAttribute</p></td> |
| <td></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>HLSE_SetObjectAttribute</p></td> |
| <td></td> |
| <td></td> |
| </tr> |
| <tr class="row-even"><td><p>HLSE_EraseObject</p></td> |
| <td></td> |
| <td></td> |
| </tr> |
| <tr class="row-odd"><td><p>HLSE_CreateObject</p></td> |
| <td></td> |
| <td></td> |
| </tr> |
| </tbody> |
| </table> |
| </div> |
| <div class="section" id="mixing-sss-api-and-a71ch-api"> |
| <span id="se05x-a71ch-combined-api"></span><h2><span class="section-number">10.1.3. </span>Mixing SSS API and A71CH API<a class="headerlink" href="#mixing-sss-api-and-a71ch-api" title="Permalink to this headline">ΒΆ</a></h2> |
| <p>The Plug&Trust Middleware contains two examples illustrating how to use both the SSS API and |
| the A71CH API from the same application.</p> |
| <div class="section" id="ecc-example"> |
| <h3><span class="section-number">10.1.3.1. </span>ECC Example<a class="headerlink" href="#ecc-example" title="Permalink to this headline">ΒΆ</a></h3> |
| <p>The example uses the SSS API to sign and verify the digest. The example is available at <code class="docutils literal notranslate"><span class="pre">.../simw-top/demos/a71ch/ex_a71ch_sss_ecc.c</span></code>.</p> |
| <div class="highlight-c notranslate"><div class="highlight"><pre><span></span> <span class="n">status</span> <span class="o">=</span> <span class="n">sss_asymmetric_context_init</span><span class="p">(</span><span class="o">&</span><span class="n">ctx_asymm</span><span class="p">,</span> <span class="o">&</span><span class="n">pCtx</span><span class="o">-></span><span class="n">session</span><span class="p">,</span> <span class="o">&</span><span class="n">keyPair</span><span class="p">,</span> <span class="n">kAlgorithm_SSS_SHA256</span><span class="p">,</span> <span class="n">kMode_SSS_Sign</span><span class="p">);</span> |
| <span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span> |
| |
| <span class="n">signatureLen</span> <span class="o">=</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">signature</span><span class="p">);</span> |
| <span class="cm">/* Do Signing */</span> |
| <span class="n">LOG_I</span><span class="p">(</span><span class="s">"Do Signing"</span><span class="p">);</span> |
| <span class="n">LOG_MAU8_I</span><span class="p">(</span><span class="s">"digest"</span><span class="p">,</span> <span class="n">digest</span><span class="p">,</span> <span class="n">digestLen</span><span class="p">);</span> |
| <span class="n">status</span> <span class="o">=</span> <span class="n">sss_asymmetric_sign_digest</span><span class="p">(</span><span class="o">&</span><span class="n">ctx_asymm</span><span class="p">,</span> <span class="n">digest</span><span class="p">,</span> <span class="n">digestLen</span><span class="p">,</span> <span class="n">signature</span><span class="p">,</span> <span class="o">&</span><span class="n">signatureLen</span><span class="p">);</span> |
| <span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span> |
| <span class="n">LOG_MAU8_I</span><span class="p">(</span><span class="s">"signature"</span><span class="p">,</span> <span class="n">signature</span><span class="p">,</span> <span class="n">signatureLen</span><span class="p">);</span> |
| <span class="n">LOG_I</span><span class="p">(</span><span class="s">"Signing Successful !!!"</span><span class="p">);</span> |
| <span class="n">sss_asymmetric_context_free</span><span class="p">(</span><span class="o">&</span><span class="n">ctx_asymm</span><span class="p">);</span> |
| </pre></div> |
| </div> |
| <p>Next the example uses an A71CH API (A71_GetPublicKeyEccKeyPair) to retrieve the public key from the A71CH. |
| The A71CH specific key index is retrieved from the SSS object matching the key pair.</p> |
| <div class="highlight-c notranslate"><div class="highlight"><pre><span></span> <span class="cm">/* Access the A71CH with the (legacy) Host API */</span> |
| <span class="n">SST_Index_t</span> <span class="n">keyIdx</span> <span class="o">=</span> <span class="p">(((</span><span class="n">sss_sscp_object_t</span> <span class="o">*</span><span class="p">)</span><span class="o">&</span><span class="n">keyPair</span><span class="p">)</span><span class="o">-></span><span class="n">slotId</span><span class="p">)</span> <span class="o">&</span> <span class="mh">0x0F</span><span class="p">;</span> |
| <span class="n">U8</span> <span class="n">pubEccKeyScratch</span><span class="p">[</span><span class="mi">128</span><span class="p">];</span> |
| <span class="n">U16</span> <span class="n">pubEccKeyScratchLen</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> |
| |
| <span class="n">LOG_I</span><span class="p">(</span><span class="s">"A71_GetPublicKeyEccKeyPair(0x%02x)"</span><span class="p">,</span> <span class="n">keyIdx</span><span class="p">);</span> |
| <span class="n">pubEccKeyScratchLen</span> <span class="o">=</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">pubEccKeyScratch</span><span class="p">);</span> |
| <span class="n">sw</span> <span class="o">=</span> <span class="n">A71_GetPublicKeyEccKeyPair</span><span class="p">(</span><span class="n">keyIdx</span><span class="p">,</span> <span class="n">pubEccKeyScratch</span><span class="p">,</span> <span class="o">&</span><span class="n">pubEccKeyScratchLen</span><span class="p">);</span> |
| <span class="n">status</span> <span class="o">=</span> <span class="p">((</span><span class="n">sw</span> <span class="o">==</span> <span class="n">SW_OK</span><span class="p">)</span> <span class="o">?</span> <span class="nl">kStatus_SSS_Success</span> <span class="p">:</span> <span class="n">kStatus_SSS_Fail</span><span class="p">);</span> |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="aes-key-wrapping-example"> |
| <h3><span class="section-number">10.1.3.2. </span>AES key wrapping Example<a class="headerlink" href="#aes-key-wrapping-example" title="Permalink to this headline">ΒΆ</a></h3> |
| <p>The example uses the SSS API to set the AES key and the A71CH API to set the same AES key which is wrapped. |
| Further to verify if the wrapped key is injected properly, a hkdf key is derived using both AES keys. |
| The example is available at <code class="docutils literal notranslate"><span class="pre">.../simw-top/demos/a71ch/ex_a71ch_sss_aes_wrap_key</span></code>.</p> |
| <p>Injecting wrapped AES key starts with setting AES key which is used as KEK,</p> |
| <div class="highlight-c notranslate"><div class="highlight"><pre><span></span> <span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_object_init</span><span class="p">(</span><span class="o">&</span><span class="n">aesObj1</span><span class="p">,</span> <span class="o">&</span><span class="n">pCtx</span><span class="o">-></span><span class="n">ks</span><span class="p">);</span> |
| <span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span> |
| |
| <span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_object_allocate_handle</span><span class="p">(</span><span class="o">&</span><span class="n">aesObj1</span><span class="p">,</span> |
| <span class="n">MAKE_TEST_ID</span><span class="p">(</span><span class="n">__LINE__</span><span class="p">),</span> |
| <span class="n">kSSS_KeyPart_Default</span><span class="p">,</span> |
| <span class="n">kSSS_CipherType_AES</span><span class="p">,</span> |
| <span class="k">sizeof</span><span class="p">(</span><span class="n">aesKey</span><span class="p">),</span> |
| <span class="n">kKeyObject_Mode_Persistent</span><span class="p">);</span> |
| <span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span> |
| |
| <span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_store_set_key</span><span class="p">(</span><span class="o">&</span><span class="n">pCtx</span><span class="o">-></span><span class="n">ks</span><span class="p">,</span> <span class="o">&</span><span class="n">aesObj1</span><span class="p">,</span> <span class="n">aesKey</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">aesKey</span><span class="p">),</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">aesKey</span><span class="p">)</span> <span class="o">*</span> <span class="mi">8</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> |
| <span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span> |
| </pre></div> |
| </div> |
| <p>Now inject the wrapped AES key using the A71CH API - A71_SetRfc3394WrappedAesKey. |
| Wrapped key length should be 24 bytes. |
| Large keys can be set by calling the A71_SetRfc3394WrappedAesKey API multiple times and |
| by incrementing the key index every time.</p> |
| <div class="highlight-c notranslate"><div class="highlight"><pre><span></span> <span class="n">keyIdx</span> <span class="o">=</span> <span class="p">(((</span><span class="n">sss_sscp_object_t</span> <span class="o">*</span><span class="p">)</span><span class="o">&</span><span class="n">aesObj1</span><span class="p">)</span><span class="o">-></span><span class="n">slotId</span><span class="p">)</span> <span class="o">&</span> <span class="mh">0x0F</span><span class="p">;</span> |
| |
| <span class="cm">/* Set wrapped aes key - aesKey1 */</span> |
| <span class="n">sw</span> <span class="o">=</span> <span class="n">A71_SetRfc3394WrappedAesKey</span><span class="p">(</span><span class="n">keyIdx</span><span class="p">,</span> <span class="n">wapped_AesKey1_0</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">wapped_AesKey1_0</span><span class="p">));</span> |
| <span class="n">status</span> <span class="o">=</span> <span class="p">((</span><span class="n">sw</span> <span class="o">==</span> <span class="n">SW_OK</span><span class="p">)</span> <span class="o">?</span> <span class="nl">kStatus_SSS_Success</span> <span class="p">:</span> <span class="n">kStatus_SSS_Fail</span><span class="p">);</span> |
| <span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span> |
| |
| <span class="n">sw</span> <span class="o">=</span> <span class="n">A71_SetRfc3394WrappedAesKey</span><span class="p">(</span><span class="n">keyIdx</span> <span class="o">+</span> <span class="mi">1</span><span class="p">,</span> <span class="n">wapped_AesKey1_1</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">wapped_AesKey1_1</span><span class="p">));</span> |
| <span class="n">status</span> <span class="o">=</span> <span class="p">((</span><span class="n">sw</span> <span class="o">==</span> <span class="n">SW_OK</span><span class="p">)</span> <span class="o">?</span> <span class="nl">kStatus_SSS_Success</span> <span class="p">:</span> <span class="n">kStatus_SSS_Fail</span><span class="p">);</span> |
| <span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span> |
| </pre></div> |
| </div> |
| <p>Now verify if wrapped key injected is set correctly.</p> |
| <div class="highlight-c notranslate"><div class="highlight"><pre><span></span> <span class="cm">/* 1 - Calculate HKDF key with wrapped AES key injected - aesKey1 */</span> |
| <span class="n">status</span> <span class="o">=</span> <span class="n">calculate_hkdf_key</span><span class="p">(</span><span class="n">pCtx</span><span class="p">,</span> <span class="n">aesObj1</span><span class="p">,</span> <span class="n">MAKE_TEST_ID</span><span class="p">(</span><span class="n">__LINE__</span><span class="p">),</span> <span class="n">HkdfKey1</span><span class="p">,</span> <span class="o">&</span><span class="n">HkdfKey1Len</span><span class="p">);</span> |
| |
| <span class="cm">/* 2 - Inject aesKey1 AES key and calculate HKDF key */</span> |
| <span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_object_init</span><span class="p">(</span><span class="o">&</span><span class="n">aesObj2</span><span class="p">,</span> <span class="o">&</span><span class="n">pCtx</span><span class="o">-></span><span class="n">ks</span><span class="p">);</span> |
| <span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span> |
| |
| <span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_object_allocate_handle</span><span class="p">(</span><span class="o">&</span><span class="n">aesObj2</span><span class="p">,</span> |
| <span class="n">MAKE_TEST_ID</span><span class="p">(</span><span class="n">__LINE__</span><span class="p">),</span> |
| <span class="n">kSSS_KeyPart_Default</span><span class="p">,</span> |
| <span class="n">kSSS_CipherType_AES</span><span class="p">,</span> |
| <span class="k">sizeof</span><span class="p">(</span><span class="n">aesKey1</span><span class="p">),</span> |
| <span class="n">kKeyObject_Mode_Persistent</span><span class="p">);</span> |
| <span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span> |
| |
| <span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_store_set_key</span><span class="p">(</span><span class="o">&</span><span class="n">pCtx</span><span class="o">-></span><span class="n">ks</span><span class="p">,</span> <span class="o">&</span><span class="n">aesObj2</span><span class="p">,</span> <span class="n">aesKey1</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">aesKey1</span><span class="p">),</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">aesKey1</span><span class="p">)</span> <span class="o">*</span> <span class="mi">8</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> |
| <span class="n">ENSURE_OR_GO_CLEANUP</span><span class="p">(</span><span class="n">status</span> <span class="o">==</span> <span class="n">kStatus_SSS_Success</span><span class="p">);</span> |
| |
| <span class="n">status</span> <span class="o">=</span> <span class="n">calculate_hkdf_key</span><span class="p">(</span><span class="n">pCtx</span><span class="p">,</span> <span class="n">aesObj2</span><span class="p">,</span> <span class="n">MAKE_TEST_ID</span><span class="p">(</span><span class="n">__LINE__</span><span class="p">),</span> <span class="n">HkdfKey2</span><span class="p">,</span> <span class="o">&</span><span class="n">HkdfKey2Len</span><span class="p">);</span> |
| |
| <span class="cm">/* 3 - compare both hkdf keys generated */</span> |
| <span class="k">if</span> <span class="p">(</span><span class="mi">0</span> <span class="o">!=</span> <span class="n">memcmp</span><span class="p">(</span><span class="n">HkdfKey1</span><span class="p">,</span> <span class="n">HkdfKey2</span><span class="p">,</span> <span class="n">HkdfKey1Len</span><span class="p">))</span> <span class="p">{</span> |
| <span class="n">status</span> <span class="o">=</span> <span class="n">kStatus_SSS_Fail</span><span class="p">;</span> |
| <span class="p">}</span> |
| </pre></div> |
| </div> |
| </div> |
| </div> |
| <div class="section" id="sss-object-identifier-to-a71ch-internal-storage-mapping"> |
| <h2><span class="section-number">10.1.4. </span>SSS Object Identifier to A71CH Internal storage mapping<a class="headerlink" href="#sss-object-identifier-to-a71ch-internal-storage-mapping" title="Permalink to this headline">ΒΆ</a></h2> |
| <p>The SSS API uses a 32 bit unsigned value as key (object) identifier. |
| The A71CH GP Storage contains the mapping between these key identifiers and A71CH |
| internal storage as a dedicated data object of 160 byte.</p> |
| <p>The resulting A71CH KeyStore can contain upto:</p> |
| <ul class="simple"> |
| <li><p>4 ECC Key Pairs</p></li> |
| <li><p>3 ECC Public Keys</p></li> |
| <li><p>8 Symmetric Keys</p></li> |
| <li><p>4 Certificates</p></li> |
| </ul> |
| <p>Any additional data object storage is only available through HLSE API calls (<a class="reference internal" href="a71ch_legacy_hlse_api.html#se05x-legacy-hlse-api"><span class="std std-ref">A71CH Legacy HLSE (Generic) API</span></a>).</p> |
| </div> |
| </div> |
| |
| |
| </div> |
| |
| </div> |
| </div> |
| <footer class="footer"> |
| <div class="container"> |
| <p class="pull-right"> |
| <a href="#">Back to top</a> |
| |
| </p> |
| <p> |
| © Copyright 2018-2020, NXP.<br/> |
| Created using <a href="http://sphinx-doc.org/">Sphinx</a> 2.4.1.<br/> |
| </p> |
| </div> |
| </footer> |
| </body> |
| </html> |